/*
- * Copyright (c) 1999-2005, 2007-2008, 2010-2012
+ * Copyright (c) 1999-2005, 2007-2008, 2010-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
* API does not currently provide this unless the auth is standalone.
*/
if ((error = krb5_unparse_name(sudo_context, princ, &pname))) {
- log_error(NO_EXIT|NO_MAIL,
- _("%s: unable to unparse princ ('%s'): %s"), auth->name,
- pw->pw_name, error_message(error));
+ log_warning(NO_MAIL,
+ N_("%s: unable to convert principal to string ('%s'): %s"),
+ auth->name, pw->pw_name, error_message(error));
debug_return_int(AUTH_FAILURE);
}
error = krb5_parse_name(sudo_context, pname, &(sudo_krb5_data.princ));
if (error) {
- log_error(NO_EXIT|NO_MAIL,
- _("%s: unable to parse '%s': %s"), auth->name, pname,
+ log_warning(NO_MAIL,
+ N_("%s: unable to parse '%s': %s"), auth->name, pname,
error_message(error));
goto done;
}
(long) getpid());
if ((error = krb5_cc_resolve(sudo_context, cache_name,
&(sudo_krb5_data.ccache)))) {
- log_error(NO_EXIT|NO_MAIL,
- _("%s: unable to resolve ccache: %s"), auth->name,
+ log_warning(NO_MAIL,
+ N_("%s: unable to resolve credential cache: %s"), auth->name,
error_message(error));
goto done;
}
/* Set default flags based on the local config file. */
error = krb5_get_init_creds_opt_alloc(sudo_context, &opts);
if (error) {
- log_error(NO_EXIT|NO_MAIL,
- _("%s: unable to allocate options: %s"), auth->name,
+ log_warning(NO_MAIL,
+ N_("%s: unable to allocate options: %s"), auth->name,
error_message(error));
goto done;
}
NULL, 0, NULL, opts))) {
/* Don't print error if just a bad password */
if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY)
- log_error(NO_EXIT|NO_MAIL,
- _("%s: unable to get credentials: %s"), auth->name,
+ log_warning(NO_MAIL,
+ N_("%s: unable to get credentials: %s"), auth->name,
error_message(error));
goto done;
}
if ((error = verify_krb_v5_tgt(sudo_context, creds, auth->name)))
goto done;
- /* Store cred in cred cache. */
+ /* Store credential in cache. */
if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
- log_error(NO_EXIT|NO_MAIL,
- _("%s: unable to initialize ccache: %s"), auth->name,
- error_message(error));
+ log_warning(NO_MAIL,
+ N_("%s: unable to initialize credential cache: %s"),
+ auth->name, error_message(error));
} else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) {
- log_error(NO_EXIT|NO_MAIL,
- _("%s: unable to store cred in ccache: %s"), auth->name,
- error_message(error));
+ log_warning(NO_MAIL,
+ N_("%s: unable to store credential in cache: %s"),
+ auth->name, error_message(error));
}
done:
*/
if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL,
KRB5_NT_SRV_HST, &server))) {
- log_error(NO_EXIT|NO_MAIL,
- _("%s: unable to get host principal: %s"), auth_name,
+ log_warning(NO_MAIL,
+ N_("%s: unable to get host principal: %s"), auth_name,
error_message(error));
debug_return_int(-1);
}
NULL, &vopt);
krb5_free_principal(sudo_context, server);
if (error)
- log_error(NO_EXIT|NO_MAIL,
- _("%s: Cannot verify TGT! Possible attack!: %s"),
+ log_warning(NO_MAIL,
+ N_("%s: Cannot verify TGT! Possible attack!: %s"),
auth_name, error_message(error));
debug_return_int(error);
}