Partial merge from Novell LDAP integration branch, not including the

actual LDAP bits:

* include/kdb.h (krb5_db_entry_new): Add MASK field indicating what's
changed.
(KRB5_KDB_SRV_TYPE_*): New macros indicating which type of service is
accessing the database.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* lib/kadm5/srv/server_misc.c, server_init.c: Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_stash.c (kdb5_stash): Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_util.c (open_db_and_mkey): Pass service type to
krb5_db_open.
* kdc/main.c (init_realm): Pass service type to krb5_db_open.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* kadmin/dbutil/dump.c (load_db): Pass service type to krb5_db_open.
* lib/kdb/kdb5.h (KRB5_KDB_SRV_TYPE_*): New macros.

* lib/kdb/err_handle.{c,h}: Deleted.
* lib/kadm5/clnt/err_handle.{c,h}: Deleted.
(krb5_db_clr_error): Declaration deleted.
* lib/kdb/Makefile.in, lib/kadm5/clnt/Makefile.in: Don't build them.
* lib/kdb/kdb5.c, lib/kadm5/clnt, lib/kadm5/srv: Use new error-message API.
* kdc/do_tgs_req.c (process_tgs_req): Use new error-message API.
* kdc/kdc_preauth.c (check_padata)
* kdc/do_as_req.c (process_as_req):
* kdc/main.c (init_realm):
* kadmin/server/ovsec_kadmd.c (main, do_schpw):
* schpw.c (process_chpw_request):
* kadmin/server/server_stubs.c:
* kadmin/cli/kadmin.c (extended_com_err_fn): New function.
(kadmin_startup): Tell com_err library to use it, for kadmin.local.
* lib/kdb/libkdb5.exports: Don't export krb5_db_clr_error.
* lib/kdb/Makefile.in: (SRCS, STLIBOBJS): Don't build err_handle.c.
* lib/kdb/kdb5.c (kdb_load_library): Don't pass argument to init_library.
(krb5_db_clr_error): Function deleted.
* lib/kdb/kdb5.h (struct _kdb_vftabl): Remove argument from init_library field.
* lib/kadm5/logger.c (krb5_klog_init): Save the krb5_context pointer.
(klog_com_err_proc): Use it, and call new error-message API.
* lib/kadm5/srv/svr_principal.c: Use new error-message API.
* kadmin/dbutil/kdb5_util.c (extended_com_err_fn): New function.
(main): Tell com_err library to use it.

* plugins/kdb/db2: Use new error-message APIs and updated DAL
interface.

* lib/kadm5/kadm_rpc.h: Delete err_str fields.
* lib/kadm5/kadm_rpc_xdr.c: Don't process them.
* kadmin/server/server_stubs.c: Don't use ret.err_str field.

* include/k5-thread.h (k5_key_t): Deleted unused values.

* lib/kdb/kdb5.h (KDB_MODULE_SECTION): Change db_modules to dbmodules.
(KDB_MODULE_DEF_SECTION): New macro.
* tests/Makefile.in (krb5.conf): Rename db_modules to dbmodules.
* tests/dejagnu/config/default.exp (setup_krb5_conf): Likewise.
* kadmin/testing/proto/krb5.conf.proto: Likewise.

* lib/kdb/libkdb5.exports: Do export krb5_def_store_mkey.

* lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED): New macros.
(struct _kadm5_config_params): New field kpasswd_server.

* lib/krb5/error_tables/kdb5_err.et (KRB5_KDB_SERVER_INTERNAL_ERR):
New error code.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17899 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 17 insertions, 12 deletions

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 2916cfee0..1523d1f80 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -427,17 +427,18 @@ process_as_req(krb5_kdc_req *request, const krb5_fulladdr *from,
 #endif	/* KRBCONF_KDC_MODIFIES_KDB */
 
 errout:
-    if (status)
+    if (status) {
         krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s",
 			 ktypestr,
 	       fromstring, status, 
 	       cname ? cname : "<unknown client>",
 	       sname ? sname : "<unknown server>",
 	       errcode ? ", " : "",
-	       errcode ? error_message(errcode) : "");
+	       errcode ? krb5_get_error_message (kdc_context, errcode) : "");
+    }
     if (errcode) {
 	if (status == 0)
-	    status = error_message (errcode);
+	    status = krb5_get_error_message (kdc_context, errcode);
 	errcode -= ERROR_TABLE_BASE_krb5;
 	if (errcode < 0 || errcode > 128)
 	    errcode = KRB_ERR_GENERIC;
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index d85d4b58c..7f8f265a8 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -509,7 +509,7 @@ tgt_again:
 			      sname ? sname : "<unknown server>",
 			      enc_tkt_reply.transited.tr_contents.length,
 			      enc_tkt_reply.transited.tr_contents.data,
-			      error_message (errcode));
+			      krb5_get_error_message(kdc_context, errcode));
     } else
 	krb5_klog_syslog (LOG_INFO, "not checking transit path");
     if (reject_bad_transit
@@ -655,12 +655,12 @@ cleanup:
 			 cname ? cname : "<unknown client>",
 			 sname ? sname : "<unknown server>",
 			 errcode ? ", " : "",
-			 errcode ? error_message(errcode) : "");
+			 errcode ? krb5_get_error_message (kdc_context, errcode) : "");
     }
     
     if (errcode) {
 	if (status == 0)
-	    status = error_message (errcode);
+	    status = krb5_get_error_message (kdc_context, errcode);
 	errcode -= ERROR_TABLE_BASE_krb5;
 	if (errcode < 0 || errcode > 128)
 	    errcode = KRB_ERR_GENERIC;
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index d5698ebf8..48a6a6a7c 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -371,7 +371,8 @@ check_padata (krb5_context context, krb5_db_entry *client,
 				       enc_tkt_reply, *padata);
 	if (retval) {
 	    krb5_klog_syslog (LOG_INFO, "preauth (%s) verify failure: %s",
-			      pa_sys->name, error_message (retval));
+			      pa_sys->name,
+			      krb5_get_error_message (context, retval));
 	    if (pa_sys->flags & PA_REQUIRED) {
 		pa_ok = 0;
 		break;
@@ -394,9 +395,10 @@ check_padata (krb5_context context, krb5_db_entry *client,
         !isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH))
        return 0;
 
-    if (!pa_found)
+    if (!pa_found) {
 	krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s",
-			  error_message (retval));
+			  krb5_get_error_message(context, retval));
+    }
 /* The following switch statement allows us
  * to return some preauth system errors back to the client.
  */
diff --git a/src/kdc/main.c b/src/kdc/main.c
index c5ecdec7a..d03b81e03 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -240,9 +240,11 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm,
 
     /* first open the database  before doing anything */
 #ifdef KRBCONF_KDC_MODIFIES_KDB    
-    if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RW))) {
+    if ((kret = krb5_db_open(rdp->realm_context, db_args, 
+			     KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_KDC))) {
 #else
-    if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RO))) {
+    if ((kret = krb5_db_open(rdp->realm_context, db_args, 
+			     KRB5_KDB_OPEN_RO | KRB5_KDB_SRV_TYPE_KDC))) {
 #endif
 	com_err(progname, kret,
 		"while initializing database for realm %s", realm);
@@ -590,7 +592,7 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
 	    com_err(argv[0], retval,
 		    "while attempting to retrieve default realm");
 	    fprintf (stderr, "%s: %s, attempting to retrieve default realm\n",
-		     argv[0], error_message (retval));
+		     argv[0], krb5_get_error_message(kcontext, retval));
 	    exit(1);
 	}
 	if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {