svn rev #22569: trunk/src/kdc/

Fri Aug 21 14:32:50 EDT 2009

http://src.mit.edu/fisheye/changelog/krb5/?cs=22569
Commit By: raeburn
Log Message:
Change "vague-errors" compile-time conditionals into run-time
conditionals, based on a variable initialized based on the
compile-time conditional (but probably eventually set from the config
file or command line).


Changed Files:
U   trunk/src/kdc/do_as_req.c
U   trunk/src/kdc/extern.h
U   trunk/src/kdc/kdc_util.c
Modified: trunk/src/kdc/do_as_req.c
===================================================================

--- trunk/src/kdc/do_as_req.c	2009-08-21 18:32:46 UTC (rev 22568)
+++ trunk/src/kdc/do_as_req.c	2009-08-21 18:32:50 UTC (rev 22569)
@@ -208,11 +208,10 @@
 	goto errout;
     } else if (c_nprincs != 1) {
 	status = "CLIENT_NOT_FOUND";
-#ifdef KRBCONF_VAGUE_ERRORS
-	errcode = KRB5KRB_ERR_GENERIC;
-#else
-	errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-#endif
+	if (vague_errors)
+	    errcode = KRB5KRB_ERR_GENERIC;
+	else
+	    errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
 	goto errout;
     }
    
@@ -409,9 +408,8 @@
 	    }
 	    update_client = 1;
 	    status = "PREAUTH_FAILED";
-#ifdef KRBCONF_VAGUE_ERRORS
-	    errcode = KRB5KRB_ERR_GENERIC;
-#endif
+	    if (vague_errors)
+		errcode = KRB5KRB_ERR_GENERIC;
 	    goto errout;
 	} 
     }

Modified: trunk/src/kdc/extern.h
===================================================================
--- trunk/src/kdc/extern.h	2009-08-21 18:32:46 UTC (rev 22568)
+++ trunk/src/kdc/extern.h	2009-08-21 18:32:50 UTC (rev 22569)
@@ -105,6 +105,8 @@
 extern char		**db_args;
 extern krb5_int32	max_dgram_reply_size; /* maximum datagram size */
 
+extern const int	vague_errors;
+
 extern volatile int signal_requests_exit;
 extern volatile int signal_requests_hup;
 #endif /* __KRB5_KDC_EXTERN__ */

Modified: trunk/src/kdc/kdc_util.c
===================================================================
--- trunk/src/kdc/kdc_util.c	2009-08-21 18:32:46 UTC (rev 22568)
+++ trunk/src/kdc/kdc_util.c	2009-08-21 18:32:50 UTC (rev 22569)
@@ -69,6 +69,12 @@
 krb5_deltat rc_lifetime; /* See kdc_initialize_rcache() */
 #endif
 
+#ifdef KRBCONF_VAGUE_ERRORS
+const int vague_errors = 1;
+#else
+const int vague_errors = 0;
+#endif
+
 #ifdef USE_RCACHE
 /*
  * initialize the replay cache.
@@ -939,11 +945,10 @@
     /* The client must not be expired */
     if (client.expiration && client.expiration < kdc_time) {
 	*status = "CLIENT EXPIRED";
-#ifdef KRBCONF_VAGUE_ERRORS
-	return(KRB_ERR_GENERIC);
-#else
-	return(KDC_ERR_NAME_EXP);
-#endif
+	if (vague_errors)
+	    return(KRB_ERR_GENERIC);
+	else
+	    return(KDC_ERR_NAME_EXP);
     }
 
     /* The client's password must not be expired, unless the server is
@@ -951,11 +956,10 @@
     if (client.pw_expiration && client.pw_expiration < kdc_time &&
 	!isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
 	*status = "CLIENT KEY EXPIRED";
-#ifdef KRBCONF_VAGUE_ERRORS
-	return(KRB_ERR_GENERIC);
-#else
-	return(KDC_ERR_KEY_EXP);
-#endif
+	if (vague_errors)
+	    return(KRB_ERR_GENERIC);
+	else
+	    return(KDC_ERR_KEY_EXP);
     }
 
     /* The server must not be expired */


