From: Tom Yu Date: Mon, 1 Nov 2010 19:49:40 +0000 (+0000) Subject: pull up r24466 from trunk X-Git-Tag: krb5-1.9-beta1~10 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=bf81abec16a92db50e5918c4aa1a9388efa4a1bf;p=krb5.git pull up r24466 from trunk ------------------------------------------------------------------------ r24466 | hartmans | 2010-10-19 15:50:42 -0400 (Tue, 19 Oct 2010) | 8 lines ticket: 6806 subject: securID error handling fix target_version: 1.9 tags: pullup In porting forward, I incorrectly used krb5_set_error_message instead of com_err. This commit reverts that change. ticket: 6806 version_fixed: 1.9 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24493 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/plugins/preauth/securid_sam2/securid2.c b/src/plugins/preauth/securid_sam2/securid2.c index 0a481c7c3..e216090c9 100644 --- a/src/plugins/preauth/securid_sam2/securid2.c +++ b/src/plugins/preauth/securid_sam2/securid2.c @@ -105,7 +105,7 @@ get_securid_key(krb5_context context, krb5_db_entry *client, retval = krb5_dbe_find_enctype(context, sam_securid_entry, -1, -1, -1, &client_securid_key_data); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while getting key from client's SAM SecurID " "entry"); goto cleanup; @@ -113,7 +113,7 @@ get_securid_key(krb5_context context, krb5_db_entry *client, retval = krb5_dbe_decrypt_key_data(context, NULL, client_securid_key_data, client_securid_key, NULL); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while decrypting key from client's SAM " "SecurID entry "); goto cleanup; @@ -299,7 +299,7 @@ get_securid_edata_2(krb5_context context, krb5_db_entry *client, retval = securid_encrypt_track_data_2(context, client, &tmp_data, &sc2b->sam_track_id); if (retval != 0) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "While encrypting nonce track data"); goto cleanup; } @@ -308,7 +308,7 @@ get_securid_edata_2(krb5_context context, krb5_db_entry *client, scratch.length = sizeof(sc2b->sam_nonce); retval = krb5_c_random_make_octets(context, &scratch); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while generating nonce data in " "get_securid_edata_2 (%s)", user ? user : def_user); @@ -321,7 +321,7 @@ get_securid_edata_2(krb5_context context, krb5_db_entry *client, retval = securid_make_sam_challenge_2_and_cksum(context, sc2, sc2b, client_key); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while making SAM_CHALLENGE_2 checksum (%s)", user ? user : def_user); } @@ -362,7 +362,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, retval = krb5_unparse_name(context, client->princ, &user); if (retval != 0) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while unparsing client name in " "verify_securid_data_2"); return retval; @@ -383,7 +383,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, sr2->sam_enc_nonce_or_sad.kvno, &client_key_data); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while getting client key in " "verify_securid_data_2 (%s)", user); goto cleanup; @@ -392,7 +392,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, retval = krb5_dbe_decrypt_key_data(context, NULL, client_key_data, &client_key, NULL); if (retval != 0) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while decrypting client key in " "verify_securid_data_2 (%s)", user); @@ -407,7 +407,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, KRB5_KEYUSAGE_PA_SAM_RESPONSE, 0, &sr2->sam_enc_nonce_or_sad, &scratch); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while decrypting SAD in " "verify_securid_data_2 (%s)", user); goto cleanup; @@ -415,7 +415,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, retval = decode_krb5_enc_sam_response_enc_2(&scratch, &esre2); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while decoding SAD in " "verify_securid_data_2 (%s)", user); esre2 = NULL; @@ -423,7 +423,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, } if (sr2->sam_nonce != esre2->sam_nonce) { - krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED, "while checking nonce in " "verify_securid_data_2 (%s)", user); retval = KRB5KDC_ERR_PREAUTH_FAILED; @@ -431,7 +431,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, } if (esre2->sam_sad.length == 0 || esre2->sam_sad.data == NULL) { - krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED, "No SecurID passcode in " "verify_securid_data_2 (%s)", user); retval = KRB5KDC_ERR_PREAUTH_FAILED; @@ -442,7 +442,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, memset(passcode, 0, sizeof(passcode)); if (esre2->sam_sad.length > (sizeof(passcode) - 1)) { retval = KRB5KDC_ERR_PREAUTH_FAILED; - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "SecurID passcode/PIN too long (%d bytes) in " "verify_securid_data_2 (%s)", esre2->sam_sad.length, user); @@ -453,7 +453,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, securid_user = strdup(user); if (!securid_user) { retval = ENOMEM; - krb5_set_error_message(context, ENOMEM, + com_err("krb5kdc", ENOMEM, "while copying user name in " "verify_securid_data_2 (%s)", user); goto cleanup; @@ -473,14 +473,14 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, &sr2->sam_track_id, &track_id_data); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while decrypting SecurID trackID in " "verify_securid_data_2 (%s)", user); goto cleanup; } if (track_id_data.length < sizeof (struct securid_track_data)) { retval = KRB5KDC_ERR_PREAUTH_FAILED; - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "Length of track data incorrect"); goto cleanup; } @@ -546,7 +546,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, tmp_data.data = (char *)&sc2b.sam_nonce; tmp_data.length = sizeof(sc2b.sam_nonce); if ((retval = krb5_c_random_make_octets(context, &tmp_data))) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while making nonce for SecurID new " "PIN2 SAM_CHALLENGE_2 (%s)", user); goto cleanup; @@ -562,7 +562,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, if ((retval = securid_encrypt_track_data_2(context, client, &tmp_data, &sc2b.sam_track_id))) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while encrypting NEW PIN2 SecurID " "track data for SAM_CHALLENGE_2 (%s)", securid_user); @@ -572,7 +572,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, &sc2b, &client_key); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while making cksum for " "SAM_CHALLENGE_2 (new PIN2) (%s)", securid_user); @@ -609,7 +609,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, initial: retval = SD_Init(&sd_handle); if (retval) { - krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED, "SD_Init() returns error %d in " "verify_securid_data_2 (%s)", retval, securid_user); @@ -682,7 +682,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, tmp_data.data = (char *)&sc2b.sam_nonce; tmp_data.length = sizeof(sc2b.sam_nonce); if ((retval = krb5_c_random_make_octets(context, &tmp_data))) { - krb5_set_error_message(context, retval, "while making nonce " + com_err("krb5kdc", retval, "while making nonce " "for SecurID SAM_CHALLENGE_2 (%s)", user); goto cleanup; @@ -698,7 +698,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, retval = securid_encrypt_track_data_2(context, client, &tmp_data, &sc2b.sam_track_id); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while encrypting SecurID track " "data for SAM_CHALLENGE_2 (%s)", securid_user); @@ -708,7 +708,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, &sc2b, &client_key); if (retval) { - krb5_set_error_message(context, retval, "while making cksum " + com_err("krb5kdc", retval, "while making cksum " "for SAM_CHALLENGE_2 (%s)", securid_user); } @@ -725,7 +725,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, goto cleanup; } default: - krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED, "AceServer returns unknown error code %d " "in verify_securid_data_2\n", retval); retval = KRB5KDC_ERR_PREAUTH_FAILED; diff --git a/src/plugins/preauth/securid_sam2/securid_sam2_main.c b/src/plugins/preauth/securid_sam2/securid_sam2_main.c index 3e1ada28e..4786cfee6 100644 --- a/src/plugins/preauth/securid_sam2/securid_sam2_main.c +++ b/src/plugins/preauth/securid_sam2/securid_sam2_main.c @@ -65,7 +65,7 @@ sam_get_db_entry(krb5_context context, krb5_principal client, *db_entry = NULL; retval = krb5_copy_principal(context, client, &newp); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "copying client name for preauth probe"); return retval; } @@ -146,7 +146,7 @@ kdc_include_padata(krb5_context context, krb5_kdc_req *request, client_key = (krb5_keyblock *) client_keys_data->data; if (client_key->enctype == 0) { retval = KRB5KDC_ERR_ETYPE_NOSUPP; - krb5_set_error_message(context, retval, "No client keys found in processing SAM2 challenge"); + com_err("krb5kdc", retval, "No client keys found in processing SAM2 challenge"); goto cleanup; } @@ -170,7 +170,7 @@ kdc_include_padata(krb5_context context, krb5_kdc_req *request, retval = encode_krb5_sam_challenge_2(&sc2, &encoded_challenge); if (retval) { - krb5_set_error_message(context, retval, + com_err("krb5kdc", retval, "while encoding SECURID SAM_CHALLENGE_2"); goto cleanup; } @@ -226,7 +226,7 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client, retval = decode_krb5_sam_response_2(&scratch, &sr2); if (retval) { - krb5_set_error_message(context, retval, "while decoding " + com_err("krb5kdc", retval, "while decoding " "SAM_RESPONSE_2 in verify_sam_response_2"); sr2 = NULL; goto cleanup; @@ -243,7 +243,7 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client, #endif /* ARL_SECURID_PREAUTH */ default: retval = KRB5_PREAUTH_BAD_TYPE; - krb5_set_error_message(context, retval, "while verifying SAM 2 data"); + com_err("krb5kdc", retval, "while verifying SAM 2 data"); break; }