oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use krb5_set_error_message

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-06-23 04:32:32 +00:00
parent 75ea702745
commit 7fcd266fdd
67 changed files with 967 additions and 876 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/default_config.c
View File

@@ -45,7 +45,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c = calloc(1, sizeof(*c));
if (c == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}

198
kdc/digest.c
View File

@@ -44,13 +44,13 @@ RCSID("$Id$");
#define NTLM_V1 0x01
const struct units _kdc_digestunits[] = {
{"ms-chap-v2", 1U << 5},
{"chap-md5", 1U << 4},
{"digest-md5", 1U << 3},
{"ntlm-v2", 1U << 2},
{"ntlm-v1-session", 1U << 1},
{"ntlm-v1", 1U << 0},
{NULL, 0}
{"ms-chap-v2", 1U << 5},
{"chap-md5", 1U << 4},
{"digest-md5", 1U << 3},
{"ntlm-v2", 1U << 2},
{"ntlm-v1-session", 1U << 1},
{"ntlm-v1", 1U << 0},
{NULL, 0}
};
@@ -121,10 +121,10 @@ fill_targetinfo(krb5_context context,
strcmp("imap", str) == 0 ||
strcmp("pop", str) == 0 ||
strcmp("smtp", str)))
{
str = krb5_principal_get_comp_string(context, p, 1);
ti.dnsservername = rk_UNCONST(str);
}
{
str = krb5_principal_get_comp_string(context, p, 1);
ti.dnsservername = rk_UNCONST(str);
}
ret = heim_ntlm_encode_targetinfo(&ti, 1, &d);
if (ret)
@@ -186,7 +186,7 @@ get_password_entry(krb5_context context,
if (ret || password == NULL) {
if (ret == 0) {
ret = EINVAL;
krb5_set_error_string(context, "password missing");
krb5_set_error_message(context, ret, "password missing");
}
memset(user, 0, sizeof(*user));
}
@@ -263,7 +263,7 @@ _kdc_do_digest(krb5_context context,
goto out;
ret = EINVAL;
krb5_set_error_string(context, "Wrong digest server principal used");
krb5_set_error_message(context, ret, "Wrong digest server principal used");
p = krb5_principal_get_comp_string(context, principal, 0);
if (p == NULL) {
krb5_free_principal(context, principal);
@@ -323,9 +323,9 @@ _kdc_do_digest(krb5_context context,
"Client %s tried to use digest "
"but is not allowed to",
client_name);
krb5_set_error_string(context,
"Client is not permitted to use digest");
ret = KRB5KDC_ERR_POLICY;
krb5_set_error_message(context, ret,
"Client is not permitted to use digest");
goto out;
}
}
@@ -338,8 +338,8 @@ _kdc_do_digest(krb5_context context,
if (ret)
goto out;
if (key == NULL) {
krb5_set_error_string(context, "digest: remote subkey not found");
ret = EINVAL;
krb5_set_error_message(context, ret, "digest: remote subkey not found");
goto out;
}
@@ -359,7 +359,7 @@ _kdc_do_digest(krb5_context context,
ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
krb5_data_free(&buf);
if (ret) {
krb5_set_error_string(context, "Failed to decode digest inner request");
krb5_set_error_message(context, ret, "Failed to decode digest inner request");
goto out;
}
@@ -386,15 +386,15 @@ _kdc_do_digest(krb5_context context,
hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce);
if (r.u.initReply.nonce == NULL) {
krb5_set_error_string(context, "Failed to decode server nonce");
ret = ENOMEM;
krb5_set_error_message(context, ret, "Failed to decode server nonce");
goto out;
}
sp = krb5_storage_emem();
if (sp == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = krb5_store_stringz(sp, ireq.u.init.type);
@@ -410,9 +410,9 @@ _kdc_do_digest(krb5_context context,
ireq.u.init.channel->cb_type,
ireq.u.init.channel->cb_binding);
if (s == NULL) {
krb5_set_error_string(context, "Failed to allocate "
"channel binding");
ret = ENOMEM;
krb5_set_error_message(context, ret,
"Failed to allocate channel binding");
goto out;
}
free(r.u.initReply.nonce);
@@ -429,15 +429,15 @@ _kdc_do_digest(krb5_context context,
r.u.initReply.identifier =
malloc(sizeof(*r.u.initReply.identifier));
if (r.u.initReply.identifier == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff);
if (*r.u.initReply.identifier == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
@@ -478,8 +478,8 @@ _kdc_do_digest(krb5_context context,
ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
free_Checksum(&res);
if (ret) {
krb5_set_error_string(context, "Failed to encode "
"checksum in digest request");
krb5_set_error_message(context, ret, "Failed to encode "
"checksum in digest request");
goto out;
}
if (size != buf.length)
@@ -502,7 +502,7 @@ _kdc_do_digest(krb5_context context,
sp = krb5_storage_emem();
if (sp == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = krb5_store_stringz(sp, ireq.u.digestRequest.type);
@@ -524,15 +524,15 @@ _kdc_do_digest(krb5_context context,
buf.length = strlen(ireq.u.digestRequest.opaque);
buf.data = malloc(buf.length);
if (buf.data == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length);
if (ret <= 0) {
krb5_set_error_string(context, "Failed to decode opaque");
ret = ENOMEM;
krb5_set_error_message(context, ret, "Failed to decode opaque");
goto out;
}
buf.length = ret;
@@ -540,7 +540,7 @@ _kdc_do_digest(krb5_context context,
ret = decode_Checksum(buf.data, buf.length, &res, NULL);
free(buf.data);
if (ret) {
krb5_set_error_string(context, "Failed to decode digest Checksum");
krb5_set_error_message(context, ret, "Failed to decode digest Checksum");
goto out;
}
@@ -553,8 +553,8 @@ _kdc_do_digest(krb5_context context,
serverNonce.length = strlen(ireq.u.digestRequest.serverNonce);
serverNonce.data = malloc(serverNonce.length);
if (serverNonce.data == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
@@ -568,8 +568,8 @@ _kdc_do_digest(krb5_context context,
ssize = hex_decode(ireq.u.digestRequest.serverNonce,
serverNonce.data, serverNonce.length);
if (ssize <= 0) {
krb5_set_error_string(context, "Failed to decode serverNonce");
ret = ENOMEM;
krb5_set_error_message(context, ret, "Failed to decode serverNonce");
goto out;
}
serverNonce.length = ssize;
@@ -593,15 +593,15 @@ _kdc_do_digest(krb5_context context,
uint32_t t;
if (serverNonce.length < 4) {
krb5_set_error_string(context, "server nonce too short");
ret = EINVAL;
krb5_set_error_message(context, ret, "server nonce too short");
goto out;
}
t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) {
krb5_set_error_string(context, "time screw in server nonce ");
ret = EINVAL;
krb5_set_error_message(context, ret, "time screw in server nonce ");
goto out;
}
}
@@ -618,15 +618,15 @@ _kdc_do_digest(krb5_context context,
}
if (ireq.u.digestRequest.identifier == NULL) {
krb5_set_error_string(context, "Identifier missing "
"from CHAP request");
ret = EINVAL;
krb5_set_error_message(context, ret, "Identifier missing "
"from CHAP request");
goto out;
}
if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
krb5_set_error_string(context, "failed to decode identifier");
ret = EINVAL;
krb5_set_error_message(context, ret, "failed to decode identifier");
goto out;
}
@@ -714,8 +714,8 @@ _kdc_do_digest(krb5_context context,
MD5_Final(md, &ctx);
hex_encode(md, sizeof(md), &A1);
if (A1 == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto failed;
}
@@ -733,8 +733,8 @@ _kdc_do_digest(krb5_context context,
MD5_Final(md, &ctx);
hex_encode(md, sizeof(md), &A2);
if (A2 == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
free(A1);
goto failed;
}
@@ -795,15 +795,15 @@ _kdc_do_digest(krb5_context context,
}
if (ireq.u.digestRequest.clientNonce == NULL) {
krb5_set_error_string(context,
"MS-CHAP-V2 clientNonce missing");
ret = EINVAL;
krb5_set_error_message(context, ret,
"MS-CHAP-V2 clientNonce missing");
goto failed;
}
if (serverNonce.length != 16) {
krb5_set_error_string(context,
"MS-CHAP-V2 serverNonce wrong length");
ret = EINVAL;
krb5_set_error_message(context, ret,
"MS-CHAP-V2 serverNonce wrong length");
goto failed;
}
@@ -824,16 +824,16 @@ _kdc_do_digest(krb5_context context,
clientNonce.data = malloc(clientNonce.length);
if (clientNonce.data == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ssize = hex_decode(*ireq.u.digestRequest.clientNonce,
clientNonce.data, clientNonce.length);
if (ssize != 16) {
krb5_set_error_string(context,
"Failed to decode clientNonce");
ret = ENOMEM;
krb5_set_error_message(context, ret,
"Failed to decode clientNonce");
goto out;
}
SHA1_Update(&ctx, clientNonce.data, ssize);
@@ -852,18 +852,18 @@ _kdc_do_digest(krb5_context context,
HDB_F_GET_CLIENT, NULL, &user);
krb5_free_principal(context, clientprincipal);
if (ret) {
krb5_set_error_string(context,
"MS-CHAP-V2 user %s not in database",
username);
krb5_set_error_message(context, ret,
"MS-CHAP-V2 user %s not in database",
username);
goto failed;
}
ret = hdb_enctype2key(context, &user->entry,
ETYPE_ARCFOUR_HMAC_MD5, &key);
if (ret) {
krb5_set_error_string(context,
"MS-CHAP-V2 missing arcfour key %s",
username);
krb5_set_error_message(context, ret,
"MS-CHAP-V2 missing arcfour key %s",
username);
goto failed;
}
@@ -872,7 +872,7 @@ _kdc_do_digest(krb5_context context,
key->key.keyvalue.length,
challange, &answer);
if (ret) {
krb5_set_error_string(context, "NTLM missing arcfour key");
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto failed;
}
@@ -967,8 +967,8 @@ _kdc_do_digest(krb5_context context,
asprintf(&r.u.error.reason, "Unsupported digest type %s",
ireq.u.digestRequest.type);
if (r.u.error.reason == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
r.u.error.code = EINVAL;
@@ -1021,29 +1021,29 @@ _kdc_do_digest(krb5_context context,
r.u.ntlmInitReply.targetname =
get_ntlm_targetname(context, client);
if (r.u.ntlmInitReply.targetname == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
r.u.ntlmInitReply.challange.data = malloc(8);
if (r.u.ntlmInitReply.challange.data == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
r.u.ntlmInitReply.challange.length = 8;
if (RAND_bytes(r.u.ntlmInitReply.challange.data,
r.u.ntlmInitReply.challange.length) != 1)
{
krb5_set_error_string(context, "out of random error");
ret = ENOMEM;
goto out;
}
{
ret = ENOMEM;
krb5_set_error_message(context, ret, "out of random error");
goto out;
}
/* XXX fix targetinfo */
ALLOC(r.u.ntlmInitReply.targetinfo);
if (r.u.ntlmInitReply.targetinfo == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
@@ -1052,8 +1052,8 @@ _kdc_do_digest(krb5_context context,
client,
r.u.ntlmInitReply.targetinfo);
if (ret) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
@@ -1064,14 +1064,14 @@ _kdc_do_digest(krb5_context context,
sp = krb5_storage_emem();
if (sp == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8);
if (ret != 8) {
ret = ENOMEM;
krb5_set_error_string(context, "storage write challange");
krb5_set_error_message(context, ret, "storage write challange");
goto out;
}
ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags);
@@ -1127,8 +1127,8 @@ _kdc_do_digest(krb5_context context,
HDB_F_GET_CLIENT, NULL, &user);
krb5_free_principal(context, clientprincipal);
if (ret) {
krb5_set_error_string(context, "NTLM user %s not in database",
ireq.u.ntlmRequest.username);
krb5_set_error_message(context, ret, "NTLM user %s not in database",
ireq.u.ntlmRequest.username);
goto failed;
}
@@ -1150,33 +1150,33 @@ _kdc_do_digest(krb5_context context,
sp = krb5_storage_from_data(&buf);
if (sp == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = krb5_storage_read(sp, challange, sizeof(challange));
if (ret != sizeof(challange)) {
krb5_set_error_string(context, "NTLM storage read challange");
ret = ENOMEM;
krb5_set_error_message(context, ret, "NTLM storage read challange");
goto out;
}
ret = krb5_ret_uint32(sp, &flags);
if (ret) {
krb5_set_error_string(context, "NTLM storage read flags");
krb5_set_error_message(context, ret, "NTLM storage read flags");
goto out;
}
krb5_data_free(&buf);
if ((flags & NTLM_NEG_NTLM) == 0) {
ret = EINVAL;
krb5_set_error_string(context, "NTLM not negotiated");
krb5_set_error_message(context, ret, "NTLM not negotiated");
goto out;
}
ret = hdb_enctype2key(context, &user->entry,
ETYPE_ARCFOUR_HMAC_MD5, &key);
if (ret) {
krb5_set_error_string(context, "NTLM missing arcfour key");
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto out;
}
@@ -1194,8 +1194,8 @@ _kdc_do_digest(krb5_context context,
targetname = get_ntlm_targetname(context, client);
if (targetname == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
@@ -1213,7 +1213,7 @@ _kdc_do_digest(krb5_context context,
sessionkey);
free(targetname);
if (ret) {
krb5_set_error_string(context, "NTLM v2 verify failed");
krb5_set_error_message(context, ret, "NTLM v2 verify failed");
goto failed;
}
@@ -1238,9 +1238,9 @@ _kdc_do_digest(krb5_context context,
}
if (ireq.u.ntlmRequest.lm.length != 24) {
krb5_set_error_string(context, "LM hash have wrong length "
"for NTLM session key");
ret = EINVAL;
krb5_set_error_message(context, ret, "LM hash have wrong length "
"for NTLM session key");
goto failed;
}
@@ -1260,18 +1260,18 @@ _kdc_do_digest(krb5_context context,
key->key.keyvalue.length,
challange, &answer);
if (ret) {
krb5_set_error_string(context, "NTLM missing arcfour key");
krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto failed;
}
if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
{
free(answer.data);
ret = EINVAL;
krb5_set_error_string(context, "NTLM hash mismatch");
goto failed;
}
{
free(answer.data);
ret = EINVAL;
krb5_set_error_message(context, ret, "NTLM hash mismatch");
goto failed;
}
free(answer.data);
{
@@ -1290,18 +1290,19 @@ _kdc_do_digest(krb5_context context,
size_t len;
if ((flags & NTLM_NEG_KEYEX) == 0) {
krb5_set_error_string(context,
"NTLM client failed to neg key "
"exchange but still sent key");
ret = EINVAL;
krb5_set_error_message(context, ret,
"NTLM client failed to neg key "
"exchange but still sent key");
goto failed;
}
len = ireq.u.ntlmRequest.sessionkey->length;
if (len != sizeof(masterkey)){
krb5_set_error_string(context,
"NTLM master key wrong length: %lu",
(unsigned long)len);
ret = EINVAL;
krb5_set_error_message(context, ret,
"NTLM master key wrong length: %lu",
(unsigned long)len);
goto failed;
}
@@ -1315,14 +1316,15 @@ _kdc_do_digest(krb5_context context,
r.u.ntlmResponse.sessionkey =
malloc(sizeof(*r.u.ntlmResponse.sessionkey));
if (r.u.ntlmResponse.sessionkey == NULL) {
krb5_set_error_string(context, "out of memory");
ret = EINVAL;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = krb5_data_copy(r.u.ntlmResponse.sessionkey,
masterkey, sizeof(masterkey));
if (ret) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
}
@@ -1354,11 +1356,11 @@ _kdc_do_digest(krb5_context context,
break;
default: {
char *s;
krb5_set_error_string(context, "unknown operation to digest");
const char *s;
ret = EINVAL;
krb5_set_error_message(context, ret, "unknown operation to digest");
failed:
failed:
s = krb5_get_error_message(context, ret);
if (s == NULL) {
@@ -1370,10 +1372,10 @@ _kdc_do_digest(krb5_context context,
r.element = choice_DigestRepInner_error;
r.u.error.reason = strdup("unknown error");
krb5_free_error_string(context, s);
krb5_free_error_message(context, s);
if (r.u.error.reason == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
r.u.error.code = EINVAL;
@@ -1383,7 +1385,7 @@ _kdc_do_digest(krb5_context context,
ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
if (ret) {
krb5_set_error_string(context, "Failed to encode inner digest reply");
krb5_set_error_message(context, ret, "Failed to encode inner digest reply");
goto out;
}
if (size != buf.length)
@@ -1414,14 +1416,14 @@ _kdc_do_digest(krb5_context context,
ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
if (ret) {
krb5_set_error_string(context, "Failed to encode digest reply");
krb5_set_error_message(context, ret, "Failed to encode digest reply");
goto out;
}
if (size != reply->length)
krb5_abortx(context, "ASN1 internal error");
out:
out:
if (ac)
krb5_auth_con_free(context, ac);
if (ret)

10
kdc/kerberos5.c
View File

@@ -1807,7 +1807,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
if (tkt->authorization_data == NULL) {
tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
if (tkt->authorization_data == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "out of memory");
return ENOMEM;
}
}
@@ -1822,7 +1822,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
ret = add_AuthorizationData(&ad, &ade);
if (ret) {
krb5_set_error_string(context, "add AuthorizationData failed");
krb5_set_error_message(context, ret, "add AuthorizationData failed");
return ret;
}
@@ -1833,8 +1833,8 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
&ad, &size, ret);
free_AuthorizationData(&ad);
if (ret) {
krb5_set_error_string(context, "ASN.1 encode of "
"AuthorizationData failed");
krb5_set_error_message(context, ret, "ASN.1 encode of "
"AuthorizationData failed");
return ret;
}
if (ade.ad_data.length != size)
@@ -1843,7 +1843,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
ret = add_AuthorizationData(tkt->authorization_data, &ade);
der_free_octet_string(&ade.ad_data);
if (ret) {
krb5_set_error_string(context, "add AuthorizationData failed");
krb5_set_error_message(context, ret, "add AuthorizationData failed");
return ret;
}
}

10
kdc/krb5tgs.c
View File

@@ -80,8 +80,8 @@ find_KRB5SignedPath(krb5_context context,
&child,
NULL);
if (ret) {
krb5_set_error_string(context, "Failed to decode "
"IF_RELEVANT with %d", ret);
krb5_set_error_message(context, ret, "Failed to decode "
"IF_RELEVANT with %d", ret);
return ret;
}
@@ -305,8 +305,8 @@ check_PAC(krb5_context context,
&child,
NULL);
if (ret) {
krb5_set_error_string(context, "Failed to decode "
"IF_RELEVANT with %d", ret);
krb5_set_error_message(context, ret, "Failed to decode "
"IF_RELEVANT with %d", ret);
return ret;
}
for (j = 0; j < child.len; j++) {
@@ -1338,7 +1338,7 @@ build_server_referral(krb5_context context,
return 0;
eout:
free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}

26
kdc/kx509.c
View File

@@ -67,8 +67,9 @@ verify_req_hash(krb5_context context,
HMAC_CTX ctx;
if (req->pk_hash.length != sizeof(digest)) {
krb5_set_error_string(context, "pk-hash have wrong length: %lu",
(unsigned long)req->pk_hash.length);
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
"pk-hash have wrong length: %lu",
(unsigned long)req->pk_hash.length);
return KRB5KDC_ERR_PREAUTH_FAILED;
}
@@ -84,7 +85,8 @@ verify_req_hash(krb5_context context,
HMAC_CTX_cleanup(&ctx);
if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
krb5_set_error_string(context, "pk-hash is not correct");
krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
"pk-hash is not correct");
return KRB5KDC_ERR_PREAUTH_FAILED;
}
return 0;
@@ -106,7 +108,7 @@ calculate_reply_hash(krb5_context context,
rep->hash->data = malloc(rep->hash->length);
if (rep->hash->data == NULL) {
HMAC_CTX_cleanup(&ctx);
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -276,7 +278,7 @@ out:
hx509_cert_free(signer);
if (hxctx)
hx509_context_free(&hxctx);
krb5_set_error_string(context, "cert creation failed");
krb5_set_error_message(context, ret, "cert creation failed");
return ret;
}
@@ -354,16 +356,18 @@ _kdc_do_kx509(krb5_context context,
krb5_free_principal(context, principal);
if (ret != TRUE) {
ret = KRB5KDC_ERR_SERVER_NOMATCH;
krb5_set_error_string(context,
"User %s used wrong Kx509 service principal",
cname);
krb5_set_error_message(context, ret,
"User %s used wrong Kx509 service principal",
cname);
goto out;
}
}
ret = krb5_auth_con_getkey(context, ac, &key);
if (ret || key == NULL) {
krb5_set_error_string(context, "Kx509 can't get session key");
if (ret == 0 && key == NULL)
ret = KRB5KDC_ERR_NULL_KEY;
if (ret) {
krb5_set_error_message(context, ret, "Kx509 can't get session key");
goto out;
}
@@ -414,7 +418,7 @@ _kdc_do_kx509(krb5_context context,
ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep,
&size, ret);
if (ret) {
krb5_set_error_string(context, "Failed to encode kx509 reply");
krb5_set_error_message(context, ret, "Failed to encode kx509 reply");
goto out;
}
if (size != data.length)

9
kdc/misc.c
View File

@@ -51,7 +51,7 @@ _kdc_db_fetch(krb5_context context,
ent = calloc (1, sizeof (*ent));
if (ent == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -76,8 +76,8 @@ _kdc_db_fetch(krb5_context context,
}
}
free(ent);
krb5_set_error_string(context, "no such entry found in hdb");
return HDB_ERR_NOENTRY;
krb5_set_error_message(context, HDB_ERR_NOENTRY, "no such entry found in hdb");
return HDB_ERR_NOENTRY;
}
void
@@ -116,7 +116,8 @@ _kdc_get_preferred_key(krb5_context context,
}
}
krb5_set_error_string(context, "No valid kerberos key found for %s", name);
krb5_set_error_message(context, EINVAL,
"No valid kerberos key found for %s", name);
return EINVAL;
}

111
kdc/pkinit.c
View File

@@ -187,13 +187,13 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
memset(&key, 0, sizeof(key));
if (!DH_generate_key(client_params->dh)) {
krb5_set_error_string(context, "Can't generate Diffie-Hellman keys");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "Can't generate Diffie-Hellman keys");
goto out;
}
if (client_params->dh_public_key == NULL) {
krb5_set_error_string(context, "dh_public_key");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "dh_public_key");
goto out;
}
@@ -204,8 +204,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
dh_gen_key = malloc(size);
if (dh_gen_key == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
memset(dh_gen_key, 0, size - dh_gen_keylen);
@@ -214,8 +214,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
client_params->dh_public_key,
client_params->dh);
if (dh_gen_keylen == -1) {
krb5_set_error_string(context, "Can't compute Diffie-Hellman key");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "Can't compute Diffie-Hellman key");
goto out;
}
@@ -241,7 +241,8 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f)
bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
if (bn == NULL) {
krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
krb5_set_error_message(context, KRB5_BADMSGTYPE,
"PKINIT: parsing BN failed %s", field);
return NULL;
}
BN_set_negative(bn, f->negative);
@@ -261,13 +262,14 @@ get_dh_param(krb5_context context,
memset(&dhparam, 0, sizeof(dhparam));
if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) {
krb5_set_error_string(context,
"PKINIT invalid oid in clientPublicValue");
krb5_set_error_message(context, KRB5_BADMSGTYPE,
"PKINIT invalid oid in clientPublicValue");
return KRB5_BADMSGTYPE;
}
if (dh_key_info->algorithm.parameters == NULL) {
krb5_set_error_string(context, "PKINIT missing algorithm parameter "
krb5_set_error_message(context, KRB5_BADMSGTYPE,
"PKINIT missing algorithm parameter "
"in clientPublicValue");
return KRB5_BADMSGTYPE;
}
@@ -277,15 +279,16 @@ get_dh_param(krb5_context context,
&dhparam,
NULL);
if (ret) {
krb5_set_error_string(context, "Can't decode algorithm "
"parameters in clientPublicValue");
krb5_set_error_message(context, ret, "Can't decode algorithm "
"parameters in clientPublicValue");
goto out;
}
if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
ret = KRB5_BADMSGTYPE;
krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned "
"to 8 bit boundary");
krb5_set_error_message(context, ret,
"PKINIT: subjectPublicKey not aligned "
"to 8 bit boundary");
goto out;
}
@@ -300,8 +303,8 @@ get_dh_param(krb5_context context,
dh = DH_new();
if (dh == NULL) {
krb5_set_error_string(context, "Cannot create DH structure");
ret = ENOMEM;
krb5_set_error_message(context, ret, "Cannot create DH structure");
goto out;
}
ret = KRB5_BADMSGTYPE;
@@ -332,8 +335,10 @@ get_dh_param(krb5_context context,
"subjectPublicKey",
&glue);
der_free_heim_integer(&glue);
if (client_params->dh_public_key == NULL)
if (client_params->dh_public_key == NULL) {
ret = KRB5_BADMSGTYPE;
goto out;
}
}
client_params->dh = dh;
@@ -389,8 +394,8 @@ _kdc_pk_rd_padata(krb5_context context,
&r,
NULL);
if (ret) {
krb5_set_error_string(context, "Can't decode "
"PK-AS-REQ-Win2k: %d", ret);
krb5_set_error_message(context, ret, "Can't decode "
"PK-AS-REQ-Win2k: %d", ret);
goto out;
}
@@ -400,7 +405,8 @@ _kdc_pk_rd_padata(krb5_context context,
&have_data);
free_PA_PK_AS_REQ_Win2k(&r);
if (ret) {
krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
krb5_set_error_message(context, ret,
"Can't decode PK-AS-REQ: %d", ret);
goto out;
}
@@ -414,7 +420,7 @@ _kdc_pk_rd_padata(krb5_context context,
&r,
NULL);
if (ret) {
krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
krb5_set_error_message(context, ret, "Can't decode PK-AS-REQ: %d", ret);
goto out;
}
@@ -428,7 +434,7 @@ _kdc_pk_rd_padata(krb5_context context,
0, NULL,
&client_params->client_anchors);
if (ret) {
krb5_set_error_string(context, "Can't allocate client anchors: %d", ret);
krb5_set_error_message(context, ret, "Can't allocate client anchors: %d", ret);
goto out;
}
@@ -443,7 +449,7 @@ _kdc_pk_rd_padata(krb5_context context,
ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
if (ret) {
krb5_set_error_string(context,
krb5_set_error_message(context, ret,
"Failed to allocate hx509_query");
goto out;
}
@@ -480,7 +486,8 @@ _kdc_pk_rd_padata(krb5_context context,
&have_data);
free_PA_PK_AS_REQ(&r);
if (ret) {
krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret);
krb5_set_error_message(context, ret,
"Can't unwrap ContentInfo: %d", ret);
goto out;
}
@@ -492,16 +499,16 @@ _kdc_pk_rd_padata(krb5_context context,
ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
if (ret != 0) {
krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
"type oid");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
"PK-AS-REQ-Win2k invalid content type oid");
goto out;
}
if (!have_data) {
krb5_set_error_string(context,
"PK-AS-REQ-Win2k no signed auth pack");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
"PK-AS-REQ-Win2k no signed auth pack");
goto out;
}
@@ -536,8 +543,8 @@ _kdc_pk_rd_padata(krb5_context context,
if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 &&
der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0)
{
krb5_set_error_string(context, "got wrong oid for pkauthdata");
ret = KRB5_BADMSGTYPE;
krb5_set_error_message(context, ret, "got wrong oid for pkauthdata");
goto out;
}
@@ -549,7 +556,7 @@ _kdc_pk_rd_padata(krb5_context context,
&ap,
NULL);
if (ret) {
krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret);
goto out;
}
@@ -565,8 +572,8 @@ _kdc_pk_rd_padata(krb5_context context,
client_params->nonce = ap.pkAuthenticator.nonce;
if (ap.clientPublicValue) {
krb5_set_error_string(context, "DH not supported for windows");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "DH not supported for windows");
goto out;
}
free_AuthPack_Win2k(&ap);
@@ -579,7 +586,7 @@ _kdc_pk_rd_padata(krb5_context context,
&ap,
NULL);
if (ret) {
krb5_set_error_string(context, "can't decode AuthPack: %d", ret);
krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret);
free_AuthPack(&ap);
goto out;
}
@@ -754,8 +761,8 @@ pk_mk_pa_reply_enckey(krb5_context context,
free_ReplyKeyPack(&kp);
}
if (ret) {
krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack "
"failed (%d)", ret);
krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack "
"failed (%d)", ret);
goto out;
}
if (buf.length != size)
@@ -859,9 +866,8 @@ pk_mk_pa_reply_dh(krb5_context context,
ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
if (ret) {
krb5_set_error_string(context, "ASN.1 encoding of "
"DHPublicKey failed (%d)", ret);
krb5_clear_error_string(context);
krb5_set_error_message(context, ret, "ASN.1 encoding of "
"DHPublicKey failed (%d)", ret);
return ret;
}
if (buf.length != size)
@@ -875,8 +881,8 @@ pk_mk_pa_reply_dh(krb5_context context,
ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
ret);
if (ret) {
krb5_set_error_string(context, "ASN.1 encoding of "
"KdcDHKeyInfo failed (%d)", ret);
krb5_set_error_message(context, ret, "ASN.1 encoding of "
"KdcDHKeyInfo failed (%d)", ret);
goto out;
}
if (buf.length != size)
@@ -975,8 +981,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
break;
if (req->req_body.etype.len <= i) {
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_string(context,
"No valid enctype available from client");
krb5_set_error_message(context, ret,
"No valid enctype available from client");
goto out;
}
enctype = req->req_body.etype.val[i];
@@ -1020,8 +1026,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret);
free_ContentInfo(&info);
if (ret) {
krb5_set_error_string(context, "encoding of Key ContentInfo "
"failed %d", ret);
krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
"failed %d", ret);
free_PA_PK_AS_REP(&rep);
goto out;
}
@@ -1053,8 +1059,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret);
free_ContentInfo(&info);
if (ret) {
krb5_set_error_string(context, "encoding of Key ContentInfo "
"failed %d", ret);
krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
"failed %d", ret);
free_PA_PK_AS_REP(&rep);
goto out;
}
@@ -1070,8 +1076,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
free_PA_PK_AS_REP(&rep);
if (ret) {
krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d",
ret);
krb5_set_error_message(context, ret, "encode PA-PK-AS-REP failed %d",
ret);
goto out;
}
if (len != size)
@@ -1084,8 +1090,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ContentInfo info;
if (client_params->dh) {
krb5_set_error_string(context, "Windows PK-INIT doesn't support DH");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "Windows PK-INIT doesn't support DH");
goto out;
}
@@ -1116,7 +1122,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret);
free_ContentInfo(&info);
if (ret) {
krb5_set_error_string(context, "encoding of Key ContentInfo "
krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
"failed %d", ret);
free_PA_PK_AS_REP_Win2k(&rep);
goto out;
@@ -1127,7 +1133,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
free_PA_PK_AS_REP_Win2k(&rep);
if (ret) {
krb5_set_error_string(context,
krb5_set_error_message(context, ret,
"encode PA-PK-AS-REP-Win2k failed %d", ret);
goto out;
}
@@ -1140,7 +1146,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret = krb5_padata_add(context, md, pa_type, buf, len);
if (ret) {
krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret);
krb5_set_error_message(context, ret, "failed adding PA-PK-AS-REP %d", ret);
free(buf);
goto out;
}
@@ -1214,8 +1220,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
KRB5_PADATA_PA_PK_OCSP_RESPONSE,
ocsp.data.data, ocsp.data.length);
if (ret) {
krb5_set_error_string(context,
"Failed adding OCSP response %d", ret);
krb5_set_error_message(context, ret,
"Failed adding OCSP response %d", ret);
goto out;
}
}
@@ -1438,7 +1444,8 @@ _kdc_pk_check_client(krb5_context context,
return 0;
}
krb5_set_error_string(context,
ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
krb5_set_error_message(context, ret,
"PKINIT no matching principals for %s",
*subject_name);
@@ -1449,7 +1456,7 @@ _kdc_pk_check_client(krb5_context context,
free(*subject_name);
*subject_name = NULL;
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
return ret;
}
static krb5_error_code

7
kdc/process.c
View File

@@ -177,14 +177,15 @@ krb5_kdc_save_request(krb5_context context,
fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600);
if (fd < 0) {
krb5_set_error_string(context, "Failed to open: %s", fn);
return errno;
int saved_errno = errno;
krb5_set_error_message(context, saved_errno, "Failed to open: %s", fn);
return saved_errno;
}
sp = krb5_storage_from_fd(fd);
close(fd);
if (sp == NULL) {
krb5_set_error_string(context, "Storage failed to open fd");
krb5_set_error_message(context, ENOMEM, "Storage failed to open fd");
return ENOMEM;
}

2
kdc/set_dbinfo.c
View File

@@ -55,7 +55,7 @@ krb5_kdc_set_dbinfo(krb5_context context, struct krb5_kdc_configuration *c)
ptr = realloc(c->db, (c->num_db + 1) * sizeof(*c->db));
if (ptr == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
c->db = ptr;

4
kdc/windc.c
View File

@@ -63,7 +63,7 @@ krb5_kdc_windc_init(krb5_context context)
}
if (e == NULL) {
_krb5_plugin_free(list);
krb5_set_error_string(context, "Did not find any WINDC plugin");
krb5_set_error_message(context, ENOENT, "Did not find any WINDC plugin");
windcft = NULL;
return ENOENT;
}
@@ -91,7 +91,7 @@ _kdc_pac_verify(krb5_context context,
krb5_pac *pac)
{
if (windcft == NULL) {
krb5_set_error_string(context, "Can't verify PAC, no function");
krb5_set_error_message(context, EINVAL, "Can't verify PAC, no function");
return EINVAL;
}
return (windcft->pac_verify)(windcctx, context,