From 914a83c4b912d161b72e80d376709c8f5ee307e3 Mon Sep 17 00:00:00 2001 From: Paul Park Date: Thu, 8 Jun 1995 19:08:06 +0000 Subject: [PATCH] Update kadmind5 to use new logging routines git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5976 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/v5server/ChangeLog | 8 ++++ src/kadmin/v5server/admin.c | 16 ++++---- src/kadmin/v5server/passwd.c | 6 +-- src/kadmin/v5server/proto_serv.c | 26 ++++++------ src/kadmin/v5server/srv_acl.c | 2 +- src/kadmin/v5server/srv_main.c | 69 +++++--------------------------- src/kadmin/v5server/srv_net.c | 30 +++++++------- src/kdc/ChangeLog | 6 +++ src/kdc/Makefile.in | 6 ++- src/kdc/dispatch.c | 3 +- src/kdc/do_as_req.c | 33 +++++++-------- src/kdc/do_tgs_req.c | 11 ++--- src/kdc/kdc_util.c | 7 ++-- src/kdc/kerberos_v4.c | 3 +- src/kdc/main.c | 69 +++----------------------------- 15 files changed, 105 insertions(+), 190 deletions(-) diff --git a/src/kadmin/v5server/ChangeLog b/src/kadmin/v5server/ChangeLog index 0c24228d9..b5d4000e1 100644 --- a/src/kadmin/v5server/ChangeLog +++ b/src/kadmin/v5server/ChangeLog @@ -1,3 +1,11 @@ + +Thu Jun 8 14:46:05 EDT 1995 Paul Park (pjpark@mit.edu) + * admin.c, passwd.c, srv_acl.c - Supply severities for error messages. + * proto_serv.c, srv_net.c - Supply severities for error messages and + change DLOG to DPRINT. + * srv_main.c - Supply severities for error messages. Remove com_err + handling and syslog() logic for routines in libkadm. + Wed Jun 7 12:03:10 1995 * Makefile.in (CFLAGS), srv_acl.c (acl_init): Use diff --git a/src/kadmin/v5server/admin.c b/src/kadmin/v5server/admin.c index d38de0aac..5a746fe72 100644 --- a/src/kadmin/v5server/admin.c +++ b/src/kadmin/v5server/admin.c @@ -47,14 +47,14 @@ struct inq_context { static krb5_db_entry admin_def_dbent; static krb5_boolean admin_def_dbent_inited = 0; -static const char *admin_perm_denied_fmt = "ACL entry prevents %s operation by %s"; -static const char *admin_db_write_err_fmt = "database write failed during %s operation by %s"; -static const char *admin_db_success_fmt = "%s operation for %s successfully issued by %s"; -static const char *admin_db_read_err_fmt = "database read failed during %s operation by %s"; -static const char *admin_no_cl_ident_fmt = "cannot get client identity from ticket for %s operation"; -static const char *admin_db_rename_fmt = "%s operation from %s to %s successfully issued by %s"; -static const char *admin_db_del_err_fmt = "database delete entry(%s) failed during %s operation by %s"; -static const char *admin_key_dec_err_fmt = "key decode failed for %s's key during %s operation by %s"; +static const char *admin_perm_denied_fmt = "\004ACL entry prevents %s operation by %s"; +static const char *admin_db_write_err_fmt = "\004database write failed during %s operation by %s"; +static const char *admin_db_success_fmt = "\007%s operation for %s successfully issued by %s"; +static const char *admin_db_read_err_fmt = "\004database read failed during %s operation by %s"; +static const char *admin_no_cl_ident_fmt = "\004cannot get client identity from ticket for %s operation"; +static const char *admin_db_rename_fmt = "\007%s operation from %s to %s successfully issued by %s"; +static const char *admin_db_del_err_fmt = "\004database delete entry(%s) failed during %s operation by %s"; +static const char *admin_key_dec_err_fmt = "\004key decode failed for %s's key during %s operation by %s"; static const char *admin_add_principal_text = "Add Principal"; static const char *admin_modify_principal_text = "Modify Principal"; diff --git a/src/kadmin/v5server/passwd.c b/src/kadmin/v5server/passwd.c index 83d273980..74acada6f 100644 --- a/src/kadmin/v5server/passwd.c +++ b/src/kadmin/v5server/passwd.c @@ -40,9 +40,9 @@ #define KPWD_MIN_PWD_LENGTH 8 extern char *programname; -static const char *pwd_bad_old_pwd = "incorrect old password for %s"; -static const char *pwd_perm_denied = "ACL entry prevents password change for %s"; -static const char *pwd_changed_pwd = "changed password for %s"; +static const char *pwd_bad_old_pwd = "\004incorrect old password for %s"; +static const char *pwd_perm_denied = "\004ACL entry prevents password change for %s"; +static const char *pwd_changed_pwd = "\007changed password for %s"; /* * passwd_check_princ() - Check if the principal specified in the ticket is ok diff --git a/src/kadmin/v5server/proto_serv.c b/src/kadmin/v5server/proto_serv.c index 73c6ce62f..0b85f59a4 100644 --- a/src/kadmin/v5server/proto_serv.c +++ b/src/kadmin/v5server/proto_serv.c @@ -36,18 +36,18 @@ #include "adm_proto.h" #include -static const char *proto_addrs_msg = "%d: cannot get memory for addresses"; -static const char *proto_rcache_msg = "%d: cannot get replay cache"; -static const char *proto_ap_req_msg = "%d: error reading AP_REQ message"; -static const char *proto_auth_con_msg = "%d: cannot get authorization context"; -static const char *proto_rd_req_msg = "%d: cannot decode AP_REQ message"; -static const char *proto_mk_rep_msg = "%d: cannot generate AP_REP message"; -static const char *proto_wr_rep_msg = "%d: cannot write AP_REP message"; -static const char *proto_conn_abort_msg = "%d: connection destroyed by client"; -static const char *proto_seq_err_msg = "%d: protocol sequence violation"; -static const char *proto_rd_cmd_msg = "%d: cannot read administrative protocol command"; -static const char *proto_wr_reply_msg = "%d: cannot write administrative protocol reply"; -static const char *proto_fmt_reply_msg = "%d: cannot format administrative protocol reply"; +static const char *proto_addrs_msg = "\004%d: cannot get memory for addresses"; +static const char *proto_rcache_msg = "\004%d: cannot get replay cache"; +static const char *proto_ap_req_msg = "\004%d: error reading AP_REQ message"; +static const char *proto_auth_con_msg = "\004%d: cannot get authorization context"; +static const char *proto_rd_req_msg = "\004%d: cannot decode AP_REQ message"; +static const char *proto_mk_rep_msg = "\004%d: cannot generate AP_REP message"; +static const char *proto_wr_rep_msg = "\004%d: cannot write AP_REP message"; +static const char *proto_conn_abort_msg = "\007%d: connection destroyed by client"; +static const char *proto_seq_err_msg = "\004%d: protocol sequence violation"; +static const char *proto_rd_cmd_msg = "\004%d: cannot read administrative protocol command"; +static const char *proto_wr_reply_msg = "\004%d: cannot write administrative protocol reply"; +static const char *proto_fmt_reply_msg = "\004%d: cannot format administrative protocol reply"; extern char *programname; static int proto_proto_timeout = -1; @@ -720,7 +720,7 @@ proto_serv(kcontext, my_id, cl_sock, sv_p, cl_p) } } else { - DLOG(DEBUG_REQUESTS, proto_debug_level, "connection timed out"); + DPRINT(DEBUG_REQUESTS, proto_debug_level, ("connection timed out")); } diff --git a/src/kadmin/v5server/srv_acl.c b/src/kadmin/v5server/srv_acl.c index 86948233d..4b1cf4d61 100644 --- a/src/kadmin/v5server/srv_acl.c +++ b/src/kadmin/v5server/srv_acl.c @@ -76,7 +76,7 @@ static const char *acl_catchall_entry = "* o"; static const char *acl_line2long_msg = "%s: line %d too long, truncated\n"; static const char *acl_op_bad_msg = "Unrecognized ACL operation '%c' in %s\n"; static const char *acl_syn_err_msg = "%s: syntax error at line %d <%10s...>\n"; -static const char *acl_cantopen_msg = "cannot open ACL file"; +static const char *acl_cantopen_msg = "\007cannot open ACL file"; /* * acl_get_line() - Get a line from the ACL file. diff --git a/src/kadmin/v5server/srv_main.c b/src/kadmin/v5server/srv_main.c index 205fa927b..fe11a5f41 100644 --- a/src/kadmin/v5server/srv_main.c +++ b/src/kadmin/v5server/srv_main.c @@ -30,20 +30,10 @@ #include #include -#include #include #include "k5-int.h" #include "com_err.h" -#if HAVE_STDARG_H -#include -#else /* HAVE_STDARG_H */ -#include -#endif /* HAVE_STDARG_H */ - -#define KADM_MAX_ERRMSG_SIZE 1024 -#ifndef LOG_AUTH -#define LOG_AUTH 0 -#endif /* LOG_AUTH */ +#include "adm_proto.h" #ifdef LANGUAGES_SUPPORTED static const char *usage_format = "%s: usage is %s [-a aclfile] [-d database] [-e enctype] [-m]\n\t[-k mkeytype] [-l langlist] [-p portnum] [-r realm] [-t timeout] [-n]\n\t[-D dbg] [-M mkeyname] [-T ktabname].\n"; @@ -56,13 +46,12 @@ static const char *fval_not_number = "%s: value (%s) specified for -%c is not nu static const char *extra_params = "%s extra paramters beginning with %s... \n"; static const char *daemon_err = "%s: cannot spawn and detach.\n"; static const char *no_memory_fmt = "%s: cannot allocate %d bytes for %s.\n"; -static const char *begin_op_msg = "%s starting."; -static const char *disp_err_fmt = "dispatch error."; -static const char *happy_exit_fmt = "terminating normally."; +static const char *begin_op_msg = "\007%s starting."; +static const char *disp_err_fmt = "\004dispatch error."; +static const char *happy_exit_fmt = "\007terminating normally."; static const char *init_error_fmt = "%s: cannot initialize %s.\n"; -static const char *unh_signal_fmt = "exiting on signal %d."; +static const char *unh_signal_fmt = "\007exiting on signal %d."; -static const char *messages_msg = "messages"; static const char *proto_msg = "protocol module"; static const char *net_msg = "network"; static const char *output_msg = "output"; @@ -94,45 +83,7 @@ unhandled_signal(signo) #endif /* POSIX_SETJMP */ /* NOTREACHED */ } - -static void -kadm_com_err_proc(whoami, code, format, ap) - const char *whoami; - long code; - const char *format; - va_list ap; -{ - char *outbuf; - - outbuf = (char *) malloc(KADM_MAX_ERRMSG_SIZE); - if (outbuf) { - char *cp; - sprintf(outbuf, "%s: ", whoami); - if (code) { - strcat(outbuf, error_message(code)); - strcat(outbuf, " - "); - } - cp = &outbuf[strlen(outbuf)]; -#if HAVE_VSPRINTF - vsprintf(cp, format, ap); -#else /* HAVE_VSPRINTF */ - sprintf(cp, format, ((int *) ap)[0], ((int *) ap)[1], - ((int *) ap)[2], ((int *) ap)[3], - ((int *) ap)[4], ((int *) ap)[5]); -#endif /* HAVE_VSPRINTF */ -#ifndef DEBUG - syslog(LOG_AUTH|LOG_ERR, outbuf); -#endif /* DEBUG */ - strcat(outbuf, "\n"); - fprintf(stderr, outbuf); - free(outbuf); - } - else { - fprintf(stderr, no_memory_fmt, programname, - KADM_MAX_ERRMSG_SIZE, messages_msg); - } -} - + int main(argc, argv) int argc; @@ -280,8 +231,7 @@ main(argc, argv) #endif /* DEBUG */ krb5_init_context(&kcontext); krb5_init_ets(kcontext); - openlog(programname, LOG_AUTH|LOG_CONS|LOG_NDELAY|LOG_PID, LOG_LOCAL6); - (void) set_com_err_hook(kadm_com_err_proc); + krb5_klog_init(kcontext, "admin_server", programname, 1); if ((signal_number = #if POSIX_SETJMP @@ -354,7 +304,7 @@ main(argc, argv) * We've successfully initialized here. */ #ifndef DEBUG - syslog(LOG_AUTH|LOG_INFO, begin_op_msg, server_name_msg); + com_err(programname, 0, begin_op_msg, server_name_msg); #endif /* DEBUG */ /* @@ -373,7 +323,7 @@ main(argc, argv) else { /* Received an unhandled signal */ #ifndef DEBUG - syslog(LOG_AUTH|LOG_INFO, unh_signal_fmt, signal_number); + com_err(programname, 0, unh_signal_fmt, signal_number); #endif } @@ -383,6 +333,7 @@ main(argc, argv) output_finish(kcontext, debug_level); acl_finish(kcontext, debug_level); key_finish(kcontext, debug_level); + krb5_klog_close(kcontext); krb5_xfree(kcontext); exit(error); } diff --git a/src/kadmin/v5server/srv_net.c b/src/kadmin/v5server/srv_net.c index ed4fbe431..b6fd4cab2 100644 --- a/src/kadmin/v5server/srv_net.c +++ b/src/kadmin/v5server/srv_net.c @@ -77,7 +77,7 @@ typedef struct _net_slave_info { /* * Error messages. */ -static const char *net_waiterr_msg = "child wait failed - cannot reap children"; +static const char *net_waiterr_msg = "\004child wait failed - cannot reap children"; static const char *net_def_realm_fmt = "%s: cannot get default realm (%s).\n"; static const char *net_no_mem_fmt = "%s: cannot get memory.\n"; static const char *net_parse_srv_fmt = "%s: cannot parse server name %s (%s).\n"; @@ -88,9 +88,9 @@ static const char *net_sockerr_fmt = "%s: cannot open network socket (%s).\n"; static const char *net_soerr_fmt = "%s: cannot set socket options (%s).\n"; static const char *net_binderr_fmt = "%s: cannot bind to network address (%s).\n"; -static const char *net_select_fmt = "select failed"; -static const char *net_cl_disp_fmt = "client dispatch failed"; -static const char *net_not_ready_fmt = "select error - no socket to read"; +static const char *net_select_fmt = "\004select failed"; +static const char *net_cl_disp_fmt = "\004client dispatch failed"; +static const char *net_not_ready_fmt = "\004select error - no socket to read"; static const char *net_dispatch_msg = "network dispatch"; static int net_debug_level = 0; @@ -740,7 +740,7 @@ net_dispatch(kcontext) #endif /* !USE_PTHREADS */ /* Receive connections on the socket */ - DLOG(DEBUG_OPERATION, net_debug_level, "listening on socket"); + DPRINT(DEBUG_OPERATION, net_debug_level, ("listening on socket")); if ( #if POSIX_SETJMP sigsetjmp(shutdown_jmp, 1) == 0 @@ -753,7 +753,7 @@ net_dispatch(kcontext) } else kret = EINTR; - DLOG(DEBUG_OPERATION, net_debug_level, "listen done"); + DPRINT(DEBUG_OPERATION, net_debug_level, ("listen done")); while (kret == 0) { /* @@ -767,13 +767,13 @@ net_dispatch(kcontext) #endif /* POSIX_SETJMP */ ) { readfds = mask; - DLOG(DEBUG_OPERATION, net_debug_level, "doing select"); + DPRINT(DEBUG_OPERATION, net_debug_level, ("doing select")); if ((nready = select(net_listen_socket+1, &readfds, (fd_set *) NULL, (fd_set *) NULL, (struct timeval *) NULL)) == 0) { - DLOG(DEBUG_OPERATION, net_debug_level, "nobody ready"); + DPRINT(DEBUG_OPERATION, net_debug_level, ("nobody ready")); continue; /* Nobody ready */ } @@ -788,8 +788,8 @@ net_dispatch(kcontext) int conn_sock; addrlen = sizeof(client_addr); - DLOG(DEBUG_OPERATION, net_debug_level, - "accept connection"); + DPRINT(DEBUG_OPERATION, net_debug_level, + ("accept connection")); while (((conn_sock = accept(net_listen_socket, (struct sockaddr *) &client_addr, &addrlen)) < 0) && @@ -799,8 +799,8 @@ net_dispatch(kcontext) kret = errno; break; } - DLOG(DEBUG_OPERATION, net_debug_level, - "accepted connection"); + DPRINT(DEBUG_OPERATION, net_debug_level, + ("accepted connection")); kret = net_dispatch_client(kcontext, net_listen_socket, conn_sock, @@ -809,7 +809,7 @@ net_dispatch(kcontext) com_err(net_dispatch_msg, kret, net_cl_disp_fmt); continue; } - DLOG(DEBUG_OPERATION, net_debug_level, "dispatch done"); + DPRINT(DEBUG_OPERATION, net_debug_level, ("dispatch done")); } else { com_err(net_dispatch_msg, 0, net_not_ready_fmt); @@ -817,8 +817,8 @@ net_dispatch(kcontext) } } else { - DLOG(DEBUG_OPERATION, net_debug_level, - "dispatch interrupted by SIGTERM"); + DPRINT(DEBUG_OPERATION, net_debug_level, + ("dispatch interrupted by SIGTERM")); kret = 0; break; } diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 0b3b8f270..7c499dbb7 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,4 +1,10 @@ +Thu Jun 8 14:52:40 EDT 1995 Paul Park (pjpark@mit.edu) + * Makefile.in - Add libkadm. + * dispatch.c, do_as_req.c, do_tgs_req.c, kdc_util.c, kerberos_v4.c + main.c - Include adm_proto.h and change syslog calls to + calls to krb5_klog_syslog. + Fri May 26 17:50:39 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Define KDBDEPLIB. diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in index 1545f31fa..82fd2f3d9 100644 --- a/src/kdc/Makefile.in +++ b/src/kdc/Makefile.in @@ -7,6 +7,8 @@ COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a DBMLIB= KDBLIB=$(TOPLIBD)/libkdb5.a KDBDEPLIB=$(TOPLIBD)/libkdb5.a +KADMLIB=$(TOPLIBD)/libkadm.a +KADMDEPLIB=$(TOPLIBD)/libkadm.a KLIB = $(TOPLIBD)/libkrb5.a $(KRB4_LIB) $(TOPLIBD)/libcrypto.a $(COMERRLIB) $(DBMLIB) DEPKLIB = $(TOPLIBD)/libkrb5.a $(TOPLIBD)/libcrypto.a $(COMERRLIB) $(DBMLIB) @@ -54,8 +56,8 @@ kdc5_err.h: kdc5_err.et kdc5_err.o: kdc5_err.h -krb5kdc: $(OBJS) $(KDBDEPLIB) $(DEPKLIB) - $(LD) $(CFLAGS) -o krb5kdc $(OBJS) $(KDBLIB) $(KLIB) $(LIBS) +krb5kdc: $(OBJS) $(KDBDEPLIB) $(DEPKLIB) $(KADMDEPLIB) + $(LD) $(CFLAGS) -o krb5kdc $(OBJS) $(KDBLIB) $(KADMLIB) $(KLIB) $(LIBS) install:: $(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index 22b6cd0c0..3b132ac16 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -27,6 +27,7 @@ #include #include "kdc_util.h" #include "extern.h" +#include "adm_proto.h" krb5_error_code dispatch(pkt, from, is_secondary, response) @@ -44,7 +45,7 @@ dispatch(pkt, from, is_secondary, response) /* try the replay lookaside buffer */ if (kdc_check_lookaside(pkt, response)) { /* a hit! */ - syslog(LOG_INFO, "DISPATCH: replay found and re-transmitted"); + krb5_klog_syslog(LOG_INFO, "DISPATCH: replay found and re-transmitted"); return 0; } /* try TGS_REQ first; they are more common! */ diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 42ceaa1bf..da76b41b3 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -39,6 +39,7 @@ #include "kdc_util.h" #include "policy.h" #include "extern.h" +#include "adm_proto.h" static krb5_error_code prepare_error_as PROTOTYPE((krb5_kdc_req *, int, @@ -71,7 +72,7 @@ check_padata (client, src_addr, padata, pa_id, flags) retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context,enckey,&tmpkey); if (retval) { - syslog( LOG_ERR, "AS_REQ: Unable to extract client key: %s", + krb5_klog_syslog( LOG_ERR, "AS_REQ: Unable to extract client key: %s", error_message(retval)); return retval; } @@ -86,7 +87,7 @@ check_padata (client, src_addr, padata, pa_id, flags) enckey = &(client->alt_key); /* Extract client key/alt_key from master key */ if (retval = KDB_CONVERT_KEY_OUTOF_DB(kdc_context,enckey,&tmpkey)) { - syslog( LOG_ERR, "AS_REQ: Unable to extract client alt_key: %s", + krb5_klog_syslog( LOG_ERR, "AS_REQ: Unable to extract client alt_key: %s", error_message(retval)); return retval; } @@ -140,14 +141,14 @@ krb5_data **response; /* filled in with a response packet */ return(prepare_error_as(request, KDC_ERR_C_PRINCIPAL_UNKNOWN, response)); if (retval = krb5_unparse_name(kdc_context, request->client, &cname)) { - syslog(LOG_INFO, "AS_REQ: %s while unparsing client name", + krb5_klog_syslog(LOG_INFO, "AS_REQ: %s while unparsing client name", error_message(retval)); return(prepare_error_as(request, KDC_ERR_C_PRINCIPAL_UNKNOWN, response)); } if (retval = krb5_unparse_name(kdc_context, request->server, &sname)) { free(cname); - syslog(LOG_INFO, "AS_REQ: %s while unparsing server name", + krb5_klog_syslog(LOG_INFO, "AS_REQ: %s while unparsing server name", error_message(retval)); return(prepare_error_as(request, KDC_ERR_S_PRINCIPAL_UNKNOWN, response)); @@ -215,7 +216,7 @@ krb5_data **response; /* filled in with a response packet */ } if (retval = krb5_timeofday(kdc_context, &kdc_time)) { - syslog(LOG_INFO, "AS_REQ: TIME_OF_DAY: host %s, %s for %s", + krb5_klog_syslog(LOG_INFO, "AS_REQ: TIME_OF_DAY: host %s, %s for %s", fromstring, cname, sname); goto errout; } @@ -223,7 +224,7 @@ krb5_data **response; /* filled in with a response packet */ status = "UNKNOWN REASON"; if (retval = validate_as_request(request, client, server, kdc_time, &status)) { - syslog(LOG_INFO, "AS_REQ: %s: host %s, %s for %s", status, + krb5_klog_syslog(LOG_INFO, "AS_REQ: %s: host %s, %s for %s", status, fromstring, cname, sname); retval = prepare_error_as(request, retval, response); goto errout; @@ -249,7 +250,7 @@ krb5_data **response; /* filled in with a response packet */ if (i == request->netypes) { /* unsupported etype */ - syslog(LOG_INFO, "AS_REQ: BAD ENCRYPTION TYPE: host %s, %s for %s", + krb5_klog_syslog(LOG_INFO, "AS_REQ: BAD ENCRYPTION TYPE: host %s, %s for %s", fromstring, cname, sname); retval = prepare_error_as(request, KDC_ERR_ETYPE_NOSUPP, response); goto errout; @@ -261,7 +262,7 @@ krb5_data **response; /* filled in with a response packet */ krb5_csarray[useetype]->random_sequence, &session_key)) { /* random key failed */ - syslog(LOG_INFO, "AS_REQ: RANDOM KEY FAILED: host %s, %s for %s", + krb5_klog_syslog(LOG_INFO, "AS_REQ: RANDOM KEY FAILED: host %s, %s for %s", fromstring, cname, sname); goto errout; } @@ -360,7 +361,7 @@ krb5_data **response; /* filled in with a response packet */ } krb5_db_put_principal(kdc_context, &client, &one); #endif - syslog(LOG_INFO, "AS_REQ: PREAUTH FAILED: host %s, %s for %s (%s)", + krb5_klog_syslog(LOG_INFO, "AS_REQ: PREAUTH FAILED: host %s, %s for %s (%s)", fromstring, cname, sname, error_message(retval)); #ifdef KRBCONF_VAGUE_ERRORS retval = prepare_error_as(request, KRB_ERR_GENERIC, response); @@ -395,7 +396,7 @@ krb5_data **response; /* filled in with a response packet */ if TKT_FLG_PRE_AUTH is set allow it. */ if (!pwreq || !(enc_tkt_reply.flags & TKT_FLG_PRE_AUTH)){ - syslog(LOG_INFO, "AS_REQ: Needed HW preauth: host %s, %s for %s", + krb5_klog_syslog(LOG_INFO, "AS_REQ: Needed HW preauth: host %s, %s for %s", fromstring, cname, sname); retval = prepare_error_as(request, KRB_ERR_GENERIC, response); goto errout; @@ -490,7 +491,7 @@ krb5_data **response; /* filled in with a response packet */ krb5_xfree(encrypting_key.contents); if (retval) { - syslog(LOG_INFO, "AS_REQ: ENCODE_KDC_REP: host %s, %s for %s (%s)", + krb5_klog_syslog(LOG_INFO, "AS_REQ: ENCODE_KDC_REP: host %s, %s for %s (%s)", fromstring, cname, sname, error_message(retval)); goto errout; } @@ -502,10 +503,10 @@ krb5_data **response; /* filled in with a response packet */ free(reply.enc_part.ciphertext.data); if (is_secondary) - syslog(LOG_INFO, "AS_REQ; ISSUE: authtime %d, host %s, %s for %s", + krb5_klog_syslog(LOG_INFO, "AS_REQ; ISSUE: authtime %d, host %s, %s for %s", authtime, fromstring, cname, sname); else - syslog(LOG_INFO, "AS_REQ: ISSUE: authtime %d, host %s, %s for %s", + krb5_klog_syslog(LOG_INFO, "AS_REQ: ISSUE: authtime %d, host %s, %s for %s", authtime, fromstring, cname, sname); errout: @@ -542,13 +543,13 @@ krb5_data **response; char *cname = 0, *sname = 0; if (retval = krb5_unparse_name(kdc_context, request->client, &cname)) - syslog(LOG_INFO, "AS_REQ: %s while unparsing client name for error", + krb5_klog_syslog(LOG_INFO, "AS_REQ: %s while unparsing client name for error", error_message(retval)); if (retval = krb5_unparse_name(kdc_context, request->server, &sname)) - syslog(LOG_INFO, "AS_REQ: %s while unparsing server name for error", + krb5_klog_syslog(LOG_INFO, "AS_REQ: %s while unparsing server name for error", error_message(retval)); - syslog(LOG_INFO, "AS_REQ: %s while processing request from %s for %s", + krb5_klog_syslog(LOG_INFO, "AS_REQ: %s while processing request from %s for %s", error_message(error+KRB5KDC_ERR_NONE), cname ? cname : "UNKNOWN CLIENT", sname ? sname : "UNKNOWN SERVER"); diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index a25062f15..9aeacd7ad 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -39,6 +39,7 @@ #include "kdc_util.h" #include "policy.h" #include "extern.h" +#include "adm_proto.h" static void find_alternate_tgs PROTOTYPE((krb5_kdc_req *, @@ -147,7 +148,7 @@ krb5_data **response; /* filled in with a response packet */ nprincs = 1; if (retval = krb5_db_get_principal(kdc_context, request->server, &server, &nprincs, &more)) { - syslog(LOG_INFO, + krb5_klog_syslog(LOG_INFO, "TGS_REQ: GET_PRINCIPAL: authtime %d, host %s, %s for %s (%s)", authtime, fromstring, cname, sname, error_message(retval)); nprincs = 0; @@ -521,7 +522,7 @@ tgt_again: request->second_ticket[st_idx]->enc_part2->client)) { if (retval = krb5_unparse_name(kdc_context, request->second_ticket[st_idx]->enc_part2->client, &tmp)) tmp = 0; - syslog(LOG_INFO, "TGS_REQ: 2ND_TKT_MISMATCH: authtime %d, host %s, %s for %s, 2nd tkt client %s", + krb5_klog_syslog(LOG_INFO, "TGS_REQ: 2ND_TKT_MISMATCH: authtime %d, host %s, %s for %s, 2nd tkt client %s", authtime, fromstring, cname, sname, tmp ? tmp : ""); goto cleanup; @@ -617,7 +618,7 @@ tgt_again: cleanup: if (status) - syslog(LOG_INFO, "TGS_REQ%c %s: authtime %d, host %s, %s for %s%s%s", + krb5_klog_syslog(LOG_INFO, "TGS_REQ%c %s: authtime %d, host %s, %s for %s%s%s", secondary_ch, status, authtime, fromstring, cname ? cname : "", sname ? sname : "", @@ -755,10 +756,10 @@ int *nprincs; krb5_free_principal(kdc_context, request->server); request->server = tmpprinc; if (krb5_unparse_name(kdc_context, request->server, &sname)) { - syslog(LOG_INFO, + krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing alternate TGT"); } else { - syslog(LOG_INFO, + krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing TGT %s", sname); free(sname); } diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index ef0b402d1..b147eb96d 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -29,6 +29,7 @@ #include "extern.h" #include #include +#include "adm_proto.h" /* * concatenate first two authdata arrays, returning an allocated replacement. @@ -194,7 +195,7 @@ kdc_process_tgs_req(request, from, pkt, ticket, subkey) if (isflagset(apreq->ap_options, AP_OPTS_USE_SESSION_KEY) || isflagset(apreq->ap_options, AP_OPTS_MUTUAL_REQUIRED)) { - syslog(LOG_INFO, "TGS_REQ: SESSION KEY or MUTUAL"); + krb5_klog_syslog(LOG_INFO, "TGS_REQ: SESSION KEY or MUTUAL"); retval = KRB5KDC_ERR_POLICY; goto cleanup; } @@ -263,7 +264,7 @@ kdc_process_tgs_req(request, from, pkt, ticket, subkey) if (tkt_realm->length == tgs_realm->length && !memcmp(tkt_realm->data, tgs_realm->data, tgs_realm->length)) { /* someone in a foreign realm claiming to be local */ - syslog(LOG_INFO, "PROCESS_TGS: failed lineage check"); + krb5_klog_syslog(LOG_INFO, "PROCESS_TGS: failed lineage check"); retval = KRB5KDC_ERR_POLICY; goto cleanup_authenticator; } @@ -326,7 +327,7 @@ krb5_kvno *kvno; krb5_db_free_principal(kdc_context, &server, nprincs); if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) { - syslog(LOG_ERR, "TGS_REQ: UNKNOWN SERVER: server='%s'", + krb5_klog_syslog(LOG_ERR, "TGS_REQ: UNKNOWN SERVER: server='%s'", sname); free(sname); } diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index 3844fd582..98562b3be 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -26,6 +26,7 @@ #ifdef KRB4 #include "k5-int.h" +#include "adm_proto.h" #ifdef HAVE_STDARG_H #include @@ -483,7 +484,7 @@ char * v4_klog( type, format, va_alist) case L_APPL_REQ: strcpy(log_text, "PROCESS_V4:"); vsprintf(log_text+strlen(log_text), format, pvar); - syslog(logpri, log_text); + krb5_klog_syslog(logpri, log_text); /* ignore the other types... */ } va_end(pvar); diff --git a/src/kdc/main.c b/src/kdc/main.c index 18106f305..848ccada4 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -29,70 +29,14 @@ #include #include "com_err.h" -/* for STDC, com_err gets varargs/stdarg */ -#ifndef __STDC__ -#include -#endif - #include "k5-int.h" #include "kdc_util.h" #include "extern.h" #include "kdc5_err.h" +#include "adm_proto.h" static int nofork = 0; -static void -kdc_com_err_proc(whoami, code, format, pvar) - const char *whoami; - long code; - const char *format; - va_list pvar; -{ - /* XXX need some way to do this better... */ -#ifndef __STDC__ - extern int vfprintf(); -#endif - - char syslogbuf[10240], tmpbuf[10240]; - - memset(syslogbuf, 0, sizeof(syslogbuf)); - memset(tmpbuf, 0, sizeof(tmpbuf)); - - if (whoami) { - fputs(whoami, stderr); - fputs(": ", stderr); - } - - if (code) { - sprintf(tmpbuf, error_message(code)); - strcat(syslogbuf, tmpbuf); - strcat(syslogbuf, " "); - } - - if (format) { - vsprintf(tmpbuf, format, pvar); - strcat(syslogbuf, tmpbuf); - } - - fprintf(stderr, syslogbuf); - putc('\n', stderr); - putc('\r', stderr); /* should do this only on a tty in raw mode */ - fflush(stderr); - - syslog(LOG_ERR, "%s", syslogbuf); - - return; -} - -void -setup_com_err() -{ - krb5_init_ets(kdc_context); - initialize_kdc5_error_table(); - (void) set_com_err_hook(kdc_com_err_proc); - return; -} - krb5_sigtype request_exit() { @@ -436,10 +380,8 @@ char *argv[]; argv[0] = strrchr(argv[0], '/')+1; krb5_init_context(&kdc_context); - - setup_com_err(); - - openlog(argv[0], LOG_CONS|LOG_NDELAY|LOG_PID, LOG_LOCAL6); /* XXX */ + krb5_init_ets(kdc_context); + krb5_klog_init(kdc_context, "kdc", argv[0], 1); process_args(argc, argv); /* includes reading master key */ @@ -460,7 +402,7 @@ char *argv[]; finish_args(argv[0]); return 1; } - syslog(LOG_INFO, "commencing operation"); + krb5_klog_syslog(LOG_INFO, "commencing operation"); if (retval = listen_and_process(argv[0])){ com_err(argv[0], retval, "while processing network requests"); errout++; @@ -473,7 +415,8 @@ char *argv[]; com_err(argv[0], retval, "while closing database"); errout++; } - syslog(LOG_INFO, "shutting down"); + krb5_klog_syslog(LOG_INFO, "shutting down"); + krb5_klog_close(kdc_context); finish_args(argv[0]); return errout; } -- 2.26.2