From: Nicolas Williams Date: Wed, 12 Nov 2014 21:49:37 +0000 (-0600) Subject: Use new error message wrapping APIs X-Git-Tag: krb5-1.14-alpha1~199 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ebcdf02f8ec212555b1762007fa8454615900f36;p=thirdparty%2Fkrb5.git Use new error message wrapping APIs Define internal names k5_prendmsg and k5_wrapmsg and use them where we amend error messages. This slightly changes the error message when we fail to construct FAST AP-REQ armor, decrypt a FAST reply, or store credentials in a gic_opts output ccache. Adjust the test suite for the latter of those changes. [ghudson@mit.edu: define and use internal names for brevity; pull in test fix from later commit; expand commit message; fix redundant separators in LDAP messages] ticket: 8046 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index d57dd6b8b5..0970af7796 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2288,7 +2288,9 @@ krb5_boolean k5_etypes_contains(const krb5_enctype *list, krb5_enctype etype); void k5_change_error_message_code(krb5_context ctx, krb5_error_code oldcode, krb5_error_code newcode); -/* Define a shorter internal name for krb5_set_error_message. */ +/* Define shorter internal names for setting error messages. */ #define k5_setmsg krb5_set_error_message +#define k5_prependmsg krb5_prepend_error_message +#define k5_wrapmsg krb5_wrap_error_message #endif /* _KRB5_INT_H */ diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 6864af5c46..50daf74b73 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -400,22 +400,17 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib) if ((status = krb5int_open_plugin_dirs ((const char **) path, filebases, &(*lib)->dl_dir_handle, &kcontext->err))) { - const char *err_str = krb5_get_error_message(kcontext, status); status = KRB5_KDB_DBTYPE_NOTFOUND; - k5_setmsg(kcontext, status, - _("Unable to find requested database type: %s"), err_str); - krb5_free_error_message(kcontext, err_str); + k5_prependmsg(kcontext, status, + _("Unable to find requested database type")); goto clean_n_exit; } if ((status = krb5int_get_plugin_dir_data (&(*lib)->dl_dir_handle, "kdb_function_table", &vftabl_addrs, &kcontext->err))) { - const char *err_str = krb5_get_error_message(kcontext, status); status = KRB5_KDB_DBTYPE_INIT; - k5_setmsg(kcontext, status, - _("plugin symbol 'kdb_function_table' lookup failed: %s"), - err_str); - krb5_free_error_message(kcontext, err_str); + k5_prependmsg(kcontext, status, + _("plugin symbol 'kdb_function_table' lookup failed")); goto clean_n_exit; } diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index 02d580ffa2..dde7006de1 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -212,11 +212,8 @@ krb5int_fast_as_armor(krb5_context context, target_principal); } if (retval != 0) { - const char * errmsg; - errmsg = krb5_get_error_message(context, retval); - k5_setmsg(context, retval, _("%s constructing AP-REQ armor"), - errmsg); - krb5_free_error_message(context, errmsg); + k5_prependmsg(context, retval, + _("Error constructing AP-REQ armor")); } } if (ccache) @@ -393,13 +390,8 @@ decrypt_fast_reply(krb5_context context, retval = krb5_c_decrypt(context, state->armor_key, KRB5_KEYUSAGE_FAST_REP, NULL, encrypted_response, &scratch); - if (retval != 0) { - const char * errmsg; - errmsg = krb5_get_error_message(context, retval); - k5_setmsg(context, retval, _("%s while decrypting FAST reply"), - errmsg); - krb5_free_error_message(context, errmsg); - } + if (retval != 0) + k5_prependmsg(context, retval, _("Failed to decrypt FAST reply")); if (retval == 0) retval = decode_krb5_fast_response(&scratch, &local_resp); if (retval == 0) { diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 2979287446..2c2b654a66 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1636,12 +1636,8 @@ init_creds_step_reply(krb5_context context, goto cc_cleanup; code = save_cc_config_out_data(context, out_ccache, ctx); cc_cleanup: - if (code !=0) { - const char *msg; - msg = krb5_get_error_message(context, code); - k5_setmsg(context, code, _("%s while storing credentials"), msg); - krb5_free_error_message(context, msg); - } + if (code != 0) + k5_prependmsg(context, code, _("Failed to store credentials")); } k5_preauth_request_context_fini(context); diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 9f34b336cf..8745cb11a3 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -1008,7 +1008,6 @@ krb5_preauth_supply_preauth_data(krb5_context context, struct krb5_preauth_context_st *pctx = context->preauth_context; clpreauth_handle *hp, h; krb5_error_code ret; - const char *emsg = NULL; if (pctx == NULL) { k5_init_preauth_context(context); @@ -1028,10 +1027,7 @@ krb5_preauth_supply_preauth_data(krb5_context context, h = *hp; ret = clpreauth_gic_opts(context, h, opt, attr, value); if (ret) { - emsg = krb5_get_error_message(context, ret); - k5_setmsg(context, ret, _("Preauth module %s: %s"), h->vt.name, - emsg); - krb5_free_error_message(context, emsg); + k5_prependmsg(context, ret, _("Preauth module %s"), h->vt.name); return ret; } } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 76243f97dd..151edb9097 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -65,13 +65,12 @@ krb5_ldap_read_startup_information(krb5_context context) SETUP_CONTEXT(); if ((retval=krb5_ldap_read_krbcontainer_dn(context, &(ldap_context->container_dn)))) { - prepend_err_str(context, _("Unable to read Kerberos container"), - retval, retval); + k5_prependmsg(context, retval, _("Unable to read Kerberos container")); goto cleanup; } if ((retval=krb5_ldap_read_realm_params(context, context->default_realm, &(ldap_context->lrparams), &mask))) { - prepend_err_str(context, _("Unable to read Realm"), retval, retval); + k5_prependmsg(context, retval, _("Unable to read Realm")); goto cleanup; } @@ -212,15 +211,13 @@ krb5_ldap_open(krb5_context context, char *conf_section, char **db_args, status = krb5_ldap_parse_db_params(context, db_args); if (status) { - prepend_err_str(context, _("Error processing LDAP DB params:"), - status, status); + k5_prependmsg(context, status, _("Error processing LDAP DB params")); goto clean_n_exit; } status = krb5_ldap_read_server_params(context, conf_section, mode & 0x0300); if (status) { - prepend_err_str(context, _("Error reading LDAP server params:"), - status, status); + k5_prependmsg(context, status, _("Error reading LDAP server params")); goto clean_n_exit; } if ((status=krb5_ldap_db_init(context, ldap_context)) != 0) { @@ -248,17 +245,6 @@ set_ldap_error(krb5_context ctx, int st, int op) return translated_st; } -void -prepend_err_str(krb5_context ctx, const char *str, krb5_error_code err, - krb5_error_code oerr) -{ - const char *omsg; - - omsg = krb5_get_error_message(ctx, oerr); - k5_setmsg(ctx, err, "%s %s", str, omsg); - krb5_free_error_message(ctx, omsg); -} - extern krb5int_access accessor; MAKE_INIT_FUNCTION(kldap_init_fn); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index 3e98b53147..06b477537d 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -83,14 +83,14 @@ extern struct timeval timelimit; #define GET_HANDLE() ld = NULL; \ st = krb5_ldap_request_handle_from_pool(ldap_context, &ldap_server_handle); \ if (st != 0) { \ - prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \ + k5_wrapmsg(context, st, KRB5_KDB_ACCESS_ERROR, \ + "LDAP handle unavailable"); \ st = KRB5_KDB_ACCESS_ERROR; \ goto cleanup; \ } \ ld = ldap_server_handle->ldap_handle; extern int set_ldap_error (krb5_context ctx, int st, int op); -extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code err, krb5_error_code oerr); #define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS) @@ -110,7 +110,8 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er \ if (status_check != IGNORE_STATUS) { \ if (tempst != 0) { \ - prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \ + k5_wrapmsg(context, st, KRB5_KDB_ACCESS_ERROR, \ + "LDAP handle unavailable"); \ st = KRB5_KDB_ACCESS_ERROR; \ goto cleanup; \ } \ @@ -126,7 +127,7 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er if (st == 0 && mask == 0) { \ st = set_ldap_error(context, LDAP_OBJECT_CLASS_VIOLATION, OP_SEARCH); \ } \ - prepend_err_str(context, str, st, st); \ + k5_prependmsg(context, st, str); \ goto cleanup; \ } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c index 16ac60be3d..d904c9933b 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c @@ -74,8 +74,8 @@ validate_context(krb5_context context, krb5_ldap_context *ctx) ret = krb5_ldap_readpassword(context, ctx->service_password_file, ctx->bind_dn, &ctx->bind_pwd); if (ret) { - prepend_err_str(context, _("Error reading password from stash: "), - ret, ret); + k5_prependmsg(context, ret, + _("Error reading password from stash")); return ret; } } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c index 9cbde9a960..1e6fffee5a 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -70,15 +70,13 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args) status = krb5_ldap_parse_db_params(context, db_args); if (status) { - prepend_err_str(context, _("Error processing LDAP DB params:"), - status, status); + k5_prependmsg(context, status, _("Error processing LDAP DB params")); goto cleanup; } status = krb5_ldap_read_server_params(context, conf_section, KRB5_KDB_SRV_TYPE_ADMIN); if (status) { - prepend_err_str(context, _("Error reading LDAP server params:"), - status, status); + k5_prependmsg(context, status, _("Error reading LDAP server params")); goto cleanup; } status = krb5_ldap_db_init(context, ldap_context); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index df5934c3f4..3e560d997a 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -671,9 +671,8 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) { int ost = st; st = EINVAL; - snprintf(errbuf, sizeof(errbuf), _("'%s' not found: "), - xargs.containerdn); - prepend_err_str(context, errbuf, st, ost); + k5_prependmsg(context, ost, st, _("'%s' not found"), + xargs.containerdn); } goto cleanup; } @@ -1324,8 +1323,7 @@ krb5_read_tkt_policy(krb5_context context, krb5_ldap_context *ldap_context, if (policy != NULL) { st = krb5_ldap_read_policy(context, policy, &tktpoldnparam, &omask); if (st && st != KRB5_KDB_NOENTRY) { - prepend_err_str(context, _("Error reading ticket policy. "), st, - st); + k5_prependmsg(context, st, _("Error reading ticket policy")); goto cleanup; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index e9fb3fa023..06062780dd 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -291,8 +291,7 @@ krb5_ldap_delete_realm (krb5_context context, char *lrealm) /* Delete all ticket policies */ { if ((st = krb5_ldap_list_policy (context, ldap_context->lrparams->realmdn, &policy)) != 0) { - prepend_err_str(context, _("Error reading ticket policy: "), st, - st); + k5_prependmsg(context, st, _("Error reading ticket policy")); goto cleanup; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c index 7e93685e1e..654a04416a 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c @@ -293,7 +293,7 @@ krb5_ldap_delete_policy(krb5_context context, char *policyname) if (policyname == NULL) { st = EINVAL; - prepend_err_str(context, _("Ticket Policy Object DN missing"), st, st); + k5_prependmsg(context, st, _("Ticket Policy Object DN missing")); goto cleanup; } @@ -313,15 +313,15 @@ krb5_ldap_delete_policy(krb5_context context, char *policyname) if (refcount == 0) { if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != 0) { - prepend_err_str (context,ldap_err2string(st),st,st); + k5_prependmsg(context, st, "%s", ldap_err2string(st)); goto cleanup; } } else { st = EINVAL; - prepend_err_str(context, - _("Delete Failed: One or more Principals associated " - "with the Ticket Policy"), st, st); + k5_prependmsg(context, st, + _("Delete Failed: One or more Principals associated " + "with the Ticket Policy")); goto cleanup; } @@ -428,8 +428,7 @@ krb5_ldap_list(krb5_context context, char ***list, char *objectclass, /* check if the containerdn exists */ if (containerdn) { if ((st=checkattributevalue(ld, containerdn, NULL, NULL, NULL)) != 0) { - prepend_err_str(context, _("Error reading container object: "), - st, st); + k5_prependmsg(context, st, _("Error reading container object")); goto cleanup; } } diff --git a/src/tests/t_ccache.py b/src/tests/t_ccache.py index 43c15d495c..ac13ef28b5 100644 --- a/src/tests/t_ccache.py +++ b/src/tests/t_ccache.py @@ -39,7 +39,7 @@ if ' not found' not in output: # Test kinit with an inaccessible ccache. out = realm.run([kinit, '-c', 'testdir/xx/yy', realm.user_princ], input=(password('user') + '\n'), expected_code=1) -if ' while storing credentials' not in out: +if 'Failed to store credentials' not in out: fail('Expected error message not seen in kinit output') # Test klist -s with a single ccache.