Stanislav Sedov ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00

246 lines
7.3 KiB
Groff

.\" Copyright (c) 2005 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.\" This manpage was contributed by Gregory McGarry.
.\"
.Dd July 7, 2005
.Dt COM_ERR 3
.Os
.Sh NAME
.Nm com_err ,
.Nm com_err_va ,
.Nm error_message ,
.Nm error_table_name ,
.Nm init_error_table ,
.Nm set_com_err_hook ,
.Nm reset_com_err_hook ,
.Nm add_to_error_table ,
.Nm initialize_error_table_r
.Nm free_error_table ,
.Nm com_right
.Nd common error display library
.Sh LIBRARY
Common Error Library (libcom_err, -lcom_err)
.Sh SYNOPSIS
.Fd #include <stdio.h>
.Fd #include <stdarg.h>
.Fd #include <krb5/com_err.h>
.Fd #include \&"XXX_err.h\&"
.Pp
typedef void (*errf)(const char *, long, const char *, ...);
.Ft void
.Fn com_err "const char *whoami" "long code" "const char *format" "..."
.Ft void
.Fn com_err_va "const char *whoami" "long code" "const char *format" "..."
.Ft const char *
.Fn error_message "long code"
.Ft const char *
.Fn error_table_name "int num"
.Ft int
.Fn init_error_table "const char **msgs" "long base" "int count"
.Ft errf
.Fn set_com_err_hook "errf func"
.Ft errf
.Fn reset_com_err_hook ""
.Ft void
.Fn add_to_error_table "struct et_list *new_table"
.Ft void
.Fn initialize_error_table_r "struct et_list **et_list" "const char **msgs" "int base" "long count"
.Ft void
.Fn free_error_table "struct et_list *"
.Ft const char *
.Fn com_right "struct et_list *list" long code"
.Sh DESCRIPTION
The
.Nm
library provides a common error-reporting mechanism for defining and
accessing error codes and descriptions for application software
packages. Error descriptions are defined in a table and error codes
are used to index the table. The error table, the descriptions and
the error codes are generated using
.Xr compile_et 1 .
.Pp
The error table is registered with the
.Nm
library by calling its initialisation function defined in its header
file. The initialisation function is generally defined as
.Fn initialize_<name>_error_table ,
where
.Em name
is the name of the error table.
.Pp
If a thread-safe version of the library is needed
.Fn initialize_<name>_error_table_r
that internally calls
.Fn initialize_error_table_r
instead be used.
.Pp
Any variable which is to contain an error code should be declared
.Em <name>_error_number
where
.Em name
is the name of the error table.
.Sh FUNCTIONS
The following functions are available to the application developer:
.Bl -tag -width compact
.It Fn com_err "whoami" "code" "format" "..."
Displays an error message on standard error composed of the
.Fa whoami
string, which should specify the program name, followed by an error
message generated from
.Fa code ,
and a string produced using the
.Xr printf 3
.Fa format
string and any following arguments. If
.Fa format
is NULL, the formatted message will not be
printed. The argument
.Fa format
may not be omitted.
.It Fn com_err_va "whoami" "code" "format" "va_list args"
This routine provides an interface, equivalent to
.Fn com_err ,
which may be used by higher-level variadic functions (functions which
accept variable numbers of arguments).
.It Fn error_message "code"
Returns the character string error message associate with
.Fa code .
If
.Fa code is associated with an unknown error table, or if
.Fa code
is associated with a known error table but is not in the table, a
string of the form `Unknown code XXXX NN' is returned, where XXXX is
the error table name produced by reversing the compaction performed on
the error table number implied by that error code, and NN is the
offset from that base value.
.Pp
Although this routine is available for use when needed, its use should
be left to circumstances which render
.Fn com_err
unusable.
.Pp
.Fn com_right
returns the error string just like
.Fa com_err
but in a thread-safe way.
.Pp
.It Fn error_table_name "num"
Convert a machine-independent error table number
.Fa num
into an error table name.
.It Fn init_error_table "msgs" "base" "count"
Initialise the internal error table with the array of character string
error messages in
.Fa msgs
of length
.Fa count .
The error codes are assigned incrementally from
.Fa base .
This function is useful for using the error-reporting mechanism with
custom error tables that have not been generated with
.Xr compile_et 1 .
Although this routine is available for use when needed, its use should
be restricted.
.Pp
.Fn initialize_error_table_r
initialize the
.Fa et_list
in the same way as
.Fn init_error_table ,
but in a thread-safe way.
.Pp
.It Fn set_com_err_hook "func"
Provides a hook into the
.Nm
library to allow the routine
.Fa func
to be dynamically substituted for
.Fn com_err .
After
.Fn set_com_err_hook
has been called, calls to
.Fn com_err
will turn into calls to the new hook routine. This function is
intended to be used in daemons to use a routine which calls
.Xr syslog 3 ,
or in a window system application to pop up a dialogue box.
.It Fn reset_com_err_hook ""
Turns off the hook set in
.Fn set_com_err_hook .
.It Fn add_to_error_table "new_table"
Add the error table, its messages strings and error codes in
.Fa new_table
to the internal error table.
.El
.Sh EXAMPLES
The following is an example using the table defined in
.Xr compile_et 1 :
.Pp
.Bd -literal
#include <stdio.h>
#include <stdarg.h>
#include <syslog.h>
#include "test_err.h"
void
hook(const char *whoami, long code,
const char *format, va_list args)
{
char buffer[BUFSIZ];
static int initialized = 0;
if (!initialized) {
openlog(whoami, LOG_NOWAIT, LOG_DAEMON);
initialized = 1;
}
vsprintf(buffer, format, args);
syslog(LOG_ERR, "%s %s", error_message(code), buffer);
}
int
main(int argc, char *argv[])
{
char *whoami = argv[0];
initialize_test_error_table();
com_err(whoami, TEST_INVAL, "before hook");
set_com_err_hook(hook);
com_err(whoami, TEST_IO, "after hook");
return (0);
}
.Ed
.Sh SEE ALSO
.Xr compile_et 1