diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2007-09-05 00:12:30 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2007-09-05 00:12:30 +0000 |
| commit | 7868a34cad0e5944f2144f734960ca78e9b4cf8b (patch) | |
| tree | bb4263e3bc11d6568395324454860194961b162f /src/lib/rpc | |
| parent | f403c41393f37d9e903957c680671cae9ca328dc (diff) | |
| download | krb5-7868a34cad0e5944f2144f734960ca78e9b4cf8b.zip krb5-7868a34cad0e5944f2144f734960ca78e9b4cf8b.tar.gz krb5-7868a34cad0e5944f2144f734960ca78e9b4cf8b.tar.bz2 | |
Rework error-mapping code to preserve status code values when returned
by only one mechanism. Revert RPC code to relying on this.
Build error-mapping code on a bidirectional map instead of a simple
array. When a status code is returned but has been seen returned from
a different mechanism already, generate a new number, starting at
100,000.
Use gssrpcint_printf for some more debugging code.
ticket: 5654
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19919 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/rpc')
| -rw-r--r-- | src/lib/rpc/auth_gssapi.c | 3 | ||||
| -rw-r--r-- | src/lib/rpc/svc_auth_gssapi.c | 12 |
2 files changed, 6 insertions, 9 deletions
diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c index 3d6e6fe..bd185bc 100644 --- a/src/lib/rpc/auth_gssapi.c +++ b/src/lib/rpc/auth_gssapi.c @@ -22,7 +22,8 @@ #ifdef DEBUG_GSSAPI int auth_debug_gssapi = DEBUG_GSSAPI; -#define L_PRINTF(l,args) if (auth_debug_gssapi >= l) printf args +extern void gssrpcint_printf(const char *format, ...); +#define L_PRINTF(l,args) if (auth_debug_gssapi >= l) gssrpcint_printf args #define PRINTF(args) L_PRINTF(99, args) #define AUTH_GSSAPI_DISPLAY_STATUS(args) \ if (auth_debug_gssapi) auth_gssapi_display_status args diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c index cb1e8f9..f899c89 100644 --- a/src/lib/rpc/svc_auth_gssapi.c +++ b/src/lib/rpc/svc_auth_gssapi.c @@ -402,8 +402,8 @@ enum auth_stat gssrpc__svcauth_gssapi( if (server_creds == client_data->server_creds) break; - gssrpcint_printf("accept_sec_context returned 0x%x 0x%x\n", - call_res.gss_major, call_res.gss_minor); + PRINTF(("accept_sec_context returned 0x%x 0x%x wrong-princ=%#x\n", + call_res.gss_major, call_res.gss_minor, KRB5KRB_AP_WRONG_PRINC)); if (call_res.gss_major == GSS_S_COMPLETE || call_res.gss_major == GSS_S_CONTINUE_NEEDED) { /* server_creds was right, set it! */ @@ -419,12 +419,8 @@ enum auth_stat gssrpc__svcauth_gssapi( * returning a "wrong principal in request" * error */ -#if 0 /* old */ || ((krb5_error_code) call_res.gss_minor != (krb5_error_code) KRB5KRB_AP_WRONG_PRINC) -#else - || (call_res.gss_minor <= 0 || call_res.gss_minor > 3) -#endif #endif ) { break; @@ -437,8 +433,8 @@ enum auth_stat gssrpc__svcauth_gssapi( /* done with call args */ xdr_free(xdr_authgssapi_init_arg, &call_arg); - PRINTF(("svcauth_gssapi: accept_sec_context returned %#x\n", - call_res.gss_major)); + PRINTF(("svcauth_gssapi: accept_sec_context returned %#x %#x\n", + call_res.gss_major, call_res.gss_minor)); if (call_res.gss_major != GSS_S_COMPLETE && call_res.gss_major != GSS_S_CONTINUE_NEEDED) { AUTH_GSSAPI_DISPLAY_STATUS(("accepting context", |