From owner-svn-src-head@FreeBSD.ORG Thu Mar 22 11:18:15 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 879E81065674; Thu, 22 Mar 2012 11:18:15 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 726298FC0A; Thu, 22 Mar 2012 11:18:15 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q2MBIFgr021957; Thu, 22 Mar 2012 11:18:15 GMT (envelope-from stas@svn.freebsd.org) Received: (from stas@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q2MBIFeQ021954; Thu, 22 Mar 2012 11:18:15 GMT (envelope-from stas@svn.freebsd.org) Message-Id: <201203221118.q2MBIFeQ021954@svn.freebsd.org> From: Stanislav Sedov Date: Thu, 22 Mar 2012 11:18:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r233302 - head/lib/libpam/modules/pam_ksu X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2012 11:18:15 -0000 Author: stas Date: Thu Mar 22 11:18:14 2012 New Revision: 233302 URL: http://svn.freebsd.org/changeset/base/233302 Log: - Avoid use of deprecated KRB5 functions. Modified: head/lib/libpam/modules/pam_ksu/Makefile head/lib/libpam/modules/pam_ksu/pam_ksu.c Modified: head/lib/libpam/modules/pam_ksu/Makefile ============================================================================== --- head/lib/libpam/modules/pam_ksu/Makefile Thu Mar 22 10:26:53 2012 (r233301) +++ head/lib/libpam/modules/pam_ksu/Makefile Thu Mar 22 11:18:14 2012 (r233302) @@ -31,6 +31,4 @@ MAN= pam_ksu.8 DPADD= ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} LDADD= -lkrb5 -lhx509 -lasn1 -lroken -lcom_err -lcrypt -lcrypto -NO_WERROR= yes - .include Modified: head/lib/libpam/modules/pam_ksu/pam_ksu.c ============================================================================== --- head/lib/libpam/modules/pam_ksu/pam_ksu.c Thu Mar 22 10:26:53 2012 (r233301) +++ head/lib/libpam/modules/pam_ksu/pam_ksu.c Thu Mar 22 11:18:14 2012 (r233302) @@ -70,8 +70,9 @@ pam_sm_authenticate(pam_handle_t *pamh, PAM_LOG("Got ruser: %s", (const char *)ruser); rv = krb5_init_context(&context); if (rv != 0) { - PAM_LOG("krb5_init_context failed: %s", - krb5_get_err_text(context, rv)); + const char *msg = krb5_get_error_message(context, rv); + PAM_LOG("krb5_init_context failed: %s", msg); + krb5_free_error_message(context, msg); return (PAM_SERVICE_ERR); } rv = get_su_principal(context, user, ruser, &su_principal_name, &su_principal); @@ -112,7 +113,7 @@ auth_krb5(pam_handle_t *pamh, krb5_conte krb5_principal su_principal) { krb5_creds creds; - krb5_get_init_creds_opt gic_opt; + krb5_get_init_creds_opt *gic_opt; krb5_verify_init_creds_opt vic_opt; const char *pass; char *prompt; @@ -120,7 +121,6 @@ auth_krb5(pam_handle_t *pamh, krb5_conte int pamret; prompt = NULL; - krb5_get_init_creds_opt_init(&gic_opt); krb5_verify_init_creds_opt_init(&vic_opt); if (su_principal_name != NULL) (void)asprintf(&prompt, "Password for %s:", su_principal_name); @@ -133,11 +133,20 @@ auth_krb5(pam_handle_t *pamh, krb5_conte free(prompt); if (pamret != PAM_SUCCESS) return (pamret); + rv = krb5_get_init_creds_opt_alloc(context, &gic_opt); + if (rv != 0) { + const char *msg = krb5_get_error_message(context, rv); + PAM_LOG("krb5_get_init_creds_opt_alloc: %s", msg); + krb5_free_error_message(context, msg); + return (PAM_AUTH_ERR); + } rv = krb5_get_init_creds_password(context, &creds, su_principal, - pass, NULL, NULL, 0, NULL, &gic_opt); + pass, NULL, NULL, 0, NULL, gic_opt); + krb5_get_init_creds_opt_free(context, gic_opt); if (rv != 0) { - PAM_LOG("krb5_get_init_creds_password: %s", - krb5_get_err_text(context, rv)); + const char *msg = krb5_get_error_message(context, rv); + PAM_LOG("krb5_get_init_creds_password: %s", msg); + krb5_free_error_message(context, msg); return (PAM_AUTH_ERR); } krb5_verify_init_creds_opt_set_ap_req_nofail(&vic_opt, 1); @@ -145,8 +154,9 @@ auth_krb5(pam_handle_t *pamh, krb5_conte &vic_opt); krb5_free_cred_contents(context, &creds); if (rv != 0) { - PAM_LOG("krb5_verify_init_creds: %s", - krb5_get_err_text(context, rv)); + const char *msg = krb5_get_error_message(context, rv); + PAM_LOG("krb5_verify_init_creds: %s", msg); + krb5_free_error_message(context, msg); return (PAM_AUTH_ERR); } return (PAM_SUCCESS); @@ -220,8 +230,9 @@ get_su_principal(krb5_context context, c rv = krb5_unparse_name(context, default_principal, &principal_name); krb5_free_principal(context, default_principal); if (rv != 0) { - PAM_LOG("krb5_unparse_name: %s", - krb5_get_err_text(context, rv)); + const char *msg = krb5_get_error_message(context, rv); + PAM_LOG("krb5_unparse_name: %s", msg); + krb5_free_error_message(context, msg); return (rv); } PAM_LOG("Default principal name: %s", principal_name); @@ -243,8 +254,9 @@ get_su_principal(krb5_context context, c return (errno); rv = krb5_parse_name(context, *su_principal_name, &default_principal); if (rv != 0) { - PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name, - krb5_get_err_text(context, rv)); + const char *msg = krb5_get_error_message(context, rv); + PAM_LOG("krb5_parse_name `%s': %s", *su_principal_name, msg); + krb5_free_error_message(context, msg); free(*su_principal_name); return (rv); }