From e989073ec4f0893fd409243f001d9236a56c800b Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Fri, 17 Oct 2008 17:07:03 +0000 Subject: [PATCH] Remap some of the more confusing krb5 errors Also enlarged last error buffer for UTF8 strings with multibyte chars. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20884 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kim/lib/kim_error_message.c | 76 +++++++++++++++++++++++---------- src/kim/lib/kim_errors.et | 3 ++ 2 files changed, 56 insertions(+), 23 deletions(-) diff --git a/src/kim/lib/kim_error_message.c b/src/kim/lib/kim_error_message.c index 49f26301d..6a891aa48 100644 --- a/src/kim/lib/kim_error_message.c +++ b/src/kim/lib/kim_error_message.c @@ -38,7 +38,7 @@ MAKE_FINI_FUNCTION(kim_error_terminate); typedef struct kim_last_error { kim_error code; - char message[1024]; + char message[2048]; } *kim_last_error; /* ------------------------------------------------------------------------ */ @@ -91,6 +91,36 @@ static void kim_error_free_message (void *io_error) } } +#pragma mark - + +/* ------------------------------------------------------------------------ */ + +static kim_boolean kim_error_is_builtin (kim_error in_error) +{ + return (in_error == KIM_NO_ERROR || + in_error == KIM_OUT_OF_MEMORY_ERR); +} + +/* ------------------------------------------------------------------------ */ +/* Warning: only remap to error strings with the same format! */ + +static kim_error kim_error_remap (kim_error in_error) +{ + /* some krb5 errors are confusing. remap to better ones */ + switch (in_error) { + case KRB5KRB_AP_ERR_BAD_INTEGRITY: + return KIM_BAD_PASSWORD_ERR; + + case KRB5KDC_ERR_PREAUTH_FAILED: + return KIM_PREAUTH_FAILED_ERR; + + case KRB5KRB_AP_ERR_SKEW: + return KIM_CLOCK_SKEW_ERR; + } + + return in_error; +} + /* ------------------------------------------------------------------------ */ kim_string kim_error_message (kim_error in_error) @@ -110,15 +140,7 @@ kim_string kim_error_message (kim_error in_error) if (!lock_err) { k5_mutex_unlock (&kim_error_lock); } - return message ? message : error_message (in_error); -} - -/* ------------------------------------------------------------------------ */ - -static kim_boolean kim_error_is_builtin (kim_error in_error) -{ - return (in_error == KIM_NO_ERROR || - in_error == KIM_OUT_OF_MEMORY_ERR); + return message ? message : error_message (kim_error_remap (in_error)); } #pragma mark -- Generic Functions -- @@ -140,26 +162,27 @@ kim_error kim_error_set_message_for_code (kim_error in_error, /* ------------------------------------------------------------------------ */ -kim_error kim_error_set_message_for_code_va (kim_error in_error, +kim_error kim_error_set_message_for_code_va (kim_error in_code, va_list in_args) { kim_error err = KIM_NO_ERROR; - - if (!err && !kim_error_is_builtin (in_error)) { - kim_string message = NULL; + kim_error code = kim_error_remap (in_code); + if (!kim_error_is_builtin (code)) { + kim_string message = NULL; + err = kim_string_create_from_format_va_retcode (&message, - error_message (in_error), + error_message (code), in_args); if (!err) { - err = kim_error_set_message (in_error, message); + err = kim_error_set_message (code, message); } kim_string_free (&message); } - return err ? err : in_error; + return err ? err : code; } @@ -169,16 +192,23 @@ kim_error kim_error_set_message_for_krb5_error (krb5_context in_context, krb5_error_code in_code) { kim_error err = KIM_NO_ERROR; + krb5_error_code code = kim_error_remap (in_code); - if (!err && !kim_error_is_builtin (in_code)) { - const char *message = krb5_get_error_message (in_context, in_code); - - err = kim_error_set_message (in_code, message); + if (code != in_code) { + /* error was remapped to a KIM error */ + err = kim_error_set_message (code, error_message (code)); + + } else if (!kim_error_is_builtin (code)) { + const char *message = krb5_get_error_message (in_context, code); - if (message) { krb5_free_error_message (in_context, message); } + if (message) { + err = kim_error_set_message (code, message); + + krb5_free_error_message (in_context, message); + } } - return err ? err : in_code; + return err ? err : code; } #pragma mark -- Debugging Functions -- diff --git a/src/kim/lib/kim_errors.et b/src/kim/lib/kim_errors.et index 5082a1b80..415751dc5 100644 --- a/src/kim/lib/kim_errors.et +++ b/src/kim/lib/kim_errors.et @@ -29,6 +29,7 @@ error_code KIM_KRB5_INIT_FAILED_ERR, "Unable to initialize Kerberos error_code KIM_NO_REALMS_ERR, "There are no Kerberos realms configured" error_code KIM_NO_SUCH_REALM_ERR, "The realm '%s' is not in your configuration file or does not exist" error_code KIM_UNSUPPORTED_HINT_ERR, "The hint '%s' is not supported by this version of KIM" +error_code KIM_CLOCK_SKEW_ERR, "Clock skew too big: please check your time, time zone and daylight savings settings" index 25 # Principal Errors @@ -37,6 +38,8 @@ error_code KIM_BAD_COMPONENT_INDEX_ERR, "Principal does not have a com error_code KIM_PASSWORD_MISMATCH_ERR, "New and verify passwords do not match" error_code KIM_INSECURE_PASSWORD_ERR, "Your new password for '%s' is insecure; please pick another one" error_code KIM_PASSWORD_CHANGE_FAILED_ERR, "Unable to change password for %s" +error_code KIM_BAD_PASSWORD_ERR, "Password incorrect" +error_code KIM_PREAUTH_FAILED_ERR, "Password incorrect or preauthentication failed" index 50 # Options Errors -- 2.26.2