2 * Store errors in the Kerberos context.
4 * Provides helper functions for the rest of the plugin code to store an error
5 * message in the Kerberos context.
7 * Written by Russ Allbery <eagle@eyrie.org>
8 * Copyright 2016 Russ Allbery <eagle@eyrie.org>
10 * The Board of Trustees of the Leland Stanford Junior University
12 * See LICENSE for licensing terms.
16 #include <portable/kadmin.h>
17 #include <portable/krb5.h>
18 #include <portable/system.h>
22 #include <plugin/internal.h>
26 * Internal helper function to set the Kerberos error message given a format,
27 * an error code, and a variable argument structure.
29 static void __attribute__((__format__(printf, 3, 0)))
30 set_error(krb5_context ctx, krb5_error_code code, const char *format,
35 if (vasprintf(&message, format, args) < 0) {
36 strength_error_system(ctx, "cannot allocate memory");
39 krb5_set_error_message(ctx, code, "%s", message);
45 * The following functions handle various common error codes for failed
46 * password quality checks. They allow the code to be simpler and not embed
47 * lots of long Kerberos error code defines.
49 * Each function has the same basic form: take a Kerberos context, a format,
50 * and variable arguments and set the Kerberos error code and message,
51 * returning the appropriate code.
53 #define ERROR_FUNC(name, code) \
55 strength_error_ ## name(krb5_context ctx, const char *format, ...) \
58 va_start(args, format); \
59 set_error(ctx, code, format, args); \
63 ERROR_FUNC(class, KADM5_PASS_Q_CLASS)
64 ERROR_FUNC(config, KADM5_MISSING_KRB5_CONF_PARAMS)
65 ERROR_FUNC(dict, KADM5_PASS_Q_DICT)
66 ERROR_FUNC(generic, KADM5_PASS_Q_GENERIC)
67 ERROR_FUNC(tooshort, KADM5_PASS_Q_TOOSHORT)
71 * Set the Kerberos error code to the current errno and the message to the
72 * format and arguments passed to this function.
75 strength_error_system(krb5_context ctx, const char *format, ...)
82 va_start(args, format);
83 if (vasprintf(&message, format, args) < 0) {
85 krb5_set_error_message(ctx, errno, "cannot allocate memory: %s",
92 krb5_set_error_message(ctx, oerrno, "%s: %s", message, strerror(oerrno));