svn rev #22079: trunk/src/kdc/

ghudson@MIT.EDU ghudson at MIT.EDU
Wed Mar 11 18:14:25 EDT 2009


http://src.mit.edu/fisheye/changelog/krb5/?cs=22079
Commit By: ghudson
Log Message:
ticket: 6408
subject: Report verbose error messages from KDC
target_version: 1.7
tags: pullup

We were losing verbose error messages when logging from the KDC because
the context passed to krb5_klog_init did not match the realm-specific
context used for most library function calls.  Introduce a wrapper
function kdc_err which copies the error state from the call context
to the log context.  The wrapper function also knows the program name,
which removes the need to pass argv[0] around everywhere or make up
program names.



Changed Files:
U   trunk/src/kdc/do_tgs_req.c
U   trunk/src/kdc/kdc_preauth.c
U   trunk/src/kdc/kdc_util.h
U   trunk/src/kdc/main.c
U   trunk/src/kdc/network.c
Modified: trunk/src/kdc/do_tgs_req.c
===================================================================
--- trunk/src/kdc/do_tgs_req.c	2009-03-11 22:11:06 UTC (rev 22078)
+++ trunk/src/kdc/do_tgs_req.c	2009-03-11 22:14:24 UTC (rev 22079)
@@ -55,7 +55,6 @@
  */
 
 #include "k5-int.h"
-#include "com_err.h"
 
 #include <syslog.h>
 #ifdef HAVE_NETINET_IN_H
@@ -1120,7 +1119,7 @@
             free(temp_buf);
             if (retval) {
                 /* no match found */
-                com_err("krb5_get_domain_realm_mapping", retval, 0);
+                kdc_err(kdc_context, retval, 0);
                 goto cleanup;
             }
             if (realms == 0) {

Modified: trunk/src/kdc/kdc_preauth.c
===================================================================
--- trunk/src/kdc/kdc_preauth.c	2009-03-11 22:11:06 UTC (rev 22078)
+++ trunk/src/kdc/kdc_preauth.c	2009-03-11 22:14:24 UTC (rev 22079)
@@ -1861,7 +1861,7 @@
     scratch.length = in_padata->length;
     
     if ((retval = decode_krb5_sam_response(&scratch, &sr))) {
-	com_err("krb5kdc", retval,
+	kdc_err(context, retval,
 		"return_sam_data(): decode_krb5_sam_response failed");
 	goto cleanup;
     }
@@ -1880,7 +1880,7 @@
 
 	if ((retval = krb5_c_decrypt(context, &psr_key, /* XXX */ 0, 0,
 				     &tmpdata, &scratch))) {
-	    com_err("krb5kdc", retval,
+	    kdc_err(context, retval,
 		    "return_sam_data(): decrypt track_id failed");
 	    free(scratch.data);
 	    goto cleanup;
@@ -1888,7 +1888,7 @@
     }
 
     if ((retval = decode_krb5_predicted_sam_response(&scratch, &psr))) {
-	com_err("krb5kdc", retval,
+	kdc_err(context, retval,
 		"return_sam_data(): decode_krb5_predicted_sam_response failed");
 	free(scratch.data);
 	goto cleanup;
@@ -1896,7 +1896,7 @@
 
     /* We could use sr->sam_flags, but it may be absent or altered. */
     if (psr->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) {
-	com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
+	kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
 		"Unsupported SAM flag must-pk-encrypt-sad");
 	goto cleanup;
     }
@@ -1949,7 +1949,7 @@
 	break;
 
     default:
-	com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
+	kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
 		"Unimplemented keytype for SAM key mixing");
 	goto cleanup;
     }
@@ -2017,7 +2017,7 @@
 
       retval = krb5_copy_principal(kdc_context, request->client, &newp);
       if (retval) {
-	com_err("krb5kdc", retval, "copying client name for preauth probe");
+	kdc_err(kdc_context, retval, "copying client name for preauth probe");
 	return retval;
       }
 
@@ -2075,7 +2075,7 @@
 	  if (retval) {
 	    char *sname;
 	    krb5_unparse_name(kdc_context, request->client, &sname);
-	    com_err("krb5kdc", retval, 
+	    kdc_err(kdc_context, retval, 
 		    "snk4 finding the enctype and key <%s>", sname);
 	    free(sname);
 	    return retval;
@@ -2086,7 +2086,7 @@
 					       assoc_key, &encrypting_key,
 					       NULL);
 	  if (retval) {
-	    com_err("krb5kdc", retval, 
+	    kdc_err(kdc_context, retval, 
 		    "snk4 pulling out key entry");
 	    return retval;
 	  }
@@ -2213,13 +2213,14 @@
 
 	if (retval) {
 	  /* random key failed */
-	  com_err("krb5kdc", retval,"generating random challenge for preauth");
+	  kdc_err(kdc_context, retval,
+		  "generating random challenge for preauth");
 	  return retval;
 	}
 	/* now session_key has a key which we can pick bits out of */
 	/* we need six decimal digits. Grab 6 bytes, div 2, mod 10 each. */
 	if (session_key.length != 8) {
-	  com_err("krb5kdc", retval = KRB5KDC_ERR_ETYPE_NOSUPP,
+	  kdc_err(kdc_context, retval = KRB5KDC_ERR_ETYPE_NOSUPP,
 		  "keytype didn't match code expectations");
 	  return retval;
 	}
@@ -2236,9 +2237,8 @@
 
 	encrypting_key.enctype = ENCTYPE_DES_CBC_RAW;
 
-	if (retval) {
-	  com_err("krb5kdc", retval, "snk4 processing key");
-	}
+	if (retval)
+	    kdc_err(kdc_context, retval, "snk4 processing key");
 
 	{
 	    krb5_data plain;
@@ -2255,7 +2255,8 @@
 
 	    if ((retval = krb5_c_encrypt(kdc_context, &encrypting_key,
 					 /* XXX */ 0, 0, &plain, &cipher))) {
-		com_err("krb5kdc", retval, "snk4 response generation failed");
+		kdc_err(kdc_context, retval,
+			"snk4 response generation failed");
 		return retval;
 	    }
 	}
@@ -2389,7 +2390,7 @@
     
     if ((retval = decode_krb5_sam_response(&scratch, &sr))) {
 	scratch.data = 0;
-	com_err("krb5kdc", retval, "decode_krb5_sam_response failed");
+	kdc_err(context, retval, "decode_krb5_sam_response failed");
 	goto cleanup;
     }
 
@@ -2409,13 +2410,13 @@
 
       if ((retval = krb5_c_decrypt(context, &psr_key, /* XXX */ 0, 0,
 				   &tmpdata, &scratch))) {
-	  com_err("krb5kdc", retval, "decrypt track_id failed");
+	  kdc_err(context, retval, "decrypt track_id failed");
 	  goto cleanup;
       }
     }
 
     if ((retval = decode_krb5_predicted_sam_response(&scratch, &psr))) {
-	com_err("krb5kdc", retval,
+	kdc_err(context, retval,
 		"decode_krb5_predicted_sam_response failed -- replay attack?");
 	goto cleanup;
     }
@@ -2426,7 +2427,7 @@
     if ((retval = krb5_unparse_name(context, psr->client, &princ_psr)))
 	goto cleanup;
     if (strcmp(princ_req, princ_psr) != 0) {
-	com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
+	kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
 		"Principal mismatch in SAM psr! -- replay attack?");
 	goto cleanup;
     }
@@ -2444,7 +2445,7 @@
 	 * psr's would be able to be replayed.
 	 */
 	if (timenow - psr->stime > rc_lifetime) {
-	    com_err("krb5kdc", retval = KRB5KDC_ERR_PREAUTH_FAILED,
+	    kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
 	    "SAM psr came back too late! -- replay attack?");
 	    goto cleanup;
 	}
@@ -2457,7 +2458,7 @@
 	rep.cusec = psr->susec;
 	retval = krb5_rc_store(kdc_context, kdc_rcache, &rep);
 	if (retval) {
-	    com_err("krb5kdc", retval, "SAM psr replay attack!");
+	    kdc_err(kdc_context, retval, "SAM psr replay attack!");
 	    goto cleanup;
 	}
     }
@@ -2474,13 +2475,13 @@
 
 	if ((retval = krb5_c_decrypt(context, &psr->sam_key, /* XXX */ 0,
 				     0, &sr->sam_enc_nonce_or_ts, &scratch))) {
-	    com_err("krb5kdc", retval, "decrypt nonce_or_ts failed");
+	    kdc_err(context, retval, "decrypt nonce_or_ts failed");
 	    goto cleanup;
 	}
     }
 
     if ((retval = decode_krb5_enc_sam_response_enc(&scratch, &esre))) {
-	com_err("krb5kdc", retval, "decode_krb5_enc_sam_response_enc failed");
+	kdc_err(context, retval, "decode_krb5_enc_sam_response_enc failed");
 	goto cleanup;
     }
 
@@ -2498,7 +2499,7 @@
 
   cleanup:
     if (retval)
-	com_err("krb5kdc", retval, "sam verify failure");
+	kdc_err(context, retval, "sam verify failure");
     if (scratch.data) free(scratch.data);
     if (sr) free(sr);
     if (psr) free(psr);

Modified: trunk/src/kdc/kdc_util.h
===================================================================
--- trunk/src/kdc/kdc_util.h	2009-03-11 22:11:06 UTC (rev 22078)
+++ trunk/src/kdc/kdc_util.h	2009-03-11 22:14:24 UTC (rev 22079)
@@ -134,11 +134,12 @@
 krb5_error_code kdc_initialize_rcache (krb5_context, char *);
 
 krb5_error_code setup_server_realm (krb5_principal);
+void kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...);
 
 /* network.c */
-krb5_error_code listen_and_process (const char *);
-krb5_error_code setup_network (const char *);
-krb5_error_code closedown_network (const char *);
+krb5_error_code listen_and_process (void);
+krb5_error_code setup_network (void);
+krb5_error_code closedown_network (void);
 
 /* policy.c */
 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,

Modified: trunk/src/kdc/main.c
===================================================================
--- trunk/src/kdc/main.c	2009-03-11 22:11:06 UTC (rev 22078)
+++ trunk/src/kdc/main.c	2009-03-11 22:14:24 UTC (rev 22079)
@@ -86,7 +86,7 @@
 
 void initialize_realms (krb5_context, int, char **);
 
-void finish_realms (char *);
+void finish_realms (void);
 
 static int nofork = 0;
 static int rkey_init_done = 0;
@@ -97,7 +97,32 @@
 
 #define	KRB5_KDC_MAX_REALMS	32
 
+static krb5_context kdc_err_context;
+static const char *kdc_progname;
+
 /*
+ * We use krb5_klog_init to set up a com_err callback to log error
+ * messages.  The callback also pulls the error message out of the
+ * context we pass to krb5_klog_init; however, we use realm-specific
+ * contexts for most of our krb5 library calls, so the error message
+ * isn't present in the global context.  This wrapper ensures that the
+ * error message state from the call context is copied into the
+ * context known by krb5_klog.  call_context can be NULL if the error
+ * code did not come from a krb5 library function.
+ */
+void
+kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...)
+{
+    va_list ap;
+
+    if (call_context)
+	krb5_copy_error_message(kdc_err_context, call_context);
+    va_start(ap, fmt);
+    com_err_va(kdc_progname, code, fmt, ap);
+    va_end(ap);
+}
+
+/*
  * Find the realm entry for a given realm.
  */
 kdc_realm_t *
@@ -237,10 +262,10 @@
  * realm data and we should be all set to begin operation for that realm.
  */
 static krb5_error_code
-init_realm(char *progname, kdc_realm_t *rdp, char *realm, 
-	   char *def_mpname, krb5_enctype def_enctype, char *def_udp_ports,
-	   char *def_tcp_ports, krb5_boolean def_manual, char **db_args,
-           char *no_refrls, char *host_based_srvcs)
+init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
+	   krb5_enctype def_enctype, char *def_udp_ports, char *def_tcp_ports,
+	   krb5_boolean def_manual, char **db_args, char *no_refrls,
+	   char *host_based_srvcs)
 {
     krb5_error_code	kret;
     krb5_boolean	manual;
@@ -257,15 +282,14 @@
     rdp->realm_name = realm;
     kret = krb5int_init_context_kdc(&rdp->realm_context);
     if (kret) {
-	com_err(progname, kret, "while getting context for realm %s",
-		realm);
+	kdc_err(NULL, kret, "while getting context for realm %s", realm);
 	goto whoops;
     }
 
     kret = krb5_read_realm_params(rdp->realm_context, rdp->realm_name,
 				  &rparams);
     if (kret) {
-	com_err(progname, kret, "while reading realm parameters");
+	kdc_err(rdp->realm_context, kret, "while reading realm parameters");
 	goto whoops;
     }
     
@@ -351,7 +375,7 @@
 
     /* Set the default realm of this context */
     if ((kret = krb5_set_default_realm(rdp->realm_context, realm))) {
-	com_err(progname, kret, "while setting default realm to %s",
+	kdc_err(rdp->realm_context, kret, "while setting default realm to %s",
 		realm);
 	goto whoops;
     }
@@ -363,7 +387,7 @@
     kdb_open_flags = KRB5_KDB_OPEN_RO | KRB5_KDB_SRV_TYPE_KDC;
 #endif
     if ((kret = krb5_db_open(rdp->realm_context, db_args, kdb_open_flags))) {
-	com_err(progname, kret,
+	kdc_err(rdp->realm_context, kret,
 		"while initializing database for realm %s", realm);
 	goto whoops;
     }
@@ -372,7 +396,7 @@
     if ((kret = krb5_db_setup_mkey_name(rdp->realm_context, rdp->realm_mpname,
 					rdp->realm_name, (char **) NULL,
 					&rdp->realm_mprinc))) {
-	com_err(progname, kret,
+	kdc_err(rdp->realm_context, kret,
 		"while setting up master key name %s for realm %s",
 		rdp->realm_mpname, realm);
 	goto whoops;
@@ -385,7 +409,7 @@
 				   rdp->realm_mkey.enctype, manual,
 				   FALSE, rdp->realm_stash,
 				   &mkvno, NULL, &rdp->realm_mkey))) {
-	com_err(progname, kret,
+	kdc_err(rdp->realm_context, kret,
 		"while fetching master key %s for realm %s",
 		rdp->realm_mpname, realm);
 	goto whoops;
@@ -403,7 +427,7 @@
 					  rdp->realm_mprinc,
                                           IGNORE_VNO,
 					  &rdp->realm_mkey))) {
-	com_err(progname, kret,
+	kdc_err(rdp->realm_context, kret,
 		"while verifying master key for realm %s", realm);
 	goto whoops;
     }
@@ -411,13 +435,13 @@
 
     if ((kret = krb5_db_fetch_mkey_list(rdp->realm_context, rdp->realm_mprinc,
 				   &rdp->realm_mkey, mkvno, &rdp->mkey_list))) {
-	com_err(progname, kret,
+	kdc_err(rdp->realm_context, kret,
 		"while fetching master keys list for realm %s", realm);
 	goto whoops;
     }
 
     if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) {
-	com_err(progname, kret,
+	kdc_err(rdp->realm_context, kret,
 		"while setting master key for realm %s", realm);
 	goto whoops;
     }
@@ -425,7 +449,7 @@
     /* Set up the keytab */
     if ((kret = krb5_ktkdb_resolve(rdp->realm_context, NULL,
 				   &rdp->realm_keytab))) {
-	com_err(progname, kret,
+	kdc_err(rdp->realm_context, kret,
 		"while resolving kdb keytab for realm %s", realm);
 	goto whoops;
     }
@@ -434,7 +458,7 @@
     if ((kret = krb5_build_principal(rdp->realm_context, &rdp->realm_tgsprinc,
 				     strlen(realm), realm, KRB5_TGS_NAME,
 				     realm, (char *) NULL))) {
-	com_err(progname, kret,
+	kdc_err(rdp->realm_context, kret,
 		"while building TGS name for realm %s", realm);
 	goto whoops;
     }
@@ -619,9 +643,8 @@
 	case 'r':			/* realm name for db */
 	    if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) {
 		if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
-		    if ((retval = init_realm(argv[0], rdatap, optarg, 
-					     mkey_name, menctype,
-					     default_udp_ports,
+		    if ((retval = init_realm(rdatap, optarg, mkey_name,
+					     menctype, default_udp_ports,
 					     default_tcp_ports, manual, db_args,
                                              no_refrls, host_based_srvcs))) {
 			fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n",
@@ -722,10 +745,10 @@
 	    exit(1);
 	}
 	if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
-	    if ((retval = init_realm(argv[0], rdatap, lrealm, 
-				     mkey_name, menctype, default_udp_ports,
-				     default_tcp_ports, manual, db_args,
-                                     no_refrls, host_based_srvcs))) {
+	    if ((retval = init_realm(rdatap, lrealm, mkey_name, menctype,
+				     default_udp_ports, default_tcp_ports,
+				     manual, db_args, no_refrls,
+				     host_based_srvcs))) {
 		fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n",
 			argv[0], lrealm);
 		exit(1);
@@ -765,7 +788,7 @@
 }
 
 void
-finish_realms(char *prog)
+finish_realms()
 {
     int i;
 
@@ -830,8 +853,12 @@
 	    exit(1);
     }
     krb5_klog_init(kcontext, "kdc", argv[0], 1);
+    kdc_err_context = kcontext;
+    kdc_progname = argv[0];
     /* N.B.: After this point, com_err sends output to the KDC log
-       file, and not to stderr.  */
+       file, and not to stderr.  We use the kdc_err wrapper around
+       com_err to ensure that the error state exists in the context
+       known to the krb5_klog callback. */
 
     initialize_kdc5_error_table();
 
@@ -847,35 +874,35 @@
 
     retval = setup_sam();
     if (retval) {
-	com_err(argv[0], retval, "while initializing SAM");
-	finish_realms(argv[0]);
+	kdc_err(kcontext, retval, "while initializing SAM");
+	finish_realms();
 	return 1;
     }
 
-    if ((retval = setup_network(argv[0]))) {
-	com_err(argv[0], retval, "while initializing network");
-	finish_realms(argv[0]);
+    if ((retval = setup_network())) {
+	kdc_err(kcontext, retval, "while initializing network");
+	finish_realms();
 	return 1;
     }
     if (!nofork && daemon(0, 0)) {
-	com_err(argv[0], errno, "while detaching from tty");
-	finish_realms(argv[0]);
+	kdc_err(kcontext, errno, "while detaching from tty");
+	finish_realms();
 	return 1;
     }
     krb5_klog_syslog(LOG_INFO, "commencing operation");
-    if ((retval = listen_and_process(argv[0]))) {
-	com_err(argv[0], retval, "while processing network requests");
+    if ((retval = listen_and_process())) {
+	kdc_err(kcontext, retval, "while processing network requests");
 	errout++;
     }
-    if ((retval = closedown_network(argv[0]))) {
-	com_err(argv[0], retval, "while shutting down network");
+    if ((retval = closedown_network())) {
+	kdc_err(kcontext, retval, "while shutting down network");
 	errout++;
     }
     krb5_klog_syslog(LOG_INFO, "shutting down");
     unload_preauth_plugins(kcontext);
     unload_authdata_plugins(kcontext);
     krb5_klog_close(kdc_context);
-    finish_realms(argv[0]);
+    finish_realms();
     if (kdc_realmlist) 
       free(kdc_realmlist);
 #ifdef USE_RCACHE

Modified: trunk/src/kdc/network.c
===================================================================
--- trunk/src/kdc/network.c	2009-03-11 22:11:06 UTC (rev 22078)
+++ trunk/src/kdc/network.c	2009-03-11 22:14:24 UTC (rev 22079)
@@ -27,7 +27,6 @@
  */
 
 #include "k5-int.h"
-#include "com_err.h"
 #include "kdc_util.h"
 #include "extern.h"
 #include "kdc5_err.h"
@@ -184,7 +183,7 @@
 struct connection {
     int fd;
     enum conn_type type;
-    void (*service)(struct connection *, const char *, int);
+    void (*service)(struct connection *, int);
     union {
 	/* Type-specific information.  */
 	struct {
@@ -300,7 +299,6 @@
 #include "foreachaddr.h"
 
 struct socksetup {
-    const char *prog;
     krb5_error_code retval;
     int udp_flags;
 #define UDP_DO_IPV4 1
@@ -309,7 +307,7 @@
 
 static struct connection *
 add_fd (struct socksetup *data, int sock, enum conn_type conntype,
-	void (*service)(struct connection *, const char *, int))
+	void (*service)(struct connection *, int))
 {
     struct connection *newconn;
     void *tmp;
@@ -317,21 +315,19 @@
 #ifndef _WIN32
     if (sock >= FD_SETSIZE) {
 	data->retval = EMFILE;	/* XXX */
-	com_err(data->prog, 0,
-		"file descriptor number %d too high", sock);
+	kdc_err(NULL, 0, "file descriptor number %d too high", sock);
 	return 0;
     }
 #endif
     newconn = malloc(sizeof(*newconn));
     if (newconn == 0) {
 	data->retval = ENOMEM;
-	com_err(data->prog, ENOMEM,
-		"cannot allocate storage for connection info");
+	kdc_err(NULL, ENOMEM, "cannot allocate storage for connection info");
 	return 0;
     }
     if (!ADD(connections, newconn, tmp)) {
 	data->retval = ENOMEM;
-	com_err(data->prog, ENOMEM, "cannot save socket info");
+	kdc_err(NULL, ENOMEM, "cannot save socket info");
 	free(newconn);
 	return 0;
     }
@@ -343,9 +339,9 @@
     return newconn;
 }
 
-static void process_packet(struct connection *, const char *, int);
-static void accept_tcp_connection(struct connection *, const char *, int);
-static void process_tcp_connection(struct connection *, const char *, int);
+static void process_packet(struct connection *, int);
+static void accept_tcp_connection(struct connection *, int);
+static void process_tcp_connection(struct connection *, int);
 
 static struct connection *
 add_udp_fd (struct socksetup *data, int sock, int pktinfo)
@@ -409,7 +405,7 @@
 
     sock = socket(addr->sa_family, SOCK_STREAM, 0);
     if (sock == -1) {
-	com_err(data->prog, errno, "Cannot create TCP server socket on %s",
+	kdc_err(NULL, errno, "Cannot create TCP server socket on %s",
 		paddr(addr));
 	return -1;
     }
@@ -417,49 +413,46 @@
 #ifndef _WIN32
     if (sock >= FD_SETSIZE) {
 	close(sock);
-	com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high",
+	kdc_err(NULL, 0, "TCP socket fd number %d (for %s) too high",
 		sock, paddr(addr));
 	return -1;
     }
 #endif
     if (setreuseaddr(sock, 1) < 0)
-	com_err(data->prog, errno,
-		"Cannot enable SO_REUSEADDR on fd %d", sock);
+	kdc_err(NULL, errno, "Cannot enable SO_REUSEADDR on fd %d", sock);
 #ifdef KRB5_USE_INET6
     if (addr->sa_family == AF_INET6) {
 #ifdef IPV6_V6ONLY
 	if (setv6only(sock, 1))
-	    com_err(data->prog, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed",
-		    sock);
+	    kdc_err(NULL, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed", sock);
 	else
-	    com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked",
-		    sock);
+	    kdc_err(NULL, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", sock);
 #else
 	krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
 #endif /* IPV6_V6ONLY */
     }
 #endif /* KRB5_USE_INET6 */
     if (bind(sock, addr, socklen(addr)) == -1) {
-	com_err(data->prog, errno,
-		"Cannot bind TCP server socket on %s", paddr(addr));
+	kdc_err(NULL, errno, "Cannot bind TCP server socket on %s",
+		paddr(addr));
 	close(sock);
 	return -1;
     }
     if (listen(sock, 5) < 0) {
-	com_err(data->prog, errno, "Cannot listen on TCP server socket on %s",
+	kdc_err(NULL, errno, "Cannot listen on TCP server socket on %s",
 		paddr(addr));
 	close(sock);
 	return -1;
     }
     if (setnbio(sock)) {
-	com_err(data->prog, errno,
+	kdc_err(NULL, errno,
 		"cannot set listening tcp socket on %s non-blocking",
 		paddr(addr));
 	close(sock);
 	return -1;
     }
     if (setnolinger(sock)) {
-	com_err(data->prog, errno, "disabling SO_LINGER on TCP socket on %s",
+	kdc_err(NULL, errno, "disabling SO_LINGER on TCP socket on %s",
 		paddr(addr));
 	close(sock);
 	return -1;
@@ -617,7 +610,7 @@
 	sock = socket (addr->sa_family, SOCK_DGRAM, 0);
 	if (sock == -1) {
 	    data->retval = errno;
-	    com_err(data->prog, data->retval,
+	    kdc_err(NULL, data->retval,
 		    "Cannot create server socket for port %d address %s",
 		    port, haddrbuf);
 	    return 1;
@@ -627,11 +620,10 @@
 	if (addr->sa_family == AF_INET6) {
 #ifdef IPV6_V6ONLY
 	    if (setv6only(sock, 1))
-		com_err(data->prog, errno,
-			"setsockopt(%d,IPV6_V6ONLY,1) failed", sock);
-	    else
-		com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked",
+		kdc_err(NULL, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed",
 			sock);
+	    else
+		kdc_err(NULL, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", sock);
 #else
 	    krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
 #endif /* IPV6_V6ONLY */
@@ -640,7 +632,7 @@
 	set_sa_port(addr, htons(port));
 	if (bind (sock, (struct sockaddr *)addr, socklen (addr)) == -1) {
 	    data->retval = errno;
-	    com_err(data->prog, data->retval,
+	    kdc_err(NULL, data->retval,
 		    "Cannot bind server socket to port %d address %s",
 		    port, haddrbuf);
 	    close(sock);
@@ -652,7 +644,7 @@
 	if (pktinfo) {
 	    r = set_pktinfo(sock, addr->sa_family);
 	    if (r) {
-		com_err(data->prog, r,
+		kdc_err(NULL, r,
 			"Cannot request packet info for udp socket address %s port %d",
 			haddrbuf, port);
 		close(sock);
@@ -803,8 +795,7 @@
     }
 }
 
-static void process_routing_update(struct connection *conn, const char *prog,
-				   int selflags)
+static void process_routing_update(struct connection *conn, int selflags)
 {
     int n_read;
     struct rt_msghdr rtm;
@@ -902,7 +893,7 @@
 extern void (*krb5int_sendtokdc_debug_handler)(const void*, size_t);
 
 krb5_error_code
-setup_network(const char *prog)
+setup_network()
 {
     struct socksetup setup_data;
     krb5_error_code retval;
@@ -948,7 +939,6 @@
 	}
     }
 
-    setup_data.prog = prog;
     setup_data.retval = 0;
     krb5_klog_syslog (LOG_INFO, "setting up network...");
 #ifdef HAVE_STRUCT_RT_MSGHDR
@@ -968,7 +958,7 @@
     setup_tcp_listener_ports(&setup_data);
     krb5_klog_syslog (LOG_INFO, "set up %d sockets", n_sockets);
     if (n_sockets == 0) {
-	com_err(prog, 0, "no sockets set up?");
+	kdc_err(NULL, 0, "no sockets set up?");
 	exit (1);
     }
 
@@ -1198,8 +1188,7 @@
     return 0;
 }
 
-static void process_packet(struct connection *conn, const char *prog,
-			   int selflags)
+static void process_packet(struct connection *conn, int selflags)
 {
     int cc;
     socklen_t saddr_len, daddr_len;
@@ -1225,7 +1214,7 @@
 	       before getting the response packet.  */
 	    && errno != ECONNREFUSED
 	    )
-	    com_err(prog, errno, "while receiving from network");
+	    kdc_err(NULL, errno, "while receiving from network");
 	return;
     }
     if (!cc)
@@ -1237,7 +1226,7 @@
 	if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf),
 			0, 0, NI_NUMERICHOST))
 	    strlcpy(addrbuf, "?", sizeof(addrbuf));
-	com_err(prog, 0, "pktinfo says local addr is %s", addrbuf);
+	kdc_err(NULL, 0, "pktinfo says local addr is %s", addrbuf);
     }
 #endif
 
@@ -1247,7 +1236,7 @@
     init_addr(&faddr, ss2sa(&saddr));
     /* this address is in net order */
     if ((retval = dispatch(&request, &faddr, &response))) {
-	com_err(prog, retval, "while dispatching (udp)");
+	kdc_err(NULL, retval, "while dispatching (udp)");
 	return;
     }
     if (response == NULL)
@@ -1272,12 +1261,12 @@
 		      addr.contents, addrbuf, sizeof(addrbuf)) == 0) {
 	    strlcpy(addrbuf, "?", sizeof(addrbuf));
 	}
-	com_err(prog, errno, "while sending reply to %s/%d",
+	kdc_err(NULL, errno, "while sending reply to %s/%d",
 		addrbuf, faddr.port);
 	return;
     }
     if (cc != response->length) {
-	com_err(prog, 0, "short reply write %d vs %d\n",
+	kdc_err(NULL, 0, "short reply write %d vs %d\n",
 		response->length, cc);
     }
     krb5_free_data(kdc_context, response);
@@ -1289,8 +1278,7 @@
 
 static void kill_tcp_connection(struct connection *);
 
-static void accept_tcp_connection(struct connection *conn, const char *prog,
-				  int selflags)
+static void accept_tcp_connection(struct connection *conn, int selflags)
 {
     int s;
     struct sockaddr_storage addr_s;
@@ -1312,7 +1300,6 @@
 #endif
     setnbio(s), setnolinger(s), setkeepalive(s);
 
-    sockdata.prog = prog;
     sockdata.retval = 0;
 
     newconn = add_tcp_data_fd(&sockdata, s);
@@ -1372,7 +1359,7 @@
 	}
     }
     if (newconn->u.tcp.buffer == 0) {
-	com_err(prog, errno, "allocating buffer for new TCP session from %s",
+	kdc_err(NULL, errno, "allocating buffer for new TCP session from %s",
 		newconn->u.tcp.addrbuf);
 	delete_fd(newconn);
 	close(s);
@@ -1456,7 +1443,7 @@
 }
 
 static void
-process_tcp_connection(struct connection *conn, const char *prog, int selflags)
+process_tcp_connection(struct connection *conn, int selflags)
 {
     if (selflags & SSF_WRITE) {
 	ssize_t nwrote;
@@ -1556,7 +1543,7 @@
 	    err = dispatch(&request, &conn->u.tcp.faddr,
 			   &conn->u.tcp.response);
 	    if (err) {
-		com_err(prog, err, "while dispatching (tcp)");
+		kdc_err(NULL, err, "while dispatching (tcp)");
 		goto kill_tcp_connection;
 	    }
 	have_response:
@@ -1572,10 +1559,9 @@
     kill_tcp_connection(conn);
 }
 
-static void service_conn(struct connection *conn, const char *prog,
-			 int selflags)
+static void service_conn(struct connection *conn, int selflags)
 {
-    conn->service(conn, prog, selflags);
+    conn->service(conn, selflags);
 }
 
 /* from sendto_kdc.c */
@@ -1593,7 +1579,7 @@
 }
 
 krb5_error_code
-listen_and_process(const char *prog)
+listen_and_process()
 {
     int			nfound;
     /* This struct contains 3 fd_set objects; on some platforms, they
@@ -1627,7 +1613,7 @@
 	       big deal.  */
 	    err = getcurtime(&sstate.end_time);
 	    if (err) {
-		com_err(prog, err, "while getting the time");
+		kdc_err(NULL, err, "while getting the time");
 		continue;
 	    }
 	    sstate.end_time.tv_sec += 3;
@@ -1638,22 +1624,22 @@
 	err = krb5int_cm_call_select(&sstate, &sout, &sret);
 	if (err) {
 	    if (err != EINTR)
-		com_err(prog, err, "while selecting for network input(1)");
+		kdc_err(NULL, err, "while selecting for network input(1)");
 	    continue;
 	}
 	if (sret == 0 && netchanged) {
 	    network_reconfiguration_needed = 0;
-	    closedown_network(prog);
-	    err = setup_network(prog);
+	    closedown_network();
+	    err = setup_network();
 	    if (err) {
-		com_err(prog, err, "while reinitializing network");
+		kdc_err(NULL, err, "while reinitializing network");
 		return err;
 	    }
 	    netchanged = 0;
 	}
 	if (sret == -1) {
 	    if (errno != EINTR)
-		com_err(prog, errno, "while selecting for network input(2)");
+		kdc_err(NULL, errno, "while selecting for network input(2)");
 	    continue;
 	}
 	nfound = sret;
@@ -1666,7 +1652,7 @@
 	    if (FD_ISSET(conns[i]->fd, &sout.wfds))
 		sflags |= SSF_WRITE, nfound--;
 	    if (sflags)
-		service_conn(conns[i], prog, sflags);
+		service_conn(conns[i], sflags);
 	}
     }
     krb5_klog_syslog(LOG_INFO, "shutdown signal received");
@@ -1674,7 +1660,7 @@
 }
 
 krb5_error_code
-closedown_network(const char *prog)
+closedown_network()
 {
     int i;
     struct connection *conn;




More information about the cvs-krb5 mailing list