diff options
| author | stas <stas@FreeBSD.org> | 2012-03-22 08:48:42 +0000 |
|---|---|---|
| committer | stas <stas@FreeBSD.org> | 2012-03-22 08:48:42 +0000 |
| commit | e7e0b349883e80d63c4e856f16351aaa6607766d (patch) | |
| tree | 5518cb944fa25f627a797b58451ccf506b720fcf /crypto/heimdal/lib/krb5/digest.c | |
| parent | e02fd6b8423e63f1fdbfc1f984d7c7291a1bacd1 (diff) | |
| parent | 2db247d3fc10ef5304f61dbd66448efff8cc6684 (diff) | |
| download | FreeBSD-src-e7e0b349883e80d63c4e856f16351aaa6607766d.zip FreeBSD-src-e7e0b349883e80d63c4e856f16351aaa6607766d.tar.gz | |
- Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
Diffstat (limited to 'crypto/heimdal/lib/krb5/digest.c')
| -rw-r--r-- | crypto/heimdal/lib/krb5/digest.c | 422 |
1 files changed, 224 insertions, 198 deletions
diff --git a/crypto/heimdal/lib/krb5/digest.c b/crypto/heimdal/lib/krb5/digest.c index 6e612ed..ef3267b 100644 --- a/crypto/heimdal/lib/krb5/digest.c +++ b/crypto/heimdal/lib/krb5/digest.c @@ -1,40 +1,41 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: digest.c 22156 2007-12-04 20:02:49Z lha $"); #include "digest_asn1.h" +#ifndef HEIMDAL_SMALLER + struct krb5_digest_data { char *cbtype; char *cbbinding; @@ -45,7 +46,7 @@ struct krb5_digest_data { DigestResponse response; }; -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_alloc(krb5_context context, krb5_digest *digest) { krb5_digest d; @@ -53,7 +54,7 @@ krb5_digest_alloc(krb5_context context, krb5_digest *digest) d = calloc(1, sizeof(*d)); if (d == NULL) { *digest = NULL; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest = d; @@ -61,7 +62,7 @@ krb5_digest_alloc(krb5_context context, krb5_digest *digest) return 0; } -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_digest_free(krb5_digest digest) { if (digest == NULL) @@ -75,14 +76,15 @@ krb5_digest_free(krb5_digest digest) return; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_server_cb(krb5_context context, krb5_digest digest, const char *type, const char *binding) { if (digest->init.channel) { - krb5_set_error_string(context, "server channel binding already set"); + krb5_set_error_message(context, EINVAL, + N_("server channel binding already set", "")); return EINVAL; } digest->init.channel = calloc(1, sizeof(*digest->init.channel)); @@ -94,54 +96,54 @@ krb5_digest_set_server_cb(krb5_context context, goto error; digest->init.channel->cb_binding = strdup(binding); - if (digest->init.channel->cb_binding == NULL) + if (digest->init.channel->cb_binding == NULL) goto error; return 0; -error: + error: if (digest->init.channel) { free(digest->init.channel->cb_type); free(digest->init.channel->cb_binding); free(digest->init.channel); digest->init.channel = NULL; } - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_type(krb5_context context, krb5_digest digest, const char *type) { if (digest->init.type) { - krb5_set_error_string(context, "client type already set"); + krb5_set_error_message(context, EINVAL, "client type already set"); return EINVAL; } digest->init.type = strdup(type); if (digest->init.type == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_hostname(krb5_context context, krb5_digest digest, const char *hostname) { if (digest->init.hostname) { - krb5_set_error_string(context, "server hostname already set"); + krb5_set_error_message(context, EINVAL, "server hostname already set"); return EINVAL; } digest->init.hostname = malloc(sizeof(*digest->init.hostname)); if (digest->init.hostname == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->init.hostname = strdup(hostname); if (*digest->init.hostname == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->init.hostname); digest->init.hostname = NULL; return ENOMEM; @@ -149,55 +151,55 @@ krb5_digest_set_hostname(krb5_context context, return 0; } -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_server_nonce(krb5_context context, krb5_digest digest) { return digest->initReply.nonce; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_server_nonce(krb5_context context, krb5_digest digest, const char *nonce) { if (digest->request.serverNonce) { - krb5_set_error_string(context, "nonce already set"); + krb5_set_error_message(context, EINVAL, N_("nonce already set", "")); return EINVAL; } digest->request.serverNonce = strdup(nonce); if (digest->request.serverNonce == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_opaque(krb5_context context, krb5_digest digest) { return digest->initReply.opaque; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_opaque(krb5_context context, krb5_digest digest, const char *opaque) { if (digest->request.opaque) { - krb5_set_error_string(context, "opaque already set"); + krb5_set_error_message(context, EINVAL, "opaque already set"); return EINVAL; } digest->request.opaque = strdup(opaque); if (digest->request.opaque == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_identifier(krb5_context context, krb5_digest digest) { @@ -206,23 +208,23 @@ krb5_digest_get_identifier(krb5_context context, return *digest->initReply.identifier; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_identifier(krb5_context context, krb5_digest digest, const char *id) { if (digest->request.identifier) { - krb5_set_error_string(context, "identifier already set"); + krb5_set_error_message(context, EINVAL, N_("identifier already set", "")); return EINVAL; } digest->request.identifier = calloc(1, sizeof(*digest->request.identifier)); if (digest->request.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.identifier = strdup(id); if (*digest->request.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.identifier); digest->request.identifier = NULL; return ENOMEM; @@ -242,7 +244,7 @@ digest_request(krb5_context context, DigestREP rep; krb5_error_code ret; krb5_data data, data2; - size_t size; + size_t size = 0; krb5_crypto crypto = NULL; krb5_auth_context ac = NULL; krb5_principal principal = NULL; @@ -272,7 +274,7 @@ digest_request(krb5_context context, * */ - ret = krb5_make_principal(context, &principal, + ret = krb5_make_principal(context, &principal, r, KRB5_DIGEST_NAME, r, NULL); if (ret) goto out; @@ -280,14 +282,14 @@ digest_request(krb5_context context, ASN1_MALLOC_ENCODE(DigestReqInner, data.data, data.length, ireq, &size, ret); if (ret) { - krb5_set_error_string(context, - "Failed to encode digest inner request"); + krb5_set_error_message(context, ret, + N_("Failed to encode digest inner request", "")); goto out; } if (size != data.length) krb5_abortx(context, "ASN.1 internal encoder error"); - ret = krb5_mk_req_exact(context, &ac, + ret = krb5_mk_req_exact(context, &ac, AP_OPTS_USE_SUBKEY|AP_OPTS_MUTUAL_REQUIRED, principal, NULL, id, &req.apReq); if (ret) @@ -300,8 +302,9 @@ digest_request(krb5_context context, if (ret) goto out; if (key == NULL) { - krb5_set_error_string(context, "Digest failed to get local subkey"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("Digest failed to get local subkey", "")); goto out; } @@ -312,7 +315,7 @@ digest_request(krb5_context context, } ret = krb5_encrypt_EncryptedData(context, crypto, usage, - data.data, data.length, 0, + data.data, data.length, 0, &req.innerReq); if (ret) goto out; @@ -322,7 +325,8 @@ digest_request(krb5_context context, ASN1_MALLOC_ENCODE(DigestREQ, data.data, data.length, &req, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode DigestREQest"); + krb5_set_error_message(context, ret, + N_("Failed to encode DigestREQest", "")); goto out; } if (size != data.length) @@ -334,7 +338,8 @@ digest_request(krb5_context context, ret = decode_DigestREP(data2.data, data2.length, &rep, NULL); if (ret) { - krb5_set_error_string(context, "Failed to parse digest response"); + krb5_set_error_message(context, ret, + N_("Failed to parse digest response", "")); goto out; } @@ -355,8 +360,8 @@ digest_request(krb5_context context, goto out; if (key == NULL) { ret = EINVAL; - krb5_set_error_string(context, - "Digest reply have no remote subkey"); + krb5_set_error_message(context, ret, + N_("Digest reply have no remote subkey", "")); goto out; } @@ -372,14 +377,15 @@ digest_request(krb5_context context, &rep.innerRep, &data); if (ret) goto out; - + ret = decode_DigestRepInner(data.data, data.length, irep, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode digest inner reply"); + krb5_set_error_message(context, ret, + N_("Failed to decode digest inner reply", "")); goto out; } -out: + out: if (ccache == NULL && id) krb5_cc_close(context, id); if (realm == NULL && r) @@ -400,7 +406,7 @@ out: return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_init_request(krb5_context context, krb5_digest digest, krb5_realm realm, @@ -414,7 +420,8 @@ krb5_digest_init_request(krb5_context context, memset(&irep, 0, sizeof(irep)); if (digest->init.type == NULL) { - krb5_set_error_string(context, "Type missing from init req"); + krb5_set_error_message(context, EINVAL, + N_("Type missing from init req", "")); return EINVAL; } @@ -427,49 +434,52 @@ krb5_digest_init_request(krb5_context context, goto out; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "Digest init error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, N_("Digest init error: %s", ""), + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_initReply) { - krb5_set_error_string(context, "digest reply not an initReply"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("digest reply not an initReply", "")); goto out; } ret = copy_DigestInitReply(&irep.u.initReply, &digest->initReply); if (ret) { - krb5_set_error_string(context, "Failed to copy initReply"); + krb5_set_error_message(context, ret, + N_("Failed to copy initReply", "")); goto out; } -out: + out: free_DigestRepInner(&irep); return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_client_nonce(krb5_context context, krb5_digest digest, const char *nonce) { if (digest->request.clientNonce) { - krb5_set_error_string(context, "clientNonce already set"); + krb5_set_error_message(context, EINVAL, + N_("clientNonce already set", "")); return EINVAL; } - digest->request.clientNonce = + digest->request.clientNonce = calloc(1, sizeof(*digest->request.clientNonce)); if (digest->request.clientNonce == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.clientNonce = strdup(nonce); if (*digest->request.clientNonce == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.clientNonce); digest->request.clientNonce = NULL; return ENOMEM; @@ -477,57 +487,58 @@ krb5_digest_set_client_nonce(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_digest(krb5_context context, krb5_digest digest, const char *dgst) { if (digest->request.digest) { - krb5_set_error_string(context, "digest already set"); + krb5_set_error_message(context, EINVAL, + N_("digest already set", "")); return EINVAL; } digest->request.digest = strdup(dgst); if (digest->request.digest == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_username(krb5_context context, krb5_digest digest, const char *username) { if (digest->request.username) { - krb5_set_error_string(context, "username already set"); + krb5_set_error_message(context, EINVAL, "username already set"); return EINVAL; } digest->request.username = strdup(username); if (digest->request.username == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_authid(krb5_context context, krb5_digest digest, const char *authid) { if (digest->request.authid) { - krb5_set_error_string(context, "authid already set"); + krb5_set_error_message(context, EINVAL, "authid already set"); return EINVAL; } digest->request.authid = malloc(sizeof(*digest->request.authid)); if (digest->request.authid == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.authid = strdup(authid); if (*digest->request.authid == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.authid); digest->request.authid = NULL; return ENOMEM; @@ -535,7 +546,7 @@ krb5_digest_set_authid(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_authentication_user(krb5_context context, krb5_digest digest, krb5_principal authentication_user) @@ -543,36 +554,35 @@ krb5_digest_set_authentication_user(krb5_context context, krb5_error_code ret; if (digest->request.authentication_user) { - krb5_set_error_string(context, "authentication_user already set"); + krb5_set_error_message(context, EINVAL, + N_("authentication_user already set", "")); return EINVAL; } ret = krb5_copy_principal(context, authentication_user, &digest->request.authentication_user); - if (digest->request.authentication_user == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } + if (ret) + return ret; return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_realm(krb5_context context, krb5_digest digest, const char *realm) { if (digest->request.realm) { - krb5_set_error_string(context, "realm already set"); + krb5_set_error_message(context, EINVAL, "realm already set"); return EINVAL; } digest->request.realm = malloc(sizeof(*digest->request.realm)); if (digest->request.realm == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.realm = strdup(realm); if (*digest->request.realm == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.realm); digest->request.realm = NULL; return ENOMEM; @@ -580,23 +590,24 @@ krb5_digest_set_realm(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_method(krb5_context context, krb5_digest digest, const char *method) { if (digest->request.method) { - krb5_set_error_string(context, "method already set"); + krb5_set_error_message(context, EINVAL, + N_("method already set", "")); return EINVAL; } digest->request.method = malloc(sizeof(*digest->request.method)); if (digest->request.method == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.method = strdup(method); if (*digest->request.method == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.method); digest->request.method = NULL; return ENOMEM; @@ -604,23 +615,23 @@ krb5_digest_set_method(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_uri(krb5_context context, krb5_digest digest, const char *uri) { if (digest->request.uri) { - krb5_set_error_string(context, "uri already set"); + krb5_set_error_message(context, EINVAL, N_("uri already set", "")); return EINVAL; } digest->request.uri = malloc(sizeof(*digest->request.uri)); if (digest->request.uri == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.uri = strdup(uri); if (*digest->request.uri == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.uri); digest->request.uri = NULL; return ENOMEM; @@ -628,24 +639,25 @@ krb5_digest_set_uri(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_nonceCount(krb5_context context, krb5_digest digest, const char *nonce_count) { if (digest->request.nonceCount) { - krb5_set_error_string(context, "nonceCount already set"); + krb5_set_error_message(context, EINVAL, + N_("nonceCount already set", "")); return EINVAL; } - digest->request.nonceCount = + digest->request.nonceCount = malloc(sizeof(*digest->request.nonceCount)); if (digest->request.nonceCount == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.nonceCount = strdup(nonce_count); if (*digest->request.nonceCount == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.nonceCount); digest->request.nonceCount = NULL; return ENOMEM; @@ -653,23 +665,23 @@ krb5_digest_set_nonceCount(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_qop(krb5_context context, krb5_digest digest, const char *qop) { if (digest->request.qop) { - krb5_set_error_string(context, "qop already set"); + krb5_set_error_message(context, EINVAL, "qop already set"); return EINVAL; } digest->request.qop = malloc(sizeof(*digest->request.qop)); if (digest->request.qop == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.qop = strdup(qop); if (*digest->request.qop == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.qop); digest->request.qop = NULL; return ENOMEM; @@ -677,20 +689,20 @@ krb5_digest_set_qop(krb5_context context, return 0; } -int +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_digest_set_responseData(krb5_context context, krb5_digest digest, const char *response) { digest->request.responseData = strdup(response); if (digest->request.responseData == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_request(krb5_context context, krb5_digest digest, krb5_realm realm, @@ -708,14 +720,17 @@ krb5_digest_request(krb5_context context, if (digest->request.type == NULL) { if (digest->init.type == NULL) { - krb5_set_error_string(context, "Type missing from req"); + krb5_set_error_message(context, EINVAL, + N_("Type missing from req", "")); return EINVAL; } ireq.u.digestRequest.type = digest->init.type; } - if (ireq.u.digestRequest.digest == NULL) - ireq.u.digestRequest.digest = "md5"; + if (ireq.u.digestRequest.digest == NULL) { + static char md5[] = "md5"; + ireq.u.digestRequest.digest = md5; + } ret = digest_request(context, realm, ccache, KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep); @@ -723,38 +738,41 @@ krb5_digest_request(krb5_context context, return ret; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "Digest response error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, + N_("Digest response error: %s", ""), + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_response) { - krb5_set_error_string(context, "digest reply not an DigestResponse"); + krb5_set_error_message(context, EINVAL, + N_("digest reply not an DigestResponse", "")); ret = EINVAL; goto out; } ret = copy_DigestResponse(&irep.u.response, &digest->response); if (ret) { - krb5_set_error_string(context, "Failed to copy initReply"); + krb5_set_error_message(context, ret, + N_("Failed to copy initReply,", "")); goto out; } -out: + out: free_DigestRepInner(&irep); return ret; } -krb5_boolean -krb5_digest_rep_get_status(krb5_context context, +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_digest_rep_get_status(krb5_context context, krb5_digest digest) { return digest->response.success ? TRUE : FALSE; } -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_rsp(krb5_context context, krb5_digest digest) { @@ -763,7 +781,7 @@ krb5_digest_get_rsp(krb5_context context, return *digest->response.rsp; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_tickets(krb5_context context, krb5_digest digest, Ticket **tickets) @@ -773,7 +791,7 @@ krb5_digest_get_tickets(krb5_context context, } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_client_binding(krb5_context context, krb5_digest digest, char **type, @@ -785,7 +803,7 @@ krb5_digest_get_client_binding(krb5_context context, if (*type == NULL || *binding == NULL) { free(*type); free(*binding); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } } else { @@ -795,7 +813,7 @@ krb5_digest_get_client_binding(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_session_key(krb5_context context, krb5_digest digest, krb5_data *data) @@ -807,7 +825,7 @@ krb5_digest_get_session_key(krb5_context context, return 0; ret = der_copy_octet_string(digest->response.session_key, data); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } @@ -819,19 +837,19 @@ struct krb5_ntlm_data { NTLMResponse response; }; -krb5_error_code -krb5_ntlm_alloc(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_alloc(krb5_context context, krb5_ntlm *ntlm) { *ntlm = calloc(1, sizeof(**ntlm)); if (*ntlm == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_free(krb5_context context, krb5_ntlm ntlm) { free_NTLMInit(&ntlm->init); @@ -844,8 +862,8 @@ krb5_ntlm_free(krb5_context context, krb5_ntlm ntlm) } -krb5_error_code -krb5_ntlm_init_request(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_init_request(krb5_context context, krb5_ntlm ntlm, krb5_realm realm, krb5_ccache ccache, @@ -879,31 +897,33 @@ krb5_ntlm_init_request(krb5_context context, goto out; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "Digest init error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, N_("Digest init error: %s", ""), + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_ntlmInitReply) { - krb5_set_error_string(context, "ntlm reply not an initReply"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("ntlm reply not an initReply", "")); goto out; } ret = copy_NTLMInitReply(&irep.u.ntlmInitReply, &ntlm->initReply); if (ret) { - krb5_set_error_string(context, "Failed to copy initReply"); + krb5_set_error_message(context, ret, + N_("Failed to copy initReply", "")); goto out; } -out: + out: free_DigestRepInner(&irep); return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_flags(krb5_context context, krb5_ntlm ntlm, uint32_t *flags) @@ -912,7 +932,7 @@ krb5_ntlm_init_get_flags(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_challange(krb5_context context, krb5_ntlm ntlm, krb5_data *challange) @@ -921,12 +941,12 @@ krb5_ntlm_init_get_challange(krb5_context context, ret = der_copy_octet_string(&ntlm->initReply.challange, challange); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_opaque(krb5_context context, krb5_ntlm ntlm, krb5_data *opaque) @@ -935,25 +955,25 @@ krb5_ntlm_init_get_opaque(krb5_context context, ret = der_copy_octet_string(&ntlm->initReply.opaque, opaque); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_targetname(krb5_context context, krb5_ntlm ntlm, char **name) { *name = strdup(ntlm->initReply.targetname); if (*name == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_targetinfo(krb5_context context, krb5_ntlm ntlm, krb5_data *data) @@ -969,14 +989,14 @@ krb5_ntlm_init_get_targetinfo(krb5_context context, ntlm->initReply.targetinfo->data, ntlm->initReply.targetinfo->length); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_request(krb5_context context, krb5_ntlm ntlm, krb5_realm realm, @@ -998,32 +1018,35 @@ krb5_ntlm_request(krb5_context context, return ret; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "NTLM response error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, + N_("NTLM response error: %s", ""), + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_ntlmResponse) { - krb5_set_error_string(context, "NTLM reply not an NTLMResponse"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("NTLM reply not an NTLMResponse", "")); goto out; } ret = copy_NTLMResponse(&irep.u.ntlmResponse, &ntlm->response); if (ret) { - krb5_set_error_string(context, "Failed to copy NTLMResponse"); + krb5_set_error_message(context, ret, + N_("Failed to copy NTLMResponse", "")); goto out; } -out: + out: free_DigestRepInner(&irep); return ret; } -krb5_error_code -krb5_ntlm_req_set_flags(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_flags(krb5_context context, krb5_ntlm ntlm, uint32_t flags) { @@ -1031,40 +1054,40 @@ krb5_ntlm_req_set_flags(krb5_context context, return 0; } -krb5_error_code -krb5_ntlm_req_set_username(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_username(krb5_context context, krb5_ntlm ntlm, const char *username) { ntlm->request.username = strdup(username); if (ntlm->request.username == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code -krb5_ntlm_req_set_targetname(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_targetname(krb5_context context, krb5_ntlm ntlm, const char *targetname) { ntlm->request.targetname = strdup(targetname); if (ntlm->request.targetname == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code -krb5_ntlm_req_set_lm(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_lm(krb5_context context, krb5_ntlm ntlm, void *hash, size_t len) { ntlm->request.lm.data = malloc(len); - if (ntlm->request.lm.data == NULL) { - krb5_set_error_string(context, "out of memory"); + if (ntlm->request.lm.data == NULL && len != 0) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ntlm->request.lm.length = len; @@ -1072,14 +1095,14 @@ krb5_ntlm_req_set_lm(krb5_context context, return 0; } -krb5_error_code -krb5_ntlm_req_set_ntlm(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_ntlm(krb5_context context, krb5_ntlm ntlm, void *hash, size_t len) { ntlm->request.ntlm.data = malloc(len); - if (ntlm->request.ntlm.data == NULL) { - krb5_set_error_string(context, "out of memory"); + if (ntlm->request.ntlm.data == NULL && len != 0) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ntlm->request.ntlm.length = len; @@ -1087,14 +1110,14 @@ krb5_ntlm_req_set_ntlm(krb5_context context, return 0; } -krb5_error_code -krb5_ntlm_req_set_opaque(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_opaque(krb5_context context, krb5_ntlm ntlm, krb5_data *opaque) { ntlm->request.opaque.data = malloc(opaque->length); - if (ntlm->request.opaque.data == NULL) { - krb5_set_error_string(context, "out of memory"); + if (ntlm->request.opaque.data == NULL && opaque->length != 0) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ntlm->request.opaque.length = opaque->length; @@ -1102,19 +1125,19 @@ krb5_ntlm_req_set_opaque(krb5_context context, return 0; } -krb5_error_code -krb5_ntlm_req_set_session(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_session(krb5_context context, krb5_ntlm ntlm, void *sessionkey, size_t length) { ntlm->request.sessionkey = calloc(1, sizeof(*ntlm->request.sessionkey)); if (ntlm->request.sessionkey == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ntlm->request.sessionkey->data = malloc(length); - if (ntlm->request.sessionkey->data == NULL) { - krb5_set_error_string(context, "out of memory"); + if (ntlm->request.sessionkey->data == NULL && length != 0) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(ntlm->request.sessionkey->data, sessionkey, length); @@ -1122,23 +1145,24 @@ krb5_ntlm_req_set_session(krb5_context context, return 0; } -krb5_boolean -krb5_ntlm_rep_get_status(krb5_context context, +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_ntlm_rep_get_status(krb5_context context, krb5_ntlm ntlm) { return ntlm->response.success ? TRUE : FALSE; } -krb5_error_code -krb5_ntlm_rep_get_sessionkey(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_rep_get_sessionkey(krb5_context context, krb5_ntlm ntlm, krb5_data *data) { if (ntlm->response.sessionkey == NULL) { - krb5_set_error_string(context, "no ntlm session key"); + krb5_set_error_message(context, EINVAL, + N_("no ntlm session key", "")); return EINVAL; } - krb5_clear_error_string(context); + krb5_clear_error_message(context); return krb5_data_copy(data, ntlm->response.sessionkey->data, ntlm->response.sessionkey->length); @@ -1157,7 +1181,7 @@ krb5_ntlm_rep_get_sessionkey(krb5_context context, * @ingroup krb5_digest */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_probe(krb5_context context, krb5_realm realm, krb5_ccache ccache, @@ -1178,22 +1202,24 @@ krb5_digest_probe(krb5_context context, goto out; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "Digest probe error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, "Digest probe error: %s", + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_supportedMechs) { - krb5_set_error_string(context, "Digest reply not an probe"); ret = EINVAL; + krb5_set_error_message(context, ret, "Digest reply not an probe"); goto out; } *flags = DigestTypes2int(irep.u.supportedMechs); -out: + out: free_DigestRepInner(&irep); return ret; } + +#endif /* HEIMDAL_SMALLER */ |
