summaryrefslogtreecommitdiff
path: root/usr/src/cmd/krb5/kadmin/server/server_stubs.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/cmd/krb5/kadmin/server/server_stubs.c')
-rw-r--r--usr/src/cmd/krb5/kadmin/server/server_stubs.c394
1 files changed, 276 insertions, 118 deletions
diff --git a/usr/src/cmd/krb5/kadmin/server/server_stubs.c b/usr/src/cmd/krb5/kadmin/server/server_stubs.c
index a9c46a49f4..5d36f5c2c5 100644
--- a/usr/src/cmd/krb5/kadmin/server/server_stubs.c
+++ b/usr/src/cmd/krb5/kadmin/server/server_stubs.c
@@ -3,7 +3,6 @@
* Use is subject to license terms.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
@@ -28,10 +27,9 @@
*
*/
+#include <kadm5/admin.h>
#include <gssapi/gssapi.h>
#include <gssapi_krb5.h> /* for gss_nt_krb5_name */
-#include <krb5.h>
-#include <kadm5/admin.h>
#include <kadm5/kadm_rpc.h>
#include <kadm5/server_internal.h>
#include <kadm5/srv/server_acl.h>
@@ -41,6 +39,7 @@
#include <arpa/inet.h> /* inet_ntoa */
#include <krb5/adm_proto.h> /* krb5_klog_syslog */
#include <libintl.h>
+#include <krb5.h>
#include "misc.h"
#define LOG_UNAUTH gettext("Unauthorized request: %s, %s, " \
@@ -463,12 +462,12 @@ log_unauth(
trunc_name(&slen, &sdots);
return krb5_klog_syslog(LOG_NOTICE,
- "Unauthorized request: %s, %.*s%s, "
- "client=%.*s%s, service=%.*s%s, addr=%s",
- op, tlen, target, tdots,
- clen, client, cdots,
- slen, server, sdots,
- addr);
+ "Unauthorized request: %s, %.*s%s, "
+ "client=%.*s%s, service=%.*s%s, addr=%s",
+ op, tlen, target, tdots,
+ clen, client, cdots,
+ slen, server, sdots,
+ addr);
}
static int
@@ -491,16 +490,16 @@ log_done(
trunc_name(&slen, &sdots);
return krb5_klog_syslog(LOG_NOTICE,
- "Request: %s, %.*s%s, %s, "
- "client=%.*s%s, service=%.*s%s, addr=%s",
- op, tlen, target, tdots, errmsg,
- clen, client, cdots,
- slen, server, sdots,
- addr);
+ "Request: %s, %.*s%s, %s, "
+ "client=%.*s%s, service=%.*s%s, addr=%s",
+ op, tlen, target, tdots, errmsg,
+ clen, client, cdots,
+ slen, server, sdots,
+ addr);
}
generic_ret *
-create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp)
+create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
@@ -511,6 +510,7 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp)
kadm5_server_handle_t handle;
kadm5_ret_t retval;
restriction_t *rp;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -558,14 +558,20 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp)
ret.code = kadm5_create_principal((void *)handle,
&arg->rec, arg->mask,
arg->passwd);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_create_principal",
prime_arg, client_name, ret.code);
log_done("kadm5_create_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
+ errmsg ? errmsg : "success",
client_name, service_name, client_addr(rqstp, buf));
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
+
if (policy_migrate && (ret.code == 0)) {
arg->rec.policy = strdup("default");
if ((arg->mask & KADM5_PW_EXPIRATION)) {
@@ -600,7 +606,7 @@ error:
}
generic_ret *
-create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp)
+create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
@@ -611,6 +617,7 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp)
kadm5_server_handle_t handle;
kadm5_ret_t retval;
restriction_t *rp;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -649,16 +656,23 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp)
&arg->rec, &arg->mask, rp)) {
ret.code = KADM5_AUTH_ADD;
log_unauth("kadm5_create_principal", prime_arg,
- client_name, service_name, client_addr(rqstp, buf));
+ client_name, service_name, client_addr(rqstp, buf));
} else {
ret.code = kadm5_create_principal_3((void *)handle,
&arg->rec, arg->mask,
arg->n_ks_tuple,
arg->ks_tuple,
arg->passwd);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
log_done("kadm5_create_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
if (policy_migrate && (ret.code == 0)) {
arg->rec.policy = strdup("default");
@@ -693,15 +707,18 @@ error:
}
generic_ret *
-delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp)
+delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
char *client_name = NULL, *service_name = NULL;
- OM_uint32 min_stat;
- kadm5_server_handle_t handle;
+ OM_uint32 min_stat;
+ kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
+
gss_name_t name = NULL;
+
xdr_free(xdr_generic_ret, (char *) &ret);
if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
@@ -736,13 +753,20 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp)
service_name, client_addr(rqstp, buf));
} else {
ret.code = kadm5_delete_principal((void *)handle, arg->princ);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_delete_principal",
prime_arg, client_name, ret.code);
- log_done("kadm5_delete_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ log_done("kadm5_delete_principal", prime_arg,
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
+
}
error:
@@ -759,7 +783,7 @@ error:
}
generic_ret *
-modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp)
+modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
@@ -768,6 +792,7 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp)
kadm5_server_handle_t handle;
restriction_t *rp;
gss_name_t name = NULL;
+ const char *errmsg = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -804,13 +829,19 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp)
} else {
ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
arg->mask);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_modify_principal",
prime_arg, client_name, ret.code);
log_done("kadm5_modify_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -827,7 +858,7 @@ error:
}
generic_ret *
-rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp)
+rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg1 = NULL, *prime_arg2 = NULL;
@@ -836,6 +867,7 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp)
OM_uint32 min_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
size_t tlen1, tlen2, clen, slen;
char *tdots1, *tdots2, *cdots, *sdots;
@@ -906,19 +938,26 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp)
} else {
ret.code = kadm5_rename_principal((void *)handle, arg->src,
arg->dest);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_rename_principal",
prime_arg, client_name, ret.code);
- krb5_klog_syslog(LOG_NOTICE,
- "Request: kadm5_rename_principal, "
- "%.*s%s to %.*s%s, %s, "
- "client=%.*s%s, service=%.*s%s, addr=%s",
- tlen1, prime_arg1, tdots1,
- tlen2, prime_arg2, tdots2,
- clen, client_name, cdots,
- slen, service_name, sdots,
- client_addr(rqstp, buf));
+ krb5_klog_syslog(LOG_NOTICE,
+ "Request: kadm5_rename_principal, "
+ "%.*s%s to %.*s%s, %s, "
+ "client=%.*s%s, service=%.*s%s, addr=%s",
+ tlen1, prime_arg1, tdots1,
+ tlen2, prime_arg2, tdots2,
+ errmsg ? errmsg : "success",
+ clen, client_name, cdots,
+ slen, service_name, sdots,
+ client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -937,7 +976,7 @@ error:
}
gprinc_ret *
-get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp)
+get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
{
static gprinc_ret ret;
kadm5_principal_ent_t_v1 e;
@@ -945,6 +984,7 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp)
char *client_name = NULL, *service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_gprinc_ret, (char *) &ret);
@@ -999,12 +1039,18 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp)
arg->mask);
}
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
audit_kadmind_auth(rqstp->rq_xprt, l_port,
funcname,
prime_arg, client_name, ret.code);
- log_done(funcname, prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ log_done(funcname, prime_arg, errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1021,7 +1067,7 @@ error:
}
gprincs_ret *
-get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp)
+get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
{
static gprincs_ret ret;
char *prime_arg = NULL;
@@ -1029,6 +1075,7 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp)
OM_uint32 min_stat;
kadm5_server_handle_t handle;
gss_name_t name = NULL;
+ const char *errmsg = NULL;
xdr_free(xdr_gprincs_ret, (char *) &ret);
@@ -1068,13 +1115,19 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp)
ret.code = kadm5_get_principals((void *)handle,
arg->exp, &ret.princs,
&ret.count);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_get_principals",
prime_arg, client_name, ret.code);
- log_done("kadm5_get_principals", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ log_done("kadm5_get_principals", prime_arg,
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1089,13 +1142,14 @@ error:
}
generic_ret *
-chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp)
+chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
char *client_name = NULL, *service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -1138,12 +1192,19 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp)
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_chpass_principal",
prime_arg, client_name, ret.code);
log_done("kadm5_chpass_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1160,7 +1221,7 @@ error:
}
generic_ret *
-chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp)
+chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
@@ -1168,6 +1229,7 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp)
*service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -1213,9 +1275,16 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp)
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
log_done("kadm5_chpass_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
+ errmsg ? errmsg : "success",
client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1233,7 +1302,7 @@ error:
#ifdef SUNWOFF
generic_ret *
-setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp)
+setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
@@ -1241,6 +1310,7 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp)
*service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -1277,9 +1347,16 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp)
}
if(ret.code != KADM5_AUTH_SETKEY) {
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
log_done("kadm5_setv4key_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1297,7 +1374,7 @@ error:
#endif
generic_ret *
-setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp)
+setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
@@ -1305,6 +1382,7 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp)
*service_name;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -1340,9 +1418,16 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp)
}
if(ret.code != KADM5_AUTH_SETKEY) {
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
log_done("kadm5_setkey_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1359,7 +1444,7 @@ error:
}
generic_ret *
-setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp)
+setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
@@ -1367,6 +1452,7 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp)
*service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -1406,9 +1492,16 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp)
}
if(ret.code != KADM5_AUTH_SETKEY) {
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
log_done("kadm5_setkey_principal", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1425,7 +1518,7 @@ error:
}
chrand_ret *
-chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp)
+chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
{
static chrand_ret ret;
krb5_keyblock *k;
@@ -1434,6 +1527,7 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp)
char *client_name = NULL, *service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_chrand_ret, (char *) &ret);
@@ -1489,12 +1583,18 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp)
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
audit_kadmind_auth(rqstp->rq_xprt, l_port,
funcname, prime_arg, client_name, ret.code);
- log_done(funcname, prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ log_done(funcname, prime_arg, errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
+ }
error:
if (name)
@@ -1510,7 +1610,7 @@ error:
}
chrand_ret *
-chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp)
+chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
{
static chrand_ret ret;
krb5_keyblock *k;
@@ -1520,6 +1620,7 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp)
*service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_chrand_ret, (char *) &ret);
@@ -1578,10 +1679,15 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp)
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
- /* Solaris Kerberos: Better error messages */
- log_done(funcname, prime_arg, ((ret.code == 0) ? "success" :
- krb5_get_error_message(handle->context, ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
+ log_done(funcname, prime_arg, errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1598,13 +1704,14 @@ error:
}
generic_ret *
-create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp)
+create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
char *client_name = NULL, *service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -1637,19 +1744,25 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp)
"kadm5_create_policy",
prime_arg, client_name);
log_unauth("kadm5_create_policy", prime_arg,
- client_name, service_name, client_addr(rqstp, buf));
-
+ client_name, service_name, client_addr(rqstp, buf));
+
} else {
ret.code = kadm5_create_policy((void *)handle, &arg->rec,
arg->mask);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_create_policy",
prime_arg, client_name, ret.code);
log_done("kadm5_create_policy",
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ ((prime_arg == NULL) ? "(null)" : prime_arg),
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1664,13 +1777,14 @@ error:
}
generic_ret *
-delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp)
+delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
char *client_name = NULL, *service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -1705,14 +1819,20 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp)
ret.code = KADM5_AUTH_DELETE;
} else {
ret.code = kadm5_delete_policy((void *)handle, arg->name);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_delete_policy",
prime_arg, client_name, ret.code);
log_done("kadm5_delete_policy",
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ ((prime_arg == NULL) ? "(null)" : prime_arg),
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1727,13 +1847,14 @@ error:
}
generic_ret *
-modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp)
+modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg = NULL;
char *client_name = NULL, *service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_generic_ret, (char *) &ret);
@@ -1769,15 +1890,21 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp)
} else {
ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
arg->mask);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_modify_policy",
prime_arg, client_name, ret.code);
log_done("kadm5_modify_policy",
- ((prime_arg == NULL) ? "(null)" : prime_arg),
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- }
+ ((prime_arg == NULL) ? "(null)" : prime_arg),
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
+ }
error:
if (name)
@@ -1791,7 +1918,7 @@ error:
}
gpol_ret *
-get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp)
+get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
{
static gpol_ret ret;
kadm5_ret_t ret2;
@@ -1802,6 +1929,7 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp)
kadm5_principal_ent_rec caller_ent;
krb5_principal caller;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_gpol_ret, (char *) &ret);
@@ -1861,16 +1989,25 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp)
&ret.rec);
}
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
audit_kadmind_auth(rqstp->rq_xprt, l_port,
funcname, prime_arg, client_name, ret.code);
- log_done(funcname, ((prime_arg == NULL) ? "(null)" : prime_arg),
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
- } else {
+ log_done(funcname,
+ ((prime_arg == NULL) ? "(null)" : prime_arg),
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
+
+ } else {
audit_kadmind_unauth(rqstp->rq_xprt, l_port,
funcname, prime_arg, client_name);
- log_unauth(funcname, prime_arg, client_name,
- service_name, client_addr(rqstp, buf));
+ log_unauth(funcname, prime_arg,
+ client_name, service_name, client_addr(rqstp, buf));
}
error:
@@ -1886,13 +2023,14 @@ error:
}
gpols_ret *
-get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp)
+get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
{
static gpols_ret ret;
char *prime_arg = NULL;
char *client_name = NULL, *service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_gpols_ret, (char *) &ret);
@@ -1927,18 +2065,24 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp)
"kadm5_get_policies",
prime_arg, client_name);
log_unauth("kadm5_get_policies", prime_arg,
- client_name, service_name, client_addr(rqstp, buf));
+ client_name, service_name, client_addr(rqstp, buf));
} else {
ret.code = kadm5_get_policies((void *)handle,
- arg->exp, &ret.pols,
- &ret.count);
+ arg->exp, &ret.pols,
+ &ret.count);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_get_policies",
prime_arg, client_name, ret.code);
- log_done("kadm5_get_policies", prime_arg,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
- client_name, service_name, client_addr(rqstp, buf));
+ log_done("kadm5_get_policies", prime_arg,
+ errmsg ? errmsg : "success",
+ client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
}
error:
@@ -1952,12 +2096,13 @@ error:
return (&ret);
}
-getprivs_ret * get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
+getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
{
static getprivs_ret ret;
char *client_name = NULL, *service_name = NULL;
OM_uint32 min_stat;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
gss_name_t name = NULL;
xdr_free(xdr_getprivs_ret, (char *) &ret);
@@ -1980,13 +2125,19 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
}
ret.code = __kadm5_get_priv((void *) handle, &ret.privs, name);
+ /* Solaris Kerberos */
+ if( ret.code != 0 )
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
audit_kadmind_auth(rqstp->rq_xprt, l_port,
"kadm5_get_privs", NULL, client_name,
ret.code);
log_done("kadm5_get_privs", client_name,
- ((ret.code == 0) ? "success" : error_message(ret.code)),
+ errmsg ? errmsg : "success",
client_name, service_name, client_addr(rqstp, buf));
+
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
error:
if (name)
@@ -1999,11 +2150,12 @@ error:
return (&ret);
}
-generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
+generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *client_name, *service_name;
kadm5_server_handle_t handle;
+ const char *errmsg = NULL;
size_t clen, slen;
char *cdots, *sdots;
@@ -2022,25 +2174,31 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
return &ret;
}
+ /* Solaris Kerberos */
+ if (ret.code != 0)
+ errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code);
+
audit_kadmind_auth(rqstp->rq_xprt, l_port,
(ret.api_version == KADM5_API_VERSION_1 ?
"kadm5_init (V1)" : "kadm5_init"),
NULL, client_name, ret.code);
- clen = strlen(client_name);
- trunc_name(&clen, &cdots);
- slen = strlen(service_name);
- trunc_name(&slen, &sdots);
- krb5_klog_syslog(LOG_NOTICE, "Request %s, %.*s%s, %s, "
- "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
- (ret.api_version == KADM5_API_VERSION_1 ?
- "kadm5_init (V1)" : "kadm5_init"),
- clen, client_name, cdots,
- (ret.code == 0) ? "success" : error_message(ret.code),
- clen, client_name, cdots,
- slen, service_name, sdots,
- client_addr(rqstp, buf),
- rqstp->rq_cred.oa_flavor);
+ clen = strlen(client_name);
+ trunc_name(&clen, &cdots);
+ slen = strlen(service_name);
+ trunc_name(&slen, &sdots);
+ krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
+ "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
+ (ret.api_version == KADM5_API_VERSION_1 ?
+ "kadm5_init (V1)" : "kadm5_init"),
+ clen, client_name, cdots,
+ errmsg ? errmsg : "success",
+ clen, client_name, cdots,
+ slen, service_name, sdots,
+ client_addr(rqstp, buf),
+ rqstp->rq_cred.oa_flavor);
+ if (errmsg != NULL)
+ krb5_free_error_message(handle ? handle->context : NULL, errmsg);
free(client_name);
free(service_name);
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-26 10:02:50 +0000