Make KDC "status" statements more homogeneous

Generally we want KDC status strings to be concise, informative and follow
some common rules:

- All letters in the status string should be capitalized;
- the words in the status phrase are separated by underscore;
- abbreviations should be avoided.  Some acceptable "standard" acronyms
  are AS_REQ, TGS_REP etc.
- since in almost all cases KDC status is set on error, no need
  to state this fact as part of the status string;
- KDC status string should be an imperative phrase.

For example, "DECRYPT_SERVER_KEY".

This commit is to modify some KDC status messages to follow this format.

Even though KDC status messages are not standardized, it is possible that some
administrators use them in the Kerberos log file processing. Hence, the vast
majority of them are left unchanged pending further investigation (mostly,
feedback from the administrators).

src/kdc/do_as_req.c

@@ -279,7 +279,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
     errcode = krb5_encrypt_tkt_part(kdc_context, &state->server_keyblock,
                                     &state->ticket_reply);
     if (errcode) {
-        state->status = "ENCRYPTING_TICKET";
+        state->status = "ENCRYPT_TICKET";
         goto egress;
     }
 
@@ -296,7 +296,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
                                               &state->reply,
                                               state->client_keyblock.enctype);
     if (errcode) {
-        state->status = "fast response handling";
+        state->status = "MAKE_FAST_RESPONSE";
         goto egress;
     }
 
@@ -307,7 +307,7 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
     errcode = kdc_fast_handle_reply_key(state->rstate, &state->client_keyblock,
                                         &as_encrypting_key);
     if (errcode) {
-        state->status = "generating reply key";
+        state->status = "MAKE_FAST_REPLY_KEY";
         goto egress;
     }
     errcode = return_enc_padata(kdc_context, state->req_pkt, state->request,
@@ -508,7 +508,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     state->au_state = au_state;
 
     if (state->request->msg_type != KRB5_AS_REQ) {
-        state->status = "msg_type mismatch";
+        state->status = "VALIDATE_MESSAGE_TYPE";
         errcode = KRB5_BADMSGTYPE;
         goto errout;
     }
@@ -519,21 +519,21 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     if (fetch_asn1_field((unsigned char *) req_pkt->data,
                          1, 4, &encoded_req_body) != 0) {
         errcode = ASN1_BAD_ID;
-        state->status = "Finding req_body";
+        state->status = "FETCH_REQ_BODY";
         goto errout;
     }
     errcode = kdc_find_fast(&state->request, &encoded_req_body, NULL, NULL,
                             state->rstate, &state->inner_body);
     if (errcode) {
-        state->status = "error decoding FAST";
+        state->status = "FIND_FAST";
         goto errout;
     }
     if (state->inner_body == NULL) {
         /* Not a FAST request; copy the encoded request body. */
         errcode = krb5_copy_data(kdc_context, &encoded_req_body,
                                  &state->inner_body);
         if (errcode) {
-            state->status = "storing req body";
+            state->status = "COPY_REQ_BODY";
             goto errout;
         }
     }
@@ -550,7 +550,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     if ((errcode = krb5_unparse_name(kdc_context,
                                      state->request->client,
                                      &state->cname))) {
-        state->status = "UNPARSING_CLIENT";
+        state->status = "UNPARSE_CLIENT";
         goto errout;
     }
     limit_string(state->cname);
@@ -563,7 +563,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     if ((errcode = krb5_unparse_name(kdc_context,
                                      state->request->server,
                                      &state->sname))) {
-        state->status = "UNPARSING_SERVER";
+        state->status = "UNPARSE_SERVER";
         goto errout;
     }
     limit_string(state->sname);
@@ -669,7 +669,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 
     if ((errcode = krb5_c_make_random_key(kdc_context, useenctype,
                                           &state->session_key))) {
-        state->status = "RANDOM_KEY_FAILED";
+        state->status = "MAKE_RANDOM_KEY";
         goto errout;
     }
 
@@ -753,8 +753,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
                                               state->request->client,
                                               krb5_anonymous_principal())) {
             errcode = KRB5KDC_ERR_BADOPTION;
-            state->status = "Anonymous requested but anonymous "
-                "principal not used.";
+            /* Anonymous requested but anonymous principal not used.*/
+            state->status = "VALIDATE_ANONYMOUS_PRINCIPAL";
             goto errout;
         }
         setflag(state->enc_tkt_reply.flags, TKT_FLG_ANONYMOUS);
@@ -763,7 +763,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
         errcode = krb5_copy_principal(kdc_context, krb5_anonymous_principal(),
                                       &state->request->client);
         if (errcode) {
-            state->status = "Copying anonymous principal";
+            state->status = "COPY_ANONYMOUS_PRINCIPAL";
             goto errout;
         }
         state->enc_tkt_reply.client = state->request->client;

src/kdc/do_tgs_req.c

@@ -209,7 +209,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
     /* Reset sprinc because kdc_find_fast() can replace request. */
     sprinc = request->server;
     if (errcode !=0) {
-        status = "kdc_find_fast";
+        status = "FIND_FAST";
         goto cleanup;
     }
 
@@ -639,7 +639,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
         /* assemble new transited field into allocated storage */
         if (header_enc_tkt->transited.tr_type !=
             KRB5_DOMAIN_X500_COMPRESS) {
-            status = "BAD_TRTYPE";
+            status = "VALIDATE_TRANSIT_TYPE";
             errcode = KRB5KDC_ERR_TRTYPE_NOSUPP;
             goto cleanup;
         }
@@ -651,7 +651,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
                               header_ticket->server,
                               enc_tkt_reply.client,
                               request->server))) {
-            status = "ADD_TR_FAIL";
+            status = "ADD_TO_TRANSITED_LIST";
             goto cleanup;
         }
         newtransited = 1;
@@ -722,7 +722,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
     if (!isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY))
         krb5_free_keyblock_contents(kdc_context, &encrypting_key);
     if (errcode) {
-        status = "TKT_ENCRYPT";
+        status = "ENCRYPT_TICKET";
         goto cleanup;
     }
     ticket_reply.enc_part.kvno = ticket_kvno;
@@ -739,7 +739,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
                                         &reply,
                                         &reply_encpart);
         if (errcode) {
-            status = "KDC_RETURN_S4U2SELF_PADATA";
+            status = "MAKE_S4U2SELF_PADATA";
             au_state->status = status;
         }
         kau_s4u2self(kdc_context, errcode ? FALSE : TRUE, au_state);
@@ -779,13 +779,13 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
     errcode  = kdc_fast_response_handle_padata(state, request, &reply,
                                                subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype);
     if (errcode !=0 ) {
-        status = "Preparing FAST padata";
+        status = "MAKE_FAST_RESPONSE";
         goto cleanup;
     }
     errcode =kdc_fast_handle_reply_key(state,
                                        subkey?subkey:header_ticket->enc_part2->session, &reply_key);
     if (errcode) {
-        status  = "generating reply key";
+        status  = "MAKE_FAST_REPLY_KEY";
         goto cleanup;
     }
     errcode = return_enc_padata(kdc_context, pkt, request,
@@ -1066,7 +1066,7 @@ gen_session_key(kdc_realm_t *kdc_active_realm, krb5_kdc_req *req,
     retval = krb5_c_make_random_key(kdc_context, useenctype, skey);
     if (retval != 0) {
         /* random key failed */
-        *status = "RANDOM_KEY_FAILED";
+        *status = "MAKE_RANDOM_KEY";
         goto cleanup;
     }
 cleanup:

src/kdc/kdc_log.c

@@ -29,6 +29,20 @@
 #include <syslog.h>
 #include "adm_proto.h"
 
+/*
+ * A note on KDC-status string format.
+ *
+ * - All letters in the status string should be capitalized;
+ * - the words in the status phrase are separated by underscores;
+ * - abbreviations should be avoided.  Some acceptable "standard" acronyms
+ *   are AS_REQ, TGS_REP etc.
+ * - since in almost all cases KDC status string is set on error, no need
+ *   to state this fact as part of the status string;
+ * - KDC status string should be an imperative phrase.
+ *
+ * Example: "MAKE_RANDOM_KEY"
+ */
+
 /* Main logging routines for ticket requests.
 
    There are a few simple cases -- unparseable requests mainly --