diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2006-04-13 18:58:56 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2006-04-13 18:58:56 +0000 |
| commit | 2c796aa6052de38e67dc7bfd37f3cc519693599e (patch) | |
| tree | 33559902487b90945292b49db42b458e918650d6 | |
| parent | 90241ce506e287110902affd4f01730d10586c02 (diff) | |
| download | krb5-2c796aa6052de38e67dc7bfd37f3cc519693599e.zip krb5-2c796aa6052de38e67dc7bfd37f3cc519693599e.tar.gz krb5-2c796aa6052de38e67dc7bfd37f3cc519693599e.tar.bz2 | |
Partial merge from Novell LDAP integration branch, not including the
actual LDAP bits:
* include/kdb.h (krb5_db_entry_new): Add MASK field indicating what's
changed.
(KRB5_KDB_SRV_TYPE_*): New macros indicating which type of service is
accessing the database.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* lib/kadm5/srv/server_misc.c, server_init.c: Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_stash.c (kdb5_stash): Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_util.c (open_db_and_mkey): Pass service type to
krb5_db_open.
* kdc/main.c (init_realm): Pass service type to krb5_db_open.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* kadmin/dbutil/dump.c (load_db): Pass service type to krb5_db_open.
* lib/kdb/kdb5.h (KRB5_KDB_SRV_TYPE_*): New macros.
* lib/kdb/err_handle.{c,h}: Deleted.
* lib/kadm5/clnt/err_handle.{c,h}: Deleted.
(krb5_db_clr_error): Declaration deleted.
* lib/kdb/Makefile.in, lib/kadm5/clnt/Makefile.in: Don't build them.
* lib/kdb/kdb5.c, lib/kadm5/clnt, lib/kadm5/srv: Use new error-message API.
* kdc/do_tgs_req.c (process_tgs_req): Use new error-message API.
* kdc/kdc_preauth.c (check_padata)
* kdc/do_as_req.c (process_as_req):
* kdc/main.c (init_realm):
* kadmin/server/ovsec_kadmd.c (main, do_schpw):
* schpw.c (process_chpw_request):
* kadmin/server/server_stubs.c:
* kadmin/cli/kadmin.c (extended_com_err_fn): New function.
(kadmin_startup): Tell com_err library to use it, for kadmin.local.
* lib/kdb/libkdb5.exports: Don't export krb5_db_clr_error.
* lib/kdb/Makefile.in: (SRCS, STLIBOBJS): Don't build err_handle.c.
* lib/kdb/kdb5.c (kdb_load_library): Don't pass argument to init_library.
(krb5_db_clr_error): Function deleted.
* lib/kdb/kdb5.h (struct _kdb_vftabl): Remove argument from init_library field.
* lib/kadm5/logger.c (krb5_klog_init): Save the krb5_context pointer.
(klog_com_err_proc): Use it, and call new error-message API.
* lib/kadm5/srv/svr_principal.c: Use new error-message API.
* kadmin/dbutil/kdb5_util.c (extended_com_err_fn): New function.
(main): Tell com_err library to use it.
* plugins/kdb/db2: Use new error-message APIs and updated DAL
interface.
* lib/kadm5/kadm_rpc.h: Delete err_str fields.
* lib/kadm5/kadm_rpc_xdr.c: Don't process them.
* kadmin/server/server_stubs.c: Don't use ret.err_str field.
* include/k5-thread.h (k5_key_t): Deleted unused values.
* lib/kdb/kdb5.h (KDB_MODULE_SECTION): Change db_modules to dbmodules.
(KDB_MODULE_DEF_SECTION): New macro.
* tests/Makefile.in (krb5.conf): Rename db_modules to dbmodules.
* tests/dejagnu/config/default.exp (setup_krb5_conf): Likewise.
* kadmin/testing/proto/krb5.conf.proto: Likewise.
* lib/kdb/libkdb5.exports: Do export krb5_def_store_mkey.
* lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED): New macros.
(struct _kadm5_config_params): New field kpasswd_server.
* lib/krb5/error_tables/kdb5_err.et (KRB5_KDB_SERVER_INTERNAL_ERR):
New error code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17899 dc483132-0cff-0310-8789-dd5450dbe970
41 files changed, 292 insertions, 1147 deletions
diff --git a/src/include/k5-thread.h b/src/include/k5-thread.h index d308cfc..5373f83 100644 --- a/src/include/k5-thread.h +++ b/src/include/k5-thread.h @@ -760,8 +760,6 @@ typedef enum { K5_KEY_COM_ERR, K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, K5_KEY_GSS_KRB5_CCACHE_NAME, - K5_KEY_KDB_ERR_HANDLER, - K5_KEY_KADM_CLNT_ERR_HANDLER, K5_KEY_MAX } k5_key_t; /* rename shorthand symbols for export */ diff --git a/src/include/kdb.h b/src/include/kdb.h index c832765..694c6f1 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -122,6 +122,7 @@ typedef struct _krb5_keysalt { typedef struct _krb5_db_entry_new { krb5_magic magic; /* NOT saved */ krb5_ui_2 len; + krb5_ui_4 mask; /* members currently changed/set */ krb5_flags attributes; krb5_deltat max_life; krb5_deltat max_renewable_life; @@ -158,7 +159,6 @@ typedef struct __krb5_key_salt_tuple { krb5_int32 ks_salttype; } krb5_key_salt_tuple; - #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb #define KRB5_KDB_V1_BASE_LENGTH 38 @@ -205,6 +205,22 @@ extern char *krb5_mkey_pwd_prompt2; #define KRB5_KDB_OPEN_RW 0 #define KRB5_KDB_OPEN_RO 1 +#ifndef KRB5_KDB_SRV_TYPE_KDC +#define KRB5_KDB_SRV_TYPE_KDC 0x0100 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_ADMIN +#define KRB5_KDB_SRV_TYPE_ADMIN 0x0200 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_PASSWD +#define KRB5_KDB_SRV_TYPE_PASSWD 0x0300 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_OTHER +#define KRB5_KDB_SRV_TYPE_OTHER 0x0400 +#endif + #define KRB5_KDB_OPT_SET_DB_NAME 0 #define KRB5_KDB_OPT_SET_LOCK_MODE 1 @@ -373,6 +389,7 @@ krb5_dbe_cpw( krb5_context kcontext, krb5_boolean keepold, krb5_db_entry * db_entry); + krb5_error_code krb5_dbe_ark( krb5_context context, krb5_keyblock * master_key, @@ -396,7 +413,6 @@ krb5_dbe_apw( krb5_context context, char * passwd, krb5_db_entry * db_entry); - /* default functions. Should not be directly called */ /* * Default functions prototype @@ -448,7 +464,6 @@ krb5_dbe_def_cpw( krb5_context context, krb5_boolean keepold, krb5_db_entry * db_entry); - krb5_error_code krb5_db_create_policy( krb5_context kcontext, osa_policy_ent_t policy); @@ -477,9 +492,8 @@ void krb5_db_free_policy( krb5_context kcontext, osa_policy_ent_t policy); -void krb5_db_clr_error(void); - #define KRB5_KDB_DEF_FLAGS 0 #endif /* !defined(_WIN32) */ + #endif /* KRB5_KDB5__ */ diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 7d950fc..b24b98e 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -173,6 +173,17 @@ kadmin_parse_name(name, principal) return retval; } +static void extended_com_err_fn (const char *myprog, errcode_t code, + const char *fmt, va_list args) +{ + const char *emsg; + emsg = krb5_get_error_message (context, code); + fprintf (stderr, "%s: %s ", myprog, emsg); + krb5_free_error_message (context, emsg); + vfprintf (stderr, fmt, args); + fprintf (stderr, "\n"); +} + char *kadmin_startup(argc, argv) int argc; char *argv[]; @@ -195,6 +206,10 @@ char *kadmin_startup(argc, argv) memset((char *) ¶ms, 0, sizeof(params)); retval = krb5_init_context(&context); + + if (strcmp (whoami, "kadmin.local") == 0) + set_com_err_hook(extended_com_err_fn); + if (retval) { com_err(whoami, retval, "while initializing krb5 library"); exit(1); diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 9e2394a..058dd54 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -2268,7 +2268,8 @@ load_db(argc, argv) /* * Initialize the database. */ - if ((kret = krb5_db_open(kcontext, db5util_db_args, KRB5_KDB_OPEN_RW))) { + if ((kret = krb5_db_open(kcontext, db5util_db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER))) { fprintf(stderr, dbinit_err_fmt, programname, error_message(kret)); exit_status++; diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c index 09bea21..884fa04 100644 --- a/src/kadmin/dbutil/kdb5_stash.c +++ b/src/kadmin/dbutil/kdb5_stash.c @@ -134,7 +134,8 @@ kdb5_stash(argc, argv) exit_status++; return; } - retval = krb5_db_open(context, db5util_db_args, KRB5_KDB_OPEN_RW); + retval = krb5_db_open(context, db5util_db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER); if (retval) { com_err(argv[0], retval, "while initializing the database '%s'", dbname); diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index 42201a9..0b1a4d0 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -145,6 +145,17 @@ static struct _cmd_table *cmd_lookup(name) char **db5util_db_args = NULL; int db5util_db_args_size = 0; +static void extended_com_err_fn (const char *myprog, errcode_t code, + const char *fmt, va_list args) +{ + const char *emsg; + emsg = krb5_get_error_message (util_context, code); + fprintf (stderr, "%s: %s ", myprog, emsg); + krb5_free_error_message (util_context, emsg); + vfprintf (stderr, fmt, args); + fprintf (stderr, "\n"); +} + int main(argc, argv) int argc; char *argv[]; @@ -156,6 +167,7 @@ int main(argc, argv) krb5_error_code retval; retval = krb5_init_context(&util_context); + set_com_err_hook(extended_com_err_fn); if (retval) { com_err (progname, retval, "while initializing Kerberos code"); exit(1); @@ -365,7 +377,8 @@ static int open_db_and_mkey() dbactive = FALSE; valid_master_key = 0; - if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { + if ((retval = krb5_db_open(util_context, db5util_db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER))) { com_err(progname, retval, "while initializing database"); exit_status++; return(1); diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 9acb95d..6950ff1 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -216,6 +216,7 @@ int main(int argc, char *argv[]) kadm5_config_params params; char **db_args = NULL; int db_args_size = 0; + char *errmsg; setvbuf(stderr, NULL, _IONBF, 0); @@ -305,7 +306,7 @@ int main(int argc, char *argv[]) ret = krb5_c_random_os_entropy(context, 1, NULL); if(ret) { krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting", - error_message(ret)); + krb5_get_error_message (context, ret)); exit(1); } @@ -314,9 +315,8 @@ int main(int argc, char *argv[]) KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, db_args, - &global_server_handle)) != - KADM5_OK) { - const char *e_txt = error_message(ret); + &global_server_handle)) != KADM5_OK) { + const char *e_txt = krb5_get_error_message (context, ret); krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting", e_txt); fprintf(stderr, "%s: %s while initializing, aborting\n", @@ -332,7 +332,7 @@ int main(int argc, char *argv[]) if ((ret = kadm5_get_config_params(context, NULL, NULL, ¶ms, ¶ms))) { - const char *e_txt = error_message(ret); + const char *e_txt = krb5_get_error_message (context, ret); krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting", whoami, e_txt); fprintf(stderr, "%s: %s while initializing, aborting\n", @@ -362,7 +362,7 @@ int main(int argc, char *argv[]) addr.sin_port = htons(params.kadmind_port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - const char *e_txt = error_message(errno); + const char *e_txt = krb5_get_error_message (context, ret); krb5_klog_syslog(LOG_ERR, "Cannot create TCP socket: %s", e_txt); fprintf(stderr, "Cannot create TCP socket: %s", @@ -373,10 +373,10 @@ int main(int argc, char *argv[]) } if ((schpw = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - const char *e_txt = error_message(errno); + const char *e_txt = krb5_get_error_message (context, ret); krb5_klog_syslog(LOG_ERR, - "cannot create simple chpw socket: %s", - e_txt); + "cannot create simple chpw socket: %s", + e_txt); fprintf(stderr, "Cannot create simple chpw socket: %s", e_txt); kadm5_destroy(global_server_handle); @@ -402,18 +402,17 @@ int main(int argc, char *argv[]) SO_REUSEADDR, (char *) &allowed, sizeof(allowed)) < 0) { - const char *e_txt = error_message(errno); + const char *e_txt = krb5_get_error_message (context, ret); krb5_klog_syslog(LOG_ERR, "Cannot set SO_REUSEADDR: %s", e_txt); - fprintf(stderr, "Cannot set SO_REUSEADDR: %s", - e_txt); + fprintf(stderr, "Cannot set SO_REUSEADDR: %s", e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); } if (setsockopt(schpw, SOL_SOCKET, SO_REUSEADDR, (char *) &allowed, sizeof(allowed)) < 0) { - const char *e_txt = error_message(errno); + const char *e_txt = krb5_get_error_message (context, ret); krb5_klog_syslog(LOG_ERR, "main", "cannot set SO_REUSEADDR on simple chpw socket: %s", e_txt); @@ -433,12 +432,11 @@ int main(int argc, char *argv[]) if (bind(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) { int oerrno = errno; - const char *e_txt = error_message(errno); + const char *e_txt = krb5_get_error_message (context, errno); fprintf(stderr, "%s: Cannot bind socket.\n", whoami); fprintf(stderr, "bind: %s\n", e_txt); errno = oerrno; - krb5_klog_syslog(LOG_ERR, "Cannot bind socket: %s", - e_txt); + krb5_klog_syslog(LOG_ERR, "Cannot bind socket: %s", e_txt); if(oerrno == EADDRINUSE) { char *w = strrchr(whoami, '/'); if (w) { @@ -474,7 +472,7 @@ int main(int argc, char *argv[]) if (bind(schpw, (struct sockaddr *)&addr, sizeof(addr)) < 0) { char portbuf[32]; int oerrno = errno; - const char *e_txt = error_message(errno); + const char *e_txt = krb5_get_error_message (context, errno); fprintf(stderr, "%s: Cannot bind socket.\n", whoami); fprintf(stderr, "bind: %s\n", e_txt); errno = oerrno; @@ -566,7 +564,7 @@ int main(int argc, char *argv[]) } kterr: if (ret) { - krb5_klog_syslog(LOG_ERR, "%s", error_message(ret)); + krb5_klog_syslog(LOG_ERR, "%s", krb5_get_error_message (context, ret)); fprintf(stderr, "%s: Can't set up keytab for RPC.\n", whoami); kadm5_destroy(global_server_handle); krb5_klog_close(context); @@ -618,10 +616,11 @@ kterr: } if ((ret = kadm5int_acl_init(context, 0, params.acl_file))) { + errmsg = krb5_get_error_message (context, ret); krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s", - error_message(ret)); + errmsg); fprintf(stderr, "%s: Cannot initialize acl file: %s\n", - whoami, error_message(ret)); + whoami, errmsg); svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); krb5_klog_close(context); @@ -630,9 +629,10 @@ kterr: if (!nofork && (ret = daemon(0, 0))) { ret = errno; - krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", error_message(ret)); + errmsg = krb5_get_error_message (context, ret); + krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", errmsg); fprintf(stderr, "%s: Cannot detach from tty: %s\n", - whoami, error_message(ret)); + whoami, errmsg); svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); krb5_klog_close(context); @@ -851,7 +851,7 @@ void reset_db(void) if (ret = kadm5_flush(global_server_handle)) { krb5_klog_syslog(LOG_ERR, "FATAL ERROR! %s while flushing databases. " "Databases may be corrupt! Aborting.", - error_message(ret)); + krb5_get_error_message (context, ret)); krb5_klog_close(context); exit(3); } @@ -1134,13 +1134,13 @@ void do_schpw(int s1, kadm5_config_params *params) if ((len = recvfrom(s1, req, sizeof(req), 0, (struct sockaddr *)&from, &fromlen)) < 0) { krb5_klog_syslog(LOG_ERR, "chpw: Couldn't receive request: %s", - error_message(errno)); + krb5_get_error_message (context, errno)); return; } if ((ret = krb5_kt_resolve(context, "KDB:", &kt))) { krb5_klog_syslog(LOG_ERR, "chpw: Couldn't open admin keytab %s", - error_message(ret)); + krb5_get_error_message (context, ret)); return; } @@ -1164,10 +1164,11 @@ void do_schpw(int s1, kadm5_config_params *params) interoperate if the client is single-homed. */ if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { + char *errmsg = krb5_get_error_message (context, errno); krb5_klog_syslog(LOG_ERR, "cannot create connecting socket: %s", - error_message(errno)); + errmsg); fprintf(stderr, "Cannot create connecting socket: %s", - error_message(errno)); + errmsg); svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); krb5_klog_close(context); @@ -1176,7 +1177,7 @@ void do_schpw(int s1, kadm5_config_params *params) if (connect(s2, (struct sockaddr *) &from, sizeof(from)) < 0) { krb5_klog_syslog(LOG_ERR, "chpw: Couldn't connect to client: %s", - error_message(errno)); + krb5_get_error_message (context, errno)); goto cleanup; } @@ -1184,7 +1185,7 @@ void do_schpw(int s1, kadm5_config_params *params) params->realm, s2, kt, &from, &reqdata, &repdata))) { krb5_klog_syslog(LOG_ERR, "chpw: Error processing request: %s", - error_message(ret)); + krb5_get_error_message (context, ret)); } close(s2); @@ -1201,7 +1202,7 @@ void do_schpw(int s1, kadm5_config_params *params) krb5_xfree(repdata.data); krb5_klog_syslog(LOG_ERR, "chpw: Error sending reply: %s", - error_message(errno)); + krb5_get_error_message (context, errno)); goto cleanup; } @@ -1212,4 +1213,3 @@ cleanup: return; } - diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index 28cf75c..b30c2d5 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -260,7 +260,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s", inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr), - clientstr, ret ? error_message(ret) : "success"); + clientstr, ret ? krb5_get_error_message (context, ret) : "success"); krb5_free_unparsed_name(context, clientstr); if (ret) { diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index c26ed69..ee5d653c 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -246,6 +246,7 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -282,17 +283,15 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) &arg->rec, arg->mask, arg->passwd); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); @@ -301,17 +300,6 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -324,6 +312,7 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -362,17 +351,15 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) arg->ks_tuple, arg->passwd); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); @@ -380,17 +367,6 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -403,6 +379,7 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -435,17 +412,15 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_delete_principal((void *)handle, arg->princ); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", prime_arg, - ret.err_str, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", + prime_arg, errmsg, + client_name.value, service_name.value, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free(prime_arg); @@ -453,17 +428,6 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -478,6 +442,7 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -511,17 +476,15 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) ret.code = kadm5_modify_principal((void *)handle, &arg->rec, arg->mask); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal", - prime_arg, ret.err_str, - client_name.value, service_name.value, - inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + prime_arg, errmsg, + client_name.value, service_name.value, + inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); @@ -529,17 +492,6 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -555,6 +507,7 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -600,18 +553,14 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal", - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg1); @@ -619,17 +568,6 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -643,6 +581,7 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_gprinc_ret, &ret); @@ -693,36 +632,22 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) } if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, prime_arg, - ret.err_str, + errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -735,6 +660,7 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_gprincs_ret, &ret); @@ -770,35 +696,21 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) arg->exp, &ret.princs, &ret.count); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals", prime_arg, - ret.err_str, + errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -811,6 +723,7 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -850,18 +763,14 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) if(ret.code != KADM5_AUTH_CHANGEPW) { if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); @@ -869,17 +778,6 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -892,6 +790,7 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -937,18 +836,14 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) if(ret.code != KADM5_AUTH_CHANGEPW) { if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); @@ -956,17 +851,6 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -979,6 +863,7 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -1015,18 +900,14 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) if(ret.code != KADM5_AUTH_SETKEY) { if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); @@ -1034,17 +915,6 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1057,6 +927,7 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -1093,18 +964,14 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) if(ret.code != KADM5_AUTH_SETKEY) { if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); @@ -1112,17 +979,6 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1135,6 +991,7 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -1174,18 +1031,14 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) if(ret.code != KADM5_AUTH_SETKEY) { if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); @@ -1193,17 +1046,6 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1218,6 +1060,7 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_chrand_ret, &ret); @@ -1272,35 +1115,20 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) if(ret.code != KADM5_AUTH_CHANGEPW) { if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1315,6 +1143,7 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_chrand_ret, &ret); @@ -1374,35 +1203,20 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) if(ret.code != KADM5_AUTH_CHANGEPW) { if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, ret.err_str, + prime_arg, errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1415,6 +1229,7 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -1446,35 +1261,20 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) ret.code = kadm5_create_policy((void *)handle, &arg->rec, arg->mask); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), - ret.err_str, + errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1487,6 +1287,7 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -1516,35 +1317,20 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_delete_policy((void *)handle, arg->name); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), - ret.err_str, + errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1557,6 +1343,7 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_generic_ret, &ret); @@ -1587,35 +1374,20 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) ret.code = kadm5_modify_policy((void *)handle, &arg->rec, arg->mask); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), - ret.err_str, + errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1631,6 +1403,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) kadm5_policy_ent_t e; kadm5_principal_ent_rec caller_ent; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_gpol_ret, &ret); @@ -1687,19 +1460,15 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) } if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, ((prime_arg == NULL) ? "(null)" : prime_arg), - ret.err_str, + errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } else { krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, prime_arg, client_name.value, service_name.value, @@ -1709,17 +1478,6 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1733,6 +1491,7 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_gpols_ret, &ret); @@ -1766,35 +1525,20 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) arg->exp, &ret.pols, &ret.count); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies", prime_arg, - ret.err_str, + errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1804,6 +1548,7 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; + char *errmsg; xdr_free(xdr_getprivs_ret, &ret); @@ -1824,35 +1569,20 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) ret.code = kadm5_get_privs((void *)handle, &ret.privs); if( ret.code == 0 ) - ret.err_str = "success"; + errmsg = "success"; else - ret.err_str = error_message(ret.code); + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs", client_name.value, - ret.err_str, + errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return &ret; } @@ -1863,6 +1593,7 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) service_name; kadm5_server_handle_t handle; OM_uint32 minor_stat; + char *errmsg = 0; xdr_free(xdr_generic_ret, &ret); @@ -1879,11 +1610,13 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) goto exit_func; } + if (ret.code != 0) + errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", (ret.api_version == KADM5_API_VERSION_1 ? "kadm5_init (V1)" : "kadm5_init"), client_name.value, - (ret.code == 0) ? "success" : error_message(ret.code), + (ret.code == 0) ? "success" : errmsg, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), rqstp->rq_cred.oa_flavor); @@ -1891,17 +1624,6 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &service_name); exit_func: - if( ret.err_str == NULL ) - { - if( ret.code == 0 ) - ret.err_str = "success"; - else - ret.err_str = error_message(ret.code); - - /* xdr free frees this string. so make a copy */ - ret.err_str = strdup( ret.err_str ); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ - } return(&ret); } diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto index 465720d..9fe7ec1 100644 --- a/src/kadmin/testing/proto/krb5.conf.proto +++ b/src/kadmin/testing/proto/krb5.conf.proto @@ -22,7 +22,7 @@ # THIS SHOULD BE IN KDC.CONF INSTEAD! -[db_modules] +[dbmodules] db_module_dir = __MODDIR__ foobar_db2_module_blah = { db_library = db2 diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 2916cfe..1523d1f 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -427,17 +427,18 @@ process_as_req(krb5_kdc_req *request, const krb5_fulladdr *from, #endif /* KRBCONF_KDC_MODIFIES_KDB */ errout: - if (status) + if (status) { krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s", ktypestr, fromstring, status, cname ? cname : "<unknown client>", sname ? sname : "<unknown server>", errcode ? ", " : "", - errcode ? error_message(errcode) : ""); + errcode ? krb5_get_error_message (kdc_context, errcode) : ""); + } if (errcode) { if (status == 0) - status = error_message (errcode); + status = krb5_get_error_message (kdc_context, errcode); errcode -= ERROR_TABLE_BASE_krb5; if (errcode < 0 || errcode > 128) errcode = KRB_ERR_GENERIC; diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index d85d4b5..7f8f265 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -509,7 +509,7 @@ tgt_again: sname ? sname : "<unknown server>", enc_tkt_reply.transited.tr_contents.length, enc_tkt_reply.transited.tr_contents.data, - error_message (errcode)); + krb5_get_error_message(kdc_context, errcode)); } else krb5_klog_syslog (LOG_INFO, "not checking transit path"); if (reject_bad_transit @@ -655,12 +655,12 @@ cleanup: cname ? cname : "<unknown client>", sname ? sname : "<unknown server>", errcode ? ", " : "", - errcode ? error_message(errcode) : ""); + errcode ? krb5_get_error_message (kdc_context, errcode) : ""); } if (errcode) { if (status == 0) - status = error_message (errcode); + status = krb5_get_error_message (kdc_context, errcode); errcode -= ERROR_TABLE_BASE_krb5; if (errcode < 0 || errcode > 128) errcode = KRB_ERR_GENERIC; diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index d5698eb..48a6a6a 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -371,7 +371,8 @@ check_padata (krb5_context context, krb5_db_entry *client, enc_tkt_reply, *padata); if (retval) { krb5_klog_syslog (LOG_INFO, "preauth (%s) verify failure: %s", - pa_sys->name, error_message (retval)); + pa_sys->name, + krb5_get_error_message (context, retval)); if (pa_sys->flags & PA_REQUIRED) { pa_ok = 0; break; @@ -394,9 +395,10 @@ check_padata (krb5_context context, krb5_db_entry *client, !isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH)) return 0; - if (!pa_found) + if (!pa_found) { krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s", - error_message (retval)); + krb5_get_error_message(context, retval)); + } /* The following switch statement allows us * to return some preauth system errors back to the client. */ diff --git a/src/kdc/main.c b/src/kdc/main.c index c5ecdec..d03b81e 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -240,9 +240,11 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, /* first open the database before doing anything */ #ifdef KRBCONF_KDC_MODIFIES_KDB - if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RW))) { + if ((kret = krb5_db_open(rdp->realm_context, db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_KDC))) { #else - if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RO))) { + if ((kret = krb5_db_open(rdp->realm_context, db_args, + KRB5_KDB_OPEN_RO | KRB5_KDB_SRV_TYPE_KDC))) { #endif com_err(progname, kret, "while initializing database for realm %s", realm); @@ -590,7 +592,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) com_err(argv[0], retval, "while attempting to retrieve default realm"); fprintf (stderr, "%s: %s, attempting to retrieve default realm\n", - argv[0], error_message (retval)); + argv[0], krb5_get_error_message(kcontext, retval)); exit(1); } if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 3ce01c7..f184ea4 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -123,7 +123,6 @@ typedef long kadm5_ret_t; #define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000 #define KADM5_CONFIG_NO_AUTH 0x200000 #define KADM5_CONFIG_AUTH_NOFALLBACK 0x400000 - /* * permission bits */ diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in index 136607f..86be9de 100644 --- a/src/lib/kadm5/clnt/Makefile.in +++ b/src/lib/kadm5/clnt/Makefile.in @@ -28,7 +28,6 @@ SRCS = $(srcdir)/clnt_policy.c \ $(srcdir)/client_principal.c \ $(srcdir)/client_init.c \ $(srcdir)/clnt_privs.c \ - $(srcdir)/err_handle.c \ $(srcdir)/clnt_chpass_util.c OBJS = \ @@ -37,7 +36,6 @@ OBJS = \ client_principal.$(OBJEXT) \ client_init.$(OBJEXT) \ clnt_privs.$(OBJEXT) \ - err_handle.$(OBJEXT) \ clnt_chpass_util.$(OBJEXT) STLIBOBJS = \ @@ -46,11 +44,8 @@ STLIBOBJS = \ client_principal.o \ client_init.o \ clnt_privs.o \ - err_handle.o \ clnt_chpass_util.o -err_handle.o : err_handle.h err_handle.c - all-unix:: includes all-unix:: all-liblinks all-windows:: $(OBJS) @@ -95,7 +90,7 @@ clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \ $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - client_internal.h clnt_policy.c err_handle.h + client_internal.h clnt_policy.c client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ @@ -120,7 +115,7 @@ client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \ $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - client_internal.h client_principal.c err_handle.h + client_internal.h client_principal.c client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/auth.h \ @@ -151,10 +146,7 @@ clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \ $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - client_internal.h clnt_privs.c err_handle.h -err_handle.so err_handle.po $(OUTPRE)err_handle.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) err_handle.c err_handle.h + client_internal.h clnt_privs.c clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c index 735d2bf..7b65331 100644 --- a/src/lib/kadm5/clnt/client_principal.c +++ b/src/lib/kadm5/clnt/client_principal.c @@ -16,7 +16,6 @@ static char *rcsid = "$Header$"; #endif #include <errno.h> #include "client_internal.h" -#include "err_handle.h" #ifdef DEBUG #define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0) @@ -256,11 +255,6 @@ kadm5_get_principal(void *server_handle, memcpy(ent, &r->rec, sizeof(r->rec)); } - - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } return r->code; } @@ -289,10 +283,6 @@ kadm5_get_principals(void *server_handle, *princs = NULL; } - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } return r->code; } @@ -494,11 +484,6 @@ kadm5_randkey_principal_3(void *server_handle, } } - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } - return r->code; } @@ -547,11 +532,6 @@ kadm5_randkey_principal(void *server_handle, } } - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } - return r->code; } diff --git a/src/lib/kadm5/clnt/clnt_policy.c b/src/lib/kadm5/clnt/clnt_policy.c index b1157d1..6877ec3 100644 --- a/src/lib/kadm5/clnt/clnt_policy.c +++ b/src/lib/kadm5/clnt/clnt_policy.c @@ -15,7 +15,6 @@ static char *rcsid = "$Header$"; #include <stdlib.h> #include <string.h> #include <errno.h> -#include "err_handle.h" kadm5_ret_t kadm5_create_policy(void *server_handle, @@ -37,10 +36,6 @@ kadm5_create_policy(void *server_handle, if(r == NULL) return KADM5_RPC_ERROR; - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } return r->code; } @@ -63,10 +58,6 @@ kadm5_delete_policy(void *server_handle, char *name) if(r == NULL) return KADM5_RPC_ERROR; - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } return r->code; } @@ -91,10 +82,6 @@ kadm5_modify_policy(void *server_handle, if(r == NULL) return KADM5_RPC_ERROR; - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } return r->code; } @@ -133,10 +120,6 @@ kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent) memcpy(ent, &r->rec, sizeof(r->rec)); } - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } return r->code; } @@ -165,9 +148,5 @@ kadm5_get_policies(void *server_handle, *pols = NULL; } - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } return r->code; } diff --git a/src/lib/kadm5/clnt/clnt_privs.c b/src/lib/kadm5/clnt/clnt_privs.c index e594080..204fd90 100644 --- a/src/lib/kadm5/clnt/clnt_privs.c +++ b/src/lib/kadm5/clnt/clnt_privs.c @@ -79,7 +79,6 @@ static char *rcsid = "$Header$"; #include <kadm5/admin.h> #include <kadm5/kadm_rpc.h> #include "client_internal.h" -#include "err_handle.h" kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) { @@ -92,9 +91,5 @@ kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) else if (r->code == KADM5_OK) *privs = r->privs; - if(r->code) - { - krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); - } return r->code; } diff --git a/src/lib/kadm5/clnt/err_handle.c b/src/lib/kadm5/clnt/err_handle.c deleted file mode 100644 index 9db4611..0000000 --- a/src/lib/kadm5/clnt/err_handle.c +++ /dev/null @@ -1,202 +0,0 @@ -/********************************************************************** -* -* C %name: err_handle.c % -* Instance: idc_sec_1 -* Description: -* %created_by: spradeep % -* %date_created: Thu Apr 7 15:36:27 2005 % -* -**********************************************************************/ -#ifndef lint -static char *_csrc = - "@(#) %filespec: err_handle.c~1 % (%full_filespec: err_handle.c~1:csrc:idc_sec#2 %)"; -#endif - -/* This file should be ideally be in util/et. But, for now thread - safety requirement stops me from putting there. If I do, then all - the applications have to link to pthread. */ - -#include "autoconf.h" -/* XXX This file doesn't build multithreaded at the moment. */ -#undef HAVE_PTHREAD_H - -#ifdef HAVE_PTHREAD_H -#include <pthread.h> -#endif -#include "err_handle.h" -#include <assert.h> -#include <string.h> - -#ifdef NOVELL -krb5_errcode_2_string_func old_error_2_string = NULL; -#endif - -typedef struct -{ - char krb5_err_str[KRB5_MAX_ERR_STR + 1]; - long err_code; - krb5_err_subsystem subsystem; - krb5_context kcontext; -} krb5_err_struct_t; - -#ifdef HAVE_PTHREAD_H -static void -tsd_key_destructor(void *data) -{ - free(data); -} - -static void -init_err_handling(void) -{ - assert(!k5_key_register(K5_KEY_KADM_CLNT_ERR_HANDLER, tsd_key_destructor)); -#ifdef NOVELL - old_error_2_string = error_message; - error_message = krb5_get_err_string; -#endif -} - -static pthread_once_t krb5_key_create = PTHREAD_ONCE_INIT; - -krb5_error_code -krb5_set_err(krb5_context kcontext, krb5_err_subsystem subsystem, - long err_code, char *str) -{ - int ret; - krb5_err_struct_t *err_struct; - pthread_once(&krb5_key_create, init_err_handling); - - err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KADM_CLNT_ERR_HANDLER); - if (err_struct == NULL) { - err_struct = calloc(sizeof(krb5_err_struct_t), 1); - if (err_struct == NULL) - return ENOMEM; - - if ((ret = k5_setspecific(K5_KEY_KADM_CLNT_ERR_HANDLER, err_struct))) { - free(err_struct); - return ret; - } - } - - err_struct->subsystem = subsystem; - err_struct->err_code = err_code; - err_struct->kcontext = kcontext; - if (err_struct->subsystem == krb5_err_have_str) { - strncpy(err_struct->krb5_err_str, str, - sizeof(err_struct->krb5_err_str)); - err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; - } - - return 0; -} - -const char *KRB5_CALLCONV -krb5_get_err_string(long err_code) -{ - krb5_err_struct_t *err_struct; - pthread_once(&krb5_key_create, init_err_handling); - - err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KADM_CLNT_ERR_HANDLER); - if (err_struct && (err_struct->subsystem == krb5_err_have_str) - && (err_code == err_struct->err_code)) { - /* checking error code is for safety. - In case, the caller ignores a database error and calls - other calls before doing com_err. Though not perfect, - caller should call krb5_clr_error before this. */ - err_struct->subsystem = krb5_err_unknown; - return err_struct->krb5_err_str; - } - - /* Error strings are not generated here. the remaining two cases - are handled by the default error string convertor. */ -#ifdef NOVELL - return old_error_2_string(err_code); -#else - return error_message(err_code); -#endif -} - -void -krb5_clr_error() -{ - krb5_err_struct_t *err_struct; - pthread_once(&krb5_key_create, init_err_handling); - - err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KADM_CLNT_ERR_HANDLER); - if (err_struct) - err_struct->subsystem = krb5_err_unknown; -} - -#else -krb5_err_struct_t krb5_err = { {0}, 0, 0, 0 }; -krb5_boolean krb5_init_once = TRUE; - -static void -init_err_handling(void) -{ - if (krb5_init_once) { -#ifdef NOVELL - old_error_2_string = error_message; - error_message = krb5_get_err_string; -#endif - krb5_init_once = FALSE; - } -} - -krb5_error_code -krb5_set_err(krb5_context kcontext, krb5_err_subsystem subsystem, - long err_code, char *str) -{ - krb5_err_struct_t *err_struct = &krb5_err; - - init_err_handling(); /* takes care for multiple inits */ - - err_struct->subsystem = subsystem; - err_struct->err_code = err_code; - err_struct->kcontext = kcontext; - if (err_struct->subsystem == krb5_err_have_str) { - strncpy(err_struct->krb5_err_str, str, - sizeof(err_struct->krb5_err_str)); - err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; - } - - return 0; -} - -const char *KRB5_CALLCONV -krb5_get_err_string(long err_code) -{ - krb5_err_struct_t *err_struct = &krb5_err; - - init_err_handling(); /* takes care for multiple inits */ - - if ((err_struct->subsystem == krb5_err_have_str) - && (err_code == err_struct->err_code)) { - /* checking error code is for safety. - In case, the caller ignores a database error and calls - other calls before doing com_err. Though not perfect, - caller should call krb5_clr_error before this. */ - err_struct->subsystem = krb5_err_unknown; - return err_struct->krb5_err_str; - } - - /* It is not generated here. the remaining two cases are handled - by the default error string convertor. */ -#ifdef NOVELL - return old_error_2_string(err_code); -#else - return error_message(err_code); -#endif -} - -void -krb5_clr_error() -{ - krb5_err_struct_t *err_struct = &krb5_err; - - init_err_handling(); /* takes care for multiple inits */ - - err_struct->subsystem = krb5_err_unknown; -} - -#endif diff --git a/src/lib/kadm5/clnt/err_handle.h b/src/lib/kadm5/clnt/err_handle.h deleted file mode 100644 index 7dea7b6..0000000 --- a/src/lib/kadm5/clnt/err_handle.h +++ /dev/null @@ -1,38 +0,0 @@ -/********************************************************************** -* -* C Header: err_handle.h -* Instance: idc_sec_1 -* Description: -* %created_by: spradeep % -* %date_created: Thu Apr 7 15:36:49 2005 % -* -**********************************************************************/ -#ifndef _idc_sec_1_err_handle_h_H -#define _idc_sec_1_err_handle_h_H -#include <com_err.h> -#include <krb5.h> - -/* Everything else goes here */ - -#define KRB5_MAX_ERR_STR 1024 -typedef enum krb5_err_subsystem { - krb5_err_unknown = 0, /* no error or unknown system. Has to be probed */ - krb5_err_system, /* error in system call */ - krb5_err_krblib, /* error in kerberos library call, should lookup in the error table */ - krb5_err_have_str, /* error message is available in the string */ - krb5_err_db /* error is a database error, should be handled by calling DB */ -} krb5_err_subsystem; - -typedef krb5_error_code(*krb5_set_err_func_t) (krb5_context, - krb5_err_subsystem, long, - char *); - -krb5_error_code krb5_set_err(krb5_context kcontext, - krb5_err_subsystem subsystem, long err_code, - char *str); - -const char *KRB5_CALLCONV krb5_get_err_string(long err_code); - -void krb5_clr_error(void); - -#endif diff --git a/src/lib/kadm5/kadm_rpc.h b/src/lib/kadm5/kadm_rpc.h index 3d11f09..d793ed8 100644 --- a/src/lib/kadm5/kadm_rpc.h +++ b/src/lib/kadm5/kadm_rpc.h @@ -27,7 +27,6 @@ typedef struct cprinc3_arg cprinc3_arg; struct generic_ret { krb5_ui_4 api_version; kadm5_ret_t code; - char *err_str; }; typedef struct generic_ret generic_ret; @@ -62,7 +61,6 @@ struct gprincs_ret { kadm5_ret_t code; char **princs; int count; - char *err_str; }; typedef struct gprincs_ret gprincs_ret; @@ -130,7 +128,6 @@ struct chrand_ret { krb5_keyblock key; krb5_keyblock *keys; int n_keys; - char *err_str; }; typedef struct chrand_ret chrand_ret; @@ -145,7 +142,6 @@ struct gprinc_ret { krb5_ui_4 api_version; kadm5_ret_t code; kadm5_principal_ent_rec rec; - char *err_str; }; typedef struct gprinc_ret gprinc_ret; @@ -179,7 +175,6 @@ struct gpol_ret { krb5_ui_4 api_version; kadm5_ret_t code; kadm5_policy_ent_rec rec; - char *err_str; }; typedef struct gpol_ret gpol_ret; @@ -194,7 +189,6 @@ struct gpols_ret { kadm5_ret_t code; char **pols; int count; - char *err_str; }; typedef struct gpols_ret gpols_ret; @@ -202,7 +196,6 @@ struct getprivs_ret { krb5_ui_4 api_version; kadm5_ret_t code; long privs; - char *err_str; }; typedef struct getprivs_ret getprivs_ret; diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c index 346a36e..aa2363c 100644 --- a/src/lib/kadm5/kadm_rpc_xdr.c +++ b/src/lib/kadm5/kadm_rpc_xdr.c @@ -545,18 +545,6 @@ xdr_generic_ret(XDR *xdrs, generic_ret *objp) return (FALSE); } - if( xdrs->x_op == XDR_ENCODE ) - { - char *tmp_str = "Unknown error code"; - if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { - return (FALSE); - } - } else { - if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { - return (FALSE); - } - } - return(TRUE); } @@ -640,18 +628,6 @@ xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp) } } - if( xdrs->x_op == XDR_ENCODE ) - { - char *tmp_str = "Unknown error code"; - if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { - return (FALSE); - } - } else { - if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { - return (FALSE); - } - } - return (TRUE); } @@ -812,18 +788,6 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp) } } - if( xdrs->x_op == XDR_ENCODE ) - { - char *tmp_str = "Unknown error code"; - if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { - return (FALSE); - } - } else { - if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { - return (FALSE); - } - } - return (TRUE); } @@ -865,18 +829,6 @@ xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp) } } - if( xdrs->x_op == XDR_ENCODE ) - { - char *tmp_str = "Unknown error code"; - if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { - return (FALSE); - } - } else { - if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { - return (FALSE); - } - } - return (TRUE); } @@ -948,18 +900,6 @@ xdr_gpol_ret(XDR *xdrs, gpol_ret *objp) return (FALSE); } - if( xdrs->x_op == XDR_ENCODE ) - { - char *tmp_str = "Unknown error code"; - if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { - return (FALSE); - } - } else { - if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { - return (FALSE); - } - } - return (TRUE); } @@ -995,18 +935,6 @@ xdr_gpols_ret(XDR *xdrs, gpols_ret *objp) } } - if( xdrs->x_op == XDR_ENCODE ) - { - char *tmp_str = "Unknown error code"; - if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { - return (FALSE); - } - } else { - if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { - return (FALSE); - } - } - return (TRUE); } @@ -1019,18 +947,6 @@ bool_t xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp) ! xdr_long(xdrs, &objp->privs)) return FALSE; - if( xdrs->x_op == XDR_ENCODE ) - { - char *tmp_str = "Unknown error code"; - if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { - return (FALSE); - } - } else { - if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { - return (FALSE); - } - } - return TRUE; } diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index 69f53a0..f78c7b4 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -171,6 +171,7 @@ static struct log_entry def_log_entry; * klog_com_err_proc() - Handle com_err(3) messages as specified by the * profile. */ +static krb5_context err_context; static void klog_com_err_proc(const char *whoami, long int code, const char *format, va_list ap) { @@ -194,7 +195,8 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list /* If reporting an error message, separate it. */ if (code) { outbuf[sizeof(outbuf) - 1] = '\0'; - strncat(outbuf, error_message(code), sizeof(outbuf) - 1 - strlen(outbuf)); + + strncat(outbuf, krb5_get_error_message (err_context, code), sizeof(outbuf) - 1 - strlen(outbuf)); strncat(outbuf, " - ", sizeof(outbuf) - 1 - strlen(outbuf)); } cp = &outbuf[strlen(outbuf)]; @@ -360,6 +362,8 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do do_openlog = 0; log_facility = 0; + err_context = kcontext; + /* * Look up [logging]-><ename> in the profile. If that doesn't * succeed, then look for [logging]->default. diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index dd1fe66..106d318 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -259,7 +259,8 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return ret; } - ret = krb5_db_open(handle->context, db_args, KRB5_KDB_OPEN_RW); + ret = krb5_db_open(handle->context, db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN); if (ret) { krb5_free_context(handle->context); free_db_args(handle); @@ -406,7 +407,8 @@ kadm5_ret_t kadm5_flush(void *server_handle) CHECK_HANDLE(server_handle); if ((ret = krb5_db_fini(handle->context)) || - (ret = krb5_db_open(handle->context, handle->db_args, KRB5_KDB_OPEN_RW)) || + (ret = krb5_db_open(handle->context, handle->db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) || (ret = adb_policy_close(handle)) || (ret = adb_policy_init(handle))) { (void) kadm5_destroy(server_handle); diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c index f7bfd58..fa4e62e 100644 --- a/src/lib/kadm5/srv/server_misc.c +++ b/src/lib/kadm5/srv/server_misc.c @@ -25,7 +25,8 @@ adb_policy_init(kadm5_server_handle_t handle) if( krb5_db_inited( handle->context ) ) return KADM5_OK; - return krb5_db_open( handle->context, NULL, KRB5_KDB_OPEN_RW ); + return krb5_db_open( handle->context, NULL, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN ); } kadm5_ret_t diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index 31333b7..d57d2f1 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -47,7 +47,7 @@ kadm5_create_policy(void *server_handle, { CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context); if (mask & KADM5_REF_COUNT) return KADM5_BAD_MASK; @@ -157,7 +157,7 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name) CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if(name == (kadm5_policy_t) NULL) return EINVAL; @@ -185,7 +185,7 @@ kadm5_modify_policy(void *server_handle, { CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context); if (mask & KADM5_REF_COUNT) return KADM5_BAD_MASK; @@ -266,7 +266,7 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); /* * In version 1, entry is a pointer to a kadm5_policy_ent_t that diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 18ab480..36ca2a1 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -199,7 +199,7 @@ kadm5_create_principal_3(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); /* * Argument sanity checking, and opening up the DB @@ -380,6 +380,9 @@ kadm5_create_principal_3(void *server_handle, } } + /* In all cases key and the principal data is set, let the database provider know */ + kdb.mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL ; + /* store the new db entry */ ret = kdb_put_entry(handle, &kdb, &adb); @@ -421,7 +424,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if (principal == NULL) return EINVAL; @@ -469,7 +472,7 @@ kadm5_modify_principal(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || @@ -628,6 +631,9 @@ kadm5_modify_principal(void *server_handle, } } + /* let the mask propagate to the database provider */ + kdb.mask = mask; + ret = kdb_put_entry(handle, &kdb, &adb); if (ret) goto done; @@ -656,7 +662,7 @@ kadm5_rename_principal(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if (source == NULL || target == NULL) return EINVAL; @@ -711,7 +717,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); /* * In version 1, all the defined fields are always returned. @@ -1289,7 +1295,7 @@ kadm5_chpass_principal_3(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); hist_added = 0; memset(&hist, 0, sizeof(hist)); @@ -1433,6 +1439,9 @@ kadm5_chpass_principal_3(void *server_handle, if (ret) goto done; + /* key data and attributes changed, let the database provider know */ + kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES /* | KADM5_CPW_FUNCTION */; + if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; @@ -1478,13 +1487,13 @@ kadm5_randkey_principal_3(void *server_handle, int ret, last_pwd, have_pol = 0; kadm5_server_handle_t handle = server_handle; - krb5_db_clr_error(); - if (keyblocks) *keyblocks = NULL; CHECK_HANDLE(server_handle); + krb5_clear_error_message(handle->context); + if (principal == NULL) return EINVAL; if (hist_princ && /* this will be NULL when initializing the databse */ @@ -1580,6 +1589,9 @@ kadm5_randkey_principal_3(void *server_handle, } } + /* key data changed, let the database provider know */ + kdb.mask = KADM5_KEY_DATA /* | KADM5_RANDKEY_USED */; + if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; @@ -1616,12 +1628,12 @@ kadm5_setv4key_principal(void *server_handle, kadm5_server_handle_t handle = server_handle; krb5_key_data tmp_key_data; - krb5_db_clr_error(); - memset( &tmp_key_data, 0, sizeof(tmp_key_data)); CHECK_HANDLE(server_handle); + krb5_clear_error_message(handle->context); + if (principal == NULL || keyblock == NULL) return EINVAL; if (hist_princ && /* this will be NULL when initializing the databse */ @@ -1797,7 +1809,7 @@ kadm5_setkey_principal_3(void *server_handle, CHECK_HANDLE(server_handle); - krb5_db_clr_error(); + krb5_clear_error_message(handle->context); if (principal == NULL || keyblocks == NULL) return EINVAL; diff --git a/src/lib/kdb/Makefile.in b/src/lib/kdb/Makefile.in index 78c2970..5efd65b 100644 --- a/src/lib/kdb/Makefile.in +++ b/src/lib/kdb/Makefile.in @@ -25,8 +25,6 @@ SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(DL_LIB) $(LIBS) SHLIB_DIRS=-L$(TOPLIBD) SHLIB_RDIRS=$(KRB5_LIBDIR) -all:: - adb_err.$(OBJEXT): adb_err.c adb_err.c adb_err.h: $(srcdir)/adb_err.et @@ -37,7 +35,6 @@ SRCS= \ $(srcdir)/kdb_default.c \ $(srcdir)/kdb_cpw.c \ adb_err.c \ - $(srcdir)/err_handle.c \ $(srcdir)/keytab.c STOBJLISTS=OBJS.ST @@ -48,7 +45,6 @@ STLIBOBJS= \ kdb_default.o \ kdb_cpw.o \ adb_err.o \ - err_handle.o \ keytab.o all-unix:: all-liblinks @@ -70,7 +66,7 @@ kdb5.so kdb5.po $(OUTPRE)kdb5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - adb_err.h err_handle.h kdb5.c kdb5.h + adb_err.h kdb5.c kdb5.h encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -105,14 +101,6 @@ kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h kdb_cpw.c adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): $(COM_ERR_DEPS) \ adb_err.c -err_handle.so err_handle.po $(OUTPRE)err_handle.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-locate.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - err_handle.c err_handle.h keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ diff --git a/src/lib/kdb/err_handle.c b/src/lib/kdb/err_handle.c deleted file mode 100644 index 50b8a2a..0000000 --- a/src/lib/kdb/err_handle.c +++ /dev/null @@ -1,210 +0,0 @@ -/********************************************************************** -* -* C %name: err_handle.c % -* Instance: idc_sec_1 -* Description: -* %created_by: spradeep % -* %date_created: Thu Apr 7 14:05:00 2005 % -* -**********************************************************************/ -#ifndef lint -static char *_csrc = - "@(#) %filespec: err_handle.c~1 % (%full_filespec: err_handle.c~1:csrc:idc_sec#1 %)"; -#endif - -/* This file should be ideally be in util/et. But, for now thread - safety requirement stops me from putting there. if I do, then all - the applications have to link to pthread. */ - -#include "autoconf.h" -#if defined(ENABLE_THREADS) && defined(HAVE_PTHREAD_H) -#include <pthread.h> -#endif -#include "err_handle.h" -#include <assert.h> - -#ifdef NOVELL -krb5_errcode_2_string_func old_error_2_string = NULL; -#endif - -typedef struct -{ - char krb5_err_str[KRB5_MAX_ERR_STR + 1]; - long err_code; - krb5_err_subsystem subsystem; - krb5_context kcontext; -} krb5_err_struct_t; - -#if defined(ENABLE_THREADS) && defined(HAVE_PTHREAD_H) -static void -tsd_key_destructor(void *data) -{ - free(data); -} - -static void -init_err_handling(void) -{ - assert(!k5_key_register(K5_KEY_KDB_ERR_HANDLER, tsd_key_destructor)); -#ifdef NOVELL - old_error_2_string = error_message; - error_message = krb5_get_err_string; -#endif -} - -static pthread_once_t krb5_key_create = PTHREAD_ONCE_INIT; - -krb5_error_code -krb5_set_err(krb5_context kcontext, krb5_err_subsystem subsystem, - long err_code, char *str) -{ - int ret; - krb5_err_struct_t *err_struct; - pthread_once(&krb5_key_create, init_err_handling); - - err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KDB_ERR_HANDLER); - if (err_struct == NULL) { - err_struct = calloc(sizeof(krb5_err_struct_t), 1); - if (err_struct == NULL) - return ENOMEM; - - if ((ret = k5_setspecific(K5_KEY_KDB_ERR_HANDLER, err_struct))) { - free(err_struct); - return ret; - } - } - - err_struct->subsystem = subsystem; - err_struct->err_code = err_code; - err_struct->kcontext = kcontext; - if (err_struct->subsystem == krb5_err_have_str) { - strncpy(err_struct->krb5_err_str, str, - sizeof(err_struct->krb5_err_str)); - err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; - } - - return 0; -} - -const char *KRB5_CALLCONV -krb5_get_err_string(long err_code) -{ - krb5_err_struct_t *err_struct; - pthread_once(&krb5_key_create, init_err_handling); - - err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KDB_ERR_HANDLER); - if (err_struct && (err_struct->subsystem == krb5_err_have_str) - && (err_code == err_struct->err_code)) { - /* Checking error code is for safety. - In case, the caller ignores a database error and calls - other calls before doing com_err. Though not perfect, - caller should call krb5_clr_error before this. */ - err_struct->subsystem = krb5_err_unknown; - return err_struct->krb5_err_str; - } - - if (err_struct && (err_struct->subsystem == krb5_err_db) - && (err_code == err_struct->err_code)) { - err_struct->subsystem = krb5_err_unknown; - return krb5_db_errcode2string(err_struct->kcontext, err_code); - } - - /* Error strings are not generated here. the remaining two cases - are handled by the default error string convertor. */ -#ifdef NOVELL - return old_error_2_string(err_code); -#else - return error_message(err_code); -#endif -} - -void -krb5_clr_error() -{ - krb5_err_struct_t *err_struct; - pthread_once(&krb5_key_create, init_err_handling); - - err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KDB_ERR_HANDLER); - if (err_struct) - err_struct->subsystem = krb5_err_unknown; -} - -#else -krb5_err_struct_t krb5_err = { {0}, 0, 0, 0 }; -krb5_boolean krb5_init_once = TRUE; - -static void -init_err_handling(void) -{ - if (krb5_init_once) { -#ifdef NOVELL - old_error_2_string = error_message; - error_message = krb5_get_err_string; -#endif - krb5_init_once = FALSE; - } -} - -krb5_error_code -krb5_set_err(krb5_context kcontext, krb5_err_subsystem subsystem, - long err_code, char *str) -{ - krb5_err_struct_t *err_struct = &krb5_err; - - init_err_handling(); /* takes care for multiple inits */ - - err_struct->subsystem = subsystem; - err_struct->err_code = err_code; - err_struct->kcontext = kcontext; - if (err_struct->subsystem == krb5_err_have_str) { - strncpy(err_struct->krb5_err_str, str, - sizeof(err_struct->krb5_err_str)); - err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; - } - - return 0; -} - -const char *KRB5_CALLCONV -krb5_get_err_string(long err_code) -{ - krb5_err_struct_t *err_struct = &krb5_err; - - init_err_handling(); /* takes care for multiple inits */ - - if ((err_struct->subsystem == krb5_err_have_str) - && (err_code == err_struct->err_code)) { - /* checking error code is for safety. - In case, the caller ignores a database error and calls - other calls before doing com_err. Though not perfect, - caller should call krb5_clr_error before this. */ - err_struct->subsystem = krb5_err_unknown; - return err_struct->krb5_err_str; - } - - if ((err_struct->subsystem == krb5_err_db) - && (err_code == err_struct->err_code)) { - err_struct->subsystem = krb5_err_unknown; - return krb5_db_errcode2string(err_struct->kcontext, err_code); - } - - /* It is not generated here. the remaining two cases are handled - by the default error string convertor. */ -#ifdef NOVELL - return old_error_2_string(err_code); -#else - return error_message(err_code); -#endif -} - -void -krb5_clr_error() -{ - krb5_err_struct_t *err_struct = &krb5_err; - - init_err_handling(); /* takes care for multiple inits */ - - err_struct->subsystem = krb5_err_unknown; -} - -#endif diff --git a/src/lib/kdb/err_handle.h b/src/lib/kdb/err_handle.h deleted file mode 100644 index ba1e320..0000000 --- a/src/lib/kdb/err_handle.h +++ /dev/null @@ -1,37 +0,0 @@ -/********************************************************************** -* -* C Header: err_handle.h -* Instance: idc_sec_1 -* Description: -* %created_by: spradeep % -* %date_created: Thu Apr 7 14:05:33 2005 % -* -**********************************************************************/ -#ifndef _idc_sec_1_err_handle_h_H -#define _idc_sec_1_err_handle_h_H -#include <k5-int.h> - -/* Everything else goes here */ - -#define KRB5_MAX_ERR_STR 1024 -typedef enum krb5_err_subsystem { - krb5_err_unknown = 0, /* no error or unknown system. Has to be probed */ - krb5_err_system, /* error in system call */ - krb5_err_krblib, /* error in kerberos library call, should lookup in the error table */ - krb5_err_have_str, /* error message is available in the string */ - krb5_err_db /* error is a database error, should be handled by calling DB */ -} krb5_err_subsystem; - -typedef krb5_error_code(*krb5_set_err_func_t) (krb5_context, - krb5_err_subsystem, long, - char *); - -krb5_error_code krb5_set_err(krb5_context kcontext, - krb5_err_subsystem subsystem, long err_code, - char *str); - -const char *KRB5_CALLCONV krb5_get_err_string(long err_code); - -void krb5_clr_error(void); - -#endif diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index ad5cb05..ce66474 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -273,7 +273,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) kdb_setup_opt_functions(*lib); - if ((status = (*lib)->vftabl.init_library(krb5_set_err))) { + if ((status = (*lib)->vftabl.init_library())) { /* ERROR. library not initialized cleanly */ sprintf(buf, "%s library initialization failed, error code %ld\n", lib_name, status); @@ -365,14 +365,17 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) kdb_setup_opt_functions(*lib); - if ((status = (*lib)->vftabl.init_library(krb5_set_err))) { + if ((status = (*lib)->vftabl.init_library())) { /* ERROR. library not initialized cleanly */ goto clean_n_exit; } } else { + err_str = dlerror(); + if(err_str == NULL) + err_str = ""; status = KRB5_KDB_DBTYPE_INIT; - krb5_set_err(kcontext, krb5_err_have_str, status, dlerror()); + krb5_set_error_message (kcontext, status, "%s", err_str); goto clean_n_exit; } break; @@ -385,8 +388,8 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) if (!(*lib)->dl_handle) { /* library not found in the given list. Error str is already set */ - status = KRB5_KDB_DBTYPE_NOTFOUND; - krb5_set_err(kcontext, krb5_err_have_str, status, err_str); + status = KRB5_KDB_DBTYPE_NOTFOUND; + krb5_set_error_message (kcontext, status, "%s", err_str); goto clean_n_exit; } @@ -568,27 +571,19 @@ kdb_free_lib_handle(krb5_context kcontext) /* * External functions... DAL API */ -void -krb5_db_clr_error() -{ - krb5_clr_error(); -} - krb5_error_code krb5_db_open(krb5_context kcontext, char **db_args, int mode) { krb5_error_code status = 0; char *section = NULL; kdb5_dal_handle *dal_handle; - char buf[KRB5_MAX_ERR_STR]; section = kdb_get_conf_section(kcontext); if (section == NULL) { - sprintf(buf, + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, "unable to determine configuration section for realm %s\n", kcontext->default_realm ? kcontext->default_realm : "[UNSET]"); - status = -1; - krb5_set_err(kcontext, krb5_err_have_str, status, buf); goto clean_n_exit; } @@ -658,15 +653,13 @@ krb5_db_create(krb5_context kcontext, char **db_args) krb5_error_code status = 0; char *section = NULL; kdb5_dal_handle *dal_handle; - char buf[KRB5_MAX_ERR_STR]; section = kdb_get_conf_section(kcontext); if (section == NULL) { - sprintf(buf, + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, "unable to determine configuration section for realm %s\n", kcontext->default_realm); - status = -1; - krb5_set_err(kcontext, krb5_err_have_str, status, buf); goto clean_n_exit; } @@ -731,15 +724,13 @@ krb5_db_destroy(krb5_context kcontext, char **db_args) krb5_error_code status = 0; char *section = NULL; kdb5_dal_handle *dal_handle; - char buf[KRB5_MAX_ERR_STR]; section = kdb_get_conf_section(kcontext); if (section == NULL) { - sprintf(buf, + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, "unable to determine configuration section for realm %s\n", kcontext->default_realm); - status = -1; - krb5_set_err(kcontext, krb5_err_have_str, status, buf); goto clean_n_exit; } diff --git a/src/lib/kdb/kdb5.h b/src/lib/kdb/kdb5.h index cc4992b..3e4701a 100644 --- a/src/lib/kdb/kdb5.h +++ b/src/lib/kdb/kdb5.h @@ -10,12 +10,12 @@ #include <utime.h> #include <k5-int.h> #include "kdb.h" -#include "err_handle.h" #define KDB_MAX_DB_NAME 128 #define KDB_REALM_SECTION "realms" #define KDB_MODULE_POINTER "database_module" -#define KDB_MODULE_SECTION "db_modules" +#define KDB_MODULE_DEF_SECTION "dbdefaults" +#define KDB_MODULE_SECTION "dbmodules" #define KDB_LIB_POINTER "db_library" #define KDB_DATABASE_CONF_FILE DEFAULT_SECURE_PROFILE_PATH #define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV @@ -23,6 +23,22 @@ #define KRB5_KDB_OPEN_RW 0 #define KRB5_KDB_OPEN_RO 1 +#ifndef KRB5_KDB_SRV_TYPE_KDC +#define KRB5_KDB_SRV_TYPE_KDC 0x0100 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_ADMIN +#define KRB5_KDB_SRV_TYPE_ADMIN 0x0200 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_PASSWD +#define KRB5_KDB_SRV_TYPE_PASSWD 0x0300 +#endif + +#ifndef KRB5_KDB_SRV_TYPE_OTHER +#define KRB5_KDB_SRV_TYPE_OTHER 0x0400 +#endif + #define KRB5_KDB_OPT_SET_DB_NAME 0 #define KRB5_KDB_OPT_SET_LOCK_MODE 1 @@ -50,7 +66,7 @@ typedef struct _kdb_vftabl{ short int maj_ver; short int min_ver; - krb5_error_code (*init_library)(krb5_set_err_func_t); + krb5_error_code (*init_library)(); krb5_error_code (*fini_library)(); krb5_error_code (*init_module) ( krb5_context kcontext, char * conf_section, diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports index c4d2c88..fe2fae6 100644 --- a/src/lib/kdb/libkdb5.exports +++ b/src/lib/kdb/libkdb5.exports @@ -1,6 +1,5 @@ krb5_db_open krb5_db_inited -krb5_db_clr_error krb5_db_alloc krb5_db_free krb5_db_create @@ -48,3 +47,4 @@ krb5_db_put_policy krb5_db_iter_policy krb5_db_delete_policy krb5_db_free_policy +krb5_def_store_mkey diff --git a/src/lib/krb5/error_tables/kdb5_err.et b/src/lib/krb5/error_tables/kdb5_err.et index 7c146e6..79a7c96 100644 --- a/src/lib/krb5/error_tables/kdb5_err.et +++ b/src/lib/krb5/error_tables/kdb5_err.et @@ -71,5 +71,6 @@ ec KRB5_KDB_NO_MATCHING_KEY, "No matching key in entry" ec KRB5_KDB_DBTYPE_NOTFOUND, "Unable to find requested database type" ec KRB5_KDB_DBTYPE_NOSUP, "Database type not supported" ec KRB5_KDB_DBTYPE_INIT, "Database library failed to initialize" +ec KRB5_KDB_SERVER_INTERNAL_ERR, "Server error" end diff --git a/src/plugins/kdb/db2/Makefile.in b/src/plugins/kdb/db2/Makefile.in index 5c4d68a..00a2145 100644 --- a/src/plugins/kdb/db2/Makefile.in +++ b/src/plugins/kdb/db2/Makefile.in @@ -35,7 +35,6 @@ SHLIB_EXPDEPS = \ $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ $(TOPLIBD)/libkrb5$(SHLIBEXT) SHLIB_EXPLIBS= $(GSSRPC_LIBS) -lkrb5 -lcom_err -lk5crypto $(KDB5_DB_LIB) $(SUPPORT_LIB) $(LIBS) -# -lgssrpc $(KDB5_DB_LIB) SHLIB_DIRS=-L$(TOPLIBD) SHLIB_RDIRS=$(KRB5_LIBDIR) @@ -130,9 +129,8 @@ kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/k5-locate.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kdb.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/err_handle.h \ - $(SRCTOP)/lib/kdb/kdb5.h kdb_compat.h kdb_db2.c kdb_db2.h \ - kdb_xdr.h policy_db.h + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_compat.h kdb_db2.c kdb_db2.h kdb_xdr.h policy_db.h pol_xdr.so pol_xdr.po $(OUTPRE)pol_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/auth.h \ $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssrpc/auth_unix.h \ @@ -153,6 +151,5 @@ db2_exp.so db2_exp.po $(OUTPRE)db2_exp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/k5-locate.h $(SRCTOP)/include/k5-platform.h \ $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kdb.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/err_handle.h \ - $(SRCTOP)/lib/kdb/kdb5.h db2_exp.c kdb_db2.h kdb_xdr.h \ - policy_db.h + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + db2_exp.c kdb_db2.h kdb_xdr.h policy_db.h diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c index e44728d..8938c6d 100644 --- a/src/plugins/kdb/db2/db2_exp.c +++ b/src/plugins/kdb/db2/db2_exp.c @@ -194,13 +194,13 @@ WRAP_K (krb5_db2_db_get_mkey, (context, key)); static krb5_error_code -hack_init (krb5_set_err_func_t f) +hack_init () { krb5_error_code c; c = krb5int_mutex_alloc (&krb5_db2_mutex); if (c) return c; - return krb5_db2_lib_init (f); + return krb5_db2_lib_init (); } static krb5_error_code diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index f3f1e00..48e8482 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -88,7 +88,6 @@ krb5_error_code krb5_db2_db_lock(krb5_context, int); static krb5_error_code krb5_db2_db_set_hashfirst(krb5_context, int); static char default_db_name[] = DEFAULT_KDB_FILE; -krb5_set_err_func_t krb5_db2_dal_err_funcp = NULL; /* * Locking: @@ -958,11 +957,12 @@ krb5_db2_db_put_principal(krb5_context context, krb5_db2_context *db_ctx; kdb5_dal_handle *dal_handle; + krb5_clear_error_message (context); if (db_args) { /* DB2 does not support db_args DB arguments for principal */ - char buf[KRB5_MAX_ERR_STR]; - sprintf(buf, "Unsupported argument \"%s\" for db2", db_args[0]); - krb5_db2_dal_err_funcp(context, krb5_err_have_str, EINVAL, buf); + krb5_set_error_message(context, EINVAL, + "Unsupported argument \"%s\" for db2", + db_args[0]); return EINVAL; } @@ -1209,9 +1209,8 @@ krb5_db2_db_set_lockmode(krb5_context context, krb5_boolean mode) * DAL API functions */ krb5_error_code -krb5_db2_lib_init(krb5_set_err_func_t set_err) +krb5_db2_lib_init() { - krb5_db2_dal_err_funcp = set_err; return 0; } @@ -1230,6 +1229,8 @@ krb5_db2_open(krb5_context kcontext, char **t_ptr = db_args; char db_name_set = 0; + krb5_clear_error_message (kcontext); + if (k5db2_inited(kcontext)) return 0; @@ -1248,10 +1249,9 @@ krb5_db2_open(krb5_context kcontext, } /* ignore hash argument. Might have been passed from create */ else if (!opt || strcmp(opt, "hash")) { - char buf[KRB5_MAX_ERR_STR]; - sprintf(buf, "Unsupported argument \"%s\" for db2", - opt ? opt : val); - krb5_db2_dal_err_funcp(kcontext, krb5_err_have_str, EINVAL, buf); + krb5_set_error_message(kcontext, EINVAL, + "Unsupported argument \"%s\" for db2", + opt ? opt : val); free(opt); free(val); return EINVAL; @@ -1299,6 +1299,8 @@ krb5_db2_create(krb5_context kcontext, char *conf_section, char **db_args) krb5_int32 flags = KRB5_KDB_CREATE_BTREE; char *db_name = NULL; + krb5_clear_error_message (kcontext); + if (k5db2_inited(kcontext)) return 0; @@ -1321,10 +1323,9 @@ krb5_db2_create(krb5_context kcontext, char *conf_section, char **db_args) else if (opt && !strcmp(opt, "hash")) { flags = KRB5_KDB_CREATE_HASH; } else { - char buf[KRB5_MAX_ERR_STR]; - sprintf(buf, "Unsupported argument \"%s\" for db2", - opt ? opt : val); - krb5_db2_dal_err_funcp(kcontext, krb5_err_have_str, EINVAL, buf); + krb5_set_error_message(kcontext, EINVAL, + "Unsupported argument \"%s\" for db2", + opt ? opt : val); free(opt); free(val); return EINVAL; diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h index 77ca60c..41dad90 100644 --- a/src/plugins/kdb/db2/kdb_db2.h +++ b/src/plugins/kdb/db2/kdb_db2.h @@ -134,7 +134,7 @@ krb5_db2_db_delete_principal(krb5_context context, krb5_const_principal searchfor, int *nentries); -krb5_error_code krb5_db2_lib_init(krb5_set_err_func_t); +krb5_error_code krb5_db2_lib_init(); krb5_error_code krb5_db2_lib_cleanup(void); @@ -204,8 +204,4 @@ krb5_error_code krb5_db2_delete_policy ( krb5_context kcontext, void krb5_db2_free_policy( krb5_context kcontext, osa_policy_ent_t entry ); - - -extern krb5_set_err_func_t krb5_db2_dal_err_funcp; - #endif /* KRB5_KDB_DB2_H */ diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index 01502f3..120780b 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -30,7 +30,7 @@ kdc.conf: Makefile krb5.conf: Makefile cat $(SRCTOP)/config-files/krb5.conf > krb5.new - echo "[db_modules]" >> krb5.new + echo "[dbmodules]" >> krb5.new echo " db_module_dir = `pwd`/../util/fakedest$(KRB5_DB_MODULE_DIR)" >> krb5.new mv krb5.new krb5.conf diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index abb7b79..7f964a3 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -938,7 +938,7 @@ proc setup_krb5_conf { {type client} } { puts $conffile " kdc = FILE:$tmppwd/kdc.log" puts $conffile " default = FILE:$tmppwd/others.log" puts $conffile "" - puts $conffile "\[db_modules\]" + puts $conffile "\[dbmodules\]" puts $conffile " db_module_dir = $tmppwd/../../../util/fakedest$KRB5_DB_MODULE_DIR" puts $conffile " foo_db2 = {" puts $conffile " db_library = db2" |