diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2007-08-16 22:55:06 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2007-08-16 22:55:06 +0000 |
| commit | c15ec7751a7d7c1d97dbeb1dd88dda2a328515e0 (patch) | |
| tree | 824bd8c158b1c5b72913515953c7e8576399d912 /src/lib/gssapi/gss_libinit.c | |
| parent | 9db2f5eb745287654117e70032d05dd9f5a91a3f (diff) | |
| download | krb5-c15ec7751a7d7c1d97dbeb1dd88dda2a328515e0.tar.gz krb5-c15ec7751a7d7c1d97dbeb1dd88dda2a328515e0.tar.xz krb5-c15ec7751a7d7c1d97dbeb1dd88dda2a328515e0.zip | |
remap mechanism-specific status codes in mechglue/spnego
This patch creates a mapping in the mechglue/spnego code to modify
mechanism status codes when passing them back to the application, so
that mechglue's display_status dispatcher can determine the correct
mechanism to dispatch to.
This is part of the "get enhanced error messages from gssapi
applications" project; ticket 5590 has updates to the Kerberos 5
mechanism to extract enhanced error messages (when there are any) from
the Kerberos library.
util/gen.pl, util/t_*.pm: New code generation script and templates.
lib/gssapi/generic: Add a new, global mapping that enumerates the
{mechOID,status} pairs as they're seen, allowing a magic mechOID value
to indicate com_err error codes from mechglue and spnego, and
reserving status code 0 for unknown errors. Preload the Kerberos
"wrong principal" error code once for each mechanism OID used for
Kerberos, so the entries get fixed positions (1-3) in the table.
lib/gssapi/gss_libinit.c: Call the initializer and destructor
functions.
lib/gssapi/mechglue, lib/gssapi/spnego: Enter all mechanism-generated
or locally-generated status codes into the mapping table, and return
the table index to the application. Do the reverse in display_status,
to get the messages from the mechanism..
lib/rpc: Define new function gssrpcint_printf to use for debugging
instead of printf, to redirect output away from dejagnu; add a couple
more debugging calls. Check for minor status codes 1-3 now instead of
KRB5KRB_AP_WRONG_PRINC.
tests/dejagnu/krb-standalone/gssftp.exp: Test getting more detailed
error messages back, by having the ftp client attempt to authenticate
to a non-existent service, and examining the error message for the
service principal name.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19831 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/gss_libinit.c')
| -rw-r--r-- | src/lib/gssapi/gss_libinit.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/gssapi/gss_libinit.c b/src/lib/gssapi/gss_libinit.c index b96eb9e7aa..bb90857132 100644 --- a/src/lib/gssapi/gss_libinit.c +++ b/src/lib/gssapi/gss_libinit.c @@ -44,6 +44,9 @@ int gssint_lib_init(void) krb5_gss_delete_error_info); if (err) return err; + err = gssint_mecherrmap_init(); + if (err) + return err; #ifndef _WIN32 err = k5_mutex_finish_init(&kg_kdc_flag_mutex); if (err) @@ -74,6 +77,7 @@ void gssint_lib_fini(void) k5_mutex_destroy(&kg_kdc_flag_mutex); #endif k5_mutex_destroy(&gssint_krb5_keytab_lock); + gssint_mecherrmap_destroy(); gssint_mechglue_fini(); } |