From d27aa3b62e3667291a435b9f0f54804c7d31fe24 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Mon, 14 May 2001 06:14:52 +0000 Subject: [PATCH] add some krb5_{set,clear}_error_string git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9937 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/acl.c | 38 +++-- lib/krb5/addr_families.c | 53 ++++-- lib/krb5/address.c | 14 +- lib/krb5/appdefault.c | 2 +- lib/krb5/auth_context.c | 32 +++- lib/krb5/build_ap_req.c | 7 +- lib/krb5/build_auth.c | 8 +- lib/krb5/cache.c | 42 +++-- lib/krb5/changepw.c | 71 ++++++-- lib/krb5/config_file.c | 57 ++++--- lib/krb5/config_file_netinfo.c | 6 +- lib/krb5/context.c | 39 +++-- lib/krb5/convert_creds.c | 15 +- lib/krb5/copy_host_realm.c | 7 +- lib/krb5/creds.c | 6 +- lib/krb5/crypto.c | 274 ++++++++++++++++++++++-------- lib/krb5/data.c | 10 +- lib/krb5/expand_hostname.c | 12 +- lib/krb5/fcache.c | 25 ++- lib/krb5/generate_subkey.c | 6 +- lib/krb5/get_addrs.c | 47 +++-- lib/krb5/get_cred.c | 70 ++++++-- lib/krb5/get_default_principal.c | 7 +- lib/krb5/get_default_realm.c | 6 +- lib/krb5/get_for_creds.c | 26 ++- lib/krb5/get_host_realm.c | 6 +- lib/krb5/get_in_tkt.c | 61 +++---- lib/krb5/get_in_tkt_pw.c | 7 +- lib/krb5/get_in_tkt_with_keytab.c | 6 +- lib/krb5/init_creds_pw.c | 18 +- lib/krb5/keyblock.c | 6 +- lib/krb5/keytab.c | 29 +++- lib/krb5/keytab_any.c | 14 +- lib/krb5/keytab_file.c | 74 +++++--- lib/krb5/keytab_keyfile.c | 64 +++++-- lib/krb5/keytab_krb4.c | 25 ++- lib/krb5/keytab_memory.c | 10 +- lib/krb5/krbhst.c | 22 ++- lib/krb5/log.c | 44 +++-- lib/krb5/mcache.c | 13 +- lib/krb5/mk_error.c | 6 +- lib/krb5/mk_priv.c | 9 +- lib/krb5/mk_rep.c | 8 +- lib/krb5/mk_req.c | 2 +- lib/krb5/mk_safe.c | 14 +- lib/krb5/principal.c | 74 ++++++-- lib/krb5/rd_cred.c | 8 +- lib/krb5/rd_error.c | 58 ++++++- lib/krb5/rd_priv.c | 6 + lib/krb5/rd_rep.c | 6 +- lib/krb5/rd_req.c | 9 +- lib/krb5/rd_safe.c | 9 + lib/krb5/read_message.c | 17 +- lib/krb5/recvauth.c | 40 +++-- lib/krb5/replay.c | 68 ++++++-- lib/krb5/send_to_kdc.c | 1 + lib/krb5/sendauth.c | 41 +++-- lib/krb5/set_default_realm.c | 11 +- lib/krb5/sock_principal.c | 14 +- lib/krb5/ticket.c | 6 +- lib/krb5/transited.c | 42 +++-- lib/krb5/verify_init.c | 8 +- lib/krb5/verify_krb5_conf.c | 14 +- lib/krb5/verify_user.c | 7 +- lib/krb5/write_message.c | 11 +- 65 files changed, 1287 insertions(+), 481 deletions(-) diff --git a/lib/krb5/acl.c b/lib/krb5/acl.c index fae4ac07c..36ed361cb 100644 --- a/lib/krb5/acl.c +++ b/lib/krb5/acl.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -68,6 +68,7 @@ acl_parse_format(krb5_context context, for(p = format; *p != '\0'; p++) { tmp = malloc(sizeof(*tmp)); if(tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); acl_free_list(acl); return ENOMEM; } @@ -133,6 +134,7 @@ krb5_acl_match_string(krb5_context context, ...) { krb5_error_code ret; + krb5_boolean found; struct acl_field *acl; va_list ap; @@ -142,10 +144,14 @@ krb5_acl_match_string(krb5_context context, if(ret) return ret; - ret = acl_match_acl(context, acl, acl_string); - + found = acl_match_acl(context, acl, acl_string); acl_free_list(acl); - return ret ? 0 : EACCES; + if (found) { + return 0; + } else { + krb5_set_error_string(context, "ACL did not match"); + return EACCES; + } } krb5_error_code @@ -159,10 +165,16 @@ krb5_acl_match_file(krb5_context context, char buf[256]; va_list ap; FILE *f; + krb5_boolean found; f = fopen(file, "r"); - if(f == NULL) - return errno; + if(f == NULL) { + int save_errno = errno; + + krb5_set_error_string(context, "open(%s): %s", file, + strerror(save_errno)); + return save_errno; + } va_start(ap, format); ret = acl_parse_format(context, &acl, format, ap); @@ -172,18 +184,22 @@ krb5_acl_match_file(krb5_context context, return ret; } - ret = EACCES; /* XXX */ + found = FALSE; while(fgets(buf, sizeof(buf), f)) { if(buf[0] == '#') continue; if(acl_match_acl(context, acl, buf)) { - ret = 0; - goto out; + found = TRUE; + break; } } - out: fclose(f); acl_free_list(acl); - return ret; + if (found) { + return 0; + } else { + krb5_set_error_string(context, "ACL did not match"); + return EACCES; + } } diff --git a/lib/krb5/addr_families.c b/lib/krb5/addr_families.c index 5e99da7ff..b33582e69 100644 --- a/lib/krb5/addr_families.c +++ b/lib/krb5/addr_families.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -386,33 +386,45 @@ find_atype(int atype) } krb5_error_code -krb5_sockaddr2address (const struct sockaddr *sa, krb5_address *addr) +krb5_sockaddr2address (krb5_context context, + const struct sockaddr *sa, krb5_address *addr) { struct addr_operations *a = find_af(sa->sa_family); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; + } return (*a->sockaddr2addr)(sa, addr); } krb5_error_code -krb5_sockaddr2port (const struct sockaddr *sa, int16_t *port) +krb5_sockaddr2port (krb5_context context, + const struct sockaddr *sa, int16_t *port) { struct addr_operations *a = find_af(sa->sa_family); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; + } return (*a->sockaddr2port)(sa, port); } krb5_error_code -krb5_addr2sockaddr (const krb5_address *addr, +krb5_addr2sockaddr (krb5_context context, + const krb5_address *addr, struct sockaddr *sa, int *sa_size, int port) { struct addr_operations *a = find_atype(addr->addr_type); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address type %d not supported", + addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; + } (*a->addr2sockaddr)(addr, sa, sa_size, port); return 0; } @@ -439,37 +451,46 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa) } krb5_error_code -krb5_h_addr2sockaddr (int af, +krb5_h_addr2sockaddr (krb5_context context, + int af, const char *addr, struct sockaddr *sa, int *sa_size, int port) { struct addr_operations *a = find_af(af); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; + } (*a->h_addr2sockaddr)(addr, sa, sa_size, port); return 0; } krb5_error_code -krb5_h_addr2addr (int af, +krb5_h_addr2addr (krb5_context context, + int af, const char *haddr, krb5_address *addr) { struct addr_operations *a = find_af(af); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; + } return (*a->h_addr2addr)(haddr, addr); } krb5_error_code -krb5_anyaddr (int af, +krb5_anyaddr (krb5_context context, + int af, struct sockaddr *sa, int *sa_size, int port) { struct addr_operations *a = find_af (af); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; + } (*a->anyaddr)(sa, sa_size, port); return 0; @@ -522,8 +543,10 @@ krb5_parse_address(krb5_context context, } error = getaddrinfo (string, NULL, NULL, &ai); - if (error) + if (error) { + krb5_set_error_string (context, "%s: %s", string, gai_strerror(error)); return krb5_eai_to_heim_errno(error); + } n = 0; for (a = ai; a != NULL; a = a->ai_next) @@ -532,7 +555,7 @@ krb5_parse_address(krb5_context context, ALLOC_SEQ(addresses, n); for (a = ai, i = 0; a != NULL; a = a->ai_next, ++i) { - krb5_sockaddr2address (ai->ai_addr, &addresses->val[i]); + krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]); } freeaddrinfo (ai); return 0; diff --git a/lib/krb5/address.c b/lib/krb5/address.c index 5f053a9a3..f07c2b817 100644 --- a/lib/krb5/address.c +++ b/lib/krb5/address.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -128,8 +128,10 @@ krb5_append_addresses(krb5_context context, int i; if(source->len > 0) { tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string(context, "realloc: out of memory"); return ENOMEM; + } dest->val = tmp; for(i = 0; i < source->len; i++) { /* skip duplicates */ @@ -151,18 +153,22 @@ krb5_append_addresses(krb5_context context, */ krb5_error_code -krb5_make_addrport (krb5_address **res, const krb5_address *addr, int16_t port) +krb5_make_addrport (krb5_context context, + krb5_address **res, const krb5_address *addr, int16_t port) { krb5_error_code ret; size_t len = addr->address.length + 2 + 4 * 4; u_char *p; *res = malloc (sizeof(**res)); - if (*res == NULL) + if (*res == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } (*res)->addr_type = KRB5_ADDRESS_ADDRPORT; ret = krb5_data_alloc (&(*res)->address, len); if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); free (*res); return ret; } diff --git a/lib/krb5/appdefault.c b/lib/krb5/appdefault.c index 857511dfe..9f089b6b3 100644 --- a/lib/krb5/appdefault.c +++ b/lib/krb5/appdefault.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/lib/krb5/auth_context.c b/lib/krb5/auth_context.c index 4f469df11..39833fd6f 100644 --- a/lib/krb5/auth_context.c +++ b/lib/krb5/auth_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,11 +42,14 @@ krb5_auth_con_init(krb5_context context, krb5_auth_context p; ALLOC(p, 1); - if(!p) + if(!p) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memset(p, 0, sizeof(*p)); ALLOC(p->authenticator, 1); if (!p->authenticator) { + krb5_set_error_string(context, "malloc: out of memory"); free(p); return ENOMEM; } @@ -146,11 +149,13 @@ krb5_auth_con_genaddrs(krb5_context context, len = sizeof(ss_local); if(getsockname(fd, local, &len) < 0) { ret = errno; + krb5_set_error_string (context, "getsockname: %s", + strerror(ret)); goto out; } - krb5_sockaddr2address (local, &local_k_address); + krb5_sockaddr2address (context, local, &local_k_address); if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) { - krb5_sockaddr2port (local, &auth_context->local_port); + krb5_sockaddr2port (context, local, &auth_context->local_port); } else auth_context->local_port = 0; lptr = &local_k_address; @@ -160,11 +165,12 @@ krb5_auth_con_genaddrs(krb5_context context, len = sizeof(ss_remote); if(getpeername(fd, remote, &len) < 0) { ret = errno; + krb5_set_error_string (context, "getpeername: %s", strerror(ret)); goto out; } - krb5_sockaddr2address (remote, &remote_k_address); + krb5_sockaddr2address (context, remote, &remote_k_address); if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) { - krb5_sockaddr2port (remote, &auth_context->remote_port); + krb5_sockaddr2port (context, remote, &auth_context->remote_port); } else auth_context->remote_port = 0; rptr = &remote_k_address; @@ -205,8 +211,10 @@ krb5_auth_con_getaddrs(krb5_context context, if(*local_addr) krb5_free_address (context, *local_addr); *local_addr = malloc (sizeof(**local_addr)); - if (*local_addr == NULL) + if (*local_addr == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } krb5_copy_address(context, auth_context->local_address, *local_addr); @@ -214,8 +222,12 @@ krb5_auth_con_getaddrs(krb5_context context, if(*remote_addr) krb5_free_address (context, *remote_addr); *remote_addr = malloc (sizeof(**remote_addr)); - if (*remote_addr == NULL) + if (*remote_addr == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_free_address (context, *local_addr); + *local_addr = NULL; return ENOMEM; + } krb5_copy_address(context, auth_context->remote_address, *remote_addr); @@ -390,8 +402,10 @@ krb5_auth_getauthenticator(krb5_context context, krb5_authenticator *authenticator) { *authenticator = malloc(sizeof(**authenticator)); - if (*authenticator == NULL) + if (*authenticator == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } copy_Authenticator(auth_context->authenticator, *authenticator); diff --git a/lib/krb5/build_ap_req.c b/lib/krb5/build_ap_req.c index a8ff8c379..e9a749ab1 100644 --- a/lib/krb5/build_ap_req.c +++ b/lib/krb5/build_ap_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -68,9 +68,10 @@ krb5_build_ap_req (krb5_context context, retdata->length = length_AP_REQ(&ap); retdata->data = malloc(retdata->length); - if(retdata->data == NULL) + if(retdata->data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; - else + } else encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1, retdata->length, &ap, &len); free_AP_REQ(&ap); diff --git a/lib/krb5/build_auth.c b/lib/krb5/build_auth.c index 09d987089..66d14d8d2 100644 --- a/lib/krb5/build_auth.c +++ b/lib/krb5/build_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -53,8 +53,10 @@ krb5_build_authenticator (krb5_context context, krb5_crypto crypto; auth = malloc(sizeof(*auth)); - if (auth == NULL) + if (auth == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memset (auth, 0, sizeof(*auth)); auth->authenticator_vno = 5; @@ -100,6 +102,7 @@ krb5_build_authenticator (krb5_context context, buf_size = 1024; buf = malloc (buf_size); if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto fail; } @@ -116,6 +119,7 @@ krb5_build_authenticator (krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto fail; } diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c index a8dde1ee7..091dd97b4 100644 --- a/lib/krb5/cache.c +++ b/lib/krb5/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -46,32 +46,42 @@ krb5_cc_register(krb5_context context, const krb5_cc_ops *ops, krb5_boolean override) { + char *prefix_copy; int i; for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) { if(override) free(context->cc_ops[i].prefix); - else + else { + krb5_set_error_string(context, + "ccache type %s already exists", + ops->prefix); return KRB5_CC_TYPE_EXISTS; + } } } + prefix_copy = strdup(ops->prefix); + if (prefix_copy == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } if(i == context->num_cc_ops) { krb5_cc_ops *o = realloc(context->cc_ops, (context->num_cc_ops + 1) * sizeof(*context->cc_ops)); - if(o == NULL) + if(o == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free(prefix_copy); return KRB5_CC_NOMEM; + } context->num_cc_ops++; context->cc_ops = o; memset(context->cc_ops + i, 0, (context->num_cc_ops - i) * sizeof(*context->cc_ops)); } memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i])); - context->cc_ops[i].prefix = strdup(ops->prefix); - if(context->cc_ops[i].prefix == NULL) - return KRB5_CC_NOMEM; - + context->cc_ops[i].prefix = prefix_copy; return 0; } @@ -91,8 +101,10 @@ allocate_ccache (krb5_context context, krb5_ccache p; p = malloc(sizeof(*p)); - if(p == NULL) + if(p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } p->ops = ops; *id = p; ret = p->ops->resolve(context, id, residual); @@ -126,8 +138,10 @@ krb5_cc_resolve(krb5_context context, } if (strchr (name, ':') == NULL) return allocate_ccache (context, &krb5_fcc_ops, name, id); - else + else { + krb5_set_error_string(context, "unknown ccache type %s", name); return KRB5_CC_UNKNOWN_TYPE; + } } /* @@ -143,8 +157,10 @@ krb5_cc_gen_new(krb5_context context, krb5_ccache p; p = malloc (sizeof(*p)); - if (p == NULL) + if (p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } p->ops = ops; *id = p; return p->ops->gen_new(context, id); @@ -356,8 +372,12 @@ krb5_cc_remove_cred(krb5_context context, krb5_flags which, krb5_creds *cred) { - if(id->ops->remove_cred == NULL) + if(id->ops->remove_cred == NULL) { + krb5_set_error_string(context, + "ccache %s does not support remove_cred", + id->ops->prefix); return EACCES; /* XXX */ + } return (*id->ops->remove_cred)(context, id, which, cred); } diff --git a/lib/krb5/changepw.c b/lib/krb5/changepw.c index cf09ea296..9312fb88c 100644 --- a/lib/krb5/changepw.c +++ b/lib/krb5/changepw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -38,12 +38,14 @@ RCSID("$Id$"); static krb5_error_code get_kdc_address (krb5_context context, krb5_realm realm, - struct addrinfo **ai) + struct addrinfo **ai, + char **ret_host) { krb5_error_code ret; char **hostlist; int port = 0; int error; + char *host; ret = krb5_get_krb_changepw_hst (context, &realm, @@ -51,12 +53,22 @@ get_kdc_address (krb5_context context, if (ret) return ret; - port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT)); - error = roken_getaddrinfo_hostspec2(*hostlist, SOCK_DGRAM, port, ai); + host = strdup(*hostlist); + krb5_free_krbhst(context, hostlist); + if (host == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } - krb5_free_krbhst (context, hostlist); - if(error) + port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT)); + error = roken_getaddrinfo_hostspec2(host, SOCK_DGRAM, port, ai); + + if(error) { + krb5_set_error_string(context, "resolving %s: %s", + host, gai_strerror(error)); return krb5_eai_to_heim_errno(error); + } + *ret_host = host; return 0; } @@ -67,7 +79,8 @@ send_request (krb5_context context, int sock, struct sockaddr *sa, int sa_size, - char *passwd) + char *passwd, + const char *host) { krb5_error_code ret; krb5_data ap_req_data; @@ -129,8 +142,10 @@ send_request (krb5_context context, iov[2].iov_base = krb_priv_data.data; iov[2].iov_len = krb_priv_data.length; - if (sendmsg (sock, &msghdr, 0) < 0) + if (sendmsg (sock, &msghdr, 0) < 0) { ret = errno; + krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret)); + } krb5_data_free (&krb_priv_data); out2: @@ -161,17 +176,23 @@ process_reply (krb5_context context, int sock, int *result_code, krb5_data *result_code_string, - krb5_data *result_string) + krb5_data *result_string, + const char *host) { krb5_error_code ret; u_char reply[BUFSIZ]; size_t len; u_int16_t pkt_len, pkt_ver; krb5_data ap_rep_data; + int save_errno; ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); - if (ret < 0) - return errno; + if (ret < 0) { + save_errno = errno; + krb5_set_error_string(context, "recvfrom %s: %s", + host, strerror(save_errno)); + return save_errno; + } len = ret; pkt_len = (reply[0] << 8) | (reply[1]); @@ -243,7 +264,7 @@ process_reply (krb5_context context, } if (error.e_data->length < 2) { krb5_warnx (context, "too short e_data to print anything usable"); - return 1; + return 1; /* XXX */ } p = error.e_data->data; @@ -255,6 +276,12 @@ process_reply (krb5_context context, } } +/* + * change the password using the credentials in `creds' (for the + * principal indicated in them) to `newpw', storing the result of + * the operation in `result_*' and an error code or 0. + */ + krb5_error_code krb5_change_password (krb5_context context, krb5_creds *creds, @@ -269,12 +296,13 @@ krb5_change_password (krb5_context context, int i; struct addrinfo *ai, *a; int done = 0; + char *host = NULL; ret = krb5_auth_con_init (context, &auth_context); if (ret) return ret; - ret = get_kdc_address (context, creds->client->realm, &ai); + ret = get_kdc_address (context, creds->client->realm, &ai, &host); if (ret) goto out; @@ -297,7 +325,8 @@ krb5_change_password (krb5_context context, sock, a->ai_addr, a->ai_addrlen, - newpw); + newpw, + host); if (ret) { close(sock); goto out; @@ -305,6 +334,7 @@ krb5_change_password (krb5_context context, } if (sock >= FD_SETSIZE) { + krb5_set_error_string(context, "fd %d too large", sock); ret = ERANGE; close (sock); goto out; @@ -326,7 +356,8 @@ krb5_change_password (krb5_context context, sock, result_code, result_code_string, - result_string); + result_string, + host); if (ret == 0) done = 1; else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL) @@ -341,8 +372,16 @@ krb5_change_password (krb5_context context, out: krb5_auth_con_free (context, auth_context); + free (host); if (done) return 0; - else + else { + if (ret == KRB5_KDC_UNREACH) + krb5_set_error_string(context, + "failed to reach kpasswd server %s " + "in realm %s", + host, creds->client->realm); + return ret; + } } diff --git a/lib/krb5/config_file.c b/lib/krb5/config_file.c index 1820c9a93..d3d56cfd6 100644 --- a/lib/krb5/config_file.c +++ b/lib/krb5/config_file.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999, 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -36,15 +36,16 @@ RCSID("$Id$"); #ifndef HAVE_NETINFO -static int parse_section(char *p, krb5_config_section **s, - krb5_config_section **res, - char **error_message); -static int parse_binding(FILE *f, unsigned *lineno, char *p, - krb5_config_binding **b, - krb5_config_binding **parent, - char **error_message); -static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent, - char **error_message); +static krb5_error_code parse_section(char *p, krb5_config_section **s, + krb5_config_section **res, + char **error_message); +static krb5_error_code parse_binding(FILE *f, unsigned *lineno, char *p, + krb5_config_binding **b, + krb5_config_binding **parent, + char **error_message); +static krb5_error_code parse_list(FILE *f, unsigned *lineno, + krb5_config_binding **parent, + char **error_message); /* * Parse a section: @@ -61,7 +62,7 @@ static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent, * Store the error message in `error_message'. */ -static int +static krb5_error_code parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, char **error_message) { @@ -71,18 +72,18 @@ parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, p1 = strchr (p + 1, ']'); if (p1 == NULL) { *error_message = "missing ]"; - return -1; + return KRB5_CONFIG_BADFORMAT; } *p1 = '\0'; tmp = malloc(sizeof(*tmp)); if (tmp == NULL) { *error_message = "out of memory"; - return -1; + return KRB5_CONFIG_BADFORMAT; } tmp->name = strdup(p+1); if (tmp->name == NULL) { *error_message = "out of memory"; - return -1; + return KRB5_CONFIG_BADFORMAT; } tmp->type = krb5_config_list; tmp->u.list = NULL; @@ -133,7 +134,7 @@ parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent, } *lineno = beg_lineno; *error_message = "unclosed {"; - return -1; + return KRB5_CONFIG_BADFORMAT; } /* @@ -154,14 +155,14 @@ parse_binding(FILE *f, unsigned *lineno, char *p, ++p; if (*p == '\0') { *error_message = "no ="; - return -1; + return KRB5_CONFIG_BADFORMAT; } p2 = p; while (isspace((unsigned char)*p)) ++p; if (*p != '=') { *error_message = "no ="; - return -1; + return KRB5_CONFIG_BADFORMAT; } ++p; while(isspace((unsigned char)*p)) @@ -169,7 +170,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p, tmp = malloc(sizeof(*tmp)); if (tmp == NULL) { *error_message = "out of memory"; - return -1; + return KRB5_CONFIG_BADFORMAT; } *p2 = '\0'; tmp->name = strdup(p1); @@ -200,7 +201,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p, * returning error messages in `error_message' */ -krb5_error_code +static krb5_error_code krb5_config_parse_file_debug (const char *fname, krb5_config_section **res, unsigned *lineno, @@ -210,7 +211,7 @@ krb5_config_parse_file_debug (const char *fname, krb5_config_section *s; krb5_config_binding *b; char buf[BUFSIZ]; - int ret = 0; + krb5_error_code ret = 0; s = NULL; b = NULL; @@ -240,7 +241,7 @@ krb5_config_parse_file_debug (const char *fname, b = NULL; } else if (*p == '}') { *error_message = "unmatched }"; - ret = -1; + ret = EINVAL; /* XXX */ goto out; } else if(*p != '\0') { ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message); @@ -254,12 +255,20 @@ out: } krb5_error_code -krb5_config_parse_file (const char *fname, krb5_config_section **res) +krb5_config_parse_file (krb5_context context, + const char *fname, + krb5_config_section **res) { - char *foo; + char *str; unsigned lineno; + krb5_error_code ret; - return krb5_config_parse_file_debug (fname, res, &lineno, &foo); + ret = krb5_config_parse_file_debug (fname, res, &lineno, &str); + if (ret) { + krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str); + return ret; + } + return 0; } #endif /* !HAVE_NETINFO */ diff --git a/lib/krb5/config_file_netinfo.c b/lib/krb5/config_file_netinfo.c index 6d091b726..ad93d1ec3 100644 --- a/lib/krb5/config_file_netinfo.c +++ b/lib/krb5/config_file_netinfo.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -131,7 +131,9 @@ ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret) } krb5_error_code -krb5_config_parse_file (const char *fname, krb5_config_section **res) +krb5_config_parse_file (krb5_context context, + const char *fname, + krb5_config_section **res) { void *ni = NULL, *lastni = NULL; int i; diff --git a/lib/krb5/context.c b/lib/krb5/context.c index 12dacff25..8f9aa638e 100644 --- a/lib/krb5/context.c +++ b/lib/krb5/context.c @@ -60,6 +60,7 @@ set_etypes (krb5_context context, etypes = malloc((i+1) * sizeof(*etypes)); if (etypes == NULL) { krb5_config_free_strings (etypes_str); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } for(j = 0, k = 0; j < i; j++) { @@ -172,7 +173,7 @@ krb5_init_context(krb5_context *context) if (config_file == NULL) config_file = krb5_config_file; - ret = krb5_config_parse_file (config_file, &tmp_cf); + ret = krb5_config_parse_file (p, config_file, &tmp_cf); if (ret == 0) p->cf = tmp_cf; @@ -214,7 +215,7 @@ krb5_free_context(krb5_context context) */ static krb5_error_code -default_etypes(krb5_enctype **etype) +default_etypes(krb5_context context, krb5_enctype **etype) { krb5_enctype p[] = { ETYPE_DES3_CBC_SHA1, @@ -225,9 +226,12 @@ default_etypes(krb5_enctype **etype) ETYPE_DES_CBC_CRC, ETYPE_NULL }; + *etype = malloc(sizeof(p)); - if(*etype == NULL) + if(*etype == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memcpy(*etype, p, sizeof(p)); return 0; } @@ -240,14 +244,18 @@ krb5_set_default_in_tkt_etypes(krb5_context context, krb5_enctype *p = NULL; if(etypes) { - i = 0; - while(etypes[i]) - if(!krb5_enctype_valid(context, etypes[i++])) + for (i = 0; etypes[i]; ++i) + if(!krb5_enctype_valid(context, etypes[i])) { + krb5_set_error_string(context, "enctype %d not supported", + etypes[i]); return KRB5_PROG_ETYPE_NOSUPP; + } ++i; ALLOC(p, i); - if(!p) + if(!p) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memmove(p, etypes, i * sizeof(krb5_enctype)); } if(context->etypes) @@ -263,17 +271,22 @@ krb5_get_default_in_tkt_etypes(krb5_context context, { krb5_enctype *p; int i; + krb5_error_code ret; if(context->etypes) { for(i = 0; context->etypes[i]; i++); ++i; ALLOC(p, i); - if(!p) + if(!p) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memmove(p, context->etypes, i * sizeof(krb5_enctype)); - } else - if(default_etypes(&p)) - return ENOMEM; + } else { + ret = default_etypes(context, &p); + if (ret) + return ret; + } *etypes = p; return 0; } @@ -329,8 +342,10 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) } if(context->extra_addresses == NULL) { context->extra_addresses = malloc(sizeof(*context->extra_addresses)); - if(context->extra_addresses == NULL) + if(context->extra_addresses == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } } return krb5_copy_addresses(context, addresses, context->extra_addresses); } diff --git a/lib/krb5/convert_creds.c b/lib/krb5/convert_creds.c index e6e508728..5990af74b 100644 --- a/lib/krb5/convert_creds.c +++ b/lib/krb5/convert_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1999, 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -196,6 +196,7 @@ krb524_convert_creds_kdc(krb5_context context, sp = krb5_storage_from_mem(reply.data, reply.length); if(sp == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out2; } krb5_ret_int32(sp, &tmp); @@ -203,10 +204,12 @@ krb524_convert_creds_kdc(krb5_context context, if(ret == 0) { memset(v4creds, 0, sizeof(*v4creds)); ret = krb5_ret_int32(sp, &tmp); - if(ret) goto out; + if(ret) + goto out; v4creds->kvno = tmp; ret = krb5_ret_data(sp, &ticket); - if(ret) goto out; + if(ret) + goto out; v4creds->ticket_st.length = ticket.length; memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length); krb5_data_free(&ticket); @@ -215,7 +218,8 @@ krb524_convert_creds_kdc(krb5_context context, v4creds->service, v4creds->instance, v4creds->realm); - if(ret) goto out; + if(ret) + goto out; v4creds->issue_date = v5_creds->times.authtime; v4creds->lifetime = _krb_time_to_life(v4creds->issue_date, v5_creds->times.endtime); @@ -223,7 +227,8 @@ krb524_convert_creds_kdc(krb5_context context, v4creds->pname, v4creds->pinst, realm); - if(ret) goto out; + if(ret) + goto out; memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); } out: diff --git a/lib/krb5/copy_host_realm.c b/lib/krb5/copy_host_realm.c index cdddeda50..68049a73f 100644 --- a/lib/krb5/copy_host_realm.c +++ b/lib/krb5/copy_host_realm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -51,14 +51,17 @@ krb5_copy_host_realm(krb5_context context, ++n; ++n; *to = malloc (n * sizeof(**to)); - if (*to == NULL) + if (*to == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } for (i = 0; i < n; ++i) (*to)[i] = NULL; for (i = 0, p = from; *p != NULL; ++p, ++i) { (*to)[i] = strdup(*p); if ((*to)[i] == NULL) { krb5_free_host_realm (context, *to); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } } diff --git a/lib/krb5/creds.c b/lib/krb5/creds.c index fa648a6cb..de001f41b 100644 --- a/lib/krb5/creds.c +++ b/lib/krb5/creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -108,8 +108,10 @@ krb5_copy_creds (krb5_context context, krb5_creds *c; c = malloc (sizeof (*c)); - if (c == NULL) + if (c == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memset (c, 0, sizeof(*c)); *outcred = c; return krb5_copy_creds_contents (context, incred, c); diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index c5fc050e8..1be93b048 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -115,7 +115,8 @@ struct encryption_type { struct checksum_type *checksum; struct checksum_type *keyed_checksum; unsigned flags; - krb5_error_code (*encrypt)(struct key_data *key, + krb5_error_code (*encrypt)(krb5_context context, + struct key_data *key, void *data, size_t len, krb5_boolean encrypt, int usage, @@ -168,8 +169,10 @@ DES_string_to_key(krb5_context context, len = password.length + salt.saltvalue.length + 1; s = malloc(len); - if(s == NULL) + if(s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(s, password.data, password.length); memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); s[len - 1] = '\0'; @@ -335,8 +338,10 @@ DES3_string_to_key(krb5_context context, len = password.length + salt.saltvalue.length; str = malloc(len); - if(len != 0 && str == NULL) + if(len != 0 && str == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(str, password.data, password.length); memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); { @@ -387,8 +392,10 @@ DES3_string_to_key_derived(krb5_context context, char *s; s = malloc(len); - if(len != 0 && s == NULL) + if(len != 0 && s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(s, password.data, password.length); memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); ret = krb5_string_to_key_derived(context, @@ -433,8 +440,10 @@ ARCFOUR_string_to_key(krb5_context context, len = 2 * password.length; s = malloc (len); - if (len != 0 && s == NULL) + if (len != 0 && s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } for (p = s, i = 0; i < password.length; ++i) { *p++ = ((char *)password.data)[i]; *p++ = 0; @@ -579,16 +588,22 @@ krb5_salttype_to_string (krb5_context context, struct salt_type *st; e = _find_enctype (etype); - if (e == NULL) + if (e == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; + } for (st = e->keytype->string_to_key; st && st->type; st++) { if (st->type == stype) { *string = strdup (st->name); - if (*string == NULL) + if (*string == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } return 0; } } + krb5_set_error_string(context, "salttype %d not supported", stype); return HEIM_ERR_SALTTYPE_NOSUPP; } @@ -602,14 +617,18 @@ krb5_string_to_salttype (krb5_context context, struct salt_type *st; e = _find_enctype (etype); - if (e == NULL) + if (e == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; + } for (st = e->keytype->string_to_key; st && st->type; st++) { if (strcasecmp (st->name, string) == 0) { *salttype = st->type; return 0; } } + krb5_set_error_string(context, "salttype %s not supported", string); return HEIM_ERR_SALTTYPE_NOSUPP; } @@ -695,11 +714,16 @@ krb5_string_to_key_data_salt (krb5_context context, { struct encryption_type *et =_find_enctype(enctype); struct salt_type *st; - if(et == NULL) + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + enctype); return KRB5_PROG_ETYPE_NOSUPP; + } for(st = et->keytype->string_to_key; st && st->type; st++) if(st->type == salt.salttype) return (*st->string_to_key)(context, enctype, password, salt, key); + krb5_set_error_string(context, "salt type %d not supported", + salt.salttype); return HEIM_ERR_SALTTYPE_NOSUPP; } @@ -728,11 +752,15 @@ krb5_keytype_to_string(krb5_context context, char **string) { struct key_type *kt = _find_keytype(keytype); - if(kt == NULL) + if(kt == NULL) { + krb5_set_error_string(context, "key type %d not supported", keytype); return KRB5_PROG_KEYTYPE_NOSUPP; + } *string = strdup(kt->name); - if(*string == NULL) + if(*string == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } return 0; } @@ -747,6 +775,7 @@ krb5_string_to_keytype(krb5_context context, *keytype = keytypes[i]->type; return 0; } + krb5_set_error_string(context, "key type %s not supported", string); return KRB5_PROG_KEYTYPE_NOSUPP; } @@ -757,8 +786,11 @@ krb5_generate_random_keyblock(krb5_context context, { krb5_error_code ret; struct encryption_type *et = _find_enctype(type); - if(et == NULL) + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); return KRB5_PROG_ETYPE_NOSUPP; + } ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); if(ret) return ret; @@ -784,8 +816,10 @@ _key_schedule(krb5_context context, if (key->schedule != NULL) return 0; ALLOC(key->schedule, 1); - if(key->schedule == NULL) + if(key->schedule == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_data_alloc(key->schedule, kt->schedule_size); if(ret) { free(key->schedule); @@ -894,8 +928,10 @@ RSA_MD4_DES_verify(krb5_context context, MD4_Update (&md4, tmp, 8); /* confounder */ MD4_Update (&md4, data, len); MD4_Final (res, &md4); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) + if(memcmp(res, tmp + 8, sizeof(res)) != 0) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } memset(tmp, 0, sizeof(tmp)); memset(res, 0, sizeof(res)); return ret; @@ -968,8 +1004,10 @@ RSA_MD5_DES_verify(krb5_context context, MD5_Update (&md5, tmp, 8); /* confounder */ MD5_Update (&md5, data, len); MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) + if(memcmp(res, tmp + 8, sizeof(res)) != 0) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } memset(tmp, 0, sizeof(tmp)); memset(res, 0, sizeof(res)); return ret; @@ -1028,8 +1066,10 @@ RSA_MD5_DES3_verify(krb5_context context, MD5_Update (&md5, tmp, 8); /* confounder */ MD5_Update (&md5, data, len); MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) + if(memcmp(res, tmp + 8, sizeof(res)) != 0) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } memset(tmp, 0, sizeof(tmp)); memset(res, 0, sizeof(res)); return ret; @@ -1357,8 +1397,10 @@ get_checksum_key(krb5_context context, int i; *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */); - if(*key == NULL) + if(*key == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key); if(ret) return ret; @@ -1386,8 +1428,10 @@ do_checksum (krb5_context context, int keyed_checksum; keyed_checksum = (ct->flags & F_KEYED) != 0; - if(keyed_checksum && crypto == NULL) + if(keyed_checksum && crypto == NULL) { + krb5_clear_error_string (context); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ + } if(keyed_checksum) { ret = get_checksum_key(context, crypto, usage, ct, &dkey); if (ret) @@ -1419,8 +1463,11 @@ create_checksum(krb5_context context, ct = crypto->et->checksum; } - if(ct == NULL) + if(ct == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; + } return do_checksum (context, ct, crypto, usage, data, len, result); } @@ -1453,13 +1500,20 @@ verify_checksum(krb5_context context, struct checksum_type *ct; ct = _find_checksum(cksum->cksumtype); - if(ct == NULL) + if(ct == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + cksum->cksumtype); return KRB5_PROG_SUMTYPE_NOSUPP; - if(ct->checksumsize != cksum->checksum.length) + } + if(ct->checksumsize != cksum->checksum.length) { + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ + } keyed_checksum = (ct->flags & F_KEYED) != 0; - if(keyed_checksum && crypto == NULL) + if(keyed_checksum && crypto == NULL) { + krb5_clear_error_string (context); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ + } if(keyed_checksum) ret = get_checksum_key(context, crypto, usage, ct, &dkey); else @@ -1474,10 +1528,12 @@ verify_checksum(krb5_context context, (*ct->checksum)(context, dkey, data, len, usage, &c); if(c.checksum.length != cksum->checksum.length || - memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) + memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - else + } else { ret = 0; + } krb5_data_free (&c.checksum); return ret; } @@ -1500,8 +1556,11 @@ krb5_checksumsize(krb5_context context, size_t *size) { struct checksum_type *ct = _find_checksum(type); - if(ct == NULL) + if(ct == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; + } *size = ct->checksumsize; return 0; } @@ -1511,8 +1570,11 @@ krb5_checksum_is_keyed(krb5_context context, krb5_cksumtype type) { struct checksum_type *ct = _find_checksum(type); - if(ct == NULL) + if(ct == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; + } return ct->flags & F_KEYED; } @@ -1521,8 +1583,11 @@ krb5_checksum_is_collision_proof(krb5_context context, krb5_cksumtype type) { struct checksum_type *ct = _find_checksum(type); - if(ct == NULL) + if(ct == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; + } return ct->flags & F_CPROOF; } @@ -1531,7 +1596,8 @@ krb5_checksum_is_collision_proof(krb5_context context, ************************************************************/ static krb5_error_code -NULL_encrypt(struct key_data *key, +NULL_encrypt(krb5_context context, + struct key_data *key, void *data, size_t len, krb5_boolean encrypt, @@ -1542,7 +1608,8 @@ NULL_encrypt(struct key_data *key, } static krb5_error_code -DES_CBC_encrypt_null_ivec(struct key_data *key, +DES_CBC_encrypt_null_ivec(krb5_context context, + struct key_data *key, void *data, size_t len, krb5_boolean encrypt, @@ -1557,7 +1624,8 @@ DES_CBC_encrypt_null_ivec(struct key_data *key, } static krb5_error_code -DES_CBC_encrypt_key_ivec(struct key_data *key, +DES_CBC_encrypt_key_ivec(krb5_context context, + struct key_data *key, void *data, size_t len, krb5_boolean encrypt, @@ -1572,7 +1640,8 @@ DES_CBC_encrypt_key_ivec(struct key_data *key, } static krb5_error_code -DES3_CBC_encrypt(struct key_data *key, +DES3_CBC_encrypt(krb5_context context, + struct key_data *key, void *data, size_t len, krb5_boolean encrypt, @@ -1587,7 +1656,8 @@ DES3_CBC_encrypt(struct key_data *key, } static krb5_error_code -DES3_CBC_encrypt_ivec(struct key_data *key, +DES3_CBC_encrypt_ivec(krb5_context context, + struct key_data *key, void *data, size_t len, krb5_boolean encrypt, @@ -1601,7 +1671,8 @@ DES3_CBC_encrypt_ivec(struct key_data *key, } static krb5_error_code -DES_CFB64_encrypt_null_ivec(struct key_data *key, +DES_CFB64_encrypt_null_ivec(krb5_context context, + struct key_data *key, void *data, size_t len, krb5_boolean encrypt, @@ -1618,7 +1689,8 @@ DES_CFB64_encrypt_null_ivec(struct key_data *key, } static krb5_error_code -DES_PCBC_encrypt_key_ivec(struct key_data *key, +DES_PCBC_encrypt_key_ivec(krb5_context context, + struct key_data *key, void *data, size_t len, krb5_boolean encrypt, @@ -1640,7 +1712,8 @@ DES_PCBC_encrypt_key_ivec(struct key_data *key, */ static krb5_error_code -ARCFOUR_subencrypt(struct key_data *key, +ARCFOUR_subencrypt(krb5_context context, + struct key_data *key, void *data, size_t len, int usage, @@ -1695,7 +1768,8 @@ ARCFOUR_subencrypt(struct key_data *key, } static krb5_error_code -ARCFOUR_subdecrypt(struct key_data *key, +ARCFOUR_subdecrypt(krb5_context context, + struct key_data *key, void *data, size_t len, int usage, @@ -1749,10 +1823,12 @@ ARCFOUR_subdecrypt(struct key_data *key, memset (k2_c_data, 0, sizeof(k2_c_data)); memset (k3_c_data, 0, sizeof(k3_c_data)); - if (memcmp (cksum.checksum.data, data, 16) != 0) + if (memcmp (cksum.checksum.data, data, 16) != 0) { + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BAD_INTEGRITY; - else + } else { return 0; + } } /* @@ -1802,7 +1878,8 @@ usage2arcfour (int usage) } static krb5_error_code -ARCFOUR_encrypt(struct key_data *key, +ARCFOUR_encrypt(krb5_context context, + struct key_data *key, void *data, size_t len, krb5_boolean encrypt, @@ -1812,9 +1889,9 @@ ARCFOUR_encrypt(struct key_data *key, usage = usage2arcfour (usage); if (encrypt) - return ARCFOUR_subencrypt (key, data, len, usage, ivec); + return ARCFOUR_subencrypt (context, key, data, len, usage, ivec); else - return ARCFOUR_subdecrypt (key, data, len, usage, ivec); + return ARCFOUR_subdecrypt (context, key, data, len, usage, ivec); } @@ -2003,11 +2080,16 @@ krb5_enctype_to_string(krb5_context context, { struct encryption_type *e; e = _find_enctype(etype); - if(e == NULL) + if(e == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; + } *string = strdup(e->name); - if(*string == NULL) + if(*string == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } return 0; } @@ -2022,6 +2104,8 @@ krb5_string_to_enctype(krb5_context context, *etype = etypes[i]->type; return 0; } + krb5_set_error_string (context, "encryption type %s not supported", + string); return KRB5_PROG_ETYPE_NOSUPP; } @@ -2031,8 +2115,11 @@ krb5_enctype_to_keytype(krb5_context context, krb5_keytype *keytype) { struct encryption_type *e = _find_enctype(etype); - if(e == NULL) + if(e == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; + } *keytype = e->keytype->type; /* XXX */ return 0; } @@ -2068,8 +2155,10 @@ krb5_keytype_to_enctypes (krb5_context context, ++n; } ret = malloc(n * sizeof(int)); - if (ret == NULL && n != 0) + if (ret == NULL && n != 0) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } n = 0; for (i = num_etypes - 1; i >= 0; --i) { if (etypes[i]->keytype->type == keytype @@ -2101,8 +2190,10 @@ krb5_keytype_to_enctypes_default (krb5_context context, for (n = 0; context->etypes_des[n]; ++n) ; ret = malloc (n * sizeof(*ret)); - if (ret == NULL && n != 0) + if (ret == NULL && n != 0) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } for (i = 0; i < n; ++i) ret[i] = context->etypes_des[i]; *len = n; @@ -2183,6 +2274,7 @@ encrypt_internal_derived(krb5_context context, &cksum); if(ret == 0 && cksum.checksum.length != checksum_sz) { free_Checksum (&cksum); + krb5_clear_error_string (context); ret = KRB5_CRYPTO_INTERNAL; } if(ret) { @@ -2207,7 +2299,7 @@ encrypt_internal_derived(krb5_context context, #ifdef CRYPTO_DEBUG krb5_crypto_debug(context, 1, block_sz, dkey->key); #endif - (*et->encrypt)(dkey, p, block_sz, 1, usage, ivec); + (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec); result->data = p; result->length = block_sz + checksum_sz; return 0; @@ -2232,8 +2324,10 @@ encrypt_internal(krb5_context context, sz = et->confoundersize + checksum_sz + len; block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */ p = calloc(1, block_sz); - if(p == NULL) + if(p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } q = p; krb5_generate_random_block(q, et->confoundersize); /* XXX */ @@ -2249,8 +2343,10 @@ encrypt_internal(krb5_context context, p, block_sz, &cksum); - if(ret == 0 && cksum.checksum.length != checksum_sz) + if(ret == 0 && cksum.checksum.length != checksum_sz) { + krb5_clear_error_string (context); ret = KRB5_CRYPTO_INTERNAL; + } if(ret) { memset(p, 0, block_sz); free(p); @@ -2268,7 +2364,7 @@ encrypt_internal(krb5_context context, #ifdef CRYPTO_DEBUG krb5_crypto_debug(context, 1, block_sz, crypto->key.key); #endif - (*et->encrypt)(&crypto->key, p, block_sz, 1, 0, ivec); + (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec); result->data = p; result->length = block_sz; return 0; @@ -2289,15 +2385,17 @@ encrypt_internal_special(krb5_context context, char *tmp, *p; tmp = malloc (sz); - if (tmp == NULL) + if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } p = tmp; memset (p, 0, cksum_sz); p += cksum_sz; krb5_generate_random_block(p, et->confoundersize); p += et->confoundersize; memcpy (p, data, len); - (*et->encrypt)(&crypto->key, tmp, sz, TRUE, usage, ivec); + (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec); result->data = tmp; result->length = sz; return 0; @@ -2321,12 +2419,16 @@ decrypt_internal_derived(krb5_context context, unsigned long l; checksum_sz = CHECKSUMSIZE(et->keyed_checksum); - if (len < checksum_sz) - return EINVAL; /* better error code? */ + if (len < checksum_sz) { + krb5_clear_error_string (context); + return EINVAL; /* XXX - better error code? */ + } p = malloc(len); - if(len != 0 && p == NULL) + if(len != 0 && p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(p, data, len); len -= checksum_sz; @@ -2344,7 +2446,7 @@ decrypt_internal_derived(krb5_context context, #ifdef CRYPTO_DEBUG krb5_crypto_debug(context, 0, len, dkey->key); #endif - (*et->encrypt)(dkey, p, len, 0, usage, ivec); + (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); cksum.checksum.data = p + len; cksum.checksum.length = checksum_sz; @@ -2363,8 +2465,9 @@ decrypt_internal_derived(krb5_context context, l = len - et->confoundersize; memmove(p, p + et->confoundersize, l); result->data = realloc(p, l); - if(p == NULL) { + if(result->data == NULL) { free(p); + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } result->length = l; @@ -2387,8 +2490,10 @@ decrypt_internal(krb5_context context, checksum_sz = CHECKSUMSIZE(et->checksum); p = malloc(len); - if(len != 0 && p == NULL) + if(len != 0 && p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(p, data, len); ret = _key_schedule(context, &crypto->key); @@ -2399,7 +2504,7 @@ decrypt_internal(krb5_context context, #ifdef CRYPTO_DEBUG krb5_crypto_debug(context, 0, len, crypto->key.key); #endif - (*et->encrypt)(&crypto->key, p, len, 0, 0, ivec); + (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec); ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz); if(ret) { free(p); @@ -2418,6 +2523,7 @@ decrypt_internal(krb5_context context, result->data = realloc(p, l); if(result->data == NULL) { free(p); + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } result->length = l; @@ -2440,10 +2546,12 @@ decrypt_internal_special(krb5_context context, char *tmp; tmp = malloc (sz); - if (tmp == NULL) + if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } - (*et->encrypt)(&crypto->key, data, len, FALSE, usage, ivec); + (*et->encrypt)(context, &crypto->key, data, len, FALSE, usage, ivec); memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz); @@ -2695,29 +2803,36 @@ derive_key(krb5_context context, len != et->blocksize) { nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); k = malloc(nblocks * et->blocksize); - if(k == NULL) + if(k == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } _krb5_n_fold(constant, len, k, et->blocksize); for(i = 0; i < nblocks; i++) { if(i > 0) memcpy(k + i * et->blocksize, k + (i - 1) * et->blocksize, et->blocksize); - (*et->encrypt)(key, k + i * et->blocksize, et->blocksize, 1, 0, - NULL); + (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize, + 1, 0, NULL); } } else { /* this case is probably broken, but won't be run anyway */ void *c = malloc(len); size_t res_len = (kt->bits + 7) / 8; - if(len != 0 && c == NULL) + if(len != 0 && c == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(c, constant, len); - (*et->encrypt)(key, c, len, 1, 0, NULL); + (*et->encrypt)(context, key, c, len, 1, 0, NULL); k = malloc(res_len); - if(res_len != 0 && k == NULL) + if(res_len != 0 && k == NULL) { + free(c); + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } _krb5_n_fold(c, len, k, res_len); free(c); } @@ -2728,8 +2843,9 @@ derive_key(krb5_context context, DES3_postproc(context, k, nblocks * et->blocksize, key); break; default: - krb5_warnx(context, "derive_key() called with unknown keytype (%u)", - kt->type); + krb5_set_error_string(context, + "derive_key() called with unknown keytype (%u)", + kt->type); ret = KRB5_CRYPTO_INTERNAL; break; } @@ -2765,8 +2881,11 @@ krb5_derive_key(krb5_context context, struct key_data d; et = _find_enctype (etype); - if (et == NULL) + if (et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; + } ret = krb5_copy_keyblock(context, key, derived_key); if (ret) @@ -2797,8 +2916,10 @@ _get_derived_key(krb5_context context, return 0; } d = _new_derived_key(crypto, usage); - if(d == NULL) + if(d == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } krb5_copy_keyblock(context, crypto->key.key, &d->key); _krb5_put_int(constant, usage, 5); derive_key(context, crypto->et, d, constant, sizeof(constant)); @@ -2815,13 +2936,17 @@ krb5_crypto_init(krb5_context context, { krb5_error_code ret; ALLOC(*crypto, 1); - if(*crypto == NULL) + if(*crypto == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } if(etype == ETYPE_NULL) etype = key->keytype; (*crypto)->et = _find_enctype(etype); if((*crypto)->et == NULL) { free(*crypto); + krb5_set_error_string (context, "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; } ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key); @@ -2877,8 +3002,11 @@ krb5_string_to_key_derived(krb5_context context, struct key_data kd; u_char *tmp; - if(et == NULL) + if(et == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; + } ALLOC(kd.key, 1); kd.key->keytype = etype; tmp = malloc (et->keytype->bits / 8); diff --git a/lib/krb5/data.c b/lib/krb5/data.c index c1a972888..45271ab68 100644 --- a/lib/krb5/data.c +++ b/lib/krb5/data.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -100,10 +100,14 @@ krb5_copy_data(krb5_context context, { krb5_error_code ret; ALLOC(*outdata, 1); - if(*outdata == NULL) + if(*outdata == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = copy_octet_string(indata, *outdata); - if(ret) + if(ret) { + krb5_clear_error_string (context); free(*outdata); + } return ret; } diff --git a/lib/krb5/expand_hostname.c b/lib/krb5/expand_hostname.c index 6cf4612b5..a7f12256e 100644 --- a/lib/krb5/expand_hostname.c +++ b/lib/krb5/expand_hostname.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,8 +41,10 @@ copy_hostname(krb5_context context, char **new_hostname) { *new_hostname = strdup (orig_hostname); - if (*new_hostname == NULL) + if (*new_hostname == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } strlwr (*new_hostname); return 0; } @@ -70,10 +72,12 @@ krb5_expand_hostname (krb5_context context, if (a->ai_canonname != NULL) { *new_hostname = strdup (a->ai_canonname); freeaddrinfo (ai); - if (*new_hostname == NULL) + if (*new_hostname == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; - else + } else { return 0; + } } } freeaddrinfo (ai); diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c index 7cf49ef27..c95bad263 100644 --- a/lib/krb5/fcache.c +++ b/lib/krb5/fcache.c @@ -70,11 +70,14 @@ fcc_resolve(krb5_context context, krb5_ccache *id, const char *res) { krb5_fcache *f; f = malloc(sizeof(*f)); - if(f == NULL) + if(f == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } f->filename = strdup(res); if(f->filename == NULL){ free(f); + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; } f->version = 0; @@ -171,18 +174,23 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) krb5_fcache *f; int fd; char *file; + f = malloc(sizeof(*f)); - if(f == NULL) + if(f == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT); if(file == NULL) { free(f); + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; } fd = mkstemp(file); if(fd < 0) { free(f); free(file); + krb5_set_error_string(context, "mkstemp %s", file); return errno; } close(fd); @@ -263,8 +271,11 @@ fcc_initialize(krb5_context context, krb5_storage_free(sp); } if(close(fd) < 0) - if (ret == 0) + if (ret == 0) { ret = errno; + krb5_set_error_string (context, "close %s: %s", filename, + strerror(ret)); + } return ret; } @@ -315,8 +326,10 @@ fcc_store_cred(krb5_context context, krb5_storage_free(sp); } if (close(fd) < 0) - if (ret == 0) + if (ret == 0) { ret = errno; + krb5_set_error_string (context, "close %s: %s", f, strerror(ret)); + } return ret; } @@ -354,8 +367,10 @@ init_fcc (krb5_context context, } sp = krb5_storage_from_fd(fd); ret = krb5_ret_int8(sp, &pvno); - if(ret == KRB5_CC_END) + if(ret == KRB5_CC_END) { + return ENOENT; + } if(ret) return ret; if(pvno != 5) { diff --git a/lib/krb5/generate_subkey.c b/lib/krb5/generate_subkey.c index 015abcd8e..253ce11da 100644 --- a/lib/krb5/generate_subkey.c +++ b/lib/krb5/generate_subkey.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -43,8 +43,10 @@ krb5_generate_subkey(krb5_context context, krb5_error_code ret; ALLOC(*subkey, 1); - if (*subkey == NULL) + if (*subkey == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_generate_random_keyblock(context, key->keytype, *subkey); if(ret) free(*subkey); diff --git a/lib/krb5/get_addrs.c b/lib/krb5/get_addrs.c index 69cf55d60..ac6b4599e 100644 --- a/lib/krb5/get_addrs.c +++ b/lib/krb5/get_addrs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -46,30 +46,39 @@ struct mbuf; #include static krb5_error_code -gethostname_fallback (krb5_addresses *res) +gethostname_fallback (krb5_context context, krb5_addresses *res) { - krb5_error_code err; + krb5_error_code ret; char hostname[MAXHOSTNAMELEN]; struct hostent *hostent; - if (gethostname (hostname, sizeof(hostname))) - return errno; + if (gethostname (hostname, sizeof(hostname))) { + ret = errno; + krb5_set_error_string (context, "gethostname: %s", strerror(ret)); + return ret; + } hostent = roken_gethostbyname (hostname); - if (hostent == NULL) - return errno; + if (hostent == NULL) { + ret = errno; + krb5_set_error_string (context, "gethostbyname %s: %s", + hostname, strerror(ret)); + return ret; + } res->len = 1; res->val = malloc (sizeof(*res->val)); - if (res->val == NULL) + if (res->val == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } res->val[0].addr_type = hostent->h_addrtype; res->val[0].address.data = NULL; res->val[0].address.length = 0; - err = krb5_data_copy (&res->val[0].address, + ret = krb5_data_copy (&res->val[0].address, hostent->h_addr, hostent->h_length); - if (err) { + if (ret) { free (res->val); - return err; + return ret; } return 0; } @@ -96,8 +105,11 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) res->val = NULL; - if (getifaddrs(&ifa0) == -1) - return (errno); + if (getifaddrs(&ifa0) == -1) { + ret = errno; + krb5_set_error_string(context, "getifaddrs: %s", strerror(ret)); + return (ret); + } memset(&sa_zero, 0, sizeof(sa_zero)); @@ -107,6 +119,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) if (num == 0) { freeifaddrs(ifa0); + krb5_set_error_string(context, "no addresses found"); return (ENXIO); } @@ -114,6 +127,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) res->val = calloc(num, sizeof(*res->val)); if (res->val == NULL) { freeifaddrs(ifa0); + krb5_set_error_string (context, "malloc: out of memory"); return (ENOMEM); } @@ -132,7 +146,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) continue; } - ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]); + ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]); if (ret) { /* * The most likely error here is going to be "Program @@ -159,7 +173,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) continue; if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { - ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]); + ret = krb5_sockaddr2address(context, + ifa->ifa_addr, &res->val[idx]); if (ret) { /* * See comment above. @@ -187,7 +202,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags) if (flags & SCAN_INTERFACES) { ret = find_all_addresses (context, res, flags); if(ret || res->len == 0) - ret = gethostname_fallback (res); + ret = gethostname_fallback (context, res); } else ret = 0; diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index a7ad4ce02..98ef0728e 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -56,8 +56,10 @@ make_pa_tgs_req(krb5_context context, buf_size = 1024; buf = malloc (buf_size); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } do { ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size, @@ -69,6 +71,7 @@ make_pa_tgs_req(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -112,8 +115,10 @@ set_auth_data (krb5_context context, len = length_AuthorizationData(authdata); buf = malloc(len); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = encode_AuthorizationData(buf + len - 1, len, authdata, &len); if (ret) { @@ -124,7 +129,8 @@ set_auth_data (krb5_context context, ALLOC(req_body->enc_authorization_data, 1); if (req_body->enc_authorization_data == NULL) { free (buf); - return ret; + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; } ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { @@ -193,6 +199,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.sname, 1); if (t->req_body.sname == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } @@ -208,6 +215,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.till, 1); if(t->req_body.till == NULL){ ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } *t->req_body.till = in_creds->times.endtime; @@ -217,11 +225,13 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ALLOC_SEQ(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets->val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); @@ -231,11 +241,13 @@ init_tgs_req (krb5_context context, ALLOC(t->padata, 1); if (t->padata == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ALLOC_SEQ(t->padata, 1); if (t->padata->val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } @@ -422,6 +434,7 @@ get_cred_kdc_usage(krb5_context context, buf_size = 1024; buf = malloc (buf_size); if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -436,6 +449,7 @@ get_cred_kdc_usage(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -493,13 +507,16 @@ get_cred_kdc_usage(krb5_context context, krb5_free_kdc_rep(context, &rep); if (ret) goto out; - }else if(krb5_rd_error(context, &resp, &error) == 0){ - ret = error.error_code; - free_KRB_ERROR(&error); - }else if(resp.data && ((char*)resp.data)[0] == 4) + } else if(krb5_rd_error(context, &resp, &error) == 0) { + ret = krb5_error_from_rd_error(context, &error, in_creds); + krb5_free_error_contents(context, &error); + } else if(resp.data && ((char*)resp.data)[0] == 4) { ret = KRB5KRB_AP_ERR_V4_REPLY; - else + krb5_clear_error_string(context); + } else { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string(context); + } krb5_data_free(&resp); out: if(subkey){ @@ -525,9 +542,11 @@ get_cred_kdc(krb5_context context, ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH); - if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) + if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + krb5_clear_error_string (context); ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH); + } return ret; } @@ -560,9 +579,12 @@ krb5_get_kdc_cred(krb5_context context, { krb5_error_code ret; krb5_creds *krbtgt; + *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = get_krbtgt (context, id, in_creds->server->realm, @@ -602,6 +624,7 @@ find_cred(krb5_context context, } tgts++; } + krb5_clear_error_string(context); return KRB5_CC_NOTFOUND; } @@ -611,10 +634,13 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) int i; krb5_error_code ret; krb5_creds **tmp = *tgts; + for(i = 0; tmp && tmp[i]; i++); /* XXX */ tmp = realloc(tmp, (i+2)*sizeof(*tmp)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } *tgts = tmp; ret = krb5_copy_creds(context, tkt, &tmp[i]); tmp[i+1] = NULL; @@ -679,9 +705,10 @@ get_cred_from_kdc_flags(krb5_context context, *ret_tgts, &tgts); if(ret == 0){ *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; - else { + } else { ret = get_cred_kdc_la(context, ccache, flags, in_creds, &tgts, *out_creds); if (ret) { @@ -695,8 +722,10 @@ get_cred_from_kdc_flags(krb5_context context, return ret; } } - if(krb5_realm_compare(context, in_creds->client, in_creds->server)) + if(krb5_realm_compare(context, in_creds->client, in_creds->server)) { + krb5_clear_error_string (context); return KRB5_CC_NOTFOUND; + } /* XXX this can loop forever */ while(1){ general_string tgt_inst; @@ -736,9 +765,10 @@ get_cred_from_kdc_flags(krb5_context context, krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.client); *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; - else { + } else { ret = get_cred_kdc_la(context, ccache, flags, in_creds, tgt, *out_creds); if (ret) { @@ -791,8 +821,10 @@ krb5_get_credentials_with_flags(krb5_context context, *out_creds = NULL; res_creds = calloc(1, sizeof(*res_creds)); - if (res_creds == NULL) + if (res_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_cc_retrieve_cred(context, ccache, @@ -806,8 +838,10 @@ krb5_get_credentials_with_flags(krb5_context context, free(res_creds); if(ret != KRB5_CC_END) return ret; - if(options & KRB5_GC_CACHED) + if(options & KRB5_GC_CACHED) { + krb5_clear_error_string (context); return KRB5_CC_NOTFOUND; + } if(options & KRB5_GC_USER_USER) flags.b.enc_tkt_in_skey = 1; tgts = NULL; diff --git a/lib/krb5/get_default_principal.c b/lib/krb5/get_default_principal.c index 58cabfe44..c1f4c887f 100644 --- a/lib/krb5/get_default_principal.c +++ b/lib/krb5/get_default_principal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999, 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -86,8 +86,11 @@ krb5_get_default_principal (krb5_context context, if(user == NULL) user = getlogin(); } - if(user == NULL) + if(user == NULL) { + krb5_set_error_string(context, + "unable to figure out current principal"); return ENOTTY; /* XXX */ + } ret = krb5_make_principal(context, princ, NULL, user, NULL); } diff --git a/lib/krb5/get_default_realm.c b/lib/krb5/get_default_realm.c index edb8847db..1fec35729 100644 --- a/lib/krb5/get_default_realm.c +++ b/lib/krb5/get_default_realm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -73,8 +73,10 @@ krb5_get_default_realm(krb5_context context, } res = strdup (context->default_realms[0]); - if (res == NULL) + if (res == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } *realm = res; return 0; } diff --git a/lib/krb5/get_for_creds.c b/lib/krb5/get_for_creds.c index 773ca9cd4..3093d7e5c 100644 --- a/lib/krb5/get_for_creds.c +++ b/lib/krb5/get_for_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -53,6 +53,7 @@ add_addrs(krb5_context context, addr->len += n; tmp = realloc(addr->val, addr->len * sizeof(*addr->val)); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto fail; } @@ -62,10 +63,12 @@ add_addrs(krb5_context context, krb5_data_zero(&addr->val[i].address); } for (a = ai; a != NULL; a = a->ai_next) { - ret = krb5_sockaddr2address (a->ai_addr, &addr->val[i]); + ret = krb5_sockaddr2address (context, a->ai_addr, &addr->val[i]); if (ret == 0) ++i; - else if (ret != KRB5_PROG_ATYPE_NOSUPP) + else if (ret == KRB5_PROG_ATYPE_NOSUPP) + krb5_clear_error_string (context); + else goto fail; } addr->len = i; @@ -143,8 +146,11 @@ krb5_get_forwarded_creds (krb5_context context, addrs.val = NULL; ret = getaddrinfo (hostname, NULL, NULL, &ai); - if (ret) + if (ret) { + krb5_set_error_string(context, "resolving %s: %s", + hostname, gai_strerror(ret)); return krb5_eai_to_heim_errno(ret); + } ret = add_addrs (context, &addrs, ai); freeaddrinfo (ai); @@ -171,6 +177,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&cred.tickets, 1); if (cred.tickets.val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out2; } ret = decode_Ticket(out_creds->ticket.data, @@ -183,6 +190,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1); if (enc_krb_cred_part.ticket_info.val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out4; } @@ -191,18 +199,21 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(enc_krb_cred_part.timestamp, 1); if (enc_krb_cred_part.timestamp == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out4; } *enc_krb_cred_part.timestamp = sec; ALLOC(enc_krb_cred_part.usec, 1); if (enc_krb_cred_part.usec == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out4; } *enc_krb_cred_part.usec = usec; if (auth_context->local_address && auth_context->local_port) { - ret = krb5_make_addrport (&enc_krb_cred_part.s_address, + ret = krb5_make_addrport (context, + &enc_krb_cred_part.s_address, auth_context->local_address, auth_context->local_port); if (ret) @@ -213,6 +224,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(enc_krb_cred_part.r_address, 1); if (enc_krb_cred_part.r_address == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out4; } @@ -288,8 +300,10 @@ krb5_get_forwarded_creds (krb5_context context, return ret; out_data->length = len; out_data->data = malloc(len); - if (out_data->data == NULL) + if (out_data->data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy (out_data->data, buf + sizeof(buf) - len, len); return 0; out4: diff --git a/lib/krb5/get_host_realm.c b/lib/krb5/get_host_realm.c index eb79daa17..624b3ea53 100644 --- a/lib/krb5/get_host_realm.c +++ b/lib/krb5/get_host_realm.c @@ -161,18 +161,22 @@ krb5_get_host_realm_int (krb5_context context, if(p != NULL) { p++; *realms = malloc(2 * sizeof(krb5_realm)); - if (*realms == NULL) + if (*realms == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } (*realms)[0] = strdup(p); if((*realms)[0] == NULL) { free(*realms); + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } strupr((*realms)[0]); (*realms)[1] = NULL; return 0; } + krb5_set_error_string(context, "unable to find realm of host %s", host); return KRB5_ERR_HOST_REALM_UNKNOWN; } diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index 1949a89a6..82c503221 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -61,6 +61,7 @@ krb5_init_etype (krb5_context context, *val = malloc(i * sizeof(int)); if (i != 0 && *val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto cleanup; } memmove (*val, @@ -148,6 +149,7 @@ _krb5_extract_ticket(krb5_context context, tmp = krb5_principal_compare (context, tmp_principal, creds->client); if (!tmp) { krb5_free_principal (context, tmp_principal); + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -163,6 +165,7 @@ _krb5_extract_ticket(krb5_context context, len = length_Ticket(&rep->kdc_rep.ticket); buf = malloc(len); if(buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -189,6 +192,7 @@ _krb5_extract_ticket(krb5_context context, krb5_free_principal (context, tmp_principal); if (!tmp) { ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_clear_error_string (context); goto out; } } @@ -213,6 +217,7 @@ _krb5_extract_ticket(krb5_context context, if (nonce != rep->enc_part.nonce) { ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_set_error_string(context, "malloc: out of memory"); goto out; } @@ -238,11 +243,16 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.starttime == 0 && abs(tmp_time - sec_now) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; + krb5_set_error_string (context, + "time skew (%d) larger than max (%d)", + abs(tmp_time - sec_now), + (int)context->max_skew); goto out; } if (creds->times.starttime != 0 && tmp_time != creds->times.starttime) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -256,6 +266,7 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.renew_till != 0 && tmp_time > creds->times.renew_till) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -266,6 +277,7 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.endtime != 0 && rep->enc_part.endtime > creds->times.endtime) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -380,8 +392,10 @@ add_padata(krb5_context context, netypes++; } pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val)); - if (pa2 == NULL) + if (pa2 == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } md->val = pa2; for (i = 0; i < netypes; ++i) { @@ -426,11 +440,13 @@ init_as_req (krb5_context context, a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } a->req_body.sname = malloc(sizeof(*a->req_body.sname)); if (a->req_body.sname == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ret = krb5_principal2principalname (a->req_body.cname, creds->client); @@ -447,6 +463,7 @@ init_as_req (krb5_context context, a->req_body.from = malloc(sizeof(*a->req_body.from)); if (a->req_body.from == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } *a->req_body.from = creds->times.starttime; @@ -459,6 +476,7 @@ init_as_req (krb5_context context, a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); if (a->req_body.rtime == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } *a->req_body.rtime = creds->times.renew_till; @@ -481,6 +499,7 @@ init_as_req (krb5_context context, a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); if (a->req_body.addresses == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } @@ -500,6 +519,7 @@ init_as_req (krb5_context context, ALLOC(a->padata, 1); if(a->padata == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } for(i = 0; i < preauth->len; i++) { @@ -511,6 +531,7 @@ init_as_req (krb5_context context, sizeof(*a->padata->val)); if(tmp == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } a->padata->val = tmp; @@ -542,6 +563,7 @@ init_as_req (krb5_context context, ALLOC(a->padata, 1); if (a->padata == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } a->padata->len = 0; @@ -559,6 +581,8 @@ init_as_req (krb5_context context, key_proc, keyseed, a->req_body.etype.val, a->req_body.etype.len, &salt); } else { + krb5_set_error_string (context, "pre-auth type %d not supported", + *ptypes); ret = KRB5_PREAUTH_BAD_TYPE; goto fail; } @@ -690,7 +714,7 @@ krb5_get_in_cred(krb5_context context, ret = KRB5KRB_AP_ERR_V4_REPLY; krb5_data_free(&resp); if (ret2 == 0) { - ret = error.error_code; + ret = krb5_error_from_rd_error(context, &error, creds); /* if no preauth was set and KDC requires it, give it one more try */ if (!ptypes && !preauth @@ -701,40 +725,9 @@ krb5_get_in_cred(krb5_context context, && set_ptypes(context, &error, &ptypes, &my_preauth)) { done = 0; preauth = my_preauth; - free_KRB_ERROR(&error); + krb5_free_error_contents(context, &error); continue; } - if (error.e_text != NULL) { - krb5_set_error_string(context, "%s", *error.e_text); - } else { - char clientname[256], servername[256]; - - krb5_unparse_name_fixed(context, creds->client, - clientname, sizeof(clientname)); - krb5_unparse_name_fixed(context, creds->server, - servername, sizeof(servername)); - - switch (ret) { - case KRB5KDC_ERR_NAME_EXP : - krb5_set_error_string(context, "Client (%s) expired", - clientname); - break; - case KRB5KDC_ERR_SERVICE_EXP : - krb5_set_error_string(context, "Server (%s) expired", - servername); - break; - case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN : - krb5_set_error_string(context, "Client (%s) unknown", - clientname); - break; - case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN : - krb5_set_error_string(context, "Server (%s) unknown", - servername); - break; - default : - ; - } - } if(ret_as_reply) ret_as_reply->error = error; else diff --git a/lib/krb5/get_in_tkt_pw.c b/lib/krb5/get_in_tkt_pw.c index 03c81502a..3bd765aaf 100644 --- a/lib/krb5/get_in_tkt_pw.c +++ b/lib/krb5/get_in_tkt_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -47,11 +47,14 @@ krb5_password_key_proc (krb5_context context, char buf[BUFSIZ]; *key = malloc (sizeof (**key)); - if (*key == NULL) + if (*key == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } if (password == NULL) { if(des_read_pw_string (buf, sizeof(buf), "Password: ", 0)) { free (*key); + krb5_clear_error_string(context); return KRB5_LIBOS_PWDINTR; } password = buf; diff --git a/lib/krb5/get_in_tkt_with_keytab.c b/lib/krb5/get_in_tkt_with_keytab.c index 864e54f9a..f74e61fb8 100644 --- a/lib/krb5/get_in_tkt_with_keytab.c +++ b/lib/krb5/get_in_tkt_with_keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -82,8 +82,10 @@ krb5_get_in_tkt_with_keytab (krb5_context context, krb5_keytab_key_proc_args *a; a = malloc(sizeof(*a)); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } a->principal = creds->client; a->keytab = keytab; diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index d598ffa37..e61fa59f4 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -175,7 +175,7 @@ print_expire (krb5_context context, 7 * 24 * 60 * 60); for (i = 0; i < lr->len; ++i) { - if (lr->val[i].lr_type == 6 + if (abs(lr->val[i].lr_type) == LR_PW_EXPTIME && lr->val[i].lr_value <= t) { char *p; time_t tmp = lr->val[i].lr_value; @@ -252,8 +252,10 @@ get_init_creds_common(krb5_context context, if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) { *etypes = malloc((options->etype_list_length + 1) * sizeof(krb5_enctype)); - if (*etypes == NULL) + if (*etypes == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy (*etypes, options->etype_list, options->etype_list_length * sizeof(krb5_enctype)); (*etypes)[options->etype_list_length] = ETYPE_NULL; @@ -261,8 +263,10 @@ get_init_creds_common(krb5_context context, if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) { *pre_auth_types = malloc((options->preauth_list_length + 1) * sizeof(krb5_preauthtype)); - if (*pre_auth_types == NULL) + if (*pre_auth_types == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy (*pre_auth_types, options->preauth_list, options->preauth_list_length * sizeof(krb5_preauthtype)); (*pre_auth_types)[options->preauth_list_length] = KRB5_PADATA_NONE; @@ -370,8 +374,10 @@ change_password (krb5_context context, if (result_code == 0) { strlcpy (newpw, buf1, newpw_sz); ret = 0; - } else + } else { + krb5_set_error_string (context, "failed changing password"); ret = ENOTTY; + } out: memset (buf1, 0, sizeof(buf1)); @@ -429,6 +435,7 @@ krb5_get_init_creds_password(krb5_context context, if (ret) { memset (buf, 0, sizeof(buf)); ret = KRB5_LIBOS_PWDINTR; + krb5_clear_error_string (context); goto out; } password = password_data.data; @@ -456,6 +463,8 @@ krb5_get_init_creds_password(krb5_context context, case KRB5KDC_ERR_KEY_EXPIRED : /* try to avoid recursion */ + krb5_clear_error_string (context); + if (in_tkt_service != NULL && strcmp (in_tkt_service, "kadmin/changepw") == 0) goto out; @@ -533,6 +542,7 @@ krb5_get_init_creds_keytab(krb5_context context, a = malloc (sizeof(*a)); if (a == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } diff --git a/lib/krb5/keyblock.c b/lib/krb5/keyblock.c index 8f77c3d3a..688f47724 100644 --- a/lib/krb5/keyblock.c +++ b/lib/krb5/keyblock.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -72,8 +72,10 @@ krb5_copy_keyblock (krb5_context context, krb5_keyblock *k; k = malloc (sizeof(*k)); - if (k == NULL) + if (k == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } *to = k; return krb5_copy_keyblock_contents (context, inblock, k); } diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c index b565dd7e7..d4eb14e2e 100644 --- a/lib/krb5/keytab.c +++ b/lib/krb5/keytab.c @@ -48,8 +48,10 @@ krb5_kt_register(krb5_context context, tmp = realloc(context->kt_types, (context->num_kt_types + 1) * sizeof(*context->kt_types)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(&tmp[context->num_kt_types], ops, sizeof(tmp[context->num_kt_types])); context->kt_types = tmp; @@ -96,8 +98,10 @@ krb5_kt_resolve(krb5_context context, } k = malloc (sizeof(*k)); - if (k == NULL) + if (k == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(k, &context->kt_types[i], sizeof(*k)); k->data = NULL; ret = (*k->resolve)(context, residual, k); @@ -117,8 +121,10 @@ krb5_kt_resolve(krb5_context context, krb5_error_code krb5_kt_default_name(krb5_context context, char *name, size_t namesize) { - if (strlcpy (name, context->default_keytab, namesize) >= namesize) + if (strlcpy (name, context->default_keytab, namesize) >= namesize) { + krb5_clear_error_string (context); return KRB5_CONFIG_NOTENUFSPACE; + } return 0; } @@ -130,8 +136,10 @@ krb5_kt_default_name(krb5_context context, char *name, size_t namesize) krb5_error_code krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) { - if (strlcpy (name, context->default_keytab_modify, namesize) >= namesize) + if (strlcpy (name, context->default_keytab_modify, namesize) >= namesize) { + krb5_clear_error_string (context); return KRB5_CONFIG_NOTENUFSPACE; + } return 0; } @@ -277,10 +285,19 @@ krb5_kt_get_entry(krb5_context context, krb5_kt_free_entry(context, &tmp); } krb5_kt_end_seq_get (context, id, &cursor); - if (entry->vno) + if (entry->vno) { return 0; - else + } else { + char princ[256], kt_name[256]; + + krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); + krb5_kt_get_name (context, id, kt_name, sizeof(kt_name)); + + krb5_set_error_string (context, + "failed to find %s in keytab %s", + princ, kt_name); return KRB5_KT_NOTFOUND; + } } /* diff --git a/lib/krb5/keytab_any.c b/lib/krb5/keytab_any.c index 4fd11484b..feba8399a 100644 --- a/lib/krb5/keytab_any.c +++ b/lib/krb5/keytab_any.c @@ -70,6 +70,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) a0 = a; a->name = strdup(name); if (a->name == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto fail; } @@ -83,8 +84,10 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) goto fail; prev = a; } - if (a0 == NULL) + if (a0 == NULL) { + krb5_set_error_string(context, "empty ANY: keytab"); return ENOENT; + } id->data = a0; return 0; fail: @@ -128,8 +131,10 @@ any_start_seq_get(krb5_context context, krb5_error_code ret; c->data = malloc (sizeof(struct any_cursor_extra_data)); - if(c->data == NULL) + if(c->data == NULL){ + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ed = (struct any_cursor_extra_data *)c->data; ed->a = a; ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); @@ -137,6 +142,7 @@ any_start_seq_get(krb5_context context, free (ed); free (c->data); c->data = NULL; + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } return 0; @@ -161,8 +167,10 @@ any_next_entry (krb5_context context, if (ret2) return ret2; ed->a = ed->a->next; - if (ed->a == NULL) + if (ed->a == NULL) { + krb5_clear_error_string (context); return KRB5_CC_END; + } ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); if (ret2) return ret2; diff --git a/lib/krb5/keytab_file.c b/lib/krb5/keytab_file.c index 248b16619..46df3f031 100644 --- a/lib/krb5/keytab_file.c +++ b/lib/krb5/keytab_file.c @@ -46,7 +46,8 @@ struct fkt_data { }; static krb5_error_code -krb5_kt_ret_data(krb5_storage *sp, +krb5_kt_ret_data(krb5_context context, + krb5_storage *sp, krb5_data *data) { int ret; @@ -56,8 +57,10 @@ krb5_kt_ret_data(krb5_storage *sp, return ret; data->length = size; data->data = malloc(size); - if (data->data == NULL) + if (data->data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = sp->fetch(sp, data->data, size); if(ret != size) return (ret < 0)? errno : KRB5_KT_END; @@ -65,7 +68,8 @@ krb5_kt_ret_data(krb5_storage *sp, } static krb5_error_code -krb5_kt_ret_string(krb5_storage *sp, +krb5_kt_ret_string(krb5_context context, + krb5_storage *sp, general_string *data) { int ret; @@ -74,8 +78,10 @@ krb5_kt_ret_string(krb5_storage *sp, if(ret) return ret; *data = malloc(size + 1); - if (*data == NULL) + if (*data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = sp->fetch(sp, *data, size); (*data)[size] = '\0'; if(ret != size) @@ -84,7 +90,8 @@ krb5_kt_ret_string(krb5_storage *sp, } static krb5_error_code -krb5_kt_store_data(krb5_storage *sp, +krb5_kt_store_data(krb5_context context, + krb5_storage *sp, krb5_data data) { int ret; @@ -119,7 +126,7 @@ krb5_kt_store_string(krb5_storage *sp, } static krb5_error_code -krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) +krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p) { int ret; int16_t tmp; @@ -127,25 +134,27 @@ krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */ if(ret) return ret; p->keytype = tmp; - ret = krb5_kt_ret_data(sp, &p->keyvalue); + ret = krb5_kt_ret_data(context, sp, &p->keyvalue); return ret; } static krb5_error_code -krb5_kt_store_keyblock(krb5_storage *sp, +krb5_kt_store_keyblock(krb5_context context, + krb5_storage *sp, krb5_keyblock *p) { int ret; ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */ if(ret) return ret; - ret = krb5_kt_store_data(sp, p->keyvalue); + ret = krb5_kt_store_data(context, sp, p->keyvalue); return ret; } static krb5_error_code -krb5_kt_ret_principal(krb5_storage *sp, +krb5_kt_ret_principal(krb5_context context, + krb5_storage *sp, krb5_principal *princ) { int i; @@ -154,8 +163,10 @@ krb5_kt_ret_principal(krb5_storage *sp, int16_t tmp; ALLOC(p, 1); - if(p == NULL) + if(p == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_ret_int16(sp, &tmp); if(ret) @@ -163,15 +174,19 @@ krb5_kt_ret_principal(krb5_storage *sp, if (sp->flags & KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS) tmp--; p->name.name_string.len = tmp; - ret = krb5_kt_ret_string(sp, &p->realm); - if(ret) return ret; + ret = krb5_kt_ret_string(context, sp, &p->realm); + if(ret) + return ret; p->name.name_string.val = calloc(p->name.name_string.len, sizeof(*p->name.name_string.val)); - if(p->name.name_string.val == NULL) + if(p->name.name_string.val == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } for(i = 0; i < p->name.name_string.len; i++){ - ret = krb5_kt_ret_string(sp, p->name.name_string.val + i); - if(ret) return ret; + ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i); + if(ret) + return ret; } if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) p->name.name_type = KRB5_NT_UNKNOWN; @@ -187,7 +202,8 @@ krb5_kt_ret_principal(krb5_storage *sp, } static krb5_error_code -krb5_kt_store_principal(krb5_storage *sp, +krb5_kt_store_principal(krb5_context context, + krb5_storage *sp, krb5_principal p) { int i; @@ -202,7 +218,8 @@ krb5_kt_store_principal(krb5_storage *sp, if(ret) return ret; for(i = 0; i < p->name.name_string.len; i++){ ret = krb5_kt_store_string(sp, p->name.name_string.val[i]); - if(ret) return ret; + if(ret) + return ret; } if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) { ret = krb5_store_int32(sp, p->name.name_type); @@ -217,12 +234,16 @@ static krb5_error_code fkt_resolve(krb5_context context, const char *name, krb5_keytab id) { struct fkt_data *d; + d = malloc(sizeof(*d)); - if(d == NULL) + if(d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } d->filename = strdup(name); if(d->filename == NULL) { free(d); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } id->data = d; @@ -296,6 +317,7 @@ fkt_start_seq_get_int(krb5_context context, if(pvno != 5) { krb5_storage_free(c->sp); close(c->fd); + krb5_clear_error_string (context); return KRB5_KEYTAB_BADVNO; } ret = krb5_ret_int8(c->sp, &tag); @@ -340,7 +362,7 @@ loop: pos = cursor->sp->seek(cursor->sp, -len, SEEK_CUR); goto loop; } - ret = krb5_kt_ret_principal (cursor->sp, &entry->principal); + ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal); if (ret) goto out; ret = krb5_ret_int32(cursor->sp, &tmp32); @@ -351,7 +373,7 @@ loop: if (ret) goto out; entry->vno = tmp8; - ret = krb5_kt_ret_keyblock (cursor->sp, &entry->keyblock); + ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock); if (ret) goto out; if(start) *start = pos; @@ -429,6 +451,7 @@ fkt_add_entry(krb5_context context, if(pvno != 5) { krb5_storage_free(sp); close(fd); + krb5_clear_error_string (context); return KRB5_KEYTAB_BADVNO; } ret = krb5_ret_int8 (sp, &tag); @@ -446,9 +469,10 @@ fkt_add_entry(krb5_context context, emem = krb5_storage_emem(); if(emem == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out; } - ret = krb5_kt_store_principal(emem, entry->principal); + ret = krb5_kt_store_principal(context, emem, entry->principal); if(ret) { krb5_storage_free(emem); goto out; @@ -463,7 +487,7 @@ fkt_add_entry(krb5_context context, krb5_storage_free(emem); goto out; } - ret = krb5_kt_store_keyblock (emem, &entry->keyblock); + ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock); if(ret) { krb5_storage_free(emem); goto out; @@ -529,8 +553,10 @@ fkt_remove_entry(krb5_context context, } } krb5_kt_end_seq_get(context, id, &cursor); - if (!found) + if (!found) { + krb5_clear_error_string (context); return KRB5_KT_NOTFOUND; + } return 0; } diff --git a/lib/krb5/keytab_keyfile.c b/lib/krb5/keytab_keyfile.c index adbf6a05a..209c0f023 100644 --- a/lib/krb5/keytab_keyfile.c +++ b/lib/krb5/keytab_keyfile.c @@ -63,16 +63,23 @@ struct akf_data { */ static int -get_cell_and_realm (struct akf_data *d) +get_cell_and_realm (krb5_context context, + struct akf_data *d) { FILE *f; char buf[BUFSIZ], *cp; + int ret; f = fopen (AFS_SERVERTHISCELL, "r"); - if (f == NULL) - return errno; + if (f == NULL) { + ret = errno; + krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL, + strerror(ret)); + return ret; + } if (fgets (buf, sizeof(buf), f) == NULL) { fclose (f); + krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL); return EINVAL; } if (buf[strlen(buf) - 1] == '\n') @@ -80,13 +87,17 @@ get_cell_and_realm (struct akf_data *d) fclose(f); d->cell = strdup (buf); - if (d->cell == NULL) - return errno; + if (d->cell == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } f = fopen (AFS_SERVERMAGICKRBCONF, "r"); if (f != NULL) { if (fgets (buf, sizeof(buf), f) == NULL) { fclose (f); + krb5_set_error_string (context, "no realm in %s", + AFS_SERVERMAGICKRBCONF); return EINVAL; } if (buf[strlen(buf)-1] == '\n') @@ -100,7 +111,8 @@ get_cell_and_realm (struct akf_data *d) d->realm = strdup (buf); if (d->realm == NULL) { free (d->cell); - return errno; + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; } return 0; } @@ -115,11 +127,13 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) int ret; struct akf_data *d = malloc(sizeof (struct akf_data)); - if (d == NULL) - return errno; + if (d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } d->num_entries = 0; - ret = get_cell_and_realm (d); + ret = get_cell_and_realm (context, d); if (ret) { free (d); return ret; @@ -129,6 +143,7 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) free (d->cell); free (d->realm); free (d); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } id->data = d; @@ -180,14 +195,19 @@ akf_start_seq_get(krb5_context context, struct akf_data *d = id->data; c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); - if (c->fd < 0) - return errno; + if (c->fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } c->sp = krb5_storage_from_fd(c->fd); ret = krb5_ret_int32(c->sp, &d->num_entries); if(ret) { krb5_storage_free(c->sp); close(c->fd); + krb5_clear_error_string (context); if(ret == KRB5_CC_END) return KRB5_KT_NOTFOUND; return ret; @@ -230,6 +250,7 @@ akf_next_entry(krb5_context context, entry->keyblock.keyvalue.data = malloc (8); if (entry->keyblock.keyvalue.data == NULL) { krb5_free_principal (context, entry->principal); + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -270,8 +291,12 @@ akf_add_entry(krb5_context context, if (fd < 0) { fd = open (d->filename, O_RDWR | O_BINARY | O_CREAT, 0600); - if (fd < 0) - return errno; + if (fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } created = 1; } @@ -284,15 +309,18 @@ akf_add_entry(krb5_context context, sp = krb5_storage_from_fd(fd); if(sp == NULL) { close(fd); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } if (created) len = 0; else { if((*sp->seek)(sp, 0, SEEK_SET) < 0) { + ret = errno; krb5_storage_free(sp); close(fd); - return errno; + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; } ret = krb5_ret_int32(sp, &len); @@ -305,9 +333,11 @@ akf_add_entry(krb5_context context, len++; if((*sp->seek)(sp, 0, SEEK_SET) < 0) { + ret = errno; krb5_storage_free(sp); close(fd); - return errno; + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; } ret = krb5_store_int32(sp, len); @@ -319,9 +349,11 @@ akf_add_entry(krb5_context context, if((*sp->seek)(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { + ret = errno; krb5_storage_free(sp); close(fd); - return errno; + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; } ret = krb5_store_int32(sp, entry->vno); diff --git a/lib/krb5/keytab_krb4.c b/lib/krb5/keytab_krb4.c index 84431db18..3f6fc42ee 100644 --- a/lib/krb5/keytab_krb4.c +++ b/lib/krb5/keytab_krb4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -45,11 +45,14 @@ krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id) struct krb4_kt_data *d; d = malloc (sizeof(*d)); - if (d == NULL) + if (d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } d->filename = strdup (name); if (d->filename == NULL) { free(d); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } id->data = d; @@ -92,17 +95,23 @@ krb4_kt_start_seq_get_int (krb5_context context, { struct krb4_kt_data *d = id->data; struct krb4_cursor_extra_data *ed; + int ret; ed = malloc (sizeof(*ed)); - if (ed == NULL) + if (ed == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ed->entry.principal = NULL; ed->num = -1; c->data = ed; c->fd = open (d->filename, flags); if (c->fd < 0) { + ret = errno; free (ed); - return errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; } c->sp = krb5_storage_from_fd(c->fd); return 0; @@ -238,8 +247,12 @@ krb4_kt_add_entry (krb5_context context, if (fd < 0) { fd = open (d->filename, O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); - if (fd < 0) - return errno; + if (fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } } ret = krb5_524_conv_principal (context, entry->principal, service, instance, realm); diff --git a/lib/krb5/keytab_memory.c b/lib/krb5/keytab_memory.c index 55b9fe737..cdb30a340 100644 --- a/lib/krb5/keytab_memory.c +++ b/lib/krb5/keytab_memory.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -47,8 +47,10 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id) { struct mkt_data *d; d = malloc(sizeof(*d)); - if(d == NULL) + if(d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } d->entries = NULL; d->num_entries = 0; id->data = d; @@ -115,8 +117,10 @@ mkt_add_entry(krb5_context context, struct mkt_data *d = id->data; krb5_keytab_entry *tmp; tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } d->entries = tmp; return krb5_kt_copy_entry_contents(context, entry, &d->entries[d->num_entries++]); diff --git a/lib/krb5/krbhst.c b/lib/krb5/krbhst.c index c2c52b536..988b4f769 100644 --- a/lib/krb5/krbhst.c +++ b/lib/krb5/krbhst.c @@ -41,17 +41,21 @@ RCSID("$Id$"); */ static int -add_string(char ***res, int *count, const char *string) +add_string(krb5_context context, char ***res, int *count, const char *string) { char **tmp = realloc(*res, (*count + 1) * sizeof(**res)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } *res = tmp; if(string) { tmp[*count] = strdup(string); - if(tmp[*count] == NULL) + if(tmp[*count] == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } } else tmp[*count] = NULL; (*count)++; @@ -94,19 +98,21 @@ srv_find_realm(krb5_context context, char ***res, int *count, char **tmp; tmp = realloc(*res, (*count + 1) * sizeof(**res)); - if (tmp == NULL) + if (tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } *res = tmp; snprintf (buf, sizeof(buf), "%s/%s:%u", proto, rr->u.srv->target, rr->u.srv->port); - ret = add_string(res, count, buf); + ret = add_string(context, res, count, buf); if(ret) return ret; }else if(rr->type == T_TXT) { - ret = add_string(res, count, rr->u.txt); + ret = add_string(context, res, count, rr->u.txt); if(ret) return ret; } @@ -151,13 +157,13 @@ get_krbhst (krb5_context context, if(count == 0) { char buf[1024]; snprintf(buf, sizeof(buf), "kerberos.%s", *realm); - ret = add_string(&res, &count, buf); + ret = add_string(context, &res, &count, buf); if(ret) { krb5_config_free_strings(res); return ret; } } - add_string(&res, &count, NULL); + add_string(context, &res, &count, NULL); *hostlist = res; return 0; } diff --git a/lib/krb5/log.c b/lib/krb5/log.c index f33b0e5a5..854768be7 100644 --- a/lib/krb5/log.c +++ b/lib/krb5/log.c @@ -120,11 +120,14 @@ krb5_initlog(krb5_context context, krb5_log_facility **fac) { krb5_log_facility *f = calloc(1, sizeof(*f)); - if(f == NULL) + if(f == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } f->program = strdup(program); if(f->program == NULL){ free(f); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } *fac = f; @@ -141,8 +144,10 @@ krb5_addlog_func(krb5_context context, void *data) { struct facility *fp = log_realloc(fac); - if(fp == NULL) + if(fp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } fp->min = min; fp->max = max; fp->log = log; @@ -181,8 +186,10 @@ open_syslog(krb5_context context, struct syslog_data *sd = malloc(sizeof(*sd)); int i; - if(sd == NULL) + if(sd == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } i = find_value(sev, syslogvals); if(i == -1) i = LOG_ERR; @@ -232,8 +239,10 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, char *filename, char *mode, FILE *f, int keep_open) { struct file_data *fd = malloc(sizeof(*fd)); - if(fd == NULL) + if(fd == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } fd->filename = filename; fd->mode = mode; fd->fd = f; @@ -245,11 +254,13 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, krb5_error_code -krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p) +krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) { krb5_error_code ret = 0; int min = 0, max = -1, n; char c; + const char *p = orig; + n = sscanf(p, "%d%c%d/", &min, &c, &max); if(n == 2){ if(c == '/') { @@ -263,7 +274,10 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p) } if(n){ p = strchr(p, '/'); - if(p == NULL) return HEIM_ERR_LOG_PARSE; + if(p == NULL) { + krb5_set_error_string (context, "failed to parse \"%s\"", orig); + return HEIM_ERR_LOG_PARSE; + } p++; } if(strcmp(p, "STDERR") == 0){ @@ -275,17 +289,26 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p) FILE *file = NULL; int keep_open = 0; fn = strdup(p + 5); - if(fn == NULL) + if(fn == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } if(p[4] == '='){ int i = open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_APPEND, 0666); - if(i < 0) - return errno; + if(i < 0) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", fn, + strerror(ret)); + return ret; + } file = fdopen(i, "a"); if(file == NULL){ + ret = errno; close(i); - return errno; + krb5_set_error_string (context, "fdopen(%s): %s", fn, + strerror(ret)); + return ret; } keep_open = 1; } @@ -303,6 +326,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p) facility = "AUTH"; ret = open_syslog(context, f, min, max, severity, facility); }else{ + krb5_set_error_string (context, "unknown log type: %s", p); ret = HEIM_ERR_LOG_PARSE; /* XXX */ } return ret; diff --git a/lib/krb5/mcache.c b/lib/krb5/mcache.c index d996a1126..2883042c2 100644 --- a/lib/krb5/mcache.c +++ b/lib/krb5/mcache.c @@ -65,6 +65,7 @@ static krb5_mcache * mcc_alloc(const char *name) { krb5_mcache *m; + ALLOC(m, 1); if(m == NULL) return NULL; @@ -101,8 +102,10 @@ mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) } m = mcc_alloc(res); - if (m == NULL) + if (m == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } (*id)->data.data = m; (*id)->data.length = sizeof(*m); @@ -118,8 +121,10 @@ mcc_gen_new(krb5_context context, krb5_ccache *id) m = mcc_alloc(NULL); - if (m == NULL) + if (m == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } (*id)->data.data = m; (*id)->data.length = sizeof(*m); @@ -203,8 +208,10 @@ mcc_store_cred(krb5_context context, return ENOENT; l = malloc (sizeof(*l)); - if (l == NULL) + if (l == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } l->next = m->creds; m->creds = l; memset (&l->cred, 0, sizeof(l->cred)); diff --git a/lib/krb5/mk_error.c b/lib/krb5/mk_error.c index 65c5a3ce9..427d9baf0 100644 --- a/lib/krb5/mk_error.c +++ b/lib/krb5/mk_error.c @@ -86,8 +86,10 @@ krb5_mk_error(krb5_context context, buf_size = 1024; buf = malloc (buf_size); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } do { ret = encode_KRB_ERROR(buf + buf_size - 1, @@ -101,6 +103,7 @@ krb5_mk_error(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -114,6 +117,7 @@ krb5_mk_error(krb5_context context, reply->length = len; reply->data = malloc(len); if (reply->data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto out; } diff --git a/lib/krb5/mk_priv.c b/lib/krb5/mk_priv.c index 77f7f7e6c..1b610bdc8 100644 --- a/lib/krb5/mk_priv.c +++ b/lib/krb5/mk_priv.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -87,8 +87,10 @@ krb5_mk_priv(krb5_context context, buf_size = 1024; buf = malloc (buf_size); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } krb5_data_zero (&s.enc_part.cipher); @@ -102,6 +104,7 @@ krb5_mk_priv(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto fail; } @@ -144,6 +147,7 @@ krb5_mk_priv(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto fail; } @@ -158,6 +162,7 @@ krb5_mk_priv(krb5_context context, outbuf->length = len; outbuf->data = malloc (len); if (outbuf->data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); free(buf); return ENOMEM; } diff --git a/lib/krb5/mk_rep.c b/lib/krb5/mk_rep.c index c76886b38..fe49b2c69 100644 --- a/lib/krb5/mk_rep.c +++ b/lib/krb5/mk_rep.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -61,8 +61,10 @@ krb5_mk_rep(krb5_context context, auth_context->keyblock, &auth_context->local_seqnumber); body.seq_number = malloc (sizeof(*body.seq_number)); - if (body.seq_number == NULL) + if (body.seq_number == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } *(body.seq_number) = auth_context->local_seqnumber; } else body.seq_number = NULL; @@ -74,6 +76,7 @@ krb5_mk_rep(krb5_context context, buf = malloc (buf_size); if (buf == NULL) { free_EncAPRepPart (&body); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } @@ -106,6 +109,7 @@ krb5_mk_rep(krb5_context context, buf = realloc(buf, buf_size); if(buf == NULL) { free_AP_REP (&ap); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len); diff --git a/lib/krb5/mk_req.c b/lib/krb5/mk_req.c index 881ab2d77..fc5d12057 100644 --- a/lib/krb5/mk_req.c +++ b/lib/krb5/mk_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/lib/krb5/mk_safe.c b/lib/krb5/mk_safe.c index 9dca5e063..0b057d304 100644 --- a/lib/krb5/mk_safe.c +++ b/lib/krb5/mk_safe.c @@ -48,6 +48,7 @@ krb5_mk_safe(krb5_context context, KerberosTime sec2; int usec2; u_char *buf = NULL; + void *tmp; size_t buf_size; size_t len; u_int32_t tmp_seq; @@ -78,8 +79,10 @@ krb5_mk_safe(krb5_context context, buf_size = length_KRB_SAFE(&s); buf = malloc(buf_size + 128); /* add some for checksum */ - if(buf == NULL) + if(buf == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); if (ret) { free (buf); @@ -104,9 +107,13 @@ krb5_mk_safe(krb5_context context, } buf_size = length_KRB_SAFE(&s); - buf = realloc(buf, buf_size); - if(buf == NULL) + tmp = realloc(buf, buf_size); + if(tmp == NULL) { + free(buf); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } + buf = tmp; ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); free_Checksum (&s.cksum); @@ -115,6 +122,7 @@ krb5_mk_safe(krb5_context context, outbuf->data = malloc (len); if (outbuf->data == NULL) { free (buf); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } memcpy (outbuf->data, buf + buf_size - len, len); diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index ffe499489..f210186d5 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -82,20 +82,26 @@ krb5_parse_name(krb5_context context, ncomp = 1; for(p = (char*)name; *p; p++){ if(*p=='\\'){ - if(!p[1]) + if(!p[1]) { + krb5_set_error_string (context, + "trailing \\ in principal name"); return KRB5_PARSE_MALFORMED; + } p++; } else if(*p == '/') ncomp++; } comp = calloc(ncomp, sizeof(*comp)); - if (comp == NULL) + if (comp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } n = 0; start = q = p = s = strdup(name); if (start == NULL) { free (comp); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } while(*p){ @@ -112,11 +118,14 @@ krb5_parse_name(krb5_context context, c = '\0'; }else if(c == '/' || c == '@'){ if(got_realm){ + krb5_set_error_string (context, + "part after realm in principal name"); ret = KRB5_PARSE_MALFORMED; goto exit; }else{ comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto exit; } @@ -130,6 +139,8 @@ krb5_parse_name(krb5_context context, continue; } if(got_realm && (c == ':' || c == '/' || c == '\0')) { + krb5_set_error_string (context, + "part after realm in principal name"); ret = KRB5_PARSE_MALFORMED; goto exit; } @@ -138,6 +149,7 @@ krb5_parse_name(krb5_context context, if(got_realm){ realm = malloc(q - start + 1); if (realm == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto exit; } @@ -150,6 +162,7 @@ krb5_parse_name(krb5_context context, comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto exit; } @@ -159,6 +172,7 @@ krb5_parse_name(krb5_context context, } *principal = malloc(sizeof(**principal)); if (*principal == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto exit; } @@ -278,8 +292,10 @@ unparse_name(krb5_context context, len++; } *name = malloc(len); - if(len != 0 && *name == NULL) + if(len != 0 && *name == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = unparse_name_fixed(context, principal, *name, len, short_flag); if(ret) free(*name); @@ -356,12 +372,16 @@ append_component(krb5_context context, krb5_principal p, size_t len = princ_num_comp(p); tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } princ_comp(p) = tmp; princ_ncomp(p, len) = malloc(comp_len + 1); - if (princ_ncomp(p, len) == NULL) + if (princ_ncomp(p, len) == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memcpy (princ_ncomp(p, len), comp, comp_len); princ_ncomp(p, len)[comp_len] = '\0'; princ_num_comp(p)++; @@ -406,13 +426,16 @@ build_principal(krb5_context context, krb5_principal p; p = calloc(1, sizeof(*p)); - if (p == NULL) + if (p == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } princ_type(p) = KRB5_NT_PRINCIPAL; princ_realm(p) = strdup(realm); if(p->realm == NULL){ free(p); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } @@ -487,10 +510,15 @@ krb5_copy_principal(krb5_context context, krb5_principal *outprinc) { krb5_principal p = malloc(sizeof(*p)); - if (p == NULL) + if (p == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; - if(copy_Principal(inprinc, p)) + } + if(copy_Principal(inprinc, p)) { + free(p); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } *outprinc = p; return 0; } @@ -667,6 +695,7 @@ krb5_425_conv_principal_ext(krb5_context context, } krb5_free_principal(context, pr); *princ = NULL; + krb5_clear_error_string (context); return HEIM_ERR_V4_PRINC_NO_CONV; } if(resolve){ @@ -688,6 +717,7 @@ krb5_425_conv_principal_ext(krb5_context context, #ifdef USE_RESOLVER dns_free_data(r); #endif + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } ret = krb5_make_principal(context, &pr, realm, name, low_inst, @@ -731,6 +761,7 @@ krb5_425_conv_principal_ext(krb5_context context, "default_domain", NULL); if(p == NULL){ /* this should be an error, just faking a name is not good */ + krb5_clear_error_string (context); return HEIM_ERR_V4_PRINC_NO_CONV; } @@ -743,6 +774,7 @@ krb5_425_conv_principal_ext(krb5_context context, return 0; } krb5_free_principal(context, pr); + krb5_clear_error_string (context); return HEIM_ERR_V4_PRINC_NO_CONV; no_host: p = krb5_config_get_string(context, NULL, @@ -768,6 +800,7 @@ no_host: return 0; } krb5_free_principal(context, pr); + krb5_clear_error_string (context); return HEIM_ERR_V4_PRINC_NO_CONV; } @@ -888,6 +921,9 @@ krb5_524_conv_principal(krb5_context context, i = principal->name.name_string.val[1]; break; default: + krb5_set_error_string (context, + "cannot convert a %d component principal", + principal->name.name_string.len); return KRB5_PARSE_MALFORMED; } @@ -910,12 +946,21 @@ krb5_524_conv_principal(krb5_context context, i = tmpinst; } - if (strlcpy (name, n, aname_sz) >= aname_sz) + if (strlcpy (name, n, aname_sz) >= aname_sz) { + krb5_set_error_string (context, + "too long name component to convert"); return KRB5_PARSE_MALFORMED; - if (strlcpy (instance, i, aname_sz) >= aname_sz) + } + if (strlcpy (instance, i, aname_sz) >= aname_sz) { + krb5_set_error_string (context, + "too long instance component to convert"); return KRB5_PARSE_MALFORMED; - if (strlcpy (realm, r, aname_sz) >= aname_sz) + } + if (strlcpy (realm, r, aname_sz) >= aname_sz) { + krb5_set_error_string (context, + "too long realm component to convert"); return KRB5_PARSE_MALFORMED; + } return 0; } @@ -934,8 +979,11 @@ krb5_sname_to_principal (krb5_context context, char localhost[MAXHOSTNAMELEN]; char **realms, *host = NULL; - if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) + if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) { + krb5_set_error_string (context, "unsupported name type %d", + type); return KRB5_SNAME_UNSUPP_NAMETYPE; + } if(hostname == NULL) { gethostname(localhost, sizeof(localhost)); hostname = localhost; diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c index 05a6d6372..fb1a1ac07 100644 --- a/lib/krb5/rd_cred.c +++ b/lib/krb5/rd_cred.c @@ -59,11 +59,13 @@ krb5_rd_cred(krb5_context context, if (cred.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); goto out; } if (cred.msg_type != krb_cred) { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); goto out; } @@ -110,7 +112,7 @@ krb5_rd_cred(krb5_context context, krb5_address *a; int cmp; - ret = krb5_make_addrport (&a, + ret = krb5_make_addrport (context, &a, auth_context->remote_address, auth_context->remote_port); if (ret) @@ -125,6 +127,7 @@ krb5_rd_cred(krb5_context context, free (a); if (cmp == 0) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADADDR; goto out; } @@ -137,6 +140,7 @@ krb5_rd_cred(krb5_context context, && !krb5_address_compare (context, auth_context->local_address, enc_krb_cred_part.r_address)) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADADDR; goto out; } @@ -151,6 +155,7 @@ krb5_rd_cred(krb5_context context, enc_krb_cred_part.usec == NULL || abs(*enc_krb_cred_part.timestamp - sec) > context->max_skew) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_SKEW; goto out; } @@ -185,6 +190,7 @@ krb5_rd_cred(krb5_context context, creds = calloc(1, sizeof(*creds)); if(creds == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out; } diff --git a/lib/krb5/rd_error.c b/lib/krb5/rd_error.c index 4016349d3..e2ad04860 100644 --- a/lib/krb5/rd_error.c +++ b/lib/krb5/rd_error.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -43,11 +43,12 @@ krb5_rd_error(krb5_context context, size_t len; krb5_error_code ret; + ret = decode_KRB_ERROR(msg->data, msg->length, result, &len); if(ret) return ret; result->error_code += KRB5KDC_ERR_NONE; - return 0; + return 0; } void @@ -64,3 +65,56 @@ krb5_free_error (krb5_context context, krb5_free_error_contents (context, error); free (error); } + +krb5_error_code +krb5_error_from_rd_error(krb5_context context, + const krb5_error *error, + const krb5_creds *creds) +{ + krb5_error_code ret; + + ret = error->error_code; + if (error->e_text != NULL) { + krb5_set_error_string(context, "%s", *error->e_text); + } else { + char clientname[256], servername[256]; + + if (creds != NULL) { + krb5_unparse_name_fixed(context, creds->client, + clientname, sizeof(clientname)); + krb5_unparse_name_fixed(context, creds->server, + servername, sizeof(servername)); + } + + switch (ret) { + case KRB5KDC_ERR_NAME_EXP : + krb5_set_error_string(context, "Client %s%s%s expired", + creds ? "(" : "", + creds ? clientname : "", + creds ? "(" : ""); + break; + case KRB5KDC_ERR_SERVICE_EXP : + krb5_set_error_string(context, "Server %s%s%s expired", + creds ? "(" : "", + creds ? servername : "", + creds ? "(" : ""); + break; + case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN : + krb5_set_error_string(context, "Client %s%s%s unknown", + creds ? "(" : "", + creds ? clientname : "", + creds ? "(" : ""); + break; + case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN : + krb5_set_error_string(context, "Server %s%s%s unknown", + creds ? "(" : "", + creds ? servername : "", + creds ? "(" : ""); + break; + default : + krb5_clear_error_string(context); + break; + } + } + return ret; +} diff --git a/lib/krb5/rd_priv.c b/lib/krb5/rd_priv.c index aa95a47e2..4aa74c0d4 100644 --- a/lib/krb5/rd_priv.c +++ b/lib/krb5/rd_priv.c @@ -55,10 +55,12 @@ krb5_rd_priv(krb5_context context, if (ret) goto failure; if (priv.pvno != 5) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADVERSION; goto failure; } if (priv.msg_type != krb_priv) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MSG_TYPE; goto failure; } @@ -96,6 +98,7 @@ krb5_rd_priv(krb5_context context, && !krb5_address_compare (context, auth_context->remote_address, part.s_address)) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADADDR; goto failure_part; } @@ -107,6 +110,7 @@ krb5_rd_priv(krb5_context context, && !krb5_address_compare (context, auth_context->local_address, part.r_address)) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADADDR; goto failure_part; } @@ -119,6 +123,7 @@ krb5_rd_priv(krb5_context context, if (part.timestamp == NULL || part.usec == NULL || abs(*part.timestamp - sec) > context->max_skew) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_SKEW; goto failure_part; } @@ -135,6 +140,7 @@ krb5_rd_priv(krb5_context context, && auth_context->remote_seqnumber != 0) || (part.seq_number != NULL && *part.seq_number != auth_context->remote_seqnumber)) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADORDER; goto failure_part; } diff --git a/lib/krb5/rd_rep.c b/lib/krb5/rd_rep.c index e9df3a14c..20b1e1afb 100644 --- a/lib/krb5/rd_rep.c +++ b/lib/krb5/rd_rep.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -55,10 +55,12 @@ krb5_rd_rep(krb5_context context, return ret; if (ap_rep.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); goto out; } if (ap_rep.msg_type != krb_ap_rep) { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); goto out; } @@ -77,6 +79,7 @@ krb5_rd_rep(krb5_context context, *repl = malloc(sizeof(**repl)); if (*repl == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out; } ret = krb5_decode_EncAPRepPart(context, @@ -90,6 +93,7 @@ krb5_rd_rep(krb5_context context, if ((*repl)->ctime != auth_context->authenticator->ctime || (*repl)->cusec != auth_context->authenticator->cusec) { ret = KRB5KRB_AP_ERR_MUT_FAIL; + krb5_clear_error_string (context); goto out; } if ((*repl)->seq_number) diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 2e1190111..cf0a09e39 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -113,14 +113,17 @@ krb5_decode_ap_req(krb5_context context, return ret; if (ap_req->pvno != 5){ free_AP_REQ(ap_req); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BADVERSION; } if (ap_req->msg_type != krb_ap_req){ free_AP_REQ(ap_req); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_MSG_TYPE; } if (ap_req->ticket.tkt_vno != 5){ free_AP_REQ(ap_req); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BADVERSION; } return 0; @@ -150,10 +153,12 @@ krb5_decrypt_ticket(krb5_context context, || (t.flags.invalid && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) { free_EncTicketPart(&t); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_TKT_NYV; } if(now - t.endtime > context->max_skew) { free_EncTicketPart(&t); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_TKT_EXPIRED; } } @@ -320,6 +325,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_free_principal (context, p2); if (!res) { ret = KRB5KRB_AP_ERR_BADMATCH; + krb5_clear_error_string (context); goto out2; } } @@ -332,6 +338,7 @@ krb5_verify_ap_req2(krb5_context context, ac->remote_address, t.ticket.caddr)) { ret = KRB5KRB_AP_ERR_BADADDR; + krb5_clear_error_string (context); goto out2; } diff --git a/lib/krb5/rd_safe.c b/lib/krb5/rd_safe.c index cb2fecec4..16a761605 100644 --- a/lib/krb5/rd_safe.c +++ b/lib/krb5/rd_safe.c @@ -58,6 +58,7 @@ verify_checksum(krb5_context context, if (buf == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out; } @@ -97,15 +98,18 @@ krb5_rd_safe(krb5_context context, return ret; if (safe.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); goto failure; } if (safe.msg_type != krb_safe) { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); goto failure; } if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype) || !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) { ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + krb5_clear_error_string (context); goto failure; } @@ -117,6 +121,7 @@ krb5_rd_safe(krb5_context context, auth_context->remote_address, safe.safe_body.s_address)) { ret = KRB5KRB_AP_ERR_BADADDR; + krb5_clear_error_string (context); goto failure; } @@ -128,6 +133,7 @@ krb5_rd_safe(krb5_context context, auth_context->local_address, safe.safe_body.r_address)) { ret = KRB5KRB_AP_ERR_BADADDR; + krb5_clear_error_string (context); goto failure; } @@ -141,6 +147,7 @@ krb5_rd_safe(krb5_context context, safe.safe_body.usec == NULL || abs(*safe.safe_body.timestamp - sec) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; + krb5_clear_error_string (context); goto failure; } } @@ -157,6 +164,7 @@ krb5_rd_safe(krb5_context context, && *safe.safe_body.seq_number != auth_context->remote_seqnumber)) { ret = KRB5KRB_AP_ERR_BADORDER; + krb5_clear_error_string (context); goto failure; } auth_context->remote_seqnumber++; @@ -170,6 +178,7 @@ krb5_rd_safe(krb5_context context, outbuf->data = malloc(outbuf->length); if (outbuf->data == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto failure; } memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length); diff --git a/lib/krb5/read_message.c b/lib/krb5/read_message.c index c1f37f205..b615774cb 100644 --- a/lib/krb5/read_message.c +++ b/lib/krb5/read_message.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -45,8 +45,11 @@ krb5_read_message (krb5_context context, u_int8_t buf[4]; ret = krb5_net_read (context, p_fd, buf, 4); - if(ret == -1) - return errno; + if(ret == -1) { + ret = errno; + krb5_clear_error_string (context); + return ret; + } if(ret < 4) { data->length = 0; return HEIM_ERR_EOF; @@ -56,8 +59,10 @@ krb5_read_message (krb5_context context, if (ret) return ret; if (krb5_net_read (context, p_fd, data->data, len) != len) { + ret = errno; krb5_data_free (data); - return errno; + krb5_clear_error_string (context); + return ret; } return 0; } @@ -76,8 +81,6 @@ krb5_read_priv_message(krb5_context context, return ret; ret = krb5_rd_priv (context, ac, &packet, data, NULL); krb5_data_free(&packet); - if(ret) - return ret; return ret; } @@ -95,7 +98,5 @@ krb5_read_safe_message(krb5_context context, return ret; ret = krb5_rd_safe (context, ac, &packet, data, NULL); krb5_data_free(&packet); - if(ret) - return ret; return ret; } diff --git a/lib/krb5/recvauth.c b/lib/krb5/recvauth.c index e1c8064f1..dd1b199ec 100644 --- a/lib/krb5/recvauth.c +++ b/lib/krb5/recvauth.c @@ -101,44 +101,61 @@ krb5_recvauth_match_version(krb5_context context, if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) { n = krb5_net_read (context, p_fd, &len, 4); - if (n < 0) - return errno; - if (n == 0) + if (n < 0) { + ret = errno; + krb5_set_error_string (context, "read: %s", strerror(errno)); + return ret; + } + if (n == 0) { + krb5_clear_error_string (context); return KRB5_SENDAUTH_BADAUTHVERS; + } len = ntohl(len); if (len != sizeof(her_version) || krb5_net_read (context, p_fd, her_version, len) != len || strncmp (version, her_version, len)) { repl = 1; krb5_net_write (context, p_fd, &repl, 1); + krb5_clear_error_string (context); return KRB5_SENDAUTH_BADAUTHVERS; } } n = krb5_net_read (context, p_fd, &len, 4); - if (n < 0) - return errno; - if (n == 0) + if (n < 0) { + ret = errno; + krb5_set_error_string (context, "read: %s", strerror(errno)); + return ret; + } + if (n == 0) { + krb5_clear_error_string (context); return KRB5_SENDAUTH_BADAPPLVERS; + } len = ntohl(len); her_appl_version = malloc (len); if (her_appl_version == NULL) { repl = 2; krb5_net_write (context, p_fd, &repl, 1); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } if (krb5_net_read (context, p_fd, her_appl_version, len) != len || !(*match_appl_version)(match_data, her_appl_version)) { repl = 2; krb5_net_write (context, p_fd, &repl, 1); + krb5_set_error_string (context, "wrong sendauth version (%s)", + her_appl_version); free (her_appl_version); return KRB5_SENDAUTH_BADAPPLVERS; } free (her_appl_version); repl = 0; - if (krb5_net_write (context, p_fd, &repl, 1) != 1) - return errno; + if (krb5_net_write (context, p_fd, &repl, 1) != 1) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(errno)); + return ret; + } krb5_data_zero (&data); ret = krb5_read_message (context, p_fd, &data); @@ -174,8 +191,11 @@ krb5_recvauth_match_version(krb5_context context, } len = 0; - if (krb5_net_write (context, p_fd, &len, 4) != 4) - return errno; + if (krb5_net_write (context, p_fd, &len, 4) != 4) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(errno)); + return ret; + } if (ap_options & AP_OPTS_MUTUAL_REQUIRED) { ret = krb5_mk_rep (context, *auth_context, &data); diff --git a/lib/krb5/replay.c b/lib/krb5/replay.c index 0cd202de2..12e40bb0c 100644 --- a/lib/krb5/replay.c +++ b/lib/krb5/replay.c @@ -46,8 +46,10 @@ krb5_rc_resolve(krb5_context context, const char *name) { id->name = strdup(name); - if(id->name == NULL) + if(id->name == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_RC_MALLOC; + } return 0; } @@ -56,11 +58,16 @@ krb5_rc_resolve_type(krb5_context context, krb5_rcache *id, const char *type) { - if(strcmp(type, "FILE")) + if(strcmp(type, "FILE")) { + krb5_set_error_string (context, "replay cache type %s not supported", + type); return KRB5_RC_TYPE_NOTFOUND; + } *id = calloc(1, sizeof(**id)); - if(*id == NULL) + if(*id == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_RC_MALLOC; + } return 0; } @@ -70,8 +77,11 @@ krb5_rc_resolve_full(krb5_context context, const char *string_name) { krb5_error_code ret; - if(strncmp(string_name, "FILE:", 5)) + if(strncmp(string_name, "FILE:", 5)) { + krb5_set_error_string (context, "replay cache type %s not supported", + string_name); return KRB5_RC_TYPE_NOTFOUND; + } ret = krb5_rc_resolve_type(context, id, "FILE"); if(ret) return ret; @@ -110,8 +120,14 @@ krb5_rc_initialize(krb5_context context, { FILE *f = fopen(id->name, "w"); struct rc_entry tmp; - if(f == NULL) - return errno; + int ret; + + if(f == NULL) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", id->name, + strerror(ret)); + return ret; + } tmp.stamp = auth_lifespan; fwrite(&tmp, 1, sizeof(tmp), f); fclose(f); @@ -129,8 +145,14 @@ krb5_error_code krb5_rc_destroy(krb5_context context, krb5_rcache id) { - if(remove(id->name) < 0) - return errno; + int ret; + + if(remove(id->name) < 0) { + ret = errno; + krb5_set_error_string (context, "remove(%s): %s", id->name, + strerror(ret)); + return ret; + } return krb5_rc_close(context, id); } @@ -167,11 +189,17 @@ krb5_rc_store(krb5_context context, struct rc_entry ent, tmp; time_t t; FILE *f; + int ret; + ent.stamp = time(NULL); checksum_authenticator(rep, ent.data); f = fopen(id->name, "r"); - if(f == NULL) - return errno; + if(f == NULL) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", id->name, + strerror(ret)); + return ret; + } fread(&tmp, sizeof(ent), 1, f); t = ent.stamp - tmp.stamp; while(fread(&tmp, sizeof(ent), 1, f)){ @@ -179,17 +207,23 @@ krb5_rc_store(krb5_context context, continue; if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){ fclose(f); + krb5_clear_error_string (context); return KRB5_RC_REPLAY; } } if(ferror(f)){ + ret = errno; fclose(f); - return errno; + krb5_set_error_string (context, "%s: %s", id->name, strerror(ret)); + return ret; } fclose(f); f = fopen(id->name, "a"); - if(f == NULL) + if(f == NULL) { + krb5_set_error_string (context, "open(%s): %s", id->name, + strerror(errno)); return KRB5_RC_IO_UNKNOWN; + } fwrite(&ent, 1, sizeof(ent), f); fclose(f); return 0; @@ -216,6 +250,7 @@ krb5_rc_get_lifespan(krb5_context context, *auth_lifespan = ent.stamp; return 0; } + krb5_clear_error_string (context); return KRB5_RC_IO_UNKNOWN; } @@ -243,8 +278,11 @@ krb5_get_server_rcache(krb5_context context, char *tmp = malloc(4 * piece->length + 1); char *name; - if(tmp == NULL) + + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); #ifdef HAVE_GETEUID asprintf(&name, "FILE:rc_%s_%u", tmp, geteuid()); @@ -252,8 +290,10 @@ krb5_get_server_rcache(krb5_context context, asprintf(&name, "FILE:rc_%s", tmp); #endif free(tmp); - if(name == NULL) + if(name == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_rc_resolve_full(context, &rcache, name); free(name); diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c index c1c645695..5e1ecd9e9 100644 --- a/lib/krb5/send_to_kdc.c +++ b/lib/krb5/send_to_kdc.c @@ -386,6 +386,7 @@ krb5_sendto (krb5_context context, freeaddrinfo(ai); } } + krb5_clear_error_string (context); ret = KRB5_KDC_UNREACH; out: return ret; diff --git a/lib/krb5/sendauth.c b/lib/krb5/sendauth.c index 2ca92fa94..0a0194f3c 100644 --- a/lib/krb5/sendauth.c +++ b/lib/krb5/sendauth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -90,23 +90,35 @@ krb5_sendauth(krb5_context context, len = strlen(version) + 1; net_len = htonl(len); if (krb5_net_write (context, p_fd, &net_len, 4) != 4 - || krb5_net_write (context, p_fd, version, len) != len) - return errno; + || krb5_net_write (context, p_fd, version, len) != len) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(ret)); + return ret; + } len = strlen(appl_version) + 1; net_len = htonl(len); if (krb5_net_write (context, p_fd, &net_len, 4) != 4 - || krb5_net_write (context, p_fd, appl_version, len) != len) - return errno; + || krb5_net_write (context, p_fd, appl_version, len) != len) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(ret)); + return ret; + } sret = krb5_net_read (context, p_fd, &repl, sizeof(repl)); - if (sret < 0) - return errno; - else if (sret != sizeof(repl)) + if (sret < 0) { + ret = errno; + krb5_set_error_string (context, "read: %s", strerror(ret)); + return ret; + } else if (sret != sizeof(repl)) { + krb5_clear_error_string (context); return KRB5_SENDAUTH_BADRESPONSE; + } - if (repl != 0) + if (repl != 0) { + krb5_clear_error_string (context); return KRB5_SENDAUTH_REJECTED; + } if (in_creds == NULL) { if (ccache == NULL) { @@ -170,19 +182,22 @@ krb5_sendauth(krb5_context context, ret = krb5_rd_error (context, &error_data, &error); krb5_data_free (&error_data); if (ret == 0) { + ret = krb5_error_from_rd_error(context, &error, NULL); if (ret_error != NULL) { *ret_error = malloc (sizeof(krb5_error)); if (*ret_error == NULL) { - free_KRB_ERROR(&error); + krb5_free_error_contents (context, &error); } else { **ret_error = error; } } else { - free_KRB_ERROR(&error); + krb5_free_error_contents (context, &error); } - return error.error_code; - } else return ret; + } else { + krb5_clear_error_string(context); + return ret; + } } if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) { diff --git a/lib/krb5/set_default_realm.c b/lib/krb5/set_default_realm.c index da7980e10..72878ce60 100644 --- a/lib/krb5/set_default_realm.c +++ b/lib/krb5/set_default_realm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,15 +41,18 @@ RCSID("$Id$"); */ static krb5_error_code -string_to_list (const char *s, krb5_realm **list) +string_to_list (krb5_context context, const char *s, krb5_realm **list) { *list = malloc (2 * sizeof(**list)); - if (*list == NULL) + if (*list == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } (*list)[0] = strdup (s); if ((*list)[0] == NULL) { free (*list); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } (*list)[1] = NULL; @@ -77,7 +80,7 @@ krb5_set_default_realm(krb5_context context, if (realms == NULL) ret = krb5_get_host_realm(context, NULL, &realms); } else { - ret = string_to_list (realm, &realms); + ret = string_to_list (context, realm, &realms); } if (ret) return ret; diff --git a/lib/krb5/sock_principal.c b/lib/krb5/sock_principal.c index 1a2a8e9af..b7994dba6 100644 --- a/lib/krb5/sock_principal.c +++ b/lib/krb5/sock_principal.c @@ -51,11 +51,14 @@ krb5_sock_to_principal (krb5_context context, int family; char *hname = NULL; - if (getsockname (sock, sa, &len) < 0) - return errno; + if (getsockname (sock, sa, &len) < 0) { + ret = errno; + krb5_set_error_string (context, "getsockname: %s", strerror(ret)); + return ret; + } family = sa->sa_family; - ret = krb5_sockaddr2address (sa, &address); + ret = krb5_sockaddr2address (context, sa, &address); if (ret) return ret; @@ -63,8 +66,11 @@ krb5_sock_to_principal (krb5_context context, address.address.length, family); - if (hostent == NULL) + if (hostent == NULL) { + krb5_set_error_string (context, "gethostbyaddr: %s", + hstrerror(h_errno)); return krb5_h_errno_to_heim_errno(h_errno); + } hname = hostent->h_name; if (strchr(hname, '.') == NULL) { char **a; diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c index 4b6cb856e..f699cee2b 100644 --- a/lib/krb5/ticket.c +++ b/lib/krb5/ticket.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -52,8 +52,10 @@ krb5_copy_ticket(krb5_context context, { krb5_error_code ret; krb5_ticket *tmp = malloc(sizeof(*tmp)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){ free(tmp); return ret; diff --git a/lib/krb5/transited.c b/lib/krb5/transited.c index 2cd504e9c..704388b16 100644 --- a/lib/krb5/transited.c +++ b/lib/krb5/transited.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -61,7 +61,8 @@ free_realms(struct tr_realm *r) } static int -make_path(struct tr_realm *r, const char *from, const char *to) +make_path(krb5_context context, struct tr_realm *r, + const char *from, const char *to) { const char *p; struct tr_realm *path = r->next; @@ -78,8 +79,10 @@ make_path(struct tr_realm *r, const char *from, const char *to) p = from; while(1){ p = strchr(p, '.'); - if(p == NULL) + if(p == NULL) { + krb5_clear_error_string (context); return KRB5KDC_ERR_POLICY; + } p++; if(strcmp(p, to) == 0) break; @@ -89,6 +92,7 @@ make_path(struct tr_realm *r, const char *from, const char *to) path->realm = strdup(p); if(path->realm == NULL){ r->next = path; /* XXX */ + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM;; } } @@ -106,21 +110,25 @@ make_path(struct tr_realm *r, const char *from, const char *to) path->realm = malloc(p - from + 1); if(path->realm == NULL){ r->next = path; /* XXX */ + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } memcpy(path->realm, from, p - from); path->realm[p - from] = '\0'; p--; } - }else + } else { + krb5_clear_error_string (context); return KRB5KDC_ERR_POLICY; + } r->next = path; return 0; } static int -make_paths(struct tr_realm *realms, const char *client_realm, +make_paths(krb5_context context, + struct tr_realm *realms, const char *client_realm, const char *server_realm) { struct tr_realm *r; @@ -138,7 +146,7 @@ make_paths(struct tr_realm *realms, const char *client_realm, next_realm = r->next->realm; else next_realm = server_realm; - ret = make_path(r, prev_realm, next_realm); + ret = make_path(context, r, prev_realm, next_realm); if(ret){ free_realms(realms); return ret; @@ -150,7 +158,8 @@ make_paths(struct tr_realm *realms, const char *client_realm, } static int -expand_realms(struct tr_realm *realms, const char *client_realm) +expand_realms(krb5_context context, + struct tr_realm *realms, const char *client_realm) { struct tr_realm *r; const char *prev_realm = NULL; @@ -162,6 +171,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm) tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1); if(tmp == NULL){ free_realms(realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } r->realm = tmp; @@ -173,6 +183,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm) tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1); if(tmp == NULL){ free_realms(realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } strcpy(tmp, prev_realm); @@ -236,7 +247,8 @@ append_realm(struct tr_realm *head, struct tr_realm *r) } static int -decode_realms(const char *tr, int length, struct tr_realm **realms) +decode_realms(krb5_context context, + const char *tr, int length, struct tr_realm **realms) { struct tr_realm *r = NULL; @@ -261,6 +273,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms) r = make_realm(tmp); if(r == NULL){ free_realms(*realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } *realms = append_realm(*realms, r); @@ -273,6 +286,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms) r = make_realm(tmp); if(r == NULL){ free_realms(*realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } *realms = append_realm(*realms, r); @@ -282,7 +296,8 @@ decode_realms(const char *tr, int length, struct tr_realm **realms) krb5_error_code -krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms, +krb5_domain_x500_decode(krb5_context context, + krb5_data tr, char ***realms, int *num_realms, const char *client_realm, const char *server_realm) { struct tr_realm *r = NULL; @@ -290,16 +305,16 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms, int ret; /* split string in components */ - ret = decode_realms(tr.data, tr.length, &r); + ret = decode_realms(context, tr.data, tr.length, &r); if(ret) return ret; /* apply prefix rule */ - ret = expand_realms(r, client_realm); + ret = expand_realms(context, r, client_realm); if(ret) return ret; - ret = make_paths(r, client_realm, server_realm); + ret = make_paths(context, r, client_realm, server_realm); if(ret) return ret; @@ -324,6 +339,7 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms, R = realloc(*realms, (*num_realms + 1) * sizeof(**realms)); if(R == NULL) { free(*realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } R[*num_realms] = r->realm; @@ -382,6 +398,8 @@ krb5_check_transited_realms(krb5_context context, char **p; for(p = bad_realms; *p; p++) if(strcmp(*p, realms[i]) == 0) { + krb5_set_error_string (context, "no transit through realm %s", + *p); ret = KRB5KRB_AP_ERR_ILL_CR_TKT; if(bad_realm) *bad_realm = i; diff --git a/lib/krb5/verify_init.c b/lib/krb5/verify_init.c index 2a0787d6d..ff383f7c8 100644 --- a/lib/krb5/verify_init.c +++ b/lib/krb5/verify_init.c @@ -92,8 +92,12 @@ krb5_verify_init_creds(krb5_context context, if (ap_req_server == NULL) { char local_hostname[MAXHOSTNAMELEN]; - if (gethostname (local_hostname, sizeof(local_hostname)) < 0) - return errno; + if (gethostname (local_hostname, sizeof(local_hostname)) < 0) { + ret = errno; + krb5_set_error_string (context, "getsockname: %s", + strerror(ret)); + return ret; + } ret = krb5_sname_to_principal (context, local_hostname, diff --git a/lib/krb5/verify_krb5_conf.c b/lib/krb5/verify_krb5_conf.c index bb7a7c393..cea94be17 100644 --- a/lib/krb5/verify_krb5_conf.c +++ b/lib/krb5/verify_krb5_conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -60,15 +60,18 @@ usage (int ret) int main(int argc, char **argv) { + krb5_context context; const char *config_file = NULL; krb5_error_code ret; krb5_config_section *tmp_cf; - unsigned lineno; - char *error_message; int optind = 0; setprogname (argv[0]); + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed"); + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage(1); @@ -93,10 +96,9 @@ main(int argc, char **argv) usage (1); } - ret = krb5_config_parse_file_debug (config_file, &tmp_cf, &lineno, - &error_message); + ret = krb5_config_parse_file (context, config_file, &tmp_cf); if (ret == 0) return 0; - fprintf (stderr, "%s:%u: %s\n", config_file, lineno, error_message); + krb5_warn (context, ret, "krb5_config_parse_file"); return 1; } diff --git a/lib/krb5/verify_user.c b/lib/krb5/verify_user.c index 311c69ba0..8d66e07c0 100644 --- a/lib/krb5/verify_user.c +++ b/lib/krb5/verify_user.c @@ -50,7 +50,8 @@ verify_common (krb5_context context, ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST, &server); - if(ret) return ret; + if(ret) + return ret; krb5_verify_init_creds_opt_init(&vopt); krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure); @@ -62,7 +63,8 @@ verify_common (krb5_context context, NULL, &vopt); krb5_free_principal(context, server); - if(ret) return ret; + if(ret) + return ret; if(ccache == NULL) ret = krb5_cc_default (context, &id); else @@ -150,6 +152,7 @@ krb5_verify_user_lrealm(krb5_context context, if (tmp == NULL) { krb5_free_host_realm (context, realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } free (*krb5_princ_realm (context, principal)); diff --git a/lib/krb5/write_message.c b/lib/krb5/write_message.c index 87fd2faba..4861cbe5f 100644 --- a/lib/krb5/write_message.c +++ b/lib/krb5/write_message.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,12 +42,16 @@ krb5_write_message (krb5_context context, { u_int32_t len; u_int8_t buf[4]; + int ret; len = data->length; _krb5_put_int(buf, len, 4); if (krb5_net_write (context, p_fd, buf, 4) != 4 - || krb5_net_write (context, p_fd, data->data, len) != len) - return errno; + || krb5_net_write (context, p_fd, data->data, len) != len) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(ret)); + return ret; + } return 0; } @@ -59,6 +63,7 @@ krb5_write_priv_message(krb5_context context, { krb5_error_code ret; krb5_data packet; + ret = krb5_mk_priv (context, ac, data, &packet, NULL); if(ret) return ret;