[squid-dev] [PATCH] remove error_message from kerberos_ldap_group

Amos Jeffries squid3 at treenet.co.nz
Tue Feb 17 00:47:55 UTC 2015


On 17/02/2015 11:57 a.m., Markus Moeller wrote:
> 
> Hi Amos,
> 
>    Please find attached a patch to replace error_message with
> krb5_get_error_message.
> 


in .../ext_kerberos_ldap_group_acl.8:

* just a note that the - characters need to be \-escaped. Ican do a
followup docs patch on this since all the other options need it as well.


in .../kerberos_ldap_group/support_krb5.cc

* missing whitespace empty line after k5_error2()

* please deduplicate shared code betweenk5_error2() and k5_error() and
make them static:

+static void
+k5_error(const char* msg, krb5_error_code code)
+{
+    k5_error(msg, "", code);
+}
+
+static void
+k5_error2(const char* msg, char* msg2, krb5_error_code code)
+{
+    const char *errmsg;
+    errmsg = krb5_get_error_message(kparam.context, code);
+    error((char *) "%s| %s: ERROR: %s%s : %s\n", LogTime(), PROGRAM,
msg, msg2, errmsg);
+#if HAVE_KRB5_FREE_ERROR_MESSAGE
+    krb5_free_error_message(kparam.context, errmsg);
+#elif HAVE_KRB5_FREE_ERROR_STRING
+    krb5_free_error_string(kparam.context, (char *)errmsg);
+#else
+    xfree(errmsg);
+#endif
+}

... and the code calling k5_error2() place the trailing SP character
inside their msg1 parameter string.


in helpers/negotiate_auth/kerberos/negotiate_kerberos_pac.cc
* whats this?


Amos



More information about the squid-dev mailing list