Change "vague-errors" compile-time conditionals into run-time
authorKen Raeburn <raeburn@mit.edu>
Fri, 21 Aug 2009 18:32:50 +0000 (18:32 +0000)
committerKen Raeburn <raeburn@mit.edu>
Fri, 21 Aug 2009 18:32:50 +0000 (18:32 +0000)
conditionals, based on a variable initialized based on the
compile-time conditional (but probably eventually set from the config
file or command line).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22569 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/do_as_req.c
src/kdc/extern.h
src/kdc/kdc_util.c

index 52fbda5d606798ebb0c0e0b9f3ade88b7dbd1008..304b76b4d2cbdbee2f610df1ef7068be7041c15d 100644 (file)
@@ -208,11 +208,10 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
        goto errout;
     } else if (c_nprincs != 1) {
        status = "CLIENT_NOT_FOUND";
-#ifdef KRBCONF_VAGUE_ERRORS
-       errcode = KRB5KRB_ERR_GENERIC;
-#else
-       errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-#endif
+       if (vague_errors)
+           errcode = KRB5KRB_ERR_GENERIC;
+       else
+           errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
        goto errout;
     }
    
@@ -409,9 +408,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
            }
            update_client = 1;
            status = "PREAUTH_FAILED";
-#ifdef KRBCONF_VAGUE_ERRORS
-           errcode = KRB5KRB_ERR_GENERIC;
-#endif
+           if (vague_errors)
+               errcode = KRB5KRB_ERR_GENERIC;
            goto errout;
        } 
     }
index 87cc1bfa0cd944cc8971faf6f5f8146900966409..079f0e47f8646b2df5b31102032be82dc2af042d 100644 (file)
@@ -105,6 +105,8 @@ extern const int    kdc_modifies_kdb;
 extern char            **db_args;
 extern krb5_int32      max_dgram_reply_size; /* maximum datagram size */
 
+extern const int       vague_errors;
+
 extern volatile int signal_requests_exit;
 extern volatile int signal_requests_hup;
 #endif /* __KRB5_KDC_EXTERN__ */
index 53adfbb914b80b6291d300447ca61fd699bd8303..88ef110629c0a2a1fa9496ac0e7b6c5e2ea2a64b 100644 (file)
@@ -69,6 +69,12 @@ static char *kdc_current_rcname = (char *) NULL;
 krb5_deltat rc_lifetime; /* See kdc_initialize_rcache() */
 #endif
 
+#ifdef KRBCONF_VAGUE_ERRORS
+const int vague_errors = 1;
+#else
+const int vague_errors = 0;
+#endif
+
 #ifdef USE_RCACHE
 /*
  * initialize the replay cache.
@@ -939,11 +945,10 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client,
     /* The client must not be expired */
     if (client.expiration && client.expiration < kdc_time) {
        *status = "CLIENT EXPIRED";
-#ifdef KRBCONF_VAGUE_ERRORS
-       return(KRB_ERR_GENERIC);
-#else
-       return(KDC_ERR_NAME_EXP);
-#endif
+       if (vague_errors)
+           return(KRB_ERR_GENERIC);
+       else
+           return(KDC_ERR_NAME_EXP);
     }
 
     /* The client's password must not be expired, unless the server is
@@ -951,11 +956,10 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client,
     if (client.pw_expiration && client.pw_expiration < kdc_time &&
        !isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
        *status = "CLIENT KEY EXPIRED";
-#ifdef KRBCONF_VAGUE_ERRORS
-       return(KRB_ERR_GENERIC);
-#else
-       return(KDC_ERR_KEY_EXP);
-#endif
+       if (vague_errors)
+           return(KRB_ERR_GENERIC);
+       else
+           return(KDC_ERR_KEY_EXP);
     }
 
     /* The server must not be expired */