summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc/kx509.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/kdc/kx509.c')
-rw-r--r--source4/heimdal/kdc/kx509.c36
1 files changed, 18 insertions, 18 deletions
diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c
index b1b861efef..8f117cebc0 100644
--- a/source4/heimdal/kdc/kx509.c
+++ b/source4/heimdal/kdc/kx509.c
@@ -36,7 +36,7 @@
#include <rfc2459_asn1.h>
#include <hx509.h>
-RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $");
+RCSID("$Id: kx509.c 23316 2008-06-23 04:32:32Z lha $");
/*
*
@@ -67,8 +67,9 @@ verify_req_hash(krb5_context context,
HMAC_CTX ctx;
if (req->pk_hash.length != sizeof(digest)) {
- krb5_set_error_string(context, "pk-hash have wrong length: %lu",
- (unsigned long)req->pk_hash.length);
+ krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
+ "pk-hash have wrong length: %lu",
+ (unsigned long)req->pk_hash.length);
return KRB5KDC_ERR_PREAUTH_FAILED;
}
@@ -84,7 +85,8 @@ verify_req_hash(krb5_context context,
HMAC_CTX_cleanup(&ctx);
if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
- krb5_set_error_string(context, "pk-hash is not correct");
+ krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
+ "pk-hash is not correct");
return KRB5KDC_ERR_PREAUTH_FAILED;
}
return 0;
@@ -106,7 +108,7 @@ calculate_reply_hash(krb5_context context,
rep->hash->data = malloc(rep->hash->length);
if (rep->hash->data == NULL) {
HMAC_CTX_cleanup(&ctx);
- krb5_set_error_string(context, "out of memory");
+ krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
return ENOMEM;
}
@@ -157,12 +159,8 @@ build_certificate(krb5_context context,
ret = hx509_context_init(&hxctx);
if (ret)
goto out;
-
- ret = hx509_env_init(hxctx, &env);
- if (ret)
- goto out;
-
- ret = hx509_env_add(hxctx, env, "principal-name",
+
+ ret = hx509_env_add(hxctx, &env, "principal-name",
krb5_principal_get_comp_string(context, principal, 0));
if (ret)
goto out;
@@ -280,7 +278,7 @@ out:
hx509_cert_free(signer);
if (hxctx)
hx509_context_free(&hxctx);
- krb5_set_error_string(context, "cert creation failed");
+ krb5_set_error_message(context, ret, "cert creation failed");
return ret;
}
@@ -358,16 +356,18 @@ _kdc_do_kx509(krb5_context context,
krb5_free_principal(context, principal);
if (ret != TRUE) {
ret = KRB5KDC_ERR_SERVER_NOMATCH;
- krb5_set_error_string(context,
- "User %s used wrong Kx509 service principal",
- cname);
+ krb5_set_error_message(context, ret,
+ "User %s used wrong Kx509 service principal",
+ cname);
goto out;
}
}
ret = krb5_auth_con_getkey(context, ac, &key);
- if (ret || key == NULL) {
- krb5_set_error_string(context, "Kx509 can't get session key");
+ if (ret == 0 && key == NULL)
+ ret = KRB5KDC_ERR_NULL_KEY;
+ if (ret) {
+ krb5_set_error_message(context, ret, "Kx509 can't get session key");
goto out;
}
@@ -418,7 +418,7 @@ _kdc_do_kx509(krb5_context context,
ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep,
&size, ret);
if (ret) {
- krb5_set_error_string(context, "Failed to encode kx509 reply");
+ krb5_set_error_message(context, ret, "Failed to encode kx509 reply");
goto out;
}
if (size != data.length)