git.samba.org
/
abartlet
/
samba.git
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
23b4126
)
heimdal: added verbose logging of hemimdal crypto errors
author
Andrew Bartlett
<abartlet@samba.org>
Fri, 1 Oct 2010 03:13:34 +0000
(20:13 -0700)
committer
Andrew Tridgell
<tridge@samba.org>
Fri, 1 Oct 2010 03:13:34 +0000
(20:13 -0700)
source4/heimdal/lib/krb5/crypto.c
patch
|
blob
|
history
diff --git
a/source4/heimdal/lib/krb5/crypto.c
b/source4/heimdal/lib/krb5/crypto.c
index ed8765542c01dd65303fbfbb3c83c11a806ed5e5..eda5e634d19704048b6ef6400bce5ff07bda8bc9 100644
(file)
--- a/
source4/heimdal/lib/krb5/crypto.c
+++ b/
source4/heimdal/lib/krb5/crypto.c
@@
-1847,6
+1847,10
@@
verify_checksum(krb5_context context,
}
if(ct->checksumsize != cksum->checksum.length) {
krb5_clear_error_message (context);
}
if(ct->checksumsize != cksum->checksum.length) {
krb5_clear_error_message (context);
+ krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY,
+ N_("Decrypt integrity check failed for checksum type %s, length was %u, expected %u", ""),
+ ct->name, (unsigned)cksum->checksum.length, (unsigned)ct->checksumsize);
+
return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
@@
-1874,8
+1878,14
@@
verify_checksum(krb5_context context,
return ret;
} else
dkey = NULL;
return ret;
} else
dkey = NULL;
- if(ct->verify)
- return (*ct->verify)(context, dkey, data, len, usage, cksum);
+ if(ct->verify) {
+ ret = (*ct->verify)(context, dkey, data, len, usage, cksum);
+ if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY,
+ N_("Decrypt integrity check failed for checksum type %s, key type %s", ""),
+ ct->name, crypto->et->name);
+ }
+ }
ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
if (ret)
ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
if (ret)
@@
-1890,6
+1900,9
@@
verify_checksum(krb5_context context,
if(c.checksum.length != cksum->checksum.length ||
ct_memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
krb5_clear_error_message (context);
if(c.checksum.length != cksum->checksum.length ||
ct_memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
krb5_clear_error_message (context);
+ krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY,
+ N_("Decrypt integrity check failed for checksum type %s, key type %s", ""),
+ ct->name, crypto->et->name);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
} else {
ret = 0;
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
} else {
ret = 0;