krb5_addlog_func() is used by Samba to obtain Kerberos log messages
and place them into the Samba logs.
Providing a hook down to the heim_addlog_func() is less disruptive
than needing to call multiple different APIs as Samba compiles
both with an included copy of Heimdal and against a system
Heimdal (when not an AD DC).
This API was deprecated and stubbed out in March 2020 by ea90ca8 and was
previously stable until 0c86917 (which looks like it should have been part of
e44c680).
Despite the need for the extra argument, which we add a test for, Samba would
prefer to keep the krb5_addlog_func() facility, so this adds it back.
Signed-off-by: Andrew Bartlett abartlet@samba.org
This is the second of two commits in a series that must be picked together.
This series of two commits moves parts of lib/krb5/ infrastructure
functionality to lib/base/, leaving behind wrappers.
Some parts of libkrb5 are entirely generic or easily made so, and could
be useful in various parts of Heimdal that are not specific to the krb5
API, such as:
- lib/gssapi/ (especially since the integration of NegoEx)
- lib/hx509/
- bx509d (which should really move out of kdc/)
For the above we need to move these bits of lib/krb5/:
- lib/krb5/config_file.c (all of it, leaving forwardings behind)
- lib/krb5/config_reg.c (all of it)
- lib/krb5/plugin.c (all of it, leaving forwardings behind)
- lib/krb5/log.c (all of it, ditto)
- lib/krb5/heim_err.et (all of it)
And because of those two, these too must also move:
- lib/krb5/expand_path.c (all of it, leaving forwardings behind)
- lib/krb5/warn.c (just the warning functions, ditto)
The changes to the moved files are mostly quite straightforward and are
best reviewed with --word-diff=color.
We're also creating a heim_context and a heim API to go with it. But
it's as thin as possible, with as little state as necessary to enable
this move. Functions for dealing with error messages use callbacks.
Moving plugin.c does have one knock-on effect on all users of the old
krb5 plugin API (which remains), which is that a global search and
replace of struct krb5_plugin_data to struct heim_plugin_data was
needed, though the layout and size of that structure doesn't change, so
the ABI doesn't either.
As well, we now build lib/vers/ and lib/com_err/ before lib/base/ so as
to be able to move lib/krb5/heim_err.et to lib/base/ so that we can make
use of HEIM_ERR_* in lib/base/, specifically in the files that moved.
Once this is all done we'll be able to use config files and plugins in
lib/hx509/, we'll be able to move bx509d out of kdc/, and so on.
Most if not all of the new functions in lib/base/ are Heimdal-private,
thus calling conventions for them are not declared.
Status:
- builds and passes CIs (Travis, Appveyor)
- ran make check-valgrind and no new leaks or other memory errors
- ready for review
HOW TO REVIEW:
$ # Review file moves:
$ git log --stat -n1 HEAD^
$
$ # Review changes to moved files using --word-diff=color
$ git log -p -b -w --word-diff=color HEAD^..HEAD \
lib/base/config_file.c \
lib/base/config_reg.c \
lib/base/expand_path.c \
lib/base/warn.c \
lib/krb5/config_file.c \
lib/krb5/config_reg.c \
lib/krb5/expand_path.c \
lib/krb5/warn.c
$
$ # Review the whole thing, possibly adding -b and/or -w, and
$ # maybe --word-diff=color:
$ git log -p origin/master..HEAD
$ git log -p -b -w origin/master..HEAD
$ git log -p -b -w --word-diff=color origin/master..HEAD
TBD (future commits):
- make lib/gssapi use the new heimbase functions
- move kx509/bx509d common code to lib/hx509/ or other approp. location
- move bx509d out of kdc/
This is the first of two commits in a series that must be picked
together.
This series of two commits moves parts of lib/krb5/ infrastructure
functionality to lib/base/, leaving behind wrappers.
This commit only renames files to enable git log/diff/blame to follow
the renames: to help future code archeology, and to make reviewing these
two commits easier.
The next commit in this series ensures that the moved files have the
correct content (i.e., defining heim APIs instead of krb5 APIs), and
will create files in lib/krb5 with the same names and krb5 API wrappers
around the new heim API functions.
The next commit also explains the motivation, which, briefly, is to:
- remove krb5 API usage from lib/gssapi/,
- enable the use of configuration and plugins in lib/hx509/
(as well as lib/gssapi/ and future projects),
and
- enable the further disentanglement of bx509d from kdc/.
Our logging framework used to strnvisx(3) each and every line
iff it is written to a FILE. This is often unhelpful because
the line usually contains a number of elements that have already
been quoted and it makes the logs much more difficult to read in
this case. An example if krb5_unparse_name() which will already
quote most characters that one cares about.
We change the behaviour to simply drop unprintable characters
rather than encoding them. We thus rely on the rest of the
code to properly encode data elements written into the logs.
We define the meaning of the various log levels in the man page
for krb5_openlog(3). If logging configured and levels are not
specified, we change the default levels to 0-3 which should exclude
debugging messages which are generally only desired in exceptional
circumstances.
We also go through the KDC and adjust the levels to be appropriate.
Windows treats '\\' and '/' equivalently but we cannot control
the form that will be used by end users. Introduce ISPATHSEP()
macro which tests only for '/' on UNIX and both on Windows.
Introduce ISTILDE() macro to test for '~'. When testing for
'/' with strchr() or strrchr() add conditional checks for '\\' on
Windows.
Change-Id: Ia85e698fc88f15a6a71db649db5417f02ef7e5fe
actual string to log, should at least provide some hint as to where
things went wrong
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9029 ec53bebd-3082-4978-b11e-865c3cabbd6b
