oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fixes to make Heimdal -Wall -Werror clean

Browse Source 
These fixes make developer mode build, at least on Ubuntu.
This commit is contained in:
Nicolas Williams
2011-11-02 21:39:07 -05:00
parent 9c830f5237
commit 3bebbe5323
24 changed files with 286 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
appl/popper/pop_debug.c
View File

@@ -103,6 +103,7 @@ doit_v5 (char *host, int port)
krb5_auth_context auth_context = NULL;
krb5_principal server;
int s = get_socket (host, port);
const char *estr;
ret = krb5_init_context (&context);
if (ret)
@@ -114,8 +115,9 @@ doit_v5 (char *host, int port)
KRB5_NT_SRV_HST,
&server);
if (ret) {
warnx ("krb5_sname_to_principal: %s",
krb5_get_err_text (context, ret));
estr = krb5_get_error_message(context, ret);
warnx ("krb5_sname_to_principal: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}
ret = krb5_sendauth (context,
@@ -131,13 +133,14 @@ doit_v5 (char *host, int port)
NULL,
NULL,
NULL);
if (ret) {
warnx ("krb5_sendauth: %s",
krb5_get_err_text (context, ret));
return 1;
}
loop (s);
return 0;
if (ret) {
estr = krb5_get_error_message(context, ret);
warnx ("krb5_sendauth: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}
loop (s);
return 0;
}
#endif

11
appl/popper/pop_init.c
View File

@@ -57,6 +57,7 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
krb5_auth_context auth_context = NULL;
uint32_t len;
krb5_ticket *ticket;
const char *estr;
char *server;
if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
@@ -78,16 +79,18 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
NULL,
&ticket);
if (ret) {
pop_log(p, POP_PRIORITY, "krb5_recvauth: %s",
krb5_get_err_text(p->context, ret));
estr = krb5_get_error_message(p->context, ret);
pop_log(p, POP_PRIORITY, "krb5_recvauth: %s", estr);
krb5_free_error_message(p->context, estr);
return -1;
}
ret = krb5_unparse_name(p->context, ticket->server, &server);
if(ret) {
pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s",
krb5_get_err_text(p->context, ret));
estr = krb5_get_error_message(p->context, ret);
pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", estr);
krb5_free_error_message(p->context, estr);
ret = -1;
goto out;
}

23
appl/popper/pop_pass.c
View File

@@ -21,11 +21,13 @@ krb5_verify_password (POP *p)
krb5_error_code ret;
krb5_principal client, server;
krb5_creds creds;
const char *estr;
ret = krb5_get_init_creds_opt_alloc (p->context, &get_options);
if (ret) {
pop_log(p, POP_PRIORITY, "krb5_get_init_creds_opt_alloc: %s",
krb5_get_err_text (p->context, ret));
estr = krb5_get_error_message(p->context, ret);
pop_log(p, POP_PRIORITY, "krb5_get_init_creds_opt_alloc: %s", estr);
krb5_free_error_message(p->context, estr);
return 1;
}
@@ -38,8 +40,9 @@ krb5_verify_password (POP *p)
ret = krb5_parse_name (p->context, p->user, &client);
if (ret) {
krb5_get_init_creds_opt_free(p->context, get_options);
pop_log(p, POP_PRIORITY, "krb5_parse_name: %s",
krb5_get_err_text (p->context, ret));
estr = krb5_get_error_message(p->context, ret);
pop_log(p, POP_PRIORITY, "krb5_parse_name: %s", estr);
krb5_free_error_message(p->context, estr);
return 1;
}
@@ -54,9 +57,9 @@ krb5_verify_password (POP *p)
get_options);
krb5_get_init_creds_opt_free(p->context, get_options);
if (ret) {
pop_log(p, POP_PRIORITY,
"krb5_get_init_creds_password: %s",
krb5_get_err_text (p->context, ret));
estr = krb5_get_error_message(p->context, ret);
pop_log(p, POP_PRIORITY, "krb5_get_init_creds_password: %s", estr);
krb5_free_error_message(p->context, estr);
return 1;
}
@@ -66,9 +69,9 @@ krb5_verify_password (POP *p)
KRB5_NT_SRV_HST,
&server);
if (ret) {
pop_log(p, POP_PRIORITY,
"krb5_get_init_creds_password: %s",
krb5_get_err_text (p->context, ret));
estr = krb5_get_error_message(p->context, ret);
pop_log(p, POP_PRIORITY, "krb5_get_init_creds_password: %s", estr);
krb5_free_error_message(p->context, estr);
return 1;
}

11
appl/push/push.c
View File

@@ -524,6 +524,7 @@ do_v5 (const char *host,
krb5_error_code ret;
krb5_auth_context auth_context = NULL;
krb5_principal server;
const char *estr;
int s;
s = do_connect (host, port, 1);
@@ -536,8 +537,9 @@ do_v5 (const char *host,
KRB5_NT_SRV_HST,
&server);
if (ret) {
warnx ("krb5_sname_to_principal: %s",
krb5_get_err_text (context, ret));
estr = krb5_get_error_message(context, ret);
warnx ("krb5_sname_to_principal: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}
@@ -556,8 +558,9 @@ do_v5 (const char *host,
NULL);
krb5_free_principal (context, server);
if (ret) {
warnx ("krb5_sendauth: %s",
krb5_get_err_text (context, ret));
estr = krb5_get_error_message(context, ret);
warnx ("krb5_sendauth: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}
return doit (s, host, user, filename, header_str, leavep, verbose, forkp);

47
appl/rsh/rsh.c
View File

@@ -167,20 +167,23 @@ krb5_forward_cred (krb5_auth_context auth_context,
krb5_kdc_flags flags;
krb5_data out_data;
krb5_principal principal;
const char *estr;
memset (&creds, 0, sizeof(creds));
ret = krb5_cc_default (context, &ccache);
if (ret) {
warnx ("could not forward creds: krb5_cc_default: %s",
krb5_get_err_text (context, ret));
estr = krb5_get_error_message(context, ret);
warnx ("could not forward creds: krb5_cc_default: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}
ret = krb5_cc_get_principal (context, ccache, &principal);
if (ret) {
warnx ("could not forward creds: krb5_cc_get_principal: %s",
krb5_get_err_text (context, ret));
estr = krb5_get_error_message(context, ret);
warnx ("could not forward creds: krb5_cc_get_principal: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}
@@ -194,8 +197,9 @@ krb5_forward_cred (krb5_auth_context auth_context,
NULL);
if (ret) {
warnx ("could not forward creds: krb5_make_principal: %s",
krb5_get_err_text (context, ret));
estr = krb5_get_error_message(context, ret);
warnx ("could not forward creds: krb5_make_principal: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}
@@ -213,8 +217,9 @@ krb5_forward_cred (krb5_auth_context auth_context,
&creds,
&out_data);
if (ret) {
warnx ("could not forward creds: krb5_get_forwarded_creds: %s",
krb5_get_err_text (context, ret));
estr = krb5_get_error_message(context, ret);
warnx ("could not forward creds: krb5_get_forwarded_creds: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}
@@ -223,9 +228,11 @@ krb5_forward_cred (krb5_auth_context auth_context,
&out_data);
krb5_data_free (&out_data);
if (ret)
warnx ("could not forward creds: krb5_write_message: %s",
krb5_get_err_text (context, ret));
if (ret) {
estr = krb5_get_error_message(context, ret);
warnx ("could not forward creds: krb5_write_message: %s", estr);
krb5_free_error_message(context, estr);
}
return 0;
}
@@ -248,6 +255,7 @@ send_krb5_auth(int s,
krb5_auth_context auth_context = NULL;
const char *protocol_string = NULL;
krb5_flags ap_opts;
const char *estr;
char *str;
status = krb5_sname_to_principal(context,
@@ -256,7 +264,9 @@ send_krb5_auth(int s,
KRB5_NT_SRV_HST,
&server);
if (status) {
warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
estr = krb5_get_error_message(context, status);
warnx ("%s: %s", hostname, estr);
krb5_free_error_message(context, estr);
return 1;
}
@@ -341,7 +351,9 @@ send_krb5_auth(int s,
if(keyblock == NULL)
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
if (status) {
warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
estr = krb5_get_error_message(context, status);
warnx ("krb5_auth_con_getkey: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}
@@ -349,14 +361,17 @@ send_krb5_auth(int s,
auth_context,
&s);
if (status) {
warnx("krb5_auth_con_setaddrs_from_fd: %s",
krb5_get_err_text(context, status));
estr = krb5_get_error_message(context, status);
warnx("krb5_auth_con_setaddrs_from_fd: %s", estr);
krb5_free_error_message(context, estr);
return(1);
}
status = krb5_crypto_init(context, keyblock, 0, &crypto);
if(status) {
warnx ("krb5_crypto_init: %s", krb5_get_err_text(context, status));
estr = krb5_get_error_message(context, status);
warnx ("krb5_crypto_init: %s", estr);
krb5_free_error_message(context, estr);
return 1;
}

65
appl/rsh/rshd.c
View File

@@ -162,6 +162,7 @@ save_krb5_creds (int s,
{
int ret;
krb5_data remote_cred;
const char *estr;
krb5_data_zero (&remote_cred);
ret= krb5_read_message (context, (void *)&s, &remote_cred);
@@ -180,9 +181,11 @@ save_krb5_creds (int s,
krb5_cc_initialize(context,ccache,client);
ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred);
if(ret != 0)
syslog(LOG_INFO|LOG_AUTH,
"reading creds: %s", krb5_get_err_text(context, ret));
if(ret != 0) {
estr = krb5_get_error_message(context, ret);
syslog(LOG_INFO|LOG_AUTH, "reading creds: %s", estr);
krb5_free_error_message(context, estr);
}
krb5_data_free (&remote_cred);
if (ret)
return 0;
@@ -193,25 +196,24 @@ static void
krb5_start_session (void)
{
krb5_error_code ret;
char *estr;
const char *estr;
ret = krb5_cc_resolve (context, tkfile, &ccache2);
if (ret) {
estr = krb5_get_error_string(context);
estr = krb5_get_error_message(context, ret);
syslog(LOG_WARNING, "resolve cred cache %s: %s",
tkfile,
estr ? estr : krb5_get_err_text(context, ret));
free(estr);
estr ? estr : "could not get error string");
krb5_free_error_message(context, estr);
krb5_cc_destroy(context, ccache);
return;
}
ret = krb5_cc_copy_cache (context, ccache, ccache2);
if (ret) {
estr = krb5_get_error_string(context);
syslog(LOG_WARNING, "storing credentials: %s",
estr ? estr : krb5_get_err_text(context, ret));
free(estr);
estr = krb5_get_error_message(context, ret);
syslog(LOG_WARNING, "storing credentials: %s", estr);
krb5_free_error_message(context, estr);
krb5_cc_destroy(context, ccache);
return ;
}
@@ -253,6 +255,7 @@ recv_krb5_auth (int s, u_char *buf,
krb5_error_code status;
krb5_data cksum_data;
krb5_principal server;
const char *estr;
char *str;
if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
@@ -270,9 +273,11 @@ recv_krb5_auth (int s, u_char *buf,
"host",
KRB5_NT_SRV_HST,
&server);
if (status)
syslog_and_die ("krb5_sock_to_principal: %s",
krb5_get_err_text(context, status));
if (status) {
estr = krb5_get_error_message(context, status);
syslog_and_die ("krb5_sock_to_principal: %s", estr);
krb5_free_error_message(context, estr);
}
status = krb5_recvauth_match_version(context,
&auth_context,
@@ -284,9 +289,11 @@ recv_krb5_auth (int s, u_char *buf,
NULL,
&ticket);
krb5_free_principal (context, server);
if (status)
syslog_and_die ("krb5_recvauth: %s",
krb5_get_err_text(context, status));
if (status) {
estr = krb5_get_error_message(context, status);
syslog_and_die ("krb5_recvauth: %s", estr);
krb5_free_error_message(context, estr);
}
*server_username = read_str (s, USERNAME_SZ, "remote username");
*cmd = read_str (s, ARG_MAX + 1, "command");
@@ -302,14 +309,18 @@ recv_krb5_auth (int s, u_char *buf,
if(status != 0 || keyblock == NULL)
syslog_and_die("failed to get key");
}
if (status != 0 || keyblock == NULL)
syslog_and_die ("krb5_auth_con_getkey: %s",
krb5_get_err_text(context, status));
if (status != 0 || keyblock == NULL) {
estr = krb5_get_error_message(context, status);
syslog_and_die ("krb5_auth_con_getkey: %s", estr);
krb5_free_error_message(context, estr);
}
status = krb5_crypto_init(context, keyblock, 0, &crypto);
if(status)
syslog_and_die("krb5_crypto_init: %s",
krb5_get_err_text(context, status));
if (status) {
estr = krb5_get_error_message(context, status);
syslog_and_die("krb5_crypto_init: %s", estr);
krb5_free_error_message(context, estr);
}
cksum_data.length = asprintf (&str,
@@ -326,9 +337,11 @@ recv_krb5_auth (int s, u_char *buf,
cksum_data.data,
cksum_data.length);
if (status)
syslog_and_die ("krb5_verify_authenticator_checksum: %s",
krb5_get_err_text(context, status));
if (status) {
estr = krb5_get_error_message(context, status);
syslog_and_die ("krb5_verify_authenticator_checksum: %s", estr);
krb5_free_error_message(context, estr);
}
free (cksum_data.data);

156
appl/telnet/libtelnet/kerberos5.c
View File

@@ -198,6 +198,7 @@ kerberos5_send(char *name, Authenticator *ap)
krb5_ccache ccache;
int ap_opts;
krb5_data cksum_data;
const char *estr;
char ap_msg[2];
if (!UserNameRequested) {
@@ -210,8 +211,9 @@ kerberos5_send(char *name, Authenticator *ap)
ret = krb5_cc_default(context, &ccache);
if (ret) {
if (auth_debug_mode) {
printf("Kerberos V5: could not get default ccache: %s\r\n",
krb5_get_err_text (context, ret));
estr = krb5_get_error_message (context, ret);
printf("Kerberos V5: could not get default ccache: %s\r\n", estr);
krb5_free_error_message(context, estr);
}
return 0;
}
@@ -226,8 +228,9 @@ kerberos5_send(char *name, Authenticator *ap)
ret = krb5_auth_con_init (context, &auth_context);
if (ret) {
if (auth_debug_mode) {
printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n",
krb5_get_err_text(context, ret));
estr = krb5_get_error_message (context, ret);
printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", estr);
krb5_free_error_message(context, estr);
}
return(0);
}
@@ -237,9 +240,10 @@ kerberos5_send(char *name, Authenticator *ap)
&net);
if (ret) {
if (auth_debug_mode) {
estr = krb5_get_error_message (context, ret);
printf ("Kerberos V5:"
" krb5_auth_con_setaddrs_from_fd failed (%s)\r\n",
krb5_get_err_text(context, ret));
" krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", estr);
krb5_free_error_message(context, estr);
}
return(0);
}
@@ -265,18 +269,21 @@ kerberos5_send(char *name, Authenticator *ap)
&service);
if(ret) {
if (auth_debug_mode) {
estr = krb5_get_error_message (context, ret);
printf ("Kerberos V5:"
" krb5_sname_to_principal(%s) failed (%s)\r\n",
RemoteHostName, krb5_get_err_text(context, ret));
RemoteHostName, estr);
krb5_free_error_message(context, estr);
}
return 0;
}
ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname));
if(ret) {
if (auth_debug_mode) {
estr = krb5_get_error_message (context, ret);
printf ("Kerberos V5:"
" krb5_unparse_name_fixed failed (%s)\r\n",
krb5_get_err_text(context, ret));
" krb5_unparse_name_fixed failed (%s)\r\n", estr);
krb5_free_error_message(context, estr);
}
return 0;
}
@@ -289,8 +296,9 @@ kerberos5_send(char *name, Authenticator *ap)
}
if (ret) {
if (1 || auth_debug_mode) {
printf("Kerberos V5: mk_req failed (%s)\r\n",
krb5_get_err_text(context, ret));
estr = krb5_get_error_message (context, ret);
printf("Kerberos V5: mk_req failed (%s)\r\n", estr);
krb5_free_error_message(context, estr);
}
return(0);
}
@@ -345,6 +353,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
krb5_error_code ret;
krb5_data outbuf;
krb5_keyblock *key_block;
const char *estr;
char *name;
krb5_principal server;
int zero = 0;
@@ -362,8 +371,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
if (ret) {
Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1);
auth_finished(ap, AUTH_REJECT);
log_message("Kerberos V5: krb5_auth_con_init failed (%s)",
krb5_get_err_text(context, ret));
estr = krb5_get_error_message (context, ret);
log_message("Kerberos V5: krb5_auth_con_init failed (%s)", estr);
krb5_free_error_message(context, estr);
return;
}
@@ -373,9 +383,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
if (ret) {
Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1);
auth_finished(ap, AUTH_REJECT);
estr = krb5_get_error_message (context, ret);
log_message("Kerberos V5: "
"krb5_auth_con_setaddrs_from_fd failed (%s)",
krb5_get_err_text(context, ret));
"krb5_auth_con_setaddrs_from_fd failed (%s)", estr);
krb5_free_error_message(context, estr);
return;
}
@@ -387,9 +398,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
if (ret) {
Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1);
auth_finished(ap, AUTH_REJECT);
estr = krb5_get_error_message (context, ret);
log_message("Kerberos V5: "
"krb5_sock_to_principal failed (%s)",
krb5_get_err_text(context, ret));
"krb5_sock_to_principal failed (%s)", estr);
krb5_free_error_message(context, estr);
return;
}
@@ -407,9 +419,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
char *errbuf;
int ret2;
ret2 = asprintf(&errbuf,
"Read req failed: %s",
krb5_get_err_text(context, ret));
estr = krb5_get_error_message (context, ret);
ret2 = asprintf(&errbuf, "Read req failed: %s", estr);
krb5_free_error_message(context, estr);
if (ret2 != -1)
errbuf2 = errbuf;
Data(ap, KRB_REJECT, errbuf2, -1);
@@ -435,8 +447,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
char *errbuf;
int ret2;
ret2 = asprintf(&errbuf, "Bad checksum: %s",
krb5_get_err_text(context, ret));
estr = krb5_get_error_message (context, ret);
ret2 = asprintf(&errbuf, "Bad checksum: %s", estr);
krb5_free_error_message(context, estr);
if (ret2 != -1)
errbuf2 = errbuf;
Data(ap, KRB_REJECT, errbuf2, -1);
@@ -453,9 +466,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
if (ret) {
Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1);
auth_finished(ap, AUTH_REJECT);
estr = krb5_get_error_message (context, ret);
log_message("Kerberos V5: "
"krb5_auth_con_getremotesubkey failed (%s)",
krb5_get_err_text(context, ret));
"krb5_auth_con_getremotesubkey failed (%s)", estr);
krb5_free_error_message(context, estr);
return;
}
@@ -467,9 +481,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
if (ret) {
Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
auth_finished(ap, AUTH_REJECT);
estr = krb5_get_error_message (context, ret);
log_message("Kerberos V5: "
"krb5_auth_con_getkey failed (%s)",
krb5_get_err_text(context, ret));
"krb5_auth_con_getkey failed (%s)", estr);
krb5_free_error_message(context, estr);
return;
}
if (key_block == NULL) {
@@ -486,9 +501,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
Data(ap, KRB_REJECT,
"krb5_mk_rep failed", -1);
auth_finished(ap, AUTH_REJECT);
estr = krb5_get_error_message (context, ret);
log_message("Kerberos V5: "
"krb5_mk_rep failed (%s)",
krb5_get_err_text(context, ret));
"krb5_mk_rep failed (%s)", estr);
krb5_free_error_message(context, estr);
krb5_free_keyblock(context, key_block);
return;
}
@@ -555,8 +571,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
ret = krb5_cc_resolve (context, ccname, &ccache);
if (ret) {
log_message("Kerberos V5: could not get ccache: %s",
krb5_get_err_text(context, ret));
estr = krb5_get_error_message (context, ret);
log_message("Kerberos V5: could not get ccache: %s", estr);
krb5_free_error_message(context, estr);
break;
}
@@ -564,8 +581,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
ccache,
ticket->client);
if (ret) {
log_message("Kerberos V5: could not init ccache: %s",
krb5_get_err_text(context, ret));
estr = krb5_get_error_message (context, ret);
log_message("Kerberos V5: could not init ccache: %s", estr);
krb5_free_error_message(context, estr);
break;
}
@@ -581,9 +599,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
char *errbuf;
int ret2;
ret2 = asprintf (&errbuf,
"Read forwarded creds failed: %s",
krb5_get_err_text (context, ret));
estr = krb5_get_error_message (context, ret);
ret2 = asprintf (&errbuf, "Read forwarded creds failed: %s", estr);
krb5_free_error_message(context, estr);
if (ret2 != -1)
errbuf2 = errbuf;
Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
@@ -612,6 +630,7 @@ void
kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
{
static int mutual_complete = 0;
const char *estr;
if (cnt-- < 1)
return;
@@ -648,8 +667,9 @@ kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
auth_context,
&keyblock);
if(ret) {
printf("[ krb5_auth_con_getkey: %s ]\r\n",
krb5_get_err_text(context, ret));
estr = krb5_get_error_message (context, ret);
printf("[ krb5_auth_con_getkey: %s ]\r\n", estr);
krb5_free_error_message(context, estr);
auth_send_retry();
return;
}
@@ -667,22 +687,23 @@ kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
case KRB_RESPONSE:
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
/* the rest of the reply should contain a krb_ap_rep */
krb5_ap_rep_enc_part *reply;
krb5_data inbuf;
krb5_error_code ret;
krb5_ap_rep_enc_part *reply;
krb5_data inbuf;
krb5_error_code ret;
inbuf.length = cnt;
inbuf.data = (char *)data;
inbuf.length = cnt;
inbuf.data = (char *)data;
ret = krb5_rd_rep(context, auth_context, &inbuf, &reply);
if (ret) {
printf("[ Mutual authentication failed: %s ]\r\n",
krb5_get_err_text (context, ret));
auth_send_retry();
return;
}
krb5_free_ap_rep_enc_part(context, reply);
mutual_complete = 1;
ret = krb5_rd_rep(context, auth_context, &inbuf, &reply);
if (ret) {
estr = krb5_get_error_message (context, ret);
printf("[ Mutual authentication failed: %s ]\r\n", estr);
krb5_free_error_message(context, estr);
auth_send_retry();
return;
}
krb5_free_ap_rep_enc_part(context, reply);
mutual_complete = 1;
}
return;
case KRB_FORWARD_ACCEPT:
@@ -792,20 +813,25 @@ kerberos5_forward(Authenticator *ap)
KDCOptions flags;
krb5_data out_data;
krb5_principal principal;
const char *estr;
ret = krb5_cc_default (context, &ccache);
if (ret) {
if (auth_debug_mode)
printf ("KerberosV5: could not get default ccache: %s\r\n",
krb5_get_err_text (context, ret));
if (auth_debug_mode) {
estr = krb5_get_error_message (context, ret);
printf ("KerberosV5: could not get default ccache: %s\r\n", estr);
krb5_free_error_message(context, estr);
}
return;
}
ret = krb5_cc_get_principal (context, ccache, &principal);
if (ret) {
if (auth_debug_mode)
printf ("KerberosV5: could not get principal: %s\r\n",
krb5_get_err_text (context, ret));
if (auth_debug_mode) {
estr = krb5_get_error_message (context, ret);
printf ("KerberosV5: could not get principal: %s\r\n", estr);
krb5_free_error_message(context, estr);
}
return;
}
@@ -821,9 +847,11 @@ kerberos5_forward(Authenticator *ap)
NULL);
if (ret) {
if (auth_debug_mode)
printf ("KerberosV5: could not get principal: %s\r\n",
krb5_get_err_text (context, ret));
if (auth_debug_mode) {
estr = krb5_get_error_message (context, ret);
printf ("KerberosV5: could not get principal: %s\r\n", estr);
krb5_free_error_message(context, estr);
}
return;
}
@@ -842,9 +870,11 @@ kerberos5_forward(Authenticator *ap)
&creds,
&out_data);
if (ret) {
if (auth_debug_mode)
printf ("Kerberos V5: error getting forwarded creds: %s\r\n",
krb5_get_err_text (context, ret));
if (auth_debug_mode) {
estr = krb5_get_error_message (context, ret);
printf ("Kerberos V5: error getting forwarded creds: %s\r\n", estr);
krb5_free_error_message(context, estr);
}
return;
}

13
kcm/acquire.c
View File

@@ -48,6 +48,7 @@ kcm_ccache_acquire(krb5_context context,
krb5_get_init_creds_opt *opt = NULL;
krb5_ccache_data ccdata;
char *in_tkt_service = NULL;
const char *estr;
memset(&cred, 0, sizeof(cred));
@@ -77,8 +78,10 @@ kcm_ccache_acquire(krb5_context context,
if (ccache->server != NULL) {
ret = krb5_unparse_name(context, ccache->server, &in_tkt_service);
if (ret) {
estr = krb5_get_error_message(context, ret);
kcm_log(0, "Failed to unparse service principal name for cache %s: %s",
ccache->name, krb5_get_err_text(context, ret));
ccache->name, estr);
krb5_free_error_message(context, estr);
return ret;
}
}
@@ -114,8 +117,10 @@ kcm_ccache_acquire(krb5_context context,
}
if (ret) {
estr = krb5_get_error_message(context, ret);
kcm_log(0, "Failed to acquire credentials for cache %s: %s",
ccache->name, krb5_get_err_text(context, ret));
ccache->name, estr);
krb5_free_error_message(context, estr);
if (in_tkt_service != NULL)
free(in_tkt_service);
goto out;
@@ -129,8 +134,10 @@ kcm_ccache_acquire(krb5_context context,
ret = kcm_ccache_store_cred_internal(context, ccache, &cred, 0, credp);
if (ret) {
estr = krb5_get_error_message(context, ret);
kcm_log(0, "Failed to store credentials for cache %s: %s",
ccache->name, krb5_get_err_text(context, ret));
ccache->name, estr);
krb5_free_error_message(context, estr);
krb5_free_cred_contents(context, &cred);
goto out;
}

23
kcm/client.c
View File

@@ -43,11 +43,13 @@ kcm_ccache_resolve_client(krb5_context context,
kcm_ccache *ccache)
{
krb5_error_code ret;
const char *estr;
ret = kcm_ccache_resolve(context, name, ccache);
if (ret) {
kcm_log(1, "Failed to resolve cache %s: %s",
name, krb5_get_err_text(context, ret));
estr = krb5_get_error_message(context, ret);
kcm_log(1, "Failed to resolve cache %s: %s", name, estr);
krb5_free_error_message(context, estr);
return ret;
}
@@ -67,11 +69,13 @@ kcm_ccache_destroy_client(krb5_context context,
{
krb5_error_code ret;
kcm_ccache ccache;
const char *estr;
ret = kcm_ccache_resolve(context, name, &ccache);
if (ret) {
kcm_log(1, "Failed to resolve cache %s: %s",
name, krb5_get_err_text(context, ret));
estr = krb5_get_error_message(context, ret);
kcm_log(1, "Failed to resolve cache %s: %s", name, estr);
krb5_free_error_message(context, estr);
return ret;
}
@@ -92,6 +96,7 @@ kcm_ccache_new_client(krb5_context context,
{
krb5_error_code ret;
kcm_ccache ccache;
const char *estr;
/* We insist the ccache name starts with UID or UID: */
if (name_constraints != 0) {
@@ -127,8 +132,9 @@ kcm_ccache_new_client(krb5_context context,
if (ret == KRB5_FCC_NOFILE) {
ret = kcm_ccache_new(context, name, &ccache);
if (ret) {
kcm_log(1, "Failed to initialize cache %s: %s",
name, krb5_get_err_text(context, ret));
estr = krb5_get_error_message(context, ret);
kcm_log(1, "Failed to initialize cache %s: %s", name, estr);
krb5_free_error_message(context, estr);
return ret;
}
@@ -139,8 +145,9 @@ kcm_ccache_new_client(krb5_context context,
} else {
ret = kcm_zero_ccache_data(context, ccache);
if (ret) {
kcm_log(1, "Failed to empty cache %s: %s",
name, krb5_get_err_text(context, ret));
estr = krb5_get_error_message(context, ret);
kcm_log(1, "Failed to empty cache %s: %s", name, estr);
krb5_free_error_message(context, estr);
kcm_release_ccache(context, ccache);
return ret;
}

9
kcm/events.c
View File

@@ -398,6 +398,7 @@ kcm_run_events(krb5_context context, time_t now)
{
krb5_error_code ret;
kcm_event **e;
const char *estr;
HEIMDAL_MUTEX_lock(&events_mutex);
@@ -415,14 +416,18 @@ kcm_run_events(krb5_context context, time_t now)
if (now >= (*e)->fire_time) {
ret = kcm_fire_event(context, e);
if (ret) {
estr = krb5_get_error_message(context, ret);
kcm_log(1, "Could not fire event for cache %s: %s",
(*e)->ccache->name, krb5_get_err_text(context, ret));
(*e)->ccache->name, estr);
krb5_free_error_message(context, estr);
}
} else if ((*e)->expire_time && now >= (*e)->expire_time) {
ret = kcm_remove_event_internal(context, e);
if (ret) {
estr = krb5_get_error_message(context, ret);
kcm_log(1, "Could not expire event for cache %s: %s",
(*e)->ccache->name, krb5_get_err_text(context, ret));
(*e)->ccache->name, estr);
krb5_free_error_message(context, estr);
}
}

17
kcm/renew.c
View File

@@ -44,6 +44,7 @@ kcm_ccache_refresh(krb5_context context,
krb5_kdc_flags flags;
krb5_const_realm realm;
krb5_ccache_data ccdata;
const char *estr;
memset(&in, 0, sizeof(in));
@@ -66,8 +67,10 @@ kcm_ccache_refresh(krb5_context context,
if (ccache->server != NULL) {
ret = krb5_copy_principal(context, ccache->server, &in.server);
if (ret) {
estr = krb5_get_error_message(context, ret);
kcm_log(0, "Failed to copy service principal: %s",
krb5_get_err_text(context, ret));
estr);
krb5_free_error_message(context, estr);
goto out;
}
} else {
@@ -75,8 +78,10 @@ kcm_ccache_refresh(krb5_context context,
ret = krb5_make_principal(context, &in.server, realm,
KRB5_TGS_NAME, realm, NULL);
if (ret) {
estr = krb5_get_error_message(context, ret);
kcm_log(0, "Failed to make TGS principal for realm %s: %s",
realm, krb5_get_err_text(context, ret));
realm, estr);
krb5_free_error_message(context, estr);
goto out;
}
}
@@ -98,8 +103,10 @@ kcm_ccache_refresh(krb5_context context,
&in,
&out);
if (ret) {
estr = krb5_get_error_message(context, ret);
kcm_log(0, "Failed to renew credentials for cache %s: %s",
ccache->name, krb5_get_err_text(context, ret));
ccache->name, estr);
krb5_free_error_message(context, estr);
goto out;
}
@@ -108,8 +115,10 @@ kcm_ccache_refresh(krb5_context context,
ret = kcm_ccache_store_cred_internal(context, ccache, out, 0, credp);
if (ret) {
estr = krb5_get_error_message(context, ret);
kcm_log(0, "Failed to store credentials for cache %s: %s",
ccache->name, krb5_get_err_text(context, ret));
ccache->name, estr);
krb5_free_error_message(context, estr);
krb5_free_creds(context, out);
goto out;
}

21
kdc/kerberos5.c
View File

@@ -92,9 +92,9 @@ _kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype)
{
if (principal->name.name_string.len > 0 &&
strcmp(principal->name.name_string.val[0], "afs") == 0 &&
(etype == ETYPE_DES_CBC_CRC
|| etype == ETYPE_DES_CBC_MD4
|| etype == ETYPE_DES_CBC_MD5))
(etype == (krb5_enctype)ETYPE_DES_CBC_CRC
|| etype == (krb5_enctype)ETYPE_DES_CBC_MD4
|| etype == (krb5_enctype)ETYPE_DES_CBC_MD5))
return TRUE;
return FALSE;
}
@@ -143,7 +143,7 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
if (use_strongest_session_key) {
const krb5_enctype *p;
krb5_enctype clientbest = ETYPE_NULL;
krb5_enctype clientbest = (krb5_enctype)ETYPE_NULL;
int j;
/*
@@ -159,16 +159,18 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
/* drive the search with local supported enctypes list */
p = krb5_kerberos_enctypes(context);
for (i = 0; p[i] != ETYPE_NULL && enctype == ETYPE_NULL; i++) {
for (i = 0;
p[i] != (krb5_enctype)ETYPE_NULL && enctype == (krb5_enctype)ETYPE_NULL;
i++) {
if (krb5_enctype_valid(context, p[i]) != 0)
continue;
/* check that the client supports it too */
for (j = 0; j < len && enctype == ETYPE_NULL; j++) {
for (j = 0; j < len && enctype == (krb5_enctype)ETYPE_NULL; j++) {
if (p[i] != etypes[j])
continue;
/* save best of union of { client, crypto system } */
if (clientbest == ETYPE_NULL)
if (clientbest == (krb5_enctype)ETYPE_NULL)
clientbest = p[i];
/* check target princ support */
ret = hdb_enctype2key(context, &princ->entry, p[i], &key);
@@ -179,9 +181,10 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
enctype = p[i];
}
}
if (clientbest != ETYPE_NULL && enctype == ETYPE_NULL)
if (clientbest != (krb5_enctype)ETYPE_NULL &&
enctype == (krb5_enctype)ETYPE_NULL)
enctype = clientbest;
else if (enctype == ETYPE_NULL)
else if (enctype == (krb5_enctype)ETYPE_NULL)
ret = KRB5KDC_ERR_ETYPE_NOSUPP;
if (ret == 0 && ret_enctype != NULL)
*ret_enctype = enctype;

2
kdc/misc.c
View File

@@ -140,7 +140,7 @@ _kdc_get_preferred_key(krb5_context context,
if (config->use_strongest_server_key) {
const krb5_enctype *p = krb5_kerberos_enctypes(context);
for (i = 0; p[i] != ETYPE_NULL; i++) {
for (i = 0; p[i] != (krb5_enctype)ETYPE_NULL; i++) {
if (krb5_enctype_valid(context, p[i]) != 0)
continue;
ret = hdb_enctype2key(context, &h->entry, p[i], key);

6
kdc/string2key.c
View File

@@ -128,9 +128,9 @@ main(int argc, char **argv)
if(ret)
krb5_err(context, 1, ret, "krb5_string_to_enctype");
if((etype != ETYPE_DES_CBC_CRC &&
etype != ETYPE_DES_CBC_MD4 &&
etype != ETYPE_DES_CBC_MD5) &&
if((etype != (krb5_enctype)ETYPE_DES_CBC_CRC &&
etype != (krb5_enctype)ETYPE_DES_CBC_MD4 &&
etype != (krb5_enctype)ETYPE_DES_CBC_MD5) &&
(afs || version4)) {
if(!version5) {
etype = ETYPE_DES_CBC_CRC;

4
lib/hdb/hdb_locl.h
View File

@@ -36,11 +36,11 @@
#ifndef __HDB_LOCL_H__
#define __HDB_LOCL_H__
#include <config.h>
#include <assert.h>
#include <heimbase.h>
#include <config.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

5
lib/hx509/sel-lex.l
View File

@@ -34,6 +34,11 @@
/* $Id$ */
#ifdef __GNUC__
#pragma GCC diagnostic ignored "-Wunused-function"
#endif
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

2
lib/krb5/crypto.c
View File

@@ -2033,7 +2033,7 @@ krb5_crypto_init(krb5_context context,
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
if(etype == ETYPE_NULL)
if(etype == (krb5_enctype)ETYPE_NULL)
etype = key->keytype;
(*crypto)->et = _krb5_find_enctype(etype);
if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {

8
lib/krb5/deprecated.c
View File

@@ -31,8 +31,14 @@
* SUCH DAMAGE.
*/
#ifdef __GNUC__
/* For some GCCs there's no way to shut them up about deprecated functions */
#define KRB5_DEPRECATED_FUNCTION(x)
#endif
#include "krb5_locl.h"
#undef __attribute__
#define __attribute__(x)
@@ -72,7 +78,7 @@ krb5_keytype_to_enctypes_default (krb5_context context,
unsigned int i, n;
krb5_enctype *ret;
if (keytype != KEYTYPE_DES || context->etypes_des == NULL)
if (keytype != (krb5_keytype)KEYTYPE_DES || context->etypes_des == NULL)
return krb5_keytype_to_enctypes (context, keytype, len, val);
for (n = 0; context->etypes_des[n]; ++n)

2
lib/krb5/generate_subkey.c
View File

@@ -60,7 +60,7 @@ krb5_generate_subkey_extended(krb5_context context,
return ENOMEM;
}
if (etype == ETYPE_NULL)
if (etype == (krb5_enctype)ETYPE_NULL)
etype = key->keytype; /* use session key etype */
/* XXX should we use the session key as input to the RF? */

4
lib/krb5/get_in_tkt.c
View File

@@ -31,6 +31,8 @@
* SUCH DAMAGE.
*/
#define KRB5_DEPRECATED_FUNCTION(x)
#include "krb5_locl.h"
#ifndef HEIMDAL_SMALLER
@@ -113,7 +115,7 @@ add_padata(krb5_context context,
if (!enctypes) {
enctypes = context->etypes;
netypes = 0;
for (ep = enctypes; *ep != ETYPE_NULL; ep++)
for (ep = enctypes; *ep != (krb5_enctype)ETYPE_NULL; ep++)
netypes++;
}
pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val));

2
lib/krb5/init_creds_pw.c
View File

@@ -1024,7 +1024,7 @@ add_enc_ts_padata(krb5_context context,
if (!enctypes) {
enctypes = context->etypes;
netypes = 0;
for (ep = enctypes; *ep != ETYPE_NULL; ep++)
for (ep = enctypes; *ep != (krb5_enctype)ETYPE_NULL; ep++)
netypes++;
}

2
lib/krb5/rd_cred.c
View File

@@ -96,7 +96,7 @@ krb5_rd_cred(krb5_context context,
goto out;
}
if (cred.enc_part.etype == ETYPE_NULL) {
if (cred.enc_part.etype == (krb5_enctype)ETYPE_NULL) {
/* DK: MIT GSS-API Compatibility */
enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
enc_krb_cred_part_data.data = cred.enc_part.cipher.data;

2
lib/krb5/rd_req.c
View File

@@ -484,7 +484,7 @@ krb5_verify_ap_req2(krb5_context context,
if (ap_req_options) {
*ap_req_options = 0;
if (ac->keytype != ETYPE_NULL)
if (ac->keytype != (krb5_enctype)ETYPE_NULL)
*ap_req_options |= AP_OPTS_USE_SUBKEY;
if (ap_req->ap_options.use_session_key)
*ap_req_options |= AP_OPTS_USE_SESSION_KEY;

2
lib/ntlm/ntlm_err.et
View File

@@ -14,7 +14,7 @@ error_code RAND, "Random generator failed"
error_code AUTH, "NTLM authentication failed"
error_code TIME_SKEW, "Client time skewed to server"
error_code OEM, "Client set OEM string"
error_code MISSING_NAME_SEPARATOR, "missing @ or \ in name"
error_code MISSING_NAME_SEPARATOR, "missing @ or \\ in name"
error_code MISSING_BUFFER, "missing expected buffer"
error_code INVALID_APOP, "Invalid APOP response"
error_code INVALID_CRAM_MD5, "Invalid CRAM-MD5 response"