From b66f070b39cce4c9c5900da645c22e762d275f8a Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Fri, 21 Aug 2009 18:32:50 +0000 Subject: [PATCH] Change "vague-errors" compile-time conditionals into run-time conditionals, based on a variable initialized based on the compile-time conditional (but probably eventually set from the config file or command line). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22569 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/do_as_req.c | 14 ++++++-------- src/kdc/extern.h | 2 ++ src/kdc/kdc_util.c | 24 ++++++++++++++---------- 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 52fbda5d6..304b76b4d 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -208,11 +208,10 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, goto errout; } else if (c_nprincs != 1) { status = "CLIENT_NOT_FOUND"; -#ifdef KRBCONF_VAGUE_ERRORS - errcode = KRB5KRB_ERR_GENERIC; -#else - errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; -#endif + if (vague_errors) + errcode = KRB5KRB_ERR_GENERIC; + else + errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; goto errout; } @@ -409,9 +408,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, } update_client = 1; status = "PREAUTH_FAILED"; -#ifdef KRBCONF_VAGUE_ERRORS - errcode = KRB5KRB_ERR_GENERIC; -#endif + if (vague_errors) + errcode = KRB5KRB_ERR_GENERIC; goto errout; } } diff --git a/src/kdc/extern.h b/src/kdc/extern.h index 87cc1bfa0..079f0e47f 100644 --- a/src/kdc/extern.h +++ b/src/kdc/extern.h @@ -105,6 +105,8 @@ extern const int kdc_modifies_kdb; extern char **db_args; extern krb5_int32 max_dgram_reply_size; /* maximum datagram size */ +extern const int vague_errors; + extern volatile int signal_requests_exit; extern volatile int signal_requests_hup; #endif /* __KRB5_KDC_EXTERN__ */ diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 53adfbb91..88ef11062 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -69,6 +69,12 @@ static char *kdc_current_rcname = (char *) NULL; krb5_deltat rc_lifetime; /* See kdc_initialize_rcache() */ #endif +#ifdef KRBCONF_VAGUE_ERRORS +const int vague_errors = 1; +#else +const int vague_errors = 0; +#endif + #ifdef USE_RCACHE /* * initialize the replay cache. @@ -939,11 +945,10 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client, /* The client must not be expired */ if (client.expiration && client.expiration < kdc_time) { *status = "CLIENT EXPIRED"; -#ifdef KRBCONF_VAGUE_ERRORS - return(KRB_ERR_GENERIC); -#else - return(KDC_ERR_NAME_EXP); -#endif + if (vague_errors) + return(KRB_ERR_GENERIC); + else + return(KDC_ERR_NAME_EXP); } /* The client's password must not be expired, unless the server is @@ -951,11 +956,10 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client, if (client.pw_expiration && client.pw_expiration < kdc_time && !isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) { *status = "CLIENT KEY EXPIRED"; -#ifdef KRBCONF_VAGUE_ERRORS - return(KRB_ERR_GENERIC); -#else - return(KDC_ERR_KEY_EXP); -#endif + if (vague_errors) + return(KRB_ERR_GENERIC); + else + return(KDC_ERR_KEY_EXP); } /* The server must not be expired */ -- 2.26.2