Use k5_setmsg

Replace most calls to krb5_set_error_message with k5_setmsg for brevity. Leave alone plugin sources where we don't include k5-int.h (mostly PKINIT).
krb5 · Jun 5, 2014 · a7b5808 · a7b5808
1 parent 06b91d1
commit a7b5808
Show file tree

Hide file tree

Showing 46 changed files with 360 additions and 445 deletions.
diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c
@@ -59,26 +59,25 @@ static krb5_error_code armor_ap_request
                          kdc_active_realm->realm_keytab,  NULL, &ticket);
     if (retval != 0) {
         const char * errmsg = krb5_get_error_message(kdc_context, retval);
-        krb5_set_error_message(kdc_context, retval,
-                               _("%s while handling ap-request armor"),
-                               errmsg);
+        k5_setmsg(kdc_context, retval, _("%s while handling ap-request armor"),
+                  errmsg);
         krb5_free_error_message(kdc_context, errmsg);
     }
     if (retval == 0) {
         if (!krb5_principal_compare_any_realm(kdc_context,
                                               tgs_server,
                                               ticket->server)) {
-            krb5_set_error_message(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH,
-                                   _("ap-request armor for something other "
-                                     "than the local TGS"));
+            k5_setmsg(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH,
+                      _("ap-request armor for something other than the local "
+                        "TGS"));
             retval = KRB5KDC_ERR_SERVER_NOMATCH;
         }
     }
     if (retval == 0) {
         retval = krb5_auth_con_getrecvsubkey(kdc_context, authcontext, &subkey);
         if (retval != 0 || subkey == NULL) {
-            krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
-                                   _("ap-request armor without subkey"));
+            k5_setmsg(kdc_context, KRB5KDC_ERR_POLICY,
+                      _("ap-request armor without subkey"));
             retval = KRB5KDC_ERR_POLICY;
         }
     }
@@ -159,17 +158,16 @@ kdc_find_fast(krb5_kdc_req **requestptr,
             case KRB5_FAST_ARMOR_AP_REQUEST:
                 if (tgs_subkey) {
                     retval = KRB5KDC_ERR_PREAUTH_FAILED;
-                    krb5_set_error_message(kdc_context, retval,
-                                           _("Ap-request armor not permitted "
-                                             "with TGS"));
+                    k5_setmsg(kdc_context, retval,
+                              _("Ap-request armor not permitted with TGS"));
                     break;
                 }
                 retval = armor_ap_request(state, fast_armored_req->armor);
                 break;
             default:
-                krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
-                                       _("Unknown FAST armor type %d"),
-                                       fast_armored_req->armor->armor_type);
+                k5_setmsg(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
+                          _("Unknown FAST armor type %d"),
+                          fast_armored_req->armor->armor_type);
                 retval = KRB5KDC_ERR_PREAUTH_FAILED;
             }
         }
@@ -181,9 +179,8 @@ kdc_find_fast(krb5_kdc_req **requestptr,
                                               &state->armor_key);
             else {
                 retval = KRB5KDC_ERR_PREAUTH_FAILED;
-                krb5_set_error_message(kdc_context, retval,
-                                       _("No armor key but FAST armored "
-                                         "request present"));
+                k5_setmsg(kdc_context, retval,
+                          _("No armor key but FAST armored request present"));
             }
         }
         if (retval == 0) {
@@ -218,15 +215,14 @@ kdc_find_fast(krb5_kdc_req **requestptr,
                                             &cksum_valid);
         if (retval == 0 && !cksum_valid) {
             retval = KRB5KRB_AP_ERR_MODIFIED;
-            krb5_set_error_message(kdc_context, retval,
-                                   _("FAST req_checksum invalid; request "
-                                     "modified"));
+            k5_setmsg(kdc_context, retval,
+                      _("FAST req_checksum invalid; request modified"));
         }
         if (retval == 0) {
             if (!krb5_c_is_keyed_cksum(cksum->checksum_type)) {
                 retval = KRB5KDC_ERR_POLICY;
-                krb5_set_error_message(kdc_context, retval,
-                                       _("Unkeyed checksum used in fast_req"));
+                k5_setmsg(kdc_context, retval,
+                          _("Unkeyed checksum used in fast_req"));
             }
         }
         if (retval == 0) {

diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c
@@ -71,9 +71,8 @@ ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
 
     if (armor_key == NULL) {
         retval = ENOENT;
-        krb5_set_error_message(context, ENOENT,
-                               _("Encrypted Challenge used outside of FAST "
-                                 "tunnel"));
+        k5_setmsg(context, ENOENT,
+                  _("Encrypted Challenge used outside of FAST tunnel"));
     }
     scratch.data = (char *) data->contents;
     scratch.length = data->length;
@@ -107,9 +106,8 @@ ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
         }
         if (client_keys[i].enctype == 0) {
             retval = KRB5KDC_ERR_PREAUTH_FAILED;
-            krb5_set_error_message(context, retval,
-                                   _("Incorrect password in encrypted "
-                                     "challenge"));
+            k5_setmsg(context, retval,
+                      _("Incorrect password in encrypted challenge"));
         }
     }
     if (retval == 0)

diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
@@ -286,8 +286,8 @@ kdc_process_tgs_req(kdc_realm_t *kdc_active_realm,
     if (retval != 0)
         goto cleanup_authenticator;
     if (authdata&& authdata[0]) {
-        krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
-                               "ticket valid only as FAST armor");
+        k5_setmsg(kdc_context, KRB5KDC_ERR_POLICY,
+                  "ticket valid only as FAST armor");
         retval = KRB5KDC_ERR_POLICY;
         krb5_free_authdata(kdc_context, authdata);
         goto cleanup_authenticator;

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
@@ -162,9 +162,8 @@ check_keytab(krb5_context context, krb5_keytab kt, krb5_gss_name_t name)
     if (code == KRB5_KT_END) {
         code = KRB5_KT_NOTFOUND;
         if (krb5_unparse_name(context, accprinc, &princname) == 0) {
-            krb5_set_error_message(context, code,
-                                   _("No key table entry found matching %s"),
-                                   princname);
+            k5_setmsg(context, code, _("No key table entry found matching %s"),
+                      princname);
             free(princname);
         }
     }

diff --git a/src/lib/gssapi/krb5/disp_status.c b/src/lib/gssapi/krb5/disp_status.c
@@ -142,7 +142,7 @@ void krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx)
     save_error_string(minor_code, s);
     /* The get_error_message call above resets the error message in
        ctx.  Put it back, in case we make this call again *sigh*.  */
-    krb5_set_error_message(ctx, (krb5_error_code)minor_code, "%s", s);
+    k5_setmsg(ctx, (krb5_error_code)minor_code, "%s", s);
     krb5_free_error_message(ctx, s);
 }
 void krb5_gss_delete_error_info(void *p)

diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
@@ -851,10 +851,9 @@ kadm5_get_admin_service_name(krb5_context ctx, char *realm_in,
     err = getaddrinfo(params_out.admin_server, NULL, &hint, &ai);
     if (err != 0) {
         ret = KADM5_CANT_RESOLVE;
-        krb5_set_error_message(ctx, ret,
-                               _("Cannot resolve address of admin server "
-                                 "\"%s\" for realm \"%s\""),
-                               params_out.admin_server, realm_in);
+        k5_setmsg(ctx, ret,
+                  _("Cannot resolve address of admin server \"%s\" for realm "
+                    "\"%s\""), params_out.admin_server, realm_in);
         goto err_params;
     }
     if (strlen(ai->ai_canonname) + sizeof("kadmin/") > maxlen) {

diff --git a/src/lib/kadm5/srv/pwqual_empty.c b/src/lib/kadm5/srv/pwqual_empty.c
@@ -26,7 +26,7 @@
 
 /* Password quality module to reject empty passwords */
 
-#include "k5-platform.h"
+#include "k5-int.h"
 #include <krb5/pwqual_plugin.h>
 #include "server_internal.h"
 
@@ -38,8 +38,8 @@ empty_check(krb5_context context, krb5_pwqual_moddata data,
     /* Unlike other built-in modules, this one operates even for principals
      * with no password policy. */
     if (*password == '\0') {
-        krb5_set_error_message(context, KADM5_PASS_Q_TOOSHORT,
-                               _("Empty passwords are not allowed"));
+        k5_setmsg(context, KADM5_PASS_Q_TOOSHORT,
+                  _("Empty passwords are not allowed"));
         return KADM5_PASS_Q_TOOSHORT;
     }
     return 0;

diff --git a/src/lib/kadm5/srv/pwqual_hesiod.c b/src/lib/kadm5/srv/pwqual_hesiod.c
@@ -29,7 +29,7 @@
  * passwd information, if the tree is compiled with Hesiod support.
  */
 
-#include "k5-platform.h"
+#include "k5-int.h"
 #include <krb5/pwqual_plugin.h>
 #include "server_internal.h"
 #include <ctype.h>
@@ -110,9 +110,8 @@ hesiod_check(krb5_context context, krb5_pwqual_moddata data,
     for (i = 0; i < n; i++) {
         ent = hes_getpwnam(cp);
         if (ent && ent->pw_gecos && str_check_gecos(ent->pw_gecos, password)) {
-            krb5_set_error_message(context, KADM5_PASS_Q_DICT,
-                                   _("Password may not match user "
-                                     "information."));
+            k5_setmsg(context, KADM5_PASS_Q_DICT,
+                      _("Password may not match user information."));
             return KADM5_PASS_Q_DICT;
         }
     }

diff --git a/src/lib/kadm5/srv/pwqual_princ.c b/src/lib/kadm5/srv/pwqual_princ.c
@@ -26,7 +26,7 @@
 
 /* Password quality module to check passwords against principal components */
 
-#include "k5-platform.h"
+#include "k5-int.h"
 #include <krb5/pwqual_plugin.h>
 #include "server_internal.h"
 
@@ -50,8 +50,8 @@ princ_check(krb5_context context, krb5_pwqual_moddata data,
     for (i = 0; i < n; i++) {
         cp = krb5_princ_component(handle->context, princ, i)->data;
         if (strcasecmp(cp, password) == 0) {
-            krb5_set_error_message(context, KADM5_PASS_Q_DICT,
-                                   _("Password may not match principal name"));
+            k5_setmsg(context, KADM5_PASS_Q_DICT,
+                      _("Password may not match principal name"));
             return KADM5_PASS_Q_DICT;
         }
     }

diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
@@ -190,8 +190,8 @@ kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock **keyblocks_out,
 
     if (kdb->n_key_data <= 0) {
         ret = KRB5_KDB_NO_MATCHING_KEY;
-        krb5_set_error_message(handle->context, ret,
-                               _("History entry contains no key data"));
+        k5_setmsg(handle->context, ret,
+                  _("History entry contains no key data"));
         goto done;
     }
 

diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
@@ -218,9 +218,8 @@ get_conf_section(krb5_context context, char **section)
 
     status = krb5_get_default_realm(context, &defrealm);
     if (status) {
-        krb5_set_error_message(context, KRB5_KDB_SERVER_INTERNAL_ERR,
-                               _("No default realm set; cannot initialize "
-                                 "KDB"));
+        k5_setmsg(context, KRB5_KDB_SERVER_INTERNAL_ERR,
+                  _("No default realm set; cannot initialize KDB"));
         return KRB5_KDB_SERVER_INTERNAL_ERR;
     }
     status = profile_get_string(context->profile,
@@ -324,9 +323,8 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr)
         vftabl_addr = &krb5_ldap_kdb_function_table;
 #endif
     if (!vftabl_addr) {
-        krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND,
-                               _("Unable to find requested database type: %s"),
-                               lib_name);
+        k5_setmsg(kcontext, KRB5_KDB_DBTYPE_NOTFOUND,
+                  _("Unable to find requested database type: %s"), lib_name);
         return KRB5_PLUGIN_OP_NOTSUPP;
     }
 
@@ -407,9 +405,8 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib)
                                             &(*lib)->dl_dir_handle, &kcontext->err))) {
         const char *err_str = krb5_get_error_message(kcontext, status);
         status = KRB5_KDB_DBTYPE_NOTFOUND;
-        krb5_set_error_message(kcontext, status,
-                               _("Unable to find requested database type: %s"),
-                               err_str);
+        k5_setmsg(kcontext, status,
+                  _("Unable to find requested database type: %s"), err_str);
         krb5_free_error_message(kcontext, err_str);
         goto clean_n_exit;
     }
@@ -418,20 +415,19 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib)
                                                &vftabl_addrs, &kcontext->err))) {
         const char *err_str = krb5_get_error_message(kcontext, status);
         status = KRB5_KDB_DBTYPE_INIT;
-        krb5_set_error_message(kcontext, status,
-                               _("plugin symbol 'kdb_function_table' lookup "
-                                 "failed: %s"), err_str);
+        k5_setmsg(kcontext, status,
+                  _("plugin symbol 'kdb_function_table' lookup failed: %s"),
+                  err_str);
         krb5_free_error_message(kcontext, err_str);
         goto clean_n_exit;
     }
 
     if (vftabl_addrs[0] == NULL) {
         /* No plugins! */
         status = KRB5_KDB_DBTYPE_NOTFOUND;
-        krb5_set_error_message(kcontext, status,
-                               _("Unable to load requested database module "
-                                 "'%s': plugin symbol 'kdb_function_table' "
-                                 "not found"), lib_name);
+        k5_setmsg(kcontext, status,
+                  _("Unable to load requested database module '%s': plugin "
+                    "symbol 'kdb_function_table' not found"), lib_name);
         goto clean_n_exit;
     }
 
@@ -1653,9 +1649,9 @@ krb5_dbe_lookup_mkey_aux(krb5_context context, krb5_db_entry *entry,
                 prev_data = new_data;
             }
         } else {
-            krb5_set_error_message(context, KRB5_KDB_BAD_VERSION,
-                                   _("Illegal version number for "
-                                     "KRB5_TL_MKEY_AUX %d\n"), version);
+            k5_setmsg(context, KRB5_KDB_BAD_VERSION,
+                      _("Illegal version number for KRB5_TL_MKEY_AUX %d\n"),
+                      version);
             return (KRB5_KDB_BAD_VERSION);
         }
     }
@@ -1822,9 +1818,9 @@ krb5_dbe_lookup_actkvno(krb5_context context, krb5_db_entry *entry,
                 next_tuple += ACTKVNO_TUPLE_SIZE;
             }
         } else {
-            krb5_set_error_message(context, KRB5_KDB_BAD_VERSION,
-                                   _("Illegal version number for "
-                                     "KRB5_TL_ACTKVNO %d\n"), version);
+            k5_setmsg(context, KRB5_KDB_BAD_VERSION,
+                      _("Illegal version number for KRB5_TL_ACTKVNO %d\n"),
+                      version);
             return (KRB5_KDB_BAD_VERSION);
         }
     }

diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
@@ -160,9 +160,9 @@ krb5_def_store_mkey_list(krb5_context       context,
         /* if keyfile exists it better be a regular file */
         if (!S_ISREG(stb.st_mode)) {
             retval = EINVAL;
-            krb5_set_error_message(context, retval,
-                                   _("keyfile (%s) is not a regular file: %s"),
-                                   keyfile, error_message(retval));
+            k5_setmsg(context, retval,
+                      _("keyfile (%s) is not a regular file: %s"),
+                      keyfile, error_message(retval));
             goto out;
         }
     }
@@ -173,8 +173,8 @@ krb5_def_store_mkey_list(krb5_context       context,
      */
     retval = asprintf(&tmp_ktname, "FILE:%s_tmp", keyfile);
     if (retval < 0) {
-        krb5_set_error_message(context, retval,
-                               _("Could not create temp keytab file name."));
+        k5_setmsg(context, retval,
+                  _("Could not create temp keytab file name."));
         goto out;
     }
 
@@ -198,9 +198,8 @@ krb5_def_store_mkey_list(krb5_context       context,
         goto out;
     } else if (statrc == 0) {
         retval = EEXIST;
-        krb5_set_error_message(context, retval,
-                               _("Temporary stash file already exists: %s."),
-                               tmp_ktpath);
+        k5_setmsg(context, retval,
+                  _("Temporary stash file already exists: %s."), tmp_ktpath);
         goto out;
     }
 
@@ -227,10 +226,9 @@ krb5_def_store_mkey_list(krb5_context       context,
         /* Atomically rename temp keyfile to original filename. */
         if (rename(tmp_ktpath, keyfile) < 0) {
             retval = errno;
-            krb5_set_error_message(context, retval,
-                                   _("rename of temporary keyfile (%s) to "
-                                     "(%s) failed: %s"), tmp_ktpath, keyfile,
-                                   error_message(errno));
+            k5_setmsg(context, retval,
+                      _("rename of temporary keyfile (%s) to (%s) failed: %s"),
+                      tmp_ktpath, keyfile, error_message(errno));
         }
     }
 
@@ -417,9 +415,9 @@ krb5_db_def_fetch_mkey(krb5_context   context,
      * key, but set a message indicating the actual error.
      */
     if (retval != 0) {
-        krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED,
-                               _("Can not fetch master key (error: %s)."),
-                               error_message(retval));
+        k5_setmsg(context, KRB5_KDB_CANTREAD_STORED,
+                  _("Can not fetch master key (error: %s)."),
+                  error_message(retval));
         return KRB5_KDB_CANTREAD_STORED;
     } else
         return 0;
@@ -480,9 +478,9 @@ krb5_def_fetch_mkey_list(krb5_context        context,
             }
         }
         if (found_key != TRUE) {
-            krb5_set_error_message(context, KRB5_KDB_BADMASTERKEY,
-                                   _("Unable to decrypt latest master key "
-                                     "with the provided master key\n"));
+            k5_setmsg(context, KRB5_KDB_BADMASTERKEY,
+                      _("Unable to decrypt latest master key with the "
+                        "provided master key\n"));
             retval = KRB5_KDB_BADMASTERKEY;
             goto clean_n_exit;
         }