diff options
Diffstat (limited to 'source4/heimdal/kdc/kx509.c')
| -rw-r--r-- | source4/heimdal/kdc/kx509.c | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c index b1b861efef..8f117cebc0 100644 --- a/source4/heimdal/kdc/kx509.c +++ b/source4/heimdal/kdc/kx509.c @@ -36,7 +36,7 @@ #include <rfc2459_asn1.h> #include <hx509.h> -RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $"); +RCSID("$Id: kx509.c 23316 2008-06-23 04:32:32Z lha $"); /* * @@ -67,8 +67,9 @@ verify_req_hash(krb5_context context, HMAC_CTX ctx; if (req->pk_hash.length != sizeof(digest)) { - krb5_set_error_string(context, "pk-hash have wrong length: %lu", - (unsigned long)req->pk_hash.length); + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + "pk-hash have wrong length: %lu", + (unsigned long)req->pk_hash.length); return KRB5KDC_ERR_PREAUTH_FAILED; } @@ -84,7 +85,8 @@ verify_req_hash(krb5_context context, HMAC_CTX_cleanup(&ctx); if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { - krb5_set_error_string(context, "pk-hash is not correct"); + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + "pk-hash is not correct"); return KRB5KDC_ERR_PREAUTH_FAILED; } return 0; @@ -106,7 +108,7 @@ calculate_reply_hash(krb5_context context, rep->hash->data = malloc(rep->hash->length); if (rep->hash->data == NULL) { HMAC_CTX_cleanup(&ctx); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -157,12 +159,8 @@ build_certificate(krb5_context context, ret = hx509_context_init(&hxctx); if (ret) goto out; - - ret = hx509_env_init(hxctx, &env); - if (ret) - goto out; - - ret = hx509_env_add(hxctx, env, "principal-name", + + ret = hx509_env_add(hxctx, &env, "principal-name", krb5_principal_get_comp_string(context, principal, 0)); if (ret) goto out; @@ -280,7 +278,7 @@ out: hx509_cert_free(signer); if (hxctx) hx509_context_free(&hxctx); - krb5_set_error_string(context, "cert creation failed"); + krb5_set_error_message(context, ret, "cert creation failed"); return ret; } @@ -358,16 +356,18 @@ _kdc_do_kx509(krb5_context context, krb5_free_principal(context, principal); if (ret != TRUE) { ret = KRB5KDC_ERR_SERVER_NOMATCH; - krb5_set_error_string(context, - "User %s used wrong Kx509 service principal", - cname); + krb5_set_error_message(context, ret, + "User %s used wrong Kx509 service principal", + cname); goto out; } } ret = krb5_auth_con_getkey(context, ac, &key); - if (ret || key == NULL) { - krb5_set_error_string(context, "Kx509 can't get session key"); + if (ret == 0 && key == NULL) + ret = KRB5KDC_ERR_NULL_KEY; + if (ret) { + krb5_set_error_message(context, ret, "Kx509 can't get session key"); goto out; } @@ -418,7 +418,7 @@ _kdc_do_kx509(krb5_context context, ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode kx509 reply"); + krb5_set_error_message(context, ret, "Failed to encode kx509 reply"); goto out; } if (size != data.length) |