oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

lib/krb5: not_found() do not substitute the error text

Browse Source 
not_found() is called internally with error code KRB5_CC_NOTFOUND
from find_cred() and get_cred_kdc_capath_worker() where a hard
coded error string "Matching credential not found" makes sense.
However, it is also called from krb5_get_creds() and
krb5_get_credentials_with_flags() with error codes that are
returned from the KDC where hiding the true error string
confuses the end user and hampers debugging.

This change replaces the hard coded string with the result
of krb5_get_error_message() and appends the service ticket
name.

Change-Id: I275c66c7b5783ae25029dce5b851cb389b118bcc
This commit is contained in:
Jeffrey Altman
2020-05-25 17:22:24 -04:00
committed by Nicolas Williams
parent aa47b5f1a3
commit fde95037a8
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/krb5/get_cred.c
View File

@@ -684,15 +684,15 @@ static int
not_found(krb5_context context, krb5_const_principal p, krb5_error_code code)
{
krb5_error_code ret;
char *str;
char *str, *err;
err = krb5_get_error_message(context, code);
ret = krb5_unparse_name(context, p, &str);
if(ret) {
krb5_clear_error_message(context);
return code;
}
krb5_set_error_message(context, code,
N_("Matching credential (%s) not found", ""), str);
krb5_set_error_message(context, code, N_("%s (%s)", ""), err, str);
free(str);
return code;
}