kdc_active_realm->realm_keytab, NULL, &ticket);
if (retval != 0) {
const char * errmsg = krb5_get_error_message(kdc_context, retval);
- krb5_set_error_message(kdc_context, retval,
- _("%s while handling ap-request armor"),
- errmsg);
+ k5_setmsg(kdc_context, retval, _("%s while handling ap-request armor"),
+ errmsg);
krb5_free_error_message(kdc_context, errmsg);
}
if (retval == 0) {
if (!krb5_principal_compare_any_realm(kdc_context,
tgs_server,
ticket->server)) {
- krb5_set_error_message(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH,
- _("ap-request armor for something other "
- "than the local TGS"));
+ k5_setmsg(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH,
+ _("ap-request armor for something other than the local "
+ "TGS"));
retval = KRB5KDC_ERR_SERVER_NOMATCH;
}
}
if (retval == 0) {
retval = krb5_auth_con_getrecvsubkey(kdc_context, authcontext, &subkey);
if (retval != 0 || subkey == NULL) {
- krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
- _("ap-request armor without subkey"));
+ k5_setmsg(kdc_context, KRB5KDC_ERR_POLICY,
+ _("ap-request armor without subkey"));
retval = KRB5KDC_ERR_POLICY;
}
}
case KRB5_FAST_ARMOR_AP_REQUEST:
if (tgs_subkey) {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
- krb5_set_error_message(kdc_context, retval,
- _("Ap-request armor not permitted "
- "with TGS"));
+ k5_setmsg(kdc_context, retval,
+ _("Ap-request armor not permitted with TGS"));
break;
}
retval = armor_ap_request(state, fast_armored_req->armor);
break;
default:
- krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
- _("Unknown FAST armor type %d"),
- fast_armored_req->armor->armor_type);
+ k5_setmsg(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
+ _("Unknown FAST armor type %d"),
+ fast_armored_req->armor->armor_type);
retval = KRB5KDC_ERR_PREAUTH_FAILED;
}
}
&state->armor_key);
else {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
- krb5_set_error_message(kdc_context, retval,
- _("No armor key but FAST armored "
- "request present"));
+ k5_setmsg(kdc_context, retval,
+ _("No armor key but FAST armored request present"));
}
}
if (retval == 0) {
&cksum_valid);
if (retval == 0 && !cksum_valid) {
retval = KRB5KRB_AP_ERR_MODIFIED;
- krb5_set_error_message(kdc_context, retval,
- _("FAST req_checksum invalid; request "
- "modified"));
+ k5_setmsg(kdc_context, retval,
+ _("FAST req_checksum invalid; request modified"));
}
if (retval == 0) {
if (!krb5_c_is_keyed_cksum(cksum->checksum_type)) {
retval = KRB5KDC_ERR_POLICY;
- krb5_set_error_message(kdc_context, retval,
- _("Unkeyed checksum used in fast_req"));
+ k5_setmsg(kdc_context, retval,
+ _("Unkeyed checksum used in fast_req"));
}
}
if (retval == 0) {
if (armor_key == NULL) {
retval = ENOENT;
- krb5_set_error_message(context, ENOENT,
- _("Encrypted Challenge used outside of FAST "
- "tunnel"));
+ k5_setmsg(context, ENOENT,
+ _("Encrypted Challenge used outside of FAST tunnel"));
}
scratch.data = (char *) data->contents;
scratch.length = data->length;
}
if (client_keys[i].enctype == 0) {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
- krb5_set_error_message(context, retval,
- _("Incorrect password in encrypted "
- "challenge"));
+ k5_setmsg(context, retval,
+ _("Incorrect password in encrypted challenge"));
}
}
if (retval == 0)
if (retval != 0)
goto cleanup_authenticator;
if (authdata&& authdata[0]) {
- krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
- "ticket valid only as FAST armor");
+ k5_setmsg(kdc_context, KRB5KDC_ERR_POLICY,
+ "ticket valid only as FAST armor");
retval = KRB5KDC_ERR_POLICY;
krb5_free_authdata(kdc_context, authdata);
goto cleanup_authenticator;
if (code == KRB5_KT_END) {
code = KRB5_KT_NOTFOUND;
if (krb5_unparse_name(context, accprinc, &princname) == 0) {
- krb5_set_error_message(context, code,
- _("No key table entry found matching %s"),
- princname);
+ k5_setmsg(context, code, _("No key table entry found matching %s"),
+ princname);
free(princname);
}
}
save_error_string(minor_code, s);
/* The get_error_message call above resets the error message in
ctx. Put it back, in case we make this call again *sigh*. */
- krb5_set_error_message(ctx, (krb5_error_code)minor_code, "%s", s);
+ k5_setmsg(ctx, (krb5_error_code)minor_code, "%s", s);
krb5_free_error_message(ctx, s);
}
void krb5_gss_delete_error_info(void *p)
err = getaddrinfo(params_out.admin_server, NULL, &hint, &ai);
if (err != 0) {
ret = KADM5_CANT_RESOLVE;
- krb5_set_error_message(ctx, ret,
- _("Cannot resolve address of admin server "
- "\"%s\" for realm \"%s\""),
- params_out.admin_server, realm_in);
+ k5_setmsg(ctx, ret,
+ _("Cannot resolve address of admin server \"%s\" for realm "
+ "\"%s\""), params_out.admin_server, realm_in);
goto err_params;
}
if (strlen(ai->ai_canonname) + sizeof("kadmin/") > maxlen) {
/* Password quality module to reject empty passwords */
-#include "k5-platform.h"
+#include "k5-int.h"
#include <krb5/pwqual_plugin.h>
#include "server_internal.h"
/* Unlike other built-in modules, this one operates even for principals
* with no password policy. */
if (*password == '\0') {
- krb5_set_error_message(context, KADM5_PASS_Q_TOOSHORT,
- _("Empty passwords are not allowed"));
+ k5_setmsg(context, KADM5_PASS_Q_TOOSHORT,
+ _("Empty passwords are not allowed"));
return KADM5_PASS_Q_TOOSHORT;
}
return 0;
* passwd information, if the tree is compiled with Hesiod support.
*/
-#include "k5-platform.h"
+#include "k5-int.h"
#include <krb5/pwqual_plugin.h>
#include "server_internal.h"
#include <ctype.h>
for (i = 0; i < n; i++) {
ent = hes_getpwnam(cp);
if (ent && ent->pw_gecos && str_check_gecos(ent->pw_gecos, password)) {
- krb5_set_error_message(context, KADM5_PASS_Q_DICT,
- _("Password may not match user "
- "information."));
+ k5_setmsg(context, KADM5_PASS_Q_DICT,
+ _("Password may not match user information."));
return KADM5_PASS_Q_DICT;
}
}
/* Password quality module to check passwords against principal components */
-#include "k5-platform.h"
+#include "k5-int.h"
#include <krb5/pwqual_plugin.h>
#include "server_internal.h"
for (i = 0; i < n; i++) {
cp = krb5_princ_component(handle->context, princ, i)->data;
if (strcasecmp(cp, password) == 0) {
- krb5_set_error_message(context, KADM5_PASS_Q_DICT,
- _("Password may not match principal name"));
+ k5_setmsg(context, KADM5_PASS_Q_DICT,
+ _("Password may not match principal name"));
return KADM5_PASS_Q_DICT;
}
}
if (kdb->n_key_data <= 0) {
ret = KRB5_KDB_NO_MATCHING_KEY;
- krb5_set_error_message(handle->context, ret,
- _("History entry contains no key data"));
+ k5_setmsg(handle->context, ret,
+ _("History entry contains no key data"));
goto done;
}
status = krb5_get_default_realm(context, &defrealm);
if (status) {
- krb5_set_error_message(context, KRB5_KDB_SERVER_INTERNAL_ERR,
- _("No default realm set; cannot initialize "
- "KDB"));
+ k5_setmsg(context, KRB5_KDB_SERVER_INTERNAL_ERR,
+ _("No default realm set; cannot initialize KDB"));
return KRB5_KDB_SERVER_INTERNAL_ERR;
}
status = profile_get_string(context->profile,
vftabl_addr = &krb5_ldap_kdb_function_table;
#endif
if (!vftabl_addr) {
- krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND,
- _("Unable to find requested database type: %s"),
- lib_name);
+ k5_setmsg(kcontext, KRB5_KDB_DBTYPE_NOTFOUND,
+ _("Unable to find requested database type: %s"), lib_name);
return KRB5_PLUGIN_OP_NOTSUPP;
}
&(*lib)->dl_dir_handle, &kcontext->err))) {
const char *err_str = krb5_get_error_message(kcontext, status);
status = KRB5_KDB_DBTYPE_NOTFOUND;
- krb5_set_error_message(kcontext, status,
- _("Unable to find requested database type: %s"),
- err_str);
+ k5_setmsg(kcontext, status,
+ _("Unable to find requested database type: %s"), err_str);
krb5_free_error_message(kcontext, err_str);
goto clean_n_exit;
}
&vftabl_addrs, &kcontext->err))) {
const char *err_str = krb5_get_error_message(kcontext, status);
status = KRB5_KDB_DBTYPE_INIT;
- krb5_set_error_message(kcontext, status,
- _("plugin symbol 'kdb_function_table' lookup "
- "failed: %s"), err_str);
+ k5_setmsg(kcontext, status,
+ _("plugin symbol 'kdb_function_table' lookup failed: %s"),
+ err_str);
krb5_free_error_message(kcontext, err_str);
goto clean_n_exit;
}
if (vftabl_addrs[0] == NULL) {
/* No plugins! */
status = KRB5_KDB_DBTYPE_NOTFOUND;
- krb5_set_error_message(kcontext, status,
- _("Unable to load requested database module "
- "'%s': plugin symbol 'kdb_function_table' "
- "not found"), lib_name);
+ k5_setmsg(kcontext, status,
+ _("Unable to load requested database module '%s': plugin "
+ "symbol 'kdb_function_table' not found"), lib_name);
goto clean_n_exit;
}
prev_data = new_data;
}
} else {
- krb5_set_error_message(context, KRB5_KDB_BAD_VERSION,
- _("Illegal version number for "
- "KRB5_TL_MKEY_AUX %d\n"), version);
+ k5_setmsg(context, KRB5_KDB_BAD_VERSION,
+ _("Illegal version number for KRB5_TL_MKEY_AUX %d\n"),
+ version);
return (KRB5_KDB_BAD_VERSION);
}
}
next_tuple += ACTKVNO_TUPLE_SIZE;
}
} else {
- krb5_set_error_message(context, KRB5_KDB_BAD_VERSION,
- _("Illegal version number for "
- "KRB5_TL_ACTKVNO %d\n"), version);
+ k5_setmsg(context, KRB5_KDB_BAD_VERSION,
+ _("Illegal version number for KRB5_TL_ACTKVNO %d\n"),
+ version);
return (KRB5_KDB_BAD_VERSION);
}
}
/* if keyfile exists it better be a regular file */
if (!S_ISREG(stb.st_mode)) {
retval = EINVAL;
- krb5_set_error_message(context, retval,
- _("keyfile (%s) is not a regular file: %s"),
- keyfile, error_message(retval));
+ k5_setmsg(context, retval,
+ _("keyfile (%s) is not a regular file: %s"),
+ keyfile, error_message(retval));
goto out;
}
}
*/
retval = asprintf(&tmp_ktname, "FILE:%s_tmp", keyfile);
if (retval < 0) {
- krb5_set_error_message(context, retval,
- _("Could not create temp keytab file name."));
+ k5_setmsg(context, retval,
+ _("Could not create temp keytab file name."));
goto out;
}
goto out;
} else if (statrc == 0) {
retval = EEXIST;
- krb5_set_error_message(context, retval,
- _("Temporary stash file already exists: %s."),
- tmp_ktpath);
+ k5_setmsg(context, retval,
+ _("Temporary stash file already exists: %s."), tmp_ktpath);
goto out;
}
/* Atomically rename temp keyfile to original filename. */
if (rename(tmp_ktpath, keyfile) < 0) {
retval = errno;
- krb5_set_error_message(context, retval,
- _("rename of temporary keyfile (%s) to "
- "(%s) failed: %s"), tmp_ktpath, keyfile,
- error_message(errno));
+ k5_setmsg(context, retval,
+ _("rename of temporary keyfile (%s) to (%s) failed: %s"),
+ tmp_ktpath, keyfile, error_message(errno));
}
}
* key, but set a message indicating the actual error.
*/
if (retval != 0) {
- krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED,
- _("Can not fetch master key (error: %s)."),
- error_message(retval));
+ k5_setmsg(context, KRB5_KDB_CANTREAD_STORED,
+ _("Can not fetch master key (error: %s)."),
+ error_message(retval));
return KRB5_KDB_CANTREAD_STORED;
} else
return 0;
}
}
if (found_key != TRUE) {
- krb5_set_error_message(context, KRB5_KDB_BADMASTERKEY,
- _("Unable to decrypt latest master key "
- "with the provided master key\n"));
+ k5_setmsg(context, KRB5_KDB_BADMASTERKEY,
+ _("Unable to decrypt latest master key with the "
+ "provided master key\n"));
retval = KRB5_KDB_BADMASTERKEY;
goto clean_n_exit;
}
if (*dirname == '\0') {
ret = KRB5_CC_BADNAME;
- krb5_set_error_message(context, ret,
- _("Subsidiary cache path %s has no parent "
- "directory"), path);
+ k5_setmsg(context, ret,
+ _("Subsidiary cache path %s has no parent directory"), path);
goto error;
}
if (!filename_is_cache(filename)) {
ret = KRB5_CC_BADNAME;
- krb5_set_error_message(context, ret,
- _("Subsidiary cache path %s filename does not "
- "begin with \"tkt\""), path);
+ k5_setmsg(context, ret,
+ _("Subsidiary cache path %s filename does not begin with "
+ "\"tkt\""), path);
goto error;
}
* filename, or isn't a single-component filename. */
if (buf[len - 1] != '\n' || !filename_is_cache(buf) ||
strchr(buf, '/') || strchr(buf, '\\')) {
- krb5_set_error_message(context, KRB5_CC_FORMAT,
- _("%s contains invalid filename"),
- primary_path);
+ k5_setmsg(context, KRB5_CC_FORMAT, _("%s contains invalid filename"),
+ primary_path);
return KRB5_CC_FORMAT;
}
buf[len - 1] = '\0';
if (stat(dirname, &st) < 0) {
if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0)
return 0;
- krb5_set_error_message(context, KRB5_FCC_NOFILE,
- _("Credential cache directory %s does not "
- "exist"), dirname);
+ k5_setmsg(context, KRB5_FCC_NOFILE,
+ _("Credential cache directory %s does not exist"),
+ dirname);
return KRB5_FCC_NOFILE;
}
if (!S_ISDIR(st.st_mode)) {
- krb5_set_error_message(context, KRB5_CC_FORMAT,
- _("Credential cache directory %s exists but is"
- "not a directory"), dirname);
+ k5_setmsg(context, KRB5_CC_FORMAT,
+ _("Credential cache directory %s exists but is not a "
+ "directory"), dirname);
return KRB5_CC_FORMAT;
}
return 0;
if (ret)
return ret;
if (dirname == NULL) {
- krb5_set_error_message(context, KRB5_DCC_CANNOT_CREATE,
- _("Can't create new subsidiary cache because "
- "default cache is not a directory "
- "collection"));
+ k5_setmsg(context, KRB5_DCC_CANNOT_CREATE,
+ _("Can't create new subsidiary cache because default cache "
+ "is not a directory collection"));
return KRB5_DCC_CANNOT_CREATE;
}
ret = k5_path_join(dirname, "tktXXXXXX", &template);
if (f == NO_FILE) {
if (errno == ENOENT) {
ret = KRB5_FCC_NOFILE;
- krb5_set_error_message(context, ret,
- _("Credentials cache file '%s' not found"),
- data->filename);
+ k5_setmsg(context, ret, _("Credentials cache file '%s' not found"),
+ data->filename);
return ret;
} else {
return interpret_errno(context, errno);
case ENXIO:
default:
ret = KRB5_CC_IO;
- krb5_set_error_message(context, ret,
- _("Credentials cache I/O operation failed "
- "(%s)"), strerror(errnum));
+ k5_setmsg(context, ret,
+ _("Credentials cache I/O operation failed (%s)"),
+ strerror(errnum));
}
return ret;
}
return ret;
}
if (subsidiary_name != NULL) {
- krb5_set_error_message(context, KRB5_DCC_CANNOT_CREATE,
- _("Can't create new subsidiary cache because "
- "default cache is already a subsdiary"));
+ k5_setmsg(context, KRB5_DCC_CANNOT_CREATE,
+ _("Can't create new subsidiary cache because default cache "
+ "is already a subsidiary"));
ret = KRB5_DCC_CANNOT_CREATE;
goto cleanup;
}
if (!data->cache_id || !data->princ_id) {
ret = KRB5_FCC_NOFILE;
- krb5_set_error_message(context, ret,
- _("Credentials cache keyring '%s' not found"),
- data->name);
+ k5_setmsg(context, ret, _("Credentials cache keyring '%s' not found"),
+ data->name);
goto errout;
}
if (cache == NULL) {
ret = krb5_unparse_name(context, client, &name);
if (ret == 0) {
- krb5_set_error_message(context, KRB5_CC_NOTFOUND,
- _("Can't find client principal %s in "
- "cache collection"), name);
+ k5_setmsg(context, KRB5_CC_NOTFOUND,
+ _("Can't find client principal %s in cache collection"),
+ name);
krb5_free_unparsed_name(context, name);
}
ret = KRB5_CC_NOTFOUND;
return 0;
no_entries:
- krb5_set_error_message(context, KRB5_CC_NOTFOUND,
- _("No Kerberos credentials available"));
+ k5_setmsg(context, KRB5_CC_NOTFOUND,
+ _("No Kerberos credentials available"));
return KRB5_CC_NOTFOUND;
}
else {
kerror = KRB5_KT_NOTFOUND;
if (krb5_unparse_name(context, principal, &princname) == 0) {
- krb5_set_error_message(context, kerror,
- _("No key table entry found for %s"),
- princname);
+ k5_setmsg(context, kerror,
+ _("No key table entry found for %s"), princname);
free(princname);
}
}
/* Wrapped?! */
KTITERS(id)--;
KTUNLOCK(id);
- krb5_set_error_message(context, KRB5_KT_IOERR,
- "Too many keytab iterators active");
+ k5_setmsg(context, KRB5_KT_IOERR, "Too many keytab iterators active");
return KRB5_KT_IOERR; /* XXX */
}
KTUNLOCK(id);
if (KTFILEP(id)) {
/* Iterator(s) active -- no changes. */
KTUNLOCK(id);
- krb5_set_error_message(context, KRB5_KT_IOERR,
- _("Cannot change keytab with keytab iterators "
- "active"));
+ k5_setmsg(context, KRB5_KT_IOERR,
+ _("Cannot change keytab with keytab iterators active"));
return KRB5_KT_IOERR; /* XXX */
}
if ((retval = krb5_ktfileint_openw(context, id))) {
if (KTFILEP(id)) {
/* Iterator(s) active -- no changes. */
KTUNLOCK(id);
- krb5_set_error_message(context, KRB5_KT_IOERR,
- _("Cannot change keytab with keytab iterators "
- "active"));
+ k5_setmsg(context, KRB5_KT_IOERR,
+ _("Cannot change keytab with keytab iterators active"));
return KRB5_KT_IOERR; /* XXX */
}
/* XXX */
return EMFILE;
case ENOENT:
- krb5_set_error_message(context, ENOENT,
- _("Key table file '%s' not found"),
- KTFILENAME(id));
+ k5_setmsg(context, ENOENT,
+ _("Key table file '%s' not found"), KTFILENAME(id));
return ENOENT;
default:
return errno;
no_entries:
if (krb5_kt_get_name(context, keytab, name, sizeof(name)) == 0) {
- krb5_set_error_message(context, KRB5_KT_NOTFOUND,
- _("Keytab %s is nonexistent or empty"), name);
+ k5_setmsg(context, KRB5_KT_NOTFOUND,
+ _("Keytab %s is nonexistent or empty"), name);
}
return KRB5_KT_NOTFOUND;
}
if (fctx->length == fctx->space) {
krb5_authdata **new;
if (fctx->space >= 256) {
- krb5_set_error_message(context, ERANGE,
- "More than 256 authdata matched a query");
+ k5_setmsg(context, ERANGE,
+ "More than 256 authdata matched a query");
return ERANGE;
}
new = realloc(fctx->out,
if (retval != 0) {
const char * errmsg;
errmsg = krb5_get_error_message(context, retval);
- krb5_set_error_message(context, retval,
- _("%s constructing AP-REQ armor"), errmsg);
+ k5_setmsg(context, retval, _("%s constructing AP-REQ armor"),
+ errmsg);
krb5_free_error_message(context, errmsg);
}
}
if (retval != 0) {
const char * errmsg;
errmsg = krb5_get_error_message(context, retval);
- krb5_set_error_message(context, retval,
- _("%s while decrypting FAST reply"), errmsg);
+ k5_setmsg(context, retval, _("%s while decrypting FAST reply"),
+ errmsg);
krb5_free_error_message(context, errmsg);
}
if (retval == 0)
if (retval == 0) {
if (local_resp->nonce != state->nonce) {
retval = KRB5_KDCREP_MODIFIED;
- krb5_set_error_message(context, retval,
- _("nonce modified in FAST response: "
- "KDC response modified"));
+ k5_setmsg(context, retval, _("nonce modified in FAST response: "
+ "KDC response modified"));
}
}
if (retval == 0) {
fx_error_pa = krb5int_find_pa_data(context, fast_response->padata,
KRB5_PADATA_FX_ERROR);
if (fx_error_pa == NULL) {
- krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
- _("Expecting FX_ERROR pa-data inside "
- "FAST container"));
+ k5_setmsg(context, KRB5KDC_ERR_PREAUTH_FAILED,
+ _("Expecting FX_ERROR pa-data inside FAST "
+ "container"));
retval = KRB5KDC_ERR_PREAUTH_FAILED;
}
}
if (retval == 0) {
if (fast_response->finished == 0) {
retval = KRB5_KDCREP_MODIFIED;
- krb5_set_error_message(context, retval,
- _("FAST response missing finish message "
- "in KDC reply"));
+ k5_setmsg(context, retval,
+ _("FAST response missing finish message in KDC reply"));
}
}
if (retval == 0)
&cksum_valid);
if (retval == 0 && cksum_valid == 0) {
retval = KRB5_KDCREP_MODIFIED;
- krb5_set_error_message(context, retval,
- _("Ticket modified in KDC reply"));
+ k5_setmsg(context, retval, _("Ticket modified in KDC reply"));
}
if (retval == 0) {
krb5_free_principal(context, resp->client);
if (err_reply->text.length > 0) {
switch (err_reply->error) {
case KRB_ERR_GENERIC:
- krb5_set_error_message(context, retval,
- _("KDC returned error string: %.*s"),
- err_reply->text.length,
- err_reply->text.data);
+ k5_setmsg(context, retval,
+ _("KDC returned error string: %.*s"),
+ err_reply->text.length, err_reply->text.data);
break;
case KDC_ERR_S_PRINCIPAL_UNKNOWN:
{
char *s_name;
if (err_reply->server &&
krb5_unparse_name(context, err_reply->server, &s_name) == 0) {
- krb5_set_error_message(context, retval,
- _("Server %s not found in Kerberos "
- "database"), s_name);
+ k5_setmsg(context, retval,
+ _("Server %s not found in Kerberos database"),
+ s_name);
krb5_free_unparsed_name(context, s_name);
} else
/* In case there's a stale S_PRINCIPAL_UNKNOWN
return ret;
verification_error:
ret = KRB5_KDCREP_MODIFIED;
- krb5_set_error_message(context, ret, _("Reply has wrong form of session "
- "key for anonymous request"));
+ k5_setmsg(context, ret,
+ _("Reply has wrong form of session key for anonymous request"));
goto cleanup;
}
if (code !=0) {
const char *msg;
msg = krb5_get_error_message(context, code);
- krb5_set_error_message(context, code,
- _("%s while storing credentials"), msg);
+ k5_setmsg(context, code, _("%s while storing credentials"), msg);
krb5_free_error_message(context, msg);
}
}
/* See if we can produce a more detailed error message */
code2 = krb5_unparse_name(context, ctx->request->client, &client_name);
if (code2 == 0) {
- krb5_set_error_message(context, code,
- _("Client '%s' not found in Kerberos "
- "database"), client_name);
+ k5_setmsg(context, code,
+ _("Client '%s' not found in Kerberos database"),
+ client_name);
krb5_free_unparsed_name(context, client_name);
}
}
if (etype_list == NULL) {
ret = krb5_unparse_name(context, ctx->request->client, &name);
if (ret == 0) {
- krb5_set_error_message(context, KRB5_KT_NOTFOUND,
- _("Keytab contains no suitable keys for "
- "%s"), name);
+ k5_setmsg(context, KRB5_KT_NOTFOUND,
+ _("Keytab contains no suitable keys for %s"), name);
}
krb5_free_unparsed_name(context, name);
return KRB5_KT_NOTFOUND;
if (!has_realm) {
if (require_realm) {
ret = KRB5_PARSE_MALFORMED;
- krb5_set_error_message(context, ret,
- _("Principal %s is missing required realm"),
- name);
+ k5_setmsg(context, ret,
+ _("Principal %s is missing required realm"), name);
goto cleanup;
}
if (!no_realm && !ignore_realm) {
}
} else if (no_realm) {
ret = KRB5_PARSE_MALFORMED;
- krb5_set_error_message(context, ret,
- _("Principal %s has realm present"), name);
+ k5_setmsg(context, ret, _("Principal %s has realm present"), name);
goto cleanup;
} else if (ignore_realm) {
krb5_free_data_contents(context, &princ->realm);
sep = strchr(modstr, ':');
if (sep == NULL) {
- krb5_set_error_message(context, KRB5_PLUGIN_BAD_MODULE_SPEC,
- _("Invalid module specifier %s"), modstr);
+ k5_setmsg(context, KRB5_PLUGIN_BAD_MODULE_SPEC,
+ _("Invalid module specifier %s"), modstr);
return KRB5_PLUGIN_BAD_MODULE_SPEC;
}
break;
}
}
- krb5_set_error_message(context, KRB5_PLUGIN_NAME_NOTFOUND,
- _("Could not find %s plugin module named '%s'"),
- interface_names[interface_id], modname);
+ k5_setmsg(context, KRB5_PLUGIN_NAME_NOTFOUND,
+ _("Could not find %s plugin module named '%s'"),
+ interface_names[interface_id], modname);
return KRB5_PLUGIN_NAME_NOTFOUND;
}
k5_init_preauth_context(context);
pctx = context->preauth_context;
if (pctx == NULL) {
- krb5_set_error_message(context, EINVAL,
- _("Unable to initialize preauth context"));
+ k5_setmsg(context, EINVAL,
+ _("Unable to initialize preauth context"));
return EINVAL;
}
}
ret = clpreauth_gic_opts(context, h, opt, attr, value);
if (ret) {
emsg = krb5_get_error_message(context, ret);
- krb5_set_error_message(context, ret, _("Preauth module %s: %s"),
- h->vt.name, emsg);
+ k5_setmsg(context, ret, _("Preauth module %s: %s"), h->vt.name,
+ emsg);
krb5_free_error_message(context, emsg);
return ret;
}
/* It is an error if we have no matching tokeninfos. */
if (filtered[0] == NULL) {
free(filtered);
- krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
- _("OTP value doesn't match "
- "any token formats"));
+ k5_setmsg(context, KRB5_PREAUTH_FAILED,
+ _("OTP value doesn't match any token formats"));
return KRB5_PREAUTH_FAILED; /* We have no supported tokeninfos. */
}
if (tis[0] != NULL)
return 0;
- krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
- _("No supported tokens"));
+ k5_setmsg(context, KRB5_PREAUTH_FAILED, _("No supported tokens"));
return KRB5_PREAUTH_FAILED; /* We have no supported tokeninfos. */
}
return ret;
if (krb5_principal_compare(context, princ, tkt_server)) {
ret = KRB5KRB_AP_ERR_BADKEYVER;
- krb5_set_error_message(context, ret,
- _("Cannot find key for %s kvno %d in keytab"),
- sname, (int)tkt_kvno);
+ k5_setmsg(context, ret, _("Cannot find key for %s kvno %d in keytab"),
+ sname, (int)tkt_kvno);
} else {
ret = KRB5KRB_AP_ERR_NOT_US;
- krb5_set_error_message(context, ret,
- _("Cannot find key for %s kvno %d in keytab "
- "(request ticket server %s)"),
- sname, (int)tkt_kvno, tsname);
+ k5_setmsg(context, ret,
+ _("Cannot find key for %s kvno %d in keytab (request ticket "
+ "server %s)"), sname, (int)tkt_kvno, tsname);
}
krb5_free_unparsed_name(context, sname);
krb5_free_unparsed_name(context, tsname);
ret = krb5_principal_compare(context, server, tkt_server) ?
KRB5KRB_AP_ERR_BAD_INTEGRITY : KRB5KRB_AP_ERR_NOT_US;
- krb5_set_error_message(context, ret,
- _("Cannot decrypt ticket for %s using keytab "
- "key for %s"), tsname, sname);
+ k5_setmsg(context, ret,
+ _("Cannot decrypt ticket for %s using keytab key for %s"),
+ tsname, sname);
krb5_free_unparsed_name(context, sname);
krb5_free_unparsed_name(context, tsname);
return ret;
if (ret)
return ret;
- krb5_set_error_message(context, KRB5KRB_AP_ERR_NOT_US,
- _("Server principal %s does not match request "
- "ticket server %s"), sname, tsname);
+ k5_setmsg(context, KRB5KRB_AP_ERR_NOT_US,
+ _("Server principal %s does not match request ticket server %s"),
+ sname, tsname);
krb5_free_unparsed_name(context, sname);
krb5_free_unparsed_name(context, tsname);
return KRB5KRB_AP_ERR_NOT_US;
if (!found_server_match) {
ret = KRB5KRB_AP_ERR_NOKEY;
if (sname == NULL) {
- krb5_set_error_message(context, ret, _("No keys in keytab"));
+ k5_setmsg(context, ret, _("No keys in keytab"));
} else {
- krb5_set_error_message(context, ret,
- _("Server principal %s does not match any "
- "keys in keytab"), sname);
+ k5_setmsg(context, ret,
+ _("Server principal %s does not match any keys in "
+ "keytab"), sname);
}
} else if (tkt_server_mismatch) {
assert(sname != NULL); /* Null server princ would match anything. */
ret = KRB5KRB_AP_ERR_NOT_US;
- krb5_set_error_message(context, ret,
- _("Request ticket server %s found in keytab "
- "but does not match server principal %s"),
- tsname, sname);
+ k5_setmsg(context, ret,
+ _("Request ticket server %s found in keytab but does not "
+ "match server principal %s"), tsname, sname);
} else if (!found_tkt_server) {
ret = KRB5KRB_AP_ERR_NOT_US;
- krb5_set_error_message(context, ret,
- _("Request ticket server %s not found in "
- "keytab (ticket kvno %d)"),
- tsname, (int)tkt_kvno);
+ k5_setmsg(context, ret,
+ _("Request ticket server %s not found in keytab (ticket "
+ "kvno %d)"), tsname, (int)tkt_kvno);
} else if (!found_kvno) {
ret = KRB5KRB_AP_ERR_BADKEYVER;
if (found_higher_kvno) {
- krb5_set_error_message(context, ret,
- _("Request ticket server %s kvno %d not "
- "found in keytab; ticket is likely out "
- "of date"), tsname, (int)tkt_kvno);
+ k5_setmsg(context, ret,
+ _("Request ticket server %s kvno %d not found in "
+ "keytab; ticket is likely out of date"),
+ tsname, (int)tkt_kvno);
} else {
- krb5_set_error_message(context, ret,
- _("Request ticket server %s kvno %d not "
- "found in keytab; keytab is likely out "
- "of date"), tsname, (int)tkt_kvno);
+ k5_setmsg(context, ret,
+ _("Request ticket server %s kvno %d not found in "
+ "keytab; keytab is likely out of date"),
+ tsname, (int)tkt_kvno);
}
} else if (!found_enctype) {
/* There's no defined error for having the key version but not the
* enctype. */
ret = KRB5KRB_AP_ERR_BADKEYVER;
- krb5_set_error_message(context, ret,
- _("Request ticket server %s kvno %d found in "
- "keytab but not with enctype %s"),
- tsname, (int)tkt_kvno, encname);
+ k5_setmsg(context, ret,
+ _("Request ticket server %s kvno %d found in keytab but not "
+ "with enctype %s"), tsname, (int)tkt_kvno, encname);
} else {
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- krb5_set_error_message(context, ret,
- _("Request ticket server %s kvno %d enctype %s "
- "found in keytab but cannot decrypt ticket"),
- tsname, (int)tkt_kvno, encname);
+ k5_setmsg(context, ret,
+ _("Request ticket server %s kvno %d enctype %s found in "
+ "keytab but cannot decrypt ticket"),
+ tsname, (int)tkt_kvno, encname);
}
krb5_free_unparsed_name(context, sname);
if (krb5_enctype_to_string(desired_etypes[i],
enctype_name,
sizeof(enctype_name)) == 0)
- krb5_set_error_message(context, KRB5_NOPERM_ETYPE,
- _("Encryption type %s not permitted"),
- enctype_name);
+ k5_setmsg(context, KRB5_NOPERM_ETYPE,
+ _("Encryption type %s not permitted"), enctype_name);
return KRB5_NOPERM_ETYPE;
}
}
ctx->prompt_types = ptypes;
check(k5_plugin_load_all(ctx, PLUGIN_INTERFACE_PWQUAL, &mods) == 0);
k5_plugin_free_modules(ctx, mods);
- krb5_set_error_message(ctx, ENOMEM, "nooooooooo");
+ k5_setmsg(ctx, ENOMEM, "nooooooooo");
krb5_set_trace_callback(ctx, trace, ctx);
/* Copy the intentionally messy context and verify the result. */
size_t len;
if (!GetTempPath(sizeof(tpath) / sizeof(tpath[0]), tpath)) {
- krb5_set_error_message(context, EINVAL,
- "Failed to get temporary path (GLE=%d)",
- GetLastError());
+ k5_setmsg(context, EINVAL, "Failed to get temporary path (GLE=%d)",
+ GetLastError());
return EINVAL;
}
}
if (le != 0) {
- krb5_set_error_message(context, rv,
- "Can't open thread token (GLE=%d)", le);
+ k5_setmsg(context, rv, "Can't open thread token (GLE=%d)", le);
goto cleanup;
}
}
if (!GetTokenInformation(hToken, TokenOwner, NULL, 0, &len)) {
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
- krb5_set_error_message(context, rv,
- "Unexpected error reading token "
- "information (GLE=%d)", GetLastError());
+ k5_setmsg(context, rv,
+ "Unexpected error reading token information (GLE=%d)",
+ GetLastError());
goto cleanup;
}
if (len == 0) {
- krb5_set_error_message(context, rv, "GetTokenInformation() "
- "returned truncated buffer");
+ k5_setmsg(context, rv,
+ "GetTokenInformation() returned truncated buffer");
goto cleanup;
}
goto cleanup;
}
} else {
- krb5_set_error_message(context, rv, "GetTokenInformation() returned "
- "truncated buffer");
+ k5_setmsg(context, rv,
+ "GetTokenInformation() returned truncated buffer");
goto cleanup;
}
if (!GetTokenInformation(hToken, TokenOwner, pOwner, len, &len)) {
- krb5_set_error_message(context, rv, "GetTokenInformation() failed. "
- "GLE=%d", GetLastError());
+ k5_setmsg(context, rv,
+ "GetTokenInformation() failed. GLE=%d", GetLastError());
goto cleanup;
}
if (!ConvertSidToStringSid(pOwner->Owner, &strSid)) {
- krb5_set_error_message(context, rv, "Can't convert SID to string. "
- "GLE=%d", GetLastError());
+ k5_setmsg(context, rv,
+ "Can't convert SID to string. GLE=%d", GetLastError());
goto cleanup;
}
if (SHGetFolderPath(NULL, folder, NULL, SHGFP_TYPE_CURRENT,
path) != S_OK) {
- krb5_set_error_message(context, EINVAL,
- "Unable to determine folder path");
+ k5_setmsg(context, EINVAL, "Unable to determine folder path");
return EINVAL;
}
char pwbuf[BUFSIZ];
if (k5_getpwuid_r(euid, &pwx, pwbuf, sizeof(pwbuf), &pw) != 0) {
- krb5_set_error_message(context, ENOENT,
- _("Can't find username for uid %lu"),
- (unsigned long)euid);
+ k5_setmsg(context, ENOENT, _("Can't find username for uid %lu"),
+ (unsigned long)euid);
return ENOENT;
}
*str = strdup(pw->pw_name);
if (token[0] != '%' || token[1] != '{' || token_end[0] != '}' ||
token_end - token <= 2) {
- krb5_set_error_message(context, EINVAL, _("Invalid token"));
+ k5_setmsg(context, EINVAL, _("Invalid token"));
return EINVAL;
}
}
}
- krb5_set_error_message(context, EINVAL, _("Invalid token"));
+ k5_setmsg(context, EINVAL, _("Invalid token"));
return EINVAL;
}
tok_end = strchr(tok_begin, '}');
if (tok_end == NULL) {
ret = EINVAL;
- krb5_set_error_message(context, ret, _("variable missing }"));
+ k5_setmsg(context, ret, _("variable missing }"));
goto cleanup;
}
memset(serverlist, 0, sizeof(*serverlist));
if (realm == NULL || realm->data == NULL || realm->data[0] == 0) {
- krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE,
- "Cannot find KDC for invalid realm name \"\"");
+ k5_setmsg(context, KRB5_REALM_CANT_RESOLVE,
+ "Cannot find KDC for invalid realm name \"\"");
return KRB5_REALM_CANT_RESOLVE;
}
if (serverlist->nservers == 0) {
k5_free_serverlist(serverlist);
- krb5_set_error_message(context, KRB5_REALM_UNKNOWN,
- _("Cannot find KDC for realm \"%.*s\""),
- realm->length, realm->data);
+ k5_setmsg(context, KRB5_REALM_UNKNOWN,
+ _("Cannot find KDC for realm \"%.*s\""),
+ realm->length, realm->data);
return KRB5_REALM_UNKNOWN;
}
return 0;
if (err == KDC_ERR_SVC_UNAVAILABLE) {
retval = KRB5KDC_ERR_SVC_UNAVAILABLE;
} else {
- krb5_set_error_message(context, retval,
- _("Cannot contact any KDC for realm "
- "'%.*s'"), realm->length, realm->data);
+ k5_setmsg(context, retval,
+ _("Cannot contact any KDC for realm '%.*s'"),
+ realm->length, realm->data);
}
}
if (retval)
*/
retval = fstat(d->fd, &stbuf);
if (retval) {
- krb5_set_error_message(context, retval,
- _("Cannot fstat replay cache file %s: %s"),
- d->fn, strerror(errno));
+ k5_setmsg(context, retval,
+ _("Cannot fstat replay cache file %s: %s"),
+ d->fn, strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
if (stbuf.st_mode & 077) {
- krb5_set_error_message(context, retval,
- _("Insecure mkstemp() file mode for replay "
- "cache file %s; try running this program "
- "with umask 077 "), d->fn);
+ k5_setmsg(context, retval,
+ _("Insecure mkstemp() file mode for replay cache file %s; "
+ "try running this program with umask 077"), d->fn);
return KRB5_RC_IO_UNKNOWN;
}
#endif
case EACCES:
case EROFS:
case EEXIST:
- krb5_set_error_message(context, KRB5_RC_IO_PERM,
- _("Cannot %s replay cache file %s: %s"),
- operation, fn, strerror(e));
+ k5_setmsg(context, KRB5_RC_IO_PERM,
+ _("Cannot %s replay cache file %s: %s"),
+ operation, fn, strerror(e));
return KRB5_RC_IO_PERM;
default:
- krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
- _("Cannot %s replay cache: %s"),
- operation, strerror(e));
+ k5_setmsg(context, KRB5_RC_IO_UNKNOWN, _("Cannot %s replay cache: %s"),
+ operation, strerror(e));
return KRB5_RC_IO_UNKNOWN;
}
}
|| (sb1.st_mode & S_IFMT) != S_IFREG)
{
retval = KRB5_RC_IO_PERM;
- krb5_set_error_message(context, retval,
- "rcache not a file %s", d->fn);
+ k5_setmsg(context, retval, "rcache not a file %s", d->fn);
goto cleanup;
}
/* check that non other can read/write/execute the file */
if (sb1.st_mode & 077) {
- krb5_set_error_message(context, retval,
- _("Insecure file mode for replay cache file "
- "%s"), d->fn);
+ k5_setmsg(context, retval,
+ _("Insecure file mode for replay cache file %s"), d->fn);
return KRB5_RC_IO_UNKNOWN;
}
/* owned by me */
if (sb1.st_uid != geteuid()) {
retval = KRB5_RC_IO_PERM;
- krb5_set_error_message(context, retval, _("rcache not owned by %d"),
- (int)geteuid());
+ k5_setmsg(context, retval, _("rcache not owned by %d"),
+ (int)geteuid());
goto cleanup;
}
#endif
#endif
case EFBIG:
case ENOSPC:
- krb5_set_error_message (context, KRB5_RC_IO_SPACE,
- _("Can't write to replay cache: %s"),
- strerror(errno));
+ k5_setmsg(context, KRB5_RC_IO_SPACE,
+ _("Can't write to replay cache: %s"), strerror(errno));
return KRB5_RC_IO_SPACE;
case EIO:
- krb5_set_error_message (context, KRB5_RC_IO_IO,
- _("Can't write to replay cache: %s"),
- strerror(errno));
+ k5_setmsg(context, KRB5_RC_IO_IO,
+ _("Can't write to replay cache: %s"), strerror(errno));
return KRB5_RC_IO_IO;
case EBADF:
default:
- krb5_set_error_message (context, KRB5_RC_IO_UNKNOWN,
- _("Can't write to replay cache: %s"),
- strerror(errno));
+ k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
+ _("Can't write to replay cache: %s"), strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
return 0;
case EBADF: return KRB5_RC_IO_UNKNOWN;
case EIO: return KRB5_RC_IO_IO;
default:
- krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
- _("Cannot sync replay cache file: %s"),
- strerror(errno));
+ k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
+ _("Cannot sync replay cache file: %s"), strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
}
case EIO: return KRB5_RC_IO_IO;
case EBADF:
default:
- krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
- _("Can't read from replay cache: %s"),
- strerror(errno));
+ k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
+ _("Can't read from replay cache: %s"), strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
if (count < 0 || (unsigned int)count != num)
switch(errno)
{
case EIO:
- krb5_set_error_message(context, KRB5_RC_IO_IO,
- _("Can't destroy replay cache: %s"),
- strerror(errno));
+ k5_setmsg(context, KRB5_RC_IO_IO,
+ _("Can't destroy replay cache: %s"), strerror(errno));
return KRB5_RC_IO_IO;
case EPERM:
case EBUSY:
case EROFS:
- krb5_set_error_message(context, KRB5_RC_IO_PERM,
- _("Can't destroy replay cache: %s"),
- strerror(errno));
+ k5_setmsg(context, KRB5_RC_IO_PERM,
+ _("Can't destroy replay cache: %s"), strerror(errno));
return KRB5_RC_IO_PERM;
case EBADF:
default:
- krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
- _("Can't destroy replay cache: %s"),
- strerror(errno));
+ k5_setmsg(context, KRB5_RC_IO_UNKNOWN,
+ _("Can't destroy replay cache: %s"), strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
return 0;
dbc->hashfirst = TRUE;
} else {
status = EINVAL;
- krb5_set_error_message(context, status,
- _("Unsupported argument \"%s\" for db2"),
- opt ? opt : val);
+ k5_setmsg(context, status,
+ _("Unsupported argument \"%s\" for db2"),
+ opt ? opt : val);
goto cleanup;
}
}
krb5_clear_error_message (context);
if (db_args) {
/* DB2 does not support db_args DB arguments for principal */
- krb5_set_error_message(context, EINVAL,
- _("Unsupported argument \"%s\" for db2"),
- db_args[0]);
+ k5_setmsg(context, EINVAL, _("Unsupported argument \"%s\" for db2"),
+ db_args[0]);
return EINVAL;
}
"supportedSASLMechanisms", "EXTERNAL");
switch (ret) {
case 1: /* not supported */
- krb5_set_error_message(context, 1, "%s", ERR_MSG2);
+ k5_setmsg(context, 1, "%s", ERR_MSG2);
break;
case 2: /* don't know */
- krb5_set_error_message(context, 1, "%s", ERR_MSG1);
+ k5_setmsg(context, 1, "%s", ERR_MSG1);
break;
default:
break;
set_ldap_error(krb5_context ctx, int st, int op)
{
int translated_st = translate_ldap_error(st, op);
- krb5_set_error_message(ctx, translated_st, "%s", ldap_err2string(st));
+ k5_setmsg(ctx, translated_st, "%s", ldap_err2string(st));
return translated_st;
}
const char *omsg;
omsg = krb5_get_error_message(ctx, oerr);
- krb5_set_error_message(ctx, err, "%s %s", str, omsg);
+ k5_setmsg(ctx, err, "%s %s", str, omsg);
krb5_free_error_message(ctx, omsg);
}
if (ldap_context->bind_dn == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st, _("LDAP bind dn value missing "));
+ k5_setmsg(context, st, _("LDAP bind dn value missing "));
goto err_out;
}
if (ldap_context->bind_pwd == NULL && ldap_context->service_password_file == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("LDAP bind password value missing "));
+ k5_setmsg(context, st, _("LDAP bind password value missing "));
goto err_out;
}
/* NULL password not allowed */
if (ldap_context->bind_pwd != NULL && strlen(ldap_context->bind_pwd) == 0) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("Service password length is zero"));
+ k5_setmsg(context, st, _("Service password length is zero"));
goto err_out;
}
/* ldap init */
if ((st = ldap_initialize(&ldap_server_handle->ldap_handle, server_info->server_name)) != 0) {
- krb5_set_error_message(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
- _("Cannot create LDAP handle for '%s': %s"),
- server_info->server_name, ldap_err2string(st));
+ k5_setmsg(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
+ _("Cannot create LDAP handle for '%s': %s"),
+ server_info->server_name, ldap_err2string(st));
st = KRB5_KDB_ACCESS_ERROR;
goto err_out;
}
server_info->server_status = ON;
krb5_update_ldap_handle(ldap_server_handle, server_info);
} else {
- krb5_set_error_message(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
- _("Cannot bind to LDAP server '%s' as '%s'"
- ": %s"), server_info->server_name,
- ldap_context->bind_dn, ldap_err2string(st));
+ k5_setmsg(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
+ _("Cannot bind to LDAP server '%s' as '%s': %s"),
+ server_info->server_name, ldap_context->bind_dn,
+ ldap_err2string(st));
st = KRB5_KDB_ACCESS_ERROR;
server_info->server_status = OFF;
time(&server_info->downtime);
int rc;
rc = krb5_ldap_delete_krbcontainer(context,
ldap_context->container_dn);
- krb5_set_error_message(context, rc,
- _("could not complete roll-back, error "
+ k5_setmsg(context, rc, _("could not complete roll-back, error "
"deleting Kerberos Container"));
}
if ((st=ldap_result2error(ldap_server_handle->ldap_handle, result, 1)) == LDAP_SUCCESS) {
server_info->server_status = ON;
} else {
- /* ?? */ krb5_set_error_message(0, 0, "%s", ldap_err2string(st));
server_info->server_status = OFF;
time(&server_info->downtime);
}
if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section,
KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
&dn)) != 0) {
- krb5_set_error_message(context, st,
- _("Error reading kerberos container "
+ k5_setmsg(context, st, _("Error reading kerberos container "
"location from krb5.conf"));
goto cleanup;
}
if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
NULL, &dn)) != 0) {
- krb5_set_error_message(context, st,
- _("Error reading kerberos container "
+ k5_setmsg(context, st, _("Error reading kerberos container "
"location from krb5.conf"));
goto cleanup;
}
if (dn == NULL) {
st = KRB5_KDB_SERVER_INTERNAL_ERR;
- krb5_set_error_message(context, st,
- _("Kerberos container location not specified"));
+ k5_setmsg(context, st, _("Kerberos container location not specified"));
goto cleanup;
}
KDB_MODULE_SECTION, conf_section, name,
0, &out_temp);
if (err) {
- krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"),
- name, error_message(err));
+ k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name,
+ error_message(err));
return err;
}
if (out_temp != 0) {
KDB_MODULE_DEF_SECTION, name, 0,
dfl, &out_temp);
if (err) {
- krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"),
- name, error_message(err));
+ k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name,
+ error_message(err));
return err;
}
*out = out_temp;
err = profile_get_boolean(ctx->profile, KDB_MODULE_SECTION, conf_section,
name, -1, &out_temp);
if (err) {
- krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"),
- name, error_message(err));
+ k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name,
+ error_message(err));
return err;
}
if (out_temp != -1) {
err = profile_get_boolean(ctx->profile, KDB_MODULE_DEF_SECTION, name, 0,
dfl, &out_temp);
if (err) {
- krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"),
- name, error_message(err));
+ k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name,
+ error_message(err));
return err;
}
*out = out_temp;
KDB_MODULE_SECTION, conf_section, name,
0, out);
if (err) {
- krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"),
- name, error_message(err));
+ k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name,
+ error_message(err));
return err;
}
if (*out != 0)
KDB_MODULE_DEF_SECTION, name, 0,
0, out);
if (err) {
- krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"),
- name, error_message(err));
+ k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name,
+ error_message(err));
return err;
}
return 0;
/* "temporary" is passed by kdb5_util load without -update,
* which we don't support. */
status = EINVAL;
- krb5_set_error_message(context, status,
- _("KDB module requires -update argument"));
+ k5_setmsg(context, status,
+ _("KDB module requires -update argument"));
goto cleanup;
}
if (val == NULL) {
status = EINVAL;
- krb5_set_error_message(context, status, _("'%s' value missing"),
- opt);
+ k5_setmsg(context, status, _("'%s' value missing"), opt);
goto cleanup;
}
lctx->ldap_debug = atoi(val);
} else {
status = EINVAL;
- krb5_set_error_message(context, status, _("unknown option '%s'"),
- opt);
+ k5_setmsg(context, status, _("unknown option '%s'"), opt);
goto cleanup;
}
if (ldap_context->max_server_conns < 2) {
st = EINVAL;
- krb5_set_error_message(context, st, _("Minimum connections required "
- "per server is 2"));
+ k5_setmsg(context, st,
+ _("Minimum connections required per server is 2"));
goto cleanup;
}
if (ldap_context->server_info_list == NULL) {
if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
KRB5_CONF_LDAP_SERVERS, NULL, &tempval)) != 0) {
- krb5_set_error_message(context, st, _("Error reading "
- "'ldap_servers' attribute"));
+ k5_setmsg(context, st,
+ _("Error reading 'ldap_servers' attribute"));
goto cleanup;
}
krb5_ldap_lock(krb5_context kcontext, int mode)
{
krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
- krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
+ k5_setmsg(kcontext, status, "LDAP %s", error_message(status));
return status;
}
krb5_ldap_unlock(krb5_context kcontext)
{
krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
- krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
+ k5_setmsg(kcontext, status, "LDAP %s", error_message(status));
return status;
}
realm = context->default_realm;
if (realm == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st, _("Default realm not set"));
+ k5_setmsg(context, st, _("Default realm not set"));
goto cleanup;
}
}
if (DN == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st, _("DN information missing"));
+ k5_setmsg(context, st, _("DN information missing"));
goto cleanup;
}
if (is_principal_in_realm(ldap_context, searchfor) != 0) {
st = KRB5_KDB_NOENTRY;
- krb5_set_error_message(context, st,
- _("Principal does not belong to realm"));
+ k5_setmsg(context, st, _("Principal does not belong to realm"));
goto cleanup;
}
xargs->dn != NULL || xargs->containerdn != NULL ||
xargs->linkdn != NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("%s option not supported"),
- arg);
+ k5_setmsg(context, st, _("%s option not supported"),
+ arg);
goto cleanup;
}
dptr = &xargs->dn;
if (optype == MODIFY_PRINCIPAL ||
xargs->dn != NULL || xargs->containerdn != NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("%s option not supported"),
- arg);
+ k5_setmsg(context, st, _("%s option not supported"),
+ arg);
goto cleanup;
}
dptr = &xargs->containerdn;
} else if (strcmp(arg, LINKDN_ARG) == 0) {
if (xargs->dn != NULL || xargs->linkdn != NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("%s option not supported"),
- arg);
+ k5_setmsg(context, st, _("%s option not supported"),
+ arg);
goto cleanup;
}
dptr = &xargs->linkdn;
} else {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("unknown option: %s"), arg);
+ k5_setmsg(context, st, _("unknown option: %s"), arg);
goto cleanup;
}
xargs->dn_from_kbd = TRUE;
if (arg_val == NULL || strlen(arg_val) == 0) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("%s option value missing"), arg);
+ k5_setmsg(context, st, _("%s option value missing"), arg);
goto cleanup;
}
}
if (arg_val == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("%s option value missing"), arg);
+ k5_setmsg(context, st, _("%s option value missing"), arg);
goto cleanup;
}
arg_val_len = strlen(arg_val) + 1;
if (is_principal_in_realm(ldap_context, entry->princ) != 0) {
st = EINVAL;
- krb5_set_error_message(context, st, _("Principal does not belong to "
- "the default realm"));
+ k5_setmsg(context, st,
+ _("Principal does not belong to the default realm"));
goto cleanup;
}
ldap_msgfree(result);
free(filter);
st = EINVAL;
- krb5_set_error_message(context, st,
- _("operation can not continue, "
- "more than one entry with "
- "principal name \"%s\" found"),
- user);
+ k5_setmsg(context, st,
+ _("operation can not continue, more than one "
+ "entry with principal name \"%s\" found"),
+ user);
goto cleanup;
} else if (numlentries == 1) {
found_entry = TRUE;
if (outofsubtree == TRUE) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("DN is out of the realm subtree"));
+ k5_setmsg(context, st, _("DN is out of the realm subtree"));
goto cleanup;
}
st = EINVAL;
snprintf(errbuf, sizeof(errbuf),
_("ldap object is already kerberized"));
- krb5_set_error_message(context, st, "%s", errbuf);
+ k5_setmsg(context, st, "%s", errbuf);
goto cleanup;
}
snprintf(errbuf, sizeof(errbuf),
_("link information can not be set/updated as the "
"kerberos principal belongs to an ldap object"));
- krb5_set_error_message(context, st, "%s", errbuf);
+ k5_setmsg(context, st, "%s", errbuf);
goto cleanup;
}
/*
if ((st=krb5_get_linkdn(context, entry, &linkdns)) != 0) {
snprintf(errbuf, sizeof(errbuf),
_("Failed getting object references"));
- krb5_set_error_message(context, st, "%s", errbuf);
+ k5_setmsg(context, st, "%s", errbuf);
goto cleanup;
}
if (linkdns != NULL) {
snprintf(errbuf, sizeof(errbuf),
_("kerberos principal is already linked to a ldap "
"object"));
- krb5_set_error_message(context, st, "%s", errbuf);
+ k5_setmsg(context, st, "%s", errbuf);
for (j=0; linkdns[j] != NULL; ++j)
free (linkdns[j]);
free (linkdns);
goto cleanup;
} else {
st = EINVAL;
- krb5_set_error_message(context, st, "Password policy value null");
+ k5_setmsg(context, st, "Password policy value null");
goto cleanup;
}
} else if (entry->mask & KADM5_LOAD && found_entry == TRUE) {
_("Principal delete failed (trying to replace "
"entry): %s"), ldap_err2string(st));
st = translate_ldap_error (st, OP_ADD);
- krb5_set_error_message(context, st, "%s", errbuf);
+ k5_setmsg(context, st, "%s", errbuf);
goto cleanup;
} else {
st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
snprintf(errbuf, sizeof(errbuf), _("Principal add failed: %s"),
ldap_err2string(st));
st = translate_ldap_error (st, OP_ADD);
- krb5_set_error_message(context, st, "%s", errbuf);
+ k5_setmsg(context, st, "%s", errbuf);
goto cleanup;
}
} else {
snprintf(errbuf, sizeof(errbuf), _("User modification failed: %s"),
ldap_err2string(st));
st = translate_ldap_error (st, OP_MOD);
- krb5_set_error_message(context, st, "%s", errbuf);
+ k5_setmsg(context, st, "%s", errbuf);
goto cleanup;
}
if (st != 0) {
const char *msg = error_message(st);
st = -1; /* Something more appropriate ? */
- krb5_set_error_message(context, st, _("unable to decode stored "
- "principal key data (%s)"),
- msg);
+ k5_setmsg(context, st,
+ _("unable to decode stored principal key data (%s)"),
+ msg);
goto cleanup;
}
noofkeys += n_kd;
if (lrealm == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("Realm information not available"));
+ k5_setmsg(context, st, _("Realm information not available"));
goto cleanup;
}
if ((st=ldap_delete_ext_s(ld, ldap_context->lrparams->realmdn, NULL, NULL)) != LDAP_SUCCESS) {
int ost = st;
st = translate_ldap_error (st, OP_DEL);
- krb5_set_error_message(context, st, _("Realm Delete FAILED: %s"),
- ldap_err2string(ost));
+ k5_setmsg(context, st, _("Realm Delete FAILED: %s"),
+ ldap_err2string(ost));
}
cleanup:
if (dn == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("Kerberos Container information is missing"));
+ k5_setmsg(context, st, _("Kerberos Container information is missing"));
goto cleanup;
}
rdns = ldap_explode_dn(dn, 1);
if (rdns == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("Invalid Kerberos container DN"));
+ k5_setmsg(context, st, _("Invalid Kerberos container DN"));
goto cleanup;
}
if (st != LDAP_SUCCESS) {
int ost = st;
st = translate_ldap_error (st, OP_ADD);
- krb5_set_error_message(context, st,
- _("Kerberos Container create FAILED: %s"),
- ldap_err2string(ost));
+ k5_setmsg(context, st, _("Kerberos Container create FAILED: %s"),
+ ldap_err2string(ost));
goto cleanup;
}
if (dn == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("Kerberos Container information is missing"));
+ k5_setmsg(context, st, _("Kerberos Container information is missing"));
goto cleanup;
}
if ((st = ldap_delete_ext_s(ld, dn, NULL, NULL)) != LDAP_SUCCESS) {
int ost = st;
st = translate_ldap_error (st, OP_ADD);
- krb5_set_error_message(context, st,
- _("Kerberos Container delete FAILED: %s"),
- ldap_err2string(ost));
+ k5_setmsg(context, st, _("Kerberos Container delete FAILED: %s"),
+ ldap_err2string(ost));
goto cleanup;
}
char **db_args)
{
krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
- krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
+ k5_setmsg(kcontext, status, "LDAP %s", error_message(status));
return status;
}
*password_out = NULL;
if (strncmp(str, "{HEX}", 5) != 0) {
- krb5_set_error_message(context, EINVAL,
- _("Not a hexadecimal password"));
+ k5_setmsg(context, EINVAL, _("Not a hexadecimal password"));
return EINVAL;
}
str += 5;
len = strlen(str);
if (len % 2 != 0) {
- krb5_set_error_message(context, EINVAL, _("Password corrupt"));
+ k5_setmsg(context, EINVAL, _("Password corrupt"));
return EINVAL;
}
for (p = (unsigned char *)str; *p != '\0'; p += 2) {
if (!isxdigit(*p) || !isxdigit(p[1])) {
free(password);
- krb5_set_error_message(context, EINVAL, _("Password corrupt"));
+ k5_setmsg(context, EINVAL, _("Password corrupt"));
return EINVAL;
}
sscanf((char *)p, "%2x", &k);
fptr = fopen(file, "r");
if (fptr == NULL) {
st = errno;
- krb5_set_error_message(context, st,
- _("Cannot open LDAP password file '%s': %s"),
- file, error_message(st));
+ k5_setmsg(context, st, _("Cannot open LDAP password file '%s': %s"),
+ file, error_message(st));
goto rp_exit;
}
set_cloexec_file(fptr);
if (entryfound == 0) {
st = KRB5_KDB_SERVER_INTERNAL_ERR;
- krb5_set_error_message(context, st, _("Bind DN entry '%s' missing in "
- "LDAP password file '%s'"),
- ldap_context->bind_dn, file);
+ k5_setmsg(context, st,
+ _("Bind DN entry '%s' missing in LDAP password file '%s'"),
+ ldap_context->bind_dn, file);
goto rp_exit;
}
/* replace the \n with \0 */
if (start == NULL) {
/* password field missing */
st = KRB5_KDB_SERVER_INTERNAL_ERR;
- krb5_set_error_message(context, st, _("Stash file entry corrupt"));
+ k5_setmsg(context, st, _("Stash file entry corrupt"));
goto rp_exit;
}
++ start;
/* validate the input parameters */
if (policy == NULL || policy->policy == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st, _("Ticket Policy Name missing"));
+ k5_setmsg(context, st, _("Ticket Policy Name missing"));
goto cleanup;
}
/* validate the input parameters */
if (policy == NULL || policy->policy==NULL) {
st = EINVAL;
- krb5_set_error_message(context, st, _("Ticket Policy Name missing"));
+ k5_setmsg(context, st, _("Ticket Policy Name missing"));
goto cleanup;
}
/* validate the input parameters */
if (policyname == NULL || policy == NULL) {
st = EINVAL;
- krb5_set_error_message(context, st,
- _("Ticket Policy Object information missing"));
+ k5_setmsg(context, st, _("Ticket Policy Object information missing"));
goto cleanup;
}
if ((sr2->sam_enc_nonce_or_sad.ciphertext.data == NULL) ||
(sr2->sam_enc_nonce_or_sad.ciphertext.length <= 0)) {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
- krb5_set_error_message(context, retval,
- "No preauth data supplied in "
- "verify_securid_data_2 (%s)", user);
+ k5_setmsg(context, retval,
+ "No preauth data supplied in verify_securid_data_2 (%s)",
+ user);
goto cleanup;
}
projects / thirdparty / krb5.git / commitdiff
