tags 538225 +fixed-upstream
thanks
Hi Eamonn,
On Mon, Aug 24, 2009 at 09:04:45AM +0100, Eamonn Hamilton wrote:
> Hi,
>
> I've disabled the explicit renew lifetime parameter, while leaving the
> ticket lifetime specified, and it seems to be behaving itself. I'm
> currently trying to determine whether it's got anything to do with the
> renew lifetime being the same as the ticket lifetime, as I guess I
> should have had the renew lifetime as less than the ticket lifetime.
I've committed a fix that might help here:
http://git.gnome.org/cgit/krb5-auth-dialog/
I'll attach the patch. Could you apply it and test it?
Cheers,
-- Guido
>From 1fc28b824625e60e03412bdc8d4c9ad01dfa80f6 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Guido=20G=C3=BCnther?= <a...@sigxcpu.org>
Date: Tue, 15 Sep 2009 15:02:08 +0200
Subject: [PATCH] plug error message memory leak
BZ: #538225
---
src/krb5-auth-dialog.c | 44 ++++++++++++++++++++++++++++++--------------
1 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/src/krb5-auth-dialog.c b/src/krb5-auth-dialog.c
index 98235b7..17373e5 100644
--- a/src/krb5-auth-dialog.c
+++ b/src/krb5-auth-dialog.c
@@ -138,20 +138,26 @@ get_principal_realm_data(krb5_principal p)
#endif
}
-static const char*
+/*
+ * Returns a descriptive error message or kerberos related error
+ * pointer must be freed using g_free()
+ */
+static char*
ka_get_error_message(krb5_context context, krb5_error_code err)
{
- const char *msg = NULL;
-
+ char *msg = NULL;
#if defined(HAVE_KRB5_GET_ERROR_MESSAGE)
- msg = krb5_get_error_message(context, err);
+ char *krberr;
+
+ krberr = krb5_get_error_message(context, err);
+ msg = g_strdup(krberr);
+ krb5_free_error_string(context, krberr);
#else
- msg = error_message(err);
+ msg = g_strdup(error_message(err));
#endif
if (msg == NULL)
- return "unknown error";
- else
- return msg;
+ msg = g_strdup(_("unknown error"));
+ return msg;
}
static void
@@ -614,6 +620,7 @@ grab_credentials (KaApplet* applet)
krb5_ccache ccache;
gchar *pk_userid = NULL;
gchar *pk_anchors = NULL;
+ gchar *errmsg = NULL;
gboolean pw_auth = TRUE;
memset(&my_creds, 0, sizeof(my_creds));
@@ -656,8 +663,10 @@ grab_credentials (KaApplet* applet)
invalid_auth = TRUE;
break;
default:
+ errmsg = ka_get_error_message(kcontext, retval);
KA_DEBUG("Auth failed with %d: %s", retval,
- ka_get_error_message(kcontext, retval));
+ errmsg);
+ g_free(errmsg);
break;
}
goto out;
@@ -685,6 +694,7 @@ ka_renew_credentials (KaApplet* applet)
krb5_creds my_creds;
krb5_ccache ccache;
krb5_get_init_creds_opt opts;
+ gchar *errmsg = NULL;
if (kprincipal == NULL) {
retval = ka_parse_name(applet, kcontext, &kprincipal);
@@ -706,18 +716,21 @@ ka_renew_credentials (KaApplet* applet)
set_options_from_creds (applet, kcontext, &my_creds, &opts);
if (ka_applet_get_tgt_renewable(applet)) {
+
retval = get_renewed_creds (kcontext, &my_creds, kprincipal, ccache, NULL);
if (retval)
goto out;
retval = krb5_cc_initialize(kcontext, ccache, kprincipal);
if(retval) {
- g_warning("krb5_cc_initialize: %s", ka_get_error_message(kcontext, retval));
+ errmsg = ka_get_error_message(kcontext, retval);
+ g_warning("krb5_cc_initialize: %s", errmsg);
goto out;
}
retval = krb5_cc_store_cred(kcontext, ccache, &my_creds);
if (retval) {
- g_warning("krb5_cc_store_cred: %s", ka_get_error_message(kcontext, retval));
+ errmsg = ka_get_error_message(kcontext, retval);
+ g_warning("krb5_cc_store_cred: %s", errmsg);
goto out;
}
}
@@ -725,6 +738,7 @@ out:
creds_expiry = my_creds.times.endtime;
krb5_free_cred_contents (kcontext, &my_creds);
krb5_cc_close (kcontext, ccache);
+ g_free(errmsg);
return retval;
}
@@ -874,9 +888,11 @@ ka_grab_credentials (KaApplet* applet)
if (canceled)
break;
if (retval) {
- ka_pwdialog_error(pwdialog,
- ka_get_error_message(kcontext,
- retval));
+ gchar *errmsg;
+
+ errmsg = ka_get_error_message(kcontext, retval);
+ ka_pwdialog_error(pwdialog, errmsg);
+ g_free (errmsg);
break;
} else {
success = TRUE;
--
1.6.3.3
