Sat Jun 7 22:26:10 2008 UTC ()
Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION
will be bumped again once some other patches are in.


(tonnerre)
diff -r1.18 -r1.19 pkgsrc/security/mit-krb5/distinfo
diff -r1.2 -r1.3 pkgsrc/security/mit-krb5/patches/patch-ba
diff -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-bf
diff -r0 -r1.1 pkgsrc/security/mit-krb5/patches/patch-bg
cvs diff -r1.18 -r1.19 pkgsrc/security/mit-krb5/distinfo (expand / switch to unified diff)

--- pkgsrc/security/mit-krb5/distinfo 2008/06/07 20:22:18 1.18
+++ pkgsrc/security/mit-krb5/distinfo 2008/06/07 22:26:10 1.19
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1$NetBSD: distinfo,v 1.18 2008/06/07 20:22:18 tonnerre Exp $ 1$NetBSD: distinfo,v 1.19 2008/06/07 22:26:10 tonnerre Exp $
2 2
3SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88 3SHA1 (krb5-1.4.2-signed.tar) = bbc03bd319d539fb9523c2545d80ba0784522e88
4RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f 4RMD160 (krb5-1.4.2-signed.tar) = 44500f5fab8e5959cf43f17f5f52f68e2dc73a1f
5Size (krb5-1.4.2-signed.tar) = 6696960 bytes 5Size (krb5-1.4.2-signed.tar) = 6696960 bytes
6SHA1 (patch-aa) = 17e0934ea2ef21b3457fba54cf3d1c36de2da479 6SHA1 (patch-aa) = 17e0934ea2ef21b3457fba54cf3d1c36de2da479
7SHA1 (patch-ab) = 8d6904b80e8576085acbaa3ac0cd17824c7b301d 7SHA1 (patch-ab) = 8d6904b80e8576085acbaa3ac0cd17824c7b301d
8SHA1 (patch-ac) = d0777e6005cd1249c7c6406068973f6959d11302 8SHA1 (patch-ac) = d0777e6005cd1249c7c6406068973f6959d11302
9SHA1 (patch-ad) = 7b17ffcd14cdedeb0ddfb606802a156589995c1b 9SHA1 (patch-ad) = 7b17ffcd14cdedeb0ddfb606802a156589995c1b
10SHA1 (patch-ae) = fc6d5e11cd827cdfbe1bfc3a3c7ca9f5a71c17d7 10SHA1 (patch-ae) = fc6d5e11cd827cdfbe1bfc3a3c7ca9f5a71c17d7
11SHA1 (patch-af) = c9631743e3c93aee2aab5c8a370e9bebfc4084e5 11SHA1 (patch-af) = c9631743e3c93aee2aab5c8a370e9bebfc4084e5
12SHA1 (patch-ag) = 5da57455f36a2bd40e0f97db94e93249e90e0b8e 12SHA1 (patch-ag) = 5da57455f36a2bd40e0f97db94e93249e90e0b8e
13SHA1 (patch-ah) = 59a6bfc341a22234b38db406abe83b0d6d358a9f 13SHA1 (patch-ah) = 59a6bfc341a22234b38db406abe83b0d6d358a9f
14SHA1 (patch-ai) = 5b0f1ae222e50eb0eb3ed98c79188318ae0969b5 14SHA1 (patch-ai) = 5b0f1ae222e50eb0eb3ed98c79188318ae0969b5
@@ -19,18 +19,20 @@ SHA1 (patch-am) = 050690479d75c5df6e8942 @@ -19,18 +19,20 @@ SHA1 (patch-am) = 050690479d75c5df6e8942
19SHA1 (patch-an) = ccf76eecb4a0f3b4c7addd37ab8391dc831caa41 19SHA1 (patch-an) = ccf76eecb4a0f3b4c7addd37ab8391dc831caa41
20SHA1 (patch-ao) = 22f907ce8c6d66582523b05326a9e8d56ae28401 20SHA1 (patch-ao) = 22f907ce8c6d66582523b05326a9e8d56ae28401
21SHA1 (patch-ap) = c77a8f7bc35aa184e510bac576c12f55d5cfbf65 21SHA1 (patch-ap) = c77a8f7bc35aa184e510bac576c12f55d5cfbf65
22SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02 22SHA1 (patch-aq) = 52429b712ca7a478caeb76fd165585c7aab7fa02
23SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a 23SHA1 (patch-ar) = 37807c14f03533aef8796ac90e5fac36ff98308a
24SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34 24SHA1 (patch-as) = b155219fd512b59f698497af1bf6acf1ca4f4a34
25SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c 25SHA1 (patch-at) = df0605b0f5fbaef6b7540f87079ae64b2acc464c
26SHA1 (patch-au) = 238f497afd9ad129babc0b6c727eb23e9915536c 26SHA1 (patch-au) = 238f497afd9ad129babc0b6c727eb23e9915536c
27SHA1 (patch-av) = db0fce68f58307be4c359758f2c9b31d62ab8348 27SHA1 (patch-av) = db0fce68f58307be4c359758f2c9b31d62ab8348
28SHA1 (patch-aw) = 0e651b675d166e71f6543cbad8e29eece89d5b67 28SHA1 (patch-aw) = 0e651b675d166e71f6543cbad8e29eece89d5b67
29SHA1 (patch-ax) = d403c910211e48c6d1dc27cb2dd98d5f20cc688d 29SHA1 (patch-ax) = d403c910211e48c6d1dc27cb2dd98d5f20cc688d
30SHA1 (patch-ay) = 9f54c79c105d7baca3f1efa68a25f9b39dbf7683 30SHA1 (patch-ay) = 9f54c79c105d7baca3f1efa68a25f9b39dbf7683
31SHA1 (patch-az) = 79fd9cbbf34287b78d5c6c2faf72e147457f7f37 31SHA1 (patch-az) = 79fd9cbbf34287b78d5c6c2faf72e147457f7f37
32SHA1 (patch-ba) = ae3071aa6039d52ba56eab8f2b105623d62e5689 32SHA1 (patch-ba) = b413b82de3248600beb003456cde811637d05206
33SHA1 (patch-bb) = 156d3341d1cf40cfbe5833f7ad68b5aec297d3fb 33SHA1 (patch-bb) = 156d3341d1cf40cfbe5833f7ad68b5aec297d3fb
34SHA1 (patch-bc) = 8b422991ca22903596cf157ea3603abb741c50a5 34SHA1 (patch-bc) = 8b422991ca22903596cf157ea3603abb741c50a5
35SHA1 (patch-bd) = 8cf0425d2fedea452f80fa599f3c4515e51d834c 35SHA1 (patch-bd) = 8cf0425d2fedea452f80fa599f3c4515e51d834c
36SHA1 (patch-be) = c4497d7b68cefd8109d615c2125d9dc7aa508e5d 36SHA1 (patch-be) = c4497d7b68cefd8109d615c2125d9dc7aa508e5d
 37SHA1 (patch-bf) = 1e16b6cbe51a5aa07ac7c7c3c343e82bf16dcde6
 38SHA1 (patch-bg) = fa70e00a2eb283782c9960a2c74a879862b979c5
cvs diff -r1.2 -r1.3 pkgsrc/security/mit-krb5/patches/Attic/patch-ba (expand / switch to unified diff)

--- pkgsrc/security/mit-krb5/patches/Attic/patch-ba 2008/06/07 20:22:18 1.2
+++ pkgsrc/security/mit-krb5/patches/Attic/patch-ba 2008/06/07 22:26:10 1.3
@@ -157,420 +157,466 @@ $NetBSD$ @@ -157,420 +157,466 @@ $NetBSD$
157 ret.code = kadm5_modify_principal((void *)handle, &arg->rec, 157 ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
158 arg->mask); 158 arg->mask);
159- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal", 159- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal",
160- prime_arg, ((ret.code == 0) ? "success" : 160- prime_arg, ((ret.code == 0) ? "success" :
161- error_message(ret.code)),  161- error_message(ret.code)),
162- client_name.value, service_name.value, 162- client_name.value, service_name.value,
163- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 163- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
164+ log_done("kadm5_modify_principal", prime_arg, 164+ log_done("kadm5_modify_principal", prime_arg,
165+ ((ret.code == 0) ? "success" : error_message(ret.code)), 165+ ((ret.code == 0) ? "success" : error_message(ret.code)),
166+ &client_name, &service_name, rqstp); 166+ &client_name, &service_name, rqstp);
167 } 167 }
168 free_server_handle(handle); 168 free_server_handle(handle);
169 free(prime_arg); 169 free(prime_arg);
170@@ -510,17 +556,14 @@ rename_principal_1_svc(rprinc_arg *arg,  170@@ -466,12 +512,13 @@ rename_principal_1_svc(rprinc_arg *arg,
 171 static generic_ret ret;
 172 char *prime_arg1,
 173 *prime_arg2;
 174- char prime_arg[BUFSIZ];
 175 gss_buffer_desc client_name,
 176 service_name;
 177 OM_uint32 minor_stat;
 178 kadm5_server_handle_t handle;
 179 restriction_t *rp;
 180+ size_t tlen1, tlen2, clen, slen;
 181+ char *tdots1, *tdots2, *cdots, *sdots;
 182
 183 xdr_free(xdr_generic_ret, &ret);
 184
 185@@ -492,7 +539,14 @@ rename_principal_1_svc(rprinc_arg *arg,
 186 ret.code = KADM5_BAD_PRINCIPAL;
 187 return &ret;
 188 }
 189- sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
 190+ tlen1 = strlen(prime_arg1);
 191+ trunc_name(&tlen1, &tdots1);
 192+ tlen2 = strlen(prime_arg2);
 193+ trunc_name(&tlen2, &tdots2);
 194+ clen = client_name.length;
 195+ trunc_name(&clen, &cdots);
 196+ slen = service_name.length;
 197+ trunc_name(&slen, &sdots);
 198
 199 ret.code = KADM5_OK;
 200 if (! CHANGEPW_SERVICE(rqstp)) {
 201@@ -510,17 +564,29 @@ rename_principal_1_svc(rprinc_arg *arg,
171 } else 202 } else
172 ret.code = KADM5_AUTH_INSUFFICIENT; 203 ret.code = KADM5_AUTH_INSUFFICIENT;
173 if (ret.code != KADM5_OK) { 204 if (ret.code != KADM5_OK) {
174- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal", 205- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_rename_principal",
175- prime_arg, client_name.value, service_name.value, 206- prime_arg, client_name.value, service_name.value,
176- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 207- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
177+ log_unauth("kadm5_rename_principal", prime_arg, 208+ krb5_klog_syslog(LOG_NOTICE,
178+ &client_name, &service_name, rqstp); 209+ "Unauthorized request: kadm5_rename_principal, "
 210+ "%.*s%s to %.*s%s, "
 211+ "client=%.*s%s, service=%.*s%s, addr=%s",
 212+ tlen1, prime_arg1, tdots1,
 213+ tlen2, prime_arg2, tdots2,
 214+ clen, client_name.value, cdots,
 215+ slen, service_name.value, sdots,
 216+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
179 } else { 217 } else {
180 ret.code = kadm5_rename_principal((void *)handle, arg->src, 218 ret.code = kadm5_rename_principal((void *)handle, arg->src,
181 arg->dest); 219 arg->dest);
182- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal", 220- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal",
183- prime_arg, ((ret.code == 0) ? "success" : 221- prime_arg, ((ret.code == 0) ? "success" :
184- error_message(ret.code)),  222- error_message(ret.code)),
185- client_name.value, service_name.value, 223- client_name.value, service_name.value,
186- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 224- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
187+ log_done("kadm5_rename_principal", prime_arg, 225+ krb5_klog_syslog(LOG_NOTICE,
188+ ((ret.code == 0) ? "success" : error_message(ret.code)), 226+ "Request: kadm5_rename_principal, "
189+ &client_name, &service_name, rqstp); 227+ "%.*s%s to %.*s%s, %s, "
 228+ "client=%.*s%s, service=%.*s%s, addr=%s",
 229+ tlen1, prime_arg1, tdots1,
 230+ tlen2, prime_arg2, tdots2,
 231+ ((ret.code == 0) ? "success" :
 232+ error_message(ret.code)),
 233+ clen, client_name.value, cdots,
 234+ slen, service_name.value, sdots,
 235+ inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
190 } 236 }
191 free_server_handle(handle); 237 free_server_handle(handle);
192 free(prime_arg1); 238 free(prime_arg1);
193@@ -572,9 +615,8 @@ get_principal_1_svc(gprinc_arg *arg, str 239@@ -572,9 +638,8 @@ get_principal_1_svc(gprinc_arg *arg, str
194 arg->princ, 240 arg->princ,
195 NULL))) { 241 NULL))) {
196 ret.code = KADM5_AUTH_GET; 242 ret.code = KADM5_AUTH_GET;
197- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, 243- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
198- prime_arg, client_name.value, service_name.value, 244- prime_arg, client_name.value, service_name.value,
199- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 245- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
200+ log_unauth(funcname, prime_arg, 246+ log_unauth(funcname, prime_arg,
201+ &client_name, &service_name, rqstp); 247+ &client_name, &service_name, rqstp);
202 } else { 248 } else {
203 if (handle->api_version == KADM5_API_VERSION_1) { 249 if (handle->api_version == KADM5_API_VERSION_1) {
204 ret.code = kadm5_get_principal_v1((void *)handle, 250 ret.code = kadm5_get_principal_v1((void *)handle,
205@@ -588,12 +630,10 @@ get_principal_1_svc(gprinc_arg *arg, str 251@@ -588,12 +653,10 @@ get_principal_1_svc(gprinc_arg *arg, str
206 arg->princ, &ret.rec, 252 arg->princ, &ret.rec,
207 arg->mask); 253 arg->mask);
208 } 254 }
209-  255-
210- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, 256- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
211- prime_arg,  257- prime_arg,
212- ((ret.code == 0) ? "success" : error_message(ret.code)),  258- ((ret.code == 0) ? "success" : error_message(ret.code)),
213- client_name.value, service_name.value, 259- client_name.value, service_name.value,
214- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 260- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
215+ 261+
216+ log_done(funcname, prime_arg, 262+ log_done(funcname, prime_arg,
217+ ((ret.code == 0) ? "success" : error_message(ret.code)), 263+ ((ret.code == 0) ? "success" : error_message(ret.code)),
218+ &client_name, &service_name, rqstp); 264+ &client_name, &service_name, rqstp);
219 } 265 }
220 free_server_handle(handle); 266 free_server_handle(handle);
221 free(prime_arg); 267 free(prime_arg);
222@@ -638,18 +678,15 @@ get_princs_1_svc(gprincs_arg *arg, struc 268@@ -638,18 +701,15 @@ get_princs_1_svc(gprincs_arg *arg, struc
223 NULL, 269 NULL,
224 NULL)) { 270 NULL)) {
225 ret.code = KADM5_AUTH_LIST; 271 ret.code = KADM5_AUTH_LIST;
226- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals", 272- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_principals",
227- prime_arg, client_name.value, service_name.value, 273- prime_arg, client_name.value, service_name.value,
228- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 274- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
229+ log_unauth("kadm5_get_principals", prime_arg, 275+ log_unauth("kadm5_get_principals", prime_arg,
230+ &client_name, &service_name, rqstp); 276+ &client_name, &service_name, rqstp);
231 } else { 277 } else {
232 ret.code = kadm5_get_principals((void *)handle, 278 ret.code = kadm5_get_principals((void *)handle,
233 arg->exp, &ret.princs, 279 arg->exp, &ret.princs,
234 &ret.count); 280 &ret.count);
235- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals", 281- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals",
236- prime_arg,  282- prime_arg,
237+ log_done("kadm5_get_principals", prime_arg, 283+ log_done("kadm5_get_principals", prime_arg,
238 ((ret.code == 0) ? "success" : error_message(ret.code)),  284 ((ret.code == 0) ? "success" : error_message(ret.code)),
239- client_name.value, service_name.value, 285- client_name.value, service_name.value,
240- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 286- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
241+ &client_name, &service_name, rqstp); 287+ &client_name, &service_name, rqstp);
242 } 288 }
243 free_server_handle(handle); 289 free_server_handle(handle);
244 gss_release_buffer(&minor_stat, &client_name); 290 gss_release_buffer(&minor_stat, &client_name);
245@@ -697,18 +734,15 @@ chpass_principal_1_svc(chpass_arg *arg,  291@@ -697,18 +757,15 @@ chpass_principal_1_svc(chpass_arg *arg,
246 ret.code = kadm5_chpass_principal((void *)handle, arg->princ, 292 ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
247 arg->pass); 293 arg->pass);
248 } else { 294 } else {
249- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", 295- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
250- prime_arg, client_name.value, service_name.value, 296- prime_arg, client_name.value, service_name.value,
251- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 297- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
252+ log_unauth("kadm5_chpass_principal", prime_arg, 298+ log_unauth("kadm5_chpass_principal", prime_arg,
253+ &client_name, &service_name, rqstp); 299+ &client_name, &service_name, rqstp);
254 ret.code = KADM5_AUTH_CHANGEPW; 300 ret.code = KADM5_AUTH_CHANGEPW;
255 } 301 }
256  302
257 if(ret.code != KADM5_AUTH_CHANGEPW) { 303 if(ret.code != KADM5_AUTH_CHANGEPW) {
258- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",  304- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",
259- prime_arg, ((ret.code == 0) ? "success" : 305- prime_arg, ((ret.code == 0) ? "success" :
260- error_message(ret.code)),  306- error_message(ret.code)),
261- client_name.value, service_name.value, 307- client_name.value, service_name.value,
262- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 308- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
263+ log_done("kadm5_chpass_principal", prime_arg, 309+ log_done("kadm5_chpass_principal", prime_arg,
264+ ((ret.code == 0) ? "success" : error_message(ret.code)), 310+ ((ret.code == 0) ? "success" : error_message(ret.code)),
265+ &client_name, &service_name, rqstp); 311+ &client_name, &service_name, rqstp);
266 } 312 }
267  313
268 free_server_handle(handle); 314 free_server_handle(handle);
269@@ -764,18 +798,15 @@ chpass_principal3_1_svc(chpass3_arg *arg 315@@ -764,18 +821,15 @@ chpass_principal3_1_svc(chpass3_arg *arg
270 arg->ks_tuple, 316 arg->ks_tuple,
271 arg->pass); 317 arg->pass);
272 } else { 318 } else {
273- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal", 319- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_chpass_principal",
274- prime_arg, client_name.value, service_name.value, 320- prime_arg, client_name.value, service_name.value,
275- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 321- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
276+ log_unauth("kadm5_chpass_principal", prime_arg, 322+ log_unauth("kadm5_chpass_principal", prime_arg,
277+ &client_name, &service_name, rqstp); 323+ &client_name, &service_name, rqstp);
278 ret.code = KADM5_AUTH_CHANGEPW; 324 ret.code = KADM5_AUTH_CHANGEPW;
279 } 325 }
280  326
281 if(ret.code != KADM5_AUTH_CHANGEPW) { 327 if(ret.code != KADM5_AUTH_CHANGEPW) {
282- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",  328- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal",
283- prime_arg, ((ret.code == 0) ? "success" : 329- prime_arg, ((ret.code == 0) ? "success" :
284- error_message(ret.code)),  330- error_message(ret.code)),
285- client_name.value, service_name.value, 331- client_name.value, service_name.value,
286- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 332- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
287+ log_done("kadm5_chpass_principal", prime_arg, 333+ log_done("kadm5_chpass_principal", prime_arg,
288+ ((ret.code == 0) ? "success" : error_message(ret.code)), 334+ ((ret.code == 0) ? "success" : error_message(ret.code)),
289+ &client_name, &service_name, rqstp); 335+ &client_name, &service_name, rqstp);
290 } 336 }
291  337
292 free_server_handle(handle); 338 free_server_handle(handle);
293@@ -822,18 +853,15 @@ setv4key_principal_1_svc(setv4key_arg *a 339@@ -822,18 +876,15 @@ setv4key_principal_1_svc(setv4key_arg *a
294 ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, 340 ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
295 arg->keyblock); 341 arg->keyblock);
296 } else { 342 } else {
297- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal", 343- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setv4key_principal",
298- prime_arg, client_name.value, service_name.value, 344- prime_arg, client_name.value, service_name.value,
299- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 345- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
300+ log_unauth("kadm5_setv4key_principal", prime_arg, 346+ log_unauth("kadm5_setv4key_principal", prime_arg,
301+ &client_name, &service_name, rqstp); 347+ &client_name, &service_name, rqstp);
302 ret.code = KADM5_AUTH_SETKEY; 348 ret.code = KADM5_AUTH_SETKEY;
303 } 349 }
304  350
305 if(ret.code != KADM5_AUTH_SETKEY) { 351 if(ret.code != KADM5_AUTH_SETKEY) {
306- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal",  352- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal",
307- prime_arg, ((ret.code == 0) ? "success" : 353- prime_arg, ((ret.code == 0) ? "success" :
308- error_message(ret.code)),  354- error_message(ret.code)),
309- client_name.value, service_name.value, 355- client_name.value, service_name.value,
310- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 356- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
311+ log_done("kadm5_setv4key_principal", prime_arg, 357+ log_done("kadm5_setv4key_principal", prime_arg,
312+ ((ret.code == 0) ? "success" : error_message(ret.code)), 358+ ((ret.code == 0) ? "success" : error_message(ret.code)),
313+ &client_name, &service_name, rqstp); 359+ &client_name, &service_name, rqstp);
314 } 360 }
315  361
316 free_server_handle(handle); 362 free_server_handle(handle);
317@@ -880,18 +908,15 @@ setkey_principal_1_svc(setkey_arg *arg,  363@@ -880,18 +931,15 @@ setkey_principal_1_svc(setkey_arg *arg,
318 ret.code = kadm5_setkey_principal((void *)handle, arg->princ, 364 ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
319 arg->keyblocks, arg->n_keys); 365 arg->keyblocks, arg->n_keys);
320 } else { 366 } else {
321- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", 367- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal",
322- prime_arg, client_name.value, service_name.value, 368- prime_arg, client_name.value, service_name.value,
323- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 369- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
324+ log_unauth("kadm5_setkey_principal", prime_arg, 370+ log_unauth("kadm5_setkey_principal", prime_arg,
325+ &client_name, &service_name, rqstp); 371+ &client_name, &service_name, rqstp);
326 ret.code = KADM5_AUTH_SETKEY; 372 ret.code = KADM5_AUTH_SETKEY;
327 } 373 }
328  374
329 if(ret.code != KADM5_AUTH_SETKEY) { 375 if(ret.code != KADM5_AUTH_SETKEY) {
330- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",  376- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",
331- prime_arg, ((ret.code == 0) ? "success" : 377- prime_arg, ((ret.code == 0) ? "success" :
332- error_message(ret.code)),  378- error_message(ret.code)),
333- client_name.value, service_name.value, 379- client_name.value, service_name.value,
334- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 380- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
335+ log_done("kadm5_setkey_principal", prime_arg, 381+ log_done("kadm5_setkey_principal", prime_arg,
336+ ((ret.code == 0) ? "success" : error_message(ret.code)), 382+ ((ret.code == 0) ? "success" : error_message(ret.code)),
337+ &client_name, &service_name, rqstp); 383+ &client_name, &service_name, rqstp);
338 } 384 }
339  385
340 free_server_handle(handle); 386 free_server_handle(handle);
341@@ -941,18 +966,15 @@ setkey_principal3_1_svc(setkey3_arg *arg 387@@ -941,18 +989,15 @@ setkey_principal3_1_svc(setkey3_arg *arg
342 arg->ks_tuple, 388 arg->ks_tuple,
343 arg->keyblocks, arg->n_keys); 389 arg->keyblocks, arg->n_keys);
344 } else { 390 } else {
345- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal", 391- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_setkey_principal",
346- prime_arg, client_name.value, service_name.value, 392- prime_arg, client_name.value, service_name.value,
347- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 393- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
348+ log_unauth("kadm5_setkey_principal", prime_arg, 394+ log_unauth("kadm5_setkey_principal", prime_arg,
349+ &client_name, &service_name, rqstp); 395+ &client_name, &service_name, rqstp);
350 ret.code = KADM5_AUTH_SETKEY; 396 ret.code = KADM5_AUTH_SETKEY;
351 } 397 }
352  398
353 if(ret.code != KADM5_AUTH_SETKEY) { 399 if(ret.code != KADM5_AUTH_SETKEY) {
354- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",  400- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal",
355- prime_arg, ((ret.code == 0) ? "success" : 401- prime_arg, ((ret.code == 0) ? "success" :
356- error_message(ret.code)),  402- error_message(ret.code)),
357- client_name.value, service_name.value, 403- client_name.value, service_name.value,
358- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 404- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
359+ log_done("kadm5_setkey_principal", prime_arg, 405+ log_done("kadm5_setkey_principal", prime_arg,
360+ ((ret.code == 0) ? "success" : error_message(ret.code)), 406+ ((ret.code == 0) ? "success" : error_message(ret.code)),
361+ &client_name, &service_name, rqstp); 407+ &client_name, &service_name, rqstp);
362 } 408 }
363  409
364 free_server_handle(handle); 410 free_server_handle(handle);
365@@ -1008,9 +1030,8 @@ chrand_principal_1_svc(chrand_arg *arg,  411@@ -1008,9 +1053,8 @@ chrand_principal_1_svc(chrand_arg *arg,
366 ret.code = kadm5_randkey_principal((void *)handle, arg->princ, 412 ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
367 &k, &nkeys); 413 &k, &nkeys);
368 } else { 414 } else {
369- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, 415- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
370- prime_arg, client_name.value, service_name.value, 416- prime_arg, client_name.value, service_name.value,
371- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 417- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
372+ log_unauth(funcname, prime_arg, 418+ log_unauth(funcname, prime_arg,
373+ &client_name, &service_name, rqstp); 419+ &client_name, &service_name, rqstp);
374 ret.code = KADM5_AUTH_CHANGEPW; 420 ret.code = KADM5_AUTH_CHANGEPW;
375 } 421 }
376  422
377@@ -1025,11 +1046,9 @@ chrand_principal_1_svc(chrand_arg *arg,  423@@ -1025,11 +1069,9 @@ chrand_principal_1_svc(chrand_arg *arg,
378 } 424 }
379  425
380 if(ret.code != KADM5_AUTH_CHANGEPW) { 426 if(ret.code != KADM5_AUTH_CHANGEPW) {
381- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, 427- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
382- prime_arg, ((ret.code == 0) ? "success" : 428- prime_arg, ((ret.code == 0) ? "success" :
383- error_message(ret.code)),  429- error_message(ret.code)),
384- client_name.value, service_name.value, 430- client_name.value, service_name.value,
385- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 431- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
386+ log_done(funcname, prime_arg, 432+ log_done(funcname, prime_arg,
387+ ((ret.code == 0) ? "success" : error_message(ret.code)), 433+ ((ret.code == 0) ? "success" : error_message(ret.code)),
388+ &client_name, &service_name, rqstp); 434+ &client_name, &service_name, rqstp);
389 } 435 }
390 free_server_handle(handle); 436 free_server_handle(handle);
391 free(prime_arg); 437 free(prime_arg);
392@@ -1090,9 +1109,8 @@ chrand_principal3_1_svc(chrand3_arg *arg 438@@ -1090,9 +1132,8 @@ chrand_principal3_1_svc(chrand3_arg *arg
393 arg->ks_tuple, 439 arg->ks_tuple,
394 &k, &nkeys); 440 &k, &nkeys);
395 } else { 441 } else {
396- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, 442- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
397- prime_arg, client_name.value, service_name.value, 443- prime_arg, client_name.value, service_name.value,
398- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 444- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
399+ log_unauth(funcname, prime_arg, 445+ log_unauth(funcname, prime_arg,
400+ &client_name, &service_name, rqstp); 446+ &client_name, &service_name, rqstp);
401 ret.code = KADM5_AUTH_CHANGEPW; 447 ret.code = KADM5_AUTH_CHANGEPW;
402 } 448 }
403  449
404@@ -1107,11 +1125,9 @@ chrand_principal3_1_svc(chrand3_arg *arg 450@@ -1107,11 +1148,9 @@ chrand_principal3_1_svc(chrand3_arg *arg
405 } 451 }
406  452
407 if(ret.code != KADM5_AUTH_CHANGEPW) { 453 if(ret.code != KADM5_AUTH_CHANGEPW) {
408- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, 454- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
409- prime_arg, ((ret.code == 0) ? "success" : 455- prime_arg, ((ret.code == 0) ? "success" :
410- error_message(ret.code)),  456- error_message(ret.code)),
411- client_name.value, service_name.value, 457- client_name.value, service_name.value,
412- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 458- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
413+ log_done(funcname, prime_arg, 459+ log_done(funcname, prime_arg,
414+ ((ret.code == 0) ? "success" : error_message(ret.code)), 460+ ((ret.code == 0) ? "success" : error_message(ret.code)),
415+ &client_name, &service_name, rqstp); 461+ &client_name, &service_name, rqstp);
416 } 462 }
417 free_server_handle(handle); 463 free_server_handle(handle);
418 free(prime_arg); 464 free(prime_arg);
419@@ -1152,18 +1168,15 @@ create_policy_1_svc(cpol_arg *arg, struc 465@@ -1152,18 +1191,15 @@ create_policy_1_svc(cpol_arg *arg, struc
420 rqst2name(rqstp), 466 rqst2name(rqstp),
421 ACL_ADD, NULL, NULL)) { 467 ACL_ADD, NULL, NULL)) {
422 ret.code = KADM5_AUTH_ADD; 468 ret.code = KADM5_AUTH_ADD;
423- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy", 469- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_create_policy",
424- prime_arg, client_name.value, service_name.value, 470- prime_arg, client_name.value, service_name.value,
425- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 471- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
426-  472-
427+ log_unauth("kadm5_create_policy", prime_arg, 473+ log_unauth("kadm5_create_policy", prime_arg,
428+ &client_name, &service_name, rqstp); 474+ &client_name, &service_name, rqstp);
429 } else { 475 } else {
430 ret.code = kadm5_create_policy((void *)handle, &arg->rec, 476 ret.code = kadm5_create_policy((void *)handle, &arg->rec,
431 arg->mask); 477 arg->mask);
432- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy", 478- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy",
433- ((prime_arg == NULL) ? "(null)" : prime_arg), 479- ((prime_arg == NULL) ? "(null)" : prime_arg),
434- ((ret.code == 0) ? "success" : error_message(ret.code)),  480- ((ret.code == 0) ? "success" : error_message(ret.code)),
435- client_name.value, service_name.value, 481- client_name.value, service_name.value,
436- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));  482- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
437+ log_done("kadm5_create_policy", 483+ log_done("kadm5_create_policy",
438+ ((prime_arg == NULL) ? "(null)" : prime_arg), 484+ ((prime_arg == NULL) ? "(null)" : prime_arg),
439+ ((ret.code == 0) ? "success" : error_message(ret.code)),  485+ ((ret.code == 0) ? "success" : error_message(ret.code)),
440+ &client_name, &service_name, rqstp); 486+ &client_name, &service_name, rqstp);
441 } 487 }
442 free_server_handle(handle); 488 free_server_handle(handle);
443 gss_release_buffer(&minor_stat, &client_name); 489 gss_release_buffer(&minor_stat, &client_name);
444@@ -1202,17 +1215,15 @@ delete_policy_1_svc(dpol_arg *arg, struc 490@@ -1202,17 +1238,15 @@ delete_policy_1_svc(dpol_arg *arg, struc
445 if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, 491 if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
446 rqst2name(rqstp), 492 rqst2name(rqstp),
447 ACL_DELETE, NULL, NULL)) { 493 ACL_DELETE, NULL, NULL)) {
448- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy", 494- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_delete_policy",
449- prime_arg, client_name.value, service_name.value, 495- prime_arg, client_name.value, service_name.value,
450- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 496- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
451+ log_unauth("kadm5_delete_policy", prime_arg, 497+ log_unauth("kadm5_delete_policy", prime_arg,
452+ &client_name, &service_name, rqstp); 498+ &client_name, &service_name, rqstp);
453 ret.code = KADM5_AUTH_DELETE; 499 ret.code = KADM5_AUTH_DELETE;
454 } else { 500 } else {
455 ret.code = kadm5_delete_policy((void *)handle, arg->name); 501 ret.code = kadm5_delete_policy((void *)handle, arg->name);
456- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy", 502- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy",
457- ((prime_arg == NULL) ? "(null)" : prime_arg), 503- ((prime_arg == NULL) ? "(null)" : prime_arg),
458- ((ret.code == 0) ? "success" : error_message(ret.code)),  504- ((ret.code == 0) ? "success" : error_message(ret.code)),
459- client_name.value, service_name.value, 505- client_name.value, service_name.value,
460- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));  506- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
461+ log_done("kadm5_delete_policy", 507+ log_done("kadm5_delete_policy",
462+ ((prime_arg == NULL) ? "(null)" : prime_arg), 508+ ((prime_arg == NULL) ? "(null)" : prime_arg),
463+ ((ret.code == 0) ? "success" : error_message(ret.code)),  509+ ((ret.code == 0) ? "success" : error_message(ret.code)),
464+ &client_name, &service_name, rqstp); 510+ &client_name, &service_name, rqstp);
465 } 511 }
466 free_server_handle(handle); 512 free_server_handle(handle);
467 gss_release_buffer(&minor_stat, &client_name); 513 gss_release_buffer(&minor_stat, &client_name);
468@@ -1251,18 +1262,16 @@ modify_policy_1_svc(mpol_arg *arg, struc 514@@ -1251,18 +1285,16 @@ modify_policy_1_svc(mpol_arg *arg, struc
469 if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, 515 if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
470 rqst2name(rqstp), 516 rqst2name(rqstp),
471 ACL_MODIFY, NULL, NULL)) { 517 ACL_MODIFY, NULL, NULL)) {
472- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy", 518- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_modify_policy",
473- prime_arg, client_name.value, service_name.value, 519- prime_arg, client_name.value, service_name.value,
474- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 520- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
475+ log_unauth("kadm5_modify_policy", prime_arg, 521+ log_unauth("kadm5_modify_policy", prime_arg,
476+ &client_name, &service_name, rqstp); 522+ &client_name, &service_name, rqstp);
477 ret.code = KADM5_AUTH_MODIFY; 523 ret.code = KADM5_AUTH_MODIFY;
478 } else { 524 } else {
479 ret.code = kadm5_modify_policy((void *)handle, &arg->rec, 525 ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
480 arg->mask); 526 arg->mask);
481- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy", 527- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy",
482- ((prime_arg == NULL) ? "(null)" : prime_arg),  528- ((prime_arg == NULL) ? "(null)" : prime_arg),
483- ((ret.code == 0) ? "success" : error_message(ret.code)),  529- ((ret.code == 0) ? "success" : error_message(ret.code)),
484- client_name.value, service_name.value, 530- client_name.value, service_name.value,
485- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));  531- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
486+ log_done("kadm5_modify_policy", 532+ log_done("kadm5_modify_policy",
487+ ((prime_arg == NULL) ? "(null)" : prime_arg),  533+ ((prime_arg == NULL) ? "(null)" : prime_arg),
488+ ((ret.code == 0) ? "success" : error_message(ret.code)),  534+ ((ret.code == 0) ? "success" : error_message(ret.code)),
489+ &client_name, &service_name, rqstp); 535+ &client_name, &service_name, rqstp);
490 } 536 }
491 free_server_handle(handle); 537 free_server_handle(handle);
492 gss_release_buffer(&minor_stat, &client_name); 538 gss_release_buffer(&minor_stat, &client_name);
493@@ -1337,15 +1346,13 @@ get_policy_1_svc(gpol_arg *arg, struct s 539@@ -1337,15 +1369,13 @@ get_policy_1_svc(gpol_arg *arg, struct s
494 &ret.rec); 540 &ret.rec);
495 } 541 }
496  542
497- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, 543- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
498- ((prime_arg == NULL) ? "(null)" : prime_arg), 544- ((prime_arg == NULL) ? "(null)" : prime_arg),
499- ((ret.code == 0) ? "success" : error_message(ret.code)),  545- ((ret.code == 0) ? "success" : error_message(ret.code)),
500- client_name.value, service_name.value, 546- client_name.value, service_name.value,
501- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));  547- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
502+ log_done(funcname, 548+ log_done(funcname,
503+ ((prime_arg == NULL) ? "(null)" : prime_arg), 549+ ((prime_arg == NULL) ? "(null)" : prime_arg),
504+ ((ret.code == 0) ? "success" : error_message(ret.code)),  550+ ((ret.code == 0) ? "success" : error_message(ret.code)),
505+ &client_name, &service_name, rqstp); 551+ &client_name, &service_name, rqstp);
506 } else { 552 } else {
507- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, 553- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
508- prime_arg, client_name.value, service_name.value, 554- prime_arg, client_name.value, service_name.value,
509- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 555- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
510+ log_unauth(funcname, prime_arg, 556+ log_unauth(funcname, prime_arg,
511+ &client_name, &service_name, rqstp); 557+ &client_name, &service_name, rqstp);
512 } 558 }
513 free_server_handle(handle); 559 free_server_handle(handle);
514 gss_release_buffer(&minor_stat, &client_name); 560 gss_release_buffer(&minor_stat, &client_name);
515@@ -1388,18 +1395,15 @@ get_pols_1_svc(gpols_arg *arg, struct sv 561@@ -1388,18 +1418,15 @@ get_pols_1_svc(gpols_arg *arg, struct sv
516 rqst2name(rqstp), 562 rqst2name(rqstp),
517 ACL_LIST, NULL, NULL)) { 563 ACL_LIST, NULL, NULL)) {
518 ret.code = KADM5_AUTH_LIST; 564 ret.code = KADM5_AUTH_LIST;
519- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies", 565- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, "kadm5_get_policies",
520- prime_arg, client_name.value, service_name.value, 566- prime_arg, client_name.value, service_name.value,
521- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 567- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
522+ log_unauth("kadm5_get_policies", prime_arg, 568+ log_unauth("kadm5_get_policies", prime_arg,
523+ &client_name, &service_name, rqstp); 569+ &client_name, &service_name, rqstp);
524 } else { 570 } else {
525 ret.code = kadm5_get_policies((void *)handle, 571 ret.code = kadm5_get_policies((void *)handle,
526 arg->exp, &ret.pols, 572 arg->exp, &ret.pols,
527 &ret.count); 573 &ret.count);
528- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies", 574- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies",
529- prime_arg,  575- prime_arg,
530- ((ret.code == 0) ? "success" : error_message(ret.code)),  576- ((ret.code == 0) ? "success" : error_message(ret.code)),
531- client_name.value, service_name.value, 577- client_name.value, service_name.value,
532- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 578- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
533+ log_done("kadm5_get_policies", prime_arg, 579+ log_done("kadm5_get_policies", prime_arg,
534+ ((ret.code == 0) ? "success" : error_message(ret.code)),  580+ ((ret.code == 0) ? "success" : error_message(ret.code)),
535+ &client_name, &service_name, rqstp); 581+ &client_name, &service_name, rqstp);
536 } 582 }
537 free_server_handle(handle); 583 free_server_handle(handle);
538 gss_release_buffer(&minor_stat, &client_name); 584 gss_release_buffer(&minor_stat, &client_name);
539@@ -1432,11 +1436,9 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4 585@@ -1432,11 +1459,9 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4
540 } 586 }
541  587
542 ret.code = kadm5_get_privs((void *)handle, &ret.privs); 588 ret.code = kadm5_get_privs((void *)handle, &ret.privs);
543- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs", 589- krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs",
544- client_name.value,  590- client_name.value,
545- ((ret.code == 0) ? "success" : error_message(ret.code)),  591- ((ret.code == 0) ? "success" : error_message(ret.code)),
546- client_name.value, service_name.value, 592- client_name.value, service_name.value,
547- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); 593- inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
548+ log_done("kadm5_get_privs", client_name.value, 594+ log_done("kadm5_get_privs", client_name.value,
549+ ((ret.code == 0) ? "success" : error_message(ret.code)),  595+ ((ret.code == 0) ? "success" : error_message(ret.code)),
550+ &client_name, &service_name, rqstp); 596+ &client_name, &service_name, rqstp);
551 free_server_handle(handle); 597 free_server_handle(handle);
552 gss_release_buffer(&minor_stat, &client_name); 598 gss_release_buffer(&minor_stat, &client_name);
553 gss_release_buffer(&minor_stat, &service_name); 599 gss_release_buffer(&minor_stat, &service_name);
554@@ -1450,6 +1452,8 @@ generic_ret *init_1_svc(krb5_ui_4 *arg,  600@@ -1450,6 +1475,8 @@ generic_ret *init_1_svc(krb5_ui_4 *arg,
555 service_name; 601 service_name;
556 kadm5_server_handle_t handle; 602 kadm5_server_handle_t handle;
557 OM_uint32 minor_stat; 603 OM_uint32 minor_stat;
558+ size_t clen, slen; 604+ size_t clen, slen;
559+ char *cdots, *sdots; 605+ char *cdots, *sdots;
560  606
561 xdr_free(xdr_generic_ret, &ret); 607 xdr_free(xdr_generic_ret, &ret);
562  608
563@@ -1466,12 +1470,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg,  609@@ -1466,12 +1493,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg,
564 return &ret; 610 return &ret;
565 } 611 }
566  612
567- krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", 613- krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d",
568+ clen = client_name.length; 614+ clen = client_name.length;
569+ trunc_name(&clen, &cdots); 615+ trunc_name(&clen, &cdots);
570+ slen = service_name.length; 616+ slen = service_name.length;
571+ trunc_name(&slen, &sdots); 617+ trunc_name(&slen, &sdots);
572+ krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, " 618+ krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
573+ "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d", 619+ "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
574 (ret.api_version == KADM5_API_VERSION_1 ? 620 (ret.api_version == KADM5_API_VERSION_1 ?
575 "kadm5_init (V1)" : "kadm5_init"), 621 "kadm5_init (V1)" : "kadm5_init"),
576- client_name.value, 622- client_name.value,
File Added: pkgsrc/security/mit-krb5/patches/Attic/patch-bf
$NetBSD: patch-bf,v 1.1 2008/06/07 22:26:10 tonnerre Exp $

--- lib/rpc/svc_auth_gssapi.c.orig	2004-09-17 23:52:11.000000000 +0200
+++ lib/rpc/svc_auth_gssapi.c
@@ -148,6 +148,8 @@ enum auth_stat gssrpc__svcauth_gssapi(
      rqst->rq_xprt->xp_auth = &svc_auth_none;
      
      memset((char *) &call_res, 0, sizeof(call_res));
+     creds.client_handle.length = 0;
+     creds.client_handle.value = NULL;
      
      cred = &msg->rm_call.cb_cred;
      verf = &msg->rm_call.cb_verf;
File Added: pkgsrc/security/mit-krb5/patches/Attic/patch-bg
$NetBSD: patch-bg,v 1.1 2008/06/07 22:26:10 tonnerre Exp $

--- lib/rpc/svc_auth_unix.c.orig	2004-09-17 23:52:11.000000000 +0200
+++ lib/rpc/svc_auth_unix.c
@@ -64,8 +64,7 @@ gssrpc__svcauth_unix(
 		char area_machname[MAX_MACHINE_NAME+1];
 		int area_gids[NGRPS];
 	} *area;
-	u_int auth_len;
-	int str_len, gid_len;
+	u_int auth_len, str_len, gid_len;
 	register int i;
 
 	rqst->rq_xprt->xp_auth = &svc_auth_none;
@@ -74,7 +73,9 @@ gssrpc__svcauth_unix(
 	aup = &area->area_aup;
 	aup->aup_machname = area->area_machname;
 	aup->aup_gids = area->area_gids;
-	auth_len = (u_int)msg->rm_call.cb_cred.oa_length;
+	auth_len = msg->rm_call.cb_cred.oa_length;
+	if (auth_len > INT_MAX)
+		return AUTH_BADCRED;
 	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
 	buf = XDR_INLINE(&xdrs, (int)auth_len);
 	if (buf != NULL) {
@@ -84,7 +85,7 @@ gssrpc__svcauth_unix(
 			stat = AUTH_BADCRED;
 			goto done;
 		}
-		memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len);
+		memmove(aup->aup_machname, buf, str_len);
 		aup->aup_machname[str_len] = 0;
 		str_len = RNDUP(str_len);
 		buf += str_len / BYTES_PER_XDR_UNIT;
@@ -104,7 +105,7 @@ gssrpc__svcauth_unix(
 		 * timestamp, hostname len (0), uid, gid, and gids len (0).
 		 */
 		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
-			(void) printf("bad auth_len gid %d str %d auth %d\n",
+			(void) printf("bad auth_len gid %u str %u auth %u\n",
 			    gid_len, str_len, auth_len);
 			stat = AUTH_BADCRED;
 			goto done;