diff options
author | Greg Hudson <ghudson@mit.edu> | 2015-07-29 11:46:19 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2015-07-29 16:48:45 -0400 |
commit | 7746beda3b0312216ac3ffa18fa3179f252b15f4 (patch) | |
tree | 8f1eec9c2c697ea054342a10953ddc61d902d373 /src/lib | |
parent | 997eb174f5fd81747ad0ecb671f00c25951931b1 (diff) | |
download | krb5-7746beda3b0312216ac3ffa18fa3179f252b15f4.zip krb5-7746beda3b0312216ac3ffa18fa3179f252b15f4.tar.gz krb5-7746beda3b0312216ac3ffa18fa3179f252b15f4.tar.bz2 |
Improve krb5_cccol_have_content() error messages
If we encounter any errors during krb5_cccol_have_content(), preserve
the message for the first one and wrap it. If we do not encounter any
errors, report the default ccache name. Based on a patch from Nico
Williams.
ticket: 8225 (new)
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/krb5/ccache/cccursor.c | 54 |
1 files changed, 46 insertions, 8 deletions
diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c index 021a49f..281f128 100644 --- a/src/lib/krb5/ccache/cccursor.c +++ b/src/lib/krb5/ccache/cccursor.c @@ -29,6 +29,7 @@ */ #include "cc-int.h" +#include "../krb/int-proto.h" #include <assert.h> @@ -219,24 +220,49 @@ krb5_cc_cache_match(krb5_context context, krb5_principal client, return ret; } +/* Store the error state for code from context into errsave, but only if code + * indicates an error and errsave is empty. */ +static void +save_first_error(krb5_context context, krb5_error_code code, + struct errinfo *errsave) +{ + if (code && code != KRB5_CC_END && !errsave->code) + k5_save_ctx_error(context, code, errsave); +} + krb5_error_code KRB5_CALLCONV krb5_cccol_have_content(krb5_context context) { + krb5_error_code ret; krb5_cccol_cursor col_cursor; krb5_cc_cursor cache_cursor; krb5_ccache cache; krb5_creds creds; krb5_boolean found = FALSE; + struct errinfo errsave = EMPTY_ERRINFO; + const char *defname; - if (krb5_cccol_cursor_new(context, &col_cursor)) + ret = krb5_cccol_cursor_new(context, &col_cursor); + save_first_error(context, ret, &errsave); + if (ret) goto no_entries; - while (!found && !krb5_cccol_cursor_next(context, col_cursor, &cache) && - cache != NULL) { - if (krb5_cc_start_seq_get(context, cache, &cache_cursor)) + while (!found) { + ret = krb5_cccol_cursor_next(context, col_cursor, &cache); + save_first_error(context, ret, &errsave); + if (ret || cache == NULL) + break; + + ret = krb5_cc_start_seq_get(context, cache, &cache_cursor); + save_first_error(context, ret, &errsave); + if (ret) continue; - while (!found && - !krb5_cc_next_cred(context, cache, &cache_cursor, &creds)) { + while (!found) { + ret = krb5_cc_next_cred(context, cache, &cache_cursor, &creds); + save_first_error(context, ret, &errsave); + if (ret) + break; + if (!krb5_is_config_principal(context, creds.server)) found = TRUE; krb5_free_cred_contents(context, &creds); @@ -249,7 +275,19 @@ krb5_cccol_have_content(krb5_context context) return 0; no_entries: - k5_setmsg(context, KRB5_CC_NOTFOUND, - _("No Kerberos credentials available")); + if (errsave.code) { + /* Report the first error we encountered. */ + ret = k5_restore_ctx_error(context, &errsave); + k5_wrapmsg(context, ret, KRB5_CC_NOTFOUND, + _("No Kerberos credentials available")); + } else { + /* Report the default cache name. */ + defname = krb5_cc_default_name(context); + if (defname != NULL) { + k5_setmsg(context, KRB5_CC_NOTFOUND, + _("No Kerberos credentials available " + "(default cache: %s)"), defname); + } + } return KRB5_CC_NOTFOUND; } |