diff options
author | Guy Harris <guy@alum.mit.edu> | 2019-02-06 17:15:09 -0800 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2019-02-06 17:15:09 -0800 |
commit | 145cc1e967e20a9bb132e0d20683ad442aa0d084 (patch) | |
tree | 880f303e0ff3a4fd06686681ab044c8d7cfda960 /rpcapd | |
parent | a9ab840836f5dea800d9e121a8616fee084c1729 (diff) | |
download | libpcap-145cc1e967e20a9bb132e0d20683ad442aa0d084.tar.gz |
Add some new authentication error codes for specific errors.
This might make it a bit cleaner to handle new authentication types;
clients will still have to check for PCAP_ERR_AUTH with particular error
strings to detect "that authentication type isn't supported by the
server", but at least they can check first for
PCAP_ERR_AUTH_TYPE_NOTSUP.
Also add PCAP_ERR_AUTH_FAILED for authentication failures and
PCAP_ERR_TLS_REQUIRED for "the server requires TLS". PCAP_ERR_AUTH is
used for all other errors, including internal errors.
While we're at it, fix one case where the wrong error code was returned
for "set sampling" request errors.
Diffstat (limited to 'rpcapd')
-rw-r--r-- | rpcapd/daemon.c | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c index b7059b83..ab1a6a00 100644 --- a/rpcapd/daemon.c +++ b/rpcapd/daemon.c @@ -312,8 +312,8 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients, // that we require TLS. // if (rpcap_senderror(sockctrl, NULL, header.ver, - PCAP_ERR_AUTH, "TLS is required by this server", - errbuf) == -1) + PCAP_ERR_TLS_REQUIRED, + "TLS is required by this server", errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); @@ -1222,8 +1222,16 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen) if (!pars->nullAuthAllowed) { // Send the client an error reply. - pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication failed; NULL authentication not permitted."); - goto error; + pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, + "Authentication failed; NULL authentication not permitted."); + if (rpcap_senderror(pars->sockctrl, pars->ssl, + 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1) + { + // That failed; log a message and give up. + rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); + return -1; + } + goto error_noreply; } break; } @@ -1287,7 +1295,7 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen) free(username); free(passwd); if (rpcap_senderror(pars->sockctrl, pars->ssl, - 0, PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1) + 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); @@ -1314,8 +1322,16 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen) } default: - pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized."); - goto error; + pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, + "Authentication type not recognized."); + if (rpcap_senderror(pars->sockctrl, pars->ssl, + 0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1) + { + // That failed; log a message and give up. + rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); + return -1; + } + goto error_noreply; } // The authentication succeeded; let the client know. @@ -2326,7 +2342,7 @@ daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, return 0; error: - if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_AUTH, + if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING, errmsgbuf, errbuf) == -1) { // That failed; log a message and give up. |