oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

update error codes

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13396 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-02-20 21:42:34 +00:00
parent ba2fb75678
commit 9dac88f093
2 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
kdc/pkinit.c
View File

@@ -297,7 +297,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
default:
krb5_set_error_string(context, "PKINIT DH, unsupported enctype: %d",
(int)enctype);
ret = KDC_ERROR_KEY_TOO_WEAK;
ret = KRB5_KDC_ERR_KEY_TOO_WEAK;
break;
}
@@ -405,7 +405,7 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info,
if (DH_check(dh, &dhret) != 1) {
krb5_set_error_string(context, "PKINIT DH data not ok: %s",
ERR_error_string(ERR_get_error(), NULL));
ret = KDC_ERROR_KEY_TOO_WEAK;
ret = KRB5_KDC_ERR_KEY_TOO_WEAK;
goto out;
}
@@ -535,7 +535,7 @@ pk_rd_padata(krb5_context context,
/* XXX will work for heirarchical CA's ? */
/* XXX also serial_number should be compared */
ret = KDC_ERROR_KDC_NOT_TRUSTED;
ret = KRB5_KDC_ERR_KDC_NOT_TRUSTED;
for (i = 0; i < r.trustedCertifiers->len; i++) {
TrustedCAs *ca = &r.trustedCertifiers->val[i];
@@ -553,12 +553,11 @@ pk_rd_padata(krb5_context context,
X509_NAME_free(name);
break;
}
case choice_TrustedCAs_principalName:
/* KerberosName principalName; */
break;
case choice_TrustedCAs_issuerAndSerial:
/* IssuerAndSerialNumber issuerAndSerial */
break;
default:
break;
}
if (ret == 0)
break;
@@ -995,7 +994,7 @@ pk_check_client(krb5_context context,
free(*subject_name);
*subject_name = NULL;
krb5_set_error_string(context, "PKINIT no matching principals");
return KDC_ERROR_CLIENT_NAME_MISMATCH;
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
}
static krb5_error_code

16
lib/krb5/pkinit.c
View File

@@ -804,7 +804,7 @@ pk_verify_chain_standard(krb5_context context,
int i;
int ret;
ret = KDC_ERROR_CLIENT_NAME_MISMATCH; /* XXX */
ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; /* XXX */
for (i = 0; i < sk_X509_num(chain); i++) {
cert = sk_X509_value(chain, i);
if (pk_peer_compare(context, client, cert) == TRUE) {
@@ -842,7 +842,7 @@ pk_verify_chain_standard(krb5_context context,
ret = 0;
break;
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
ret = KDC_ERROR_CANT_VERIFY_CERTIFICATE;
ret = KRB5_KDC_ERR_CANT_VERIFY_CERTIFICATE;
break;
case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -850,10 +850,10 @@ pk_verify_chain_standard(krb5_context context,
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
case X509_V_ERR_CERT_HAS_EXPIRED:
ret = KDC_ERROR_INVALID_CERTIFICATE;
ret = KRB5_KDC_ERR_INVALID_CERTIFICATE;
break;
default:
ret = KDC_ERROR_INVALID_CERTIFICATE; /* XXX */
ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; /* XXX */
break;
}
if (ret) {
@@ -998,7 +998,7 @@ _krb5_pk_verify_sign(krb5_context context,
krb5_set_error_string(context,
"PKINIT: signature information missing from "
"pkinit response");
return KDC_ERROR_INVALID_SIG;
return KRB5_KDC_ERR_INVALID_SIG;
}
signer_info = &sd.signerInfos.val[0];
@@ -1035,7 +1035,7 @@ _krb5_pk_verify_sign(krb5_context context,
X509_free(cert);
krb5_set_error_string(context, "PKINIT: signature missing from"
"pkinit response");
return KDC_ERROR_INVALID_SIG;
return KRB5_KDC_ERR_INVALID_SIG;
}
public_key = X509_get_pubkey(cert);
@@ -1055,7 +1055,7 @@ _krb5_pk_verify_sign(krb5_context context,
free_SignedData(&sd);
krb5_set_error_string(context, "The requested digest algorithm is "
"not supported");
return KDC_ERROR_INVALID_SIG;
return KRB5_KDC_ERR_INVALID_SIG;
}
EVP_VerifyInit(&md, evp_type);
@@ -1071,7 +1071,7 @@ _krb5_pk_verify_sign(krb5_context context,
free_SignedData(&sd);
krb5_set_error_string(context, "PKINIT: signature didn't verify: %s",
ERR_error_string(ERR_get_error(), NULL));
return KDC_ERROR_INVALID_SIG;
return KRB5_KDC_ERR_INVALID_SIG;
}
ret = copy_oid(&sd.encapContentInfo.eContentType, eContentType);