From 7fcd266fddd9de46f831d39d7a11592138b99ad8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Mon, 23 Jun 2008 04:32:32 +0000 Subject: [PATCH] use krb5_set_error_message git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b --- admin/change.c | 4 +- admin/get.c | 2 +- kadmin/ank.c | 2 +- kdc/default_config.c | 2 +- kdc/digest.c | 198 +++++++++++++------------- kdc/kerberos5.c | 10 +- kdc/krb5tgs.c | 10 +- kdc/kx509.c | 26 ++-- kdc/misc.c | 9 +- kdc/pkinit.c | 111 ++++++++------- kdc/process.c | 7 +- kdc/set_dbinfo.c | 2 +- kdc/windc.c | 4 +- lib/gssapi/krb5/display_status.c | 2 +- lib/gssapi/krb5/wrap.c | 6 +- lib/hdb/common.c | 2 +- lib/hdb/db.c | 38 ++--- lib/hdb/db3.c | 20 +-- lib/hdb/dbinfo.c | 2 +- lib/hdb/ext.c | 43 +++--- lib/hdb/hdb-ldap.c | 122 ++++++++-------- lib/hdb/hdb.c | 5 +- lib/hdb/keys.c | 11 +- lib/hdb/keytab.c | 8 +- lib/hdb/mkey.c | 31 ++-- lib/hdb/ndbm.c | 36 ++--- lib/hdb/print.c | 8 +- lib/kadm5/ad.c | 49 +++---- lib/kadm5/chpass_s.c | 2 +- lib/kadm5/init_c.c | 2 +- lib/kadm5/log.c | 62 ++++---- lib/kadm5/password_quality.c | 16 +-- lib/krb5/acache.c | 4 +- lib/krb5/addr_families.c | 6 +- lib/krb5/cache.c | 14 +- lib/krb5/fcache.c | 2 +- lib/krb5/get_for_creds.c | 7 +- lib/krb5/get_host_realm.c | 8 +- lib/krb5/get_in_tkt.c | 41 +++--- lib/krb5/init_creds.c | 12 +- lib/krb5/init_creds_pw.c | 12 +- lib/krb5/kcm.c | 2 +- lib/krb5/keyblock.c | 11 +- lib/krb5/keytab.c | 51 +++---- lib/krb5/keytab_any.c | 11 +- lib/krb5/keytab_file.c | 28 ++-- lib/krb5/keytab_keyfile.c | 36 ++--- lib/krb5/keytab_krb4.c | 48 ++++--- lib/krb5/krbhst.c | 12 +- lib/krb5/log.c | 9 +- lib/krb5/mcache.c | 2 +- lib/krb5/mk_rep.c | 8 +- lib/krb5/pac.c | 106 +++++++------- lib/krb5/pkinit.c | 235 ++++++++++++++++--------------- lib/krb5/plugin.c | 16 +-- lib/krb5/principal.c | 52 +++---- lib/krb5/rd_cred.c | 3 +- lib/krb5/rd_error.c | 34 ++--- lib/krb5/rd_req.c | 8 +- lib/krb5/rd_safe.c | 3 +- lib/krb5/recvauth.c | 14 +- lib/krb5/replay.c | 20 +-- lib/krb5/scache.c | 145 ++++++++++--------- lib/krb5/send_to_kdc.c | 8 +- lib/krb5/sendauth.c | 6 +- lib/krb5/sock_principal.c | 8 +- lib/krb5/transited.c | 9 +- 67 files changed, 967 insertions(+), 876 deletions(-) diff --git a/admin/change.c b/admin/change.c index b03573ad7..3f40bbd4d 100644 --- a/admin/change.c +++ b/admin/change.c @@ -61,7 +61,7 @@ change_entry (krb5_keytab keytab, conf.realm = strdup(realm); if (conf.realm == NULL) { free (client_name); - krb5_set_error_string(context, "malloc failed"); + krb5_set_error_message(context, ENOMEM, "malloc failed"); return ENOMEM; } conf.mask |= KADM5_CONFIG_REALM; @@ -71,7 +71,7 @@ change_entry (krb5_keytab keytab, if (conf.admin_server == NULL) { free(client_name); free(conf.realm); - krb5_set_error_string(context, "malloc failed"); + krb5_set_error_message(context, ENOMEM, "malloc failed"); return ENOMEM; } conf.mask |= KADM5_CONFIG_ADMIN_SERVER; diff --git a/admin/get.c b/admin/get.c index 0a54486d0..9e4f58e02 100644 --- a/admin/get.c +++ b/admin/get.c @@ -49,7 +49,7 @@ open_kadmin_connection(char *principal, if(realm) { conf.realm = strdup(realm); if (conf.realm == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, 0, "malloc: out of memory"); return NULL; } conf.mask |= KADM5_CONFIG_REALM; diff --git a/kadmin/ank.c b/kadmin/ank.c index a1149f8cc..3dd5e3da3 100644 --- a/kadmin/ank.c +++ b/kadmin/ank.c @@ -133,8 +133,8 @@ add_one_principal (const char *name, ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1); free (prompt); if (ret) { - krb5_set_error_string(context, "failed to verify password"); ret = KRB5_LIBOS_BADPWDMATCH; + krb5_set_error_message(context, ret, "failed to verify password"); goto out; } password = pwbuf; diff --git a/kdc/default_config.c b/kdc/default_config.c index 6a651886d..87952ca6e 100644 --- a/kdc/default_config.c +++ b/kdc/default_config.c @@ -45,7 +45,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c = calloc(1, sizeof(*c)); if (c == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/kdc/digest.c b/kdc/digest.c index 11b9f421a..401ca1db1 100644 --- a/kdc/digest.c +++ b/kdc/digest.c @@ -44,13 +44,13 @@ RCSID("$Id$"); #define NTLM_V1 0x01 const struct units _kdc_digestunits[] = { - {"ms-chap-v2", 1U << 5}, - {"chap-md5", 1U << 4}, - {"digest-md5", 1U << 3}, - {"ntlm-v2", 1U << 2}, - {"ntlm-v1-session", 1U << 1}, - {"ntlm-v1", 1U << 0}, - {NULL, 0} + {"ms-chap-v2", 1U << 5}, + {"chap-md5", 1U << 4}, + {"digest-md5", 1U << 3}, + {"ntlm-v2", 1U << 2}, + {"ntlm-v1-session", 1U << 1}, + {"ntlm-v1", 1U << 0}, + {NULL, 0} }; @@ -121,10 +121,10 @@ fill_targetinfo(krb5_context context, strcmp("imap", str) == 0 || strcmp("pop", str) == 0 || strcmp("smtp", str))) - { - str = krb5_principal_get_comp_string(context, p, 1); - ti.dnsservername = rk_UNCONST(str); - } + { + str = krb5_principal_get_comp_string(context, p, 1); + ti.dnsservername = rk_UNCONST(str); + } ret = heim_ntlm_encode_targetinfo(&ti, 1, &d); if (ret) @@ -186,7 +186,7 @@ get_password_entry(krb5_context context, if (ret || password == NULL) { if (ret == 0) { ret = EINVAL; - krb5_set_error_string(context, "password missing"); + krb5_set_error_message(context, ret, "password missing"); } memset(user, 0, sizeof(*user)); } @@ -263,7 +263,7 @@ _kdc_do_digest(krb5_context context, goto out; ret = EINVAL; - krb5_set_error_string(context, "Wrong digest server principal used"); + krb5_set_error_message(context, ret, "Wrong digest server principal used"); p = krb5_principal_get_comp_string(context, principal, 0); if (p == NULL) { krb5_free_principal(context, principal); @@ -323,9 +323,9 @@ _kdc_do_digest(krb5_context context, "Client %s tried to use digest " "but is not allowed to", client_name); - krb5_set_error_string(context, - "Client is not permitted to use digest"); ret = KRB5KDC_ERR_POLICY; + krb5_set_error_message(context, ret, + "Client is not permitted to use digest"); goto out; } } @@ -338,8 +338,8 @@ _kdc_do_digest(krb5_context context, if (ret) goto out; if (key == NULL) { - krb5_set_error_string(context, "digest: remote subkey not found"); ret = EINVAL; + krb5_set_error_message(context, ret, "digest: remote subkey not found"); goto out; } @@ -359,7 +359,7 @@ _kdc_do_digest(krb5_context context, ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL); krb5_data_free(&buf); if (ret) { - krb5_set_error_string(context, "Failed to decode digest inner request"); + krb5_set_error_message(context, ret, "Failed to decode digest inner request"); goto out; } @@ -386,15 +386,15 @@ _kdc_do_digest(krb5_context context, hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce); if (r.u.initReply.nonce == NULL) { - krb5_set_error_string(context, "Failed to decode server nonce"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Failed to decode server nonce"); goto out; } sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_store_stringz(sp, ireq.u.init.type); @@ -410,9 +410,9 @@ _kdc_do_digest(krb5_context context, ireq.u.init.channel->cb_type, ireq.u.init.channel->cb_binding); if (s == NULL) { - krb5_set_error_string(context, "Failed to allocate " - "channel binding"); ret = ENOMEM; + krb5_set_error_message(context, ret, + "Failed to allocate channel binding"); goto out; } free(r.u.initReply.nonce); @@ -429,15 +429,15 @@ _kdc_do_digest(krb5_context context, r.u.initReply.identifier = malloc(sizeof(*r.u.initReply.identifier)); if (r.u.initReply.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff); if (*r.u.initReply.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -478,8 +478,8 @@ _kdc_do_digest(krb5_context context, ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret); free_Checksum(&res); if (ret) { - krb5_set_error_string(context, "Failed to encode " - "checksum in digest request"); + krb5_set_error_message(context, ret, "Failed to encode " + "checksum in digest request"); goto out; } if (size != buf.length) @@ -502,7 +502,7 @@ _kdc_do_digest(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_store_stringz(sp, ireq.u.digestRequest.type); @@ -524,15 +524,15 @@ _kdc_do_digest(krb5_context context, buf.length = strlen(ireq.u.digestRequest.opaque); buf.data = malloc(buf.length); if (buf.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length); if (ret <= 0) { - krb5_set_error_string(context, "Failed to decode opaque"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Failed to decode opaque"); goto out; } buf.length = ret; @@ -540,7 +540,7 @@ _kdc_do_digest(krb5_context context, ret = decode_Checksum(buf.data, buf.length, &res, NULL); free(buf.data); if (ret) { - krb5_set_error_string(context, "Failed to decode digest Checksum"); + krb5_set_error_message(context, ret, "Failed to decode digest Checksum"); goto out; } @@ -553,8 +553,8 @@ _kdc_do_digest(krb5_context context, serverNonce.length = strlen(ireq.u.digestRequest.serverNonce); serverNonce.data = malloc(serverNonce.length); if (serverNonce.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -568,8 +568,8 @@ _kdc_do_digest(krb5_context context, ssize = hex_decode(ireq.u.digestRequest.serverNonce, serverNonce.data, serverNonce.length); if (ssize <= 0) { - krb5_set_error_string(context, "Failed to decode serverNonce"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Failed to decode serverNonce"); goto out; } serverNonce.length = ssize; @@ -593,15 +593,15 @@ _kdc_do_digest(krb5_context context, uint32_t t; if (serverNonce.length < 4) { - krb5_set_error_string(context, "server nonce too short"); ret = EINVAL; + krb5_set_error_message(context, ret, "server nonce too short"); goto out; } t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) { - krb5_set_error_string(context, "time screw in server nonce "); ret = EINVAL; + krb5_set_error_message(context, ret, "time screw in server nonce "); goto out; } } @@ -618,15 +618,15 @@ _kdc_do_digest(krb5_context context, } if (ireq.u.digestRequest.identifier == NULL) { - krb5_set_error_string(context, "Identifier missing " - "from CHAP request"); ret = EINVAL; + krb5_set_error_message(context, ret, "Identifier missing " + "from CHAP request"); goto out; } if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) { - krb5_set_error_string(context, "failed to decode identifier"); ret = EINVAL; + krb5_set_error_message(context, ret, "failed to decode identifier"); goto out; } @@ -714,8 +714,8 @@ _kdc_do_digest(krb5_context context, MD5_Final(md, &ctx); hex_encode(md, sizeof(md), &A1); if (A1 == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto failed; } @@ -733,8 +733,8 @@ _kdc_do_digest(krb5_context context, MD5_Final(md, &ctx); hex_encode(md, sizeof(md), &A2); if (A2 == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); free(A1); goto failed; } @@ -795,15 +795,15 @@ _kdc_do_digest(krb5_context context, } if (ireq.u.digestRequest.clientNonce == NULL) { - krb5_set_error_string(context, - "MS-CHAP-V2 clientNonce missing"); ret = EINVAL; + krb5_set_error_message(context, ret, + "MS-CHAP-V2 clientNonce missing"); goto failed; } if (serverNonce.length != 16) { - krb5_set_error_string(context, - "MS-CHAP-V2 serverNonce wrong length"); ret = EINVAL; + krb5_set_error_message(context, ret, + "MS-CHAP-V2 serverNonce wrong length"); goto failed; } @@ -824,16 +824,16 @@ _kdc_do_digest(krb5_context context, clientNonce.data = malloc(clientNonce.length); if (clientNonce.data == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ssize = hex_decode(*ireq.u.digestRequest.clientNonce, clientNonce.data, clientNonce.length); if (ssize != 16) { - krb5_set_error_string(context, - "Failed to decode clientNonce"); ret = ENOMEM; + krb5_set_error_message(context, ret, + "Failed to decode clientNonce"); goto out; } SHA1_Update(&ctx, clientNonce.data, ssize); @@ -852,18 +852,18 @@ _kdc_do_digest(krb5_context context, HDB_F_GET_CLIENT, NULL, &user); krb5_free_principal(context, clientprincipal); if (ret) { - krb5_set_error_string(context, - "MS-CHAP-V2 user %s not in database", - username); + krb5_set_error_message(context, ret, + "MS-CHAP-V2 user %s not in database", + username); goto failed; } ret = hdb_enctype2key(context, &user->entry, ETYPE_ARCFOUR_HMAC_MD5, &key); if (ret) { - krb5_set_error_string(context, - "MS-CHAP-V2 missing arcfour key %s", - username); + krb5_set_error_message(context, ret, + "MS-CHAP-V2 missing arcfour key %s", + username); goto failed; } @@ -872,7 +872,7 @@ _kdc_do_digest(krb5_context context, key->key.keyvalue.length, challange, &answer); if (ret) { - krb5_set_error_string(context, "NTLM missing arcfour key"); + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto failed; } @@ -967,8 +967,8 @@ _kdc_do_digest(krb5_context context, asprintf(&r.u.error.reason, "Unsupported digest type %s", ireq.u.digestRequest.type); if (r.u.error.reason == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.error.code = EINVAL; @@ -1021,29 +1021,29 @@ _kdc_do_digest(krb5_context context, r.u.ntlmInitReply.targetname = get_ntlm_targetname(context, client); if (r.u.ntlmInitReply.targetname == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.ntlmInitReply.challange.data = malloc(8); if (r.u.ntlmInitReply.challange.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.ntlmInitReply.challange.length = 8; if (RAND_bytes(r.u.ntlmInitReply.challange.data, r.u.ntlmInitReply.challange.length) != 1) - { - krb5_set_error_string(context, "out of random error"); - ret = ENOMEM; - goto out; - } + { + ret = ENOMEM; + krb5_set_error_message(context, ret, "out of random error"); + goto out; + } /* XXX fix targetinfo */ ALLOC(r.u.ntlmInitReply.targetinfo); if (r.u.ntlmInitReply.targetinfo == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -1052,8 +1052,8 @@ _kdc_do_digest(krb5_context context, client, r.u.ntlmInitReply.targetinfo); if (ret) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -1064,14 +1064,14 @@ _kdc_do_digest(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8); if (ret != 8) { ret = ENOMEM; - krb5_set_error_string(context, "storage write challange"); + krb5_set_error_message(context, ret, "storage write challange"); goto out; } ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags); @@ -1127,8 +1127,8 @@ _kdc_do_digest(krb5_context context, HDB_F_GET_CLIENT, NULL, &user); krb5_free_principal(context, clientprincipal); if (ret) { - krb5_set_error_string(context, "NTLM user %s not in database", - ireq.u.ntlmRequest.username); + krb5_set_error_message(context, ret, "NTLM user %s not in database", + ireq.u.ntlmRequest.username); goto failed; } @@ -1150,33 +1150,33 @@ _kdc_do_digest(krb5_context context, sp = krb5_storage_from_data(&buf); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_storage_read(sp, challange, sizeof(challange)); if (ret != sizeof(challange)) { - krb5_set_error_string(context, "NTLM storage read challange"); ret = ENOMEM; + krb5_set_error_message(context, ret, "NTLM storage read challange"); goto out; } ret = krb5_ret_uint32(sp, &flags); if (ret) { - krb5_set_error_string(context, "NTLM storage read flags"); + krb5_set_error_message(context, ret, "NTLM storage read flags"); goto out; } krb5_data_free(&buf); if ((flags & NTLM_NEG_NTLM) == 0) { ret = EINVAL; - krb5_set_error_string(context, "NTLM not negotiated"); + krb5_set_error_message(context, ret, "NTLM not negotiated"); goto out; } ret = hdb_enctype2key(context, &user->entry, ETYPE_ARCFOUR_HMAC_MD5, &key); if (ret) { - krb5_set_error_string(context, "NTLM missing arcfour key"); + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto out; } @@ -1194,8 +1194,8 @@ _kdc_do_digest(krb5_context context, targetname = get_ntlm_targetname(context, client); if (targetname == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -1213,7 +1213,7 @@ _kdc_do_digest(krb5_context context, sessionkey); free(targetname); if (ret) { - krb5_set_error_string(context, "NTLM v2 verify failed"); + krb5_set_error_message(context, ret, "NTLM v2 verify failed"); goto failed; } @@ -1238,9 +1238,9 @@ _kdc_do_digest(krb5_context context, } if (ireq.u.ntlmRequest.lm.length != 24) { - krb5_set_error_string(context, "LM hash have wrong length " - "for NTLM session key"); ret = EINVAL; + krb5_set_error_message(context, ret, "LM hash have wrong length " + "for NTLM session key"); goto failed; } @@ -1260,18 +1260,18 @@ _kdc_do_digest(krb5_context context, key->key.keyvalue.length, challange, &answer); if (ret) { - krb5_set_error_string(context, "NTLM missing arcfour key"); + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto failed; } if (ireq.u.ntlmRequest.ntlm.length != answer.length || memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0) - { - free(answer.data); - ret = EINVAL; - krb5_set_error_string(context, "NTLM hash mismatch"); - goto failed; - } + { + free(answer.data); + ret = EINVAL; + krb5_set_error_message(context, ret, "NTLM hash mismatch"); + goto failed; + } free(answer.data); { @@ -1290,18 +1290,19 @@ _kdc_do_digest(krb5_context context, size_t len; if ((flags & NTLM_NEG_KEYEX) == 0) { - krb5_set_error_string(context, - "NTLM client failed to neg key " - "exchange but still sent key"); ret = EINVAL; + krb5_set_error_message(context, ret, + "NTLM client failed to neg key " + "exchange but still sent key"); goto failed; } len = ireq.u.ntlmRequest.sessionkey->length; if (len != sizeof(masterkey)){ - krb5_set_error_string(context, - "NTLM master key wrong length: %lu", - (unsigned long)len); + ret = EINVAL; + krb5_set_error_message(context, ret, + "NTLM master key wrong length: %lu", + (unsigned long)len); goto failed; } @@ -1315,14 +1316,15 @@ _kdc_do_digest(krb5_context context, r.u.ntlmResponse.sessionkey = malloc(sizeof(*r.u.ntlmResponse.sessionkey)); if (r.u.ntlmResponse.sessionkey == NULL) { - krb5_set_error_string(context, "out of memory"); + ret = EINVAL; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_data_copy(r.u.ntlmResponse.sessionkey, masterkey, sizeof(masterkey)); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } } @@ -1354,11 +1356,11 @@ _kdc_do_digest(krb5_context context, break; default: { - char *s; - krb5_set_error_string(context, "unknown operation to digest"); + const char *s; ret = EINVAL; + krb5_set_error_message(context, ret, "unknown operation to digest"); - failed: + failed: s = krb5_get_error_message(context, ret); if (s == NULL) { @@ -1370,10 +1372,10 @@ _kdc_do_digest(krb5_context context, r.element = choice_DigestRepInner_error; r.u.error.reason = strdup("unknown error"); - krb5_free_error_string(context, s); + krb5_free_error_message(context, s); if (r.u.error.reason == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.error.code = EINVAL; @@ -1383,7 +1385,7 @@ _kdc_do_digest(krb5_context context, ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode inner digest reply"); + krb5_set_error_message(context, ret, "Failed to encode inner digest reply"); goto out; } if (size != buf.length) @@ -1414,14 +1416,14 @@ _kdc_do_digest(krb5_context context, ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode digest reply"); + krb5_set_error_message(context, ret, "Failed to encode digest reply"); goto out; } if (size != reply->length) krb5_abortx(context, "ASN1 internal error"); -out: + out: if (ac) krb5_auth_con_free(context, ac); if (ret) diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index e91af8ced..56553a863 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -1807,7 +1807,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, if (tkt->authorization_data == NULL) { tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data)); if (tkt->authorization_data == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } } @@ -1822,7 +1822,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, ret = add_AuthorizationData(&ad, &ade); if (ret) { - krb5_set_error_string(context, "add AuthorizationData failed"); + krb5_set_error_message(context, ret, "add AuthorizationData failed"); return ret; } @@ -1833,8 +1833,8 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, &ad, &size, ret); free_AuthorizationData(&ad); if (ret) { - krb5_set_error_string(context, "ASN.1 encode of " - "AuthorizationData failed"); + krb5_set_error_message(context, ret, "ASN.1 encode of " + "AuthorizationData failed"); return ret; } if (ade.ad_data.length != size) @@ -1843,7 +1843,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, ret = add_AuthorizationData(tkt->authorization_data, &ade); der_free_octet_string(&ade.ad_data); if (ret) { - krb5_set_error_string(context, "add AuthorizationData failed"); + krb5_set_error_message(context, ret, "add AuthorizationData failed"); return ret; } } diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c index 4ac3b400c..3a2f08231 100644 --- a/kdc/krb5tgs.c +++ b/kdc/krb5tgs.c @@ -80,8 +80,8 @@ find_KRB5SignedPath(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "IF_RELEVANT with %d", ret); + krb5_set_error_message(context, ret, "Failed to decode " + "IF_RELEVANT with %d", ret); return ret; } @@ -305,8 +305,8 @@ check_PAC(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "IF_RELEVANT with %d", ret); + krb5_set_error_message(context, ret, "Failed to decode " + "IF_RELEVANT with %d", ret); return ret; } for (j = 0; j < child.len; j++) { @@ -1338,7 +1338,7 @@ build_server_referral(krb5_context context, return 0; eout: free_PA_ServerReferralData(&ref); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/kdc/kx509.c b/kdc/kx509.c index 06a667b39..33991d190 100644 --- a/kdc/kx509.c +++ b/kdc/kx509.c @@ -67,8 +67,9 @@ verify_req_hash(krb5_context context, HMAC_CTX ctx; if (req->pk_hash.length != sizeof(digest)) { - krb5_set_error_string(context, "pk-hash have wrong length: %lu", - (unsigned long)req->pk_hash.length); + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + "pk-hash have wrong length: %lu", + (unsigned long)req->pk_hash.length); return KRB5KDC_ERR_PREAUTH_FAILED; } @@ -84,7 +85,8 @@ verify_req_hash(krb5_context context, HMAC_CTX_cleanup(&ctx); if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { - krb5_set_error_string(context, "pk-hash is not correct"); + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + "pk-hash is not correct"); return KRB5KDC_ERR_PREAUTH_FAILED; } return 0; @@ -106,7 +108,7 @@ calculate_reply_hash(krb5_context context, rep->hash->data = malloc(rep->hash->length); if (rep->hash->data == NULL) { HMAC_CTX_cleanup(&ctx); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -276,7 +278,7 @@ out: hx509_cert_free(signer); if (hxctx) hx509_context_free(&hxctx); - krb5_set_error_string(context, "cert creation failed"); + krb5_set_error_message(context, ret, "cert creation failed"); return ret; } @@ -354,16 +356,18 @@ _kdc_do_kx509(krb5_context context, krb5_free_principal(context, principal); if (ret != TRUE) { ret = KRB5KDC_ERR_SERVER_NOMATCH; - krb5_set_error_string(context, - "User %s used wrong Kx509 service principal", - cname); + krb5_set_error_message(context, ret, + "User %s used wrong Kx509 service principal", + cname); goto out; } } ret = krb5_auth_con_getkey(context, ac, &key); - if (ret || key == NULL) { - krb5_set_error_string(context, "Kx509 can't get session key"); + if (ret == 0 && key == NULL) + ret = KRB5KDC_ERR_NULL_KEY; + if (ret) { + krb5_set_error_message(context, ret, "Kx509 can't get session key"); goto out; } @@ -414,7 +418,7 @@ _kdc_do_kx509(krb5_context context, ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode kx509 reply"); + krb5_set_error_message(context, ret, "Failed to encode kx509 reply"); goto out; } if (size != data.length) diff --git a/kdc/misc.c b/kdc/misc.c index 60d7dc286..0c64dd568 100644 --- a/kdc/misc.c +++ b/kdc/misc.c @@ -51,7 +51,7 @@ _kdc_db_fetch(krb5_context context, ent = calloc (1, sizeof (*ent)); if (ent == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -76,8 +76,8 @@ _kdc_db_fetch(krb5_context context, } } free(ent); - krb5_set_error_string(context, "no such entry found in hdb"); - return HDB_ERR_NOENTRY; + krb5_set_error_message(context, HDB_ERR_NOENTRY, "no such entry found in hdb"); + return HDB_ERR_NOENTRY; } void @@ -116,7 +116,8 @@ _kdc_get_preferred_key(krb5_context context, } } - krb5_set_error_string(context, "No valid kerberos key found for %s", name); + krb5_set_error_message(context, EINVAL, + "No valid kerberos key found for %s", name); return EINVAL; } diff --git a/kdc/pkinit.c b/kdc/pkinit.c index 8f4813e1d..57767c4f4 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -187,13 +187,13 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, memset(&key, 0, sizeof(key)); if (!DH_generate_key(client_params->dh)) { - krb5_set_error_string(context, "Can't generate Diffie-Hellman keys"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "Can't generate Diffie-Hellman keys"); goto out; } if (client_params->dh_public_key == NULL) { - krb5_set_error_string(context, "dh_public_key"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "dh_public_key"); goto out; } @@ -204,8 +204,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, dh_gen_key = malloc(size); if (dh_gen_key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } memset(dh_gen_key, 0, size - dh_gen_keylen); @@ -214,8 +214,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, client_params->dh_public_key, client_params->dh); if (dh_gen_keylen == -1) { - krb5_set_error_string(context, "Can't compute Diffie-Hellman key"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "Can't compute Diffie-Hellman key"); goto out; } @@ -241,7 +241,8 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f) bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); if (bn == NULL) { - krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT: parsing BN failed %s", field); return NULL; } BN_set_negative(bn, f->negative); @@ -261,13 +262,14 @@ get_dh_param(krb5_context context, memset(&dhparam, 0, sizeof(dhparam)); if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) { - krb5_set_error_string(context, - "PKINIT invalid oid in clientPublicValue"); + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT invalid oid in clientPublicValue"); return KRB5_BADMSGTYPE; } if (dh_key_info->algorithm.parameters == NULL) { - krb5_set_error_string(context, "PKINIT missing algorithm parameter " + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT missing algorithm parameter " "in clientPublicValue"); return KRB5_BADMSGTYPE; } @@ -277,15 +279,16 @@ get_dh_param(krb5_context context, &dhparam, NULL); if (ret) { - krb5_set_error_string(context, "Can't decode algorithm " - "parameters in clientPublicValue"); + krb5_set_error_message(context, ret, "Can't decode algorithm " + "parameters in clientPublicValue"); goto out; } if ((dh_key_info->subjectPublicKey.length % 8) != 0) { ret = KRB5_BADMSGTYPE; - krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned " - "to 8 bit boundary"); + krb5_set_error_message(context, ret, + "PKINIT: subjectPublicKey not aligned " + "to 8 bit boundary"); goto out; } @@ -300,8 +303,8 @@ get_dh_param(krb5_context context, dh = DH_new(); if (dh == NULL) { - krb5_set_error_string(context, "Cannot create DH structure"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Cannot create DH structure"); goto out; } ret = KRB5_BADMSGTYPE; @@ -332,8 +335,10 @@ get_dh_param(krb5_context context, "subjectPublicKey", &glue); der_free_heim_integer(&glue); - if (client_params->dh_public_key == NULL) + if (client_params->dh_public_key == NULL) { + ret = KRB5_BADMSGTYPE; goto out; + } } client_params->dh = dh; @@ -389,8 +394,8 @@ _kdc_pk_rd_padata(krb5_context context, &r, NULL); if (ret) { - krb5_set_error_string(context, "Can't decode " - "PK-AS-REQ-Win2k: %d", ret); + krb5_set_error_message(context, ret, "Can't decode " + "PK-AS-REQ-Win2k: %d", ret); goto out; } @@ -400,7 +405,8 @@ _kdc_pk_rd_padata(krb5_context context, &have_data); free_PA_PK_AS_REQ_Win2k(&r); if (ret) { - krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); + krb5_set_error_message(context, ret, + "Can't decode PK-AS-REQ: %d", ret); goto out; } @@ -414,7 +420,7 @@ _kdc_pk_rd_padata(krb5_context context, &r, NULL); if (ret) { - krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); + krb5_set_error_message(context, ret, "Can't decode PK-AS-REQ: %d", ret); goto out; } @@ -428,7 +434,7 @@ _kdc_pk_rd_padata(krb5_context context, 0, NULL, &client_params->client_anchors); if (ret) { - krb5_set_error_string(context, "Can't allocate client anchors: %d", ret); + krb5_set_error_message(context, ret, "Can't allocate client anchors: %d", ret); goto out; } @@ -443,7 +449,7 @@ _kdc_pk_rd_padata(krb5_context context, ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); if (ret) { - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "Failed to allocate hx509_query"); goto out; } @@ -480,7 +486,8 @@ _kdc_pk_rd_padata(krb5_context context, &have_data); free_PA_PK_AS_REQ(&r); if (ret) { - krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret); + krb5_set_error_message(context, ret, + "Can't unwrap ContentInfo: %d", ret); goto out; } @@ -492,16 +499,16 @@ _kdc_pk_rd_padata(krb5_context context, ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData()); if (ret != 0) { - krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content " - "type oid"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "PK-AS-REQ-Win2k invalid content type oid"); goto out; } if (!have_data) { - krb5_set_error_string(context, - "PK-AS-REQ-Win2k no signed auth pack"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "PK-AS-REQ-Win2k no signed auth pack"); goto out; } @@ -536,8 +543,8 @@ _kdc_pk_rd_padata(krb5_context context, if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 && der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0) { - krb5_set_error_string(context, "got wrong oid for pkauthdata"); ret = KRB5_BADMSGTYPE; + krb5_set_error_message(context, ret, "got wrong oid for pkauthdata"); goto out; } @@ -549,7 +556,7 @@ _kdc_pk_rd_padata(krb5_context context, &ap, NULL); if (ret) { - krb5_set_error_string(context, "can't decode AuthPack: %d", ret); + krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret); goto out; } @@ -565,8 +572,8 @@ _kdc_pk_rd_padata(krb5_context context, client_params->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { - krb5_set_error_string(context, "DH not supported for windows"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "DH not supported for windows"); goto out; } free_AuthPack_Win2k(&ap); @@ -579,7 +586,7 @@ _kdc_pk_rd_padata(krb5_context context, &ap, NULL); if (ret) { - krb5_set_error_string(context, "can't decode AuthPack: %d", ret); + krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret); free_AuthPack(&ap); goto out; } @@ -754,8 +761,8 @@ pk_mk_pa_reply_enckey(krb5_context context, free_ReplyKeyPack(&kp); } if (ret) { - krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack " - "failed (%d)", ret); + krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack " + "failed (%d)", ret); goto out; } if (buf.length != size) @@ -859,9 +866,8 @@ pk_mk_pa_reply_dh(krb5_context context, ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret); if (ret) { - krb5_set_error_string(context, "ASN.1 encoding of " - "DHPublicKey failed (%d)", ret); - krb5_clear_error_string(context); + krb5_set_error_message(context, ret, "ASN.1 encoding of " + "DHPublicKey failed (%d)", ret); return ret; } if (buf.length != size) @@ -875,8 +881,8 @@ pk_mk_pa_reply_dh(krb5_context context, ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size, ret); if (ret) { - krb5_set_error_string(context, "ASN.1 encoding of " - "KdcDHKeyInfo failed (%d)", ret); + krb5_set_error_message(context, ret, "ASN.1 encoding of " + "KdcDHKeyInfo failed (%d)", ret); goto out; } if (buf.length != size) @@ -975,8 +981,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, break; if (req->req_body.etype.len <= i) { ret = KRB5KRB_ERR_GENERIC; - krb5_set_error_string(context, - "No valid enctype available from client"); + krb5_set_error_message(context, ret, + "No valid enctype available from client"); goto out; } enctype = req->req_body.etype.val[i]; @@ -1020,8 +1026,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret); free_ContentInfo(&info); if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " - "failed %d", ret); + krb5_set_error_message(context, ret, "encoding of Key ContentInfo " + "failed %d", ret); free_PA_PK_AS_REP(&rep); goto out; } @@ -1053,8 +1059,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret); free_ContentInfo(&info); if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " - "failed %d", ret); + krb5_set_error_message(context, ret, "encoding of Key ContentInfo " + "failed %d", ret); free_PA_PK_AS_REP(&rep); goto out; } @@ -1070,8 +1076,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); free_PA_PK_AS_REP(&rep); if (ret) { - krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d", - ret); + krb5_set_error_message(context, ret, "encode PA-PK-AS-REP failed %d", + ret); goto out; } if (len != size) @@ -1084,8 +1090,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, ContentInfo info; if (client_params->dh) { - krb5_set_error_string(context, "Windows PK-INIT doesn't support DH"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "Windows PK-INIT doesn't support DH"); goto out; } @@ -1116,7 +1122,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret); free_ContentInfo(&info); if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " + krb5_set_error_message(context, ret, "encoding of Key ContentInfo " "failed %d", ret); free_PA_PK_AS_REP_Win2k(&rep); goto out; @@ -1127,7 +1133,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret); free_PA_PK_AS_REP_Win2k(&rep); if (ret) { - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "encode PA-PK-AS-REP-Win2k failed %d", ret); goto out; } @@ -1140,7 +1146,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret = krb5_padata_add(context, md, pa_type, buf, len); if (ret) { - krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret); + krb5_set_error_message(context, ret, "failed adding PA-PK-AS-REP %d", ret); free(buf); goto out; } @@ -1214,8 +1220,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, KRB5_PADATA_PA_PK_OCSP_RESPONSE, ocsp.data.data, ocsp.data.length); if (ret) { - krb5_set_error_string(context, - "Failed adding OCSP response %d", ret); + krb5_set_error_message(context, ret, + "Failed adding OCSP response %d", ret); goto out; } } @@ -1438,7 +1444,8 @@ _kdc_pk_check_client(krb5_context context, return 0; } - krb5_set_error_string(context, + ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + krb5_set_error_message(context, ret, "PKINIT no matching principals for %s", *subject_name); @@ -1449,7 +1456,7 @@ _kdc_pk_check_client(krb5_context context, free(*subject_name); *subject_name = NULL; - return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + return ret; } static krb5_error_code diff --git a/kdc/process.c b/kdc/process.c index 56a7cf99c..4d370ba48 100644 --- a/kdc/process.c +++ b/kdc/process.c @@ -177,14 +177,15 @@ krb5_kdc_save_request(krb5_context context, fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600); if (fd < 0) { - krb5_set_error_string(context, "Failed to open: %s", fn); - return errno; + int saved_errno = errno; + krb5_set_error_message(context, saved_errno, "Failed to open: %s", fn); + return saved_errno; } sp = krb5_storage_from_fd(fd); close(fd); if (sp == NULL) { - krb5_set_error_string(context, "Storage failed to open fd"); + krb5_set_error_message(context, ENOMEM, "Storage failed to open fd"); return ENOMEM; } diff --git a/kdc/set_dbinfo.c b/kdc/set_dbinfo.c index 651f4c4a4..7c0248388 100644 --- a/kdc/set_dbinfo.c +++ b/kdc/set_dbinfo.c @@ -55,7 +55,7 @@ krb5_kdc_set_dbinfo(krb5_context context, struct krb5_kdc_configuration *c) ptr = realloc(c->db, (c->num_db + 1) * sizeof(*c->db)); if (ptr == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } c->db = ptr; diff --git a/kdc/windc.c b/kdc/windc.c index 3eb6f2239..e057a3e6f 100644 --- a/kdc/windc.c +++ b/kdc/windc.c @@ -63,7 +63,7 @@ krb5_kdc_windc_init(krb5_context context) } if (e == NULL) { _krb5_plugin_free(list); - krb5_set_error_string(context, "Did not find any WINDC plugin"); + krb5_set_error_message(context, ENOENT, "Did not find any WINDC plugin"); windcft = NULL; return ENOENT; } @@ -91,7 +91,7 @@ _kdc_pac_verify(krb5_context context, krb5_pac *pac) { if (windcft == NULL) { - krb5_set_error_string(context, "Can't verify PAC, no function"); + krb5_set_error_message(context, EINVAL, "Can't verify PAC, no function"); return EINVAL; } return (windcft->pac_verify)(windcctx, context, diff --git a/lib/gssapi/krb5/display_status.c b/lib/gssapi/krb5/display_status.c index a5bbfd146..530feee6d 100644 --- a/lib/gssapi/krb5/display_status.c +++ b/lib/gssapi/krb5/display_status.c @@ -135,7 +135,7 @@ _gsskrb5_set_status (const char *fmt, ...) vasprintf(&str, fmt, args); va_end(args); if (str) { - krb5_set_error_string(context, str); + krb5_set_error_message(context, 0, str); free(str); } } diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c index 1dc259c86..e4e3976e7 100644 --- a/lib/gssapi/krb5/wrap.c +++ b/lib/gssapi/krb5/wrap.c @@ -61,7 +61,7 @@ _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx, ctx->auth_context, key); if (ret == 0 && *key == NULL) { - krb5_set_error_string(context, "No initiator subkey available"); + krb5_set_error_message(context, 0, "No initiator subkey available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return ret; @@ -85,7 +85,7 @@ _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx, key); } if (ret == 0 && *key == NULL) { - krb5_set_error_string(context, "No acceptor subkey available"); + krb5_set_error_message(context, 0, "No acceptor subkey available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return ret; @@ -106,7 +106,7 @@ _gsskrb5i_get_token_key(const gsskrb5_ctx ctx, _gsskrb5i_get_initiator_subkey(ctx, context, key); } if (*key == NULL) { - krb5_set_error_string(context, "No token key available"); + krb5_set_error_message(context, 0, "No token key available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return 0; diff --git a/lib/hdb/common.c b/lib/hdb/common.c index a4f264f36..01102fcc6 100644 --- a/lib/hdb/common.c +++ b/lib/hdb/common.c @@ -275,7 +275,7 @@ _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) struct timeval t; entry->entry.generation = malloc(sizeof(*entry->entry.generation)); if(entry->entry.generation == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } gettimeofday(&t, NULL); diff --git a/lib/hdb/db.c b/lib/hdb/db.c index f38a156ee..a598e9e1a 100644 --- a/lib/hdb/db.c +++ b/lib/hdb/db.c @@ -68,8 +68,8 @@ DB_lock(krb5_context context, HDB *db, int operation) DB *d = (DB*)db->hdb_db; int fd = (*d->fd)(d); if(fd < 0) { - krb5_set_error_string(context, - "Can't lock database: %s", db->hdb_name); + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "Can't lock database: %s", db->hdb_name); return HDB_ERR_CANT_LOCK_DB; } return hdb_lock(fd, operation); @@ -81,8 +81,8 @@ DB_unlock(krb5_context context, HDB *db) DB *d = (DB*)db->hdb_db; int fd = (*d->fd)(d); if(fd < 0) { - krb5_set_error_string(context, - "Can't unlock database: %s", db->hdb_name); + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "Can't unlock database: %s", db->hdb_name); return HDB_ERR_CANT_LOCK_DB; } return hdb_unlock(fd); @@ -100,15 +100,15 @@ DB_seq(krb5_context context, HDB *db, code = db->hdb_lock(context, db, HDB_RLOCK); if(code == -1) { - krb5_set_error_string(context, "Database %s in use", db->hdb_name); + krb5_set_error_message(context, HDB_ERR_DB_INUSE, "Database %s in use", db->hdb_name); return HDB_ERR_DB_INUSE; } code = (*d->seq)(d, &key, &value, flag); db->hdb_unlock(context, db); /* XXX check value */ if(code == -1) { code = errno; - krb5_set_error_string(context, "Database %s seq error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s seq error: %s", + db->hdb_name, strerror(code)); return code; } if(code == 1) { @@ -131,8 +131,8 @@ DB_seq(krb5_context context, HDB *db, if (code == 0 && entry->entry.principal == NULL) { entry->entry.principal = malloc(sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); code = ENOMEM; + krb5_set_error_message(context, code, "malloc: out of memory"); hdb_free_entry (context, entry); } else { hdb_key2principal(context, &key_data, entry->entry.principal); @@ -190,8 +190,8 @@ DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) db->hdb_unlock(context, db); if(code < 0) { code = errno; - krb5_set_error_string(context, "Database %s get error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s get error: %s", + db->hdb_name, strerror(code)); return code; } if(code == 1) { @@ -222,8 +222,8 @@ DB__put(krb5_context context, HDB *db, int replace, db->hdb_unlock(context, db); if(code < 0) { code = errno; - krb5_set_error_string(context, "Database %s put error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s put error: %s", + db->hdb_name, strerror(code)); return code; } if(code == 1) { @@ -248,8 +248,8 @@ DB__del(krb5_context context, HDB *db, krb5_data key) db->hdb_unlock(context, db); if(code == 1) { code = errno; - krb5_set_error_string(context, "Database %s put error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s put error: %s", + db->hdb_name, strerror(code)); return code; } if(code < 0) @@ -265,7 +265,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) asprintf(&fn, "%s.db", db->hdb_name); if (fn == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL); @@ -275,7 +275,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL); if(db->hdb_db == NULL) { ret = errno; - krb5_set_error_string(context, "dbopen (%s): %s", + krb5_set_error_message(context, ret, "dbopen (%s): %s", db->hdb_name, strerror(ret)); return ret; } @@ -289,7 +289,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) } if (ret) { DB_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", + krb5_set_error_message(context, ret, "hdb_open: failed %s database %s", (flags & O_ACCMODE) == O_RDONLY ? "checking format of" : "initialize", db->hdb_name); @@ -303,16 +303,16 @@ hdb_db_create(krb5_context context, HDB **db, { *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_master_key_set = 0; diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c index faac9986e..6c6a058d9 100644 --- a/lib/hdb/db3.c +++ b/lib/hdb/db3.c @@ -125,7 +125,7 @@ DB_seq(krb5_context context, HDB *db, entry->entry.principal = malloc(sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { hdb_free_entry (context, entry); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } else { hdb_key2principal(context, &key_data, entry->entry.principal); @@ -264,7 +264,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) asprintf(&fn, "%s.db", db->hdb_name); if (fn == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } db_create(&d, NULL, 0); @@ -289,7 +289,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) if (ret) { free(fn); - krb5_set_error_string(context, "opening %s: %s", + krb5_set_error_message(context, ret, "opening %s: %s", db->hdb_name, strerror(ret)); return ret; } @@ -297,7 +297,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) ret = (*d->cursor)(d, NULL, &dbc, 0); if (ret) { - krb5_set_error_string(context, "d->cursor: %s", strerror(ret)); + krb5_set_error_message(context, ret, "d->cursor: %s", strerror(ret)); return ret; } db->hdb_dbc = dbc; @@ -310,10 +310,10 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) return 0; if (ret) { DB_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", - (flags & O_ACCMODE) == O_RDONLY ? - "checking format of" : "initialize", - db->hdb_name); + krb5_set_error_message(context, ret, "hdb_open: failed %s database %s", + (flags & O_ACCMODE) == O_RDONLY ? + "checking format of" : "initialize", + db->hdb_name); } return ret; @@ -325,16 +325,16 @@ hdb_db_create(krb5_context context, HDB **db, { *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_master_key_set = 0; diff --git a/lib/hdb/dbinfo.c b/lib/hdb/dbinfo.c index 94d8a0e7f..67b9fc6ec 100644 --- a/lib/hdb/dbinfo.c +++ b/lib/hdb/dbinfo.c @@ -63,7 +63,7 @@ get_dbinfo(krb5_context context, di = calloc(1, sizeof(*di)); if (di == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } di->label = strdup(label); diff --git a/lib/hdb/ext.c b/lib/hdb/ext.c index b9ab626e8..92147254e 100644 --- a/lib/hdb/ext.c +++ b/lib/hdb/ext.c @@ -53,8 +53,9 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) choice_HDB_extension_data_asn1_ellipsis) continue; if (ent->extensions->val[i].mandatory) { - krb5_set_error_string(context, "Principal have unknown " - "mandatory extension"); + krb5_set_error_message(context, HDB_ERR_MANDATORY_OPTION, + "Principal have unknown " + "mandatory extension"); return HDB_ERR_MANDATORY_OPTION; } } @@ -95,7 +96,7 @@ hdb_replace_extension(krb5_context context, if (entry->extensions == NULL) { entry->extensions = calloc(1, sizeof(*entry->extensions)); if (entry->extensions == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) { @@ -120,8 +121,8 @@ hdb_replace_extension(krb5_context context, &replace_class, &replace_type, &replace_tag, &size); if (ret) { - krb5_set_error_string(context, "hdb: failed to decode " - "replacement hdb extention"); + krb5_set_error_message(context, ret, "hdb: failed to decode " + "replacement hdb extention"); return ret; } @@ -136,8 +137,8 @@ hdb_replace_extension(krb5_context context, &list_class, &list_type, &list_tag, &size); if (ret) { - krb5_set_error_string(context, "hdb: failed to decode " - "present hdb extention"); + krb5_set_error_message(context, ret, "hdb: failed to decode " + "present hdb extention"); return ret; } @@ -153,15 +154,15 @@ hdb_replace_extension(krb5_context context, free_HDB_extension(ext2); ret = copy_HDB_extension(ext, ext2); if (ret) - krb5_set_error_string(context, "hdb: failed to copy replacement " - "hdb extention"); + krb5_set_error_message(context, ret, "hdb: failed to copy replacement " + "hdb extention"); return ret; } es = realloc(entry->extensions->val, (entry->extensions->len+1)*sizeof(entry->extensions->val[0])); if (es == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } entry->extensions->val = es; @@ -171,7 +172,7 @@ hdb_replace_extension(krb5_context context, if (ret == 0) entry->extensions->len++; else - krb5_set_error_string(context, "hdb: failed to copy new extension"); + krb5_set_error_message(context, ret, "hdb: failed to copy new extension"); return ret; } @@ -283,8 +284,9 @@ hdb_entry_get_password(krb5_context context, HDB *db, db->hdb_master_key); if (key == NULL) { - krb5_set_error_string(context, "master key %d missing", - *ext->data.u.password.mkvno); + krb5_set_error_message(context, HDB_ERR_NO_MKEY, + "master key %d missing", + *ext->data.u.password.mkvno); return HDB_ERR_NO_MKEY; } @@ -302,7 +304,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, str = pw.data; if (str[pw.length - 1] != '\0') { - krb5_set_error_string(context, "password malformated"); + krb5_set_error_message(context, EINVAL, "password malformated"); return EINVAL; } @@ -310,7 +312,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, der_free_octet_string(&pw); if (*p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -318,7 +320,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, ret = krb5_unparse_name(context, entry->principal, &str); if (ret == 0) { - krb5_set_error_string(context, "no password attributefor %s", str); + krb5_set_error_message(context, ENOENT, "no password attributefor %s", str); free(str); } else krb5_clear_error_string(context); @@ -341,8 +343,9 @@ hdb_entry_set_password(krb5_context context, HDB *db, key = _hdb_find_master_key(NULL, db->hdb_master_key); if (key == NULL) { - krb5_set_error_string(context, "hdb_entry_set_password: " - "failed to find masterkey"); + krb5_set_error_message(context, HDB_ERR_NO_MKEY, + "hdb_entry_set_password: " + "failed to find masterkey"); return HDB_ERR_NO_MKEY; } @@ -356,7 +359,7 @@ hdb_entry_set_password(krb5_context context, HDB *db, malloc(sizeof(*ext.data.u.password.mkvno)); if (ext.data.u.password.mkvno == NULL) { free_HDB_extension(&ext); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *ext.data.u.password.mkvno = _hdb_mkey_version(key); @@ -367,7 +370,7 @@ hdb_entry_set_password(krb5_context context, HDB *db, ret = krb5_data_copy(&ext.data.u.password.password, p, strlen(p) + 1); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); free_HDB_extension(&ext); return ret; } diff --git a/lib/hdb/hdb-ldap.c b/lib/hdb/hdb-ldap.c index 900366af9..438cd7320 100644 --- a/lib/hdb/hdb-ldap.c +++ b/lib/hdb/hdb-ldap.c @@ -121,8 +121,9 @@ LDAP_no_size_limit(krb5_context context, LDAP *lp) ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit); if (ret != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_set_option: %s", - ldap_err2string(ret)); + krb5_set_error_message(context, HDB_ERR_BADVERSION, + "ldap_set_option: %s", + ldap_err2string(ret)); return HDB_ERR_BADVERSION; } return 0; @@ -295,8 +296,9 @@ LDAP_addmod_integer(krb5_context context, ret = asprintf(&buf, "%ld", l); if (ret < 0) { - krb5_set_error_string(context, "asprintf: out of memory:"); - return ret; + krb5_set_error_message(context, ENOMEM, + "asprintf: out of memory:"); + return ENOMEM; } ret = LDAP_addmod(mods, modop, attribute, buf); free (buf); @@ -638,9 +640,9 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, /* store in ntPassword, not krb5key */ ret = hex_encode(nt, 16, &ntHexPassword); if (ret < 0) { - krb5_set_error_string(context, "hdb-ldap: failed to " - "hex encode key"); ret = ENOMEM; + krb5_set_error_message(context, ret, "hdb-ldap: failed to " + "hex encode key"); goto out; } ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword", @@ -751,10 +753,10 @@ LDAP_dn2principal(krb5_context context, HDB * db, const char *dn, NULL, NULL, NULL, 0, &res); if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, "ldap_search_ext_s: " - "filter: %s error: %s", - filter, ldap_err2string(rc)); ret = HDB_ERR_NOENTRY; + krb5_set_error_message(context, ret, "ldap_search_ext_s: " + "filter: %s error: %s", + filter, ldap_err2string(rc)); goto out; } @@ -799,8 +801,8 @@ LDAP__lookup_princ(krb5_context context, "(&(objectClass=krb5Principal)(krb5PrincipalName=%s))", princname); if (rc < 0) { - krb5_set_error_string(context, "asprintf: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "asprintf: out of memory"); goto out; } @@ -814,10 +816,10 @@ LDAP__lookup_princ(krb5_context context, NULL, NULL, NULL, 0, msg); if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, "ldap_search_ext_s: " + ret = HDB_ERR_NOENTRY; + krb5_set_error_message(context, ret, "ldap_search_ext_s: " "filter: %s - error: %s", filter, ldap_err2string(rc)); - ret = HDB_ERR_NOENTRY; goto out; } @@ -831,8 +833,8 @@ LDAP__lookup_princ(krb5_context context, "(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))", structural_object, userid); if (rc < 0) { - krb5_set_error_string(context, "asprintf: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "asprintf: out of memory"); goto out; } @@ -845,10 +847,10 @@ LDAP__lookup_princ(krb5_context context, NULL, NULL, NULL, 0, msg); if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, - "ldap_search_ext_s: filter: %s error: %s", - filter, ldap_err2string(rc)); ret = HDB_ERR_NOENTRY; + krb5_set_error_message(context, ret, + "ldap_search_ext_s: filter: %s error: %s", + filter, ldap_err2string(rc)); goto out; } } @@ -930,7 +932,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, if (ret) goto out; } else { - krb5_set_error_string(context, "hdb-ldap: ldap entry missing" + krb5_set_error_message(context, HDB_ERR_NOENTRY, + "hdb-ldap: ldap entry missing" "principal name"); return HDB_ERR_NOENTRY; } @@ -954,8 +957,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.keys.len = ldap_count_values_len(keys); ent->entry.keys.val = (Key *) calloc(ent->entry.keys.len, sizeof(Key)); if (ent->entry.keys.val == NULL) { - krb5_set_error_string(context, "calloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "calloc: out of memory"); goto out; } for (i = 0; i < ent->entry.keys.len; i++) { @@ -984,16 +987,16 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); if (ent->entry.etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret,"malloc: out of memory"); goto out; } ent->entry.etypes->len = ldap_count_values_len(vals); ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); if (ent->entry.etypes->val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ent->entry.etypes->len = 0; ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); + ent->entry.etypes->len = 0; goto out; } for (i = 0; i < ent->entry.etypes->len; i++) { @@ -1001,8 +1004,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, buf = malloc(vals[i]->bv_len + 1); if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } memcpy(buf, vals[i]->bv_val, vals[i]->bv_len); @@ -1031,8 +1034,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, (ent->entry.keys.len + 1) * sizeof(ent->entry.keys.val[0])); if (keys == NULL) { free(ntPasswordIN); - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ent->entry.keys.val = keys; @@ -1040,7 +1043,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.keys.val[ent->entry.keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5; ret = krb5_data_alloc (&ent->entry.keys.val[ent->entry.keys.len].key.keyvalue, 16); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); free(ntPasswordIN); ret = ENOMEM; goto out; @@ -1052,8 +1055,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, if (ent->entry.etypes == NULL) { ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); if (ent->entry.etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ent->entry.etypes->val = NULL; @@ -1069,8 +1072,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, (ent->entry.etypes->len + 1) * sizeof(ent->entry.etypes->val[0])); if (etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ent->entry.etypes->val = etypes; @@ -1098,8 +1101,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.modified_by = (Event *) malloc(sizeof(Event)); if (ent->entry.modified_by == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp", @@ -1116,8 +1119,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.valid_start = malloc(sizeof(*ent->entry.valid_start)); if (ent->entry.valid_start == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart", @@ -1130,8 +1133,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end)); if (ent->entry.valid_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd", @@ -1147,8 +1150,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, if (ent->entry.valid_end == NULL) { ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end)); if (ent->entry.valid_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } } @@ -1157,8 +1160,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end)); if (ent->entry.pw_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd", @@ -1174,8 +1177,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, if (ent->entry.pw_end == NULL) { ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end)); if (ent->entry.pw_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } } @@ -1192,8 +1195,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.max_life = malloc(sizeof(*ent->entry.max_life)); if (ent->entry.max_life == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", &max_life); @@ -1209,8 +1212,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.max_renew = malloc(sizeof(*ent->entry.max_renew)); if (ent->entry.max_renew == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", &max_renew); @@ -1370,13 +1373,13 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) parserc = ldap_parse_result(HDB2LDAP(db), e, NULL, NULL, NULL, NULL, NULL, 1); + ret = HDB_ERR_NOENTRY; if (parserc != LDAP_SUCCESS && parserc != LDAP_MORE_RESULTS_TO_RETURN) { - krb5_set_error_string(context, "ldap_parse_result: %s", - ldap_err2string(parserc)); + krb5_set_error_message(context, ret, "ldap_parse_result: %s", + ldap_err2string(parserc)); ldap_abandon_ext(HDB2LDAP(db), msgid, NULL, NULL); } - ret = HDB_ERR_NOENTRY; HDBSETMSGID(db, -1); break; case LDAP_SERVER_DOWN: @@ -1471,16 +1474,16 @@ LDAP__connect(krb5_context context, HDB * db) rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, HDB2URL(db)); if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_initialize: %s", - ldap_err2string(rc)); + krb5_set_error_message(context, HDB_ERR_NOENTRY, "ldap_initialize: %s", + ldap_err2string(rc)); return HDB_ERR_NOENTRY; } rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION, (const void *)&version); if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_set_option: %s", - ldap_err2string(rc)); + krb5_set_error_message(context, HDB_ERR_BADVERSION, + "ldap_set_option: %s", ldap_err2string(rc)); LDAP_close(context, db); return HDB_ERR_BADVERSION; } @@ -1488,8 +1491,8 @@ LDAP__connect(krb5_context context, HDB * db) rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv, NULL, NULL, NULL); if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_sasl_bind_s: %s", - ldap_err2string(rc)); + krb5_set_error_message(context, HDB_ERR_BADVERSION, + "ldap_sasl_bind_s: %s", ldap_err2string(rc)); LDAP_close(context, db); return HDB_ERR_BADVERSION; } @@ -1581,8 +1584,8 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags, if (e == NULL) { ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db)); if (ret < 0) { - krb5_set_error_string(context, "asprintf: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "asprintf: out of memory"); goto out; } } else if (flags & HDB_F_REPLACE) { @@ -1609,9 +1612,9 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags, char *ld_error = NULL; ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING, &ld_error); - krb5_set_error_string(context, "%s: %s (DN=%s) %s: %s", - errfn, name, dn, ldap_err2string(rc), ld_error); ret = HDB_ERR_CANT_LOCK_DB; + krb5_set_error_message(context, ret, "%s: %s (DN=%s) %s: %s", + errfn, name, dn, ldap_err2string(rc), ld_error); } else ret = 0; @@ -1655,17 +1658,17 @@ LDAP_remove(krb5_context context, HDB *db, krb5_const_principal principal) rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit); if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_set_option: %s", - ldap_err2string(rc)); ret = HDB_ERR_BADVERSION; + krb5_set_error_message(context, ret, "ldap_set_option: %s", + ldap_err2string(rc)); goto out; } rc = ldap_delete_ext_s(HDB2LDAP(db), dn, NULL, NULL ); if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, "ldap_delete_ext_s: %s", - ldap_err2string(rc)); ret = HDB_ERR_CANT_LOCK_DB; + krb5_set_error_message(context, ret, "ldap_delete_ext_s: %s", + ldap_err2string(rc)); } else ret = 0; @@ -1710,7 +1713,7 @@ hdb_ldap_common(krb5_context context, const char *create_base = NULL; if (search_base == NULL && search_base[0] == '\0') { - krb5_set_error_string(context, "ldap search base not configured"); + krb5_set_error_message(context, ENOMEM, "ldap search base not configured"); return ENOMEM; /* XXX */ } @@ -1723,7 +1726,7 @@ hdb_ldap_common(krb5_context context, p = default_structural_object; structural_object = strdup(p); if (structural_object == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } @@ -1734,16 +1737,16 @@ hdb_ldap_common(krb5_context context, *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memset(*db, 0, sizeof(**db)); h = calloc(1, sizeof(*h)); if (h == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = h; @@ -1751,8 +1754,8 @@ hdb_ldap_common(krb5_context context, /* XXX */ if (asprintf(&(*db)->hdb_name, "ldap:%s", search_base) == -1) { LDAP_destroy(context, *db); - krb5_set_error_string(context, "strdup: out of memory"); *db = NULL; + krb5_set_error_message(context, ENOMEM, "strdup: out of memory"); return ENOMEM; } @@ -1760,8 +1763,8 @@ hdb_ldap_common(krb5_context context, h->h_base = strdup(search_base); if (h->h_url == NULL || h->h_base == NULL) { LDAP_destroy(context, *db); - krb5_set_error_string(context, "strdup: out of memory"); *db = NULL; + krb5_set_error_message(context, ENOMEM, "strdup: out of memory"); return ENOMEM; } @@ -1773,8 +1776,8 @@ hdb_ldap_common(krb5_context context, h->h_createbase = strdup(create_base); if (h->h_createbase == NULL) { LDAP_destroy(context, *db); - krb5_set_error_string(context, "strdup: out of memory"); *db = NULL; + krb5_set_error_message(context, ENOMEM, "strdup: out of memory"); return ENOMEM; } @@ -1812,14 +1815,15 @@ hdb_ldapi_create(krb5_context context, HDB ** db, const char *arg) asprintf(&p, "ldapi:%s", arg); if (p == NULL) { - krb5_set_error_string(context, "out of memory"); *db = NULL; + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } search_base = strchr(p + strlen("ldapi://"), ':'); if (search_base == NULL) { - krb5_set_error_string(context, "search base missing"); *db = NULL; + krb5_set_error_message(context, HDB_ERR_BADVERSION, + "search base missing"); return HDB_ERR_BADVERSION; } *search_base = '\0'; diff --git a/lib/hdb/hdb.c b/lib/hdb/hdb.c index ca1fc0f17..3fddabb2d 100644 --- a/lib/hdb/hdb.c +++ b/lib/hdb/hdb.c @@ -85,7 +85,8 @@ hdb_next_enctype2key(krb5_context context, return 0; } } - krb5_set_error_string(context, "No next enctype %d for hdb-entry", + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "No next enctype %d for hdb-entry", (int)enctype); return KRB5_PROG_ETYPE_NOSUPP; /* XXX */ } @@ -378,7 +379,7 @@ hdb_list_builtin(krb5_context context, char **list) len += 1; buf = malloc(len); if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } buf[0] = '\0'; diff --git a/lib/hdb/keys.c b/lib/hdb/keys.c index f699c455f..0284c3bba 100644 --- a/lib/hdb/keys.c +++ b/lib/hdb/keys.c @@ -153,7 +153,7 @@ parse_key_set(krb5_context context, const char *key, v4 compat, and a cell name for afs compat */ salt->saltvalue.data = strdup(buf[i]); if (salt->saltvalue.data == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } salt->saltvalue.length = strlen(buf[i]); @@ -161,7 +161,7 @@ parse_key_set(krb5_context context, const char *key, } if(enctypes == NULL || salt->salttype == 0) { - krb5_set_error_string(context, "bad value for default_keys `%s'", key); + krb5_set_error_message(context, EINVAL, "bad value for default_keys `%s'", key); return EINVAL; } @@ -173,8 +173,9 @@ parse_key_set(krb5_context context, const char *key, krb5_realm *realm = krb5_princ_realm(context, principal); salt->saltvalue.data = strdup(*realm); if(salt->saltvalue.data == NULL) { - krb5_set_error_string(context, "out of memory while " - "parsing salt specifiers"); + krb5_set_error_message(context, ENOMEM, + "out of memory while " + "parsing salt specifiers"); return ENOMEM; } strlwr(salt->saltvalue.data); @@ -185,7 +186,7 @@ parse_key_set(krb5_context context, const char *key, *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes); if (*ret_enctypes == NULL) { krb5_free_salt(context, *salt); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes); diff --git a/lib/hdb/keytab.c b/lib/hdb/keytab.c index 44b6642fd..e70481754 100644 --- a/lib/hdb/keytab.c +++ b/lib/hdb/keytab.c @@ -55,7 +55,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) d = malloc(sizeof(*d)); if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } db = name; @@ -67,7 +67,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) d->dbname = strdup(name); if(d->dbname == NULL) { free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } @@ -79,7 +79,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) d->dbname = malloc(mkey - db + 1); if(d->dbname == NULL) { free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memmove(d->dbname, db, mkey - db); @@ -89,7 +89,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) if(d->mkey == NULL) { free(d->dbname); free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } diff --git a/lib/hdb/mkey.c b/lib/hdb/mkey.c index de848de77..7d2958b4a 100644 --- a/lib/hdb/mkey.c +++ b/lib/hdb/mkey.c @@ -67,7 +67,7 @@ hdb_process_master_key(krb5_context context, *mkey = calloc(1, sizeof(**mkey)); if(*mkey == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*mkey)->keytab.vno = kvno; @@ -159,8 +159,8 @@ read_master_mit(krb5_context context, const char *filename, fd = open(filename, O_RDONLY | O_BINARY); if(fd < 0) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", filename, - strerror(save_errno)); + krb5_set_error_message(context, save_errno, "failed to open %s: %s", + filename, strerror(save_errno)); return save_errno; } sp = krb5_storage_from_fd(fd); @@ -176,9 +176,9 @@ read_master_mit(krb5_context context, const char *filename, #else ret = krb5_ret_int16(sp, &enctype); if((htons(enctype) & 0xff00) == 0x3000) { - krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x", - filename, htons(enctype), 0x3000); ret = HEIM_ERR_BAD_MKEY; + krb5_set_error_message(context, ret, "unknown keytype in %s: %#x, expected %#x", + filename, htons(enctype), 0x3000); goto out; } key.keytype = enctype; @@ -209,7 +209,7 @@ read_master_encryptionkey(krb5_context context, const char *filename, fd = open(filename, O_RDONLY | O_BINARY); if(fd < 0) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", + krb5_set_error_message(context, save_errno, "failed to open %s: %s", filename, strerror(save_errno)); return save_errno; } @@ -218,7 +218,7 @@ read_master_encryptionkey(krb5_context context, const char *filename, close(fd); if(len < 0) { int save_errno = errno; - krb5_set_error_string(context, "error reading %s: %s", + krb5_set_error_message(context, save_errno, "error reading %s: %s", filename, strerror(save_errno)); return save_errno; } @@ -255,8 +255,8 @@ read_master_krb4(krb5_context context, const char *filename, fd = open(filename, O_RDONLY | O_BINARY); if(fd < 0) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", - filename, strerror(save_errno)); + krb5_set_error_message(context, save_errno, "failed to open %s: %s", + filename, strerror(save_errno)); return save_errno; } @@ -264,12 +264,13 @@ read_master_krb4(krb5_context context, const char *filename, close(fd); if(len < 0) { int save_errno = errno; - krb5_set_error_string(context, "error reading %s: %s", - filename, strerror(save_errno)); + krb5_set_error_message(context, save_errno, "error reading %s: %s", + filename, strerror(save_errno)); return save_errno; } if(len != 8) { - krb5_set_error_string(context, "bad contents of %s", filename); + krb5_set_error_message(context, HEIM_ERR_EOF, + "bad contents of %s", filename); return HEIM_ERR_EOF; /* XXX file might be too large */ } @@ -303,14 +304,14 @@ hdb_read_master_key(krb5_context context, const char *filename, f = fopen(filename, "r"); if(f == NULL) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", - filename, strerror(save_errno)); + krb5_set_error_message(context, save_errno, "failed to open %s: %s", + filename, strerror(save_errno)); return save_errno; } if(fread(buf, 1, 2, f) != 2) { - krb5_set_error_string(context, "end of file reading %s", filename); fclose(f); + krb5_set_error_message(context, HEIM_ERR_EOF, "end of file reading %s", filename); return HEIM_ERR_EOF; } diff --git a/lib/hdb/ndbm.c b/lib/hdb/ndbm.c index 07a1e057e..c4fc52e17 100644 --- a/lib/hdb/ndbm.c +++ b/lib/hdb/ndbm.c @@ -110,9 +110,9 @@ NDBM_seq(krb5_context context, HDB *db, if (ret == 0 && entry->entry.principal == NULL) { entry->entry.principal = malloc (sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { - ret = ENOMEM; hdb_free_entry (context, entry); - krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); } else { hdb_key2principal (context, &key_data, entry->entry.principal); } @@ -152,15 +152,15 @@ NDBM_rename(krb5_context context, HDB *db, const char *new_name) asprintf(&new_lock, "%s.lock", new_name); if(new_lock == NULL) { db->hdb_unlock(context, db); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600); if(lock_fd < 0) { ret = errno; db->hdb_unlock(context, db); - krb5_set_error_string(context, "open(%s): %s", new_lock, - strerror(ret)); + krb5_set_error_message(context, ret, "open(%s): %s", new_lock, + strerror(ret)); free(new_lock); return ret; } @@ -188,7 +188,7 @@ NDBM_rename(krb5_context context, HDB *db, const char *new_name) if(ret) { ret = errno; close(lock_fd); - krb5_set_error_string(context, "rename: %s", strerror(ret)); + krb5_set_error_message(context, ret, "rename: %s", strerror(ret)); return ret; } @@ -284,13 +284,13 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) char *lock_file; if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } asprintf(&lock_file, "%s.lock", (char*)db->hdb_name); if(lock_file == NULL) { free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } d->db = dbm_open((char*)db->hdb_name, flags, mode); @@ -298,8 +298,8 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) ret = errno; free(d); free(lock_file); - krb5_set_error_string(context, "dbm_open(%s): %s", db->hdb_name, - strerror(ret)); + krb5_set_error_message(context, ret, "dbm_open(%s): %s", db->hdb_name, + strerror(ret)); return ret; } d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600); @@ -307,8 +307,8 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) ret = errno; dbm_close(d->db); free(d); - krb5_set_error_string(context, "open(%s): %s", lock_file, - strerror(ret)); + krb5_set_error_message(context, ret, "open(%s): %s", lock_file, + strerror(ret)); free(lock_file); return ret; } @@ -322,10 +322,10 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) return 0; if (ret) { NDBM_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", - (flags & O_ACCMODE) == O_RDONLY ? - "checking format of" : "initialize", - db->hdb_name); + krb5_set_error_message(context, ret, "hdb_open: failed %s database %s", + (flags & O_ACCMODE) == O_RDONLY ? + "checking format of" : "initialize", + db->hdb_name); } return ret; } @@ -336,16 +336,16 @@ hdb_ndbm_create(krb5_context context, HDB **db, { *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_master_key_set = 0; diff --git a/lib/hdb/print.c b/lib/hdb/print.c index 69df36f28..93b307d2e 100644 --- a/lib/hdb/print.c +++ b/lib/hdb/print.c @@ -69,7 +69,7 @@ append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...) vasprintf(&s, fmt, ap); va_end(ap); if(s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_storage_write(sp, s, strlen(s)); @@ -223,7 +223,7 @@ entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) if (hex_encode(d, size, &p) < 0) { free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -248,7 +248,7 @@ hdb_entry2string (krb5_context context, hdb_entry *ent, char **str) sp = krb5_storage_emem(); if(sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -278,7 +278,7 @@ hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data) fflush(f); sp = krb5_storage_from_fd(fileno(f)); if(sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/lib/kadm5/ad.c b/lib/kadm5/ad.c index 117417534..1131ddc62 100644 --- a/lib/kadm5/ad.c +++ b/lib/kadm5/ad.c @@ -278,14 +278,14 @@ _kadm5_ad_connect(void *server_handle) asprintf(&domain, "_ldap._tcp.%s", context->realm); if (domain == NULL) { - krb5_set_error_string(context->context, "malloc"); + krb5_set_error_message(context->context, KADM5_NO_SRV, "malloc"); return KADM5_NO_SRV; } r = dns_lookup(domain, "SRV"); free(domain); if (r == NULL) { - krb5_set_error_string(context->context, "Didn't find ldap dns"); + krb5_set_error_message(context->context, KADM5_NO_SRV, "Didn't find ldap dns"); return KADM5_NO_SRV; } @@ -294,7 +294,7 @@ _kadm5_ad_connect(void *server_handle) continue; s = realloc(servers, sizeof(*servers) * (num_servers + 1)); if (s == NULL) { - krb5_set_error_string(context->context, "malloc"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "malloc"); dns_free_data(r); goto fail; } @@ -307,7 +307,7 @@ _kadm5_ad_connect(void *server_handle) } if (num_servers == 0) { - krb5_set_error_string(context->context, "No AD server found in DNS"); + krb5_set_error_message(context->context, KADM5_NO_SRV, "No AD server found in DNS"); return KADM5_NO_SRV; } @@ -338,9 +338,9 @@ _kadm5_ad_connect(void *server_handle) sasl_interact, NULL); #endif if (lret != LDAP_SUCCESS) { - krb5_set_error_string(context->context, - "Couldn't contact any AD servers: %s", - ldap_err2string(lret)); + krb5_set_error_message(context->context, 0, + "Couldn't contact any AD servers: %s", + ldap_err2string(lret)); ldap_unbind(lp); continue; } @@ -370,16 +370,16 @@ _kadm5_ad_connect(void *server_handle) if (ldap_count_entries(CTX2LP(context), m) > 0) { m0 = ldap_first_entry(CTX2LP(context), m); if (m0 == NULL) { - krb5_set_error_string(context->context, - "Error in AD ldap responce"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, + "Error in AD ldap responce"); ldap_msgfree(m); goto fail; } vals = ldap_get_values(CTX2LP(context), m0, "defaultNamingContext"); if (vals == NULL) { - krb5_set_error_string(context->context, - "No naming context found"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, + "No naming context found"); goto fail; } context->base_dn = strdup(vals[0]); @@ -788,7 +788,7 @@ kadm5_ad_create_principal(void *server_handle, return 0; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -830,7 +830,7 @@ kadm5_ad_delete_principal(void *server_handle, krb5_principal principal) return KADM5_RPC_ERROR; return 0; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -864,13 +864,8 @@ static kadm5_ret_t kadm5_ad_flush(void *server_handle) { kadm5_ad_context *context = server_handle; -#ifdef OPENLDAP - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; -#else - krb5_set_error_string(context->context, "Function not implemented"); - return KADM5_RPC_ERROR; -#endif } static kadm5_ret_t @@ -1014,7 +1009,7 @@ kadm5_ad_get_principal(void *server_handle, fail: return KADM5_RPC_ERROR; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1042,10 +1037,10 @@ kadm5_ad_get_principals(void *server_handle, if (ret) return ret; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1054,7 +1049,7 @@ static kadm5_ret_t kadm5_ad_get_privs(void *server_handle, uint32_t*privs) { kadm5_ad_context *context = server_handle; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; } @@ -1224,7 +1219,7 @@ kadm5_ad_modify_principal(void *server_handle, free(tv[0]); return ret; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1308,7 +1303,7 @@ kadm5_ad_randkey_principal(void *server_handle, *keys = NULL; *n_keys = 0; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1319,7 +1314,7 @@ kadm5_ad_rename_principal(void *server_handle, krb5_principal to) { kadm5_ad_context *context = server_handle; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; } @@ -1330,7 +1325,7 @@ kadm5_ad_chpass_principal_with_key(void *server_handle, krb5_key_data *key_data) { kadm5_ad_context *context = server_handle; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; } diff --git a/lib/kadm5/chpass_s.c b/lib/kadm5/chpass_s.c index 860f563a5..59bfeec10 100644 --- a/lib/kadm5/chpass_s.c +++ b/lib/kadm5/chpass_s.c @@ -75,8 +75,8 @@ change(void *server_handle, _kadm5_free_keys (context->context, num_keys, keys); if (cmp == 0) { - krb5_set_error_string(context->context, "Password reuse forbidden"); ret = KADM5_PASS_REUSE; + krb5_set_error_message(context->context, ret, "Password reuse forbidden"); goto out2; } diff --git a/lib/kadm5/init_c.c b/lib/kadm5/init_c.c index 37378c433..1752adbfc 100644 --- a/lib/kadm5/init_c.c +++ b/lib/kadm5/init_c.c @@ -351,7 +351,7 @@ _kadm5_c_get_cred_cache(krb5_context context, user = get_default_username (); if(user == NULL) { - krb5_set_error_string(context, "Unable to find local user name"); + krb5_set_error_message(context, KADM5_FAILURE, "Unable to find local user name"); return KADM5_FAILURE; } ret = krb5_make_principal(context, &default_client, diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c index 1fec09f3d..1319a06da 100644 --- a/lib/kadm5/log.c +++ b/lib/kadm5/log.c @@ -99,13 +99,15 @@ kadm5_log_init (kadm5_server_context *context) return 0; fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600); if (fd < 0) { - krb5_set_error_string(context->context, "kadm5_log_init: open %s", + ret = errno; + krb5_set_error_message(context->context, ret, "kadm5_log_init: open %s", log_context->log_file); - return errno; + return ret; } if (flock (fd, LOCK_EX) < 0) { - krb5_set_error_string(context->context, "kadm5_log_init: flock %s", - log_context->log_file); + ret = errno; + krb5_set_error_message(context->context, ret, "kadm5_log_init: flock %s", + log_context->log_file); close (fd); return errno; } @@ -279,15 +281,15 @@ kadm5_log_replay_create (kadm5_server_context *context, ret = krb5_data_alloc (&data, len); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); return ret; } krb5_storage_read (sp, data.data, len); ret = hdb_value2entry (context->context, &data, &ent.entry); krb5_data_free(&data); if (ret) { - krb5_set_error_string(context->context, - "Unmarshaling hdb entry failed"); + krb5_set_error_message(context->context, ret, + "Unmarshaling hdb entry failed"); return ret; } ret = context->db->hdb_store(context->context, context->db, 0, &ent); @@ -358,8 +360,8 @@ kadm5_log_replay_delete (kadm5_server_context *context, ret = krb5_ret_principal (sp, &principal); if (ret) { - krb5_set_error_string(context->context, "Failed to read deleted " - "principal from log version: %ld", (long)ver); + krb5_set_error_message(context->context, ret, "Failed to read deleted " + "principal from log version: %ld", (long)ver); return ret; } @@ -456,8 +458,8 @@ kadm5_log_replay_rename (kadm5_server_context *context, off = krb5_storage_seek(sp, 0, SEEK_CUR); ret = krb5_ret_principal (sp, &source); if (ret) { - krb5_set_error_string(context->context, "Failed to read renamed " - "principal in log, version: %ld", (long)ver); + krb5_set_error_message(context->context, ret, "Failed to read renamed " + "principal in log, version: %ld", (long)ver); return ret; } princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off; @@ -561,7 +563,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, len -= 4; ret = krb5_data_alloc (&value, len); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); return ret; } krb5_storage_read (sp, value.data, len); @@ -583,8 +585,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.valid_end == NULL) { ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end)); if (ent.entry.valid_end == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -598,8 +600,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.pw_end == NULL) { ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end)); if (ent.entry.pw_end == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -619,8 +621,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.max_life == NULL) { ent.entry.max_life = malloc (sizeof(*ent.entry.max_life)); if (ent.entry.max_life == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -631,15 +633,15 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.modified_by == NULL) { ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by)); if (ent.entry.modified_by == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } else free_Event(ent.entry.modified_by); ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -665,8 +667,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.max_renew == NULL) { ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew)); if (ent.entry.max_renew == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -695,14 +697,14 @@ kadm5_log_replay_modify (kadm5_server_context *context, ent.entry.keys.len = num; ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val)); if (ent.entry.keys.val == NULL) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ENOMEM, "out of memory"); return ENOMEM; } for (i = 0; i < ent.entry.keys.len; ++i) { ret = copy_Key(&log_ent.entry.keys.val[i], &ent.entry.keys.val[i]); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -717,7 +719,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, ret = copy_HDB_extensions(log_ent.entry.extensions, ent.entry.extensions); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); free(ent.entry.extensions); ent.entry.extensions = es; goto out; @@ -868,8 +870,9 @@ kadm5_log_previous (krb5_context context, goto end_of_storage; if (tmp != *ver) { krb5_storage_seek(sp, oldoff, SEEK_SET); - krb5_set_error_string(context, "kadm5_log_previous: log entry " - "have consistency failure, version number wrong"); + krb5_set_error_message(context, KADM5_BAD_DB, + "kadm5_log_previous: log entry " + "have consistency failure, version number wrong"); return KADM5_BAD_DB; } ret = krb5_ret_int32 (sp, &tmp); @@ -883,16 +886,17 @@ kadm5_log_previous (krb5_context context, goto end_of_storage; if (tmp != *len) { krb5_storage_seek(sp, oldoff, SEEK_SET); - krb5_set_error_string(context, "kadm5_log_previous: log entry " - "have consistency failure, length wrong"); + krb5_set_error_message(context, KADM5_BAD_DB, + "kadm5_log_previous: log entry " + "have consistency failure, length wrong"); return KADM5_BAD_DB; } return 0; end_of_storage: krb5_storage_seek(sp, oldoff, SEEK_SET); - krb5_set_error_string(context, "kadm5_log_previous: end of storage " - "reached before end"); + krb5_set_error_message(context, ret, "kadm5_log_previous: end of storage " + "reached before end"); return ret; } @@ -919,8 +923,8 @@ kadm5_log_replay (kadm5_server_context *context, case kadm_nop : return kadm5_log_replay_nop (context, ver, len, sp); default : - krb5_set_error_string(context->context, - "Unsupported replay op %d", (int)op); + krb5_set_error_message(context->context, KADM5_FAILURE, + "Unsupported replay op %d", (int)op); return KADM5_FAILURE; } } diff --git a/lib/kadm5/password_quality.c b/lib/kadm5/password_quality.c index 2b3382673..f5e6282f2 100644 --- a/lib/kadm5/password_quality.c +++ b/lib/kadm5/password_quality.c @@ -472,7 +472,7 @@ kadm5_check_password_quality (krb5_context context, NULL); if (v == NULL) { msg = (*passwd_quality_check) (context, principal, pwd_data); - krb5_set_error_string(context, "password policy failed: %s", msg); + krb5_set_error_message(context, 0, "password policy failed: %s", msg); return msg; } @@ -483,16 +483,16 @@ kadm5_check_password_quality (krb5_context context, proc = find_func(context, *vp); if (proc == NULL) { msg = "failed to find password verifier function"; - krb5_set_error_string(context, "Failed to find password policy " - "function: %s", *vp); + krb5_set_error_message(context, 0, "Failed to find password policy " + "function: %s", *vp); break; } ret = (proc->func)(context, principal, pwd_data, NULL, error_msg, sizeof(error_msg)); if (ret) { - krb5_set_error_string(context, "Password policy " - "%s failed with %s", - proc->name, error_msg); + krb5_set_error_message(context, 0, "Password policy " + "%s failed with %s", + proc->name, error_msg); msg = error_msg; break; } @@ -504,8 +504,8 @@ kadm5_check_password_quality (krb5_context context, if (msg == NULL && passwd_quality_check != min_length_passwd_quality_v0) { msg = (*passwd_quality_check) (context, principal, pwd_data); if (msg) - krb5_set_error_string(context, "(old) password policy " - "failed with %s", msg); + krb5_set_error_message(context, 0, "(old) password policy " + "failed with %s", msg); } return msg; diff --git a/lib/krb5/acache.c b/lib/krb5/acache.c index 2c1d43fa1..fb38abedf 100644 --- a/lib/krb5/acache.c +++ b/lib/krb5/acache.c @@ -258,7 +258,7 @@ make_cred_from_ccred(krb5_context context, nomem: ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc - out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); fail: krb5_free_cred_contents(context, cred); @@ -846,7 +846,7 @@ acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/lib/krb5/addr_families.c b/lib/krb5/addr_families.c index a6d8af5f5..dcb9a9715 100644 --- a/lib/krb5/addr_families.c +++ b/lib/krb5/addr_families.c @@ -1111,10 +1111,12 @@ krb5_parse_address(krb5_context context, error = getaddrinfo (string, NULL, NULL, &ai); if (error) { + krb5_error_code ret2; save_errno = errno; - krb5_set_error_message (context, save_errno, "%s: %s", + ret2 = krb5_eai_to_heim_errno(error, save_errno); + krb5_set_error_message (context, ret2, "%s: %s", string, gai_strerror(error)); - return krb5_eai_to_heim_errno(error, save_errno); + return ret2; } n = 0; diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c index 95f7a3c3f..2ebf7eb36 100644 --- a/lib/krb5/cache.c +++ b/lib/krb5/cache.c @@ -284,7 +284,7 @@ krb5_cc_get_full_name(krb5_context context, } if (asprintf(str, "%s:%s", type, name) == -1) { - krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); *str = NULL; return ENOMEM; } @@ -356,7 +356,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) if (append == NULL) { free(*res); *res = NULL; - krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -367,7 +367,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) free(*res); *res = NULL; krb5_set_error_message(context, ENOMEM, - "malloc - out of memory"); + "malloc: out of memory"); return ENOMEM; } *res = tmp; @@ -488,7 +488,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name) } if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -535,7 +535,7 @@ krb5_cc_default(krb5_context context, const char *p = krb5_cc_default_name(context); if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return krb5_cc_resolve(context, p, id); @@ -907,7 +907,7 @@ krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) p = strdup(prefix); if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return NULL; } p1 = strchr(p, ':'); @@ -967,7 +967,7 @@ krb5_cc_cache_get_first (krb5_context context, *cursor = calloc(1, sizeof(**cursor)); if (*cursor == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c index 642eb8e5b..d25196d49 100644 --- a/lib/krb5/fcache.c +++ b/lib/krb5/fcache.c @@ -785,7 +785,7 @@ fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } iter->first = 1; diff --git a/lib/krb5/get_for_creds.c b/lib/krb5/get_for_creds.c index 2d41a57fc..f005460e3 100644 --- a/lib/krb5/get_for_creds.c +++ b/lib/krb5/get_for_creds.c @@ -207,7 +207,6 @@ krb5_get_forwarded_creds (krb5_context context, krb5_kdc_flags kdc_flags; krb5_crypto crypto; struct addrinfo *ai; - int save_errno; krb5_creds *ticket; paddrs = NULL; @@ -238,10 +237,10 @@ krb5_get_forwarded_creds (krb5_context context, ret = getaddrinfo (hostname, NULL, NULL, &ai); if (ret) { - save_errno = errno; - krb5_set_error_string(context, "resolving %s: %s", + krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, errno); + krb5_set_error_message(context, ret2, "resolving %s: %s", hostname, gai_strerror(ret)); - return krb5_eai_to_heim_errno(ret, save_errno); + return ret2; } ret = add_addrs (context, &addrs, ai); diff --git a/lib/krb5/get_host_realm.c b/lib/krb5/get_host_realm.c index 656594172..e22659810 100644 --- a/lib/krb5/get_host_realm.c +++ b/lib/krb5/get_host_realm.c @@ -206,7 +206,8 @@ _krb5_get_host_realm_int (krb5_context context, (*realms)[1] = NULL; return 0; } - krb5_set_error_string(context, "unable to find realm of host %s", host); + krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN, + "unable to find realm of host %s", host); return KRB5_ERR_HOST_REALM_UNKNOWN; } @@ -248,8 +249,9 @@ krb5_get_host_realm(krb5_context context, */ ret = krb5_get_default_realms(context, realms); if (ret) { - krb5_set_error_string(context, "Unable to find realm of host %s", - host); + krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN, + "Unable to find realm of host %s", + host); return KRB5_ERR_HOST_REALM_UNKNOWN; } } diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index afe711791..2c21fdb7c 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -108,7 +108,7 @@ check_server_referral(krb5_context context, return ret; if (len != pa->padata_value.length) { free_EncryptedData(&ed); - krb5_set_error_string(context, "Referral EncryptedData wrong"); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, "Referral EncryptedData wrong"); return KRB5KRB_AP_ERR_MODIFIED; } @@ -135,7 +135,8 @@ check_server_referral(krb5_context context, if (strcmp(requested->realm, returned->realm) != 0) { free_PA_ServerReferralData(&ref); - krb5_set_error_string(context, "server ref realm mismatch"); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "server ref realm mismatch"); return KRB5KRB_AP_ERR_MODIFIED; } @@ -148,12 +149,14 @@ check_server_referral(krb5_context context, || strcmp(*ref.referred_realm, realm) != 0) { free_PA_ServerReferralData(&ref); - krb5_set_error_string(context, "tgt returned with wrong ref"); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "tgt returned with wrong ref"); return KRB5KRB_AP_ERR_MODIFIED; } } else if (krb5_principal_compare(context, returned, requested) == 0) { free_PA_ServerReferralData(&ref); - krb5_set_error_string(context, "req princ no same as returned"); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "req princ no same as returned"); return KRB5KRB_AP_ERR_MODIFIED; } @@ -163,12 +166,14 @@ check_server_referral(krb5_context context, ref.requested_principal_name); if (!cmp) { free_PA_ServerReferralData(&ref); - krb5_set_error_string(context, "compare requested failed"); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "compare requested failed"); return KRB5KRB_AP_ERR_MODIFIED; } } else if (flags & EXTRACT_TICKET_AS_REQ) { free_PA_ServerReferralData(&ref); - krb5_set_error_string(context, "Requested principal missing on AS-REQ"); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "Requested principal missing on AS-REQ"); return KRB5KRB_AP_ERR_MODIFIED; } @@ -177,7 +182,8 @@ check_server_referral(krb5_context context, return ret; noreferral: if (krb5_principal_compare(context, requested, returned) == FALSE) { - krb5_set_error_string(context, "Not same server principal returned " + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "Not same server principal returned " "as requested"); return KRB5KRB_AP_ERR_MODIFIED; } @@ -218,8 +224,8 @@ check_client_referral(krb5_context context, pa->padata_value.length, &canon, &len); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "PA_ClientCanonicalized"); + krb5_set_error_message(context, ret, "Failed to decode " + "PA_ClientCanonicalized"); return ret; } @@ -245,7 +251,7 @@ check_client_referral(krb5_context context, krb5_crypto_destroy(context, crypto); free(data.data); if (ret) { - krb5_set_error_string(context, "Failed to verify " + krb5_set_error_message(context, ret, "Failed to verify " "client canonicalized data"); free_PA_ClientCanonicalized(&canon); return ret; @@ -256,7 +262,8 @@ check_client_referral(krb5_context context, &canon.names.requested_name)) { free_PA_ClientCanonicalized(&canon); - krb5_set_error_string(context, "Requested name doesn't match" + krb5_set_error_message(context, KRB5_PRINC_NOMATCH, + "Requested name doesn't match" " in client referral"); return KRB5_PRINC_NOMATCH; } @@ -265,7 +272,8 @@ check_client_referral(krb5_context context, &canon.names.mapped_name)) { free_PA_ClientCanonicalized(&canon); - krb5_set_error_string(context, "Mapped name doesn't match" + krb5_set_error_message(context, KRB5_PRINC_NOMATCH, + "Mapped name doesn't match" " in client referral"); return KRB5_PRINC_NOMATCH; } @@ -274,7 +282,8 @@ check_client_referral(krb5_context context, noreferral: if (krb5_principal_compare(context, requested, mapped) == FALSE) { - krb5_set_error_string(context, "Not same client principal returned " + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "Not same client principal returned " "as requested"); return KRB5KRB_AP_ERR_MODIFIED; } @@ -457,7 +466,7 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.starttime == 0 && abs(tmp_time - sec_now) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; - krb5_set_error_string (context, + krb5_set_error_message (context, ret, "time skew (%d) larger than max (%d)", abs(tmp_time - sec_now), (int)context->max_skew); @@ -798,9 +807,9 @@ init_as_req (krb5_context context, key_proc, keyseed, a->req_body.etype.val, a->req_body.etype.len, &salt); } else { - krb5_set_error_string (context, "pre-auth type %d not supported", - *ptypes); ret = KRB5_PREAUTH_BAD_TYPE; + krb5_set_error_message (context, ret, "pre-auth type %d not supported", + *ptypes); goto fail; } return 0; diff --git a/lib/krb5/init_creds.c b/lib/krb5/init_creds.c index d4ea46742..b2b3b6550 100644 --- a/lib/krb5/init_creds.c +++ b/lib/krb5/init_creds.c @@ -52,13 +52,13 @@ krb5_get_init_creds_opt_alloc(krb5_context context, *opt = NULL; o = calloc(1, sizeof(*o)); if (o == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_get_init_creds_opt_init(o); o->opt_private = calloc(1, sizeof(*o->opt_private)); if (o->opt_private == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); free(o); return ENOMEM; } @@ -77,7 +77,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context, *out = NULL; opt = calloc(1, sizeof(*opt)); if (opt == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } if (in) @@ -85,7 +85,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context, if(opt->opt_private == NULL) { opt->opt_private = calloc(1, sizeof(*opt->opt_private)); if (opt->opt_private == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); free(opt); return ENOMEM; } @@ -327,7 +327,7 @@ require_ext_opt(krb5_context context, const char *type) { if (opt->opt_private == NULL) { - krb5_set_error_string(context, "%s on non extendable opt", type); + krb5_set_error_message(context, EINVAL, "%s on non extendable opt", type); return EINVAL; } return 0; @@ -381,7 +381,7 @@ krb5_get_init_creds_opt_get_error(krb5_context context, *error = malloc(sizeof(**error)); if (*error == NULL) { - krb5_set_error_string(context, "malloc - out memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index b9e0b9955..f56d069b3 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -461,8 +461,8 @@ change_password (krb5_context context, strlcpy (newpw, buf1, newpw_sz); ret = 0; } else { - krb5_set_error_string (context, "failed changing password"); ret = ENOTTY; + krb5_set_error_message(context, ret, "failed changing password"); } out: @@ -1033,7 +1033,7 @@ pa_data_to_md_pkinit(krb5_context context, ctx->pk_nonce, md); #else - krb5_set_error_string(context, "no support for PKINIT compiled in"); + krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in"); return EINVAL; #endif } @@ -1188,15 +1188,15 @@ process_pa_data_to_key(krb5_context context, pa, key); #else - krb5_set_error_string(context, "no support for PKINIT compiled in"); ret = EINVAL; + krb5_set_error_message(context, ret, "no support for PKINIT compiled in"); #endif } else if (ctx->password) ret = pa_data_to_key_plain(context, creds->client, ctx, paid.salt, paid.s2kparams, etype, key); else { - krb5_set_error_string(context, "No usable pa data type"); ret = EINVAL; + krb5_set_error_message(context, ret, "No usable pa data type"); } free_paid(context, &paid); @@ -1322,8 +1322,8 @@ init_cred_loop(krb5_context context, &md, NULL); if (ret) - krb5_set_error_string(context, - "failed to decode METHOD DATA"); + krb5_set_error_message(context, ret, + "failed to decode METHOD DATA"); } else { /* XXX guess what the server want here add add md */ } diff --git a/lib/krb5/kcm.c b/lib/krb5/kcm.c index feb70bbfd..1fb9ec268 100644 --- a/lib/krb5/kcm.c +++ b/lib/krb5/kcm.c @@ -189,7 +189,7 @@ kcm_storage_request(krb5_context context, *storage_p = sp; fail: if (ret) { - krb5_set_error_string(context, "Failed to encode request"); + krb5_set_error_message(context, ret, "Failed to encode request"); krb5_storage_free(sp); } diff --git a/lib/krb5/keyblock.c b/lib/krb5/keyblock.c index 40deaf09e..38a856624 100644 --- a/lib/krb5/keyblock.c +++ b/lib/krb5/keyblock.c @@ -116,15 +116,16 @@ krb5_keyblock_init(krb5_context context, return ret; if (len != size) { - krb5_set_error_string(context, "Encryption key %d is %lu bytes " - "long, %lu was passed in", - type, (unsigned long)len, (unsigned long)size); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "Encryption key %d is %lu bytes " + "long, %lu was passed in", + type, (unsigned long)len, (unsigned long)size); return KRB5_PROG_ETYPE_NOSUPP; } ret = krb5_data_copy(&key->keyvalue, data, len); if(ret) { - krb5_set_error_string(context, "malloc failed: %lu", - (unsigned long)len); + krb5_set_error_message(context, ret, "malloc failed: %lu", + (unsigned long)len); return ret; } key->keytype = type; diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c index 8d33544a7..199eaaea4 100644 --- a/lib/krb5/keytab.c +++ b/lib/krb5/keytab.c @@ -47,7 +47,8 @@ krb5_kt_register(krb5_context context, struct krb5_keytab_data *tmp; if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) { - krb5_set_error_string(context, "krb5_kt_register; prefix too long"); + krb5_set_error_message(context, KRB5_KT_BADNAME, + "krb5_kt_register; prefix too long"); return KRB5_KT_BADNAME; } @@ -97,8 +98,9 @@ krb5_kt_resolve(krb5_context context, break; } if(i == context->num_kt_types) { - krb5_set_error_string(context, "unknown keytab type %.*s", - (int)type_len, type); + krb5_set_error_message(context, KRB5_KT_UNKNOWN_TYPE, + "unknown keytab type %.*s", + (int)type_len, type); return KRB5_KT_UNKNOWN_TYPE; } @@ -265,7 +267,7 @@ krb5_kt_get_full_name(krb5_context context, return ret; if (asprintf(str, "%s:%s", type, name) == -1) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); *str = NULL; return ENOMEM; } @@ -377,12 +379,12 @@ krb5_kt_get_entry(krb5_context context, else kvno_str[0] = '\0'; - krb5_set_error_string (context, - "Failed to find %s%s in keytab %s (%s)", - princ, - kvno_str, - kt_name ? kt_name : "unknown keytab", - enctype_str ? enctype_str : "unknown enctype"); + krb5_set_error_message (context, KRB5_KT_NOTFOUND, + "Failed to find %s%s in keytab %s (%s)", + princ, + kvno_str, + kt_name ? kt_name : "unknown keytab", + enctype_str ? enctype_str : "unknown enctype"); free(kt_name); free(enctype_str); return KRB5_KT_NOTFOUND; @@ -443,9 +445,9 @@ krb5_kt_start_seq_get(krb5_context context, krb5_kt_cursor *cursor) { if(id->start_seq_get == NULL) { - krb5_set_error_string(context, - "start_seq_get is not supported in the %s " - " keytab", id->prefix); + krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, + "start_seq_get is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->start_seq_get)(context, id, cursor); @@ -464,9 +466,9 @@ krb5_kt_next_entry(krb5_context context, krb5_kt_cursor *cursor) { if(id->next_entry == NULL) { - krb5_set_error_string(context, - "next_entry is not supported in the %s " - " keytab", id->prefix); + krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, + "next_entry is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->next_entry)(context, id, entry, cursor); @@ -482,9 +484,9 @@ krb5_kt_end_seq_get(krb5_context context, krb5_kt_cursor *cursor) { if(id->end_seq_get == NULL) { - krb5_set_error_string(context, - "end_seq_get is not supported in the %s " - " keytab", id->prefix); + krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, + "end_seq_get is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->end_seq_get)(context, id, cursor); @@ -501,8 +503,9 @@ krb5_kt_add_entry(krb5_context context, krb5_keytab_entry *entry) { if(id->add == NULL) { - krb5_set_error_string(context, "Add is not supported in the %s keytab", - id->prefix); + krb5_set_error_message(context, KRB5_KT_NOWRITE, + "Add is not supported in the %s keytab", + id->prefix); return KRB5_KT_NOWRITE; } entry->timestamp = time(NULL); @@ -520,9 +523,9 @@ krb5_kt_remove_entry(krb5_context context, krb5_keytab_entry *entry) { if(id->remove == NULL) { - krb5_set_error_string(context, - "Remove is not supported in the %s keytab", - id->prefix); + krb5_set_error_message(context, KRB5_KT_NOWRITE, + "Remove is not supported in the %s keytab", + id->prefix); return KRB5_KT_NOWRITE; } return (*id->remove)(context, id, entry); diff --git a/lib/krb5/keytab_any.c b/lib/krb5/keytab_any.c index be13e7746..a4b15394a 100644 --- a/lib/krb5/keytab_any.c +++ b/lib/krb5/keytab_any.c @@ -87,7 +87,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) prev = a; } if (a0 == NULL) { - krb5_set_error_string(context, "empty ANY: keytab"); + krb5_set_error_message(context, ENOENT, "empty ANY: keytab"); return ENOENT; } id->data = a0; @@ -206,8 +206,8 @@ any_add_entry(krb5_context context, while(a != NULL) { ret = krb5_kt_add_entry(context, a->kt, entry); if(ret != 0 && ret != KRB5_KT_NOWRITE) { - krb5_set_error_string(context, "failed to add entry to %s", - a->name); + krb5_set_error_message(context, ret, "failed to add entry to %s", + a->name); return ret; } a = a->next; @@ -229,8 +229,9 @@ any_remove_entry(krb5_context context, found++; else { if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) { - krb5_set_error_string(context, "failed to remove entry from %s", - a->name); + krb5_set_error_message(context, ret, + "Failed to remove keytab entry from %s", + a->name); return ret; } } diff --git a/lib/krb5/keytab_file.c b/lib/krb5/keytab_file.c index a0bfb411e..a5986cd61 100644 --- a/lib/krb5/keytab_file.c +++ b/lib/krb5/keytab_file.c @@ -174,16 +174,16 @@ krb5_kt_ret_principal(krb5_context context, ret = krb5_ret_int16(sp, &len); if(ret) { - krb5_set_error_string(context, - "Failed decoding length of keytab principal"); + krb5_set_error_message(context, ret, + "Failed decoding length of keytab principal"); goto out; } if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) len--; if (len < 0) { - krb5_set_error_string(context, - "Keytab principal contains invalid length"); ret = KRB5_KT_END; + krb5_set_error_message(context, ret, + "Keytab principal contains invalid length"); goto out; } ret = krb5_kt_ret_string(context, sp, &p->realm); @@ -334,8 +334,8 @@ fkt_start_seq_get_int(krb5_context context, c->fd = open (d->filename, flags); if (c->fd < 0) { ret = errno; - krb5_set_error_string(context, "keytab %s open failed: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "keytab %s open failed: %s", + d->filename, strerror(ret)); return ret; } ret = _krb5_xlock(context, c->fd, exclusive, d->filename); @@ -492,8 +492,8 @@ fkt_add_entry(krb5_context context, fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); if (fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); + krb5_set_error_message(context, ret, "open(%s): %s", d->filename, + strerror(ret)); return ret; } ret = _krb5_xlock(context, fd, 1, d->filename); @@ -523,22 +523,22 @@ fkt_add_entry(krb5_context context, properly */ ret = fkt_setup_keytab(context, id, sp); if(ret) { - krb5_set_error_string(context, "%s: keytab is corrupted: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "%s: keytab is corrupted: %s", + d->filename, strerror(ret)); goto out; } storage_set_flags(context, sp, id->version); } else { if(pvno != 5) { ret = KRB5_KEYTAB_BADVNO; - krb5_set_error_string(context, "%s: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "%s: %s", + d->filename, strerror(ret)); goto out; } ret = krb5_ret_int8 (sp, &tag); if (ret) { - krb5_set_error_string(context, "%s: reading tag: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "%s: reading tag: %s", + d->filename, strerror(ret)); goto out; } id->version = tag; diff --git a/lib/krb5/keytab_keyfile.c b/lib/krb5/keytab_keyfile.c index 87a8eceba..f8ddd2356 100644 --- a/lib/krb5/keytab_keyfile.c +++ b/lib/krb5/keytab_keyfile.c @@ -72,13 +72,13 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) f = fopen (AFS_SERVERTHISCELL, "r"); if (f == NULL) { ret = errno; - krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL, - strerror(ret)); + krb5_set_error_message (context, ret, "open %s: %s", AFS_SERVERTHISCELL, + strerror(ret)); return ret; } if (fgets (buf, sizeof(buf), f) == NULL) { fclose (f); - krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL); + krb5_set_error_message (context, EINVAL, "no cell in %s", AFS_SERVERTHISCELL); return EINVAL; } buf[strcspn(buf, "\n")] = '\0'; @@ -96,8 +96,8 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) free (d->cell); d->cell = NULL; fclose (f); - krb5_set_error_string (context, "no realm in %s", - AFS_SERVERMAGICKRBCONF); + krb5_set_error_message (context, EINVAL, "no realm in %s", + AFS_SERVERMAGICKRBCONF); return EINVAL; } buf[strcspn(buf, "\n")] = '\0'; @@ -197,8 +197,8 @@ akf_start_seq_get(krb5_context context, c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); if (c->fd < 0) { ret = errno; - krb5_set_error_string(context, "keytab afs keyfil open %s failed: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s", + d->filename, strerror(ret)); return ret; } @@ -307,8 +307,8 @@ akf_add_entry(krb5_context context, O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); if (fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); + krb5_set_error_message(context, ret, "open(%s): %s", d->filename, + strerror(ret)); return ret; } created = 1; @@ -327,7 +327,7 @@ akf_add_entry(krb5_context context, ret = errno; krb5_storage_free(sp); close(fd); - krb5_set_error_string (context, "seek: %s", strerror(ret)); + krb5_set_error_message(context, ret, "seek: %s", strerror(ret)); return ret; } @@ -350,11 +350,12 @@ akf_add_entry(krb5_context context, for (i = 0; i < len; i++) { ret = krb5_ret_int32(sp, &kvno); if (ret) { - krb5_set_error_string (context, "Failed to get kvno "); + krb5_set_error_message (context, ret, "Failed to get kvno "); goto out; } if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) { - krb5_set_error_string (context, "seek: %s", strerror(ret)); + ret = errno; + krb5_set_error_message (context, ret, "seek: %s", strerror(ret)); goto out; } if (kvno == entry->vno) { @@ -368,25 +369,26 @@ akf_add_entry(krb5_context context, if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) { ret = errno; - krb5_set_error_string (context, "seek: %s", strerror(ret)); + krb5_set_error_message (context, ret, "seek: %s", strerror(ret)); goto out; } ret = krb5_store_int32(sp, len); if(ret) { - krb5_set_error_string(context, "keytab keyfile failed new length"); + ret = errno; + krb5_set_error_message (context, ret, "keytab keyfile failed new length"); return ret; } if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { ret = errno; - krb5_set_error_string (context, "seek to end: %s", strerror(ret)); + krb5_set_error_message (context, ret, "seek to end: %s", strerror(ret)); goto out; } ret = krb5_store_int32(sp, entry->vno); if(ret) { - krb5_set_error_string(context, "keytab keyfile failed store kvno"); + krb5_set_error_message(context, ret, "keytab keyfile failed store kvno"); goto out; } ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, @@ -396,7 +398,7 @@ akf_add_entry(krb5_context context, ret = errno; else ret = ENOTTY; - krb5_set_error_string(context, "keytab keyfile failed to add key"); + krb5_set_error_message(context, ret, "keytab keyfile failed to add key"); goto out; } ret = 0; diff --git a/lib/krb5/keytab_krb4.c b/lib/krb5/keytab_krb4.c index dc4798396..37f65be88 100644 --- a/lib/krb5/keytab_krb4.c +++ b/lib/krb5/keytab_krb4.c @@ -134,8 +134,8 @@ krb4_kt_start_seq_get_int (krb5_context context, if (c->fd < 0) { ret = errno; free (ed); - krb5_set_error_string(context, "keytab krb5 open %s failed: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "keytab krb5 open %s failed: %s", + d->filename, strerror(ret)); return ret; } c->sp = krb5_storage_from_fd(c->fd); @@ -302,7 +302,7 @@ krb4_kt_add_entry (krb5_context context, O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); if (fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, + krb5_set_error_message(context, ret, "open(%s): %s", d->filename, strerror(ret)); return ret; } @@ -371,7 +371,8 @@ krb4_kt_remove_entry(krb5_context context, memset(data.data, 0, data.length); krb5_data_free(&data); if(errno == EACCES || errno == EROFS) { - krb5_set_error_string(context, "failed to open %s for writing", + krb5_set_error_message(context, KRB5_KT_NOWRITE, + "failed to open %s for writing", d->filename); return KRB5_KT_NOWRITE; } @@ -379,20 +380,24 @@ krb4_kt_remove_entry(krb5_context context, } if(write(fd, data.data, data.length) != data.length) { + int save_errno = errno; memset(data.data, 0, data.length); krb5_data_free(&data); close(fd); - krb5_set_error_string(context, "failed writing to file %s", - d->filename); - return errno; + krb5_set_error_message(context, save_errno, + "failed writing to file %s", + d->filename); + return save_errno; } memset(data.data, 0, data.length); if(fstat(fd, &st) < 0) { + int save_errno = errno; krb5_data_free(&data); close(fd); - krb5_set_error_string(context, "failed getting size of file %s", - d->filename); - return errno; + krb5_set_error_message(context, save_errno, + "failed getting size of file %s", + d->filename); + return save_errno; } st.st_size -= data.length; memset(buf, 0, sizeof(buf)); @@ -400,32 +405,39 @@ krb4_kt_remove_entry(krb5_context context, n = min(st.st_size, sizeof(buf)); n = write(fd, buf, n); if(n <= 0) { + int save_errno = errno; krb5_data_free(&data); close(fd); - krb5_set_error_string(context, "failed writing to file %s", + krb5_set_error_message(context, save_errno, + "failed writing to file %s", d->filename); - return errno; + return save_errno; } st.st_size -= n; } if(ftruncate(fd, data.length) < 0) { + int save_errno = errno; krb5_data_free(&data); close(fd); - krb5_set_error_string(context, "failed truncating file %s", + krb5_set_error_message(context, save_errno, + "failed truncating file %s", d->filename); - return errno; + return save_errno; } krb5_data_free(&data); if(close(fd) < 0) { - krb5_set_error_string(context, "error closing %s", - d->filename); - return errno; + int save_errno = errno; + krb5_set_error_message(context, save_errno, + "error closing %s", + d->filename); + return save_errno; } return 0; } else { krb5_storage_free(sp); - krb5_set_error_string(context, "Keytab entry not found"); + krb5_set_error_message(context, KRB5_KT_NOTFOUND, + "Keytab entry not found"); return KRB5_KT_NOTFOUND; } } diff --git a/lib/krb5/krbhst.c b/lib/krb5/krbhst.c index c8beeb561..2eacde0ba 100644 --- a/lib/krb5/krbhst.c +++ b/lib/krb5/krbhst.c @@ -72,7 +72,8 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, proto_num = string_to_proto(proto); if(proto_num < 0) { - krb5_set_error_string(context, "unknown protocol `%s'", proto); + krb5_set_error_message(context, EINVAL, + "unknown protocol `%s'", proto); return EINVAL; } @@ -247,7 +248,7 @@ _krb5_krbhost_info_move(krb5_context context, /* trailing NUL is included in structure */ *to = calloc(1, sizeof(**to) + hostnamelen); if(*to == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -540,7 +541,7 @@ plugin_get_hosts(krb5_context context, ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd); (*service->fini)(ctx); if (ret) { - krb5_set_error_string(context, "Plugin failed to lookup"); + krb5_set_error_message(context, ret, "Plugin failed to lookup"); break; } } @@ -832,7 +833,7 @@ krb5_krbhst_init_flags(krb5_context context, def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444)); break; default: - krb5_set_error_string(context, "unknown krbhst type (%u)", type); + krb5_set_error_message(context, ENOTTY, "unknown krbhst type (%u)", type); return ENOTTY; } if((kd = common_init(context, realm, flags)) == NULL) @@ -920,7 +921,8 @@ gethostlist(krb5_context context, const char *realm, while(krb5_krbhst_next(context, handle, &hostinfo) == 0) nhost++; if(nhost == 0) { - krb5_set_error_string(context, "No KDC found for realm %s", realm); + krb5_set_error_message(context, KRB5_KDC_UNREACH, + "No KDC found for realm %s", realm); return KRB5_KDC_UNREACH; } *hostlist = calloc(nhost + 1, sizeof(**hostlist)); diff --git a/lib/krb5/log.c b/lib/krb5/log.c index aba23cbfc..6aa68e638 100644 --- a/lib/krb5/log.c +++ b/lib/krb5/log.c @@ -277,7 +277,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) if(n){ p = strchr(p, '/'); if(p == NULL) { - krb5_set_error_string (context, "failed to parse \"%s\"", orig); + krb5_set_error_message(context, HEIM_ERR_LOG_PARSE, + "failed to parse \"%s\"", orig); return HEIM_ERR_LOG_PARSE; } p++; @@ -300,7 +301,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) O_TRUNC | O_APPEND, 0666); if(i < 0) { ret = errno; - krb5_set_error_string (context, "open(%s): %s", fn, + krb5_set_error_message(context, ret, "open(%s): %s", fn, strerror(ret)); free(fn); return ret; @@ -309,7 +310,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) if(file == NULL){ ret = errno; close(i); - krb5_set_error_string (context, "fdopen(%s): %s", fn, + krb5_set_error_message(context, ret, "fdopen(%s): %s", fn, strerror(ret)); free(fn); return ret; @@ -333,8 +334,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) strlcpy(facility, "AUTH", sizeof(facility)); ret = open_syslog(context, f, min, max, severity, facility); }else{ - krb5_set_error_string (context, "unknown log type: %s", p); ret = HEIM_ERR_LOG_PARSE; /* XXX */ + krb5_set_error_message (context, ret, "unknown log type: %s", p); } return ret; } diff --git a/lib/krb5/mcache.c b/lib/krb5/mcache.c index ba0ce61cb..3f26b27a4 100644 --- a/lib/krb5/mcache.c +++ b/lib/krb5/mcache.c @@ -439,7 +439,7 @@ mcc_default_name(krb5_context context, char **str) { *str = strdup("MEMORY:"); if (*str == NULL) { - krb5_set_error_string(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; diff --git a/lib/krb5/mk_rep.c b/lib/krb5/mk_rep.c index 9d9d3e3d5..65c97b580 100644 --- a/lib/krb5/mk_rep.c +++ b/lib/krb5/mk_rep.c @@ -61,18 +61,18 @@ krb5_mk_rep(krb5_context context, auth_context, auth_context->keyblock); if(ret) { - krb5_set_error_string (context, - "krb5_mk_rep: generating subkey"); free_EncAPRepPart(&body); + krb5_set_error_message(context, ret, + "krb5_mk_rep: generating subkey"); return ret; } } ret = krb5_copy_keyblock(context, auth_context->local_subkey, &body.subkey); if (ret) { - krb5_set_error_string (context, - "krb5_copy_keyblock: out of memory"); free_EncAPRepPart(&body); + krb5_set_error_message(context, ENOMEM, + "krb5_copy_keyblock: out of memory"); return ENOMEM; } } else diff --git a/lib/krb5/pac.c b/lib/krb5/pac.c index cb702bbf4..bd8caae5f 100644 --- a/lib/krb5/pac.c +++ b/lib/krb5/pac.c @@ -93,14 +93,14 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, p = calloc(1, sizeof(*p)); if (p == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } sp = krb5_storage_from_readonly_mem(ptr, len); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -108,21 +108,21 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, CHECK(ret, krb5_ret_uint32(sp, &tmp), out); CHECK(ret, krb5_ret_uint32(sp, &tmp2), out); if (tmp < 1) { - krb5_set_error_string(context, "PAC have too few buffer"); ret = EINVAL; /* Too few buffers */ + krb5_set_error_message(context, ret, "PAC have too few buffer"); goto out; } if (tmp2 != 0) { - krb5_set_error_string(context, "PAC have wrong version"); ret = EINVAL; /* Wrong version */ + krb5_set_error_message(context, ret, "PAC have wrong version"); goto out; } p->pac = calloc(1, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1))); if (p->pac == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -143,52 +143,52 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, /* consistency checks */ if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) { - krb5_set_error_string(context, "PAC out of allignment"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC out of allignment"); goto out; } if (p->pac->buffers[i].offset_hi) { - krb5_set_error_string(context, "PAC high offset set"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC high offset set"); goto out; } if (p->pac->buffers[i].offset_lo > len) { - krb5_set_error_string(context, "PAC offset off end"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC offset off end"); goto out; } if (p->pac->buffers[i].offset_lo < header_end) { - krb5_set_error_string(context, "PAC offset inside header: %lu %lu", + ret = EINVAL; + krb5_set_error_message(context, ret, "PAC offset inside header: %lu %lu", (unsigned long)p->pac->buffers[i].offset_lo, (unsigned long)header_end); - ret = EINVAL; goto out; } if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){ - krb5_set_error_string(context, "PAC length off end"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC length off end"); goto out; } /* let save pointer to data we need later */ if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) { if (p->server_checksum) { - krb5_set_error_string(context, "PAC have two server checksums"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC have two server checksums"); goto out; } p->server_checksum = &p->pac->buffers[i]; } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) { if (p->privsvr_checksum) { - krb5_set_error_string(context, "PAC have two KDC checksums"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC have two KDC checksums"); goto out; } p->privsvr_checksum = &p->pac->buffers[i]; } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) { if (p->logon_name) { - krb5_set_error_string(context, "PAC have two logon names"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC have two logon names"); goto out; } p->logon_name = &p->pac->buffers[i]; @@ -225,14 +225,14 @@ krb5_pac_init(krb5_context context, krb5_pac *pac) p = calloc(1, sizeof(*p)); if (p == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } p->pac = calloc(1, sizeof(*p->pac)); if (p->pac == NULL) { free(p); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -240,7 +240,7 @@ krb5_pac_init(krb5_context context, krb5_pac *pac) if (ret) { free (p->pac); free(p); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } @@ -263,7 +263,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); if (ptr == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } p->pac = ptr; @@ -281,7 +281,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, old_end = p->data.length; len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE; if (len < p->data.length) { - krb5_set_error_string(context, "integer overrun"); + krb5_set_error_message(context, EINVAL, "integer overrun"); return EINVAL; } @@ -290,7 +290,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, ret = krb5_data_realloc(&p->data, len); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } @@ -331,7 +331,7 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p, if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) { ret = krb5_data_alloc(data, 16); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } memset(data->data, 0, data->length); @@ -347,13 +347,13 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p, ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len); if (ret) { - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } return 0; } - krb5_set_error_string(context, "No PAC buffer of type %lu was found", - (unsigned long)type); + krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found", + (unsigned long)type); return ENOENT; } @@ -372,7 +372,7 @@ krb5_pac_get_types(krb5_context context, *types = calloc(p->pac->numbuffers, sizeof(*types)); if (*types == NULL) { *len = 0; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } for (i = 0; i < p->pac->numbuffers; i++) @@ -416,7 +416,7 @@ verify_checksum(krb5_context context, sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, sig->buffersize); if (sp == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -427,21 +427,21 @@ verify_checksum(krb5_context context, sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR); cksum.checksum.data = malloc(cksum.checksum.length); if (cksum.checksum.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length); if (ret != cksum.checksum.length) { - krb5_set_error_string(context, "PAC checksum missing checksum"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC checksum missing checksum"); goto out; } if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) { - krb5_set_error_string (context, "Checksum type %d not keyed", - cksum.cksumtype); ret = EINVAL; + krb5_set_error_message(context, ret, "Checksum type %d not keyed", + cksum.cksumtype); goto out; } @@ -488,7 +488,7 @@ create_checksum(krb5_context context, return ret; if (cksum.checksum.length != siglen) { - krb5_set_error_string(context, "pac checksum wrong length"); + krb5_set_error_message(context, EINVAL, "pac checksum wrong length"); free_Checksum(&cksum); return EINVAL; } @@ -531,7 +531,7 @@ verify_logonname(krb5_context context, sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo, logon_name->buffersize); if (sp == NULL) { - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -546,27 +546,27 @@ verify_logonname(krb5_context context, t2 = ((uint64_t)time2 << 32) | time1; if (t1 != t2) { krb5_storage_free(sp); - krb5_set_error_string(context, "PAC timestamp mismatch"); + krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch"); return EINVAL; } } CHECK(ret, krb5_ret_uint16(sp, &len), out); if (len == 0) { krb5_storage_free(sp); - krb5_set_error_string(context, "PAC logon name length missing"); + krb5_set_error_message(context, EINVAL, "PAC logon name length missing"); return EINVAL; } s = malloc(len); if (s == NULL) { krb5_storage_free(sp); - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_storage_read(sp, s, len); if (ret != len) { krb5_storage_free(sp); - krb5_set_error_string(context, "Failed to read PAC logon name"); + krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name"); return EINVAL; } krb5_storage_free(sp); @@ -585,13 +585,13 @@ verify_logonname(krb5_context context, free(s); if (ret) { free(ucs2); - krb5_set_error_string(context, "Failed to convert string to UCS-2"); + krb5_set_error_message(context, ret, "Failed to convert string to UCS-2"); return ret; } ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len); if (ret) { free(ucs2); - krb5_set_error_string(context, "Failed to count length of UCS-2 string"); + krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string"); return ret; } u8len += 1; /* Add space for NUL */ @@ -604,7 +604,7 @@ verify_logonname(krb5_context context, ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len); free(ucs2); if (ret) { - krb5_set_error_string(context, "Failed to convert to UTF-8"); + krb5_set_error_message(context, ret, "Failed to convert to UTF-8"); return ret; } } @@ -614,8 +614,8 @@ verify_logonname(krb5_context context, return ret; if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) { - krb5_set_error_string(context, "PAC logon name mismatch"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC logon name mismatch"); } krb5_free_principal(context, p2); return ret; @@ -645,7 +645,7 @@ build_logon_name(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -711,15 +711,15 @@ krb5_pac_verify(krb5_context context, krb5_error_code ret; if (pac->server_checksum == NULL) { - krb5_set_error_string(context, "PAC missing server checksum"); + krb5_set_error_message(context, EINVAL, "PAC missing server checksum"); return EINVAL; } if (pac->privsvr_checksum == NULL) { - krb5_set_error_string(context, "PAC missing kdc checksum"); + krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum"); return EINVAL; } if (pac->logon_name == NULL) { - krb5_set_error_string(context, "PAC missing logon name"); + krb5_set_error_message(context, EINVAL, "PAC missing logon name"); return EINVAL; } @@ -796,7 +796,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len) l = sizeof(zeros); sret = krb5_storage_write(sp, zeros, l); if (sret <= 0) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } len -= sret; @@ -824,7 +824,7 @@ pac_checksum(krb5_context context, return ret; if (krb5_checksum_is_keyed(context, cktype) == FALSE) { - krb5_set_error_string(context, "PAC checksum type is not keyed"); + krb5_set_error_message(context, EINVAL, "PAC checksum type is not keyed"); return EINVAL; } @@ -869,7 +869,7 @@ _krb5_pac_sign(krb5_context context, ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1))); if (ptr == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } p->pac = ptr; @@ -907,7 +907,7 @@ _krb5_pac_sign(krb5_context context, /* Encode PAC */ sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -915,7 +915,7 @@ _krb5_pac_sign(krb5_context context, spdata = krb5_storage_emem(); if (spdata == NULL) { krb5_storage_free(sp); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE); @@ -954,8 +954,8 @@ _krb5_pac_sign(krb5_context context, sret = krb5_storage_write(spdata, ptr, len); if (sret != len) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } /* XXX if not aligned, fill_zeros */ @@ -986,21 +986,21 @@ _krb5_pac_sign(krb5_context context, /* export PAC */ ret = krb5_storage_to_data(spdata, &d); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_storage_write(sp, d.data, d.length); if (ret != d.length) { krb5_data_free(&d); - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } krb5_data_free(&d); ret = krb5_storage_to_data(sp, &d); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 41df6abc0..be5e9a4b2 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -114,7 +114,7 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f) bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); if (bn == NULL) { - krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); + krb5_set_error_message(context, ENOMEM, "PKINIT: parsing BN failed %s", field); return NULL; } BN_set_negative(bn, f->negative); @@ -150,7 +150,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id, ret = hx509_query_match_eku(q, cf[i].oid); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Failed setting %s OID", cf[i].type); + "Failed setting %s OID", cf[i].type); return ret; } @@ -158,7 +158,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id, if (ret == 0) break; pk_copy_error(context, id->hx509ctx, ret, - "Failed cert for finding %s OID", cf[i].type); + "Failed cert for finding %s OID", cf[i].type); } return ret; } @@ -179,7 +179,7 @@ create_signature(krb5_context context, ret = hx509_query_alloc(id->hx509ctx, &q); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Allocate query to find signing certificate"); + "Allocate query to find signing certificate"); return ret; } @@ -205,7 +205,7 @@ create_signature(krb5_context context, hx509_cert_free(cert); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Create CMS signedData"); + "Create CMS signedData"); return ret; } @@ -536,8 +536,8 @@ pk_mk_padata(krb5_context context, &ap, &size, ret); free_AuthPack_Win2k(&ap); if (ret) { - krb5_set_error_string(context, "AuthPack_Win2k: %d", - (int)ret); + krb5_set_error_message(context, ret, "AuthPack_Win2k: %d", + (int)ret); goto out; } if (buf.length != size) @@ -558,7 +558,7 @@ pk_mk_padata(krb5_context context, ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret); free_AuthPack(&ap); if (ret) { - krb5_set_error_string(context, "AuthPack: %d", (int)ret); + krb5_set_error_message(context, ret, "AuthPack: %d", (int)ret); goto out; } if (buf.length != size) @@ -577,8 +577,8 @@ pk_mk_padata(krb5_context context, ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf); krb5_data_free(&sd_buf); if (ret) { - krb5_set_error_string(context, - "ContentInfo wrapping of signedData failed"); + krb5_set_error_message(context, ret, + "ContentInfo wrapping of signedData failed"); goto out; } @@ -615,7 +615,7 @@ pk_mk_padata(krb5_context context, ret = build_edi(context, ctx->id->hx509ctx, ctx->id->anchors, req.trustedCertifiers); if (ret) { - krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers"); + krb5_set_error_message(context, ret, "pk-init: failed to build trustedCertifiers"); free_PA_PK_AS_REQ(&req); goto out; } @@ -630,7 +630,7 @@ pk_mk_padata(krb5_context context, } else krb5_abortx(context, "internal pkinit error"); if (ret) { - krb5_set_error_string(context, "PA-PK-AS-REQ %d", (int)ret); + krb5_set_error_message(context, ret, "PA-PK-AS-REQ %d", (int)ret); goto out; } if (buf.length != size) @@ -643,7 +643,7 @@ pk_mk_padata(krb5_context context, if (ret == 0 && ctx->type == PKINIT_WIN2K) krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); -out: + out: free_ContentInfo(&content_info); return ret; @@ -738,7 +738,7 @@ _krb5_pk_verify_sign(krb5_context context, &signer_certs); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "CMS verify signed failed"); + "CMS verify signed failed"); return ret; } @@ -752,11 +752,11 @@ _krb5_pk_verify_sign(krb5_context context, ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Failed to get on of the signer certs"); + "Failed to get on of the signer certs"); goto out; } -out: + out: hx509_certs_free(&signer_certs); if (ret) { if (*signer) { @@ -784,20 +784,19 @@ get_reply_key_win(krb5_context context, &key_pack, &size); if (ret) { - krb5_set_error_string(context, "PKINIT decoding reply key failed"); + krb5_set_error_message(context, ret, "PKINIT decoding reply key failed"); free_ReplyKeyPack_Win2k(&key_pack); return ret; } if (key_pack.nonce != nonce) { - krb5_set_error_string(context, "PKINIT enckey nonce is wrong"); + krb5_set_error_message(context, ret, "PKINIT enckey nonce is wrong"); free_ReplyKeyPack_Win2k(&key_pack); return KRB5KRB_AP_ERR_MODIFIED; } *key = malloc (sizeof (**key)); if (*key == NULL) { - krb5_set_error_string(context, "PKINIT failed allocating reply key"); free_ReplyKeyPack_Win2k(&key_pack); krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; @@ -806,7 +805,7 @@ get_reply_key_win(krb5_context context, ret = copy_EncryptionKey(&key_pack.replyKey, *key); free_ReplyKeyPack_Win2k(&key_pack); if (ret) { - krb5_set_error_string(context, "PKINIT failed copying reply key"); + krb5_set_error_message(context, ret, "PKINIT failed copying reply key"); free(*key); *key = NULL; } @@ -829,7 +828,7 @@ get_reply_key(krb5_context context, &key_pack, &size); if (ret) { - krb5_set_error_string(context, "PKINIT decoding reply key failed"); + krb5_set_error_message(context, ret, "PKINIT decoding reply key failed"); free_ReplyKeyPack(&key_pack); return ret; } @@ -860,7 +859,6 @@ get_reply_key(krb5_context context, *key = malloc (sizeof (**key)); if (*key == NULL) { - krb5_set_error_string(context, "PKINIT failed allocating reply key"); free_ReplyKeyPack(&key_pack); krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; @@ -869,7 +867,7 @@ get_reply_key(krb5_context context, ret = copy_EncryptionKey(&key_pack.replyKey, *key); free_ReplyKeyPack(&key_pack); if (ret) { - krb5_set_error_string(context, "PKINIT failed copying reply key"); + krb5_set_error_message(context, ret, "PKINIT failed copying reply key"); free(*key); *key = NULL; } @@ -891,7 +889,7 @@ pk_verify_host(krb5_context context, ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert, oid_id_pkkdcekuoid(), 0); if (ret) { - krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate"); + krb5_set_error_message(context, ret, "No PK-INIT KDC EKU in kdc certificate"); return ret; } } @@ -904,8 +902,8 @@ pk_verify_host(krb5_context context, oid_id_pkinit_san(), &list); if (ret) { - krb5_set_error_string(context, "Failed to find the PK-INIT " - "subjectAltName in the KDC certificate"); + krb5_set_error_message(context, ret, "Failed to find the PK-INIT " + "subjectAltName in the KDC certificate"); return ret; } @@ -918,8 +916,8 @@ pk_verify_host(krb5_context context, &r, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode the PK-INIT " - "subjectAltName in the KDC certificate"); + krb5_set_error_message(context, ret, "Failed to decode the PK-INIT " + "subjectAltName in the KDC certificate"); break; } @@ -928,11 +926,11 @@ pk_verify_host(krb5_context context, strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 || strcmp(r.principalName.name_string.val[1], realm) != 0 || strcmp(r.realm, realm) != 0) - { - krb5_set_error_string(context, "KDC have wrong realm name in " - "the certificate"); - ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; - } + { + ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; + krb5_set_error_message(context, ret, "KDC have wrong realm name in " + "the certificate"); + } free_KRB5PrincipalName(&r); if (ret) @@ -951,8 +949,8 @@ pk_verify_host(krb5_context context, hi->ai->ai_addr, hi->ai->ai_addrlen); if (ret) - krb5_set_error_string(context, "Address mismatch in " - "the KDC certificate"); + krb5_set_error_message(context, ret, "Address mismatch in " + "the KDC certificate"); } return ret; } @@ -977,7 +975,7 @@ pk_rd_pa_reply_enckey(krb5_context context, heim_oid contentType = { 0, NULL }; if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) { - krb5_set_error_string(context, "PKINIT: Invalid content type"); + krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type"); return EINVAL; } @@ -992,7 +990,7 @@ pk_rd_pa_reply_enckey(krb5_context context, &content); if (ret) { pk_copy_error(context, ctx->id->hx509ctx, ret, - "Failed to unenvelope CMS data in PK-INIT reply"); + "Failed to unenvelope CMS data in PK-INIT reply"); return ret; } der_free_oid(&contentType); @@ -1023,7 +1021,7 @@ pk_rd_pa_reply_enckey(krb5_context context, ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) { ret = EINVAL; /* XXX */ - krb5_set_error_string(context, "PKINIT: Invalid content type"); + krb5_set_error_message(context, ret, "PKINIT: Invalid content type"); der_free_oid(&type); der_free_octet_string(&out); goto out; @@ -1033,7 +1031,7 @@ pk_rd_pa_reply_enckey(krb5_context context, ret = krb5_data_copy(&content, out.data, out.length); der_free_octet_string(&out); if (ret) { - krb5_set_error_string(context, "PKINIT: out of memory"); + krb5_set_error_message(context, ret, "PKINIT: out of memory"); goto out; } } @@ -1057,14 +1055,14 @@ pk_rd_pa_reply_enckey(krb5_context context, #if 0 if (type == PKINIT_WIN2K) { if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { - krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); goto out; } } else { if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) { - krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); goto out; } } @@ -1122,7 +1120,7 @@ pk_rd_pa_reply_dh(krb5_context context, memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) { - krb5_set_error_string(context, "PKINIT: Invalid content type"); + krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type"); return EINVAL; } @@ -1142,8 +1140,8 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { - krb5_set_error_string(context, "pkinit - dh reply contains wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_set_error_message(context, ret, "pkinit - dh reply contains wrong oid"); goto out; } @@ -1153,35 +1151,35 @@ pk_rd_pa_reply_dh(krb5_context context, &size); if (ret) { - krb5_set_error_string(context, "pkinit - " - "failed to decode KDC DH Key Info"); + krb5_set_error_message(context, ret, "pkinit - " + "failed to decode KDC DH Key Info"); goto out; } if (kdc_dh_info.nonce != nonce) { - krb5_set_error_string(context, "PKINIT: DH nonce is wrong"); ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_set_error_message(context, ret, "PKINIT: DH nonce is wrong"); goto out; } if (kdc_dh_info.dhKeyExpiration) { if (k_n == NULL) { - krb5_set_error_string(context, "pkinit; got key expiration " - "without server nonce"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "pkinit; got key expiration " + "without server nonce"); goto out; } if (c_n == NULL) { - krb5_set_error_string(context, "pkinit; got DH reuse but no " - "client nonce"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "pkinit; got DH reuse but no " + "client nonce"); goto out; } } else { if (k_n) { - krb5_set_error_string(context, "pkinit: got server nonce " - "without key expiration"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "pkinit: got server nonce " + "without key expiration"); goto out; } c_n = NULL; @@ -1195,15 +1193,15 @@ pk_rd_pa_reply_dh(krb5_context context, DHPublicKey k; ret = decode_DHPublicKey(p, size, &k, NULL); if (ret) { - krb5_set_error_string(context, "pkinit: can't decode " - "without key expiration"); + krb5_set_error_message(context, ret, "pkinit: can't decode " + "without key expiration"); goto out; } kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k); free_DHPublicKey(&k); if (kdc_dh_pubkey == NULL) { - ret = KRB5KRB_ERR_GENERIC; + ret = ENOMEM; goto out; } } @@ -1224,9 +1222,9 @@ pk_rd_pa_reply_dh(krb5_context context, dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), kdc_dh_pubkey, ctx->dh); if (dh_gen_keylen == -1) { - krb5_set_error_string(context, - "PKINIT: Can't compute Diffie-Hellman key"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "PKINIT: Can't compute Diffie-Hellman key"); goto out; } @@ -1243,8 +1241,8 @@ pk_rd_pa_reply_dh(krb5_context context, c_n, k_n, *key); if (ret) { - krb5_set_error_string(context, - "PKINIT: can't create key from DH key"); + krb5_set_error_message(context, ret, + "PKINIT: can't create key from DH key"); free(*key); *key = NULL; goto out; @@ -1289,7 +1287,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, heim_oid oid; if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { - krb5_set_error_string(context, "PKINIT: wrong padata recv"); + krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv"); return EINVAL; } @@ -1298,7 +1296,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, &rep, &size); if (ret) { - krb5_set_error_string(context, "Failed to decode pkinit AS rep"); + krb5_set_error_message(context, ret, "Failed to decode pkinit AS rep"); return ret; } @@ -1311,15 +1309,15 @@ _krb5_pk_rd_pa_reply(krb5_context context, break; default: free_PA_PK_AS_REP(&rep); - krb5_set_error_string(context, "PKINIT: -27 reply " - "invalid content type"); + krb5_set_error_message(context, EINVAL, "PKINIT: -27 reply " + "invalid content type"); return EINVAL; } ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL); if (ret) { free_PA_PK_AS_REP(&rep); - krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); + krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI"); return ret; } @@ -1348,7 +1346,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, #if 0 /* should this be ? */ if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { - krb5_set_error_string(context, "PKINIT: wrong padata recv"); + krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv"); return EINVAL; } #endif @@ -1360,8 +1358,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, &w2krep, &size); if (ret) { - krb5_set_error_string(context, "PKINIT: Failed decoding windows " - "pkinit reply %d", (int)ret); + krb5_set_error_message(context, ret, "PKINIT: Failed decoding windows " + "pkinit reply %d", (int)ret); return ret; } @@ -1376,7 +1374,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, &oid, &data, NULL); free_PA_PK_AS_REP_Win2k(&w2krep); if (ret) { - krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); + krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI"); return ret; } @@ -1389,15 +1387,15 @@ _krb5_pk_rd_pa_reply(krb5_context context, } default: free_PA_PK_AS_REP_Win2k(&w2krep); - krb5_set_error_string(context, "PKINIT: win2k reply invalid " - "content type"); ret = EINVAL; + krb5_set_error_message(context, ret, "PKINIT: win2k reply invalid " + "content type"); break; } } else { - krb5_set_error_string(context, "PKINIT: unknown reply type"); ret = EINVAL; + krb5_set_error_message(context, ret, "PKINIT: unknown reply type"); } return ret; @@ -1471,13 +1469,14 @@ _krb5_pk_load_id(krb5_context context, *ret_id = NULL; if (anchor_id == NULL) { - krb5_set_error_string(context, "PKINIT: No anchor given"); + krb5_set_error_message(context, HEIM_PKINIT_NO_VALID_CA, + "PKINIT: No anchor given"); return HEIM_PKINIT_NO_VALID_CA; } if (user_id == NULL) { - krb5_set_error_string(context, - "PKINIT: No user certificate given"); + krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY, + "PKINIT: No user certificate given"); return HEIM_PKINIT_NO_PRIVATE_KEY; } @@ -1510,14 +1509,14 @@ _krb5_pk_load_id(krb5_context context, ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Failed to init cert certs"); + "Failed to init cert certs"); goto out; } ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Failed to init anchors"); + "Failed to init anchors"); goto out; } @@ -1525,7 +1524,7 @@ _krb5_pk_load_id(krb5_context context, 0, NULL, &id->certpool); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Failed to init chain"); + "Failed to init chain"); goto out; } @@ -1534,8 +1533,8 @@ _krb5_pk_load_id(krb5_context context, NULL, *chain_list); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Failed to laod chain %s", - *chain_list); + "Failed to laod chain %s", + *chain_list); goto out; } chain_list++; @@ -1545,7 +1544,7 @@ _krb5_pk_load_id(krb5_context context, ret = hx509_revoke_init(id->hx509ctx, &id->revokectx); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Failed init revoke list"); + "Failed init revoke list"); goto out; } @@ -1555,7 +1554,7 @@ _krb5_pk_load_id(krb5_context context, *revoke_list); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Failed load revoke list"); + "Failed load revoke list"); goto out; } revoke_list++; @@ -1566,14 +1565,14 @@ _krb5_pk_load_id(krb5_context context, ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx); if (ret) { pk_copy_error(context, id->hx509ctx, ret, - "Failed init verify context"); + "Failed init verify context"); goto out; } hx509_verify_attach_anchors(id->verify_ctx, id->anchors); hx509_verify_attach_revoke(id->verify_ctx, id->revokectx); -out: + out: if (ret) { hx509_verify_destroy_ctx(id->verify_ctx); hx509_certs_free(&id->certs); @@ -1607,10 +1606,10 @@ select_dh_group(krb5_context context, DH *dh, unsigned long bits, break; } if (moduli[i] == NULL) { - krb5_set_error_string(context, - "Did not find a DH group parameter " - "matching requirement of %lu bits", - bits); + krb5_set_error_message(context, EINVAL, + "Did not find a DH group parameter " + "matching requirement of %lu bits", + bits); return EINVAL; } m = moduli[i]; @@ -1657,7 +1656,7 @@ pk_copy_error(krb5_context context, free(f); return; } - krb5_set_error_string(context, "%s: %s", f, s); + krb5_set_error_message(context, hxret, "%s: %s", f, s); free(s); free(f); } @@ -1672,15 +1671,15 @@ parse_integer(krb5_context context, char **p, const char *file, int lineno, char *p1; p1 = strsep(p, " \t"); if (p1 == NULL) { - krb5_set_error_string(context, "moduli file %s missing %s on line %d", - file, name, lineno); + krb5_set_error_message(context, EINVAL, "moduli file %s missing %s on line %d", + file, name, lineno); return EINVAL; } ret = der_parse_hex_heim_integer(p1, integer); if (ret) { - krb5_set_error_string(context, "moduli file %s failed parsing %s " - "on line %d", - file, name, lineno); + krb5_set_error_message(context, ret, "moduli file %s failed parsing %s " + "on line %d", + file, name, lineno); return ret; } @@ -1714,28 +1713,28 @@ _krb5_parse_moduli_line(krb5_context context, p1 = strsep(&p, " \t"); if (p1 == NULL) { - krb5_set_error_string(context, "moduli file %s missing name " - "on line %d", file, lineno); + krb5_set_error_message(context, ret, "moduli file %s missing name " + "on line %d", file, lineno); goto out; } m1->name = strdup(p1); if (p1 == NULL) { - krb5_set_error_string(context, "malloc - out of memeory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc - out of memeory"); goto out; } p1 = strsep(&p, " \t"); if (p1 == NULL) { - krb5_set_error_string(context, "moduli file %s missing bits on line %d", - file, lineno); + krb5_set_error_message(context, ret, "moduli file %s missing bits on line %d", + file, lineno); goto out; } m1->bits = atoi(p1); if (m1->bits == 0) { - krb5_set_error_string(context, "moduli file %s have un-parsable " - "bits on line %d", file, lineno); + krb5_set_error_message(context, ret, "moduli file %s have un-parsable " + "bits on line %d", file, lineno); goto out; } @@ -1752,7 +1751,7 @@ _krb5_parse_moduli_line(krb5_context context, *m = m1; return 0; -out: + out: free(m1->name); der_free_heim_integer(&m1->p); der_free_heim_integer(&m1->g); @@ -1921,19 +1920,23 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 && der_heim_integer_cmp(&moduli[i]->p, p) == 0 && (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0)) - { - if (bits && bits > moduli[i]->bits) { - krb5_set_error_string(context, "PKINIT: DH group parameter %s " - "no accepted, not enough bits generated", - moduli[i]->name); - return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; + { + if (bits && bits > moduli[i]->bits) { + krb5_set_error_message(context, + KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, + "PKINIT: DH group parameter %s " + "no accepted, not enough bits generated", + moduli[i]->name); + return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; + } + if (name) + *name = strdup(moduli[i]->name); + return 0; } - if (name) - *name = strdup(moduli[i]->name); - return 0; - } } - krb5_set_error_string(context, "PKINIT: DH group parameter no ok"); + krb5_set_error_message(context, + KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, + "PKINIT: DH group parameter no ok"); return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; } @@ -1948,7 +1951,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) ctx = opt->opt_private->pk_init_ctx; if (ctx->dh) DH_free(ctx->dh); - ctx->dh = NULL; + ctx->dh = NULL; if (ctx->id) { hx509_verify_destroy_ctx(ctx->id->verify_ctx); hx509_certs_free(&ctx->id->certs); @@ -1988,7 +1991,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, char *anchors = NULL; if (opt->opt_private == NULL) { - krb5_set_error_string(context, "PKINIT: on non extendable opt"); + krb5_set_error_message(context, EINVAL, "PKINIT: on non extendable opt"); return EINVAL; } @@ -2079,15 +2082,15 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, } if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) { - krb5_set_error_string(context, "pkinit: failed to generate DH key"); _krb5_get_init_creds_opt_free_pkinit(opt); + krb5_set_error_message(context, ENOMEM, "pkinit: failed to generate DH key"); return ENOMEM; } } return 0; #else - krb5_set_error_string(context, "no support for PKINIT compiled in"); + krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in"); return EINVAL; #endif } diff --git a/lib/krb5/plugin.c b/lib/krb5/plugin.c index 3be348c98..16994b151 100644 --- a/lib/krb5/plugin.c +++ b/lib/krb5/plugin.c @@ -87,7 +87,7 @@ loadlib(krb5_context context, { *e = calloc(1, sizeof(**e)); if (*e == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -99,8 +99,8 @@ loadlib(krb5_context context, if ((*e)->dsohandle == NULL) { free(*e); *e = NULL; - krb5_set_error_string(context, "Failed to load %s: %s", - lib, dlerror()); + krb5_set_error_message(context, ENOMEM, "Failed to load %s: %s", + lib, dlerror()); return ENOMEM; } @@ -139,14 +139,14 @@ krb5_plugin_register(krb5_context context, e = calloc(1, sizeof(*e)); if (e == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } e->type = type; e->name = strdup(name); if (e->name == NULL) { free(e); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } e->symbol = symbol; @@ -185,8 +185,8 @@ _krb5_plugin_find(krb5_context context, e = calloc(1, sizeof(*e)); if (e == NULL) { HEIMDAL_MUTEX_unlock(&plugin_mutex); - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } e->symbol = p->symbol; @@ -214,8 +214,8 @@ _krb5_plugin_find(krb5_context context, while ((entry = readdir(d)) != NULL) { asprintf(&path, "%s/%s", *di, entry->d_name); if (path == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = loadlib(context, type, name, path, &e); @@ -233,7 +233,7 @@ _krb5_plugin_find(krb5_context context, #endif /* HAVE_DLOPEN */ if (*list == NULL) { - krb5_set_error_string(context, "Did not find a plugin for %s", name); + krb5_set_error_message(context, ENOENT, "Did not find a plugin for %s", name); return ENOENT; } diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index 4dbecc809..bcc7b23b7 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -149,8 +149,9 @@ krb5_parse_name_flags(krb5_context context, #define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM) if ((flags & RFLAGS) == RFLAGS) { - krb5_set_error_string(context, "Can't require both realm and " - "no realm at the same time"); + krb5_set_error_message(context, KRB5_ERR_NO_SERVICE, + "Can't require both realm and " + "no realm at the same time"); return KRB5_ERR_NO_SERVICE; } #undef RFLAGS @@ -163,7 +164,7 @@ krb5_parse_name_flags(krb5_context context, for(p = name; *p; p++){ if(*p=='\\'){ if(!p[1]) { - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "trailing \\ in principal name"); return KRB5_PARSE_MALFORMED; } @@ -200,9 +201,9 @@ krb5_parse_name_flags(krb5_context context, else if(c == '0') c = '\0'; else if(c == '\0') { - krb5_set_error_string (context, - "trailing \\ in principal name"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + "trailing \\ in principal name"); goto exit; } }else if(enterprise && first_at) { @@ -210,9 +211,9 @@ krb5_parse_name_flags(krb5_context context, first_at = 0; }else if((c == '/' && !enterprise) || c == '@'){ if(got_realm){ - krb5_set_error_string (context, - "part after realm in principal name"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + "part after realm in principal name"); goto exit; }else{ comp[n] = malloc(q - start + 1); @@ -231,18 +232,18 @@ krb5_parse_name_flags(krb5_context context, continue; } if(got_realm && (c == ':' || c == '/' || c == '\0')) { - krb5_set_error_string (context, - "part after realm in principal name"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + "part after realm in principal name"); goto exit; } *q++ = c; } if(got_realm){ if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { - krb5_set_error_string (context, "realm found in 'short' principal " - "expected to be without one"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, "realm found in 'short' principal " + "expected to be without one"); goto exit; } realm = malloc(q - start + 1); @@ -255,9 +256,9 @@ krb5_parse_name_flags(krb5_context context, realm[q - start] = 0; }else{ if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) { - krb5_set_error_string (context, "realm NOT found in principal " - "expected to be with one"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, "realm NOT found in principal " + "expected to be with one"); goto exit; } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { realm = NULL; @@ -350,7 +351,8 @@ unparse_name_fixed(krb5_context context, int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0; if (!no_realm && princ_realm(principal) == NULL) { - krb5_set_error_string(context, "Realm missing from principal, " + krb5_set_error_message(context, ERANGE, + "Realm missing from principal, " "can't unparse"); return ERANGE; } @@ -360,7 +362,7 @@ unparse_name_fixed(krb5_context context, add_char(name, idx, len, '/'); idx = quote_string(princ_ncomp(principal, i), name, idx, len, display); if(idx == len) { - krb5_set_error_string(context, "Out of space printing principal"); + krb5_set_error_message(context, ERANGE, "Out of space printing principal"); return ERANGE; } } @@ -379,8 +381,8 @@ unparse_name_fixed(krb5_context context, add_char(name, idx, len, '@'); idx = quote_string(princ_realm(principal), name, idx, len, display); if(idx == len) { - krb5_set_error_string(context, - "Out of space printing realm of principal"); + krb5_set_error_message(context, ERANGE, + "Out of space printing realm of principal"); return ERANGE; } } @@ -521,7 +523,7 @@ krb5_principal_set_realm(krb5_context context, princ_realm(principal) = strdup(realm); if (princ_realm(principal) == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -1192,7 +1194,7 @@ krb5_524_conv_principal(krb5_context context, i = principal->name.name_string.val[1]; break; default: - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "cannot convert a %d component principal", principal->name.name_string.len); return KRB5_PARSE_MALFORMED; @@ -1218,17 +1220,17 @@ krb5_524_conv_principal(krb5_context context, } if (strlcpy (name, n, aname_sz) >= aname_sz) { - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "too long name component to convert"); return KRB5_PARSE_MALFORMED; } if (strlcpy (instance, i, aname_sz) >= aname_sz) { - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "too long instance component to convert"); return KRB5_PARSE_MALFORMED; } if (strlcpy (realm, r, aname_sz) >= aname_sz) { - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "too long realm component to convert"); return KRB5_PARSE_MALFORMED; } @@ -1251,7 +1253,8 @@ krb5_sname_to_principal (krb5_context context, char **realms, *host = NULL; if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) { - krb5_set_error_string (context, "unsupported name type %d", + krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE, + "unsupported name type %d", (int)type); return KRB5_SNAME_UNSUPP_NAMETYPE; } @@ -1312,6 +1315,7 @@ krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype) return 0; } } - krb5_set_error_string(context, "Failed to find name type %s", str); + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, + "Failed to find name type %s", str); return KRB5_PARSE_MALFORMED; } diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c index 1546fb174..e2807c20d 100644 --- a/lib/krb5/rd_cred.c +++ b/lib/krb5/rd_cred.c @@ -49,7 +49,8 @@ compare_addrs(krb5_context context, krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_print_address (b, b_str, sizeof(b_str), &len); - krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str); + krb5_set_error_message(context, KRB5KRB_AP_ERR_BADADDR, + "%s: %s != %s", message, b_str, a_str); return KRB5KRB_AP_ERR_BADADDR; } diff --git a/lib/krb5/rd_error.c b/lib/krb5/rd_error.c index da0ff1c6d..9f23d8df2 100644 --- a/lib/krb5/rd_error.c +++ b/lib/krb5/rd_error.c @@ -78,7 +78,7 @@ krb5_error_from_rd_error(krb5_context context, ret = error->error_code; if (error->e_text != NULL) { - krb5_set_error_string(context, "%s", *error->e_text); + krb5_set_error_message(context, ret, "%s", *error->e_text); } else { char clientname[256], servername[256]; @@ -91,28 +91,28 @@ krb5_error_from_rd_error(krb5_context context, switch (ret) { case KRB5KDC_ERR_NAME_EXP : - krb5_set_error_string(context, "Client %s%s%s expired", - creds ? "(" : "", - creds ? clientname : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, "Client %s%s%s expired", + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); break; case KRB5KDC_ERR_SERVICE_EXP : - krb5_set_error_string(context, "Server %s%s%s expired", - creds ? "(" : "", - creds ? servername : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, "Server %s%s%s expired", + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); break; case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN : - krb5_set_error_string(context, "Client %s%s%s unknown", - creds ? "(" : "", - creds ? clientname : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, "Client %s%s%s unknown", + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); break; case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN : - krb5_set_error_string(context, "Server %s%s%s unknown", - creds ? "(" : "", - creds ? servername : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, "Server %s%s%s unknown", + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); break; default : krb5_clear_error_string(context); diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index bd50e00f8..5a91e15d6 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -533,7 +533,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0; @@ -616,7 +616,7 @@ _krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } return 0; @@ -805,9 +805,9 @@ krb5_rd_req_ctx(krb5_context context, } if (ap_req.ap_options.use_session_key && (*auth_context)->keyblock == NULL) { - krb5_set_error_string(context, "krb5_rd_req: user to user auth " - "without session key given"); ret = KRB5KRB_AP_ERR_NOKEY; + krb5_set_error_message(context, ret, "krb5_rd_req: user to user auth " + "without session key given"); goto out; } diff --git a/lib/krb5/rd_safe.c b/lib/krb5/rd_safe.c index ecd8be696..040b74141 100644 --- a/lib/krb5/rd_safe.c +++ b/lib/krb5/rd_safe.c @@ -99,7 +99,8 @@ krb5_rd_safe(krb5_context context, if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && outdata == NULL) { - krb5_set_error_string(context, "rd_safe: need outdata to return data"); + krb5_set_error_message(context, KRB5_RC_REQUIRED, + "rd_safe: need outdata to return data"); return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ } diff --git a/lib/krb5/recvauth.c b/lib/krb5/recvauth.c index 3f9291ad7..748186b9a 100644 --- a/lib/krb5/recvauth.c +++ b/lib/krb5/recvauth.c @@ -103,11 +103,12 @@ krb5_recvauth_match_version(krb5_context context, n = krb5_net_read (context, p_fd, &len, 4); if (n < 0) { ret = errno; - krb5_set_error_string (context, "read: %s", strerror(errno)); + krb5_set_error_message(context, ret, "read: %s", strerror(ret)); return ret; } if (n == 0) { - krb5_set_error_string (context, "Failed to receive sendauth data"); + krb5_set_error_message(context, KRB5_SENDAUTH_BADAUTHVERS, + "Failed to receive sendauth data"); return KRB5_SENDAUTH_BADAUTHVERS; } len = ntohl(len); @@ -124,7 +125,7 @@ krb5_recvauth_match_version(krb5_context context, n = krb5_net_read (context, p_fd, &len, 4); if (n < 0) { ret = errno; - krb5_set_error_string (context, "read: %s", strerror(errno)); + krb5_set_error_message(context, ret, "read: %s", strerror(ret)); return ret; } if (n == 0) { @@ -143,7 +144,8 @@ krb5_recvauth_match_version(krb5_context context, || !(*match_appl_version)(match_data, her_appl_version)) { repl = 2; krb5_net_write (context, p_fd, &repl, 1); - krb5_set_error_string (context, "wrong sendauth version (%s)", + krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, + "wrong sendauth version (%s)", her_appl_version); free (her_appl_version); return KRB5_SENDAUTH_BADAPPLVERS; @@ -153,7 +155,7 @@ krb5_recvauth_match_version(krb5_context context, repl = 0; if (krb5_net_write (context, p_fd, &repl, 1) != 1) { ret = errno; - krb5_set_error_string (context, "write: %s", strerror(errno)); + krb5_set_error_message(context, ret, "write: %s", strerror(ret)); return ret; } @@ -193,7 +195,7 @@ krb5_recvauth_match_version(krb5_context context, len = 0; if (krb5_net_write (context, p_fd, &len, 4) != 4) { ret = errno; - krb5_set_error_string (context, "write: %s", strerror(errno)); + krb5_set_error_message(context, ret, "write: %s", strerror(ret)); return ret; } diff --git a/lib/krb5/replay.c b/lib/krb5/replay.c index 88ddf30b5..f6001d8cf 100644 --- a/lib/krb5/replay.c +++ b/lib/krb5/replay.c @@ -60,8 +60,9 @@ krb5_rc_resolve_type(krb5_context context, { *id = NULL; if(strcmp(type, "FILE")) { - krb5_set_error_string (context, "replay cache type %s not supported", - type); + krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND, + "replay cache type %s not supported", + type); return KRB5_RC_TYPE_NOTFOUND; } *id = calloc(1, sizeof(**id)); @@ -82,7 +83,8 @@ krb5_rc_resolve_full(krb5_context context, *id = NULL; if(strncmp(string_name, "FILE:", 5)) { - krb5_set_error_string (context, "replay cache type %s not supported", + krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND, + "replay cache type %s not supported", string_name); return KRB5_RC_TYPE_NOTFOUND; } @@ -132,7 +134,7 @@ krb5_rc_initialize(krb5_context context, if(f == NULL) { ret = errno; - krb5_set_error_string (context, "open(%s): %s", id->name, + krb5_set_error_message(context, ret, "open(%s): %s", id->name, strerror(ret)); return ret; } @@ -157,7 +159,7 @@ krb5_rc_destroy(krb5_context context, if(remove(id->name) < 0) { ret = errno; - krb5_set_error_string (context, "remove(%s): %s", id->name, + krb5_set_error_message(context, ret, "remove(%s): %s", id->name, strerror(ret)); return ret; } @@ -204,7 +206,7 @@ krb5_rc_store(krb5_context context, f = fopen(id->name, "r"); if(f == NULL) { ret = errno; - krb5_set_error_string (context, "open(%s): %s", id->name, + krb5_set_error_message(context, ret, "open(%s): %s", id->name, strerror(ret)); return ret; } @@ -222,13 +224,15 @@ krb5_rc_store(krb5_context context, if(ferror(f)){ ret = errno; fclose(f); - krb5_set_error_string (context, "%s: %s", id->name, strerror(ret)); + krb5_set_error_message(context, ret, "%s: %s", + id->name, strerror(ret)); return ret; } fclose(f); f = fopen(id->name, "a"); if(f == NULL) { - krb5_set_error_string (context, "open(%s): %s", id->name, + krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, + "open(%s): %s", id->name, strerror(errno)); return KRB5_RC_IO_UNKNOWN; } diff --git a/lib/krb5/scache.c b/lib/krb5/scache.c index 920c9a269..ca7de499b 100644 --- a/lib/krb5/scache.c +++ b/lib/krb5/scache.c @@ -188,14 +188,16 @@ trace(void* ptr, const char * str) #endif static krb5_error_code -prepare_stmt(krb5_context context, sqlite3 *db, sqlite3_stmt **stmt, const char *str) +prepare_stmt(krb5_context context, sqlite3 *db, + sqlite3_stmt **stmt, const char *str) { int ret; ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL); if (ret != SQLITE_OK) { - krb5_set_error_string(context, "Failed to prepare stmt %s: %s", - str, sqlite3_errmsg(db)); + krb5_set_error_message(context, ENOENT, + "Failed to prepare stmt %s: %s", + str, sqlite3_errmsg(db)); return ENOENT; } return 0; @@ -209,8 +211,9 @@ exec_stmt(krb5_context context, sqlite3 *db, const char *str, ret = sqlite3_exec(db, str, NULL, NULL, NULL); if (ret != SQLITE_OK && code) { - krb5_set_error_string(context, "Execute %s: %s", str, - sqlite3_errmsg(db)); + krb5_set_error_message(context, code, + "Execute %s: %s", str, + sqlite3_errmsg(db)); return code; } return 0; @@ -334,12 +337,13 @@ open_database(krb5_context context, krb5_scache *s, int flags) ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL); if (ret) { if (s->db) { - krb5_set_error_string(context, "Error opening scache file %s: %s", - s->file, sqlite3_errmsg(s->db)); + krb5_set_error_message(context, ENOENT, + "Error opening scache file %s: %s", + s->file, sqlite3_errmsg(s->db)); sqlite3_close(s->db); s->db = NULL; } else - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOENT, "out of memory"); return ENOENT; } return 0; @@ -355,7 +359,8 @@ create_cache(krb5_context context, krb5_scache *s) ret = sqlite3_step(s->icache); } while (ret == SQLITE_ROW); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, "Failed to add scache: %d", ret); + krb5_set_error_message(context, KRB5_CC_IO, + "Failed to add scache: %d", ret); return KRB5_CC_IO; } sqlite3_reset(s->icache); @@ -489,7 +494,8 @@ scc_resolve(krb5_context context, krb5_ccache *id, const char *res) ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL); if (ret != SQLITE_OK) { - krb5_set_error_string(context, "bind name: %s", sqlite3_errmsg(s->db)); + krb5_set_error_message(context, ENOMEM, + "bind name: %s", sqlite3_errmsg(s->db)); scc_free(s); return ENOMEM; } @@ -498,7 +504,8 @@ scc_resolve(krb5_context context, krb5_ccache *id, const char *res) if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) { sqlite3_reset(s->scache_name); - krb5_set_error_string(context, "Cache name of wrong type " + krb5_set_error_message(context, KRB5_CC_END, + "Cache name of wrong type " "for scache %ld", (unsigned long)s->name); return KRB5_CC_END; @@ -560,9 +567,9 @@ scc_initialize(krb5_context context, } while (ret == SQLITE_ROW); sqlite3_reset(s->dcred); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, "Failed to delete old " - "credentials: %s", sqlite3_errmsg(s->db)); ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, "Failed to delete old " + "credentials: %s", sqlite3_errmsg(s->db)); goto rollback; } } @@ -577,9 +584,10 @@ scc_initialize(krb5_context context, } while (ret == SQLITE_ROW); sqlite3_reset(s->ucachep); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, "Failed to bind principal to cache %s", - sqlite3_errmsg(s->db)); ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, + "Failed to bind principal to cache %s", + sqlite3_errmsg(s->db)); goto rollback; } @@ -619,8 +627,9 @@ scc_destroy(krb5_context context, } while (ret == SQLITE_ROW); sqlite3_reset(s->dcache); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, "Failed to destroy cache %s: %s", - s->name, sqlite3_errmsg(s->db)); + krb5_set_error_message(context, KRB5_CC_IO, + "Failed to destroy cache %s: %s", + s->name, sqlite3_errmsg(s->db)); return KRB5_CC_IO; } return 0; @@ -640,7 +649,7 @@ encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data) ret = krb5_store_creds(sp, creds); if (ret) { - krb5_set_error_string(context, "Failed to store credential"); + krb5_set_error_message(context, ret, "Failed to store credential"); krb5_storage_free(sp); return ret; } @@ -648,7 +657,7 @@ encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data) ret = krb5_storage_to_data(sp, data); krb5_storage_free(sp); if (ret) - krb5_set_error_string(context, "Failed to encode credential"); + krb5_set_error_message(context, ret, "Failed to encode credential"); return ret; } @@ -668,7 +677,7 @@ decode_creds(krb5_context context, const void *data, size_t length, ret = krb5_ret_creds(sp, creds); krb5_storage_free(sp); if (ret) { - krb5_set_error_string(context, "Failed to read credential"); + krb5_set_error_message(context, ret, "Failed to read credential"); return ret; } return 0; @@ -727,8 +736,9 @@ scc_store_cred(krb5_context context, } while (ret == SQLITE_ROW); sqlite3_reset(s->icred); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, "Failed to add credential: %s", - sqlite3_errmsg(s->db)); + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, "Failed to add credential: %s", + sqlite3_errmsg(s->db)); goto rollback; } @@ -744,8 +754,9 @@ scc_store_cred(krb5_context context, } while (ret == SQLITE_ROW); sqlite3_reset(s->iprincipal); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, "Failed to add principal: %s", - sqlite3_errmsg(s->db)); + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, "Failed to add principal: %s", + sqlite3_errmsg(s->db)); goto rollback; } } @@ -760,8 +771,9 @@ scc_store_cred(krb5_context context, } while (ret == SQLITE_ROW); sqlite3_reset(s->iprincipal); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, "Failed to add principal: %s", - sqlite3_errmsg(s->db)); + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, "Failed to add principal: %s", + sqlite3_errmsg(s->db)); goto rollback; } } @@ -772,8 +784,6 @@ scc_store_cred(krb5_context context, return 0; rollback: - krb5_set_error_string(context, "store credentials: %s", - sqlite3_errmsg(s->db)); exec_stmt(context, s->db, "ROLLBACK", 0); return ret; @@ -798,25 +808,27 @@ scc_get_principal(krb5_context context, if (sqlite3_step(s->scache) != SQLITE_ROW) { sqlite3_reset(s->scache); - krb5_set_error_string(context, "No principal for cache SCACHE:%s:%s", + krb5_set_error_message(context, KRB5_CC_END, + "No principal for cache SCACHE:%s:%s", s->name, s->file); return KRB5_CC_END; } if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) { sqlite3_reset(s->scache); - krb5_set_error_string(context, "Principal data of wrong type " - "for SCACHE:%s:%s", - s->name, s->file); + krb5_set_error_message(context, KRB5_CC_END, + "Principal data of wrong type " + "for SCACHE:%s:%s", + s->name, s->file); return KRB5_CC_END; } str = (const char *)sqlite3_column_text(s->scache, 0); if (str == NULL) { sqlite3_reset(s->scache); - krb5_set_error_string(context, "Principal not set " - "for SCACHE:%s:%s", - s->name, s->file); + krb5_set_error_message(context, KRB5_CC_END, "Principal not set " + "for SCACHE:%s:%s", + s->name, s->file); return KRB5_CC_END; } @@ -858,8 +870,9 @@ scc_get_first (krb5_context context, } if (s->cid == SCACHE_INVALID_CID) { - krb5_set_error_string(context, "Iterating a invalid cache %s", - s->name); + krb5_set_error_message(context, KRB5_CC_END, + "Iterating a invalid cache %s", + s->name); free(ctx); return KRB5_CC_END; } @@ -946,8 +959,9 @@ next: krb5_clear_error_string(context); return KRB5_CC_END; } else if (ret != SQLITE_ROW) { - krb5_set_error_string(context, "Database failed: %s", - sqlite3_errmsg(s->db)); + krb5_set_error_message(context, KRB5_CC_IO, + "Database failed: %s", + sqlite3_errmsg(s->db)); return KRB5_CC_IO; } @@ -964,9 +978,9 @@ next: } if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) { - krb5_set_error_string(context, "credential of wrong type " - "for SCACHE:%s:%s", - s->name, s->file); + krb5_set_error_message(context, KRB5_CC_END, + "credential of wrong type for SCACHE:%s:%s", + s->name, s->file); sqlite3_reset(ctx->credstmt); return KRB5_CC_END; } @@ -1035,17 +1049,17 @@ scc_remove_cred(krb5_context context, ret = 0; break; } else if (ret != SQLITE_ROW) { - krb5_set_error_string(context, "Database failed: %s", - sqlite3_errmsg(s->db)); ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, "Database failed: %s", + sqlite3_errmsg(s->db)); break; } if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) { - krb5_set_error_string(context, "credential of wrong type " - "for SCACHE:%s:%s", - s->name, s->file); ret = KRB5_CC_END; + krb5_set_error_message(context, ret, + "Credential of wrong type for SCACHE:%s:%s", + s->name, s->file); break; } @@ -1054,7 +1068,7 @@ scc_remove_cred(krb5_context context, ret = decode_creds(context, data, len, &creds); if (ret) { - krb5_set_error_string(context, "failed to decode creds"); + krb5_set_error_message(context, ret, "failed to decode creds"); break; } @@ -1081,8 +1095,8 @@ scc_remove_cred(krb5_context context, } while (ret == SQLITE_ROW); sqlite3_finalize(stmt); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, "failed to delete credentail"); ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, "failed to delete credentail"); } else ret = 0; } @@ -1205,8 +1219,8 @@ again: krb5_clear_error_string(context); return KRB5_CC_END; } else if (ret != SQLITE_ROW) { - krb5_set_error_string(context, "Database failed: %s", - sqlite3_errmsg(s->db)); + krb5_set_error_message(context, KRB5_CC_IO, "Database failed: %s", + sqlite3_errmsg(s->db)); return KRB5_CC_IO; } @@ -1245,9 +1259,10 @@ scc_move(krb5_context context, krb5_ccache from, krb5_ccache to) krb5_error_code ret; if (strcmp(sfrom->file, sto->file) != 0) { - krb5_set_error_string(context, "Can't handle cross database " - "credential move: %s -> %s", - sfrom->file, sto->file); + krb5_set_error_message(context, KRB5_CC_BADNAME, + "Can't handle cross database " + "credential move: %s -> %s", + sfrom->file, sto->file); return KRB5_CC_BADNAME; } @@ -1268,8 +1283,8 @@ scc_move(krb5_context context, krb5_ccache from, krb5_ccache to) } while (ret == SQLITE_ROW); sqlite3_reset(sfrom->dcache); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, - "Failed to delete old cache: %d", (int)ret); + krb5_set_error_message(context, KRB5_CC_IO, + "Failed to delete old cache: %d", (int)ret); goto rollback; } } @@ -1282,8 +1297,8 @@ scc_move(krb5_context context, krb5_ccache from, krb5_ccache to) } while (ret == SQLITE_ROW); sqlite3_reset(sfrom->ucachen); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, - "Failed to update new cache: %d", (int)ret); + krb5_set_error_message(context, KRB5_CC_IO, + "Failed to update new cache: %d", (int)ret); goto rollback; } @@ -1329,17 +1344,18 @@ scc_set_default(krb5_context context, krb5_ccache id) krb5_error_code ret; if (s->cid == SCACHE_INVALID_CID) { - krb5_set_error_string(context, - "Trying to set a invalid cache as default %s", - s->name); + krb5_set_error_message(context, KRB5_CC_IO, + "Trying to set a invalid cache as default %s", + s->name); return KRB5_CC_IO; } ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL); if (ret) { sqlite3_reset(s->umaster); - krb5_set_error_string(context, "Failed to set name of default cache"); - return ret; + krb5_set_error_message(context, KRB5_CC_IO, + "Failed to set name of default cache"); + return KRB5_CC_IO; } do { @@ -1347,7 +1363,8 @@ scc_set_default(krb5_context context, krb5_ccache id) } while (ret == SQLITE_ROW); sqlite3_reset(s->umaster); if (ret != SQLITE_DONE) { - krb5_set_error_string(context, "Failed to update default cache"); + krb5_set_error_message(context, KRB5_CC_IO, + "Failed to update default cache"); return KRB5_CC_IO; } diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c index 4292311c4..59df90d6a 100644 --- a/lib/krb5/send_to_kdc.c +++ b/lib/krb5/send_to_kdc.c @@ -439,7 +439,7 @@ krb5_set_send_to_kdc_func(krb5_context context, context->send_to_kdc = malloc(sizeof(*context->send_to_kdc)); if (context->send_to_kdc == NULL) { - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -460,7 +460,7 @@ krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -566,8 +566,8 @@ krb5_sendto_context(krb5_context context, if (handle) krb5_krbhst_free(context, handle); if (ret == KRB5_KDC_UNREACH) - krb5_set_error_string(context, - "unable to reach any KDC in realm %s", realm); + krb5_set_error_message(context, ret, + "unable to reach any KDC in realm %s", realm); if (ret) krb5_data_free(receive); if (freectx) diff --git a/lib/krb5/sendauth.c b/lib/krb5/sendauth.c index 35ec98aea..b03fb77b6 100644 --- a/lib/krb5/sendauth.c +++ b/lib/krb5/sendauth.c @@ -93,7 +93,7 @@ krb5_sendauth(krb5_context context, if (krb5_net_write (context, p_fd, &net_len, 4) != 4 || krb5_net_write (context, p_fd, version, len) != len) { ret = errno; - krb5_set_error_string (context, "write: %s", strerror(ret)); + krb5_set_error_message (context, ret, "write: %s", strerror(ret)); return ret; } @@ -102,14 +102,14 @@ krb5_sendauth(krb5_context context, if (krb5_net_write (context, p_fd, &net_len, 4) != 4 || krb5_net_write (context, p_fd, appl_version, len) != len) { ret = errno; - krb5_set_error_string (context, "write: %s", strerror(ret)); + krb5_set_error_message (context, ret, "write: %s", strerror(ret)); return ret; } sret = krb5_net_read (context, p_fd, &repl, sizeof(repl)); if (sret < 0) { ret = errno; - krb5_set_error_string (context, "read: %s", strerror(ret)); + krb5_set_error_message (context, ret, "read: %s", strerror(ret)); return ret; } else if (sret != sizeof(repl)) { krb5_clear_error_string (context); diff --git a/lib/krb5/sock_principal.c b/lib/krb5/sock_principal.c index 0492ed54c..21fa1a851 100644 --- a/lib/krb5/sock_principal.c +++ b/lib/krb5/sock_principal.c @@ -50,15 +50,15 @@ krb5_sock_to_principal (krb5_context context, if (getsockname (sock, sa, &salen) < 0) { ret = errno; - krb5_set_error_string (context, "getsockname: %s", strerror(ret)); + krb5_set_error_message (context, ret, "getsockname: %s", strerror(ret)); return ret; } ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0); if (ret) { int save_errno = errno; - - krb5_set_error_string (context, "getnameinfo: %s", gai_strerror(ret)); - return krb5_eai_to_heim_errno(ret, save_errno); + krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, save_errno); + krb5_set_error_message (context, ret2, "getnameinfo: %s", gai_strerror(ret)); + return ret2; } ret = krb5_sname_to_principal (context, diff --git a/lib/krb5/transited.c b/lib/krb5/transited.c index eb14acfe7..c9db83234 100644 --- a/lib/krb5/transited.c +++ b/lib/krb5/transited.c @@ -443,8 +443,9 @@ krb5_check_transited(krb5_context context, } if(p == NULL || *p == NULL) { krb5_config_free_strings(tr_realms); - krb5_set_error_string (context, "no transit through realm %s", - realms[i]); + krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT, + "no transit through realm %s", + realms[i]); if(bad_realm) *bad_realm = i; return KRB5KRB_AP_ERR_ILL_CR_TKT; @@ -473,9 +474,9 @@ krb5_check_transited_realms(krb5_context context, char **p; for(p = bad_realms; *p; p++) if(strcmp(*p, realms[i]) == 0) { - krb5_set_error_string (context, "no transit through realm %s", - *p); ret = KRB5KRB_AP_ERR_ILL_CR_TKT; + krb5_set_error_message (context, ret, + "no transit through realm %s", *p); if(bad_realm) *bad_realm = i; break;