From e55eee640b0c4217ce470f37fee9caaf615669e1 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Fri, 11 May 2001 09:16:47 +0000 Subject: [PATCH] try to return the error string from krb5 git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9902 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/accept_sec_context.c | 19 +++++++++++++++++++ lib/gssapi/acquire_cred.c | 1 + lib/gssapi/context_time.c | 1 + lib/gssapi/copy_ccache.c | 1 + lib/gssapi/display_name.c | 1 + lib/gssapi/display_status.c | 22 ++++++++++++++++++++-- lib/gssapi/duplicate_name.c | 1 + lib/gssapi/get_mic.c | 5 +++++ lib/gssapi/gssapi_locl.h | 6 ++++++ lib/gssapi/import_name.c | 4 ++++ lib/gssapi/import_sec_context.c | 1 + lib/gssapi/init_sec_context.c | 9 +++++++++ lib/gssapi/krb5/accept_sec_context.c | 19 +++++++++++++++++++ lib/gssapi/krb5/acquire_cred.c | 1 + lib/gssapi/krb5/context_time.c | 1 + lib/gssapi/krb5/copy_ccache.c | 1 + lib/gssapi/krb5/display_name.c | 1 + lib/gssapi/krb5/display_status.c | 22 ++++++++++++++++++++-- lib/gssapi/krb5/duplicate_name.c | 1 + lib/gssapi/krb5/get_mic.c | 5 +++++ lib/gssapi/krb5/gssapi_locl.h | 6 ++++++ lib/gssapi/krb5/import_name.c | 4 ++++ lib/gssapi/krb5/import_sec_context.c | 1 + lib/gssapi/krb5/init_sec_context.c | 9 +++++++++ lib/gssapi/krb5/unwrap.c | 7 +++++++ lib/gssapi/krb5/verify_mic.c | 4 ++++ lib/gssapi/krb5/wrap.c | 7 +++++++ lib/gssapi/unwrap.c | 7 +++++++ lib/gssapi/verify_mic.c | 4 ++++ lib/gssapi/wrap.c | 7 +++++++ 30 files changed, 174 insertions(+), 4 deletions(-) diff --git a/lib/gssapi/accept_sec_context.c b/lib/gssapi/accept_sec_context.c index 02cd37927..8272f41a4 100644 --- a/lib/gssapi/accept_sec_context.c +++ b/lib/gssapi/accept_sec_context.c @@ -106,6 +106,8 @@ gss_accept_sec_context &(*context_handle)->auth_context); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -135,6 +137,7 @@ gss_accept_sec_context &acceptor_addr); if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; goto failure; } @@ -146,6 +149,7 @@ gss_accept_sec_context if (kret) { krb5_free_address (gssapi_krb5_context, &acceptor_addr); *minor_status = kret; + gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; goto failure; } @@ -166,6 +170,7 @@ gss_accept_sec_context if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; goto failure; } @@ -211,6 +216,8 @@ gss_accept_sec_context &ticket); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -219,6 +226,8 @@ gss_accept_sec_context &(*context_handle)->source); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -227,6 +236,8 @@ gss_accept_sec_context &(*context_handle)->target); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -236,6 +247,8 @@ gss_accept_sec_context src_name); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } } @@ -248,6 +261,8 @@ gss_accept_sec_context &authenticator); if(kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -258,6 +273,8 @@ gss_accept_sec_context krb5_free_authenticator(gssapi_krb5_context, &authenticator); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } } @@ -326,6 +343,8 @@ end_fwd: &outbuf); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } ret = gssapi_krb5_encapsulate (&outbuf, diff --git a/lib/gssapi/acquire_cred.c b/lib/gssapi/acquire_cred.c index 441b9b0b9..f55891db5 100644 --- a/lib/gssapi/acquire_cred.c +++ b/lib/gssapi/acquire_cred.c @@ -145,6 +145,7 @@ OM_uint32 gss_acquire_cred krb5_bad: ret = GSS_S_FAILURE; *minor_status = kret; + gssapi_krb5_set_error_string (); gssapi_bad: krb5_free_principal(gssapi_krb5_context, handle->principal); diff --git a/lib/gssapi/context_time.c b/lib/gssapi/context_time.c index 22afee965..627a00d75 100644 --- a/lib/gssapi/context_time.c +++ b/lib/gssapi/context_time.c @@ -57,6 +57,7 @@ OM_uint32 gss_context_time kret = krb5_timeofday(gssapi_krb5_context, &timeret); if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } diff --git a/lib/gssapi/copy_ccache.c b/lib/gssapi/copy_ccache.c index 93b802602..60127bc89 100644 --- a/lib/gssapi/copy_ccache.c +++ b/lib/gssapi/copy_ccache.c @@ -50,6 +50,7 @@ gss_krb5_copy_ccache(OM_uint32 *minor, kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out); if (kret) { *minor = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } return GSS_S_COMPLETE; diff --git a/lib/gssapi/display_name.c b/lib/gssapi/display_name.c index 7aded09f6..453fc7f4b 100644 --- a/lib/gssapi/display_name.c +++ b/lib/gssapi/display_name.c @@ -52,6 +52,7 @@ OM_uint32 gss_display_name &buf); if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } len = strlen (buf); diff --git a/lib/gssapi/display_status.c b/lib/gssapi/display_status.c index 974c8595f..d88a58034 100644 --- a/lib/gssapi/display_status.c +++ b/lib/gssapi/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,6 +35,8 @@ RCSID("$Id$"); +static char *krb5_error_string; + static char * calling_error(OM_uint32 v) { @@ -91,6 +93,20 @@ routine_error(OM_uint32 v) return msgs[v]; } +void +gssapi_krb5_set_error_string (void) +{ + krb5_error_string = krb5_get_error_string(gssapi_krb5_context); +} + +char * +gssapi_krb5_get_error_string (void) +{ + char *ret = krb5_error_string; + krb5_error_string = NULL; + return ret; +} + OM_uint32 gss_display_status (OM_uint32 *minor_status, OM_uint32 status_value, @@ -118,7 +134,9 @@ OM_uint32 gss_display_status return GSS_S_FAILURE; } } else if (status_type == GSS_C_MECH_CODE) { - buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value)); + buf = gssapi_krb5_get_error_string (); + if (buf == NULL) + buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value)); if (buf == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; diff --git a/lib/gssapi/duplicate_name.c b/lib/gssapi/duplicate_name.c index efbd944c8..d243cb406 100644 --- a/lib/gssapi/duplicate_name.c +++ b/lib/gssapi/duplicate_name.c @@ -50,6 +50,7 @@ OM_uint32 gss_duplicate_name ( dest_name); if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } else { return GSS_S_COMPLETE; diff --git a/lib/gssapi/get_mic.c b/lib/gssapi/get_mic.c index 5b7a5d422..52807aee3 100644 --- a/lib/gssapi/get_mic.c +++ b/lib/gssapi/get_mic.c @@ -174,6 +174,7 @@ mic_des3 if (kret) { free (message_token->value); free (tmp); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -189,6 +190,7 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -212,6 +214,7 @@ mic_des3 ETYPE_DES3_CBC_NONE, &crypto); if (kret) { free (message_token->value); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -223,6 +226,7 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -258,6 +262,7 @@ OM_uint32 gss_get_mic ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/gssapi_locl.h b/lib/gssapi/gssapi_locl.h index 26a376e9f..e15381fb6 100644 --- a/lib/gssapi/gssapi_locl.h +++ b/lib/gssapi/gssapi_locl.h @@ -107,4 +107,10 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type, #define SC_LOCAL_SUBKEY 0x08 #define SC_REMOTE_SUBKEY 0x10 +void +gssapi_krb5_set_error_string (void); + +char * +gssapi_krb5_get_error_string (void); + #endif diff --git a/lib/gssapi/import_name.c b/lib/gssapi/import_name.c index f60d70418..aa3c305ff 100644 --- a/lib/gssapi/import_name.c +++ b/lib/gssapi/import_name.c @@ -60,9 +60,11 @@ import_krb5_name (OM_uint32 *minor_status, if (kerr == 0) return GSS_S_COMPLETE; else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); *minor_status = kerr; return GSS_S_BAD_NAME; } else { + gssapi_krb5_set_error_string (); *minor_status = kerr; return GSS_S_FAILURE; } @@ -112,9 +114,11 @@ import_hostbased_name (OM_uint32 *minor_status, if (kerr == 0) return GSS_S_COMPLETE; else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); *minor_status = kerr; return GSS_S_BAD_NAME; } else { + gssapi_krb5_set_error_string (); *minor_status = kerr; return GSS_S_FAILURE; } diff --git a/lib/gssapi/import_sec_context.c b/lib/gssapi/import_sec_context.c index 37e1f122d..d2d314342 100644 --- a/lib/gssapi/import_sec_context.c +++ b/lib/gssapi/import_sec_context.c @@ -75,6 +75,7 @@ gss_import_sec_context ( kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; diff --git a/lib/gssapi/init_sec_context.c b/lib/gssapi/init_sec_context.c index 4cade394e..cf07a7e25 100644 --- a/lib/gssapi/init_sec_context.c +++ b/lib/gssapi/init_sec_context.c @@ -228,6 +228,7 @@ init_auth kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -259,6 +260,7 @@ init_auth if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { kret = krb5_cc_default (gssapi_krb5_context, &ccache); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -270,6 +272,7 @@ init_auth ccache, &(*context_handle)->source); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -279,6 +282,7 @@ init_auth target_name, &(*context_handle)->target); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -303,6 +307,7 @@ init_auth &cred); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -345,6 +350,7 @@ init_auth &cksum); krb5_data_free (&fwd_data); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -374,6 +380,7 @@ init_auth KRB5_KU_AP_REQ_AUTH); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -387,6 +394,7 @@ init_auth &outbuf); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -456,6 +464,7 @@ repl_mutual &indata, &repl); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index 02cd37927..8272f41a4 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -106,6 +106,8 @@ gss_accept_sec_context &(*context_handle)->auth_context); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -135,6 +137,7 @@ gss_accept_sec_context &acceptor_addr); if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; goto failure; } @@ -146,6 +149,7 @@ gss_accept_sec_context if (kret) { krb5_free_address (gssapi_krb5_context, &acceptor_addr); *minor_status = kret; + gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; goto failure; } @@ -166,6 +170,7 @@ gss_accept_sec_context if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; goto failure; } @@ -211,6 +216,8 @@ gss_accept_sec_context &ticket); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -219,6 +226,8 @@ gss_accept_sec_context &(*context_handle)->source); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -227,6 +236,8 @@ gss_accept_sec_context &(*context_handle)->target); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -236,6 +247,8 @@ gss_accept_sec_context src_name); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } } @@ -248,6 +261,8 @@ gss_accept_sec_context &authenticator); if(kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } @@ -258,6 +273,8 @@ gss_accept_sec_context krb5_free_authenticator(gssapi_krb5_context, &authenticator); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } } @@ -326,6 +343,8 @@ end_fwd: &outbuf); if (kret) { ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; } ret = gssapi_krb5_encapsulate (&outbuf, diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c index 441b9b0b9..f55891db5 100644 --- a/lib/gssapi/krb5/acquire_cred.c +++ b/lib/gssapi/krb5/acquire_cred.c @@ -145,6 +145,7 @@ OM_uint32 gss_acquire_cred krb5_bad: ret = GSS_S_FAILURE; *minor_status = kret; + gssapi_krb5_set_error_string (); gssapi_bad: krb5_free_principal(gssapi_krb5_context, handle->principal); diff --git a/lib/gssapi/krb5/context_time.c b/lib/gssapi/krb5/context_time.c index 22afee965..627a00d75 100644 --- a/lib/gssapi/krb5/context_time.c +++ b/lib/gssapi/krb5/context_time.c @@ -57,6 +57,7 @@ OM_uint32 gss_context_time kret = krb5_timeofday(gssapi_krb5_context, &timeret); if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } diff --git a/lib/gssapi/krb5/copy_ccache.c b/lib/gssapi/krb5/copy_ccache.c index 93b802602..60127bc89 100644 --- a/lib/gssapi/krb5/copy_ccache.c +++ b/lib/gssapi/krb5/copy_ccache.c @@ -50,6 +50,7 @@ gss_krb5_copy_ccache(OM_uint32 *minor, kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out); if (kret) { *minor = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } return GSS_S_COMPLETE; diff --git a/lib/gssapi/krb5/display_name.c b/lib/gssapi/krb5/display_name.c index 7aded09f6..453fc7f4b 100644 --- a/lib/gssapi/krb5/display_name.c +++ b/lib/gssapi/krb5/display_name.c @@ -52,6 +52,7 @@ OM_uint32 gss_display_name &buf); if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } len = strlen (buf); diff --git a/lib/gssapi/krb5/display_status.c b/lib/gssapi/krb5/display_status.c index 974c8595f..d88a58034 100644 --- a/lib/gssapi/krb5/display_status.c +++ b/lib/gssapi/krb5/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,6 +35,8 @@ RCSID("$Id$"); +static char *krb5_error_string; + static char * calling_error(OM_uint32 v) { @@ -91,6 +93,20 @@ routine_error(OM_uint32 v) return msgs[v]; } +void +gssapi_krb5_set_error_string (void) +{ + krb5_error_string = krb5_get_error_string(gssapi_krb5_context); +} + +char * +gssapi_krb5_get_error_string (void) +{ + char *ret = krb5_error_string; + krb5_error_string = NULL; + return ret; +} + OM_uint32 gss_display_status (OM_uint32 *minor_status, OM_uint32 status_value, @@ -118,7 +134,9 @@ OM_uint32 gss_display_status return GSS_S_FAILURE; } } else if (status_type == GSS_C_MECH_CODE) { - buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value)); + buf = gssapi_krb5_get_error_string (); + if (buf == NULL) + buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value)); if (buf == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; diff --git a/lib/gssapi/krb5/duplicate_name.c b/lib/gssapi/krb5/duplicate_name.c index efbd944c8..d243cb406 100644 --- a/lib/gssapi/krb5/duplicate_name.c +++ b/lib/gssapi/krb5/duplicate_name.c @@ -50,6 +50,7 @@ OM_uint32 gss_duplicate_name ( dest_name); if (kret) { *minor_status = kret; + gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } else { return GSS_S_COMPLETE; diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c index 5b7a5d422..52807aee3 100644 --- a/lib/gssapi/krb5/get_mic.c +++ b/lib/gssapi/krb5/get_mic.c @@ -174,6 +174,7 @@ mic_des3 if (kret) { free (message_token->value); free (tmp); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -189,6 +190,7 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -212,6 +214,7 @@ mic_des3 ETYPE_DES3_CBC_NONE, &crypto); if (kret) { free (message_token->value); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -223,6 +226,7 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -258,6 +262,7 @@ OM_uint32 gss_get_mic ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/krb5/gssapi_locl.h b/lib/gssapi/krb5/gssapi_locl.h index 26a376e9f..e15381fb6 100644 --- a/lib/gssapi/krb5/gssapi_locl.h +++ b/lib/gssapi/krb5/gssapi_locl.h @@ -107,4 +107,10 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type, #define SC_LOCAL_SUBKEY 0x08 #define SC_REMOTE_SUBKEY 0x10 +void +gssapi_krb5_set_error_string (void); + +char * +gssapi_krb5_get_error_string (void); + #endif diff --git a/lib/gssapi/krb5/import_name.c b/lib/gssapi/krb5/import_name.c index f60d70418..aa3c305ff 100644 --- a/lib/gssapi/krb5/import_name.c +++ b/lib/gssapi/krb5/import_name.c @@ -60,9 +60,11 @@ import_krb5_name (OM_uint32 *minor_status, if (kerr == 0) return GSS_S_COMPLETE; else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); *minor_status = kerr; return GSS_S_BAD_NAME; } else { + gssapi_krb5_set_error_string (); *minor_status = kerr; return GSS_S_FAILURE; } @@ -112,9 +114,11 @@ import_hostbased_name (OM_uint32 *minor_status, if (kerr == 0) return GSS_S_COMPLETE; else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); *minor_status = kerr; return GSS_S_BAD_NAME; } else { + gssapi_krb5_set_error_string (); *minor_status = kerr; return GSS_S_FAILURE; } diff --git a/lib/gssapi/krb5/import_sec_context.c b/lib/gssapi/krb5/import_sec_context.c index 37e1f122d..d2d314342 100644 --- a/lib/gssapi/krb5/import_sec_context.c +++ b/lib/gssapi/krb5/import_sec_context.c @@ -75,6 +75,7 @@ gss_import_sec_context ( kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index 4cade394e..cf07a7e25 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -228,6 +228,7 @@ init_auth kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -259,6 +260,7 @@ init_auth if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { kret = krb5_cc_default (gssapi_krb5_context, &ccache); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -270,6 +272,7 @@ init_auth ccache, &(*context_handle)->source); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -279,6 +282,7 @@ init_auth target_name, &(*context_handle)->target); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -303,6 +307,7 @@ init_auth &cred); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -345,6 +350,7 @@ init_auth &cksum); krb5_data_free (&fwd_data); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -374,6 +380,7 @@ init_auth KRB5_KU_AP_REQ_AUTH); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -387,6 +394,7 @@ init_auth &outbuf); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -456,6 +464,7 @@ repl_mutual &indata, &repl); if (kret) { + gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index 087a402f8..4b146ce32 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -251,6 +251,7 @@ unwrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -258,6 +259,7 @@ unwrap_des3 p, input_message_buffer->length - len, &tmp); krb5_crypto_destroy(gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -294,6 +296,7 @@ unwrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC, &crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -309,6 +312,7 @@ unwrap_des3 } krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -339,6 +343,7 @@ unwrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -350,6 +355,7 @@ unwrap_des3 &csum); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -382,6 +388,7 @@ OM_uint32 gss_unwrap ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c index 3e83ee782..78cc15bb7 100644 --- a/lib/gssapi/krb5/verify_mic.c +++ b/lib/gssapi/krb5/verify_mic.c @@ -157,6 +157,7 @@ verify_mic_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret){ + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -168,6 +169,7 @@ verify_mic_des3 KRB5_KU_USAGE_SEQ, p, 8, &seq_data); if (ret) { + gssapi_krb5_set_error_string (); krb5_crypto_destroy (gssapi_krb5_context, crypto); *minor_status = ret; return GSS_S_FAILURE; @@ -218,6 +220,7 @@ verify_mic_des3 &csum); free (tmp); if (ret) { + gssapi_krb5_set_error_string (); krb5_crypto_destroy (gssapi_krb5_context, crypto); *minor_status = ret; return GSS_S_BAD_MIC; @@ -248,6 +251,7 @@ gss_verify_mic context_handle->auth_context, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c index e1d824c54..1061a727b 100644 --- a/lib/gssapi/krb5/wrap.c +++ b/lib/gssapi/krb5/wrap.c @@ -67,6 +67,7 @@ gss_wrap_size_limit ( ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -265,6 +266,7 @@ wrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -279,6 +281,7 @@ wrap_des3 &cksum); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -324,6 +327,7 @@ wrap_des3 } krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -347,6 +351,7 @@ wrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -355,6 +360,7 @@ wrap_des3 p, datalen, &tmp); krb5_crypto_destroy(gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -385,6 +391,7 @@ OM_uint32 gss_wrap ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/unwrap.c b/lib/gssapi/unwrap.c index 087a402f8..4b146ce32 100644 --- a/lib/gssapi/unwrap.c +++ b/lib/gssapi/unwrap.c @@ -251,6 +251,7 @@ unwrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -258,6 +259,7 @@ unwrap_des3 p, input_message_buffer->length - len, &tmp); krb5_crypto_destroy(gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -294,6 +296,7 @@ unwrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC, &crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -309,6 +312,7 @@ unwrap_des3 } krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -339,6 +343,7 @@ unwrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -350,6 +355,7 @@ unwrap_des3 &csum); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -382,6 +388,7 @@ OM_uint32 gss_unwrap ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/verify_mic.c b/lib/gssapi/verify_mic.c index 3e83ee782..78cc15bb7 100644 --- a/lib/gssapi/verify_mic.c +++ b/lib/gssapi/verify_mic.c @@ -157,6 +157,7 @@ verify_mic_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret){ + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -168,6 +169,7 @@ verify_mic_des3 KRB5_KU_USAGE_SEQ, p, 8, &seq_data); if (ret) { + gssapi_krb5_set_error_string (); krb5_crypto_destroy (gssapi_krb5_context, crypto); *minor_status = ret; return GSS_S_FAILURE; @@ -218,6 +220,7 @@ verify_mic_des3 &csum); free (tmp); if (ret) { + gssapi_krb5_set_error_string (); krb5_crypto_destroy (gssapi_krb5_context, crypto); *minor_status = ret; return GSS_S_BAD_MIC; @@ -248,6 +251,7 @@ gss_verify_mic context_handle->auth_context, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/wrap.c b/lib/gssapi/wrap.c index e1d824c54..1061a727b 100644 --- a/lib/gssapi/wrap.c +++ b/lib/gssapi/wrap.c @@ -67,6 +67,7 @@ gss_wrap_size_limit ( ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -265,6 +266,7 @@ wrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -279,6 +281,7 @@ wrap_des3 &cksum); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -324,6 +327,7 @@ wrap_des3 } krb5_crypto_destroy (gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -347,6 +351,7 @@ wrap_des3 ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -355,6 +360,7 @@ wrap_des3 p, datalen, &tmp); krb5_crypto_destroy(gssapi_krb5_context, crypto); if (ret) { + gssapi_krb5_set_error_string (); free (output_message_buffer->value); *minor_status = ret; return GSS_S_FAILURE; @@ -385,6 +391,7 @@ OM_uint32 gss_wrap ret = gss_krb5_getsomekey(context_handle, &key); if (ret) { + gssapi_krb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; }