--- embedaddon/sudo/plugins/sudoers/auth/kerb5.c 2012/05/29 12:26:49 1.1.1.2 +++ embedaddon/sudo/plugins/sudoers/auth/kerb5.c 2013/07/22 10:46:12 1.1.1.3 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007-2008, 2010-2012 + * Copyright (c) 1999-2005, 2007-2008, 2010-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -25,7 +25,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -113,9 +112,9 @@ sudo_krb5_setup(struct passwd *pw, char **promptp, sud * API does not currently provide this unless the auth is standalone. */ if ((error = krb5_unparse_name(sudo_context, princ, &pname))) { - log_error(NO_MAIL, - _("%s: unable to unparse princ ('%s'): %s"), auth->name, - pw->pw_name, error_message(error)); + log_warning(NO_MAIL, + N_("%s: unable to convert principal to string ('%s'): %s"), + auth->name, pw->pw_name, error_message(error)); debug_return_int(AUTH_FAILURE); } @@ -156,8 +155,8 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth) error = krb5_parse_name(sudo_context, pname, &(sudo_krb5_data.princ)); if (error) { - log_error(NO_MAIL, - _("%s: unable to parse '%s': %s"), auth->name, pname, + log_warning(NO_MAIL, + N_("%s: unable to parse '%s': %s"), auth->name, pname, error_message(error)); goto done; } @@ -166,8 +165,8 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth) (long) getpid()); if ((error = krb5_cc_resolve(sudo_context, cache_name, &(sudo_krb5_data.ccache)))) { - log_error(NO_MAIL, - _("%s: unable to resolve ccache: %s"), auth->name, + log_warning(NO_MAIL, + N_("%s: unable to resolve credential cache: %s"), auth->name, error_message(error)); goto done; } @@ -214,8 +213,8 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_a /* Set default flags based on the local config file. */ error = krb5_get_init_creds_opt_alloc(sudo_context, &opts); if (error) { - log_error(NO_MAIL, - _("%s: unable to allocate options: %s"), auth->name, + log_warning(NO_MAIL, + N_("%s: unable to allocate options: %s"), auth->name, error_message(error)); goto done; } @@ -230,8 +229,8 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_a NULL, 0, NULL, opts))) { /* Don't print error if just a bad password */ if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY) - log_error(NO_MAIL, - _("%s: unable to get credentials: %s"), auth->name, + log_warning(NO_MAIL, + N_("%s: unable to get credentials: %s"), auth->name, error_message(error)); goto done; } @@ -241,15 +240,15 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_a if ((error = verify_krb_v5_tgt(sudo_context, creds, auth->name))) goto done; - /* Store cred in cred cache. */ + /* Store credential in cache. */ if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) { - log_error(NO_MAIL, - _("%s: unable to initialize ccache: %s"), auth->name, - error_message(error)); + log_warning(NO_MAIL, + N_("%s: unable to initialize credential cache: %s"), + auth->name, error_message(error)); } else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) { - log_error(NO_MAIL, - _("%s: unable to store cred in ccache: %s"), auth->name, - error_message(error)); + log_warning(NO_MAIL, + N_("%s: unable to store credential in cache: %s"), + auth->name, error_message(error)); } done: @@ -312,8 +311,8 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_cred */ if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL, KRB5_NT_SRV_HST, &server))) { - log_error(NO_MAIL, - _("%s: unable to get host principal: %s"), auth_name, + log_warning(NO_MAIL, + N_("%s: unable to get host principal: %s"), auth_name, error_message(error)); debug_return_int(-1); } @@ -327,8 +326,8 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_cred NULL, &vopt); krb5_free_principal(sudo_context, server); if (error) - log_error(NO_MAIL, - _("%s: Cannot verify TGT! Possible attack!: %s"), + log_warning(NO_MAIL, + N_("%s: Cannot verify TGT! Possible attack!: %s"), auth_name, error_message(error)); debug_return_int(error); }