krb5 commit: Use new error message wrapping APIs
Greg Hudson
ghudson at mit.edu
Sun Dec 7 23:35:29 EST 2014
https://github.com/krb5/krb5/commit/ebcdf02f8ec212555b1762007fa8454615900f36
commit ebcdf02f8ec212555b1762007fa8454615900f36
Author: Nicolas Williams <nico at cryptonector.com>
Date: Wed Nov 12 15:49:37 2014 -0600
Use new error message wrapping APIs
Define internal names k5_prendmsg and k5_wrapmsg and use them where we
amend error messages. This slightly changes the error message when we
fail to construct FAST AP-REQ armor, decrypt a FAST reply, or store
credentials in a gic_opts output ccache. Adjust the test suite for
the latter of those changes.
[ghudson at mit.edu: define and use internal names for brevity; pull in
test fix from later commit; expand commit message; fix redundant
separators in LDAP messages]
ticket: 8046
src/include/k5-int.h | 4 ++-
src/lib/kdb/kdb5.c | 13 +++--------
src/lib/krb5/krb/fast.c | 16 +++----------
src/lib/krb5/krb/get_in_tkt.c | 8 +-----
src/lib/krb5/krb/preauth2.c | 6 +----
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 22 +++----------------
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h | 9 ++++---
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c | 4 +-
src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c | 6 +---
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 8 ++----
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 3 +-
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c | 13 +++++------
src/tests/t_ccache.py | 2 +-
13 files changed, 38 insertions(+), 76 deletions(-)
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index d57dd6b..0970af7 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2288,7 +2288,9 @@ krb5_boolean k5_etypes_contains(const krb5_enctype *list, krb5_enctype etype);
void k5_change_error_message_code(krb5_context ctx, krb5_error_code oldcode,
krb5_error_code newcode);
-/* Define a shorter internal name for krb5_set_error_message. */
+/* Define shorter internal names for setting error messages. */
#define k5_setmsg krb5_set_error_message
+#define k5_prependmsg krb5_prepend_error_message
+#define k5_wrapmsg krb5_wrap_error_message
#endif /* _KRB5_INT_H */
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index 6864af5..50daf74 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -400,22 +400,17 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib)
if ((status = krb5int_open_plugin_dirs ((const char **) path,
filebases,
&(*lib)->dl_dir_handle, &kcontext->err))) {
- const char *err_str = krb5_get_error_message(kcontext, status);
status = KRB5_KDB_DBTYPE_NOTFOUND;
- k5_setmsg(kcontext, status,
- _("Unable to find requested database type: %s"), err_str);
- krb5_free_error_message(kcontext, err_str);
+ k5_prependmsg(kcontext, status,
+ _("Unable to find requested database type"));
goto clean_n_exit;
}
if ((status = krb5int_get_plugin_dir_data (&(*lib)->dl_dir_handle, "kdb_function_table",
&vftabl_addrs, &kcontext->err))) {
- const char *err_str = krb5_get_error_message(kcontext, status);
status = KRB5_KDB_DBTYPE_INIT;
- k5_setmsg(kcontext, status,
- _("plugin symbol 'kdb_function_table' lookup failed: %s"),
- err_str);
- krb5_free_error_message(kcontext, err_str);
+ k5_prependmsg(kcontext, status,
+ _("plugin symbol 'kdb_function_table' lookup failed"));
goto clean_n_exit;
}
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c
index 02d580f..dde7006 100644
--- a/src/lib/krb5/krb/fast.c
+++ b/src/lib/krb5/krb/fast.c
@@ -212,11 +212,8 @@ krb5int_fast_as_armor(krb5_context context,
target_principal);
}
if (retval != 0) {
- const char * errmsg;
- errmsg = krb5_get_error_message(context, retval);
- k5_setmsg(context, retval, _("%s constructing AP-REQ armor"),
- errmsg);
- krb5_free_error_message(context, errmsg);
+ k5_prependmsg(context, retval,
+ _("Error constructing AP-REQ armor"));
}
}
if (ccache)
@@ -393,13 +390,8 @@ decrypt_fast_reply(krb5_context context,
retval = krb5_c_decrypt(context, state->armor_key,
KRB5_KEYUSAGE_FAST_REP, NULL,
encrypted_response, &scratch);
- if (retval != 0) {
- const char * errmsg;
- errmsg = krb5_get_error_message(context, retval);
- k5_setmsg(context, retval, _("%s while decrypting FAST reply"),
- errmsg);
- krb5_free_error_message(context, errmsg);
- }
+ if (retval != 0)
+ k5_prependmsg(context, retval, _("Failed to decrypt FAST reply"));
if (retval == 0)
retval = decode_krb5_fast_response(&scratch, &local_resp);
if (retval == 0) {
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 2979287..2c2b654 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1636,12 +1636,8 @@ init_creds_step_reply(krb5_context context,
goto cc_cleanup;
code = save_cc_config_out_data(context, out_ccache, ctx);
cc_cleanup:
- if (code !=0) {
- const char *msg;
- msg = krb5_get_error_message(context, code);
- k5_setmsg(context, code, _("%s while storing credentials"), msg);
- krb5_free_error_message(context, msg);
- }
+ if (code != 0)
+ k5_prependmsg(context, code, _("Failed to store credentials"));
}
k5_preauth_request_context_fini(context);
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index 9f34b33..8745cb1 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -1008,7 +1008,6 @@ krb5_preauth_supply_preauth_data(krb5_context context,
struct krb5_preauth_context_st *pctx = context->preauth_context;
clpreauth_handle *hp, h;
krb5_error_code ret;
- const char *emsg = NULL;
if (pctx == NULL) {
k5_init_preauth_context(context);
@@ -1028,10 +1027,7 @@ krb5_preauth_supply_preauth_data(krb5_context context,
h = *hp;
ret = clpreauth_gic_opts(context, h, opt, attr, value);
if (ret) {
- emsg = krb5_get_error_message(context, ret);
- k5_setmsg(context, ret, _("Preauth module %s: %s"), h->vt.name,
- emsg);
- krb5_free_error_message(context, emsg);
+ k5_prependmsg(context, ret, _("Preauth module %s"), h->vt.name);
return ret;
}
}
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
index 76243f9..151edb9 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -65,13 +65,12 @@ krb5_ldap_read_startup_information(krb5_context context)
SETUP_CONTEXT();
if ((retval=krb5_ldap_read_krbcontainer_dn(context, &(ldap_context->container_dn)))) {
- prepend_err_str(context, _("Unable to read Kerberos container"),
- retval, retval);
+ k5_prependmsg(context, retval, _("Unable to read Kerberos container"));
goto cleanup;
}
if ((retval=krb5_ldap_read_realm_params(context, context->default_realm, &(ldap_context->lrparams), &mask))) {
- prepend_err_str(context, _("Unable to read Realm"), retval, retval);
+ k5_prependmsg(context, retval, _("Unable to read Realm"));
goto cleanup;
}
@@ -212,15 +211,13 @@ krb5_ldap_open(krb5_context context, char *conf_section, char **db_args,
status = krb5_ldap_parse_db_params(context, db_args);
if (status) {
- prepend_err_str(context, _("Error processing LDAP DB params:"),
- status, status);
+ k5_prependmsg(context, status, _("Error processing LDAP DB params"));
goto clean_n_exit;
}
status = krb5_ldap_read_server_params(context, conf_section, mode & 0x0300);
if (status) {
- prepend_err_str(context, _("Error reading LDAP server params:"),
- status, status);
+ k5_prependmsg(context, status, _("Error reading LDAP server params"));
goto clean_n_exit;
}
if ((status=krb5_ldap_db_init(context, ldap_context)) != 0) {
@@ -248,17 +245,6 @@ set_ldap_error(krb5_context ctx, int st, int op)
return translated_st;
}
-void
-prepend_err_str(krb5_context ctx, const char *str, krb5_error_code err,
- krb5_error_code oerr)
-{
- const char *omsg;
-
- omsg = krb5_get_error_message(ctx, oerr);
- k5_setmsg(ctx, err, "%s %s", str, omsg);
- krb5_free_error_message(ctx, omsg);
-}
-
extern krb5int_access accessor;
MAKE_INIT_FUNCTION(kldap_init_fn);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index 3e98b53..06b4775 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -83,14 +83,14 @@ extern struct timeval timelimit;
#define GET_HANDLE() ld = NULL; \
st = krb5_ldap_request_handle_from_pool(ldap_context, &ldap_server_handle); \
if (st != 0) { \
- prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \
+ k5_wrapmsg(context, st, KRB5_KDB_ACCESS_ERROR, \
+ "LDAP handle unavailable"); \
st = KRB5_KDB_ACCESS_ERROR; \
goto cleanup; \
} \
ld = ldap_server_handle->ldap_handle;
extern int set_ldap_error (krb5_context ctx, int st, int op);
-extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code err, krb5_error_code oerr);
#define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
@@ -110,7 +110,8 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
\
if (status_check != IGNORE_STATUS) { \
if (tempst != 0) { \
- prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \
+ k5_wrapmsg(context, st, KRB5_KDB_ACCESS_ERROR, \
+ "LDAP handle unavailable"); \
st = KRB5_KDB_ACCESS_ERROR; \
goto cleanup; \
} \
@@ -126,7 +127,7 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
if (st == 0 && mask == 0) { \
st = set_ldap_error(context, LDAP_OBJECT_CLASS_VIOLATION, OP_SEARCH); \
} \
- prepend_err_str(context, str, st, st); \
+ k5_prependmsg(context, st, str); \
goto cleanup; \
}
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index 16ac60b..d904c99 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -74,8 +74,8 @@ validate_context(krb5_context context, krb5_ldap_context *ctx)
ret = krb5_ldap_readpassword(context, ctx->service_password_file,
ctx->bind_dn, &ctx->bind_pwd);
if (ret) {
- prepend_err_str(context, _("Error reading password from stash: "),
- ret, ret);
+ k5_prependmsg(context, ret,
+ _("Error reading password from stash"));
return ret;
}
}
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
index 9cbde9a..1e6fffe 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
@@ -70,15 +70,13 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args)
status = krb5_ldap_parse_db_params(context, db_args);
if (status) {
- prepend_err_str(context, _("Error processing LDAP DB params:"),
- status, status);
+ k5_prependmsg(context, status, _("Error processing LDAP DB params"));
goto cleanup;
}
status = krb5_ldap_read_server_params(context, conf_section, KRB5_KDB_SRV_TYPE_ADMIN);
if (status) {
- prepend_err_str(context, _("Error reading LDAP server params:"),
- status, status);
+ k5_prependmsg(context, status, _("Error reading LDAP server params"));
goto cleanup;
}
status = krb5_ldap_db_init(context, ldap_context);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index df5934c..3e560d9 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -671,9 +671,8 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) {
int ost = st;
st = EINVAL;
- snprintf(errbuf, sizeof(errbuf), _("'%s' not found: "),
- xargs.containerdn);
- prepend_err_str(context, errbuf, st, ost);
+ k5_prependmsg(context, ost, st, _("'%s' not found"),
+ xargs.containerdn);
}
goto cleanup;
}
@@ -1324,8 +1323,7 @@ krb5_read_tkt_policy(krb5_context context, krb5_ldap_context *ldap_context,
if (policy != NULL) {
st = krb5_ldap_read_policy(context, policy, &tktpoldnparam, &omask);
if (st && st != KRB5_KDB_NOENTRY) {
- prepend_err_str(context, _("Error reading ticket policy. "), st,
- st);
+ k5_prependmsg(context, st, _("Error reading ticket policy"));
goto cleanup;
}
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
index e9fb3fa..0606278 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -291,8 +291,7 @@ krb5_ldap_delete_realm (krb5_context context, char *lrealm)
/* Delete all ticket policies */
{
if ((st = krb5_ldap_list_policy (context, ldap_context->lrparams->realmdn, &policy)) != 0) {
- prepend_err_str(context, _("Error reading ticket policy: "), st,
- st);
+ k5_prependmsg(context, st, _("Error reading ticket policy"));
goto cleanup;
}
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
index 7e93685..654a044 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -293,7 +293,7 @@ krb5_ldap_delete_policy(krb5_context context, char *policyname)
if (policyname == NULL) {
st = EINVAL;
- prepend_err_str(context, _("Ticket Policy Object DN missing"), st, st);
+ k5_prependmsg(context, st, _("Ticket Policy Object DN missing"));
goto cleanup;
}
@@ -313,15 +313,15 @@ krb5_ldap_delete_policy(krb5_context context, char *policyname)
if (refcount == 0) {
if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != 0) {
- prepend_err_str (context,ldap_err2string(st),st,st);
+ k5_prependmsg(context, st, "%s", ldap_err2string(st));
goto cleanup;
}
} else {
st = EINVAL;
- prepend_err_str(context,
- _("Delete Failed: One or more Principals associated "
- "with the Ticket Policy"), st, st);
+ k5_prependmsg(context, st,
+ _("Delete Failed: One or more Principals associated "
+ "with the Ticket Policy"));
goto cleanup;
}
@@ -428,8 +428,7 @@ krb5_ldap_list(krb5_context context, char ***list, char *objectclass,
/* check if the containerdn exists */
if (containerdn) {
if ((st=checkattributevalue(ld, containerdn, NULL, NULL, NULL)) != 0) {
- prepend_err_str(context, _("Error reading container object: "),
- st, st);
+ k5_prependmsg(context, st, _("Error reading container object"));
goto cleanup;
}
}
diff --git a/src/tests/t_ccache.py b/src/tests/t_ccache.py
index 43c15d4..ac13ef2 100644
--- a/src/tests/t_ccache.py
+++ b/src/tests/t_ccache.py
@@ -39,7 +39,7 @@ if ' not found' not in output:
# Test kinit with an inaccessible ccache.
out = realm.run([kinit, '-c', 'testdir/xx/yy', realm.user_princ],
input=(password('user') + '\n'), expected_code=1)
-if ' while storing credentials' not in out:
+if 'Failed to store credentials' not in out:
fail('Expected error message not seen in kinit output')
# Test klist -s with a single ccache.
More information about the cvs-krb5
mailing list