diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-09-30 20:13:34 -0700 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-09-30 20:13:34 -0700 |
commit | 4c57095bb76aee5922502d1dff307c6dd869f007 (patch) | |
tree | 1d122301c1e0ef3c24d24401f123d4466b872950 | |
parent | 23b4126f10f3927a8d70517e04872aa4ebf1b502 (diff) | |
download | samba-4c57095bb76aee5922502d1dff307c6dd869f007.tar.gz samba-4c57095bb76aee5922502d1dff307c6dd869f007.tar.bz2 samba-4c57095bb76aee5922502d1dff307c6dd869f007.zip |
heimdal: added verbose logging of hemimdal crypto errors
-rw-r--r-- | source4/heimdal/lib/krb5/crypto.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index ed8765542c..eda5e634d1 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -1847,6 +1847,10 @@ verify_checksum(krb5_context context, } if(ct->checksumsize != cksum->checksum.length) { krb5_clear_error_message (context); + krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY, + N_("Decrypt integrity check failed for checksum type %s, length was %u, expected %u", ""), + ct->name, (unsigned)cksum->checksum.length, (unsigned)ct->checksumsize); + return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ } keyed_checksum = (ct->flags & F_KEYED) != 0; @@ -1874,8 +1878,14 @@ verify_checksum(krb5_context context, return ret; } else dkey = NULL; - if(ct->verify) - return (*ct->verify)(context, dkey, data, len, usage, cksum); + if(ct->verify) { + ret = (*ct->verify)(context, dkey, data, len, usage, cksum); + if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY, + N_("Decrypt integrity check failed for checksum type %s, key type %s", ""), + ct->name, crypto->et->name); + } + } ret = krb5_data_alloc (&c.checksum, ct->checksumsize); if (ret) @@ -1890,6 +1900,9 @@ verify_checksum(krb5_context context, if(c.checksum.length != cksum->checksum.length || ct_memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { krb5_clear_error_message (context); + krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY, + N_("Decrypt integrity check failed for checksum type %s, key type %s", ""), + ct->name, crypto->et->name); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } else { ret = 0; |