diff options
author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2008-07-23 15:04:26 +0000 |
---|---|---|
committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2008-07-23 15:04:26 +0000 |
commit | 0b4a03f2df21bfc7c00fdf6b0a8d6f5b5b77b524 (patch) | |
tree | b770866eeb554adaca9efc035e4a509d452edb00 /src/windows | |
parent | 126ad3e2d030651876308ff9a0ec0a0f3686d421 (diff) | |
download | krb5-0b4a03f2df21bfc7c00fdf6b0a8d6f5b5b77b524.zip krb5-0b4a03f2df21bfc7c00fdf6b0a8d6f5b5b77b524.tar.gz krb5-0b4a03f2df21bfc7c00fdf6b0a8d6f5b5b77b524.tar.bz2 |
This patch modifies the NIM Kerberos v5 plug-in to use the
krb5_get_error_message() function to look up the error string
if the call to krb5_get_init_creds_password() fails. If the call
to krb5_get_error_message() fails, the caller will failover to
the previous method of looking up a suitable error message based
on the error code.
ticket: 5745
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20572 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/windows')
-rw-r--r-- | src/windows/identity/plugins/krb5/krb5funcs.c | 17 | ||||
-rw-r--r-- | src/windows/identity/plugins/krb5/krb5funcs.h | 3 | ||||
-rw-r--r-- | src/windows/identity/plugins/krb5/krb5newcreds.c | 51 | ||||
-rw-r--r-- | src/windows/identity/plugins/krb5/krbcred.h | 1 |
4 files changed, 64 insertions, 8 deletions
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c index 8d0de12..efab36e 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ b/src/windows/identity/plugins/krb5/krb5funcs.c @@ -1357,7 +1357,8 @@ khm_krb5_kinit(krb5_context alt_ctx, DWORD addressless, DWORD publicIP, krb5_prompter_fct prompter, - void * p_data) + void * p_data, + char ** pp_error_message) { krb5_error_code code = 0; krb5_context ctx = NULL; @@ -1387,6 +1388,8 @@ khm_krb5_kinit(krb5_context alt_ctx, goto cleanup; } + pkrb5_clear_error_message(ctx); + if (ccache) { _reportf(L"Using supplied ccache name %S", ccache); code = pkrb5_cc_resolve(ctx, ccache, &cc); @@ -1523,6 +1526,18 @@ khm_krb5_kinit(krb5_context alt_ctx, if (code) goto cleanup; cleanup: + if (pp_error_message) { + const char * em; + + em = pkrb5_get_error_message(ctx, code); + if (em == NULL) { + *pp_error_message = NULL; + } else { + *pp_error_message = _strdup(em); + pkrb5_free_error_message(ctx, em); + } + } + if ( addrs ) { for ( i=0;i<addr_count;i++ ) { if ( addrs[i] ) { diff --git a/src/windows/identity/plugins/krb5/krb5funcs.h b/src/windows/identity/plugins/krb5/krb5funcs.h index 990db26..62e4bd5 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.h +++ b/src/windows/identity/plugins/krb5/krb5funcs.h @@ -123,7 +123,8 @@ khm_krb5_kinit(krb5_context alt_ctx, DWORD addressless, DWORD publicIP, krb5_prompter_fct prompter, - void * p_data); + void * p_data, + char ** pp_error_message); long khm_krb5_changepwd(char * principal, diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c index 6b64302..48c10a4 100644 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ b/src/windows/identity/plugins/krb5/krb5newcreds.c @@ -633,8 +633,15 @@ k5_kinit_fiber_proc(PVOID lpParameter) while(TRUE) { if(g_fjob.command == FIBER_CMD_KINIT) { + char * error_msg = NULL; + g_fjob.state = FIBER_STATE_KINIT; + if (g_fjob.error_message) { + PFREE(g_fjob.error_message); + g_fjob.error_message = NULL; + } + g_fjob.prompt_set = 0; if (k5_cached_kinit_prompter()) { @@ -670,6 +677,11 @@ k5_kinit_fiber_proc(PVOID lpParameter) g_fjob.renewable); retry_kinit: + if (error_msg) { + free(error_msg); + error_msg = NULL; + } + g_fjob.code = khm_krb5_kinit(0, g_fjob.principal, @@ -682,7 +694,8 @@ k5_kinit_fiber_proc(PVOID lpParameter) g_fjob.addressless, g_fjob.publicIP, k5_kinit_prompter, - &g_fjob); + &g_fjob, + &error_msg); /* If the principal was found to be valid, and if we restricted the options that were being passed to kinit, @@ -695,6 +708,17 @@ k5_kinit_fiber_proc(PVOID lpParameter) g_fjob.state = FIBER_STATE_KINIT; goto retry_kinit; } + + if (error_msg) { + wchar_t tmp[1024]; + + if (AnsiStrToUnicode(tmp, sizeof(tmp), error_msg)) { + g_fjob.error_message = PWCSDUP(tmp); + } + + free(error_msg); + error_msg = NULL; + } } _switch_to_main: @@ -1489,6 +1513,9 @@ k5_free_kinit_job(void) if (g_fjob.ccache) PFREE(g_fjob.ccache); + if (g_fjob.error_message) + PFREE(g_fjob.error_message); + ZeroMemory(&g_fjob, sizeof(g_fjob)); } @@ -1625,7 +1652,7 @@ k5_find_tgt_filter(khm_handle cred, khm_int32 rv; if (KHM_SUCCEEDED(kcdb_cred_get_identity(cred, - &cident)) && + &cident)) && cident == ident && KHM_SUCCEEDED(kcdb_cred_get_flags(cred, &f)) && (f & KCDB_CRED_FLAG_INITIAL) && @@ -2108,6 +2135,11 @@ k5_msg_cred_dialog(khm_int32 msg_type, d->cred_message = NULL; } + if (g_fjob.error_message) { + StringCbCopy(msg, sizeof(msg), g_fjob.error_message); + goto have_message; + } + msg[0] = L'\0'; switch(g_fjob.code) { @@ -2151,6 +2183,8 @@ k5_msg_cred_dialog(khm_int32 msg_type, } } + have_message: + if (msg[0]) { StringCbLength(msg, sizeof(msg), &cb); cb += sizeof(wchar_t); @@ -2312,11 +2346,15 @@ k5_msg_cred_dialog(khm_int32 msg_type, if(g_fjob.code != 0) { wchar_t tbuf[1024]; - DWORD suggestion; + DWORD suggestion = 0; kherr_suggestion suggest_code; - khm_err_describe(g_fjob.code, tbuf, sizeof(tbuf), - &suggestion, &suggest_code); + if (g_fjob.error_message) { + StringCbCopy(tbuf, sizeof(tbuf), g_fjob.error_message); + } else { + khm_err_describe(g_fjob.code, tbuf, sizeof(tbuf), + &suggestion, &suggest_code); + } _report_cs0(KHERR_ERROR, tbuf); if (suggestion != 0) @@ -2691,7 +2729,8 @@ k5_msg_cred_dialog(khm_int32 msg_type, d->addressless, /* addressless */ d->publicIP, /* public IP */ NULL, /* prompter */ - NULL /* prompter data */); + NULL, /* prompter data */ + NULL /* error message */); if (code) { rv = KHM_ERROR_UNKNOWN; diff --git a/src/windows/identity/plugins/krb5/krbcred.h b/src/windows/identity/plugins/krb5/krbcred.h index a194343..ddc745c 100644 --- a/src/windows/identity/plugins/krb5/krbcred.h +++ b/src/windows/identity/plugins/krb5/krbcred.h @@ -171,6 +171,7 @@ typedef struct _fiber_job_t { int code; int state; int prompt_set; + wchar_t *error_message; BOOL null_password; BOOL valid_principal; |