oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

adapt to new db_fetch, and try to print useful error messages when it fails

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9600 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2001-01-30 01:44:08 +00:00
parent fbfc71a0b6
commit d4263fdf0d
4 changed files with 75 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
kdc/524.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -63,12 +63,15 @@ fetch_server (const Ticket *t,
kdc_log(0, "krb5_unparse_name: %s", krb5_get_err_text(context, ret)); kdc_log(0, "krb5_unparse_name: %s", krb5_get_err_text(context, ret));
return ret; return ret;
} }
*server = db_fetch(sprinc); ret = db_fetch(sprinc, server);
krb5_free_principal(context, sprinc); krb5_free_principal(context, sprinc);
if(*server == NULL){ if (ret) {
kdc_log(0, "Request to convert ticket from %s for unknown principal %s", kdc_log(0,
from, *spn); "Request to convert ticket from %s for unknown principal %s: %s",
return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; from, *spn, krb5_get_err_text(context, ret));
if (ret == ENOENT)
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
return ret;
} }
return 0; return 0;
} }

6
kdc/kdc_locl.h
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-2000 Kungliga Tekniska H<>gskolan * Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -80,7 +80,7 @@ extern struct timeval now;
krb5_error_code as_rep (KDC_REQ*, krb5_data*, const char*, struct sockaddr*); krb5_error_code as_rep (KDC_REQ*, krb5_data*, const char*, struct sockaddr*);
void configure (int, char**); void configure (int, char**);
hdb_entry* db_fetch (krb5_principal); krb5_error_code db_fetch (krb5_principal, hdb_entry**);
void free_ent(hdb_entry *); void free_ent(hdb_entry *);
void kdc_log (int, const char*, ...) void kdc_log (int, const char*, ...)
__attribute__ ((format (printf, 2,3))); __attribute__ ((format (printf, 2,3)));
@@ -99,7 +99,7 @@ krb5_error_code check_flags(hdb_entry *client, const char *client_name,
krb5_boolean is_as_req); krb5_boolean is_as_req);
#ifdef KRB4 #ifdef KRB4
hdb_entry* db_fetch4 (const char*, const char*, const char*); krb5_error_code db_fetch4 (const char*, const char*, const char*, hdb_entry**);
krb5_error_code do_524 (const Ticket*, krb5_data*, const char*, struct sockaddr*); krb5_error_code do_524 (const Ticket*, krb5_data*, const char*, struct sockaddr*);
krb5_error_code do_version4 (unsigned char*, size_t, krb5_data*, const char*, krb5_error_code do_version4 (unsigned char*, size_t, krb5_data*, const char*,
struct sockaddr_in*); struct sockaddr_in*);

61
kdc/kerberos4.c
View File

@@ -37,8 +37,6 @@ RCSID("$Id$");
#ifdef KRB4 #ifdef KRB4
#include "kerberos4.h"
#ifndef swap32 #ifndef swap32
static u_int32_t static u_int32_t
swap32(u_int32_t x) swap32(u_int32_t x)
@@ -81,9 +79,10 @@ valid_princ(krb5_context context, krb5_principal princ)
ret = krb5_unparse_name(context, princ, &s); ret = krb5_unparse_name(context, princ, &s);
if (ret) if (ret)
return 0; return 0;
ent = db_fetch(princ); ret = db_fetch(princ, &ent);
if(ent == NULL){ if (ret) {
kdc_log(7, "Lookup %s failed", s); kdc_log(7, "Lookup %s failed: %s", s,
krb5_get_err_text (context, ret));
free(s); free(s);
return 0; return 0;
} }
@@ -93,20 +92,20 @@ valid_princ(krb5_context context, krb5_principal princ)
return 1; return 1;
} }
hdb_entry* krb5_error_code
db_fetch4(const char *name, const char *instance, const char *realm) db_fetch4(const char *name, const char *instance, const char *realm,
hdb_entry **ent)
{ {
krb5_principal p; krb5_principal p;
hdb_entry *ent;
krb5_error_code ret; krb5_error_code ret;
ret = krb5_425_conv_principal_ext(context, name, instance, realm, ret = krb5_425_conv_principal_ext(context, name, instance, realm,
valid_princ, 0, &p); valid_princ, 0, &p);
if(ret) if(ret)
return NULL; return ret;
ent = db_fetch(p); ret = db_fetch(p, ent);
krb5_free_principal(context, p); krb5_free_principal(context, p);
return ent; return ret;
} }
krb5_error_code krb5_error_code
@@ -228,15 +227,17 @@ do_version4(unsigned char *buf,
kdc_log(0, "AS-REQ %s from %s for %s", kdc_log(0, "AS-REQ %s from %s for %s",
client_name, from, server_name); client_name, from, server_name);
client = db_fetch4(name, inst, realm); ret = db_fetch4(name, inst, realm, &client);
if(client == NULL){ if(ret) {
kdc_log(0, "Client not found in database: %s", client_name); kdc_log(0, "Client not found in database: %s: %s",
client_name, krb5_get_err_text(context, ret));
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL); make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL);
goto out1; goto out1;
} }
server = db_fetch4(sname, sinst, v4_realm); ret = db_fetch4(sname, sinst, v4_realm, &server);
if(server == NULL){ if(ret){
kdc_log(0, "Server not found in database: %s", server_name); kdc_log(0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret));
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL); make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, NULL);
goto out1; goto out1;
} }
@@ -354,12 +355,13 @@ do_version4(unsigned char *buf,
goto out2; goto out2;
} }
tgt = db_fetch(tgt_princ); ret = db_fetch(tgt_princ, &tgt);
if(tgt == NULL){ if(ret){
char *s; char *s;
s = kdc_log_msg(0, "Ticket-granting ticket not " s = kdc_log_msg(0, "Ticket-granting ticket not "
"found in database: krbtgt.%s@%s", "found in database: krbtgt.%s@%s: %s",
realm, v4_realm); realm, v4_realm,
krb5_get_err_text(context, ret));
make_err_reply(reply, KFAILURE, s); make_err_reply(reply, KFAILURE, s);
free(s); free(s);
goto out2; goto out2;
@@ -430,22 +432,23 @@ do_version4(unsigned char *buf,
} }
#if 0 #if 0
client = db_fetch4(ad.pname, ad.pinst, ad.prealm); ret = db_fetch4(ad.pname, ad.pinst, ad.prealm, &client);
if(client == NULL){ if(ret){
char *s; char *s;
s = kdc_log_msg(0, "Client not found in database: %s.%s@%s", s = kdc_log_msg(0, "Client not found in database: %s.%s@%s: %s",
ad.pname, ad.pinst, ad.prealm); ad.pname, ad.pinst, ad.prealm,
krb5_get_err_text(context, ret));
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
free(s); free(s);
goto out2; goto out2;
} }
#endif #endif
server = db_fetch4(sname, sinst, v4_realm); ret = db_fetch4(sname, sinst, v4_realm, &server);
if(server == NULL){ if(ret){
char *s; char *s;
s = kdc_log_msg(0, "Server not found in database: %s", s = kdc_log_msg(0, "Server not found in database: %s: %s",
server_name); server_name, krb5_get_err_text(context, ret));
make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
free(s); free(s);
goto out2; goto out2;

55
kdc/kerberos5.c
View File

@@ -469,17 +469,18 @@ as_rep(KDC_REQ *req,
if(ret) if(ret)
goto out; goto out;
client = db_fetch(client_princ); ret = db_fetch(client_princ, &client);
if(client == NULL){ if(ret){
kdc_log(0, "UNKNOWN -- %s", client_name); kdc_log(0, "UNKNOWN -- %s: %s", client_name,
krb5_get_err_text(context, ret));
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
goto out; goto out;
} }
server = db_fetch(server_princ); ret = db_fetch(server_princ, &server);
if(ret){
if(server == NULL){ kdc_log(0, "UNKNOWN -- %s: %s", server_name,
kdc_log(0, "UNKNOWN -- %s", server_name); krb5_get_err_text(context, ret));
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out; goto out;
} }
@@ -1350,12 +1351,13 @@ tgs_rep2(KDC_REQ_BODY *b,
ap_req.ticket.sname, ap_req.ticket.sname,
ap_req.ticket.realm); ap_req.ticket.realm);
krbtgt = db_fetch(princ); ret = db_fetch(princ, &krbtgt);
if(krbtgt == NULL) { if(ret) {
char *p; char *p;
krb5_unparse_name(context, princ, &p); krb5_unparse_name(context, princ, &p);
kdc_log(0, "Ticket-granting ticket not found in database: %s", p); kdc_log(0, "Ticket-granting ticket not found in database: %s: %s",
p, krb5_get_err_text(context, ret));
free(p); free(p);
ret = KRB5KRB_AP_ERR_NOT_US; ret = KRB5KRB_AP_ERR_NOT_US;
goto out2; goto out2;
@@ -1510,10 +1512,11 @@ tgs_rep2(KDC_REQ_BODY *b,
goto out2; goto out2;
} }
principalname2krb5_principal(&p, t->sname, t->realm); principalname2krb5_principal(&p, t->sname, t->realm);
uu = db_fetch(p); ret = db_fetch(p, &uu);
krb5_free_principal(context, p); krb5_free_principal(context, p);
if(uu == NULL){ if(ret){
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; if (ret == ENOENT)
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out; goto out;
} }
ret = hdb_enctype2key(context, uu, t->enc_part.etype, &tkey); ret = hdb_enctype2key(context, uu, t->enc_part.etype, &tkey);
@@ -1541,10 +1544,9 @@ tgs_rep2(KDC_REQ_BODY *b,
else else
kdc_log(0, "TGS-REQ %s from %s for %s", cpn, from, spn); kdc_log(0, "TGS-REQ %s from %s for %s", cpn, from, spn);
server_lookup: server_lookup:
server = db_fetch(sp); ret = db_fetch(sp, &server);
if(server == NULL){ if(ret){
Realm req_rlm, new_rlm; Realm req_rlm, new_rlm;
if(loop++ < 2 && (req_rlm = is_krbtgt(&sp->name))){ if(loop++ < 2 && (req_rlm = is_krbtgt(&sp->name))){
new_rlm = find_rpath(req_rlm); new_rlm = find_rpath(req_rlm);
@@ -1559,19 +1561,24 @@ tgs_rep2(KDC_REQ_BODY *b,
goto server_lookup; goto server_lookup;
} }
} }
kdc_log(0, "Server not found in database: %s", spn); kdc_log(0, "Server not found in database: %s: %s", spn,
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; krb5_get_err_text(context, ret));
if (ret == ENOENT)
ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
goto out; goto out;
} }
client = db_fetch(cp); ret = db_fetch(cp, &client);
if(client == NULL) if(ret)
kdc_log(1, "Client not found in database: %s", cpn); kdc_log(1, "Client not found in database: %s: %s",
cpn, krb5_get_err_text(context, ret));
#if 0 #if 0
/* XXX check client only if same realm as krbtgt-instance */ /* XXX check client only if same realm as krbtgt-instance */
if(client == NULL){ if(ret){
kdc_log(0, "Client not found in database: %s", cpn); kdc_log(0, "Client not found in database: %s: %s",
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; cpn, krb5_get_err_text(context, ret));
if (ret == ENOENT)
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
goto out; goto out;
} }
#endif #endif