Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Mar 2012 11:18:15 +0000 (UTC)
From:      Stanislav Sedov <stas@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r233302 - head/lib/libpam/modules/pam_ksu
Message-ID:  <201203221118.q2MBIFeQ021954@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: stas
Date: Thu Mar 22 11:18:14 2012
New Revision: 233302
URL: http://svn.freebsd.org/changeset/base/233302

Log:
  - Avoid use of deprecated KRB5 functions.

Modified:
  head/lib/libpam/modules/pam_ksu/Makefile
  head/lib/libpam/modules/pam_ksu/pam_ksu.c

Modified: head/lib/libpam/modules/pam_ksu/Makefile
==============================================================================
--- head/lib/libpam/modules/pam_ksu/Makefile	Thu Mar 22 10:26:53 2012	(r233301)
+++ head/lib/libpam/modules/pam_ksu/Makefile	Thu Mar 22 11:18:14 2012	(r233302)
@@ -31,6 +31,4 @@ MAN=	pam_ksu.8
 DPADD=	${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO}
 LDADD=	-lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto
 
-NO_WERROR=	yes
-
 .include <bsd.lib.mk>

Modified: head/lib/libpam/modules/pam_ksu/pam_ksu.c
==============================================================================
--- head/lib/libpam/modules/pam_ksu/pam_ksu.c	Thu Mar 22 10:26:53 2012	(r233301)
+++ head/lib/libpam/modules/pam_ksu/pam_ksu.c	Thu Mar 22 11:18:14 2012	(r233302)
@@ -70,8 +70,9 @@ pam_sm_authenticate(pam_handle_t *pamh, 
 	PAM_LOG("Got ruser: %s", (const char *)ruser);
 	rv = krb5_init_context(&context);
 	if (rv != 0) {
-		PAM_LOG("krb5_init_context failed: %s",
-			krb5_get_err_text(context, rv));
+		const char *msg = krb5_get_error_message(context, rv);
+		PAM_LOG("krb5_init_context failed: %s", msg);
+		krb5_free_error_message(context, msg);
 		return (PAM_SERVICE_ERR);
 	}
 	rv = get_su_principal(context, user, ruser, &su_principal_name, &su_principal);
@@ -112,7 +113,7 @@ auth_krb5(pam_handle_t *pamh, krb5_conte
     krb5_principal su_principal)
 {
 	krb5_creds	 creds;
-	krb5_get_init_creds_opt gic_opt;
+	krb5_get_init_creds_opt *gic_opt;
 	krb5_verify_init_creds_opt vic_opt;
 	const char	*pass;
 	char		*prompt;
@@ -120,7 +121,6 @@ auth_krb5(pam_handle_t *pamh, krb5_conte
 	int		 pamret;
 
 	prompt = NULL;
-	krb5_get_init_creds_opt_init(&gic_opt);
 	krb5_verify_init_creds_opt_init(&vic_opt);
 	if (su_principal_name != NULL)
 		(void)asprintf(&prompt, "Password for %s:", su_principal_name);
@@ -133,11 +133,20 @@ auth_krb5(pam_handle_t *pamh, krb5_conte
 	free(prompt);
 	if (pamret != PAM_SUCCESS)
 		return (pamret);
+	rv = krb5_get_init_creds_opt_alloc(context, &gic_opt);
+	if (rv != 0) {
+		const char *msg = krb5_get_error_message(context, rv);
+		PAM_LOG("krb5_get_init_creds_opt_alloc: %s", msg);
+		krb5_free_error_message(context, msg);
+		return (PAM_AUTH_ERR);
+	}
 	rv = krb5_get_init_creds_password(context, &creds, su_principal,
-	    pass, NULL, NULL, 0, NULL, &gic_opt);
+	    pass, NULL, NULL, 0, NULL, gic_opt);
+	krb5_get_init_creds_opt_free(context, gic_opt);
 	if (rv != 0) {
-		PAM_LOG("krb5_get_init_creds_password: %s",
-			krb5_get_err_text(context, rv));
+		const char *msg = krb5_get_error_message(context, rv);
+		PAM_LOG("krb5_get_init_creds_password: %s", msg);
+		krb5_free_error_message(context, msg);
 		return (PAM_AUTH_ERR);
 	}
 	krb5_verify_init_creds_opt_set_ap_req_nofail(&vic_opt, 1);
@@ -145,8 +154,9 @@ auth_krb5(pam_handle_t *pamh, krb5_conte
 	    &vic_opt);
 	krb5_free_cred_contents(context, &creds);
 	if (rv != 0) {
-		PAM_LOG("krb5_verify_init_creds: %s",
-		       krb5_get_err_text(context, rv));
+		const char *msg = krb5_get_error_message(context, rv);
+		PAM_LOG("krb5_verify_init_creds: %s", msg);
+		krb5_free_error_message(context, msg);
 		return (PAM_AUTH_ERR);
 	}
 	return (PAM_SUCCESS);
@@ -220,8 +230,9 @@ get_su_principal(krb5_context context, c
 	rv = krb5_unparse_name(context, default_principal, &principal_name);
 	krb5_free_principal(context, default_principal);
 	if (rv != 0) {
-		PAM_LOG("krb5_unparse_name: %s",
-		    krb5_get_err_text(context, rv));
+		const char *msg = krb5_get_error_message(context, rv);
+		PAM_LOG("krb5_unparse_name: %s", msg);
+		krb5_free_error_message(context, msg);
 		return (rv);
 	}
 	PAM_LOG("Default principal name: %s", principal_name);
@@ -243,8 +254,9 @@ get_su_principal(krb5_context context, c
 		return (errno);
 	rv = krb5_parse_name(context, *su_principal_name, &default_principal);
 	if (rv != 0) {
-		PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name,
-		    krb5_get_err_text(context, rv));
+		const char *msg = krb5_get_error_message(context, rv);
+		PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name, msg);
+		krb5_free_error_message(context, msg);
 		free(*su_principal_name);
 		return (rv);
 	}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203221118.q2MBIFeQ021954>