From: Markus Moeller Date: Wed, 18 Feb 2015 02:30:34 +0000 (-0800) Subject: ext_kerberos_ldap_group_acl: Heimdal support improvements X-Git-Tag: merge-candidate-3-v1~265 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f95eb8d8ebad4a33c4eb51b999bfe404032684d6;p=thirdparty%2Fsquid.git ext_kerberos_ldap_group_acl: Heimdal support improvements * fix build errors on FreeBSD with Heimdal library * remove PAC support from being built when not needed * update man(8) page documentation po4a syntax --- diff --git a/helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 b/helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 index 5f46161156..6972104beb 100644 --- a/helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 +++ b/helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 @@ -7,7 +7,7 @@ Version 1.3.0sq . .SH SYNOPSIS .if !'po4a'hide' .B ext_kerberos_ldap_group_acl -.if !'po4a'hide' .B [\-h] [\-d] [\-i] [\-s] [\-a] [\-D Realm ] [\-N Netbios-Realm-List] [\-m Max-Depth] [\-u Ldap-User] [\-p Ldap-Password] [\-b Ldap-Bind-Path] [\-l Ldap-URL] [\-S ldap server list] \-g Group-Realm-List \-t Hex-Group-Realm-List \-T Hex-Group-Hex-Realm-List +.if !'po4a'hide' .B [\-h] [\-d] [\-i] [\-s] [\-a] [\-D Realm ] [\-N Netbios\-Realm\-List] [\-m Max\-Depth] [\-u Ldap\-User] [\-p Ldap\-Password] [\-b Ldap\-Bind\-Path] [\-l Ldap\-URL] [\-S ldap server list] \-g Group\-Realm\-List \-t Hex\-Group\-Realm\-List \-T Hex\-Group\-Hex\-Realm\-List . .SH DESCRIPTION .B ext_kerberos_ldap_group_acl @@ -85,18 +85,18 @@ Allow SSL without certificate verification. Default Kerberos domain to use for usernames which do not contain domain information (e.g. for users using basic authentication). .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-N Netbios-Realm-List +.if !'po4a'hide' .B \-N Netbios\-Realm\-List A list of Netbios name mappings to Kerberos domain names of the form -Netbios-Name@Kerberos-Realm[:Netbios-Name@Kerberos-Realm] (e.g. for users +Netbios\-Name@Kerberos\-Realm[:Netbios\-Name@Kerberos\-Realm] (e.g. for users using NTLM authentication). .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-m Max-Depth +.if !'po4a'hide' .B \-m Max\-Depth Maximal depth of recursive group search. .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-u Ldap-User +.if !'po4a'hide' .B \-u Ldap\-User Username for LDAP server. .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-u Ldap-Password +.if !'po4a'hide' .B \-p Ldap\-Password Password for LDAP server. .IP As the password needs to be printed in plain text in your Squid configuration @@ -105,29 +105,29 @@ This to limit the damage in case someone could get hold of a copy of your Squid configuration file or extracts the password used from a process listing. . .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-b Ldap-Bind-Path +.if !'po4a'hide' .B \-b Ldap\-Bind\-Path LDAP server bind path. .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-u Ldap-URL +.if !'po4a'hide' .B \-l Ldap\-URL LDAP server URL in form ldap[s]://server:port .if !'po4a'hide' .TP 12 .if !'po4a'hide' .B \-S ldap server list list of ldap servers of the form lserver|lserver@|lserver@Realm[:lserver@|lserver@Realm] .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-g Group-Realm-List +.if !'po4a'hide' .B \-g Group\-Realm\-List A list of group name per Kerberos domain of the form Group|Group@|Group@Realm[:Group@|Group@Realm] .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-t Hex-Group-Realm-List +.if !'po4a'hide' .B \-t Hex\-Group\-Realm\-List A list of group name per Kerberos domain of the form Group|Group@|Group@Realm[:Group@|Group@Realm] where group is in -UTF-8 hex format +UTF\-8 hex format .if !'po4a'hide' .TP 12 -.if !'po4a'hide' .B \-T Hex-Group-Hex-Realm-List +.if !'po4a'hide' .B \-T Hex\-Group\-Hex\-Realm\-List A list of group name per Kerberos domain of the form Group|Group@|Group@Realm[:Group@|Group@Realm] where group and domain -is in UTF-8 hex format +is in UTF\-8 hex format . .SH CONFIGURATION .PP @@ -138,9 +138,9 @@ helper in .if !'po4a'hide' .P .if !'po4a'hide' .ft CR .if !'po4a'hide' .nf -.if !'po4a'hide' external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl -g GROUP1 +.if !'po4a'hide' external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl \-g GROUP1 .if !'po4a'hide' .br -.if !'po4a'hide' external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl -g GROUP2 +.if !'po4a'hide' external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl \-g GROUP2 .if !'po4a'hide' .br .if !'po4a'hide' acl group1 external kerberos_ldap_group1 .if !'po4a'hide' .br @@ -168,7 +168,7 @@ script. .if !'po4a'hide' .P .if !'po4a'hide' .ft CR .if !'po4a'hide' .nf -.if !'po4a'hide' KRB5_CONFIG=/etc/krb5-squid.conf +.if !'po4a'hide' KRB5_CONFIG=/etc/krb5\-squid.conf .if !'po4a'hide' export KRB5_CONFIG .if !'po4a'hide' .fi .if !'po4a'hide' .ft @@ -182,37 +182,37 @@ will determine automagically the right ldap server. The following method is used c) Use LDAP_URL if given 2) For user - a) Use domain -D REALM and follow step 1) + a) Use domain \-D REALM and follow step 1) b) Use LDAP_URL if given The Groups to check against are determined as follows: 1) For user@REALM - a) Use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM - b) Use values given by -g option which contain a @ only e.g. -g GROUP1@:GROUP2@ - c) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2 + a) Use values given by \-g option which contain a @REALM e.g. \-g GROUP1@REALM:GROUP2@REALM + b) Use values given by \-g option which contain a @ only e.g. \-g GROUP1@:GROUP2@ + c) Use values given by \-g option which do not contain a realm e.g. \-g GROUP1:GROUP2 2) For user - a) Use values given by -g option which do not contain a realm e.g. -g GROUP1:GROUP2 + a) Use values given by \-g option which do not contain a realm e.g. \-g GROUP1:GROUP2 3) For NDOMAIN\\user - a) Use realm given by -N NDOMAIN@REALM and then use values given by -g option which contain a @REALM e.g. -g GROUP1@REALM:GROUP2@REALM + a) Use realm given by \-N NDOMAIN@REALM and then use values given by \-g option which contain a @REALM e.g. \-g GROUP1@REALM:GROUP2@REALM -To support Non-ASCII character use -t GROUP or -t GROUP@REALM instead of -g where GROUP is the hex UTF-8 representation e.g. +To support Non\-ASCII character use \-t GROUP or \-t GROUP@REALM instead of \-g where GROUP is the hex UTF\-8 representation e.g. - -t 6d61726b7573 instead of -g markus + \-t 6d61726b7573 instead of \-g markus -The REALM must still be based on the ASCII character set. If REALM contains also non ASCII characters use -T GROUP@REALM where GROUP and REALM are hex UTF-8 representation e.g. +The REALM must still be based on the ASCII character set. If REALM contains also non ASCII characters use \-T GROUP@REALM where GROUP and REALM are hex UTF\-8 representation e.g. - -T 6d61726b7573@57494e3230303352322e484f4d45 instead of -g markus@WIN2003R2.HOME + \-T 6d61726b7573@57494e3230303352322e484f4d45 instead of \-g markus@WIN2003R2.HOME -For a translation of hex UTF-8 see for example http://www.utf8-chartable.de/unicode-utf8-table.pl +For a translation of hex UTF\-8 see for example http://www.utf8\-chartable.de/unicode\-utf8\-table.pl The ldap server list can be: -server - In this case server can be used for all Kerberos domains -server@ - In this case server can be used for all Kerberos domains -server@domain - In this case server can be used for Kerberos domain domain -server1a@domain1:server1b@domain1:server2@domain2:server3@:server4 - A list is build with a colon as seperator +server \- In this case server can be used for all Kerberos domains +server@ \- In this case server can be used for all Kerberos domains +server@domain \- In this case server can be used for Kerberos domain domain +server1a@domain1:server1b@domain1:server2@domain2:server3@:server4 \- A list is build with a colon as seperator . .SH AUTHOR @@ -224,7 +224,7 @@ This manual was written by . .SH COPYRIGHT .PP - * Copyright (C) 1996-2015 The Squid Software Foundation and contributors + * Copyright (C) 1996\-2015 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. @@ -237,36 +237,36 @@ Distributed under the GNU General Public License (GNU GPL) version 2 or later (G .SH QUESTIONS Questions on the usage of this program can be sent to the .I Squid Users mailing list -.if !'po4a'hide' +.if !'po4a'hide' . .SH REPORTING BUGS Bug reports need to be made in English. -See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +See http://wiki.squid\-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. .PP -Report bugs or bug fixes using http://bugs.squid-cache.org/ +Report bugs or bug fixes using http://bugs.squid\-cache.org/ .PP Report serious security bugs to -.I Squid Bugs +.I Squid Bugs .PP Report ideas for new improvements to the .I Squid Developers mailing list -.if !'po4a'hide' +.if !'po4a'hide' . .SH SEE ALSO .if !'po4a'hide' .BR squid "(8) " .if !'po4a'hide' .BR negotiate_kerberos_auth "(8) " .br -.BR RFC1035 " - Domain names - implementation and specification," +.BR RFC1035 " \- Domain names \- implementation and specification," .br -.BR RFC2782 " - A DNS RR for specifying the location of services (DNS SRV)," +.BR RFC2782 " \- A DNS RR for specifying the location of services (DNS SRV)," .br -.BR RFC2254 " - The String Representation of LDAP Search Filters," +.BR RFC2254 " \- The String Representation of LDAP Search Filters," .br -.BR RFC2307bis " - An Approach for Using LDAP as a Network Information Service +.BR RFC2307bis " \- An Approach for Using LDAP as a Network Information Service http://www.padl.com/~lukeh/rfc2307bis.txt," .br The Squid FAQ wiki -.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq +.if !'po4a'hide' http://wiki.squid\-cache.org/SquidFaq .br The Squid Configuration Manual -.if !'po4a'hide' http://www.squid-cache.org/Doc/config/ +.if !'po4a'hide' http://www.squid\-cache.org/Doc/config/ diff --git a/helpers/external_acl/kerberos_ldap_group/support.h b/helpers/external_acl/kerberos_ldap_group/support.h index 2c63e34b24..41cab4e758 100644 --- a/helpers/external_acl/kerberos_ldap_group/support.h +++ b/helpers/external_acl/kerberos_ldap_group/support.h @@ -55,8 +55,6 @@ extern "C" { #if HAVE_COM_ERR_H #include -#elif USE_HEIMDAL_KRB5 -#define error_message(code) krb5_get_err_text(kparam.context,code) #endif /* HAVE_COM_ERR_H */ #define LDAP_DEPRECATED 1 diff --git a/helpers/external_acl/kerberos_ldap_group/support_krb5.cc b/helpers/external_acl/kerberos_ldap_group/support_krb5.cc index 39913273de..04e8cc327b 100644 --- a/helpers/external_acl/kerberos_ldap_group/support_krb5.cc +++ b/helpers/external_acl/kerberos_ldap_group/support_krb5.cc @@ -54,6 +54,28 @@ krb5_cleanup() } krb5_free_context(kparam.context); } + +static void +k5_error2(const char* msg, char* msg2, krb5_error_code code) +{ + const char *errmsg; + errmsg = krb5_get_error_message(kparam.context, code); + error((char *) "%s| %s: ERROR: %s%s : %s\n", LogTime(), PROGRAM, msg, msg2, errmsg); +#if HAVE_KRB5_FREE_ERROR_MESSAGE + krb5_free_error_message(kparam.context, errmsg); +#elif HAVE_KRB5_FREE_ERROR_STRING + krb5_free_error_string(kparam.context, (char *)errmsg); +#else + xfree(errmsg); +#endif +} + +static void +k5_error(const char* msg, krb5_error_code code) +{ + k5_error2(msg, (char *)"", code); +} + /* * create Kerberos memory cache */ @@ -109,7 +131,7 @@ krb5_create_cache(char *domain) } code = krb5_cc_resolve(kparam.context, mem_cache, &kparam.cc[ccindex]); if (code) { - error((char *) "%s| %s: ERROR: Error while resolving memory ccache : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while resolving memory ccache",code); retval = 1; goto cleanup; } @@ -123,23 +145,22 @@ krb5_create_cache(char *domain) if (principal) krb5_free_principal(kparam.context, principal); principal = NULL; - debug((char *) "%s| %s: DEBUG: No default principal found in ccache : %s\n", LogTime(), PROGRAM, error_message(code)); - + k5_error("No default principal found in ccache",code); } else { /* * Look for krbtgt and check if it is expired (or soon to be expired) */ code = krb5_cc_start_seq_get(kparam.context, kparam.cc[ccindex], &ccursor); if (code) { - error((char *) "%s| %s: ERROR: Error while starting ccache scan : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while starting ccache scan",code); code = krb5_cc_close (kparam.context, kparam.cc[ccindex]); if (code) { - error((char *) "%s| %s: ERROR: while closing ccache : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while closing ccache",code); } if (kparam.cc[ccindex]) { code = krb5_cc_destroy(kparam.context, kparam.cc[ccindex]); if (code) { - error((char *) "%s| %s: ERROR: while destroying ccache : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while destroying ccache",code); } } } else { @@ -148,10 +169,10 @@ krb5_create_cache(char *domain) while ((krb5_cc_next_cred(kparam.context, kparam.cc[ccindex], &ccursor, creds)) == 0) { code2 = krb5_unparse_name(kparam.context, creds->server, &principal_name); if (code2) { - error((char *) "%s| %s: ERROR: Error while unparsing principal : %s\n", LogTime(), PROGRAM, error_message(code2)); + k5_error("Error while unparsing principal",code2); code = krb5_cc_destroy(kparam.context, kparam.cc[ccindex]); if (code) { - error((char *) "%s| %s: ERROR: while destroying ccache : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while destroying ccache",code); } if (creds) krb5_free_creds(kparam.context, creds); @@ -160,7 +181,7 @@ krb5_create_cache(char *domain) debug((char *) "%s| %s: DEBUG: Reset credential cache to %s\n", LogTime(), PROGRAM, mem_cache); code = krb5_cc_resolve(kparam.context, mem_cache, &kparam.cc[ccindex]); if (code) { - error((char *) "%s| %s: ERROR: Error while resolving memory ccache : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while resolving memory ccache",code); retval = 1; goto cleanup; } @@ -184,7 +205,7 @@ krb5_create_cache(char *domain) principal = NULL; code = krb5_cc_destroy(kparam.context, kparam.cc[ccindex]); if (code) { - error((char *) "%s| %s: ERROR: while destroying ccache : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while destroying ccache",code); } if (creds) krb5_free_creds(kparam.context, creds); @@ -193,7 +214,7 @@ krb5_create_cache(char *domain) debug((char *) "%s| %s: DEBUG: Reset credential cache to %s\n", LogTime(), PROGRAM, mem_cache); code = krb5_cc_resolve(kparam.context, mem_cache, &kparam.cc[ccindex]); if (code) { - error((char *) "%s| %s: ERROR: Error while resolving memory ccache : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while resolving ccache",code); retval = 1; goto cleanup; } @@ -213,7 +234,7 @@ krb5_create_cache(char *domain) creds = NULL; code2 = krb5_cc_end_seq_get(kparam.context, kparam.cc[ccindex], &ccursor); if (code2) { - error((char *) "%s| %s: ERROR: Error while ending ccache scan : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while ending ccache scan",code2); retval = 1; goto cleanup; } @@ -234,13 +255,13 @@ krb5_create_cache(char *domain) code = krb5_kt_resolve(kparam.context, keytab_name, &keytab); if (code) { - error((char *) "%s| %s: ERROR: Error while resolving keytab %s : %s\n", LogTime(), PROGRAM, keytab_name, error_message(code)); + k5_error2("Error while resolving keytab ",keytab_name,code); retval = 1; goto cleanup; } code = krb5_kt_start_seq_get(kparam.context, keytab, &cursor); if (code) { - error((char *) "%s| %s: ERROR: Error while starting keytab scan : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while starting keytab scan",code); retval = 1; goto cleanup; } @@ -265,7 +286,7 @@ krb5_create_cache(char *domain) { code = krb5_unparse_name(kparam.context, entry.principal, &principal_name); if (code) { - error((char *) "%s| %s: ERROR: Error while unparsing principal name : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while unparsing principal name",code); } else { debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); found = 1; @@ -277,7 +298,7 @@ krb5_create_cache(char *domain) code = krb5_free_keytab_entry_contents(kparam.context, &entry); #endif if (code) { - error((char *) "%s| %s: ERROR: Error while freeing keytab entry : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while freeing keytab entry",code); retval = 1; break; } @@ -288,7 +309,7 @@ krb5_create_cache(char *domain) */ code = krb5_parse_name(kparam.context, principal_name, &principal); if (code) { - error((char *) "%s| %s: ERROR: Error while parsing name %s : %s\n", LogTime(), PROGRAM, principal_name, error_message(code)); + k5_error2("Error while parsing name ", principal_name,code); safe_free(principal_name); if (principal) krb5_free_principal(kparam.context, principal); @@ -312,7 +333,7 @@ krb5_create_cache(char *domain) #endif if (code) { - error((char *) "%s| %s: ERROR: Error while initialising credentials from keytab : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initialising credentials from keytab" ,code); safe_free(principal_name); if (principal) krb5_free_principal(kparam.context, principal); @@ -324,7 +345,7 @@ krb5_create_cache(char *domain) } code = krb5_cc_initialize(kparam.context, kparam.cc[ccindex], principal); if (code) { - error((char *) "%s| %s: ERROR: Error while initializing memory caches : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initialising memory caches" ,code); safe_free(principal_name); if (principal) krb5_free_principal(kparam.context, principal); @@ -336,7 +357,7 @@ krb5_create_cache(char *domain) } code = krb5_cc_store_cred(kparam.context, kparam.cc[ccindex], creds); if (code) { - error((char *) "%s| %s: ERROR: Error while storing credentials : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while storing credentials" ,code); if (principal) krb5_free_principal(kparam.context, principal); safe_free(principal_name); @@ -352,13 +373,13 @@ krb5_create_cache(char *domain) } if (code && code != KRB5_KT_END) { - error((char *) "%s| %s: ERROR: Error while scanning keytab : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while scanning keytab" ,code); retval = 1; goto cleanup; } code = krb5_kt_end_seq_get(kparam.context, keytab, &cursor); if (code) { - error((char *) "%s| %s: ERROR: Error while ending keytab scan : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while ending keytab scan" ,code); retval = 1; goto cleanup; } @@ -380,7 +401,7 @@ krb5_create_cache(char *domain) */ code = krb5_unparse_name(kparam.context, principal_list[i], &principal_name); if (code) { - debug((char *) "%s| %s: DEBUG: Error while unparsing principal name : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while unparsing principal name" ,code); goto loop_end; } debug((char *) "%s| %s: DEBUG: Keytab entry has principal: %s\n", LogTime(), PROGRAM, principal_name); @@ -396,17 +417,17 @@ krb5_create_cache(char *domain) code = krb5_get_in_tkt_with_keytab(kparam.context, 0, NULL, NULL, NULL, keytab, NULL, creds, 0); #endif if (code) { - debug((char *) "%s| %s: DEBUG: Error while initialising credentials from keytab : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initialising credentials from keytab" ,code); goto loop_end; } code = krb5_cc_initialize(kparam.context, kparam.cc[ccindex], principal_list[i]); if (code) { - error((char *) "%s| %s: ERROR: Error while initializing memory caches : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initialising memory caches" ,code); goto loop_end; } code = krb5_cc_store_cred(kparam.context, kparam.cc[ccindex], creds); if (code) { - debug((char *) "%s| %s: DEBUG: Error while storing credentials : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while storing credentials" ,code); goto loop_end; } if (creds->server) @@ -421,12 +442,12 @@ krb5_create_cache(char *domain) code = krb5_parse_name(kparam.context, service, &creds->server); xfree(service); if (code) { - error((char *) "%s| %s: ERROR: Error while initialising TGT credentials : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while initialising TGT credentials" ,code); goto loop_end; } code = krb5_get_credentials(kparam.context, 0, kparam.cc[ccindex], creds, &tgt_creds); if (code) { - debug((char *) "%s| %s: DEBUG: Error while getting tgt : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while getting tgt" ,code); goto loop_end; } else { debug((char *) "%s| %s: DEBUG: Found trusted principal name: %s\n", LogTime(), PROGRAM, principal_name); @@ -458,7 +479,7 @@ loop_end: */ code = krb5_unparse_name(kparam.context, principal, &principal_name); if (code) { - debug((char *) "%s| %s: DEBUG: Error while unparsing principal name : %s\n", LogTime(), PROGRAM, error_message(code)); + k5_error("Error while unparsing principal name" ,code); retval = 1; goto cleanup; } diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_pac.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_pac.cc index 26b19ac3df..f4860faef9 100644 --- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_pac.cc +++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_pac.cc @@ -40,7 +40,7 @@ #include "negotiate_kerberos.h" -#if HAVE_PAC_SUPPORT +#if HAVE_GSSAPI && HAVE_PAC_SUPPORT static int bpos; static krb5_data *ad_data;