oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use krb5_set_error_message

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-06-23 04:32:32 +00:00
parent 75ea702745
commit 7fcd266fdd
67 changed files with 967 additions and 876 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/krb5/acache.c
View File

@@ -258,7 +258,7 @@ make_cred_from_ccred(krb5_context context,
nomem:
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc - out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
fail:
krb5_free_cred_contents(context, cred);
@@ -846,7 +846,7 @@ acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
iter = calloc(1, sizeof(*iter));
if (iter == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}

6
lib/krb5/addr_families.c
View File

@@ -1111,10 +1111,12 @@ krb5_parse_address(krb5_context context,
error = getaddrinfo (string, NULL, NULL, &ai);
if (error) {
krb5_error_code ret2;
save_errno = errno;
krb5_set_error_message (context, save_errno, "%s: %s",
ret2 = krb5_eai_to_heim_errno(error, save_errno);
krb5_set_error_message (context, ret2, "%s: %s",
string, gai_strerror(error));
return krb5_eai_to_heim_errno(error, save_errno);
return ret2;
}
n = 0;

14
lib/krb5/cache.c
View File

@@ -284,7 +284,7 @@ krb5_cc_get_full_name(krb5_context context,
}
if (asprintf(str, "%s:%s", type, name) == -1) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
*str = NULL;
return ENOMEM;
}
@@ -356,7 +356,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
if (append == NULL) {
free(*res);
*res = NULL;
krb5_set_error_message(context, ENOMEM, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -367,7 +367,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
free(*res);
*res = NULL;
krb5_set_error_message(context, ENOMEM,
"malloc - out of memory");
"malloc: out of memory");
return ENOMEM;
}
*res = tmp;
@@ -488,7 +488,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
}
if (p == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -535,7 +535,7 @@ krb5_cc_default(krb5_context context,
const char *p = krb5_cc_default_name(context);
if (p == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
return krb5_cc_resolve(context, p, id);
@@ -907,7 +907,7 @@ krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
p = strdup(prefix);
if (p == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return NULL;
}
p1 = strchr(p, ':');
@@ -967,7 +967,7 @@ krb5_cc_cache_get_first (krb5_context context,
*cursor = calloc(1, sizeof(**cursor));
if (*cursor == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}

2
lib/krb5/fcache.c
View File

@@ -785,7 +785,7 @@ fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
iter = calloc(1, sizeof(*iter));
if (iter == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
iter->first = 1;

7
lib/krb5/get_for_creds.c
View File

@@ -207,7 +207,6 @@ krb5_get_forwarded_creds (krb5_context context,
krb5_kdc_flags kdc_flags;
krb5_crypto crypto;
struct addrinfo *ai;
int save_errno;
krb5_creds *ticket;
paddrs = NULL;
@@ -238,10 +237,10 @@ krb5_get_forwarded_creds (krb5_context context,
ret = getaddrinfo (hostname, NULL, NULL, &ai);
if (ret) {
save_errno = errno;
krb5_set_error_string(context, "resolving %s: %s",
krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, errno);
krb5_set_error_message(context, ret2, "resolving %s: %s",
hostname, gai_strerror(ret));
return krb5_eai_to_heim_errno(ret, save_errno);
return ret2;
}
ret = add_addrs (context, &addrs, ai);

8
lib/krb5/get_host_realm.c
View File

@@ -206,7 +206,8 @@ _krb5_get_host_realm_int (krb5_context context,
(*realms)[1] = NULL;
return 0;
}
krb5_set_error_string(context, "unable to find realm of host %s", host);
krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN,
"unable to find realm of host %s", host);
return KRB5_ERR_HOST_REALM_UNKNOWN;
}
@@ -248,8 +249,9 @@ krb5_get_host_realm(krb5_context context,
*/
ret = krb5_get_default_realms(context, realms);
if (ret) {
krb5_set_error_string(context, "Unable to find realm of host %s",
host);
krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN,
"Unable to find realm of host %s",
host);
return KRB5_ERR_HOST_REALM_UNKNOWN;
}
}

41
lib/krb5/get_in_tkt.c
View File

@@ -108,7 +108,7 @@ check_server_referral(krb5_context context,
return ret;
if (len != pa->padata_value.length) {
free_EncryptedData(&ed);
krb5_set_error_string(context, "Referral EncryptedData wrong");
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, "Referral EncryptedData wrong");
return KRB5KRB_AP_ERR_MODIFIED;
}
@@ -135,7 +135,8 @@ check_server_referral(krb5_context context,
if (strcmp(requested->realm, returned->realm) != 0) {
free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "server ref realm mismatch");
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"server ref realm mismatch");
return KRB5KRB_AP_ERR_MODIFIED;
}
@@ -148,12 +149,14 @@ check_server_referral(krb5_context context,
|| strcmp(*ref.referred_realm, realm) != 0)
{
free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "tgt returned with wrong ref");
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"tgt returned with wrong ref");
return KRB5KRB_AP_ERR_MODIFIED;
}
} else if (krb5_principal_compare(context, returned, requested) == 0) {
free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "req princ no same as returned");
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"req princ no same as returned");
return KRB5KRB_AP_ERR_MODIFIED;
}
@@ -163,12 +166,14 @@ check_server_referral(krb5_context context,
ref.requested_principal_name);
if (!cmp) {
free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "compare requested failed");
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"compare requested failed");
return KRB5KRB_AP_ERR_MODIFIED;
}
} else if (flags & EXTRACT_TICKET_AS_REQ) {
free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "Requested principal missing on AS-REQ");
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"Requested principal missing on AS-REQ");
return KRB5KRB_AP_ERR_MODIFIED;
}
@@ -177,7 +182,8 @@ check_server_referral(krb5_context context,
return ret;
noreferral:
if (krb5_principal_compare(context, requested, returned) == FALSE) {
krb5_set_error_string(context, "Not same server principal returned "
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"Not same server principal returned "
"as requested");
return KRB5KRB_AP_ERR_MODIFIED;
}
@@ -218,8 +224,8 @@ check_client_referral(krb5_context context,
pa->padata_value.length,
&canon, &len);
if (ret) {
krb5_set_error_string(context, "Failed to decode "
"PA_ClientCanonicalized");
krb5_set_error_message(context, ret, "Failed to decode "
"PA_ClientCanonicalized");
return ret;
}
@@ -245,7 +251,7 @@ check_client_referral(krb5_context context,
krb5_crypto_destroy(context, crypto);
free(data.data);
if (ret) {
krb5_set_error_string(context, "Failed to verify "
krb5_set_error_message(context, ret, "Failed to verify "
"client canonicalized data");
free_PA_ClientCanonicalized(&canon);
return ret;
@@ -256,7 +262,8 @@ check_client_referral(krb5_context context,
&canon.names.requested_name))
{
free_PA_ClientCanonicalized(&canon);
krb5_set_error_string(context, "Requested name doesn't match"
krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
"Requested name doesn't match"
" in client referral");
return KRB5_PRINC_NOMATCH;
}
@@ -265,7 +272,8 @@ check_client_referral(krb5_context context,
&canon.names.mapped_name))
{
free_PA_ClientCanonicalized(&canon);
krb5_set_error_string(context, "Mapped name doesn't match"
krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
"Mapped name doesn't match"
" in client referral");
return KRB5_PRINC_NOMATCH;
}
@@ -274,7 +282,8 @@ check_client_referral(krb5_context context,
noreferral:
if (krb5_principal_compare(context, requested, mapped) == FALSE) {
krb5_set_error_string(context, "Not same client principal returned "
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"Not same client principal returned "
"as requested");
return KRB5KRB_AP_ERR_MODIFIED;
}
@@ -457,7 +466,7 @@ _krb5_extract_ticket(krb5_context context,
if (creds->times.starttime == 0
&& abs(tmp_time - sec_now) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW;
krb5_set_error_string (context,
krb5_set_error_message (context, ret,
"time skew (%d) larger than max (%d)",
abs(tmp_time - sec_now),
(int)context->max_skew);
@@ -798,9 +807,9 @@ init_as_req (krb5_context context,
key_proc, keyseed, a->req_body.etype.val,
a->req_body.etype.len, &salt);
} else {
krb5_set_error_string (context, "pre-auth type %d not supported",
*ptypes);
ret = KRB5_PREAUTH_BAD_TYPE;
krb5_set_error_message (context, ret, "pre-auth type %d not supported",
*ptypes);
goto fail;
}
return 0;

12
lib/krb5/init_creds.c
View File

@@ -52,13 +52,13 @@ krb5_get_init_creds_opt_alloc(krb5_context context,
*opt = NULL;
o = calloc(1, sizeof(*o));
if (o == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
krb5_get_init_creds_opt_init(o);
o->opt_private = calloc(1, sizeof(*o->opt_private));
if (o->opt_private == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
free(o);
return ENOMEM;
}
@@ -77,7 +77,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context,
*out = NULL;
opt = calloc(1, sizeof(*opt));
if (opt == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
if (in)
@@ -85,7 +85,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context,
if(opt->opt_private == NULL) {
opt->opt_private = calloc(1, sizeof(*opt->opt_private));
if (opt->opt_private == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
free(opt);
return ENOMEM;
}
@@ -327,7 +327,7 @@ require_ext_opt(krb5_context context,
const char *type)
{
if (opt->opt_private == NULL) {
krb5_set_error_string(context, "%s on non extendable opt", type);
krb5_set_error_message(context, EINVAL, "%s on non extendable opt", type);
return EINVAL;
}
return 0;
@@ -381,7 +381,7 @@ krb5_get_init_creds_opt_get_error(krb5_context context,
*error = malloc(sizeof(**error));
if (*error == NULL) {
krb5_set_error_string(context, "malloc - out memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}

12
lib/krb5/init_creds_pw.c
View File

@@ -461,8 +461,8 @@ change_password (krb5_context context,
strlcpy (newpw, buf1, newpw_sz);
ret = 0;
} else {
krb5_set_error_string (context, "failed changing password");
ret = ENOTTY;
krb5_set_error_message(context, ret, "failed changing password");
}
out:
@@ -1033,7 +1033,7 @@ pa_data_to_md_pkinit(krb5_context context,
ctx->pk_nonce,
md);
#else
krb5_set_error_string(context, "no support for PKINIT compiled in");
krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in");
return EINVAL;
#endif
}
@@ -1188,15 +1188,15 @@ process_pa_data_to_key(krb5_context context,
pa,
key);
#else
krb5_set_error_string(context, "no support for PKINIT compiled in");
ret = EINVAL;
krb5_set_error_message(context, ret, "no support for PKINIT compiled in");
#endif
} else if (ctx->password)
ret = pa_data_to_key_plain(context, creds->client, ctx,
paid.salt, paid.s2kparams, etype, key);
else {
krb5_set_error_string(context, "No usable pa data type");
ret = EINVAL;
krb5_set_error_message(context, ret, "No usable pa data type");
}
free_paid(context, &paid);
@@ -1322,8 +1322,8 @@ init_cred_loop(krb5_context context,
&md,
NULL);
if (ret)
krb5_set_error_string(context,
"failed to decode METHOD DATA");
krb5_set_error_message(context, ret,
"failed to decode METHOD DATA");
} else {
/* XXX guess what the server want here add add md */
}

2
lib/krb5/kcm.c
View File

@@ -189,7 +189,7 @@ kcm_storage_request(krb5_context context,
*storage_p = sp;
fail:
if (ret) {
krb5_set_error_string(context, "Failed to encode request");
krb5_set_error_message(context, ret, "Failed to encode request");
krb5_storage_free(sp);
}

11
lib/krb5/keyblock.c
View File

@@ -116,15 +116,16 @@ krb5_keyblock_init(krb5_context context,
return ret;
if (len != size) {
krb5_set_error_string(context, "Encryption key %d is %lu bytes "
"long, %lu was passed in",
type, (unsigned long)len, (unsigned long)size);
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
"Encryption key %d is %lu bytes "
"long, %lu was passed in",
type, (unsigned long)len, (unsigned long)size);
return KRB5_PROG_ETYPE_NOSUPP;
}
ret = krb5_data_copy(&key->keyvalue, data, len);
if(ret) {
krb5_set_error_string(context, "malloc failed: %lu",
(unsigned long)len);
krb5_set_error_message(context, ret, "malloc failed: %lu",
(unsigned long)len);
return ret;
}
key->keytype = type;

51
lib/krb5/keytab.c
View File

@@ -47,7 +47,8 @@ krb5_kt_register(krb5_context context,
struct krb5_keytab_data *tmp;
if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) {
krb5_set_error_string(context, "krb5_kt_register; prefix too long");
krb5_set_error_message(context, KRB5_KT_BADNAME,
"krb5_kt_register; prefix too long");
return KRB5_KT_BADNAME;
}
@@ -97,8 +98,9 @@ krb5_kt_resolve(krb5_context context,
break;
}
if(i == context->num_kt_types) {
krb5_set_error_string(context, "unknown keytab type %.*s",
(int)type_len, type);
krb5_set_error_message(context, KRB5_KT_UNKNOWN_TYPE,
"unknown keytab type %.*s",
(int)type_len, type);
return KRB5_KT_UNKNOWN_TYPE;
}
@@ -265,7 +267,7 @@ krb5_kt_get_full_name(krb5_context context,
return ret;
if (asprintf(str, "%s:%s", type, name) == -1) {
krb5_set_error_string(context, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
*str = NULL;
return ENOMEM;
}
@@ -377,12 +379,12 @@ krb5_kt_get_entry(krb5_context context,
else
kvno_str[0] = '\0';
krb5_set_error_string (context,
"Failed to find %s%s in keytab %s (%s)",
princ,
kvno_str,
kt_name ? kt_name : "unknown keytab",
enctype_str ? enctype_str : "unknown enctype");
krb5_set_error_message (context, KRB5_KT_NOTFOUND,
"Failed to find %s%s in keytab %s (%s)",
princ,
kvno_str,
kt_name ? kt_name : "unknown keytab",
enctype_str ? enctype_str : "unknown enctype");
free(kt_name);
free(enctype_str);
return KRB5_KT_NOTFOUND;
@@ -443,9 +445,9 @@ krb5_kt_start_seq_get(krb5_context context,
krb5_kt_cursor *cursor)
{
if(id->start_seq_get == NULL) {
krb5_set_error_string(context,
"start_seq_get is not supported in the %s "
" keytab", id->prefix);
krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP,
"start_seq_get is not supported in the %s "
" keytab", id->prefix);
return HEIM_ERR_OPNOTSUPP;
}
return (*id->start_seq_get)(context, id, cursor);
@@ -464,9 +466,9 @@ krb5_kt_next_entry(krb5_context context,
krb5_kt_cursor *cursor)
{
if(id->next_entry == NULL) {
krb5_set_error_string(context,
"next_entry is not supported in the %s "
" keytab", id->prefix);
krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP,
"next_entry is not supported in the %s "
" keytab", id->prefix);
return HEIM_ERR_OPNOTSUPP;
}
return (*id->next_entry)(context, id, entry, cursor);
@@ -482,9 +484,9 @@ krb5_kt_end_seq_get(krb5_context context,
krb5_kt_cursor *cursor)
{
if(id->end_seq_get == NULL) {
krb5_set_error_string(context,
"end_seq_get is not supported in the %s "
" keytab", id->prefix);
krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP,
"end_seq_get is not supported in the %s "
" keytab", id->prefix);
return HEIM_ERR_OPNOTSUPP;
}
return (*id->end_seq_get)(context, id, cursor);
@@ -501,8 +503,9 @@ krb5_kt_add_entry(krb5_context context,
krb5_keytab_entry *entry)
{
if(id->add == NULL) {
krb5_set_error_string(context, "Add is not supported in the %s keytab",
id->prefix);
krb5_set_error_message(context, KRB5_KT_NOWRITE,
"Add is not supported in the %s keytab",
id->prefix);
return KRB5_KT_NOWRITE;
}
entry->timestamp = time(NULL);
@@ -520,9 +523,9 @@ krb5_kt_remove_entry(krb5_context context,
krb5_keytab_entry *entry)
{
if(id->remove == NULL) {
krb5_set_error_string(context,
"Remove is not supported in the %s keytab",
id->prefix);
krb5_set_error_message(context, KRB5_KT_NOWRITE,
"Remove is not supported in the %s keytab",
id->prefix);
return KRB5_KT_NOWRITE;
}
return (*id->remove)(context, id, entry);

11
lib/krb5/keytab_any.c
View File

@@ -87,7 +87,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id)
prev = a;
}
if (a0 == NULL) {
krb5_set_error_string(context, "empty ANY: keytab");
krb5_set_error_message(context, ENOENT, "empty ANY: keytab");
return ENOENT;
}
id->data = a0;
@@ -206,8 +206,8 @@ any_add_entry(krb5_context context,
while(a != NULL) {
ret = krb5_kt_add_entry(context, a->kt, entry);
if(ret != 0 && ret != KRB5_KT_NOWRITE) {
krb5_set_error_string(context, "failed to add entry to %s",
a->name);
krb5_set_error_message(context, ret, "failed to add entry to %s",
a->name);
return ret;
}
a = a->next;
@@ -229,8 +229,9 @@ any_remove_entry(krb5_context context,
found++;
else {
if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) {
krb5_set_error_string(context, "failed to remove entry from %s",
a->name);
krb5_set_error_message(context, ret,
"Failed to remove keytab entry from %s",
a->name);
return ret;
}
}

28
lib/krb5/keytab_file.c
View File

@@ -174,16 +174,16 @@ krb5_kt_ret_principal(krb5_context context,
ret = krb5_ret_int16(sp, &len);
if(ret) {
krb5_set_error_string(context,
"Failed decoding length of keytab principal");
krb5_set_error_message(context, ret,
"Failed decoding length of keytab principal");
goto out;
}
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
len--;
if (len < 0) {
krb5_set_error_string(context,
"Keytab principal contains invalid length");
ret = KRB5_KT_END;
krb5_set_error_message(context, ret,
"Keytab principal contains invalid length");
goto out;
}
ret = krb5_kt_ret_string(context, sp, &p->realm);
@@ -334,8 +334,8 @@ fkt_start_seq_get_int(krb5_context context,
c->fd = open (d->filename, flags);
if (c->fd < 0) {
ret = errno;
krb5_set_error_string(context, "keytab %s open failed: %s",
d->filename, strerror(ret));
krb5_set_error_message(context, ret, "keytab %s open failed: %s",
d->filename, strerror(ret));
return ret;
}
ret = _krb5_xlock(context, c->fd, exclusive, d->filename);
@@ -492,8 +492,8 @@ fkt_add_entry(krb5_context context,
fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
ret = _krb5_xlock(context, fd, 1, d->filename);
@@ -523,22 +523,22 @@ fkt_add_entry(krb5_context context,
properly */
ret = fkt_setup_keytab(context, id, sp);
if(ret) {
krb5_set_error_string(context, "%s: keytab is corrupted: %s",
d->filename, strerror(ret));
krb5_set_error_message(context, ret, "%s: keytab is corrupted: %s",
d->filename, strerror(ret));
goto out;
}
storage_set_flags(context, sp, id->version);
} else {
if(pvno != 5) {
ret = KRB5_KEYTAB_BADVNO;
krb5_set_error_string(context, "%s: %s",
d->filename, strerror(ret));
krb5_set_error_message(context, ret, "%s: %s",
d->filename, strerror(ret));
goto out;
}
ret = krb5_ret_int8 (sp, &tag);
if (ret) {
krb5_set_error_string(context, "%s: reading tag: %s",
d->filename, strerror(ret));
krb5_set_error_message(context, ret, "%s: reading tag: %s",
d->filename, strerror(ret));
goto out;
}
id->version = tag;

36
lib/krb5/keytab_keyfile.c
View File

@@ -72,13 +72,13 @@ get_cell_and_realm (krb5_context context, struct akf_data *d)
f = fopen (AFS_SERVERTHISCELL, "r");
if (f == NULL) {
ret = errno;
krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL,
strerror(ret));
krb5_set_error_message (context, ret, "open %s: %s", AFS_SERVERTHISCELL,
strerror(ret));
return ret;
}
if (fgets (buf, sizeof(buf), f) == NULL) {
fclose (f);
krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL);
krb5_set_error_message (context, EINVAL, "no cell in %s", AFS_SERVERTHISCELL);
return EINVAL;
}
buf[strcspn(buf, "\n")] = '\0';
@@ -96,8 +96,8 @@ get_cell_and_realm (krb5_context context, struct akf_data *d)
free (d->cell);
d->cell = NULL;
fclose (f);
krb5_set_error_string (context, "no realm in %s",
AFS_SERVERMAGICKRBCONF);
krb5_set_error_message (context, EINVAL, "no realm in %s",
AFS_SERVERMAGICKRBCONF);
return EINVAL;
}
buf[strcspn(buf, "\n")] = '\0';
@@ -197,8 +197,8 @@ akf_start_seq_get(krb5_context context,
c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
if (c->fd < 0) {
ret = errno;
krb5_set_error_string(context, "keytab afs keyfil open %s failed: %s",
d->filename, strerror(ret));
krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s",
d->filename, strerror(ret));
return ret;
}
@@ -307,8 +307,8 @@ akf_add_entry(krb5_context context,
O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
strerror(ret));
krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
created = 1;
@@ -327,7 +327,7 @@ akf_add_entry(krb5_context context,
ret = errno;
krb5_storage_free(sp);
close(fd);
krb5_set_error_string (context, "seek: %s", strerror(ret));
krb5_set_error_message(context, ret, "seek: %s", strerror(ret));
return ret;
}
@@ -350,11 +350,12 @@ akf_add_entry(krb5_context context,
for (i = 0; i < len; i++) {
ret = krb5_ret_int32(sp, &kvno);
if (ret) {
krb5_set_error_string (context, "Failed to get kvno ");
krb5_set_error_message (context, ret, "Failed to get kvno ");
goto out;
}
if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) {
krb5_set_error_string (context, "seek: %s", strerror(ret));
ret = errno;
krb5_set_error_message (context, ret, "seek: %s", strerror(ret));
goto out;
}
if (kvno == entry->vno) {
@@ -368,25 +369,26 @@ akf_add_entry(krb5_context context,
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
ret = errno;
krb5_set_error_string (context, "seek: %s", strerror(ret));
krb5_set_error_message (context, ret, "seek: %s", strerror(ret));
goto out;
}
ret = krb5_store_int32(sp, len);
if(ret) {
krb5_set_error_string(context, "keytab keyfile failed new length");
ret = errno;
krb5_set_error_message (context, ret, "keytab keyfile failed new length");
return ret;
}
if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
ret = errno;
krb5_set_error_string (context, "seek to end: %s", strerror(ret));
krb5_set_error_message (context, ret, "seek to end: %s", strerror(ret));
goto out;
}
ret = krb5_store_int32(sp, entry->vno);
if(ret) {
krb5_set_error_string(context, "keytab keyfile failed store kvno");
krb5_set_error_message(context, ret, "keytab keyfile failed store kvno");
goto out;
}
ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data,
@@ -396,7 +398,7 @@ akf_add_entry(krb5_context context,
ret = errno;
else
ret = ENOTTY;
krb5_set_error_string(context, "keytab keyfile failed to add key");
krb5_set_error_message(context, ret, "keytab keyfile failed to add key");
goto out;
}
ret = 0;

48
lib/krb5/keytab_krb4.c
View File

@@ -134,8 +134,8 @@ krb4_kt_start_seq_get_int (krb5_context context,
if (c->fd < 0) {
ret = errno;
free (ed);
krb5_set_error_string(context, "keytab krb5 open %s failed: %s",
d->filename, strerror(ret));
krb5_set_error_message(context, ret, "keytab krb5 open %s failed: %s",
d->filename, strerror(ret));
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
@@ -302,7 +302,7 @@ krb4_kt_add_entry (krb5_context context,
O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,
krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
strerror(ret));
return ret;
}
@@ -371,7 +371,8 @@ krb4_kt_remove_entry(krb5_context context,
memset(data.data, 0, data.length);
krb5_data_free(&data);
if(errno == EACCES || errno == EROFS) {
krb5_set_error_string(context, "failed to open %s for writing",
krb5_set_error_message(context, KRB5_KT_NOWRITE,
"failed to open %s for writing",
d->filename);
return KRB5_KT_NOWRITE;
}
@@ -379,20 +380,24 @@ krb4_kt_remove_entry(krb5_context context,
}
if(write(fd, data.data, data.length) != data.length) {
int save_errno = errno;
memset(data.data, 0, data.length);
krb5_data_free(&data);
close(fd);
krb5_set_error_string(context, "failed writing to file %s",
d->filename);
return errno;
krb5_set_error_message(context, save_errno,
"failed writing to file %s",
d->filename);
return save_errno;
}
memset(data.data, 0, data.length);
if(fstat(fd, &st) < 0) {
int save_errno = errno;
krb5_data_free(&data);
close(fd);
krb5_set_error_string(context, "failed getting size of file %s",
d->filename);
return errno;
krb5_set_error_message(context, save_errno,
"failed getting size of file %s",
d->filename);
return save_errno;
}
st.st_size -= data.length;
memset(buf, 0, sizeof(buf));
@@ -400,32 +405,39 @@ krb4_kt_remove_entry(krb5_context context,
n = min(st.st_size, sizeof(buf));
n = write(fd, buf, n);
if(n <= 0) {
int save_errno = errno;
krb5_data_free(&data);
close(fd);
krb5_set_error_string(context, "failed writing to file %s",
krb5_set_error_message(context, save_errno,
"failed writing to file %s",
d->filename);
return errno;
return save_errno;
}
st.st_size -= n;
}
if(ftruncate(fd, data.length) < 0) {
int save_errno = errno;
krb5_data_free(&data);
close(fd);
krb5_set_error_string(context, "failed truncating file %s",
krb5_set_error_message(context, save_errno,
"failed truncating file %s",
d->filename);
return errno;
return save_errno;
}
krb5_data_free(&data);
if(close(fd) < 0) {
krb5_set_error_string(context, "error closing %s",
d->filename);
return errno;
int save_errno = errno;
krb5_set_error_message(context, save_errno,
"error closing %s",
d->filename);
return save_errno;
}
return 0;
} else {
krb5_storage_free(sp);
krb5_set_error_string(context, "Keytab entry not found");
krb5_set_error_message(context, KRB5_KT_NOTFOUND,
"Keytab entry not found");
return KRB5_KT_NOTFOUND;
}
}

12
lib/krb5/krbhst.c
View File

@@ -72,7 +72,8 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
proto_num = string_to_proto(proto);
if(proto_num < 0) {
krb5_set_error_string(context, "unknown protocol `%s'", proto);
krb5_set_error_message(context, EINVAL,
"unknown protocol `%s'", proto);
return EINVAL;
}
@@ -247,7 +248,7 @@ _krb5_krbhost_info_move(krb5_context context,
/* trailing NUL is included in structure */
*to = calloc(1, sizeof(**to) + hostnamelen);
if(*to == NULL) {
krb5_set_error_string(context, "malloc - out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -540,7 +541,7 @@ plugin_get_hosts(krb5_context context,
ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd);
(*service->fini)(ctx);
if (ret) {
krb5_set_error_string(context, "Plugin failed to lookup");
krb5_set_error_message(context, ret, "Plugin failed to lookup");
break;
}
}
@@ -832,7 +833,7 @@ krb5_krbhst_init_flags(krb5_context context,
def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444));
break;
default:
krb5_set_error_string(context, "unknown krbhst type (%u)", type);
krb5_set_error_message(context, ENOTTY, "unknown krbhst type (%u)", type);
return ENOTTY;
}
if((kd = common_init(context, realm, flags)) == NULL)
@@ -920,7 +921,8 @@ gethostlist(krb5_context context, const char *realm,
while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
nhost++;
if(nhost == 0) {
krb5_set_error_string(context, "No KDC found for realm %s", realm);
krb5_set_error_message(context, KRB5_KDC_UNREACH,
"No KDC found for realm %s", realm);
return KRB5_KDC_UNREACH;
}
*hostlist = calloc(nhost + 1, sizeof(**hostlist));

9
lib/krb5/log.c
View File

@@ -277,7 +277,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
if(n){
p = strchr(p, '/');
if(p == NULL) {
krb5_set_error_string (context, "failed to parse \"%s\"", orig);
krb5_set_error_message(context, HEIM_ERR_LOG_PARSE,
"failed to parse \"%s\"", orig);
return HEIM_ERR_LOG_PARSE;
}
p++;
@@ -300,7 +301,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
O_TRUNC | O_APPEND, 0666);
if(i < 0) {
ret = errno;
krb5_set_error_string (context, "open(%s): %s", fn,
krb5_set_error_message(context, ret, "open(%s): %s", fn,
strerror(ret));
free(fn);
return ret;
@@ -309,7 +310,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
if(file == NULL){
ret = errno;
close(i);
krb5_set_error_string (context, "fdopen(%s): %s", fn,
krb5_set_error_message(context, ret, "fdopen(%s): %s", fn,
strerror(ret));
free(fn);
return ret;
@@ -333,8 +334,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
strlcpy(facility, "AUTH", sizeof(facility));
ret = open_syslog(context, f, min, max, severity, facility);
}else{
krb5_set_error_string (context, "unknown log type: %s", p);
ret = HEIM_ERR_LOG_PARSE; /* XXX */
krb5_set_error_message (context, ret, "unknown log type: %s", p);
}
return ret;
}

2
lib/krb5/mcache.c
View File

@@ -439,7 +439,7 @@ mcc_default_name(krb5_context context, char **str)
{
*str = strdup("MEMORY:");
if (*str == NULL) {
krb5_set_error_string(context, ENOMEM, "malloc: out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
return 0;

8
lib/krb5/mk_rep.c
View File

@@ -61,18 +61,18 @@ krb5_mk_rep(krb5_context context,
auth_context,
auth_context->keyblock);
if(ret) {
krb5_set_error_string (context,
"krb5_mk_rep: generating subkey");
free_EncAPRepPart(&body);
krb5_set_error_message(context, ret,
"krb5_mk_rep: generating subkey");
return ret;
}
}
ret = krb5_copy_keyblock(context, auth_context->local_subkey,
&body.subkey);
if (ret) {
krb5_set_error_string (context,
"krb5_copy_keyblock: out of memory");
free_EncAPRepPart(&body);
krb5_set_error_message(context, ENOMEM,
"krb5_copy_keyblock: out of memory");
return ENOMEM;
}
} else

106
lib/krb5/pac.c
View File

@@ -93,14 +93,14 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
p = calloc(1, sizeof(*p));
if (p == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
sp = krb5_storage_from_readonly_mem(ptr, len);
if (sp == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -108,21 +108,21 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
if (tmp < 1) {
krb5_set_error_string(context, "PAC have too few buffer");
ret = EINVAL; /* Too few buffers */
krb5_set_error_message(context, ret, "PAC have too few buffer");
goto out;
}
if (tmp2 != 0) {
krb5_set_error_string(context, "PAC have wrong version");
ret = EINVAL; /* Wrong version */
krb5_set_error_message(context, ret, "PAC have wrong version");
goto out;
}
p->pac = calloc(1,
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
if (p->pac == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
@@ -143,52 +143,52 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
/* consistency checks */
if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
krb5_set_error_string(context, "PAC out of allignment");
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC out of allignment");
goto out;
}
if (p->pac->buffers[i].offset_hi) {
krb5_set_error_string(context, "PAC high offset set");
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC high offset set");
goto out;
}
if (p->pac->buffers[i].offset_lo > len) {
krb5_set_error_string(context, "PAC offset off end");
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC offset off end");
goto out;
}
if (p->pac->buffers[i].offset_lo < header_end) {
krb5_set_error_string(context, "PAC offset inside header: %lu %lu",
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC offset inside header: %lu %lu",
(unsigned long)p->pac->buffers[i].offset_lo,
(unsigned long)header_end);
ret = EINVAL;
goto out;
}
if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
krb5_set_error_string(context, "PAC length off end");
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC length off end");
goto out;
}
/* let save pointer to data we need later */
if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
if (p->server_checksum) {
krb5_set_error_string(context, "PAC have two server checksums");
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC have two server checksums");
goto out;
}
p->server_checksum = &p->pac->buffers[i];
} else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
if (p->privsvr_checksum) {
krb5_set_error_string(context, "PAC have two KDC checksums");
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC have two KDC checksums");
goto out;
}
p->privsvr_checksum = &p->pac->buffers[i];
} else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
if (p->logon_name) {
krb5_set_error_string(context, "PAC have two logon names");
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC have two logon names");
goto out;
}
p->logon_name = &p->pac->buffers[i];
@@ -225,14 +225,14 @@ krb5_pac_init(krb5_context context, krb5_pac *pac)
p = calloc(1, sizeof(*p));
if (p == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
p->pac = calloc(1, sizeof(*p->pac));
if (p->pac == NULL) {
free(p);
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -240,7 +240,7 @@ krb5_pac_init(krb5_context context, krb5_pac *pac)
if (ret) {
free (p->pac);
free(p);
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
return ret;
}
@@ -263,7 +263,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
ptr = realloc(p->pac,
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
if (ptr == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
p->pac = ptr;
@@ -281,7 +281,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
old_end = p->data.length;
len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
if (len < p->data.length) {
krb5_set_error_string(context, "integer overrun");
krb5_set_error_message(context, EINVAL, "integer overrun");
return EINVAL;
}
@@ -290,7 +290,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
ret = krb5_data_realloc(&p->data, len);
if (ret) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
return ret;
}
@@ -331,7 +331,7 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p,
if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) {
ret = krb5_data_alloc(data, 16);
if (ret) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
return ret;
}
memset(data->data, 0, data->length);
@@ -347,13 +347,13 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p,
ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
if (ret) {
krb5_set_error_string(context, "Out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
return ret;
}
return 0;
}
krb5_set_error_string(context, "No PAC buffer of type %lu was found",
(unsigned long)type);
krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found",
(unsigned long)type);
return ENOENT;
}
@@ -372,7 +372,7 @@ krb5_pac_get_types(krb5_context context,
*types = calloc(p->pac->numbuffers, sizeof(*types));
if (*types == NULL) {
*len = 0;
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
for (i = 0; i < p->pac->numbuffers; i++)
@@ -416,7 +416,7 @@ verify_checksum(krb5_context context,
sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
sig->buffersize);
if (sp == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -427,21 +427,21 @@ verify_checksum(krb5_context context,
sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
cksum.checksum.data = malloc(cksum.checksum.length);
if (cksum.checksum.data == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
if (ret != cksum.checksum.length) {
krb5_set_error_string(context, "PAC checksum missing checksum");
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC checksum missing checksum");
goto out;
}
if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
krb5_set_error_string (context, "Checksum type %d not keyed",
cksum.cksumtype);
ret = EINVAL;
krb5_set_error_message(context, ret, "Checksum type %d not keyed",
cksum.cksumtype);
goto out;
}
@@ -488,7 +488,7 @@ create_checksum(krb5_context context,
return ret;
if (cksum.checksum.length != siglen) {
krb5_set_error_string(context, "pac checksum wrong length");
krb5_set_error_message(context, EINVAL, "pac checksum wrong length");
free_Checksum(&cksum);
return EINVAL;
}
@@ -531,7 +531,7 @@ verify_logonname(krb5_context context,
sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
logon_name->buffersize);
if (sp == NULL) {
krb5_set_error_string(context, "Out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -546,27 +546,27 @@ verify_logonname(krb5_context context,
t2 = ((uint64_t)time2 << 32) | time1;
if (t1 != t2) {
krb5_storage_free(sp);
krb5_set_error_string(context, "PAC timestamp mismatch");
krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch");
return EINVAL;
}
}
CHECK(ret, krb5_ret_uint16(sp, &len), out);
if (len == 0) {
krb5_storage_free(sp);
krb5_set_error_string(context, "PAC logon name length missing");
krb5_set_error_message(context, EINVAL, "PAC logon name length missing");
return EINVAL;
}
s = malloc(len);
if (s == NULL) {
krb5_storage_free(sp);
krb5_set_error_string(context, "Out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_storage_read(sp, s, len);
if (ret != len) {
krb5_storage_free(sp);
krb5_set_error_string(context, "Failed to read PAC logon name");
krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name");
return EINVAL;
}
krb5_storage_free(sp);
@@ -585,13 +585,13 @@ verify_logonname(krb5_context context,
free(s);
if (ret) {
free(ucs2);
krb5_set_error_string(context, "Failed to convert string to UCS-2");
krb5_set_error_message(context, ret, "Failed to convert string to UCS-2");
return ret;
}
ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len);
if (ret) {
free(ucs2);
krb5_set_error_string(context, "Failed to count length of UCS-2 string");
krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string");
return ret;
}
u8len += 1; /* Add space for NUL */
@@ -604,7 +604,7 @@ verify_logonname(krb5_context context,
ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len);
free(ucs2);
if (ret) {
krb5_set_error_string(context, "Failed to convert to UTF-8");
krb5_set_error_message(context, ret, "Failed to convert to UTF-8");
return ret;
}
}
@@ -614,8 +614,8 @@ verify_logonname(krb5_context context,
return ret;
if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
krb5_set_error_string(context, "PAC logon name mismatch");
ret = EINVAL;
krb5_set_error_message(context, ret, "PAC logon name mismatch");
}
krb5_free_principal(context, p2);
return ret;
@@ -645,7 +645,7 @@ build_logon_name(krb5_context context,
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -711,15 +711,15 @@ krb5_pac_verify(krb5_context context,
krb5_error_code ret;
if (pac->server_checksum == NULL) {
krb5_set_error_string(context, "PAC missing server checksum");
krb5_set_error_message(context, EINVAL, "PAC missing server checksum");
return EINVAL;
}
if (pac->privsvr_checksum == NULL) {
krb5_set_error_string(context, "PAC missing kdc checksum");
krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum");
return EINVAL;
}
if (pac->logon_name == NULL) {
krb5_set_error_string(context, "PAC missing logon name");
krb5_set_error_message(context, EINVAL, "PAC missing logon name");
return EINVAL;
}
@@ -796,7 +796,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
l = sizeof(zeros);
sret = krb5_storage_write(sp, zeros, l);
if (sret <= 0) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
len -= sret;
@@ -824,7 +824,7 @@ pac_checksum(krb5_context context,
return ret;
if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
krb5_set_error_string(context, "PAC checksum type is not keyed");
krb5_set_error_message(context, EINVAL, "PAC checksum type is not keyed");
return EINVAL;
}
@@ -869,7 +869,7 @@ _krb5_pac_sign(krb5_context context,
ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
if (ptr == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
p->pac = ptr;
@@ -907,7 +907,7 @@ _krb5_pac_sign(krb5_context context,
/* Encode PAC */
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -915,7 +915,7 @@ _krb5_pac_sign(krb5_context context,
spdata = krb5_storage_emem();
if (spdata == NULL) {
krb5_storage_free(sp);
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
@@ -954,8 +954,8 @@ _krb5_pac_sign(krb5_context context,
sret = krb5_storage_write(spdata, ptr, len);
if (sret != len) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
/* XXX if not aligned, fill_zeros */
@@ -986,21 +986,21 @@ _krb5_pac_sign(krb5_context context,
/* export PAC */
ret = krb5_storage_to_data(spdata, &d);
if (ret) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = krb5_storage_write(sp, d.data, d.length);
if (ret != d.length) {
krb5_data_free(&d);
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
krb5_data_free(&d);
ret = krb5_storage_to_data(sp, &d);
if (ret) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}

235
lib/krb5/pkinit.c
View File

@@ -114,7 +114,7 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f)
bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
if (bn == NULL) {
krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
krb5_set_error_message(context, ENOMEM, "PKINIT: parsing BN failed %s", field);
return NULL;
}
BN_set_negative(bn, f->negative);
@@ -150,7 +150,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id,
ret = hx509_query_match_eku(q, cf[i].oid);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Failed setting %s OID", cf[i].type);
"Failed setting %s OID", cf[i].type);
return ret;
}
@@ -158,7 +158,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id,
if (ret == 0)
break;
pk_copy_error(context, id->hx509ctx, ret,
"Failed cert for finding %s OID", cf[i].type);
"Failed cert for finding %s OID", cf[i].type);
}
return ret;
}
@@ -179,7 +179,7 @@ create_signature(krb5_context context,
ret = hx509_query_alloc(id->hx509ctx, &q);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Allocate query to find signing certificate");
"Allocate query to find signing certificate");
return ret;
}
@@ -205,7 +205,7 @@ create_signature(krb5_context context,
hx509_cert_free(cert);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Create CMS signedData");
"Create CMS signedData");
return ret;
}
@@ -536,8 +536,8 @@ pk_mk_padata(krb5_context context,
&ap, &size, ret);
free_AuthPack_Win2k(&ap);
if (ret) {
krb5_set_error_string(context, "AuthPack_Win2k: %d",
(int)ret);
krb5_set_error_message(context, ret, "AuthPack_Win2k: %d",
(int)ret);
goto out;
}
if (buf.length != size)
@@ -558,7 +558,7 @@ pk_mk_padata(krb5_context context,
ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret);
free_AuthPack(&ap);
if (ret) {
krb5_set_error_string(context, "AuthPack: %d", (int)ret);
krb5_set_error_message(context, ret, "AuthPack: %d", (int)ret);
goto out;
}
if (buf.length != size)
@@ -577,8 +577,8 @@ pk_mk_padata(krb5_context context,
ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf);
krb5_data_free(&sd_buf);
if (ret) {
krb5_set_error_string(context,
"ContentInfo wrapping of signedData failed");
krb5_set_error_message(context, ret,
"ContentInfo wrapping of signedData failed");
goto out;
}
@@ -615,7 +615,7 @@ pk_mk_padata(krb5_context context,
ret = build_edi(context, ctx->id->hx509ctx,
ctx->id->anchors, req.trustedCertifiers);
if (ret) {
krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers");
krb5_set_error_message(context, ret, "pk-init: failed to build trustedCertifiers");
free_PA_PK_AS_REQ(&req);
goto out;
}
@@ -630,7 +630,7 @@ pk_mk_padata(krb5_context context,
} else
krb5_abortx(context, "internal pkinit error");
if (ret) {
krb5_set_error_string(context, "PA-PK-AS-REQ %d", (int)ret);
krb5_set_error_message(context, ret, "PA-PK-AS-REQ %d", (int)ret);
goto out;
}
if (buf.length != size)
@@ -643,7 +643,7 @@ pk_mk_padata(krb5_context context,
if (ret == 0 && ctx->type == PKINIT_WIN2K)
krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0);
out:
out:
free_ContentInfo(&content_info);
return ret;
@@ -738,7 +738,7 @@ _krb5_pk_verify_sign(krb5_context context,
&signer_certs);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"CMS verify signed failed");
"CMS verify signed failed");
return ret;
}
@@ -752,11 +752,11 @@ _krb5_pk_verify_sign(krb5_context context,
ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Failed to get on of the signer certs");
"Failed to get on of the signer certs");
goto out;
}
out:
out:
hx509_certs_free(&signer_certs);
if (ret) {
if (*signer) {
@@ -784,20 +784,19 @@ get_reply_key_win(krb5_context context,
&key_pack,
&size);
if (ret) {
krb5_set_error_string(context, "PKINIT decoding reply key failed");
krb5_set_error_message(context, ret, "PKINIT decoding reply key failed");
free_ReplyKeyPack_Win2k(&key_pack);
return ret;
}
if (key_pack.nonce != nonce) {
krb5_set_error_string(context, "PKINIT enckey nonce is wrong");
krb5_set_error_message(context, ret, "PKINIT enckey nonce is wrong");
free_ReplyKeyPack_Win2k(&key_pack);
return KRB5KRB_AP_ERR_MODIFIED;
}
*key = malloc (sizeof (**key));
if (*key == NULL) {
krb5_set_error_string(context, "PKINIT failed allocating reply key");
free_ReplyKeyPack_Win2k(&key_pack);
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
@@ -806,7 +805,7 @@ get_reply_key_win(krb5_context context,
ret = copy_EncryptionKey(&key_pack.replyKey, *key);
free_ReplyKeyPack_Win2k(&key_pack);
if (ret) {
krb5_set_error_string(context, "PKINIT failed copying reply key");
krb5_set_error_message(context, ret, "PKINIT failed copying reply key");
free(*key);
*key = NULL;
}
@@ -829,7 +828,7 @@ get_reply_key(krb5_context context,
&key_pack,
&size);
if (ret) {
krb5_set_error_string(context, "PKINIT decoding reply key failed");
krb5_set_error_message(context, ret, "PKINIT decoding reply key failed");
free_ReplyKeyPack(&key_pack);
return ret;
}
@@ -860,7 +859,6 @@ get_reply_key(krb5_context context,
*key = malloc (sizeof (**key));
if (*key == NULL) {
krb5_set_error_string(context, "PKINIT failed allocating reply key");
free_ReplyKeyPack(&key_pack);
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
@@ -869,7 +867,7 @@ get_reply_key(krb5_context context,
ret = copy_EncryptionKey(&key_pack.replyKey, *key);
free_ReplyKeyPack(&key_pack);
if (ret) {
krb5_set_error_string(context, "PKINIT failed copying reply key");
krb5_set_error_message(context, ret, "PKINIT failed copying reply key");
free(*key);
*key = NULL;
}
@@ -891,7 +889,7 @@ pk_verify_host(krb5_context context,
ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert,
oid_id_pkkdcekuoid(), 0);
if (ret) {
krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate");
krb5_set_error_message(context, ret, "No PK-INIT KDC EKU in kdc certificate");
return ret;
}
}
@@ -904,8 +902,8 @@ pk_verify_host(krb5_context context,
oid_id_pkinit_san(),
&list);
if (ret) {
krb5_set_error_string(context, "Failed to find the PK-INIT "
"subjectAltName in the KDC certificate");
krb5_set_error_message(context, ret, "Failed to find the PK-INIT "
"subjectAltName in the KDC certificate");
return ret;
}
@@ -918,8 +916,8 @@ pk_verify_host(krb5_context context,
&r,
NULL);
if (ret) {
krb5_set_error_string(context, "Failed to decode the PK-INIT "
"subjectAltName in the KDC certificate");
krb5_set_error_message(context, ret, "Failed to decode the PK-INIT "
"subjectAltName in the KDC certificate");
break;
}
@@ -928,11 +926,11 @@ pk_verify_host(krb5_context context,
strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 ||
strcmp(r.principalName.name_string.val[1], realm) != 0 ||
strcmp(r.realm, realm) != 0)
{
krb5_set_error_string(context, "KDC have wrong realm name in "
"the certificate");
ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
}
{
ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
krb5_set_error_message(context, ret, "KDC have wrong realm name in "
"the certificate");
}
free_KRB5PrincipalName(&r);
if (ret)
@@ -951,8 +949,8 @@ pk_verify_host(krb5_context context,
hi->ai->ai_addr, hi->ai->ai_addrlen);
if (ret)
krb5_set_error_string(context, "Address mismatch in "
"the KDC certificate");
krb5_set_error_message(context, ret, "Address mismatch in "
"the KDC certificate");
}
return ret;
}
@@ -977,7 +975,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
heim_oid contentType = { 0, NULL };
if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) {
krb5_set_error_string(context, "PKINIT: Invalid content type");
krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type");
return EINVAL;
}
@@ -992,7 +990,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
&content);
if (ret) {
pk_copy_error(context, ctx->id->hx509ctx, ret,
"Failed to unenvelope CMS data in PK-INIT reply");
"Failed to unenvelope CMS data in PK-INIT reply");
return ret;
}
der_free_oid(&contentType);
@@ -1023,7 +1021,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) {
ret = EINVAL; /* XXX */
krb5_set_error_string(context, "PKINIT: Invalid content type");
krb5_set_error_message(context, ret, "PKINIT: Invalid content type");
der_free_oid(&type);
der_free_octet_string(&out);
goto out;
@@ -1033,7 +1031,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
ret = krb5_data_copy(&content, out.data, out.length);
der_free_octet_string(&out);
if (ret) {
krb5_set_error_string(context, "PKINIT: out of memory");
krb5_set_error_message(context, ret, "PKINIT: out of memory");
goto out;
}
}
@@ -1057,14 +1055,14 @@ pk_rd_pa_reply_enckey(krb5_context context,
#if 0
if (type == PKINIT_WIN2K) {
if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) {
krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
goto out;
}
} else {
if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) {
krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
goto out;
}
}
@@ -1122,7 +1120,7 @@ pk_rd_pa_reply_dh(krb5_context context,
memset(&kdc_dh_info, 0, sizeof(kdc_dh_info));
if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) {
krb5_set_error_string(context, "PKINIT: Invalid content type");
krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type");
return EINVAL;
}
@@ -1142,8 +1140,8 @@ pk_rd_pa_reply_dh(krb5_context context,
goto out;
if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) {
krb5_set_error_string(context, "pkinit - dh reply contains wrong oid");
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_set_error_message(context, ret, "pkinit - dh reply contains wrong oid");
goto out;
}
@@ -1153,35 +1151,35 @@ pk_rd_pa_reply_dh(krb5_context context,
&size);
if (ret) {
krb5_set_error_string(context, "pkinit - "
"failed to decode KDC DH Key Info");
krb5_set_error_message(context, ret, "pkinit - "
"failed to decode KDC DH Key Info");
goto out;
}
if (kdc_dh_info.nonce != nonce) {
krb5_set_error_string(context, "PKINIT: DH nonce is wrong");
ret = KRB5KRB_AP_ERR_MODIFIED;
krb5_set_error_message(context, ret, "PKINIT: DH nonce is wrong");
goto out;
}
if (kdc_dh_info.dhKeyExpiration) {
if (k_n == NULL) {
krb5_set_error_string(context, "pkinit; got key expiration "
"without server nonce");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "pkinit; got key expiration "
"without server nonce");
goto out;
}
if (c_n == NULL) {
krb5_set_error_string(context, "pkinit; got DH reuse but no "
"client nonce");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "pkinit; got DH reuse but no "
"client nonce");
goto out;
}
} else {
if (k_n) {
krb5_set_error_string(context, "pkinit: got server nonce "
"without key expiration");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "pkinit: got server nonce "
"without key expiration");
goto out;
}
c_n = NULL;
@@ -1195,15 +1193,15 @@ pk_rd_pa_reply_dh(krb5_context context,
DHPublicKey k;
ret = decode_DHPublicKey(p, size, &k, NULL);
if (ret) {
krb5_set_error_string(context, "pkinit: can't decode "
"without key expiration");
krb5_set_error_message(context, ret, "pkinit: can't decode "
"without key expiration");
goto out;
}
kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k);
free_DHPublicKey(&k);
if (kdc_dh_pubkey == NULL) {
ret = KRB5KRB_ERR_GENERIC;
ret = ENOMEM;
goto out;
}
}
@@ -1224,9 +1222,9 @@ pk_rd_pa_reply_dh(krb5_context context,
dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
kdc_dh_pubkey, ctx->dh);
if (dh_gen_keylen == -1) {
krb5_set_error_string(context,
"PKINIT: Can't compute Diffie-Hellman key");
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
"PKINIT: Can't compute Diffie-Hellman key");
goto out;
}
@@ -1243,8 +1241,8 @@ pk_rd_pa_reply_dh(krb5_context context,
c_n, k_n,
*key);
if (ret) {
krb5_set_error_string(context,
"PKINIT: can't create key from DH key");
krb5_set_error_message(context, ret,
"PKINIT: can't create key from DH key");
free(*key);
*key = NULL;
goto out;
@@ -1289,7 +1287,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
heim_oid oid;
if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
krb5_set_error_string(context, "PKINIT: wrong padata recv");
krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv");
return EINVAL;
}
@@ -1298,7 +1296,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&rep,
&size);
if (ret) {
krb5_set_error_string(context, "Failed to decode pkinit AS rep");
krb5_set_error_message(context, ret, "Failed to decode pkinit AS rep");
return ret;
}
@@ -1311,15 +1309,15 @@ _krb5_pk_rd_pa_reply(krb5_context context,
break;
default:
free_PA_PK_AS_REP(&rep);
krb5_set_error_string(context, "PKINIT: -27 reply "
"invalid content type");
krb5_set_error_message(context, EINVAL, "PKINIT: -27 reply "
"invalid content type");
return EINVAL;
}
ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL);
if (ret) {
free_PA_PK_AS_REP(&rep);
krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI");
return ret;
}
@@ -1348,7 +1346,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
#if 0 /* should this be ? */
if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
krb5_set_error_string(context, "PKINIT: wrong padata recv");
krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv");
return EINVAL;
}
#endif
@@ -1360,8 +1358,8 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&w2krep,
&size);
if (ret) {
krb5_set_error_string(context, "PKINIT: Failed decoding windows "
"pkinit reply %d", (int)ret);
krb5_set_error_message(context, ret, "PKINIT: Failed decoding windows "
"pkinit reply %d", (int)ret);
return ret;
}
@@ -1376,7 +1374,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&oid, &data, NULL);
free_PA_PK_AS_REP_Win2k(&w2krep);
if (ret) {
krb5_set_error_string(context, "PKINIT: failed to unwrap CI");
krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI");
return ret;
}
@@ -1389,15 +1387,15 @@ _krb5_pk_rd_pa_reply(krb5_context context,
}
default:
free_PA_PK_AS_REP_Win2k(&w2krep);
krb5_set_error_string(context, "PKINIT: win2k reply invalid "
"content type");
ret = EINVAL;
krb5_set_error_message(context, ret, "PKINIT: win2k reply invalid "
"content type");
break;
}
} else {
krb5_set_error_string(context, "PKINIT: unknown reply type");
ret = EINVAL;
krb5_set_error_message(context, ret, "PKINIT: unknown reply type");
}
return ret;
@@ -1471,13 +1469,14 @@ _krb5_pk_load_id(krb5_context context,
*ret_id = NULL;
if (anchor_id == NULL) {
krb5_set_error_string(context, "PKINIT: No anchor given");
krb5_set_error_message(context, HEIM_PKINIT_NO_VALID_CA,
"PKINIT: No anchor given");
return HEIM_PKINIT_NO_VALID_CA;
}
if (user_id == NULL) {
krb5_set_error_string(context,
"PKINIT: No user certificate given");
krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY,
"PKINIT: No user certificate given");
return HEIM_PKINIT_NO_PRIVATE_KEY;
}
@@ -1510,14 +1509,14 @@ _krb5_pk_load_id(krb5_context context,
ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Failed to init cert certs");
"Failed to init cert certs");
goto out;
}
ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Failed to init anchors");
"Failed to init anchors");
goto out;
}
@@ -1525,7 +1524,7 @@ _krb5_pk_load_id(krb5_context context,
0, NULL, &id->certpool);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Failed to init chain");
"Failed to init chain");
goto out;
}
@@ -1534,8 +1533,8 @@ _krb5_pk_load_id(krb5_context context,
NULL, *chain_list);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Failed to laod chain %s",
*chain_list);
"Failed to laod chain %s",
*chain_list);
goto out;
}
chain_list++;
@@ -1545,7 +1544,7 @@ _krb5_pk_load_id(krb5_context context,
ret = hx509_revoke_init(id->hx509ctx, &id->revokectx);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Failed init revoke list");
"Failed init revoke list");
goto out;
}
@@ -1555,7 +1554,7 @@ _krb5_pk_load_id(krb5_context context,
*revoke_list);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Failed load revoke list");
"Failed load revoke list");
goto out;
}
revoke_list++;
@@ -1566,14 +1565,14 @@ _krb5_pk_load_id(krb5_context context,
ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx);
if (ret) {
pk_copy_error(context, id->hx509ctx, ret,
"Failed init verify context");
"Failed init verify context");
goto out;
}
hx509_verify_attach_anchors(id->verify_ctx, id->anchors);
hx509_verify_attach_revoke(id->verify_ctx, id->revokectx);
out:
out:
if (ret) {
hx509_verify_destroy_ctx(id->verify_ctx);
hx509_certs_free(&id->certs);
@@ -1607,10 +1606,10 @@ select_dh_group(krb5_context context, DH *dh, unsigned long bits,
break;
}
if (moduli[i] == NULL) {
krb5_set_error_string(context,
"Did not find a DH group parameter "
"matching requirement of %lu bits",
bits);
krb5_set_error_message(context, EINVAL,
"Did not find a DH group parameter "
"matching requirement of %lu bits",
bits);
return EINVAL;
}
m = moduli[i];
@@ -1657,7 +1656,7 @@ pk_copy_error(krb5_context context,
free(f);
return;
}
krb5_set_error_string(context, "%s: %s", f, s);
krb5_set_error_message(context, hxret, "%s: %s", f, s);
free(s);
free(f);
}
@@ -1672,15 +1671,15 @@ parse_integer(krb5_context context, char **p, const char *file, int lineno,
char *p1;
p1 = strsep(p, " \t");
if (p1 == NULL) {
krb5_set_error_string(context, "moduli file %s missing %s on line %d",
file, name, lineno);
krb5_set_error_message(context, EINVAL, "moduli file %s missing %s on line %d",
file, name, lineno);
return EINVAL;
}
ret = der_parse_hex_heim_integer(p1, integer);
if (ret) {
krb5_set_error_string(context, "moduli file %s failed parsing %s "
"on line %d",
file, name, lineno);
krb5_set_error_message(context, ret, "moduli file %s failed parsing %s "
"on line %d",
file, name, lineno);
return ret;
}
@@ -1714,28 +1713,28 @@ _krb5_parse_moduli_line(krb5_context context,
p1 = strsep(&p, " \t");
if (p1 == NULL) {
krb5_set_error_string(context, "moduli file %s missing name "
"on line %d", file, lineno);
krb5_set_error_message(context, ret, "moduli file %s missing name "
"on line %d", file, lineno);
goto out;
}
m1->name = strdup(p1);
if (p1 == NULL) {
krb5_set_error_string(context, "malloc - out of memeory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc - out of memeory");
goto out;
}
p1 = strsep(&p, " \t");
if (p1 == NULL) {
krb5_set_error_string(context, "moduli file %s missing bits on line %d",
file, lineno);
krb5_set_error_message(context, ret, "moduli file %s missing bits on line %d",
file, lineno);
goto out;
}
m1->bits = atoi(p1);
if (m1->bits == 0) {
krb5_set_error_string(context, "moduli file %s have un-parsable "
"bits on line %d", file, lineno);
krb5_set_error_message(context, ret, "moduli file %s have un-parsable "
"bits on line %d", file, lineno);
goto out;
}
@@ -1752,7 +1751,7 @@ _krb5_parse_moduli_line(krb5_context context,
*m = m1;
return 0;
out:
out:
free(m1->name);
der_free_heim_integer(&m1->p);
der_free_heim_integer(&m1->g);
@@ -1921,19 +1920,23 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits,
if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 &&
der_heim_integer_cmp(&moduli[i]->p, p) == 0 &&
(q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0))
{
if (bits && bits > moduli[i]->bits) {
krb5_set_error_string(context, "PKINIT: DH group parameter %s "
"no accepted, not enough bits generated",
moduli[i]->name);
return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
{
if (bits && bits > moduli[i]->bits) {
krb5_set_error_message(context,
KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED,
"PKINIT: DH group parameter %s "
"no accepted, not enough bits generated",
moduli[i]->name);
return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
}
if (name)
*name = strdup(moduli[i]->name);
return 0;
}
if (name)
*name = strdup(moduli[i]->name);
return 0;
}
}
krb5_set_error_string(context, "PKINIT: DH group parameter no ok");
krb5_set_error_message(context,
KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED,
"PKINIT: DH group parameter no ok");
return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
}
@@ -1948,7 +1951,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
ctx = opt->opt_private->pk_init_ctx;
if (ctx->dh)
DH_free(ctx->dh);
ctx->dh = NULL;
ctx->dh = NULL;
if (ctx->id) {
hx509_verify_destroy_ctx(ctx->id->verify_ctx);
hx509_certs_free(&ctx->id->certs);
@@ -1988,7 +1991,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
char *anchors = NULL;
if (opt->opt_private == NULL) {
krb5_set_error_string(context, "PKINIT: on non extendable opt");
krb5_set_error_message(context, EINVAL, "PKINIT: on non extendable opt");
return EINVAL;
}
@@ -2079,15 +2082,15 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
}
if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) {
krb5_set_error_string(context, "pkinit: failed to generate DH key");
_krb5_get_init_creds_opt_free_pkinit(opt);
krb5_set_error_message(context, ENOMEM, "pkinit: failed to generate DH key");
return ENOMEM;
}
}
return 0;
#else
krb5_set_error_string(context, "no support for PKINIT compiled in");
krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in");
return EINVAL;
#endif
}

16
lib/krb5/plugin.c
View File

@@ -87,7 +87,7 @@ loadlib(krb5_context context,
{
*e = calloc(1, sizeof(**e));
if (*e == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -99,8 +99,8 @@ loadlib(krb5_context context,
if ((*e)->dsohandle == NULL) {
free(*e);
*e = NULL;
krb5_set_error_string(context, "Failed to load %s: %s",
lib, dlerror());
krb5_set_error_message(context, ENOMEM, "Failed to load %s: %s",
lib, dlerror());
return ENOMEM;
}
@@ -139,14 +139,14 @@ krb5_plugin_register(krb5_context context,
e = calloc(1, sizeof(*e));
if (e == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
e->type = type;
e->name = strdup(name);
if (e->name == NULL) {
free(e);
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
e->symbol = symbol;
@@ -185,8 +185,8 @@ _krb5_plugin_find(krb5_context context,
e = calloc(1, sizeof(*e));
if (e == NULL) {
HEIMDAL_MUTEX_unlock(&plugin_mutex);
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
e->symbol = p->symbol;
@@ -214,8 +214,8 @@ _krb5_plugin_find(krb5_context context,
while ((entry = readdir(d)) != NULL) {
asprintf(&path, "%s/%s", *di, entry->d_name);
if (path == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = loadlib(context, type, name, path, &e);
@@ -233,7 +233,7 @@ _krb5_plugin_find(krb5_context context,
#endif /* HAVE_DLOPEN */
if (*list == NULL) {
krb5_set_error_string(context, "Did not find a plugin for %s", name);
krb5_set_error_message(context, ENOENT, "Did not find a plugin for %s", name);
return ENOENT;
}

52
lib/krb5/principal.c
View File

@@ -149,8 +149,9 @@ krb5_parse_name_flags(krb5_context context,
#define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM)
if ((flags & RFLAGS) == RFLAGS) {
krb5_set_error_string(context, "Can't require both realm and "
"no realm at the same time");
krb5_set_error_message(context, KRB5_ERR_NO_SERVICE,
"Can't require both realm and "
"no realm at the same time");
return KRB5_ERR_NO_SERVICE;
}
#undef RFLAGS
@@ -163,7 +164,7 @@ krb5_parse_name_flags(krb5_context context,
for(p = name; *p; p++){
if(*p=='\\'){
if(!p[1]) {
krb5_set_error_string (context,
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"trailing \\ in principal name");
return KRB5_PARSE_MALFORMED;
}
@@ -200,9 +201,9 @@ krb5_parse_name_flags(krb5_context context,
else if(c == '0')
c = '\0';
else if(c == '\0') {
krb5_set_error_string (context,
"trailing \\ in principal name");
ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret,
"trailing \\ in principal name");
goto exit;
}
}else if(enterprise && first_at) {
@@ -210,9 +211,9 @@ krb5_parse_name_flags(krb5_context context,
first_at = 0;
}else if((c == '/' && !enterprise) || c == '@'){
if(got_realm){
krb5_set_error_string (context,
"part after realm in principal name");
ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret,
"part after realm in principal name");
goto exit;
}else{
comp[n] = malloc(q - start + 1);
@@ -231,18 +232,18 @@ krb5_parse_name_flags(krb5_context context,
continue;
}
if(got_realm && (c == ':' || c == '/' || c == '\0')) {
krb5_set_error_string (context,
"part after realm in principal name");
ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret,
"part after realm in principal name");
goto exit;
}
*q++ = c;
}
if(got_realm){
if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
krb5_set_error_string (context, "realm found in 'short' principal "
"expected to be without one");
ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret, "realm found in 'short' principal "
"expected to be without one");
goto exit;
}
realm = malloc(q - start + 1);
@@ -255,9 +256,9 @@ krb5_parse_name_flags(krb5_context context,
realm[q - start] = 0;
}else{
if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) {
krb5_set_error_string (context, "realm NOT found in principal "
"expected to be with one");
ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret, "realm NOT found in principal "
"expected to be with one");
goto exit;
} else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
realm = NULL;
@@ -350,7 +351,8 @@ unparse_name_fixed(krb5_context context,
int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
if (!no_realm && princ_realm(principal) == NULL) {
krb5_set_error_string(context, "Realm missing from principal, "
krb5_set_error_message(context, ERANGE,
"Realm missing from principal, "
"can't unparse");
return ERANGE;
}
@@ -360,7 +362,7 @@ unparse_name_fixed(krb5_context context,
add_char(name, idx, len, '/');
idx = quote_string(princ_ncomp(principal, i), name, idx, len, display);
if(idx == len) {
krb5_set_error_string(context, "Out of space printing principal");
krb5_set_error_message(context, ERANGE, "Out of space printing principal");
return ERANGE;
}
}
@@ -379,8 +381,8 @@ unparse_name_fixed(krb5_context context,
add_char(name, idx, len, '@');
idx = quote_string(princ_realm(principal), name, idx, len, display);
if(idx == len) {
krb5_set_error_string(context,
"Out of space printing realm of principal");
krb5_set_error_message(context, ERANGE,
"Out of space printing realm of principal");
return ERANGE;
}
}
@@ -521,7 +523,7 @@ krb5_principal_set_realm(krb5_context context,
princ_realm(principal) = strdup(realm);
if (princ_realm(principal) == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
return 0;
@@ -1192,7 +1194,7 @@ krb5_524_conv_principal(krb5_context context,
i = principal->name.name_string.val[1];
break;
default:
krb5_set_error_string (context,
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"cannot convert a %d component principal",
principal->name.name_string.len);
return KRB5_PARSE_MALFORMED;
@@ -1218,17 +1220,17 @@ krb5_524_conv_principal(krb5_context context,
}
if (strlcpy (name, n, aname_sz) >= aname_sz) {
krb5_set_error_string (context,
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"too long name component to convert");
return KRB5_PARSE_MALFORMED;
}
if (strlcpy (instance, i, aname_sz) >= aname_sz) {
krb5_set_error_string (context,
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"too long instance component to convert");
return KRB5_PARSE_MALFORMED;
}
if (strlcpy (realm, r, aname_sz) >= aname_sz) {
krb5_set_error_string (context,
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"too long realm component to convert");
return KRB5_PARSE_MALFORMED;
}
@@ -1251,7 +1253,8 @@ krb5_sname_to_principal (krb5_context context,
char **realms, *host = NULL;
if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
krb5_set_error_string (context, "unsupported name type %d",
krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE,
"unsupported name type %d",
(int)type);
return KRB5_SNAME_UNSUPP_NAMETYPE;
}
@@ -1312,6 +1315,7 @@ krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
return 0;
}
}
krb5_set_error_string(context, "Failed to find name type %s", str);
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"Failed to find name type %s", str);
return KRB5_PARSE_MALFORMED;
}

3
lib/krb5/rd_cred.c
View File

@@ -49,7 +49,8 @@ compare_addrs(krb5_context context,
krb5_print_address (a, a_str, sizeof(a_str), &len);
krb5_print_address (b, b_str, sizeof(b_str), &len);
krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str);
krb5_set_error_message(context, KRB5KRB_AP_ERR_BADADDR,
"%s: %s != %s", message, b_str, a_str);
return KRB5KRB_AP_ERR_BADADDR;
}

34
lib/krb5/rd_error.c
View File

@@ -78,7 +78,7 @@ krb5_error_from_rd_error(krb5_context context,
ret = error->error_code;
if (error->e_text != NULL) {
krb5_set_error_string(context, "%s", *error->e_text);
krb5_set_error_message(context, ret, "%s", *error->e_text);
} else {
char clientname[256], servername[256];
@@ -91,28 +91,28 @@ krb5_error_from_rd_error(krb5_context context,
switch (ret) {
case KRB5KDC_ERR_NAME_EXP :
krb5_set_error_string(context, "Client %s%s%s expired",
creds ? "(" : "",
creds ? clientname : "",
creds ? ")" : "");
krb5_set_error_message(context, ret, "Client %s%s%s expired",
creds ? "(" : "",
creds ? clientname : "",
creds ? ")" : "");
break;
case KRB5KDC_ERR_SERVICE_EXP :
krb5_set_error_string(context, "Server %s%s%s expired",
creds ? "(" : "",
creds ? servername : "",
creds ? ")" : "");
krb5_set_error_message(context, ret, "Server %s%s%s expired",
creds ? "(" : "",
creds ? servername : "",
creds ? ")" : "");
break;
case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Client %s%s%s unknown",
creds ? "(" : "",
creds ? clientname : "",
creds ? ")" : "");
krb5_set_error_message(context, ret, "Client %s%s%s unknown",
creds ? "(" : "",
creds ? clientname : "",
creds ? ")" : "");
break;
case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Server %s%s%s unknown",
creds ? "(" : "",
creds ? servername : "",
creds ? ")" : "");
krb5_set_error_message(context, ret, "Server %s%s%s unknown",
creds ? "(" : "",
creds ? servername : "",
creds ? ")" : "");
break;
default :
krb5_clear_error_string(context);

8
lib/krb5/rd_req.c
View File

@@ -533,7 +533,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
{
*ctx = calloc(1, sizeof(**ctx));
if (*ctx == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "out of memory");
return ENOMEM;
}
(*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0;
@@ -616,7 +616,7 @@ _krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx)
{
*ctx = calloc(1, sizeof(**ctx));
if (*ctx == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "out of memory");
return ENOMEM;
}
return 0;
@@ -805,9 +805,9 @@ krb5_rd_req_ctx(krb5_context context,
}
if (ap_req.ap_options.use_session_key &&
(*auth_context)->keyblock == NULL) {
krb5_set_error_string(context, "krb5_rd_req: user to user auth "
"without session key given");
ret = KRB5KRB_AP_ERR_NOKEY;
krb5_set_error_message(context, ret, "krb5_rd_req: user to user auth "
"without session key given");
goto out;
}

3
lib/krb5/rd_safe.c
View File

@@ -99,7 +99,8 @@ krb5_rd_safe(krb5_context context,
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL) {
krb5_set_error_string(context, "rd_safe: need outdata to return data");
krb5_set_error_message(context, KRB5_RC_REQUIRED,
"rd_safe: need outdata to return data");
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
}

14
lib/krb5/recvauth.c
View File

@@ -103,11 +103,12 @@ krb5_recvauth_match_version(krb5_context context,
n = krb5_net_read (context, p_fd, &len, 4);
if (n < 0) {
ret = errno;
krb5_set_error_string (context, "read: %s", strerror(errno));
krb5_set_error_message(context, ret, "read: %s", strerror(ret));
return ret;
}
if (n == 0) {
krb5_set_error_string (context, "Failed to receive sendauth data");
krb5_set_error_message(context, KRB5_SENDAUTH_BADAUTHVERS,
"Failed to receive sendauth data");
return KRB5_SENDAUTH_BADAUTHVERS;
}
len = ntohl(len);
@@ -124,7 +125,7 @@ krb5_recvauth_match_version(krb5_context context,
n = krb5_net_read (context, p_fd, &len, 4);
if (n < 0) {
ret = errno;
krb5_set_error_string (context, "read: %s", strerror(errno));
krb5_set_error_message(context, ret, "read: %s", strerror(ret));
return ret;
}
if (n == 0) {
@@ -143,7 +144,8 @@ krb5_recvauth_match_version(krb5_context context,
|| !(*match_appl_version)(match_data, her_appl_version)) {
repl = 2;
krb5_net_write (context, p_fd, &repl, 1);
krb5_set_error_string (context, "wrong sendauth version (%s)",
krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
"wrong sendauth version (%s)",
her_appl_version);
free (her_appl_version);
return KRB5_SENDAUTH_BADAPPLVERS;
@@ -153,7 +155,7 @@ krb5_recvauth_match_version(krb5_context context,
repl = 0;
if (krb5_net_write (context, p_fd, &repl, 1) != 1) {
ret = errno;
krb5_set_error_string (context, "write: %s", strerror(errno));
krb5_set_error_message(context, ret, "write: %s", strerror(ret));
return ret;
}
@@ -193,7 +195,7 @@ krb5_recvauth_match_version(krb5_context context,
len = 0;
if (krb5_net_write (context, p_fd, &len, 4) != 4) {
ret = errno;
krb5_set_error_string (context, "write: %s", strerror(errno));
krb5_set_error_message(context, ret, "write: %s", strerror(ret));
return ret;
}

20
lib/krb5/replay.c
View File

@@ -60,8 +60,9 @@ krb5_rc_resolve_type(krb5_context context,
{
*id = NULL;
if(strcmp(type, "FILE")) {
krb5_set_error_string (context, "replay cache type %s not supported",
type);
krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND,
"replay cache type %s not supported",
type);
return KRB5_RC_TYPE_NOTFOUND;
}
*id = calloc(1, sizeof(**id));
@@ -82,7 +83,8 @@ krb5_rc_resolve_full(krb5_context context,
*id = NULL;
if(strncmp(string_name, "FILE:", 5)) {
krb5_set_error_string (context, "replay cache type %s not supported",
krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND,
"replay cache type %s not supported",
string_name);
return KRB5_RC_TYPE_NOTFOUND;
}
@@ -132,7 +134,7 @@ krb5_rc_initialize(krb5_context context,
if(f == NULL) {
ret = errno;
krb5_set_error_string (context, "open(%s): %s", id->name,
krb5_set_error_message(context, ret, "open(%s): %s", id->name,
strerror(ret));
return ret;
}
@@ -157,7 +159,7 @@ krb5_rc_destroy(krb5_context context,
if(remove(id->name) < 0) {
ret = errno;
krb5_set_error_string (context, "remove(%s): %s", id->name,
krb5_set_error_message(context, ret, "remove(%s): %s", id->name,
strerror(ret));
return ret;
}
@@ -204,7 +206,7 @@ krb5_rc_store(krb5_context context,
f = fopen(id->name, "r");
if(f == NULL) {
ret = errno;
krb5_set_error_string (context, "open(%s): %s", id->name,
krb5_set_error_message(context, ret, "open(%s): %s", id->name,
strerror(ret));
return ret;
}
@@ -222,13 +224,15 @@ krb5_rc_store(krb5_context context,
if(ferror(f)){
ret = errno;
fclose(f);
krb5_set_error_string (context, "%s: %s", id->name, strerror(ret));
krb5_set_error_message(context, ret, "%s: %s",
id->name, strerror(ret));
return ret;
}
fclose(f);
f = fopen(id->name, "a");
if(f == NULL) {
krb5_set_error_string (context, "open(%s): %s", id->name,
krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
"open(%s): %s", id->name,
strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}

145
lib/krb5/scache.c
View File

@@ -188,14 +188,16 @@ trace(void* ptr, const char * str)
#endif
static krb5_error_code
prepare_stmt(krb5_context context, sqlite3 *db, sqlite3_stmt **stmt, const char *str)
prepare_stmt(krb5_context context, sqlite3 *db,
sqlite3_stmt **stmt, const char *str)
{
int ret;
ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL);
if (ret != SQLITE_OK) {
krb5_set_error_string(context, "Failed to prepare stmt %s: %s",
str, sqlite3_errmsg(db));
krb5_set_error_message(context, ENOENT,
"Failed to prepare stmt %s: %s",
str, sqlite3_errmsg(db));
return ENOENT;
}
return 0;
@@ -209,8 +211,9 @@ exec_stmt(krb5_context context, sqlite3 *db, const char *str,
ret = sqlite3_exec(db, str, NULL, NULL, NULL);
if (ret != SQLITE_OK && code) {
krb5_set_error_string(context, "Execute %s: %s", str,
sqlite3_errmsg(db));
krb5_set_error_message(context, code,
"Execute %s: %s", str,
sqlite3_errmsg(db));
return code;
}
return 0;
@@ -334,12 +337,13 @@ open_database(krb5_context context, krb5_scache *s, int flags)
ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL);
if (ret) {
if (s->db) {
krb5_set_error_string(context, "Error opening scache file %s: %s",
s->file, sqlite3_errmsg(s->db));
krb5_set_error_message(context, ENOENT,
"Error opening scache file %s: %s",
s->file, sqlite3_errmsg(s->db));
sqlite3_close(s->db);
s->db = NULL;
} else
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOENT, "out of memory");
return ENOENT;
}
return 0;
@@ -355,7 +359,8 @@ create_cache(krb5_context context, krb5_scache *s)
ret = sqlite3_step(s->icache);
} while (ret == SQLITE_ROW);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to add scache: %d", ret);
krb5_set_error_message(context, KRB5_CC_IO,
"Failed to add scache: %d", ret);
return KRB5_CC_IO;
}
sqlite3_reset(s->icache);
@@ -489,7 +494,8 @@ scc_resolve(krb5_context context, krb5_ccache *id, const char *res)
ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL);
if (ret != SQLITE_OK) {
krb5_set_error_string(context, "bind name: %s", sqlite3_errmsg(s->db));
krb5_set_error_message(context, ENOMEM,
"bind name: %s", sqlite3_errmsg(s->db));
scc_free(s);
return ENOMEM;
}
@@ -498,7 +504,8 @@ scc_resolve(krb5_context context, krb5_ccache *id, const char *res)
if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) {
sqlite3_reset(s->scache_name);
krb5_set_error_string(context, "Cache name of wrong type "
krb5_set_error_message(context, KRB5_CC_END,
"Cache name of wrong type "
"for scache %ld",
(unsigned long)s->name);
return KRB5_CC_END;
@@ -560,9 +567,9 @@ scc_initialize(krb5_context context,
} while (ret == SQLITE_ROW);
sqlite3_reset(s->dcred);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to delete old "
"credentials: %s", sqlite3_errmsg(s->db));
ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, "Failed to delete old "
"credentials: %s", sqlite3_errmsg(s->db));
goto rollback;
}
}
@@ -577,9 +584,10 @@ scc_initialize(krb5_context context,
} while (ret == SQLITE_ROW);
sqlite3_reset(s->ucachep);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to bind principal to cache %s",
sqlite3_errmsg(s->db));
ret = KRB5_CC_IO;
krb5_set_error_message(context, ret,
"Failed to bind principal to cache %s",
sqlite3_errmsg(s->db));
goto rollback;
}
@@ -619,8 +627,9 @@ scc_destroy(krb5_context context,
} while (ret == SQLITE_ROW);
sqlite3_reset(s->dcache);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to destroy cache %s: %s",
s->name, sqlite3_errmsg(s->db));
krb5_set_error_message(context, KRB5_CC_IO,
"Failed to destroy cache %s: %s",
s->name, sqlite3_errmsg(s->db));
return KRB5_CC_IO;
}
return 0;
@@ -640,7 +649,7 @@ encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
ret = krb5_store_creds(sp, creds);
if (ret) {
krb5_set_error_string(context, "Failed to store credential");
krb5_set_error_message(context, ret, "Failed to store credential");
krb5_storage_free(sp);
return ret;
}
@@ -648,7 +657,7 @@ encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
ret = krb5_storage_to_data(sp, data);
krb5_storage_free(sp);
if (ret)
krb5_set_error_string(context, "Failed to encode credential");
krb5_set_error_message(context, ret, "Failed to encode credential");
return ret;
}
@@ -668,7 +677,7 @@ decode_creds(krb5_context context, const void *data, size_t length,
ret = krb5_ret_creds(sp, creds);
krb5_storage_free(sp);
if (ret) {
krb5_set_error_string(context, "Failed to read credential");
krb5_set_error_message(context, ret, "Failed to read credential");
return ret;
}
return 0;
@@ -727,8 +736,9 @@ scc_store_cred(krb5_context context,
} while (ret == SQLITE_ROW);
sqlite3_reset(s->icred);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to add credential: %s",
sqlite3_errmsg(s->db));
ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, "Failed to add credential: %s",
sqlite3_errmsg(s->db));
goto rollback;
}
@@ -744,8 +754,9 @@ scc_store_cred(krb5_context context,
} while (ret == SQLITE_ROW);
sqlite3_reset(s->iprincipal);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to add principal: %s",
sqlite3_errmsg(s->db));
ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, "Failed to add principal: %s",
sqlite3_errmsg(s->db));
goto rollback;
}
}
@@ -760,8 +771,9 @@ scc_store_cred(krb5_context context,
} while (ret == SQLITE_ROW);
sqlite3_reset(s->iprincipal);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to add principal: %s",
sqlite3_errmsg(s->db));
ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, "Failed to add principal: %s",
sqlite3_errmsg(s->db));
goto rollback;
}
}
@@ -772,8 +784,6 @@ scc_store_cred(krb5_context context,
return 0;
rollback:
krb5_set_error_string(context, "store credentials: %s",
sqlite3_errmsg(s->db));
exec_stmt(context, s->db, "ROLLBACK", 0);
return ret;
@@ -798,25 +808,27 @@ scc_get_principal(krb5_context context,
if (sqlite3_step(s->scache) != SQLITE_ROW) {
sqlite3_reset(s->scache);
krb5_set_error_string(context, "No principal for cache SCACHE:%s:%s",
krb5_set_error_message(context, KRB5_CC_END,
"No principal for cache SCACHE:%s:%s",
s->name, s->file);
return KRB5_CC_END;
}
if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) {
sqlite3_reset(s->scache);
krb5_set_error_string(context, "Principal data of wrong type "
"for SCACHE:%s:%s",
s->name, s->file);
krb5_set_error_message(context, KRB5_CC_END,
"Principal data of wrong type "
"for SCACHE:%s:%s",
s->name, s->file);
return KRB5_CC_END;
}
str = (const char *)sqlite3_column_text(s->scache, 0);
if (str == NULL) {
sqlite3_reset(s->scache);
krb5_set_error_string(context, "Principal not set "
"for SCACHE:%s:%s",
s->name, s->file);
krb5_set_error_message(context, KRB5_CC_END, "Principal not set "
"for SCACHE:%s:%s",
s->name, s->file);
return KRB5_CC_END;
}
@@ -858,8 +870,9 @@ scc_get_first (krb5_context context,
}
if (s->cid == SCACHE_INVALID_CID) {
krb5_set_error_string(context, "Iterating a invalid cache %s",
s->name);
krb5_set_error_message(context, KRB5_CC_END,
"Iterating a invalid cache %s",
s->name);
free(ctx);
return KRB5_CC_END;
}
@@ -946,8 +959,9 @@ next:
krb5_clear_error_string(context);
return KRB5_CC_END;
} else if (ret != SQLITE_ROW) {
krb5_set_error_string(context, "Database failed: %s",
sqlite3_errmsg(s->db));
krb5_set_error_message(context, KRB5_CC_IO,
"Database failed: %s",
sqlite3_errmsg(s->db));
return KRB5_CC_IO;
}
@@ -964,9 +978,9 @@ next:
}
if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) {
krb5_set_error_string(context, "credential of wrong type "
"for SCACHE:%s:%s",
s->name, s->file);
krb5_set_error_message(context, KRB5_CC_END,
"credential of wrong type for SCACHE:%s:%s",
s->name, s->file);
sqlite3_reset(ctx->credstmt);
return KRB5_CC_END;
}
@@ -1035,17 +1049,17 @@ scc_remove_cred(krb5_context context,
ret = 0;
break;
} else if (ret != SQLITE_ROW) {
krb5_set_error_string(context, "Database failed: %s",
sqlite3_errmsg(s->db));
ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, "Database failed: %s",
sqlite3_errmsg(s->db));
break;
}
if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) {
krb5_set_error_string(context, "credential of wrong type "
"for SCACHE:%s:%s",
s->name, s->file);
ret = KRB5_CC_END;
krb5_set_error_message(context, ret,
"Credential of wrong type for SCACHE:%s:%s",
s->name, s->file);
break;
}
@@ -1054,7 +1068,7 @@ scc_remove_cred(krb5_context context,
ret = decode_creds(context, data, len, &creds);
if (ret) {
krb5_set_error_string(context, "failed to decode creds");
krb5_set_error_message(context, ret, "failed to decode creds");
break;
}
@@ -1081,8 +1095,8 @@ scc_remove_cred(krb5_context context,
} while (ret == SQLITE_ROW);
sqlite3_finalize(stmt);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "failed to delete credentail");
ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, "failed to delete credentail");
} else
ret = 0;
}
@@ -1205,8 +1219,8 @@ again:
krb5_clear_error_string(context);
return KRB5_CC_END;
} else if (ret != SQLITE_ROW) {
krb5_set_error_string(context, "Database failed: %s",
sqlite3_errmsg(s->db));
krb5_set_error_message(context, KRB5_CC_IO, "Database failed: %s",
sqlite3_errmsg(s->db));
return KRB5_CC_IO;
}
@@ -1245,9 +1259,10 @@ scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_error_code ret;
if (strcmp(sfrom->file, sto->file) != 0) {
krb5_set_error_string(context, "Can't handle cross database "
"credential move: %s -> %s",
sfrom->file, sto->file);
krb5_set_error_message(context, KRB5_CC_BADNAME,
"Can't handle cross database "
"credential move: %s -> %s",
sfrom->file, sto->file);
return KRB5_CC_BADNAME;
}
@@ -1268,8 +1283,8 @@ scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
} while (ret == SQLITE_ROW);
sqlite3_reset(sfrom->dcache);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context,
"Failed to delete old cache: %d", (int)ret);
krb5_set_error_message(context, KRB5_CC_IO,
"Failed to delete old cache: %d", (int)ret);
goto rollback;
}
}
@@ -1282,8 +1297,8 @@ scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
} while (ret == SQLITE_ROW);
sqlite3_reset(sfrom->ucachen);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context,
"Failed to update new cache: %d", (int)ret);
krb5_set_error_message(context, KRB5_CC_IO,
"Failed to update new cache: %d", (int)ret);
goto rollback;
}
@@ -1329,17 +1344,18 @@ scc_set_default(krb5_context context, krb5_ccache id)
krb5_error_code ret;
if (s->cid == SCACHE_INVALID_CID) {
krb5_set_error_string(context,
"Trying to set a invalid cache as default %s",
s->name);
krb5_set_error_message(context, KRB5_CC_IO,
"Trying to set a invalid cache as default %s",
s->name);
return KRB5_CC_IO;
}
ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL);
if (ret) {
sqlite3_reset(s->umaster);
krb5_set_error_string(context, "Failed to set name of default cache");
return ret;
krb5_set_error_message(context, KRB5_CC_IO,
"Failed to set name of default cache");
return KRB5_CC_IO;
}
do {
@@ -1347,7 +1363,8 @@ scc_set_default(krb5_context context, krb5_ccache id)
} while (ret == SQLITE_ROW);
sqlite3_reset(s->umaster);
if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to update default cache");
krb5_set_error_message(context, KRB5_CC_IO,
"Failed to update default cache");
return KRB5_CC_IO;
}

8
lib/krb5/send_to_kdc.c
View File

@@ -439,7 +439,7 @@ krb5_set_send_to_kdc_func(krb5_context context,
context->send_to_kdc = malloc(sizeof(*context->send_to_kdc));
if (context->send_to_kdc == NULL) {
krb5_set_error_string(context, "Out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -460,7 +460,7 @@ krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
{
*ctx = calloc(1, sizeof(**ctx));
if (*ctx == NULL) {
krb5_set_error_string(context, "out of memory");
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
return 0;
@@ -566,8 +566,8 @@ krb5_sendto_context(krb5_context context,
if (handle)
krb5_krbhst_free(context, handle);
if (ret == KRB5_KDC_UNREACH)
krb5_set_error_string(context,
"unable to reach any KDC in realm %s", realm);
krb5_set_error_message(context, ret,
"unable to reach any KDC in realm %s", realm);
if (ret)
krb5_data_free(receive);
if (freectx)

6
lib/krb5/sendauth.c
View File

@@ -93,7 +93,7 @@ krb5_sendauth(krb5_context context,
if (krb5_net_write (context, p_fd, &net_len, 4) != 4
|| krb5_net_write (context, p_fd, version, len) != len) {
ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret));
krb5_set_error_message (context, ret, "write: %s", strerror(ret));
return ret;
}
@@ -102,14 +102,14 @@ krb5_sendauth(krb5_context context,
if (krb5_net_write (context, p_fd, &net_len, 4) != 4
|| krb5_net_write (context, p_fd, appl_version, len) != len) {
ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret));
krb5_set_error_message (context, ret, "write: %s", strerror(ret));
return ret;
}
sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
if (sret < 0) {
ret = errno;
krb5_set_error_string (context, "read: %s", strerror(ret));
krb5_set_error_message (context, ret, "read: %s", strerror(ret));
return ret;
} else if (sret != sizeof(repl)) {
krb5_clear_error_string (context);

8
lib/krb5/sock_principal.c
View File

@@ -50,15 +50,15 @@ krb5_sock_to_principal (krb5_context context,
if (getsockname (sock, sa, &salen) < 0) {
ret = errno;
krb5_set_error_string (context, "getsockname: %s", strerror(ret));
krb5_set_error_message (context, ret, "getsockname: %s", strerror(ret));
return ret;
}
ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0);
if (ret) {
int save_errno = errno;
krb5_set_error_string (context, "getnameinfo: %s", gai_strerror(ret));
return krb5_eai_to_heim_errno(ret, save_errno);
krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, save_errno);
krb5_set_error_message (context, ret2, "getnameinfo: %s", gai_strerror(ret));
return ret2;
}
ret = krb5_sname_to_principal (context,

9
lib/krb5/transited.c
View File

@@ -443,8 +443,9 @@ krb5_check_transited(krb5_context context,
}
if(p == NULL || *p == NULL) {
krb5_config_free_strings(tr_realms);
krb5_set_error_string (context, "no transit through realm %s",
realms[i]);
krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT,
"no transit through realm %s",
realms[i]);
if(bad_realm)
*bad_realm = i;
return KRB5KRB_AP_ERR_ILL_CR_TKT;
@@ -473,9 +474,9 @@ krb5_check_transited_realms(krb5_context context,
char **p;
for(p = bad_realms; *p; p++)
if(strcmp(*p, realms[i]) == 0) {
krb5_set_error_string (context, "no transit through realm %s",
*p);
ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
krb5_set_error_message (context, ret,
"no transit through realm %s", *p);
if(bad_realm)
*bad_realm = i;
break;