summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-09-30 20:13:34 -0700
committerAndrew Tridgell <tridge@samba.org>2010-09-30 20:13:34 -0700
commit4c57095bb76aee5922502d1dff307c6dd869f007 (patch)
tree1d122301c1e0ef3c24d24401f123d4466b872950
parent23b4126f10f3927a8d70517e04872aa4ebf1b502 (diff)
downloadsamba-4c57095bb76aee5922502d1dff307c6dd869f007.tar.gz
samba-4c57095bb76aee5922502d1dff307c6dd869f007.tar.bz2
samba-4c57095bb76aee5922502d1dff307c6dd869f007.zip
heimdal: added verbose logging of hemimdal crypto errors
-rw-r--r--source4/heimdal/lib/krb5/crypto.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index ed8765542c..eda5e634d1 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -1847,6 +1847,10 @@ verify_checksum(krb5_context context,
}
if(ct->checksumsize != cksum->checksum.length) {
krb5_clear_error_message (context);
+ krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY,
+ N_("Decrypt integrity check failed for checksum type %s, length was %u, expected %u", ""),
+ ct->name, (unsigned)cksum->checksum.length, (unsigned)ct->checksumsize);
+
return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
@@ -1874,8 +1878,14 @@ verify_checksum(krb5_context context,
return ret;
} else
dkey = NULL;
- if(ct->verify)
- return (*ct->verify)(context, dkey, data, len, usage, cksum);
+ if(ct->verify) {
+ ret = (*ct->verify)(context, dkey, data, len, usage, cksum);
+ if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY,
+ N_("Decrypt integrity check failed for checksum type %s, key type %s", ""),
+ ct->name, crypto->et->name);
+ }
+ }
ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
if (ret)
@@ -1890,6 +1900,9 @@ verify_checksum(krb5_context context,
if(c.checksum.length != cksum->checksum.length ||
ct_memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
krb5_clear_error_message (context);
+ krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY,
+ N_("Decrypt integrity check failed for checksum type %s, key type %s", ""),
+ ct->name, crypto->et->name);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
} else {
ret = 0;