krb5_get_error_message() and krb5_free_error_message() functions

Russ Allbery rra at
Mon Jun 21 03:28:20 EDT 2010

vir vir <vitrou2004 at> writes:

> Thank you for your response.
> I am using krb5 earlier then 1.4 that provided by the Linux OS.
> Can you please  recommend what are the best functions to use instead?

If you want maximum portability, you have to do something like this (see for the complete context
and corresponding M4 macros).  However, for more situations, falling back
on com_err if the new functions aren't available will work.  (You lose
with native AIX Kerberos, but you may or may not care.)

/* Figure out what header files to include for error reporting. */
#  if defined(HAVE_IBM_SVC_KRB5_SVC_H)
#   include <ibm_svc/krb5_svc.h>
#  elif defined(HAVE_ET_COM_ERR_H)
#   include <et/com_err.h>
#  else
#   include <com_err.h>
#  endif
# endif

/* Used for unused parameters to silence gcc warnings. */
#define UNUSED __attribute__((__unused__))

 * This string is returned for unknown error messages.  We use a static
 * variable so that we can be sure not to free it.
static const char error_unknown[] = "unknown error";

 * Given a Kerberos error code, return the corresponding error.  Prefer the
 * Kerberos interface if available since it will provide context-specific
 * error information, whereas the error_message() call will only provide a
 * fixed message.
const char *
krb5_get_error_message(krb5_context ctx UNUSED, krb5_error_code code UNUSED)
    const char *msg = NULL;

    msg = krb5_get_error_string(ctx);
# elif defined(HAVE_KRB5_GET_ERR_TEXT)
    msg = krb5_get_err_text(ctx, code);
# elif defined(HAVE_KRB5_SVC_GET_MSG)
    krb5_svc_get_msg(code, (char **) &msg);
# else
    msg = error_message(code);
# endif
    if (msg == NULL)
        return error_unknown;
        return msg;

 * Free an error string if necessary.  If we returned a static string, make
 * sure we don't free it.
 * This code assumes that the set of implementations that have
 * krb5_free_error_message is a subset of those with krb5_get_error_message.
 * If this assumption ever breaks, we may call the wrong free function.
krb5_free_error_message(krb5_context ctx UNUSED, const char *msg)
    if (msg == error_unknown)
    krb5_free_error_string(ctx, (char *) msg);
# elif defined(HAVE_KRB5_SVC_GET_MSG)
    krb5_free_string(ctx, (char *) msg);
# endif

Russ Allbery (rra at             <>

More information about the krbdev mailing list