Try a little harder to avoid returning e-text that says "Generic error (see

e-text)" for out-of-range codes where we haven't explicitly decided to return a
vague error message.

* do_as_req.c (prepare_error_as): New argument, the error message text as
determined *before* possibly replacing the error code with "generic error".
(process_as_req): Fill it in based on 'status', or the error message
corresponding to the error code to be returned.
* do_tgs_req.c (prepare_error_tgs): New argument, the error message text as
determined *before* possibly replacing the error code with "generic error".
(process_tgs_req): Fill it in based on 'status', or the error message
corresponding to the error code to be returned.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14835 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 31 insertions, 25 deletions

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index b3a6a1a66..dfc427a9f 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,5 +1,16 @@
 2002-09-10  Ken Raeburn  <raeburn@mit.edu>
 
+	* do_as_req.c (prepare_error_as): New argument, the error message
+	text as determined *before* possibly replacing the error code with
+	"generic error".
+	(process_as_req): Fill it in based on 'status', or the error
+	message corresponding to the error code to be returned.
+	* do_tgs_req.c (prepare_error_tgs): New argument, the error
+	message text as determined *before* possibly replacing the error
+	code with "generic error".
+	(process_tgs_req): Fill it in based on 'status', or the error
+	message corresponding to the error code to be returned.
+
 	* network.c (process_packet): Call inet_ntop directly.
 	* sock2p.c: Deleted.
 	* Makefile.in (SRCS, OBJS): Drop it.
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 07bcf1745..83805d458 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -47,7 +47,7 @@
 #include "extern.h"
 
 static krb5_error_code prepare_error_as (krb5_kdc_req *, int, krb5_data *, 
-					 krb5_data **);
+					 krb5_data **, const char *);
 
 /*ARGSUSED*/
 krb5_error_code
@@ -439,11 +439,14 @@ errout:
 	       errcode ? ", " : "",
 	       errcode ? error_message(errcode) : "");
     if (errcode) {
+	if (status == 0)
+	    status = error_message (errcode);
 	errcode -= ERROR_TABLE_BASE_krb5;
 	if (errcode < 0 || errcode > 128)
 	    errcode = KRB_ERR_GENERIC;
 	    
-	errcode = prepare_error_as(request, errcode, &e_data, response);
+	errcode = prepare_error_as(request, errcode, &e_data, response,
+				   status);
     }
 
     krb5_free_keyblock_contents(kdc_context, &encrypting_key);
@@ -486,11 +489,8 @@ errout:
 }
 
 static krb5_error_code
-prepare_error_as (request, error, e_data, response)
-register krb5_kdc_req *request;
-int error;
-krb5_data *e_data;
-krb5_data **response;
+prepare_error_as (krb5_kdc_req *request, int error, krb5_data *e_data,
+		  krb5_data **response, const char *status)
 {
     krb5_error errpkt;
     krb5_error_code retval;
@@ -505,10 +505,10 @@ krb5_data **response;
     errpkt.error = error;
     errpkt.server = request->server;
     errpkt.client = request->client;
-    errpkt.text.length = strlen(error_message(error+KRB5KDC_ERR_NONE))+1;
+    errpkt.text.length = strlen(status)+1;
     if (!(errpkt.text.data = malloc(errpkt.text.length)))
 	return ENOMEM;
-    (void) strcpy(errpkt.text.data, error_message(error+KRB5KDC_ERR_NONE));
+    (void) strcpy(errpkt.text.data, status);
 
     if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
 	free(errpkt.text.data);
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 2cf8d82ea..923f8b575 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -50,7 +50,8 @@ static void find_alternate_tgs (krb5_kdc_req *, krb5_db_entry *,
 				krb5_boolean *, int *);
 
 static krb5_error_code prepare_error_tgs (krb5_kdc_req *, krb5_ticket *,
-					  int, const char *, krb5_data **);
+					  int, const char *, krb5_data **,
+					  const char *);
 
 /*ARGSUSED*/
 krb5_error_code
@@ -661,12 +662,14 @@ cleanup:
     }
     
     if (errcode) {
+	if (status == 0)
+	    status = error_message (errcode);
 	errcode -= ERROR_TABLE_BASE_krb5;
 	if (errcode < 0 || errcode > 128)
 	    errcode = KRB_ERR_GENERIC;
 	    
 	retval = prepare_error_tgs(request, header_ticket, errcode,
-				   fromstring, response);
+				   fromstring, response, status);
     }
     
     if (header_ticket)
@@ -688,12 +691,8 @@ cleanup:
 }
 
 static krb5_error_code
-prepare_error_tgs (request, ticket, error, ident, response)
-register krb5_kdc_req *request;
-krb5_ticket *ticket;
-int error;
-const char *ident;
-krb5_data **response;
+prepare_error_tgs (krb5_kdc_req *request, krb5_ticket *ticket, int error,
+		   const char *ident, krb5_data **response, const char *status)
 {
     krb5_error errpkt;
     krb5_error_code retval;
@@ -711,10 +710,10 @@ krb5_data **response;
 	errpkt.client = ticket->enc_part2->client;
     else
 	errpkt.client = 0;
-    errpkt.text.length = strlen(error_message(error+KRB5KDC_ERR_NONE))+1;
+    errpkt.text.length = strlen(status) + 1;
     if (!(errpkt.text.data = malloc(errpkt.text.length)))
 	return ENOMEM;
-    (void) strcpy(errpkt.text.data, error_message(error+KRB5KDC_ERR_NONE));
+    (void) strcpy(errpkt.text.data, status);
 
     if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
 	free(errpkt.text.data);
@@ -735,11 +734,8 @@ krb5_data **response;
  * some intermediate realm.
  */
 static void
-find_alternate_tgs(request, server, more, nprincs)
-krb5_kdc_req *request;
-krb5_db_entry *server;
-krb5_boolean *more;
-int *nprincs;
+find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
+		   krb5_boolean *more, int *nprincs)
 {
     krb5_error_code retval;
     krb5_principal *plist, *pl2;
@@ -817,4 +813,3 @@ int *nprincs;
     krb5_free_realm_tree(kdc_context, plist);
     return;
 }
-