]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 035eb79) | patch
Improve krb5_rd_req decryption failure errors
authorGreg Hudson <ghudson@mit.edu>
Mon, 28 Apr 2014 07:58:32 +0000 (03:58 -0400)
committerGreg Hudson <ghudson@mit.edu>
Wed, 7 May 2014 16:56:15 +0000 (12:56 -0400)
commiteba8c4909ec7ba0d7054d5d1b1061319e9970cc7
treeb10c91ffb967d767546c8fa87c105a712b116494tree | snapshot
parent035eb79b3f250b690502c66aaf664410b1d0e7e0commit | diff
Improve krb5_rd_req decryption failure errors

When krb5_rd_req cannot decrypt a ticket, try to produce the most
helpful diagnostic we can, and return an error code which corresponds
to the most applicable Kerberos protocol error.  Add a trace log
containing the error message for ticket decryption failures, in case
the application server does not log it.

Add new tests to cover krb5_rd_req error messages and adjust existing
tests to match the new messages.  Also adjust svc_auth_gssapi.c to
look for KRB5KRB_AP_ERR_NOT_US instead of KRB5KRB_AP_WRONG_PRINC.

ticket: 7232
.gitignore diff | blob | blame | history
src/include/k5-trace.h diff | blob | blame | history
src/lib/krb5/krb/rd_req_dec.c diff | blob | blame | history
src/lib/rpc/svc_auth_gssapi.c diff | blob | blame | history
src/lib/rpc/unit-test/rpc_test.0/gsserr.exp diff | blob | blame | history
src/tests/Makefile.in diff | blob | blame | history
src/tests/gssapi/t_gssapi.py diff | blob | blame | history
src/tests/rdreq.c [new file with mode: 0644] blob
src/tests/t_rdreq.py [new file with mode: 0644] blob
Mirror of https://github.com/krb5/krb5.git