diff --git a/appl/popper/pop_debug.c b/appl/popper/pop_debug.c index c145aa448..eabd1b547 100644 --- a/appl/popper/pop_debug.c +++ b/appl/popper/pop_debug.c @@ -103,6 +103,7 @@ doit_v5 (char *host, int port) krb5_auth_context auth_context = NULL; krb5_principal server; int s = get_socket (host, port); + const char *estr; ret = krb5_init_context (&context); if (ret) @@ -114,8 +115,9 @@ doit_v5 (char *host, int port) KRB5_NT_SRV_HST, &server); if (ret) { - warnx ("krb5_sname_to_principal: %s", - krb5_get_err_text (context, ret)); + estr = krb5_get_error_message(context, ret); + warnx ("krb5_sname_to_principal: %s", estr); + krb5_free_error_message(context, estr); return 1; } ret = krb5_sendauth (context, @@ -131,13 +133,14 @@ doit_v5 (char *host, int port) NULL, NULL, NULL); - if (ret) { - warnx ("krb5_sendauth: %s", - krb5_get_err_text (context, ret)); - return 1; - } - loop (s); - return 0; + if (ret) { + estr = krb5_get_error_message(context, ret); + warnx ("krb5_sendauth: %s", estr); + krb5_free_error_message(context, estr); + return 1; + } + loop (s); + return 0; } #endif diff --git a/appl/popper/pop_init.c b/appl/popper/pop_init.c index ee550bd7f..cfcff9e19 100644 --- a/appl/popper/pop_init.c +++ b/appl/popper/pop_init.c @@ -57,6 +57,7 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr) krb5_auth_context auth_context = NULL; uint32_t len; krb5_ticket *ticket; + const char *estr; char *server; if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0) @@ -78,16 +79,18 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr) NULL, &ticket); if (ret) { - pop_log(p, POP_PRIORITY, "krb5_recvauth: %s", - krb5_get_err_text(p->context, ret)); + estr = krb5_get_error_message(p->context, ret); + pop_log(p, POP_PRIORITY, "krb5_recvauth: %s", estr); + krb5_free_error_message(p->context, estr); return -1; } ret = krb5_unparse_name(p->context, ticket->server, &server); if(ret) { - pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", - krb5_get_err_text(p->context, ret)); + estr = krb5_get_error_message(p->context, ret); + pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", estr); + krb5_free_error_message(p->context, estr); ret = -1; goto out; } diff --git a/appl/popper/pop_pass.c b/appl/popper/pop_pass.c index a89a99d0f..25a933a74 100644 --- a/appl/popper/pop_pass.c +++ b/appl/popper/pop_pass.c @@ -21,11 +21,13 @@ krb5_verify_password (POP *p) krb5_error_code ret; krb5_principal client, server; krb5_creds creds; + const char *estr; ret = krb5_get_init_creds_opt_alloc (p->context, &get_options); if (ret) { - pop_log(p, POP_PRIORITY, "krb5_get_init_creds_opt_alloc: %s", - krb5_get_err_text (p->context, ret)); + estr = krb5_get_error_message(p->context, ret); + pop_log(p, POP_PRIORITY, "krb5_get_init_creds_opt_alloc: %s", estr); + krb5_free_error_message(p->context, estr); return 1; } @@ -38,8 +40,9 @@ krb5_verify_password (POP *p) ret = krb5_parse_name (p->context, p->user, &client); if (ret) { krb5_get_init_creds_opt_free(p->context, get_options); - pop_log(p, POP_PRIORITY, "krb5_parse_name: %s", - krb5_get_err_text (p->context, ret)); + estr = krb5_get_error_message(p->context, ret); + pop_log(p, POP_PRIORITY, "krb5_parse_name: %s", estr); + krb5_free_error_message(p->context, estr); return 1; } @@ -54,9 +57,9 @@ krb5_verify_password (POP *p) get_options); krb5_get_init_creds_opt_free(p->context, get_options); if (ret) { - pop_log(p, POP_PRIORITY, - "krb5_get_init_creds_password: %s", - krb5_get_err_text (p->context, ret)); + estr = krb5_get_error_message(p->context, ret); + pop_log(p, POP_PRIORITY, "krb5_get_init_creds_password: %s", estr); + krb5_free_error_message(p->context, estr); return 1; } @@ -66,9 +69,9 @@ krb5_verify_password (POP *p) KRB5_NT_SRV_HST, &server); if (ret) { - pop_log(p, POP_PRIORITY, - "krb5_get_init_creds_password: %s", - krb5_get_err_text (p->context, ret)); + estr = krb5_get_error_message(p->context, ret); + pop_log(p, POP_PRIORITY, "krb5_get_init_creds_password: %s", estr); + krb5_free_error_message(p->context, estr); return 1; } diff --git a/appl/push/push.c b/appl/push/push.c index 5ccb954ee..659d10214 100644 --- a/appl/push/push.c +++ b/appl/push/push.c @@ -524,6 +524,7 @@ do_v5 (const char *host, krb5_error_code ret; krb5_auth_context auth_context = NULL; krb5_principal server; + const char *estr; int s; s = do_connect (host, port, 1); @@ -536,8 +537,9 @@ do_v5 (const char *host, KRB5_NT_SRV_HST, &server); if (ret) { - warnx ("krb5_sname_to_principal: %s", - krb5_get_err_text (context, ret)); + estr = krb5_get_error_message(context, ret); + warnx ("krb5_sname_to_principal: %s", estr); + krb5_free_error_message(context, estr); return 1; } @@ -556,8 +558,9 @@ do_v5 (const char *host, NULL); krb5_free_principal (context, server); if (ret) { - warnx ("krb5_sendauth: %s", - krb5_get_err_text (context, ret)); + estr = krb5_get_error_message(context, ret); + warnx ("krb5_sendauth: %s", estr); + krb5_free_error_message(context, estr); return 1; } return doit (s, host, user, filename, header_str, leavep, verbose, forkp); diff --git a/appl/rsh/rsh.c b/appl/rsh/rsh.c index 38ac753cd..a84f5c2d7 100644 --- a/appl/rsh/rsh.c +++ b/appl/rsh/rsh.c @@ -167,20 +167,23 @@ krb5_forward_cred (krb5_auth_context auth_context, krb5_kdc_flags flags; krb5_data out_data; krb5_principal principal; + const char *estr; memset (&creds, 0, sizeof(creds)); ret = krb5_cc_default (context, &ccache); if (ret) { - warnx ("could not forward creds: krb5_cc_default: %s", - krb5_get_err_text (context, ret)); + estr = krb5_get_error_message(context, ret); + warnx ("could not forward creds: krb5_cc_default: %s", estr); + krb5_free_error_message(context, estr); return 1; } ret = krb5_cc_get_principal (context, ccache, &principal); if (ret) { - warnx ("could not forward creds: krb5_cc_get_principal: %s", - krb5_get_err_text (context, ret)); + estr = krb5_get_error_message(context, ret); + warnx ("could not forward creds: krb5_cc_get_principal: %s", estr); + krb5_free_error_message(context, estr); return 1; } @@ -194,8 +197,9 @@ krb5_forward_cred (krb5_auth_context auth_context, NULL); if (ret) { - warnx ("could not forward creds: krb5_make_principal: %s", - krb5_get_err_text (context, ret)); + estr = krb5_get_error_message(context, ret); + warnx ("could not forward creds: krb5_make_principal: %s", estr); + krb5_free_error_message(context, estr); return 1; } @@ -213,8 +217,9 @@ krb5_forward_cred (krb5_auth_context auth_context, &creds, &out_data); if (ret) { - warnx ("could not forward creds: krb5_get_forwarded_creds: %s", - krb5_get_err_text (context, ret)); + estr = krb5_get_error_message(context, ret); + warnx ("could not forward creds: krb5_get_forwarded_creds: %s", estr); + krb5_free_error_message(context, estr); return 1; } @@ -223,9 +228,11 @@ krb5_forward_cred (krb5_auth_context auth_context, &out_data); krb5_data_free (&out_data); - if (ret) - warnx ("could not forward creds: krb5_write_message: %s", - krb5_get_err_text (context, ret)); + if (ret) { + estr = krb5_get_error_message(context, ret); + warnx ("could not forward creds: krb5_write_message: %s", estr); + krb5_free_error_message(context, estr); + } return 0; } @@ -248,6 +255,7 @@ send_krb5_auth(int s, krb5_auth_context auth_context = NULL; const char *protocol_string = NULL; krb5_flags ap_opts; + const char *estr; char *str; status = krb5_sname_to_principal(context, @@ -256,7 +264,9 @@ send_krb5_auth(int s, KRB5_NT_SRV_HST, &server); if (status) { - warnx ("%s: %s", hostname, krb5_get_err_text(context, status)); + estr = krb5_get_error_message(context, status); + warnx ("%s: %s", hostname, estr); + krb5_free_error_message(context, estr); return 1; } @@ -341,7 +351,9 @@ send_krb5_auth(int s, if(keyblock == NULL) status = krb5_auth_con_getkey (context, auth_context, &keyblock); if (status) { - warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status)); + estr = krb5_get_error_message(context, status); + warnx ("krb5_auth_con_getkey: %s", estr); + krb5_free_error_message(context, estr); return 1; } @@ -349,14 +361,17 @@ send_krb5_auth(int s, auth_context, &s); if (status) { - warnx("krb5_auth_con_setaddrs_from_fd: %s", - krb5_get_err_text(context, status)); + estr = krb5_get_error_message(context, status); + warnx("krb5_auth_con_setaddrs_from_fd: %s", estr); + krb5_free_error_message(context, estr); return(1); } status = krb5_crypto_init(context, keyblock, 0, &crypto); if(status) { - warnx ("krb5_crypto_init: %s", krb5_get_err_text(context, status)); + estr = krb5_get_error_message(context, status); + warnx ("krb5_crypto_init: %s", estr); + krb5_free_error_message(context, estr); return 1; } diff --git a/appl/rsh/rshd.c b/appl/rsh/rshd.c index 1958f2d73..512db4430 100644 --- a/appl/rsh/rshd.c +++ b/appl/rsh/rshd.c @@ -162,6 +162,7 @@ save_krb5_creds (int s, { int ret; krb5_data remote_cred; + const char *estr; krb5_data_zero (&remote_cred); ret= krb5_read_message (context, (void *)&s, &remote_cred); @@ -180,9 +181,11 @@ save_krb5_creds (int s, krb5_cc_initialize(context,ccache,client); ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred); - if(ret != 0) - syslog(LOG_INFO|LOG_AUTH, - "reading creds: %s", krb5_get_err_text(context, ret)); + if(ret != 0) { + estr = krb5_get_error_message(context, ret); + syslog(LOG_INFO|LOG_AUTH, "reading creds: %s", estr); + krb5_free_error_message(context, estr); + } krb5_data_free (&remote_cred); if (ret) return 0; @@ -193,25 +196,24 @@ static void krb5_start_session (void) { krb5_error_code ret; - char *estr; + const char *estr; ret = krb5_cc_resolve (context, tkfile, &ccache2); if (ret) { - estr = krb5_get_error_string(context); + estr = krb5_get_error_message(context, ret); syslog(LOG_WARNING, "resolve cred cache %s: %s", tkfile, - estr ? estr : krb5_get_err_text(context, ret)); - free(estr); + estr ? estr : "could not get error string"); + krb5_free_error_message(context, estr); krb5_cc_destroy(context, ccache); return; } ret = krb5_cc_copy_cache (context, ccache, ccache2); if (ret) { - estr = krb5_get_error_string(context); - syslog(LOG_WARNING, "storing credentials: %s", - estr ? estr : krb5_get_err_text(context, ret)); - free(estr); + estr = krb5_get_error_message(context, ret); + syslog(LOG_WARNING, "storing credentials: %s", estr); + krb5_free_error_message(context, estr); krb5_cc_destroy(context, ccache); return ; } @@ -253,6 +255,7 @@ recv_krb5_auth (int s, u_char *buf, krb5_error_code status; krb5_data cksum_data; krb5_principal server; + const char *estr; char *str; if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0) @@ -270,9 +273,11 @@ recv_krb5_auth (int s, u_char *buf, "host", KRB5_NT_SRV_HST, &server); - if (status) - syslog_and_die ("krb5_sock_to_principal: %s", - krb5_get_err_text(context, status)); + if (status) { + estr = krb5_get_error_message(context, status); + syslog_and_die ("krb5_sock_to_principal: %s", estr); + krb5_free_error_message(context, estr); + } status = krb5_recvauth_match_version(context, &auth_context, @@ -284,9 +289,11 @@ recv_krb5_auth (int s, u_char *buf, NULL, &ticket); krb5_free_principal (context, server); - if (status) - syslog_and_die ("krb5_recvauth: %s", - krb5_get_err_text(context, status)); + if (status) { + estr = krb5_get_error_message(context, status); + syslog_and_die ("krb5_recvauth: %s", estr); + krb5_free_error_message(context, estr); + } *server_username = read_str (s, USERNAME_SZ, "remote username"); *cmd = read_str (s, ARG_MAX + 1, "command"); @@ -302,14 +309,18 @@ recv_krb5_auth (int s, u_char *buf, if(status != 0 || keyblock == NULL) syslog_and_die("failed to get key"); } - if (status != 0 || keyblock == NULL) - syslog_and_die ("krb5_auth_con_getkey: %s", - krb5_get_err_text(context, status)); + if (status != 0 || keyblock == NULL) { + estr = krb5_get_error_message(context, status); + syslog_and_die ("krb5_auth_con_getkey: %s", estr); + krb5_free_error_message(context, estr); + } status = krb5_crypto_init(context, keyblock, 0, &crypto); - if(status) - syslog_and_die("krb5_crypto_init: %s", - krb5_get_err_text(context, status)); + if (status) { + estr = krb5_get_error_message(context, status); + syslog_and_die("krb5_crypto_init: %s", estr); + krb5_free_error_message(context, estr); + } cksum_data.length = asprintf (&str, @@ -326,9 +337,11 @@ recv_krb5_auth (int s, u_char *buf, cksum_data.data, cksum_data.length); - if (status) - syslog_and_die ("krb5_verify_authenticator_checksum: %s", - krb5_get_err_text(context, status)); + if (status) { + estr = krb5_get_error_message(context, status); + syslog_and_die ("krb5_verify_authenticator_checksum: %s", estr); + krb5_free_error_message(context, estr); + } free (cksum_data.data); diff --git a/appl/telnet/libtelnet/kerberos5.c b/appl/telnet/libtelnet/kerberos5.c index 93a40dfe7..428a40507 100644 --- a/appl/telnet/libtelnet/kerberos5.c +++ b/appl/telnet/libtelnet/kerberos5.c @@ -198,6 +198,7 @@ kerberos5_send(char *name, Authenticator *ap) krb5_ccache ccache; int ap_opts; krb5_data cksum_data; + const char *estr; char ap_msg[2]; if (!UserNameRequested) { @@ -210,8 +211,9 @@ kerberos5_send(char *name, Authenticator *ap) ret = krb5_cc_default(context, &ccache); if (ret) { if (auth_debug_mode) { - printf("Kerberos V5: could not get default ccache: %s\r\n", - krb5_get_err_text (context, ret)); + estr = krb5_get_error_message (context, ret); + printf("Kerberos V5: could not get default ccache: %s\r\n", estr); + krb5_free_error_message(context, estr); } return 0; } @@ -226,8 +228,9 @@ kerberos5_send(char *name, Authenticator *ap) ret = krb5_auth_con_init (context, &auth_context); if (ret) { if (auth_debug_mode) { - printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", - krb5_get_err_text(context, ret)); + estr = krb5_get_error_message (context, ret); + printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", estr); + krb5_free_error_message(context, estr); } return(0); } @@ -237,9 +240,10 @@ kerberos5_send(char *name, Authenticator *ap) &net); if (ret) { if (auth_debug_mode) { + estr = krb5_get_error_message (context, ret); printf ("Kerberos V5:" - " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", - krb5_get_err_text(context, ret)); + " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", estr); + krb5_free_error_message(context, estr); } return(0); } @@ -265,18 +269,21 @@ kerberos5_send(char *name, Authenticator *ap) &service); if(ret) { if (auth_debug_mode) { + estr = krb5_get_error_message (context, ret); printf ("Kerberos V5:" " krb5_sname_to_principal(%s) failed (%s)\r\n", - RemoteHostName, krb5_get_err_text(context, ret)); + RemoteHostName, estr); + krb5_free_error_message(context, estr); } return 0; } ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname)); if(ret) { if (auth_debug_mode) { + estr = krb5_get_error_message (context, ret); printf ("Kerberos V5:" - " krb5_unparse_name_fixed failed (%s)\r\n", - krb5_get_err_text(context, ret)); + " krb5_unparse_name_fixed failed (%s)\r\n", estr); + krb5_free_error_message(context, estr); } return 0; } @@ -289,8 +296,9 @@ kerberos5_send(char *name, Authenticator *ap) } if (ret) { if (1 || auth_debug_mode) { - printf("Kerberos V5: mk_req failed (%s)\r\n", - krb5_get_err_text(context, ret)); + estr = krb5_get_error_message (context, ret); + printf("Kerberos V5: mk_req failed (%s)\r\n", estr); + krb5_free_error_message(context, estr); } return(0); } @@ -345,6 +353,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) krb5_error_code ret; krb5_data outbuf; krb5_keyblock *key_block; + const char *estr; char *name; krb5_principal server; int zero = 0; @@ -362,8 +371,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) if (ret) { Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1); auth_finished(ap, AUTH_REJECT); - log_message("Kerberos V5: krb5_auth_con_init failed (%s)", - krb5_get_err_text(context, ret)); + estr = krb5_get_error_message (context, ret); + log_message("Kerberos V5: krb5_auth_con_init failed (%s)", estr); + krb5_free_error_message(context, estr); return; } @@ -373,9 +383,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) if (ret) { Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1); auth_finished(ap, AUTH_REJECT); + estr = krb5_get_error_message (context, ret); log_message("Kerberos V5: " - "krb5_auth_con_setaddrs_from_fd failed (%s)", - krb5_get_err_text(context, ret)); + "krb5_auth_con_setaddrs_from_fd failed (%s)", estr); + krb5_free_error_message(context, estr); return; } @@ -387,9 +398,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) if (ret) { Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1); auth_finished(ap, AUTH_REJECT); + estr = krb5_get_error_message (context, ret); log_message("Kerberos V5: " - "krb5_sock_to_principal failed (%s)", - krb5_get_err_text(context, ret)); + "krb5_sock_to_principal failed (%s)", estr); + krb5_free_error_message(context, estr); return; } @@ -407,9 +419,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) char *errbuf; int ret2; - ret2 = asprintf(&errbuf, - "Read req failed: %s", - krb5_get_err_text(context, ret)); + estr = krb5_get_error_message (context, ret); + ret2 = asprintf(&errbuf, "Read req failed: %s", estr); + krb5_free_error_message(context, estr); if (ret2 != -1) errbuf2 = errbuf; Data(ap, KRB_REJECT, errbuf2, -1); @@ -435,8 +447,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) char *errbuf; int ret2; - ret2 = asprintf(&errbuf, "Bad checksum: %s", - krb5_get_err_text(context, ret)); + estr = krb5_get_error_message (context, ret); + ret2 = asprintf(&errbuf, "Bad checksum: %s", estr); + krb5_free_error_message(context, estr); if (ret2 != -1) errbuf2 = errbuf; Data(ap, KRB_REJECT, errbuf2, -1); @@ -453,9 +466,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) if (ret) { Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1); auth_finished(ap, AUTH_REJECT); + estr = krb5_get_error_message (context, ret); log_message("Kerberos V5: " - "krb5_auth_con_getremotesubkey failed (%s)", - krb5_get_err_text(context, ret)); + "krb5_auth_con_getremotesubkey failed (%s)", estr); + krb5_free_error_message(context, estr); return; } @@ -467,9 +481,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) if (ret) { Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1); auth_finished(ap, AUTH_REJECT); + estr = krb5_get_error_message (context, ret); log_message("Kerberos V5: " - "krb5_auth_con_getkey failed (%s)", - krb5_get_err_text(context, ret)); + "krb5_auth_con_getkey failed (%s)", estr); + krb5_free_error_message(context, estr); return; } if (key_block == NULL) { @@ -486,9 +501,10 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) Data(ap, KRB_REJECT, "krb5_mk_rep failed", -1); auth_finished(ap, AUTH_REJECT); + estr = krb5_get_error_message (context, ret); log_message("Kerberos V5: " - "krb5_mk_rep failed (%s)", - krb5_get_err_text(context, ret)); + "krb5_mk_rep failed (%s)", estr); + krb5_free_error_message(context, estr); krb5_free_keyblock(context, key_block); return; } @@ -555,8 +571,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) ret = krb5_cc_resolve (context, ccname, &ccache); if (ret) { - log_message("Kerberos V5: could not get ccache: %s", - krb5_get_err_text(context, ret)); + estr = krb5_get_error_message (context, ret); + log_message("Kerberos V5: could not get ccache: %s", estr); + krb5_free_error_message(context, estr); break; } @@ -564,8 +581,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) ccache, ticket->client); if (ret) { - log_message("Kerberos V5: could not init ccache: %s", - krb5_get_err_text(context, ret)); + estr = krb5_get_error_message (context, ret); + log_message("Kerberos V5: could not init ccache: %s", estr); + krb5_free_error_message(context, estr); break; } @@ -581,9 +599,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) char *errbuf; int ret2; - ret2 = asprintf (&errbuf, - "Read forwarded creds failed: %s", - krb5_get_err_text (context, ret)); + estr = krb5_get_error_message (context, ret); + ret2 = asprintf (&errbuf, "Read forwarded creds failed: %s", estr); + krb5_free_error_message(context, estr); if (ret2 != -1) errbuf2 = errbuf; Data(ap, KRB_FORWARD_REJECT, errbuf, -1); @@ -612,6 +630,7 @@ void kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) { static int mutual_complete = 0; + const char *estr; if (cnt-- < 1) return; @@ -648,8 +667,9 @@ kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) auth_context, &keyblock); if(ret) { - printf("[ krb5_auth_con_getkey: %s ]\r\n", - krb5_get_err_text(context, ret)); + estr = krb5_get_error_message (context, ret); + printf("[ krb5_auth_con_getkey: %s ]\r\n", estr); + krb5_free_error_message(context, estr); auth_send_retry(); return; } @@ -667,22 +687,23 @@ kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) case KRB_RESPONSE: if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { /* the rest of the reply should contain a krb_ap_rep */ - krb5_ap_rep_enc_part *reply; - krb5_data inbuf; - krb5_error_code ret; + krb5_ap_rep_enc_part *reply; + krb5_data inbuf; + krb5_error_code ret; - inbuf.length = cnt; - inbuf.data = (char *)data; + inbuf.length = cnt; + inbuf.data = (char *)data; - ret = krb5_rd_rep(context, auth_context, &inbuf, &reply); - if (ret) { - printf("[ Mutual authentication failed: %s ]\r\n", - krb5_get_err_text (context, ret)); - auth_send_retry(); - return; - } - krb5_free_ap_rep_enc_part(context, reply); - mutual_complete = 1; + ret = krb5_rd_rep(context, auth_context, &inbuf, &reply); + if (ret) { + estr = krb5_get_error_message (context, ret); + printf("[ Mutual authentication failed: %s ]\r\n", estr); + krb5_free_error_message(context, estr); + auth_send_retry(); + return; + } + krb5_free_ap_rep_enc_part(context, reply); + mutual_complete = 1; } return; case KRB_FORWARD_ACCEPT: @@ -792,20 +813,25 @@ kerberos5_forward(Authenticator *ap) KDCOptions flags; krb5_data out_data; krb5_principal principal; + const char *estr; ret = krb5_cc_default (context, &ccache); if (ret) { - if (auth_debug_mode) - printf ("KerberosV5: could not get default ccache: %s\r\n", - krb5_get_err_text (context, ret)); + if (auth_debug_mode) { + estr = krb5_get_error_message (context, ret); + printf ("KerberosV5: could not get default ccache: %s\r\n", estr); + krb5_free_error_message(context, estr); + } return; } ret = krb5_cc_get_principal (context, ccache, &principal); if (ret) { - if (auth_debug_mode) - printf ("KerberosV5: could not get principal: %s\r\n", - krb5_get_err_text (context, ret)); + if (auth_debug_mode) { + estr = krb5_get_error_message (context, ret); + printf ("KerberosV5: could not get principal: %s\r\n", estr); + krb5_free_error_message(context, estr); + } return; } @@ -821,9 +847,11 @@ kerberos5_forward(Authenticator *ap) NULL); if (ret) { - if (auth_debug_mode) - printf ("KerberosV5: could not get principal: %s\r\n", - krb5_get_err_text (context, ret)); + if (auth_debug_mode) { + estr = krb5_get_error_message (context, ret); + printf ("KerberosV5: could not get principal: %s\r\n", estr); + krb5_free_error_message(context, estr); + } return; } @@ -842,9 +870,11 @@ kerberos5_forward(Authenticator *ap) &creds, &out_data); if (ret) { - if (auth_debug_mode) - printf ("Kerberos V5: error getting forwarded creds: %s\r\n", - krb5_get_err_text (context, ret)); + if (auth_debug_mode) { + estr = krb5_get_error_message (context, ret); + printf ("Kerberos V5: error getting forwarded creds: %s\r\n", estr); + krb5_free_error_message(context, estr); + } return; } diff --git a/kcm/acquire.c b/kcm/acquire.c index 68e6e685d..562b77b81 100644 --- a/kcm/acquire.c +++ b/kcm/acquire.c @@ -48,6 +48,7 @@ kcm_ccache_acquire(krb5_context context, krb5_get_init_creds_opt *opt = NULL; krb5_ccache_data ccdata; char *in_tkt_service = NULL; + const char *estr; memset(&cred, 0, sizeof(cred)); @@ -77,8 +78,10 @@ kcm_ccache_acquire(krb5_context context, if (ccache->server != NULL) { ret = krb5_unparse_name(context, ccache->server, &in_tkt_service); if (ret) { + estr = krb5_get_error_message(context, ret); kcm_log(0, "Failed to unparse service principal name for cache %s: %s", - ccache->name, krb5_get_err_text(context, ret)); + ccache->name, estr); + krb5_free_error_message(context, estr); return ret; } } @@ -114,8 +117,10 @@ kcm_ccache_acquire(krb5_context context, } if (ret) { + estr = krb5_get_error_message(context, ret); kcm_log(0, "Failed to acquire credentials for cache %s: %s", - ccache->name, krb5_get_err_text(context, ret)); + ccache->name, estr); + krb5_free_error_message(context, estr); if (in_tkt_service != NULL) free(in_tkt_service); goto out; @@ -129,8 +134,10 @@ kcm_ccache_acquire(krb5_context context, ret = kcm_ccache_store_cred_internal(context, ccache, &cred, 0, credp); if (ret) { + estr = krb5_get_error_message(context, ret); kcm_log(0, "Failed to store credentials for cache %s: %s", - ccache->name, krb5_get_err_text(context, ret)); + ccache->name, estr); + krb5_free_error_message(context, estr); krb5_free_cred_contents(context, &cred); goto out; } diff --git a/kcm/client.c b/kcm/client.c index 38a844917..09c94b6e8 100644 --- a/kcm/client.c +++ b/kcm/client.c @@ -43,11 +43,13 @@ kcm_ccache_resolve_client(krb5_context context, kcm_ccache *ccache) { krb5_error_code ret; + const char *estr; ret = kcm_ccache_resolve(context, name, ccache); if (ret) { - kcm_log(1, "Failed to resolve cache %s: %s", - name, krb5_get_err_text(context, ret)); + estr = krb5_get_error_message(context, ret); + kcm_log(1, "Failed to resolve cache %s: %s", name, estr); + krb5_free_error_message(context, estr); return ret; } @@ -67,11 +69,13 @@ kcm_ccache_destroy_client(krb5_context context, { krb5_error_code ret; kcm_ccache ccache; + const char *estr; ret = kcm_ccache_resolve(context, name, &ccache); if (ret) { - kcm_log(1, "Failed to resolve cache %s: %s", - name, krb5_get_err_text(context, ret)); + estr = krb5_get_error_message(context, ret); + kcm_log(1, "Failed to resolve cache %s: %s", name, estr); + krb5_free_error_message(context, estr); return ret; } @@ -92,6 +96,7 @@ kcm_ccache_new_client(krb5_context context, { krb5_error_code ret; kcm_ccache ccache; + const char *estr; /* We insist the ccache name starts with UID or UID: */ if (name_constraints != 0) { @@ -127,8 +132,9 @@ kcm_ccache_new_client(krb5_context context, if (ret == KRB5_FCC_NOFILE) { ret = kcm_ccache_new(context, name, &ccache); if (ret) { - kcm_log(1, "Failed to initialize cache %s: %s", - name, krb5_get_err_text(context, ret)); + estr = krb5_get_error_message(context, ret); + kcm_log(1, "Failed to initialize cache %s: %s", name, estr); + krb5_free_error_message(context, estr); return ret; } @@ -139,8 +145,9 @@ kcm_ccache_new_client(krb5_context context, } else { ret = kcm_zero_ccache_data(context, ccache); if (ret) { - kcm_log(1, "Failed to empty cache %s: %s", - name, krb5_get_err_text(context, ret)); + estr = krb5_get_error_message(context, ret); + kcm_log(1, "Failed to empty cache %s: %s", name, estr); + krb5_free_error_message(context, estr); kcm_release_ccache(context, ccache); return ret; } diff --git a/kcm/events.c b/kcm/events.c index e9c375f6a..99ef556ac 100644 --- a/kcm/events.c +++ b/kcm/events.c @@ -398,6 +398,7 @@ kcm_run_events(krb5_context context, time_t now) { krb5_error_code ret; kcm_event **e; + const char *estr; HEIMDAL_MUTEX_lock(&events_mutex); @@ -415,14 +416,18 @@ kcm_run_events(krb5_context context, time_t now) if (now >= (*e)->fire_time) { ret = kcm_fire_event(context, e); if (ret) { + estr = krb5_get_error_message(context, ret); kcm_log(1, "Could not fire event for cache %s: %s", - (*e)->ccache->name, krb5_get_err_text(context, ret)); + (*e)->ccache->name, estr); + krb5_free_error_message(context, estr); } } else if ((*e)->expire_time && now >= (*e)->expire_time) { ret = kcm_remove_event_internal(context, e); if (ret) { + estr = krb5_get_error_message(context, ret); kcm_log(1, "Could not expire event for cache %s: %s", - (*e)->ccache->name, krb5_get_err_text(context, ret)); + (*e)->ccache->name, estr); + krb5_free_error_message(context, estr); } } diff --git a/kcm/renew.c b/kcm/renew.c index ea06208f3..7b31965a2 100644 --- a/kcm/renew.c +++ b/kcm/renew.c @@ -44,6 +44,7 @@ kcm_ccache_refresh(krb5_context context, krb5_kdc_flags flags; krb5_const_realm realm; krb5_ccache_data ccdata; + const char *estr; memset(&in, 0, sizeof(in)); @@ -66,8 +67,10 @@ kcm_ccache_refresh(krb5_context context, if (ccache->server != NULL) { ret = krb5_copy_principal(context, ccache->server, &in.server); if (ret) { + estr = krb5_get_error_message(context, ret); kcm_log(0, "Failed to copy service principal: %s", - krb5_get_err_text(context, ret)); + estr); + krb5_free_error_message(context, estr); goto out; } } else { @@ -75,8 +78,10 @@ kcm_ccache_refresh(krb5_context context, ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, realm, NULL); if (ret) { + estr = krb5_get_error_message(context, ret); kcm_log(0, "Failed to make TGS principal for realm %s: %s", - realm, krb5_get_err_text(context, ret)); + realm, estr); + krb5_free_error_message(context, estr); goto out; } } @@ -98,8 +103,10 @@ kcm_ccache_refresh(krb5_context context, &in, &out); if (ret) { + estr = krb5_get_error_message(context, ret); kcm_log(0, "Failed to renew credentials for cache %s: %s", - ccache->name, krb5_get_err_text(context, ret)); + ccache->name, estr); + krb5_free_error_message(context, estr); goto out; } @@ -108,8 +115,10 @@ kcm_ccache_refresh(krb5_context context, ret = kcm_ccache_store_cred_internal(context, ccache, out, 0, credp); if (ret) { + estr = krb5_get_error_message(context, ret); kcm_log(0, "Failed to store credentials for cache %s: %s", - ccache->name, krb5_get_err_text(context, ret)); + ccache->name, estr); + krb5_free_error_message(context, estr); krb5_free_creds(context, out); goto out; } diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index fb4a30419..9b4c660e9 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -92,9 +92,9 @@ _kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype) { if (principal->name.name_string.len > 0 && strcmp(principal->name.name_string.val[0], "afs") == 0 && - (etype == ETYPE_DES_CBC_CRC - || etype == ETYPE_DES_CBC_MD4 - || etype == ETYPE_DES_CBC_MD5)) + (etype == (krb5_enctype)ETYPE_DES_CBC_CRC + || etype == (krb5_enctype)ETYPE_DES_CBC_MD4 + || etype == (krb5_enctype)ETYPE_DES_CBC_MD5)) return TRUE; return FALSE; } @@ -143,7 +143,7 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key, if (use_strongest_session_key) { const krb5_enctype *p; - krb5_enctype clientbest = ETYPE_NULL; + krb5_enctype clientbest = (krb5_enctype)ETYPE_NULL; int j; /* @@ -159,16 +159,18 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key, /* drive the search with local supported enctypes list */ p = krb5_kerberos_enctypes(context); - for (i = 0; p[i] != ETYPE_NULL && enctype == ETYPE_NULL; i++) { + for (i = 0; + p[i] != (krb5_enctype)ETYPE_NULL && enctype == (krb5_enctype)ETYPE_NULL; + i++) { if (krb5_enctype_valid(context, p[i]) != 0) continue; /* check that the client supports it too */ - for (j = 0; j < len && enctype == ETYPE_NULL; j++) { + for (j = 0; j < len && enctype == (krb5_enctype)ETYPE_NULL; j++) { if (p[i] != etypes[j]) continue; /* save best of union of { client, crypto system } */ - if (clientbest == ETYPE_NULL) + if (clientbest == (krb5_enctype)ETYPE_NULL) clientbest = p[i]; /* check target princ support */ ret = hdb_enctype2key(context, &princ->entry, p[i], &key); @@ -179,9 +181,10 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key, enctype = p[i]; } } - if (clientbest != ETYPE_NULL && enctype == ETYPE_NULL) + if (clientbest != (krb5_enctype)ETYPE_NULL && + enctype == (krb5_enctype)ETYPE_NULL) enctype = clientbest; - else if (enctype == ETYPE_NULL) + else if (enctype == (krb5_enctype)ETYPE_NULL) ret = KRB5KDC_ERR_ETYPE_NOSUPP; if (ret == 0 && ret_enctype != NULL) *ret_enctype = enctype; diff --git a/kdc/misc.c b/kdc/misc.c index 1b2c44000..f048bdbe1 100644 --- a/kdc/misc.c +++ b/kdc/misc.c @@ -140,7 +140,7 @@ _kdc_get_preferred_key(krb5_context context, if (config->use_strongest_server_key) { const krb5_enctype *p = krb5_kerberos_enctypes(context); - for (i = 0; p[i] != ETYPE_NULL; i++) { + for (i = 0; p[i] != (krb5_enctype)ETYPE_NULL; i++) { if (krb5_enctype_valid(context, p[i]) != 0) continue; ret = hdb_enctype2key(context, &h->entry, p[i], key); diff --git a/kdc/string2key.c b/kdc/string2key.c index 6f24c27a2..f721d8db1 100644 --- a/kdc/string2key.c +++ b/kdc/string2key.c @@ -128,9 +128,9 @@ main(int argc, char **argv) if(ret) krb5_err(context, 1, ret, "krb5_string_to_enctype"); - if((etype != ETYPE_DES_CBC_CRC && - etype != ETYPE_DES_CBC_MD4 && - etype != ETYPE_DES_CBC_MD5) && + if((etype != (krb5_enctype)ETYPE_DES_CBC_CRC && + etype != (krb5_enctype)ETYPE_DES_CBC_MD4 && + etype != (krb5_enctype)ETYPE_DES_CBC_MD5) && (afs || version4)) { if(!version5) { etype = ETYPE_DES_CBC_CRC; diff --git a/lib/hdb/hdb_locl.h b/lib/hdb/hdb_locl.h index c210b98b8..fd7b1849d 100644 --- a/lib/hdb/hdb_locl.h +++ b/lib/hdb/hdb_locl.h @@ -36,11 +36,11 @@ #ifndef __HDB_LOCL_H__ #define __HDB_LOCL_H__ +#include + #include #include -#include - #include #include #include diff --git a/lib/hx509/sel-lex.l b/lib/hx509/sel-lex.l index 4c9396750..92911b0c9 100644 --- a/lib/hx509/sel-lex.l +++ b/lib/hx509/sel-lex.l @@ -34,6 +34,11 @@ /* $Id$ */ +#ifdef __GNUC__ +#pragma GCC diagnostic ignored "-Wunused-function" +#endif + + #ifdef HAVE_CONFIG_H #include #endif diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 8381ba5c0..4b907c86b 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -2033,7 +2033,7 @@ krb5_crypto_init(krb5_context context, krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } - if(etype == ETYPE_NULL) + if(etype == (krb5_enctype)ETYPE_NULL) etype = key->keytype; (*crypto)->et = _krb5_find_enctype(etype); if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) { diff --git a/lib/krb5/deprecated.c b/lib/krb5/deprecated.c index 2262af2f4..4aa60be8a 100644 --- a/lib/krb5/deprecated.c +++ b/lib/krb5/deprecated.c @@ -31,8 +31,14 @@ * SUCH DAMAGE. */ +#ifdef __GNUC__ +/* For some GCCs there's no way to shut them up about deprecated functions */ +#define KRB5_DEPRECATED_FUNCTION(x) +#endif + #include "krb5_locl.h" + #undef __attribute__ #define __attribute__(x) @@ -72,7 +78,7 @@ krb5_keytype_to_enctypes_default (krb5_context context, unsigned int i, n; krb5_enctype *ret; - if (keytype != KEYTYPE_DES || context->etypes_des == NULL) + if (keytype != (krb5_keytype)KEYTYPE_DES || context->etypes_des == NULL) return krb5_keytype_to_enctypes (context, keytype, len, val); for (n = 0; context->etypes_des[n]; ++n) diff --git a/lib/krb5/generate_subkey.c b/lib/krb5/generate_subkey.c index e09dc2a91..2344dbc9f 100644 --- a/lib/krb5/generate_subkey.c +++ b/lib/krb5/generate_subkey.c @@ -60,7 +60,7 @@ krb5_generate_subkey_extended(krb5_context context, return ENOMEM; } - if (etype == ETYPE_NULL) + if (etype == (krb5_enctype)ETYPE_NULL) etype = key->keytype; /* use session key etype */ /* XXX should we use the session key as input to the RF? */ diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index c4b16c9a2..f97ae7e9a 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -31,6 +31,8 @@ * SUCH DAMAGE. */ +#define KRB5_DEPRECATED_FUNCTION(x) + #include "krb5_locl.h" #ifndef HEIMDAL_SMALLER @@ -113,7 +115,7 @@ add_padata(krb5_context context, if (!enctypes) { enctypes = context->etypes; netypes = 0; - for (ep = enctypes; *ep != ETYPE_NULL; ep++) + for (ep = enctypes; *ep != (krb5_enctype)ETYPE_NULL; ep++) netypes++; } pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val)); diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 118ba3e50..f6f6ff5b2 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -1024,7 +1024,7 @@ add_enc_ts_padata(krb5_context context, if (!enctypes) { enctypes = context->etypes; netypes = 0; - for (ep = enctypes; *ep != ETYPE_NULL; ep++) + for (ep = enctypes; *ep != (krb5_enctype)ETYPE_NULL; ep++) netypes++; } diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c index c08547112..63a6a4202 100644 --- a/lib/krb5/rd_cred.c +++ b/lib/krb5/rd_cred.c @@ -96,7 +96,7 @@ krb5_rd_cred(krb5_context context, goto out; } - if (cred.enc_part.etype == ETYPE_NULL) { + if (cred.enc_part.etype == (krb5_enctype)ETYPE_NULL) { /* DK: MIT GSS-API Compatibility */ enc_krb_cred_part_data.length = cred.enc_part.cipher.length; enc_krb_cred_part_data.data = cred.enc_part.cipher.data; diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 21daeb596..c870a0e75 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -484,7 +484,7 @@ krb5_verify_ap_req2(krb5_context context, if (ap_req_options) { *ap_req_options = 0; - if (ac->keytype != ETYPE_NULL) + if (ac->keytype != (krb5_enctype)ETYPE_NULL) *ap_req_options |= AP_OPTS_USE_SUBKEY; if (ap_req->ap_options.use_session_key) *ap_req_options |= AP_OPTS_USE_SESSION_KEY; diff --git a/lib/ntlm/ntlm_err.et b/lib/ntlm/ntlm_err.et index 0fd6e00a2..df062d059 100644 --- a/lib/ntlm/ntlm_err.et +++ b/lib/ntlm/ntlm_err.et @@ -14,7 +14,7 @@ error_code RAND, "Random generator failed" error_code AUTH, "NTLM authentication failed" error_code TIME_SKEW, "Client time skewed to server" error_code OEM, "Client set OEM string" -error_code MISSING_NAME_SEPARATOR, "missing @ or \ in name" +error_code MISSING_NAME_SEPARATOR, "missing @ or \\ in name" error_code MISSING_BUFFER, "missing expected buffer" error_code INVALID_APOP, "Invalid APOP response" error_code INVALID_CRAM_MD5, "Invalid CRAM-MD5 response"