svn rev #24466: trunk/src/plugins/preauth/securid_sam2/
hartmans@MIT.EDU
hartmans at MIT.EDU
Tue Oct 19 15:50:42 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24466
Commit By: hartmans
Log Message:
ticket: 6806
subject: securID error handling fix
target_version: 1.9
tags: pullup
In porting forward, I incorrectly used krb5_set_error_message instead of com_err.
This commit reverts that change.
Changed Files:
U trunk/src/plugins/preauth/securid_sam2/securid2.c
U trunk/src/plugins/preauth/securid_sam2/securid_sam2_main.c
Modified: trunk/src/plugins/preauth/securid_sam2/securid2.c
===================================================================
--- trunk/src/plugins/preauth/securid_sam2/securid2.c 2010-10-19 19:50:37 UTC (rev 24465)
+++ trunk/src/plugins/preauth/securid_sam2/securid2.c 2010-10-19 19:50:42 UTC (rev 24466)
@@ -105,7 +105,7 @@
retval = krb5_dbe_find_enctype(context, sam_securid_entry,
-1, -1, -1, &client_securid_key_data);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while getting key from client's SAM SecurID "
"entry");
goto cleanup;
@@ -113,7 +113,7 @@
retval = krb5_dbe_decrypt_key_data(context, NULL, client_securid_key_data,
client_securid_key, NULL);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while decrypting key from client's SAM "
"SecurID entry ");
goto cleanup;
@@ -299,7 +299,7 @@
retval = securid_encrypt_track_data_2(context, client, &tmp_data,
&sc2b->sam_track_id);
if (retval != 0) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"While encrypting nonce track data");
goto cleanup;
}
@@ -308,7 +308,7 @@
scratch.length = sizeof(sc2b->sam_nonce);
retval = krb5_c_random_make_octets(context, &scratch);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while generating nonce data in "
"get_securid_edata_2 (%s)",
user ? user : def_user);
@@ -321,7 +321,7 @@
retval = securid_make_sam_challenge_2_and_cksum(context,
sc2, sc2b, client_key);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while making SAM_CHALLENGE_2 checksum (%s)",
user ? user : def_user);
}
@@ -362,7 +362,7 @@
retval = krb5_unparse_name(context, client->princ, &user);
if (retval != 0) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while unparsing client name in "
"verify_securid_data_2");
return retval;
@@ -383,7 +383,7 @@
sr2->sam_enc_nonce_or_sad.kvno,
&client_key_data);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while getting client key in "
"verify_securid_data_2 (%s)", user);
goto cleanup;
@@ -392,7 +392,7 @@
retval = krb5_dbe_decrypt_key_data(context, NULL, client_key_data,
&client_key, NULL);
if (retval != 0) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while decrypting client key in "
"verify_securid_data_2 (%s)",
user);
@@ -407,7 +407,7 @@
KRB5_KEYUSAGE_PA_SAM_RESPONSE, 0,
&sr2->sam_enc_nonce_or_sad, &scratch);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while decrypting SAD in "
"verify_securid_data_2 (%s)", user);
goto cleanup;
@@ -415,7 +415,7 @@
retval = decode_krb5_enc_sam_response_enc_2(&scratch, &esre2);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while decoding SAD in "
"verify_securid_data_2 (%s)", user);
esre2 = NULL;
@@ -423,7 +423,7 @@
}
if (sr2->sam_nonce != esre2->sam_nonce) {
- krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
+ com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED,
"while checking nonce in "
"verify_securid_data_2 (%s)", user);
retval = KRB5KDC_ERR_PREAUTH_FAILED;
@@ -431,7 +431,7 @@
}
if (esre2->sam_sad.length == 0 || esre2->sam_sad.data == NULL) {
- krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
+ com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED,
"No SecurID passcode in "
"verify_securid_data_2 (%s)", user);
retval = KRB5KDC_ERR_PREAUTH_FAILED;
@@ -442,7 +442,7 @@
memset(passcode, 0, sizeof(passcode));
if (esre2->sam_sad.length > (sizeof(passcode) - 1)) {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"SecurID passcode/PIN too long (%d bytes) in "
"verify_securid_data_2 (%s)",
esre2->sam_sad.length, user);
@@ -453,7 +453,7 @@
securid_user = strdup(user);
if (!securid_user) {
retval = ENOMEM;
- krb5_set_error_message(context, ENOMEM,
+ com_err("krb5kdc", ENOMEM,
"while copying user name in "
"verify_securid_data_2 (%s)", user);
goto cleanup;
@@ -473,14 +473,14 @@
&sr2->sam_track_id,
&track_id_data);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while decrypting SecurID trackID in "
"verify_securid_data_2 (%s)", user);
goto cleanup;
}
if (track_id_data.length < sizeof (struct securid_track_data)) {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"Length of track data incorrect");
goto cleanup;
}
@@ -546,7 +546,7 @@
tmp_data.data = (char *)&sc2b.sam_nonce;
tmp_data.length = sizeof(sc2b.sam_nonce);
if ((retval = krb5_c_random_make_octets(context, &tmp_data))) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while making nonce for SecurID new "
"PIN2 SAM_CHALLENGE_2 (%s)", user);
goto cleanup;
@@ -562,7 +562,7 @@
if ((retval = securid_encrypt_track_data_2(context, client,
&tmp_data,
&sc2b.sam_track_id))) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while encrypting NEW PIN2 SecurID "
"track data for SAM_CHALLENGE_2 (%s)",
securid_user);
@@ -572,7 +572,7 @@
&sc2b,
&client_key);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while making cksum for "
"SAM_CHALLENGE_2 (new PIN2) (%s)",
securid_user);
@@ -609,7 +609,7 @@
initial:
retval = SD_Init(&sd_handle);
if (retval) {
- krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
+ com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED,
"SD_Init() returns error %d in "
"verify_securid_data_2 (%s)",
retval, securid_user);
@@ -682,7 +682,7 @@
tmp_data.data = (char *)&sc2b.sam_nonce;
tmp_data.length = sizeof(sc2b.sam_nonce);
if ((retval = krb5_c_random_make_octets(context, &tmp_data))) {
- krb5_set_error_message(context, retval, "while making nonce "
+ com_err("krb5kdc", retval, "while making nonce "
"for SecurID SAM_CHALLENGE_2 (%s)",
user);
goto cleanup;
@@ -698,7 +698,7 @@
retval = securid_encrypt_track_data_2(context, client, &tmp_data,
&sc2b.sam_track_id);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while encrypting SecurID track "
"data for SAM_CHALLENGE_2 (%s)",
securid_user);
@@ -708,7 +708,7 @@
&sc2b,
&client_key);
if (retval) {
- krb5_set_error_message(context, retval, "while making cksum "
+ com_err("krb5kdc", retval, "while making cksum "
"for SAM_CHALLENGE_2 (%s)",
securid_user);
}
@@ -725,7 +725,7 @@
goto cleanup;
}
default:
- krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED,
+ com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED,
"AceServer returns unknown error code %d "
"in verify_securid_data_2\n", retval);
retval = KRB5KDC_ERR_PREAUTH_FAILED;
Modified: trunk/src/plugins/preauth/securid_sam2/securid_sam2_main.c
===================================================================
--- trunk/src/plugins/preauth/securid_sam2/securid_sam2_main.c 2010-10-19 19:50:37 UTC (rev 24465)
+++ trunk/src/plugins/preauth/securid_sam2/securid_sam2_main.c 2010-10-19 19:50:42 UTC (rev 24466)
@@ -65,7 +65,7 @@
*db_entry = NULL;
retval = krb5_copy_principal(context, client, &newp);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"copying client name for preauth probe");
return retval;
}
@@ -146,7 +146,7 @@
client_key = (krb5_keyblock *) client_keys_data->data;
if (client_key->enctype == 0) {
retval = KRB5KDC_ERR_ETYPE_NOSUPP;
- krb5_set_error_message(context, retval, "No client keys found in processing SAM2 challenge");
+ com_err("krb5kdc", retval, "No client keys found in processing SAM2 challenge");
goto cleanup;
}
@@ -170,7 +170,7 @@
retval = encode_krb5_sam_challenge_2(&sc2, &encoded_challenge);
if (retval) {
- krb5_set_error_message(context, retval,
+ com_err("krb5kdc", retval,
"while encoding SECURID SAM_CHALLENGE_2");
goto cleanup;
}
@@ -226,7 +226,7 @@
retval = decode_krb5_sam_response_2(&scratch, &sr2);
if (retval) {
- krb5_set_error_message(context, retval, "while decoding "
+ com_err("krb5kdc", retval, "while decoding "
"SAM_RESPONSE_2 in verify_sam_response_2");
sr2 = NULL;
goto cleanup;
@@ -243,7 +243,7 @@
#endif /* ARL_SECURID_PREAUTH */
default:
retval = KRB5_PREAUTH_BAD_TYPE;
- krb5_set_error_message(context, retval, "while verifying SAM 2 data");
+ com_err("krb5kdc", retval, "while verifying SAM 2 data");
break;
}
More information about the cvs-krb5
mailing list