1 files changed, 81 insertions, 78 deletions

diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index ef91f9fdd6..a416f90c10 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -1,34 +1,34 @@
 /*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
+ * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
  *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
  *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
  *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
  *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
  */
 
 #include <krb5_locl.h>
@@ -58,7 +58,7 @@ decrypt_tkt_enc_part (krb5_context context,
     if (ret)
 	return ret;
 
-    ret = krb5_decode_EncTicketPart(context, plain.data, plain.length, 
+    ret = krb5_decode_EncTicketPart(context, plain.data, plain.length,
 				    decr_part, &len);
     krb5_data_free (&plain);
     return ret;
@@ -95,7 +95,7 @@ decrypt_authenticator (krb5_context context,
     if (ret)
 	return ret;
 
-    ret = krb5_decode_Authenticator(context, plain.data, plain.length, 
+    ret = krb5_decode_Authenticator(context, plain.data, plain.length,
 				    authenticator, &len);
     krb5_data_free (&plain);
     return ret;
@@ -113,17 +113,17 @@ krb5_decode_ap_req(krb5_context context,
 	return ret;
     if (ap_req->pvno != 5){
 	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
+	krb5_clear_error_message (context);
 	return KRB5KRB_AP_ERR_BADVERSION;
     }
     if (ap_req->msg_type != krb_ap_req){
 	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
+	krb5_clear_error_message (context);
 	return KRB5KRB_AP_ERR_MSG_TYPE;
     }
     if (ap_req->ticket.tkt_vno != 5){
 	free_AP_REQ(ap_req);
-	krb5_clear_error_string (context);
+	krb5_clear_error_message (context);
 	return KRB5KRB_AP_ERR_BADVERSION;
     }
     return 0;
@@ -135,8 +135,8 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
     char **realms;
     unsigned int num_realms;
     krb5_error_code ret;
-	    
-    /* 
+	
+    /*
      * Windows 2000 and 2003 uses this inside their TGT so it's normaly
      * not seen by others, however, samba4 joined with a Windows AD as
      * a Domain Controller gets exposed to this.
@@ -150,14 +150,14 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
     if(enc->transited.contents.length == 0)
 	return 0;
 
-    ret = krb5_domain_x500_decode(context, enc->transited.contents, 
-				  &realms, &num_realms, 
+    ret = krb5_domain_x500_decode(context, enc->transited.contents,
+				  &realms, &num_realms,
 				  enc->crealm,
 				  ticket->realm);
     if(ret)
 	return ret;
-    ret = krb5_check_transited(context, enc->crealm, 
-			       ticket->realm, 
+    ret = krb5_check_transited(context, enc->crealm,
+			       ticket->realm,
 			       realms, num_realms, NULL);
     free(realms);
     return ret;
@@ -209,7 +209,7 @@ find_etypelist(krb5_context context,
 			   etypes,
 			   NULL);
     if (ret)
-	krb5_clear_error_string(context);
+	krb5_clear_error_message(context);
 
     free_AD_IF_RELEVANT(&adIfRelevant);
 
@@ -228,7 +228,7 @@ krb5_decrypt_ticket(krb5_context context,
     ret = decrypt_tkt_enc_part (context, key, &ticket->enc_part, &t);
     if (ret)
 	return ret;
-    
+
     {
 	krb5_timestamp now;
 	time_t start = t.authtime;
@@ -240,12 +240,12 @@ krb5_decrypt_ticket(krb5_context context,
 	   || (t.flags.invalid
 	       && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
 	    free_EncTicketPart(&t);
-	    krb5_clear_error_string (context);
+	    krb5_clear_error_message (context);
 	    return KRB5KRB_AP_ERR_TKT_NYV;
 	}
 	if(now - t.endtime > context->max_skew) {
 	    free_EncTicketPart(&t);
-	    krb5_clear_error_string (context);
+	    krb5_clear_error_message (context);
 	    return KRB5KRB_AP_ERR_TKT_EXPIRED;
 	}
 	
@@ -257,7 +257,7 @@ krb5_decrypt_ticket(krb5_context context,
 	    }
 	}
     }
-    
+
     if(out)
 	*out = t;
     else
@@ -275,7 +275,7 @@ krb5_verify_authenticator_checksum(krb5_context context,
     krb5_keyblock *key;
     krb5_authenticator authenticator;
     krb5_crypto crypto;
-    
+
     ret = krb5_auth_con_getauthenticator (context,
 				      ac,
 				      &authenticator);
@@ -343,7 +343,7 @@ krb5_verify_ap_req2(krb5_context context,
     krb5_auth_context ac;
     krb5_error_code ret;
     EtypeList etypes;
-    
+
     if (ticket)
 	*ticket = NULL;
 
@@ -358,34 +358,34 @@ krb5_verify_ap_req2(krb5_context context,
     t = calloc(1, sizeof(*t));
     if (t == NULL) {
 	ret = ENOMEM;
-	krb5_clear_error_string (context);
+	krb5_clear_error_message (context);
 	goto out;
     }
 
     if (ap_req->ap_options.use_session_key && ac->keyblock){
-	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
-				  ac->keyblock, 
+	ret = krb5_decrypt_ticket(context, &ap_req->ticket,
+				  ac->keyblock,
 				  &t->ticket,
 				  flags);
 	krb5_free_keyblock(context, ac->keyblock);
 	ac->keyblock = NULL;
     }else
-	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
-				  keyblock, 
+	ret = krb5_decrypt_ticket(context, &ap_req->ticket,
+				  keyblock,
 				  &t->ticket,
 				  flags);
-    
+
     if(ret)
 	goto out;
 
     ret = _krb5_principalname2krb5_principal(context,
 					     &t->server,
-					     ap_req->ticket.sname, 
+					     ap_req->ticket.sname,
 					     ap_req->ticket.realm);
     if (ret) goto out;
     ret = _krb5_principalname2krb5_principal(context,
 					     &t->client,
-					     t->ticket.cname, 
+					     t->ticket.cname,
 					     t->ticket.crealm);
     if (ret) goto out;
 
@@ -406,7 +406,7 @@ krb5_verify_ap_req2(krb5_context context,
 					   ac->authenticator->cname,
 					   ac->authenticator->crealm);
 	_krb5_principalname2krb5_principal(context,
-					   &p2, 
+					   &p2,
 					   t->ticket.cname,
 					   t->ticket.crealm);
 	res = krb5_principal_compare (context, p1, p2);
@@ -414,7 +414,7 @@ krb5_verify_ap_req2(krb5_context context,
 	krb5_free_principal (context, p2);
 	if (!res) {
 	    ret = KRB5KRB_AP_ERR_BADMATCH;
-	    krb5_clear_error_string (context);
+	    krb5_clear_error_message (context);
 	    goto out;
 	}
     }
@@ -427,7 +427,7 @@ krb5_verify_ap_req2(krb5_context context,
 				 ac->remote_address,
 				 t->ticket.caddr)) {
 	ret = KRB5KRB_AP_ERR_BADADDR;
-	krb5_clear_error_string (context);
+	krb5_clear_error_message (context);
 	goto out;
     }
 
@@ -439,7 +439,7 @@ krb5_verify_ap_req2(krb5_context context,
 
 	if (abs(ac->authenticator->ctime - now) > context->max_skew) {
 	    ret = KRB5KRB_AP_ERR_SKEW;
-	    krb5_clear_error_string (context);
+	    krb5_clear_error_message (context);
 	    goto out;
 	}
     }
@@ -506,7 +506,7 @@ krb5_verify_ap_req2(krb5_context context,
 	krb5_auth_con_free (context, ac);
     return ret;
 }
-		   
+		
 /*
  *
  */
@@ -532,7 +532,8 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
 {
     *ctx = calloc(1, sizeof(**ctx));
     if (*ctx == NULL) {
-	krb5_set_error_message(context, ENOMEM, "out of memory");
+	krb5_set_error_message(context, ENOMEM,
+			       N_("malloc: out of memory", ""));
 	return ENOMEM;
     }
     (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0;
@@ -540,7 +541,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx)
 }
 
 krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keytab(krb5_context context, 
+krb5_rd_req_in_set_keytab(krb5_context context,
 			  krb5_rd_req_in_ctx in,
 			  krb5_keytab keytab)
 {
@@ -550,7 +551,7 @@ krb5_rd_req_in_set_keytab(krb5_context context,
 
 /**
  * Set if krb5_rq_red() is going to check the Windows PAC or not
- * 
+ *
  * @param context Keberos 5 context.
  * @param in krb5_rd_req_in_ctx to check the option on.
  * @param flag flag to select if to check the pac (TRUE) or not (FALSE).
@@ -561,7 +562,7 @@ krb5_rd_req_in_set_keytab(krb5_context context,
  */
 
 krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_pac_check(krb5_context context, 
+krb5_rd_req_in_set_pac_check(krb5_context context,
 			     krb5_rd_req_in_ctx in,
 			     krb5_boolean flag)
 {
@@ -571,7 +572,7 @@ krb5_rd_req_in_set_pac_check(krb5_context context,
 
 
 krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_in_set_keyblock(krb5_context context, 
+krb5_rd_req_in_set_keyblock(krb5_context context,
 			    krb5_rd_req_in_ctx in,
 			    krb5_keyblock *keyblock)
 {
@@ -580,7 +581,7 @@ krb5_rd_req_in_set_keyblock(krb5_context context,
 }
 
 krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ap_req_options(krb5_context context, 
+krb5_rd_req_out_get_ap_req_options(krb5_context context,
 				   krb5_rd_req_out_ctx out,
 				   krb5_flags *ap_req_options)
 {
@@ -589,7 +590,7 @@ krb5_rd_req_out_get_ap_req_options(krb5_context context,
 }
 
 krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_ticket(krb5_context context, 
+krb5_rd_req_out_get_ticket(krb5_context context,
 			    krb5_rd_req_out_ctx out,
 			    krb5_ticket **ticket)
 {
@@ -597,7 +598,7 @@ krb5_rd_req_out_get_ticket(krb5_context context,
 }
 
 krb5_error_code KRB5_LIB_FUNCTION
-krb5_rd_req_out_get_keyblock(krb5_context context, 
+krb5_rd_req_out_get_keyblock(krb5_context context,
 			    krb5_rd_req_out_ctx out,
 			    krb5_keyblock **keyblock)
 {
@@ -615,7 +616,8 @@ _krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx)
 {
     *ctx = calloc(1, sizeof(**ctx));
     if (*ctx == NULL) {
-	krb5_set_error_message(context, ENOMEM, "out of memory");
+	krb5_set_error_message(context, ENOMEM,
+			       N_("malloc: out of memory", ""));
 	return ENOMEM;
     }
     return 0;
@@ -648,7 +650,7 @@ krb5_rd_req(krb5_context context,
     ret = krb5_rd_req_in_ctx_alloc(context, &in);
     if (ret)
 	return ret;
-    
+
     ret = krb5_rd_req_in_set_keytab(context, in, keytab);
     if (ret) {
 	krb5_rd_req_in_ctx_free(context, in);
@@ -693,7 +695,7 @@ krb5_rd_req_with_keyblock(krb5_context context,
     ret = krb5_rd_req_in_ctx_alloc(context, &in);
     if (ret)
 	return ret;
-    
+
     ret = krb5_rd_req_in_set_keyblock(context, in, keyblock);
     if (ret) {
 	krb5_rd_req_in_ctx_free(context, in);
@@ -739,7 +741,7 @@ get_key_from_keytab(krb5_context context,
 	krb5_kt_default(context, &real_keytab);
     else
 	real_keytab = keytab;
-    
+
     if (ap_req->ticket.enc_part.kvno)
 	kvno = *ap_req->ticket.enc_part.kvno;
     else
@@ -755,10 +757,10 @@ get_key_from_keytab(krb5_context context,
 	goto out;
     ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
     krb5_kt_free_entry (context, &entry);
-out:    
+out:
     if(keytab == NULL)
 	krb5_kt_close(context, real_keytab);
-    
+
     return ret;
 }
 
@@ -805,8 +807,9 @@ krb5_rd_req_ctx(krb5_context context,
     if (ap_req.ap_options.use_session_key &&
 	(*auth_context)->keyblock == NULL) {
 	ret = KRB5KRB_AP_ERR_NOKEY;
-	krb5_set_error_message(context, ret, "krb5_rd_req: user to user auth "
-			       "without session key given");
+	krb5_set_error_message(context, ret,
+			       N_("krb5_rd_req: user to user auth "
+				  "without session key given", ""));
 	goto out;
     }
 
@@ -828,8 +831,8 @@ krb5_rd_req_ctx(krb5_context context,
 	if (inctx && inctx->keytab)
 	    keytab = inctx->keytab;
 
-	ret = get_key_from_keytab(context, 
-				  auth_context, 
+	ret = get_key_from_keytab(context,
+				  auth_context,
 				  &ap_req,
 				  server,
 				  keytab,
@@ -867,10 +870,10 @@ krb5_rd_req_ctx(krb5_context context,
 		goto out;
 	
 	    ret = krb5_pac_verify(context,
-				  pac, 
+				  pac,
 				  o->ticket->ticket.authtime,
-				  o->ticket->client, 
-				  o->keyblock, 
+				  o->ticket->client,
+				  o->keyblock,
 				  NULL);
 	    krb5_pac_free(context, pac);
 	    if (ret)
@@ -881,7 +884,7 @@ krb5_rd_req_ctx(krb5_context context,
 out:
     if (ret || outctx == NULL) {
 	krb5_rd_req_out_ctx_free(context, o);
-    } else 
+    } else
 	*outctx = o;
 
     free_AP_REQ(&ap_req);