From 94981dcd82488b81113a7c64707f541312a11084 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 11 Mar 2009 22:14:24 +0000 Subject: [PATCH] Report verbose error messages from KDC We were losing verbose error messages when logging from the KDC because the context passed to krb5_klog_init did not match the realm-specific context used for most library function calls. Introduce a wrapper function kdc_err which copies the error state from the call context to the log context. The wrapper function also knows the program name, which removes the need to pass argv[0] around everywhere or make up program names. ticket: 6408 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22079 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/do_tgs_req.c | 3 +- src/kdc/kdc_preauth.c | 47 +++++++++--------- src/kdc/kdc_util.h | 7 +-- src/kdc/main.c | 103 ++++++++++++++++++++++++--------------- src/kdc/network.c | 110 ++++++++++++++++++------------------------ 5 files changed, 142 insertions(+), 128 deletions(-) diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 4cc8ec4ea..33ba0cd24 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -55,7 +55,6 @@ */ #include "k5-int.h" -#include "com_err.h" #include #ifdef HAVE_NETINET_IN_H @@ -1120,7 +1119,7 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ) free(temp_buf); if (retval) { /* no match found */ - com_err("krb5_get_domain_realm_mapping", retval, 0); + kdc_err(kdc_context, retval, 0); goto cleanup; } if (realms == 0) { diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 7aacca402..a80110abd 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -1861,7 +1861,7 @@ return_sam_data(krb5_context context, krb5_pa_data *in_padata, scratch.length = in_padata->length; if ((retval = decode_krb5_sam_response(&scratch, &sr))) { - com_err("krb5kdc", retval, + kdc_err(context, retval, "return_sam_data(): decode_krb5_sam_response failed"); goto cleanup; } @@ -1880,7 +1880,7 @@ return_sam_data(krb5_context context, krb5_pa_data *in_padata, if ((retval = krb5_c_decrypt(context, &psr_key, /* XXX */ 0, 0, &tmpdata, &scratch))) { - com_err("krb5kdc", retval, + kdc_err(context, retval, "return_sam_data(): decrypt track_id failed"); free(scratch.data); goto cleanup; @@ -1888,7 +1888,7 @@ return_sam_data(krb5_context context, krb5_pa_data *in_padata, } if ((retval = decode_krb5_predicted_sam_response(&scratch, &psr))) { - com_err("krb5kdc", retval, + kdc_err(context, retval, "return_sam_data(): decode_krb5_predicted_sam_response failed"); free(scratch.data); goto cleanup; @@ -1896,7 +1896,7 @@ return_sam_data(krb5_context context, krb5_pa_data *in_padata, /* We could use sr->sam_flags, but it may be absent or altered. */ if (psr->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) { - com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED, + kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED, "Unsupported SAM flag must-pk-encrypt-sad"); goto cleanup; } @@ -1949,7 +1949,7 @@ return_sam_data(krb5_context context, krb5_pa_data *in_padata, break; default: - com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED, + kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED, "Unimplemented keytype for SAM key mixing"); goto cleanup; } @@ -2017,7 +2017,7 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request, retval = krb5_copy_principal(kdc_context, request->client, &newp); if (retval) { - com_err("krb5kdc", retval, "copying client name for preauth probe"); + kdc_err(kdc_context, retval, "copying client name for preauth probe"); return retval; } @@ -2075,7 +2075,7 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request, if (retval) { char *sname; krb5_unparse_name(kdc_context, request->client, &sname); - com_err("krb5kdc", retval, + kdc_err(kdc_context, retval, "snk4 finding the enctype and key <%s>", sname); free(sname); return retval; @@ -2086,7 +2086,7 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request, assoc_key, &encrypting_key, NULL); if (retval) { - com_err("krb5kdc", retval, + kdc_err(kdc_context, retval, "snk4 pulling out key entry"); return retval; } @@ -2213,13 +2213,14 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request, if (retval) { /* random key failed */ - com_err("krb5kdc", retval,"generating random challenge for preauth"); + kdc_err(kdc_context, retval, + "generating random challenge for preauth"); return retval; } /* now session_key has a key which we can pick bits out of */ /* we need six decimal digits. Grab 6 bytes, div 2, mod 10 each. */ if (session_key.length != 8) { - com_err("krb5kdc", retval = KRB5KDC_ERR_ETYPE_NOSUPP, + kdc_err(kdc_context, retval = KRB5KDC_ERR_ETYPE_NOSUPP, "keytype didn't match code expectations"); return retval; } @@ -2236,9 +2237,8 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request, encrypting_key.enctype = ENCTYPE_DES_CBC_RAW; - if (retval) { - com_err("krb5kdc", retval, "snk4 processing key"); - } + if (retval) + kdc_err(kdc_context, retval, "snk4 processing key"); { krb5_data plain; @@ -2255,7 +2255,8 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request, if ((retval = krb5_c_encrypt(kdc_context, &encrypting_key, /* XXX */ 0, 0, &plain, &cipher))) { - com_err("krb5kdc", retval, "snk4 response generation failed"); + kdc_err(kdc_context, retval, + "snk4 response generation failed"); return retval; } } @@ -2389,7 +2390,7 @@ verify_sam_response(krb5_context context, krb5_db_entry *client, if ((retval = decode_krb5_sam_response(&scratch, &sr))) { scratch.data = 0; - com_err("krb5kdc", retval, "decode_krb5_sam_response failed"); + kdc_err(context, retval, "decode_krb5_sam_response failed"); goto cleanup; } @@ -2409,13 +2410,13 @@ verify_sam_response(krb5_context context, krb5_db_entry *client, if ((retval = krb5_c_decrypt(context, &psr_key, /* XXX */ 0, 0, &tmpdata, &scratch))) { - com_err("krb5kdc", retval, "decrypt track_id failed"); + kdc_err(context, retval, "decrypt track_id failed"); goto cleanup; } } if ((retval = decode_krb5_predicted_sam_response(&scratch, &psr))) { - com_err("krb5kdc", retval, + kdc_err(context, retval, "decode_krb5_predicted_sam_response failed -- replay attack?"); goto cleanup; } @@ -2426,7 +2427,7 @@ verify_sam_response(krb5_context context, krb5_db_entry *client, if ((retval = krb5_unparse_name(context, psr->client, &princ_psr))) goto cleanup; if (strcmp(princ_req, princ_psr) != 0) { - com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED, + kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED, "Principal mismatch in SAM psr! -- replay attack?"); goto cleanup; } @@ -2444,7 +2445,7 @@ verify_sam_response(krb5_context context, krb5_db_entry *client, * psr's would be able to be replayed. */ if (timenow - psr->stime > rc_lifetime) { - com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED, + kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED, "SAM psr came back too late! -- replay attack?"); goto cleanup; } @@ -2457,7 +2458,7 @@ verify_sam_response(krb5_context context, krb5_db_entry *client, rep.cusec = psr->susec; retval = krb5_rc_store(kdc_context, kdc_rcache, &rep); if (retval) { - com_err("krb5kdc", retval, "SAM psr replay attack!"); + kdc_err(kdc_context, retval, "SAM psr replay attack!"); goto cleanup; } } @@ -2474,13 +2475,13 @@ verify_sam_response(krb5_context context, krb5_db_entry *client, if ((retval = krb5_c_decrypt(context, &psr->sam_key, /* XXX */ 0, 0, &sr->sam_enc_nonce_or_ts, &scratch))) { - com_err("krb5kdc", retval, "decrypt nonce_or_ts failed"); + kdc_err(context, retval, "decrypt nonce_or_ts failed"); goto cleanup; } } if ((retval = decode_krb5_enc_sam_response_enc(&scratch, &esre))) { - com_err("krb5kdc", retval, "decode_krb5_enc_sam_response_enc failed"); + kdc_err(context, retval, "decode_krb5_enc_sam_response_enc failed"); goto cleanup; } @@ -2498,7 +2499,7 @@ verify_sam_response(krb5_context context, krb5_db_entry *client, cleanup: if (retval) - com_err("krb5kdc", retval, "sam verify failure"); + kdc_err(context, retval, "sam verify failure"); if (scratch.data) free(scratch.data); if (sr) free(sr); if (psr) free(psr); diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index b70f98a6e..e7bbf8113 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -134,11 +134,12 @@ krb5_error_code dispatch (krb5_data *, krb5_error_code kdc_initialize_rcache (krb5_context, char *); krb5_error_code setup_server_realm (krb5_principal); +void kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...); /* network.c */ -krb5_error_code listen_and_process (const char *); -krb5_error_code setup_network (const char *); -krb5_error_code closedown_network (const char *); +krb5_error_code listen_and_process (void); +krb5_error_code setup_network (void); +krb5_error_code closedown_network (void); /* policy.c */ int against_local_policy_as (krb5_kdc_req *, krb5_db_entry, diff --git a/src/kdc/main.c b/src/kdc/main.c index cc2ba8667..631fe3c07 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -86,7 +86,7 @@ krb5_error_code setup_sam (void); void initialize_realms (krb5_context, int, char **); -void finish_realms (char *); +void finish_realms (void); static int nofork = 0; static int rkey_init_done = 0; @@ -97,6 +97,31 @@ static struct sigaction s_action; #define KRB5_KDC_MAX_REALMS 32 +static krb5_context kdc_err_context; +static const char *kdc_progname; + +/* + * We use krb5_klog_init to set up a com_err callback to log error + * messages. The callback also pulls the error message out of the + * context we pass to krb5_klog_init; however, we use realm-specific + * contexts for most of our krb5 library calls, so the error message + * isn't present in the global context. This wrapper ensures that the + * error message state from the call context is copied into the + * context known by krb5_klog. call_context can be NULL if the error + * code did not come from a krb5 library function. + */ +void +kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...) +{ + va_list ap; + + if (call_context) + krb5_copy_error_message(kdc_err_context, call_context); + va_start(ap, fmt); + com_err_va(kdc_progname, code, fmt, ap); + va_end(ap); +} + /* * Find the realm entry for a given realm. */ @@ -237,10 +262,10 @@ handle_referral_params(krb5_realm_params *rparams, * realm data and we should be all set to begin operation for that realm. */ static krb5_error_code -init_realm(char *progname, kdc_realm_t *rdp, char *realm, - char *def_mpname, krb5_enctype def_enctype, char *def_udp_ports, - char *def_tcp_ports, krb5_boolean def_manual, char **db_args, - char *no_refrls, char *host_based_srvcs) +init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname, + krb5_enctype def_enctype, char *def_udp_ports, char *def_tcp_ports, + krb5_boolean def_manual, char **db_args, char *no_refrls, + char *host_based_srvcs) { krb5_error_code kret; krb5_boolean manual; @@ -257,15 +282,14 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, rdp->realm_name = realm; kret = krb5int_init_context_kdc(&rdp->realm_context); if (kret) { - com_err(progname, kret, "while getting context for realm %s", - realm); + kdc_err(NULL, kret, "while getting context for realm %s", realm); goto whoops; } kret = krb5_read_realm_params(rdp->realm_context, rdp->realm_name, &rparams); if (kret) { - com_err(progname, kret, "while reading realm parameters"); + kdc_err(rdp->realm_context, kret, "while reading realm parameters"); goto whoops; } @@ -351,7 +375,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, /* Set the default realm of this context */ if ((kret = krb5_set_default_realm(rdp->realm_context, realm))) { - com_err(progname, kret, "while setting default realm to %s", + kdc_err(rdp->realm_context, kret, "while setting default realm to %s", realm); goto whoops; } @@ -363,7 +387,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, kdb_open_flags = KRB5_KDB_OPEN_RO | KRB5_KDB_SRV_TYPE_KDC; #endif if ((kret = krb5_db_open(rdp->realm_context, db_args, kdb_open_flags))) { - com_err(progname, kret, + kdc_err(rdp->realm_context, kret, "while initializing database for realm %s", realm); goto whoops; } @@ -372,7 +396,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, if ((kret = krb5_db_setup_mkey_name(rdp->realm_context, rdp->realm_mpname, rdp->realm_name, (char **) NULL, &rdp->realm_mprinc))) { - com_err(progname, kret, + kdc_err(rdp->realm_context, kret, "while setting up master key name %s for realm %s", rdp->realm_mpname, realm); goto whoops; @@ -385,7 +409,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, rdp->realm_mkey.enctype, manual, FALSE, rdp->realm_stash, &mkvno, NULL, &rdp->realm_mkey))) { - com_err(progname, kret, + kdc_err(rdp->realm_context, kret, "while fetching master key %s for realm %s", rdp->realm_mpname, realm); goto whoops; @@ -403,7 +427,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, rdp->realm_mprinc, IGNORE_VNO, &rdp->realm_mkey))) { - com_err(progname, kret, + kdc_err(rdp->realm_context, kret, "while verifying master key for realm %s", realm); goto whoops; } @@ -411,13 +435,13 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, if ((kret = krb5_db_fetch_mkey_list(rdp->realm_context, rdp->realm_mprinc, &rdp->realm_mkey, mkvno, &rdp->mkey_list))) { - com_err(progname, kret, + kdc_err(rdp->realm_context, kret, "while fetching master keys list for realm %s", realm); goto whoops; } if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) { - com_err(progname, kret, + kdc_err(rdp->realm_context, kret, "while setting master key for realm %s", realm); goto whoops; } @@ -425,7 +449,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, /* Set up the keytab */ if ((kret = krb5_ktkdb_resolve(rdp->realm_context, NULL, &rdp->realm_keytab))) { - com_err(progname, kret, + kdc_err(rdp->realm_context, kret, "while resolving kdb keytab for realm %s", realm); goto whoops; } @@ -434,7 +458,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, if ((kret = krb5_build_principal(rdp->realm_context, &rdp->realm_tgsprinc, strlen(realm), realm, KRB5_TGS_NAME, realm, (char *) NULL))) { - com_err(progname, kret, + kdc_err(rdp->realm_context, kret, "while building TGS name for realm %s", realm); goto whoops; } @@ -619,9 +643,8 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) case 'r': /* realm name for db */ if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) { if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { - if ((retval = init_realm(argv[0], rdatap, optarg, - mkey_name, menctype, - default_udp_ports, + if ((retval = init_realm(rdatap, optarg, mkey_name, + menctype, default_udp_ports, default_tcp_ports, manual, db_args, no_refrls, host_based_srvcs))) { fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n", @@ -722,10 +745,10 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) exit(1); } if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { - if ((retval = init_realm(argv[0], rdatap, lrealm, - mkey_name, menctype, default_udp_ports, - default_tcp_ports, manual, db_args, - no_refrls, host_based_srvcs))) { + if ((retval = init_realm(rdatap, lrealm, mkey_name, menctype, + default_udp_ports, default_tcp_ports, + manual, db_args, no_refrls, + host_based_srvcs))) { fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n", argv[0], lrealm); exit(1); @@ -765,7 +788,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) } void -finish_realms(char *prog) +finish_realms() { int i; @@ -830,8 +853,12 @@ int main(int argc, char **argv) exit(1); } krb5_klog_init(kcontext, "kdc", argv[0], 1); + kdc_err_context = kcontext; + kdc_progname = argv[0]; /* N.B.: After this point, com_err sends output to the KDC log - file, and not to stderr. */ + file, and not to stderr. We use the kdc_err wrapper around + com_err to ensure that the error state exists in the context + known to the krb5_klog callback. */ initialize_kdc5_error_table(); @@ -847,35 +874,35 @@ int main(int argc, char **argv) retval = setup_sam(); if (retval) { - com_err(argv[0], retval, "while initializing SAM"); - finish_realms(argv[0]); + kdc_err(kcontext, retval, "while initializing SAM"); + finish_realms(); return 1; } - if ((retval = setup_network(argv[0]))) { - com_err(argv[0], retval, "while initializing network"); - finish_realms(argv[0]); + if ((retval = setup_network())) { + kdc_err(kcontext, retval, "while initializing network"); + finish_realms(); return 1; } if (!nofork && daemon(0, 0)) { - com_err(argv[0], errno, "while detaching from tty"); - finish_realms(argv[0]); + kdc_err(kcontext, errno, "while detaching from tty"); + finish_realms(); return 1; } krb5_klog_syslog(LOG_INFO, "commencing operation"); - if ((retval = listen_and_process(argv[0]))) { - com_err(argv[0], retval, "while processing network requests"); + if ((retval = listen_and_process())) { + kdc_err(kcontext, retval, "while processing network requests"); errout++; } - if ((retval = closedown_network(argv[0]))) { - com_err(argv[0], retval, "while shutting down network"); + if ((retval = closedown_network())) { + kdc_err(kcontext, retval, "while shutting down network"); errout++; } krb5_klog_syslog(LOG_INFO, "shutting down"); unload_preauth_plugins(kcontext); unload_authdata_plugins(kcontext); krb5_klog_close(kdc_context); - finish_realms(argv[0]); + finish_realms(); if (kdc_realmlist) free(kdc_realmlist); #ifdef USE_RCACHE diff --git a/src/kdc/network.c b/src/kdc/network.c index e3d8a4cad..4fdfcf1c6 100644 --- a/src/kdc/network.c +++ b/src/kdc/network.c @@ -27,7 +27,6 @@ */ #include "k5-int.h" -#include "com_err.h" #include "kdc_util.h" #include "extern.h" #include "kdc5_err.h" @@ -184,7 +183,7 @@ enum conn_type { struct connection { int fd; enum conn_type type; - void (*service)(struct connection *, const char *, int); + void (*service)(struct connection *, int); union { /* Type-specific information. */ struct { @@ -300,7 +299,6 @@ static krb5_error_code add_tcp_port(int port) #include "foreachaddr.h" struct socksetup { - const char *prog; krb5_error_code retval; int udp_flags; #define UDP_DO_IPV4 1 @@ -309,7 +307,7 @@ struct socksetup { static struct connection * add_fd (struct socksetup *data, int sock, enum conn_type conntype, - void (*service)(struct connection *, const char *, int)) + void (*service)(struct connection *, int)) { struct connection *newconn; void *tmp; @@ -317,21 +315,19 @@ add_fd (struct socksetup *data, int sock, enum conn_type conntype, #ifndef _WIN32 if (sock >= FD_SETSIZE) { data->retval = EMFILE; /* XXX */ - com_err(data->prog, 0, - "file descriptor number %d too high", sock); + kdc_err(NULL, 0, "file descriptor number %d too high", sock); return 0; } #endif newconn = malloc(sizeof(*newconn)); if (newconn == 0) { data->retval = ENOMEM; - com_err(data->prog, ENOMEM, - "cannot allocate storage for connection info"); + kdc_err(NULL, ENOMEM, "cannot allocate storage for connection info"); return 0; } if (!ADD(connections, newconn, tmp)) { data->retval = ENOMEM; - com_err(data->prog, ENOMEM, "cannot save socket info"); + kdc_err(NULL, ENOMEM, "cannot save socket info"); free(newconn); return 0; } @@ -343,9 +339,9 @@ add_fd (struct socksetup *data, int sock, enum conn_type conntype, return newconn; } -static void process_packet(struct connection *, const char *, int); -static void accept_tcp_connection(struct connection *, const char *, int); -static void process_tcp_connection(struct connection *, const char *, int); +static void process_packet(struct connection *, int); +static void accept_tcp_connection(struct connection *, int); +static void process_tcp_connection(struct connection *, int); static struct connection * add_udp_fd (struct socksetup *data, int sock, int pktinfo) @@ -409,7 +405,7 @@ setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr) sock = socket(addr->sa_family, SOCK_STREAM, 0); if (sock == -1) { - com_err(data->prog, errno, "Cannot create TCP server socket on %s", + kdc_err(NULL, errno, "Cannot create TCP server socket on %s", paddr(addr)); return -1; } @@ -417,49 +413,46 @@ setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr) #ifndef _WIN32 if (sock >= FD_SETSIZE) { close(sock); - com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high", + kdc_err(NULL, 0, "TCP socket fd number %d (for %s) too high", sock, paddr(addr)); return -1; } #endif if (setreuseaddr(sock, 1) < 0) - com_err(data->prog, errno, - "Cannot enable SO_REUSEADDR on fd %d", sock); + kdc_err(NULL, errno, "Cannot enable SO_REUSEADDR on fd %d", sock); #ifdef KRB5_USE_INET6 if (addr->sa_family == AF_INET6) { #ifdef IPV6_V6ONLY if (setv6only(sock, 1)) - com_err(data->prog, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed", - sock); + kdc_err(NULL, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed", sock); else - com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", - sock); + kdc_err(NULL, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", sock); #else krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support"); #endif /* IPV6_V6ONLY */ } #endif /* KRB5_USE_INET6 */ if (bind(sock, addr, socklen(addr)) == -1) { - com_err(data->prog, errno, - "Cannot bind TCP server socket on %s", paddr(addr)); + kdc_err(NULL, errno, "Cannot bind TCP server socket on %s", + paddr(addr)); close(sock); return -1; } if (listen(sock, 5) < 0) { - com_err(data->prog, errno, "Cannot listen on TCP server socket on %s", + kdc_err(NULL, errno, "Cannot listen on TCP server socket on %s", paddr(addr)); close(sock); return -1; } if (setnbio(sock)) { - com_err(data->prog, errno, + kdc_err(NULL, errno, "cannot set listening tcp socket on %s non-blocking", paddr(addr)); close(sock); return -1; } if (setnolinger(sock)) { - com_err(data->prog, errno, "disabling SO_LINGER on TCP socket on %s", + kdc_err(NULL, errno, "disabling SO_LINGER on TCP socket on %s", paddr(addr)); close(sock); return -1; @@ -617,7 +610,7 @@ setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, sock = socket (addr->sa_family, SOCK_DGRAM, 0); if (sock == -1) { data->retval = errno; - com_err(data->prog, data->retval, + kdc_err(NULL, data->retval, "Cannot create server socket for port %d address %s", port, haddrbuf); return 1; @@ -627,11 +620,10 @@ setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, if (addr->sa_family == AF_INET6) { #ifdef IPV6_V6ONLY if (setv6only(sock, 1)) - com_err(data->prog, errno, - "setsockopt(%d,IPV6_V6ONLY,1) failed", sock); - else - com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", + kdc_err(NULL, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed", sock); + else + kdc_err(NULL, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", sock); #else krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support"); #endif /* IPV6_V6ONLY */ @@ -640,7 +632,7 @@ setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, set_sa_port(addr, htons(port)); if (bind (sock, (struct sockaddr *)addr, socklen (addr)) == -1) { data->retval = errno; - com_err(data->prog, data->retval, + kdc_err(NULL, data->retval, "Cannot bind server socket to port %d address %s", port, haddrbuf); close(sock); @@ -652,7 +644,7 @@ setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, if (pktinfo) { r = set_pktinfo(sock, addr->sa_family); if (r) { - com_err(data->prog, r, + kdc_err(NULL, r, "Cannot request packet info for udp socket address %s port %d", haddrbuf, port); close(sock); @@ -803,8 +795,7 @@ static char *rtm_type_name(int type) } } -static void process_routing_update(struct connection *conn, const char *prog, - int selflags) +static void process_routing_update(struct connection *conn, int selflags) { int n_read; struct rt_msghdr rtm; @@ -902,7 +893,7 @@ extern int krb5int_debug_sendto_kdc; extern void (*krb5int_sendtokdc_debug_handler)(const void*, size_t); krb5_error_code -setup_network(const char *prog) +setup_network() { struct socksetup setup_data; krb5_error_code retval; @@ -948,7 +939,6 @@ setup_network(const char *prog) } } - setup_data.prog = prog; setup_data.retval = 0; krb5_klog_syslog (LOG_INFO, "setting up network..."); #ifdef HAVE_STRUCT_RT_MSGHDR @@ -968,7 +958,7 @@ setup_network(const char *prog) setup_tcp_listener_ports(&setup_data); krb5_klog_syslog (LOG_INFO, "set up %d sockets", n_sockets); if (n_sockets == 0) { - com_err(prog, 0, "no sockets set up?"); + kdc_err(NULL, 0, "no sockets set up?"); exit (1); } @@ -1198,8 +1188,7 @@ make_too_big_error (krb5_data **out) return 0; } -static void process_packet(struct connection *conn, const char *prog, - int selflags) +static void process_packet(struct connection *conn, int selflags) { int cc; socklen_t saddr_len, daddr_len; @@ -1225,7 +1214,7 @@ static void process_packet(struct connection *conn, const char *prog, before getting the response packet. */ && errno != ECONNREFUSED ) - com_err(prog, errno, "while receiving from network"); + kdc_err(NULL, errno, "while receiving from network"); return; } if (!cc) @@ -1237,7 +1226,7 @@ static void process_packet(struct connection *conn, const char *prog, if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf), 0, 0, NI_NUMERICHOST)) strlcpy(addrbuf, "?", sizeof(addrbuf)); - com_err(prog, 0, "pktinfo says local addr is %s", addrbuf); + kdc_err(NULL, 0, "pktinfo says local addr is %s", addrbuf); } #endif @@ -1247,7 +1236,7 @@ static void process_packet(struct connection *conn, const char *prog, init_addr(&faddr, ss2sa(&saddr)); /* this address is in net order */ if ((retval = dispatch(&request, &faddr, &response))) { - com_err(prog, retval, "while dispatching (udp)"); + kdc_err(NULL, retval, "while dispatching (udp)"); return; } if (response == NULL) @@ -1272,12 +1261,12 @@ static void process_packet(struct connection *conn, const char *prog, addr.contents, addrbuf, sizeof(addrbuf)) == 0) { strlcpy(addrbuf, "?", sizeof(addrbuf)); } - com_err(prog, errno, "while sending reply to %s/%d", + kdc_err(NULL, errno, "while sending reply to %s/%d", addrbuf, faddr.port); return; } if (cc != response->length) { - com_err(prog, 0, "short reply write %d vs %d\n", + kdc_err(NULL, 0, "short reply write %d vs %d\n", response->length, cc); } krb5_free_data(kdc_context, response); @@ -1289,8 +1278,7 @@ static int max_tcp_data_connections = 30; static void kill_tcp_connection(struct connection *); -static void accept_tcp_connection(struct connection *conn, const char *prog, - int selflags) +static void accept_tcp_connection(struct connection *conn, int selflags) { int s; struct sockaddr_storage addr_s; @@ -1312,7 +1300,6 @@ static void accept_tcp_connection(struct connection *conn, const char *prog, #endif setnbio(s), setnolinger(s), setkeepalive(s); - sockdata.prog = prog; sockdata.retval = 0; newconn = add_tcp_data_fd(&sockdata, s); @@ -1372,7 +1359,7 @@ static void accept_tcp_connection(struct connection *conn, const char *prog, } } if (newconn->u.tcp.buffer == 0) { - com_err(prog, errno, "allocating buffer for new TCP session from %s", + kdc_err(NULL, errno, "allocating buffer for new TCP session from %s", newconn->u.tcp.addrbuf); delete_fd(newconn); close(s); @@ -1456,7 +1443,7 @@ queue_tcp_outgoing_response(struct connection *conn) } static void -process_tcp_connection(struct connection *conn, const char *prog, int selflags) +process_tcp_connection(struct connection *conn, int selflags) { if (selflags & SSF_WRITE) { ssize_t nwrote; @@ -1556,7 +1543,7 @@ process_tcp_connection(struct connection *conn, const char *prog, int selflags) err = dispatch(&request, &conn->u.tcp.faddr, &conn->u.tcp.response); if (err) { - com_err(prog, err, "while dispatching (tcp)"); + kdc_err(NULL, err, "while dispatching (tcp)"); goto kill_tcp_connection; } have_response: @@ -1572,10 +1559,9 @@ kill_tcp_connection: kill_tcp_connection(conn); } -static void service_conn(struct connection *conn, const char *prog, - int selflags) +static void service_conn(struct connection *conn, int selflags) { - conn->service(conn, prog, selflags); + conn->service(conn, selflags); } /* from sendto_kdc.c */ @@ -1593,7 +1579,7 @@ static int getcurtime(struct timeval *tvp) } krb5_error_code -listen_and_process(const char *prog) +listen_and_process() { int nfound; /* This struct contains 3 fd_set objects; on some platforms, they @@ -1627,7 +1613,7 @@ listen_and_process(const char *prog) big deal. */ err = getcurtime(&sstate.end_time); if (err) { - com_err(prog, err, "while getting the time"); + kdc_err(NULL, err, "while getting the time"); continue; } sstate.end_time.tv_sec += 3; @@ -1638,22 +1624,22 @@ listen_and_process(const char *prog) err = krb5int_cm_call_select(&sstate, &sout, &sret); if (err) { if (err != EINTR) - com_err(prog, err, "while selecting for network input(1)"); + kdc_err(NULL, err, "while selecting for network input(1)"); continue; } if (sret == 0 && netchanged) { network_reconfiguration_needed = 0; - closedown_network(prog); - err = setup_network(prog); + closedown_network(); + err = setup_network(); if (err) { - com_err(prog, err, "while reinitializing network"); + kdc_err(NULL, err, "while reinitializing network"); return err; } netchanged = 0; } if (sret == -1) { if (errno != EINTR) - com_err(prog, errno, "while selecting for network input(2)"); + kdc_err(NULL, errno, "while selecting for network input(2)"); continue; } nfound = sret; @@ -1666,7 +1652,7 @@ listen_and_process(const char *prog) if (FD_ISSET(conns[i]->fd, &sout.wfds)) sflags |= SSF_WRITE, nfound--; if (sflags) - service_conn(conns[i], prog, sflags); + service_conn(conns[i], sflags); } } krb5_klog_syslog(LOG_INFO, "shutdown signal received"); @@ -1674,7 +1660,7 @@ listen_and_process(const char *prog) } krb5_error_code -closedown_network(const char *prog) +closedown_network() { int i; struct connection *conn; -- 2.26.2