From 5995fb8081f92acf39e5126e09d7db8fe6a02364 Mon Sep 17 00:00:00 2001 From: Kevin Coffman Date: Thu, 19 Apr 2007 14:45:19 -0400 Subject: [PATCH] Factor out error message printing differences between MIT and Heimdal Use a common function that factors out differences between MIT and Heimdal in getting the right error message printed. Add an autoconf check to see if the newer error message function is available. Signed-off-by: Kevin Coffman --- aclocal/kerberos5.m4 | 4 +++ utils/gssd/context_heimdal.c | 10 +++--- utils/gssd/krb5_util.c | 62 +++++++++++++++++++++++++----------- utils/gssd/krb5_util.h | 2 ++ 4 files changed, 55 insertions(+), 23 deletions(-) diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4 index b83e122..2475f50 100644 --- a/aclocal/kerberos5.m4 +++ b/aclocal/kerberos5.m4 @@ -93,6 +93,10 @@ AC_DEFUN([AC_KERBEROS_V5],[ AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS) + dnl Check for newer error message facility + AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, + AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS) + dnl If they specified a directory and it didn't work, give them a warning if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!) diff --git a/utils/gssd/context_heimdal.c b/utils/gssd/context_heimdal.c index 5520cbc..6fb8fbd 100644 --- a/utils/gssd/context_heimdal.c +++ b/utils/gssd/context_heimdal.c @@ -72,14 +72,14 @@ int write_heimdal_enc_key(char **p, char *end, gss_ctx_id_t ctx) if ((ret = krb5_init_context(&context))) { printerr(0, "ERROR: initializing krb5_context: %s\n", - error_message(ret)); + gssd_k5_err_msg(NULL, ret)); goto out_err; } if ((ret = krb5_auth_con_getlocalsubkey(context, ctx->auth_context, &key))){ printerr(0, "ERROR: getting auth_context key: %s\n", - error_message(ret)); + gssd_k5_err_msg(context, ret)); goto out_err_free_context; } @@ -97,7 +97,7 @@ int write_heimdal_enc_key(char **p, char *end, gss_ctx_id_t ctx) calloc(1, enc_key.keyvalue.length)) == NULL) { printerr(0, "ERROR: allocating memory for enc key: %s\n", - error_message(ENOMEM)); + gssd_k5_err_msg(context, ENOMEM)); goto out_err_free_key; } skd = (char *) key->keyvalue.data; @@ -130,14 +130,14 @@ int write_heimdal_seq_key(char **p, char *end, gss_ctx_id_t ctx) if ((ret = krb5_init_context(&context))) { printerr(0, "ERROR: initializing krb5_context: %s\n", - error_message(ret)); + gssd_k5_err_msg(NULL, ret)); goto out_err; } if ((ret = krb5_auth_con_getlocalsubkey(context, ctx->auth_context, &key))){ printerr(0, "ERROR: getting auth_context key: %s\n", - error_message(ret)); + gssd_k5_err_msg(context, ret)); goto out_err_free_context; } diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 50773b1..87bd7e4 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -363,7 +363,7 @@ gssd_get_single_krb5_cred(krb5_context context, kt, 0, NULL, &options))) { printerr(0, "WARNING: %s while getting initial ticket for " "principal '%s' using keytab '%s'\n", - error_message(code), + gssd_k5_err_msg(context, code), pname ? pname : "", kt_name); goto out; } @@ -392,17 +392,18 @@ gssd_get_single_krb5_cred(krb5_context context, } if ((code = krb5_cc_resolve(context, cc_name, &ccache))) { printerr(0, "ERROR: %s while opening credential cache '%s'\n", - error_message(code), cc_name); + gssd_k5_err_msg(context, code), cc_name); goto out; } if ((code = krb5_cc_initialize(context, ccache, ple->princ))) { printerr(0, "ERROR: %s while initializing credential " - "cache '%s'\n", error_message(code), cc_name); + "cache '%s'\n", gssd_k5_err_msg(context, code), + cc_name); goto out; } if ((code = krb5_cc_store_cred(context, ccache, &my_creds))) { printerr(0, "ERROR: %s while storing credentials in '%s'\n", - error_message(code), cc_name); + gssd_k5_err_msg(context, code), cc_name); goto out; } @@ -652,14 +653,14 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt, */ if ((code = krb5_kt_get_name(context, kt, kt_name, BUFSIZ))) { printerr(0, "ERROR: %s attempting to get keytab name\n", - error_message(code)); + gssd_k5_err_msg(context, code)); retval = code; goto out; } if ((code = krb5_kt_start_seq_get(context, kt, &cursor))) { printerr(0, "ERROR: %s while beginning keytab scan " "for keytab '%s'\n", - error_message(code), kt_name); + gssd_k5_err_msg(context, code), kt_name); retval = code; goto out; } @@ -669,7 +670,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt, &pname))) { printerr(0, "WARNING: Skipping keytab entry because " "we failed to unparse principal name: %s\n", - error_message(code)); + gssd_k5_err_msg(context, code)); k5_free_kt_entry(context, kte); continue; } @@ -705,7 +706,7 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt, if ((code = krb5_kt_end_seq_get(context, kt, &cursor))) { printerr(0, "WARNING: %s while ending keytab scan for " "keytab '%s'\n", - error_message(code), kt_name); + gssd_k5_err_msg(context, code), kt_name); } retval = 0; @@ -743,7 +744,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *hostname, retval = gethostname(myhostname, sizeof(myhostname)); if (retval) { printerr(1, "%s while getting local hostname\n", - error_message(retval)); + gssd_k5_err_msg(context, retval)); goto out; } retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname)); @@ -754,7 +755,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *hostname, if (code) { retval = code; printerr(1, "%s while getting default realm name\n", - error_message(code)); + gssd_k5_err_msg(context, code)); goto out; } @@ -767,7 +768,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *hostname, code = krb5_get_host_realm(context, targethostname, &realmnames); if (code) { printerr(0, "ERROR: %s while getting realm(s) for host '%s'\n", - error_message(code), targethostname); + gssd_k5_err_msg(context, code), targethostname); retval = code; goto out; } @@ -799,7 +800,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *hostname, NULL); if (code) { printerr(1, "%s while building principal for " - "'%s/%s@%s'\n", error_message(code), + "'%s/%s@%s'\n", + gssd_k5_err_msg(context, code), svcnames[j], myhostname, realm); continue; } @@ -807,7 +809,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *hostname, krb5_free_principal(context, princ); if (code) { printerr(3, "%s while getting keytab entry for " - "'%s/%s@%s'\n", error_message(code), + "'%s/%s@%s'\n", + gssd_k5_err_msg(context, code), svcnames[j], myhostname, realm); } else { printerr(3, "Success getting keytab entry for " @@ -984,7 +987,7 @@ gssd_destroy_krb5_machine_creds(void) code = krb5_init_context(&context); if (code) { printerr(0, "ERROR: %s while initializing krb5\n", - error_message(code)); + gssd_k5_err_msg(NULL, code)); goto out; } @@ -994,14 +997,14 @@ gssd_destroy_krb5_machine_creds(void) if ((code = krb5_cc_resolve(context, ple->ccname, &ccache))) { printerr(0, "WARNING: %s while resolving credential " "cache '%s' for destruction\n", - error_message(code), ple->ccname); + gssd_k5_err_msg(context, code), ple->ccname); continue; } if ((code = krb5_cc_destroy(context, ccache))) { printerr(0, "WARNING: %s while destroying credential " "cache '%s'\n", - error_message(code), ple->ccname); + gssd_k5_err_msg(context, code), ple->ccname); } } out: @@ -1026,14 +1029,15 @@ gssd_refresh_krb5_machine_credential(char *hostname, code = krb5_init_context(&context); if (code) { printerr(0, "ERROR: %s: %s while initializing krb5 context\n", - __FUNCTION__, error_message(code)); + __FUNCTION__, gssd_k5_err_msg(NULL, code)); retval = code; goto out; } if ((code = krb5_kt_resolve(context, keytabfile, &kt))) { printerr(0, "ERROR: %s: %s while resolving keytab '%s'\n", - __FUNCTION__, error_message(code), keytabfile); + __FUNCTION__, gssd_k5_err_msg(context, code), + keytabfile); goto out; } @@ -1073,3 +1077,25 @@ out: return retval; } +/* + * A common routine for getting the Kerberos error message + */ +const char * +gssd_k5_err_msg(krb5_context context, krb5_error_code code) +{ + const char *msg = NULL; +#if HAVE_KRB5_GET_ERROR_MESSAGE + if (context != NULL) + msg = krb5_get_error_message(context, code); +#endif + if (msg != NULL) + return msg; +#if HAVE_KRB5 + return error_message(code); +#else + if (context != NULL) + return krb5_get_err_text(context, code); + else + return error_message(code); +#endif +} diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h index 9cac202..78ad45c 100644 --- a/utils/gssd/krb5_util.h +++ b/utils/gssd/krb5_util.h @@ -24,6 +24,8 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername); void gssd_destroy_krb5_machine_creds(void); int gssd_refresh_krb5_machine_credential(char *hostname, struct gssd_k5_kt_princ *ple); +const char * +gssd_k5_err_msg(krb5_context context, krb5_error_code code); #ifdef HAVE_SET_ALLOWABLE_ENCTYPES int limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid); -- 2.39.2