#include <arpa/inet.h> /* inet_ntoa */
#include <adm_proto.h> /* krb5_klog_syslog */
#include "misc.h"
+#include <string.h>
#define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s"
#define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
return 0;
}
+static int
+log_unauth(
+ char *op,
+ char *target,
+ gss_buffer_t client,
+ gss_buffer_t server,
+ struct svc_req *rqstp)
+{
+ size_t tlen, clen, slen;
+ char *tdots, *cdots, *sdots;
+
+ tlen = strlen(target);
+ trunc_name(&tlen, &tdots);
+ clen = client->length;
+ trunc_name(&clen, &cdots);
+ slen = server->length;
+ trunc_name(&slen, &sdots);
+
+ return krb5_klog_syslog(LOG_NOTICE,
+ "Unauthorized request: %s, %.*s%s, "
+ "client=%.*s%s, service=%.*s%s, addr=%s",
+ op, tlen, target, tdots,
+ clen, client->value, cdots,
+ slen, server->value, sdots,
+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+}
+
+static int
+log_done(
+ char *op,
+ char *target,
+ char *errmsg,
+ gss_buffer_t client,
+ gss_buffer_t server,
+ struct svc_req *rqstp)
+{
+ size_t tlen, clen, slen;
+ char *tdots, *cdots, *sdots;
+
+ tlen = strlen(target);
+ trunc_name(&tlen, &tdots);
+ clen = client->length;
+ trunc_name(&clen, &cdots);
+ slen = server->length;
+ trunc_name(&slen, &sdots);
+
+ return krb5_klog_syslog(LOG_NOTICE,
+ "Request: %s, %.*s%s, %s, "
+ "client=%.*s%s, service=%.*s%s, addr=%s",
+ op, tlen, target, tdots, errmsg,
+ clen, client->value, cdots,
+ slen, server->value, sdots,
+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+}
+
generic_ret *
create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
{
|| kadm5int_acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
ret.code = KADM5_AUTH_ADD;
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_create_principal", prime_arg,
+ &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_create_principal((void *)handle,
&arg->rec, arg->mask,
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_create_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
}
|| kadm5int_acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
ret.code = KADM5_AUTH_ADD;
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_create_principal", prime_arg,
+ &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_create_principal_3((void *)handle,
&arg->rec, arg->mask,
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_create_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
}
|| !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE,
arg->princ, NULL)) {
ret.code = KADM5_AUTH_DELETE;
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_delete_principal", prime_arg,
+ &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_delete_principal((void *)handle, arg->princ);
if( ret.code == 0 )
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_delete_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
}
|| kadm5int_acl_impose_restrictions(handle->context,
&arg->rec, &arg->mask, rp)) {
ret.code = KADM5_AUTH_MODIFY;
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_modify_principal", prime_arg,
+ &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
arg->mask);
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_modify_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
/* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
}
} else
ret.code = KADM5_AUTH_INSUFFICIENT;
if (ret.code != KADM5_OK) {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_rename_principal", prime_arg,
+ &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_rename_principal((void *)handle, arg->src,
arg->dest);
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_rename_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
free(prime_arg1);
arg->princ,
NULL))) {
ret.code = KADM5_AUTH_GET;
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth(funcname, prime_arg,
+ &client_name, &service_name, rqstp);
} else {
if (handle->api_version == KADM5_API_VERSION_1) {
ret.code = kadm5_get_principal_v1((void *)handle,
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
- prime_arg,
- errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done(funcname, prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
NULL,
NULL)) {
ret.code = KADM5_AUTH_LIST;
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_get_principals", prime_arg,
+ &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_get_principals((void *)handle,
arg->exp, &ret.princs,
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals",
- prime_arg,
- errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_get_principals", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
arg->pass);
} else {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_chpass_principal", prime_arg,
+ &client_name, &service_name, rqstp);
ret.code = KADM5_AUTH_CHANGEPW;
}
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_chpass_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
arg->ks_tuple,
arg->pass);
} else {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_chpass_principal", prime_arg,
+ &client_name, &service_name, rqstp);
ret.code = KADM5_AUTH_CHANGEPW;
}
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_chpass_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
arg->keyblock);
} else {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_setv4key_principal", prime_arg,
+ &client_name, &service_name, rqstp);
ret.code = KADM5_AUTH_SETKEY;
}
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_setv4key_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
arg->keyblocks, arg->n_keys);
} else {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_setkey_principal", prime_arg,
+ &client_name, &service_name, rqstp);
ret.code = KADM5_AUTH_SETKEY;
}
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_setkey_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
arg->ks_tuple,
arg->keyblocks, arg->n_keys);
} else {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_setkey_principal", prime_arg,
+ &client_name, &service_name, rqstp);
ret.code = KADM5_AUTH_SETKEY;
}
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_setkey_principal", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
&k, &nkeys);
} else {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth(funcname, prime_arg,
+ &client_name, &service_name, rqstp);
ret.code = KADM5_AUTH_CHANGEPW;
}
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done(funcname, prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
free(prime_arg);
arg->ks_tuple,
&k, &nkeys);
} else {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth(funcname, prime_arg,
+ &client_name, &service_name, rqstp);
ret.code = KADM5_AUTH_CHANGEPW;
}
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
- prime_arg, errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done(funcname, prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
free(prime_arg);
rqst2name(rqstp),
ACL_ADD, NULL, NULL)) {
ret.code = KADM5_AUTH_ADD;
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
+ log_unauth("kadm5_create_policy", prime_arg,
+ &client_name, &service_name, rqstp);
+
} else {
ret.code = kadm5_create_policy((void *)handle, &arg->rec,
arg->mask);
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy",
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_create_policy",
+ ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
gss_release_buffer(&minor_stat, &client_name);
if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
rqst2name(rqstp),
ACL_DELETE, NULL, NULL)) {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_delete_policy", prime_arg,
+ &client_name, &service_name, rqstp);
ret.code = KADM5_AUTH_DELETE;
} else {
ret.code = kadm5_delete_policy((void *)handle, arg->name);
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy",
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_delete_policy",
+ ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
gss_release_buffer(&minor_stat, &client_name);
if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
rqst2name(rqstp),
ACL_MODIFY, NULL, NULL)) {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_modify_policy", prime_arg,
+ &client_name, &service_name, rqstp);
ret.code = KADM5_AUTH_MODIFY;
} else {
ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy",
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_modify_policy",
+ ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
gss_release_buffer(&minor_stat, &client_name);
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done(funcname,
+ ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+ &client_name, &service_name, rqstp);
} else {
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth(funcname, prime_arg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
gss_release_buffer(&minor_stat, &client_name);
rqst2name(rqstp),
ACL_LIST, NULL, NULL)) {
ret.code = KADM5_AUTH_LIST;
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies",
- prime_arg, client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_unauth("kadm5_get_policies", prime_arg,
+ &client_name, &service_name, rqstp);
} else {
ret.code = kadm5_get_policies((void *)handle,
arg->exp, &ret.pols,
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies",
- prime_arg,
- errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_get_policies", prime_arg, errmsg,
+ &client_name, &service_name, rqstp);
}
free_server_handle(handle);
gss_release_buffer(&minor_stat, &client_name);
else
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs",
- client_name.value,
- errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+ log_done("kadm5_get_privs", client_name.value, errmsg,
+ &client_name, &service_name, rqstp);
free_server_handle(handle);
gss_release_buffer(&minor_stat, &client_name);
kadm5_server_handle_t handle;
OM_uint32 minor_stat;
char *errmsg = 0;
+ size_t clen, slen;
+ char *cdots, *sdots;
xdr_free(xdr_generic_ret, &ret);
if (ret.code != 0)
errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
- krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d",
- (ret.api_version == KADM5_API_VERSION_1 ?
- "kadm5_init (V1)" : "kadm5_init"),
- client_name.value,
- (ret.code == 0) ? "success" : errmsg,
- client_name.value, service_name.value,
- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
- rqstp->rq_cred.oa_flavor);
+ else
+ errmsg = "success";
+
+ clen = client_name.length;
+ trunc_name(&clen, &cdots);
+ slen = service_name.length;
+ trunc_name(&slen, &sdots);
+ krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
+ "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
+ (ret.api_version == KADM5_API_VERSION_1 ?
+ "kadm5_init (V1)" : "kadm5_init"),
+ clen, client_name.value, cdots, errmsg,
+ clen, client_name.value, cdots,
+ slen, service_name.value, sdots,
+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
+ rqstp->rq_cred.oa_flavor);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);