From 79597c6a3a48efc7a93de0922142fbdd1ba3f6e7 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Tue, 3 Nov 2009 23:33:50 -0800
Subject: [PATCH] use krb5_get_error_message()

---
 kdc/kerberos5.c | 52 +++++++++++++++++++++++++++++--------------------
 1 file changed, 31 insertions(+), 21 deletions(-)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index 67c7a10c7..fb88aa9f8 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -273,8 +273,9 @@ _kdc_encode_reply(krb5_context context,
 
     ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
     if(ret) {
-	kdc_log(context, config, 0, "Failed to encode ticket: %s",
-		krb5_get_err_text(context, ret));
+	const char *msg = krb5_get_error_message(context, ret);
+	kdc_log(context, config, 0, "Failed to encode ticket: %s", msg);
+	krb5_free_error_message(context, msg);
 	return ret;
     }
     if(buf_size != len) {
@@ -287,8 +288,9 @@ _kdc_encode_reply(krb5_context context,
     ret = krb5_crypto_init(context, skey, etype, &crypto);
     if (ret) {
 	free(buf);
-	kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
+	const char *msg = krb5_get_error_message(context, ret);
+	kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
+	krb5_free_error_message(context, msg);
 	return ret;
     }
 
@@ -302,8 +304,9 @@ _kdc_encode_reply(krb5_context context,
     free(buf);
     krb5_crypto_destroy(context, crypto);
     if(ret) {
-	kdc_log(context, config, 0, "Failed to encrypt data: %s",
-		krb5_get_err_text(context, ret));
+	const char *msg = krb5_get_error_message(context, ret);
+	kdc_log(context, config, 0, "Failed to encrypt data: %s", msg);
+	krb5_free_error_message(context, msg);
 	return ret;
     }
 
@@ -312,8 +315,9 @@ _kdc_encode_reply(krb5_context context,
     else
 	ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
     if(ret) {
-	kdc_log(context, config, 0, "Failed to encode KDC-REP: %s",
-		krb5_get_err_text(context, ret));
+	const char *msg = krb5_get_error_message(context, ret);
+	kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
+	krb5_free_error_message(context, msg);
 	return ret;
     }
     if(buf_size != len) {
@@ -324,9 +328,10 @@ _kdc_encode_reply(krb5_context context,
     }
     ret = krb5_crypto_init(context, reply_key, 0, &crypto);
     if (ret) {
+	const char *msg = krb5_get_error_message(context, ret);
 	free(buf);
-	kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-		krb5_get_err_text(context, ret));
+	kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
+	krb5_free_error_message(context, msg);
 	return ret;
     }
     if(rep->msg_type == krb_as_rep) {
@@ -352,8 +357,9 @@ _kdc_encode_reply(krb5_context context,
     }
     krb5_crypto_destroy(context, crypto);
     if(ret) {
-	kdc_log(context, config, 0, "Failed to encode KDC-REP: %s",
-		krb5_get_err_text(context, ret));
+	const char *msg = krb5_get_error_message(context, ret);
+	kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
+	krb5_free_error_message(context, msg);
 	return ret;
     }
     if(buf_size != len) {
@@ -981,8 +987,9 @@ _kdc_as_rep(krb5_context context,
     ret = _kdc_db_fetch(context, config, client_princ,
 			HDB_F_GET_CLIENT | flags, &clientdb, &client);
     if(ret){
-	kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name,
-		krb5_get_err_text(context, ret));
+	const char *msg = krb5_get_error_message(context, ret);
+	kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, msg);
+	krb5_free_error_message(context, msg);
 	ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
 	goto out;
     }
@@ -991,8 +998,9 @@ _kdc_as_rep(krb5_context context,
 			HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
 			NULL, &server);
     if(ret){
-	kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name,
-		krb5_get_err_text(context, ret));
+	const char *msg = krb5_get_error_message(context, ret);
+	kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg);
+	krb5_free_error_message(context, msg);
 	ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
 	goto out;
     }
@@ -1136,8 +1144,9 @@ _kdc_as_rep(krb5_context context,
 	try_next_key:
 	    ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto);
 	    if (ret) {
-		kdc_log(context, config, 0, "krb5_crypto_init failed: %s",
-			krb5_get_err_text(context, ret));
+		const char *msg = krb5_get_error_message(context, ret);
+		kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
+		krb5_free_error_message(context, msg);
 		free_EncryptedData(&enc_data);
 		continue;
 	    }
@@ -1155,6 +1164,8 @@ _kdc_as_rep(krb5_context context,
 	     */
 	    if(ret){
 		krb5_error_code ret2;
+		const char *msg = krb5_get_error_message(context, ret);
+
 		ret2 = krb5_enctype_to_string(context,
 					      pa_key->key.keytype, &str);
 		if (ret2)
@@ -1162,9 +1173,8 @@ _kdc_as_rep(krb5_context context,
 		kdc_log(context, config, 5,
 			"Failed to decrypt PA-DATA -- %s "
 			"(enctype %s) error %s",
-			client_name,
-			str ? str : "unknown enctype",
-			krb5_get_err_text(context, ret));
+			client_name, str ? str : "unknown enctype", msg);
+		krb5_free_error_message(context, msg);
 		free(str);
 
 		if(hdb_next_enctype2key(context, &client->entry,