base: change ret fieldname to error_code in request struct
This commit is contained in:
Luke Howard
52
kdc/bx509d.c
52
kdc/bx509d.c
@@ -657,53 +657,53 @@ bx509_param_cb(void *d,
|
|||||||
if (strcmp(key, "eku") == 0 && val) {
|
if (strcmp(key, "eku") == 0 && val) {
|
||||||
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS, "requested_eku",
|
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS, "requested_eku",
|
||||||
"%s", val);
|
"%s", val);
|
||||||
r->ret = der_parse_heim_oid(val, ".", &oid);
|
r->error_code = der_parse_heim_oid(val, ".", &oid);
|
||||||
if (r->ret == 0)
|
if (r->error_code == 0)
|
||||||
r->ret = hx509_request_add_eku(r->context->hx509ctx, r->req, &oid);
|
r->error_code = hx509_request_add_eku(r->context->hx509ctx, r->req, &oid);
|
||||||
der_free_oid(&oid);
|
der_free_oid(&oid);
|
||||||
} else if (strcmp(key, "dNSName") == 0 && val) {
|
} else if (strcmp(key, "dNSName") == 0 && val) {
|
||||||
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
||||||
"requested_dNSName", "%s", val);
|
"requested_dNSName", "%s", val);
|
||||||
r->ret = hx509_request_add_dns_name(r->context->hx509ctx, r->req, val);
|
r->error_code = hx509_request_add_dns_name(r->context->hx509ctx, r->req, val);
|
||||||
} else if (strcmp(key, "rfc822Name") == 0 && val) {
|
} else if (strcmp(key, "rfc822Name") == 0 && val) {
|
||||||
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
||||||
"requested_rfc822Name", "%s", val);
|
"requested_rfc822Name", "%s", val);
|
||||||
r->ret = hx509_request_add_email(r->context->hx509ctx, r->req, val);
|
r->error_code = hx509_request_add_email(r->context->hx509ctx, r->req, val);
|
||||||
} else if (strcmp(key, "xMPPName") == 0 && val) {
|
} else if (strcmp(key, "xMPPName") == 0 && val) {
|
||||||
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
||||||
"requested_xMPPName", "%s", val);
|
"requested_xMPPName", "%s", val);
|
||||||
r->ret = hx509_request_add_xmpp_name(r->context->hx509ctx, r->req,
|
r->error_code = hx509_request_add_xmpp_name(r->context->hx509ctx, r->req,
|
||||||
val);
|
val);
|
||||||
} else if (strcmp(key, "krb5PrincipalName") == 0 && val) {
|
} else if (strcmp(key, "krb5PrincipalName") == 0 && val) {
|
||||||
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
||||||
"requested_krb5PrincipalName", "%s", val);
|
"requested_krb5PrincipalName", "%s", val);
|
||||||
r->ret = hx509_request_add_pkinit(r->context->hx509ctx, r->req,
|
r->error_code = hx509_request_add_pkinit(r->context->hx509ctx, r->req,
|
||||||
val);
|
val);
|
||||||
} else if (strcmp(key, "ms-upn") == 0 && val) {
|
} else if (strcmp(key, "ms-upn") == 0 && val) {
|
||||||
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
||||||
"requested_ms_upn", "%s", val);
|
"requested_ms_upn", "%s", val);
|
||||||
r->ret = hx509_request_add_ms_upn_name(r->context->hx509ctx, r->req,
|
r->error_code = hx509_request_add_ms_upn_name(r->context->hx509ctx, r->req,
|
||||||
val);
|
val);
|
||||||
} else if (strcmp(key, "registeredID") == 0 && val) {
|
} else if (strcmp(key, "registeredID") == 0 && val) {
|
||||||
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
heim_audit_addkv((heim_svc_req_desc)r, KDC_AUDIT_VIS,
|
||||||
"requested_registered_id", "%s", val);
|
"requested_registered_id", "%s", val);
|
||||||
r->ret = der_parse_heim_oid(val, ".", &oid);
|
r->error_code = der_parse_heim_oid(val, ".", &oid);
|
||||||
if (r->ret == 0)
|
if (r->error_code == 0)
|
||||||
r->ret = hx509_request_add_registered(r->context->hx509ctx, r->req,
|
r->error_code = hx509_request_add_registered(r->context->hx509ctx, r->req,
|
||||||
&oid);
|
&oid);
|
||||||
der_free_oid(&oid);
|
der_free_oid(&oid);
|
||||||
} else if (strcmp(key, "csr") == 0 && val) {
|
} else if (strcmp(key, "csr") == 0 && val) {
|
||||||
heim_audit_setkv_bool((heim_svc_req_desc)r, "requested_csr", TRUE);
|
heim_audit_setkv_bool((heim_svc_req_desc)r, "requested_csr", TRUE);
|
||||||
r->ret = 0; /* Handled upstairs */
|
r->error_code = 0; /* Handled upstairs */
|
||||||
} else if (strcmp(key, "lifetime") == 0 && val) {
|
} else if (strcmp(key, "lifetime") == 0 && val) {
|
||||||
r->req_life = parse_time(val, "day");
|
r->req_life = parse_time(val, "day");
|
||||||
} else {
|
} else {
|
||||||
/* Produce error for unknown params */
|
/* Produce error for unknown params */
|
||||||
heim_audit_setkv_bool((heim_svc_req_desc)r, "requested_unknown", TRUE);
|
heim_audit_setkv_bool((heim_svc_req_desc)r, "requested_unknown", TRUE);
|
||||||
krb5_set_error_message(r->context, r->ret = ENOTSUP,
|
krb5_set_error_message(r->context, r->error_code = ENOTSUP,
|
||||||
"Query parameter %s not supported", key);
|
"Query parameter %s not supported", key);
|
||||||
}
|
}
|
||||||
return r->ret == 0 ? MHD_YES : MHD_NO /* Stop iterating */;
|
return r->error_code == 0 ? MHD_YES : MHD_NO /* Stop iterating */;
|
||||||
}
|
}
|
||||||
|
|
||||||
static krb5_error_code
|
static krb5_error_code
|
||||||
@@ -717,10 +717,10 @@ authorize_CSR(struct bx509_request_desc *r,
|
|||||||
if (ret)
|
if (ret)
|
||||||
return bad_req(r, ret, MHD_HTTP_SERVICE_UNAVAILABLE,
|
return bad_req(r, ret, MHD_HTTP_SERVICE_UNAVAILABLE,
|
||||||
"Could not parse CSR");
|
"Could not parse CSR");
|
||||||
r->ret = 0;
|
r->error_code = 0;
|
||||||
(void) MHD_get_connection_values(r->connection, MHD_GET_ARGUMENT_KIND,
|
(void) MHD_get_connection_values(r->connection, MHD_GET_ARGUMENT_KIND,
|
||||||
bx509_param_cb, r);
|
bx509_param_cb, r);
|
||||||
ret = r->ret;
|
ret = r->error_code;
|
||||||
if (ret)
|
if (ret)
|
||||||
return bad_req(r, ret, MHD_HTTP_SERVICE_UNAVAILABLE,
|
return bad_req(r, ret, MHD_HTTP_SERVICE_UNAVAILABLE,
|
||||||
"Could not handle query parameters");
|
"Could not handle query parameters");
|
||||||
@@ -903,11 +903,11 @@ set_req_desc(struct MHD_Connection *connection,
|
|||||||
r->addr = NULL;
|
r->addr = NULL;
|
||||||
r->req = NULL;
|
r->req = NULL;
|
||||||
r->req_life = 0;
|
r->req_life = 0;
|
||||||
r->ret = ret;
|
r->error_code = ret;
|
||||||
r->kv = heim_dict_create(10);
|
r->kv = heim_dict_create(10);
|
||||||
r->attributes = heim_dict_create(1);
|
r->attributes = heim_dict_create(1);
|
||||||
if (ret == 0 && (r->kv == NULL || r->attributes == NULL))
|
if (ret == 0 && (r->kv == NULL || r->attributes == NULL))
|
||||||
r->ret = ret = ENOMEM;
|
r->error_code = ret = ENOMEM;
|
||||||
ci = MHD_get_connection_info(connection,
|
ci = MHD_get_connection_info(connection,
|
||||||
MHD_CONNECTION_INFO_CLIENT_ADDRESS);
|
MHD_CONNECTION_INFO_CLIENT_ADDRESS);
|
||||||
if (ci) {
|
if (ci) {
|
||||||
@@ -1755,15 +1755,15 @@ get_tgt_param_cb(void *d,
|
|||||||
if (!krb5_config_get_bool_default(r->context, NULL,
|
if (!krb5_config_get_bool_default(r->context, NULL,
|
||||||
FALSE,
|
FALSE,
|
||||||
"get-tgt", "allow_addresses", NULL)) {
|
"get-tgt", "allow_addresses", NULL)) {
|
||||||
krb5_set_error_message(r->context, r->ret = ENOTSUP,
|
krb5_set_error_message(r->context, r->error_code = ENOTSUP,
|
||||||
"Query parameter %s not allowed", key);
|
"Query parameter %s not allowed", key);
|
||||||
} else {
|
} else {
|
||||||
krb5_addresses addresses;
|
krb5_addresses addresses;
|
||||||
|
|
||||||
r->ret = _krb5_parse_address_no_lookup(r->context, val,
|
r->error_code = _krb5_parse_address_no_lookup(r->context, val,
|
||||||
&addresses);
|
&addresses);
|
||||||
if (r->ret == 0)
|
if (r->error_code == 0)
|
||||||
r->ret = krb5_append_addresses(r->context, &r->tgt_addresses,
|
r->error_code = krb5_append_addresses(r->context, &r->tgt_addresses,
|
||||||
&addresses);
|
&addresses);
|
||||||
krb5_free_addresses(r->context, &addresses);
|
krb5_free_addresses(r->context, &addresses);
|
||||||
}
|
}
|
||||||
@@ -1775,10 +1775,10 @@ get_tgt_param_cb(void *d,
|
|||||||
} else {
|
} else {
|
||||||
/* Produce error for unknown params */
|
/* Produce error for unknown params */
|
||||||
heim_audit_setkv_bool((heim_svc_req_desc)r, "requested_unknown", TRUE);
|
heim_audit_setkv_bool((heim_svc_req_desc)r, "requested_unknown", TRUE);
|
||||||
krb5_set_error_message(r->context, r->ret = ENOTSUP,
|
krb5_set_error_message(r->context, r->error_code = ENOTSUP,
|
||||||
"Query parameter %s not supported", key);
|
"Query parameter %s not supported", key);
|
||||||
}
|
}
|
||||||
return r->ret == 0 ? MHD_YES : MHD_NO /* Stop iterating */;
|
return r->error_code == 0 ? MHD_YES : MHD_NO /* Stop iterating */;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1808,10 +1808,10 @@ get_tgt(struct bx509_request_desc *r)
|
|||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
r->ret = 0;
|
r->error_code = 0;
|
||||||
(void) MHD_get_connection_values(r->connection, MHD_GET_ARGUMENT_KIND,
|
(void) MHD_get_connection_values(r->connection, MHD_GET_ARGUMENT_KIND,
|
||||||
get_tgt_param_cb, r);
|
get_tgt_param_cb, r);
|
||||||
ret = r->ret;
|
ret = r->error_code;
|
||||||
|
|
||||||
/* k5_get_creds() calls bad_req() */
|
/* k5_get_creds() calls bad_req() */
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
|
|||||||
@@ -1065,8 +1065,8 @@ param_cb(void *d,
|
|||||||
krb5_set_error_message(r->context, ret = ENOTSUP,
|
krb5_set_error_message(r->context, ret = ENOTSUP,
|
||||||
"Query parameter %s not supported", key);
|
"Query parameter %s not supported", key);
|
||||||
}
|
}
|
||||||
if (ret && !r->ret)
|
if (ret && !r->error_code)
|
||||||
r->ret = ret;
|
r->error_code = ret;
|
||||||
heim_release(s);
|
heim_release(s);
|
||||||
return ret ? MHD_NO /* Stop iterating */ : MHD_YES;
|
return ret ? MHD_NO /* Stop iterating */ : MHD_YES;
|
||||||
}
|
}
|
||||||
@@ -1082,7 +1082,7 @@ authorize_req(kadmin_request_desc r)
|
|||||||
return bad_enomem(r, ret);
|
return bad_enomem(r, ret);
|
||||||
(void) MHD_get_connection_values(r->connection, MHD_GET_ARGUMENT_KIND,
|
(void) MHD_get_connection_values(r->connection, MHD_GET_ARGUMENT_KIND,
|
||||||
param_cb, r);
|
param_cb, r);
|
||||||
ret = r->ret;
|
ret = r->error_code;
|
||||||
if (ret == EACCES)
|
if (ret == EACCES)
|
||||||
return bad_403(r, ret, "Not authorized to requested principal(s)");
|
return bad_403(r, ret, "Not authorized to requested principal(s)");
|
||||||
if (ret)
|
if (ret)
|
||||||
@@ -1588,7 +1588,7 @@ set_req_desc(struct MHD_Connection *connection,
|
|||||||
|
|
||||||
if (ret == 0 && r->kv == NULL) {
|
if (ret == 0 && r->kv == NULL) {
|
||||||
krb5_log_msg(r->context, logfac, 1, NULL, "Out of memory");
|
krb5_log_msg(r->context, logfac, 1, NULL, "Out of memory");
|
||||||
ret = r->ret = ENOMEM;
|
ret = r->error_code = ENOMEM;
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -1685,7 +1685,7 @@ get_config(kadmin_request_desc r)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
r->ret = ret;
|
r->error_code = ret;
|
||||||
return bad_404(r, "/get-config");
|
return bad_404(r, "/get-config");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -38,6 +38,7 @@
|
|||||||
|
|
||||||
#include <krb5.h>
|
#include <krb5.h>
|
||||||
#include <kdc.h>
|
#include <kdc.h>
|
||||||
|
#include <kdc-accessors.h>
|
||||||
#include <hdb.h>
|
#include <hdb.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@@ -2149,7 +2149,7 @@ _kdc_as_rep(astgs_request_t r)
|
|||||||
r->e_text = NULL;
|
r->e_text = NULL;
|
||||||
ret = _kdc_fast_mk_error(r, r->rep.padata, r->armor_crypto,
|
ret = _kdc_fast_mk_error(r, r->rep.padata, r->armor_crypto,
|
||||||
&req->req_body,
|
&req->req_body,
|
||||||
r->ret = KRB5_KDC_ERR_WRONG_REALM,
|
r->error_code = KRB5_KDC_ERR_WRONG_REALM,
|
||||||
r->client->principal, r->server_princ,
|
r->client->principal, r->server_princ,
|
||||||
NULL, NULL, r->reply);
|
NULL, NULL, r->reply);
|
||||||
goto out;
|
goto out;
|
||||||
@@ -2714,7 +2714,7 @@ _kdc_as_rep(astgs_request_t r)
|
|||||||
}
|
}
|
||||||
|
|
||||||
out:
|
out:
|
||||||
r->ret = ret;
|
r->error_code = ret;
|
||||||
_kdc_audit_request(r);
|
_kdc_audit_request(r);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -2725,7 +2725,7 @@ out:
|
|||||||
r->rep.padata,
|
r->rep.padata,
|
||||||
r->armor_crypto,
|
r->armor_crypto,
|
||||||
&req->req_body,
|
&req->req_body,
|
||||||
r->ret,
|
r->error_code,
|
||||||
r->client_princ,
|
r->client_princ,
|
||||||
r->server_princ,
|
r->server_princ,
|
||||||
NULL, NULL,
|
NULL, NULL,
|
||||||
|
|||||||
@@ -1499,7 +1499,7 @@ server_lookup:
|
|||||||
Realm req_rlm;
|
Realm req_rlm;
|
||||||
krb5_realm *realms;
|
krb5_realm *realms;
|
||||||
|
|
||||||
priv->ret = ret; /* advise policy plugin of failure reason */
|
priv->error_code = ret; /* advise policy plugin of failure reason */
|
||||||
ret2 = _kdc_referral_policy(priv);
|
ret2 = _kdc_referral_policy(priv);
|
||||||
if (ret2 == 0) {
|
if (ret2 == 0) {
|
||||||
krb5_xfree(priv->sname);
|
krb5_xfree(priv->sname);
|
||||||
@@ -2155,7 +2155,7 @@ _kdc_tgs_rep(astgs_request_t r)
|
|||||||
}
|
}
|
||||||
|
|
||||||
out:
|
out:
|
||||||
r->ret = ret;
|
r->error_code = ret;
|
||||||
_kdc_audit_request(r);
|
_kdc_audit_request(r);
|
||||||
|
|
||||||
if(ret && ret != HDB_ERR_NOT_FOUND_HERE && data->data == NULL){
|
if(ret && ret != HDB_ERR_NOT_FOUND_HERE && data->data == NULL){
|
||||||
@@ -2166,7 +2166,7 @@ out:
|
|||||||
&error_method,
|
&error_method,
|
||||||
r->armor_crypto,
|
r->armor_crypto,
|
||||||
&req->req_body,
|
&req->req_body,
|
||||||
r->ret,
|
r->error_code,
|
||||||
r->client_princ,
|
r->client_princ,
|
||||||
r->server_princ,
|
r->server_princ,
|
||||||
csec, cusec,
|
csec, cusec,
|
||||||
|
|||||||
@@ -161,7 +161,7 @@ _kdc_audit_trail(kdc_request_t r, krb5_error_code ret)
|
|||||||
|
|
||||||
/* Get a symbolic name for some error codes */
|
/* Get a symbolic name for some error codes */
|
||||||
#define CASE(x) case x : retname = #x; break
|
#define CASE(x) case x : retname = #x; break
|
||||||
switch (ret ? ret : r->ret) {
|
switch (ret ? ret : r->error_code) {
|
||||||
CASE(ENOMEM);
|
CASE(ENOMEM);
|
||||||
CASE(EACCES);
|
CASE(EACCES);
|
||||||
CASE(HDB_ERR_NOT_FOUND_HERE);
|
CASE(HDB_ERR_NOT_FOUND_HERE);
|
||||||
|
|||||||
@@ -73,6 +73,6 @@
|
|||||||
/* auditing key/value store */ \
|
/* auditing key/value store */ \
|
||||||
heim_dict_t kv; \
|
heim_dict_t kv; \
|
||||||
heim_dict_t attributes; \
|
heim_dict_t attributes; \
|
||||||
int32_t ret
|
int32_t error_code
|
||||||
|
|
||||||
#endif /* HEIMBASE_SVC_H */
|
#endif /* HEIMBASE_SVC_H */
|
||||||
|
|||||||
@@ -1042,7 +1042,7 @@ heim_audit_trail(heim_svc_req_desc r, heim_error_code ret, const char *retname)
|
|||||||
#define CASE(x) case x : retval = #x; break
|
#define CASE(x) case x : retval = #x; break
|
||||||
if (retname) {
|
if (retname) {
|
||||||
retval = retname;
|
retval = retname;
|
||||||
} else switch (ret ? ret : r->ret) {
|
} else switch (ret ? ret : r->error_code) {
|
||||||
CASE(ENOMEM);
|
CASE(ENOMEM);
|
||||||
CASE(ENOENT);
|
CASE(ENOENT);
|
||||||
CASE(EACCES);
|
CASE(EACCES);
|
||||||
|
|||||||
Reference in New Issue
Block a user