[PATCH] Factor out error message printing differences between MIT and Heimdal
Kevin Coffman
kwc at citi.umich.edu
Thu Apr 19 14:45:19 EDT 2007
From: Kevin Coffman <kwc at citi.umich.edu>
Use a common function that factors out differences between MIT
and Heimdal in getting the right error message printed.
Add an autoconf check to see if the newer error message function
is available.
Signed-off-by: Kevin Coffman <kwc at citi.umich.edu>
---
aclocal/kerberos5.m4 | 4 +++
utils/gssd/context_heimdal.c | 10 +++----
utils/gssd/krb5_util.c | 62 ++++++++++++++++++++++++++++++------------
utils/gssd/krb5_util.h | 2 +
4 files changed, 55 insertions(+), 23 deletions(-)
diff --git a/aclocal/kerberos5.m4 b/aclocal/kerberos5.m4
index b83e122..2475f50 100644
--- a/aclocal/kerberos5.m4
+++ b/aclocal/kerberos5.m4
@@ -93,6 +93,10 @@ AC_DEFUN([AC_KERBEROS_V5],[
AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name,
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)
+ dnl Check for newer error message facility
+ AC_CHECK_LIB($gssapi_lib, krb5_get_error_message,
+ AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)
+
dnl If they specified a directory and it didn't work, give them a warning
if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
diff --git a/utils/gssd/context_heimdal.c b/utils/gssd/context_heimdal.c
index 5520cbc..6fb8fbd 100644
--- a/utils/gssd/context_heimdal.c
+++ b/utils/gssd/context_heimdal.c
@@ -72,14 +72,14 @@ int write_heimdal_enc_key(char **p, char
if ((ret = krb5_init_context(&context))) {
printerr(0, "ERROR: initializing krb5_context: %s\n",
- error_message(ret));
+ gssd_k5_err_msg(NULL, ret));
goto out_err;
}
if ((ret = krb5_auth_con_getlocalsubkey(context,
ctx->auth_context, &key))){
printerr(0, "ERROR: getting auth_context key: %s\n",
- error_message(ret));
+ gssd_k5_err_msg(context, ret));
goto out_err_free_context;
}
@@ -97,7 +97,7 @@ int write_heimdal_enc_key(char **p, char
calloc(1, enc_key.keyvalue.length)) == NULL) {
printerr(0, "ERROR: allocating memory for enc key: %s\n",
- error_message(ENOMEM));
+ gssd_k5_err_msg(context, ENOMEM));
goto out_err_free_key;
}
skd = (char *) key->keyvalue.data;
@@ -130,14 +130,14 @@ int write_heimdal_seq_key(char **p, char
if ((ret = krb5_init_context(&context))) {
printerr(0, "ERROR: initializing krb5_context: %s\n",
- error_message(ret));
+ gssd_k5_err_msg(NULL, ret));
goto out_err;
}
if ((ret = krb5_auth_con_getlocalsubkey(context,
ctx->auth_context, &key))){
printerr(0, "ERROR: getting auth_context key: %s\n",
- error_message(ret));
+ gssd_k5_err_msg(context, ret));
goto out_err_free_context;
}
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 50773b1..87bd7e4 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -363,7 +363,7 @@ #endif
kt, 0, NULL, &options))) {
printerr(0, "WARNING: %s while getting initial ticket for "
"principal '%s' using keytab '%s'\n",
- error_message(code),
+ gssd_k5_err_msg(context, code),
pname ? pname : "<unparsable>", kt_name);
goto out;
}
@@ -392,17 +392,18 @@ #endif
}
if ((code = krb5_cc_resolve(context, cc_name, &ccache))) {
printerr(0, "ERROR: %s while opening credential cache '%s'\n",
- error_message(code), cc_name);
+ gssd_k5_err_msg(context, code), cc_name);
goto out;
}
if ((code = krb5_cc_initialize(context, ccache, ple->princ))) {
printerr(0, "ERROR: %s while initializing credential "
- "cache '%s'\n", error_message(code), cc_name);
+ "cache '%s'\n", gssd_k5_err_msg(context, code),
+ cc_name);
goto out;
}
if ((code = krb5_cc_store_cred(context, ccache, &my_creds))) {
printerr(0, "ERROR: %s while storing credentials in '%s'\n",
- error_message(code), cc_name);
+ gssd_k5_err_msg(context, code), cc_name);
goto out;
}
@@ -652,14 +653,14 @@ gssd_search_krb5_keytab(krb5_context con
*/
if ((code = krb5_kt_get_name(context, kt, kt_name, BUFSIZ))) {
printerr(0, "ERROR: %s attempting to get keytab name\n",
- error_message(code));
+ gssd_k5_err_msg(context, code));
retval = code;
goto out;
}
if ((code = krb5_kt_start_seq_get(context, kt, &cursor))) {
printerr(0, "ERROR: %s while beginning keytab scan "
"for keytab '%s'\n",
- error_message(code), kt_name);
+ gssd_k5_err_msg(context, code), kt_name);
retval = code;
goto out;
}
@@ -669,7 +670,7 @@ gssd_search_krb5_keytab(krb5_context con
&pname))) {
printerr(0, "WARNING: Skipping keytab entry because "
"we failed to unparse principal name: %s\n",
- error_message(code));
+ gssd_k5_err_msg(context, code));
k5_free_kt_entry(context, kte);
continue;
}
@@ -705,7 +706,7 @@ gssd_search_krb5_keytab(krb5_context con
if ((code = krb5_kt_end_seq_get(context, kt, &cursor))) {
printerr(0, "WARNING: %s while ending keytab scan for "
"keytab '%s'\n",
- error_message(code), kt_name);
+ gssd_k5_err_msg(context, code), kt_name);
}
retval = 0;
@@ -743,7 +744,7 @@ find_keytab_entry(krb5_context context,
retval = gethostname(myhostname, sizeof(myhostname));
if (retval) {
printerr(1, "%s while getting local hostname\n",
- error_message(retval));
+ gssd_k5_err_msg(context, retval));
goto out;
}
retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname));
@@ -754,7 +755,7 @@ find_keytab_entry(krb5_context context,
if (code) {
retval = code;
printerr(1, "%s while getting default realm name\n",
- error_message(code));
+ gssd_k5_err_msg(context, code));
goto out;
}
@@ -767,7 +768,7 @@ find_keytab_entry(krb5_context context,
code = krb5_get_host_realm(context, targethostname, &realmnames);
if (code) {
printerr(0, "ERROR: %s while getting realm(s) for host '%s'\n",
- error_message(code), targethostname);
+ gssd_k5_err_msg(context, code), targethostname);
retval = code;
goto out;
}
@@ -799,7 +800,8 @@ find_keytab_entry(krb5_context context,
NULL);
if (code) {
printerr(1, "%s while building principal for "
- "'%s/%s@%s'\n", error_message(code),
+ "'%s/%s@%s'\n",
+ gssd_k5_err_msg(context, code),
svcnames[j], myhostname, realm);
continue;
}
@@ -807,7 +809,8 @@ find_keytab_entry(krb5_context context,
krb5_free_principal(context, princ);
if (code) {
printerr(3, "%s while getting keytab entry for "
- "'%s/%s@%s'\n", error_message(code),
+ "'%s/%s@%s'\n",
+ gssd_k5_err_msg(context, code),
svcnames[j], myhostname, realm);
} else {
printerr(3, "Success getting keytab entry for "
@@ -984,7 +987,7 @@ gssd_destroy_krb5_machine_creds(void)
code = krb5_init_context(&context);
if (code) {
printerr(0, "ERROR: %s while initializing krb5\n",
- error_message(code));
+ gssd_k5_err_msg(NULL, code));
goto out;
}
@@ -994,14 +997,14 @@ gssd_destroy_krb5_machine_creds(void)
if ((code = krb5_cc_resolve(context, ple->ccname, &ccache))) {
printerr(0, "WARNING: %s while resolving credential "
"cache '%s' for destruction\n",
- error_message(code), ple->ccname);
+ gssd_k5_err_msg(context, code), ple->ccname);
continue;
}
if ((code = krb5_cc_destroy(context, ccache))) {
printerr(0, "WARNING: %s while destroying credential "
"cache '%s'\n",
- error_message(code), ple->ccname);
+ gssd_k5_err_msg(context, code), ple->ccname);
}
}
out:
@@ -1026,14 +1029,15 @@ gssd_refresh_krb5_machine_credential(cha
code = krb5_init_context(&context);
if (code) {
printerr(0, "ERROR: %s: %s while initializing krb5 context\n",
- __FUNCTION__, error_message(code));
+ __FUNCTION__, gssd_k5_err_msg(NULL, code));
retval = code;
goto out;
}
if ((code = krb5_kt_resolve(context, keytabfile, &kt))) {
printerr(0, "ERROR: %s: %s while resolving keytab '%s'\n",
- __FUNCTION__, error_message(code), keytabfile);
+ __FUNCTION__, gssd_k5_err_msg(context, code),
+ keytabfile);
goto out;
}
@@ -1073,3 +1077,25 @@ out:
return retval;
}
+/*
+ * A common routine for getting the Kerberos error message
+ */
+const char *
+gssd_k5_err_msg(krb5_context context, krb5_error_code code)
+{
+ const char *msg = NULL;
+#if HAVE_KRB5_GET_ERROR_MESSAGE
+ if (context != NULL)
+ msg = krb5_get_error_message(context, code);
+#endif
+ if (msg != NULL)
+ return msg;
+#if HAVE_KRB5
+ return error_message(code);
+#else
+ if (context != NULL)
+ return krb5_get_err_text(context, code);
+ else
+ return error_message(code);
+#endif
+}
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 9cac202..78ad45c 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -24,6 +24,8 @@ void gssd_setup_krb5_machine_gss_ccache(
void gssd_destroy_krb5_machine_creds(void);
int gssd_refresh_krb5_machine_credential(char *hostname,
struct gssd_k5_kt_princ *ple);
+const char *
+gssd_k5_err_msg(krb5_context context, krb5_error_code code);
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
int limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid);
More information about the NFSv4
mailing list