From a925f039ee382df0f3be434108416bab0d17e8c0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 1 Aug 2008 07:08:51 +0200
Subject: heimdal: update to lorikeet-heimdal rev 801

metze
(This used to be commit d6c54a66fb23c784ef221a3c1cf766b72bdb5a0b)
---
 source4/heimdal/kdc/kx509.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

(limited to 'source4/heimdal/kdc/kx509.c')

diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c
index b1b861efef..8f117cebc0 100644
--- a/source4/heimdal/kdc/kx509.c
+++ b/source4/heimdal/kdc/kx509.c
@@ -36,7 +36,7 @@
 #include <rfc2459_asn1.h>
 #include <hx509.h>
 
-RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $");
+RCSID("$Id: kx509.c 23316 2008-06-23 04:32:32Z lha $");
 
 /*
  *
@@ -67,8 +67,9 @@ verify_req_hash(krb5_context context,
     HMAC_CTX ctx;
     
     if (req->pk_hash.length != sizeof(digest)) {
-	krb5_set_error_string(context, "pk-hash have wrong length: %lu",
-			      (unsigned long)req->pk_hash.length);
+	krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
+			       "pk-hash have wrong length: %lu",
+			       (unsigned long)req->pk_hash.length);
 	return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
@@ -84,7 +85,8 @@ verify_req_hash(krb5_context context,
     HMAC_CTX_cleanup(&ctx);
 
     if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) {
-	krb5_set_error_string(context, "pk-hash is not correct");
+	krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
+			       "pk-hash is not correct");
 	return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     return 0;
@@ -106,7 +108,7 @@ calculate_reply_hash(krb5_context context,
     rep->hash->data = malloc(rep->hash->length);
     if (rep->hash->data == NULL) {
 	HMAC_CTX_cleanup(&ctx);
-	krb5_set_error_string(context, "out of memory");
+	krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
 	return ENOMEM;
     }
 
@@ -157,12 +159,8 @@ build_certificate(krb5_context context,
     ret = hx509_context_init(&hxctx);
     if (ret)
 	goto out;
-
-    ret = hx509_env_init(hxctx, &env);
-    if (ret)
-	goto out;
-
-    ret = hx509_env_add(hxctx, env, "principal-name", 
+    
+    ret = hx509_env_add(hxctx, &env, "principal-name", 
 			krb5_principal_get_comp_string(context, principal, 0));
     if (ret)
 	goto out;
@@ -280,7 +278,7 @@ out:
 	hx509_cert_free(signer);
     if (hxctx)
 	hx509_context_free(&hxctx);
-    krb5_set_error_string(context, "cert creation failed");
+    krb5_set_error_message(context, ret, "cert creation failed");
     return ret;
 }
 
@@ -358,16 +356,18 @@ _kdc_do_kx509(krb5_context context,
 	krb5_free_principal(context, principal);
 	if (ret != TRUE) {
 	    ret = KRB5KDC_ERR_SERVER_NOMATCH;
-	    krb5_set_error_string(context, 
-				  "User %s used wrong Kx509 service principal",
-				  cname);
+	    krb5_set_error_message(context, ret,
+				   "User %s used wrong Kx509 service principal",
+				   cname);
 	    goto out;
 	}
     }
     
     ret = krb5_auth_con_getkey(context, ac, &key);
-    if (ret || key == NULL) {
-	krb5_set_error_string(context, "Kx509 can't get session key");
+    if (ret == 0 && key == NULL)
+	ret = KRB5KDC_ERR_NULL_KEY;
+    if (ret) {
+	krb5_set_error_message(context, ret, "Kx509 can't get session key");
 	goto out;
     }
     
@@ -418,7 +418,7 @@ _kdc_do_kx509(krb5_context context,
 	ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep,
 			   &size, ret);
 	if (ret) {
-	    krb5_set_error_string(context, "Failed to encode kx509 reply");
+	    krb5_set_error_message(context, ret, "Failed to encode kx509 reply");
 	    goto out;
 	}
 	if (size != data.length)
-- 
cgit