oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

use krb5_set_error_message

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-06-23 04:32:32 +00:00
parent 75ea702745
commit 7fcd266fdd
67 changed files with 967 additions and 876 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
admin/change.c
View File

@@ -61,7 +61,7 @@ change_entry (krb5_keytab keytab,
conf.realm = strdup(realm); conf.realm = strdup(realm);
if (conf.realm == NULL) { if (conf.realm == NULL) {
free (client_name); free (client_name);
krb5_set_error_string(context, "malloc failed"); krb5_set_error_message(context, ENOMEM, "malloc failed");
return ENOMEM; return ENOMEM;
} }
conf.mask |= KADM5_CONFIG_REALM; conf.mask |= KADM5_CONFIG_REALM;
@@ -71,7 +71,7 @@ change_entry (krb5_keytab keytab,
if (conf.admin_server == NULL) { if (conf.admin_server == NULL) {
free(client_name); free(client_name);
free(conf.realm); free(conf.realm);
krb5_set_error_string(context, "malloc failed"); krb5_set_error_message(context, ENOMEM, "malloc failed");
return ENOMEM; return ENOMEM;
} }
conf.mask |= KADM5_CONFIG_ADMIN_SERVER; conf.mask |= KADM5_CONFIG_ADMIN_SERVER;

2
admin/get.c
View File

@@ -49,7 +49,7 @@ open_kadmin_connection(char *principal,
if(realm) { if(realm) {
conf.realm = strdup(realm); conf.realm = strdup(realm);
if (conf.realm == NULL) { if (conf.realm == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, 0, "malloc: out of memory");
return NULL; return NULL;
} }
conf.mask |= KADM5_CONFIG_REALM; conf.mask |= KADM5_CONFIG_REALM;

2
kadmin/ank.c
View File

@@ -133,8 +133,8 @@ add_one_principal (const char *name,
ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1); ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1);
free (prompt); free (prompt);
if (ret) { if (ret) {
krb5_set_error_string(context, "failed to verify password");
ret = KRB5_LIBOS_BADPWDMATCH; ret = KRB5_LIBOS_BADPWDMATCH;
krb5_set_error_message(context, ret, "failed to verify password");
goto out; goto out;
} }
password = pwbuf; password = pwbuf;

2
kdc/default_config.c
View File

@@ -45,7 +45,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c = calloc(1, sizeof(*c)); c = calloc(1, sizeof(*c));
if (c == NULL) { if (c == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }

198
kdc/digest.c
View File

@@ -44,13 +44,13 @@ RCSID("$Id$");
#define NTLM_V1 0x01 #define NTLM_V1 0x01
const struct units _kdc_digestunits[] = { const struct units _kdc_digestunits[] = {
{"ms-chap-v2", 1U << 5}, {"ms-chap-v2", 1U << 5},
{"chap-md5", 1U << 4}, {"chap-md5", 1U << 4},
{"digest-md5", 1U << 3}, {"digest-md5", 1U << 3},
{"ntlm-v2", 1U << 2}, {"ntlm-v2", 1U << 2},
{"ntlm-v1-session", 1U << 1}, {"ntlm-v1-session", 1U << 1},
{"ntlm-v1", 1U << 0}, {"ntlm-v1", 1U << 0},
{NULL, 0} {NULL, 0}
}; };
@@ -121,10 +121,10 @@ fill_targetinfo(krb5_context context,
strcmp("imap", str) == 0 || strcmp("imap", str) == 0 ||
strcmp("pop", str) == 0 || strcmp("pop", str) == 0 ||
strcmp("smtp", str))) strcmp("smtp", str)))
{ {
str = krb5_principal_get_comp_string(context, p, 1); str = krb5_principal_get_comp_string(context, p, 1);
ti.dnsservername = rk_UNCONST(str); ti.dnsservername = rk_UNCONST(str);
} }
ret = heim_ntlm_encode_targetinfo(&ti, 1, &d); ret = heim_ntlm_encode_targetinfo(&ti, 1, &d);
if (ret) if (ret)
@@ -186,7 +186,7 @@ get_password_entry(krb5_context context,
if (ret || password == NULL) { if (ret || password == NULL) {
if (ret == 0) { if (ret == 0) {
ret = EINVAL; ret = EINVAL;
krb5_set_error_string(context, "password missing"); krb5_set_error_message(context, ret, "password missing");
} }
memset(user, 0, sizeof(*user)); memset(user, 0, sizeof(*user));
} }
@@ -263,7 +263,7 @@ _kdc_do_digest(krb5_context context,
goto out; goto out;
ret = EINVAL; ret = EINVAL;
krb5_set_error_string(context, "Wrong digest server principal used"); krb5_set_error_message(context, ret, "Wrong digest server principal used");
p = krb5_principal_get_comp_string(context, principal, 0); p = krb5_principal_get_comp_string(context, principal, 0);
if (p == NULL) { if (p == NULL) {
krb5_free_principal(context, principal); krb5_free_principal(context, principal);
@@ -323,9 +323,9 @@ _kdc_do_digest(krb5_context context,
"Client %s tried to use digest " "Client %s tried to use digest "
"but is not allowed to", "but is not allowed to",
client_name); client_name);
krb5_set_error_string(context,
"Client is not permitted to use digest");
ret = KRB5KDC_ERR_POLICY; ret = KRB5KDC_ERR_POLICY;
krb5_set_error_message(context, ret,
"Client is not permitted to use digest");
goto out; goto out;
} }
} }
@@ -338,8 +338,8 @@ _kdc_do_digest(krb5_context context,
if (ret) if (ret)
goto out; goto out;
if (key == NULL) { if (key == NULL) {
krb5_set_error_string(context, "digest: remote subkey not found");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "digest: remote subkey not found");
goto out; goto out;
} }
@@ -359,7 +359,7 @@ _kdc_do_digest(krb5_context context,
ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL); ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
krb5_data_free(&buf); krb5_data_free(&buf);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to decode digest inner request"); krb5_set_error_message(context, ret, "Failed to decode digest inner request");
goto out; goto out;
} }
@@ -386,15 +386,15 @@ _kdc_do_digest(krb5_context context,
hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce); hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce);
if (r.u.initReply.nonce == NULL) { if (r.u.initReply.nonce == NULL) {
krb5_set_error_string(context, "Failed to decode server nonce");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "Failed to decode server nonce");
goto out; goto out;
} }
sp = krb5_storage_emem(); sp = krb5_storage_emem();
if (sp == NULL) { if (sp == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = krb5_store_stringz(sp, ireq.u.init.type); ret = krb5_store_stringz(sp, ireq.u.init.type);
@@ -410,9 +410,9 @@ _kdc_do_digest(krb5_context context,
ireq.u.init.channel->cb_type, ireq.u.init.channel->cb_type,
ireq.u.init.channel->cb_binding); ireq.u.init.channel->cb_binding);
if (s == NULL) { if (s == NULL) {
krb5_set_error_string(context, "Failed to allocate "
"channel binding");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret,
"Failed to allocate channel binding");
goto out; goto out;
} }
free(r.u.initReply.nonce); free(r.u.initReply.nonce);
@@ -429,15 +429,15 @@ _kdc_do_digest(krb5_context context,
r.u.initReply.identifier = r.u.initReply.identifier =
malloc(sizeof(*r.u.initReply.identifier)); malloc(sizeof(*r.u.initReply.identifier));
if (r.u.initReply.identifier == NULL) { if (r.u.initReply.identifier == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff); asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff);
if (*r.u.initReply.identifier == NULL) { if (*r.u.initReply.identifier == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
@@ -478,8 +478,8 @@ _kdc_do_digest(krb5_context context,
ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret); ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
free_Checksum(&res); free_Checksum(&res);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to encode " krb5_set_error_message(context, ret, "Failed to encode "
"checksum in digest request"); "checksum in digest request");
goto out; goto out;
} }
if (size != buf.length) if (size != buf.length)
@@ -502,7 +502,7 @@ _kdc_do_digest(krb5_context context,
sp = krb5_storage_emem(); sp = krb5_storage_emem();
if (sp == NULL) { if (sp == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = krb5_store_stringz(sp, ireq.u.digestRequest.type); ret = krb5_store_stringz(sp, ireq.u.digestRequest.type);
@@ -524,15 +524,15 @@ _kdc_do_digest(krb5_context context,
buf.length = strlen(ireq.u.digestRequest.opaque); buf.length = strlen(ireq.u.digestRequest.opaque);
buf.data = malloc(buf.length); buf.data = malloc(buf.length);
if (buf.data == NULL) { if (buf.data == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length); ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length);
if (ret <= 0) { if (ret <= 0) {
krb5_set_error_string(context, "Failed to decode opaque");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "Failed to decode opaque");
goto out; goto out;
} }
buf.length = ret; buf.length = ret;
@@ -540,7 +540,7 @@ _kdc_do_digest(krb5_context context,
ret = decode_Checksum(buf.data, buf.length, &res, NULL); ret = decode_Checksum(buf.data, buf.length, &res, NULL);
free(buf.data); free(buf.data);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to decode digest Checksum"); krb5_set_error_message(context, ret, "Failed to decode digest Checksum");
goto out; goto out;
} }
@@ -553,8 +553,8 @@ _kdc_do_digest(krb5_context context,
serverNonce.length = strlen(ireq.u.digestRequest.serverNonce); serverNonce.length = strlen(ireq.u.digestRequest.serverNonce);
serverNonce.data = malloc(serverNonce.length); serverNonce.data = malloc(serverNonce.length);
if (serverNonce.data == NULL) { if (serverNonce.data == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
@@ -568,8 +568,8 @@ _kdc_do_digest(krb5_context context,
ssize = hex_decode(ireq.u.digestRequest.serverNonce, ssize = hex_decode(ireq.u.digestRequest.serverNonce,
serverNonce.data, serverNonce.length); serverNonce.data, serverNonce.length);
if (ssize <= 0) { if (ssize <= 0) {
krb5_set_error_string(context, "Failed to decode serverNonce");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "Failed to decode serverNonce");
goto out; goto out;
} }
serverNonce.length = ssize; serverNonce.length = ssize;
@@ -593,15 +593,15 @@ _kdc_do_digest(krb5_context context,
uint32_t t; uint32_t t;
if (serverNonce.length < 4) { if (serverNonce.length < 4) {
krb5_set_error_string(context, "server nonce too short");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "server nonce too short");
goto out; goto out;
} }
t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) { if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) {
krb5_set_error_string(context, "time screw in server nonce ");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "time screw in server nonce ");
goto out; goto out;
} }
} }
@@ -618,15 +618,15 @@ _kdc_do_digest(krb5_context context,
} }
if (ireq.u.digestRequest.identifier == NULL) { if (ireq.u.digestRequest.identifier == NULL) {
krb5_set_error_string(context, "Identifier missing "
"from CHAP request");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "Identifier missing "
"from CHAP request");
goto out; goto out;
} }
if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) { if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
krb5_set_error_string(context, "failed to decode identifier");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "failed to decode identifier");
goto out; goto out;
} }
@@ -714,8 +714,8 @@ _kdc_do_digest(krb5_context context,
MD5_Final(md, &ctx); MD5_Final(md, &ctx);
hex_encode(md, sizeof(md), &A1); hex_encode(md, sizeof(md), &A1);
if (A1 == NULL) { if (A1 == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto failed; goto failed;
} }
@@ -733,8 +733,8 @@ _kdc_do_digest(krb5_context context,
MD5_Final(md, &ctx); MD5_Final(md, &ctx);
hex_encode(md, sizeof(md), &A2); hex_encode(md, sizeof(md), &A2);
if (A2 == NULL) { if (A2 == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
free(A1); free(A1);
goto failed; goto failed;
} }
@@ -795,15 +795,15 @@ _kdc_do_digest(krb5_context context,
} }
if (ireq.u.digestRequest.clientNonce == NULL) { if (ireq.u.digestRequest.clientNonce == NULL) {
krb5_set_error_string(context,
"MS-CHAP-V2 clientNonce missing");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret,
"MS-CHAP-V2 clientNonce missing");
goto failed; goto failed;
} }
if (serverNonce.length != 16) { if (serverNonce.length != 16) {
krb5_set_error_string(context,
"MS-CHAP-V2 serverNonce wrong length");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret,
"MS-CHAP-V2 serverNonce wrong length");
goto failed; goto failed;
} }
@@ -824,16 +824,16 @@ _kdc_do_digest(krb5_context context,
clientNonce.data = malloc(clientNonce.length); clientNonce.data = malloc(clientNonce.length);
if (clientNonce.data == NULL) { if (clientNonce.data == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ssize = hex_decode(*ireq.u.digestRequest.clientNonce, ssize = hex_decode(*ireq.u.digestRequest.clientNonce,
clientNonce.data, clientNonce.length); clientNonce.data, clientNonce.length);
if (ssize != 16) { if (ssize != 16) {
krb5_set_error_string(context,
"Failed to decode clientNonce");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret,
"Failed to decode clientNonce");
goto out; goto out;
} }
SHA1_Update(&ctx, clientNonce.data, ssize); SHA1_Update(&ctx, clientNonce.data, ssize);
@@ -852,18 +852,18 @@ _kdc_do_digest(krb5_context context,
HDB_F_GET_CLIENT, NULL, &user); HDB_F_GET_CLIENT, NULL, &user);
krb5_free_principal(context, clientprincipal); krb5_free_principal(context, clientprincipal);
if (ret) { if (ret) {
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"MS-CHAP-V2 user %s not in database", "MS-CHAP-V2 user %s not in database",
username); username);
goto failed; goto failed;
} }
ret = hdb_enctype2key(context, &user->entry, ret = hdb_enctype2key(context, &user->entry,
ETYPE_ARCFOUR_HMAC_MD5, &key); ETYPE_ARCFOUR_HMAC_MD5, &key);
if (ret) { if (ret) {
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"MS-CHAP-V2 missing arcfour key %s", "MS-CHAP-V2 missing arcfour key %s",
username); username);
goto failed; goto failed;
} }
@@ -872,7 +872,7 @@ _kdc_do_digest(krb5_context context,
key->key.keyvalue.length, key->key.keyvalue.length,
challange, &answer); challange, &answer);
if (ret) { if (ret) {
krb5_set_error_string(context, "NTLM missing arcfour key"); krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto failed; goto failed;
} }
@@ -967,8 +967,8 @@ _kdc_do_digest(krb5_context context,
asprintf(&r.u.error.reason, "Unsupported digest type %s", asprintf(&r.u.error.reason, "Unsupported digest type %s",
ireq.u.digestRequest.type); ireq.u.digestRequest.type);
if (r.u.error.reason == NULL) { if (r.u.error.reason == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
r.u.error.code = EINVAL; r.u.error.code = EINVAL;
@@ -1021,29 +1021,29 @@ _kdc_do_digest(krb5_context context,
r.u.ntlmInitReply.targetname = r.u.ntlmInitReply.targetname =
get_ntlm_targetname(context, client); get_ntlm_targetname(context, client);
if (r.u.ntlmInitReply.targetname == NULL) { if (r.u.ntlmInitReply.targetname == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
r.u.ntlmInitReply.challange.data = malloc(8); r.u.ntlmInitReply.challange.data = malloc(8);
if (r.u.ntlmInitReply.challange.data == NULL) { if (r.u.ntlmInitReply.challange.data == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
r.u.ntlmInitReply.challange.length = 8; r.u.ntlmInitReply.challange.length = 8;
if (RAND_bytes(r.u.ntlmInitReply.challange.data, if (RAND_bytes(r.u.ntlmInitReply.challange.data,
r.u.ntlmInitReply.challange.length) != 1) r.u.ntlmInitReply.challange.length) != 1)
{ {
krb5_set_error_string(context, "out of random error"); ret = ENOMEM;
ret = ENOMEM; krb5_set_error_message(context, ret, "out of random error");
goto out; goto out;
} }
/* XXX fix targetinfo */ /* XXX fix targetinfo */
ALLOC(r.u.ntlmInitReply.targetinfo); ALLOC(r.u.ntlmInitReply.targetinfo);
if (r.u.ntlmInitReply.targetinfo == NULL) { if (r.u.ntlmInitReply.targetinfo == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
@@ -1052,8 +1052,8 @@ _kdc_do_digest(krb5_context context,
client, client,
r.u.ntlmInitReply.targetinfo); r.u.ntlmInitReply.targetinfo);
if (ret) { if (ret) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
@@ -1064,14 +1064,14 @@ _kdc_do_digest(krb5_context context,
sp = krb5_storage_emem(); sp = krb5_storage_emem();
if (sp == NULL) { if (sp == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8); ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8);
if (ret != 8) { if (ret != 8) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "storage write challange"); krb5_set_error_message(context, ret, "storage write challange");
goto out; goto out;
} }
ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags); ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags);
@@ -1127,8 +1127,8 @@ _kdc_do_digest(krb5_context context,
HDB_F_GET_CLIENT, NULL, &user); HDB_F_GET_CLIENT, NULL, &user);
krb5_free_principal(context, clientprincipal); krb5_free_principal(context, clientprincipal);
if (ret) { if (ret) {
krb5_set_error_string(context, "NTLM user %s not in database", krb5_set_error_message(context, ret, "NTLM user %s not in database",
ireq.u.ntlmRequest.username); ireq.u.ntlmRequest.username);
goto failed; goto failed;
} }
@@ -1150,33 +1150,33 @@ _kdc_do_digest(krb5_context context,
sp = krb5_storage_from_data(&buf); sp = krb5_storage_from_data(&buf);
if (sp == NULL) { if (sp == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = krb5_storage_read(sp, challange, sizeof(challange)); ret = krb5_storage_read(sp, challange, sizeof(challange));
if (ret != sizeof(challange)) { if (ret != sizeof(challange)) {
krb5_set_error_string(context, "NTLM storage read challange");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "NTLM storage read challange");
goto out; goto out;
} }
ret = krb5_ret_uint32(sp, &flags); ret = krb5_ret_uint32(sp, &flags);
if (ret) { if (ret) {
krb5_set_error_string(context, "NTLM storage read flags"); krb5_set_error_message(context, ret, "NTLM storage read flags");
goto out; goto out;
} }
krb5_data_free(&buf); krb5_data_free(&buf);
if ((flags & NTLM_NEG_NTLM) == 0) { if ((flags & NTLM_NEG_NTLM) == 0) {
ret = EINVAL; ret = EINVAL;
krb5_set_error_string(context, "NTLM not negotiated"); krb5_set_error_message(context, ret, "NTLM not negotiated");
goto out; goto out;
} }
ret = hdb_enctype2key(context, &user->entry, ret = hdb_enctype2key(context, &user->entry,
ETYPE_ARCFOUR_HMAC_MD5, &key); ETYPE_ARCFOUR_HMAC_MD5, &key);
if (ret) { if (ret) {
krb5_set_error_string(context, "NTLM missing arcfour key"); krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto out; goto out;
} }
@@ -1194,8 +1194,8 @@ _kdc_do_digest(krb5_context context,
targetname = get_ntlm_targetname(context, client); targetname = get_ntlm_targetname(context, client);
if (targetname == NULL) { if (targetname == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
@@ -1213,7 +1213,7 @@ _kdc_do_digest(krb5_context context,
sessionkey); sessionkey);
free(targetname); free(targetname);
if (ret) { if (ret) {
krb5_set_error_string(context, "NTLM v2 verify failed"); krb5_set_error_message(context, ret, "NTLM v2 verify failed");
goto failed; goto failed;
} }
@@ -1238,9 +1238,9 @@ _kdc_do_digest(krb5_context context,
} }
if (ireq.u.ntlmRequest.lm.length != 24) { if (ireq.u.ntlmRequest.lm.length != 24) {
krb5_set_error_string(context, "LM hash have wrong length "
"for NTLM session key");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "LM hash have wrong length "
"for NTLM session key");
goto failed; goto failed;
} }
@@ -1260,18 +1260,18 @@ _kdc_do_digest(krb5_context context,
key->key.keyvalue.length, key->key.keyvalue.length,
challange, &answer); challange, &answer);
if (ret) { if (ret) {
krb5_set_error_string(context, "NTLM missing arcfour key"); krb5_set_error_message(context, ret, "NTLM missing arcfour key");
goto failed; goto failed;
} }
if (ireq.u.ntlmRequest.ntlm.length != answer.length || if (ireq.u.ntlmRequest.ntlm.length != answer.length ||
memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0) memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0)
{ {
free(answer.data); free(answer.data);
ret = EINVAL; ret = EINVAL;
krb5_set_error_string(context, "NTLM hash mismatch"); krb5_set_error_message(context, ret, "NTLM hash mismatch");
goto failed; goto failed;
} }
free(answer.data); free(answer.data);
{ {
@@ -1290,18 +1290,19 @@ _kdc_do_digest(krb5_context context,
size_t len; size_t len;
if ((flags & NTLM_NEG_KEYEX) == 0) { if ((flags & NTLM_NEG_KEYEX) == 0) {
krb5_set_error_string(context,
"NTLM client failed to neg key "
"exchange but still sent key");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret,
"NTLM client failed to neg key "
"exchange but still sent key");
goto failed; goto failed;
} }
len = ireq.u.ntlmRequest.sessionkey->length; len = ireq.u.ntlmRequest.sessionkey->length;
if (len != sizeof(masterkey)){ if (len != sizeof(masterkey)){
krb5_set_error_string(context, ret = EINVAL;
"NTLM master key wrong length: %lu", krb5_set_error_message(context, ret,
(unsigned long)len); "NTLM master key wrong length: %lu",
(unsigned long)len);
goto failed; goto failed;
} }
@@ -1315,14 +1316,15 @@ _kdc_do_digest(krb5_context context,
r.u.ntlmResponse.sessionkey = r.u.ntlmResponse.sessionkey =
malloc(sizeof(*r.u.ntlmResponse.sessionkey)); malloc(sizeof(*r.u.ntlmResponse.sessionkey));
if (r.u.ntlmResponse.sessionkey == NULL) { if (r.u.ntlmResponse.sessionkey == NULL) {
krb5_set_error_string(context, "out of memory"); ret = EINVAL;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = krb5_data_copy(r.u.ntlmResponse.sessionkey, ret = krb5_data_copy(r.u.ntlmResponse.sessionkey,
masterkey, sizeof(masterkey)); masterkey, sizeof(masterkey));
if (ret) { if (ret) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
} }
@@ -1354,11 +1356,11 @@ _kdc_do_digest(krb5_context context,
break; break;
default: { default: {
char *s; const char *s;
krb5_set_error_string(context, "unknown operation to digest");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "unknown operation to digest");
failed: failed:
s = krb5_get_error_message(context, ret); s = krb5_get_error_message(context, ret);
if (s == NULL) { if (s == NULL) {
@@ -1370,10 +1372,10 @@ _kdc_do_digest(krb5_context context,
r.element = choice_DigestRepInner_error; r.element = choice_DigestRepInner_error;
r.u.error.reason = strdup("unknown error"); r.u.error.reason = strdup("unknown error");
krb5_free_error_string(context, s); krb5_free_error_message(context, s);
if (r.u.error.reason == NULL) { if (r.u.error.reason == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
r.u.error.code = EINVAL; r.u.error.code = EINVAL;
@@ -1383,7 +1385,7 @@ _kdc_do_digest(krb5_context context,
ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret); ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to encode inner digest reply"); krb5_set_error_message(context, ret, "Failed to encode inner digest reply");
goto out; goto out;
} }
if (size != buf.length) if (size != buf.length)
@@ -1414,14 +1416,14 @@ _kdc_do_digest(krb5_context context,
ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret); ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to encode digest reply"); krb5_set_error_message(context, ret, "Failed to encode digest reply");
goto out; goto out;
} }
if (size != reply->length) if (size != reply->length)
krb5_abortx(context, "ASN1 internal error"); krb5_abortx(context, "ASN1 internal error");
out: out:
if (ac) if (ac)
krb5_auth_con_free(context, ac); krb5_auth_con_free(context, ac);
if (ret) if (ret)

10
kdc/kerberos5.c
View File

@@ -1807,7 +1807,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
if (tkt->authorization_data == NULL) { if (tkt->authorization_data == NULL) {
tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data)); tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
if (tkt->authorization_data == NULL) { if (tkt->authorization_data == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "out of memory");
return ENOMEM; return ENOMEM;
} }
} }
@@ -1822,7 +1822,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
ret = add_AuthorizationData(&ad, &ade); ret = add_AuthorizationData(&ad, &ade);
if (ret) { if (ret) {
krb5_set_error_string(context, "add AuthorizationData failed"); krb5_set_error_message(context, ret, "add AuthorizationData failed");
return ret; return ret;
} }
@@ -1833,8 +1833,8 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
&ad, &size, ret); &ad, &size, ret);
free_AuthorizationData(&ad); free_AuthorizationData(&ad);
if (ret) { if (ret) {
krb5_set_error_string(context, "ASN.1 encode of " krb5_set_error_message(context, ret, "ASN.1 encode of "
"AuthorizationData failed"); "AuthorizationData failed");
return ret; return ret;
} }
if (ade.ad_data.length != size) if (ade.ad_data.length != size)
@@ -1843,7 +1843,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
ret = add_AuthorizationData(tkt->authorization_data, &ade); ret = add_AuthorizationData(tkt->authorization_data, &ade);
der_free_octet_string(&ade.ad_data); der_free_octet_string(&ade.ad_data);
if (ret) { if (ret) {
krb5_set_error_string(context, "add AuthorizationData failed"); krb5_set_error_message(context, ret, "add AuthorizationData failed");
return ret; return ret;
} }
} }

10
kdc/krb5tgs.c
View File

@@ -80,8 +80,8 @@ find_KRB5SignedPath(krb5_context context,
&child, &child,
NULL); NULL);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to decode " krb5_set_error_message(context, ret, "Failed to decode "
"IF_RELEVANT with %d", ret); "IF_RELEVANT with %d", ret);
return ret; return ret;
} }
@@ -305,8 +305,8 @@ check_PAC(krb5_context context,
&child, &child,
NULL); NULL);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to decode " krb5_set_error_message(context, ret, "Failed to decode "
"IF_RELEVANT with %d", ret); "IF_RELEVANT with %d", ret);
return ret; return ret;
} }
for (j = 0; j < child.len; j++) { for (j = 0; j < child.len; j++) {
@@ -1338,7 +1338,7 @@ build_server_referral(krb5_context context,
return 0; return 0;
eout: eout:
free_PA_ServerReferralData(&ref); free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }

26
kdc/kx509.c
View File

@@ -67,8 +67,9 @@ verify_req_hash(krb5_context context,
HMAC_CTX ctx; HMAC_CTX ctx;
if (req->pk_hash.length != sizeof(digest)) { if (req->pk_hash.length != sizeof(digest)) {
krb5_set_error_string(context, "pk-hash have wrong length: %lu", krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
(unsigned long)req->pk_hash.length); "pk-hash have wrong length: %lu",
(unsigned long)req->pk_hash.length);
return KRB5KDC_ERR_PREAUTH_FAILED; return KRB5KDC_ERR_PREAUTH_FAILED;
} }
@@ -84,7 +85,8 @@ verify_req_hash(krb5_context context,
HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&ctx);
if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
krb5_set_error_string(context, "pk-hash is not correct"); krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
"pk-hash is not correct");
return KRB5KDC_ERR_PREAUTH_FAILED; return KRB5KDC_ERR_PREAUTH_FAILED;
} }
return 0; return 0;
@@ -106,7 +108,7 @@ calculate_reply_hash(krb5_context context,
rep->hash->data = malloc(rep->hash->length); rep->hash->data = malloc(rep->hash->length);
if (rep->hash->data == NULL) { if (rep->hash->data == NULL) {
HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&ctx);
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -276,7 +278,7 @@ out:
hx509_cert_free(signer); hx509_cert_free(signer);
if (hxctx) if (hxctx)
hx509_context_free(&hxctx); hx509_context_free(&hxctx);
krb5_set_error_string(context, "cert creation failed"); krb5_set_error_message(context, ret, "cert creation failed");
return ret; return ret;
} }
@@ -354,16 +356,18 @@ _kdc_do_kx509(krb5_context context,
krb5_free_principal(context, principal); krb5_free_principal(context, principal);
if (ret != TRUE) { if (ret != TRUE) {
ret = KRB5KDC_ERR_SERVER_NOMATCH; ret = KRB5KDC_ERR_SERVER_NOMATCH;
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"User %s used wrong Kx509 service principal", "User %s used wrong Kx509 service principal",
cname); cname);
goto out; goto out;
} }
} }
ret = krb5_auth_con_getkey(context, ac, &key); ret = krb5_auth_con_getkey(context, ac, &key);
if (ret || key == NULL) { if (ret == 0 && key == NULL)
krb5_set_error_string(context, "Kx509 can't get session key"); ret = KRB5KDC_ERR_NULL_KEY;
if (ret) {
krb5_set_error_message(context, ret, "Kx509 can't get session key");
goto out; goto out;
} }
@@ -414,7 +418,7 @@ _kdc_do_kx509(krb5_context context,
ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep, ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep,
&size, ret); &size, ret);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to encode kx509 reply"); krb5_set_error_message(context, ret, "Failed to encode kx509 reply");
goto out; goto out;
} }
if (size != data.length) if (size != data.length)

9
kdc/misc.c
View File

@@ -51,7 +51,7 @@ _kdc_db_fetch(krb5_context context,
ent = calloc (1, sizeof (*ent)); ent = calloc (1, sizeof (*ent));
if (ent == NULL) { if (ent == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -76,8 +76,8 @@ _kdc_db_fetch(krb5_context context,
} }
} }
free(ent); free(ent);
krb5_set_error_string(context, "no such entry found in hdb"); krb5_set_error_message(context, HDB_ERR_NOENTRY, "no such entry found in hdb");
return HDB_ERR_NOENTRY; return HDB_ERR_NOENTRY;
} }
void void
@@ -116,7 +116,8 @@ _kdc_get_preferred_key(krb5_context context,
} }
} }
krb5_set_error_string(context, "No valid kerberos key found for %s", name); krb5_set_error_message(context, EINVAL,
"No valid kerberos key found for %s", name);
return EINVAL; return EINVAL;
} }

111
kdc/pkinit.c
View File

@@ -187,13 +187,13 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
memset(&key, 0, sizeof(key)); memset(&key, 0, sizeof(key));
if (!DH_generate_key(client_params->dh)) { if (!DH_generate_key(client_params->dh)) {
krb5_set_error_string(context, "Can't generate Diffie-Hellman keys");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "Can't generate Diffie-Hellman keys");
goto out; goto out;
} }
if (client_params->dh_public_key == NULL) { if (client_params->dh_public_key == NULL) {
krb5_set_error_string(context, "dh_public_key");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "dh_public_key");
goto out; goto out;
} }
@@ -204,8 +204,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
dh_gen_key = malloc(size); dh_gen_key = malloc(size);
if (dh_gen_key == NULL) { if (dh_gen_key == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
memset(dh_gen_key, 0, size - dh_gen_keylen); memset(dh_gen_key, 0, size - dh_gen_keylen);
@@ -214,8 +214,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
client_params->dh_public_key, client_params->dh_public_key,
client_params->dh); client_params->dh);
if (dh_gen_keylen == -1) { if (dh_gen_keylen == -1) {
krb5_set_error_string(context, "Can't compute Diffie-Hellman key");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "Can't compute Diffie-Hellman key");
goto out; goto out;
} }
@@ -241,7 +241,8 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f)
bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
if (bn == NULL) { if (bn == NULL) {
krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); krb5_set_error_message(context, KRB5_BADMSGTYPE,
"PKINIT: parsing BN failed %s", field);
return NULL; return NULL;
} }
BN_set_negative(bn, f->negative); BN_set_negative(bn, f->negative);
@@ -261,13 +262,14 @@ get_dh_param(krb5_context context,
memset(&dhparam, 0, sizeof(dhparam)); memset(&dhparam, 0, sizeof(dhparam));
if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) { if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) {
krb5_set_error_string(context, krb5_set_error_message(context, KRB5_BADMSGTYPE,
"PKINIT invalid oid in clientPublicValue"); "PKINIT invalid oid in clientPublicValue");
return KRB5_BADMSGTYPE; return KRB5_BADMSGTYPE;
} }
if (dh_key_info->algorithm.parameters == NULL) { if (dh_key_info->algorithm.parameters == NULL) {
krb5_set_error_string(context, "PKINIT missing algorithm parameter " krb5_set_error_message(context, KRB5_BADMSGTYPE,
"PKINIT missing algorithm parameter "
"in clientPublicValue"); "in clientPublicValue");
return KRB5_BADMSGTYPE; return KRB5_BADMSGTYPE;
} }
@@ -277,15 +279,16 @@ get_dh_param(krb5_context context,
&dhparam, &dhparam,
NULL); NULL);
if (ret) { if (ret) {
krb5_set_error_string(context, "Can't decode algorithm " krb5_set_error_message(context, ret, "Can't decode algorithm "
"parameters in clientPublicValue"); "parameters in clientPublicValue");
goto out; goto out;
} }
if ((dh_key_info->subjectPublicKey.length % 8) != 0) { if ((dh_key_info->subjectPublicKey.length % 8) != 0) {
ret = KRB5_BADMSGTYPE; ret = KRB5_BADMSGTYPE;
krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned " krb5_set_error_message(context, ret,
"to 8 bit boundary"); "PKINIT: subjectPublicKey not aligned "
"to 8 bit boundary");
goto out; goto out;
} }
@@ -300,8 +303,8 @@ get_dh_param(krb5_context context,
dh = DH_new(); dh = DH_new();
if (dh == NULL) { if (dh == NULL) {
krb5_set_error_string(context, "Cannot create DH structure");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "Cannot create DH structure");
goto out; goto out;
} }
ret = KRB5_BADMSGTYPE; ret = KRB5_BADMSGTYPE;
@@ -332,8 +335,10 @@ get_dh_param(krb5_context context,
"subjectPublicKey", "subjectPublicKey",
&glue); &glue);
der_free_heim_integer(&glue); der_free_heim_integer(&glue);
if (client_params->dh_public_key == NULL) if (client_params->dh_public_key == NULL) {
ret = KRB5_BADMSGTYPE;
goto out; goto out;
}
} }
client_params->dh = dh; client_params->dh = dh;
@@ -389,8 +394,8 @@ _kdc_pk_rd_padata(krb5_context context,
&r, &r,
NULL); NULL);
if (ret) { if (ret) {
krb5_set_error_string(context, "Can't decode " krb5_set_error_message(context, ret, "Can't decode "
"PK-AS-REQ-Win2k: %d", ret); "PK-AS-REQ-Win2k: %d", ret);
goto out; goto out;
} }
@@ -400,7 +405,8 @@ _kdc_pk_rd_padata(krb5_context context,
&have_data); &have_data);
free_PA_PK_AS_REQ_Win2k(&r); free_PA_PK_AS_REQ_Win2k(&r);
if (ret) { if (ret) {
krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); krb5_set_error_message(context, ret,
"Can't decode PK-AS-REQ: %d", ret);
goto out; goto out;
} }
@@ -414,7 +420,7 @@ _kdc_pk_rd_padata(krb5_context context,
&r, &r,
NULL); NULL);
if (ret) { if (ret) {
krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); krb5_set_error_message(context, ret, "Can't decode PK-AS-REQ: %d", ret);
goto out; goto out;
} }
@@ -428,7 +434,7 @@ _kdc_pk_rd_padata(krb5_context context,
0, NULL, 0, NULL,
&client_params->client_anchors); &client_params->client_anchors);
if (ret) { if (ret) {
krb5_set_error_string(context, "Can't allocate client anchors: %d", ret); krb5_set_error_message(context, ret, "Can't allocate client anchors: %d", ret);
goto out; goto out;
} }
@@ -443,7 +449,7 @@ _kdc_pk_rd_padata(krb5_context context,
ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
if (ret) { if (ret) {
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"Failed to allocate hx509_query"); "Failed to allocate hx509_query");
goto out; goto out;
} }
@@ -480,7 +486,8 @@ _kdc_pk_rd_padata(krb5_context context,
&have_data); &have_data);
free_PA_PK_AS_REQ(&r); free_PA_PK_AS_REQ(&r);
if (ret) { if (ret) {
krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret); krb5_set_error_message(context, ret,
"Can't unwrap ContentInfo: %d", ret);
goto out; goto out;
} }
@@ -492,16 +499,16 @@ _kdc_pk_rd_padata(krb5_context context,
ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData()); ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
if (ret != 0) { if (ret != 0) {
krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
"type oid");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
"PK-AS-REQ-Win2k invalid content type oid");
goto out; goto out;
} }
if (!have_data) { if (!have_data) {
krb5_set_error_string(context,
"PK-AS-REQ-Win2k no signed auth pack");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
"PK-AS-REQ-Win2k no signed auth pack");
goto out; goto out;
} }
@@ -536,8 +543,8 @@ _kdc_pk_rd_padata(krb5_context context,
if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 && if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 &&
der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0) der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0)
{ {
krb5_set_error_string(context, "got wrong oid for pkauthdata");
ret = KRB5_BADMSGTYPE; ret = KRB5_BADMSGTYPE;
krb5_set_error_message(context, ret, "got wrong oid for pkauthdata");
goto out; goto out;
} }
@@ -549,7 +556,7 @@ _kdc_pk_rd_padata(krb5_context context,
&ap, &ap,
NULL); NULL);
if (ret) { if (ret) {
krb5_set_error_string(context, "can't decode AuthPack: %d", ret); krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret);
goto out; goto out;
} }
@@ -565,8 +572,8 @@ _kdc_pk_rd_padata(krb5_context context,
client_params->nonce = ap.pkAuthenticator.nonce; client_params->nonce = ap.pkAuthenticator.nonce;
if (ap.clientPublicValue) { if (ap.clientPublicValue) {
krb5_set_error_string(context, "DH not supported for windows");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "DH not supported for windows");
goto out; goto out;
} }
free_AuthPack_Win2k(&ap); free_AuthPack_Win2k(&ap);
@@ -579,7 +586,7 @@ _kdc_pk_rd_padata(krb5_context context,
&ap, &ap,
NULL); NULL);
if (ret) { if (ret) {
krb5_set_error_string(context, "can't decode AuthPack: %d", ret); krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret);
free_AuthPack(&ap); free_AuthPack(&ap);
goto out; goto out;
} }
@@ -754,8 +761,8 @@ pk_mk_pa_reply_enckey(krb5_context context,
free_ReplyKeyPack(&kp); free_ReplyKeyPack(&kp);
} }
if (ret) { if (ret) {
krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack " krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack "
"failed (%d)", ret); "failed (%d)", ret);
goto out; goto out;
} }
if (buf.length != size) if (buf.length != size)
@@ -859,9 +866,8 @@ pk_mk_pa_reply_dh(krb5_context context,
ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret); ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
if (ret) { if (ret) {
krb5_set_error_string(context, "ASN.1 encoding of " krb5_set_error_message(context, ret, "ASN.1 encoding of "
"DHPublicKey failed (%d)", ret); "DHPublicKey failed (%d)", ret);
krb5_clear_error_string(context);
return ret; return ret;
} }
if (buf.length != size) if (buf.length != size)
@@ -875,8 +881,8 @@ pk_mk_pa_reply_dh(krb5_context context,
ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size, ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size,
ret); ret);
if (ret) { if (ret) {
krb5_set_error_string(context, "ASN.1 encoding of " krb5_set_error_message(context, ret, "ASN.1 encoding of "
"KdcDHKeyInfo failed (%d)", ret); "KdcDHKeyInfo failed (%d)", ret);
goto out; goto out;
} }
if (buf.length != size) if (buf.length != size)
@@ -975,8 +981,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
break; break;
if (req->req_body.etype.len <= i) { if (req->req_body.etype.len <= i) {
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"No valid enctype available from client"); "No valid enctype available from client");
goto out; goto out;
} }
enctype = req->req_body.etype.val[i]; enctype = req->req_body.etype.val[i];
@@ -1020,8 +1026,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret); ret);
free_ContentInfo(&info); free_ContentInfo(&info);
if (ret) { if (ret) {
krb5_set_error_string(context, "encoding of Key ContentInfo " krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
"failed %d", ret); "failed %d", ret);
free_PA_PK_AS_REP(&rep); free_PA_PK_AS_REP(&rep);
goto out; goto out;
} }
@@ -1053,8 +1059,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret); ret);
free_ContentInfo(&info); free_ContentInfo(&info);
if (ret) { if (ret) {
krb5_set_error_string(context, "encoding of Key ContentInfo " krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
"failed %d", ret); "failed %d", ret);
free_PA_PK_AS_REP(&rep); free_PA_PK_AS_REP(&rep);
goto out; goto out;
} }
@@ -1070,8 +1076,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
free_PA_PK_AS_REP(&rep); free_PA_PK_AS_REP(&rep);
if (ret) { if (ret) {
krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d", krb5_set_error_message(context, ret, "encode PA-PK-AS-REP failed %d",
ret); ret);
goto out; goto out;
} }
if (len != size) if (len != size)
@@ -1084,8 +1090,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ContentInfo info; ContentInfo info;
if (client_params->dh) { if (client_params->dh) {
krb5_set_error_string(context, "Windows PK-INIT doesn't support DH");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "Windows PK-INIT doesn't support DH");
goto out; goto out;
} }
@@ -1116,7 +1122,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret); ret);
free_ContentInfo(&info); free_ContentInfo(&info);
if (ret) { if (ret) {
krb5_set_error_string(context, "encoding of Key ContentInfo " krb5_set_error_message(context, ret, "encoding of Key ContentInfo "
"failed %d", ret); "failed %d", ret);
free_PA_PK_AS_REP_Win2k(&rep); free_PA_PK_AS_REP_Win2k(&rep);
goto out; goto out;
@@ -1127,7 +1133,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret); ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret);
free_PA_PK_AS_REP_Win2k(&rep); free_PA_PK_AS_REP_Win2k(&rep);
if (ret) { if (ret) {
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"encode PA-PK-AS-REP-Win2k failed %d", ret); "encode PA-PK-AS-REP-Win2k failed %d", ret);
goto out; goto out;
} }
@@ -1140,7 +1146,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
ret = krb5_padata_add(context, md, pa_type, buf, len); ret = krb5_padata_add(context, md, pa_type, buf, len);
if (ret) { if (ret) {
krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret); krb5_set_error_message(context, ret, "failed adding PA-PK-AS-REP %d", ret);
free(buf); free(buf);
goto out; goto out;
} }
@@ -1214,8 +1220,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
KRB5_PADATA_PA_PK_OCSP_RESPONSE, KRB5_PADATA_PA_PK_OCSP_RESPONSE,
ocsp.data.data, ocsp.data.length); ocsp.data.data, ocsp.data.length);
if (ret) { if (ret) {
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"Failed adding OCSP response %d", ret); "Failed adding OCSP response %d", ret);
goto out; goto out;
} }
} }
@@ -1438,7 +1444,8 @@ _kdc_pk_check_client(krb5_context context,
return 0; return 0;
} }
krb5_set_error_string(context, ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
krb5_set_error_message(context, ret,
"PKINIT no matching principals for %s", "PKINIT no matching principals for %s",
*subject_name); *subject_name);
@@ -1449,7 +1456,7 @@ _kdc_pk_check_client(krb5_context context,
free(*subject_name); free(*subject_name);
*subject_name = NULL; *subject_name = NULL;
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; return ret;
} }
static krb5_error_code static krb5_error_code

7
kdc/process.c
View File

@@ -177,14 +177,15 @@ krb5_kdc_save_request(krb5_context context,
fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600); fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600);
if (fd < 0) { if (fd < 0) {
krb5_set_error_string(context, "Failed to open: %s", fn); int saved_errno = errno;
return errno; krb5_set_error_message(context, saved_errno, "Failed to open: %s", fn);
return saved_errno;
} }
sp = krb5_storage_from_fd(fd); sp = krb5_storage_from_fd(fd);
close(fd); close(fd);
if (sp == NULL) { if (sp == NULL) {
krb5_set_error_string(context, "Storage failed to open fd"); krb5_set_error_message(context, ENOMEM, "Storage failed to open fd");
return ENOMEM; return ENOMEM;
} }

2
kdc/set_dbinfo.c
View File

@@ -55,7 +55,7 @@ krb5_kdc_set_dbinfo(krb5_context context, struct krb5_kdc_configuration *c)
ptr = realloc(c->db, (c->num_db + 1) * sizeof(*c->db)); ptr = realloc(c->db, (c->num_db + 1) * sizeof(*c->db));
if (ptr == NULL) { if (ptr == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
c->db = ptr; c->db = ptr;

4
kdc/windc.c
View File

@@ -63,7 +63,7 @@ krb5_kdc_windc_init(krb5_context context)
} }
if (e == NULL) { if (e == NULL) {
_krb5_plugin_free(list); _krb5_plugin_free(list);
krb5_set_error_string(context, "Did not find any WINDC plugin"); krb5_set_error_message(context, ENOENT, "Did not find any WINDC plugin");
windcft = NULL; windcft = NULL;
return ENOENT; return ENOENT;
} }
@@ -91,7 +91,7 @@ _kdc_pac_verify(krb5_context context,
krb5_pac *pac) krb5_pac *pac)
{ {
if (windcft == NULL) { if (windcft == NULL) {
krb5_set_error_string(context, "Can't verify PAC, no function"); krb5_set_error_message(context, EINVAL, "Can't verify PAC, no function");
return EINVAL; return EINVAL;
} }
return (windcft->pac_verify)(windcctx, context, return (windcft->pac_verify)(windcctx, context,

2
lib/gssapi/krb5/display_status.c
View File

@@ -135,7 +135,7 @@ _gsskrb5_set_status (const char *fmt, ...)
vasprintf(&str, fmt, args); vasprintf(&str, fmt, args);
va_end(args); va_end(args);
if (str) { if (str) {
krb5_set_error_string(context, str); krb5_set_error_message(context, 0, str);
free(str); free(str);
} }
} }

6
lib/gssapi/krb5/wrap.c
View File

@@ -61,7 +61,7 @@ _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx,
ctx->auth_context, ctx->auth_context,
key); key);
if (ret == 0 && *key == NULL) { if (ret == 0 && *key == NULL) {
krb5_set_error_string(context, "No initiator subkey available"); krb5_set_error_message(context, 0, "No initiator subkey available");
return GSS_KRB5_S_KG_NO_SUBKEY; return GSS_KRB5_S_KG_NO_SUBKEY;
} }
return ret; return ret;
@@ -85,7 +85,7 @@ _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx,
key); key);
} }
if (ret == 0 && *key == NULL) { if (ret == 0 && *key == NULL) {
krb5_set_error_string(context, "No acceptor subkey available"); krb5_set_error_message(context, 0, "No acceptor subkey available");
return GSS_KRB5_S_KG_NO_SUBKEY; return GSS_KRB5_S_KG_NO_SUBKEY;
} }
return ret; return ret;
@@ -106,7 +106,7 @@ _gsskrb5i_get_token_key(const gsskrb5_ctx ctx,
_gsskrb5i_get_initiator_subkey(ctx, context, key); _gsskrb5i_get_initiator_subkey(ctx, context, key);
} }
if (*key == NULL) { if (*key == NULL) {
krb5_set_error_string(context, "No token key available"); krb5_set_error_message(context, 0, "No token key available");
return GSS_KRB5_S_KG_NO_SUBKEY; return GSS_KRB5_S_KG_NO_SUBKEY;
} }
return 0; return 0;

2
lib/hdb/common.c
View File

@@ -275,7 +275,7 @@ _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
struct timeval t; struct timeval t;
entry->entry.generation = malloc(sizeof(*entry->entry.generation)); entry->entry.generation = malloc(sizeof(*entry->entry.generation));
if(entry->entry.generation == NULL) { if(entry->entry.generation == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
gettimeofday(&t, NULL); gettimeofday(&t, NULL);

38
lib/hdb/db.c
View File

@@ -68,8 +68,8 @@ DB_lock(krb5_context context, HDB *db, int operation)
DB *d = (DB*)db->hdb_db; DB *d = (DB*)db->hdb_db;
int fd = (*d->fd)(d); int fd = (*d->fd)(d);
if(fd < 0) { if(fd < 0) {
krb5_set_error_string(context, krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
"Can't lock database: %s", db->hdb_name); "Can't lock database: %s", db->hdb_name);
return HDB_ERR_CANT_LOCK_DB; return HDB_ERR_CANT_LOCK_DB;
} }
return hdb_lock(fd, operation); return hdb_lock(fd, operation);
@@ -81,8 +81,8 @@ DB_unlock(krb5_context context, HDB *db)
DB *d = (DB*)db->hdb_db; DB *d = (DB*)db->hdb_db;
int fd = (*d->fd)(d); int fd = (*d->fd)(d);
if(fd < 0) { if(fd < 0) {
krb5_set_error_string(context, krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB,
"Can't unlock database: %s", db->hdb_name); "Can't unlock database: %s", db->hdb_name);
return HDB_ERR_CANT_LOCK_DB; return HDB_ERR_CANT_LOCK_DB;
} }
return hdb_unlock(fd); return hdb_unlock(fd);
@@ -100,15 +100,15 @@ DB_seq(krb5_context context, HDB *db,
code = db->hdb_lock(context, db, HDB_RLOCK); code = db->hdb_lock(context, db, HDB_RLOCK);
if(code == -1) { if(code == -1) {
krb5_set_error_string(context, "Database %s in use", db->hdb_name); krb5_set_error_message(context, HDB_ERR_DB_INUSE, "Database %s in use", db->hdb_name);
return HDB_ERR_DB_INUSE; return HDB_ERR_DB_INUSE;
} }
code = (*d->seq)(d, &key, &value, flag); code = (*d->seq)(d, &key, &value, flag);
db->hdb_unlock(context, db); /* XXX check value */ db->hdb_unlock(context, db); /* XXX check value */
if(code == -1) { if(code == -1) {
code = errno; code = errno;
krb5_set_error_string(context, "Database %s seq error: %s", krb5_set_error_message(context, code, "Database %s seq error: %s",
db->hdb_name, strerror(code)); db->hdb_name, strerror(code));
return code; return code;
} }
if(code == 1) { if(code == 1) {
@@ -131,8 +131,8 @@ DB_seq(krb5_context context, HDB *db,
if (code == 0 && entry->entry.principal == NULL) { if (code == 0 && entry->entry.principal == NULL) {
entry->entry.principal = malloc(sizeof(*entry->entry.principal)); entry->entry.principal = malloc(sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) { if (entry->entry.principal == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
code = ENOMEM; code = ENOMEM;
krb5_set_error_message(context, code, "malloc: out of memory");
hdb_free_entry (context, entry); hdb_free_entry (context, entry);
} else { } else {
hdb_key2principal(context, &key_data, entry->entry.principal); hdb_key2principal(context, &key_data, entry->entry.principal);
@@ -190,8 +190,8 @@ DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
db->hdb_unlock(context, db); db->hdb_unlock(context, db);
if(code < 0) { if(code < 0) {
code = errno; code = errno;
krb5_set_error_string(context, "Database %s get error: %s", krb5_set_error_message(context, code, "Database %s get error: %s",
db->hdb_name, strerror(code)); db->hdb_name, strerror(code));
return code; return code;
} }
if(code == 1) { if(code == 1) {
@@ -222,8 +222,8 @@ DB__put(krb5_context context, HDB *db, int replace,
db->hdb_unlock(context, db); db->hdb_unlock(context, db);
if(code < 0) { if(code < 0) {
code = errno; code = errno;
krb5_set_error_string(context, "Database %s put error: %s", krb5_set_error_message(context, code, "Database %s put error: %s",
db->hdb_name, strerror(code)); db->hdb_name, strerror(code));
return code; return code;
} }
if(code == 1) { if(code == 1) {
@@ -248,8 +248,8 @@ DB__del(krb5_context context, HDB *db, krb5_data key)
db->hdb_unlock(context, db); db->hdb_unlock(context, db);
if(code == 1) { if(code == 1) {
code = errno; code = errno;
krb5_set_error_string(context, "Database %s put error: %s", krb5_set_error_message(context, code, "Database %s put error: %s",
db->hdb_name, strerror(code)); db->hdb_name, strerror(code));
return code; return code;
} }
if(code < 0) if(code < 0)
@@ -265,7 +265,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
asprintf(&fn, "%s.db", db->hdb_name); asprintf(&fn, "%s.db", db->hdb_name);
if (fn == NULL) { if (fn == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL); db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL);
@@ -275,7 +275,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL); db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL);
if(db->hdb_db == NULL) { if(db->hdb_db == NULL) {
ret = errno; ret = errno;
krb5_set_error_string(context, "dbopen (%s): %s", krb5_set_error_message(context, ret, "dbopen (%s): %s",
db->hdb_name, strerror(ret)); db->hdb_name, strerror(ret));
return ret; return ret;
} }
@@ -289,7 +289,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
} }
if (ret) { if (ret) {
DB_close(context, db); DB_close(context, db);
krb5_set_error_string(context, "hdb_open: failed %s database %s", krb5_set_error_message(context, ret, "hdb_open: failed %s database %s",
(flags & O_ACCMODE) == O_RDONLY ? (flags & O_ACCMODE) == O_RDONLY ?
"checking format of" : "initialize", "checking format of" : "initialize",
db->hdb_name); db->hdb_name);
@@ -303,16 +303,16 @@ hdb_db_create(krb5_context context, HDB **db,
{ {
*db = calloc(1, sizeof(**db)); *db = calloc(1, sizeof(**db));
if (*db == NULL) { if (*db == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
(*db)->hdb_db = NULL; (*db)->hdb_db = NULL;
(*db)->hdb_name = strdup(filename); (*db)->hdb_name = strdup(filename);
if ((*db)->hdb_name == NULL) { if ((*db)->hdb_name == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
free(*db); free(*db);
*db = NULL; *db = NULL;
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
(*db)->hdb_master_key_set = 0; (*db)->hdb_master_key_set = 0;

20
lib/hdb/db3.c
View File

@@ -125,7 +125,7 @@ DB_seq(krb5_context context, HDB *db,
entry->entry.principal = malloc(sizeof(*entry->entry.principal)); entry->entry.principal = malloc(sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) { if (entry->entry.principal == NULL) {
hdb_free_entry (context, entry); hdb_free_entry (context, entry);
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} else { } else {
hdb_key2principal(context, &key_data, entry->entry.principal); hdb_key2principal(context, &key_data, entry->entry.principal);
@@ -264,7 +264,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
asprintf(&fn, "%s.db", db->hdb_name); asprintf(&fn, "%s.db", db->hdb_name);
if (fn == NULL) { if (fn == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
db_create(&d, NULL, 0); db_create(&d, NULL, 0);
@@ -289,7 +289,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
if (ret) { if (ret) {
free(fn); free(fn);
krb5_set_error_string(context, "opening %s: %s", krb5_set_error_message(context, ret, "opening %s: %s",
db->hdb_name, strerror(ret)); db->hdb_name, strerror(ret));
return ret; return ret;
} }
@@ -297,7 +297,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
ret = (*d->cursor)(d, NULL, &dbc, 0); ret = (*d->cursor)(d, NULL, &dbc, 0);
if (ret) { if (ret) {
krb5_set_error_string(context, "d->cursor: %s", strerror(ret)); krb5_set_error_message(context, ret, "d->cursor: %s", strerror(ret));
return ret; return ret;
} }
db->hdb_dbc = dbc; db->hdb_dbc = dbc;
@@ -310,10 +310,10 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode)
return 0; return 0;
if (ret) { if (ret) {
DB_close(context, db); DB_close(context, db);
krb5_set_error_string(context, "hdb_open: failed %s database %s", krb5_set_error_message(context, ret, "hdb_open: failed %s database %s",
(flags & O_ACCMODE) == O_RDONLY ? (flags & O_ACCMODE) == O_RDONLY ?
"checking format of" : "initialize", "checking format of" : "initialize",
db->hdb_name); db->hdb_name);
} }
return ret; return ret;
@@ -325,16 +325,16 @@ hdb_db_create(krb5_context context, HDB **db,
{ {
*db = calloc(1, sizeof(**db)); *db = calloc(1, sizeof(**db));
if (*db == NULL) { if (*db == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
(*db)->hdb_db = NULL; (*db)->hdb_db = NULL;
(*db)->hdb_name = strdup(filename); (*db)->hdb_name = strdup(filename);
if ((*db)->hdb_name == NULL) { if ((*db)->hdb_name == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
free(*db); free(*db);
*db = NULL; *db = NULL;
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
(*db)->hdb_master_key_set = 0; (*db)->hdb_master_key_set = 0;

2
lib/hdb/dbinfo.c
View File

@@ -63,7 +63,7 @@ get_dbinfo(krb5_context context,
di = calloc(1, sizeof(*di)); di = calloc(1, sizeof(*di));
if (di == NULL) { if (di == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
di->label = strdup(label); di->label = strdup(label);

43
lib/hdb/ext.c
View File

@@ -53,8 +53,9 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
choice_HDB_extension_data_asn1_ellipsis) choice_HDB_extension_data_asn1_ellipsis)
continue; continue;
if (ent->extensions->val[i].mandatory) { if (ent->extensions->val[i].mandatory) {
krb5_set_error_string(context, "Principal have unknown " krb5_set_error_message(context, HDB_ERR_MANDATORY_OPTION,
"mandatory extension"); "Principal have unknown "
"mandatory extension");
return HDB_ERR_MANDATORY_OPTION; return HDB_ERR_MANDATORY_OPTION;
} }
} }
@@ -95,7 +96,7 @@ hdb_replace_extension(krb5_context context,
if (entry->extensions == NULL) { if (entry->extensions == NULL) {
entry->extensions = calloc(1, sizeof(*entry->extensions)); entry->extensions = calloc(1, sizeof(*entry->extensions));
if (entry->extensions == NULL) { if (entry->extensions == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
} else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) { } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) {
@@ -120,8 +121,8 @@ hdb_replace_extension(krb5_context context,
&replace_class, &replace_type, &replace_tag, &replace_class, &replace_type, &replace_tag,
&size); &size);
if (ret) { if (ret) {
krb5_set_error_string(context, "hdb: failed to decode " krb5_set_error_message(context, ret, "hdb: failed to decode "
"replacement hdb extention"); "replacement hdb extention");
return ret; return ret;
} }
@@ -136,8 +137,8 @@ hdb_replace_extension(krb5_context context,
&list_class, &list_type, &list_tag, &list_class, &list_type, &list_tag,
&size); &size);
if (ret) { if (ret) {
krb5_set_error_string(context, "hdb: failed to decode " krb5_set_error_message(context, ret, "hdb: failed to decode "
"present hdb extention"); "present hdb extention");
return ret; return ret;
} }
@@ -153,15 +154,15 @@ hdb_replace_extension(krb5_context context,
free_HDB_extension(ext2); free_HDB_extension(ext2);
ret = copy_HDB_extension(ext, ext2); ret = copy_HDB_extension(ext, ext2);
if (ret) if (ret)
krb5_set_error_string(context, "hdb: failed to copy replacement " krb5_set_error_message(context, ret, "hdb: failed to copy replacement "
"hdb extention"); "hdb extention");
return ret; return ret;
} }
es = realloc(entry->extensions->val, es = realloc(entry->extensions->val,
(entry->extensions->len+1)*sizeof(entry->extensions->val[0])); (entry->extensions->len+1)*sizeof(entry->extensions->val[0]));
if (es == NULL) { if (es == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
entry->extensions->val = es; entry->extensions->val = es;
@@ -171,7 +172,7 @@ hdb_replace_extension(krb5_context context,
if (ret == 0) if (ret == 0)
entry->extensions->len++; entry->extensions->len++;
else else
krb5_set_error_string(context, "hdb: failed to copy new extension"); krb5_set_error_message(context, ret, "hdb: failed to copy new extension");
return ret; return ret;
} }
@@ -283,8 +284,9 @@ hdb_entry_get_password(krb5_context context, HDB *db,
db->hdb_master_key); db->hdb_master_key);
if (key == NULL) { if (key == NULL) {
krb5_set_error_string(context, "master key %d missing", krb5_set_error_message(context, HDB_ERR_NO_MKEY,
*ext->data.u.password.mkvno); "master key %d missing",
*ext->data.u.password.mkvno);
return HDB_ERR_NO_MKEY; return HDB_ERR_NO_MKEY;
} }
@@ -302,7 +304,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
str = pw.data; str = pw.data;
if (str[pw.length - 1] != '\0') { if (str[pw.length - 1] != '\0') {
krb5_set_error_string(context, "password malformated"); krb5_set_error_message(context, EINVAL, "password malformated");
return EINVAL; return EINVAL;
} }
@@ -310,7 +312,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
der_free_octet_string(&pw); der_free_octet_string(&pw);
if (*p == NULL) { if (*p == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
return 0; return 0;
@@ -318,7 +320,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
ret = krb5_unparse_name(context, entry->principal, &str); ret = krb5_unparse_name(context, entry->principal, &str);
if (ret == 0) { if (ret == 0) {
krb5_set_error_string(context, "no password attributefor %s", str); krb5_set_error_message(context, ENOENT, "no password attributefor %s", str);
free(str); free(str);
} else } else
krb5_clear_error_string(context); krb5_clear_error_string(context);
@@ -341,8 +343,9 @@ hdb_entry_set_password(krb5_context context, HDB *db,
key = _hdb_find_master_key(NULL, db->hdb_master_key); key = _hdb_find_master_key(NULL, db->hdb_master_key);
if (key == NULL) { if (key == NULL) {
krb5_set_error_string(context, "hdb_entry_set_password: " krb5_set_error_message(context, HDB_ERR_NO_MKEY,
"failed to find masterkey"); "hdb_entry_set_password: "
"failed to find masterkey");
return HDB_ERR_NO_MKEY; return HDB_ERR_NO_MKEY;
} }
@@ -356,7 +359,7 @@ hdb_entry_set_password(krb5_context context, HDB *db,
malloc(sizeof(*ext.data.u.password.mkvno)); malloc(sizeof(*ext.data.u.password.mkvno));
if (ext.data.u.password.mkvno == NULL) { if (ext.data.u.password.mkvno == NULL) {
free_HDB_extension(&ext); free_HDB_extension(&ext);
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
*ext.data.u.password.mkvno = _hdb_mkey_version(key); *ext.data.u.password.mkvno = _hdb_mkey_version(key);
@@ -367,7 +370,7 @@ hdb_entry_set_password(krb5_context context, HDB *db,
ret = krb5_data_copy(&ext.data.u.password.password, ret = krb5_data_copy(&ext.data.u.password.password,
p, strlen(p) + 1); p, strlen(p) + 1);
if (ret) { if (ret) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
free_HDB_extension(&ext); free_HDB_extension(&ext);
return ret; return ret;
} }

122
lib/hdb/hdb-ldap.c
View File

@@ -121,8 +121,9 @@ LDAP_no_size_limit(krb5_context context, LDAP *lp)
ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit); ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit);
if (ret != LDAP_SUCCESS) { if (ret != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_set_option: %s", krb5_set_error_message(context, HDB_ERR_BADVERSION,
ldap_err2string(ret)); "ldap_set_option: %s",
ldap_err2string(ret));
return HDB_ERR_BADVERSION; return HDB_ERR_BADVERSION;
} }
return 0; return 0;
@@ -295,8 +296,9 @@ LDAP_addmod_integer(krb5_context context,
ret = asprintf(&buf, "%ld", l); ret = asprintf(&buf, "%ld", l);
if (ret < 0) { if (ret < 0) {
krb5_set_error_string(context, "asprintf: out of memory:"); krb5_set_error_message(context, ENOMEM,
return ret; "asprintf: out of memory:");
return ENOMEM;
} }
ret = LDAP_addmod(mods, modop, attribute, buf); ret = LDAP_addmod(mods, modop, attribute, buf);
free (buf); free (buf);
@@ -638,9 +640,9 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent,
/* store in ntPassword, not krb5key */ /* store in ntPassword, not krb5key */
ret = hex_encode(nt, 16, &ntHexPassword); ret = hex_encode(nt, 16, &ntHexPassword);
if (ret < 0) { if (ret < 0) {
krb5_set_error_string(context, "hdb-ldap: failed to "
"hex encode key");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "hdb-ldap: failed to "
"hex encode key");
goto out; goto out;
} }
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword", ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword",
@@ -751,10 +753,10 @@ LDAP_dn2principal(krb5_context context, HDB * db, const char *dn,
NULL, NULL, NULL, NULL, NULL, NULL,
0, &res); 0, &res);
if (check_ldap(context, db, rc)) { if (check_ldap(context, db, rc)) {
krb5_set_error_string(context, "ldap_search_ext_s: "
"filter: %s error: %s",
filter, ldap_err2string(rc));
ret = HDB_ERR_NOENTRY; ret = HDB_ERR_NOENTRY;
krb5_set_error_message(context, ret, "ldap_search_ext_s: "
"filter: %s error: %s",
filter, ldap_err2string(rc));
goto out; goto out;
} }
@@ -799,8 +801,8 @@ LDAP__lookup_princ(krb5_context context,
"(&(objectClass=krb5Principal)(krb5PrincipalName=%s))", "(&(objectClass=krb5Principal)(krb5PrincipalName=%s))",
princname); princname);
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "asprintf: out of memory");
goto out; goto out;
} }
@@ -814,10 +816,10 @@ LDAP__lookup_princ(krb5_context context,
NULL, NULL, NULL, NULL, NULL, NULL,
0, msg); 0, msg);
if (check_ldap(context, db, rc)) { if (check_ldap(context, db, rc)) {
krb5_set_error_string(context, "ldap_search_ext_s: " ret = HDB_ERR_NOENTRY;
krb5_set_error_message(context, ret, "ldap_search_ext_s: "
"filter: %s - error: %s", "filter: %s - error: %s",
filter, ldap_err2string(rc)); filter, ldap_err2string(rc));
ret = HDB_ERR_NOENTRY;
goto out; goto out;
} }
@@ -831,8 +833,8 @@ LDAP__lookup_princ(krb5_context context,
"(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))", "(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))",
structural_object, userid); structural_object, userid);
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "asprintf: out of memory");
goto out; goto out;
} }
@@ -845,10 +847,10 @@ LDAP__lookup_princ(krb5_context context,
NULL, NULL, NULL, NULL, NULL, NULL,
0, msg); 0, msg);
if (check_ldap(context, db, rc)) { if (check_ldap(context, db, rc)) {
krb5_set_error_string(context,
"ldap_search_ext_s: filter: %s error: %s",
filter, ldap_err2string(rc));
ret = HDB_ERR_NOENTRY; ret = HDB_ERR_NOENTRY;
krb5_set_error_message(context, ret,
"ldap_search_ext_s: filter: %s error: %s",
filter, ldap_err2string(rc));
goto out; goto out;
} }
} }
@@ -930,7 +932,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
if (ret) if (ret)
goto out; goto out;
} else { } else {
krb5_set_error_string(context, "hdb-ldap: ldap entry missing" krb5_set_error_message(context, HDB_ERR_NOENTRY,
"hdb-ldap: ldap entry missing"
"principal name"); "principal name");
return HDB_ERR_NOENTRY; return HDB_ERR_NOENTRY;
} }
@@ -954,8 +957,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.keys.len = ldap_count_values_len(keys); ent->entry.keys.len = ldap_count_values_len(keys);
ent->entry.keys.val = (Key *) calloc(ent->entry.keys.len, sizeof(Key)); ent->entry.keys.val = (Key *) calloc(ent->entry.keys.len, sizeof(Key));
if (ent->entry.keys.val == NULL) { if (ent->entry.keys.val == NULL) {
krb5_set_error_string(context, "calloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "calloc: out of memory");
goto out; goto out;
} }
for (i = 0; i < ent->entry.keys.len; i++) { for (i = 0; i < ent->entry.keys.len; i++) {
@@ -984,16 +987,16 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
if (ent->entry.etypes == NULL) { if (ent->entry.etypes == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret,"malloc: out of memory");
goto out; goto out;
} }
ent->entry.etypes->len = ldap_count_values_len(vals); ent->entry.etypes->len = ldap_count_values_len(vals);
ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int));
if (ent->entry.etypes->val == NULL) { if (ent->entry.etypes->val == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ent->entry.etypes->len = 0;
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
ent->entry.etypes->len = 0;
goto out; goto out;
} }
for (i = 0; i < ent->entry.etypes->len; i++) { for (i = 0; i < ent->entry.etypes->len; i++) {
@@ -1001,8 +1004,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
buf = malloc(vals[i]->bv_len + 1); buf = malloc(vals[i]->bv_len + 1);
if (buf == NULL) { if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
memcpy(buf, vals[i]->bv_val, vals[i]->bv_len); memcpy(buf, vals[i]->bv_val, vals[i]->bv_len);
@@ -1031,8 +1034,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
(ent->entry.keys.len + 1) * sizeof(ent->entry.keys.val[0])); (ent->entry.keys.len + 1) * sizeof(ent->entry.keys.val[0]));
if (keys == NULL) { if (keys == NULL) {
free(ntPasswordIN); free(ntPasswordIN);
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ent->entry.keys.val = keys; ent->entry.keys.val = keys;
@@ -1040,7 +1043,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.keys.val[ent->entry.keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5; ent->entry.keys.val[ent->entry.keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5;
ret = krb5_data_alloc (&ent->entry.keys.val[ent->entry.keys.len].key.keyvalue, 16); ret = krb5_data_alloc (&ent->entry.keys.val[ent->entry.keys.len].key.keyvalue, 16);
if (ret) { if (ret) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
free(ntPasswordIN); free(ntPasswordIN);
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
@@ -1052,8 +1055,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
if (ent->entry.etypes == NULL) { if (ent->entry.etypes == NULL) {
ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes)));
if (ent->entry.etypes == NULL) { if (ent->entry.etypes == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ent->entry.etypes->val = NULL; ent->entry.etypes->val = NULL;
@@ -1069,8 +1072,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
(ent->entry.etypes->len + 1) * (ent->entry.etypes->len + 1) *
sizeof(ent->entry.etypes->val[0])); sizeof(ent->entry.etypes->val[0]));
if (etypes == NULL) { if (etypes == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ent->entry.etypes->val = etypes; ent->entry.etypes->val = etypes;
@@ -1098,8 +1101,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.modified_by = (Event *) malloc(sizeof(Event)); ent->entry.modified_by = (Event *) malloc(sizeof(Event));
if (ent->entry.modified_by == NULL) { if (ent->entry.modified_by == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp", ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp",
@@ -1116,8 +1119,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.valid_start = malloc(sizeof(*ent->entry.valid_start)); ent->entry.valid_start = malloc(sizeof(*ent->entry.valid_start));
if (ent->entry.valid_start == NULL) { if (ent->entry.valid_start == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart", ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart",
@@ -1130,8 +1133,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end)); ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
if (ent->entry.valid_end == NULL) { if (ent->entry.valid_end == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd", ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd",
@@ -1147,8 +1150,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
if (ent->entry.valid_end == NULL) { if (ent->entry.valid_end == NULL) {
ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end)); ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end));
if (ent->entry.valid_end == NULL) { if (ent->entry.valid_end == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
} }
@@ -1157,8 +1160,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end)); ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
if (ent->entry.pw_end == NULL) { if (ent->entry.pw_end == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd", ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd",
@@ -1174,8 +1177,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
if (ent->entry.pw_end == NULL) { if (ent->entry.pw_end == NULL) {
ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end)); ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end));
if (ent->entry.pw_end == NULL) { if (ent->entry.pw_end == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
} }
@@ -1192,8 +1195,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.max_life = malloc(sizeof(*ent->entry.max_life)); ent->entry.max_life = malloc(sizeof(*ent->entry.max_life));
if (ent->entry.max_life == NULL) { if (ent->entry.max_life == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", &max_life); ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", &max_life);
@@ -1209,8 +1212,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
ent->entry.max_renew = malloc(sizeof(*ent->entry.max_renew)); ent->entry.max_renew = malloc(sizeof(*ent->entry.max_renew));
if (ent->entry.max_renew == NULL) { if (ent->entry.max_renew == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", &max_renew); ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", &max_renew);
@@ -1370,13 +1373,13 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry)
parserc = parserc =
ldap_parse_result(HDB2LDAP(db), e, NULL, NULL, NULL, ldap_parse_result(HDB2LDAP(db), e, NULL, NULL, NULL,
NULL, NULL, 1); NULL, NULL, 1);
ret = HDB_ERR_NOENTRY;
if (parserc != LDAP_SUCCESS if (parserc != LDAP_SUCCESS
&& parserc != LDAP_MORE_RESULTS_TO_RETURN) { && parserc != LDAP_MORE_RESULTS_TO_RETURN) {
krb5_set_error_string(context, "ldap_parse_result: %s", krb5_set_error_message(context, ret, "ldap_parse_result: %s",
ldap_err2string(parserc)); ldap_err2string(parserc));
ldap_abandon_ext(HDB2LDAP(db), msgid, NULL, NULL); ldap_abandon_ext(HDB2LDAP(db), msgid, NULL, NULL);
} }
ret = HDB_ERR_NOENTRY;
HDBSETMSGID(db, -1); HDBSETMSGID(db, -1);
break; break;
case LDAP_SERVER_DOWN: case LDAP_SERVER_DOWN:
@@ -1471,16 +1474,16 @@ LDAP__connect(krb5_context context, HDB * db)
rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, HDB2URL(db)); rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, HDB2URL(db));
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_initialize: %s", krb5_set_error_message(context, HDB_ERR_NOENTRY, "ldap_initialize: %s",
ldap_err2string(rc)); ldap_err2string(rc));
return HDB_ERR_NOENTRY; return HDB_ERR_NOENTRY;
} }
rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION, rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION,
(const void *)&version); (const void *)&version);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_set_option: %s", krb5_set_error_message(context, HDB_ERR_BADVERSION,
ldap_err2string(rc)); "ldap_set_option: %s", ldap_err2string(rc));
LDAP_close(context, db); LDAP_close(context, db);
return HDB_ERR_BADVERSION; return HDB_ERR_BADVERSION;
} }
@@ -1488,8 +1491,8 @@ LDAP__connect(krb5_context context, HDB * db)
rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv, rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv,
NULL, NULL, NULL); NULL, NULL, NULL);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_sasl_bind_s: %s", krb5_set_error_message(context, HDB_ERR_BADVERSION,
ldap_err2string(rc)); "ldap_sasl_bind_s: %s", ldap_err2string(rc));
LDAP_close(context, db); LDAP_close(context, db);
return HDB_ERR_BADVERSION; return HDB_ERR_BADVERSION;
} }
@@ -1581,8 +1584,8 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
if (e == NULL) { if (e == NULL) {
ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db)); ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db));
if (ret < 0) { if (ret < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "asprintf: out of memory");
goto out; goto out;
} }
} else if (flags & HDB_F_REPLACE) { } else if (flags & HDB_F_REPLACE) {
@@ -1609,9 +1612,9 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
char *ld_error = NULL; char *ld_error = NULL;
ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING, ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING,
&ld_error); &ld_error);
krb5_set_error_string(context, "%s: %s (DN=%s) %s: %s",
errfn, name, dn, ldap_err2string(rc), ld_error);
ret = HDB_ERR_CANT_LOCK_DB; ret = HDB_ERR_CANT_LOCK_DB;
krb5_set_error_message(context, ret, "%s: %s (DN=%s) %s: %s",
errfn, name, dn, ldap_err2string(rc), ld_error);
} else } else
ret = 0; ret = 0;
@@ -1655,17 +1658,17 @@ LDAP_remove(krb5_context context, HDB *db, krb5_const_principal principal)
rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit); rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_set_option: %s",
ldap_err2string(rc));
ret = HDB_ERR_BADVERSION; ret = HDB_ERR_BADVERSION;
krb5_set_error_message(context, ret, "ldap_set_option: %s",
ldap_err2string(rc));
goto out; goto out;
} }
rc = ldap_delete_ext_s(HDB2LDAP(db), dn, NULL, NULL ); rc = ldap_delete_ext_s(HDB2LDAP(db), dn, NULL, NULL );
if (check_ldap(context, db, rc)) { if (check_ldap(context, db, rc)) {
krb5_set_error_string(context, "ldap_delete_ext_s: %s",
ldap_err2string(rc));
ret = HDB_ERR_CANT_LOCK_DB; ret = HDB_ERR_CANT_LOCK_DB;
krb5_set_error_message(context, ret, "ldap_delete_ext_s: %s",
ldap_err2string(rc));
} else } else
ret = 0; ret = 0;
@@ -1710,7 +1713,7 @@ hdb_ldap_common(krb5_context context,
const char *create_base = NULL; const char *create_base = NULL;
if (search_base == NULL && search_base[0] == '\0') { if (search_base == NULL && search_base[0] == '\0') {
krb5_set_error_string(context, "ldap search base not configured"); krb5_set_error_message(context, ENOMEM, "ldap search base not configured");
return ENOMEM; /* XXX */ return ENOMEM; /* XXX */
} }
@@ -1723,7 +1726,7 @@ hdb_ldap_common(krb5_context context,
p = default_structural_object; p = default_structural_object;
structural_object = strdup(p); structural_object = strdup(p);
if (structural_object == NULL) { if (structural_object == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
} }
@@ -1734,16 +1737,16 @@ hdb_ldap_common(krb5_context context,
*db = calloc(1, sizeof(**db)); *db = calloc(1, sizeof(**db));
if (*db == NULL) { if (*db == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
memset(*db, 0, sizeof(**db)); memset(*db, 0, sizeof(**db));
h = calloc(1, sizeof(*h)); h = calloc(1, sizeof(*h));
if (h == NULL) { if (h == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
free(*db); free(*db);
*db = NULL; *db = NULL;
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
(*db)->hdb_db = h; (*db)->hdb_db = h;
@@ -1751,8 +1754,8 @@ hdb_ldap_common(krb5_context context,
/* XXX */ /* XXX */
if (asprintf(&(*db)->hdb_name, "ldap:%s", search_base) == -1) { if (asprintf(&(*db)->hdb_name, "ldap:%s", search_base) == -1) {
LDAP_destroy(context, *db); LDAP_destroy(context, *db);
krb5_set_error_string(context, "strdup: out of memory");
*db = NULL; *db = NULL;
krb5_set_error_message(context, ENOMEM, "strdup: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -1760,8 +1763,8 @@ hdb_ldap_common(krb5_context context,
h->h_base = strdup(search_base); h->h_base = strdup(search_base);
if (h->h_url == NULL || h->h_base == NULL) { if (h->h_url == NULL || h->h_base == NULL) {
LDAP_destroy(context, *db); LDAP_destroy(context, *db);
krb5_set_error_string(context, "strdup: out of memory");
*db = NULL; *db = NULL;
krb5_set_error_message(context, ENOMEM, "strdup: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -1773,8 +1776,8 @@ hdb_ldap_common(krb5_context context,
h->h_createbase = strdup(create_base); h->h_createbase = strdup(create_base);
if (h->h_createbase == NULL) { if (h->h_createbase == NULL) {
LDAP_destroy(context, *db); LDAP_destroy(context, *db);
krb5_set_error_string(context, "strdup: out of memory");
*db = NULL; *db = NULL;
krb5_set_error_message(context, ENOMEM, "strdup: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -1812,14 +1815,15 @@ hdb_ldapi_create(krb5_context context, HDB ** db, const char *arg)
asprintf(&p, "ldapi:%s", arg); asprintf(&p, "ldapi:%s", arg);
if (p == NULL) { if (p == NULL) {
krb5_set_error_string(context, "out of memory");
*db = NULL; *db = NULL;
krb5_set_error_message(context, ENOMEM, "out of memory");
return ENOMEM; return ENOMEM;
} }
search_base = strchr(p + strlen("ldapi://"), ':'); search_base = strchr(p + strlen("ldapi://"), ':');
if (search_base == NULL) { if (search_base == NULL) {
krb5_set_error_string(context, "search base missing");
*db = NULL; *db = NULL;
krb5_set_error_message(context, HDB_ERR_BADVERSION,
"search base missing");
return HDB_ERR_BADVERSION; return HDB_ERR_BADVERSION;
} }
*search_base = '\0'; *search_base = '\0';

5
lib/hdb/hdb.c
View File

@@ -85,7 +85,8 @@ hdb_next_enctype2key(krb5_context context,
return 0; return 0;
} }
} }
krb5_set_error_string(context, "No next enctype %d for hdb-entry", krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
"No next enctype %d for hdb-entry",
(int)enctype); (int)enctype);
return KRB5_PROG_ETYPE_NOSUPP; /* XXX */ return KRB5_PROG_ETYPE_NOSUPP; /* XXX */
} }
@@ -378,7 +379,7 @@ hdb_list_builtin(krb5_context context, char **list)
len += 1; len += 1;
buf = malloc(len); buf = malloc(len);
if (buf == NULL) { if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
buf[0] = '\0'; buf[0] = '\0';

11
lib/hdb/keys.c
View File

@@ -153,7 +153,7 @@ parse_key_set(krb5_context context, const char *key,
v4 compat, and a cell name for afs compat */ v4 compat, and a cell name for afs compat */
salt->saltvalue.data = strdup(buf[i]); salt->saltvalue.data = strdup(buf[i]);
if (salt->saltvalue.data == NULL) { if (salt->saltvalue.data == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
salt->saltvalue.length = strlen(buf[i]); salt->saltvalue.length = strlen(buf[i]);
@@ -161,7 +161,7 @@ parse_key_set(krb5_context context, const char *key,
} }
if(enctypes == NULL || salt->salttype == 0) { if(enctypes == NULL || salt->salttype == 0) {
krb5_set_error_string(context, "bad value for default_keys `%s'", key); krb5_set_error_message(context, EINVAL, "bad value for default_keys `%s'", key);
return EINVAL; return EINVAL;
} }
@@ -173,8 +173,9 @@ parse_key_set(krb5_context context, const char *key,
krb5_realm *realm = krb5_princ_realm(context, principal); krb5_realm *realm = krb5_princ_realm(context, principal);
salt->saltvalue.data = strdup(*realm); salt->saltvalue.data = strdup(*realm);
if(salt->saltvalue.data == NULL) { if(salt->saltvalue.data == NULL) {
krb5_set_error_string(context, "out of memory while " krb5_set_error_message(context, ENOMEM,
"parsing salt specifiers"); "out of memory while "
"parsing salt specifiers");
return ENOMEM; return ENOMEM;
} }
strlwr(salt->saltvalue.data); strlwr(salt->saltvalue.data);
@@ -185,7 +186,7 @@ parse_key_set(krb5_context context, const char *key,
*ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes); *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes);
if (*ret_enctypes == NULL) { if (*ret_enctypes == NULL) {
krb5_free_salt(context, *salt); krb5_free_salt(context, *salt);
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes); memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes);

8
lib/hdb/keytab.c
View File

@@ -55,7 +55,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
d = malloc(sizeof(*d)); d = malloc(sizeof(*d));
if(d == NULL) { if(d == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
db = name; db = name;
@@ -67,7 +67,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
d->dbname = strdup(name); d->dbname = strdup(name);
if(d->dbname == NULL) { if(d->dbname == NULL) {
free(d); free(d);
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
} }
@@ -79,7 +79,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
d->dbname = malloc(mkey - db + 1); d->dbname = malloc(mkey - db + 1);
if(d->dbname == NULL) { if(d->dbname == NULL) {
free(d); free(d);
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
memmove(d->dbname, db, mkey - db); memmove(d->dbname, db, mkey - db);
@@ -89,7 +89,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
if(d->mkey == NULL) { if(d->mkey == NULL) {
free(d->dbname); free(d->dbname);
free(d); free(d);
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
} }

31
lib/hdb/mkey.c
View File

@@ -67,7 +67,7 @@ hdb_process_master_key(krb5_context context,
*mkey = calloc(1, sizeof(**mkey)); *mkey = calloc(1, sizeof(**mkey));
if(*mkey == NULL) { if(*mkey == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
(*mkey)->keytab.vno = kvno; (*mkey)->keytab.vno = kvno;
@@ -159,8 +159,8 @@ read_master_mit(krb5_context context, const char *filename,
fd = open(filename, O_RDONLY | O_BINARY); fd = open(filename, O_RDONLY | O_BINARY);
if(fd < 0) { if(fd < 0) {
int save_errno = errno; int save_errno = errno;
krb5_set_error_string(context, "failed to open %s: %s", filename, krb5_set_error_message(context, save_errno, "failed to open %s: %s",
strerror(save_errno)); filename, strerror(save_errno));
return save_errno; return save_errno;
} }
sp = krb5_storage_from_fd(fd); sp = krb5_storage_from_fd(fd);
@@ -176,9 +176,9 @@ read_master_mit(krb5_context context, const char *filename,
#else #else
ret = krb5_ret_int16(sp, &enctype); ret = krb5_ret_int16(sp, &enctype);
if((htons(enctype) & 0xff00) == 0x3000) { if((htons(enctype) & 0xff00) == 0x3000) {
krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x",
filename, htons(enctype), 0x3000);
ret = HEIM_ERR_BAD_MKEY; ret = HEIM_ERR_BAD_MKEY;
krb5_set_error_message(context, ret, "unknown keytype in %s: %#x, expected %#x",
filename, htons(enctype), 0x3000);
goto out; goto out;
} }
key.keytype = enctype; key.keytype = enctype;
@@ -209,7 +209,7 @@ read_master_encryptionkey(krb5_context context, const char *filename,
fd = open(filename, O_RDONLY | O_BINARY); fd = open(filename, O_RDONLY | O_BINARY);
if(fd < 0) { if(fd < 0) {
int save_errno = errno; int save_errno = errno;
krb5_set_error_string(context, "failed to open %s: %s", krb5_set_error_message(context, save_errno, "failed to open %s: %s",
filename, strerror(save_errno)); filename, strerror(save_errno));
return save_errno; return save_errno;
} }
@@ -218,7 +218,7 @@ read_master_encryptionkey(krb5_context context, const char *filename,
close(fd); close(fd);
if(len < 0) { if(len < 0) {
int save_errno = errno; int save_errno = errno;
krb5_set_error_string(context, "error reading %s: %s", krb5_set_error_message(context, save_errno, "error reading %s: %s",
filename, strerror(save_errno)); filename, strerror(save_errno));
return save_errno; return save_errno;
} }
@@ -255,8 +255,8 @@ read_master_krb4(krb5_context context, const char *filename,
fd = open(filename, O_RDONLY | O_BINARY); fd = open(filename, O_RDONLY | O_BINARY);
if(fd < 0) { if(fd < 0) {
int save_errno = errno; int save_errno = errno;
krb5_set_error_string(context, "failed to open %s: %s", krb5_set_error_message(context, save_errno, "failed to open %s: %s",
filename, strerror(save_errno)); filename, strerror(save_errno));
return save_errno; return save_errno;
} }
@@ -264,12 +264,13 @@ read_master_krb4(krb5_context context, const char *filename,
close(fd); close(fd);
if(len < 0) { if(len < 0) {
int save_errno = errno; int save_errno = errno;
krb5_set_error_string(context, "error reading %s: %s", krb5_set_error_message(context, save_errno, "error reading %s: %s",
filename, strerror(save_errno)); filename, strerror(save_errno));
return save_errno; return save_errno;
} }
if(len != 8) { if(len != 8) {
krb5_set_error_string(context, "bad contents of %s", filename); krb5_set_error_message(context, HEIM_ERR_EOF,
"bad contents of %s", filename);
return HEIM_ERR_EOF; /* XXX file might be too large */ return HEIM_ERR_EOF; /* XXX file might be too large */
} }
@@ -303,14 +304,14 @@ hdb_read_master_key(krb5_context context, const char *filename,
f = fopen(filename, "r"); f = fopen(filename, "r");
if(f == NULL) { if(f == NULL) {
int save_errno = errno; int save_errno = errno;
krb5_set_error_string(context, "failed to open %s: %s", krb5_set_error_message(context, save_errno, "failed to open %s: %s",
filename, strerror(save_errno)); filename, strerror(save_errno));
return save_errno; return save_errno;
} }
if(fread(buf, 1, 2, f) != 2) { if(fread(buf, 1, 2, f) != 2) {
krb5_set_error_string(context, "end of file reading %s", filename);
fclose(f); fclose(f);
krb5_set_error_message(context, HEIM_ERR_EOF, "end of file reading %s", filename);
return HEIM_ERR_EOF; return HEIM_ERR_EOF;
} }

36
lib/hdb/ndbm.c
View File

@@ -110,9 +110,9 @@ NDBM_seq(krb5_context context, HDB *db,
if (ret == 0 && entry->entry.principal == NULL) { if (ret == 0 && entry->entry.principal == NULL) {
entry->entry.principal = malloc (sizeof(*entry->entry.principal)); entry->entry.principal = malloc (sizeof(*entry->entry.principal));
if (entry->entry.principal == NULL) { if (entry->entry.principal == NULL) {
ret = ENOMEM;
hdb_free_entry (context, entry); hdb_free_entry (context, entry);
krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
} else { } else {
hdb_key2principal (context, &key_data, entry->entry.principal); hdb_key2principal (context, &key_data, entry->entry.principal);
} }
@@ -152,15 +152,15 @@ NDBM_rename(krb5_context context, HDB *db, const char *new_name)
asprintf(&new_lock, "%s.lock", new_name); asprintf(&new_lock, "%s.lock", new_name);
if(new_lock == NULL) { if(new_lock == NULL) {
db->hdb_unlock(context, db); db->hdb_unlock(context, db);
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600); lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600);
if(lock_fd < 0) { if(lock_fd < 0) {
ret = errno; ret = errno;
db->hdb_unlock(context, db); db->hdb_unlock(context, db);
krb5_set_error_string(context, "open(%s): %s", new_lock, krb5_set_error_message(context, ret, "open(%s): %s", new_lock,
strerror(ret)); strerror(ret));
free(new_lock); free(new_lock);
return ret; return ret;
} }
@@ -188,7 +188,7 @@ NDBM_rename(krb5_context context, HDB *db, const char *new_name)
if(ret) { if(ret) {
ret = errno; ret = errno;
close(lock_fd); close(lock_fd);
krb5_set_error_string(context, "rename: %s", strerror(ret)); krb5_set_error_message(context, ret, "rename: %s", strerror(ret));
return ret; return ret;
} }
@@ -284,13 +284,13 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode)
char *lock_file; char *lock_file;
if(d == NULL) { if(d == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
asprintf(&lock_file, "%s.lock", (char*)db->hdb_name); asprintf(&lock_file, "%s.lock", (char*)db->hdb_name);
if(lock_file == NULL) { if(lock_file == NULL) {
free(d); free(d);
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
d->db = dbm_open((char*)db->hdb_name, flags, mode); d->db = dbm_open((char*)db->hdb_name, flags, mode);
@@ -298,8 +298,8 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode)
ret = errno; ret = errno;
free(d); free(d);
free(lock_file); free(lock_file);
krb5_set_error_string(context, "dbm_open(%s): %s", db->hdb_name, krb5_set_error_message(context, ret, "dbm_open(%s): %s", db->hdb_name,
strerror(ret)); strerror(ret));
return ret; return ret;
} }
d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600); d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600);
@@ -307,8 +307,8 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode)
ret = errno; ret = errno;
dbm_close(d->db); dbm_close(d->db);
free(d); free(d);
krb5_set_error_string(context, "open(%s): %s", lock_file, krb5_set_error_message(context, ret, "open(%s): %s", lock_file,
strerror(ret)); strerror(ret));
free(lock_file); free(lock_file);
return ret; return ret;
} }
@@ -322,10 +322,10 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode)
return 0; return 0;
if (ret) { if (ret) {
NDBM_close(context, db); NDBM_close(context, db);
krb5_set_error_string(context, "hdb_open: failed %s database %s", krb5_set_error_message(context, ret, "hdb_open: failed %s database %s",
(flags & O_ACCMODE) == O_RDONLY ? (flags & O_ACCMODE) == O_RDONLY ?
"checking format of" : "initialize", "checking format of" : "initialize",
db->hdb_name); db->hdb_name);
} }
return ret; return ret;
} }
@@ -336,16 +336,16 @@ hdb_ndbm_create(krb5_context context, HDB **db,
{ {
*db = calloc(1, sizeof(**db)); *db = calloc(1, sizeof(**db));
if (*db == NULL) { if (*db == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
(*db)->hdb_db = NULL; (*db)->hdb_db = NULL;
(*db)->hdb_name = strdup(filename); (*db)->hdb_name = strdup(filename);
if ((*db)->hdb_name == NULL) { if ((*db)->hdb_name == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
free(*db); free(*db);
*db = NULL; *db = NULL;
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
(*db)->hdb_master_key_set = 0; (*db)->hdb_master_key_set = 0;

8
lib/hdb/print.c
View File

@@ -69,7 +69,7 @@ append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...)
vasprintf(&s, fmt, ap); vasprintf(&s, fmt, ap);
va_end(ap); va_end(ap);
if(s == NULL) { if(s == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
ret = krb5_storage_write(sp, s, strlen(s)); ret = krb5_storage_write(sp, s, strlen(s));
@@ -223,7 +223,7 @@ entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent)
if (hex_encode(d, size, &p) < 0) { if (hex_encode(d, size, &p) < 0) {
free(d); free(d);
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -248,7 +248,7 @@ hdb_entry2string (krb5_context context, hdb_entry *ent, char **str)
sp = krb5_storage_emem(); sp = krb5_storage_emem();
if(sp == NULL) { if(sp == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -278,7 +278,7 @@ hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data)
fflush(f); fflush(f);
sp = krb5_storage_from_fd(fileno(f)); sp = krb5_storage_from_fd(fileno(f));
if(sp == NULL) { if(sp == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }

49
lib/kadm5/ad.c
View File

@@ -278,14 +278,14 @@ _kadm5_ad_connect(void *server_handle)
asprintf(&domain, "_ldap._tcp.%s", context->realm); asprintf(&domain, "_ldap._tcp.%s", context->realm);
if (domain == NULL) { if (domain == NULL) {
krb5_set_error_string(context->context, "malloc"); krb5_set_error_message(context->context, KADM5_NO_SRV, "malloc");
return KADM5_NO_SRV; return KADM5_NO_SRV;
} }
r = dns_lookup(domain, "SRV"); r = dns_lookup(domain, "SRV");
free(domain); free(domain);
if (r == NULL) { if (r == NULL) {
krb5_set_error_string(context->context, "Didn't find ldap dns"); krb5_set_error_message(context->context, KADM5_NO_SRV, "Didn't find ldap dns");
return KADM5_NO_SRV; return KADM5_NO_SRV;
} }
@@ -294,7 +294,7 @@ _kadm5_ad_connect(void *server_handle)
continue; continue;
s = realloc(servers, sizeof(*servers) * (num_servers + 1)); s = realloc(servers, sizeof(*servers) * (num_servers + 1));
if (s == NULL) { if (s == NULL) {
krb5_set_error_string(context->context, "malloc"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "malloc");
dns_free_data(r); dns_free_data(r);
goto fail; goto fail;
} }
@@ -307,7 +307,7 @@ _kadm5_ad_connect(void *server_handle)
} }
if (num_servers == 0) { if (num_servers == 0) {
krb5_set_error_string(context->context, "No AD server found in DNS"); krb5_set_error_message(context->context, KADM5_NO_SRV, "No AD server found in DNS");
return KADM5_NO_SRV; return KADM5_NO_SRV;
} }
@@ -338,9 +338,9 @@ _kadm5_ad_connect(void *server_handle)
sasl_interact, NULL); sasl_interact, NULL);
#endif #endif
if (lret != LDAP_SUCCESS) { if (lret != LDAP_SUCCESS) {
krb5_set_error_string(context->context, krb5_set_error_message(context->context, 0,
"Couldn't contact any AD servers: %s", "Couldn't contact any AD servers: %s",
ldap_err2string(lret)); ldap_err2string(lret));
ldap_unbind(lp); ldap_unbind(lp);
continue; continue;
} }
@@ -370,16 +370,16 @@ _kadm5_ad_connect(void *server_handle)
if (ldap_count_entries(CTX2LP(context), m) > 0) { if (ldap_count_entries(CTX2LP(context), m) > 0) {
m0 = ldap_first_entry(CTX2LP(context), m); m0 = ldap_first_entry(CTX2LP(context), m);
if (m0 == NULL) { if (m0 == NULL) {
krb5_set_error_string(context->context, krb5_set_error_message(context->context, KADM5_RPC_ERROR,
"Error in AD ldap responce"); "Error in AD ldap responce");
ldap_msgfree(m); ldap_msgfree(m);
goto fail; goto fail;
} }
vals = ldap_get_values(CTX2LP(context), vals = ldap_get_values(CTX2LP(context),
m0, "defaultNamingContext"); m0, "defaultNamingContext");
if (vals == NULL) { if (vals == NULL) {
krb5_set_error_string(context->context, krb5_set_error_message(context->context, KADM5_RPC_ERROR,
"No naming context found"); "No naming context found");
goto fail; goto fail;
} }
context->base_dn = strdup(vals[0]); context->base_dn = strdup(vals[0]);
@@ -788,7 +788,7 @@ kadm5_ad_create_principal(void *server_handle,
return 0; return 0;
#else #else
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
#endif #endif
} }
@@ -830,7 +830,7 @@ kadm5_ad_delete_principal(void *server_handle, krb5_principal principal)
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
return 0; return 0;
#else #else
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
#endif #endif
} }
@@ -864,13 +864,8 @@ static kadm5_ret_t
kadm5_ad_flush(void *server_handle) kadm5_ad_flush(void *server_handle)
{ {
kadm5_ad_context *context = server_handle; kadm5_ad_context *context = server_handle;
#ifdef OPENLDAP krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
krb5_set_error_string(context->context, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
#else
krb5_set_error_string(context->context, "Function not implemented");
return KADM5_RPC_ERROR;
#endif
} }
static kadm5_ret_t static kadm5_ret_t
@@ -1014,7 +1009,7 @@ kadm5_ad_get_principal(void *server_handle,
fail: fail:
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
#else #else
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
#endif #endif
} }
@@ -1042,10 +1037,10 @@ kadm5_ad_get_principals(void *server_handle,
if (ret) if (ret)
return ret; return ret;
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
#else #else
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
#endif #endif
} }
@@ -1054,7 +1049,7 @@ static kadm5_ret_t
kadm5_ad_get_privs(void *server_handle, uint32_t*privs) kadm5_ad_get_privs(void *server_handle, uint32_t*privs)
{ {
kadm5_ad_context *context = server_handle; kadm5_ad_context *context = server_handle;
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
} }
@@ -1224,7 +1219,7 @@ kadm5_ad_modify_principal(void *server_handle,
free(tv[0]); free(tv[0]);
return ret; return ret;
#else #else
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
#endif #endif
} }
@@ -1308,7 +1303,7 @@ kadm5_ad_randkey_principal(void *server_handle,
*keys = NULL; *keys = NULL;
*n_keys = 0; *n_keys = 0;
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
#endif #endif
} }
@@ -1319,7 +1314,7 @@ kadm5_ad_rename_principal(void *server_handle,
krb5_principal to) krb5_principal to)
{ {
kadm5_ad_context *context = server_handle; kadm5_ad_context *context = server_handle;
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
} }
@@ -1330,7 +1325,7 @@ kadm5_ad_chpass_principal_with_key(void *server_handle,
krb5_key_data *key_data) krb5_key_data *key_data)
{ {
kadm5_ad_context *context = server_handle; kadm5_ad_context *context = server_handle;
krb5_set_error_string(context->context, "Function not implemented"); krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented");
return KADM5_RPC_ERROR; return KADM5_RPC_ERROR;
} }

2
lib/kadm5/chpass_s.c
View File

@@ -75,8 +75,8 @@ change(void *server_handle,
_kadm5_free_keys (context->context, num_keys, keys); _kadm5_free_keys (context->context, num_keys, keys);
if (cmp == 0) { if (cmp == 0) {
krb5_set_error_string(context->context, "Password reuse forbidden");
ret = KADM5_PASS_REUSE; ret = KADM5_PASS_REUSE;
krb5_set_error_message(context->context, ret, "Password reuse forbidden");
goto out2; goto out2;
} }

2
lib/kadm5/init_c.c
View File

@@ -351,7 +351,7 @@ _kadm5_c_get_cred_cache(krb5_context context,
user = get_default_username (); user = get_default_username ();
if(user == NULL) { if(user == NULL) {
krb5_set_error_string(context, "Unable to find local user name"); krb5_set_error_message(context, KADM5_FAILURE, "Unable to find local user name");
return KADM5_FAILURE; return KADM5_FAILURE;
} }
ret = krb5_make_principal(context, &default_client, ret = krb5_make_principal(context, &default_client,

62
lib/kadm5/log.c
View File

@@ -99,13 +99,15 @@ kadm5_log_init (kadm5_server_context *context)
return 0; return 0;
fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600); fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600);
if (fd < 0) { if (fd < 0) {
krb5_set_error_string(context->context, "kadm5_log_init: open %s", ret = errno;
krb5_set_error_message(context->context, ret, "kadm5_log_init: open %s",
log_context->log_file); log_context->log_file);
return errno; return ret;
} }
if (flock (fd, LOCK_EX) < 0) { if (flock (fd, LOCK_EX) < 0) {
krb5_set_error_string(context->context, "kadm5_log_init: flock %s", ret = errno;
log_context->log_file); krb5_set_error_message(context->context, ret, "kadm5_log_init: flock %s",
log_context->log_file);
close (fd); close (fd);
return errno; return errno;
} }
@@ -279,15 +281,15 @@ kadm5_log_replay_create (kadm5_server_context *context,
ret = krb5_data_alloc (&data, len); ret = krb5_data_alloc (&data, len);
if (ret) { if (ret) {
krb5_set_error_string(context->context, "out of memory"); krb5_set_error_message(context->context, ret, "out of memory");
return ret; return ret;
} }
krb5_storage_read (sp, data.data, len); krb5_storage_read (sp, data.data, len);
ret = hdb_value2entry (context->context, &data, &ent.entry); ret = hdb_value2entry (context->context, &data, &ent.entry);
krb5_data_free(&data); krb5_data_free(&data);
if (ret) { if (ret) {
krb5_set_error_string(context->context, krb5_set_error_message(context->context, ret,
"Unmarshaling hdb entry failed"); "Unmarshaling hdb entry failed");
return ret; return ret;
} }
ret = context->db->hdb_store(context->context, context->db, 0, &ent); ret = context->db->hdb_store(context->context, context->db, 0, &ent);
@@ -358,8 +360,8 @@ kadm5_log_replay_delete (kadm5_server_context *context,
ret = krb5_ret_principal (sp, &principal); ret = krb5_ret_principal (sp, &principal);
if (ret) { if (ret) {
krb5_set_error_string(context->context, "Failed to read deleted " krb5_set_error_message(context->context, ret, "Failed to read deleted "
"principal from log version: %ld", (long)ver); "principal from log version: %ld", (long)ver);
return ret; return ret;
} }
@@ -456,8 +458,8 @@ kadm5_log_replay_rename (kadm5_server_context *context,
off = krb5_storage_seek(sp, 0, SEEK_CUR); off = krb5_storage_seek(sp, 0, SEEK_CUR);
ret = krb5_ret_principal (sp, &source); ret = krb5_ret_principal (sp, &source);
if (ret) { if (ret) {
krb5_set_error_string(context->context, "Failed to read renamed " krb5_set_error_message(context->context, ret, "Failed to read renamed "
"principal in log, version: %ld", (long)ver); "principal in log, version: %ld", (long)ver);
return ret; return ret;
} }
princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off; princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off;
@@ -561,7 +563,7 @@ kadm5_log_replay_modify (kadm5_server_context *context,
len -= 4; len -= 4;
ret = krb5_data_alloc (&value, len); ret = krb5_data_alloc (&value, len);
if (ret) { if (ret) {
krb5_set_error_string(context->context, "out of memory"); krb5_set_error_message(context->context, ret, "out of memory");
return ret; return ret;
} }
krb5_storage_read (sp, value.data, len); krb5_storage_read (sp, value.data, len);
@@ -583,8 +585,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
if (ent.entry.valid_end == NULL) { if (ent.entry.valid_end == NULL) {
ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end)); ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end));
if (ent.entry.valid_end == NULL) { if (ent.entry.valid_end == NULL) {
krb5_set_error_string(context->context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context->context, ret, "out of memory");
goto out; goto out;
} }
} }
@@ -598,8 +600,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
if (ent.entry.pw_end == NULL) { if (ent.entry.pw_end == NULL) {
ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end)); ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end));
if (ent.entry.pw_end == NULL) { if (ent.entry.pw_end == NULL) {
krb5_set_error_string(context->context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context->context, ret, "out of memory");
goto out; goto out;
} }
} }
@@ -619,8 +621,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
if (ent.entry.max_life == NULL) { if (ent.entry.max_life == NULL) {
ent.entry.max_life = malloc (sizeof(*ent.entry.max_life)); ent.entry.max_life = malloc (sizeof(*ent.entry.max_life));
if (ent.entry.max_life == NULL) { if (ent.entry.max_life == NULL) {
krb5_set_error_string(context->context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context->context, ret, "out of memory");
goto out; goto out;
} }
} }
@@ -631,15 +633,15 @@ kadm5_log_replay_modify (kadm5_server_context *context,
if (ent.entry.modified_by == NULL) { if (ent.entry.modified_by == NULL) {
ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by)); ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by));
if (ent.entry.modified_by == NULL) { if (ent.entry.modified_by == NULL) {
krb5_set_error_string(context->context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context->context, ret, "out of memory");
goto out; goto out;
} }
} else } else
free_Event(ent.entry.modified_by); free_Event(ent.entry.modified_by);
ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by); ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by);
if (ret) { if (ret) {
krb5_set_error_string(context->context, "out of memory"); krb5_set_error_message(context->context, ret, "out of memory");
goto out; goto out;
} }
} }
@@ -665,8 +667,8 @@ kadm5_log_replay_modify (kadm5_server_context *context,
if (ent.entry.max_renew == NULL) { if (ent.entry.max_renew == NULL) {
ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew)); ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew));
if (ent.entry.max_renew == NULL) { if (ent.entry.max_renew == NULL) {
krb5_set_error_string(context->context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context->context, ret, "out of memory");
goto out; goto out;
} }
} }
@@ -695,14 +697,14 @@ kadm5_log_replay_modify (kadm5_server_context *context,
ent.entry.keys.len = num; ent.entry.keys.len = num;
ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val)); ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val));
if (ent.entry.keys.val == NULL) { if (ent.entry.keys.val == NULL) {
krb5_set_error_string(context->context, "out of memory"); krb5_set_error_message(context->context, ENOMEM, "out of memory");
return ENOMEM; return ENOMEM;
} }
for (i = 0; i < ent.entry.keys.len; ++i) { for (i = 0; i < ent.entry.keys.len; ++i) {
ret = copy_Key(&log_ent.entry.keys.val[i], ret = copy_Key(&log_ent.entry.keys.val[i],
&ent.entry.keys.val[i]); &ent.entry.keys.val[i]);
if (ret) { if (ret) {
krb5_set_error_string(context->context, "out of memory"); krb5_set_error_message(context->context, ret, "out of memory");
goto out; goto out;
} }
} }
@@ -717,7 +719,7 @@ kadm5_log_replay_modify (kadm5_server_context *context,
ret = copy_HDB_extensions(log_ent.entry.extensions, ret = copy_HDB_extensions(log_ent.entry.extensions,
ent.entry.extensions); ent.entry.extensions);
if (ret) { if (ret) {
krb5_set_error_string(context->context, "out of memory"); krb5_set_error_message(context->context, ret, "out of memory");
free(ent.entry.extensions); free(ent.entry.extensions);
ent.entry.extensions = es; ent.entry.extensions = es;
goto out; goto out;
@@ -868,8 +870,9 @@ kadm5_log_previous (krb5_context context,
goto end_of_storage; goto end_of_storage;
if (tmp != *ver) { if (tmp != *ver) {
krb5_storage_seek(sp, oldoff, SEEK_SET); krb5_storage_seek(sp, oldoff, SEEK_SET);
krb5_set_error_string(context, "kadm5_log_previous: log entry " krb5_set_error_message(context, KADM5_BAD_DB,
"have consistency failure, version number wrong"); "kadm5_log_previous: log entry "
"have consistency failure, version number wrong");
return KADM5_BAD_DB; return KADM5_BAD_DB;
} }
ret = krb5_ret_int32 (sp, &tmp); ret = krb5_ret_int32 (sp, &tmp);
@@ -883,16 +886,17 @@ kadm5_log_previous (krb5_context context,
goto end_of_storage; goto end_of_storage;
if (tmp != *len) { if (tmp != *len) {
krb5_storage_seek(sp, oldoff, SEEK_SET); krb5_storage_seek(sp, oldoff, SEEK_SET);
krb5_set_error_string(context, "kadm5_log_previous: log entry " krb5_set_error_message(context, KADM5_BAD_DB,
"have consistency failure, length wrong"); "kadm5_log_previous: log entry "
"have consistency failure, length wrong");
return KADM5_BAD_DB; return KADM5_BAD_DB;
} }
return 0; return 0;
end_of_storage: end_of_storage:
krb5_storage_seek(sp, oldoff, SEEK_SET); krb5_storage_seek(sp, oldoff, SEEK_SET);
krb5_set_error_string(context, "kadm5_log_previous: end of storage " krb5_set_error_message(context, ret, "kadm5_log_previous: end of storage "
"reached before end"); "reached before end");
return ret; return ret;
} }
@@ -919,8 +923,8 @@ kadm5_log_replay (kadm5_server_context *context,
case kadm_nop : case kadm_nop :
return kadm5_log_replay_nop (context, ver, len, sp); return kadm5_log_replay_nop (context, ver, len, sp);
default : default :
krb5_set_error_string(context->context, krb5_set_error_message(context->context, KADM5_FAILURE,
"Unsupported replay op %d", (int)op); "Unsupported replay op %d", (int)op);
return KADM5_FAILURE; return KADM5_FAILURE;
} }
} }

16
lib/kadm5/password_quality.c
View File

@@ -472,7 +472,7 @@ kadm5_check_password_quality (krb5_context context,
NULL); NULL);
if (v == NULL) { if (v == NULL) {
msg = (*passwd_quality_check) (context, principal, pwd_data); msg = (*passwd_quality_check) (context, principal, pwd_data);
krb5_set_error_string(context, "password policy failed: %s", msg); krb5_set_error_message(context, 0, "password policy failed: %s", msg);
return msg; return msg;
} }
@@ -483,16 +483,16 @@ kadm5_check_password_quality (krb5_context context,
proc = find_func(context, *vp); proc = find_func(context, *vp);
if (proc == NULL) { if (proc == NULL) {
msg = "failed to find password verifier function"; msg = "failed to find password verifier function";
krb5_set_error_string(context, "Failed to find password policy " krb5_set_error_message(context, 0, "Failed to find password policy "
"function: %s", *vp); "function: %s", *vp);
break; break;
} }
ret = (proc->func)(context, principal, pwd_data, NULL, ret = (proc->func)(context, principal, pwd_data, NULL,
error_msg, sizeof(error_msg)); error_msg, sizeof(error_msg));
if (ret) { if (ret) {
krb5_set_error_string(context, "Password policy " krb5_set_error_message(context, 0, "Password policy "
"%s failed with %s", "%s failed with %s",
proc->name, error_msg); proc->name, error_msg);
msg = error_msg; msg = error_msg;
break; break;
} }
@@ -504,8 +504,8 @@ kadm5_check_password_quality (krb5_context context,
if (msg == NULL && passwd_quality_check != min_length_passwd_quality_v0) { if (msg == NULL && passwd_quality_check != min_length_passwd_quality_v0) {
msg = (*passwd_quality_check) (context, principal, pwd_data); msg = (*passwd_quality_check) (context, principal, pwd_data);
if (msg) if (msg)
krb5_set_error_string(context, "(old) password policy " krb5_set_error_message(context, 0, "(old) password policy "
"failed with %s", msg); "failed with %s", msg);
} }
return msg; return msg;

4
lib/krb5/acache.c
View File

@@ -258,7 +258,7 @@ make_cred_from_ccred(krb5_context context,
nomem: nomem:
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc - out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
fail: fail:
krb5_free_cred_contents(context, cred); krb5_free_cred_contents(context, cred);
@@ -846,7 +846,7 @@ acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
iter = calloc(1, sizeof(*iter)); iter = calloc(1, sizeof(*iter));
if (iter == NULL) { if (iter == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }

6
lib/krb5/addr_families.c
View File

@@ -1111,10 +1111,12 @@ krb5_parse_address(krb5_context context,
error = getaddrinfo (string, NULL, NULL, &ai); error = getaddrinfo (string, NULL, NULL, &ai);
if (error) { if (error) {
krb5_error_code ret2;
save_errno = errno; save_errno = errno;
krb5_set_error_message (context, save_errno, "%s: %s", ret2 = krb5_eai_to_heim_errno(error, save_errno);
krb5_set_error_message (context, ret2, "%s: %s",
string, gai_strerror(error)); string, gai_strerror(error));
return krb5_eai_to_heim_errno(error, save_errno); return ret2;
} }
n = 0; n = 0;

14
lib/krb5/cache.c
View File

@@ -284,7 +284,7 @@ krb5_cc_get_full_name(krb5_context context,
} }
if (asprintf(str, "%s:%s", type, name) == -1) { if (asprintf(str, "%s:%s", type, name) == -1) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
*str = NULL; *str = NULL;
return ENOMEM; return ENOMEM;
} }
@@ -356,7 +356,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
if (append == NULL) { if (append == NULL) {
free(*res); free(*res);
*res = NULL; *res = NULL;
krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -367,7 +367,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
free(*res); free(*res);
*res = NULL; *res = NULL;
krb5_set_error_message(context, ENOMEM, krb5_set_error_message(context, ENOMEM,
"malloc - out of memory"); "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
*res = tmp; *res = tmp;
@@ -488,7 +488,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
} }
if (p == NULL) { if (p == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -535,7 +535,7 @@ krb5_cc_default(krb5_context context,
const char *p = krb5_cc_default_name(context); const char *p = krb5_cc_default_name(context);
if (p == NULL) { if (p == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
return krb5_cc_resolve(context, p, id); return krb5_cc_resolve(context, p, id);
@@ -907,7 +907,7 @@ krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
p = strdup(prefix); p = strdup(prefix);
if (p == NULL) { if (p == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return NULL; return NULL;
} }
p1 = strchr(p, ':'); p1 = strchr(p, ':');
@@ -967,7 +967,7 @@ krb5_cc_cache_get_first (krb5_context context,
*cursor = calloc(1, sizeof(**cursor)); *cursor = calloc(1, sizeof(**cursor));
if (*cursor == NULL) { if (*cursor == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }

2
lib/krb5/fcache.c
View File

@@ -785,7 +785,7 @@ fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
iter = calloc(1, sizeof(*iter)); iter = calloc(1, sizeof(*iter));
if (iter == NULL) { if (iter == NULL) {
krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
iter->first = 1; iter->first = 1;

7
lib/krb5/get_for_creds.c
View File

@@ -207,7 +207,6 @@ krb5_get_forwarded_creds (krb5_context context,
krb5_kdc_flags kdc_flags; krb5_kdc_flags kdc_flags;
krb5_crypto crypto; krb5_crypto crypto;
struct addrinfo *ai; struct addrinfo *ai;
int save_errno;
krb5_creds *ticket; krb5_creds *ticket;
paddrs = NULL; paddrs = NULL;
@@ -238,10 +237,10 @@ krb5_get_forwarded_creds (krb5_context context,
ret = getaddrinfo (hostname, NULL, NULL, &ai); ret = getaddrinfo (hostname, NULL, NULL, &ai);
if (ret) { if (ret) {
save_errno = errno; krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, errno);
krb5_set_error_string(context, "resolving %s: %s", krb5_set_error_message(context, ret2, "resolving %s: %s",
hostname, gai_strerror(ret)); hostname, gai_strerror(ret));
return krb5_eai_to_heim_errno(ret, save_errno); return ret2;
} }
ret = add_addrs (context, &addrs, ai); ret = add_addrs (context, &addrs, ai);

8
lib/krb5/get_host_realm.c
View File

@@ -206,7 +206,8 @@ _krb5_get_host_realm_int (krb5_context context,
(*realms)[1] = NULL; (*realms)[1] = NULL;
return 0; return 0;
} }
krb5_set_error_string(context, "unable to find realm of host %s", host); krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN,
"unable to find realm of host %s", host);
return KRB5_ERR_HOST_REALM_UNKNOWN; return KRB5_ERR_HOST_REALM_UNKNOWN;
} }
@@ -248,8 +249,9 @@ krb5_get_host_realm(krb5_context context,
*/ */
ret = krb5_get_default_realms(context, realms); ret = krb5_get_default_realms(context, realms);
if (ret) { if (ret) {
krb5_set_error_string(context, "Unable to find realm of host %s", krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN,
host); "Unable to find realm of host %s",
host);
return KRB5_ERR_HOST_REALM_UNKNOWN; return KRB5_ERR_HOST_REALM_UNKNOWN;
} }
} }

41
lib/krb5/get_in_tkt.c
View File

@@ -108,7 +108,7 @@ check_server_referral(krb5_context context,
return ret; return ret;
if (len != pa->padata_value.length) { if (len != pa->padata_value.length) {
free_EncryptedData(&ed); free_EncryptedData(&ed);
krb5_set_error_string(context, "Referral EncryptedData wrong"); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, "Referral EncryptedData wrong");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
@@ -135,7 +135,8 @@ check_server_referral(krb5_context context,
if (strcmp(requested->realm, returned->realm) != 0) { if (strcmp(requested->realm, returned->realm) != 0) {
free_PA_ServerReferralData(&ref); free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "server ref realm mismatch"); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"server ref realm mismatch");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
@@ -148,12 +149,14 @@ check_server_referral(krb5_context context,
|| strcmp(*ref.referred_realm, realm) != 0) || strcmp(*ref.referred_realm, realm) != 0)
{ {
free_PA_ServerReferralData(&ref); free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "tgt returned with wrong ref"); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"tgt returned with wrong ref");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
} else if (krb5_principal_compare(context, returned, requested) == 0) { } else if (krb5_principal_compare(context, returned, requested) == 0) {
free_PA_ServerReferralData(&ref); free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "req princ no same as returned"); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"req princ no same as returned");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
@@ -163,12 +166,14 @@ check_server_referral(krb5_context context,
ref.requested_principal_name); ref.requested_principal_name);
if (!cmp) { if (!cmp) {
free_PA_ServerReferralData(&ref); free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "compare requested failed"); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"compare requested failed");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
} else if (flags & EXTRACT_TICKET_AS_REQ) { } else if (flags & EXTRACT_TICKET_AS_REQ) {
free_PA_ServerReferralData(&ref); free_PA_ServerReferralData(&ref);
krb5_set_error_string(context, "Requested principal missing on AS-REQ"); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"Requested principal missing on AS-REQ");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
@@ -177,7 +182,8 @@ check_server_referral(krb5_context context,
return ret; return ret;
noreferral: noreferral:
if (krb5_principal_compare(context, requested, returned) == FALSE) { if (krb5_principal_compare(context, requested, returned) == FALSE) {
krb5_set_error_string(context, "Not same server principal returned " krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"Not same server principal returned "
"as requested"); "as requested");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
@@ -218,8 +224,8 @@ check_client_referral(krb5_context context,
pa->padata_value.length, pa->padata_value.length,
&canon, &len); &canon, &len);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to decode " krb5_set_error_message(context, ret, "Failed to decode "
"PA_ClientCanonicalized"); "PA_ClientCanonicalized");
return ret; return ret;
} }
@@ -245,7 +251,7 @@ check_client_referral(krb5_context context,
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
free(data.data); free(data.data);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to verify " krb5_set_error_message(context, ret, "Failed to verify "
"client canonicalized data"); "client canonicalized data");
free_PA_ClientCanonicalized(&canon); free_PA_ClientCanonicalized(&canon);
return ret; return ret;
@@ -256,7 +262,8 @@ check_client_referral(krb5_context context,
&canon.names.requested_name)) &canon.names.requested_name))
{ {
free_PA_ClientCanonicalized(&canon); free_PA_ClientCanonicalized(&canon);
krb5_set_error_string(context, "Requested name doesn't match" krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
"Requested name doesn't match"
" in client referral"); " in client referral");
return KRB5_PRINC_NOMATCH; return KRB5_PRINC_NOMATCH;
} }
@@ -265,7 +272,8 @@ check_client_referral(krb5_context context,
&canon.names.mapped_name)) &canon.names.mapped_name))
{ {
free_PA_ClientCanonicalized(&canon); free_PA_ClientCanonicalized(&canon);
krb5_set_error_string(context, "Mapped name doesn't match" krb5_set_error_message(context, KRB5_PRINC_NOMATCH,
"Mapped name doesn't match"
" in client referral"); " in client referral");
return KRB5_PRINC_NOMATCH; return KRB5_PRINC_NOMATCH;
} }
@@ -274,7 +282,8 @@ check_client_referral(krb5_context context,
noreferral: noreferral:
if (krb5_principal_compare(context, requested, mapped) == FALSE) { if (krb5_principal_compare(context, requested, mapped) == FALSE) {
krb5_set_error_string(context, "Not same client principal returned " krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
"Not same client principal returned "
"as requested"); "as requested");
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
@@ -457,7 +466,7 @@ _krb5_extract_ticket(krb5_context context,
if (creds->times.starttime == 0 if (creds->times.starttime == 0
&& abs(tmp_time - sec_now) > context->max_skew) { && abs(tmp_time - sec_now) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW; ret = KRB5KRB_AP_ERR_SKEW;
krb5_set_error_string (context, krb5_set_error_message (context, ret,
"time skew (%d) larger than max (%d)", "time skew (%d) larger than max (%d)",
abs(tmp_time - sec_now), abs(tmp_time - sec_now),
(int)context->max_skew); (int)context->max_skew);
@@ -798,9 +807,9 @@ init_as_req (krb5_context context,
key_proc, keyseed, a->req_body.etype.val, key_proc, keyseed, a->req_body.etype.val,
a->req_body.etype.len, &salt); a->req_body.etype.len, &salt);
} else { } else {
krb5_set_error_string (context, "pre-auth type %d not supported",
*ptypes);
ret = KRB5_PREAUTH_BAD_TYPE; ret = KRB5_PREAUTH_BAD_TYPE;
krb5_set_error_message (context, ret, "pre-auth type %d not supported",
*ptypes);
goto fail; goto fail;
} }
return 0; return 0;

12
lib/krb5/init_creds.c
View File

@@ -52,13 +52,13 @@ krb5_get_init_creds_opt_alloc(krb5_context context,
*opt = NULL; *opt = NULL;
o = calloc(1, sizeof(*o)); o = calloc(1, sizeof(*o));
if (o == NULL) { if (o == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
krb5_get_init_creds_opt_init(o); krb5_get_init_creds_opt_init(o);
o->opt_private = calloc(1, sizeof(*o->opt_private)); o->opt_private = calloc(1, sizeof(*o->opt_private));
if (o->opt_private == NULL) { if (o->opt_private == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
free(o); free(o);
return ENOMEM; return ENOMEM;
} }
@@ -77,7 +77,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context,
*out = NULL; *out = NULL;
opt = calloc(1, sizeof(*opt)); opt = calloc(1, sizeof(*opt));
if (opt == NULL) { if (opt == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
if (in) if (in)
@@ -85,7 +85,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context,
if(opt->opt_private == NULL) { if(opt->opt_private == NULL) {
opt->opt_private = calloc(1, sizeof(*opt->opt_private)); opt->opt_private = calloc(1, sizeof(*opt->opt_private));
if (opt->opt_private == NULL) { if (opt->opt_private == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
free(opt); free(opt);
return ENOMEM; return ENOMEM;
} }
@@ -327,7 +327,7 @@ require_ext_opt(krb5_context context,
const char *type) const char *type)
{ {
if (opt->opt_private == NULL) { if (opt->opt_private == NULL) {
krb5_set_error_string(context, "%s on non extendable opt", type); krb5_set_error_message(context, EINVAL, "%s on non extendable opt", type);
return EINVAL; return EINVAL;
} }
return 0; return 0;
@@ -381,7 +381,7 @@ krb5_get_init_creds_opt_get_error(krb5_context context,
*error = malloc(sizeof(**error)); *error = malloc(sizeof(**error));
if (*error == NULL) { if (*error == NULL) {
krb5_set_error_string(context, "malloc - out memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }

12
lib/krb5/init_creds_pw.c
View File

@@ -461,8 +461,8 @@ change_password (krb5_context context,
strlcpy (newpw, buf1, newpw_sz); strlcpy (newpw, buf1, newpw_sz);
ret = 0; ret = 0;
} else { } else {
krb5_set_error_string (context, "failed changing password");
ret = ENOTTY; ret = ENOTTY;
krb5_set_error_message(context, ret, "failed changing password");
} }
out: out:
@@ -1033,7 +1033,7 @@ pa_data_to_md_pkinit(krb5_context context,
ctx->pk_nonce, ctx->pk_nonce,
md); md);
#else #else
krb5_set_error_string(context, "no support for PKINIT compiled in"); krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in");
return EINVAL; return EINVAL;
#endif #endif
} }
@@ -1188,15 +1188,15 @@ process_pa_data_to_key(krb5_context context,
pa, pa,
key); key);
#else #else
krb5_set_error_string(context, "no support for PKINIT compiled in");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "no support for PKINIT compiled in");
#endif #endif
} else if (ctx->password) } else if (ctx->password)
ret = pa_data_to_key_plain(context, creds->client, ctx, ret = pa_data_to_key_plain(context, creds->client, ctx,
paid.salt, paid.s2kparams, etype, key); paid.salt, paid.s2kparams, etype, key);
else { else {
krb5_set_error_string(context, "No usable pa data type");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "No usable pa data type");
} }
free_paid(context, &paid); free_paid(context, &paid);
@@ -1322,8 +1322,8 @@ init_cred_loop(krb5_context context,
&md, &md,
NULL); NULL);
if (ret) if (ret)
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"failed to decode METHOD DATA"); "failed to decode METHOD DATA");
} else { } else {
/* XXX guess what the server want here add add md */ /* XXX guess what the server want here add add md */
} }

2
lib/krb5/kcm.c
View File

@@ -189,7 +189,7 @@ kcm_storage_request(krb5_context context,
*storage_p = sp; *storage_p = sp;
fail: fail:
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to encode request"); krb5_set_error_message(context, ret, "Failed to encode request");
krb5_storage_free(sp); krb5_storage_free(sp);
} }

11
lib/krb5/keyblock.c
View File

@@ -116,15 +116,16 @@ krb5_keyblock_init(krb5_context context,
return ret; return ret;
if (len != size) { if (len != size) {
krb5_set_error_string(context, "Encryption key %d is %lu bytes " krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
"long, %lu was passed in", "Encryption key %d is %lu bytes "
type, (unsigned long)len, (unsigned long)size); "long, %lu was passed in",
type, (unsigned long)len, (unsigned long)size);
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
} }
ret = krb5_data_copy(&key->keyvalue, data, len); ret = krb5_data_copy(&key->keyvalue, data, len);
if(ret) { if(ret) {
krb5_set_error_string(context, "malloc failed: %lu", krb5_set_error_message(context, ret, "malloc failed: %lu",
(unsigned long)len); (unsigned long)len);
return ret; return ret;
} }
key->keytype = type; key->keytype = type;

51
lib/krb5/keytab.c
View File

@@ -47,7 +47,8 @@ krb5_kt_register(krb5_context context,
struct krb5_keytab_data *tmp; struct krb5_keytab_data *tmp;
if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) { if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) {
krb5_set_error_string(context, "krb5_kt_register; prefix too long"); krb5_set_error_message(context, KRB5_KT_BADNAME,
"krb5_kt_register; prefix too long");
return KRB5_KT_BADNAME; return KRB5_KT_BADNAME;
} }
@@ -97,8 +98,9 @@ krb5_kt_resolve(krb5_context context,
break; break;
} }
if(i == context->num_kt_types) { if(i == context->num_kt_types) {
krb5_set_error_string(context, "unknown keytab type %.*s", krb5_set_error_message(context, KRB5_KT_UNKNOWN_TYPE,
(int)type_len, type); "unknown keytab type %.*s",
(int)type_len, type);
return KRB5_KT_UNKNOWN_TYPE; return KRB5_KT_UNKNOWN_TYPE;
} }
@@ -265,7 +267,7 @@ krb5_kt_get_full_name(krb5_context context,
return ret; return ret;
if (asprintf(str, "%s:%s", type, name) == -1) { if (asprintf(str, "%s:%s", type, name) == -1) {
krb5_set_error_string(context, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
*str = NULL; *str = NULL;
return ENOMEM; return ENOMEM;
} }
@@ -377,12 +379,12 @@ krb5_kt_get_entry(krb5_context context,
else else
kvno_str[0] = '\0'; kvno_str[0] = '\0';
krb5_set_error_string (context, krb5_set_error_message (context, KRB5_KT_NOTFOUND,
"Failed to find %s%s in keytab %s (%s)", "Failed to find %s%s in keytab %s (%s)",
princ, princ,
kvno_str, kvno_str,
kt_name ? kt_name : "unknown keytab", kt_name ? kt_name : "unknown keytab",
enctype_str ? enctype_str : "unknown enctype"); enctype_str ? enctype_str : "unknown enctype");
free(kt_name); free(kt_name);
free(enctype_str); free(enctype_str);
return KRB5_KT_NOTFOUND; return KRB5_KT_NOTFOUND;
@@ -443,9 +445,9 @@ krb5_kt_start_seq_get(krb5_context context,
krb5_kt_cursor *cursor) krb5_kt_cursor *cursor)
{ {
if(id->start_seq_get == NULL) { if(id->start_seq_get == NULL) {
krb5_set_error_string(context, krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP,
"start_seq_get is not supported in the %s " "start_seq_get is not supported in the %s "
" keytab", id->prefix); " keytab", id->prefix);
return HEIM_ERR_OPNOTSUPP; return HEIM_ERR_OPNOTSUPP;
} }
return (*id->start_seq_get)(context, id, cursor); return (*id->start_seq_get)(context, id, cursor);
@@ -464,9 +466,9 @@ krb5_kt_next_entry(krb5_context context,
krb5_kt_cursor *cursor) krb5_kt_cursor *cursor)
{ {
if(id->next_entry == NULL) { if(id->next_entry == NULL) {
krb5_set_error_string(context, krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP,
"next_entry is not supported in the %s " "next_entry is not supported in the %s "
" keytab", id->prefix); " keytab", id->prefix);
return HEIM_ERR_OPNOTSUPP; return HEIM_ERR_OPNOTSUPP;
} }
return (*id->next_entry)(context, id, entry, cursor); return (*id->next_entry)(context, id, entry, cursor);
@@ -482,9 +484,9 @@ krb5_kt_end_seq_get(krb5_context context,
krb5_kt_cursor *cursor) krb5_kt_cursor *cursor)
{ {
if(id->end_seq_get == NULL) { if(id->end_seq_get == NULL) {
krb5_set_error_string(context, krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP,
"end_seq_get is not supported in the %s " "end_seq_get is not supported in the %s "
" keytab", id->prefix); " keytab", id->prefix);
return HEIM_ERR_OPNOTSUPP; return HEIM_ERR_OPNOTSUPP;
} }
return (*id->end_seq_get)(context, id, cursor); return (*id->end_seq_get)(context, id, cursor);
@@ -501,8 +503,9 @@ krb5_kt_add_entry(krb5_context context,
krb5_keytab_entry *entry) krb5_keytab_entry *entry)
{ {
if(id->add == NULL) { if(id->add == NULL) {
krb5_set_error_string(context, "Add is not supported in the %s keytab", krb5_set_error_message(context, KRB5_KT_NOWRITE,
id->prefix); "Add is not supported in the %s keytab",
id->prefix);
return KRB5_KT_NOWRITE; return KRB5_KT_NOWRITE;
} }
entry->timestamp = time(NULL); entry->timestamp = time(NULL);
@@ -520,9 +523,9 @@ krb5_kt_remove_entry(krb5_context context,
krb5_keytab_entry *entry) krb5_keytab_entry *entry)
{ {
if(id->remove == NULL) { if(id->remove == NULL) {
krb5_set_error_string(context, krb5_set_error_message(context, KRB5_KT_NOWRITE,
"Remove is not supported in the %s keytab", "Remove is not supported in the %s keytab",
id->prefix); id->prefix);
return KRB5_KT_NOWRITE; return KRB5_KT_NOWRITE;
} }
return (*id->remove)(context, id, entry); return (*id->remove)(context, id, entry);

11
lib/krb5/keytab_any.c
View File

@@ -87,7 +87,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id)
prev = a; prev = a;
} }
if (a0 == NULL) { if (a0 == NULL) {
krb5_set_error_string(context, "empty ANY: keytab"); krb5_set_error_message(context, ENOENT, "empty ANY: keytab");
return ENOENT; return ENOENT;
} }
id->data = a0; id->data = a0;
@@ -206,8 +206,8 @@ any_add_entry(krb5_context context,
while(a != NULL) { while(a != NULL) {
ret = krb5_kt_add_entry(context, a->kt, entry); ret = krb5_kt_add_entry(context, a->kt, entry);
if(ret != 0 && ret != KRB5_KT_NOWRITE) { if(ret != 0 && ret != KRB5_KT_NOWRITE) {
krb5_set_error_string(context, "failed to add entry to %s", krb5_set_error_message(context, ret, "failed to add entry to %s",
a->name); a->name);
return ret; return ret;
} }
a = a->next; a = a->next;
@@ -229,8 +229,9 @@ any_remove_entry(krb5_context context,
found++; found++;
else { else {
if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) { if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) {
krb5_set_error_string(context, "failed to remove entry from %s", krb5_set_error_message(context, ret,
a->name); "Failed to remove keytab entry from %s",
a->name);
return ret; return ret;
} }
} }

28
lib/krb5/keytab_file.c
View File

@@ -174,16 +174,16 @@ krb5_kt_ret_principal(krb5_context context,
ret = krb5_ret_int16(sp, &len); ret = krb5_ret_int16(sp, &len);
if(ret) { if(ret) {
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"Failed decoding length of keytab principal"); "Failed decoding length of keytab principal");
goto out; goto out;
} }
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
len--; len--;
if (len < 0) { if (len < 0) {
krb5_set_error_string(context,
"Keytab principal contains invalid length");
ret = KRB5_KT_END; ret = KRB5_KT_END;
krb5_set_error_message(context, ret,
"Keytab principal contains invalid length");
goto out; goto out;
} }
ret = krb5_kt_ret_string(context, sp, &p->realm); ret = krb5_kt_ret_string(context, sp, &p->realm);
@@ -334,8 +334,8 @@ fkt_start_seq_get_int(krb5_context context,
c->fd = open (d->filename, flags); c->fd = open (d->filename, flags);
if (c->fd < 0) { if (c->fd < 0) {
ret = errno; ret = errno;
krb5_set_error_string(context, "keytab %s open failed: %s", krb5_set_error_message(context, ret, "keytab %s open failed: %s",
d->filename, strerror(ret)); d->filename, strerror(ret));
return ret; return ret;
} }
ret = _krb5_xlock(context, c->fd, exclusive, d->filename); ret = _krb5_xlock(context, c->fd, exclusive, d->filename);
@@ -492,8 +492,8 @@ fkt_add_entry(krb5_context context,
fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
if (fd < 0) { if (fd < 0) {
ret = errno; ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename, krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
strerror(ret)); strerror(ret));
return ret; return ret;
} }
ret = _krb5_xlock(context, fd, 1, d->filename); ret = _krb5_xlock(context, fd, 1, d->filename);
@@ -523,22 +523,22 @@ fkt_add_entry(krb5_context context,
properly */ properly */
ret = fkt_setup_keytab(context, id, sp); ret = fkt_setup_keytab(context, id, sp);
if(ret) { if(ret) {
krb5_set_error_string(context, "%s: keytab is corrupted: %s", krb5_set_error_message(context, ret, "%s: keytab is corrupted: %s",
d->filename, strerror(ret)); d->filename, strerror(ret));
goto out; goto out;
} }
storage_set_flags(context, sp, id->version); storage_set_flags(context, sp, id->version);
} else { } else {
if(pvno != 5) { if(pvno != 5) {
ret = KRB5_KEYTAB_BADVNO; ret = KRB5_KEYTAB_BADVNO;
krb5_set_error_string(context, "%s: %s", krb5_set_error_message(context, ret, "%s: %s",
d->filename, strerror(ret)); d->filename, strerror(ret));
goto out; goto out;
} }
ret = krb5_ret_int8 (sp, &tag); ret = krb5_ret_int8 (sp, &tag);
if (ret) { if (ret) {
krb5_set_error_string(context, "%s: reading tag: %s", krb5_set_error_message(context, ret, "%s: reading tag: %s",
d->filename, strerror(ret)); d->filename, strerror(ret));
goto out; goto out;
} }
id->version = tag; id->version = tag;

36
lib/krb5/keytab_keyfile.c
View File

@@ -72,13 +72,13 @@ get_cell_and_realm (krb5_context context, struct akf_data *d)
f = fopen (AFS_SERVERTHISCELL, "r"); f = fopen (AFS_SERVERTHISCELL, "r");
if (f == NULL) { if (f == NULL) {
ret = errno; ret = errno;
krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL, krb5_set_error_message (context, ret, "open %s: %s", AFS_SERVERTHISCELL,
strerror(ret)); strerror(ret));
return ret; return ret;
} }
if (fgets (buf, sizeof(buf), f) == NULL) { if (fgets (buf, sizeof(buf), f) == NULL) {
fclose (f); fclose (f);
krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL); krb5_set_error_message (context, EINVAL, "no cell in %s", AFS_SERVERTHISCELL);
return EINVAL; return EINVAL;
} }
buf[strcspn(buf, "\n")] = '\0'; buf[strcspn(buf, "\n")] = '\0';
@@ -96,8 +96,8 @@ get_cell_and_realm (krb5_context context, struct akf_data *d)
free (d->cell); free (d->cell);
d->cell = NULL; d->cell = NULL;
fclose (f); fclose (f);
krb5_set_error_string (context, "no realm in %s", krb5_set_error_message (context, EINVAL, "no realm in %s",
AFS_SERVERMAGICKRBCONF); AFS_SERVERMAGICKRBCONF);
return EINVAL; return EINVAL;
} }
buf[strcspn(buf, "\n")] = '\0'; buf[strcspn(buf, "\n")] = '\0';
@@ -197,8 +197,8 @@ akf_start_seq_get(krb5_context context,
c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600);
if (c->fd < 0) { if (c->fd < 0) {
ret = errno; ret = errno;
krb5_set_error_string(context, "keytab afs keyfil open %s failed: %s", krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s",
d->filename, strerror(ret)); d->filename, strerror(ret));
return ret; return ret;
} }
@@ -307,8 +307,8 @@ akf_add_entry(krb5_context context,
O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
if (fd < 0) { if (fd < 0) {
ret = errno; ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename, krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
strerror(ret)); strerror(ret));
return ret; return ret;
} }
created = 1; created = 1;
@@ -327,7 +327,7 @@ akf_add_entry(krb5_context context,
ret = errno; ret = errno;
krb5_storage_free(sp); krb5_storage_free(sp);
close(fd); close(fd);
krb5_set_error_string (context, "seek: %s", strerror(ret)); krb5_set_error_message(context, ret, "seek: %s", strerror(ret));
return ret; return ret;
} }
@@ -350,11 +350,12 @@ akf_add_entry(krb5_context context,
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
ret = krb5_ret_int32(sp, &kvno); ret = krb5_ret_int32(sp, &kvno);
if (ret) { if (ret) {
krb5_set_error_string (context, "Failed to get kvno "); krb5_set_error_message (context, ret, "Failed to get kvno ");
goto out; goto out;
} }
if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) { if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) {
krb5_set_error_string (context, "seek: %s", strerror(ret)); ret = errno;
krb5_set_error_message (context, ret, "seek: %s", strerror(ret));
goto out; goto out;
} }
if (kvno == entry->vno) { if (kvno == entry->vno) {
@@ -368,25 +369,26 @@ akf_add_entry(krb5_context context,
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) { if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "seek: %s", strerror(ret)); krb5_set_error_message (context, ret, "seek: %s", strerror(ret));
goto out; goto out;
} }
ret = krb5_store_int32(sp, len); ret = krb5_store_int32(sp, len);
if(ret) { if(ret) {
krb5_set_error_string(context, "keytab keyfile failed new length"); ret = errno;
krb5_set_error_message (context, ret, "keytab keyfile failed new length");
return ret; return ret;
} }
if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "seek to end: %s", strerror(ret)); krb5_set_error_message (context, ret, "seek to end: %s", strerror(ret));
goto out; goto out;
} }
ret = krb5_store_int32(sp, entry->vno); ret = krb5_store_int32(sp, entry->vno);
if(ret) { if(ret) {
krb5_set_error_string(context, "keytab keyfile failed store kvno"); krb5_set_error_message(context, ret, "keytab keyfile failed store kvno");
goto out; goto out;
} }
ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data,
@@ -396,7 +398,7 @@ akf_add_entry(krb5_context context,
ret = errno; ret = errno;
else else
ret = ENOTTY; ret = ENOTTY;
krb5_set_error_string(context, "keytab keyfile failed to add key"); krb5_set_error_message(context, ret, "keytab keyfile failed to add key");
goto out; goto out;
} }
ret = 0; ret = 0;

48
lib/krb5/keytab_krb4.c
View File

@@ -134,8 +134,8 @@ krb4_kt_start_seq_get_int (krb5_context context,
if (c->fd < 0) { if (c->fd < 0) {
ret = errno; ret = errno;
free (ed); free (ed);
krb5_set_error_string(context, "keytab krb5 open %s failed: %s", krb5_set_error_message(context, ret, "keytab krb5 open %s failed: %s",
d->filename, strerror(ret)); d->filename, strerror(ret));
return ret; return ret;
} }
c->sp = krb5_storage_from_fd(c->fd); c->sp = krb5_storage_from_fd(c->fd);
@@ -302,7 +302,7 @@ krb4_kt_add_entry (krb5_context context,
O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600);
if (fd < 0) { if (fd < 0) {
ret = errno; ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename, krb5_set_error_message(context, ret, "open(%s): %s", d->filename,
strerror(ret)); strerror(ret));
return ret; return ret;
} }
@@ -371,7 +371,8 @@ krb4_kt_remove_entry(krb5_context context,
memset(data.data, 0, data.length); memset(data.data, 0, data.length);
krb5_data_free(&data); krb5_data_free(&data);
if(errno == EACCES || errno == EROFS) { if(errno == EACCES || errno == EROFS) {
krb5_set_error_string(context, "failed to open %s for writing", krb5_set_error_message(context, KRB5_KT_NOWRITE,
"failed to open %s for writing",
d->filename); d->filename);
return KRB5_KT_NOWRITE; return KRB5_KT_NOWRITE;
} }
@@ -379,20 +380,24 @@ krb4_kt_remove_entry(krb5_context context,
} }
if(write(fd, data.data, data.length) != data.length) { if(write(fd, data.data, data.length) != data.length) {
int save_errno = errno;
memset(data.data, 0, data.length); memset(data.data, 0, data.length);
krb5_data_free(&data); krb5_data_free(&data);
close(fd); close(fd);
krb5_set_error_string(context, "failed writing to file %s", krb5_set_error_message(context, save_errno,
d->filename); "failed writing to file %s",
return errno; d->filename);
return save_errno;
} }
memset(data.data, 0, data.length); memset(data.data, 0, data.length);
if(fstat(fd, &st) < 0) { if(fstat(fd, &st) < 0) {
int save_errno = errno;
krb5_data_free(&data); krb5_data_free(&data);
close(fd); close(fd);
krb5_set_error_string(context, "failed getting size of file %s", krb5_set_error_message(context, save_errno,
d->filename); "failed getting size of file %s",
return errno; d->filename);
return save_errno;
} }
st.st_size -= data.length; st.st_size -= data.length;
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
@@ -400,32 +405,39 @@ krb4_kt_remove_entry(krb5_context context,
n = min(st.st_size, sizeof(buf)); n = min(st.st_size, sizeof(buf));
n = write(fd, buf, n); n = write(fd, buf, n);
if(n <= 0) { if(n <= 0) {
int save_errno = errno;
krb5_data_free(&data); krb5_data_free(&data);
close(fd); close(fd);
krb5_set_error_string(context, "failed writing to file %s", krb5_set_error_message(context, save_errno,
"failed writing to file %s",
d->filename); d->filename);
return errno; return save_errno;
} }
st.st_size -= n; st.st_size -= n;
} }
if(ftruncate(fd, data.length) < 0) { if(ftruncate(fd, data.length) < 0) {
int save_errno = errno;
krb5_data_free(&data); krb5_data_free(&data);
close(fd); close(fd);
krb5_set_error_string(context, "failed truncating file %s", krb5_set_error_message(context, save_errno,
"failed truncating file %s",
d->filename); d->filename);
return errno; return save_errno;
} }
krb5_data_free(&data); krb5_data_free(&data);
if(close(fd) < 0) { if(close(fd) < 0) {
krb5_set_error_string(context, "error closing %s", int save_errno = errno;
d->filename); krb5_set_error_message(context, save_errno,
return errno; "error closing %s",
d->filename);
return save_errno;
} }
return 0; return 0;
} else { } else {
krb5_storage_free(sp); krb5_storage_free(sp);
krb5_set_error_string(context, "Keytab entry not found"); krb5_set_error_message(context, KRB5_KT_NOTFOUND,
"Keytab entry not found");
return KRB5_KT_NOTFOUND; return KRB5_KT_NOTFOUND;
} }
} }

12
lib/krb5/krbhst.c
View File

@@ -72,7 +72,8 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
proto_num = string_to_proto(proto); proto_num = string_to_proto(proto);
if(proto_num < 0) { if(proto_num < 0) {
krb5_set_error_string(context, "unknown protocol `%s'", proto); krb5_set_error_message(context, EINVAL,
"unknown protocol `%s'", proto);
return EINVAL; return EINVAL;
} }
@@ -247,7 +248,7 @@ _krb5_krbhost_info_move(krb5_context context,
/* trailing NUL is included in structure */ /* trailing NUL is included in structure */
*to = calloc(1, sizeof(**to) + hostnamelen); *to = calloc(1, sizeof(**to) + hostnamelen);
if(*to == NULL) { if(*to == NULL) {
krb5_set_error_string(context, "malloc - out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -540,7 +541,7 @@ plugin_get_hosts(krb5_context context,
ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd); ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd);
(*service->fini)(ctx); (*service->fini)(ctx);
if (ret) { if (ret) {
krb5_set_error_string(context, "Plugin failed to lookup"); krb5_set_error_message(context, ret, "Plugin failed to lookup");
break; break;
} }
} }
@@ -832,7 +833,7 @@ krb5_krbhst_init_flags(krb5_context context,
def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444)); def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444));
break; break;
default: default:
krb5_set_error_string(context, "unknown krbhst type (%u)", type); krb5_set_error_message(context, ENOTTY, "unknown krbhst type (%u)", type);
return ENOTTY; return ENOTTY;
} }
if((kd = common_init(context, realm, flags)) == NULL) if((kd = common_init(context, realm, flags)) == NULL)
@@ -920,7 +921,8 @@ gethostlist(krb5_context context, const char *realm,
while(krb5_krbhst_next(context, handle, &hostinfo) == 0) while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
nhost++; nhost++;
if(nhost == 0) { if(nhost == 0) {
krb5_set_error_string(context, "No KDC found for realm %s", realm); krb5_set_error_message(context, KRB5_KDC_UNREACH,
"No KDC found for realm %s", realm);
return KRB5_KDC_UNREACH; return KRB5_KDC_UNREACH;
} }
*hostlist = calloc(nhost + 1, sizeof(**hostlist)); *hostlist = calloc(nhost + 1, sizeof(**hostlist));

9
lib/krb5/log.c
View File

@@ -277,7 +277,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
if(n){ if(n){
p = strchr(p, '/'); p = strchr(p, '/');
if(p == NULL) { if(p == NULL) {
krb5_set_error_string (context, "failed to parse \"%s\"", orig); krb5_set_error_message(context, HEIM_ERR_LOG_PARSE,
"failed to parse \"%s\"", orig);
return HEIM_ERR_LOG_PARSE; return HEIM_ERR_LOG_PARSE;
} }
p++; p++;
@@ -300,7 +301,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
O_TRUNC | O_APPEND, 0666); O_TRUNC | O_APPEND, 0666);
if(i < 0) { if(i < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "open(%s): %s", fn, krb5_set_error_message(context, ret, "open(%s): %s", fn,
strerror(ret)); strerror(ret));
free(fn); free(fn);
return ret; return ret;
@@ -309,7 +310,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
if(file == NULL){ if(file == NULL){
ret = errno; ret = errno;
close(i); close(i);
krb5_set_error_string (context, "fdopen(%s): %s", fn, krb5_set_error_message(context, ret, "fdopen(%s): %s", fn,
strerror(ret)); strerror(ret));
free(fn); free(fn);
return ret; return ret;
@@ -333,8 +334,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
strlcpy(facility, "AUTH", sizeof(facility)); strlcpy(facility, "AUTH", sizeof(facility));
ret = open_syslog(context, f, min, max, severity, facility); ret = open_syslog(context, f, min, max, severity, facility);
}else{ }else{
krb5_set_error_string (context, "unknown log type: %s", p);
ret = HEIM_ERR_LOG_PARSE; /* XXX */ ret = HEIM_ERR_LOG_PARSE; /* XXX */
krb5_set_error_message (context, ret, "unknown log type: %s", p);
} }
return ret; return ret;
} }

2
lib/krb5/mcache.c
View File

@@ -439,7 +439,7 @@ mcc_default_name(krb5_context context, char **str)
{ {
*str = strdup("MEMORY:"); *str = strdup("MEMORY:");
if (*str == NULL) { if (*str == NULL) {
krb5_set_error_string(context, ENOMEM, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
return 0; return 0;

8
lib/krb5/mk_rep.c
View File

@@ -61,18 +61,18 @@ krb5_mk_rep(krb5_context context,
auth_context, auth_context,
auth_context->keyblock); auth_context->keyblock);
if(ret) { if(ret) {
krb5_set_error_string (context,
"krb5_mk_rep: generating subkey");
free_EncAPRepPart(&body); free_EncAPRepPart(&body);
krb5_set_error_message(context, ret,
"krb5_mk_rep: generating subkey");
return ret; return ret;
} }
} }
ret = krb5_copy_keyblock(context, auth_context->local_subkey, ret = krb5_copy_keyblock(context, auth_context->local_subkey,
&body.subkey); &body.subkey);
if (ret) { if (ret) {
krb5_set_error_string (context,
"krb5_copy_keyblock: out of memory");
free_EncAPRepPart(&body); free_EncAPRepPart(&body);
krb5_set_error_message(context, ENOMEM,
"krb5_copy_keyblock: out of memory");
return ENOMEM; return ENOMEM;
} }
} else } else

106
lib/krb5/pac.c
View File

@@ -93,14 +93,14 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
p = calloc(1, sizeof(*p)); p = calloc(1, sizeof(*p));
if (p == NULL) { if (p == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
sp = krb5_storage_from_readonly_mem(ptr, len); sp = krb5_storage_from_readonly_mem(ptr, len);
if (sp == NULL) { if (sp == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -108,21 +108,21 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
CHECK(ret, krb5_ret_uint32(sp, &tmp), out); CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
CHECK(ret, krb5_ret_uint32(sp, &tmp2), out); CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
if (tmp < 1) { if (tmp < 1) {
krb5_set_error_string(context, "PAC have too few buffer");
ret = EINVAL; /* Too few buffers */ ret = EINVAL; /* Too few buffers */
krb5_set_error_message(context, ret, "PAC have too few buffer");
goto out; goto out;
} }
if (tmp2 != 0) { if (tmp2 != 0) {
krb5_set_error_string(context, "PAC have wrong version");
ret = EINVAL; /* Wrong version */ ret = EINVAL; /* Wrong version */
krb5_set_error_message(context, ret, "PAC have wrong version");
goto out; goto out;
} }
p->pac = calloc(1, p->pac = calloc(1,
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1))); sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
if (p->pac == NULL) { if (p->pac == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
@@ -143,52 +143,52 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
/* consistency checks */ /* consistency checks */
if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) { if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
krb5_set_error_string(context, "PAC out of allignment");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PAC out of allignment");
goto out; goto out;
} }
if (p->pac->buffers[i].offset_hi) { if (p->pac->buffers[i].offset_hi) {
krb5_set_error_string(context, "PAC high offset set");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PAC high offset set");
goto out; goto out;
} }
if (p->pac->buffers[i].offset_lo > len) { if (p->pac->buffers[i].offset_lo > len) {
krb5_set_error_string(context, "PAC offset off end");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PAC offset off end");
goto out; goto out;
} }
if (p->pac->buffers[i].offset_lo < header_end) { if (p->pac->buffers[i].offset_lo < header_end) {
krb5_set_error_string(context, "PAC offset inside header: %lu %lu", ret = EINVAL;
krb5_set_error_message(context, ret, "PAC offset inside header: %lu %lu",
(unsigned long)p->pac->buffers[i].offset_lo, (unsigned long)p->pac->buffers[i].offset_lo,
(unsigned long)header_end); (unsigned long)header_end);
ret = EINVAL;
goto out; goto out;
} }
if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){ if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
krb5_set_error_string(context, "PAC length off end");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PAC length off end");
goto out; goto out;
} }
/* let save pointer to data we need later */ /* let save pointer to data we need later */
if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) { if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
if (p->server_checksum) { if (p->server_checksum) {
krb5_set_error_string(context, "PAC have two server checksums");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PAC have two server checksums");
goto out; goto out;
} }
p->server_checksum = &p->pac->buffers[i]; p->server_checksum = &p->pac->buffers[i];
} else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) { } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
if (p->privsvr_checksum) { if (p->privsvr_checksum) {
krb5_set_error_string(context, "PAC have two KDC checksums");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PAC have two KDC checksums");
goto out; goto out;
} }
p->privsvr_checksum = &p->pac->buffers[i]; p->privsvr_checksum = &p->pac->buffers[i];
} else if (p->pac->buffers[i].type == PAC_LOGON_NAME) { } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
if (p->logon_name) { if (p->logon_name) {
krb5_set_error_string(context, "PAC have two logon names");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PAC have two logon names");
goto out; goto out;
} }
p->logon_name = &p->pac->buffers[i]; p->logon_name = &p->pac->buffers[i];
@@ -225,14 +225,14 @@ krb5_pac_init(krb5_context context, krb5_pac *pac)
p = calloc(1, sizeof(*p)); p = calloc(1, sizeof(*p));
if (p == NULL) { if (p == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
p->pac = calloc(1, sizeof(*p->pac)); p->pac = calloc(1, sizeof(*p->pac));
if (p->pac == NULL) { if (p->pac == NULL) {
free(p); free(p);
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -240,7 +240,7 @@ krb5_pac_init(krb5_context context, krb5_pac *pac)
if (ret) { if (ret) {
free (p->pac); free (p->pac);
free(p); free(p);
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
return ret; return ret;
} }
@@ -263,7 +263,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
ptr = realloc(p->pac, ptr = realloc(p->pac,
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
if (ptr == NULL) { if (ptr == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
p->pac = ptr; p->pac = ptr;
@@ -281,7 +281,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
old_end = p->data.length; old_end = p->data.length;
len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE; len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
if (len < p->data.length) { if (len < p->data.length) {
krb5_set_error_string(context, "integer overrun"); krb5_set_error_message(context, EINVAL, "integer overrun");
return EINVAL; return EINVAL;
} }
@@ -290,7 +290,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
ret = krb5_data_realloc(&p->data, len); ret = krb5_data_realloc(&p->data, len);
if (ret) { if (ret) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
return ret; return ret;
} }
@@ -331,7 +331,7 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p,
if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) { if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) {
ret = krb5_data_alloc(data, 16); ret = krb5_data_alloc(data, 16);
if (ret) { if (ret) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
return ret; return ret;
} }
memset(data->data, 0, data->length); memset(data->data, 0, data->length);
@@ -347,13 +347,13 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p,
ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len); ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
if (ret) { if (ret) {
krb5_set_error_string(context, "Out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
return ret; return ret;
} }
return 0; return 0;
} }
krb5_set_error_string(context, "No PAC buffer of type %lu was found", krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found",
(unsigned long)type); (unsigned long)type);
return ENOENT; return ENOENT;
} }
@@ -372,7 +372,7 @@ krb5_pac_get_types(krb5_context context,
*types = calloc(p->pac->numbuffers, sizeof(*types)); *types = calloc(p->pac->numbuffers, sizeof(*types));
if (*types == NULL) { if (*types == NULL) {
*len = 0; *len = 0;
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
for (i = 0; i < p->pac->numbuffers; i++) for (i = 0; i < p->pac->numbuffers; i++)
@@ -416,7 +416,7 @@ verify_checksum(krb5_context context,
sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
sig->buffersize); sig->buffersize);
if (sp == NULL) { if (sp == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -427,21 +427,21 @@ verify_checksum(krb5_context context,
sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR); sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
cksum.checksum.data = malloc(cksum.checksum.length); cksum.checksum.data = malloc(cksum.checksum.length);
if (cksum.checksum.data == NULL) { if (cksum.checksum.data == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length); ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
if (ret != cksum.checksum.length) { if (ret != cksum.checksum.length) {
krb5_set_error_string(context, "PAC checksum missing checksum");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PAC checksum missing checksum");
goto out; goto out;
} }
if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) { if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
krb5_set_error_string (context, "Checksum type %d not keyed",
cksum.cksumtype);
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "Checksum type %d not keyed",
cksum.cksumtype);
goto out; goto out;
} }
@@ -488,7 +488,7 @@ create_checksum(krb5_context context,
return ret; return ret;
if (cksum.checksum.length != siglen) { if (cksum.checksum.length != siglen) {
krb5_set_error_string(context, "pac checksum wrong length"); krb5_set_error_message(context, EINVAL, "pac checksum wrong length");
free_Checksum(&cksum); free_Checksum(&cksum);
return EINVAL; return EINVAL;
} }
@@ -531,7 +531,7 @@ verify_logonname(krb5_context context,
sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo, sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
logon_name->buffersize); logon_name->buffersize);
if (sp == NULL) { if (sp == NULL) {
krb5_set_error_string(context, "Out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -546,27 +546,27 @@ verify_logonname(krb5_context context,
t2 = ((uint64_t)time2 << 32) | time1; t2 = ((uint64_t)time2 << 32) | time1;
if (t1 != t2) { if (t1 != t2) {
krb5_storage_free(sp); krb5_storage_free(sp);
krb5_set_error_string(context, "PAC timestamp mismatch"); krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch");
return EINVAL; return EINVAL;
} }
} }
CHECK(ret, krb5_ret_uint16(sp, &len), out); CHECK(ret, krb5_ret_uint16(sp, &len), out);
if (len == 0) { if (len == 0) {
krb5_storage_free(sp); krb5_storage_free(sp);
krb5_set_error_string(context, "PAC logon name length missing"); krb5_set_error_message(context, EINVAL, "PAC logon name length missing");
return EINVAL; return EINVAL;
} }
s = malloc(len); s = malloc(len);
if (s == NULL) { if (s == NULL) {
krb5_storage_free(sp); krb5_storage_free(sp);
krb5_set_error_string(context, "Out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
ret = krb5_storage_read(sp, s, len); ret = krb5_storage_read(sp, s, len);
if (ret != len) { if (ret != len) {
krb5_storage_free(sp); krb5_storage_free(sp);
krb5_set_error_string(context, "Failed to read PAC logon name"); krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name");
return EINVAL; return EINVAL;
} }
krb5_storage_free(sp); krb5_storage_free(sp);
@@ -585,13 +585,13 @@ verify_logonname(krb5_context context,
free(s); free(s);
if (ret) { if (ret) {
free(ucs2); free(ucs2);
krb5_set_error_string(context, "Failed to convert string to UCS-2"); krb5_set_error_message(context, ret, "Failed to convert string to UCS-2");
return ret; return ret;
} }
ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len); ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len);
if (ret) { if (ret) {
free(ucs2); free(ucs2);
krb5_set_error_string(context, "Failed to count length of UCS-2 string"); krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string");
return ret; return ret;
} }
u8len += 1; /* Add space for NUL */ u8len += 1; /* Add space for NUL */
@@ -604,7 +604,7 @@ verify_logonname(krb5_context context,
ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len); ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len);
free(ucs2); free(ucs2);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to convert to UTF-8"); krb5_set_error_message(context, ret, "Failed to convert to UTF-8");
return ret; return ret;
} }
} }
@@ -614,8 +614,8 @@ verify_logonname(krb5_context context,
return ret; return ret;
if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) { if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
krb5_set_error_string(context, "PAC logon name mismatch");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PAC logon name mismatch");
} }
krb5_free_principal(context, p2); krb5_free_principal(context, p2);
return ret; return ret;
@@ -645,7 +645,7 @@ build_logon_name(krb5_context context,
sp = krb5_storage_emem(); sp = krb5_storage_emem();
if (sp == NULL) { if (sp == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -711,15 +711,15 @@ krb5_pac_verify(krb5_context context,
krb5_error_code ret; krb5_error_code ret;
if (pac->server_checksum == NULL) { if (pac->server_checksum == NULL) {
krb5_set_error_string(context, "PAC missing server checksum"); krb5_set_error_message(context, EINVAL, "PAC missing server checksum");
return EINVAL; return EINVAL;
} }
if (pac->privsvr_checksum == NULL) { if (pac->privsvr_checksum == NULL) {
krb5_set_error_string(context, "PAC missing kdc checksum"); krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum");
return EINVAL; return EINVAL;
} }
if (pac->logon_name == NULL) { if (pac->logon_name == NULL) {
krb5_set_error_string(context, "PAC missing logon name"); krb5_set_error_message(context, EINVAL, "PAC missing logon name");
return EINVAL; return EINVAL;
} }
@@ -796,7 +796,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
l = sizeof(zeros); l = sizeof(zeros);
sret = krb5_storage_write(sp, zeros, l); sret = krb5_storage_write(sp, zeros, l);
if (sret <= 0) { if (sret <= 0) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
len -= sret; len -= sret;
@@ -824,7 +824,7 @@ pac_checksum(krb5_context context,
return ret; return ret;
if (krb5_checksum_is_keyed(context, cktype) == FALSE) { if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
krb5_set_error_string(context, "PAC checksum type is not keyed"); krb5_set_error_message(context, EINVAL, "PAC checksum type is not keyed");
return EINVAL; return EINVAL;
} }
@@ -869,7 +869,7 @@ _krb5_pac_sign(krb5_context context,
ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1))); ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
if (ptr == NULL) { if (ptr == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
p->pac = ptr; p->pac = ptr;
@@ -907,7 +907,7 @@ _krb5_pac_sign(krb5_context context,
/* Encode PAC */ /* Encode PAC */
sp = krb5_storage_emem(); sp = krb5_storage_emem();
if (sp == NULL) { if (sp == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@@ -915,7 +915,7 @@ _krb5_pac_sign(krb5_context context,
spdata = krb5_storage_emem(); spdata = krb5_storage_emem();
if (spdata == NULL) { if (spdata == NULL) {
krb5_storage_free(sp); krb5_storage_free(sp);
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE); krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
@@ -954,8 +954,8 @@ _krb5_pac_sign(krb5_context context,
sret = krb5_storage_write(spdata, ptr, len); sret = krb5_storage_write(spdata, ptr, len);
if (sret != len) { if (sret != len) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
/* XXX if not aligned, fill_zeros */ /* XXX if not aligned, fill_zeros */
@@ -986,21 +986,21 @@ _krb5_pac_sign(krb5_context context,
/* export PAC */ /* export PAC */
ret = krb5_storage_to_data(spdata, &d); ret = krb5_storage_to_data(spdata, &d);
if (ret) { if (ret) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = krb5_storage_write(sp, d.data, d.length); ret = krb5_storage_write(sp, d.data, d.length);
if (ret != d.length) { if (ret != d.length) {
krb5_data_free(&d); krb5_data_free(&d);
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
krb5_data_free(&d); krb5_data_free(&d);
ret = krb5_storage_to_data(sp, &d); ret = krb5_storage_to_data(sp, &d);
if (ret) { if (ret) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }

235
lib/krb5/pkinit.c
View File

@@ -114,7 +114,7 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f)
bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL);
if (bn == NULL) { if (bn == NULL) {
krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); krb5_set_error_message(context, ENOMEM, "PKINIT: parsing BN failed %s", field);
return NULL; return NULL;
} }
BN_set_negative(bn, f->negative); BN_set_negative(bn, f->negative);
@@ -150,7 +150,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id,
ret = hx509_query_match_eku(q, cf[i].oid); ret = hx509_query_match_eku(q, cf[i].oid);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed setting %s OID", cf[i].type); "Failed setting %s OID", cf[i].type);
return ret; return ret;
} }
@@ -158,7 +158,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id,
if (ret == 0) if (ret == 0)
break; break;
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed cert for finding %s OID", cf[i].type); "Failed cert for finding %s OID", cf[i].type);
} }
return ret; return ret;
} }
@@ -179,7 +179,7 @@ create_signature(krb5_context context,
ret = hx509_query_alloc(id->hx509ctx, &q); ret = hx509_query_alloc(id->hx509ctx, &q);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Allocate query to find signing certificate"); "Allocate query to find signing certificate");
return ret; return ret;
} }
@@ -205,7 +205,7 @@ create_signature(krb5_context context,
hx509_cert_free(cert); hx509_cert_free(cert);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Create CMS signedData"); "Create CMS signedData");
return ret; return ret;
} }
@@ -536,8 +536,8 @@ pk_mk_padata(krb5_context context,
&ap, &size, ret); &ap, &size, ret);
free_AuthPack_Win2k(&ap); free_AuthPack_Win2k(&ap);
if (ret) { if (ret) {
krb5_set_error_string(context, "AuthPack_Win2k: %d", krb5_set_error_message(context, ret, "AuthPack_Win2k: %d",
(int)ret); (int)ret);
goto out; goto out;
} }
if (buf.length != size) if (buf.length != size)
@@ -558,7 +558,7 @@ pk_mk_padata(krb5_context context,
ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret); ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret);
free_AuthPack(&ap); free_AuthPack(&ap);
if (ret) { if (ret) {
krb5_set_error_string(context, "AuthPack: %d", (int)ret); krb5_set_error_message(context, ret, "AuthPack: %d", (int)ret);
goto out; goto out;
} }
if (buf.length != size) if (buf.length != size)
@@ -577,8 +577,8 @@ pk_mk_padata(krb5_context context,
ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf); ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf);
krb5_data_free(&sd_buf); krb5_data_free(&sd_buf);
if (ret) { if (ret) {
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"ContentInfo wrapping of signedData failed"); "ContentInfo wrapping of signedData failed");
goto out; goto out;
} }
@@ -615,7 +615,7 @@ pk_mk_padata(krb5_context context,
ret = build_edi(context, ctx->id->hx509ctx, ret = build_edi(context, ctx->id->hx509ctx,
ctx->id->anchors, req.trustedCertifiers); ctx->id->anchors, req.trustedCertifiers);
if (ret) { if (ret) {
krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers"); krb5_set_error_message(context, ret, "pk-init: failed to build trustedCertifiers");
free_PA_PK_AS_REQ(&req); free_PA_PK_AS_REQ(&req);
goto out; goto out;
} }
@@ -630,7 +630,7 @@ pk_mk_padata(krb5_context context,
} else } else
krb5_abortx(context, "internal pkinit error"); krb5_abortx(context, "internal pkinit error");
if (ret) { if (ret) {
krb5_set_error_string(context, "PA-PK-AS-REQ %d", (int)ret); krb5_set_error_message(context, ret, "PA-PK-AS-REQ %d", (int)ret);
goto out; goto out;
} }
if (buf.length != size) if (buf.length != size)
@@ -643,7 +643,7 @@ pk_mk_padata(krb5_context context,
if (ret == 0 && ctx->type == PKINIT_WIN2K) if (ret == 0 && ctx->type == PKINIT_WIN2K)
krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0);
out: out:
free_ContentInfo(&content_info); free_ContentInfo(&content_info);
return ret; return ret;
@@ -738,7 +738,7 @@ _krb5_pk_verify_sign(krb5_context context,
&signer_certs); &signer_certs);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"CMS verify signed failed"); "CMS verify signed failed");
return ret; return ret;
} }
@@ -752,11 +752,11 @@ _krb5_pk_verify_sign(krb5_context context,
ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert); ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed to get on of the signer certs"); "Failed to get on of the signer certs");
goto out; goto out;
} }
out: out:
hx509_certs_free(&signer_certs); hx509_certs_free(&signer_certs);
if (ret) { if (ret) {
if (*signer) { if (*signer) {
@@ -784,20 +784,19 @@ get_reply_key_win(krb5_context context,
&key_pack, &key_pack,
&size); &size);
if (ret) { if (ret) {
krb5_set_error_string(context, "PKINIT decoding reply key failed"); krb5_set_error_message(context, ret, "PKINIT decoding reply key failed");
free_ReplyKeyPack_Win2k(&key_pack); free_ReplyKeyPack_Win2k(&key_pack);
return ret; return ret;
} }
if (key_pack.nonce != nonce) { if (key_pack.nonce != nonce) {
krb5_set_error_string(context, "PKINIT enckey nonce is wrong"); krb5_set_error_message(context, ret, "PKINIT enckey nonce is wrong");
free_ReplyKeyPack_Win2k(&key_pack); free_ReplyKeyPack_Win2k(&key_pack);
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
*key = malloc (sizeof (**key)); *key = malloc (sizeof (**key));
if (*key == NULL) { if (*key == NULL) {
krb5_set_error_string(context, "PKINIT failed allocating reply key");
free_ReplyKeyPack_Win2k(&key_pack); free_ReplyKeyPack_Win2k(&key_pack);
krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
@@ -806,7 +805,7 @@ get_reply_key_win(krb5_context context,
ret = copy_EncryptionKey(&key_pack.replyKey, *key); ret = copy_EncryptionKey(&key_pack.replyKey, *key);
free_ReplyKeyPack_Win2k(&key_pack); free_ReplyKeyPack_Win2k(&key_pack);
if (ret) { if (ret) {
krb5_set_error_string(context, "PKINIT failed copying reply key"); krb5_set_error_message(context, ret, "PKINIT failed copying reply key");
free(*key); free(*key);
*key = NULL; *key = NULL;
} }
@@ -829,7 +828,7 @@ get_reply_key(krb5_context context,
&key_pack, &key_pack,
&size); &size);
if (ret) { if (ret) {
krb5_set_error_string(context, "PKINIT decoding reply key failed"); krb5_set_error_message(context, ret, "PKINIT decoding reply key failed");
free_ReplyKeyPack(&key_pack); free_ReplyKeyPack(&key_pack);
return ret; return ret;
} }
@@ -860,7 +859,6 @@ get_reply_key(krb5_context context,
*key = malloc (sizeof (**key)); *key = malloc (sizeof (**key));
if (*key == NULL) { if (*key == NULL) {
krb5_set_error_string(context, "PKINIT failed allocating reply key");
free_ReplyKeyPack(&key_pack); free_ReplyKeyPack(&key_pack);
krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
@@ -869,7 +867,7 @@ get_reply_key(krb5_context context,
ret = copy_EncryptionKey(&key_pack.replyKey, *key); ret = copy_EncryptionKey(&key_pack.replyKey, *key);
free_ReplyKeyPack(&key_pack); free_ReplyKeyPack(&key_pack);
if (ret) { if (ret) {
krb5_set_error_string(context, "PKINIT failed copying reply key"); krb5_set_error_message(context, ret, "PKINIT failed copying reply key");
free(*key); free(*key);
*key = NULL; *key = NULL;
} }
@@ -891,7 +889,7 @@ pk_verify_host(krb5_context context,
ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert, ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert,
oid_id_pkkdcekuoid(), 0); oid_id_pkkdcekuoid(), 0);
if (ret) { if (ret) {
krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate"); krb5_set_error_message(context, ret, "No PK-INIT KDC EKU in kdc certificate");
return ret; return ret;
} }
} }
@@ -904,8 +902,8 @@ pk_verify_host(krb5_context context,
oid_id_pkinit_san(), oid_id_pkinit_san(),
&list); &list);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to find the PK-INIT " krb5_set_error_message(context, ret, "Failed to find the PK-INIT "
"subjectAltName in the KDC certificate"); "subjectAltName in the KDC certificate");
return ret; return ret;
} }
@@ -918,8 +916,8 @@ pk_verify_host(krb5_context context,
&r, &r,
NULL); NULL);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to decode the PK-INIT " krb5_set_error_message(context, ret, "Failed to decode the PK-INIT "
"subjectAltName in the KDC certificate"); "subjectAltName in the KDC certificate");
break; break;
} }
@@ -928,11 +926,11 @@ pk_verify_host(krb5_context context,
strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 || strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 ||
strcmp(r.principalName.name_string.val[1], realm) != 0 || strcmp(r.principalName.name_string.val[1], realm) != 0 ||
strcmp(r.realm, realm) != 0) strcmp(r.realm, realm) != 0)
{ {
krb5_set_error_string(context, "KDC have wrong realm name in " ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
"the certificate"); krb5_set_error_message(context, ret, "KDC have wrong realm name in "
ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; "the certificate");
} }
free_KRB5PrincipalName(&r); free_KRB5PrincipalName(&r);
if (ret) if (ret)
@@ -951,8 +949,8 @@ pk_verify_host(krb5_context context,
hi->ai->ai_addr, hi->ai->ai_addrlen); hi->ai->ai_addr, hi->ai->ai_addrlen);
if (ret) if (ret)
krb5_set_error_string(context, "Address mismatch in " krb5_set_error_message(context, ret, "Address mismatch in "
"the KDC certificate"); "the KDC certificate");
} }
return ret; return ret;
} }
@@ -977,7 +975,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
heim_oid contentType = { 0, NULL }; heim_oid contentType = { 0, NULL };
if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) { if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) {
krb5_set_error_string(context, "PKINIT: Invalid content type"); krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type");
return EINVAL; return EINVAL;
} }
@@ -992,7 +990,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
&content); &content);
if (ret) { if (ret) {
pk_copy_error(context, ctx->id->hx509ctx, ret, pk_copy_error(context, ctx->id->hx509ctx, ret,
"Failed to unenvelope CMS data in PK-INIT reply"); "Failed to unenvelope CMS data in PK-INIT reply");
return ret; return ret;
} }
der_free_oid(&contentType); der_free_oid(&contentType);
@@ -1023,7 +1021,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL);
if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) { if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) {
ret = EINVAL; /* XXX */ ret = EINVAL; /* XXX */
krb5_set_error_string(context, "PKINIT: Invalid content type"); krb5_set_error_message(context, ret, "PKINIT: Invalid content type");
der_free_oid(&type); der_free_oid(&type);
der_free_octet_string(&out); der_free_octet_string(&out);
goto out; goto out;
@@ -1033,7 +1031,7 @@ pk_rd_pa_reply_enckey(krb5_context context,
ret = krb5_data_copy(&content, out.data, out.length); ret = krb5_data_copy(&content, out.data, out.length);
der_free_octet_string(&out); der_free_octet_string(&out);
if (ret) { if (ret) {
krb5_set_error_string(context, "PKINIT: out of memory"); krb5_set_error_message(context, ret, "PKINIT: out of memory");
goto out; goto out;
} }
} }
@@ -1057,14 +1055,14 @@ pk_rd_pa_reply_enckey(krb5_context context,
#if 0 #if 0
if (type == PKINIT_WIN2K) { if (type == PKINIT_WIN2K) {
if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) {
krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
goto out; goto out;
} }
} else { } else {
if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) { if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) {
krb5_set_error_string(context, "PKINIT: reply key, wrong oid");
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid");
goto out; goto out;
} }
} }
@@ -1122,7 +1120,7 @@ pk_rd_pa_reply_dh(krb5_context context,
memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); memset(&kdc_dh_info, 0, sizeof(kdc_dh_info));
if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) { if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) {
krb5_set_error_string(context, "PKINIT: Invalid content type"); krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type");
return EINVAL; return EINVAL;
} }
@@ -1142,8 +1140,8 @@ pk_rd_pa_reply_dh(krb5_context context,
goto out; goto out;
if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) {
krb5_set_error_string(context, "pkinit - dh reply contains wrong oid");
ret = KRB5KRB_AP_ERR_MSG_TYPE; ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_set_error_message(context, ret, "pkinit - dh reply contains wrong oid");
goto out; goto out;
} }
@@ -1153,35 +1151,35 @@ pk_rd_pa_reply_dh(krb5_context context,
&size); &size);
if (ret) { if (ret) {
krb5_set_error_string(context, "pkinit - " krb5_set_error_message(context, ret, "pkinit - "
"failed to decode KDC DH Key Info"); "failed to decode KDC DH Key Info");
goto out; goto out;
} }
if (kdc_dh_info.nonce != nonce) { if (kdc_dh_info.nonce != nonce) {
krb5_set_error_string(context, "PKINIT: DH nonce is wrong");
ret = KRB5KRB_AP_ERR_MODIFIED; ret = KRB5KRB_AP_ERR_MODIFIED;
krb5_set_error_message(context, ret, "PKINIT: DH nonce is wrong");
goto out; goto out;
} }
if (kdc_dh_info.dhKeyExpiration) { if (kdc_dh_info.dhKeyExpiration) {
if (k_n == NULL) { if (k_n == NULL) {
krb5_set_error_string(context, "pkinit; got key expiration "
"without server nonce");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "pkinit; got key expiration "
"without server nonce");
goto out; goto out;
} }
if (c_n == NULL) { if (c_n == NULL) {
krb5_set_error_string(context, "pkinit; got DH reuse but no "
"client nonce");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "pkinit; got DH reuse but no "
"client nonce");
goto out; goto out;
} }
} else { } else {
if (k_n) { if (k_n) {
krb5_set_error_string(context, "pkinit: got server nonce "
"without key expiration");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, "pkinit: got server nonce "
"without key expiration");
goto out; goto out;
} }
c_n = NULL; c_n = NULL;
@@ -1195,15 +1193,15 @@ pk_rd_pa_reply_dh(krb5_context context,
DHPublicKey k; DHPublicKey k;
ret = decode_DHPublicKey(p, size, &k, NULL); ret = decode_DHPublicKey(p, size, &k, NULL);
if (ret) { if (ret) {
krb5_set_error_string(context, "pkinit: can't decode " krb5_set_error_message(context, ret, "pkinit: can't decode "
"without key expiration"); "without key expiration");
goto out; goto out;
} }
kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k); kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k);
free_DHPublicKey(&k); free_DHPublicKey(&k);
if (kdc_dh_pubkey == NULL) { if (kdc_dh_pubkey == NULL) {
ret = KRB5KRB_ERR_GENERIC; ret = ENOMEM;
goto out; goto out;
} }
} }
@@ -1224,9 +1222,9 @@ pk_rd_pa_reply_dh(krb5_context context,
dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen),
kdc_dh_pubkey, ctx->dh); kdc_dh_pubkey, ctx->dh);
if (dh_gen_keylen == -1) { if (dh_gen_keylen == -1) {
krb5_set_error_string(context,
"PKINIT: Can't compute Diffie-Hellman key");
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
"PKINIT: Can't compute Diffie-Hellman key");
goto out; goto out;
} }
@@ -1243,8 +1241,8 @@ pk_rd_pa_reply_dh(krb5_context context,
c_n, k_n, c_n, k_n,
*key); *key);
if (ret) { if (ret) {
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"PKINIT: can't create key from DH key"); "PKINIT: can't create key from DH key");
free(*key); free(*key);
*key = NULL; *key = NULL;
goto out; goto out;
@@ -1289,7 +1287,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
heim_oid oid; heim_oid oid;
if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
krb5_set_error_string(context, "PKINIT: wrong padata recv"); krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv");
return EINVAL; return EINVAL;
} }
@@ -1298,7 +1296,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&rep, &rep,
&size); &size);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to decode pkinit AS rep"); krb5_set_error_message(context, ret, "Failed to decode pkinit AS rep");
return ret; return ret;
} }
@@ -1311,15 +1309,15 @@ _krb5_pk_rd_pa_reply(krb5_context context,
break; break;
default: default:
free_PA_PK_AS_REP(&rep); free_PA_PK_AS_REP(&rep);
krb5_set_error_string(context, "PKINIT: -27 reply " krb5_set_error_message(context, EINVAL, "PKINIT: -27 reply "
"invalid content type"); "invalid content type");
return EINVAL; return EINVAL;
} }
ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL); ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL);
if (ret) { if (ret) {
free_PA_PK_AS_REP(&rep); free_PA_PK_AS_REP(&rep);
krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI");
return ret; return ret;
} }
@@ -1348,7 +1346,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
#if 0 /* should this be ? */ #if 0 /* should this be ? */
if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { if (pa->padata_type != KRB5_PADATA_PK_AS_REP) {
krb5_set_error_string(context, "PKINIT: wrong padata recv"); krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv");
return EINVAL; return EINVAL;
} }
#endif #endif
@@ -1360,8 +1358,8 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&w2krep, &w2krep,
&size); &size);
if (ret) { if (ret) {
krb5_set_error_string(context, "PKINIT: Failed decoding windows " krb5_set_error_message(context, ret, "PKINIT: Failed decoding windows "
"pkinit reply %d", (int)ret); "pkinit reply %d", (int)ret);
return ret; return ret;
} }
@@ -1376,7 +1374,7 @@ _krb5_pk_rd_pa_reply(krb5_context context,
&oid, &data, NULL); &oid, &data, NULL);
free_PA_PK_AS_REP_Win2k(&w2krep); free_PA_PK_AS_REP_Win2k(&w2krep);
if (ret) { if (ret) {
krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI");
return ret; return ret;
} }
@@ -1389,15 +1387,15 @@ _krb5_pk_rd_pa_reply(krb5_context context,
} }
default: default:
free_PA_PK_AS_REP_Win2k(&w2krep); free_PA_PK_AS_REP_Win2k(&w2krep);
krb5_set_error_string(context, "PKINIT: win2k reply invalid "
"content type");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PKINIT: win2k reply invalid "
"content type");
break; break;
} }
} else { } else {
krb5_set_error_string(context, "PKINIT: unknown reply type");
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "PKINIT: unknown reply type");
} }
return ret; return ret;
@@ -1471,13 +1469,14 @@ _krb5_pk_load_id(krb5_context context,
*ret_id = NULL; *ret_id = NULL;
if (anchor_id == NULL) { if (anchor_id == NULL) {
krb5_set_error_string(context, "PKINIT: No anchor given"); krb5_set_error_message(context, HEIM_PKINIT_NO_VALID_CA,
"PKINIT: No anchor given");
return HEIM_PKINIT_NO_VALID_CA; return HEIM_PKINIT_NO_VALID_CA;
} }
if (user_id == NULL) { if (user_id == NULL) {
krb5_set_error_string(context, krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY,
"PKINIT: No user certificate given"); "PKINIT: No user certificate given");
return HEIM_PKINIT_NO_PRIVATE_KEY; return HEIM_PKINIT_NO_PRIVATE_KEY;
} }
@@ -1510,14 +1509,14 @@ _krb5_pk_load_id(krb5_context context,
ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs); ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed to init cert certs"); "Failed to init cert certs");
goto out; goto out;
} }
ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors); ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed to init anchors"); "Failed to init anchors");
goto out; goto out;
} }
@@ -1525,7 +1524,7 @@ _krb5_pk_load_id(krb5_context context,
0, NULL, &id->certpool); 0, NULL, &id->certpool);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed to init chain"); "Failed to init chain");
goto out; goto out;
} }
@@ -1534,8 +1533,8 @@ _krb5_pk_load_id(krb5_context context,
NULL, *chain_list); NULL, *chain_list);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed to laod chain %s", "Failed to laod chain %s",
*chain_list); *chain_list);
goto out; goto out;
} }
chain_list++; chain_list++;
@@ -1545,7 +1544,7 @@ _krb5_pk_load_id(krb5_context context,
ret = hx509_revoke_init(id->hx509ctx, &id->revokectx); ret = hx509_revoke_init(id->hx509ctx, &id->revokectx);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed init revoke list"); "Failed init revoke list");
goto out; goto out;
} }
@@ -1555,7 +1554,7 @@ _krb5_pk_load_id(krb5_context context,
*revoke_list); *revoke_list);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed load revoke list"); "Failed load revoke list");
goto out; goto out;
} }
revoke_list++; revoke_list++;
@@ -1566,14 +1565,14 @@ _krb5_pk_load_id(krb5_context context,
ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx); ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx);
if (ret) { if (ret) {
pk_copy_error(context, id->hx509ctx, ret, pk_copy_error(context, id->hx509ctx, ret,
"Failed init verify context"); "Failed init verify context");
goto out; goto out;
} }
hx509_verify_attach_anchors(id->verify_ctx, id->anchors); hx509_verify_attach_anchors(id->verify_ctx, id->anchors);
hx509_verify_attach_revoke(id->verify_ctx, id->revokectx); hx509_verify_attach_revoke(id->verify_ctx, id->revokectx);
out: out:
if (ret) { if (ret) {
hx509_verify_destroy_ctx(id->verify_ctx); hx509_verify_destroy_ctx(id->verify_ctx);
hx509_certs_free(&id->certs); hx509_certs_free(&id->certs);
@@ -1607,10 +1606,10 @@ select_dh_group(krb5_context context, DH *dh, unsigned long bits,
break; break;
} }
if (moduli[i] == NULL) { if (moduli[i] == NULL) {
krb5_set_error_string(context, krb5_set_error_message(context, EINVAL,
"Did not find a DH group parameter " "Did not find a DH group parameter "
"matching requirement of %lu bits", "matching requirement of %lu bits",
bits); bits);
return EINVAL; return EINVAL;
} }
m = moduli[i]; m = moduli[i];
@@ -1657,7 +1656,7 @@ pk_copy_error(krb5_context context,
free(f); free(f);
return; return;
} }
krb5_set_error_string(context, "%s: %s", f, s); krb5_set_error_message(context, hxret, "%s: %s", f, s);
free(s); free(s);
free(f); free(f);
} }
@@ -1672,15 +1671,15 @@ parse_integer(krb5_context context, char **p, const char *file, int lineno,
char *p1; char *p1;
p1 = strsep(p, " \t"); p1 = strsep(p, " \t");
if (p1 == NULL) { if (p1 == NULL) {
krb5_set_error_string(context, "moduli file %s missing %s on line %d", krb5_set_error_message(context, EINVAL, "moduli file %s missing %s on line %d",
file, name, lineno); file, name, lineno);
return EINVAL; return EINVAL;
} }
ret = der_parse_hex_heim_integer(p1, integer); ret = der_parse_hex_heim_integer(p1, integer);
if (ret) { if (ret) {
krb5_set_error_string(context, "moduli file %s failed parsing %s " krb5_set_error_message(context, ret, "moduli file %s failed parsing %s "
"on line %d", "on line %d",
file, name, lineno); file, name, lineno);
return ret; return ret;
} }
@@ -1714,28 +1713,28 @@ _krb5_parse_moduli_line(krb5_context context,
p1 = strsep(&p, " \t"); p1 = strsep(&p, " \t");
if (p1 == NULL) { if (p1 == NULL) {
krb5_set_error_string(context, "moduli file %s missing name " krb5_set_error_message(context, ret, "moduli file %s missing name "
"on line %d", file, lineno); "on line %d", file, lineno);
goto out; goto out;
} }
m1->name = strdup(p1); m1->name = strdup(p1);
if (p1 == NULL) { if (p1 == NULL) {
krb5_set_error_string(context, "malloc - out of memeory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc - out of memeory");
goto out; goto out;
} }
p1 = strsep(&p, " \t"); p1 = strsep(&p, " \t");
if (p1 == NULL) { if (p1 == NULL) {
krb5_set_error_string(context, "moduli file %s missing bits on line %d", krb5_set_error_message(context, ret, "moduli file %s missing bits on line %d",
file, lineno); file, lineno);
goto out; goto out;
} }
m1->bits = atoi(p1); m1->bits = atoi(p1);
if (m1->bits == 0) { if (m1->bits == 0) {
krb5_set_error_string(context, "moduli file %s have un-parsable " krb5_set_error_message(context, ret, "moduli file %s have un-parsable "
"bits on line %d", file, lineno); "bits on line %d", file, lineno);
goto out; goto out;
} }
@@ -1752,7 +1751,7 @@ _krb5_parse_moduli_line(krb5_context context,
*m = m1; *m = m1;
return 0; return 0;
out: out:
free(m1->name); free(m1->name);
der_free_heim_integer(&m1->p); der_free_heim_integer(&m1->p);
der_free_heim_integer(&m1->g); der_free_heim_integer(&m1->g);
@@ -1921,19 +1920,23 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits,
if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 && if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 &&
der_heim_integer_cmp(&moduli[i]->p, p) == 0 && der_heim_integer_cmp(&moduli[i]->p, p) == 0 &&
(q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0)) (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0))
{ {
if (bits && bits > moduli[i]->bits) { if (bits && bits > moduli[i]->bits) {
krb5_set_error_string(context, "PKINIT: DH group parameter %s " krb5_set_error_message(context,
"no accepted, not enough bits generated", KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED,
moduli[i]->name); "PKINIT: DH group parameter %s "
return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; "no accepted, not enough bits generated",
moduli[i]->name);
return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
}
if (name)
*name = strdup(moduli[i]->name);
return 0;
} }
if (name)
*name = strdup(moduli[i]->name);
return 0;
}
} }
krb5_set_error_string(context, "PKINIT: DH group parameter no ok"); krb5_set_error_message(context,
KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED,
"PKINIT: DH group parameter no ok");
return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
} }
@@ -1948,7 +1951,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt)
ctx = opt->opt_private->pk_init_ctx; ctx = opt->opt_private->pk_init_ctx;
if (ctx->dh) if (ctx->dh)
DH_free(ctx->dh); DH_free(ctx->dh);
ctx->dh = NULL; ctx->dh = NULL;
if (ctx->id) { if (ctx->id) {
hx509_verify_destroy_ctx(ctx->id->verify_ctx); hx509_verify_destroy_ctx(ctx->id->verify_ctx);
hx509_certs_free(&ctx->id->certs); hx509_certs_free(&ctx->id->certs);
@@ -1988,7 +1991,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
char *anchors = NULL; char *anchors = NULL;
if (opt->opt_private == NULL) { if (opt->opt_private == NULL) {
krb5_set_error_string(context, "PKINIT: on non extendable opt"); krb5_set_error_message(context, EINVAL, "PKINIT: on non extendable opt");
return EINVAL; return EINVAL;
} }
@@ -2079,15 +2082,15 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
} }
if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) { if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) {
krb5_set_error_string(context, "pkinit: failed to generate DH key");
_krb5_get_init_creds_opt_free_pkinit(opt); _krb5_get_init_creds_opt_free_pkinit(opt);
krb5_set_error_message(context, ENOMEM, "pkinit: failed to generate DH key");
return ENOMEM; return ENOMEM;
} }
} }
return 0; return 0;
#else #else
krb5_set_error_string(context, "no support for PKINIT compiled in"); krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in");
return EINVAL; return EINVAL;
#endif #endif
} }

16
lib/krb5/plugin.c
View File

@@ -87,7 +87,7 @@ loadlib(krb5_context context,
{ {
*e = calloc(1, sizeof(**e)); *e = calloc(1, sizeof(**e));
if (*e == NULL) { if (*e == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -99,8 +99,8 @@ loadlib(krb5_context context,
if ((*e)->dsohandle == NULL) { if ((*e)->dsohandle == NULL) {
free(*e); free(*e);
*e = NULL; *e = NULL;
krb5_set_error_string(context, "Failed to load %s: %s", krb5_set_error_message(context, ENOMEM, "Failed to load %s: %s",
lib, dlerror()); lib, dlerror());
return ENOMEM; return ENOMEM;
} }
@@ -139,14 +139,14 @@ krb5_plugin_register(krb5_context context,
e = calloc(1, sizeof(*e)); e = calloc(1, sizeof(*e));
if (e == NULL) { if (e == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
e->type = type; e->type = type;
e->name = strdup(name); e->name = strdup(name);
if (e->name == NULL) { if (e->name == NULL) {
free(e); free(e);
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
e->symbol = symbol; e->symbol = symbol;
@@ -185,8 +185,8 @@ _krb5_plugin_find(krb5_context context,
e = calloc(1, sizeof(*e)); e = calloc(1, sizeof(*e));
if (e == NULL) { if (e == NULL) {
HEIMDAL_MUTEX_unlock(&plugin_mutex); HEIMDAL_MUTEX_unlock(&plugin_mutex);
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
e->symbol = p->symbol; e->symbol = p->symbol;
@@ -214,8 +214,8 @@ _krb5_plugin_find(krb5_context context,
while ((entry = readdir(d)) != NULL) { while ((entry = readdir(d)) != NULL) {
asprintf(&path, "%s/%s", *di, entry->d_name); asprintf(&path, "%s/%s", *di, entry->d_name);
if (path == NULL) { if (path == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out; goto out;
} }
ret = loadlib(context, type, name, path, &e); ret = loadlib(context, type, name, path, &e);
@@ -233,7 +233,7 @@ _krb5_plugin_find(krb5_context context,
#endif /* HAVE_DLOPEN */ #endif /* HAVE_DLOPEN */
if (*list == NULL) { if (*list == NULL) {
krb5_set_error_string(context, "Did not find a plugin for %s", name); krb5_set_error_message(context, ENOENT, "Did not find a plugin for %s", name);
return ENOENT; return ENOENT;
} }

52
lib/krb5/principal.c
View File

@@ -149,8 +149,9 @@ krb5_parse_name_flags(krb5_context context,
#define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM) #define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM)
if ((flags & RFLAGS) == RFLAGS) { if ((flags & RFLAGS) == RFLAGS) {
krb5_set_error_string(context, "Can't require both realm and " krb5_set_error_message(context, KRB5_ERR_NO_SERVICE,
"no realm at the same time"); "Can't require both realm and "
"no realm at the same time");
return KRB5_ERR_NO_SERVICE; return KRB5_ERR_NO_SERVICE;
} }
#undef RFLAGS #undef RFLAGS
@@ -163,7 +164,7 @@ krb5_parse_name_flags(krb5_context context,
for(p = name; *p; p++){ for(p = name; *p; p++){
if(*p=='\\'){ if(*p=='\\'){
if(!p[1]) { if(!p[1]) {
krb5_set_error_string (context, krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"trailing \\ in principal name"); "trailing \\ in principal name");
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
} }
@@ -200,9 +201,9 @@ krb5_parse_name_flags(krb5_context context,
else if(c == '0') else if(c == '0')
c = '\0'; c = '\0';
else if(c == '\0') { else if(c == '\0') {
krb5_set_error_string (context,
"trailing \\ in principal name");
ret = KRB5_PARSE_MALFORMED; ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret,
"trailing \\ in principal name");
goto exit; goto exit;
} }
}else if(enterprise && first_at) { }else if(enterprise && first_at) {
@@ -210,9 +211,9 @@ krb5_parse_name_flags(krb5_context context,
first_at = 0; first_at = 0;
}else if((c == '/' && !enterprise) || c == '@'){ }else if((c == '/' && !enterprise) || c == '@'){
if(got_realm){ if(got_realm){
krb5_set_error_string (context,
"part after realm in principal name");
ret = KRB5_PARSE_MALFORMED; ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret,
"part after realm in principal name");
goto exit; goto exit;
}else{ }else{
comp[n] = malloc(q - start + 1); comp[n] = malloc(q - start + 1);
@@ -231,18 +232,18 @@ krb5_parse_name_flags(krb5_context context,
continue; continue;
} }
if(got_realm && (c == ':' || c == '/' || c == '\0')) { if(got_realm && (c == ':' || c == '/' || c == '\0')) {
krb5_set_error_string (context,
"part after realm in principal name");
ret = KRB5_PARSE_MALFORMED; ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret,
"part after realm in principal name");
goto exit; goto exit;
} }
*q++ = c; *q++ = c;
} }
if(got_realm){ if(got_realm){
if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
krb5_set_error_string (context, "realm found in 'short' principal "
"expected to be without one");
ret = KRB5_PARSE_MALFORMED; ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret, "realm found in 'short' principal "
"expected to be without one");
goto exit; goto exit;
} }
realm = malloc(q - start + 1); realm = malloc(q - start + 1);
@@ -255,9 +256,9 @@ krb5_parse_name_flags(krb5_context context,
realm[q - start] = 0; realm[q - start] = 0;
}else{ }else{
if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) { if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) {
krb5_set_error_string (context, "realm NOT found in principal "
"expected to be with one");
ret = KRB5_PARSE_MALFORMED; ret = KRB5_PARSE_MALFORMED;
krb5_set_error_message(context, ret, "realm NOT found in principal "
"expected to be with one");
goto exit; goto exit;
} else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
realm = NULL; realm = NULL;
@@ -350,7 +351,8 @@ unparse_name_fixed(krb5_context context,
int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0; int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
if (!no_realm && princ_realm(principal) == NULL) { if (!no_realm && princ_realm(principal) == NULL) {
krb5_set_error_string(context, "Realm missing from principal, " krb5_set_error_message(context, ERANGE,
"Realm missing from principal, "
"can't unparse"); "can't unparse");
return ERANGE; return ERANGE;
} }
@@ -360,7 +362,7 @@ unparse_name_fixed(krb5_context context,
add_char(name, idx, len, '/'); add_char(name, idx, len, '/');
idx = quote_string(princ_ncomp(principal, i), name, idx, len, display); idx = quote_string(princ_ncomp(principal, i), name, idx, len, display);
if(idx == len) { if(idx == len) {
krb5_set_error_string(context, "Out of space printing principal"); krb5_set_error_message(context, ERANGE, "Out of space printing principal");
return ERANGE; return ERANGE;
} }
} }
@@ -379,8 +381,8 @@ unparse_name_fixed(krb5_context context,
add_char(name, idx, len, '@'); add_char(name, idx, len, '@');
idx = quote_string(princ_realm(principal), name, idx, len, display); idx = quote_string(princ_realm(principal), name, idx, len, display);
if(idx == len) { if(idx == len) {
krb5_set_error_string(context, krb5_set_error_message(context, ERANGE,
"Out of space printing realm of principal"); "Out of space printing realm of principal");
return ERANGE; return ERANGE;
} }
} }
@@ -521,7 +523,7 @@ krb5_principal_set_realm(krb5_context context,
princ_realm(principal) = strdup(realm); princ_realm(principal) = strdup(realm);
if (princ_realm(principal) == NULL) { if (princ_realm(principal) == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
return 0; return 0;
@@ -1192,7 +1194,7 @@ krb5_524_conv_principal(krb5_context context,
i = principal->name.name_string.val[1]; i = principal->name.name_string.val[1];
break; break;
default: default:
krb5_set_error_string (context, krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"cannot convert a %d component principal", "cannot convert a %d component principal",
principal->name.name_string.len); principal->name.name_string.len);
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
@@ -1218,17 +1220,17 @@ krb5_524_conv_principal(krb5_context context,
} }
if (strlcpy (name, n, aname_sz) >= aname_sz) { if (strlcpy (name, n, aname_sz) >= aname_sz) {
krb5_set_error_string (context, krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"too long name component to convert"); "too long name component to convert");
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
} }
if (strlcpy (instance, i, aname_sz) >= aname_sz) { if (strlcpy (instance, i, aname_sz) >= aname_sz) {
krb5_set_error_string (context, krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"too long instance component to convert"); "too long instance component to convert");
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
} }
if (strlcpy (realm, r, aname_sz) >= aname_sz) { if (strlcpy (realm, r, aname_sz) >= aname_sz) {
krb5_set_error_string (context, krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"too long realm component to convert"); "too long realm component to convert");
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
} }
@@ -1251,7 +1253,8 @@ krb5_sname_to_principal (krb5_context context,
char **realms, *host = NULL; char **realms, *host = NULL;
if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) { if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) {
krb5_set_error_string (context, "unsupported name type %d", krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE,
"unsupported name type %d",
(int)type); (int)type);
return KRB5_SNAME_UNSUPP_NAMETYPE; return KRB5_SNAME_UNSUPP_NAMETYPE;
} }
@@ -1312,6 +1315,7 @@ krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
return 0; return 0;
} }
} }
krb5_set_error_string(context, "Failed to find name type %s", str); krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
"Failed to find name type %s", str);
return KRB5_PARSE_MALFORMED; return KRB5_PARSE_MALFORMED;
} }

3
lib/krb5/rd_cred.c
View File

@@ -49,7 +49,8 @@ compare_addrs(krb5_context context,
krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_print_address (a, a_str, sizeof(a_str), &len);
krb5_print_address (b, b_str, sizeof(b_str), &len); krb5_print_address (b, b_str, sizeof(b_str), &len);
krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str); krb5_set_error_message(context, KRB5KRB_AP_ERR_BADADDR,
"%s: %s != %s", message, b_str, a_str);
return KRB5KRB_AP_ERR_BADADDR; return KRB5KRB_AP_ERR_BADADDR;
} }

34
lib/krb5/rd_error.c
View File

@@ -78,7 +78,7 @@ krb5_error_from_rd_error(krb5_context context,
ret = error->error_code; ret = error->error_code;
if (error->e_text != NULL) { if (error->e_text != NULL) {
krb5_set_error_string(context, "%s", *error->e_text); krb5_set_error_message(context, ret, "%s", *error->e_text);
} else { } else {
char clientname[256], servername[256]; char clientname[256], servername[256];
@@ -91,28 +91,28 @@ krb5_error_from_rd_error(krb5_context context,
switch (ret) { switch (ret) {
case KRB5KDC_ERR_NAME_EXP : case KRB5KDC_ERR_NAME_EXP :
krb5_set_error_string(context, "Client %s%s%s expired", krb5_set_error_message(context, ret, "Client %s%s%s expired",
creds ? "(" : "", creds ? "(" : "",
creds ? clientname : "", creds ? clientname : "",
creds ? ")" : ""); creds ? ")" : "");
break; break;
case KRB5KDC_ERR_SERVICE_EXP : case KRB5KDC_ERR_SERVICE_EXP :
krb5_set_error_string(context, "Server %s%s%s expired", krb5_set_error_message(context, ret, "Server %s%s%s expired",
creds ? "(" : "", creds ? "(" : "",
creds ? servername : "", creds ? servername : "",
creds ? ")" : ""); creds ? ")" : "");
break; break;
case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN : case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Client %s%s%s unknown", krb5_set_error_message(context, ret, "Client %s%s%s unknown",
creds ? "(" : "", creds ? "(" : "",
creds ? clientname : "", creds ? clientname : "",
creds ? ")" : ""); creds ? ")" : "");
break; break;
case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN : case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN :
krb5_set_error_string(context, "Server %s%s%s unknown", krb5_set_error_message(context, ret, "Server %s%s%s unknown",
creds ? "(" : "", creds ? "(" : "",
creds ? servername : "", creds ? servername : "",
creds ? ")" : ""); creds ? ")" : "");
break; break;
default : default :
krb5_clear_error_string(context); krb5_clear_error_string(context);

8
lib/krb5/rd_req.c
View File

@@ -533,7 +533,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
{ {
*ctx = calloc(1, sizeof(**ctx)); *ctx = calloc(1, sizeof(**ctx));
if (*ctx == NULL) { if (*ctx == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "out of memory");
return ENOMEM; return ENOMEM;
} }
(*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0; (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0;
@@ -616,7 +616,7 @@ _krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx)
{ {
*ctx = calloc(1, sizeof(**ctx)); *ctx = calloc(1, sizeof(**ctx));
if (*ctx == NULL) { if (*ctx == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "out of memory");
return ENOMEM; return ENOMEM;
} }
return 0; return 0;
@@ -805,9 +805,9 @@ krb5_rd_req_ctx(krb5_context context,
} }
if (ap_req.ap_options.use_session_key && if (ap_req.ap_options.use_session_key &&
(*auth_context)->keyblock == NULL) { (*auth_context)->keyblock == NULL) {
krb5_set_error_string(context, "krb5_rd_req: user to user auth "
"without session key given");
ret = KRB5KRB_AP_ERR_NOKEY; ret = KRB5KRB_AP_ERR_NOKEY;
krb5_set_error_message(context, ret, "krb5_rd_req: user to user auth "
"without session key given");
goto out; goto out;
} }

3
lib/krb5/rd_safe.c
View File

@@ -99,7 +99,8 @@ krb5_rd_safe(krb5_context context,
if ((auth_context->flags & if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL) { outdata == NULL) {
krb5_set_error_string(context, "rd_safe: need outdata to return data"); krb5_set_error_message(context, KRB5_RC_REQUIRED,
"rd_safe: need outdata to return data");
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
} }

14
lib/krb5/recvauth.c
View File

@@ -103,11 +103,12 @@ krb5_recvauth_match_version(krb5_context context,
n = krb5_net_read (context, p_fd, &len, 4); n = krb5_net_read (context, p_fd, &len, 4);
if (n < 0) { if (n < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "read: %s", strerror(errno)); krb5_set_error_message(context, ret, "read: %s", strerror(ret));
return ret; return ret;
} }
if (n == 0) { if (n == 0) {
krb5_set_error_string (context, "Failed to receive sendauth data"); krb5_set_error_message(context, KRB5_SENDAUTH_BADAUTHVERS,
"Failed to receive sendauth data");
return KRB5_SENDAUTH_BADAUTHVERS; return KRB5_SENDAUTH_BADAUTHVERS;
} }
len = ntohl(len); len = ntohl(len);
@@ -124,7 +125,7 @@ krb5_recvauth_match_version(krb5_context context,
n = krb5_net_read (context, p_fd, &len, 4); n = krb5_net_read (context, p_fd, &len, 4);
if (n < 0) { if (n < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "read: %s", strerror(errno)); krb5_set_error_message(context, ret, "read: %s", strerror(ret));
return ret; return ret;
} }
if (n == 0) { if (n == 0) {
@@ -143,7 +144,8 @@ krb5_recvauth_match_version(krb5_context context,
|| !(*match_appl_version)(match_data, her_appl_version)) { || !(*match_appl_version)(match_data, her_appl_version)) {
repl = 2; repl = 2;
krb5_net_write (context, p_fd, &repl, 1); krb5_net_write (context, p_fd, &repl, 1);
krb5_set_error_string (context, "wrong sendauth version (%s)", krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS,
"wrong sendauth version (%s)",
her_appl_version); her_appl_version);
free (her_appl_version); free (her_appl_version);
return KRB5_SENDAUTH_BADAPPLVERS; return KRB5_SENDAUTH_BADAPPLVERS;
@@ -153,7 +155,7 @@ krb5_recvauth_match_version(krb5_context context,
repl = 0; repl = 0;
if (krb5_net_write (context, p_fd, &repl, 1) != 1) { if (krb5_net_write (context, p_fd, &repl, 1) != 1) {
ret = errno; ret = errno;
krb5_set_error_string (context, "write: %s", strerror(errno)); krb5_set_error_message(context, ret, "write: %s", strerror(ret));
return ret; return ret;
} }
@@ -193,7 +195,7 @@ krb5_recvauth_match_version(krb5_context context,
len = 0; len = 0;
if (krb5_net_write (context, p_fd, &len, 4) != 4) { if (krb5_net_write (context, p_fd, &len, 4) != 4) {
ret = errno; ret = errno;
krb5_set_error_string (context, "write: %s", strerror(errno)); krb5_set_error_message(context, ret, "write: %s", strerror(ret));
return ret; return ret;
} }

20
lib/krb5/replay.c
View File

@@ -60,8 +60,9 @@ krb5_rc_resolve_type(krb5_context context,
{ {
*id = NULL; *id = NULL;
if(strcmp(type, "FILE")) { if(strcmp(type, "FILE")) {
krb5_set_error_string (context, "replay cache type %s not supported", krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND,
type); "replay cache type %s not supported",
type);
return KRB5_RC_TYPE_NOTFOUND; return KRB5_RC_TYPE_NOTFOUND;
} }
*id = calloc(1, sizeof(**id)); *id = calloc(1, sizeof(**id));
@@ -82,7 +83,8 @@ krb5_rc_resolve_full(krb5_context context,
*id = NULL; *id = NULL;
if(strncmp(string_name, "FILE:", 5)) { if(strncmp(string_name, "FILE:", 5)) {
krb5_set_error_string (context, "replay cache type %s not supported", krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND,
"replay cache type %s not supported",
string_name); string_name);
return KRB5_RC_TYPE_NOTFOUND; return KRB5_RC_TYPE_NOTFOUND;
} }
@@ -132,7 +134,7 @@ krb5_rc_initialize(krb5_context context,
if(f == NULL) { if(f == NULL) {
ret = errno; ret = errno;
krb5_set_error_string (context, "open(%s): %s", id->name, krb5_set_error_message(context, ret, "open(%s): %s", id->name,
strerror(ret)); strerror(ret));
return ret; return ret;
} }
@@ -157,7 +159,7 @@ krb5_rc_destroy(krb5_context context,
if(remove(id->name) < 0) { if(remove(id->name) < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "remove(%s): %s", id->name, krb5_set_error_message(context, ret, "remove(%s): %s", id->name,
strerror(ret)); strerror(ret));
return ret; return ret;
} }
@@ -204,7 +206,7 @@ krb5_rc_store(krb5_context context,
f = fopen(id->name, "r"); f = fopen(id->name, "r");
if(f == NULL) { if(f == NULL) {
ret = errno; ret = errno;
krb5_set_error_string (context, "open(%s): %s", id->name, krb5_set_error_message(context, ret, "open(%s): %s", id->name,
strerror(ret)); strerror(ret));
return ret; return ret;
} }
@@ -222,13 +224,15 @@ krb5_rc_store(krb5_context context,
if(ferror(f)){ if(ferror(f)){
ret = errno; ret = errno;
fclose(f); fclose(f);
krb5_set_error_string (context, "%s: %s", id->name, strerror(ret)); krb5_set_error_message(context, ret, "%s: %s",
id->name, strerror(ret));
return ret; return ret;
} }
fclose(f); fclose(f);
f = fopen(id->name, "a"); f = fopen(id->name, "a");
if(f == NULL) { if(f == NULL) {
krb5_set_error_string (context, "open(%s): %s", id->name, krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
"open(%s): %s", id->name,
strerror(errno)); strerror(errno));
return KRB5_RC_IO_UNKNOWN; return KRB5_RC_IO_UNKNOWN;
} }

145
lib/krb5/scache.c
View File

@@ -188,14 +188,16 @@ trace(void* ptr, const char * str)
#endif #endif
static krb5_error_code static krb5_error_code
prepare_stmt(krb5_context context, sqlite3 *db, sqlite3_stmt **stmt, const char *str) prepare_stmt(krb5_context context, sqlite3 *db,
sqlite3_stmt **stmt, const char *str)
{ {
int ret; int ret;
ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL); ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL);
if (ret != SQLITE_OK) { if (ret != SQLITE_OK) {
krb5_set_error_string(context, "Failed to prepare stmt %s: %s", krb5_set_error_message(context, ENOENT,
str, sqlite3_errmsg(db)); "Failed to prepare stmt %s: %s",
str, sqlite3_errmsg(db));
return ENOENT; return ENOENT;
} }
return 0; return 0;
@@ -209,8 +211,9 @@ exec_stmt(krb5_context context, sqlite3 *db, const char *str,
ret = sqlite3_exec(db, str, NULL, NULL, NULL); ret = sqlite3_exec(db, str, NULL, NULL, NULL);
if (ret != SQLITE_OK && code) { if (ret != SQLITE_OK && code) {
krb5_set_error_string(context, "Execute %s: %s", str, krb5_set_error_message(context, code,
sqlite3_errmsg(db)); "Execute %s: %s", str,
sqlite3_errmsg(db));
return code; return code;
} }
return 0; return 0;
@@ -334,12 +337,13 @@ open_database(krb5_context context, krb5_scache *s, int flags)
ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL); ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL);
if (ret) { if (ret) {
if (s->db) { if (s->db) {
krb5_set_error_string(context, "Error opening scache file %s: %s", krb5_set_error_message(context, ENOENT,
s->file, sqlite3_errmsg(s->db)); "Error opening scache file %s: %s",
s->file, sqlite3_errmsg(s->db));
sqlite3_close(s->db); sqlite3_close(s->db);
s->db = NULL; s->db = NULL;
} else } else
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOENT, "out of memory");
return ENOENT; return ENOENT;
} }
return 0; return 0;
@@ -355,7 +359,8 @@ create_cache(krb5_context context, krb5_scache *s)
ret = sqlite3_step(s->icache); ret = sqlite3_step(s->icache);
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to add scache: %d", ret); krb5_set_error_message(context, KRB5_CC_IO,
"Failed to add scache: %d", ret);
return KRB5_CC_IO; return KRB5_CC_IO;
} }
sqlite3_reset(s->icache); sqlite3_reset(s->icache);
@@ -489,7 +494,8 @@ scc_resolve(krb5_context context, krb5_ccache *id, const char *res)
ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL); ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL);
if (ret != SQLITE_OK) { if (ret != SQLITE_OK) {
krb5_set_error_string(context, "bind name: %s", sqlite3_errmsg(s->db)); krb5_set_error_message(context, ENOMEM,
"bind name: %s", sqlite3_errmsg(s->db));
scc_free(s); scc_free(s);
return ENOMEM; return ENOMEM;
} }
@@ -498,7 +504,8 @@ scc_resolve(krb5_context context, krb5_ccache *id, const char *res)
if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) { if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) {
sqlite3_reset(s->scache_name); sqlite3_reset(s->scache_name);
krb5_set_error_string(context, "Cache name of wrong type " krb5_set_error_message(context, KRB5_CC_END,
"Cache name of wrong type "
"for scache %ld", "for scache %ld",
(unsigned long)s->name); (unsigned long)s->name);
return KRB5_CC_END; return KRB5_CC_END;
@@ -560,9 +567,9 @@ scc_initialize(krb5_context context,
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_reset(s->dcred); sqlite3_reset(s->dcred);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to delete old "
"credentials: %s", sqlite3_errmsg(s->db));
ret = KRB5_CC_IO; ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, "Failed to delete old "
"credentials: %s", sqlite3_errmsg(s->db));
goto rollback; goto rollback;
} }
} }
@@ -577,9 +584,10 @@ scc_initialize(krb5_context context,
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_reset(s->ucachep); sqlite3_reset(s->ucachep);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to bind principal to cache %s",
sqlite3_errmsg(s->db));
ret = KRB5_CC_IO; ret = KRB5_CC_IO;
krb5_set_error_message(context, ret,
"Failed to bind principal to cache %s",
sqlite3_errmsg(s->db));
goto rollback; goto rollback;
} }
@@ -619,8 +627,9 @@ scc_destroy(krb5_context context,
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_reset(s->dcache); sqlite3_reset(s->dcache);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to destroy cache %s: %s", krb5_set_error_message(context, KRB5_CC_IO,
s->name, sqlite3_errmsg(s->db)); "Failed to destroy cache %s: %s",
s->name, sqlite3_errmsg(s->db));
return KRB5_CC_IO; return KRB5_CC_IO;
} }
return 0; return 0;
@@ -640,7 +649,7 @@ encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
ret = krb5_store_creds(sp, creds); ret = krb5_store_creds(sp, creds);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to store credential"); krb5_set_error_message(context, ret, "Failed to store credential");
krb5_storage_free(sp); krb5_storage_free(sp);
return ret; return ret;
} }
@@ -648,7 +657,7 @@ encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data)
ret = krb5_storage_to_data(sp, data); ret = krb5_storage_to_data(sp, data);
krb5_storage_free(sp); krb5_storage_free(sp);
if (ret) if (ret)
krb5_set_error_string(context, "Failed to encode credential"); krb5_set_error_message(context, ret, "Failed to encode credential");
return ret; return ret;
} }
@@ -668,7 +677,7 @@ decode_creds(krb5_context context, const void *data, size_t length,
ret = krb5_ret_creds(sp, creds); ret = krb5_ret_creds(sp, creds);
krb5_storage_free(sp); krb5_storage_free(sp);
if (ret) { if (ret) {
krb5_set_error_string(context, "Failed to read credential"); krb5_set_error_message(context, ret, "Failed to read credential");
return ret; return ret;
} }
return 0; return 0;
@@ -727,8 +736,9 @@ scc_store_cred(krb5_context context,
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_reset(s->icred); sqlite3_reset(s->icred);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to add credential: %s", ret = KRB5_CC_IO;
sqlite3_errmsg(s->db)); krb5_set_error_message(context, ret, "Failed to add credential: %s",
sqlite3_errmsg(s->db));
goto rollback; goto rollback;
} }
@@ -744,8 +754,9 @@ scc_store_cred(krb5_context context,
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_reset(s->iprincipal); sqlite3_reset(s->iprincipal);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to add principal: %s", ret = KRB5_CC_IO;
sqlite3_errmsg(s->db)); krb5_set_error_message(context, ret, "Failed to add principal: %s",
sqlite3_errmsg(s->db));
goto rollback; goto rollback;
} }
} }
@@ -760,8 +771,9 @@ scc_store_cred(krb5_context context,
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_reset(s->iprincipal); sqlite3_reset(s->iprincipal);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to add principal: %s", ret = KRB5_CC_IO;
sqlite3_errmsg(s->db)); krb5_set_error_message(context, ret, "Failed to add principal: %s",
sqlite3_errmsg(s->db));
goto rollback; goto rollback;
} }
} }
@@ -772,8 +784,6 @@ scc_store_cred(krb5_context context,
return 0; return 0;
rollback: rollback:
krb5_set_error_string(context, "store credentials: %s",
sqlite3_errmsg(s->db));
exec_stmt(context, s->db, "ROLLBACK", 0); exec_stmt(context, s->db, "ROLLBACK", 0);
return ret; return ret;
@@ -798,25 +808,27 @@ scc_get_principal(krb5_context context,
if (sqlite3_step(s->scache) != SQLITE_ROW) { if (sqlite3_step(s->scache) != SQLITE_ROW) {
sqlite3_reset(s->scache); sqlite3_reset(s->scache);
krb5_set_error_string(context, "No principal for cache SCACHE:%s:%s", krb5_set_error_message(context, KRB5_CC_END,
"No principal for cache SCACHE:%s:%s",
s->name, s->file); s->name, s->file);
return KRB5_CC_END; return KRB5_CC_END;
} }
if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) { if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) {
sqlite3_reset(s->scache); sqlite3_reset(s->scache);
krb5_set_error_string(context, "Principal data of wrong type " krb5_set_error_message(context, KRB5_CC_END,
"for SCACHE:%s:%s", "Principal data of wrong type "
s->name, s->file); "for SCACHE:%s:%s",
s->name, s->file);
return KRB5_CC_END; return KRB5_CC_END;
} }
str = (const char *)sqlite3_column_text(s->scache, 0); str = (const char *)sqlite3_column_text(s->scache, 0);
if (str == NULL) { if (str == NULL) {
sqlite3_reset(s->scache); sqlite3_reset(s->scache);
krb5_set_error_string(context, "Principal not set " krb5_set_error_message(context, KRB5_CC_END, "Principal not set "
"for SCACHE:%s:%s", "for SCACHE:%s:%s",
s->name, s->file); s->name, s->file);
return KRB5_CC_END; return KRB5_CC_END;
} }
@@ -858,8 +870,9 @@ scc_get_first (krb5_context context,
} }
if (s->cid == SCACHE_INVALID_CID) { if (s->cid == SCACHE_INVALID_CID) {
krb5_set_error_string(context, "Iterating a invalid cache %s", krb5_set_error_message(context, KRB5_CC_END,
s->name); "Iterating a invalid cache %s",
s->name);
free(ctx); free(ctx);
return KRB5_CC_END; return KRB5_CC_END;
} }
@@ -946,8 +959,9 @@ next:
krb5_clear_error_string(context); krb5_clear_error_string(context);
return KRB5_CC_END; return KRB5_CC_END;
} else if (ret != SQLITE_ROW) { } else if (ret != SQLITE_ROW) {
krb5_set_error_string(context, "Database failed: %s", krb5_set_error_message(context, KRB5_CC_IO,
sqlite3_errmsg(s->db)); "Database failed: %s",
sqlite3_errmsg(s->db));
return KRB5_CC_IO; return KRB5_CC_IO;
} }
@@ -964,9 +978,9 @@ next:
} }
if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) { if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) {
krb5_set_error_string(context, "credential of wrong type " krb5_set_error_message(context, KRB5_CC_END,
"for SCACHE:%s:%s", "credential of wrong type for SCACHE:%s:%s",
s->name, s->file); s->name, s->file);
sqlite3_reset(ctx->credstmt); sqlite3_reset(ctx->credstmt);
return KRB5_CC_END; return KRB5_CC_END;
} }
@@ -1035,17 +1049,17 @@ scc_remove_cred(krb5_context context,
ret = 0; ret = 0;
break; break;
} else if (ret != SQLITE_ROW) { } else if (ret != SQLITE_ROW) {
krb5_set_error_string(context, "Database failed: %s",
sqlite3_errmsg(s->db));
ret = KRB5_CC_IO; ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, "Database failed: %s",
sqlite3_errmsg(s->db));
break; break;
} }
if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) { if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) {
krb5_set_error_string(context, "credential of wrong type "
"for SCACHE:%s:%s",
s->name, s->file);
ret = KRB5_CC_END; ret = KRB5_CC_END;
krb5_set_error_message(context, ret,
"Credential of wrong type for SCACHE:%s:%s",
s->name, s->file);
break; break;
} }
@@ -1054,7 +1068,7 @@ scc_remove_cred(krb5_context context,
ret = decode_creds(context, data, len, &creds); ret = decode_creds(context, data, len, &creds);
if (ret) { if (ret) {
krb5_set_error_string(context, "failed to decode creds"); krb5_set_error_message(context, ret, "failed to decode creds");
break; break;
} }
@@ -1081,8 +1095,8 @@ scc_remove_cred(krb5_context context,
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_finalize(stmt); sqlite3_finalize(stmt);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "failed to delete credentail");
ret = KRB5_CC_IO; ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, "failed to delete credentail");
} else } else
ret = 0; ret = 0;
} }
@@ -1205,8 +1219,8 @@ again:
krb5_clear_error_string(context); krb5_clear_error_string(context);
return KRB5_CC_END; return KRB5_CC_END;
} else if (ret != SQLITE_ROW) { } else if (ret != SQLITE_ROW) {
krb5_set_error_string(context, "Database failed: %s", krb5_set_error_message(context, KRB5_CC_IO, "Database failed: %s",
sqlite3_errmsg(s->db)); sqlite3_errmsg(s->db));
return KRB5_CC_IO; return KRB5_CC_IO;
} }
@@ -1245,9 +1259,10 @@ scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_error_code ret; krb5_error_code ret;
if (strcmp(sfrom->file, sto->file) != 0) { if (strcmp(sfrom->file, sto->file) != 0) {
krb5_set_error_string(context, "Can't handle cross database " krb5_set_error_message(context, KRB5_CC_BADNAME,
"credential move: %s -> %s", "Can't handle cross database "
sfrom->file, sto->file); "credential move: %s -> %s",
sfrom->file, sto->file);
return KRB5_CC_BADNAME; return KRB5_CC_BADNAME;
} }
@@ -1268,8 +1283,8 @@ scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_reset(sfrom->dcache); sqlite3_reset(sfrom->dcache);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, krb5_set_error_message(context, KRB5_CC_IO,
"Failed to delete old cache: %d", (int)ret); "Failed to delete old cache: %d", (int)ret);
goto rollback; goto rollback;
} }
} }
@@ -1282,8 +1297,8 @@ scc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_reset(sfrom->ucachen); sqlite3_reset(sfrom->ucachen);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, krb5_set_error_message(context, KRB5_CC_IO,
"Failed to update new cache: %d", (int)ret); "Failed to update new cache: %d", (int)ret);
goto rollback; goto rollback;
} }
@@ -1329,17 +1344,18 @@ scc_set_default(krb5_context context, krb5_ccache id)
krb5_error_code ret; krb5_error_code ret;
if (s->cid == SCACHE_INVALID_CID) { if (s->cid == SCACHE_INVALID_CID) {
krb5_set_error_string(context, krb5_set_error_message(context, KRB5_CC_IO,
"Trying to set a invalid cache as default %s", "Trying to set a invalid cache as default %s",
s->name); s->name);
return KRB5_CC_IO; return KRB5_CC_IO;
} }
ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL); ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL);
if (ret) { if (ret) {
sqlite3_reset(s->umaster); sqlite3_reset(s->umaster);
krb5_set_error_string(context, "Failed to set name of default cache"); krb5_set_error_message(context, KRB5_CC_IO,
return ret; "Failed to set name of default cache");
return KRB5_CC_IO;
} }
do { do {
@@ -1347,7 +1363,8 @@ scc_set_default(krb5_context context, krb5_ccache id)
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_reset(s->umaster); sqlite3_reset(s->umaster);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
krb5_set_error_string(context, "Failed to update default cache"); krb5_set_error_message(context, KRB5_CC_IO,
"Failed to update default cache");
return KRB5_CC_IO; return KRB5_CC_IO;
} }

8
lib/krb5/send_to_kdc.c
View File

@@ -439,7 +439,7 @@ krb5_set_send_to_kdc_func(krb5_context context,
context->send_to_kdc = malloc(sizeof(*context->send_to_kdc)); context->send_to_kdc = malloc(sizeof(*context->send_to_kdc));
if (context->send_to_kdc == NULL) { if (context->send_to_kdc == NULL) {
krb5_set_error_string(context, "Out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
@@ -460,7 +460,7 @@ krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx)
{ {
*ctx = calloc(1, sizeof(**ctx)); *ctx = calloc(1, sizeof(**ctx));
if (*ctx == NULL) { if (*ctx == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
return 0; return 0;
@@ -566,8 +566,8 @@ krb5_sendto_context(krb5_context context,
if (handle) if (handle)
krb5_krbhst_free(context, handle); krb5_krbhst_free(context, handle);
if (ret == KRB5_KDC_UNREACH) if (ret == KRB5_KDC_UNREACH)
krb5_set_error_string(context, krb5_set_error_message(context, ret,
"unable to reach any KDC in realm %s", realm); "unable to reach any KDC in realm %s", realm);
if (ret) if (ret)
krb5_data_free(receive); krb5_data_free(receive);
if (freectx) if (freectx)

6
lib/krb5/sendauth.c
View File

@@ -93,7 +93,7 @@ krb5_sendauth(krb5_context context,
if (krb5_net_write (context, p_fd, &net_len, 4) != 4 if (krb5_net_write (context, p_fd, &net_len, 4) != 4
|| krb5_net_write (context, p_fd, version, len) != len) { || krb5_net_write (context, p_fd, version, len) != len) {
ret = errno; ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret)); krb5_set_error_message (context, ret, "write: %s", strerror(ret));
return ret; return ret;
} }
@@ -102,14 +102,14 @@ krb5_sendauth(krb5_context context,
if (krb5_net_write (context, p_fd, &net_len, 4) != 4 if (krb5_net_write (context, p_fd, &net_len, 4) != 4
|| krb5_net_write (context, p_fd, appl_version, len) != len) { || krb5_net_write (context, p_fd, appl_version, len) != len) {
ret = errno; ret = errno;
krb5_set_error_string (context, "write: %s", strerror(ret)); krb5_set_error_message (context, ret, "write: %s", strerror(ret));
return ret; return ret;
} }
sret = krb5_net_read (context, p_fd, &repl, sizeof(repl)); sret = krb5_net_read (context, p_fd, &repl, sizeof(repl));
if (sret < 0) { if (sret < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "read: %s", strerror(ret)); krb5_set_error_message (context, ret, "read: %s", strerror(ret));
return ret; return ret;
} else if (sret != sizeof(repl)) { } else if (sret != sizeof(repl)) {
krb5_clear_error_string (context); krb5_clear_error_string (context);

8
lib/krb5/sock_principal.c
View File

@@ -50,15 +50,15 @@ krb5_sock_to_principal (krb5_context context,
if (getsockname (sock, sa, &salen) < 0) { if (getsockname (sock, sa, &salen) < 0) {
ret = errno; ret = errno;
krb5_set_error_string (context, "getsockname: %s", strerror(ret)); krb5_set_error_message (context, ret, "getsockname: %s", strerror(ret));
return ret; return ret;
} }
ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0); ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0);
if (ret) { if (ret) {
int save_errno = errno; int save_errno = errno;
krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, save_errno);
krb5_set_error_string (context, "getnameinfo: %s", gai_strerror(ret)); krb5_set_error_message (context, ret2, "getnameinfo: %s", gai_strerror(ret));
return krb5_eai_to_heim_errno(ret, save_errno); return ret2;
} }
ret = krb5_sname_to_principal (context, ret = krb5_sname_to_principal (context,

9
lib/krb5/transited.c
View File

@@ -443,8 +443,9 @@ krb5_check_transited(krb5_context context,
} }
if(p == NULL || *p == NULL) { if(p == NULL || *p == NULL) {
krb5_config_free_strings(tr_realms); krb5_config_free_strings(tr_realms);
krb5_set_error_string (context, "no transit through realm %s", krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT,
realms[i]); "no transit through realm %s",
realms[i]);
if(bad_realm) if(bad_realm)
*bad_realm = i; *bad_realm = i;
return KRB5KRB_AP_ERR_ILL_CR_TKT; return KRB5KRB_AP_ERR_ILL_CR_TKT;
@@ -473,9 +474,9 @@ krb5_check_transited_realms(krb5_context context,
char **p; char **p;
for(p = bad_realms; *p; p++) for(p = bad_realms; *p; p++)
if(strcmp(*p, realms[i]) == 0) { if(strcmp(*p, realms[i]) == 0) {
krb5_set_error_string (context, "no transit through realm %s",
*p);
ret = KRB5KRB_AP_ERR_ILL_CR_TKT; ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
krb5_set_error_message (context, ret,
"no transit through realm %s", *p);
if(bad_realm) if(bad_realm)
*bad_realm = i; *bad_realm = i;
break; break;