From a7b5808b5df9e54ef8a8a7ac24e5faad458ddbce Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 24 May 2014 12:15:32 -0400 Subject: Use k5_setmsg Replace most calls to krb5_set_error_message with k5_setmsg for brevity. Leave alone plugin sources where we don't include k5-int.h (mostly PKINIT). --- src/kdc/fast_util.c | 40 +++++------ src/kdc/kdc_preauth_ec.c | 10 ++- src/kdc/kdc_util.c | 4 +- src/lib/gssapi/krb5/acquire_cred.c | 5 +- src/lib/gssapi/krb5/disp_status.c | 2 +- src/lib/kadm5/alt_prof.c | 7 +- src/lib/kadm5/srv/pwqual_empty.c | 6 +- src/lib/kadm5/srv/pwqual_hesiod.c | 7 +- src/lib/kadm5/srv/pwqual_princ.c | 6 +- src/lib/kadm5/srv/server_kdb.c | 4 +- src/lib/kdb/kdb5.c | 40 +++++------ src/lib/kdb/kdb_default.c | 34 +++++---- src/lib/krb5/ccache/cc_dir.c | 35 +++++---- src/lib/krb5/ccache/cc_file.c | 11 ++- src/lib/krb5/ccache/cc_keyring.c | 11 ++- src/lib/krb5/ccache/cccursor.c | 10 +-- src/lib/krb5/keytab/kt_file.c | 23 +++--- src/lib/krb5/keytab/ktfns.c | 4 +- src/lib/krb5/krb/authdata_dec.c | 4 +- src/lib/krb5/krb/fast.c | 27 ++++--- src/lib/krb5/krb/gc_via_tkt.c | 13 ++-- src/lib/krb5/krb/get_in_tkt.c | 13 ++-- src/lib/krb5/krb/gic_keytab.c | 5 +- src/lib/krb5/krb/parse.c | 8 +-- src/lib/krb5/krb/plugin.c | 10 +-- src/lib/krb5/krb/preauth2.c | 8 +-- src/lib/krb5/krb/preauth_otp.c | 8 +-- src/lib/krb5/krb/rd_req_dec.c | 82 ++++++++++------------ src/lib/krb5/krb/t_copy_context.c | 2 +- src/lib/krb5/os/expand_path.c | 44 ++++++------ src/lib/krb5/os/locate_kdc.c | 10 +-- src/lib/krb5/os/sendto_kdc.c | 6 +- src/lib/krb5/rcache/rc_io.c | 76 +++++++++----------- src/plugins/kdb/db2/kdb_db2.c | 11 ++- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 8 +-- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c | 22 +++--- src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c | 3 +- src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c | 1 - .../kdb/ldap/libkdb_ldap/ldap_krbcontainer.c | 9 +-- src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 46 ++++++------ src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 4 +- src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 65 ++++++++--------- src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 28 +++----- .../kdb/ldap/libkdb_ldap/ldap_service_stash.c | 20 +++--- src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c | 7 +- src/plugins/preauth/securid_sam2/securid2.c | 6 +- 46 files changed, 360 insertions(+), 445 deletions(-) diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c index 14d833fa5..20b7fef85 100644 --- a/src/kdc/fast_util.c +++ b/src/kdc/fast_util.c @@ -59,26 +59,25 @@ static krb5_error_code armor_ap_request kdc_active_realm->realm_keytab, NULL, &ticket); if (retval != 0) { const char * errmsg = krb5_get_error_message(kdc_context, retval); - krb5_set_error_message(kdc_context, retval, - _("%s while handling ap-request armor"), - errmsg); + k5_setmsg(kdc_context, retval, _("%s while handling ap-request armor"), + errmsg); krb5_free_error_message(kdc_context, errmsg); } if (retval == 0) { if (!krb5_principal_compare_any_realm(kdc_context, tgs_server, ticket->server)) { - krb5_set_error_message(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH, - _("ap-request armor for something other " - "than the local TGS")); + k5_setmsg(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH, + _("ap-request armor for something other than the local " + "TGS")); retval = KRB5KDC_ERR_SERVER_NOMATCH; } } if (retval == 0) { retval = krb5_auth_con_getrecvsubkey(kdc_context, authcontext, &subkey); if (retval != 0 || subkey == NULL) { - krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY, - _("ap-request armor without subkey")); + k5_setmsg(kdc_context, KRB5KDC_ERR_POLICY, + _("ap-request armor without subkey")); retval = KRB5KDC_ERR_POLICY; } } @@ -159,17 +158,16 @@ kdc_find_fast(krb5_kdc_req **requestptr, case KRB5_FAST_ARMOR_AP_REQUEST: if (tgs_subkey) { retval = KRB5KDC_ERR_PREAUTH_FAILED; - krb5_set_error_message(kdc_context, retval, - _("Ap-request armor not permitted " - "with TGS")); + k5_setmsg(kdc_context, retval, + _("Ap-request armor not permitted with TGS")); break; } retval = armor_ap_request(state, fast_armored_req->armor); break; default: - krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED, - _("Unknown FAST armor type %d"), - fast_armored_req->armor->armor_type); + k5_setmsg(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED, + _("Unknown FAST armor type %d"), + fast_armored_req->armor->armor_type); retval = KRB5KDC_ERR_PREAUTH_FAILED; } } @@ -181,9 +179,8 @@ kdc_find_fast(krb5_kdc_req **requestptr, &state->armor_key); else { retval = KRB5KDC_ERR_PREAUTH_FAILED; - krb5_set_error_message(kdc_context, retval, - _("No armor key but FAST armored " - "request present")); + k5_setmsg(kdc_context, retval, + _("No armor key but FAST armored request present")); } } if (retval == 0) { @@ -218,15 +215,14 @@ kdc_find_fast(krb5_kdc_req **requestptr, &cksum_valid); if (retval == 0 && !cksum_valid) { retval = KRB5KRB_AP_ERR_MODIFIED; - krb5_set_error_message(kdc_context, retval, - _("FAST req_checksum invalid; request " - "modified")); + k5_setmsg(kdc_context, retval, + _("FAST req_checksum invalid; request modified")); } if (retval == 0) { if (!krb5_c_is_keyed_cksum(cksum->checksum_type)) { retval = KRB5KDC_ERR_POLICY; - krb5_set_error_message(kdc_context, retval, - _("Unkeyed checksum used in fast_req")); + k5_setmsg(kdc_context, retval, + _("Unkeyed checksum used in fast_req")); } } if (retval == 0) { diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c index 720fefa43..feef36831 100644 --- a/src/kdc/kdc_preauth_ec.c +++ b/src/kdc/kdc_preauth_ec.c @@ -71,9 +71,8 @@ ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, if (armor_key == NULL) { retval = ENOENT; - krb5_set_error_message(context, ENOENT, - _("Encrypted Challenge used outside of FAST " - "tunnel")); + k5_setmsg(context, ENOENT, + _("Encrypted Challenge used outside of FAST tunnel")); } scratch.data = (char *) data->contents; scratch.length = data->length; @@ -107,9 +106,8 @@ ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, } if (client_keys[i].enctype == 0) { retval = KRB5KDC_ERR_PREAUTH_FAILED; - krb5_set_error_message(context, retval, - _("Incorrect password in encrypted " - "challenge")); + k5_setmsg(context, retval, + _("Incorrect password in encrypted challenge")); } } if (retval == 0) diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 93a51d50a..98e19375a 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -286,8 +286,8 @@ kdc_process_tgs_req(kdc_realm_t *kdc_active_realm, if (retval != 0) goto cleanup_authenticator; if (authdata&& authdata[0]) { - krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY, - "ticket valid only as FAST armor"); + k5_setmsg(kdc_context, KRB5KDC_ERR_POLICY, + "ticket valid only as FAST armor"); retval = KRB5KDC_ERR_POLICY; krb5_free_authdata(kdc_context, authdata); goto cleanup_authenticator; diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index a31bc11ce..f952f64cc 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -162,9 +162,8 @@ check_keytab(krb5_context context, krb5_keytab kt, krb5_gss_name_t name) if (code == KRB5_KT_END) { code = KRB5_KT_NOTFOUND; if (krb5_unparse_name(context, accprinc, &princname) == 0) { - krb5_set_error_message(context, code, - _("No key table entry found matching %s"), - princname); + k5_setmsg(context, code, _("No key table entry found matching %s"), + princname); free(princname); } } diff --git a/src/lib/gssapi/krb5/disp_status.c b/src/lib/gssapi/krb5/disp_status.c index 69c3cb9af..6ff62a9d8 100644 --- a/src/lib/gssapi/krb5/disp_status.c +++ b/src/lib/gssapi/krb5/disp_status.c @@ -142,7 +142,7 @@ void krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx) save_error_string(minor_code, s); /* The get_error_message call above resets the error message in ctx. Put it back, in case we make this call again *sigh*. */ - krb5_set_error_message(ctx, (krb5_error_code)minor_code, "%s", s); + k5_setmsg(ctx, (krb5_error_code)minor_code, "%s", s); krb5_free_error_message(ctx, s); } void krb5_gss_delete_error_info(void *p) diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index 09be1efda..9ebcb738a 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -851,10 +851,9 @@ kadm5_get_admin_service_name(krb5_context ctx, char *realm_in, err = getaddrinfo(params_out.admin_server, NULL, &hint, &ai); if (err != 0) { ret = KADM5_CANT_RESOLVE; - krb5_set_error_message(ctx, ret, - _("Cannot resolve address of admin server " - "\"%s\" for realm \"%s\""), - params_out.admin_server, realm_in); + k5_setmsg(ctx, ret, + _("Cannot resolve address of admin server \"%s\" for realm " + "\"%s\""), params_out.admin_server, realm_in); goto err_params; } if (strlen(ai->ai_canonname) + sizeof("kadmin/") > maxlen) { diff --git a/src/lib/kadm5/srv/pwqual_empty.c b/src/lib/kadm5/srv/pwqual_empty.c index 67118db01..1fc9b7bc3 100644 --- a/src/lib/kadm5/srv/pwqual_empty.c +++ b/src/lib/kadm5/srv/pwqual_empty.c @@ -26,7 +26,7 @@ /* Password quality module to reject empty passwords */ -#include "k5-platform.h" +#include "k5-int.h" #include #include "server_internal.h" @@ -38,8 +38,8 @@ empty_check(krb5_context context, krb5_pwqual_moddata data, /* Unlike other built-in modules, this one operates even for principals * with no password policy. */ if (*password == '\0') { - krb5_set_error_message(context, KADM5_PASS_Q_TOOSHORT, - _("Empty passwords are not allowed")); + k5_setmsg(context, KADM5_PASS_Q_TOOSHORT, + _("Empty passwords are not allowed")); return KADM5_PASS_Q_TOOSHORT; } return 0; diff --git a/src/lib/kadm5/srv/pwqual_hesiod.c b/src/lib/kadm5/srv/pwqual_hesiod.c index 28959d76e..7c82bba90 100644 --- a/src/lib/kadm5/srv/pwqual_hesiod.c +++ b/src/lib/kadm5/srv/pwqual_hesiod.c @@ -29,7 +29,7 @@ * passwd information, if the tree is compiled with Hesiod support. */ -#include "k5-platform.h" +#include "k5-int.h" #include #include "server_internal.h" #include @@ -110,9 +110,8 @@ hesiod_check(krb5_context context, krb5_pwqual_moddata data, for (i = 0; i < n; i++) { ent = hes_getpwnam(cp); if (ent && ent->pw_gecos && str_check_gecos(ent->pw_gecos, password)) { - krb5_set_error_message(context, KADM5_PASS_Q_DICT, - _("Password may not match user " - "information.")); + k5_setmsg(context, KADM5_PASS_Q_DICT, + _("Password may not match user information.")); return KADM5_PASS_Q_DICT; } } diff --git a/src/lib/kadm5/srv/pwqual_princ.c b/src/lib/kadm5/srv/pwqual_princ.c index cbf2d7205..14012e59c 100644 --- a/src/lib/kadm5/srv/pwqual_princ.c +++ b/src/lib/kadm5/srv/pwqual_princ.c @@ -26,7 +26,7 @@ /* Password quality module to check passwords against principal components */ -#include "k5-platform.h" +#include "k5-int.h" #include #include "server_internal.h" @@ -50,8 +50,8 @@ princ_check(krb5_context context, krb5_pwqual_moddata data, for (i = 0; i < n; i++) { cp = krb5_princ_component(handle->context, princ, i)->data; if (strcasecmp(cp, password) == 0) { - krb5_set_error_message(context, KADM5_PASS_Q_DICT, - _("Password may not match principal name")); + k5_setmsg(context, KADM5_PASS_Q_DICT, + _("Password may not match principal name")); return KADM5_PASS_Q_DICT; } } diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index 20a8db7b4..6db5229e3 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -190,8 +190,8 @@ kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock **keyblocks_out, if (kdb->n_key_data <= 0) { ret = KRB5_KDB_NO_MATCHING_KEY; - krb5_set_error_message(handle->context, ret, - _("History entry contains no key data")); + k5_setmsg(handle->context, ret, + _("History entry contains no key data")); goto done; } diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 8233a48cc..4b4bb49a7 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -218,9 +218,8 @@ get_conf_section(krb5_context context, char **section) status = krb5_get_default_realm(context, &defrealm); if (status) { - krb5_set_error_message(context, KRB5_KDB_SERVER_INTERNAL_ERR, - _("No default realm set; cannot initialize " - "KDB")); + k5_setmsg(context, KRB5_KDB_SERVER_INTERNAL_ERR, + _("No default realm set; cannot initialize KDB")); return KRB5_KDB_SERVER_INTERNAL_ERR; } status = profile_get_string(context->profile, @@ -324,9 +323,8 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr) vftabl_addr = &krb5_ldap_kdb_function_table; #endif if (!vftabl_addr) { - krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND, - _("Unable to find requested database type: %s"), - lib_name); + k5_setmsg(kcontext, KRB5_KDB_DBTYPE_NOTFOUND, + _("Unable to find requested database type: %s"), lib_name); return KRB5_PLUGIN_OP_NOTSUPP; } @@ -407,9 +405,8 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib) &(*lib)->dl_dir_handle, &kcontext->err))) { const char *err_str = krb5_get_error_message(kcontext, status); status = KRB5_KDB_DBTYPE_NOTFOUND; - krb5_set_error_message(kcontext, status, - _("Unable to find requested database type: %s"), - err_str); + k5_setmsg(kcontext, status, + _("Unable to find requested database type: %s"), err_str); krb5_free_error_message(kcontext, err_str); goto clean_n_exit; } @@ -418,9 +415,9 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib) &vftabl_addrs, &kcontext->err))) { const char *err_str = krb5_get_error_message(kcontext, status); status = KRB5_KDB_DBTYPE_INIT; - krb5_set_error_message(kcontext, status, - _("plugin symbol 'kdb_function_table' lookup " - "failed: %s"), err_str); + k5_setmsg(kcontext, status, + _("plugin symbol 'kdb_function_table' lookup failed: %s"), + err_str); krb5_free_error_message(kcontext, err_str); goto clean_n_exit; } @@ -428,10 +425,9 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib) if (vftabl_addrs[0] == NULL) { /* No plugins! */ status = KRB5_KDB_DBTYPE_NOTFOUND; - krb5_set_error_message(kcontext, status, - _("Unable to load requested database module " - "'%s': plugin symbol 'kdb_function_table' " - "not found"), lib_name); + k5_setmsg(kcontext, status, + _("Unable to load requested database module '%s': plugin " + "symbol 'kdb_function_table' not found"), lib_name); goto clean_n_exit; } @@ -1653,9 +1649,9 @@ krb5_dbe_lookup_mkey_aux(krb5_context context, krb5_db_entry *entry, prev_data = new_data; } } else { - krb5_set_error_message(context, KRB5_KDB_BAD_VERSION, - _("Illegal version number for " - "KRB5_TL_MKEY_AUX %d\n"), version); + k5_setmsg(context, KRB5_KDB_BAD_VERSION, + _("Illegal version number for KRB5_TL_MKEY_AUX %d\n"), + version); return (KRB5_KDB_BAD_VERSION); } } @@ -1822,9 +1818,9 @@ krb5_dbe_lookup_actkvno(krb5_context context, krb5_db_entry *entry, next_tuple += ACTKVNO_TUPLE_SIZE; } } else { - krb5_set_error_message(context, KRB5_KDB_BAD_VERSION, - _("Illegal version number for " - "KRB5_TL_ACTKVNO %d\n"), version); + k5_setmsg(context, KRB5_KDB_BAD_VERSION, + _("Illegal version number for KRB5_TL_ACTKVNO %d\n"), + version); return (KRB5_KDB_BAD_VERSION); } } diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index b7a2f2427..31b3e696e 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -160,9 +160,9 @@ krb5_def_store_mkey_list(krb5_context context, /* if keyfile exists it better be a regular file */ if (!S_ISREG(stb.st_mode)) { retval = EINVAL; - krb5_set_error_message(context, retval, - _("keyfile (%s) is not a regular file: %s"), - keyfile, error_message(retval)); + k5_setmsg(context, retval, + _("keyfile (%s) is not a regular file: %s"), + keyfile, error_message(retval)); goto out; } } @@ -173,8 +173,8 @@ krb5_def_store_mkey_list(krb5_context context, */ retval = asprintf(&tmp_ktname, "FILE:%s_tmp", keyfile); if (retval < 0) { - krb5_set_error_message(context, retval, - _("Could not create temp keytab file name.")); + k5_setmsg(context, retval, + _("Could not create temp keytab file name.")); goto out; } @@ -198,9 +198,8 @@ krb5_def_store_mkey_list(krb5_context context, goto out; } else if (statrc == 0) { retval = EEXIST; - krb5_set_error_message(context, retval, - _("Temporary stash file already exists: %s."), - tmp_ktpath); + k5_setmsg(context, retval, + _("Temporary stash file already exists: %s."), tmp_ktpath); goto out; } @@ -227,10 +226,9 @@ krb5_def_store_mkey_list(krb5_context context, /* Atomically rename temp keyfile to original filename. */ if (rename(tmp_ktpath, keyfile) < 0) { retval = errno; - krb5_set_error_message(context, retval, - _("rename of temporary keyfile (%s) to " - "(%s) failed: %s"), tmp_ktpath, keyfile, - error_message(errno)); + k5_setmsg(context, retval, + _("rename of temporary keyfile (%s) to (%s) failed: %s"), + tmp_ktpath, keyfile, error_message(errno)); } } @@ -417,9 +415,9 @@ krb5_db_def_fetch_mkey(krb5_context context, * key, but set a message indicating the actual error. */ if (retval != 0) { - krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED, - _("Can not fetch master key (error: %s)."), - error_message(retval)); + k5_setmsg(context, KRB5_KDB_CANTREAD_STORED, + _("Can not fetch master key (error: %s)."), + error_message(retval)); return KRB5_KDB_CANTREAD_STORED; } else return 0; @@ -480,9 +478,9 @@ krb5_def_fetch_mkey_list(krb5_context context, } } if (found_key != TRUE) { - krb5_set_error_message(context, KRB5_KDB_BADMASTERKEY, - _("Unable to decrypt latest master key " - "with the provided master key\n")); + k5_setmsg(context, KRB5_KDB_BADMASTERKEY, + _("Unable to decrypt latest master key with the " + "provided master key\n")); retval = KRB5_KDB_BADMASTERKEY; goto clean_n_exit; } diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c index b8231ed7c..d82f33550 100644 --- a/src/lib/krb5/ccache/cc_dir.c +++ b/src/lib/krb5/ccache/cc_dir.c @@ -118,16 +118,15 @@ split_path(krb5_context context, const char *path, char **dirname_out, if (*dirname == '\0') { ret = KRB5_CC_BADNAME; - krb5_set_error_message(context, ret, - _("Subsidiary cache path %s has no parent " - "directory"), path); + k5_setmsg(context, ret, + _("Subsidiary cache path %s has no parent directory"), path); goto error; } if (!filename_is_cache(filename)) { ret = KRB5_CC_BADNAME; - krb5_set_error_message(context, ret, - _("Subsidiary cache path %s filename does not " - "begin with \"tkt\""), path); + k5_setmsg(context, ret, + _("Subsidiary cache path %s filename does not begin with " + "\"tkt\""), path); goto error; } @@ -167,9 +166,8 @@ read_primary_file(krb5_context context, const char *primary_path, * filename, or isn't a single-component filename. */ if (buf[len - 1] != '\n' || !filename_is_cache(buf) || strchr(buf, '/') || strchr(buf, '\\')) { - krb5_set_error_message(context, KRB5_CC_FORMAT, - _("%s contains invalid filename"), - primary_path); + k5_setmsg(context, KRB5_CC_FORMAT, _("%s contains invalid filename"), + primary_path); return KRB5_CC_FORMAT; } buf[len - 1] = '\0'; @@ -227,15 +225,15 @@ verify_dir(krb5_context context, const char *dirname) if (stat(dirname, &st) < 0) { if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0) return 0; - krb5_set_error_message(context, KRB5_FCC_NOFILE, - _("Credential cache directory %s does not " - "exist"), dirname); + k5_setmsg(context, KRB5_FCC_NOFILE, + _("Credential cache directory %s does not exist"), + dirname); return KRB5_FCC_NOFILE; } if (!S_ISDIR(st.st_mode)) { - krb5_set_error_message(context, KRB5_CC_FORMAT, - _("Credential cache directory %s exists but is" - "not a directory"), dirname); + k5_setmsg(context, KRB5_CC_FORMAT, + _("Credential cache directory %s exists but is not a " + "directory"), dirname); return KRB5_CC_FORMAT; } return 0; @@ -398,10 +396,9 @@ dcc_gen_new(krb5_context context, krb5_ccache *cache_out) if (ret) return ret; if (dirname == NULL) { - krb5_set_error_message(context, KRB5_DCC_CANNOT_CREATE, - _("Can't create new subsidiary cache because " - "default cache is not a directory " - "collection")); + k5_setmsg(context, KRB5_DCC_CANNOT_CREATE, + _("Can't create new subsidiary cache because default cache " + "is not a directory collection")); return KRB5_DCC_CANNOT_CREATE; } ret = k5_path_join(dirname, "tktXXXXXX", &template); diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 7b6279d87..3f6443f68 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -569,9 +569,8 @@ open_cache_file(krb5_context context, krb5_ccache id, int mode) if (f == NO_FILE) { if (errno == ENOENT) { ret = KRB5_FCC_NOFILE; - krb5_set_error_message(context, ret, - _("Credentials cache file '%s' not found"), - data->filename); + k5_setmsg(context, ret, _("Credentials cache file '%s' not found"), + data->filename); return ret; } else { return interpret_errno(context, errno); @@ -1577,9 +1576,9 @@ interpret_errno(krb5_context context, int errnum) case ENXIO: default: ret = KRB5_CC_IO; - krb5_set_error_message(context, ret, - _("Credentials cache I/O operation failed " - "(%s)"), strerror(errnum)); + k5_setmsg(context, ret, + _("Credentials cache I/O operation failed (%s)"), + strerror(errnum)); } return ret; } diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c index 43f33ee50..31be293db 100644 --- a/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c @@ -1147,9 +1147,9 @@ krcc_generate_new(krb5_context context, krb5_ccache *id_out) return ret; } if (subsidiary_name != NULL) { - krb5_set_error_message(context, KRB5_DCC_CANNOT_CREATE, - _("Can't create new subsidiary cache because " - "default cache is already a subsdiary")); + k5_setmsg(context, KRB5_DCC_CANNOT_CREATE, + _("Can't create new subsidiary cache because default cache " + "is already a subsidiary")); ret = KRB5_DCC_CANNOT_CREATE; goto cleanup; } @@ -1216,9 +1216,8 @@ krcc_get_principal(krb5_context context, krb5_ccache id, if (!data->cache_id || !data->princ_id) { ret = KRB5_FCC_NOFILE; - krb5_set_error_message(context, ret, - _("Credentials cache keyring '%s' not found"), - data->name); + k5_setmsg(context, ret, _("Credentials cache keyring '%s' not found"), + data->name); goto errout; } diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c index e15611248..021a49ffb 100644 --- a/src/lib/krb5/ccache/cccursor.c +++ b/src/lib/krb5/ccache/cccursor.c @@ -208,9 +208,9 @@ krb5_cc_cache_match(krb5_context context, krb5_principal client, if (cache == NULL) { ret = krb5_unparse_name(context, client, &name); if (ret == 0) { - krb5_set_error_message(context, KRB5_CC_NOTFOUND, - _("Can't find client principal %s in " - "cache collection"), name); + k5_setmsg(context, KRB5_CC_NOTFOUND, + _("Can't find client principal %s in cache collection"), + name); krb5_free_unparsed_name(context, name); } ret = KRB5_CC_NOTFOUND; @@ -249,7 +249,7 @@ krb5_cccol_have_content(krb5_context context) return 0; no_entries: - krb5_set_error_message(context, KRB5_CC_NOTFOUND, - _("No Kerberos credentials available")); + k5_setmsg(context, KRB5_CC_NOTFOUND, + _("No Kerberos credentials available")); return KRB5_CC_NOTFOUND; } diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index 44864b5a6..722ebe6fb 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -394,9 +394,8 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, else { kerror = KRB5_KT_NOTFOUND; if (krb5_unparse_name(context, principal, &princname) == 0) { - krb5_set_error_message(context, kerror, - _("No key table entry found for %s"), - princname); + k5_setmsg(context, kerror, + _("No key table entry found for %s"), princname); free(princname); } } @@ -472,8 +471,7 @@ krb5_ktfile_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor * /* Wrapped?! */ KTITERS(id)--; KTUNLOCK(id); - krb5_set_error_message(context, KRB5_KT_IOERR, - "Too many keytab iterators active"); + k5_setmsg(context, KRB5_KT_IOERR, "Too many keytab iterators active"); return KRB5_KT_IOERR; /* XXX */ } KTUNLOCK(id); @@ -813,9 +811,8 @@ krb5_ktfile_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) if (KTFILEP(id)) { /* Iterator(s) active -- no changes. */ KTUNLOCK(id); - krb5_set_error_message(context, KRB5_KT_IOERR, - _("Cannot change keytab with keytab iterators " - "active")); + k5_setmsg(context, KRB5_KT_IOERR, + _("Cannot change keytab with keytab iterators active")); return KRB5_KT_IOERR; /* XXX */ } if ((retval = krb5_ktfileint_openw(context, id))) { @@ -847,9 +844,8 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr if (KTFILEP(id)) { /* Iterator(s) active -- no changes. */ KTUNLOCK(id); - krb5_set_error_message(context, KRB5_KT_IOERR, - _("Cannot change keytab with keytab iterators " - "active")); + k5_setmsg(context, KRB5_KT_IOERR, + _("Cannot change keytab with keytab iterators active")); return KRB5_KT_IOERR; /* XXX */ } @@ -1047,9 +1043,8 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) /* XXX */ return EMFILE; case ENOENT: - krb5_set_error_message(context, ENOENT, - _("Key table file '%s' not found"), - KTFILENAME(id)); + k5_setmsg(context, ENOENT, + _("Key table file '%s' not found"), KTFILENAME(id)); return ENOENT; default: return errno; diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c index 56343ad0a..794525367 100644 --- a/src/lib/krb5/keytab/ktfns.c +++ b/src/lib/krb5/keytab/ktfns.c @@ -123,8 +123,8 @@ krb5_kt_have_content(krb5_context context, krb5_keytab keytab) no_entries: if (krb5_kt_get_name(context, keytab, name, sizeof(name)) == 0) { - krb5_set_error_message(context, KRB5_KT_NOTFOUND, - _("Keytab %s is nonexistent or empty"), name); + k5_setmsg(context, KRB5_KT_NOTFOUND, + _("Keytab %s is nonexistent or empty"), name); } return KRB5_KT_NOTFOUND; } diff --git a/src/lib/krb5/krb/authdata_dec.c b/src/lib/krb5/krb/authdata_dec.c index 8e95b2a91..0a3dc14a9 100644 --- a/src/lib/krb5/krb/authdata_dec.c +++ b/src/lib/krb5/krb/authdata_dec.c @@ -92,8 +92,8 @@ grow_find_authdata(krb5_context context, struct find_authdata_context *fctx, if (fctx->length == fctx->space) { krb5_authdata **new; if (fctx->space >= 256) { - krb5_set_error_message(context, ERANGE, - "More than 256 authdata matched a query"); + k5_setmsg(context, ERANGE, + "More than 256 authdata matched a query"); return ERANGE; } new = realloc(fctx->out, diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index 8d622681e..02d580ffa 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -214,8 +214,8 @@ krb5int_fast_as_armor(krb5_context context, if (retval != 0) { const char * errmsg; errmsg = krb5_get_error_message(context, retval); - krb5_set_error_message(context, retval, - _("%s constructing AP-REQ armor"), errmsg); + k5_setmsg(context, retval, _("%s constructing AP-REQ armor"), + errmsg); krb5_free_error_message(context, errmsg); } } @@ -396,8 +396,8 @@ decrypt_fast_reply(krb5_context context, if (retval != 0) { const char * errmsg; errmsg = krb5_get_error_message(context, retval); - krb5_set_error_message(context, retval, - _("%s while decrypting FAST reply"), errmsg); + k5_setmsg(context, retval, _("%s while decrypting FAST reply"), + errmsg); krb5_free_error_message(context, errmsg); } if (retval == 0) @@ -405,9 +405,8 @@ decrypt_fast_reply(krb5_context context, if (retval == 0) { if (local_resp->nonce != state->nonce) { retval = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, retval, - _("nonce modified in FAST response: " - "KDC response modified")); + k5_setmsg(context, retval, _("nonce modified in FAST response: " + "KDC response modified")); } } if (retval == 0) { @@ -471,9 +470,9 @@ krb5int_fast_process_error(krb5_context context, fx_error_pa = krb5int_find_pa_data(context, fast_response->padata, KRB5_PADATA_FX_ERROR); if (fx_error_pa == NULL) { - krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, - _("Expecting FX_ERROR pa-data inside " - "FAST container")); + k5_setmsg(context, KRB5KDC_ERR_PREAUTH_FAILED, + _("Expecting FX_ERROR pa-data inside FAST " + "container")); retval = KRB5KDC_ERR_PREAUTH_FAILED; } } @@ -542,9 +541,8 @@ krb5int_fast_process_response(krb5_context context, if (retval == 0) { if (fast_response->finished == 0) { retval = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, retval, - _("FAST response missing finish message " - "in KDC reply")); + k5_setmsg(context, retval, + _("FAST response missing finish message in KDC reply")); } } if (retval == 0) @@ -557,8 +555,7 @@ krb5int_fast_process_response(krb5_context context, &cksum_valid); if (retval == 0 && cksum_valid == 0) { retval = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, retval, - _("Ticket modified in KDC reply")); + k5_setmsg(context, retval, _("Ticket modified in KDC reply")); } if (retval == 0) { krb5_free_principal(context, resp->client); diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 92b53ecd0..4c0a1a461 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -204,19 +204,18 @@ krb5int_process_tgs_reply(krb5_context context, if (err_reply->text.length > 0) { switch (err_reply->error) { case KRB_ERR_GENERIC: - krb5_set_error_message(context, retval, - _("KDC returned error string: %.*s"), - err_reply->text.length, - err_reply->text.data); + k5_setmsg(context, retval, + _("KDC returned error string: %.*s"), + err_reply->text.length, err_reply->text.data); break; case KDC_ERR_S_PRINCIPAL_UNKNOWN: { char *s_name; if (err_reply->server && krb5_unparse_name(context, err_reply->server, &s_name) == 0) { - krb5_set_error_message(context, retval, - _("Server %s not found in Kerberos " - "database"), s_name); + k5_setmsg(context, retval, + _("Server %s not found in Kerberos database"), + s_name); krb5_free_unparsed_name(context, s_name); } else /* In case there's a stale S_PRINCIPAL_UNKNOWN diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index ebcb36213..88bad4c09 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -131,8 +131,8 @@ cleanup: return ret; verification_error: ret = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, ret, _("Reply has wrong form of session " - "key for anonymous request")); + k5_setmsg(context, ret, + _("Reply has wrong form of session key for anonymous request")); goto cleanup; } @@ -1641,8 +1641,7 @@ init_creds_step_reply(krb5_context context, if (code !=0) { const char *msg; msg = krb5_get_error_message(context, code); - krb5_set_error_message(context, code, - _("%s while storing credentials"), msg); + k5_setmsg(context, code, _("%s while storing credentials"), msg); krb5_free_error_message(context, msg); } } @@ -1729,9 +1728,9 @@ cleanup: /* See if we can produce a more detailed error message */ code2 = krb5_unparse_name(context, ctx->request->client, &client_name); if (code2 == 0) { - krb5_set_error_message(context, code, - _("Client '%s' not found in Kerberos " - "database"), client_name); + k5_setmsg(context, code, + _("Client '%s' not found in Kerberos database"), + client_name); krb5_free_unparsed_name(context, client_name); } } diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index 4c2942e3f..f20af537f 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -203,9 +203,8 @@ krb5_init_creds_set_keytab(krb5_context context, if (etype_list == NULL) { ret = krb5_unparse_name(context, ctx->request->client, &name); if (ret == 0) { - krb5_set_error_message(context, KRB5_KT_NOTFOUND, - _("Keytab contains no suitable keys for " - "%s"), name); + k5_setmsg(context, KRB5_KT_NOTFOUND, + _("Keytab contains no suitable keys for %s"), name); } krb5_free_unparsed_name(context, name); return KRB5_KT_NOTFOUND; diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c index a696c711e..1edb949f4 100644 --- a/src/lib/krb5/krb/parse.c +++ b/src/lib/krb5/krb/parse.c @@ -199,9 +199,8 @@ krb5_parse_name_flags(krb5_context context, const char *name, if (!has_realm) { if (require_realm) { ret = KRB5_PARSE_MALFORMED; - krb5_set_error_message(context, ret, - _("Principal %s is missing required realm"), - name); + k5_setmsg(context, ret, + _("Principal %s is missing required realm"), name); goto cleanup; } if (!no_realm && !ignore_realm) { @@ -213,8 +212,7 @@ krb5_parse_name_flags(krb5_context context, const char *name, } } else if (no_realm) { ret = KRB5_PARSE_MALFORMED; - krb5_set_error_message(context, ret, - _("Principal %s has realm present"), name); + k5_setmsg(context, ret, _("Principal %s has realm present"), name); goto cleanup; } else if (ignore_realm) { krb5_free_data_contents(context, &princ->realm); diff --git a/src/lib/krb5/krb/plugin.c b/src/lib/krb5/krb/plugin.c index 9bb5d54fa..8b62c7b6e 100644 --- a/src/lib/krb5/krb/plugin.c +++ b/src/lib/krb5/krb/plugin.c @@ -160,8 +160,8 @@ parse_modstr(krb5_context context, const char *modstr, sep = strchr(modstr, ':'); if (sep == NULL) { - krb5_set_error_message(context, KRB5_PLUGIN_BAD_MODULE_SPEC, - _("Invalid module specifier %s"), modstr); + k5_setmsg(context, KRB5_PLUGIN_BAD_MODULE_SPEC, + _("Invalid module specifier %s"), modstr); return KRB5_PLUGIN_BAD_MODULE_SPEC; } @@ -397,9 +397,9 @@ k5_plugin_load(krb5_context context, int interface_id, const char *modname, break; } } - krb5_set_error_message(context, KRB5_PLUGIN_NAME_NOTFOUND, - _("Could not find %s plugin module named '%s'"), - interface_names[interface_id], modname); + k5_setmsg(context, KRB5_PLUGIN_NAME_NOTFOUND, + _("Could not find %s plugin module named '%s'"), + interface_names[interface_id], modname); return KRB5_PLUGIN_NAME_NOTFOUND; } diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index cda91b908..9f34b336c 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -1014,8 +1014,8 @@ krb5_preauth_supply_preauth_data(krb5_context context, k5_init_preauth_context(context); pctx = context->preauth_context; if (pctx == NULL) { - krb5_set_error_message(context, EINVAL, - _("Unable to initialize preauth context")); + k5_setmsg(context, EINVAL, + _("Unable to initialize preauth context")); return EINVAL; } } @@ -1029,8 +1029,8 @@ krb5_preauth_supply_preauth_data(krb5_context context, ret = clpreauth_gic_opts(context, h, opt, attr, value); if (ret) { emsg = krb5_get_error_message(context, ret); - krb5_set_error_message(context, ret, _("Preauth module %s: %s"), - h->vt.name, emsg); + k5_setmsg(context, ret, _("Preauth module %s: %s"), h->vt.name, + emsg); krb5_free_error_message(context, emsg); return ret; } diff --git a/src/lib/krb5/krb/preauth_otp.c b/src/lib/krb5/krb/preauth_otp.c index d343683c0..d9ddc8bf3 100644 --- a/src/lib/krb5/krb/preauth_otp.c +++ b/src/lib/krb5/krb/preauth_otp.c @@ -698,9 +698,8 @@ filter_tokeninfos(krb5_context context, const char *otpvalue, /* It is an error if we have no matching tokeninfos. */ if (filtered[0] == NULL) { free(filtered); - krb5_set_error_message(context, KRB5_PREAUTH_FAILED, - _("OTP value doesn't match " - "any token formats")); + k5_setmsg(context, KRB5_PREAUTH_FAILED, + _("OTP value doesn't match any token formats")); return KRB5_PREAUTH_FAILED; /* We have no supported tokeninfos. */ } @@ -912,8 +911,7 @@ filter_supported_tokeninfos(krb5_context context, krb5_otp_tokeninfo **tis) if (tis[0] != NULL) return 0; - krb5_set_error_message(context, KRB5_PREAUTH_FAILED, - _("No supported tokens")); + k5_setmsg(context, KRB5_PREAUTH_FAILED, _("No supported tokens")); return KRB5_PREAUTH_FAILED; /* We have no supported tokeninfos. */ } diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 637ff83d5..fbfe36eb0 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -142,15 +142,13 @@ keytab_fetch_error(krb5_context context, krb5_error_code code, return ret; if (krb5_principal_compare(context, princ, tkt_server)) { ret = KRB5KRB_AP_ERR_BADKEYVER; - krb5_set_error_message(context, ret, - _("Cannot find key for %s kvno %d in keytab"), - sname, (int)tkt_kvno); + k5_setmsg(context, ret, _("Cannot find key for %s kvno %d in keytab"), + sname, (int)tkt_kvno); } else { ret = KRB5KRB_AP_ERR_NOT_US; - krb5_set_error_message(context, ret, - _("Cannot find key for %s kvno %d in keytab " - "(request ticket server %s)"), - sname, (int)tkt_kvno, tsname); + k5_setmsg(context, ret, + _("Cannot find key for %s kvno %d in keytab (request ticket " + "server %s)"), sname, (int)tkt_kvno, tsname); } krb5_free_unparsed_name(context, sname); krb5_free_unparsed_name(context, tsname); @@ -173,9 +171,9 @@ integrity_error(krb5_context context, krb5_const_principal server, ret = krb5_principal_compare(context, server, tkt_server) ? KRB5KRB_AP_ERR_BAD_INTEGRITY : KRB5KRB_AP_ERR_NOT_US; - krb5_set_error_message(context, ret, - _("Cannot decrypt ticket for %s using keytab " - "key for %s"), tsname, sname); + k5_setmsg(context, ret, + _("Cannot decrypt ticket for %s using keytab key for %s"), + tsname, sname); krb5_free_unparsed_name(context, sname); krb5_free_unparsed_name(context, tsname); return ret; @@ -195,9 +193,9 @@ nomatch_error(krb5_context context, krb5_const_principal server, if (ret) return ret; - krb5_set_error_message(context, KRB5KRB_AP_ERR_NOT_US, - _("Server principal %s does not match request " - "ticket server %s"), sname, tsname); + k5_setmsg(context, KRB5KRB_AP_ERR_NOT_US, + _("Server principal %s does not match request ticket server %s"), + sname, tsname); krb5_free_unparsed_name(context, sname); krb5_free_unparsed_name(context, tsname); return KRB5KRB_AP_ERR_NOT_US; @@ -225,52 +223,49 @@ iteration_error(krb5_context context, krb5_const_principal server, if (!found_server_match) { ret = KRB5KRB_AP_ERR_NOKEY; if (sname == NULL) { - krb5_set_error_message(context, ret, _("No keys in keytab")); + k5_setmsg(context, ret, _("No keys in keytab")); } else { - krb5_set_error_message(context, ret, - _("Server principal %s does not match any " - "keys in keytab"), sname); + k5_setmsg(context, ret, + _("Server principal %s does not match any keys in " + "keytab"), sname); } } else if (tkt_server_mismatch) { assert(sname != NULL); /* Null server princ would match anything. */ ret = KRB5KRB_AP_ERR_NOT_US; - krb5_set_error_message(context, ret, - _("Request ticket server %s found in keytab " - "but does not match server principal %s"), - tsname, sname); + k5_setmsg(context, ret, + _("Request ticket server %s found in keytab but does not " + "match server principal %s"), tsname, sname); } else if (!found_tkt_server) { ret = KRB5KRB_AP_ERR_NOT_US; - krb5_set_error_message(context, ret, - _("Request ticket server %s not found in " - "keytab (ticket kvno %d)"), - tsname, (int)tkt_kvno); + k5_setmsg(context, ret, + _("Request ticket server %s not found in keytab (ticket " + "kvno %d)"), tsname, (int)tkt_kvno); } else if (!found_kvno) { ret = KRB5KRB_AP_ERR_BADKEYVER; if (found_higher_kvno) { - krb5_set_error_message(context, ret, - _("Request ticket server %s kvno %d not " - "found in keytab; ticket is likely out " - "of date"), tsname, (int)tkt_kvno); + k5_setmsg(context, ret, + _("Request ticket server %s kvno %d not found in " + "keytab; ticket is likely out of date"), + tsname, (int)tkt_kvno); } else { - krb5_set_error_message(context, ret, - _("Request ticket server %s kvno %d not " - "found in keytab; keytab is likely out " - "of date"), tsname, (int)tkt_kvno); + k5_setmsg(context, ret, + _("Request ticket server %s kvno %d not found in " + "keytab; keytab is likely out of date"), + tsname, (int)tkt_kvno); } } else if (!found_enctype) { /* There's no defined error for having the key version but not the * enctype. */ ret = KRB5KRB_AP_ERR_BADKEYVER; - krb5_set_error_message(context, ret, - _("Request ticket server %s kvno %d found in " - "keytab but not with enctype %s"), - tsname, (int)tkt_kvno, encname); + k5_setmsg(context, ret, + _("Request ticket server %s kvno %d found in keytab but not " + "with enctype %s"), tsname, (int)tkt_kvno, encname); } else { ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - krb5_set_error_message(context, ret, - _("Request ticket server %s kvno %d enctype %s " - "found in keytab but cannot decrypt ticket"), - tsname, (int)tkt_kvno, encname); + k5_setmsg(context, ret, + _("Request ticket server %s kvno %d enctype %s found in " + "keytab but cannot decrypt ticket"), + tsname, (int)tkt_kvno, encname); } krb5_free_unparsed_name(context, sname); @@ -905,9 +900,8 @@ negotiate_etype(krb5_context context, if (krb5_enctype_to_string(desired_etypes[i], enctype_name, sizeof(enctype_name)) == 0) - krb5_set_error_message(context, KRB5_NOPERM_ETYPE, - _("Encryption type %s not permitted"), - enctype_name); + k5_setmsg(context, KRB5_NOPERM_ETYPE, + _("Encryption type %s not permitted"), enctype_name); return KRB5_NOPERM_ETYPE; } } diff --git a/src/lib/krb5/krb/t_copy_context.c b/src/lib/krb5/krb/t_copy_context.c index 522fa0cc5..fa810be8a 100644 --- a/src/lib/krb5/krb/t_copy_context.c +++ b/src/lib/krb5/krb/t_copy_context.c @@ -153,7 +153,7 @@ main(int argc, char **argv) ctx->prompt_types = ptypes; check(k5_plugin_load_all(ctx, PLUGIN_INTERFACE_PWQUAL, &mods) == 0); k5_plugin_free_modules(ctx, mods); - krb5_set_error_message(ctx, ENOMEM, "nooooooooo"); + k5_setmsg(ctx, ENOMEM, "nooooooooo"); krb5_set_trace_callback(ctx, trace, ctx); /* Copy the intentionally messy context and verify the result. */ diff --git a/src/lib/krb5/os/expand_path.c b/src/lib/krb5/os/expand_path.c index f14e9acd8..144ccc836 100644 --- a/src/lib/krb5/os/expand_path.c +++ b/src/lib/krb5/os/expand_path.c @@ -58,9 +58,8 @@ expand_temp_folder(krb5_context context, PTYPE param, const char *postfix, size_t len; if (!GetTempPath(sizeof(tpath) / sizeof(tpath[0]), tpath)) { - krb5_set_error_message(context, EINVAL, - "Failed to get temporary path (GLE=%d)", - GetLastError()); + k5_setmsg(context, EINVAL, "Failed to get temporary path (GLE=%d)", + GetLastError()); return EINVAL; } @@ -167,23 +166,22 @@ expand_userid(krb5_context context, PTYPE param, const char *postfix, } if (le != 0) { - krb5_set_error_message(context, rv, - "Can't open thread token (GLE=%d)", le); + k5_setmsg(context, rv, "Can't open thread token (GLE=%d)", le); goto cleanup; } } if (!GetTokenInformation(hToken, TokenOwner, NULL, 0, &len)) { if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) { - krb5_set_error_message(context, rv, - "Unexpected error reading token " - "information (GLE=%d)", GetLastError()); + k5_setmsg(context, rv, + "Unexpected error reading token information (GLE=%d)", + GetLastError()); goto cleanup; } if (len == 0) { - krb5_set_error_message(context, rv, "GetTokenInformation() " - "returned truncated buffer"); + k5_setmsg(context, rv, + "GetTokenInformation() returned truncated buffer"); goto cleanup; } @@ -193,20 +191,20 @@ expand_userid(krb5_context context, PTYPE param, const char *postfix, goto cleanup; } } else { - krb5_set_error_message(context, rv, "GetTokenInformation() returned " - "truncated buffer"); + k5_setmsg(context, rv, + "GetTokenInformation() returned truncated buffer"); goto cleanup; } if (!GetTokenInformation(hToken, TokenOwner, pOwner, len, &len)) { - krb5_set_error_message(context, rv, "GetTokenInformation() failed. " - "GLE=%d", GetLastError()); + k5_setmsg(context, rv, + "GetTokenInformation() failed. GLE=%d", GetLastError()); goto cleanup; } if (!ConvertSidToStringSid(pOwner->Owner, &strSid)) { - krb5_set_error_message(context, rv, "Can't convert SID to string. " - "GLE=%d", GetLastError()); + k5_setmsg(context, rv, + "Can't convert SID to string. GLE=%d", GetLastError()); goto cleanup; } @@ -243,8 +241,7 @@ expand_csidl(krb5_context context, PTYPE folder, const char *postfix, if (SHGetFolderPath(NULL, folder, NULL, SHGFP_TYPE_CURRENT, path) != S_OK) { - krb5_set_error_message(context, EINVAL, - "Unable to determine folder path"); + k5_setmsg(context, EINVAL, "Unable to determine folder path"); return EINVAL; } @@ -316,9 +313,8 @@ expand_username(krb5_context context, PTYPE param, const char *postfix, char pwbuf[BUFSIZ]; if (k5_getpwuid_r(euid, &pwx, pwbuf, sizeof(pwbuf), &pw) != 0) { - krb5_set_error_message(context, ENOENT, - _("Can't find username for uid %lu"), - (unsigned long)euid); + k5_setmsg(context, ENOENT, _("Can't find username for uid %lu"), + (unsigned long)euid); return ENOENT; } *str = strdup(pw->pw_name); @@ -406,7 +402,7 @@ expand_token(krb5_context context, const char *token, const char *token_end, if (token[0] != '%' || token[1] != '{' || token_end[0] != '}' || token_end - token <= 2) { - krb5_set_error_message(context, EINVAL, _("Invalid token")); + k5_setmsg(context, EINVAL, _("Invalid token")); return EINVAL; } @@ -422,7 +418,7 @@ expand_token(krb5_context context, const char *token, const char *token_end, } } - krb5_set_error_message(context, EINVAL, _("Invalid token")); + k5_setmsg(context, EINVAL, _("Invalid token")); return EINVAL; } @@ -506,7 +502,7 @@ k5_expand_path_tokens_extra(krb5_context context, const char *path_in, tok_end = strchr(tok_begin, '}'); if (tok_end == NULL) { ret = EINVAL; - krb5_set_error_message(context, ret, _("variable missing }")); + k5_setmsg(context, ret, _("variable missing }")); goto cleanup; } diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 113680954..2fade13ee 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -654,8 +654,8 @@ k5_locate_server(krb5_context context, const krb5_data *realm, memset(serverlist, 0, sizeof(*serverlist)); if (realm == NULL || realm->data == NULL || realm->data[0] == 0) { - krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE, - "Cannot find KDC for invalid realm name \"\""); + k5_setmsg(context, KRB5_REALM_CANT_RESOLVE, + "Cannot find KDC for invalid realm name \"\""); return KRB5_REALM_CANT_RESOLVE; } @@ -665,9 +665,9 @@ k5_locate_server(krb5_context context, const krb5_data *realm, if (serverlist->nservers == 0) { k5_free_serverlist(serverlist); - krb5_set_error_message(context, KRB5_REALM_UNKNOWN, - _("Cannot find KDC for realm \"%.*s\""), - realm->length, realm->data); + k5_setmsg(context, KRB5_REALM_UNKNOWN, + _("Cannot find KDC for realm \"%.*s\""), + realm->length, realm->data); return KRB5_REALM_UNKNOWN; } return 0; diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index f083c0fba..a7fa4612c 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -488,9 +488,9 @@ krb5_sendto_kdc(krb5_context context, const krb5_data *message, if (err == KDC_ERR_SVC_UNAVAILABLE) { retval = KRB5KDC_ERR_SVC_UNAVAILABLE; } else { - krb5_set_error_message(context, retval, - _("Cannot contact any KDC for realm " - "'%.*s'"), realm->length, realm->data); + k5_setmsg(context, retval, + _("Cannot contact any KDC for realm '%.*s'"), + realm->length, realm->data); } } if (retval) diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index 1930d7e9d..7e3b7e951 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -102,16 +102,15 @@ krb5_rc_io_mkstemp(krb5_context context, krb5_rc_iostuff *d, char *dir) */ retval = fstat(d->fd, &stbuf); if (retval) { - krb5_set_error_message(context, retval, - _("Cannot fstat replay cache file %s: %s"), - d->fn, strerror(errno)); + k5_setmsg(context, retval, + _("Cannot fstat replay cache file %s: %s"), + d->fn, strerror(errno)); return KRB5_RC_IO_UNKNOWN; } if (stbuf.st_mode & 077) { - krb5_set_error_message(context, retval, - _("Insecure mkstemp() file mode for replay " - "cache file %s; try running this program " - "with umask 077 "), d->fn); + k5_setmsg(context, retval, + _("Insecure mkstemp() file mode for replay cache file %s; " + "try running this program with umask 077"), d->fn); return KRB5_RC_IO_UNKNOWN; } #endif @@ -141,15 +140,14 @@ rc_map_errno (krb5_context context, int e, const char *fn, case EACCES: case EROFS: case EEXIST: - krb5_set_error_message(context, KRB5_RC_IO_PERM, - _("Cannot %s replay cache file %s: %s"), - operation, fn, strerror(e)); + k5_setmsg(context, KRB5_RC_IO_PERM, + _("Cannot %s replay cache file %s: %s"), + operation, fn, strerror(e)); return KRB5_RC_IO_PERM; default: - krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, - _("Cannot %s replay cache: %s"), - operation, strerror(e)); + k5_setmsg(context, KRB5_RC_IO_UNKNOWN, _("Cannot %s replay cache: %s"), + operation, strerror(e)); return KRB5_RC_IO_UNKNOWN; } } @@ -261,22 +259,20 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn, || (sb1.st_mode & S_IFMT) != S_IFREG) { retval = KRB5_RC_IO_PERM; - krb5_set_error_message(context, retval, - "rcache not a file %s", d->fn); + k5_setmsg(context, retval, "rcache not a file %s", d->fn); goto cleanup; } /* check that non other can read/write/execute the file */ if (sb1.st_mode & 077) { - krb5_set_error_message(context, retval, - _("Insecure file mode for replay cache file " - "%s"), d->fn); + k5_setmsg(context, retval, + _("Insecure file mode for replay cache file %s"), d->fn); return KRB5_RC_IO_UNKNOWN; } /* owned by me */ if (sb1.st_uid != geteuid()) { retval = KRB5_RC_IO_PERM; - krb5_set_error_message(context, retval, _("rcache not owned by %d"), - (int)geteuid()); + k5_setmsg(context, retval, _("rcache not owned by %d"), + (int)geteuid()); goto cleanup; } #endif @@ -398,20 +394,17 @@ krb5_rc_io_write(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf, #endif case EFBIG: case ENOSPC: - krb5_set_error_message (context, KRB5_RC_IO_SPACE, - _("Can't write to replay cache: %s"), - strerror(errno)); + k5_setmsg(context, KRB5_RC_IO_SPACE, + _("Can't write to replay cache: %s"), strerror(errno)); return KRB5_RC_IO_SPACE; case EIO: - krb5_set_error_message (context, KRB5_RC_IO_IO, - _("Can't write to replay cache: %s"), - strerror(errno)); + k5_setmsg(context, KRB5_RC_IO_IO, + _("Can't write to replay cache: %s"), strerror(errno)); return KRB5_RC_IO_IO; case EBADF: default: - krb5_set_error_message (context, KRB5_RC_IO_UNKNOWN, - _("Can't write to replay cache: %s"), - strerror(errno)); + k5_setmsg(context, KRB5_RC_IO_UNKNOWN, + _("Can't write to replay cache: %s"), strerror(errno)); return KRB5_RC_IO_UNKNOWN; } return 0; @@ -431,9 +424,8 @@ krb5_rc_io_sync(krb5_context context, krb5_rc_iostuff *d) case EBADF: return KRB5_RC_IO_UNKNOWN; case EIO: return KRB5_RC_IO_IO; default: - krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, - _("Cannot sync replay cache file: %s"), - strerror(errno)); + k5_setmsg(context, KRB5_RC_IO_UNKNOWN, + _("Cannot sync replay cache file: %s"), strerror(errno)); return KRB5_RC_IO_UNKNOWN; } } @@ -451,9 +443,8 @@ krb5_rc_io_read(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf, case EIO: return KRB5_RC_IO_IO; case EBADF: default: - krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, - _("Can't read from replay cache: %s"), - strerror(errno)); + k5_setmsg(context, KRB5_RC_IO_UNKNOWN, + _("Can't read from replay cache: %s"), strerror(errno)); return KRB5_RC_IO_UNKNOWN; } if (count < 0 || (unsigned int)count != num) @@ -483,22 +474,19 @@ krb5_rc_io_destroy(krb5_context context, krb5_rc_iostuff *d) switch(errno) { case EIO: - krb5_set_error_message(context, KRB5_RC_IO_IO, - _("Can't destroy replay cache: %s"), - strerror(errno)); + k5_setmsg(context, KRB5_RC_IO_IO, + _("Can't destroy replay cache: %s"), strerror(errno)); return KRB5_RC_IO_IO; case EPERM: case EBUSY: case EROFS: - krb5_set_error_message(context, KRB5_RC_IO_PERM, - _("Can't destroy replay cache: %s"), - strerror(errno)); + k5_setmsg(context, KRB5_RC_IO_PERM, + _("Can't destroy replay cache: %s"), strerror(errno)); return KRB5_RC_IO_PERM; case EBADF: default: - krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, - _("Can't destroy replay cache: %s"), - strerror(errno)); + k5_setmsg(context, KRB5_RC_IO_UNKNOWN, + _("Can't destroy replay cache: %s"), strerror(errno)); return KRB5_RC_IO_UNKNOWN; } return 0; diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index b0cd2a5e9..b2c449f5b 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -230,9 +230,9 @@ configure_context(krb5_context context, char *conf_section, char **db_args) dbc->hashfirst = TRUE; } else { status = EINVAL; - krb5_set_error_message(context, status, - _("Unsupported argument \"%s\" for db2"), - opt ? opt : val); + k5_setmsg(context, status, + _("Unsupported argument \"%s\" for db2"), + opt ? opt : val); goto cleanup; } } @@ -813,9 +813,8 @@ krb5_db2_put_principal(krb5_context context, krb5_db_entry *entry, krb5_clear_error_message (context); if (db_args) { /* DB2 does not support db_args DB arguments for principal */ - krb5_set_error_message(context, EINVAL, - _("Unsupported argument \"%s\" for db2"), - db_args[0]); + k5_setmsg(context, EINVAL, _("Unsupported argument \"%s\" for db2"), + db_args[0]); return EINVAL; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 4e0a9e8d7..8284f814f 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -215,10 +215,10 @@ has_sasl_external_mech(krb5_context context, char *ldap_server) "supportedSASLMechanisms", "EXTERNAL"); switch (ret) { case 1: /* not supported */ - krb5_set_error_message(context, 1, "%s", ERR_MSG2); + k5_setmsg(context, 1, "%s", ERR_MSG2); break; case 2: /* don't know */ - krb5_set_error_message(context, 1, "%s", ERR_MSG1); + k5_setmsg(context, 1, "%s", ERR_MSG1); break; default: break; @@ -298,7 +298,7 @@ int set_ldap_error(krb5_context ctx, int st, int op) { int translated_st = translate_ldap_error(st, op); - krb5_set_error_message(ctx, translated_st, "%s", ldap_err2string(st)); + k5_setmsg(ctx, translated_st, "%s", ldap_err2string(st)); return translated_st; } @@ -309,7 +309,7 @@ prepend_err_str(krb5_context ctx, const char *str, krb5_error_code err, const char *omsg; omsg = krb5_get_error_message(ctx, oerr); - krb5_set_error_message(ctx, err, "%s %s", str, omsg); + k5_setmsg(ctx, err, "%s %s", str, omsg); krb5_free_error_message(ctx, omsg); } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c index b9f70fd6c..3ebfb8764 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c @@ -46,14 +46,13 @@ krb5_validate_ldap_context(krb5_context context, if (ldap_context->bind_dn == NULL) { st = EINVAL; - krb5_set_error_message(context, st, _("LDAP bind dn value missing ")); + k5_setmsg(context, st, _("LDAP bind dn value missing ")); goto err_out; } if (ldap_context->bind_pwd == NULL && ldap_context->service_password_file == NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("LDAP bind password value missing ")); + k5_setmsg(context, st, _("LDAP bind password value missing ")); goto err_out; } @@ -71,8 +70,7 @@ krb5_validate_ldap_context(krb5_context context, /* NULL password not allowed */ if (ldap_context->bind_pwd != NULL && strlen(ldap_context->bind_pwd) == 0) { st = EINVAL; - krb5_set_error_message(context, st, - _("Service password length is zero")); + k5_setmsg(context, st, _("Service password length is zero")); goto err_out; } @@ -113,9 +111,9 @@ krb5_ldap_initialize(krb5_ldap_context *ldap_context, /* ldap init */ if ((st = ldap_initialize(&ldap_server_handle->ldap_handle, server_info->server_name)) != 0) { - krb5_set_error_message(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, - _("Cannot create LDAP handle for '%s': %s"), - server_info->server_name, ldap_err2string(st)); + k5_setmsg(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, + _("Cannot create LDAP handle for '%s': %s"), + server_info->server_name, ldap_err2string(st)); st = KRB5_KDB_ACCESS_ERROR; goto err_out; } @@ -125,10 +123,10 @@ krb5_ldap_initialize(krb5_ldap_context *ldap_context, server_info->server_status = ON; krb5_update_ldap_handle(ldap_server_handle, server_info); } else { - krb5_set_error_message(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, - _("Cannot bind to LDAP server '%s' as '%s'" - ": %s"), server_info->server_name, - ldap_context->bind_dn, ldap_err2string(st)); + k5_setmsg(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, + _("Cannot bind to LDAP server '%s' as '%s': %s"), + server_info->server_name, ldap_context->bind_dn, + ldap_err2string(st)); st = KRB5_KDB_ACCESS_ERROR; server_info->server_status = OFF; time(&server_info->downtime); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c index 4fcf5a025..9cbde9a96 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -128,8 +128,7 @@ cleanup: int rc; rc = krb5_ldap_delete_krbcontainer(context, ldap_context->container_dn); - krb5_set_error_message(context, rc, - _("could not complete roll-back, error " + k5_setmsg(context, rc, _("could not complete roll-back, error " "deleting Kerberos Container")); } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c index 2188b2d31..616a7e2f7 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c @@ -70,7 +70,6 @@ krb5_update_server_info(krb5_ldap_server_handle *ldap_server_handle, if ((st=ldap_result2error(ldap_server_handle->ldap_handle, result, 1)) == LDAP_SUCCESS) { server_info->server_status = ON; } else { - /* ?? */ krb5_set_error_message(0, 0, "%s", ldap_err2string(st)); server_info->server_status = OFF; time(&server_info->downtime); } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c index e3b42f55a..4ef7f2e75 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c @@ -55,8 +55,7 @@ krb5_ldap_read_krbcontainer_dn(krb5_context context, char **container_dn) if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section, KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL, &dn)) != 0) { - krb5_set_error_message(context, st, - _("Error reading kerberos container " + k5_setmsg(context, st, _("Error reading kerberos container " "location from krb5.conf")); goto cleanup; } @@ -67,8 +66,7 @@ krb5_ldap_read_krbcontainer_dn(krb5_context context, char **container_dn) if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION, KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL, NULL, &dn)) != 0) { - krb5_set_error_message(context, st, - _("Error reading kerberos container " + k5_setmsg(context, st, _("Error reading kerberos container " "location from krb5.conf")); goto cleanup; } @@ -76,8 +74,7 @@ krb5_ldap_read_krbcontainer_dn(krb5_context context, char **container_dn) if (dn == NULL) { st = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message(context, st, - _("Kerberos container location not specified")); + k5_setmsg(context, st, _("Kerberos container location not specified")); goto cleanup; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c index 8776ab513..8d72832bb 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -84,8 +84,8 @@ prof_get_integer_def(krb5_context ctx, const char *conf_section, KDB_MODULE_SECTION, conf_section, name, 0, &out_temp); if (err) { - krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"), - name, error_message(err)); + k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name, + error_message(err)); return err; } if (out_temp != 0) { @@ -96,8 +96,8 @@ prof_get_integer_def(krb5_context ctx, const char *conf_section, KDB_MODULE_DEF_SECTION, name, 0, dfl, &out_temp); if (err) { - krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"), - name, error_message(err)); + k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name, + error_message(err)); return err; } *out = out_temp; @@ -116,8 +116,8 @@ prof_get_boolean_def(krb5_context ctx, const char *conf_section, err = profile_get_boolean(ctx->profile, KDB_MODULE_SECTION, conf_section, name, -1, &out_temp); if (err) { - krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"), - name, error_message(err)); + k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name, + error_message(err)); return err; } if (out_temp != -1) { @@ -127,8 +127,8 @@ prof_get_boolean_def(krb5_context ctx, const char *conf_section, err = profile_get_boolean(ctx->profile, KDB_MODULE_DEF_SECTION, name, 0, dfl, &out_temp); if (err) { - krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"), - name, error_message(err)); + k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name, + error_message(err)); return err; } *out = out_temp; @@ -147,8 +147,8 @@ prof_get_string_def(krb5_context ctx, const char *conf_section, KDB_MODULE_SECTION, conf_section, name, 0, out); if (err) { - krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"), - name, error_message(err)); + k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name, + error_message(err)); return err; } if (*out != 0) @@ -157,8 +157,8 @@ prof_get_string_def(krb5_context ctx, const char *conf_section, KDB_MODULE_DEF_SECTION, name, 0, 0, out); if (err) { - krb5_set_error_message(ctx, err, _("Error reading '%s' attribute: %s"), - name, error_message(err)); + k5_setmsg(ctx, err, _("Error reading '%s' attribute: %s"), name, + error_message(err)); return err; } return 0; @@ -248,15 +248,14 @@ krb5_ldap_parse_db_params(krb5_context context, char **db_args) /* "temporary" is passed by kdb5_util load without -update, * which we don't support. */ status = EINVAL; - krb5_set_error_message(context, status, - _("KDB module requires -update argument")); + k5_setmsg(context, status, + _("KDB module requires -update argument")); goto cleanup; } if (val == NULL) { status = EINVAL; - krb5_set_error_message(context, status, _("'%s' value missing"), - opt); + k5_setmsg(context, status, _("'%s' value missing"), opt); goto cleanup; } @@ -286,8 +285,7 @@ krb5_ldap_parse_db_params(krb5_context context, char **db_args) lctx->ldap_debug = atoi(val); } else { status = EINVAL; - krb5_set_error_message(context, status, _("unknown option '%s'"), - opt); + k5_setmsg(context, status, _("unknown option '%s'"), opt); goto cleanup; } @@ -359,8 +357,8 @@ krb5_ldap_read_server_params(krb5_context context, char *conf_section, if (ldap_context->max_server_conns < 2) { st = EINVAL; - krb5_set_error_message(context, st, _("Minimum connections required " - "per server is 2")); + k5_setmsg(context, st, + _("Minimum connections required per server is 2")); goto cleanup; } @@ -406,8 +404,8 @@ krb5_ldap_read_server_params(krb5_context context, char *conf_section, if (ldap_context->server_info_list == NULL) { if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section, KRB5_CONF_LDAP_SERVERS, NULL, &tempval)) != 0) { - krb5_set_error_message(context, st, _("Error reading " - "'ldap_servers' attribute")); + k5_setmsg(context, st, + _("Error reading 'ldap_servers' attribute")); goto cleanup; } @@ -1327,7 +1325,7 @@ krb5_error_code krb5_ldap_lock(krb5_context kcontext, int mode) { krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP; - krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status)); + k5_setmsg(kcontext, status, "LDAP %s", error_message(status)); return status; } @@ -1335,7 +1333,7 @@ krb5_error_code krb5_ldap_unlock(krb5_context kcontext) { krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP; - krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status)); + k5_setmsg(kcontext, status, "LDAP %s", error_message(status)); return status; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c index 47ba5f022..81d5cbab6 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c @@ -156,7 +156,7 @@ krb5_ldap_iterate(krb5_context context, char *match_expr, realm = context->default_realm; if (realm == NULL) { st = EINVAL; - krb5_set_error_message(context, st, _("Default realm not set")); + k5_setmsg(context, st, _("Default realm not set")); goto cleanup; } } @@ -256,7 +256,7 @@ krb5_ldap_delete_principal(krb5_context context, if (DN == NULL) { st = EINVAL; - krb5_set_error_message(context, st, _("DN information missing")); + k5_setmsg(context, st, _("DN information missing")); goto cleanup; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index c30599e72..00702730b 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -105,8 +105,7 @@ krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor, if (is_principal_in_realm(ldap_context, searchfor) != 0) { st = KRB5_KDB_NOENTRY; - krb5_set_error_message(context, st, - _("Principal does not belong to realm")); + k5_setmsg(context, st, _("Principal does not belong to realm")); goto cleanup; } @@ -276,9 +275,8 @@ process_db_args(krb5_context context, char **db_args, xargs_t *xargs, xargs->dn != NULL || xargs->containerdn != NULL || xargs->linkdn != NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("%s option not supported"), - arg); + k5_setmsg(context, st, _("%s option not supported"), + arg); goto cleanup; } dptr = &xargs->dn; @@ -286,41 +284,36 @@ process_db_args(krb5_context context, char **db_args, xargs_t *xargs, if (optype == MODIFY_PRINCIPAL || xargs->dn != NULL || xargs->containerdn != NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("%s option not supported"), - arg); + k5_setmsg(context, st, _("%s option not supported"), + arg); goto cleanup; } dptr = &xargs->containerdn; } else if (strcmp(arg, LINKDN_ARG) == 0) { if (xargs->dn != NULL || xargs->linkdn != NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("%s option not supported"), - arg); + k5_setmsg(context, st, _("%s option not supported"), + arg); goto cleanup; } dptr = &xargs->linkdn; } else { st = EINVAL; - krb5_set_error_message(context, st, - _("unknown option: %s"), arg); + k5_setmsg(context, st, _("unknown option: %s"), arg); goto cleanup; } xargs->dn_from_kbd = TRUE; if (arg_val == NULL || strlen(arg_val) == 0) { st = EINVAL; - krb5_set_error_message(context, st, - _("%s option value missing"), arg); + k5_setmsg(context, st, _("%s option value missing"), arg); goto cleanup; } } if (arg_val == NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("%s option value missing"), arg); + k5_setmsg(context, st, _("%s option value missing"), arg); goto cleanup; } arg_val_len = strlen(arg_val) + 1; @@ -522,8 +515,8 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, if (is_principal_in_realm(ldap_context, entry->princ) != 0) { st = EINVAL; - krb5_set_error_message(context, st, _("Principal does not belong to " - "the default realm")); + k5_setmsg(context, st, + _("Principal does not belong to the default realm")); goto cleanup; } @@ -592,11 +585,10 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, ldap_msgfree(result); free(filter); st = EINVAL; - krb5_set_error_message(context, st, - _("operation can not continue, " - "more than one entry with " - "principal name \"%s\" found"), - user); + k5_setmsg(context, st, + _("operation can not continue, more than one " + "entry with principal name \"%s\" found"), + user); goto cleanup; } else if (numlentries == 1) { found_entry = TRUE; @@ -739,8 +731,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, if (outofsubtree == TRUE) { st = EINVAL; - krb5_set_error_message(context, st, - _("DN is out of the realm subtree")); + k5_setmsg(context, st, _("DN is out of the realm subtree")); goto cleanup; } @@ -796,7 +787,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, st = EINVAL; snprintf(errbuf, sizeof(errbuf), _("ldap object is already kerberized")); - krb5_set_error_message(context, st, "%s", errbuf); + k5_setmsg(context, st, "%s", errbuf); goto cleanup; } @@ -817,7 +808,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, snprintf(errbuf, sizeof(errbuf), _("link information can not be set/updated as the " "kerberos principal belongs to an ldap object")); - krb5_set_error_message(context, st, "%s", errbuf); + k5_setmsg(context, st, "%s", errbuf); goto cleanup; } /* @@ -831,7 +822,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, if ((st=krb5_get_linkdn(context, entry, &linkdns)) != 0) { snprintf(errbuf, sizeof(errbuf), _("Failed getting object references")); - krb5_set_error_message(context, st, "%s", errbuf); + k5_setmsg(context, st, "%s", errbuf); goto cleanup; } if (linkdns != NULL) { @@ -839,7 +830,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, snprintf(errbuf, sizeof(errbuf), _("kerberos principal is already linked to a ldap " "object")); - krb5_set_error_message(context, st, "%s", errbuf); + k5_setmsg(context, st, "%s", errbuf); for (j=0; linkdns[j] != NULL; ++j) free (linkdns[j]); free (linkdns); @@ -1001,7 +992,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, goto cleanup; } else { st = EINVAL; - krb5_set_error_message(context, st, "Password policy value null"); + k5_setmsg(context, st, "Password policy value null"); goto cleanup; } } else if (entry->mask & KADM5_LOAD && found_entry == TRUE) { @@ -1196,7 +1187,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, _("Principal delete failed (trying to replace " "entry): %s"), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); - krb5_set_error_message(context, st, "%s", errbuf); + k5_setmsg(context, st, "%s", errbuf); goto cleanup; } else { st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL); @@ -1206,7 +1197,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, snprintf(errbuf, sizeof(errbuf), _("Principal add failed: %s"), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); - krb5_set_error_message(context, st, "%s", errbuf); + k5_setmsg(context, st, "%s", errbuf); goto cleanup; } } else { @@ -1244,7 +1235,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, snprintf(errbuf, sizeof(errbuf), _("User modification failed: %s"), ldap_err2string(st)); st = translate_ldap_error (st, OP_MOD); - krb5_set_error_message(context, st, "%s", errbuf); + k5_setmsg(context, st, "%s", errbuf); goto cleanup; } @@ -1373,9 +1364,9 @@ krb5_decode_krbsecretkey(krb5_context context, krb5_db_entry *entries, if (st != 0) { const char *msg = error_message(st); st = -1; /* Something more appropriate ? */ - krb5_set_error_message(context, st, _("unable to decode stored " - "principal key data (%s)"), - msg); + k5_setmsg(context, st, + _("unable to decode stored principal key data (%s)"), + msg); goto cleanup; } noofkeys += n_kd; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 032be6f97..086c4588b 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -220,8 +220,7 @@ krb5_ldap_delete_realm (krb5_context context, char *lrealm) if (lrealm == NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("Realm information not available")); + k5_setmsg(context, st, _("Realm information not available")); goto cleanup; } @@ -306,8 +305,8 @@ krb5_ldap_delete_realm (krb5_context context, char *lrealm) if ((st=ldap_delete_ext_s(ld, ldap_context->lrparams->realmdn, NULL, NULL)) != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_DEL); - krb5_set_error_message(context, st, _("Realm Delete FAILED: %s"), - ldap_err2string(ost)); + k5_setmsg(context, st, _("Realm Delete FAILED: %s"), + ldap_err2string(ost)); } cleanup: @@ -480,8 +479,7 @@ krb5_ldap_create_krbcontainer(krb5_context context, const char *dn) if (dn == NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("Kerberos Container information is missing")); + k5_setmsg(context, st, _("Kerberos Container information is missing")); goto cleanup; } @@ -493,8 +491,7 @@ krb5_ldap_create_krbcontainer(krb5_context context, const char *dn) rdns = ldap_explode_dn(dn, 1); if (rdns == NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("Invalid Kerberos container DN")); + k5_setmsg(context, st, _("Invalid Kerberos container DN")); goto cleanup; } @@ -510,9 +507,8 @@ krb5_ldap_create_krbcontainer(krb5_context context, const char *dn) if (st != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_ADD); - krb5_set_error_message(context, st, - _("Kerberos Container create FAILED: %s"), - ldap_err2string(ost)); + k5_setmsg(context, st, _("Kerberos Container create FAILED: %s"), + ldap_err2string(ost)); goto cleanup; } @@ -546,8 +542,7 @@ krb5_ldap_delete_krbcontainer(krb5_context context, const char *dn) if (dn == NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("Kerberos Container information is missing")); + k5_setmsg(context, st, _("Kerberos Container information is missing")); goto cleanup; } @@ -555,9 +550,8 @@ krb5_ldap_delete_krbcontainer(krb5_context context, const char *dn) if ((st = ldap_delete_ext_s(ld, dn, NULL, NULL)) != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_ADD); - krb5_set_error_message(context, st, - _("Kerberos Container delete FAILED: %s"), - ldap_err2string(ost)); + k5_setmsg(context, st, _("Kerberos Container delete FAILED: %s"), + ldap_err2string(ost)); goto cleanup; } @@ -923,6 +917,6 @@ krb5_ldap_delete_realm_1(krb5_context kcontext, char *conf_section, char **db_args) { krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP; - krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status)); + k5_setmsg(kcontext, status, "LDAP %s", error_message(status)); return status; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c index 32e2af005..36e6d597e 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c @@ -46,15 +46,14 @@ dec_password(krb5_context context, const char *str, *password_out = NULL; if (strncmp(str, "{HEX}", 5) != 0) { - krb5_set_error_message(context, EINVAL, - _("Not a hexadecimal password")); + k5_setmsg(context, EINVAL, _("Not a hexadecimal password")); return EINVAL; } str += 5; len = strlen(str); if (len % 2 != 0) { - krb5_set_error_message(context, EINVAL, _("Password corrupt")); + k5_setmsg(context, EINVAL, _("Password corrupt")); return EINVAL; } @@ -65,7 +64,7 @@ dec_password(krb5_context context, const char *str, for (p = (unsigned char *)str; *p != '\0'; p += 2) { if (!isxdigit(*p) || !isxdigit(p[1])) { free(password); - krb5_set_error_message(context, EINVAL, _("Password corrupt")); + k5_setmsg(context, EINVAL, _("Password corrupt")); return EINVAL; } sscanf((char *)p, "%2x", &k); @@ -99,9 +98,8 @@ krb5_ldap_readpassword(krb5_context context, krb5_ldap_context *ldap_context, fptr = fopen(file, "r"); if (fptr == NULL) { st = errno; - krb5_set_error_message(context, st, - _("Cannot open LDAP password file '%s': %s"), - file, error_message(st)); + k5_setmsg(context, st, _("Cannot open LDAP password file '%s': %s"), + file, error_message(st)); goto rp_exit; } set_cloexec_file(fptr); @@ -129,9 +127,9 @@ krb5_ldap_readpassword(krb5_context context, krb5_ldap_context *ldap_context, if (entryfound == 0) { st = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message(context, st, _("Bind DN entry '%s' missing in " - "LDAP password file '%s'"), - ldap_context->bind_dn, file); + k5_setmsg(context, st, + _("Bind DN entry '%s' missing in LDAP password file '%s'"), + ldap_context->bind_dn, file); goto rp_exit; } /* replace the \n with \0 */ @@ -143,7 +141,7 @@ krb5_ldap_readpassword(krb5_context context, krb5_ldap_context *ldap_context, if (start == NULL) { /* password field missing */ st = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message(context, st, _("Stash file entry corrupt")); + k5_setmsg(context, st, _("Stash file entry corrupt")); goto rp_exit; } ++ start; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c index 99b54017e..5fe3164e3 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c @@ -53,7 +53,7 @@ krb5_ldap_create_policy(krb5_context context, krb5_ldap_policy_params *policy, /* validate the input parameters */ if (policy == NULL || policy->policy == NULL) { st = EINVAL; - krb5_set_error_message(context, st, _("Ticket Policy Name missing")); + k5_setmsg(context, st, _("Ticket Policy Name missing")); goto cleanup; } @@ -129,7 +129,7 @@ krb5_ldap_modify_policy(krb5_context context, krb5_ldap_policy_params *policy, /* validate the input parameters */ if (policy == NULL || policy->policy==NULL) { st = EINVAL; - krb5_set_error_message(context, st, _("Ticket Policy Name missing")); + k5_setmsg(context, st, _("Ticket Policy Name missing")); goto cleanup; } @@ -206,8 +206,7 @@ krb5_ldap_read_policy(krb5_context context, char *policyname, /* validate the input parameters */ if (policyname == NULL || policy == NULL) { st = EINVAL; - krb5_set_error_message(context, st, - _("Ticket Policy Object information missing")); + k5_setmsg(context, st, _("Ticket Policy Object information missing")); goto cleanup; } diff --git a/src/plugins/preauth/securid_sam2/securid2.c b/src/plugins/preauth/securid_sam2/securid2.c index e3c8c7dae..ca99ce3ef 100644 --- a/src/plugins/preauth/securid_sam2/securid2.c +++ b/src/plugins/preauth/securid_sam2/securid2.c @@ -306,9 +306,9 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client, if ((sr2->sam_enc_nonce_or_sad.ciphertext.data == NULL) || (sr2->sam_enc_nonce_or_sad.ciphertext.length <= 0)) { retval = KRB5KDC_ERR_PREAUTH_FAILED; - krb5_set_error_message(context, retval, - "No preauth data supplied in " - "verify_securid_data_2 (%s)", user); + k5_setmsg(context, retval, + "No preauth data supplied in verify_securid_data_2 (%s)", + user); goto cleanup; } -- cgit