Make this compile w/ Heimdal and fix some gcc warnings.

diff --git a/auth/kerb5.c b/auth/kerb5.c
index 7ebb4f30b9a676bd3924ad39157252fb96f08b9e..3f1df08ce22841d21e97e828fd3d172352fbce9e 100644 (file)
--- a/auth/kerb5.c
+++ b/auth/kerb5.c
@@ -93,16 +93,12 @@ kerb5_init(pw, promptp, auth)
 
     auth->data = (VOID *) &sudo_krb5_data; /* Stash all our data here */
 
-    if (error = krb5_init_context(&(sudo_krb5_data.sudo_context))) {
-       log_error(NO_EXIT|NO_MAIL, 
-                 "%s: unable to initialize context: %s", auth->name,
-                 error_message(error));
+    if ((error = krb5_init_context(&(sudo_krb5_data.sudo_context))))
        return(AUTH_FAILURE);
-    }
     sudo_context = sudo_krb5_data.sudo_context;
 
-    if (error = krb5_parse_name(sudo_context, pw->pw_name,
-       &(sudo_krb5_data.princ))) {
+    if ((error = krb5_parse_name(sudo_context, pw->pw_name,
+       &(sudo_krb5_data.princ)))) {
        log_error(NO_EXIT|NO_MAIL, 
                  "%s: unable to parse '%s': %s", auth->name, pw->pw_name,
                  error_message(error));
@@ -115,7 +111,7 @@ kerb5_init(pw, promptp, auth)
      * The API does not currently provide this unless the auth is standalone.
      */
 #if 1
-    if (error = krb5_unparse_name(sudo_context, princ, &pname)) {
+    if ((error = krb5_unparse_name(sudo_context, princ, &pname))) {
        log_error(NO_EXIT|NO_MAIL,
                  "%s: unable to unparse princ ('%s'): %s", auth->name,
                  pw->pw_name, error_message(error));
@@ -130,7 +126,7 @@ kerb5_init(pw, promptp, auth)
 #endif
 
     /* For CNS compatibility */
-    if (error = krb5_cc_register(sudo_context, &krb5_mcc_ops, FALSE)) {
+    if ((error = krb5_cc_register(sudo_context, &krb5_mcc_ops, FALSE))) {
        if (error != KRB5_CC_TYPE_EXISTS) {
            log_error(NO_EXIT|NO_MAIL, 
                      "%s: unable to use Memory ccache: %s", auth->name,
@@ -141,8 +137,8 @@ kerb5_init(pw, promptp, auth)
 
     (void) snprintf(cache_name, sizeof(cache_name), "MEMORY:sudocc_%ld",
                    (long) getpid());
-    if (error = krb5_cc_resolve(sudo_context, cache_name,
-       &(sudo_krb5_data.ccache))) {
+    if ((error = krb5_cc_resolve(sudo_context, cache_name,
+       &(sudo_krb5_data.ccache)))) {
        log_error(NO_EXIT|NO_MAIL, 
                  "%s: unable to resolve ccache: %s", auth->name,
                  error_message(error));
@@ -150,7 +146,7 @@ kerb5_init(pw, promptp, auth)
     }
     ccache = sudo_krb5_data.ccache;
 
-    if (error = krb5_cc_initialize(sudo_context, ccache, princ)) {
+    if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
        log_error(NO_EXIT|NO_MAIL, 
                  "%s: unable to initialize ccache: %s", auth->name,
                  error_message(error));
@@ -172,7 +168,6 @@ kerb5_verify(pw, pass, auth)
     krb5_creds         creds;
     krb5_error_code    error;
     krb5_get_init_creds_opt opts;
-    char               cache_name[64];
 
     sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context;
     princ = ((sudo_krb5_datap) auth->data)->princ;
@@ -182,9 +177,9 @@ kerb5_verify(pw, pass, auth)
     krb5_get_init_creds_opt_init(&opts);
 
     /* Note that we always obtain a new TGT to verify the user */
-    if (error = krb5_get_init_creds_password(sudo_context, &creds, princ,
+    if ((error = krb5_get_init_creds_password(sudo_context, &creds, princ,
                                             pass, krb5_prompter_posix,
-                                            NULL, 0, NULL, &opts)) {
+                                            NULL, 0, NULL, &opts))) {
        if (error == KRB5KRB_AP_ERR_BAD_INTEGRITY) /* Bad password */
            return(AUTH_FAILURE);
        /* Some other error */
@@ -195,7 +190,7 @@ kerb5_verify(pw, pass, auth)
     }
 
     /* Stash the TGT so we can verify it. */
-    if (error = krb5_cc_store_cred(sudo_context, ccache, &creds)) {
+    if ((error = krb5_cc_store_cred(sudo_context, ccache, &creds))) {
        log_error(NO_EXIT|NO_MAIL, 
                  "%s: unable to store credentials: %s", auth->name,
                  error_message(error));
@@ -263,26 +258,25 @@ verify_krb_v5_tgt(sudo_context, ccache, auth_name)
      * Get the server principal for the local host.
      * (Use defaults of "host" and canonicalized local name.)
      */
-    if (error = krb5_sname_to_principal(sudo_context, NULL, NULL,
-                                       KRB5_NT_SRV_HST, &princ)) {
+    if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL,
+                                       KRB5_NT_SRV_HST, &princ))) {
        log_error(NO_EXIT|NO_MAIL, 
                  "%s: unable to get host principal: %s", auth_name,
                  error_message(error));
        return(-1);
     }
 
-    /* Extract the name directly. Yow. */
-    strncpy(phost, krb5_princ_component(sudo_context, princ, 1)->data,
-           sizeof(phost) - 1);
-    phost[sizeof(phost) - 1] = '\0';
+    /* Extract the name directly. 
+    strlcpy(phost, krb5_principal_get_realm(sudo_context, princ, 1),
+           sizeof(phost));
 
     /*
      * Do we have host/<host> keys?
      * (use default keytab, kvno IGNORE_VNO to get the first match,
      * and enctype is currently ignored anyhow.)
      */
-    if (error = krb5_kt_read_service_key(sudo_context, NULL, princ, 0,
-                                        ENCTYPE_DES_CBC_MD5, &keyblock)) {
+    if ((error = krb5_kt_read_service_key(sudo_context, NULL, princ, 0,
+                                        ETYPE_DES_CBC_MD5, &keyblock))) {
        /* Keytab or service key does not exist. */
        log_error(NO_EXIT,
                  "%s: host service key not found: %s", auth_name,
@@ -307,7 +301,7 @@ verify_krb_v5_tgt(sudo_context, ccache, auth_name)
                            NULL, NULL, NULL);
 cleanup:
     if (packet.data)
-       krb5_free_data_contents(sudo_context, &packet);
+       krb5_data_free(&packet);
     krb5_free_principal(sudo_context, princ);
 
     if (error)