Partial merge from Novell LDAP integration branch, not including the
authorKen Raeburn <raeburn@mit.edu>
Thu, 13 Apr 2006 18:58:56 +0000 (18:58 +0000)
committerKen Raeburn <raeburn@mit.edu>
Thu, 13 Apr 2006 18:58:56 +0000 (18:58 +0000)
actual LDAP bits:

* include/kdb.h (krb5_db_entry_new): Add MASK field indicating what's
changed.
(KRB5_KDB_SRV_TYPE_*): New macros indicating which type of service is
accessing the database.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* lib/kadm5/srv/server_misc.c, server_init.c: Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_stash.c (kdb5_stash): Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_util.c (open_db_and_mkey): Pass service type to
krb5_db_open.
* kdc/main.c (init_realm): Pass service type to krb5_db_open.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* kadmin/dbutil/dump.c (load_db): Pass service type to krb5_db_open.
* lib/kdb/kdb5.h (KRB5_KDB_SRV_TYPE_*): New macros.

* lib/kdb/err_handle.{c,h}: Deleted.
* lib/kadm5/clnt/err_handle.{c,h}: Deleted.
(krb5_db_clr_error): Declaration deleted.
* lib/kdb/Makefile.in, lib/kadm5/clnt/Makefile.in: Don't build them.
* lib/kdb/kdb5.c, lib/kadm5/clnt, lib/kadm5/srv: Use new error-message API.
* kdc/do_tgs_req.c (process_tgs_req): Use new error-message API.
* kdc/kdc_preauth.c (check_padata)
* kdc/do_as_req.c (process_as_req):
* kdc/main.c (init_realm):
* kadmin/server/ovsec_kadmd.c (main, do_schpw):
* schpw.c (process_chpw_request):
* kadmin/server/server_stubs.c:
* kadmin/cli/kadmin.c (extended_com_err_fn): New function.
(kadmin_startup): Tell com_err library to use it, for kadmin.local.
* lib/kdb/libkdb5.exports: Don't export krb5_db_clr_error.
* lib/kdb/Makefile.in: (SRCS, STLIBOBJS): Don't build err_handle.c.
* lib/kdb/kdb5.c (kdb_load_library): Don't pass argument to init_library.
(krb5_db_clr_error): Function deleted.
* lib/kdb/kdb5.h (struct _kdb_vftabl): Remove argument from init_library field.
* lib/kadm5/logger.c (krb5_klog_init): Save the krb5_context pointer.
(klog_com_err_proc): Use it, and call new error-message API.
* lib/kadm5/srv/svr_principal.c: Use new error-message API.
* kadmin/dbutil/kdb5_util.c (extended_com_err_fn): New function.
(main): Tell com_err library to use it.

* plugins/kdb/db2: Use new error-message APIs and updated DAL
interface.

* lib/kadm5/kadm_rpc.h: Delete err_str fields.
* lib/kadm5/kadm_rpc_xdr.c: Don't process them.
* kadmin/server/server_stubs.c: Don't use ret.err_str field.

* include/k5-thread.h (k5_key_t): Deleted unused values.

* lib/kdb/kdb5.h (KDB_MODULE_SECTION): Change db_modules to dbmodules.
(KDB_MODULE_DEF_SECTION): New macro.
* tests/Makefile.in (krb5.conf): Rename db_modules to dbmodules.
* tests/dejagnu/config/default.exp (setup_krb5_conf): Likewise.
* kadmin/testing/proto/krb5.conf.proto: Likewise.

* lib/kdb/libkdb5.exports: Do export krb5_def_store_mkey.

* lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED): New macros.
(struct _kadm5_config_params): New field kpasswd_server.

* lib/krb5/error_tables/kdb5_err.et (KRB5_KDB_SERVER_INTERNAL_ERR):
New error code.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17899 dc483132-0cff-0310-8789-dd5450dbe970

41 files changed:
src/include/k5-thread.h
src/include/kdb.h
src/kadmin/cli/kadmin.c
src/kadmin/dbutil/dump.c
src/kadmin/dbutil/kdb5_stash.c
src/kadmin/dbutil/kdb5_util.c
src/kadmin/server/ovsec_kadmd.c
src/kadmin/server/schpw.c
src/kadmin/server/server_stubs.c
src/kadmin/testing/proto/krb5.conf.proto
src/kdc/do_as_req.c
src/kdc/do_tgs_req.c
src/kdc/kdc_preauth.c
src/kdc/main.c
src/lib/kadm5/admin.h
src/lib/kadm5/clnt/Makefile.in
src/lib/kadm5/clnt/client_principal.c
src/lib/kadm5/clnt/clnt_policy.c
src/lib/kadm5/clnt/clnt_privs.c
src/lib/kadm5/clnt/err_handle.c [deleted file]
src/lib/kadm5/clnt/err_handle.h [deleted file]
src/lib/kadm5/kadm_rpc.h
src/lib/kadm5/kadm_rpc_xdr.c
src/lib/kadm5/logger.c
src/lib/kadm5/srv/server_init.c
src/lib/kadm5/srv/server_misc.c
src/lib/kadm5/srv/svr_policy.c
src/lib/kadm5/srv/svr_principal.c
src/lib/kdb/Makefile.in
src/lib/kdb/err_handle.c [deleted file]
src/lib/kdb/err_handle.h [deleted file]
src/lib/kdb/kdb5.c
src/lib/kdb/kdb5.h
src/lib/kdb/libkdb5.exports
src/lib/krb5/error_tables/kdb5_err.et
src/plugins/kdb/db2/Makefile.in
src/plugins/kdb/db2/db2_exp.c
src/plugins/kdb/db2/kdb_db2.c
src/plugins/kdb/db2/kdb_db2.h
src/tests/Makefile.in
src/tests/dejagnu/config/default.exp

index d308cfc7fa1fbb5ba2eb5c1a80923eedb8bf73b0..5373f836ade3dbffa5b4b8edf7b3aae171db492a 100644 (file)
@@ -760,8 +760,6 @@ typedef enum {
     K5_KEY_COM_ERR,
     K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME,
     K5_KEY_GSS_KRB5_CCACHE_NAME,
-    K5_KEY_KDB_ERR_HANDLER,
-    K5_KEY_KADM_CLNT_ERR_HANDLER,
     K5_KEY_MAX
 } k5_key_t;
 /* rename shorthand symbols for export */
index c8327657fcd20e4d7328b3f6ca5a787919e6e7df..694c6f1c73000f605b9be4b1b8016af52e65e0fa 100644 (file)
@@ -122,6 +122,7 @@ typedef struct _krb5_keysalt {
 typedef struct _krb5_db_entry_new {
     krb5_magic                   magic;                /* NOT saved */
     krb5_ui_2            len;                  
+    krb5_ui_4             mask;                 /* members currently changed/set */    
     krb5_flags                   attributes;
     krb5_deltat                  max_life;
     krb5_deltat                  max_renewable_life;
@@ -158,7 +159,6 @@ typedef struct __krb5_key_salt_tuple {
     krb5_int32         ks_salttype;
 } krb5_key_salt_tuple;
 
-
 #define        KRB5_KDB_MAGIC_NUMBER           0xdbdbdbdb
 #define KRB5_KDB_V1_BASE_LENGTH                38
   
@@ -205,6 +205,22 @@ extern char *krb5_mkey_pwd_prompt2;
 #define KRB5_KDB_OPEN_RW                0
 #define KRB5_KDB_OPEN_RO                1
 
+#ifndef KRB5_KDB_SRV_TYPE_KDC
+#define KRB5_KDB_SRV_TYPE_KDC           0x0100        
+#endif
+
+#ifndef KRB5_KDB_SRV_TYPE_ADMIN
+#define KRB5_KDB_SRV_TYPE_ADMIN         0x0200  
+#endif
+
+#ifndef KRB5_KDB_SRV_TYPE_PASSWD
+#define KRB5_KDB_SRV_TYPE_PASSWD        0x0300
+#endif
+
+#ifndef KRB5_KDB_SRV_TYPE_OTHER
+#define KRB5_KDB_SRV_TYPE_OTHER         0x0400  
+#endif
+
 #define KRB5_KDB_OPT_SET_DB_NAME        0
 #define KRB5_KDB_OPT_SET_LOCK_MODE      1
 
@@ -373,6 +389,7 @@ krb5_dbe_cpw( krb5_context    kcontext,
              krb5_boolean        keepold,
              krb5_db_entry     * db_entry);
 
+
 krb5_error_code
 krb5_dbe_ark( krb5_context       context,
              krb5_keyblock       * master_key,
@@ -396,7 +413,6 @@ krb5_dbe_apw( krb5_context    context,
              char              * passwd,
              krb5_db_entry     * db_entry);
 
-
 /* default functions. Should not be directly called */
 /*
  *   Default functions prototype
@@ -448,7 +464,6 @@ krb5_dbe_def_cpw( krb5_context        context,
                  krb5_boolean    keepold,
                  krb5_db_entry * db_entry);
 
-
 krb5_error_code 
 krb5_db_create_policy( krb5_context kcontext, 
                       osa_policy_ent_t policy);
@@ -477,9 +492,8 @@ void
 krb5_db_free_policy( krb5_context kcontext, 
                     osa_policy_ent_t policy);
 
-void krb5_db_clr_error(void);
-
 #define KRB5_KDB_DEF_FLAGS     0
 
 #endif /* !defined(_WIN32) */
+
 #endif /* KRB5_KDB5__ */
index 7d950fc2675023de8990e6cc97e3b1c5fcaa52f0..b24b98ed1382ed5cc6ba925563af75139f663d3b 100644 (file)
@@ -173,6 +173,17 @@ kadmin_parse_name(name, principal)
     return retval;
 }
 
+static void extended_com_err_fn (const char *myprog, errcode_t code,
+                                const char *fmt, va_list args)
+{
+    const char *emsg;
+    emsg = krb5_get_error_message (context, code);
+    fprintf (stderr, "%s: %s ", myprog, emsg);
+    krb5_free_error_message (context, emsg);
+    vfprintf (stderr, fmt, args);
+    fprintf (stderr, "\n");
+}
+
 char *kadmin_startup(argc, argv)
     int argc;
     char *argv[];
@@ -195,6 +206,10 @@ char *kadmin_startup(argc, argv)
     memset((char *) &params, 0, sizeof(params));
     
     retval = krb5_init_context(&context);
+
+    if (strcmp (whoami, "kadmin.local") == 0)
+       set_com_err_hook(extended_com_err_fn);
+
     if (retval) {
         com_err(whoami, retval, "while initializing krb5 library");
         exit(1);
index 9e2394a9f87eb44ac0225da329de20f454995010..058dd544054f8a0cdb7c8bfe2577b07f3466ee2d 100644 (file)
@@ -2268,7 +2268,8 @@ load_db(argc, argv)
     /*
      * Initialize the database.
      */
-    if ((kret = krb5_db_open(kcontext, db5util_db_args, KRB5_KDB_OPEN_RW))) {
+    if ((kret = krb5_db_open(kcontext, db5util_db_args, 
+                            KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER))) {
        fprintf(stderr, dbinit_err_fmt,
                programname, error_message(kret));
        exit_status++;
index 09bea215181ee0ea28569b6476e2021e7479fefd..884fa045c8ba6fb8d004deff365698e8e95ac7cc 100644 (file)
@@ -134,7 +134,8 @@ kdb5_stash(argc, argv)
        exit_status++; return; 
     }
 
-    retval = krb5_db_open(context, db5util_db_args, KRB5_KDB_OPEN_RW);
+    retval = krb5_db_open(context, db5util_db_args, 
+                         KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
     if (retval) {
        com_err(argv[0], retval, "while initializing the database '%s'",
                dbname);
index 42201a91341dfeb864dcf3c35c02a18cea14c6ca..0b1a4d0eba2d10026560a27e7a870607c8a8ac41 100644 (file)
@@ -145,6 +145,17 @@ static struct _cmd_table *cmd_lookup(name)
 char **db5util_db_args = NULL;
 int    db5util_db_args_size = 0;
      
+static void extended_com_err_fn (const char *myprog, errcode_t code,
+                                const char *fmt, va_list args)
+{
+    const char *emsg;
+    emsg = krb5_get_error_message (util_context, code);
+    fprintf (stderr, "%s: %s ", myprog, emsg);
+    krb5_free_error_message (util_context, emsg);
+    vfprintf (stderr, fmt, args);
+    fprintf (stderr, "\n");
+}
+
 int main(argc, argv)
     int argc;
     char *argv[];
@@ -156,6 +167,7 @@ int main(argc, argv)
     krb5_error_code retval;
 
     retval = krb5_init_context(&util_context);
+    set_com_err_hook(extended_com_err_fn);
     if (retval) {
            com_err (progname, retval, "while initializing Kerberos code");
            exit(1);
@@ -365,7 +377,8 @@ static int open_db_and_mkey()
     dbactive = FALSE;
     valid_master_key = 0;
 
-    if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) {
+    if ((retval = krb5_db_open(util_context, db5util_db_args, 
+                              KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER))) {
        com_err(progname, retval, "while initializing database");
        exit_status++;
        return(1);
index 9acb95d1b3b64b9e01e6fcdafd01bc6d6db66405..6950ff1a7fb940f089b0ff0b491f4cd197f72bcc 100644 (file)
@@ -216,6 +216,7 @@ int main(int argc, char *argv[])
      kadm5_config_params params;
      char **db_args      = NULL;
      int    db_args_size = 0;
+     char *errmsg;
 
      setvbuf(stderr, NULL, _IONBF, 0);
 
@@ -305,7 +306,7 @@ int main(int argc, char *argv[])
           ret = krb5_c_random_os_entropy(context, 1, NULL);
          if(ret) {
            krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting",
-                            error_message(ret));
+                            krb5_get_error_message (context, ret));
            exit(1);
          }
          
@@ -314,9 +315,8 @@ int main(int argc, char *argv[])
                          KADM5_STRUCT_VERSION,
                          KADM5_API_VERSION_2,
                          db_args,
-                         &global_server_handle)) != 
-       KADM5_OK) {
-        const char *e_txt = error_message(ret);
+                    &global_server_handle)) != KADM5_OK) {
+         const char *e_txt = krb5_get_error_message (context, ret);
          krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting",
                 e_txt);
          fprintf(stderr, "%s: %s while initializing, aborting\n",
@@ -332,7 +332,7 @@ int main(int argc, char *argv[])
      
      if ((ret = kadm5_get_config_params(context, NULL, NULL, &params,
                                        &params))) {
-        const char *e_txt = error_message(ret);
+         const char *e_txt = krb5_get_error_message (context, ret);
          krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting",
                           whoami, e_txt);
          fprintf(stderr, "%s: %s while initializing, aborting\n",
@@ -362,7 +362,7 @@ int main(int argc, char *argv[])
      addr.sin_port = htons(params.kadmind_port);
 
      if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-        const char *e_txt = error_message(errno);
+         const char *e_txt = krb5_get_error_message (context, ret);
          krb5_klog_syslog(LOG_ERR, "Cannot create TCP socket: %s",
                           e_txt);
          fprintf(stderr, "Cannot create TCP socket: %s",
@@ -373,10 +373,10 @@ int main(int argc, char *argv[])
      }
 
      if ((schpw = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
-        const char *e_txt = error_message(errno);
+        const char *e_txt = krb5_get_error_message (context, ret);
         krb5_klog_syslog(LOG_ERR,
-                          "cannot create simple chpw socket: %s",
-                          e_txt);
+                         "cannot create simple chpw socket: %s",
+                         e_txt);
         fprintf(stderr, "Cannot create simple chpw socket: %s",
                 e_txt);
         kadm5_destroy(global_server_handle);
@@ -402,18 +402,17 @@ int main(int argc, char *argv[])
                        SO_REUSEADDR,
                        (char *) &allowed,
                        sizeof(allowed)) < 0) {
-            const char *e_txt = error_message(errno);
+            const char *e_txt = krb5_get_error_message (context, ret);
             krb5_klog_syslog(LOG_ERR, "Cannot set SO_REUSEADDR: %s",
                              e_txt);
-            fprintf(stderr, "Cannot set SO_REUSEADDR: %s",
-                    e_txt);
+            fprintf(stderr, "Cannot set SO_REUSEADDR: %s", e_txt);
             kadm5_destroy(global_server_handle);
             krb5_klog_close(context);    
             exit(1);
         }
         if (setsockopt(schpw, SOL_SOCKET, SO_REUSEADDR,
                        (char *) &allowed, sizeof(allowed)) < 0) {
-            const char *e_txt = error_message(errno);
+            const char *e_txt = krb5_get_error_message (context, ret);
             krb5_klog_syslog(LOG_ERR, "main",
                              "cannot set SO_REUSEADDR on simple chpw socket: %s", 
                              e_txt);
@@ -433,12 +432,11 @@ int main(int argc, char *argv[])
 
      if (bind(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
          int oerrno = errno;
-         const char *e_txt = error_message(errno);
+         const char *e_txt = krb5_get_error_message (context, errno);
          fprintf(stderr, "%s: Cannot bind socket.\n", whoami);
          fprintf(stderr, "bind: %s\n", e_txt);
          errno = oerrno;
-         krb5_klog_syslog(LOG_ERR, "Cannot bind socket: %s",
-                          e_txt);
+         krb5_klog_syslog(LOG_ERR, "Cannot bind socket: %s", e_txt);
          if(oerrno == EADDRINUSE) {
               char *w = strrchr(whoami, '/');
               if (w) {
@@ -474,7 +472,7 @@ int main(int argc, char *argv[])
      if (bind(schpw, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
          char portbuf[32];
          int oerrno = errno;
-         const char *e_txt = error_message(errno);
+         const char *e_txt = krb5_get_error_message (context, errno);
          fprintf(stderr, "%s: Cannot bind socket.\n", whoami);
          fprintf(stderr, "bind: %s\n", e_txt);
          errno = oerrno;
@@ -566,7 +564,7 @@ int main(int argc, char *argv[])
      }
 kterr:
      if (ret) {
-         krb5_klog_syslog(LOG_ERR, "%s", error_message(ret));
+         krb5_klog_syslog(LOG_ERR, "%s", krb5_get_error_message (context, ret));
          fprintf(stderr, "%s: Can't set up keytab for RPC.\n", whoami);
          kadm5_destroy(global_server_handle);
          krb5_klog_close(context);
@@ -618,10 +616,11 @@ kterr:
      }
 
      if ((ret = kadm5int_acl_init(context, 0, params.acl_file))) {
+         errmsg = krb5_get_error_message (context, ret);
          krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s",
-                error_message(ret));
+                errmsg);
          fprintf(stderr, "%s: Cannot initialize acl file: %s\n",
-                 whoami, error_message(ret));
+                 whoami, errmsg);
          svcauth_gssapi_unset_names();
          kadm5_destroy(global_server_handle);
          krb5_klog_close(context);
@@ -630,9 +629,10 @@ kterr:
 
      if (!nofork && (ret = daemon(0, 0))) {
          ret = errno;
-         krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", error_message(ret));
+         errmsg = krb5_get_error_message (context, ret);
+         krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", errmsg);
          fprintf(stderr, "%s: Cannot detach from tty: %s\n",
-                 whoami, error_message(ret));
+                 whoami, errmsg);
          svcauth_gssapi_unset_names();
          kadm5_destroy(global_server_handle);
          krb5_klog_close(context);
@@ -851,7 +851,7 @@ void reset_db(void)
      if (ret = kadm5_flush(global_server_handle)) {
          krb5_klog_syslog(LOG_ERR, "FATAL ERROR!  %s while flushing databases.  "
                 "Databases may be corrupt!  Aborting.",
-                error_message(ret));
+                krb5_get_error_message (context, ret));
          krb5_klog_close(context);
          exit(3);
      }
@@ -1134,13 +1134,13 @@ void do_schpw(int s1, kadm5_config_params *params)
     if ((len = recvfrom(s1, req, sizeof(req), 0, (struct sockaddr *)&from,
                        &fromlen)) < 0) {
        krb5_klog_syslog(LOG_ERR, "chpw: Couldn't receive request: %s",
-                        error_message(errno));
+                        krb5_get_error_message (context, errno));
        return;
     }
 
     if ((ret = krb5_kt_resolve(context, "KDB:", &kt))) {
        krb5_klog_syslog(LOG_ERR, "chpw: Couldn't open admin keytab %s",
-                        error_message(ret));
+                        krb5_get_error_message (context, ret));
        return;
     }
 
@@ -1164,10 +1164,11 @@ void do_schpw(int s1, kadm5_config_params *params)
        interoperate if the client is single-homed. */
 
     if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+       char *errmsg = krb5_get_error_message (context, errno);
        krb5_klog_syslog(LOG_ERR, "cannot create connecting socket: %s",
-                        error_message(errno));
+                        errmsg);
        fprintf(stderr, "Cannot create connecting socket: %s",
-               error_message(errno));
+               errmsg);
        svcauth_gssapi_unset_names();
        kadm5_destroy(global_server_handle);
        krb5_klog_close(context);         
@@ -1176,7 +1177,7 @@ void do_schpw(int s1, kadm5_config_params *params)
 
     if (connect(s2, (struct sockaddr *) &from, sizeof(from)) < 0) {
        krb5_klog_syslog(LOG_ERR, "chpw: Couldn't connect to client: %s",
-                        error_message(errno));
+                        krb5_get_error_message (context, errno));
        goto cleanup;
     }
 
@@ -1184,7 +1185,7 @@ void do_schpw(int s1, kadm5_config_params *params)
                                    params->realm, s2, kt, &from,
                                    &reqdata, &repdata))) {
        krb5_klog_syslog(LOG_ERR, "chpw: Error processing request: %s", 
-                        error_message(ret));
+                        krb5_get_error_message (context, ret));
     }
 
     close(s2);
@@ -1201,7 +1202,7 @@ void do_schpw(int s1, kadm5_config_params *params)
        krb5_xfree(repdata.data);
 
        krb5_klog_syslog(LOG_ERR, "chpw: Error sending reply: %s", 
-                        error_message(errno));
+                        krb5_get_error_message (context, errno));
        goto cleanup;
     }
 
@@ -1212,4 +1213,3 @@ cleanup:
 
     return;
 }
-
index 28cf75c2f84ac5b2f4b9fd90039d3a551828ed50..b30c2d536cdb655bbfac8225818662b32a1797cb 100644 (file)
@@ -260,7 +260,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin,
 
     krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %s: %s",
                     inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr),
-                    clientstr, ret ? error_message(ret) : "success");
+                    clientstr, ret ? krb5_get_error_message (context, ret) : "success");
     krb5_free_unparsed_name(context, clientstr);
 
     if (ret) {
index c26ed697befcd4c8f9c5c348a598032b108eac68..ee5d653cdb3ed2e8a3a494fb4e63efdf7674d3e8 100644 (file)
@@ -246,6 +246,7 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
     OM_uint32                  minor_stat;
     kadm5_server_handle_t      handle;
     restriction_t              *rp;
+    char                       *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -282,17 +283,15 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
                                                &arg->rec, arg->mask,
                                                arg->passwd);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
-               prime_arg, ret.err_str,
+               prime_arg, errmsg,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
 
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
         /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
@@ -301,17 +300,6 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &service_name);
 
  exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -324,6 +312,7 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
     OM_uint32                  minor_stat;
     kadm5_server_handle_t      handle;
     restriction_t              *rp;
+    char                        *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -362,17 +351,15 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
                                             arg->ks_tuple,
                                             arg->passwd);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
-               prime_arg, ret.err_str, 
+               prime_arg, errmsg,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
 
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
         /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
@@ -380,17 +367,6 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -403,6 +379,7 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -435,17 +412,15 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
     } else {
         ret.code = kadm5_delete_principal((void *)handle, arg->princ);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
-        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", prime_arg, 
-                ret.err_str,
-               client_name.value, service_name.value,
-               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal",
+                         prime_arg, errmsg,
+                         client_name.value, service_name.value,
+                         inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
 
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
         /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free(prime_arg);
@@ -453,17 +428,6 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
  exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
 
     return &ret;
 }
@@ -478,6 +442,7 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
     restriction_t                  *rp;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -511,17 +476,15 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
         ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
                                                arg->mask);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal",
-               prime_arg, ret.err_str,
-               client_name.value, service_name.value,
-               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+                         prime_arg, errmsg,
+                         client_name.value, service_name.value,
+                         inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
 
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
         /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
@@ -529,17 +492,6 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -555,6 +507,7 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
     OM_uint32                  minor_stat;
     kadm5_server_handle_t      handle;
     restriction_t              *rp;
+    char                        *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -600,18 +553,14 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
         ret.code = kadm5_rename_principal((void *)handle, arg->src,
                                                arg->dest);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal",
-               prime_arg, ret.err_str,
+               prime_arg, errmsg,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg1);
@@ -619,17 +568,6 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -643,6 +581,7 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_gprinc_ret, &ret);
 
@@ -693,36 +632,22 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
         }
         
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
                prime_arg,  
-               ret.err_str,
+               errmsg,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
 
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -735,6 +660,7 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_gprincs_ret, &ret);
 
@@ -770,35 +696,21 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
                                               arg->exp, &ret.princs,
                                               &ret.count);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals",
                prime_arg,  
-               ret.err_str,
+               errmsg,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
 
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -811,6 +723,7 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -850,18 +763,14 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", 
-              prime_arg, ret.err_str,
+              prime_arg, errmsg,
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
@@ -869,17 +778,6 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -892,6 +790,7 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -937,18 +836,14 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
        if( ret.code == 0 )
-           ret.err_str = "success";
+            errmsg = "success";
        else
-           ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", 
-              prime_arg, ret.err_str
+              prime_arg, errmsg
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-       /* xdr free frees this string. so make a copy */
-       ret.err_str = strdup( ret.err_str ); 
-       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
@@ -956,17 +851,6 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -979,6 +863,7 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -1015,18 +900,14 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
 
     if(ret.code != KADM5_AUTH_SETKEY) {
        if( ret.code == 0 )
-           ret.err_str = "success";
+            errmsg = "success";
        else
-           ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", 
-              prime_arg, ret.err_str
+              prime_arg, errmsg
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-       /* xdr free frees this string. so make a copy */
-       ret.err_str = strdup( ret.err_str ); 
-       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
@@ -1034,17 +915,6 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -1057,6 +927,7 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -1093,18 +964,14 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
 
     if(ret.code != KADM5_AUTH_SETKEY) {
        if( ret.code == 0 )
-           ret.err_str = "success";
+           errmsg = "success";
        else
-           ret.err_str = error_message(ret.code);
+           errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", 
-              prime_arg, ret.err_str
+              prime_arg, errmsg
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-       /* xdr free frees this string. so make a copy */
-       ret.err_str = strdup( ret.err_str ); 
-       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
@@ -1112,17 +979,6 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -1135,6 +991,7 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -1174,18 +1031,14 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
 
     if(ret.code != KADM5_AUTH_SETKEY) {
        if( ret.code == 0 )
-           ret.err_str = "success";
+           errmsg = "success";
        else
-           ret.err_str = error_message(ret.code);
+           errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", 
-              prime_arg, ret.err_str
+              prime_arg, errmsg
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-       /* xdr free frees this string. so make a copy */
-       ret.err_str = strdup( ret.err_str ); 
-       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
@@ -1193,17 +1046,6 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -1218,6 +1060,7 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
                                service_name;
     OM_uint32                  minor_stat;
     kadm5_server_handle_t      handle;
+    char                        *errmsg;
 
     xdr_free(xdr_chrand_ret, &ret);
 
@@ -1272,35 +1115,20 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
        if( ret.code == 0 )
-           ret.err_str = "success";
+           errmsg = "success";
        else
-           ret.err_str = error_message(ret.code);
+           errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-              prime_arg, ret.err_str
+              prime_arg, errmsg
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-       /* xdr free frees this string. so make a copy */
-       ret.err_str = strdup( ret.err_str ); 
-       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -1315,6 +1143,7 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
                                service_name;
     OM_uint32                  minor_stat;
     kadm5_server_handle_t      handle;
+    char                        *errmsg;
 
     xdr_free(xdr_chrand_ret, &ret);
 
@@ -1374,35 +1203,20 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
        if( ret.code == 0 )
-           ret.err_str = "success";
+           errmsg = "success";
        else
-           ret.err_str = error_message(ret.code);
+           errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-              prime_arg, ret.err_str
+              prime_arg, errmsg
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -1415,6 +1229,7 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;    
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -1446,35 +1261,20 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
         ret.code = kadm5_create_policy((void *)handle, &arg->rec,
                                             arg->mask);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy",
                ((prime_arg == NULL) ? "(null)" : prime_arg),
-               ret.err_str
+               errmsg
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));   
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -1487,6 +1287,7 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;    
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -1516,35 +1317,20 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
     } else {
         ret.code = kadm5_delete_policy((void *)handle, arg->name);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy",
                ((prime_arg == NULL) ? "(null)" : prime_arg),
-               ret.err_str
+               errmsg
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));   
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -1557,6 +1343,7 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;    
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_generic_ret, &ret);
 
@@ -1587,35 +1374,20 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
         ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
                                             arg->mask);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy",
                ((prime_arg == NULL) ? "(null)" : prime_arg),       
-               ret.err_str
+               errmsg
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));  
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -1631,6 +1403,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
     kadm5_policy_ent_t e;
     kadm5_principal_ent_rec    caller_ent;
     kadm5_server_handle_t      handle;
+    char                        *errmsg;
 
     xdr_free(xdr_gpol_ret,  &ret);
 
@@ -1687,19 +1460,15 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
         }
         
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
                ((prime_arg == NULL) ? "(null)" : prime_arg),
-               ret.err_str
+               errmsg
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));   
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     } else {
         krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
                prime_arg, client_name.value, service_name.value,
@@ -1709,17 +1478,6 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 
 }
@@ -1733,6 +1491,7 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
                                    service_name;
     OM_uint32                      minor_stat;
     kadm5_server_handle_t          handle;
+    char                            *errmsg;
 
     xdr_free(xdr_gpols_ret, &ret);
 
@@ -1766,35 +1525,20 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
                                               arg->exp, &ret.pols,
                                               &ret.count);
         if( ret.code == 0 )
-            ret.err_str = "success";
+            errmsg = "success";
         else
-            ret.err_str = error_message(ret.code);
+            errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies",
                prime_arg,  
-               ret.err_str
+               errmsg
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
     return &ret;
 }
 
@@ -1804,6 +1548,7 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
      gss_buffer_desc               client_name, service_name;
      OM_uint32                     minor_stat;
      kadm5_server_handle_t         handle;
+     char                           *errmsg;
 
      xdr_free(xdr_getprivs_ret, &ret);
 
@@ -1824,35 +1569,20 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
 
      ret.code = kadm5_get_privs((void *)handle, &ret.privs);
      if( ret.code == 0 )
-        ret.err_str = "success";
+        errmsg = "success";
      else
-        ret.err_str = error_message(ret.code);
+        errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
 
      krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs",
            client_name.value, 
-           ret.err_str
+           errmsg
            client_name.value, service_name.value,
            inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
 
-     /* xdr free frees this string. so make a copy */
-     ret.err_str = strdup( ret.err_str ); 
-     /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-
      free_server_handle(handle);
      gss_release_buffer(&minor_stat, &client_name);
      gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-    if( ret.err_str == NULL )
-    {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-    }
      return &ret;
 }
 
@@ -1863,6 +1593,7 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
                                service_name;
      kadm5_server_handle_t     handle;
      OM_uint32                 minor_stat;
+     char                       *errmsg = 0;
 
      xdr_free(xdr_generic_ret, &ret);
 
@@ -1879,11 +1610,13 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
          goto exit_func;
      }
 
+     if (ret.code != 0)
+        errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
      krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d",
            (ret.api_version == KADM5_API_VERSION_1 ?
             "kadm5_init (V1)" : "kadm5_init"),
            client_name.value,
-           (ret.code == 0) ? "success" : error_message(ret.code),
+           (ret.code == 0) ? "success" : errmsg,
            client_name.value, service_name.value,
            inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
            rqstp->rq_cred.oa_flavor);
@@ -1891,17 +1624,6 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
      gss_release_buffer(&minor_stat, &service_name);
            
 exit_func:
-     if( ret.err_str == NULL )
-     {
-        if( ret.code == 0 )
-            ret.err_str = "success";
-        else
-            ret.err_str = error_message(ret.code);
-
-        /* xdr free frees this string. so make a copy */
-        ret.err_str = strdup( ret.err_str ); 
-        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
-     }
      return(&ret);
 }
 
index 465720dbb2b353987f0e34638a0cad522ce13777..9fe7ec1245ba96a55a1542620c3a2f40c4b10728 100644 (file)
@@ -22,7 +22,7 @@
 
 
 # THIS SHOULD BE IN KDC.CONF INSTEAD!
-[db_modules]
+[dbmodules]
        db_module_dir = __MODDIR__
        foobar_db2_module_blah = {
                db_library = db2
index 2916cfee0721717d80b485bb80c618e9b8b4d5ca..1523d1f80e53b7b7ffc4d27312b65010962f41f0 100644 (file)
@@ -427,17 +427,18 @@ process_as_req(krb5_kdc_req *request, const krb5_fulladdr *from,
 #endif /* KRBCONF_KDC_MODIFIES_KDB */
 
 errout:
-    if (status)
+    if (status) {
         krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s",
                         ktypestr,
               fromstring, status, 
               cname ? cname : "<unknown client>",
               sname ? sname : "<unknown server>",
               errcode ? ", " : "",
-              errcode ? error_message(errcode) : "");
+              errcode ? krb5_get_error_message (kdc_context, errcode) : "");
+    }
     if (errcode) {
        if (status == 0)
-           status = error_message (errcode);
+           status = krb5_get_error_message (kdc_context, errcode);
        errcode -= ERROR_TABLE_BASE_krb5;
        if (errcode < 0 || errcode > 128)
            errcode = KRB_ERR_GENERIC;
index d85d4b58cdc69ccc542dd74553e1d78502a3e6da..7f8f265a8ec30402af21aeba543425c339a44f2c 100644 (file)
@@ -509,7 +509,7 @@ tgt_again:
                              sname ? sname : "<unknown server>",
                              enc_tkt_reply.transited.tr_contents.length,
                              enc_tkt_reply.transited.tr_contents.data,
-                             error_message (errcode));
+                             krb5_get_error_message(kdc_context, errcode));
     } else
        krb5_klog_syslog (LOG_INFO, "not checking transit path");
     if (reject_bad_transit
@@ -655,12 +655,12 @@ cleanup:
                         cname ? cname : "<unknown client>",
                         sname ? sname : "<unknown server>",
                         errcode ? ", " : "",
-                        errcode ? error_message(errcode) : "");
+                        errcode ? krb5_get_error_message (kdc_context, errcode) : "");
     }
     
     if (errcode) {
        if (status == 0)
-           status = error_message (errcode);
+           status = krb5_get_error_message (kdc_context, errcode);
        errcode -= ERROR_TABLE_BASE_krb5;
        if (errcode < 0 || errcode > 128)
            errcode = KRB_ERR_GENERIC;
index d5698ebf872c6c0c5acd9bcbf28559da8c2879c8..48a6a6a7c543f0e85ef2665b787efa5eb03a28fa 100644 (file)
@@ -371,7 +371,8 @@ check_padata (krb5_context context, krb5_db_entry *client,
                                       enc_tkt_reply, *padata);
        if (retval) {
            krb5_klog_syslog (LOG_INFO, "preauth (%s) verify failure: %s",
-                             pa_sys->name, error_message (retval));
+                             pa_sys->name,
+                             krb5_get_error_message (context, retval));
            if (pa_sys->flags & PA_REQUIRED) {
                pa_ok = 0;
                break;
@@ -394,9 +395,10 @@ check_padata (krb5_context context, krb5_db_entry *client,
         !isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH))
        return 0;
 
-    if (!pa_found)
+    if (!pa_found) {
        krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s",
-                         error_message (retval));
+                         krb5_get_error_message(context, retval));
+    }
 /* The following switch statement allows us
  * to return some preauth system errors back to the client.
  */
index c5ecdec7aa33a3fbd2d305f770087bf9312f7a64..d03b81e0390ff0fc2b46be03e2406d8634210cd2 100644 (file)
@@ -240,9 +240,11 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm,
 
     /* first open the database  before doing anything */
 #ifdef KRBCONF_KDC_MODIFIES_KDB    
-    if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RW))) {
+    if ((kret = krb5_db_open(rdp->realm_context, db_args, 
+                            KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_KDC))) {
 #else
-    if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RO))) {
+    if ((kret = krb5_db_open(rdp->realm_context, db_args, 
+                            KRB5_KDB_OPEN_RO | KRB5_KDB_SRV_TYPE_KDC))) {
 #endif
        com_err(progname, kret,
                "while initializing database for realm %s", realm);
@@ -590,7 +592,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
            com_err(argv[0], retval,
                    "while attempting to retrieve default realm");
            fprintf (stderr, "%s: %s, attempting to retrieve default realm\n",
-                    argv[0], error_message (retval));
+                    argv[0], krb5_get_error_message(kcontext, retval));
            exit(1);
        }
        if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
index 3ce01c7f3d4c6b62c6acb8b41ccaec3faf67e07f..f184ea43f8acf6e19433690adef3fe04b70a133c 100644 (file)
@@ -123,7 +123,6 @@ typedef long                kadm5_ret_t;
 #define KADM5_CONFIG_OLD_AUTH_GSSAPI   0x100000
 #define KADM5_CONFIG_NO_AUTH           0x200000
 #define KADM5_CONFIG_AUTH_NOFALLBACK   0x400000
-
 /*
  * permission bits
  */
index 136607f43dffb881adb94cc1c7807903369b5ff6..86be9de9a2137fe922ef698d68424d4172793a1d 100644 (file)
@@ -28,7 +28,6 @@ SRCS =        $(srcdir)/clnt_policy.c \
        $(srcdir)/client_principal.c \
        $(srcdir)/client_init.c \
        $(srcdir)/clnt_privs.c \
-       $(srcdir)/err_handle.c \
        $(srcdir)/clnt_chpass_util.c
 
 OBJS = \
@@ -37,7 +36,6 @@ OBJS =        \
        client_principal.$(OBJEXT) \
        client_init.$(OBJEXT) \
        clnt_privs.$(OBJEXT) \
-       err_handle.$(OBJEXT) \
        clnt_chpass_util.$(OBJEXT)
 
 STLIBOBJS = \
@@ -46,11 +44,8 @@ STLIBOBJS = \
        client_principal.o \
        client_init.o \
        clnt_privs.o \
-       err_handle.o \
        clnt_chpass_util.o
 
-err_handle.o : err_handle.h err_handle.c
-
 all-unix:: includes
 all-unix:: all-liblinks
 all-windows:: $(OBJS)
@@ -95,7 +90,7 @@ clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
   $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  client_internal.h clnt_policy.c err_handle.h
+  client_internal.h clnt_policy.c
 client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/auth_gss.h \
@@ -120,7 +115,7 @@ client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
   $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  client_internal.h client_principal.c err_handle.h
+  client_internal.h client_principal.c
 client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/auth.h \
@@ -151,10 +146,7 @@ clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
   $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  client_internal.h clnt_privs.c err_handle.h
-err_handle.so err_handle.po $(OUTPRE)err_handle.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) err_handle.c err_handle.h
+  client_internal.h clnt_privs.c
 clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/auth_gss.h \
index 735d2bfc98122d9a24c35803c0e8bf9d4a15dba5..7b65331faff7ab525b900c98abbdd7fe721f15f7 100644 (file)
@@ -16,7 +16,6 @@ static char *rcsid = "$Header$";
 #endif
 #include    <errno.h>
 #include    "client_internal.h"
-#include    "err_handle.h"
 
 #ifdef DEBUG
 #define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0)
@@ -256,11 +255,6 @@ kadm5_get_principal(void *server_handle,
              memcpy(ent, &r->rec, sizeof(r->rec));
     }
     
-
-    if(r->code)
-    {
-       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-    }
     return r->code;
 }
 
@@ -289,10 +283,6 @@ kadm5_get_principals(void *server_handle,
         *princs = NULL;
     }
     
-    if(r->code)
-    {
-       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-    }
     return r->code;
 }
 
@@ -494,11 +484,6 @@ kadm5_randkey_principal_3(void *server_handle,
          }
     }
 
-    if(r->code)
-    {
-       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-    }
-
     return r->code;
 }
 
@@ -547,11 +532,6 @@ kadm5_randkey_principal(void *server_handle,
          }
     }
 
-    if(r->code)
-    {
-       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-    }
-
     return r->code;
 }
 
index b1157d1e719e0a90b5eba6ee7afdb017b1fdcbd0..6877ec388dd939bdb92c1be51bbc1277694a651c 100644 (file)
@@ -15,7 +15,6 @@ static char *rcsid = "$Header$";
 #include       <stdlib.h>
 #include       <string.h>
 #include       <errno.h>
-#include    "err_handle.h"
 
 kadm5_ret_t
 kadm5_create_policy(void *server_handle,
@@ -37,10 +36,6 @@ kadm5_create_policy(void *server_handle,
     if(r == NULL)
        return KADM5_RPC_ERROR;    
 
-    if(r->code)
-    {
-       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-    }
     return r->code;
 }
 
@@ -63,10 +58,6 @@ kadm5_delete_policy(void *server_handle, char *name)
     if(r == NULL)
        return KADM5_RPC_ERROR;    
 
-    if(r->code)
-    {
-       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-    }
     return r->code;
 }
 
@@ -91,10 +82,6 @@ kadm5_modify_policy(void *server_handle,
     if(r == NULL)
        return KADM5_RPC_ERROR;    
 
-    if(r->code)
-    {
-       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-    }
     return r->code;
 }
 
@@ -133,10 +120,6 @@ kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent)
              memcpy(ent, &r->rec, sizeof(r->rec));
     }
         
-    if(r->code)
-    {
-       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-    }
     return r->code;
 }
 
@@ -165,9 +148,5 @@ kadm5_get_policies(void *server_handle,
         *pols = NULL;
     }
     
-    if(r->code)
-    {
-       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-    }
     return r->code;
 }
index e594080a8a6031d57cc5b21959140033a2e0caf9..204fd90754f8f2a864440041fd62edffee6979cf 100644 (file)
@@ -79,7 +79,6 @@ static char *rcsid = "$Header$";
 #include    <kadm5/admin.h>
 #include    <kadm5/kadm_rpc.h>
 #include    "client_internal.h"
-#include    "err_handle.h"
 
 kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs)
 {
@@ -92,9 +91,5 @@ kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs)
      else if (r->code == KADM5_OK)
          *privs = r->privs;
 
-     if(r->code)
-     {
-        krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
-     }
      return r->code;
 }
diff --git a/src/lib/kadm5/clnt/err_handle.c b/src/lib/kadm5/clnt/err_handle.c
deleted file mode 100644 (file)
index 9db4611..0000000
+++ /dev/null
@@ -1,202 +0,0 @@
-/**********************************************************************
-*
-*      C %name:                err_handle.c %
-*      Instance:               idc_sec_1
-*      Description:    
-*      %created_by:    spradeep %
-*      %date_created:  Thu Apr  7 15:36:27 2005 %
-*
-**********************************************************************/
-#ifndef lint
-static char *_csrc =
-    "@(#) %filespec: err_handle.c~1 %  (%full_filespec: err_handle.c~1:csrc:idc_sec#2 %)";
-#endif
-
-/* This file should be ideally be in util/et.  But, for now thread
-   safety requirement stops me from putting there.  If I do, then all
-   the applications have to link to pthread.  */
-
-#include "autoconf.h"
-/* XXX This file doesn't build multithreaded at the moment.  */
-#undef HAVE_PTHREAD_H
-
-#ifdef HAVE_PTHREAD_H
-#include <pthread.h>
-#endif
-#include "err_handle.h"
-#include <assert.h>
-#include <string.h>
-
-#ifdef NOVELL
-krb5_errcode_2_string_func old_error_2_string = NULL;
-#endif
-
-typedef struct
-{
-    char    krb5_err_str[KRB5_MAX_ERR_STR + 1];
-    long    err_code;
-    krb5_err_subsystem subsystem;
-    krb5_context kcontext;
-} krb5_err_struct_t;
-
-#ifdef HAVE_PTHREAD_H
-static void
-tsd_key_destructor(void *data)
-{
-    free(data);
-}
-
-static void
-init_err_handling(void)
-{
-    assert(!k5_key_register(K5_KEY_KADM_CLNT_ERR_HANDLER, tsd_key_destructor));
-#ifdef NOVELL
-    old_error_2_string = error_message;
-    error_message = krb5_get_err_string;
-#endif
-}
-
-static pthread_once_t krb5_key_create = PTHREAD_ONCE_INIT;
-
-krb5_error_code
-krb5_set_err(krb5_context kcontext, krb5_err_subsystem subsystem,
-            long err_code, char *str)
-{
-    int     ret;
-    krb5_err_struct_t *err_struct;
-    pthread_once(&krb5_key_create, init_err_handling);
-
-    err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KADM_CLNT_ERR_HANDLER);
-    if (err_struct == NULL) {
-       err_struct = calloc(sizeof(krb5_err_struct_t), 1);
-       if (err_struct == NULL)
-           return ENOMEM;
-
-       if ((ret = k5_setspecific(K5_KEY_KADM_CLNT_ERR_HANDLER, err_struct))) {
-           free(err_struct);
-           return ret;
-       }
-    }
-
-    err_struct->subsystem = subsystem;
-    err_struct->err_code = err_code;
-    err_struct->kcontext = kcontext;
-    if (err_struct->subsystem == krb5_err_have_str) {
-       strncpy(err_struct->krb5_err_str, str,
-               sizeof(err_struct->krb5_err_str));
-       err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0';
-    }
-
-    return 0;
-}
-
-const char *KRB5_CALLCONV
-krb5_get_err_string(long err_code)
-{
-    krb5_err_struct_t *err_struct;
-    pthread_once(&krb5_key_create, init_err_handling);
-
-    err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KADM_CLNT_ERR_HANDLER);
-    if (err_struct && (err_struct->subsystem == krb5_err_have_str)
-       && (err_code == err_struct->err_code)) {
-       /* checking error code is for safety.
-          In case, the caller ignores a database error and calls
-          other calls before doing com_err.  Though not perfect,
-          caller should call krb5_clr_error before this.  */
-       err_struct->subsystem = krb5_err_unknown;
-       return err_struct->krb5_err_str;
-    }
-
-    /* Error strings are not generated here. the remaining two cases
-       are handled by the default error string convertor.  */
-#ifdef NOVELL
-    return old_error_2_string(err_code);
-#else
-    return error_message(err_code);
-#endif
-}
-
-void
-krb5_clr_error()
-{
-    krb5_err_struct_t *err_struct;
-    pthread_once(&krb5_key_create, init_err_handling);
-
-    err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KADM_CLNT_ERR_HANDLER);
-    if (err_struct)
-       err_struct->subsystem = krb5_err_unknown;
-}
-
-#else
-krb5_err_struct_t krb5_err = { {0}, 0, 0, 0 };
-krb5_boolean krb5_init_once = TRUE;
-
-static void
-init_err_handling(void)
-{
-    if (krb5_init_once) {
-#ifdef NOVELL
-       old_error_2_string = error_message;
-       error_message = krb5_get_err_string;
-#endif
-       krb5_init_once = FALSE;
-    }
-}
-
-krb5_error_code
-krb5_set_err(krb5_context kcontext, krb5_err_subsystem subsystem,
-            long err_code, char *str)
-{
-    krb5_err_struct_t *err_struct = &krb5_err;
-
-    init_err_handling();       /* takes care for multiple inits */
-
-    err_struct->subsystem = subsystem;
-    err_struct->err_code = err_code;
-    err_struct->kcontext = kcontext;
-    if (err_struct->subsystem == krb5_err_have_str) {
-       strncpy(err_struct->krb5_err_str, str,
-               sizeof(err_struct->krb5_err_str));
-       err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0';
-    }
-
-    return 0;
-}
-
-const char *KRB5_CALLCONV
-krb5_get_err_string(long err_code)
-{
-    krb5_err_struct_t *err_struct = &krb5_err;
-
-    init_err_handling();       /* takes care for multiple inits */
-
-    if ((err_struct->subsystem == krb5_err_have_str)
-       && (err_code == err_struct->err_code)) {
-       /* checking error code is for safety.
-          In case, the caller ignores a database error and calls
-          other calls before doing com_err.  Though not perfect,
-          caller should call krb5_clr_error before this.  */
-       err_struct->subsystem = krb5_err_unknown;
-       return err_struct->krb5_err_str;
-    }
-
-    /* It is not generated here. the remaining two cases are handled
-       by the default error string convertor.  */
-#ifdef NOVELL
-    return old_error_2_string(err_code);
-#else
-    return error_message(err_code);
-#endif
-}
-
-void
-krb5_clr_error()
-{
-    krb5_err_struct_t *err_struct = &krb5_err;
-
-    init_err_handling();       /* takes care for multiple inits */
-
-    err_struct->subsystem = krb5_err_unknown;
-}
-
-#endif
diff --git a/src/lib/kadm5/clnt/err_handle.h b/src/lib/kadm5/clnt/err_handle.h
deleted file mode 100644 (file)
index 7dea7b6..0000000
+++ /dev/null
@@ -1,38 +0,0 @@
-/**********************************************************************
-*
-*      C Header:               err_handle.h
-*      Instance:               idc_sec_1
-*      Description:    
-*      %created_by:    spradeep %
-*      %date_created:  Thu Apr  7 15:36:49 2005 %
-*
-**********************************************************************/
-#ifndef _idc_sec_1_err_handle_h_H
-#define _idc_sec_1_err_handle_h_H
-#include <com_err.h>
-#include <krb5.h>
-
-/* Everything else goes here */
-
-#define KRB5_MAX_ERR_STR 1024
-typedef enum krb5_err_subsystem {
-    krb5_err_unknown = 0, /* no error or unknown system. Has to be probed */
-    krb5_err_system,   /* error in system call */
-    krb5_err_krblib,   /* error in kerberos library call, should lookup in the error table */
-    krb5_err_have_str, /* error message is available in the string */
-    krb5_err_db                /* error is a database error, should be handled by calling DB */
-} krb5_err_subsystem;
-
-typedef krb5_error_code(*krb5_set_err_func_t) (krb5_context,
-                                              krb5_err_subsystem, long,
-                                              char *);
-
-krb5_error_code krb5_set_err(krb5_context kcontext,
-                            krb5_err_subsystem subsystem, long err_code,
-                            char *str);
-
-const char *KRB5_CALLCONV krb5_get_err_string(long err_code);
-
-void    krb5_clr_error(void);
-
-#endif
index 3d11f0916832a7db8f9fa3f2ebd5c1b28c3abce2..d793ed88c7552d7cfbb8e6e61cdd232f94322258 100644 (file)
@@ -27,7 +27,6 @@ typedef struct cprinc3_arg cprinc3_arg;
 struct generic_ret {
        krb5_ui_4 api_version;
        kadm5_ret_t code;
-        char *err_str;
 };
 typedef struct generic_ret generic_ret;
 
@@ -62,7 +61,6 @@ struct gprincs_ret {
        kadm5_ret_t code;
        char **princs;
        int count;
-        char *err_str;
 };
 typedef struct gprincs_ret gprincs_ret;
 
@@ -130,7 +128,6 @@ struct chrand_ret {
        krb5_keyblock key;
        krb5_keyblock *keys;
        int n_keys;
-        char *err_str;
 };
 typedef struct chrand_ret chrand_ret;
 
@@ -145,7 +142,6 @@ struct gprinc_ret {
        krb5_ui_4 api_version;
        kadm5_ret_t code;
        kadm5_principal_ent_rec rec;
-        char *err_str;
 };
 typedef struct gprinc_ret gprinc_ret;
 
@@ -179,7 +175,6 @@ struct gpol_ret {
        krb5_ui_4 api_version;
        kadm5_ret_t code;
        kadm5_policy_ent_rec rec;
-        char *err_str;
 };
 typedef struct gpol_ret gpol_ret;
 
@@ -194,7 +189,6 @@ struct gpols_ret {
        kadm5_ret_t code;
        char **pols;
        int count;
-        char *err_str;
 };
 typedef struct gpols_ret gpols_ret;
 
@@ -202,7 +196,6 @@ struct getprivs_ret {
        krb5_ui_4 api_version;
        kadm5_ret_t code;
        long privs;
-        char *err_str;
 };
 typedef struct getprivs_ret getprivs_ret;
 
index 346a36ea933123acf81711cef92b4be13cdfc071..aa2363c3d098a863527aca02ed6951e25b1a7669 100644 (file)
@@ -545,18 +545,6 @@ xdr_generic_ret(XDR *xdrs, generic_ret *objp)
                return (FALSE);
        }
 
-       if( xdrs->x_op == XDR_ENCODE )
-       {
-           char *tmp_str = "Unknown error code";
-           if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
-               return (FALSE);
-           }
-       } else {
-           if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
-               return (FALSE);
-           }
-       }
-
        return(TRUE);
 }
 
@@ -640,18 +628,6 @@ xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp)
          }
      }
 
-     if( xdrs->x_op == XDR_ENCODE )
-     {
-        char *tmp_str = "Unknown error code";
-        if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
-            return (FALSE);
-        }
-     } else {
-        if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
-            return (FALSE);
-        }
-     }
-
      return (TRUE);
 }
 
@@ -812,18 +788,6 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp)
             }
        }
 
-       if( xdrs->x_op == XDR_ENCODE )
-       {
-           char *tmp_str = "Unknown error code";
-           if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
-               return (FALSE);
-           }
-       } else {
-           if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
-               return (FALSE);
-           }
-       }
-
        return (TRUE);
 }
 
@@ -865,18 +829,6 @@ xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp)
             }
        }
 
-       if( xdrs->x_op == XDR_ENCODE )
-       {
-           char *tmp_str = "Unknown error code";
-           if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
-               return (FALSE);
-           }
-       } else {
-           if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
-               return (FALSE);
-           }
-       }
-
        return (TRUE);
 }
 
@@ -948,18 +900,6 @@ xdr_gpol_ret(XDR *xdrs, gpol_ret *objp)
                return (FALSE);
        }
 
-       if( xdrs->x_op == XDR_ENCODE )
-       {
-           char *tmp_str = "Unknown error code";
-           if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
-               return (FALSE);
-           }
-       } else {
-           if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
-               return (FALSE);
-           }
-       }
-
        return (TRUE);
 }
 
@@ -995,18 +935,6 @@ xdr_gpols_ret(XDR *xdrs, gpols_ret *objp)
          }
      }
 
-     if( xdrs->x_op == XDR_ENCODE )
-     {
-        char *tmp_str = "Unknown error code";
-        if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
-            return (FALSE);
-        }
-     } else {
-        if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
-            return (FALSE);
-        }
-     }
-
      return (TRUE);
 }
 
@@ -1019,18 +947,6 @@ bool_t xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp)
         ! xdr_long(xdrs, &objp->privs))
          return FALSE;
 
-     if( xdrs->x_op == XDR_ENCODE )
-     {
-        char *tmp_str = "Unknown error code";
-        if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
-            return (FALSE);
-        }
-     } else {
-        if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
-            return (FALSE);
-        }
-     }
-
      return TRUE;
 }
 
index 69f53a0a42cd764c3241682b4df145e4ba34a742..f78c7b48ebbe431a78b26431abb2fa71b3a8882c 100644 (file)
@@ -171,6 +171,7 @@ static struct log_entry     def_log_entry;
  * klog_com_err_proc() - Handle com_err(3) messages as specified by the
  *                       profile.
  */
+static krb5_context err_context;
 static void
 klog_com_err_proc(const char *whoami, long int code, const char *format, va_list ap)
 {
@@ -194,7 +195,8 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
     /* If reporting an error message, separate it. */
     if (code) {
         outbuf[sizeof(outbuf) - 1] = '\0';
-       strncat(outbuf, error_message(code), sizeof(outbuf) - 1 - strlen(outbuf));
+
+       strncat(outbuf, krb5_get_error_message (err_context, code), sizeof(outbuf) - 1 - strlen(outbuf));
        strncat(outbuf, " - ", sizeof(outbuf) - 1 - strlen(outbuf));
     }
     cp = &outbuf[strlen(outbuf)];
@@ -360,6 +362,8 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
     do_openlog = 0;
     log_facility = 0;
 
+    err_context = kcontext;
+
     /*
      * Look up [logging]-><ename> in the profile.  If that doesn't
      * succeed, then look for [logging]->default.
index dd1fe66930a8f8464c7b301e07d0b31474217a91..106d3185d6396c359d8ffd917734bba61e501571 100644 (file)
@@ -259,7 +259,8 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
          return ret;
      }
 
-    ret = krb5_db_open(handle->context, db_args, KRB5_KDB_OPEN_RW);
+    ret = krb5_db_open(handle->context, db_args, 
+                      KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
     if (ret) {
         krb5_free_context(handle->context);
         free_db_args(handle);
@@ -406,7 +407,8 @@ kadm5_ret_t kadm5_flush(void *server_handle)
      CHECK_HANDLE(server_handle);
 
      if ((ret = krb5_db_fini(handle->context)) ||
-        (ret = krb5_db_open(handle->context, handle->db_args, KRB5_KDB_OPEN_RW)) ||
+        (ret = krb5_db_open(handle->context, handle->db_args, 
+                            KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) ||
         (ret = adb_policy_close(handle)) ||
         (ret = adb_policy_init(handle))) {
          (void) kadm5_destroy(server_handle);
index f7bfd585c610dd520879aa40878337108cd41eb5..fa4e62ee4310b8687df3b936500c336de4ed0d65 100644 (file)
@@ -25,7 +25,8 @@ adb_policy_init(kadm5_server_handle_t handle)
     if( krb5_db_inited( handle->context ) )
        return KADM5_OK;
 
-    return krb5_db_open( handle->context, NULL, KRB5_KDB_OPEN_RW );
+    return krb5_db_open( handle->context, NULL, 
+                        KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN );
 }
 
 kadm5_ret_t
index 31333b73c2103ecd62782a703130b79778c704d0..d57d2f1583a3a2a046bf70f0832aa852b0f4578e 100644 (file)
@@ -47,7 +47,7 @@ kadm5_create_policy(void *server_handle,
 {
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
 
     if (mask & KADM5_REF_COUNT)
        return KADM5_BAD_MASK;
@@ -157,7 +157,7 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
 
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(handle->context);
 
     if(name == (kadm5_policy_t) NULL)
        return EINVAL;
@@ -185,7 +185,7 @@ kadm5_modify_policy(void *server_handle,
 {
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
 
     if (mask & KADM5_REF_COUNT)
        return KADM5_BAD_MASK;
@@ -266,7 +266,7 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
 
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(handle->context);
 
     /*
      * In version 1, entry is a pointer to a kadm5_policy_ent_t that
index 18ab480bcab847d574ab4ec27b35cae9bf326f8d..36ca2a158d8168acd7fb986cfcc1ad42465d3d7a 100644 (file)
@@ -199,7 +199,7 @@ kadm5_create_principal_3(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(handle->context);
 
     /*
      * Argument sanity checking, and opening up the DB
@@ -380,6 +380,9 @@ kadm5_create_principal_3(void *server_handle,
        }
     }
 
+    /* In all cases key and the principal data is set, let the database provider know */
+    kdb.mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL ;
+
     /* store the new db entry */
     ret = kdb_put_entry(handle, &kdb, &adb);
 
@@ -421,7 +424,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal)
 
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(handle->context);
 
     if (principal == NULL)
        return EINVAL;
@@ -469,7 +472,7 @@ kadm5_modify_principal(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(handle->context);
 
     if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
        (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
@@ -628,6 +631,9 @@ kadm5_modify_principal(void *server_handle,
         }
     }
 
+    /* let the mask propagate to the database provider */
+    kdb.mask = mask;
+
     ret = kdb_put_entry(handle, &kdb, &adb);
     if (ret) goto done;
 
@@ -656,7 +662,7 @@ kadm5_rename_principal(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(handle->context);
 
     if (source == NULL || target == NULL)
        return EINVAL;
@@ -711,7 +717,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
 
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(handle->context);
 
     /*
      * In version 1, all the defined fields are always returned.
@@ -1289,7 +1295,7 @@ kadm5_chpass_principal_3(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(handle->context);
 
     hist_added = 0;
     memset(&hist, 0, sizeof(hist));
@@ -1433,6 +1439,9 @@ kadm5_chpass_principal_3(void *server_handle,
     if (ret)
        goto done;
 
+    /* key data and attributes changed, let the database provider know */
+    kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES /* | KADM5_CPW_FUNCTION */;
+
     if ((ret = kdb_put_entry(handle, &kdb, &adb)))
        goto done;
 
@@ -1478,13 +1487,13 @@ kadm5_randkey_principal_3(void *server_handle,
     int                                ret, last_pwd, have_pol = 0;
     kadm5_server_handle_t      handle = server_handle;
 
-    krb5_db_clr_error();
-
     if (keyblocks)
         *keyblocks = NULL;
 
     CHECK_HANDLE(server_handle);
 
+    krb5_clear_error_message(handle->context);
+
     if (principal == NULL)
        return EINVAL;
     if (hist_princ && /* this will be NULL when initializing the databse */
@@ -1580,6 +1589,9 @@ kadm5_randkey_principal_3(void *server_handle,
         }
     }   
     
+    /* key data changed, let the database provider know */
+    kdb.mask = KADM5_KEY_DATA /* | KADM5_RANDKEY_USED */;
+
     if ((ret = kdb_put_entry(handle, &kdb, &adb)))
        goto done;
 
@@ -1616,12 +1628,12 @@ kadm5_setv4key_principal(void *server_handle,
     kadm5_server_handle_t      handle = server_handle;
     krb5_key_data               tmp_key_data;
 
-    krb5_db_clr_error();
-
     memset( &tmp_key_data, 0, sizeof(tmp_key_data));
 
     CHECK_HANDLE(server_handle);
 
+    krb5_clear_error_message(handle->context);
+
     if (principal == NULL || keyblock == NULL)
        return EINVAL;
     if (hist_princ && /* this will be NULL when initializing the databse */
@@ -1797,7 +1809,7 @@ kadm5_setkey_principal_3(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
-    krb5_db_clr_error();
+    krb5_clear_error_message(handle->context);
 
     if (principal == NULL || keyblocks == NULL)
        return EINVAL;
index 78c29704cfedd445c018cccbd6be3d2a1dbb1523..5efd65b2fcf2279c4dd0b3e34090982e99235d3d 100644 (file)
@@ -25,8 +25,6 @@ SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(DL_LIB) $(LIBS)
 SHLIB_DIRS=-L$(TOPLIBD)
 SHLIB_RDIRS=$(KRB5_LIBDIR)
 
-all:: 
-
 adb_err.$(OBJEXT): adb_err.c
 adb_err.c adb_err.h: $(srcdir)/adb_err.et
 
@@ -37,7 +35,6 @@ SRCS= \
        $(srcdir)/kdb_default.c \
        $(srcdir)/kdb_cpw.c \
        adb_err.c \
-       $(srcdir)/err_handle.c \
        $(srcdir)/keytab.c
 
 STOBJLISTS=OBJS.ST
@@ -48,7 +45,6 @@ STLIBOBJS= \
        kdb_default.o \
        kdb_cpw.o \
        adb_err.o \
-       err_handle.o \
        keytab.o
 
 all-unix:: all-liblinks
@@ -70,7 +66,7 @@ kdb5.so kdb5.po $(OUTPRE)kdb5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
   $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
   $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  adb_err.h err_handle.h kdb5.c kdb5.h
+  adb_err.h kdb5.c kdb5.h
 encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -105,14 +101,6 @@ kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h
   kdb_cpw.c
 adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): $(COM_ERR_DEPS) \
   adb_err.c
-err_handle.so err_handle.po $(OUTPRE)err_handle.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-locate.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  err_handle.c err_handle.h
 keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
diff --git a/src/lib/kdb/err_handle.c b/src/lib/kdb/err_handle.c
deleted file mode 100644 (file)
index 50b8a2a..0000000
+++ /dev/null
@@ -1,210 +0,0 @@
-/**********************************************************************
-*
-*      C %name:                err_handle.c %
-*      Instance:               idc_sec_1
-*      Description:    
-*      %created_by:    spradeep %
-*      %date_created:  Thu Apr  7 14:05:00 2005 %
-*
-**********************************************************************/
-#ifndef lint
-static char *_csrc =
-    "@(#) %filespec: err_handle.c~1 %  (%full_filespec: err_handle.c~1:csrc:idc_sec#1 %)";
-#endif
-
-/* This file should be ideally be in util/et.  But, for now thread
-   safety requirement stops me from putting there.  if I do, then all
-   the applications have to link to pthread.  */
-
-#include "autoconf.h"
-#if defined(ENABLE_THREADS) && defined(HAVE_PTHREAD_H)
-#include <pthread.h>
-#endif
-#include "err_handle.h"
-#include <assert.h>
-
-#ifdef NOVELL
-krb5_errcode_2_string_func old_error_2_string = NULL;
-#endif
-
-typedef struct
-{
-    char    krb5_err_str[KRB5_MAX_ERR_STR + 1];
-    long    err_code;
-    krb5_err_subsystem subsystem;
-    krb5_context kcontext;
-} krb5_err_struct_t;
-
-#if defined(ENABLE_THREADS) && defined(HAVE_PTHREAD_H)
-static void
-tsd_key_destructor(void *data)
-{
-    free(data);
-}
-
-static void
-init_err_handling(void)
-{
-    assert(!k5_key_register(K5_KEY_KDB_ERR_HANDLER, tsd_key_destructor));
-#ifdef NOVELL
-    old_error_2_string = error_message;
-    error_message = krb5_get_err_string;
-#endif
-}
-
-static pthread_once_t krb5_key_create = PTHREAD_ONCE_INIT;
-
-krb5_error_code
-krb5_set_err(krb5_context kcontext, krb5_err_subsystem subsystem,
-            long err_code, char *str)
-{
-    int     ret;
-    krb5_err_struct_t *err_struct;
-    pthread_once(&krb5_key_create, init_err_handling);
-
-    err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KDB_ERR_HANDLER);
-    if (err_struct == NULL) {
-       err_struct = calloc(sizeof(krb5_err_struct_t), 1);
-       if (err_struct == NULL)
-           return ENOMEM;
-
-       if ((ret = k5_setspecific(K5_KEY_KDB_ERR_HANDLER, err_struct))) {
-           free(err_struct);
-           return ret;
-       }
-    }
-
-    err_struct->subsystem = subsystem;
-    err_struct->err_code = err_code;
-    err_struct->kcontext = kcontext;
-    if (err_struct->subsystem == krb5_err_have_str) {
-       strncpy(err_struct->krb5_err_str, str,
-               sizeof(err_struct->krb5_err_str));
-       err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0';
-    }
-
-    return 0;
-}
-
-const char *KRB5_CALLCONV
-krb5_get_err_string(long err_code)
-{
-    krb5_err_struct_t *err_struct;
-    pthread_once(&krb5_key_create, init_err_handling);
-
-    err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KDB_ERR_HANDLER);
-    if (err_struct && (err_struct->subsystem == krb5_err_have_str)
-       && (err_code == err_struct->err_code)) {
-       /* Checking error code is for safety.
-          In case, the caller ignores a database error and calls
-          other calls before doing com_err.  Though not perfect,
-          caller should call krb5_clr_error before this.  */
-       err_struct->subsystem = krb5_err_unknown;
-       return err_struct->krb5_err_str;
-    }
-
-    if (err_struct && (err_struct->subsystem == krb5_err_db)
-       && (err_code == err_struct->err_code)) {
-       err_struct->subsystem = krb5_err_unknown;
-       return krb5_db_errcode2string(err_struct->kcontext, err_code);
-    }
-
-    /* Error strings are not generated here. the remaining two cases
-       are handled by the default error string convertor.  */
-#ifdef NOVELL
-    return old_error_2_string(err_code);
-#else
-    return error_message(err_code);
-#endif
-}
-
-void
-krb5_clr_error()
-{
-    krb5_err_struct_t *err_struct;
-    pthread_once(&krb5_key_create, init_err_handling);
-
-    err_struct = (krb5_err_struct_t *) k5_getspecific(K5_KEY_KDB_ERR_HANDLER);
-    if (err_struct)
-       err_struct->subsystem = krb5_err_unknown;
-}
-
-#else
-krb5_err_struct_t krb5_err = { {0}, 0, 0, 0 };
-krb5_boolean krb5_init_once = TRUE;
-
-static void
-init_err_handling(void)
-{
-    if (krb5_init_once) {
-#ifdef NOVELL
-       old_error_2_string = error_message;
-       error_message = krb5_get_err_string;
-#endif
-       krb5_init_once = FALSE;
-    }
-}
-
-krb5_error_code
-krb5_set_err(krb5_context kcontext, krb5_err_subsystem subsystem,
-            long err_code, char *str)
-{
-    krb5_err_struct_t *err_struct = &krb5_err;
-
-    init_err_handling();       /* takes care for multiple inits */
-
-    err_struct->subsystem = subsystem;
-    err_struct->err_code = err_code;
-    err_struct->kcontext = kcontext;
-    if (err_struct->subsystem == krb5_err_have_str) {
-       strncpy(err_struct->krb5_err_str, str,
-               sizeof(err_struct->krb5_err_str));
-       err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0';
-    }
-
-    return 0;
-}
-
-const char *KRB5_CALLCONV
-krb5_get_err_string(long err_code)
-{
-    krb5_err_struct_t *err_struct = &krb5_err;
-
-    init_err_handling();       /* takes care for multiple inits */
-
-    if ((err_struct->subsystem == krb5_err_have_str)
-       && (err_code == err_struct->err_code)) {
-       /* checking error code is for safety.
-          In case, the caller ignores a database error and calls
-          other calls before doing com_err.  Though not perfect,
-          caller should call krb5_clr_error before this.  */
-       err_struct->subsystem = krb5_err_unknown;
-       return err_struct->krb5_err_str;
-    }
-
-    if ((err_struct->subsystem == krb5_err_db)
-       && (err_code == err_struct->err_code)) {
-       err_struct->subsystem = krb5_err_unknown;
-       return krb5_db_errcode2string(err_struct->kcontext, err_code);
-    }
-
-    /* It is not generated here. the remaining two cases are handled
-       by the default error string convertor.  */
-#ifdef NOVELL
-    return old_error_2_string(err_code);
-#else
-    return error_message(err_code);
-#endif
-}
-
-void
-krb5_clr_error()
-{
-    krb5_err_struct_t *err_struct = &krb5_err;
-
-    init_err_handling();       /* takes care for multiple inits */
-
-    err_struct->subsystem = krb5_err_unknown;
-}
-
-#endif
diff --git a/src/lib/kdb/err_handle.h b/src/lib/kdb/err_handle.h
deleted file mode 100644 (file)
index ba1e320..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-/**********************************************************************
-*
-*      C Header:               err_handle.h
-*      Instance:               idc_sec_1
-*      Description:    
-*      %created_by:    spradeep %
-*      %date_created:  Thu Apr  7 14:05:33 2005 %
-*
-**********************************************************************/
-#ifndef _idc_sec_1_err_handle_h_H
-#define _idc_sec_1_err_handle_h_H
-#include <k5-int.h>
-
-/* Everything else goes here */
-
-#define KRB5_MAX_ERR_STR 1024
-typedef enum krb5_err_subsystem {
-    krb5_err_unknown = 0, /* no error or unknown system. Has to be probed */
-    krb5_err_system,   /* error in system call */
-    krb5_err_krblib,   /* error in kerberos library call, should lookup in the error table */
-    krb5_err_have_str, /* error message is available in the string */
-    krb5_err_db                /* error is a database error, should be handled by calling DB */
-} krb5_err_subsystem;
-
-typedef krb5_error_code(*krb5_set_err_func_t) (krb5_context,
-                                              krb5_err_subsystem, long,
-                                              char *);
-
-krb5_error_code krb5_set_err(krb5_context kcontext,
-                            krb5_err_subsystem subsystem, long err_code,
-                            char *str);
-
-const char *KRB5_CALLCONV krb5_get_err_string(long err_code);
-
-void    krb5_clr_error(void);
-
-#endif
index ad5cb0580c6cb89af6144c806e40b7a22595759d..ce66474a882a9f46af6541aa082e5ab863ff47b6 100644 (file)
@@ -273,7 +273,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
 
     kdb_setup_opt_functions(*lib);
 
-    if ((status = (*lib)->vftabl.init_library(krb5_set_err))) {
+    if ((status = (*lib)->vftabl.init_library())) {
        /* ERROR. library not initialized cleanly */
        sprintf(buf, "%s library initialization failed, error code %ld\n",
                lib_name, status);
@@ -365,14 +365,17 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
 
                kdb_setup_opt_functions(*lib);
 
-               if ((status = (*lib)->vftabl.init_library(krb5_set_err))) {
+               if ((status = (*lib)->vftabl.init_library())) {
                    /* ERROR. library not initialized cleanly */
                    goto clean_n_exit;
 
                }
            } else {
+               err_str = dlerror();
+               if(err_str == NULL)
+                   err_str = "";
                status = KRB5_KDB_DBTYPE_INIT;
-               krb5_set_err(kcontext, krb5_err_have_str, status, dlerror());
+               krb5_set_error_message (kcontext, status, "%s", err_str);
                goto clean_n_exit;
            }
            break;
@@ -385,8 +388,8 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
 
     if (!(*lib)->dl_handle) {
        /* library not found in the given list. Error str is already set */
-      status = KRB5_KDB_DBTYPE_NOTFOUND;
-       krb5_set_err(kcontext, krb5_err_have_str, status, err_str);
+       status = KRB5_KDB_DBTYPE_NOTFOUND;
+       krb5_set_error_message (kcontext, status, "%s", err_str);
        goto clean_n_exit;
     }
 
@@ -568,27 +571,19 @@ kdb_free_lib_handle(krb5_context kcontext)
 /*
  *      External functions... DAL API
  */
-void
-krb5_db_clr_error()
-{
-    krb5_clr_error();
-}
-
 krb5_error_code
 krb5_db_open(krb5_context kcontext, char **db_args, int mode)
 {
     krb5_error_code status = 0;
     char   *section = NULL;
     kdb5_dal_handle *dal_handle;
-    char    buf[KRB5_MAX_ERR_STR];
 
     section = kdb_get_conf_section(kcontext);
     if (section == NULL) {
-       sprintf(buf,
+       status = KRB5_KDB_SERVER_INTERNAL_ERR;
+       krb5_set_error_message (kcontext, status,
                "unable to determine configuration section for realm %s\n",
                kcontext->default_realm ? kcontext->default_realm : "[UNSET]");
-       status = -1;
-       krb5_set_err(kcontext, krb5_err_have_str, status, buf);
        goto clean_n_exit;
     }
 
@@ -658,15 +653,13 @@ krb5_db_create(krb5_context kcontext, char **db_args)
     krb5_error_code status = 0;
     char   *section = NULL;
     kdb5_dal_handle *dal_handle;
-    char    buf[KRB5_MAX_ERR_STR];
 
     section = kdb_get_conf_section(kcontext);
     if (section == NULL) {
-       sprintf(buf,
+       status = KRB5_KDB_SERVER_INTERNAL_ERR;
+       krb5_set_error_message (kcontext, status,
                "unable to determine configuration section for realm %s\n",
                kcontext->default_realm);
-       status = -1;
-       krb5_set_err(kcontext, krb5_err_have_str, status, buf);
        goto clean_n_exit;
     }
 
@@ -731,15 +724,13 @@ krb5_db_destroy(krb5_context kcontext, char **db_args)
     krb5_error_code status = 0;
     char   *section = NULL;
     kdb5_dal_handle *dal_handle;
-    char    buf[KRB5_MAX_ERR_STR];
 
     section = kdb_get_conf_section(kcontext);
     if (section == NULL) {
-       sprintf(buf,
+       status = KRB5_KDB_SERVER_INTERNAL_ERR;
+       krb5_set_error_message (kcontext, status,
                "unable to determine configuration section for realm %s\n",
                kcontext->default_realm);
-       status = -1;
-       krb5_set_err(kcontext, krb5_err_have_str, status, buf);
        goto clean_n_exit;
     }
 
index cc4992bd83f609dde73f3cd1226c12a678eb0047..3e4701abe8da7ab3384cbdf1a32a7b50ebf00122 100644 (file)
 #include <utime.h>
 #include <k5-int.h>
 #include "kdb.h"
-#include "err_handle.h"
 
 #define KDB_MAX_DB_NAME 128
 #define KDB_REALM_SECTION  "realms"
 #define KDB_MODULE_POINTER "database_module"
-#define KDB_MODULE_SECTION "db_modules"
+#define KDB_MODULE_DEF_SECTION "dbdefaults"
+#define KDB_MODULE_SECTION "dbmodules"
 #define KDB_LIB_POINTER    "db_library"
 #define KDB_DATABASE_CONF_FILE  DEFAULT_SECURE_PROFILE_PATH
 #define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV
 #define KRB5_KDB_OPEN_RW                0
 #define KRB5_KDB_OPEN_RO                1
 
+#ifndef KRB5_KDB_SRV_TYPE_KDC
+#define KRB5_KDB_SRV_TYPE_KDC           0x0100        
+#endif
+
+#ifndef KRB5_KDB_SRV_TYPE_ADMIN
+#define KRB5_KDB_SRV_TYPE_ADMIN         0x0200  
+#endif
+
+#ifndef KRB5_KDB_SRV_TYPE_PASSWD
+#define KRB5_KDB_SRV_TYPE_PASSWD        0x0300
+#endif
+
+#ifndef KRB5_KDB_SRV_TYPE_OTHER
+#define KRB5_KDB_SRV_TYPE_OTHER         0x0400  
+#endif
+
 #define KRB5_KDB_OPT_SET_DB_NAME        0
 #define KRB5_KDB_OPT_SET_LOCK_MODE      1
 
@@ -50,7 +66,7 @@ typedef struct _kdb_vftabl{
     short int maj_ver;
     short int min_ver;
 
-    krb5_error_code (*init_library)(krb5_set_err_func_t);
+    krb5_error_code (*init_library)();
     krb5_error_code (*fini_library)();
     krb5_error_code (*init_module) ( krb5_context kcontext,
                                     char * conf_section,
index c4d2c884688d34a86a8ef9314afbbb419139ac3d..fe2fae6492657dc03853f14bb54291d4e3c50cc8 100644 (file)
@@ -1,6 +1,5 @@
 krb5_db_open
 krb5_db_inited
-krb5_db_clr_error
 krb5_db_alloc
 krb5_db_free
 krb5_db_create
@@ -48,3 +47,4 @@ krb5_db_put_policy
 krb5_db_iter_policy
 krb5_db_delete_policy
 krb5_db_free_policy
+krb5_def_store_mkey
index 7c146e61e14fb7e587e5d77792070b4ef33db06c..79a7c961e5ec08a2d3c0ee3aeb6f87f247e17676 100644 (file)
@@ -71,5 +71,6 @@ ec KRB5_KDB_NO_MATCHING_KEY,  "No matching key in entry"
 ec KRB5_KDB_DBTYPE_NOTFOUND,   "Unable to find requested database type"
 ec KRB5_KDB_DBTYPE_NOSUP,      "Database type not supported"
 ec KRB5_KDB_DBTYPE_INIT,       "Database library failed to initialize"
+ec KRB5_KDB_SERVER_INTERNAL_ERR,   "Server error"
 
 end
index 5c4d68a1b834a8dc1c050bd83521ff53c7dfb492..00a21450656daf98b8fb123f183314f3a4eb0e47 100644 (file)
@@ -35,7 +35,6 @@ SHLIB_EXPDEPS = \
        $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
        $(TOPLIBD)/libkrb5$(SHLIBEXT)
 SHLIB_EXPLIBS= $(GSSRPC_LIBS) -lkrb5 -lcom_err -lk5crypto $(KDB5_DB_LIB) $(SUPPORT_LIB) $(LIBS)
-# -lgssrpc $(KDB5_DB_LIB)
 
 SHLIB_DIRS=-L$(TOPLIBD)
 SHLIB_RDIRS=$(KRB5_LIBDIR)
@@ -130,9 +129,8 @@ kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h
   $(SRCTOP)/include/k5-locate.h $(SRCTOP)/include/k5-platform.h \
   $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
   $(SRCTOP)/include/kdb.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/err_handle.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_compat.h kdb_db2.c kdb_db2.h \
-  kdb_xdr.h policy_db.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \
+  kdb_compat.h kdb_db2.c kdb_db2.h kdb_xdr.h policy_db.h
 pol_xdr.so pol_xdr.po $(OUTPRE)pol_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/auth.h \
   $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
@@ -153,6 +151,5 @@ db2_exp.so db2_exp.po $(OUTPRE)db2_exp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h
   $(SRCTOP)/include/k5-locate.h $(SRCTOP)/include/k5-platform.h \
   $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
   $(SRCTOP)/include/kdb.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/err_handle.h \
-  $(SRCTOP)/lib/kdb/kdb5.h db2_exp.c kdb_db2.h kdb_xdr.h \
-  policy_db.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \
+  db2_exp.c kdb_db2.h kdb_xdr.h policy_db.h
index e44728dde8e581cf24d30d33e187931cfe33f0b7..8938c6d4af64d50db44ba74e11b34fab718c3a88 100644 (file)
@@ -194,13 +194,13 @@ WRAP_K (krb5_db2_db_get_mkey,
        (context, key));
 
 static krb5_error_code
-hack_init (krb5_set_err_func_t f)
+hack_init ()
 {
     krb5_error_code c;
     c = krb5int_mutex_alloc (&krb5_db2_mutex);
     if (c)
        return c;
-    return krb5_db2_lib_init (f);
+    return krb5_db2_lib_init ();
 }
 
 static krb5_error_code
index f3f1e00d6cf5e3fdd7d8b0032eb6f19f903142b9..48e848280f88c7a71de0e0e7f7c4b36b37a8d1c1 100644 (file)
@@ -88,7 +88,6 @@ krb5_error_code krb5_db2_db_lock(krb5_context, int);
 static krb5_error_code krb5_db2_db_set_hashfirst(krb5_context, int);
 
 static char default_db_name[] = DEFAULT_KDB_FILE;
-krb5_set_err_func_t krb5_db2_dal_err_funcp = NULL;
 
 /*
  * Locking:
@@ -958,11 +957,12 @@ krb5_db2_db_put_principal(krb5_context context,
     krb5_db2_context *db_ctx;
     kdb5_dal_handle *dal_handle;
 
+    krb5_clear_error_message (context);
     if (db_args) {
        /* DB2 does not support db_args DB arguments for principal */
-       char    buf[KRB5_MAX_ERR_STR];
-       sprintf(buf, "Unsupported argument \"%s\" for db2", db_args[0]);
-       krb5_db2_dal_err_funcp(context, krb5_err_have_str, EINVAL, buf);
+       krb5_set_error_message(context, EINVAL,
+                              "Unsupported argument \"%s\" for db2",
+                              db_args[0]);
        return EINVAL;
     }
 
@@ -1209,9 +1209,8 @@ krb5_db2_db_set_lockmode(krb5_context context, krb5_boolean mode)
  *     DAL API functions
  */
 krb5_error_code
-krb5_db2_lib_init(krb5_set_err_func_t set_err)
+krb5_db2_lib_init()
 {
-    krb5_db2_dal_err_funcp = set_err;
     return 0;
 }
 
@@ -1230,6 +1229,8 @@ krb5_db2_open(krb5_context kcontext,
     char  **t_ptr = db_args;
     char    db_name_set = 0;
 
+    krb5_clear_error_message (kcontext);
+
     if (k5db2_inited(kcontext))
        return 0;
 
@@ -1248,10 +1249,9 @@ krb5_db2_open(krb5_context kcontext,
        }
        /* ignore hash argument. Might have been passed from create */
        else if (!opt || strcmp(opt, "hash")) {
-           char    buf[KRB5_MAX_ERR_STR];
-           sprintf(buf, "Unsupported argument \"%s\" for db2",
-                   opt ? opt : val);
-           krb5_db2_dal_err_funcp(kcontext, krb5_err_have_str, EINVAL, buf);
+           krb5_set_error_message(kcontext, EINVAL,
+                                  "Unsupported argument \"%s\" for db2",
+                                  opt ? opt : val);
            free(opt);
            free(val);
            return EINVAL;
@@ -1299,6 +1299,8 @@ krb5_db2_create(krb5_context kcontext, char *conf_section, char **db_args)
     krb5_int32 flags = KRB5_KDB_CREATE_BTREE;
     char   *db_name = NULL;
 
+    krb5_clear_error_message (kcontext);
+
     if (k5db2_inited(kcontext))
        return 0;
 
@@ -1321,10 +1323,9 @@ krb5_db2_create(krb5_context kcontext, char *conf_section, char **db_args)
        else if (opt && !strcmp(opt, "hash")) {
            flags = KRB5_KDB_CREATE_HASH;
        } else {
-           char    buf[KRB5_MAX_ERR_STR];
-           sprintf(buf, "Unsupported argument \"%s\" for db2",
-                   opt ? opt : val);
-           krb5_db2_dal_err_funcp(kcontext, krb5_err_have_str, EINVAL, buf);
+           krb5_set_error_message(kcontext, EINVAL,
+                                  "Unsupported argument \"%s\" for db2",
+                                  opt ? opt : val);
            free(opt);
            free(val);
            return EINVAL;
index 77ca60c3348d0d875eecaada036b7c24070f3312..41dad90358f5e21420ca86af0c2e18ad44faa6b5 100644 (file)
@@ -134,7 +134,7 @@ krb5_db2_db_delete_principal(krb5_context context,
                             krb5_const_principal searchfor,
                             int *nentries);
 
-krb5_error_code krb5_db2_lib_init(krb5_set_err_func_t);
+krb5_error_code krb5_db2_lib_init();
 
 krb5_error_code krb5_db2_lib_cleanup(void);
 
@@ -204,8 +204,4 @@ krb5_error_code krb5_db2_delete_policy ( krb5_context kcontext,
 void krb5_db2_free_policy( krb5_context kcontext,
                           osa_policy_ent_t entry );
 
-
-
-extern krb5_set_err_func_t krb5_db2_dal_err_funcp;
-
 #endif /* KRB5_KDB_DB2_H */
index 01502f35aa8fc949314de7de95ebc6e90fb42d28..120780b33ec2a7b7c7c24e776e1b58b741b4a3a4 100644 (file)
@@ -30,7 +30,7 @@ kdc.conf: Makefile
 
 krb5.conf: Makefile
        cat $(SRCTOP)/config-files/krb5.conf > krb5.new
-       echo "[db_modules]" >> krb5.new
+       echo "[dbmodules]" >> krb5.new
        echo " db_module_dir = `pwd`/../util/fakedest$(KRB5_DB_MODULE_DIR)" >> krb5.new
        mv krb5.new krb5.conf
 
index abb7b794ab5d4036b6f53f6bea99190a721f66f8..7f964a3415295713beae5eedcaee443cf0d09da0 100644 (file)
@@ -938,7 +938,7 @@ proc setup_krb5_conf { {type client} } {
        puts $conffile "        kdc = FILE:$tmppwd/kdc.log"
        puts $conffile "        default = FILE:$tmppwd/others.log"
        puts $conffile ""
-       puts $conffile "\[db_modules\]"
+       puts $conffile "\[dbmodules\]"
        puts $conffile "        db_module_dir = $tmppwd/../../../util/fakedest$KRB5_DB_MODULE_DIR"
        puts $conffile "        foo_db2 = {"
        puts $conffile "                db_library = db2"