oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

update error codes

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13396 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-02-20 21:42:34 +00:00
parent ba2fb75678
commit 9dac88f093
2 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
kdc/pkinit.c
View File

@@ -297,7 +297,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
default: default:
krb5_set_error_string(context, "PKINIT DH, unsupported enctype: %d", krb5_set_error_string(context, "PKINIT DH, unsupported enctype: %d",
(int)enctype); (int)enctype);
ret = KDC_ERROR_KEY_TOO_WEAK; ret = KRB5_KDC_ERR_KEY_TOO_WEAK;
break; break;
} }
@@ -405,7 +405,7 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
if (DH_check(dh, &dhret) != 1) { if (DH_check(dh, &dhret) != 1) {
krb5_set_error_string(context, "PKINIT DH data not ok: %s", krb5_set_error_string(context, "PKINIT DH data not ok: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
ret = KDC_ERROR_KEY_TOO_WEAK; ret = KRB5_KDC_ERR_KEY_TOO_WEAK;
goto out; goto out;
} }
@@ -535,7 +535,7 @@ pk_rd_padata(krb5_context context,
/* XXX will work for heirarchical CA's ? */ /* XXX will work for heirarchical CA's ? */
/* XXX also serial_number should be compared */ /* XXX also serial_number should be compared */
ret = KDC_ERROR_KDC_NOT_TRUSTED; ret = KRB5_KDC_ERR_KDC_NOT_TRUSTED;
for (i = 0; i < r.trustedCertifiers->len; i++) { for (i = 0; i < r.trustedCertifiers->len; i++) {
TrustedCAs *ca = &r.trustedCertifiers->val[i]; TrustedCAs *ca = &r.trustedCertifiers->val[i];
@@ -553,12 +553,11 @@ pk_rd_padata(krb5_context context,
X509_NAME_free(name); X509_NAME_free(name);
break; break;
} }
case choice_TrustedCAs_principalName:
/* KerberosName principalName; */
break;
case choice_TrustedCAs_issuerAndSerial: case choice_TrustedCAs_issuerAndSerial:
/* IssuerAndSerialNumber issuerAndSerial */ /* IssuerAndSerialNumber issuerAndSerial */
break; break;
default:
break;
} }
if (ret == 0) if (ret == 0)
break; break;
@@ -995,7 +994,7 @@ pk_check_client(krb5_context context,
free(*subject_name); free(*subject_name);
*subject_name = NULL; *subject_name = NULL;
krb5_set_error_string(context, "PKINIT no matching principals"); krb5_set_error_string(context, "PKINIT no matching principals");
return KDC_ERROR_CLIENT_NAME_MISMATCH; return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
} }
static krb5_error_code static krb5_error_code

16
lib/krb5/pkinit.c
View File

@@ -804,7 +804,7 @@ pk_verify_chain_standard(krb5_context context,
int i; int i;
int ret; int ret;
ret = KDC_ERROR_CLIENT_NAME_MISMATCH; /* XXX */ ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; /* XXX */
for (i = 0; i < sk_X509_num(chain); i++) { for (i = 0; i < sk_X509_num(chain); i++) {
cert = sk_X509_value(chain, i); cert = sk_X509_value(chain, i);
if (pk_peer_compare(context, client, cert) == TRUE) { if (pk_peer_compare(context, client, cert) == TRUE) {
@@ -842,7 +842,7 @@ pk_verify_chain_standard(krb5_context context,
ret = 0; ret = 0;
break; break;
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
ret = KDC_ERROR_CANT_VERIFY_CERTIFICATE; ret = KRB5_KDC_ERR_CANT_VERIFY_CERTIFICATE;
break; break;
case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
case X509_V_ERR_CERT_SIGNATURE_FAILURE: case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -850,10 +850,10 @@ pk_verify_chain_standard(krb5_context context,
case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_CERT_HAS_EXPIRED:
ret = KDC_ERROR_INVALID_CERTIFICATE; ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
break; break;
default: default:
ret = KDC_ERROR_INVALID_CERTIFICATE; /* XXX */ ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; /* XXX */
break; break;
} }
if (ret) { if (ret) {
@@ -998,7 +998,7 @@ _krb5_pk_verify_sign(krb5_context context,
krb5_set_error_string(context, krb5_set_error_string(context,
"PKINIT: signature information missing from " "PKINIT: signature information missing from "
"pkinit response"); "pkinit response");
return KDC_ERROR_INVALID_SIG; return KRB5_KDC_ERR_INVALID_SIG;
} }
signer_info = &sd.signerInfos.val[0]; signer_info = &sd.signerInfos.val[0];
@@ -1035,7 +1035,7 @@ _krb5_pk_verify_sign(krb5_context context,
X509_free(cert); X509_free(cert);
krb5_set_error_string(context, "PKINIT: signature missing from" krb5_set_error_string(context, "PKINIT: signature missing from"
"pkinit response"); "pkinit response");
return KDC_ERROR_INVALID_SIG; return KRB5_KDC_ERR_INVALID_SIG;
} }
public_key = X509_get_pubkey(cert); public_key = X509_get_pubkey(cert);
@@ -1055,7 +1055,7 @@ _krb5_pk_verify_sign(krb5_context context,
free_SignedData(&sd); free_SignedData(&sd);
krb5_set_error_string(context, "The requested digest algorithm is " krb5_set_error_string(context, "The requested digest algorithm is "
"not supported"); "not supported");
return KDC_ERROR_INVALID_SIG; return KRB5_KDC_ERR_INVALID_SIG;
} }
EVP_VerifyInit(&md, evp_type); EVP_VerifyInit(&md, evp_type);
@@ -1071,7 +1071,7 @@ _krb5_pk_verify_sign(krb5_context context,
free_SignedData(&sd); free_SignedData(&sd);
krb5_set_error_string(context, "PKINIT: signature didn't verify: %s", krb5_set_error_string(context, "PKINIT: signature didn't verify: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
return KDC_ERROR_INVALID_SIG; return KRB5_KDC_ERR_INVALID_SIG;
} }
ret = copy_oid(&sd.encapContentInfo.eContentType, eContentType); ret = copy_oid(&sd.encapContentInfo.eContentType, eContentType);