diff options
Diffstat (limited to 'src/kdc')
-rw-r--r-- | src/kdc/do_as_req.c | 7 | ||||
-rw-r--r-- | src/kdc/do_tgs_req.c | 6 | ||||
-rw-r--r-- | src/kdc/kdc_preauth.c | 8 | ||||
-rw-r--r-- | src/kdc/main.c | 8 |
4 files changed, 17 insertions, 12 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 2916cfe..1523d1f 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -427,17 +427,18 @@ process_as_req(krb5_kdc_req *request, const krb5_fulladdr *from, #endif /* KRBCONF_KDC_MODIFIES_KDB */ errout: - if (status) + if (status) { krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s", ktypestr, fromstring, status, cname ? cname : "<unknown client>", sname ? sname : "<unknown server>", errcode ? ", " : "", - errcode ? error_message(errcode) : ""); + errcode ? krb5_get_error_message (kdc_context, errcode) : ""); + } if (errcode) { if (status == 0) - status = error_message (errcode); + status = krb5_get_error_message (kdc_context, errcode); errcode -= ERROR_TABLE_BASE_krb5; if (errcode < 0 || errcode > 128) errcode = KRB_ERR_GENERIC; diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index d85d4b5..7f8f265 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -509,7 +509,7 @@ tgt_again: sname ? sname : "<unknown server>", enc_tkt_reply.transited.tr_contents.length, enc_tkt_reply.transited.tr_contents.data, - error_message (errcode)); + krb5_get_error_message(kdc_context, errcode)); } else krb5_klog_syslog (LOG_INFO, "not checking transit path"); if (reject_bad_transit @@ -655,12 +655,12 @@ cleanup: cname ? cname : "<unknown client>", sname ? sname : "<unknown server>", errcode ? ", " : "", - errcode ? error_message(errcode) : ""); + errcode ? krb5_get_error_message (kdc_context, errcode) : ""); } if (errcode) { if (status == 0) - status = error_message (errcode); + status = krb5_get_error_message (kdc_context, errcode); errcode -= ERROR_TABLE_BASE_krb5; if (errcode < 0 || errcode > 128) errcode = KRB_ERR_GENERIC; diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index d5698eb..48a6a6a 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -371,7 +371,8 @@ check_padata (krb5_context context, krb5_db_entry *client, enc_tkt_reply, *padata); if (retval) { krb5_klog_syslog (LOG_INFO, "preauth (%s) verify failure: %s", - pa_sys->name, error_message (retval)); + pa_sys->name, + krb5_get_error_message (context, retval)); if (pa_sys->flags & PA_REQUIRED) { pa_ok = 0; break; @@ -394,9 +395,10 @@ check_padata (krb5_context context, krb5_db_entry *client, !isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH)) return 0; - if (!pa_found) + if (!pa_found) { krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s", - error_message (retval)); + krb5_get_error_message(context, retval)); + } /* The following switch statement allows us * to return some preauth system errors back to the client. */ diff --git a/src/kdc/main.c b/src/kdc/main.c index c5ecdec..d03b81e 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -240,9 +240,11 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, /* first open the database before doing anything */ #ifdef KRBCONF_KDC_MODIFIES_KDB - if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RW))) { + if ((kret = krb5_db_open(rdp->realm_context, db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_KDC))) { #else - if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RO))) { + if ((kret = krb5_db_open(rdp->realm_context, db_args, + KRB5_KDB_OPEN_RO | KRB5_KDB_SRV_TYPE_KDC))) { #endif com_err(progname, kret, "while initializing database for realm %s", realm); @@ -590,7 +592,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) com_err(argv[0], retval, "while attempting to retrieve default realm"); fprintf (stderr, "%s: %s, attempting to retrieve default realm\n", - argv[0], error_message (retval)); + argv[0], krb5_get_error_message(kcontext, retval)); exit(1); } if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { |