return (retval);
}
+/* Convert an API error code to a protocol error code. */
+static int
+errcode_to_protocol(krb5_error_code code)
+{
+ int protcode;
+
+ protcode = code - ERROR_TABLE_BASE_krb5;
+ return (protcode >= 0 && protcode <= 128) ? protcode : KRB_ERR_GENERIC;
+}
+
/*
* Routines that validate a AS request; checks a lot of things. :-)
*
krb5_db_entry server, krb5_timestamp kdc_time,
const char **status, krb5_data *e_data)
{
- int errcode;
+ int errcode;
+ krb5_error_code ret;
/*
* If an option is set that is only allowed in TGS requests, complain.
}
/* Perform KDB module policy checks. */
- errcode = krb5_db_check_policy_as(kdc_context, request, &client, &server,
- kdc_time, status, e_data);
- if (errcode && errcode != KRB5_PLUGIN_OP_NOTSUPP)
- return errcode;
+ ret = krb5_db_check_policy_as(kdc_context, request, &client, &server,
+ kdc_time, status, e_data);
+ if (ret && ret != KRB5_PLUGIN_OP_NOTSUPP)
+ return errcode_to_protocol(ret);
/* Check against local policy. */
errcode = against_local_policy_as(request, client, server,
krb5_ticket *ticket, krb5_timestamp kdc_time,
const char **status, krb5_data *e_data)
{
- int errcode;
- int st_idx = 0;
+ int errcode;
+ int st_idx = 0;
+ krb5_error_code ret;
/*
* If an illegal option is set, ignore it.
}
/* Perform KDB module policy checks. */
- errcode = krb5_db_check_policy_tgs(kdc_context, request, &server,
- ticket, status, e_data);
- if (errcode && errcode != KRB5_PLUGIN_OP_NOTSUPP)
- return errcode;
+ ret = krb5_db_check_policy_tgs(kdc_context, request, &server,
+ ticket, status, e_data);
+ if (ret && ret != KRB5_PLUGIN_OP_NOTSUPP)
+ return errcode_to_protocol(ret);
/* Check local policy. */
errcode = against_local_policy_tgs(request, server, ticket,