Mark and reindent plugins, except for pkinit, which needs a little
authorGreg Hudson <ghudson@mit.edu>
Tue, 24 Nov 2009 23:52:25 +0000 (23:52 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 24 Nov 2009 23:52:25 +0000 (23:52 +0000)
cleanup first.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23353 dc483132-0cff-0310-8789-dd5450dbe970

66 files changed:
src/Makefile.in
src/plugins/authdata/greet/greet_auth.c
src/plugins/authdata/greet_client/greet.c
src/plugins/authdata/greet_server/greet_auth.c
src/plugins/kdb/db2/adb_openclose.c
src/plugins/kdb/db2/adb_policy.c
src/plugins/kdb/db2/db2_exp.c
src/plugins/kdb/db2/kdb_db2.c
src/plugins/kdb/db2/kdb_db2.h
src/plugins/kdb/db2/kdb_ext.c
src/plugins/kdb/db2/kdb_xdr.c
src/plugins/kdb/db2/kdb_xdr.h
src/plugins/kdb/db2/lockout.c
src/plugins/kdb/db2/policy_db.h
src/plugins/kdb/hdb/kdb_hdb.c
src/plugins/kdb/hdb/kdb_hdb.h
src/plugins/kdb/hdb/kdb_marshal.c
src/plugins/kdb/hdb/kdb_windc.c
src/plugins/kdb/ldap/ldap_exp.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h
src/plugins/kdb/ldap/libkdb_ldap/lockout.c
src/plugins/locate/python/py-locate.c
src/plugins/preauth/cksum_body/cksum_body_main.c
src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
src/plugins/preauth/fast_factor.h
src/plugins/preauth/wpse/wpse_main.c

index 9a5c4acec26766f28ffbcbec7ac82c388530621b..05b13d974e8bbc98d10cf6680114716bd7cd23a8 100644 (file)
@@ -667,6 +667,7 @@ INDENTDIRS = \
        lib/kadm5 \
        lib/kdb \
        lib/krb5 \
+       plugins \
        prototype \
        slave
 
@@ -688,7 +689,16 @@ OTHEREXCLUDES = \
        include/k5-platform.h \
        include/gssrpc \
        lib/krb5/krb/deltat.c \
-       lib/krb5/unicode
+       lib/krb5/unicode \
+       plugins/kdb/db2/libdb2 \
+       plugins/kdb/db2/pol_xdr.c \
+       plugins/kdb/hdb/hdb.h \
+       plugins/kdb/hdb/hdb_asn1.h \
+       plugins/kdb/hdb/hdb_err.h \
+       plugins/kdb/hdb/windc_plugin.h \
+       plugins/kdb/ldap/libkdb_ldap/princ_xdr.c \
+       plugins/kdb/ldap/libkdb_ldap/princ_xdr.h \
+       plugins/preauth/pkinit
 
 EXCLUDES = `for i in $(BSDFILES) $(OTHEREXCLUDES); do echo $$i; done | $(AWK) '{ print "-path", $$1, "-o" }'` -path /dev/null
 
index e759128e74b6c0a38dd26631ef64b638f2c52189..1c88b2cc707d32b39e98788460f01f4c503b8a3a 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/authdata/greet/
  *
@@ -46,9 +47,9 @@ greet_fini(krb5_context ctx, void *blob)
 
 static krb5_error_code
 greet_authdata(krb5_context ctx, krb5_db_entry *client,
-              krb5_data *req_pkt,
-              krb5_kdc_req *request,
-              krb5_enc_tkt_part * enc_tkt_reply)
+               krb5_data *req_pkt,
+               krb5_kdc_req *request,
+               krb5_enc_tkt_part * enc_tkt_reply)
 {
 #define GREET_SIZE (20)
 
@@ -61,9 +62,9 @@ greet_authdata(krb5_context ctx, krb5_db_entry *client,
     a = calloc(1, sizeof(*a));
 
     if (p == NULL || a == NULL) {
-       free(p);
-       free(a);
-       return ENOMEM;
+        free(p);
+        free(a);
+        return ENOMEM;
     }
     strncpy(p, "hello there", GREET_SIZE-1);
     a->magic = KV5M_AUTHDATA;
@@ -71,17 +72,17 @@ greet_authdata(krb5_context ctx, krb5_db_entry *client,
     a->length = GREET_SIZE;
     a->contents = (unsigned char *)p;
     if (enc_tkt_reply->authorization_data == 0) {
-       count = 0;
+        count = 0;
     } else {
-       for (count = 0; enc_tkt_reply->authorization_data[count] != 0; count++)
-           ;
+        for (count = 0; enc_tkt_reply->authorization_data[count] != 0; count++)
+            ;
     }
     new_ad = realloc(enc_tkt_reply->authorization_data,
-                    (count+2) * sizeof(krb5_authdata *));
+                     (count+2) * sizeof(krb5_authdata *));
     if (new_ad == NULL) {
-       free(p);
-       free(a);
-       return ENOMEM;
+        free(p);
+        free(a);
+        return ENOMEM;
     }
     enc_tkt_reply->authorization_data = new_ad;
     new_ad[count] = a;
index 4c7af82b8867985a3656643bd4ae992e82ff1ae0..8a49471b91772cfc153fae190132b0b285a7b71c 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/authdata/greet_client/
  *
@@ -242,10 +243,10 @@ greet_set_attribute(krb5_context kcontext,
 
 static krb5_error_code
 greet_delete_attribute(krb5_context kcontext,
-                        krb5_authdata_context context,
-                        void *plugin_context,
-                        void *request_context,
-                        const krb5_data *attribute)
+                       krb5_authdata_context context,
+                       void *plugin_context,
+                       void *request_context,
+                       const krb5_data *attribute)
 {
     struct greet_context *greet = (struct greet_context *)request_context;
 
@@ -265,8 +266,8 @@ greet_size(krb5_context kcontext,
     struct greet_context *greet = (struct greet_context *)request_context;
 
     *sizep += sizeof(krb5_int32) +
-              greet->greeting.length +
-              sizeof(krb5_int32);
+        greet->greeting.length +
+        sizeof(krb5_int32);
 
     return 0;
 }
index fad044a55dac0918d2e23605a5a16223a193e383..0048af4b408b8fa6a35475aa73b064eca4f074cd 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/authdata/greet_server/
  *
@@ -174,7 +175,7 @@ greet_authdata(krb5_context context,
     krb5_data *greeting = NULL;
 
     if (request->msg_type != KRB5_TGS_REQ)
-       return 0;
+        return 0;
 
     code = greet_hello(context, &greeting);
     if (code != 0)
index 58c49328cb05288b5f90bc01918d17a7a53607d3..5c09a9bb3d00a9949daa7219ea31547f7bb19c0a 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
 static char *rcsid = "$Header$";
 #endif
 
-#include       <sys/file.h>
-#include       <fcntl.h>
-#include       <unistd.h>
+#include        <sys/file.h>
+#include        <fcntl.h>
+#include        <unistd.h>
 #include        <k5-int.h>
-#include       "policy_db.h"
-#include       <stdlib.h>
+#include        "policy_db.h"
+#include        <stdlib.h>
 #include        <db.h>
 
 #define MAX_LOCK_TRIES 5
 
 struct _locklist {
-     osa_adb_lock_ent lockinfo;
-     struct _locklist *next;
+    osa_adb_lock_ent lockinfo;
+    struct _locklist *next;
 };
 
-krb5_error_code osa_adb_create_db(char *filename, char *lockfilename,
-                                 int magic)
+krb5_error_code
+osa_adb_create_db(char *filename, char *lockfilename, int magic)
 {
-     int lf;
-     DB *db;
-     BTREEINFO btinfo;
-
-     memset(&btinfo, 0, sizeof(btinfo));
-     btinfo.flags = 0;
-     btinfo.cachesize = 0;
-     btinfo.psize = 4096;
-     btinfo.lorder = 0;
-     btinfo.minkeypage = 0;
-     btinfo.compare = NULL;
-     btinfo.prefix = NULL;
-     db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_BTREE, &btinfo);
-     if (db == NULL)
-         return errno;
-     if (db->close(db) < 0)
-         return errno;
-
-     /* only create the lock file if we successfully created the db */
-     lf = THREEPARAMOPEN(lockfilename, O_RDWR | O_CREAT | O_EXCL, 0600);
-     if (lf == -1)
-         return errno;
-     (void) close(lf);
-
-     return OSA_ADB_OK;
+    int lf;
+    DB *db;
+    BTREEINFO btinfo;
+
+    memset(&btinfo, 0, sizeof(btinfo));
+    btinfo.flags = 0;
+    btinfo.cachesize = 0;
+    btinfo.psize = 4096;
+    btinfo.lorder = 0;
+    btinfo.minkeypage = 0;
+    btinfo.compare = NULL;
+    btinfo.prefix = NULL;
+    db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_BTREE, &btinfo);
+    if (db == NULL)
+        return errno;
+    if (db->close(db) < 0)
+        return errno;
+
+    /* only create the lock file if we successfully created the db */
+    lf = THREEPARAMOPEN(lockfilename, O_RDWR | O_CREAT | O_EXCL, 0600);
+    if (lf == -1)
+        return errno;
+    (void) close(lf);
+
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_destroy_db(char *filename, char *lockfilename,
-                                int magic)
+krb5_error_code
+osa_adb_destroy_db(char *filename, char *lockfilename, int magic)
 {
-     /* the admin databases do not contain security-critical data */
-     if (unlink(filename) < 0 ||
-        unlink(lockfilename) < 0)
-         return errno;
-     return OSA_ADB_OK;
+    /* the admin databases do not contain security-critical data */
+    if (unlink(filename) < 0 ||
+        unlink(lockfilename) < 0)
+        return errno;
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_rename_db(char *filefrom, char *lockfrom,
-                               char *fileto, char *lockto, int magic)
+krb5_error_code
+osa_adb_rename_db(char *filefrom, char *lockfrom, char *fileto, char *lockto,
+                  int magic)
 {
-     osa_adb_db_t fromdb, todb;
-     krb5_error_code ret;
-
-     /* make sure todb exists */
-     if ((ret = osa_adb_create_db(fileto, lockto, magic)) &&
-        ret != EEXIST)
-         return ret;
-
-     if ((ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic)))
-         return ret;
-     if ((ret = osa_adb_init_db(&todb, fileto, lockto, magic))) {
-         (void) osa_adb_fini_db(fromdb, magic);
-         return ret;
-     }
-     if ((ret = osa_adb_get_lock(fromdb, KRB5_DB_LOCKMODE_PERMANENT))) {
-         (void) osa_adb_fini_db(fromdb, magic);
-         (void) osa_adb_fini_db(todb, magic);
-         return ret;
-     }
-     if ((ret = osa_adb_get_lock(todb, KRB5_DB_LOCKMODE_PERMANENT))) {
-         (void) osa_adb_fini_db(fromdb, magic);
-         (void) osa_adb_fini_db(todb, magic);
-         return ret;
-     }
-     if ((rename(filefrom, fileto) < 0)) {
-         (void) osa_adb_fini_db(fromdb, magic);
-         (void) osa_adb_fini_db(todb, magic);
-         return errno;
-     }
-     /*
-      * Do not release the lock on fromdb because it is being renamed
-      * out of existence; no one can ever use it again.
-      */
-     if ((ret = osa_adb_release_lock(todb))) {
-         (void) osa_adb_fini_db(fromdb, magic);
-         (void) osa_adb_fini_db(todb, magic);
-         return ret;
-     }
-
-     (void) osa_adb_fini_db(fromdb, magic);
-     (void) osa_adb_fini_db(todb, magic);
-     return 0;
+    osa_adb_db_t fromdb, todb;
+    krb5_error_code ret;
+
+    /* make sure todb exists */
+    if ((ret = osa_adb_create_db(fileto, lockto, magic)) &&
+        ret != EEXIST)
+        return ret;
+
+    if ((ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic)))
+        return ret;
+    if ((ret = osa_adb_init_db(&todb, fileto, lockto, magic))) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        return ret;
+    }
+    if ((ret = osa_adb_get_lock(fromdb, KRB5_DB_LOCKMODE_PERMANENT))) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        (void) osa_adb_fini_db(todb, magic);
+        return ret;
+    }
+    if ((ret = osa_adb_get_lock(todb, KRB5_DB_LOCKMODE_PERMANENT))) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        (void) osa_adb_fini_db(todb, magic);
+        return ret;
+    }
+    if ((rename(filefrom, fileto) < 0)) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        (void) osa_adb_fini_db(todb, magic);
+        return errno;
+    }
+    /*
+     * Do not release the lock on fromdb because it is being renamed
+     * out of existence; no one can ever use it again.
+     */
+    if ((ret = osa_adb_release_lock(todb))) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        (void) osa_adb_fini_db(todb, magic);
+        return ret;
+    }
+
+    (void) osa_adb_fini_db(fromdb, magic);
+    (void) osa_adb_fini_db(todb, magic);
+    return 0;
 }
 
-krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
-                             char *lockfilename, int magic)
+krb5_error_code
+osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename,
+                int magic)
 {
-     osa_adb_db_t db;
-     static struct _locklist *locklist = NULL;
-     struct _locklist *lockp;
-     krb5_error_code code;
-
-     if (dbp == NULL || filename == NULL)
-         return EINVAL;
-
-     db = (osa_adb_princ_t) malloc(sizeof(osa_adb_db_ent));
-     if (db == NULL)
-         return ENOMEM;
-
-     memset(db, 0, sizeof(*db));
-     db->info.hash = NULL;
-     db->info.bsize = 256;
-     db->info.ffactor = 8;
-     db->info.nelem = 25000;
-     db->info.lorder = 0;
-
-     db->btinfo.flags = 0;
-     db->btinfo.cachesize = 0;
-     db->btinfo.psize = 4096;
-     db->btinfo.lorder = 0;
-     db->btinfo.minkeypage = 0;
-     db->btinfo.compare = NULL;
-     db->btinfo.prefix = NULL;
-     /*
-      * A process is allowed to open the same database multiple times
-      * and access it via different handles.  If the handles use
-      * distinct lockinfo structures, things get confused: lock(A),
-      * lock(B), release(B) will result in the kernel unlocking the
-      * lock file but handle A will still think the file is locked.
-      * Therefore, all handles using the same lock file must share a
-      * single lockinfo structure.
-      *
-      * It is not sufficient to have a single lockinfo structure,
-      * however, because a single process may also wish to open
-      * multiple different databases simultaneously, with different
-      * lock files.  This code used to use a single static lockinfo
-      * structure, which means that the second database opened used
-      * the first database's lock file.  This was Bad.
-      *
-      * We now maintain a linked list of lockinfo structures, keyed by
-      * lockfilename.  An entry is added when this function is called
-      * with a new lockfilename, and all subsequent calls with that
-      * lockfilename use the existing entry, updating the refcnt.
-      * When the database is closed with fini_db(), the refcnt is
-      * decremented, and when it is zero the lockinfo structure is
-      * freed and reset.  The entry in the linked list, however, is
-      * never removed; it will just be reinitialized the next time
-      * init_db is called with the right lockfilename.
-      */
-
-     /* find or create the lockinfo structure for lockfilename */
-     lockp = locklist;
-     while (lockp) {
-         if (strcmp(lockp->lockinfo.filename, lockfilename) == 0)
-              break;
-         else
-              lockp = lockp->next;
-     }
-     if (lockp == NULL) {
-         /* doesn't exist, create it, add to list */
-         lockp = (struct _locklist *) malloc(sizeof(*lockp));
-         if (lockp == NULL) {
-              free(db);
-              return ENOMEM;
-         }
-         memset(lockp, 0, sizeof(*lockp));
-         lockp->next = locklist;
-         locklist = lockp;
-     }
-
-     /* now initialize lockp->lockinfo if necessary */
-     if (lockp->lockinfo.lockfile == NULL) {
-         if ((code = krb5int_init_context_kdc(&lockp->lockinfo.context))) {
-              free(db);
-              return((krb5_error_code) code);
-         }
-
-         /*
-          * needs be open read/write so that write locking can work with
-          * POSIX systems
-          */
-         lockp->lockinfo.filename = strdup(lockfilename);
-         if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
-              /*
-               * maybe someone took away write permission so we could only
-               * get shared locks?
-               */
-              if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r"))
-                  == NULL) {
-                   free(db);
-                   return OSA_ADB_NOLOCKFILE;
-              }
-         }
-         set_cloexec_file(lockp->lockinfo.lockfile);
-         lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0;
-     }
-
-     /* lockp is set, lockinfo is initialized, update the reference count */
-     db->lock = &lockp->lockinfo;
-     db->lock->refcnt++;
-
-     db->opencnt = 0;
-     db->filename = strdup(filename);
-     db->magic = magic;
-
-     *dbp = db;
-
-     return OSA_ADB_OK;
+    osa_adb_db_t db;
+    static struct _locklist *locklist = NULL;
+    struct _locklist *lockp;
+    krb5_error_code code;
+
+    if (dbp == NULL || filename == NULL)
+        return EINVAL;
+
+    db = (osa_adb_princ_t) malloc(sizeof(osa_adb_db_ent));
+    if (db == NULL)
+        return ENOMEM;
+
+    memset(db, 0, sizeof(*db));
+    db->info.hash = NULL;
+    db->info.bsize = 256;
+    db->info.ffactor = 8;
+    db->info.nelem = 25000;
+    db->info.lorder = 0;
+
+    db->btinfo.flags = 0;
+    db->btinfo.cachesize = 0;
+    db->btinfo.psize = 4096;
+    db->btinfo.lorder = 0;
+    db->btinfo.minkeypage = 0;
+    db->btinfo.compare = NULL;
+    db->btinfo.prefix = NULL;
+    /*
+     * A process is allowed to open the same database multiple times
+     * and access it via different handles.  If the handles use
+     * distinct lockinfo structures, things get confused: lock(A),
+     * lock(B), release(B) will result in the kernel unlocking the
+     * lock file but handle A will still think the file is locked.
+     * Therefore, all handles using the same lock file must share a
+     * single lockinfo structure.
+     *
+     * It is not sufficient to have a single lockinfo structure,
+     * however, because a single process may also wish to open
+     * multiple different databases simultaneously, with different
+     * lock files.  This code used to use a single static lockinfo
+     * structure, which means that the second database opened used
+     * the first database's lock file.  This was Bad.
+     *
+     * We now maintain a linked list of lockinfo structures, keyed by
+     * lockfilename.  An entry is added when this function is called
+     * with a new lockfilename, and all subsequent calls with that
+     * lockfilename use the existing entry, updating the refcnt.
+     * When the database is closed with fini_db(), the refcnt is
+     * decremented, and when it is zero the lockinfo structure is
+     * freed and reset.  The entry in the linked list, however, is
+     * never removed; it will just be reinitialized the next time
+     * init_db is called with the right lockfilename.
+     */
+
+    /* find or create the lockinfo structure for lockfilename */
+    lockp = locklist;
+    while (lockp) {
+        if (strcmp(lockp->lockinfo.filename, lockfilename) == 0)
+            break;
+        else
+            lockp = lockp->next;
+    }
+    if (lockp == NULL) {
+        /* doesn't exist, create it, add to list */
+        lockp = (struct _locklist *) malloc(sizeof(*lockp));
+        if (lockp == NULL) {
+            free(db);
+            return ENOMEM;
+        }
+        memset(lockp, 0, sizeof(*lockp));
+        lockp->next = locklist;
+        locklist = lockp;
+    }
+
+    /* now initialize lockp->lockinfo if necessary */
+    if (lockp->lockinfo.lockfile == NULL) {
+        if ((code = krb5int_init_context_kdc(&lockp->lockinfo.context))) {
+            free(db);
+            return((krb5_error_code) code);
+        }
+
+        /*
+         * needs be open read/write so that write locking can work with
+         * POSIX systems
+         */
+        lockp->lockinfo.filename = strdup(lockfilename);
+        if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
+            /*
+             * maybe someone took away write permission so we could only
+             * get shared locks?
+             */
+            if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r"))
+                == NULL) {
+                free(db);
+                return OSA_ADB_NOLOCKFILE;
+            }
+        }
+        set_cloexec_file(lockp->lockinfo.lockfile);
+        lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0;
+    }
+
+    /* lockp is set, lockinfo is initialized, update the reference count */
+    db->lock = &lockp->lockinfo;
+    db->lock->refcnt++;
+
+    db->opencnt = 0;
+    db->filename = strdup(filename);
+    db->magic = magic;
+
+    *dbp = db;
+
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic)
+krb5_error_code
+osa_adb_fini_db(osa_adb_db_t db, int magic)
 {
-     if (db->magic != magic)
-         return EINVAL;
-     if (db->lock->refcnt == 0) {
-         /* barry says this can't happen */
-         return OSA_ADB_FAILURE;
-     } else {
-         db->lock->refcnt--;
-     }
-
-     if (db->lock->refcnt == 0) {
-         /*
-          * Don't free db->lock->filename, it is used as a key to
-          * find the lockinfo entry in the linked list.  If the
-          * lockfile doesn't exist, we must be closing the database
-          * after trashing it.  This has to be allowed, so don't
-          * generate an error.
-          */
-         if (db->lock->lockmode != KRB5_DB_LOCKMODE_PERMANENT)
-              (void) fclose(db->lock->lockfile);
-         db->lock->lockfile = NULL;
-         krb5_free_context(db->lock->context);
-     }
-
-     db->magic = 0;
-     free(db->filename);
-     free(db);
-     return OSA_ADB_OK;
+    if (db->magic != magic)
+        return EINVAL;
+    if (db->lock->refcnt == 0) {
+        /* barry says this can't happen */
+        return OSA_ADB_FAILURE;
+    } else {
+        db->lock->refcnt--;
+    }
+
+    if (db->lock->refcnt == 0) {
+        /*
+         * Don't free db->lock->filename, it is used as a key to
+         * find the lockinfo entry in the linked list.  If the
+         * lockfile doesn't exist, we must be closing the database
+         * after trashing it.  This has to be allowed, so don't
+         * generate an error.
+         */
+        if (db->lock->lockmode != KRB5_DB_LOCKMODE_PERMANENT)
+            (void) fclose(db->lock->lockfile);
+        db->lock->lockfile = NULL;
+        krb5_free_context(db->lock->context);
+    }
+
+    db->magic = 0;
+    free(db->filename);
+    free(db);
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode)
+krb5_error_code
+osa_adb_get_lock(osa_adb_db_t db, int mode)
 {
-     int tries, gotlock, perm, krb5_mode, ret = 0;
-
-     if (db->lock->lockmode >= mode) {
-         /* No need to upgrade lock, just incr refcnt and return */
-         db->lock->lockcnt++;
-         return(OSA_ADB_OK);
-     }
-
-     perm = 0;
-     switch (mode) {
-       case KRB5_DB_LOCKMODE_PERMANENT:
-         perm = 1;
-       case KRB5_DB_LOCKMODE_EXCLUSIVE:
-         krb5_mode = KRB5_LOCKMODE_EXCLUSIVE;
-         break;
-       case KRB5_DB_LOCKMODE_SHARED:
-         krb5_mode = KRB5_LOCKMODE_SHARED;
-         break;
-       default:
-         return(EINVAL);
-     }
-
-     for (gotlock = tries = 0; tries < MAX_LOCK_TRIES; tries++) {
-         if ((ret = krb5_lock_file(db->lock->context,
-                                   fileno(db->lock->lockfile),
-                                   krb5_mode|KRB5_LOCKMODE_DONTBLOCK)) == 0) {
-              gotlock++;
-              break;
-         } else if (ret == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
-              /* tried to exclusive-lock something we don't have */
-              /* write access to */
-              return OSA_ADB_NOEXCL_PERM;
-
-         sleep(1);
-     }
-
-     /* test for all the likely "can't get lock" error codes */
-     if (ret == EACCES || ret == EAGAIN || ret == EWOULDBLOCK)
-         return OSA_ADB_CANTLOCK_DB;
-     else if (ret != 0)
-         return ret;
-
-     /*
-      * If the file no longer exists, someone acquired a permanent
-      * lock.  If that process terminates its exclusive lock is lost,
-      * but if we already had the file open we can (probably) lock it
-      * even though it has been unlinked.  So we need to insist that
-      * it exist.
-      */
-     if (access(db->lock->filename, F_OK) < 0) {
-         (void) krb5_lock_file(db->lock->context,
-                               fileno(db->lock->lockfile),
-                               KRB5_LOCKMODE_UNLOCK);
-         return OSA_ADB_NOLOCKFILE;
-     }
-
-     /* we have the shared/exclusive lock */
-
-     if (perm) {
-         if (unlink(db->lock->filename) < 0) {
-              /* somehow we can't delete the file, but we already */
-              /* have the lock, so release it and return */
-
-              ret = errno;
-              (void) krb5_lock_file(db->lock->context,
-                                    fileno(db->lock->lockfile),
-                                    KRB5_LOCKMODE_UNLOCK);
-
-              /* maybe we should return CANTLOCK_DB.. but that would */
-              /* look just like the db was already locked */
-              return ret;
-         }
-
-         /* this releases our exclusive lock.. which is okay because */
-         /* now no one else can get one either */
-         (void) fclose(db->lock->lockfile);
-     }
-
-     db->lock->lockmode = mode;
-     db->lock->lockcnt++;
-     return OSA_ADB_OK;
+    int tries, gotlock, perm, krb5_mode, ret = 0;
+
+    if (db->lock->lockmode >= mode) {
+        /* No need to upgrade lock, just incr refcnt and return */
+        db->lock->lockcnt++;
+        return(OSA_ADB_OK);
+    }
+
+    perm = 0;
+    switch (mode) {
+    case KRB5_DB_LOCKMODE_PERMANENT:
+        perm = 1;
+    case KRB5_DB_LOCKMODE_EXCLUSIVE:
+        krb5_mode = KRB5_LOCKMODE_EXCLUSIVE;
+        break;
+    case KRB5_DB_LOCKMODE_SHARED:
+        krb5_mode = KRB5_LOCKMODE_SHARED;
+        break;
+    default:
+        return(EINVAL);
+    }
+
+    for (gotlock = tries = 0; tries < MAX_LOCK_TRIES; tries++) {
+        if ((ret = krb5_lock_file(db->lock->context,
+                                  fileno(db->lock->lockfile),
+                                  krb5_mode|KRB5_LOCKMODE_DONTBLOCK)) == 0) {
+            gotlock++;
+            break;
+        } else if (ret == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
+            /* tried to exclusive-lock something we don't have */
+            /* write access to */
+            return OSA_ADB_NOEXCL_PERM;
+
+        sleep(1);
+    }
+
+    /* test for all the likely "can't get lock" error codes */
+    if (ret == EACCES || ret == EAGAIN || ret == EWOULDBLOCK)
+        return OSA_ADB_CANTLOCK_DB;
+    else if (ret != 0)
+        return ret;
+
+    /*
+     * If the file no longer exists, someone acquired a permanent
+     * lock.  If that process terminates its exclusive lock is lost,
+     * but if we already had the file open we can (probably) lock it
+     * even though it has been unlinked.  So we need to insist that
+     * it exist.
+     */
+    if (access(db->lock->filename, F_OK) < 0) {
+        (void) krb5_lock_file(db->lock->context,
+                              fileno(db->lock->lockfile),
+                              KRB5_LOCKMODE_UNLOCK);
+        return OSA_ADB_NOLOCKFILE;
+    }
+
+    /* we have the shared/exclusive lock */
+
+    if (perm) {
+        if (unlink(db->lock->filename) < 0) {
+            /* somehow we can't delete the file, but we already */
+            /* have the lock, so release it and return */
+
+            ret = errno;
+            (void) krb5_lock_file(db->lock->context,
+                                  fileno(db->lock->lockfile),
+                                  KRB5_LOCKMODE_UNLOCK);
+
+            /* maybe we should return CANTLOCK_DB.. but that would */
+            /* look just like the db was already locked */
+            return ret;
+        }
+
+        /* this releases our exclusive lock.. which is okay because */
+        /* now no one else can get one either */
+        (void) fclose(db->lock->lockfile);
+    }
+
+    db->lock->lockmode = mode;
+    db->lock->lockcnt++;
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_release_lock(osa_adb_db_t db)
+krb5_error_code
+osa_adb_release_lock(osa_adb_db_t db)
 {
-     int ret, fd;
-
-     if (!db->lock->lockcnt)           /* lock already unlocked */
-         return OSA_ADB_NOTLOCKED;
-
-     if (--db->lock->lockcnt == 0) {
-         if (db->lock->lockmode == KRB5_DB_LOCKMODE_PERMANENT) {
-              /* now we need to create the file since it does not exist */
-               fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL,
-                                   0600);
-              if (fd < 0)
-                  return OSA_ADB_NOLOCKFILE;
-              set_cloexec_fd(fd);
-              if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL)
-                   return OSA_ADB_NOLOCKFILE;
-         } else if ((ret = krb5_lock_file(db->lock->context,
-                                         fileno(db->lock->lockfile),
-                                         KRB5_LOCKMODE_UNLOCK)))
-              return ret;
-
-         db->lock->lockmode = 0;
-     }
-     return OSA_ADB_OK;
+    int ret, fd;
+
+    if (!db->lock->lockcnt)            /* lock already unlocked */
+        return OSA_ADB_NOTLOCKED;
+
+    if (--db->lock->lockcnt == 0) {
+        if (db->lock->lockmode == KRB5_DB_LOCKMODE_PERMANENT) {
+            /* now we need to create the file since it does not exist */
+            fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL,
+                                0600);
+            if (fd < 0)
+                return OSA_ADB_NOLOCKFILE;
+            set_cloexec_fd(fd);
+            if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL)
+                return OSA_ADB_NOLOCKFILE;
+        } else if ((ret = krb5_lock_file(db->lock->context,
+                                         fileno(db->lock->lockfile),
+                                         KRB5_LOCKMODE_UNLOCK)))
+            return ret;
+
+        db->lock->lockmode = 0;
+    }
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_open_and_lock(osa_adb_princ_t db, int locktype)
+krb5_error_code
+osa_adb_open_and_lock(osa_adb_princ_t db, int locktype)
 {
-     int ret;
-
-     ret = osa_adb_get_lock(db, locktype);
-     if (ret != OSA_ADB_OK)
-         return ret;
-     if (db->opencnt)
-         goto open_ok;
-
-     db->db = dbopen(db->filename, O_RDWR, 0600, DB_BTREE, &db->btinfo);
-     if (db->db != NULL)
-        goto open_ok;
-     switch (errno) {
+    int ret;
+
+    ret = osa_adb_get_lock(db, locktype);
+    if (ret != OSA_ADB_OK)
+        return ret;
+    if (db->opencnt)
+        goto open_ok;
+
+    db->db = dbopen(db->filename, O_RDWR, 0600, DB_BTREE, &db->btinfo);
+    if (db->db != NULL)
+        goto open_ok;
+    switch (errno) {
 #ifdef EFTYPE
-     case EFTYPE:
+    case EFTYPE:
 #endif
-     case EINVAL:
-         db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info);
-         if (db->db != NULL)
-              goto open_ok;
-     default:
-         (void) osa_adb_release_lock(db);
-         if (errno == EINVAL)
-              return OSA_ADB_BAD_DB;
-         return errno;
-     }
+    case EINVAL:
+        db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info);
+        if (db->db != NULL)
+            goto open_ok;
+    default:
+        (void) osa_adb_release_lock(db);
+        if (errno == EINVAL)
+            return OSA_ADB_BAD_DB;
+        return errno;
+    }
 open_ok:
-     db->opencnt++;
-     return OSA_ADB_OK;
+    db->opencnt++;
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_close_and_unlock(osa_adb_princ_t db)
+krb5_error_code
+osa_adb_close_and_unlock(osa_adb_princ_t db)
 {
-     if (--db->opencnt)
-         return osa_adb_release_lock(db);
-     if(db->db != NULL && db->db->close(db->db) == -1) {
-         (void) osa_adb_release_lock(db);
-         return OSA_ADB_FAILURE;
-     }
+    if (--db->opencnt)
+        return osa_adb_release_lock(db);
+    if(db->db != NULL && db->db->close(db->db) == -1) {
+        (void) osa_adb_release_lock(db);
+        return OSA_ADB_FAILURE;
+    }
 
-     db->db = NULL;
+    db->db = NULL;
 
-     return(osa_adb_release_lock(db));
+    return(osa_adb_release_lock(db));
 }
index d585c085286adf66fce057e19522b7a01a4ab5ee..2b6c1214f093d682573e32629058773e323e5d91 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -8,30 +9,30 @@
 static char *rcsid = "$Header$";
 #endif
 
-#include       <sys/file.h>
-#include       <fcntl.h>
-#include       "policy_db.h"
-#include       <stdlib.h>
-#include       <string.h>
+#include        <sys/file.h>
+#include        <fcntl.h>
+#include        "policy_db.h"
+#include        <stdlib.h>
+#include        <string.h>
 #include <errno.h>
 
-#define OPENLOCK(db, mode) \
-{ \
-       int olret; \
-           if (db == NULL) \
-                return EINVAL; \
-           else if (db->magic != OSA_ADB_POLICY_DB_MAGIC) \
-                return OSA_ADB_DBINIT; \
-           else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
-                return olret; \
-           }
-
-#define CLOSELOCK(db) \
-{ \
-     int cl_ret; \
-     if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \
-         return cl_ret; \
-}
+#define OPENLOCK(db, mode)                                              \
+    {                                                                   \
+        int olret;                                                      \
+        if (db == NULL)                                                 \
+            return EINVAL;                                              \
+        else if (db->magic != OSA_ADB_POLICY_DB_MAGIC)                  \
+            return OSA_ADB_DBINIT;                                      \
+        else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
+            return olret;                                               \
+    }
+
+#define CLOSELOCK(db)                                                   \
+    {                                                                   \
+        int cl_ret;                                                     \
+        if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK)      \
+            return cl_ret;                                              \
+    }
 
 
 /*
@@ -40,66 +41,66 @@ static char *rcsid = "$Header$";
  * Purpose: create a policy entry in the policy db.
  *
  * Arguments:
- *     entry           (input) pointer to the entry to be added
- *     <return value>  OSA_ADB_OK on success, else error code.
+ *      entry           (input) pointer to the entry to be added
+ *      <return value>  OSA_ADB_OK on success, else error code.
  *
  * Requires:
- *     entry have a valid name.
+ *      entry have a valid name.
  *
  * Effects:
- *     creates the entry in the db
+ *      creates the entry in the db
  *
  * Modifies:
- *     the policy db.
+ *      the policy db.
  *
  */
 krb5_error_code
 osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
 {
-    DBT                        dbkey;
-    DBT                        dbdata;
-    XDR                        xdrs;
-    int                        ret;
+    DBT                 dbkey;
+    DBT                 dbdata;
+    XDR                 xdrs;
+    int                 ret;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
 
     if(entry->name == NULL) {
-        ret = EINVAL;
-        goto error;
+        ret = EINVAL;
+        goto error;
     }
     dbkey.data = entry->name;
     dbkey.size = (strlen(entry->name) + 1);
 
     switch(db->db->get(db->db, &dbkey, &dbdata, 0)) {
     case 0:
-        ret = OSA_ADB_DUP;
-        goto error;
+        ret = OSA_ADB_DUP;
+        goto error;
     case 1:
-       break;
+        break;
     default:
-        ret = errno;
-        goto error;
+        ret = errno;
+        goto error;
     }
     xdralloc_create(&xdrs, XDR_ENCODE);
     if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
-       xdr_destroy(&xdrs);
-       ret = OSA_ADB_XDR_FAILURE;
-       goto error;
+        xdr_destroy(&xdrs);
+        ret = OSA_ADB_XDR_FAILURE;
+        goto error;
     }
     dbdata.data = xdralloc_getdata(&xdrs);
     dbdata.size = xdr_getpos(&xdrs);
     switch(db->db->put(db->db, &dbkey, &dbdata, R_NOOVERWRITE)) {
     case 0:
-       if((db->db->sync(db->db, 0)) == -1)
-           ret = OSA_ADB_FAILURE;
-       ret = OSA_ADB_OK;
-       break;
+        if((db->db->sync(db->db, 0)) == -1)
+            ret = OSA_ADB_FAILURE;
+        ret = OSA_ADB_OK;
+        break;
     case 1:
-       ret = OSA_ADB_DUP;
-       break;
+        ret = OSA_ADB_DUP;
+        break;
     default:
-       ret = OSA_ADB_FAILURE;
-       break;
+        ret = OSA_ADB_FAILURE;
+        break;
     }
     xdr_destroy(&xdrs);
 
@@ -114,31 +115,31 @@ error:
  * Purpose: destroy a policy entry
  *
  * Arguments:
- *     db              (input) database handle
- *     name            (input) name of policy
- *     <return value>  OSA_ADB_OK on success, or error code.
+ *      db              (input) database handle
+ *      name            (input) name of policy
+ *      <return value>  OSA_ADB_OK on success, or error code.
  *
  * Requires:
- *     db being valid.
- *     name being non-null.
+ *      db being valid.
+ *      name being non-null.
  * Effects:
- *     deletes policy from db.
+ *      deletes policy from db.
  *
  * Modifies:
- *     policy db.
+ *      policy db.
  *
  */
 krb5_error_code
 osa_adb_destroy_policy(osa_adb_policy_t db, char *name)
 {
-    DBT            dbkey;
-    int            status, ret;
+    DBT     dbkey;
+    int     status, ret;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
 
     if(name == NULL) {
-        ret = EINVAL;
-        goto error;
+        ret = EINVAL;
+        goto error;
     }
     dbkey.data = name;
     dbkey.size = (strlen(name) + 1);
@@ -146,18 +147,18 @@ osa_adb_destroy_policy(osa_adb_policy_t db, char *name)
     status = db->db->del(db->db, &dbkey, 0);
     switch(status) {
     case 1:
-        ret = OSA_ADB_NOENT;
-        goto error;
+        ret = OSA_ADB_NOENT;
+        goto error;
     case 0:
-        if ((db->db->sync(db->db, 0)) == -1) {
-             ret = OSA_ADB_FAILURE;
-             goto error;
-        }
-        ret = OSA_ADB_OK;
-        break;
+        if ((db->db->sync(db->db, 0)) == -1) {
+            ret = OSA_ADB_FAILURE;
+            goto error;
+        }
+        ret = OSA_ADB_OK;
+        break;
     default:
-        ret = OSA_ADB_FAILURE;
-        goto error;
+        ret = OSA_ADB_FAILURE;
+        goto error;
     }
 
 error:
@@ -171,11 +172,11 @@ error:
  * Purpose: retrieve policy
  *
  * Arguments:
- *     db              (input) db handle
- *     name            (input) name of policy
- *     entry           (output) policy entry
+ *      db              (input) db handle
+ *      name            (input) name of policy
+ *      entry           (output) policy entry
  *      cnt             (inout) Number of entries
- *     <return value>  0 on success, error code on failure.
+ *      <return value>  0 on success, error code on failure.
  *
  * Requires:
  * Effects:
@@ -183,21 +184,21 @@ error:
  */
 krb5_error_code
 osa_adb_get_policy(osa_adb_policy_t db, char *name,
-                  osa_policy_ent_t *entry, int *cnt)
+                   osa_policy_ent_t *entry, int *cnt)
 {
-    DBT                        dbkey;
-    DBT                        dbdata;
-    XDR                        xdrs;
-    int                        ret;
-    char               *aligned_data;
+    DBT                 dbkey;
+    DBT                 dbdata;
+    XDR                 xdrs;
+    int                 ret;
+    char                *aligned_data;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_SHARED);
 
     *cnt = 1;
 
     if(name == NULL) {
-        ret = EINVAL;
-        goto error;
+        ret = EINVAL;
+        goto error;
     }
     dbkey.data = name;
     dbkey.size = (strlen(dbkey.data) + 1);
@@ -205,28 +206,28 @@ osa_adb_get_policy(osa_adb_policy_t db, char *name,
     dbdata.size = 0;
     switch((db->db->get(db->db, &dbkey, &dbdata, 0))) {
     case 1:
-        ret = 0;
-        *cnt = 0;
-        goto error;
+        ret = 0;
+        *cnt = 0;
+        goto error;
     case 0:
-       break;
+        break;
     default:
-        ret = OSA_ADB_FAILURE;
-        goto error;
+        ret = OSA_ADB_FAILURE;
+        goto error;
     }
     if (!(*(entry) = (osa_policy_ent_t)malloc(sizeof(osa_policy_ent_rec)))) {
-        ret = ENOMEM;
-        goto error;
+        ret = ENOMEM;
+        goto error;
     }
     if (!(aligned_data = (char *) malloc(dbdata.size))) {
-        ret = ENOMEM;
-        goto error;
+        ret = ENOMEM;
+        goto error;
     }
     memcpy(aligned_data, dbdata.data, dbdata.size);
     memset(*entry, 0, sizeof(osa_policy_ent_rec));
     xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
     if (!xdr_osa_policy_ent_rec(&xdrs, *entry))
-       ret =  OSA_ADB_FAILURE;
+        ret =  OSA_ADB_FAILURE;
     else ret = OSA_ADB_OK;
     xdr_destroy(&xdrs);
     free(aligned_data);
@@ -242,64 +243,64 @@ error:
  * Purpose: update a policy in the dababase
  *
  * Arguments:
- *     db              (input) db handle
- *     entry           (input) policy entry
- *     <return value>  0 on success error code on failure.
+ *      db              (input) db handle
+ *      entry           (input) policy entry
+ *      <return value>  0 on success error code on failure.
  *
  * Requires:
- *     [requires]
+ *      [requires]
  *
  * Effects:
- *     [effects]
+ *      [effects]
  *
  * Modifies:
- *     [modifies]
+ *      [modifies]
  *
  */
 krb5_error_code
 osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
 {
-    DBT                        dbkey;
-    DBT                        dbdata;
-    DBT                        tmpdb;
-    XDR                        xdrs;
-    int                        ret;
+    DBT                 dbkey;
+    DBT                 dbdata;
+    DBT                 tmpdb;
+    XDR                 xdrs;
+    int                 ret;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
 
     if(entry->name == NULL) {
-        ret = EINVAL;
-        goto error;
+        ret = EINVAL;
+        goto error;
     }
     dbkey.data = entry->name;
     dbkey.size = (strlen(entry->name) + 1);
     switch(db->db->get(db->db, &dbkey, &tmpdb, 0)) {
     case 0:
-       break;
+        break;
     case 1:
-       ret = OSA_ADB_NOENT;
-       goto error;
+        ret = OSA_ADB_NOENT;
+        goto error;
     default:
-       ret = OSA_ADB_FAILURE;
-       goto error;
+        ret = OSA_ADB_FAILURE;
+        goto error;
     }
     xdralloc_create(&xdrs, XDR_ENCODE);
     if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
-       xdr_destroy(&xdrs);
-       ret = OSA_ADB_XDR_FAILURE;
-       goto error;
+        xdr_destroy(&xdrs);
+        ret = OSA_ADB_XDR_FAILURE;
+        goto error;
     }
     dbdata.data = xdralloc_getdata(&xdrs);
     dbdata.size = xdr_getpos(&xdrs);
     switch(db->db->put(db->db, &dbkey, &dbdata, 0)) {
     case 0:
-       if((db->db->sync(db->db, 0)) == -1)
-           ret = OSA_ADB_FAILURE;
-       ret = OSA_ADB_OK;
-       break;
+        if((db->db->sync(db->db, 0)) == -1)
+            ret = OSA_ADB_FAILURE;
+        ret = OSA_ADB_OK;
+        break;
     default:
-       ret = OSA_ADB_FAILURE;
-       break;
+        ret = OSA_ADB_FAILURE;
+        break;
     }
     xdr_destroy(&xdrs);
 
@@ -314,10 +315,10 @@ error:
  * Purpose: iterate over the policy database.
  *
  * Arguments:
- *     db              (input) db handle
- *     func            (input) fucntion pointer to call
- *     data            opaque data type
- *     <return value>  0 on success error code on failure
+ *      db              (input) db handle
+ *      func            (input) fucntion pointer to call
+ *      data            opaque data type
+ *      <return value>  0 on success error code on failure
  *
  * Requires:
  * Effects:
@@ -325,51 +326,51 @@ error:
  */
 krb5_error_code
 osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
-                   void *data)
+                    void *data)
 {
-    DBT                            dbkey,
-                           dbdata;
-    XDR                            xdrs;
-    int                            ret;
-    osa_policy_ent_t       entry;
-    char                   *aligned_data;
+    DBT                     dbkey,
+        dbdata;
+    XDR                     xdrs;
+    int                     ret;
+    osa_policy_ent_t        entry;
+    char                    *aligned_data;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE); /* hmmm */
 
     if((ret = db->db->seq(db->db, &dbkey, &dbdata, R_FIRST)) == -1) {
-        ret = errno;
-        goto error;
+        ret = errno;
+        goto error;
     }
 
     while (ret == 0) {
-       if (!(entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec)))) {
-            ret = ENOMEM;
-            goto error;
-       }
-
-       if(!(aligned_data = (char *) malloc(dbdata.size))) {
-            ret = ENOMEM;
-            goto error;
-       }
-       memcpy(aligned_data, dbdata.data, dbdata.size);
-
-       memset(entry, 0, sizeof(osa_policy_ent_rec));
-       xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
-       if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
-           xdr_destroy(&xdrs);
-           free(aligned_data);
-           osa_free_policy_ent(entry);
-           ret = OSA_ADB_FAILURE;
-           goto error;
-       }
-       (*func)(data, entry);
-       xdr_destroy(&xdrs);
-       free(aligned_data);
-       osa_free_policy_ent(entry);
-       ret = db->db->seq(db->db, &dbkey, &dbdata, R_NEXT);
+        if (!(entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec)))) {
+            ret = ENOMEM;
+            goto error;
+        }
+
+        if(!(aligned_data = (char *) malloc(dbdata.size))) {
+            ret = ENOMEM;
+            goto error;
+        }
+        memcpy(aligned_data, dbdata.data, dbdata.size);
+
+        memset(entry, 0, sizeof(osa_policy_ent_rec));
+        xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
+        if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
+            xdr_destroy(&xdrs);
+            free(aligned_data);
+            osa_free_policy_ent(entry);
+            ret = OSA_ADB_FAILURE;
+            goto error;
+        }
+        (*func)(data, entry);
+        xdr_destroy(&xdrs);
+        free(aligned_data);
+        osa_free_policy_ent(entry);
+        ret = db->db->seq(db->db, &dbkey, &dbdata, R_NEXT);
     }
     if(ret == -1)
-        ret = errno;
+        ret = errno;
     else ret = OSA_ADB_OK;
 
 error:
@@ -380,11 +381,11 @@ error:
 void
 osa_free_policy_ent(osa_policy_ent_t val)
 {
-  XDR xdrs;
+    XDR xdrs;
 
-  xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
 
-  xdr_osa_policy_ent_rec(&xdrs, val);
+    xdr_osa_policy_ent_rec(&xdrs, val);
 
-  free(val);
+    free(val);
 }
index 356f6dfcaf9c9e14feed84b8517fa501a527d84c..f96c1a4dd6c15fc8f9ddca10a0cf5f537e88e3ca 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2006 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  */
 
 /**********************************************************************
-*
-*      C %name:                db2_exp.c %
-*      Instance:               idc_sec_2
-*      Description:
-*      %created_by:    spradeep %
-*      %date_created:  Tue Apr  5 11:44:00 2005 %
-*
-**********************************************************************/
+ *
+ *       C %name:                db2_exp.c %
+ *       Instance:               idc_sec_2
+ *       Description:
+ *       %created_by:    spradeep %
+ *       %date_created:  Tue Apr  5 11:44:00 2005 %
+ *
+ **********************************************************************/
 #ifndef lint
 static char *_csrc = "@(#) %filespec: db2_exp.c~5 %  (%full_filespec: db2_exp.c~5:csrc:idc_sec#2 %)";
 #endif
@@ -61,148 +62,148 @@ static char *_csrc = "@(#) %filespec: db2_exp.c~5 %  (%full_filespec: db2_exp.c~
 
 k5_mutex_t *krb5_db2_mutex;
 
-#define WRAP(NAME,TYPE,ARGLIST,ARGNAMES,ERROR_RESULT)  \
-       static TYPE wrap_##NAME ARGLIST                 \
-       {                                               \
-           TYPE result;                                \
-           int code = k5_mutex_lock (krb5_db2_mutex);  \
-           if (code) { return ERROR_RESULT; }          \
-           result = NAME ARGNAMES;                     \
-           k5_mutex_unlock (krb5_db2_mutex);           \
-           return result;                              \
-       }                                               \
-       /* hack: decl to allow a following ";" */       \
-       static TYPE wrap_##NAME ()
+#define WRAP(NAME,TYPE,ARGLIST,ARGNAMES,ERROR_RESULT)   \
+    static TYPE wrap_##NAME ARGLIST                     \
+    {                                                   \
+        TYPE result;                                    \
+        int code = k5_mutex_lock (krb5_db2_mutex);      \
+        if (code) { return ERROR_RESULT; }              \
+        result = NAME ARGNAMES;                         \
+        k5_mutex_unlock (krb5_db2_mutex);               \
+        return result;                                  \
+    }                                                   \
+    /* hack: decl to allow a following ";" */           \
+    static TYPE wrap_##NAME ()
 
 /* Two special cases: void (can't assign result), and krb5_error_code
    (return error from locking code).  */
 
-#define WRAP_VOID(NAME,ARGLIST,ARGNAMES)               \
-       static void wrap_##NAME ARGLIST                 \
-       {                                               \
-           int code = k5_mutex_lock (krb5_db2_mutex);  \
-           if (code) { return; }                       \
-           NAME ARGNAMES;                              \
-           k5_mutex_unlock (krb5_db2_mutex);           \
-       }                                               \
-       /* hack: decl to allow a following ";" */       \
-       static void wrap_##NAME ()
+#define WRAP_VOID(NAME,ARGLIST,ARGNAMES)                \
+    static void wrap_##NAME ARGLIST                     \
+    {                                                   \
+        int code = k5_mutex_lock (krb5_db2_mutex);      \
+        if (code) { return; }                           \
+        NAME ARGNAMES;                                  \
+        k5_mutex_unlock (krb5_db2_mutex);               \
+    }                                                   \
+    /* hack: decl to allow a following ";" */           \
+    static void wrap_##NAME ()
 
-#define WRAP_K(NAME,ARGLIST,ARGNAMES)                  \
-       WRAP(NAME,krb5_error_code,ARGLIST,ARGNAMES,code)
+#define WRAP_K(NAME,ARGLIST,ARGNAMES)                   \
+    WRAP(NAME,krb5_error_code,ARGLIST,ARGNAMES,code)
 
 WRAP_K (krb5_db2_open,
-       ( krb5_context kcontext,
-         char *conf_section,
-         char **db_args,
-         int mode ),
-       (kcontext, conf_section, db_args, mode));
+        ( krb5_context kcontext,
+          char *conf_section,
+          char **db_args,
+          int mode ),
+        (kcontext, conf_section, db_args, mode));
 WRAP_K (krb5_db2_db_fini, (krb5_context ctx), (ctx));
 WRAP_K (krb5_db2_create,
-       ( krb5_context kcontext, char *conf_section, char **db_args ),
-       (kcontext, conf_section, db_args));
+        ( krb5_context kcontext, char *conf_section, char **db_args ),
+        (kcontext, conf_section, db_args));
 WRAP_K (krb5_db2_destroy,
-       ( krb5_context kcontext, char *conf_section, char **db_args ),
-       (kcontext, conf_section, db_args));
+        ( krb5_context kcontext, char *conf_section, char **db_args ),
+        (kcontext, conf_section, db_args));
 WRAP_K (krb5_db2_db_get_age,
-       (krb5_context ctx,
-                  char *s,
-        time_t *t),
-       (ctx, s, t));
+        (krb5_context ctx,
+         char *s,
+         time_t *t),
+        (ctx, s, t));
 WRAP_K (krb5_db2_db_set_option,
-       ( krb5_context kcontext,
-         int option,
-         void *value ),
-       (kcontext, option, value));
+        ( krb5_context kcontext,
+          int option,
+          void *value ),
+        (kcontext, option, value));
 
 WRAP_K (krb5_db2_db_lock,
-       ( krb5_context    context,
-         int             in_mode),
-       (context, in_mode));
+        ( krb5_context    context,
+          int             in_mode),
+        (context, in_mode));
 WRAP_K (krb5_db2_db_unlock, (krb5_context ctx), (ctx));
 
 WRAP_K (krb5_db2_db_get_principal,
-       (krb5_context ctx,
-                  krb5_const_principal p,
-                  unsigned int flags,
-                  krb5_db_entry *d,
-                  int * i,
-        krb5_boolean *b),
-       (ctx, p, d, i, b));
+        (krb5_context ctx,
+         krb5_const_principal p,
+         unsigned int flags,
+         krb5_db_entry *d,
+         int * i,
+         krb5_boolean *b),
+        (ctx, p, d, i, b));
 WRAP_K (krb5_db2_db_free_principal,
-       (krb5_context ctx,
-                  krb5_db_entry *d,
-        int i),
-       (ctx, d, i));
+        (krb5_context ctx,
+         krb5_db_entry *d,
+         int i),
+        (ctx, d, i));
 WRAP_K (krb5_db2_db_put_principal,
-       (krb5_context ctx,
-        krb5_db_entry *d,
-        int *i,
-        char **db_args),
-       (ctx, d, i, db_args));
+        (krb5_context ctx,
+         krb5_db_entry *d,
+         int *i,
+         char **db_args),
+        (ctx, d, i, db_args));
 WRAP_K (krb5_db2_db_delete_principal,
-       (krb5_context context,
-        krb5_const_principal searchfor,
-        int *nentries),
-       (context, searchfor, nentries));
+        (krb5_context context,
+         krb5_const_principal searchfor,
+         int *nentries),
+        (context, searchfor, nentries));
 
 WRAP_K (krb5_db2_db_iterate,
-       (krb5_context ctx, char *s,
-        krb5_error_code (*f) (krb5_pointer,
-                             krb5_db_entry *),
-        krb5_pointer p),
-       (ctx, s, f, p));
+        (krb5_context ctx, char *s,
+         krb5_error_code (*f) (krb5_pointer,
+                               krb5_db_entry *),
+         krb5_pointer p),
+        (ctx, s, f, p));
 
 WRAP_K (krb5_db2_create_policy,
-       (krb5_context context, osa_policy_ent_t entry),
-       (context, entry));
+        (krb5_context context, osa_policy_ent_t entry),
+        (context, entry));
 WRAP_K (krb5_db2_get_policy,
-       ( krb5_context kcontext,
-         char *name,
-         osa_policy_ent_t *policy,
-         int *cnt),
-       (kcontext, name, policy, cnt));
+        ( krb5_context kcontext,
+          char *name,
+          osa_policy_ent_t *policy,
+          int *cnt),
+        (kcontext, name, policy, cnt));
 WRAP_K (krb5_db2_put_policy,
-       ( krb5_context kcontext, osa_policy_ent_t policy ),
-       (kcontext, policy));
+        ( krb5_context kcontext, osa_policy_ent_t policy ),
+        (kcontext, policy));
 WRAP_K (krb5_db2_iter_policy,
-       ( krb5_context kcontext,
-         char *match_entry,
-         osa_adb_iter_policy_func func,
-         void *data ),
-       (kcontext, match_entry, func, data));
+        ( krb5_context kcontext,
+          char *match_entry,
+          osa_adb_iter_policy_func func,
+          void *data ),
+        (kcontext, match_entry, func, data));
 WRAP_K (krb5_db2_delete_policy,
-       ( krb5_context kcontext, char *policy ),
-       (kcontext, policy));
+        ( krb5_context kcontext, char *policy ),
+        (kcontext, policy));
 WRAP_VOID (krb5_db2_free_policy,
-          ( krb5_context kcontext, osa_policy_ent_t entry ),
-          (kcontext, entry));
+           ( krb5_context kcontext, osa_policy_ent_t entry ),
+           (kcontext, entry));
 
 WRAP_K (krb5_db2_set_master_key_ext,
-       ( krb5_context kcontext, char *pwd, krb5_keyblock *key),
-       (kcontext, pwd, key));
+        ( krb5_context kcontext, char *pwd, krb5_keyblock *key),
+        (kcontext, pwd, key));
 WRAP_K (krb5_db2_db_get_mkey,
-       ( krb5_context context, krb5_keyblock **key),
-       (context, key));
+        ( krb5_context context, krb5_keyblock **key),
+        (context, key));
 
 WRAP_K (krb5_db2_db_set_mkey_list,
-       ( krb5_context kcontext, krb5_keylist_node *keylist),
-       (kcontext, keylist));
+        ( krb5_context kcontext, krb5_keylist_node *keylist),
+        (kcontext, keylist));
 
 WRAP_K (krb5_db2_db_get_mkey_list,
-       ( krb5_context context, krb5_keylist_node **keylist),
-       (context, keylist));
+        ( krb5_context context, krb5_keylist_node **keylist),
+        (context, keylist));
 
 WRAP_K (krb5_db2_promote_db,
-       ( krb5_context kcontext, char *conf_section, char **db_args ),
-       (kcontext, conf_section, db_args));
+        ( krb5_context kcontext, char *conf_section, char **db_args ),
+        (kcontext, conf_section, db_args));
 
 WRAP_K (krb5_db2_invoke,
-       (krb5_context kcontext,
-        unsigned int method,
-        const krb5_data *request,
-        krb5_data *response),
-       (kcontext, method, request, response));
+        (krb5_context kcontext,
+         unsigned int method,
+         const krb5_data *request,
+         krb5_data *response),
+        (kcontext, method, request, response));
 
 static krb5_error_code
 hack_init ()
@@ -210,7 +211,7 @@ hack_init ()
     krb5_error_code c;
     c = krb5int_mutex_alloc (&krb5_db2_mutex);
     if (c)
-       return c;
+        return c;
     return krb5_db2_lib_init ();
 }
 
@@ -228,41 +229,41 @@ hack_cleanup (void)
  */
 
 kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = {
-  1,                                      /* major version number 1 */
-  0,                                      /* minor version number 0 */
-  /* init_library */                          hack_init,
-  /* fini_library */                          hack_cleanup,
-  /* init_module */                           wrap_krb5_db2_open,
-  /* fini_module */                           wrap_krb5_db2_db_fini,
-  /* db_create */                             wrap_krb5_db2_create,
-  /* db_destroy */                            wrap_krb5_db2_destroy,
-  /* db_get_age */                             wrap_krb5_db2_db_get_age,
-  /* db_set_option */                         wrap_krb5_db2_db_set_option,
-  /* db_lock */                                       wrap_krb5_db2_db_lock,
-  /* db_unlock */                             wrap_krb5_db2_db_unlock,
-  /* db_get_principal */                      wrap_krb5_db2_db_get_principal,
-  /* db_free_principal */                     wrap_krb5_db2_db_free_principal,
-  /* db_put_principal */                      wrap_krb5_db2_db_put_principal,
-  /* db_delete_principal */                   wrap_krb5_db2_db_delete_principal,
-  /* db_iterate */                            wrap_krb5_db2_db_iterate,
-  /* db_create_policy */                       wrap_krb5_db2_create_policy,
-  /* db_get_policy */                          wrap_krb5_db2_get_policy,
-  /* db_put_policy */                          wrap_krb5_db2_put_policy,
-  /* db_iter_policy */                         wrap_krb5_db2_iter_policy,
-  /* db_delete_policy */                       wrap_krb5_db2_delete_policy,
-  /* db_free_policy */                         wrap_krb5_db2_free_policy,
-  /* db_supported_realms */                   NULL,
-  /* db_free_supported_realms */              NULL,
-  /* errcode_2_string */                       NULL,
-  /* release_errcode_string */                NULL,
-  /* db_alloc */                               krb5_db2_alloc,
-  /* db_free */                                krb5_db2_free,
-  /* set_master_key */                        wrap_krb5_db2_set_master_key_ext,
-  /* get_master_key */                        wrap_krb5_db2_db_get_mkey,
-  /* set_master_key_list */                   wrap_krb5_db2_db_set_mkey_list,
-  /* get_master_key_list */                   wrap_krb5_db2_db_get_mkey_list,
-  /* blah blah blah */ 0,0,0,0,0,0,0,0,
-  /* promote_db */                            wrap_krb5_db2_promote_db,
-  0, 0,
-  /* invoke */                                wrap_krb5_db2_invoke
+    1,                                      /* major version number 1 */
+    0,                                      /* minor version number 0 */
+    /* init_library */                           hack_init,
+    /* fini_library */                           hack_cleanup,
+    /* init_module */                            wrap_krb5_db2_open,
+    /* fini_module */                            wrap_krb5_db2_db_fini,
+    /* db_create */                              wrap_krb5_db2_create,
+    /* db_destroy */                             wrap_krb5_db2_destroy,
+    /* db_get_age */                             wrap_krb5_db2_db_get_age,
+    /* db_set_option */                          wrap_krb5_db2_db_set_option,
+    /* db_lock */                                wrap_krb5_db2_db_lock,
+    /* db_unlock */                              wrap_krb5_db2_db_unlock,
+    /* db_get_principal */                       wrap_krb5_db2_db_get_principal,
+    /* db_free_principal */                      wrap_krb5_db2_db_free_principal,
+    /* db_put_principal */                       wrap_krb5_db2_db_put_principal,
+    /* db_delete_principal */                    wrap_krb5_db2_db_delete_principal,
+    /* db_iterate */                             wrap_krb5_db2_db_iterate,
+    /* db_create_policy */                       wrap_krb5_db2_create_policy,
+    /* db_get_policy */                          wrap_krb5_db2_get_policy,
+    /* db_put_policy */                          wrap_krb5_db2_put_policy,
+    /* db_iter_policy */                         wrap_krb5_db2_iter_policy,
+    /* db_delete_policy */                       wrap_krb5_db2_delete_policy,
+    /* db_free_policy */                         wrap_krb5_db2_free_policy,
+    /* db_supported_realms */                    NULL,
+    /* db_free_supported_realms */               NULL,
+    /* errcode_2_string */                       NULL,
+    /* release_errcode_string */                 NULL,
+    /* db_alloc */                               krb5_db2_alloc,
+    /* db_free */                                krb5_db2_free,
+    /* set_master_key */                         wrap_krb5_db2_set_master_key_ext,
+    /* get_master_key */                         wrap_krb5_db2_db_get_mkey,
+    /* set_master_key_list */                    wrap_krb5_db2_db_set_mkey_list,
+    /* get_master_key_list */                    wrap_krb5_db2_db_get_mkey_list,
+    /* blah blah blah */ 0,0,0,0,0,0,0,0,
+    /* promote_db */                             wrap_krb5_db2_promote_db,
+    0, 0,
+    /* invoke */                                 wrap_krb5_db2_invoke
 };
index 363a1f3d15f3c38088b6c8cc404554875d07f4a8..042649e49f0497aae3f1ce436c4985011759c0b9 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_db2.c
  *
@@ -130,8 +131,8 @@ static char default_db_name[] = DEFAULT_KDB_FILE;
 /*
  * Routines to deal with context.
  */
-#define        k5db2_inited(c) (c && c->dal_handle \
-                        && c->dal_handle->db_context \
+#define k5db2_inited(c) (c && c->dal_handle                             \
+                         && c->dal_handle->db_context                   \
                          && ((krb5_db2_context *) c->dal_handle->db_context)->db_inited)
 
 static krb5_error_code
@@ -139,23 +140,23 @@ krb5_db2_get_db_opt(char *input, char **opt, char **val)
 {
     char   *pos = strchr(input, '=');
     if (pos == NULL) {
-       *opt = NULL;
-       *val = strdup(input);
-       if (*val == NULL) {
-           return ENOMEM;
-       }
+        *opt = NULL;
+        *val = strdup(input);
+        if (*val == NULL) {
+            return ENOMEM;
+        }
     } else {
-       *opt = malloc((pos - input) + 1);
-       *val = strdup(pos + 1);
-       if (!*opt || !*val) {
-           free(*opt);
-           *opt = NULL;
-           free(*val);
-           *val = NULL;
-           return ENOMEM;
-       }
-       memcpy(*opt, input, pos - input);
-       (*opt)[pos - input] = '\0';
+        *opt = malloc((pos - input) + 1);
+        *val = strdup(pos + 1);
+        if (!*opt || !*val) {
+            free(*opt);
+            *opt = NULL;
+            free(*val);
+            *val = NULL;
+            return ENOMEM;
+        }
+        memcpy(*opt, input, pos - input);
+        (*opt)[pos - input] = '\0';
     }
     return (0);
 
@@ -172,9 +173,9 @@ k5db2_clear_context(krb5_db2_context *dbctx)
      * are the caller's problem.
      */
     if (dbctx->db_lf_name)
-       free(dbctx->db_lf_name);
+        free(dbctx->db_lf_name);
     if (dbctx->db_name && (dbctx->db_name != default_db_name))
-       free(dbctx->db_name);
+        free(dbctx->db_name);
     /*
      * Clear the structure and reset the defaults.
      */
@@ -193,14 +194,14 @@ k5db2_init_context(krb5_context context)
     dal_handle = context->dal_handle;
 
     if (dal_handle->db_context == NULL) {
-       db_ctx = (krb5_db2_context *) malloc(sizeof(krb5_db2_context));
-       if (db_ctx == NULL)
-           return ENOMEM;
-       else {
-           memset(db_ctx, 0, sizeof(krb5_db2_context));
-           k5db2_clear_context((krb5_db2_context *) db_ctx);
-           dal_handle->db_context = (void *) db_ctx;
-       }
+        db_ctx = (krb5_db2_context *) malloc(sizeof(krb5_db2_context));
+        if (db_ctx == NULL)
+            return ENOMEM;
+        else {
+            memset(db_ctx, 0, sizeof(krb5_db2_context));
+            k5db2_clear_context((krb5_db2_context *) db_ctx);
+            dal_handle->db_context = (void *) db_ctx;
+        }
     }
     return (0);
 }
@@ -215,10 +216,10 @@ gen_dbsuffix(char *db_name, char *sfx)
     char   *dbsuffix;
 
     if (sfx == NULL)
-       return ((char *) NULL);
+        return ((char *) NULL);
 
     if (asprintf(&dbsuffix, "%s%s", db_name, sfx) < 0)
-       return (0);
+        return (0);
     return dbsuffix;
 }
 
@@ -237,14 +238,14 @@ k5db2_dbopen(krb5_db2_context *dbc, char *fname, int flags, int mode, int tempdb
     bti.prefix = NULL;
 
     if (tempdb) {
-       fname = gen_dbsuffix(fname, "~");
+        fname = gen_dbsuffix(fname, "~");
     } else {
-       fname = strdup(fname);
+        fname = strdup(fname);
     }
     if (fname == NULL)
     {
-       errno = ENOMEM;
-       return NULL;
+        errno = ENOMEM;
+        return NULL;
     }
 
 
@@ -256,25 +257,25 @@ k5db2_dbopen(krb5_db2_context *dbc, char *fname, int flags, int mode, int tempdb
     hashi.nelem = 1;
 
     db = dbopen(fname, flags, mode,
-               dbc->hashfirst ? DB_HASH : DB_BTREE,
-               dbc->hashfirst ? (void *) &hashi : (void *) &bti);
+                dbc->hashfirst ? DB_HASH : DB_BTREE,
+                dbc->hashfirst ? (void *) &hashi : (void *) &bti);
     if (db != NULL) {
-       free(fname);
-       return db;
+        free(fname);
+        return db;
     }
     switch (errno) {
 #ifdef EFTYPE
     case EFTYPE:
 #endif
     case EINVAL:
-       db = dbopen(fname, flags, mode,
-                   dbc->hashfirst ? DB_BTREE : DB_HASH,
-                   dbc->hashfirst ? (void *) &bti : (void *) &hashi);
-       if (db != NULL)
-           dbc->hashfirst = !dbc->hashfirst;
+        db = dbopen(fname, flags, mode,
+                    dbc->hashfirst ? DB_BTREE : DB_HASH,
+                    dbc->hashfirst ? (void *) &bti : (void *) &hashi);
+        if (db != NULL)
+            dbc->hashfirst = !dbc->hashfirst;
     default:
-       free(fname);
-       return db;
+        free(fname);
+        return db;
     }
 }
 
@@ -285,7 +286,7 @@ krb5_db2_db_set_hashfirst(krb5_context context, int hashfirst)
     kdb5_dal_handle *dal_handle;
 
     if (k5db2_inited(context))
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
     dal_handle = context->dal_handle;
     dbc = (krb5_db2_context *) dal_handle->db_context;
     dbc->hashfirst = hashfirst;
@@ -306,51 +307,51 @@ krb5_db2_db_init(krb5_context context)
     char    policy_db_name[1024], policy_lock_name[1024];
 
     if (k5db2_inited(context))
-       return 0;
+        return 0;
 
     /* Check for presence of our context, if not present, allocate one. */
     if ((retval = k5db2_init_context(context)))
-       return (retval);
+        return (retval);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
     db_ctx->db = NULL;
 
     if (!(filename = gen_dbsuffix(db_ctx->db_name, db_ctx->tempdb
-                                 ?KDB2_TEMP_LOCK_EXT:KDB2_LOCK_EXT)))
-       return ENOMEM;
-    db_ctx->db_lf_name = filename;     /* so it gets freed by clear_context */
+                                  ?KDB2_TEMP_LOCK_EXT:KDB2_LOCK_EXT)))
+        return ENOMEM;
+    db_ctx->db_lf_name = filename;      /* so it gets freed by clear_context */
 
     /*
      * should be opened read/write so that write locking can work with
      * POSIX systems
      */
     if ((db_ctx->db_lf_file = open(filename, O_RDWR, 0666)) < 0) {
-       if ((db_ctx->db_lf_file = open(filename, O_RDONLY, 0666)) < 0) {
-           retval = errno;
-           goto err_out;
-       }
+        if ((db_ctx->db_lf_file = open(filename, O_RDONLY, 0666)) < 0) {
+            retval = errno;
+            goto err_out;
+        }
     }
     set_cloexec_fd(db_ctx->db_lf_file);
     db_ctx->db_inited++;
 
     if ((retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time)))
-       goto err_out;
+        goto err_out;
 
     snprintf(policy_db_name, sizeof(policy_db_name),
-            db_ctx->tempdb ? "%s~.kadm5" : "%s.kadm5",
-            db_ctx->db_name);
+             db_ctx->tempdb ? "%s~.kadm5" : "%s.kadm5",
+             db_ctx->db_name);
     snprintf(policy_lock_name, sizeof(policy_lock_name),
-            "%s.lock", policy_db_name);
+             "%s.lock", policy_db_name);
 
     if ((retval = osa_adb_init_db(&db_ctx->policy_db, policy_db_name,
-                                 policy_lock_name, OSA_ADB_POLICY_DB_MAGIC)))
+                                  policy_lock_name, OSA_ADB_POLICY_DB_MAGIC)))
     {
-       goto err_out;
+        goto err_out;
     }
     return 0;
 
-  err_out:
+err_out:
     db_ctx->db = NULL;
     k5db2_clear_context(db_ctx);
     return (retval);
@@ -369,28 +370,28 @@ krb5_db2_db_fini(krb5_context context)
 
     dal_handle = context->dal_handle;
     if (dal_handle == NULL) {
-       return 0;
+        return 0;
     }
 
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     if (k5db2_inited(context)) {
-       if (close(db_ctx->db_lf_file))
-           retval = errno;
-       else
-           retval = 0;
+        if (close(db_ctx->db_lf_file))
+            retval = errno;
+        else
+            retval = 0;
     }
     if (db_ctx) {
-       if (db_ctx->policy_db) {
-           retval =
-               osa_adb_fini_db(db_ctx->policy_db, OSA_ADB_POLICY_DB_MAGIC);
-           if (retval)
-               return retval;
-       }
+        if (db_ctx->policy_db) {
+            retval =
+                osa_adb_fini_db(db_ctx->policy_db, OSA_ADB_POLICY_DB_MAGIC);
+            if (retval)
+                return retval;
+        }
 
-       k5db2_clear_context(db_ctx);
-       /*      free(dal_handle->db_context); */
-       dal_handle->db_context = NULL;
+        k5db2_clear_context(db_ctx);
+        /*      free(dal_handle->db_context); */
+        dal_handle->db_context = NULL;
     }
     return retval;
 }
@@ -405,7 +406,7 @@ krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-       return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
@@ -420,7 +421,7 @@ krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-       return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
@@ -436,7 +437,7 @@ krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *key_list)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-       return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
@@ -451,7 +452,7 @@ krb5_db2_db_get_mkey_list(krb5_context context, krb5_keylist_node **key_list)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-       return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
@@ -478,21 +479,21 @@ krb5_db2_db_set_name(krb5_context context, char *name, int tempdb)
     kdb5_dal_handle *dal_handle;
 
     if (k5db2_inited(context))
-       return KRB5_KDB_DBINITED;
+        return KRB5_KDB_DBINITED;
 
     /* Check for presence of our context, if not present, allocate one. */
     if ((kret = k5db2_init_context(context)))
-       return (kret);
+        return (kret);
 
     if (name == NULL)
-       name = default_db_name;
+        name = default_db_name;
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
     db_ctx->tempdb = tempdb;
     db = k5db2_dbopen(db_ctx, name, O_RDONLY, 0, tempdb);
     if (db == NULL)
-       return errno;
+        return errno;
 
     db_ctx->db_name = strdup(name);
     (*db->close) (db);
@@ -513,14 +514,14 @@ krb5_db2_db_get_age(krb5_context context, char *db_name, time_t *age)
     struct stat st;
 
     if (!k5db2_inited(context))
-       return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     if (fstat(db_ctx->db_lf_file, &st) < 0)
-       *age = -1;
+        *age = -1;
     else
-       *age = st.st_mtime;
+        *age = st.st_mtime;
     return 0;
 }
 
@@ -549,29 +550,29 @@ krb5_db2_db_end_update(krb5_context context)
     struct utimbuf utbuf;
 
     if (!k5db2_inited(context))
-       return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     retval = 0;
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
     now = time((time_t *) NULL);
     if (fstat(db_ctx->db_lf_file, &st) == 0) {
-       if (st.st_mtime >= now) {
-           utbuf.actime = st.st_mtime + 1;
-           utbuf.modtime = st.st_mtime + 1;
-           if (utime(db_ctx->db_lf_name, &utbuf))
-               retval = errno;
-       } else {
-           if (utime(db_ctx->db_lf_name, (struct utimbuf *) NULL))
-               retval = errno;
-       }
+        if (st.st_mtime >= now) {
+            utbuf.actime = st.st_mtime + 1;
+            utbuf.modtime = st.st_mtime + 1;
+            if (utime(db_ctx->db_lf_name, &utbuf))
+                retval = errno;
+        } else {
+            if (utime(db_ctx->db_lf_name, (struct utimbuf *) NULL))
+                retval = errno;
+        }
     } else
-       retval = errno;
+        retval = errno;
     if (!retval) {
-       if (fstat(db_ctx->db_lf_file, &st) == 0)
-           db_ctx->db_lf_time = st.st_mtime;
-       else
-           retval = errno;
+        if (fstat(db_ctx->db_lf_file, &st) == 0)
+            db_ctx->db_lf_time = st.st_mtime;
+        else
+            retval = errno;
     }
     return (retval);
 }
@@ -591,76 +592,76 @@ krb5_db2_db_lock(krb5_context context, int in_mode)
 
     switch (in_mode) {
     case KRB5_DB_LOCKMODE_PERMANENT:
-       mode = KRB5_DB_LOCKMODE_EXCLUSIVE;
-       break;
+        mode = KRB5_DB_LOCKMODE_EXCLUSIVE;
+        break;
     case KRB5_DB_LOCKMODE_EXCLUSIVE:
-       mode = KRB5_LOCKMODE_EXCLUSIVE;
-       break;
+        mode = KRB5_LOCKMODE_EXCLUSIVE;
+        break;
 
     case KRB5_DB_LOCKMODE_SHARED:
-       mode = KRB5_LOCKMODE_SHARED;
-       break;
+        mode = KRB5_LOCKMODE_SHARED;
+        break;
     default:
-       return EINVAL;
+        return EINVAL;
     }
 
     if (!k5db2_inited(context))
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     if (db_ctx->db_locks_held && (db_ctx->db_lock_mode >= mode)) {
-       /* No need to upgrade lock, just return */
-       db_ctx->db_locks_held++;
-       goto policy_lock;
+        /* No need to upgrade lock, just return */
+        db_ctx->db_locks_held++;
+        goto policy_lock;
     }
 
     if ((mode != KRB5_LOCKMODE_SHARED) && (mode != KRB5_LOCKMODE_EXCLUSIVE))
-       return KRB5_KDB_BADLOCKMODE;
+        return KRB5_KDB_BADLOCKMODE;
 
     krb5_lock_mode = mode | KRB5_LOCKMODE_DONTBLOCK;
     for (gotlock = tries = 0; tries < MAX_LOCK_TRIES; tries++) {
-       retval = krb5_lock_file(context, db_ctx->db_lf_file, krb5_lock_mode);
-       if (retval == 0) {
-           gotlock++;
-           break;
-       } else if (retval == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
-           /* tried to exclusive-lock something we don't have */
-           /* write access to */
-           return KRB5_KDB_CANTLOCK_DB;
-       sleep(1);
+        retval = krb5_lock_file(context, db_ctx->db_lf_file, krb5_lock_mode);
+        if (retval == 0) {
+            gotlock++;
+            break;
+        } else if (retval == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
+            /* tried to exclusive-lock something we don't have */
+            /* write access to */
+            return KRB5_KDB_CANTLOCK_DB;
+        sleep(1);
     }
     if (retval == EACCES)
-       return KRB5_KDB_CANTLOCK_DB;
+        return KRB5_KDB_CANTLOCK_DB;
     else if (retval == EAGAIN || retval == EWOULDBLOCK)
-       return OSA_ADB_CANTLOCK_DB;
+        return OSA_ADB_CANTLOCK_DB;
     else if (retval != 0)
-       return retval;
+        return retval;
 
     if ((retval = krb5_db2_db_get_age(context, NULL, &mod_time)))
-       goto lock_error;
+        goto lock_error;
 
     db = k5db2_dbopen(db_ctx, db_ctx->db_name,
-                     mode == KRB5_LOCKMODE_SHARED ? O_RDONLY : O_RDWR, 0600, db_ctx->tempdb);
+                      mode == KRB5_LOCKMODE_SHARED ? O_RDONLY : O_RDWR, 0600, db_ctx->tempdb);
     if (db) {
-       db_ctx->db_lf_time = mod_time;
-       db_ctx->db = db;
+        db_ctx->db_lf_time = mod_time;
+        db_ctx->db = db;
     } else {
-       retval = errno;
-       db_ctx->db = NULL;
-       goto lock_error;
+        retval = errno;
+        db_ctx->db = NULL;
+        goto lock_error;
     }
 
     db_ctx->db_lock_mode = mode;
     db_ctx->db_locks_held++;
 
-  policy_lock:
+policy_lock:
     if ((retval = osa_adb_get_lock(db_ctx->policy_db, in_mode))) {
-       krb5_db2_db_unlock(context);
+        krb5_db2_db_unlock(context);
     }
     return retval;
 
-  lock_error:;
+lock_error:;
     db_ctx->db_lock_mode = 0;
     db_ctx->db_locks_held = 0;
     krb5_db2_db_unlock(context);
@@ -676,26 +677,26 @@ krb5_db2_db_unlock(krb5_context context)
     krb5_error_code retval;
 
     if (!k5db2_inited(context))
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     if ((retval = osa_adb_release_lock(db_ctx->policy_db))) {
-       return retval;
+        return retval;
     }
 
-    if (!db_ctx->db_locks_held)        /* lock already unlocked */
-       return KRB5_KDB_NOTLOCKED;
+    if (!db_ctx->db_locks_held) /* lock already unlocked */
+        return KRB5_KDB_NOTLOCKED;
     db = db_ctx->db;
     if (--(db_ctx->db_locks_held) == 0) {
-       (*db->close) (db);
-       db_ctx->db = NULL;
+        (*db->close) (db);
+        db_ctx->db = NULL;
 
-       retval = krb5_lock_file(context, db_ctx->db_lf_file,
-                               KRB5_LOCKMODE_UNLOCK);
-       db_ctx->db_lock_mode = 0;
-       return (retval);
+        retval = krb5_lock_file(context, db_ctx->db_lf_file,
+                                KRB5_LOCKMODE_UNLOCK);
+        db_ctx->db_lock_mode = 0;
+        return (retval);
     }
     return 0;
 }
@@ -716,49 +717,49 @@ krb5_db2_db_create(krb5_context context, char *db_name, krb5_int32 flags)
     char    policy_db_name[1024], policy_lock_name[1024];
 
     if ((retval = k5db2_init_context(context)))
-       return (retval);
+        return (retval);
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     switch (flags) {
     case KRB5_KDB_CREATE_HASH:
-       if ((retval = krb5_db2_db_set_hashfirst(context, TRUE)))
-           return retval;
-       break;
+        if ((retval = krb5_db2_db_set_hashfirst(context, TRUE)))
+            return retval;
+        break;
     case KRB5_KDB_CREATE_BTREE:
     case 0:
-       if ((retval = krb5_db2_db_set_hashfirst(context, FALSE)))
-           return retval;
-       break;
+        if ((retval = krb5_db2_db_set_hashfirst(context, FALSE)))
+            return retval;
+        break;
     default:
-       return KRB5_KDB_BAD_CREATEFLAGS;
+        return KRB5_KDB_BAD_CREATEFLAGS;
     }
     db = k5db2_dbopen(db_ctx, db_name, O_RDWR | O_CREAT | O_EXCL, 0600, db_ctx->tempdb);
     if (db == NULL)
-       return errno;
+        return errno;
     (*db->close) (db);
 
     db_name2 = db_ctx->tempdb ? gen_dbsuffix(db_name, "~") : strdup(db_name);
     if (db_name2 == NULL)
-       return ENOMEM;
+        return ENOMEM;
     okname = gen_dbsuffix(db_name2, KDB2_LOCK_EXT);
     if (!okname)
-       retval = ENOMEM;
+        retval = ENOMEM;
     else {
-       fd = open(okname, O_CREAT | O_RDWR | O_TRUNC, 0600);
-       if (fd < 0)
-           retval = errno;
-       else
-           close(fd);
-       free_dbsuffix(okname);
+        fd = open(okname, O_CREAT | O_RDWR | O_TRUNC, 0600);
+        if (fd < 0)
+            retval = errno;
+        else
+            close(fd);
+        free_dbsuffix(okname);
     }
 
     snprintf(policy_db_name, sizeof(policy_db_name), "%s.kadm5", db_name2);
     snprintf(policy_lock_name, sizeof(policy_lock_name),
-            "%s.lock", policy_db_name);
+             "%s.lock", policy_db_name);
 
     retval = osa_adb_create_db(policy_db_name,
-                              policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
+                               policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
     free(db_name2);
     return retval;
 }
@@ -772,7 +773,7 @@ destroy_file_suffix(char *dbname, char *suffix)
     char   *filename;
     struct stat statb;
     int     nb, fd;
-    int            j;
+    int     j;
     off_t   pos;
     char    buf[BUFSIZ];
     char    zbuf[BUFSIZ];
@@ -780,19 +781,19 @@ destroy_file_suffix(char *dbname, char *suffix)
 
     filename = gen_dbsuffix(dbname, suffix);
     if (filename == 0)
-       return ENOMEM;
+        return ENOMEM;
     if ((fd = open(filename, O_RDWR, 0)) < 0) {
-       free(filename);
-       return errno;
+        free(filename);
+        return errno;
     }
     set_cloexec_fd(fd);
     /* fstat() will probably not fail unless using a remote filesystem
      * (which is inappropriate for the kerberos database) so this check
      * is mostly paranoia.  */
     if (fstat(fd, &statb) == -1) {
-       int     retval = errno;
-       free(filename);
-       return retval;
+        int     retval = errno;
+        free(filename);
+        return retval;
     }
     /*
      * Stroll through the file, reading in BUFSIZ chunks.  If everything
@@ -805,31 +806,31 @@ destroy_file_suffix(char *dbname, char *suffix)
     memset(zbuf, 0, BUFSIZ);
     pos = 0;
     while (pos < statb.st_size) {
-       dowrite = 0;
-       nb = read(fd, buf, BUFSIZ);
-       if (nb < 0) {
-           int     retval = errno;
-           free(filename);
-           return retval;
-       }
-       for (j = 0; j < nb; j++) {
-           if (buf[j] != '\0') {
-               dowrite = 1;
-               break;
-           }
-       }
-       /* For signedness */
-       j = nb;
-       if (dowrite) {
-           lseek(fd, pos, SEEK_SET);
-           nb = write(fd, zbuf, j);
-           if (nb < 0) {
-               int     retval = errno;
-               free(filename);
-               return retval;
-           }
-       }
-       pos += nb;
+        dowrite = 0;
+        nb = read(fd, buf, BUFSIZ);
+        if (nb < 0) {
+            int     retval = errno;
+            free(filename);
+            return retval;
+        }
+        for (j = 0; j < nb; j++) {
+            if (buf[j] != '\0') {
+                dowrite = 1;
+                break;
+            }
+        }
+        /* For signedness */
+        j = nb;
+        if (dowrite) {
+            lseek(fd, pos, SEEK_SET);
+            nb = write(fd, zbuf, j);
+            if (nb < 0) {
+                int     retval = errno;
+                free(filename);
+                return retval;
+            }
+        }
+        pos += nb;
     }
     /* ??? Is fsync really needed?  I don't know of any non-networked
      * filesystem which will discard queued writes to disk if a file
@@ -840,8 +841,8 @@ destroy_file_suffix(char *dbname, char *suffix)
     close(fd);
 
     if (unlink(filename)) {
-       free(filename);
-       return (errno);
+        free(filename);
+        return (errno);
     }
     free(filename);
     return (0);
@@ -866,10 +867,10 @@ krb5_db2_db_destroy(krb5_context context, char *dbname)
 
     tmpcontext = 0;
     if (!context->dal_handle
-       || !context->dal_handle->db_context) {
-       tmpcontext = 1;
-       if ((retval1 = k5db2_init_context(context)))
-           return (retval1);
+        || !context->dal_handle->db_context) {
+        tmpcontext = 1;
+        if ((retval1 = k5db2_init_context(context)))
+            return (retval1);
     }
 
     retval1 = retval2 = 0;
@@ -877,20 +878,20 @@ krb5_db2_db_destroy(krb5_context context, char *dbname)
     retval2 = destroy_file_suffix(dbname, KDB2_LOCK_EXT);
 
     if (tmpcontext) {
-       k5db2_clear_context((krb5_db2_context *) context->dal_handle->db_context);
-       free(context->dal_handle->db_context);
-       context->dal_handle->db_context = NULL;
+        k5db2_clear_context((krb5_db2_context *) context->dal_handle->db_context);
+        free(context->dal_handle->db_context);
+        context->dal_handle->db_context = NULL;
     }
 
     if (retval1 || retval2)
-       return (retval1 ? retval1 : retval2);
+        return (retval1 ? retval1 : retval2);
 
     snprintf(policy_db_name, sizeof(policy_db_name), "%s.kadm5", dbname);
     snprintf(policy_lock_name, sizeof(policy_lock_name),
-            "%s.lock", policy_db_name);
+             "%s.lock", policy_db_name);
 
     retval1 = osa_adb_destroy_db(policy_db_name,
-                                policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
+                                 policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
 
     return retval1;
 }
@@ -903,10 +904,10 @@ krb5_db2_db_destroy(krb5_context context, char *dbname)
 
 krb5_error_code
 krb5_db2_db_get_principal(krb5_context context,
-                         krb5_const_principal searchfor,
-                         krb5_db_entry *entries, /* filled in */
-                         int *nentries, /* how much room/how many found */
-                         krb5_boolean *more) /* are there more? */
+                          krb5_const_principal searchfor,
+                          krb5_db_entry *entries, /* filled in */
+                          int *nentries, /* how much room/how many found */
+                          krb5_boolean *more) /* are there more? */
 {
     krb5_db2_context *db_ctx;
     krb5_error_code retval;
@@ -920,27 +921,27 @@ krb5_db2_db_get_principal(krb5_context context,
     *nentries = 0;
 
     if (!k5db2_inited(context))
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     for (trynum = 0; trynum < KRB5_DB2_MAX_RETRY; trynum++) {
-       if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED))) {
-           if (db_ctx->db_nb_locks)
-               return (retval);
-           sleep(1);
-           continue;
-       }
-       break;
+        if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED))) {
+            if (db_ctx->db_nb_locks)
+                return (retval);
+            sleep(1);
+            continue;
+        }
+        break;
     }
     if (trynum == KRB5_DB2_MAX_RETRY)
-       return KRB5_KDB_DB_INUSE;
+        return KRB5_KDB_DB_INUSE;
 
     /* XXX deal with wildcard lookups */
     retval = krb5_encode_princ_dbkey(context, &keydata, searchfor);
     if (retval)
-       goto cleanup;
+        goto cleanup;
     key.data = keydata.data;
     key.size = keydata.length;
 
@@ -950,35 +951,35 @@ krb5_db2_db_get_principal(krb5_context context,
     krb5_free_data_contents(context, &keydata);
     switch (dbret) {
     case 1:
-       retval = 0;
+        retval = 0;
     case -1:
     default:
-       *nentries = 0;
-       goto cleanup;
+        *nentries = 0;
+        goto cleanup;
     case 0:
-       contdata.data = contents.data;
-       contdata.length = contents.size;
-       retval = krb5_decode_princ_contents(context, &contdata, entries);
-       if (!retval)
-           *nentries = 1;
-       break;
+        contdata.data = contents.data;
+        contdata.length = contents.size;
+        retval = krb5_decode_princ_contents(context, &contdata, entries);
+        if (!retval)
+            *nentries = 1;
+        break;
     }
 
-  cleanup:
-    (void) krb5_db2_db_unlock(context);        /* unlock read lock */
+cleanup:
+    (void) krb5_db2_db_unlock(context); /* unlock read lock */
     return retval;
 }
 
 /*
   Free stuff returned by krb5_db2_db_get_principal.
- */
+*/
 krb5_error_code
 krb5_db2_db_free_principal(krb5_context context, krb5_db_entry *entries,
-                          int nentries)
+                           int nentries)
 {
     register int i;
     for (i = 0; i < nentries; i++)
-       krb5_dbe_free_contents(context, &entries[i]);
+        krb5_dbe_free_contents(context, &entries[i]);
     return 0;
 }
 
@@ -990,13 +991,13 @@ krb5_db2_db_free_principal(krb5_context context, krb5_db_entry *entries,
   acutally stored; the first *"nstored" records will have been stored in the
   database (even if an error occurs).
 
- */
+*/
 
 krb5_error_code
 krb5_db2_db_put_principal(krb5_context context,
-                         krb5_db_entry *entries,
-                         int *nentries, /* number of entry structs to update */
-                         char **db_args)
+                          krb5_db_entry *entries,
+                          int *nentries, /* number of entry structs to update */
+                          char **db_args)
 {
     int     i, n, dbret;
     DB     *db;
@@ -1008,55 +1009,55 @@ krb5_db2_db_put_principal(krb5_context context,
 
     krb5_clear_error_message (context);
     if (db_args) {
-       /* DB2 does not support db_args DB arguments for principal */
-       krb5_set_error_message(context, EINVAL,
-                              "Unsupported argument \"%s\" for db2",
-                              db_args[0]);
-       return EINVAL;
+        /* DB2 does not support db_args DB arguments for principal */
+        krb5_set_error_message(context, EINVAL,
+                               "Unsupported argument \"%s\" for db2",
+                               db_args[0]);
+        return EINVAL;
     }
 
     n = *nentries;
     *nentries = 0;
     if (!k5db2_inited(context))
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE)))
-       return retval;
+        return retval;
 
     db = db_ctx->db;
     if ((retval = krb5_db2_db_start_update(context))) {
-       (void) krb5_db2_db_unlock(context);
-       return retval;
+        (void) krb5_db2_db_unlock(context);
+        return retval;
     }
 
     /* for each one, stuff temps, and do replace/append */
     for (i = 0; i < n; i++) {
-       retval = krb5_encode_princ_contents(context, &contdata, entries);
-       if (retval)
-           break;
-       contents.data = contdata.data;
-       contents.size = contdata.length;
-       retval = krb5_encode_princ_dbkey(context, &keydata, entries->princ);
-       if (retval) {
-           krb5_free_data_contents(context, &contdata);
-           break;
-       }
-
-       key.data = keydata.data;
-       key.size = keydata.length;
-       dbret = (*db->put) (db, &key, &contents, 0);
-       retval = dbret ? errno : 0;
-       krb5_free_data_contents(context, &keydata);
-       krb5_free_data_contents(context, &contdata);
-       if (retval)
-           break;
-       entries++;              /* bump to next struct */
+        retval = krb5_encode_princ_contents(context, &contdata, entries);
+        if (retval)
+            break;
+        contents.data = contdata.data;
+        contents.size = contdata.length;
+        retval = krb5_encode_princ_dbkey(context, &keydata, entries->princ);
+        if (retval) {
+            krb5_free_data_contents(context, &contdata);
+            break;
+        }
+
+        key.data = keydata.data;
+        key.size = keydata.length;
+        dbret = (*db->put) (db, &key, &contents, 0);
+        retval = dbret ? errno : 0;
+        krb5_free_data_contents(context, &keydata);
+        krb5_free_data_contents(context, &contdata);
+        if (retval)
+            break;
+        entries++;              /* bump to next struct */
     }
 
     (void) krb5_db2_db_end_update(context);
-    (void) krb5_db2_db_unlock(context);        /* unlock database */
+    (void) krb5_db2_db_unlock(context); /* unlock database */
     *nentries = i;
     return (retval);
 }
@@ -1068,8 +1069,8 @@ krb5_db2_db_put_principal(krb5_context context,
 
 krb5_error_code
 krb5_db2_db_delete_principal(krb5_context context,
-                            krb5_const_principal searchfor,
-                            int *nentries) /* how many found & deleted */
+                             krb5_const_principal searchfor,
+                             int *nentries) /* how many found & deleted */
 {
     krb5_error_code retval;
     krb5_db_entry entry;
@@ -1081,20 +1082,20 @@ krb5_db2_db_delete_principal(krb5_context context,
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE)))
-       return (retval);
+        return (retval);
 
     if ((retval = krb5_db2_db_start_update(context))) {
-       (void) krb5_db2_db_unlock(context);     /* unlock write lock */
-       return (retval);
+        (void) krb5_db2_db_unlock(context);     /* unlock write lock */
+        return (retval);
     }
 
     if ((retval = krb5_encode_princ_dbkey(context, &keydata, searchfor)))
-       goto cleanup;
+        goto cleanup;
     key.data = keydata.data;
     key.size = keydata.length;
 
@@ -1103,34 +1104,34 @@ krb5_db2_db_delete_principal(krb5_context context,
     retval = errno;
     switch (dbret) {
     case 1:
-       retval = KRB5_KDB_NOENTRY;
+        retval = KRB5_KDB_NOENTRY;
     case -1:
     default:
-       *nentries = 0;
-       goto cleankey;
+        *nentries = 0;
+        goto cleankey;
     case 0:
-       ;
+        ;
     }
     memset(&entry, 0, sizeof(entry));
     contdata.data = contents.data;
     contdata.length = contents.size;
     retval = krb5_decode_princ_contents(context, &contdata, &entry);
     if (retval)
-       goto cleankey;
+        goto cleankey;
     *nentries = 1;
 
     /* Clear encrypted key contents */
     for (i = 0; i < entry.n_key_data; i++) {
-       if (entry.key_data[i].key_data_length[0]) {
-           memset(entry.key_data[i].key_data_contents[0], 0,
-                  (unsigned) entry.key_data[i].key_data_length[0]);
-       }
+        if (entry.key_data[i].key_data_length[0]) {
+            memset(entry.key_data[i].key_data_contents[0], 0,
+                   (unsigned) entry.key_data[i].key_data_length[0]);
+        }
     }
 
     retval = krb5_encode_princ_contents(context, &contdata, &entry);
     krb5_dbe_free_contents(context, &entry);
     if (retval)
-       goto cleankey;
+        goto cleankey;
 
     contents.data = contdata.data;
     contents.size = contdata.length;
@@ -1138,23 +1139,23 @@ krb5_db2_db_delete_principal(krb5_context context,
     retval = dbret ? errno : 0;
     krb5_free_data_contents(context, &contdata);
     if (retval)
-       goto cleankey;
+        goto cleankey;
     dbret = (*db->del) (db, &key, 0);
     retval = dbret ? errno : 0;
-  cleankey:
+cleankey:
     krb5_free_data_contents(context, &keydata);
 
-  cleanup:
+cleanup:
     (void) krb5_db2_db_end_update(context);
-    (void) krb5_db2_db_unlock(context);        /* unlock write lock */
+    (void) krb5_db2_db_unlock(context); /* unlock write lock */
     return retval;
 }
 
 krb5_error_code
 krb5_db2_db_iterate_ext(krb5_context context,
-                       krb5_error_code(*func) (krb5_pointer, krb5_db_entry *),
-                       krb5_pointer func_arg,
-                       int backwards, int recursive)
+                        krb5_error_code(*func) (krb5_pointer, krb5_db_entry *),
+                        krb5_pointer func_arg,
+                        int backwards, int recursive)
 {
     krb5_db2_context *db_ctx;
     DB     *db;
@@ -1168,75 +1169,75 @@ krb5_db2_db_iterate_ext(krb5_context context,
 
     cookie = NULL;
     if (!k5db2_inited(context))
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED);
 
     if (retval)
-       return retval;
+        return retval;
 
     db = db_ctx->db;
     if (recursive && db->type != DB_BTREE) {
-       (void) krb5_db2_db_unlock(context);
-       return KRB5_KDB_UK_RERROR;      /* Not optimal, but close enough. */
+        (void) krb5_db2_db_unlock(context);
+        return KRB5_KDB_UK_RERROR;      /* Not optimal, but close enough. */
     }
 
     if (!recursive) {
-       dbret = (*db->seq) (db, &key, &contents, backwards ? R_LAST : R_FIRST);
+        dbret = (*db->seq) (db, &key, &contents, backwards ? R_LAST : R_FIRST);
     } else {
 #ifdef HAVE_BT_RSEQ
-       dbret = bt_rseq(db, &key, &contents, &cookie,
-                       backwards ? R_LAST : R_FIRST);
+        dbret = bt_rseq(db, &key, &contents, &cookie,
+                        backwards ? R_LAST : R_FIRST);
 #else
-       (void) krb5_db2_db_unlock(context);
-       return KRB5_KDB_UK_RERROR;      /* Not optimal, but close enough. */
+        (void) krb5_db2_db_unlock(context);
+        return KRB5_KDB_UK_RERROR;      /* Not optimal, but close enough. */
 #endif
     }
     while (dbret == 0) {
-       krb5_error_code retval2;
-
-       contdata.data = contents.data;
-       contdata.length = contents.size;
-       retval = krb5_decode_princ_contents(context, &contdata, &entries);
-       if (retval)
-           break;
-       retval = k5_mutex_unlock(krb5_db2_mutex);
-       if (retval)
-           break;
-       retval = (*func) (func_arg, &entries);
-       krb5_dbe_free_contents(context, &entries);
-       retval2 = k5_mutex_lock(krb5_db2_mutex);
-       /* Note: If re-locking fails, the wrapper in db2_exp.c will
-          still try to unlock it again.  That would be a bug.  Fix
-          when integrating the locking better.  */
-       if (retval)
-           break;
-       if (retval2) {
-           retval = retval2;
-           break;
-       }
-       if (!recursive) {
-           dbret = (*db->seq) (db, &key, &contents,
-                               backwards ? R_PREV : R_NEXT);
-       } else {
+        krb5_error_code retval2;
+
+        contdata.data = contents.data;
+        contdata.length = contents.size;
+        retval = krb5_decode_princ_contents(context, &contdata, &entries);
+        if (retval)
+            break;
+        retval = k5_mutex_unlock(krb5_db2_mutex);
+        if (retval)
+            break;
+        retval = (*func) (func_arg, &entries);
+        krb5_dbe_free_contents(context, &entries);
+        retval2 = k5_mutex_lock(krb5_db2_mutex);
+        /* Note: If re-locking fails, the wrapper in db2_exp.c will
+           still try to unlock it again.  That would be a bug.  Fix
+           when integrating the locking better.  */
+        if (retval)
+            break;
+        if (retval2) {
+            retval = retval2;
+            break;
+        }
+        if (!recursive) {
+            dbret = (*db->seq) (db, &key, &contents,
+                                backwards ? R_PREV : R_NEXT);
+        } else {
 #ifdef HAVE_BT_RSEQ
-           dbret = bt_rseq(db, &key, &contents, &cookie,
-                           backwards ? R_PREV : R_NEXT);
+            dbret = bt_rseq(db, &key, &contents, &cookie,
+                            backwards ? R_PREV : R_NEXT);
 #else
-           (void) krb5_db2_db_unlock(context);
-           return KRB5_KDB_UK_RERROR;  /* Not optimal, but close enough. */
+            (void) krb5_db2_db_unlock(context);
+            return KRB5_KDB_UK_RERROR;  /* Not optimal, but close enough. */
 #endif
-       }
+        }
     }
     switch (dbret) {
     case 1:
     case 0:
-       break;
+        break;
     case -1:
     default:
-       retval = errno;
+        retval = errno;
     }
     (void) krb5_db2_db_unlock(context);
     return retval;
@@ -1244,9 +1245,9 @@ krb5_db2_db_iterate_ext(krb5_context context,
 
 krb5_error_code
 krb5_db2_db_iterate(krb5_context context,
-                   char *match_expr,
-                   krb5_error_code(*func) (krb5_pointer, krb5_db_entry *),
-                   krb5_pointer func_arg)
+                    char *match_expr,
+                    krb5_error_code(*func) (krb5_pointer, krb5_db_entry *),
+                    krb5_pointer func_arg)
 {
     return krb5_db2_db_iterate_ext(context, func, func_arg, 0, 0);
 }
@@ -1261,8 +1262,8 @@ krb5_db2_db_set_lockmode(krb5_context context, krb5_boolean mode)
     dal_handle = context->dal_handle;
     old = mode;
     if (dal_handle && (db_ctx = (krb5_db2_context *) dal_handle->db_context)) {
-       old = db_ctx->db_nb_locks;
-       db_ctx->db_nb_locks = mode;
+        old = db_ctx->db_nb_locks;
+        db_ctx->db_nb_locks = mode;
     }
     return old;
 }
@@ -1285,7 +1286,7 @@ krb5_db2_lib_cleanup()
 
 krb5_error_code
 krb5_db2_open(krb5_context kcontext,
-             char *conf_section, char **db_args, int mode)
+              char *conf_section, char **db_args, int mode)
 {
     krb5_error_code status = 0;
     char  **t_ptr = db_args;
@@ -1295,75 +1296,75 @@ krb5_db2_open(krb5_context kcontext,
     krb5_clear_error_message (kcontext);
 
     if (k5db2_inited(kcontext))
-       return 0;
+        return 0;
 
     while (t_ptr && *t_ptr) {
-       char   *opt = NULL, *val = NULL;
-
-       krb5_db2_get_db_opt(*t_ptr, &opt, &val);
-       if (opt && !strcmp(opt, "dbname")) {
-           if (dbname) free(dbname);
-           dbname = strdup(val);
-           if (dbname == NULL) {
-               free(opt);
-               free(val);
-               return ENOMEM;
-           }
-       }
-       else if (!opt && !strcmp(val, "temporary") ) {
-           tempdb = 1;
-       }
-       else if (!opt && !strcmp(val, "merge_nra")) {
-           ;
-       }
-       /* ignore hash argument. Might have been passed from create */
-       else if (!opt || strcmp(opt, "hash")) {
-           krb5_set_error_message(kcontext, EINVAL,
-                                  "Unsupported argument \"%s\" for db2",
-                                  opt ? opt : val);
-           free(opt);
-           free(val);
-           return EINVAL;
-       }
-
-       free(opt);
-       free(val);
-       t_ptr++;
+        char   *opt = NULL, *val = NULL;
+
+        krb5_db2_get_db_opt(*t_ptr, &opt, &val);
+        if (opt && !strcmp(opt, "dbname")) {
+            if (dbname) free(dbname);
+            dbname = strdup(val);
+            if (dbname == NULL) {
+                free(opt);
+                free(val);
+                return ENOMEM;
+            }
+        }
+        else if (!opt && !strcmp(val, "temporary") ) {
+            tempdb = 1;
+        }
+        else if (!opt && !strcmp(val, "merge_nra")) {
+            ;
+        }
+        /* ignore hash argument. Might have been passed from create */
+        else if (!opt || strcmp(opt, "hash")) {
+            krb5_set_error_message(kcontext, EINVAL,
+                                   "Unsupported argument \"%s\" for db2",
+                                   opt ? opt : val);
+            free(opt);
+            free(val);
+            return EINVAL;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
 
     if(dbname) {
-       status = krb5_db2_db_set_name(kcontext, dbname, tempdb);
-       free(dbname);
-       if (status) {
-           goto clean_n_exit;
-       }
-       db_name_set = 1;
+        status = krb5_db2_db_set_name(kcontext, dbname, tempdb);
+        free(dbname);
+        if (status) {
+            goto clean_n_exit;
+        }
+        db_name_set = 1;
     }
     if (!db_name_set) {
-       char   *value = NULL;
-       status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, conf_section, KDB_DB2_DATABASE_NAME,     /* under given conf section */
-                                   NULL, &value);
+        char   *value = NULL;
+        status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, conf_section, KDB_DB2_DATABASE_NAME,     /* under given conf section */
+                                    NULL, &value);
 
-       if (value == NULL) {
-           /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
-           status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,   /* under given realm */
-                                       default_db_name, &value);
-           if (status) {
-               goto clean_n_exit;
-           }
-       }
+        if (value == NULL) {
+            /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
+            status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,   /* under given realm */
+                                        default_db_name, &value);
+            if (status) {
+                goto clean_n_exit;
+            }
+        }
 
-       status = krb5_db2_db_set_name(kcontext, value, tempdb);
-       profile_release_string(value);
-       if (status) {
-           goto clean_n_exit;
-       }
+        status = krb5_db2_db_set_name(kcontext, value, tempdb);
+        profile_release_string(value);
+        if (status) {
+            goto clean_n_exit;
+        }
 
     }
 
     status = krb5_db2_db_init(kcontext);
 
-  clean_n_exit:
+clean_n_exit:
     return status;
 }
 
@@ -1379,97 +1380,97 @@ krb5_db2_create(krb5_context kcontext, char *conf_section, char **db_args)
     krb5_clear_error_message (kcontext);
 
     if (k5db2_inited(kcontext))
-       return 0;
+        return 0;
 
     while (t_ptr && *t_ptr) {
-       char   *opt = NULL, *val = NULL;
-
-       krb5_db2_get_db_opt(*t_ptr, &opt, &val);
-       if (opt && !strcmp(opt, "dbname")) {
-           db_name = strdup(val);
-           if (db_name == NULL) {
-               free(opt);
-               free(val);
-               return ENOMEM;
-           }
-       }
-       else if (!opt && !strcmp(val, "temporary")) {
-           tempdb = 1;
-       } else if (!opt && !strcmp(val, "merge_nra")) {
-           ;
-       } else if (opt && !strcmp(opt, "hash")) {
-           flags = KRB5_KDB_CREATE_HASH;
-       } else {
-           krb5_set_error_message(kcontext, EINVAL,
-                                  "Unsupported argument \"%s\" for db2",
-                                  opt ? opt : val);
-           free(opt);
-           free(val);
-           return EINVAL;
-       }
-
-       free(opt);
-       free(val);
-       t_ptr++;
+        char   *opt = NULL, *val = NULL;
+
+        krb5_db2_get_db_opt(*t_ptr, &opt, &val);
+        if (opt && !strcmp(opt, "dbname")) {
+            db_name = strdup(val);
+            if (db_name == NULL) {
+                free(opt);
+                free(val);
+                return ENOMEM;
+            }
+        }
+        else if (!opt && !strcmp(val, "temporary")) {
+            tempdb = 1;
+        } else if (!opt && !strcmp(val, "merge_nra")) {
+            ;
+        } else if (opt && !strcmp(opt, "hash")) {
+            flags = KRB5_KDB_CREATE_HASH;
+        } else {
+            krb5_set_error_message(kcontext, EINVAL,
+                                   "Unsupported argument \"%s\" for db2",
+                                   opt ? opt : val);
+            free(opt);
+            free(val);
+            return EINVAL;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
     if (db_name) {
-           status = krb5_db2_db_set_name(kcontext, db_name, tempdb);
-           if (!status) {
-               status = EEXIST;
-               goto clean_n_exit;
-           }
-           db_name_set = 1;
+        status = krb5_db2_db_set_name(kcontext, db_name, tempdb);
+        if (!status) {
+            status = EEXIST;
+            goto clean_n_exit;
+        }
+        db_name_set = 1;
     }
     if (!db_name_set) {
-       char   *value = NULL;
-       status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext),
-                                   KDB_MODULE_SECTION, conf_section,
-                                   /* under given conf section */
-                                   KDB_DB2_DATABASE_NAME, NULL, &value);
-
-       if (value == NULL) {
-           /* Special case for db2.  We might actually be looking at
-            * old type config file where database is specified as
-            * part of realm.  */
-           status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext),
-                                       KDB_REALM_SECTION,
-                                       KRB5_DB_GET_REALM(kcontext),
-                                       /* under given realm */
-                                       KDB_DB2_DATABASE_NAME,
-                                       default_db_name, &value);
-           if (status) {
-               goto clean_n_exit;
-           }
-       }
-
-       db_name = strdup(value);
-       if (db_name == NULL) {
-           status = ENOMEM;
-           profile_release_string(value);
-           goto clean_n_exit;
-       }
-       status = krb5_db2_db_set_name(kcontext, value, tempdb);
-       profile_release_string(value);
-       if (!status) {
-           status = EEXIST;
-           goto clean_n_exit;
-       }
+        char   *value = NULL;
+        status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext),
+                                    KDB_MODULE_SECTION, conf_section,
+                                    /* under given conf section */
+                                    KDB_DB2_DATABASE_NAME, NULL, &value);
+
+        if (value == NULL) {
+            /* Special case for db2.  We might actually be looking at
+             * old type config file where database is specified as
+             * part of realm.  */
+            status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext),
+                                        KDB_REALM_SECTION,
+                                        KRB5_DB_GET_REALM(kcontext),
+                                        /* under given realm */
+                                        KDB_DB2_DATABASE_NAME,
+                                        default_db_name, &value);
+            if (status) {
+                goto clean_n_exit;
+            }
+        }
+
+        db_name = strdup(value);
+        if (db_name == NULL) {
+            status = ENOMEM;
+            profile_release_string(value);
+            goto clean_n_exit;
+        }
+        status = krb5_db2_db_set_name(kcontext, value, tempdb);
+        profile_release_string(value);
+        if (!status) {
+            status = EEXIST;
+            goto clean_n_exit;
+        }
 
     }
 
     status = krb5_db2_db_create(kcontext, db_name, flags);
     if (status)
-       goto clean_n_exit;
+        goto clean_n_exit;
     /* db2 has a problem of needing to close and open the database again. This removes that need */
     status = krb5_db2_db_fini(kcontext);
     if (status)
-       goto clean_n_exit;
+        goto clean_n_exit;
 
     status = krb5_db2_open(kcontext, conf_section, db_args, KRB5_KDB_OPEN_RW);
 
-  clean_n_exit:
+clean_n_exit:
     if (db_name)
-       free(db_name);
+        free(db_name);
     return status;
 }
 
@@ -1482,77 +1483,77 @@ krb5_db2_destroy(krb5_context kcontext, char *conf_section, char **db_args)
     char   *db_name = NULL;
 
     while (t_ptr && *t_ptr) {
-       char   *opt = NULL, *val = NULL;
-
-       krb5_db2_get_db_opt(*t_ptr, &opt, &val);
-       if (opt && !strcmp(opt, "dbname")) {
-           db_name = strdup(val);
-           if (db_name == NULL) {
-               free(opt);
-               free(val);
-               return ENOMEM;
-           }
-       }
-       else if (!opt && !strcmp(val, "temporary")) {
-           tempdb = 1;
-       }
-       /* ignore hash argument. Might have been passed from create */
-       else if (!opt || strcmp(opt, "hash")) {
-           free(opt);
-           free(val);
-           return EINVAL;
-       }
-
-       free(opt);
-       free(val);
-       t_ptr++;
+        char   *opt = NULL, *val = NULL;
+
+        krb5_db2_get_db_opt(*t_ptr, &opt, &val);
+        if (opt && !strcmp(opt, "dbname")) {
+            db_name = strdup(val);
+            if (db_name == NULL) {
+                free(opt);
+                free(val);
+                return ENOMEM;
+            }
+        }
+        else if (!opt && !strcmp(val, "temporary")) {
+            tempdb = 1;
+        }
+        /* ignore hash argument. Might have been passed from create */
+        else if (!opt || strcmp(opt, "hash")) {
+            free(opt);
+            free(val);
+            return EINVAL;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
 
     if (db_name) {
-       status = krb5_db2_db_set_name(kcontext, db_name, tempdb);
-       if (status) {
-           goto clean_n_exit;
-       }
-       db_name_set = 1;
+        status = krb5_db2_db_set_name(kcontext, db_name, tempdb);
+        if (status) {
+            goto clean_n_exit;
+        }
+        db_name_set = 1;
     }
     if (!db_name_set) {
-       char   *value = NULL;
-       status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, conf_section, KDB_DB2_DATABASE_NAME,     /* under given conf section */
-                                   NULL, &value);
-
-       if (value == NULL) {
-           /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
-           status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,   /* under given realm */
-                                       default_db_name, &value);
-           if (status) {
-               goto clean_n_exit;
-           }
-       }
-
-       db_name = strdup(value);
-       if (db_name == NULL) {
-           status = ENOMEM;
-           goto clean_n_exit;
-       }
-       status = krb5_db2_db_set_name(kcontext, value, tempdb);
-       profile_release_string(value);
-       if (status) {
-           goto clean_n_exit;
-       }
+        char   *value = NULL;
+        status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, conf_section, KDB_DB2_DATABASE_NAME,     /* under given conf section */
+                                    NULL, &value);
+
+        if (value == NULL) {
+            /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
+            status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,   /* under given realm */
+                                        default_db_name, &value);
+            if (status) {
+                goto clean_n_exit;
+            }
+        }
+
+        db_name = strdup(value);
+        if (db_name == NULL) {
+            status = ENOMEM;
+            goto clean_n_exit;
+        }
+        status = krb5_db2_db_set_name(kcontext, value, tempdb);
+        profile_release_string(value);
+        if (status) {
+            goto clean_n_exit;
+        }
 
     }
 
     status = krb5_db2_db_destroy(kcontext, db_name);
 
-  clean_n_exit:
+clean_n_exit:
     if (db_name)
-       free(db_name);
+        free(db_name);
     return status;
 }
 
 krb5_error_code
 krb5_db2_set_master_key_ext(krb5_context kcontext,
-                           char *pwd, krb5_keyblock * key)
+                            char *pwd, krb5_keyblock * key)
 {
     return krb5_db2_db_set_mkey(kcontext, key);
 }
@@ -1566,7 +1567,7 @@ krb5_db2_db_set_option(krb5_context kcontext, int option, void *value)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(kcontext))
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = kcontext->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
@@ -1574,17 +1575,17 @@ krb5_db2_db_set_option(krb5_context kcontext, int option, void *value)
 
     switch (option) {
     case KRB5_KDB_OPT_SET_DB_NAME:
-       status = krb5_db2_db_set_name(kcontext, (char *) value, db_ctx->tempdb);
-       break;
+        status = krb5_db2_db_set_name(kcontext, (char *) value, db_ctx->tempdb);
+        break;
 
     case KRB5_KDB_OPT_SET_LOCK_MODE:
-       oldval = krb5_db2_db_set_lockmode(kcontext, *((krb5_boolean *) value));
-       *((krb5_boolean *) value) = oldval;
-       break;
+        oldval = krb5_db2_db_set_lockmode(kcontext, *((krb5_boolean *) value));
+        *((krb5_boolean *) value) = oldval;
+        break;
 
     default:
-       status = -1;            /* TBD */
-       break;
+        status = -1;            /* TBD */
+        break;
     }
 
     return status;
@@ -1617,7 +1618,7 @@ krb5_db2_create_policy(krb5_context kcontext, osa_policy_ent_t policy)
 
 krb5_error_code
 krb5_db2_get_policy(krb5_context kcontext,
-                   char *name, osa_policy_ent_t * policy, int *cnt)
+                    char *name, osa_policy_ent_t * policy, int *cnt)
 {
     kdb5_dal_handle *dal_handle;
     krb5_db2_context *dbc;
@@ -1642,8 +1643,8 @@ krb5_db2_put_policy(krb5_context kcontext, osa_policy_ent_t policy)
 
 krb5_error_code
 krb5_db2_iter_policy(krb5_context kcontext,
-                    char *match_entry,
-                    osa_adb_iter_policy_func func, void *data)
+                     char *match_entry,
+                     osa_adb_iter_policy_func func, void *data)
 {
     kdb5_dal_handle *dal_handle;
     krb5_db2_context *dbc;
@@ -1687,38 +1688,38 @@ krb5_db2_promote_db(krb5_context kcontext, char *conf_section, char **db_args)
     krb5_clear_error_message (kcontext);
 
     {
-       kdb5_dal_handle *dal_handle = kcontext->dal_handle;
-       krb5_db2_context *db_ctx = dal_handle->db_context;
-       db_name = strdup(db_ctx->db_name);
-       if (db_name == NULL) {
-           status = ENOMEM;
-           goto clean_n_exit;
-       }
+        kdb5_dal_handle *dal_handle = kcontext->dal_handle;
+        krb5_db2_context *db_ctx = dal_handle->db_context;
+        db_name = strdup(db_ctx->db_name);
+        if (db_name == NULL) {
+            status = ENOMEM;
+            goto clean_n_exit;
+        }
     }
 
     assert(kcontext->dal_handle != NULL);
     temp_db_name = gen_dbsuffix(db_name, "~");
     if (temp_db_name == NULL) {
-       status = ENOMEM;
-       goto clean_n_exit;
+        status = ENOMEM;
+        goto clean_n_exit;
     }
 
     for (db_argp = db_args; *db_argp; db_argp++) {
-       if (!strcmp(*db_argp, "merge_nra")) {
-           merge_nra++;
-           break;
-       }
+        if (!strcmp(*db_argp, "merge_nra")) {
+            merge_nra++;
+            break;
+        }
     }
 
     status = krb5_db2_db_rename (kcontext, temp_db_name, db_name, merge_nra);
     if (status)
-       goto clean_n_exit;
+        goto clean_n_exit;
 
 clean_n_exit:
     if (db_name)
-       free(db_name);
+        free(db_name);
     if (temp_db_name)
-       free(temp_db_name);
+        free(temp_db_name);
     return status;
 }
 
@@ -1731,25 +1732,25 @@ clean_n_exit:
  */
 static krb5_error_code
 krb5_db2_merge_principal(krb5_context kcontext,
-                        krb5_db_entry *src,
-                        krb5_db_entry *dst,
-                        int *changed)
+                         krb5_db_entry *src,
+                         krb5_db_entry *dst,
+                         int *changed)
 {
     *changed = 0;
 
     if (dst->last_success != src->last_success) {
-       dst->last_success = src->last_success;
-       (*changed)++;
+        dst->last_success = src->last_success;
+        (*changed)++;
     }
 
     if (dst->last_failed != src->last_failed) {
-       dst->last_failed = src->last_failed;
-       (*changed)++;
+        dst->last_failed = src->last_failed;
+        (*changed)++;
     }
 
     if (dst->fail_auth_count != src->fail_auth_count) {
-       dst->fail_auth_count = src->fail_auth_count;
-       (*changed)++;
+        dst->fail_auth_count = src->fail_auth_count;
+        (*changed)++;
     }
 
     return 0;
@@ -1782,14 +1783,14 @@ krb5_db2_merge_nra_iterator(krb5_pointer ptr, krb5_db_entry *entry)
 
     /* look up the new principal in the old DB */
     retval = krb5_db2_db_get_principal(nra->kcontext,
-                                      entry->princ,
-                                      &s_entry,
-                                      &n_entries,
-                                      &more);
+                                       entry->princ,
+                                       &s_entry,
+                                       &n_entries,
+                                       &more);
     if (retval != 0 || n_entries == 0) {
-       /* principal may be newly created, so ignore */
-       dal_handle->db_context = dst_db;
-       return 0;
+        /* principal may be newly created, so ignore */
+        dal_handle->db_context = dst_db;
+        return 0;
     }
 
     /* merge non-replicated attributes from the old entry in */
@@ -1799,12 +1800,12 @@ krb5_db2_merge_nra_iterator(krb5_pointer ptr, krb5_db_entry *entry)
 
     /* if necessary, commit the modified new entry to the new DB */
     if (changed) {
-       retval = krb5_db2_db_put_principal(nra->kcontext,
-                                          entry,
-                                          &n_entries,
-                                          NULL);
+        retval = krb5_db2_db_put_principal(nra->kcontext,
+                                           entry,
+                                           &n_entries,
+                                           NULL);
     } else {
-       retval = 0;
+        retval = 0;
     }
 
     return retval;
@@ -1819,8 +1820,8 @@ krb5_db2_merge_nra_iterator(krb5_pointer ptr, krb5_db_entry *entry)
  */
 static krb5_error_code
 krb5_db2_begin_nra_merge(krb5_context kcontext,
-                        krb5_db2_context *src_db,
-                        krb5_db2_context *dst_db)
+                         krb5_db2_context *src_db,
+                         krb5_db2_context *dst_db)
 {
     krb5_error_code retval;
     kdb5_dal_handle *dal_handle = kcontext->dal_handle;
@@ -1834,17 +1835,17 @@ krb5_db2_begin_nra_merge(krb5_context kcontext,
 
     retval = krb5_db2_db_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
     if (retval) {
-       dal_handle->db_context = dst_db;
-       return retval;
+        dal_handle->db_context = dst_db;
+        return retval;
     }
 
     retval = krb5_db2_db_iterate_ext(kcontext,
-                                    krb5_db2_merge_nra_iterator,
-                                    &nra,
-                                    0,
-                                    0);
+                                     krb5_db2_merge_nra_iterator,
+                                     &nra,
+                                     0,
+                                     0);
     if (retval != 0)
-       (void) krb5_db2_db_unlock(kcontext);
+        (void) krb5_db2_db_unlock(kcontext);
 
     dal_handle->db_context = dst_db;
 
@@ -1857,8 +1858,8 @@ krb5_db2_begin_nra_merge(krb5_context kcontext,
  */
 static krb5_error_code
 krb5_db2_end_nra_merge(krb5_context kcontext,
-                      krb5_db2_context *src_db,
-                      krb5_db2_context *dst_db)
+                       krb5_db2_context *src_db,
+                       krb5_db2_context *dst_db)
 {
     krb5_error_code retval;
     kdb5_dal_handle *dal_handle = kcontext->dal_handle;
@@ -1896,7 +1897,7 @@ krb5_db2_db_rename(context, from, to, merge_nra)
     s_context = dal_handle->db_context;
     dal_handle->db_context = NULL;
     if ((retval = k5db2_init_context(context)))
-       return retval;
+        return retval;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     /*
@@ -1906,7 +1907,7 @@ krb5_db2_db_rename(context, from, to, merge_nra)
      */
     retval = krb5_db2_db_create(context, to, 0);
     if (retval != 0 && retval != EEXIST)
-       goto errout;
+        goto errout;
 
     /*
      * Set the database to the target, so that other processes sharing
@@ -1914,21 +1915,21 @@ krb5_db2_db_rename(context, from, to, merge_nra)
      */
     retval = krb5_db2_db_set_name(context, to, 0);
     if (retval)
-       goto errout;
+        goto errout;
 
     retval = krb5_db2_db_init(context);
     if (retval)
-       goto errout;
+        goto errout;
 
     db_ctx->db_lf_name = gen_dbsuffix(db_ctx->db_name, KDB2_LOCK_EXT);
     if (db_ctx->db_lf_name == NULL) {
-       retval = ENOMEM;
-       goto errout;
+        retval = ENOMEM;
+        goto errout;
     }
     db_ctx->db_lf_file = open(db_ctx->db_lf_name, O_RDWR|O_CREAT, 0600);
     if (db_ctx->db_lf_file < 0) {
-       retval = errno;
-       goto errout;
+        retval = errno;
+        goto errout;
     }
     set_cloexec_fd(db_ctx->db_lf_file);
 
@@ -1936,76 +1937,76 @@ krb5_db2_db_rename(context, from, to, merge_nra)
 
     retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time);
     if (retval)
-       goto errout;
+        goto errout;
 
     fromok = gen_dbsuffix(from, KDB2_LOCK_EXT);
     if (fromok == NULL) {
-       retval = ENOMEM;
-       goto errout;
+        retval = ENOMEM;
+        goto errout;
     }
 
     if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE)))
-       goto errfromok;
+        goto errfromok;
 
     if ((retval = krb5_db2_db_start_update(context)))
-       goto errfromok;
+        goto errfromok;
 
     if (merge_nra) {
-       if ((retval = krb5_db2_begin_nra_merge(context, s_context, db_ctx)))
-           goto errfromok;
+        if ((retval = krb5_db2_begin_nra_merge(context, s_context, db_ctx)))
+            goto errfromok;
     }
 
     if (rename(from, to)) {
-       retval = errno;
-       goto errfromok;
+        retval = errno;
+        goto errfromok;
     }
     if (unlink(fromok)) {
-       retval = errno;
-       goto errfromok;
+        retval = errno;
+        goto errfromok;
     }
 
     if (merge_nra) {
-       krb5_db2_end_nra_merge(context, s_context, db_ctx);
+        krb5_db2_end_nra_merge(context, s_context, db_ctx);
     }
 
     retval = krb5_db2_db_end_update(context);
     if (retval)
-       goto errfromok;
+        goto errfromok;
 
     {
-       /* XXX moved so that NRA merge works */
-       /* Ugly brute force hack.
-
-          Should be going through nice friendly helper routines for
-          this, but it's a mess of jumbled so-called interfaces right
-          now.  */
-       char    policy[2048], new_policy[2048];
-       assert (strlen(db_ctx->db_name) < 2000);
-       snprintf(policy, sizeof(policy), "%s.kadm5", db_ctx->db_name);
-       snprintf(new_policy, sizeof(new_policy),
-                "%s~.kadm5", db_ctx->db_name);
-       if (0 != rename(new_policy, policy)) {
-           retval = errno;
-           goto errfromok;
-       }
-       strlcat(new_policy, ".lock",sizeof(new_policy));
-       (void) unlink(new_policy);
+        /* XXX moved so that NRA merge works */
+        /* Ugly brute force hack.
+
+           Should be going through nice friendly helper routines for
+           this, but it's a mess of jumbled so-called interfaces right
+           now.  */
+        char    policy[2048], new_policy[2048];
+        assert (strlen(db_ctx->db_name) < 2000);
+        snprintf(policy, sizeof(policy), "%s.kadm5", db_ctx->db_name);
+        snprintf(new_policy, sizeof(new_policy),
+                 "%s~.kadm5", db_ctx->db_name);
+        if (0 != rename(new_policy, policy)) {
+            retval = errno;
+            goto errfromok;
+        }
+        strlcat(new_policy, ".lock",sizeof(new_policy));
+        (void) unlink(new_policy);
     }
 
 errfromok:
     free_dbsuffix(fromok);
 errout:
     if (dal_handle->db_context) {
-       if (db_ctx->db_lf_file >= 0) {
-           krb5_db2_db_unlock(context);
-           close(db_ctx->db_lf_file);
-       }
-       k5db2_clear_context((krb5_db2_context *) dal_handle->db_context);
-       free(dal_handle->db_context);
+        if (db_ctx->db_lf_file >= 0) {
+            krb5_db2_db_unlock(context);
+            close(db_ctx->db_lf_file);
+        }
+        k5db2_clear_context((krb5_db2_context *) dal_handle->db_context);
+        free(dal_handle->db_context);
     }
 
     dal_handle->db_context = s_context;
-    (void) krb5_db2_db_unlock(context);        /* unlock saved context db */
+    (void) krb5_db2_db_unlock(context); /* unlock saved context db */
 
     return retval;
 }
index 9f3cbc5c93749d5a23f0d23a17bf7d3c54d8aadd..7e6fea13d332e7d2ea4dadfe86e6ae41e74a619b 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_db2.h
  *
@@ -34,8 +35,8 @@
 typedef struct _krb5_db2_context {
     krb5_boolean        db_inited;      /* Context initialized          */
     char *              db_name;        /* Name of database             */
-    DB *               db;             /* DB handle                    */
-    krb5_boolean       hashfirst;      /* Try hash database type first */
+    DB *                db;             /* DB handle                    */
+    krb5_boolean        hashfirst;      /* Try hash database type first */
     char *              db_lf_name;     /* Name of lock file            */
     int                 db_lf_file;     /* File descriptor of lock file */
     time_t              db_lf_time;     /* Time last updated            */
@@ -53,169 +54,102 @@ typedef struct _krb5_db2_context {
 #define KDB2_LOCK_EXT ".ok"
 #define KDB2_TEMP_LOCK_EXT "~.ok"
 
-krb5_error_code krb5_db2_db_init
-       (krb5_context);
-krb5_error_code krb5_db2_db_fini
-       (krb5_context);
-krb5_error_code krb5_db2_db_get_age
-       (krb5_context,
-                  char *,
-                  time_t * );
-krb5_error_code krb5_db2_db_create
-       (krb5_context,
-                  char *,
-                  krb5_int32);
-krb5_error_code krb5_db2_db_destroy
-       (krb5_context,
-                  char * );
-krb5_error_code krb5_db2_db_rename
-       (krb5_context,
-                  char *,
-                  char *,
-                  int );
-krb5_error_code krb5_db2_db_get_principal
-       (krb5_context,
-                  krb5_const_principal,
-                  krb5_db_entry *,
-                  int *,
-                  krb5_boolean * );
-krb5_error_code krb5_db2_db_free_principal
-       (krb5_context,
-                  krb5_db_entry *,
-                  int );
-krb5_error_code krb5_db2_db_put_principal
-       (krb5_context,
-        krb5_db_entry *,
-        int *,
-        char **db_args
-        );
-krb5_error_code krb5_db2_db_iterate_ext
-       (krb5_context,
-                  krb5_error_code (*) (krb5_pointer,
-                                                 krb5_db_entry *),
-                  krb5_pointer, int, int );
-krb5_error_code krb5_db2_db_iterate
-(krb5_context,char *,
-                  krb5_error_code (*) (krb5_pointer,
-                                                 krb5_db_entry *),
-                  krb5_pointer );
-krb5_error_code krb5_db2_db_set_nonblocking
-       (krb5_context,
-                  krb5_boolean,
-                  krb5_boolean * );
-krb5_boolean krb5_db2_db_set_lockmode
-       (krb5_context,
-                  krb5_boolean );
-krb5_error_code krb5_db2_db_open_database
-       (krb5_context);
-krb5_error_code krb5_db2_db_close_database
-       (krb5_context);
+krb5_error_code krb5_db2_db_init(krb5_context);
+krb5_error_code krb5_db2_db_fini(krb5_context);
+krb5_error_code krb5_db2_db_get_age(krb5_context, char *, time_t *);
+krb5_error_code krb5_db2_db_create(krb5_context, char *, krb5_int32);
+krb5_error_code krb5_db2_db_destroy(krb5_context, char *);
+krb5_error_code krb5_db2_db_rename(krb5_context, char *, char *, int );
+krb5_error_code krb5_db2_db_get_principal(krb5_context, krb5_const_principal,
+                                          krb5_db_entry *, int *,
+                                          krb5_boolean *);
+krb5_error_code krb5_db2_db_free_principal(krb5_context, krb5_db_entry *, int);
+krb5_error_code krb5_db2_db_put_principal(krb5_context, krb5_db_entry *,
+                                          int *, char **db_args);
+krb5_error_code krb5_db2_db_iterate_ext(krb5_context,
+                                        krb5_error_code (*)(krb5_pointer,
+                                                            krb5_db_entry *),
+                                        krb5_pointer, int, int);
+krb5_error_code krb5_db2_db_iterate(krb5_context, char *,
+                                    krb5_error_code (*)(krb5_pointer,
+                                                        krb5_db_entry *),
+                                    krb5_pointer);
+krb5_error_code krb5_db2_db_set_nonblocking(krb5_context, krb5_boolean,
+                                            krb5_boolean *);
+krb5_boolean krb5_db2_db_set_lockmode(krb5_context, krb5_boolean);
+krb5_error_code krb5_db2_db_open_database(krb5_context);
+krb5_error_code krb5_db2_db_close_database(krb5_context);
 
 krb5_error_code
-krb5_db2_set_master_key_ext ( krb5_context kcontext,
-                             char *pwd,
-                             krb5_keyblock *key);
+krb5_db2_set_master_key_ext(krb5_context kcontext, char *pwd,
+                            krb5_keyblock *key);
 
 krb5_error_code
-krb5_db2_db_set_mkey( krb5_context context,
-                     krb5_keyblock *key);
+krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key);
 
 krb5_error_code
-krb5_db2_db_get_mkey( krb5_context context,
-                     krb5_keyblock **key);
+krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key);
+
 krb5_error_code
-krb5_db2_db_set_mkey_list( krb5_context context,
-                     krb5_keylist_node *keylist);
+krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *keylist);
 
 krb5_error_code
-krb5_db2_db_get_mkey_list( krb5_context context,
-                     krb5_keylist_node **keylist);
+krb5_db2_db_get_mkey_list(krb5_context context, krb5_keylist_node **keylist);
 
 krb5_error_code
-krb5_db2_db_put_principal( krb5_context context,
-                          krb5_db_entry *entries,
-                          register int *nentries,
-                          char **db_args);
+krb5_db2_db_put_principal(krb5_context context, krb5_db_entry *entries,
+                          register int *nentries, char **db_args);
 
 krb5_error_code
 krb5_db2_db_delete_principal(krb5_context context,
-                            krb5_const_principal searchfor,
-                            int *nentries);
+                             krb5_const_principal searchfor, int *nentries);
 
 krb5_error_code krb5_db2_lib_init(void);
-
 krb5_error_code krb5_db2_lib_cleanup(void);
+krb5_error_code krb5_db2_db_unlock(krb5_context);
 
 krb5_error_code
-krb5_db2_db_unlock(krb5_context);
+krb5_db2_promote_db(krb5_context kcontext, char *conf_section, char **db_args);
 
 krb5_error_code
-krb5_db2_promote_db(krb5_context kcontext,
-                   char *conf_section,
-                   char **db_args);
+krb5_db2_db_set_option(krb5_context kcontext, int option, void *value );
 
 krb5_error_code
-krb5_db2_db_set_option ( krb5_context kcontext,
-                        int option,
-                        void *value );
-
-krb5_error_code
-krb5_db2_db_lock( krb5_context           context,
-                 int             in_mode);
-
+krb5_db2_db_lock(krb5_context context, int in_mode);
 
 krb5_error_code
-krb5_db2_open( krb5_context kcontext,
-                              char *conf_section,
-                              char **db_args,
-                              int mode );
-
-krb5_error_code krb5_db2_create( krb5_context kcontext,
-                                char *conf_section,
-                                char **db_args );
-
-krb5_error_code krb5_db2_destroy( krb5_context kcontext,
-                                 char *conf_section,
-                                 char **db_args );
-
-const char * krb5_db2_err2str( krb5_context kcontext,
-                              long err_code );
-
-void *
-krb5_db2_alloc( krb5_context kcontext,
-               void *ptr,
-               size_t size );
-
-void
-krb5_db2_free( krb5_context kcontext,
-                   void *ptr );
+krb5_db2_open(krb5_context kcontext, char *conf_section, char **db_args,
+              int mode);
 
+krb5_error_code krb5_db2_create(krb5_context kcontext, char *conf_section,
+                                char **db_args);
 
+krb5_error_code krb5_db2_destroy(krb5_context kcontext, char *conf_section,
+                                 char **db_args);
 
+const char *krb5_db2_err2str(krb5_context kcontext, long err_code);
+void *krb5_db2_alloc(krb5_context kcontext, void *ptr, size_t size);
+void krb5_db2_free(krb5_context kcontext, void *ptr);
 
 
 /* policy management functions */
 krb5_error_code
 krb5_db2_create_policy(krb5_context context, osa_policy_ent_t entry);
 
-krb5_error_code krb5_db2_get_policy ( krb5_context kcontext,
-                                     char *name,
-                                     osa_policy_ent_t *policy,
-                                     int *cnt);
+krb5_error_code krb5_db2_get_policy(krb5_context kcontext,
+                                    char *name, osa_policy_ent_t *policy,
+                                    int *cnt);
 
-krb5_error_code krb5_db2_put_policy ( krb5_context kcontext,
-                                     osa_policy_ent_t policy );
+krb5_error_code krb5_db2_put_policy(krb5_context kcontext,
+                                    osa_policy_ent_t policy);
 
-krb5_error_code krb5_db2_iter_policy ( krb5_context kcontext,
-                                      char *match_entry,
-                                      osa_adb_iter_policy_func func,
-                                      void *data );
+krb5_error_code krb5_db2_iter_policy(krb5_context kcontext, char *match_entry,
+                                     osa_adb_iter_policy_func func,
+                                     void *data);
 
-krb5_error_code krb5_db2_delete_policy ( krb5_context kcontext,
-                                        char *policy );
+krb5_error_code krb5_db2_delete_policy(krb5_context kcontext, char *policy);
 
-void krb5_db2_free_policy( krb5_context kcontext,
-                          osa_policy_ent_t entry );
+void krb5_db2_free_policy(krb5_context kcontext, osa_policy_ent_t entry);
 
 /* Thread-safety wrapper slapped on top of original implementation.  */
 extern k5_mutex_t *krb5_db2_mutex;
index 69c5522ac177fd2a429708134d54e3fe77a61484..d000e42302f49b50ee861cbfa6090290368b2f0e 100644 (file)
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/db2/kdb_ext.c
  *
index 38dc658fdba9cbf227db2c39e5ffdab0c25e99dd..81a3cc42619458923f9cc5053214a5187e8a689b 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_xdr.c
  *
 #include "kdb_xdr.h"
 
 krb5_error_code
-krb5_encode_princ_dbkey(context, key, principal)
-    krb5_context context;
-    krb5_data  *key;
-    krb5_const_principal principal;
+krb5_encode_princ_dbkey(krb5_context context, krb5_data *key,
+                        krb5_const_principal principal)
 {
     char *princ_name;
     krb5_error_code retval;
@@ -49,26 +48,22 @@ krb5_encode_princ_dbkey(context, key, principal)
 }
 
 void
-krb5_free_princ_dbkey(context, key)
-    krb5_context context;
-    krb5_data  *key;
+krb5_free_princ_dbkey(krb5_context context, krb5_data *key)
 {
     (void) krb5_free_data_contents(context, key);
 }
 
 krb5_error_code
-krb5_encode_princ_contents(context, content, entry)
-    krb5_context         context;
-    krb5_data                  * content;
-    krb5_db_entry      * entry;
+krb5_encode_princ_contents(krb5_context context, krb5_data *content,
+                           krb5_db_entry *entry)
 {
-    int                  i, j;
-    unsigned int         unparse_princ_size;
-    char               * unparse_princ;
-    unsigned char      * nextloc;
-    krb5_tl_data       * tl_data;
-    krb5_error_code      retval;
-    krb5_int16           psize16;
+    int                   i, j;
+    unsigned int          unparse_princ_size;
+    char                * unparse_princ;
+    unsigned char       * nextloc;
+    krb5_tl_data        * tl_data;
+    krb5_error_code       retval;
+    krb5_int16            psize16;
 
     /*
      * Generate one lump of data from the krb5_db_entry.
@@ -81,7 +76,7 @@ krb5_encode_princ_contents(context, content, entry)
      * Need  2 bytes for the length of the base structure
      * then 36 [ 8 * 4 + 2 * 2] bytes for the base information
      *         [ attributes, max_life, max_renewable_life, expiration,
-     *          pw_expiration, last_success, last_failed, fail_auth_count ]
+     *           pw_expiration, last_success, last_failed, fail_auth_count ]
      *         [ n_key_data, n_tl_data ]
      * then XX bytes [ e_length ] for the extra data [ e_data ]
      * then XX bytes [ 2 for length + length for string ] for the principal,
@@ -91,7 +86,7 @@ krb5_encode_princ_contents(context, content, entry)
     content->length = entry->len + entry->e_length;
 
     if ((retval = krb5_unparse_name(context, entry->princ, &unparse_princ)))
-       return(retval);
+        return(retval);
 
     unparse_princ_size = strlen(unparse_princ) + 1;
     content->length += unparse_princ_size;
@@ -100,28 +95,28 @@ krb5_encode_princ_contents(context, content, entry)
     i = 0;
     /* tl_data is a linked list */
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
-       content->length += tl_data->tl_data_length;
-       content->length += 4; /* type, length */
-       i++;
+        content->length += tl_data->tl_data_length;
+        content->length += 4; /* type, length */
+        i++;
     }
 
     if (i != entry->n_tl_data) {
-       retval = KRB5_KDB_TRUNCATED_RECORD;
-       goto epc_error;
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto epc_error;
     }
 
     /* key_data is an array */
     for (i = 0; i < entry->n_key_data; i++) {
-       content->length += 4; /* Version, KVNO */
-       for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
-           content->length += entry->key_data[i].key_data_length[j];
-           content->length += 4; /* type + length */
-       }
+        content->length += 4; /* Version, KVNO */
+        for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+            content->length += entry->key_data[i].key_data_length[j];
+            content->length += 4; /* type + length */
+        }
     }
 
     if ((content->data = malloc(content->length)) == NULL) {
-       retval = ENOMEM;
-       goto epc_error;
+        retval = ENOMEM;
+        goto epc_error;
     }
 
     /*
@@ -130,103 +125,103 @@ krb5_encode_princ_contents(context, content, entry)
      */
     nextloc = (unsigned char *)content->data;
 
-       /* Base Length */
+    /* Base Length */
     krb5_kdb_encode_int16(entry->len, nextloc);
     nextloc += 2;
 
-       /* Attributes */
+    /* Attributes */
     krb5_kdb_encode_int32(entry->attributes, nextloc);
     nextloc += 4;
 
-       /* Max Life */
+    /* Max Life */
     krb5_kdb_encode_int32(entry->max_life, nextloc);
     nextloc += 4;
 
-       /* Max Renewable Life */
+    /* Max Renewable Life */
     krb5_kdb_encode_int32(entry->max_renewable_life, nextloc);
     nextloc += 4;
 
-       /* When the client expires */
+    /* When the client expires */
     krb5_kdb_encode_int32(entry->expiration, nextloc);
     nextloc += 4;
 
-       /* When its passwd expires */
+    /* When its passwd expires */
     krb5_kdb_encode_int32(entry->pw_expiration, nextloc);
     nextloc += 4;
 
-       /* Last successful passwd */
+    /* Last successful passwd */
     krb5_kdb_encode_int32(entry->last_success, nextloc);
     nextloc += 4;
 
-       /* Last failed passwd attempt */
+    /* Last failed passwd attempt */
     krb5_kdb_encode_int32(entry->last_failed, nextloc);
     nextloc += 4;
 
-       /* # of failed passwd attempt */
+    /* # of failed passwd attempt */
     krb5_kdb_encode_int32(entry->fail_auth_count, nextloc);
     nextloc += 4;
 
-       /* # tl_data strutures */
+    /* # tl_data strutures */
     krb5_kdb_encode_int16(entry->n_tl_data, nextloc);
     nextloc += 2;
 
-       /* # key_data strutures */
+    /* # key_data strutures */
     krb5_kdb_encode_int16(entry->n_key_data, nextloc);
     nextloc += 2;
 
-       /* Put extended fields here */
+    /* Put extended fields here */
     if (entry->len != KRB5_KDB_V1_BASE_LENGTH)
-       abort();
+        abort();
 
-       /* Any extra data that this version doesn't understand. */
+    /* Any extra data that this version doesn't understand. */
     if (entry->e_length) {
-       memcpy(nextloc, entry->e_data, entry->e_length);
-       nextloc += entry->e_length;
+        memcpy(nextloc, entry->e_data, entry->e_length);
+        nextloc += entry->e_length;
     }
 
-       /*
-        * Now we get to the principal.
-        * To squeze a few extra bytes out it is always assumed to come
-        * after the base type.
-        */
+    /*
+     * Now we get to the principal.
+     * To squeze a few extra bytes out it is always assumed to come
+     * after the base type.
+     */
     psize16 = (krb5_int16) unparse_princ_size;
     krb5_kdb_encode_int16(psize16, nextloc);
     nextloc += 2;
     (void) memcpy(nextloc, unparse_princ, unparse_princ_size);
     nextloc += unparse_princ_size;
 
-       /* tl_data is a linked list, of type, legth, contents */
+    /* tl_data is a linked list, of type, legth, contents */
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
-       krb5_kdb_encode_int16(tl_data->tl_data_type, nextloc);
-       nextloc += 2;
-       krb5_kdb_encode_int16(tl_data->tl_data_length, nextloc);
-       nextloc += 2;
+        krb5_kdb_encode_int16(tl_data->tl_data_type, nextloc);
+        nextloc += 2;
+        krb5_kdb_encode_int16(tl_data->tl_data_length, nextloc);
+        nextloc += 2;
 
-       memcpy(nextloc, tl_data->tl_data_contents, tl_data->tl_data_length);
-       nextloc += tl_data->tl_data_length;
+        memcpy(nextloc, tl_data->tl_data_contents, tl_data->tl_data_length);
+        nextloc += tl_data->tl_data_length;
     }
 
-       /* key_data is an array */
+    /* key_data is an array */
     for (i = 0; i < entry->n_key_data; i++) {
-       krb5_kdb_encode_int16(entry->key_data[i].key_data_ver, nextloc);
-       nextloc += 2;
-       krb5_kdb_encode_int16(entry->key_data[i].key_data_kvno, nextloc);
-       nextloc += 2;
-
-       for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
-           krb5_int16 type = entry->key_data[i].key_data_type[j];
-           krb5_ui_2  length = entry->key_data[i].key_data_length[j];
-
-           krb5_kdb_encode_int16(type, nextloc);
-           nextloc += 2;
-           krb5_kdb_encode_int16(length, nextloc);
-           nextloc += 2;
-
-           if (length) {
-               memcpy(nextloc, entry->key_data[i].key_data_contents[j],length);
-               nextloc += length;
-           }
-       }
+        krb5_kdb_encode_int16(entry->key_data[i].key_data_ver, nextloc);
+        nextloc += 2;
+        krb5_kdb_encode_int16(entry->key_data[i].key_data_kvno, nextloc);
+        nextloc += 2;
+
+        for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+            krb5_int16 type = entry->key_data[i].key_data_type[j];
+            krb5_ui_2  length = entry->key_data[i].key_data_length[j];
+
+            krb5_kdb_encode_int16(type, nextloc);
+            nextloc += 2;
+            krb5_kdb_encode_int16(length, nextloc);
+            nextloc += 2;
+
+            if (length) {
+                memcpy(nextloc, entry->key_data[i].key_data_contents[j],length);
+                nextloc += length;
+            }
+        }
     }
 
 epc_error:;
@@ -235,24 +230,20 @@ epc_error:;
 }
 
 void
-krb5_free_princ_contents(context, contents)
-    krb5_context         context;
-    krb5_data *contents;
+krb5_free_princ_contents(krb5_context context, krb5_data *contents)
 {
     krb5_free_data_contents(context, contents);
     return;
 }
 
 krb5_error_code
-krb5_decode_princ_contents(context, content, entry)
-    krb5_context         context;
-    krb5_data                  * content;
-    krb5_db_entry      * entry;
+krb5_decode_princ_contents(krb5_context context, krb5_data *content,
+                           krb5_db_entry *entry)
 {
-    int                          sizeleft, i;
-    unsigned char      * nextloc;
+    int                   sizeleft, i;
+    unsigned char       * nextloc;
     krb5_tl_data       ** tl_data;
-    krb5_int16           i16;
+    krb5_int16            i16;
 
     krb5_error_code retval;
 
@@ -272,67 +263,67 @@ krb5_decode_princ_contents(context, content, entry)
     nextloc = (unsigned char *)content->data;
     sizeleft = content->length;
     if ((sizeleft -= KRB5_KDB_V1_BASE_LENGTH) < 0)
-       return KRB5_KDB_TRUNCATED_RECORD;
+        return KRB5_KDB_TRUNCATED_RECORD;
 
-       /* Base Length */
+    /* Base Length */
     krb5_kdb_decode_int16(nextloc, entry->len);
     nextloc += 2;
 
-       /* Attributes */
+    /* Attributes */
     krb5_kdb_decode_int32(nextloc, entry->attributes);
     nextloc += 4;
 
-       /* Max Life */
+    /* Max Life */
     krb5_kdb_decode_int32(nextloc, entry->max_life);
     nextloc += 4;
 
-       /* Max Renewable Life */
+    /* Max Renewable Life */
     krb5_kdb_decode_int32(nextloc, entry->max_renewable_life);
     nextloc += 4;
 
-       /* When the client expires */
+    /* When the client expires */
     krb5_kdb_decode_int32(nextloc, entry->expiration);
     nextloc += 4;
 
-       /* When its passwd expires */
+    /* When its passwd expires */
     krb5_kdb_decode_int32(nextloc, entry->pw_expiration);
     nextloc += 4;
 
-       /* Last successful passwd */
+    /* Last successful passwd */
     krb5_kdb_decode_int32(nextloc, entry->last_success);
     nextloc += 4;
 
-       /* Last failed passwd attempt */
+    /* Last failed passwd attempt */
     krb5_kdb_decode_int32(nextloc, entry->last_failed);
     nextloc += 4;
 
-       /* # of failed passwd attempt */
+    /* # of failed passwd attempt */
     krb5_kdb_decode_int32(nextloc, entry->fail_auth_count);
     nextloc += 4;
 
-       /* # tl_data strutures */
+    /* # tl_data strutures */
     krb5_kdb_decode_int16(nextloc, entry->n_tl_data);
     nextloc += 2;
 
     if (entry->n_tl_data < 0)
-       return KRB5_KDB_TRUNCATED_RECORD;
+        return KRB5_KDB_TRUNCATED_RECORD;
 
-       /* # key_data strutures */
+    /* # key_data strutures */
     krb5_kdb_decode_int16(nextloc, entry->n_key_data);
     nextloc += 2;
 
     if (entry->n_key_data < 0)
-       return KRB5_KDB_TRUNCATED_RECORD;
+        return KRB5_KDB_TRUNCATED_RECORD;
 
-       /* Check for extra data */
+    /* Check for extra data */
     if (entry->len > KRB5_KDB_V1_BASE_LENGTH) {
-       entry->e_length = entry->len - KRB5_KDB_V1_BASE_LENGTH;
-       if ((entry->e_data = (krb5_octet *)malloc(entry->e_length))) {
-           memcpy(entry->e_data, nextloc, entry->e_length);
-           nextloc += entry->e_length;
-       } else {
-           return ENOMEM;
-       }
+        entry->e_length = entry->len - KRB5_KDB_V1_BASE_LENGTH;
+        if ((entry->e_data = (krb5_octet *)malloc(entry->e_length))) {
+            memcpy(entry->e_data, nextloc, entry->e_length);
+            nextloc += entry->e_length;
+        } else {
+            return ENOMEM;
+        }
     }
 
     /*
@@ -340,8 +331,8 @@ krb5_decode_princ_contents(context, content, entry)
      * (stored as a string which gets unparsed.)
      */
     if ((sizeleft -= 2) < 0) {
-       retval = KRB5_KDB_TRUNCATED_RECORD;
-       goto error_out;
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto error_out;
     }
 
     i = 0;
@@ -350,99 +341,99 @@ krb5_decode_princ_contents(context, content, entry)
     nextloc += 2;
 
     if ((retval = krb5_parse_name(context, (char *)nextloc, &(entry->princ))))
-       goto error_out;
+        goto error_out;
     if (((size_t) i != (strlen((char *)nextloc) + 1)) || (sizeleft < i)) {
-       retval = KRB5_KDB_TRUNCATED_RECORD;
-       goto error_out;
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto error_out;
     }
     sizeleft -= i;
     nextloc += i;
 
-       /* tl_data is a linked list */
+    /* tl_data is a linked list */
     tl_data = &entry->tl_data;
     for (i = 0; i < entry->n_tl_data; i++) {
-       if ((sizeleft -= 4) < 0) {
-           retval = KRB5_KDB_TRUNCATED_RECORD;
-           goto error_out;
-       }
-       if ((*tl_data = (krb5_tl_data *)
-         malloc(sizeof(krb5_tl_data))) == NULL) {
-           retval = ENOMEM;
-           goto error_out;
-       }
-       (*tl_data)->tl_data_next = NULL;
-       (*tl_data)->tl_data_contents = NULL;
-       krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_type);
-       nextloc += 2;
-       krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_length);
-       nextloc += 2;
-
-       if ((sizeleft -= (*tl_data)->tl_data_length) < 0) {
-           retval = KRB5_KDB_TRUNCATED_RECORD;
-           goto error_out;
-       }
-       if (((*tl_data)->tl_data_contents = (krb5_octet *)
-         malloc((*tl_data)->tl_data_length)) == NULL) {
-           retval = ENOMEM;
-           goto error_out;
-       }
-       memcpy((*tl_data)->tl_data_contents,nextloc,(*tl_data)->tl_data_length);
-       nextloc += (*tl_data)->tl_data_length;
-       tl_data = &((*tl_data)->tl_data_next);
+        if ((sizeleft -= 4) < 0) {
+            retval = KRB5_KDB_TRUNCATED_RECORD;
+            goto error_out;
+        }
+        if ((*tl_data = (krb5_tl_data *)
+             malloc(sizeof(krb5_tl_data))) == NULL) {
+            retval = ENOMEM;
+            goto error_out;
+        }
+        (*tl_data)->tl_data_next = NULL;
+        (*tl_data)->tl_data_contents = NULL;
+        krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_type);
+        nextloc += 2;
+        krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_length);
+        nextloc += 2;
+
+        if ((sizeleft -= (*tl_data)->tl_data_length) < 0) {
+            retval = KRB5_KDB_TRUNCATED_RECORD;
+            goto error_out;
+        }
+        if (((*tl_data)->tl_data_contents = (krb5_octet *)
+             malloc((*tl_data)->tl_data_length)) == NULL) {
+            retval = ENOMEM;
+            goto error_out;
+        }
+        memcpy((*tl_data)->tl_data_contents,nextloc,(*tl_data)->tl_data_length);
+        nextloc += (*tl_data)->tl_data_length;
+        tl_data = &((*tl_data)->tl_data_next);
     }
 
-       /* key_data is an array */
+    /* key_data is an array */
     if (entry->n_key_data && ((entry->key_data = (krb5_key_data *)
-      malloc(sizeof(krb5_key_data) * entry->n_key_data)) == NULL)) {
+                               malloc(sizeof(krb5_key_data) * entry->n_key_data)) == NULL)) {
         retval = ENOMEM;
-       goto error_out;
+        goto error_out;
     }
     for (i = 0; i < entry->n_key_data; i++) {
-       krb5_key_data * key_data;
+        krb5_key_data * key_data;
         int j;
 
-       if ((sizeleft -= 4) < 0) {
-           retval = KRB5_KDB_TRUNCATED_RECORD;
-           goto error_out;
-       }
-       key_data = entry->key_data + i;
-       memset(key_data, 0, sizeof(krb5_key_data));
-       krb5_kdb_decode_int16(nextloc, key_data->key_data_ver);
-       nextloc += 2;
-       krb5_kdb_decode_int16(nextloc, key_data->key_data_kvno);
-       nextloc += 2;
-
-       /* key_data_ver determins number of elements and how to unparse them. */
-       if (key_data->key_data_ver <= KRB5_KDB_V1_KEY_DATA_ARRAY) {
-           for (j = 0; j < key_data->key_data_ver; j++) {
-               if ((sizeleft -= 4) < 0) {
-                   retval = KRB5_KDB_TRUNCATED_RECORD;
-                   goto error_out;
-               }
-               krb5_kdb_decode_int16(nextloc, key_data->key_data_type[j]);
-               nextloc += 2;
-               krb5_kdb_decode_int16(nextloc, key_data->key_data_length[j]);
-               nextloc += 2;
-
-               if ((sizeleft -= key_data->key_data_length[j]) < 0) {
-                   retval = KRB5_KDB_TRUNCATED_RECORD;
-                   goto error_out;
-               }
-               if (key_data->key_data_length[j]) {
-                   if ((key_data->key_data_contents[j] = (krb5_octet *)
-                     malloc(key_data->key_data_length[j])) == NULL) {
-                       retval = ENOMEM;
-                       goto error_out;
-                   }
-                   memcpy(key_data->key_data_contents[j], nextloc,
-                          key_data->key_data_length[j]);
-                   nextloc += key_data->key_data_length[j];
-               }
-           }
-       } else {
-           /* This isn't right. I'll fix it later */
-           abort();
-       }
+        if ((sizeleft -= 4) < 0) {
+            retval = KRB5_KDB_TRUNCATED_RECORD;
+            goto error_out;
+        }
+        key_data = entry->key_data + i;
+        memset(key_data, 0, sizeof(krb5_key_data));
+        krb5_kdb_decode_int16(nextloc, key_data->key_data_ver);
+        nextloc += 2;
+        krb5_kdb_decode_int16(nextloc, key_data->key_data_kvno);
+        nextloc += 2;
+
+        /* key_data_ver determins number of elements and how to unparse them. */
+        if (key_data->key_data_ver <= KRB5_KDB_V1_KEY_DATA_ARRAY) {
+            for (j = 0; j < key_data->key_data_ver; j++) {
+                if ((sizeleft -= 4) < 0) {
+                    retval = KRB5_KDB_TRUNCATED_RECORD;
+                    goto error_out;
+                }
+                krb5_kdb_decode_int16(nextloc, key_data->key_data_type[j]);
+                nextloc += 2;
+                krb5_kdb_decode_int16(nextloc, key_data->key_data_length[j]);
+                nextloc += 2;
+
+                if ((sizeleft -= key_data->key_data_length[j]) < 0) {
+                    retval = KRB5_KDB_TRUNCATED_RECORD;
+                    goto error_out;
+                }
+                if (key_data->key_data_length[j]) {
+                    if ((key_data->key_data_contents[j] = (krb5_octet *)
+                         malloc(key_data->key_data_length[j])) == NULL) {
+                        retval = ENOMEM;
+                        goto error_out;
+                    }
+                    memcpy(key_data->key_data_contents[j], nextloc,
+                           key_data->key_data_length[j]);
+                    nextloc += key_data->key_data_length[j];
+                }
+            }
+        } else {
+            /* This isn't right. I'll fix it later */
+            abort();
+        }
     }
     return 0;
 
@@ -452,41 +443,39 @@ error_out:;
 }
 
 void
-krb5_dbe_free_contents(context, entry)
-     krb5_context        context;
-     krb5_db_entry     * entry;
+krb5_dbe_free_contents(krb5_context context, krb5_db_entry *entry)
 {
-    krb5_tl_data       * tl_data_next;
-    krb5_tl_data       * tl_data;
+    krb5_tl_data        * tl_data_next;
+    krb5_tl_data        * tl_data;
     int i, j;
 
     if (entry->e_data)
-       free(entry->e_data);
+        free(entry->e_data);
     if (entry->princ)
-       krb5_free_principal(context, entry->princ);
+        krb5_free_principal(context, entry->princ);
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
-       tl_data_next = tl_data->tl_data_next;
-       if (tl_data->tl_data_contents)
-           free(tl_data->tl_data_contents);
-       free(tl_data);
+        tl_data_next = tl_data->tl_data_next;
+        if (tl_data->tl_data_contents)
+            free(tl_data->tl_data_contents);
+        free(tl_data);
     }
     if (entry->key_data) {
-       for (i = 0; i < entry->n_key_data; i++) {
-           for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
-               if (entry->key_data[i].key_data_length[j]) {
-                   if (entry->key_data[i].key_data_contents[j]) {
-                       memset(entry->key_data[i].key_data_contents[j],
-                              0,
-                              (unsigned) entry->key_data[i].key_data_length[j]);
-                       free (entry->key_data[i].key_data_contents[j]);
-                   }
-               }
-               entry->key_data[i].key_data_contents[j] = NULL;
-               entry->key_data[i].key_data_length[j] = 0;
-               entry->key_data[i].key_data_type[j] = 0;
-           }
-       }
-       free(entry->key_data);
+        for (i = 0; i < entry->n_key_data; i++) {
+            for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+                if (entry->key_data[i].key_data_length[j]) {
+                    if (entry->key_data[i].key_data_contents[j]) {
+                        memset(entry->key_data[i].key_data_contents[j],
+                               0,
+                               (unsigned) entry->key_data[i].key_data_length[j]);
+                        free (entry->key_data[i].key_data_contents[j]);
+                    }
+                }
+                entry->key_data[i].key_data_contents[j] = NULL;
+                entry->key_data[i].key_data_length[j] = 0;
+                entry->key_data[i].key_data_type[j] = 0;
+            }
+        }
+        free(entry->key_data);
     }
     memset(entry, 0, sizeof(*entry));
     return;
index bd01ead276857129336a20ebd13b9b0e34195774..e4a202b37549fcb8cfb4da9851c388b23aeaac51 100644 (file)
@@ -1,34 +1,28 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _KDB2_XDR_H
 #define _KDB2_XDR_H
 
 #include "kdb.h"
 
 krb5_error_code
-krb5_encode_princ_dbkey( krb5_context context,
-                        krb5_data  *key,
-                        krb5_const_principal principal);
+krb5_encode_princ_dbkey(krb5_context context, krb5_data *key,
+                        krb5_const_principal principal);
 
 krb5_error_code
-krb5_decode_princ_contents( krb5_context         context,
-                           krb5_data           * content,
-                           krb5_db_entry       * entry);
+krb5_decode_princ_contents(krb5_context context, krb5_data *content,
+                           krb5_db_entry *entry);
 
 void
-krb5_dbe_free_contents( krb5_context     context,
-                       krb5_db_entry   * entry);
+krb5_dbe_free_contents(krb5_context context, krb5_db_entry *entry);
 
 krb5_error_code
-krb5_encode_princ_contents( krb5_context         context,
-                           krb5_data           * content,
-                           krb5_db_entry       * entry);
-
+krb5_encode_princ_contents(krb5_context context, krb5_data *content,
+                           krb5_db_entry *entry);
 
 void
-krb5_free_princ_dbkey( krb5_context context,
-                      krb5_data  *key);
+krb5_free_princ_dbkey(krb5_context context, krb5_data *key);
 
 void
-krb5_free_princ_contents( krb5_context context,
-                         krb5_data *contents);
+krb5_free_princ_contents(krb5_context context, krb5_data *contents);
 
 #endif
index e6c4b65e045e8873fa96b77f16810c9476e21742..498c0dea629768ab19b3ca7f70a9cff2b5ee28a0 100644 (file)
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/db2/lockout.c
  *
index 54af70cd66e2db789bdc6487d04533c07d6b786b..f2842e9560529889baff8663d4178efc5d4d5782 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Data Types for policy and principal information that
  * exists in the respective databases.
 #include "adb_err.h"
 #include <com_err.h>
 
-typedef        long            osa_adb_ret_t;
+typedef long            osa_adb_ret_t;
 
-#define OSA_ADB_POLICY_DB_MAGIC        0x12345A00
+#define OSA_ADB_POLICY_DB_MAGIC 0x12345A00
 
-#define OSA_ADB_POLICY_VERSION_MASK    0x12345D00
-#define OSA_ADB_POLICY_VERSION_1       0x12345D01
-#define OSA_ADB_POLICY_VERSION_2       0x12345D02
+#define OSA_ADB_POLICY_VERSION_MASK     0x12345D00
+#define OSA_ADB_POLICY_VERSION_1        0x12345D01
+#define OSA_ADB_POLICY_VERSION_2        0x12345D02
 
 
 
 typedef struct _osa_adb_db_lock_ent_t {
-     FILE     *lockfile;
-     char     *filename;
-     int      refcnt, lockmode, lockcnt;
-     krb5_context context;
+    FILE     *lockfile;
+    char     *filename;
+    int      refcnt, lockmode, lockcnt;
+    krb5_context context;
 } osa_adb_lock_ent, *osa_adb_lock_t;
 
 typedef struct _osa_adb_db_ent_t {
-     int        magic;
-     DB         *db;
-     HASHINFO   info;
-     BTREEINFO  btinfo;
-     char       *filename;
-     osa_adb_lock_t lock;
-     int        opencnt;
+    int        magic;
+    DB         *db;
+    HASHINFO   info;
+    BTREEINFO  btinfo;
+    char       *filename;
+    osa_adb_lock_t lock;
+    int        opencnt;
 } osa_adb_db_ent, *osa_adb_db_t, *osa_adb_princ_t, *osa_adb_policy_t;
 
 /*
  * Return Code (the rest are in adb_err.h)
  */
 
-#define OSA_ADB_OK             0
+#define OSA_ADB_OK              0
 
 /*
  * Functions
  */
 
-krb5_error_code        osa_adb_create_db(char *filename, char *lockfile, int magic);
-krb5_error_code        osa_adb_destroy_db(char *filename, char *lockfile, int magic);
-krb5_error_code   osa_adb_rename_db(char *filefrom, char *lockfrom,
-                                 char *fileto, char *lockto, int magic);
-krb5_error_code        osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
-                               char *lockfile, int magic);
-krb5_error_code        osa_adb_fini_db(osa_adb_db_t db, int magic);
-krb5_error_code        osa_adb_get_lock(osa_adb_db_t db, int mode);
-krb5_error_code        osa_adb_release_lock(osa_adb_db_t db);
+krb5_error_code osa_adb_create_db(char *filename, char *lockfile, int magic);
+krb5_error_code osa_adb_destroy_db(char *filename, char *lockfile, int magic);
+krb5_error_code osa_adb_rename_db(char *filefrom, char *lockfrom,
+                                  char *fileto, char *lockto, int magic);
+krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
+                                char *lockfile, int magic);
+krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic);
+krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode);
+krb5_error_code osa_adb_release_lock(osa_adb_db_t db);
 krb5_error_code osa_adb_open_and_lock(osa_adb_princ_t db, int locktype);
 krb5_error_code osa_adb_close_and_unlock(osa_adb_princ_t db);
-krb5_error_code        osa_adb_close_policy(osa_adb_policy_t db);
-krb5_error_code        osa_adb_create_policy(osa_adb_policy_t db,
-                                     osa_policy_ent_t entry);
-krb5_error_code        osa_adb_destroy_policy(osa_adb_policy_t db,
-                                      char * name);
-krb5_error_code        osa_adb_get_policy(osa_adb_policy_t db,
-                                  char * name,
-                                  osa_policy_ent_t *entry,
-                                  int *cnt);
-krb5_error_code        osa_adb_put_policy(osa_adb_policy_t db,
-                                  osa_policy_ent_t entry);
-krb5_error_code        osa_adb_iter_policy(osa_adb_policy_t db,
-                                   osa_adb_iter_policy_func func,
-                                   void * data);
-void           osa_free_policy_ent(osa_policy_ent_t val);
-
-bool_t  xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp);
+krb5_error_code osa_adb_close_policy(osa_adb_policy_t db);
+krb5_error_code osa_adb_create_policy(osa_adb_policy_t db,
+                                      osa_policy_ent_t entry);
+krb5_error_code osa_adb_destroy_policy(osa_adb_policy_t db,
+                                       char * name);
+krb5_error_code osa_adb_get_policy(osa_adb_policy_t db,
+                                   char * name,
+                                   osa_policy_ent_t *entry,
+                                   int *cnt);
+krb5_error_code osa_adb_put_policy(osa_adb_policy_t db,
+                                   osa_policy_ent_t entry);
+krb5_error_code osa_adb_iter_policy(osa_adb_policy_t db,
+                                    osa_adb_iter_policy_func func,
+                                    void * data);
+void osa_free_policy_ent(osa_policy_ent_t val);
+
+bool_t xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp);
 
 #endif /* __ADB_H__ */
index e42b055866a16560b34192bee9c4005031ba78cb..f3668fa30703105706fc1d2e4273ae55fdf7e71f 100644 (file)
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/hdb/kdb_hdb.c
  *
@@ -153,11 +153,11 @@ kh_db_context_init(krb5_context context,
         goto cleanup;
     }
 
-#define GET_PLUGIN_FUNC(_lib, _sym, _member)     do { \
-    code = krb5int_get_plugin_func(kh->_lib, _sym, \
-                                   (void (**)())&kh->_member, &errinfo); \
-    if (code != 0) \
-        goto cleanup; \
+#define GET_PLUGIN_FUNC(_lib, _sym, _member)     do {                   \
+        code = krb5int_get_plugin_func(kh->_lib, _sym,                  \
+                                       (void (**)())&kh->_member, &errinfo); \
+        if (code != 0)                                                  \
+            goto cleanup;                                               \
     } while (0)
 
     /* libkrb5 */
@@ -568,8 +568,8 @@ kh_db_get_age(krb5_context context,
 
 static krb5_error_code
 kh_db_set_option(krb5_context context,
-                  int option,
-                  void *value)
+                 int option,
+                 void *value)
 {
     return KRB5_KDB_DBTYPE_NOSUP;
 }
index 6ba5fbcb575378b3d8d0ad37167db4ca3e8ae236..0d04059b505386a669b1a274dbdc971d88e1e629 100644 (file)
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/hdb/kdb_hdb.c
  *
@@ -74,10 +74,10 @@ typedef struct _kh_db_context {
     void *windc_ctx;
 } kh_db_context;
 
-#define KH_DB_CONTEXT(_context)    \
+#define KH_DB_CONTEXT(_context)                                 \
     ((kh_db_context *)(_context)->dal_handle->db_context)
 
-#define KH_DB_ENTRY(_entry)         \
+#define KH_DB_ENTRY(_entry)                     \
     ((hdb_entry_ex *)(_entry)->e_data)
 
 /* kdb_hdb.c */
@@ -111,10 +111,10 @@ kh_hdb_free_entry(krb5_context context,
 
 /* kdb_marshal.c */
 
-#define KH_MARSHAL_KEY(_kkey, _hkey)        do {        \
-    (_hkey)->keytype            = (_kkey)->enctype;     \
-    (_hkey)->keyvalue.data      = (_kkey)->contents;    \
-    (_hkey)->keyvalue.length    = (_kkey)->length;      \
+#define KH_MARSHAL_KEY(_kkey, _hkey)        do {                \
+        (_hkey)->keytype            = (_kkey)->enctype;         \
+        (_hkey)->keyvalue.data      = (_kkey)->contents;        \
+        (_hkey)->keyvalue.length    = (_kkey)->length;          \
     } while (0)
 
 krb5_error_code
index d5e469347f8c05b8271a8cc0310c1185db6f6a51..624b17fc7582bb8210de98f7e1dd621fa5dda4fa 100644 (file)
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/hdb/kdb_marshal.c
  *
@@ -69,8 +69,8 @@ kh_free_HostAddresses(krb5_context context,
 #if 0
 static krb5_error_code
 kh_marshal_octet_string(krb5_context context,
-                         const krb5_data *in_data,
-                         heim_octet_string *out_data)
+                        const krb5_data *in_data,
+                        heim_octet_string *out_data)
 {
     out_data->data = malloc(in_data->length);
     if (out_data->data == NULL)
@@ -198,7 +198,7 @@ kh_marshal_Principal(krb5_context context,
     }
     for (i = 0; i < kprinc->length; i++) {
         code = kh_marshal_general_string(context, &kprinc->data[i],
-                                          &hprinc->name.name_string.val[i]);
+                                         &hprinc->name.name_string.val[i]);
         if (code != 0) {
             kh_free_Principal(context, hprinc);
             return code;
@@ -778,7 +778,7 @@ kh_unmarshal_hdb_entry(krb5_context context,
 
     code = kh_unmarshal_Event(context,
                               hentry->modified_by ? hentry->modified_by :
-                                                    &hentry->created_by,
+                              &hentry->created_by,
                               kentry);
     if (code != 0)
         goto cleanup;
index 9481876c62d9d2a0a93e7e572f1c1e7c16d99000..6c8db85ff56a8d3aa9687b7f9af9b98f3dd45985 100644 (file)
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/hdb/kdb_windc.c
  *
@@ -311,7 +311,7 @@ kh_db_sign_auth_data(krb5_context context,
 
         code = kh_windc_pac_verify(context, kh, client_hprinc,
                                    req->client ?
-                                        KH_DB_ENTRY(req->client) : NULL,
+                                   KH_DB_ENTRY(req->client) : NULL,
                                    KH_DB_ENTRY(req->server),
                                    &hpac);
         if (code != 0)
index 742e3ce5072396c1eea925a118c487a588a09d9f..8deaf373792b5bb4e2845987169c47ae994321a6 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_exp.c
  *
  */
 
 kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = {
-  1,                                      /* major version number 1 */
-  0,                                      /* minor version number 0 */
-  /* init_library */                          krb5_ldap_lib_init,
-  /* fini_library */                          krb5_ldap_lib_cleanup,
-  /* init_module */                           krb5_ldap_open,
-  /* fini_module */                           krb5_ldap_close,
-  /* db_create */                             krb5_ldap_create,
-  /* db_destroy */                            krb5_ldap_delete_realm_1,
-  /* db_get_age */                             krb5_ldap_db_get_age,
-  /* db_set_option */                         krb5_ldap_set_option,
-  /* db_lock */                                       krb5_ldap_lock,
-  /* db_unlock */                             krb5_ldap_unlock,
-  /* db_get_principal */                      krb5_ldap_get_principal,
-  /* db_free_principal */                     krb5_ldap_free_principal,
-  /* db_put_principal */                      krb5_ldap_put_principal,
-  /* db_delete_principal */                   krb5_ldap_delete_principal,
-  /* db_iterate */                            krb5_ldap_iterate,
-  /* db_create_policy */                       krb5_ldap_create_password_policy,
-  /* db_get_policy */                          krb5_ldap_get_password_policy,
-  /* db_put_policy */                          krb5_ldap_put_password_policy,
-  /* db_iter_policy */                         krb5_ldap_iterate_password_policy,
-  /* db_delete_policy */                       krb5_ldap_delete_password_policy,
-  /* db_free_policy */                         krb5_ldap_free_password_policy,
-  /* db_supported_realms */                   krb5_ldap_supported_realms,
-  /* db_free_supported_realms */              krb5_ldap_free_supported_realms,
-  /* errcode_2_string */                       krb5_ldap_errcode_2_string,
-  /* release_errcode_string */                krb5_ldap_release_errcode_string,
-  /* db_alloc */                               krb5_ldap_alloc,
-  /* db_free */                                krb5_ldap_free,
-            /* optional functions */
-  /* set_master_key */                        krb5_ldap_set_mkey,
-  /* get_master_key */                        krb5_ldap_get_mkey,
-  /* set_master_key_list */                   krb5_ldap_set_mkey_list,
-  /* get_master_key_list */                   krb5_ldap_get_mkey_list,
-  /* setup_master_key_name */                 NULL,
-  /* store_master_key */                      NULL,
-  /* fetch_master_key */                      NULL /* krb5_ldap_fetch_mkey */,
-  /* verify_master_key */                     NULL /* krb5_ldap_verify_master_key */,
-  /* fetch_master_key_list */                 NULL,
-  /* store_master_key_list */                 NULL,
-  /* Search enc type */                        NULL,
-  /* Change pwd   */                           NULL,
-  /* promote_db */                             NULL,
-  /* dbekd_decrypt_key_data */                 NULL,
-  /* dbekd_encrypt_key_data */                 NULL,
-  /* db_invoke */                             krb5_ldap_invoke,
+    1,                                      /* major version number 1 */
+    0,                                      /* minor version number 0 */
+    /* init_library */                      krb5_ldap_lib_init,
+    /* fini_library */                      krb5_ldap_lib_cleanup,
+    /* init_module */                       krb5_ldap_open,
+    /* fini_module */                       krb5_ldap_close,
+    /* db_create */                         krb5_ldap_create,
+    /* db_destroy */                        krb5_ldap_delete_realm_1,
+    /* db_get_age */                        krb5_ldap_db_get_age,
+    /* db_set_option */                     krb5_ldap_set_option,
+    /* db_lock */                           krb5_ldap_lock,
+    /* db_unlock */                         krb5_ldap_unlock,
+    /* db_get_principal */                  krb5_ldap_get_principal,
+    /* db_free_principal */                 krb5_ldap_free_principal,
+    /* db_put_principal */                  krb5_ldap_put_principal,
+    /* db_delete_principal */               krb5_ldap_delete_principal,
+    /* db_iterate */                        krb5_ldap_iterate,
+    /* db_create_policy */                  krb5_ldap_create_password_policy,
+    /* db_get_policy */                     krb5_ldap_get_password_policy,
+    /* db_put_policy */                     krb5_ldap_put_password_policy,
+    /* db_iter_policy */                    krb5_ldap_iterate_password_policy,
+    /* db_delete_policy */                  krb5_ldap_delete_password_policy,
+    /* db_free_policy */                    krb5_ldap_free_password_policy,
+    /* db_supported_realms */               krb5_ldap_supported_realms,
+    /* db_free_supported_realms */          krb5_ldap_free_supported_realms,
+    /* errcode_2_string */                  krb5_ldap_errcode_2_string,
+    /* release_errcode_string */            krb5_ldap_release_errcode_string,
+    /* db_alloc */                          krb5_ldap_alloc,
+    /* db_free */                           krb5_ldap_free,
+    /* optional functions */
+    /* set_master_key */                    krb5_ldap_set_mkey,
+    /* get_master_key */                    krb5_ldap_get_mkey,
+    /* set_master_key_list */               krb5_ldap_set_mkey_list,
+    /* get_master_key_list */               krb5_ldap_get_mkey_list,
+    /* setup_master_key_name */             NULL,
+    /* store_master_key */                  NULL,
+    /* fetch_master_key */                  NULL /* krb5_ldap_fetch_mkey */,
+    /* verify_master_key */                 NULL /* krb5_ldap_verify_master_key */,
+    /* fetch_master_key_list */             NULL,
+    /* store_master_key_list */             NULL,
+    /* Search enc type */                   NULL,
+    /* Change pwd   */                      NULL,
+    /* promote_db */                        NULL,
+    /* dbekd_decrypt_key_data */            NULL,
+    /* dbekd_encrypt_key_data */            NULL,
+    /* db_invoke */                         krb5_ldap_invoke,
 
 };
index 09b50797dc3fd04366c2578b9baf054ea8c800d0..f8dce07b30843dc11bd3229e10c711c80891366c 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_list.c
  */
 /*
  * Counts the number of entries in the given array of strings
  */
-int list_count_str_array(char **list)
+int
+list_count_str_array(char **list)
 {
     int i = 0;
 
     if (list == NULL)
-       return 0;
+        return 0;
 
     for (i = 0; *list != NULL; list++) {
-       i++;
+        i++;
     }
 
     return i;
@@ -57,15 +59,16 @@ int list_count_str_array(char **list)
 /*
  * Counts the number of entries in the given array of integers
  */
-int list_count_int_array(int *list)
+int
+list_count_int_array(int *list)
 {
     int i = 0;
 
     if (list == NULL)
-       return 0;
+        return 0;
 
     for (i = 0; *list != END_OF_LIST; list++) {
-       i++;
+        i++;
     }
 
     return i;
@@ -75,14 +78,14 @@ int list_count_int_array(int *list)
 /*
  * Frees the entries in a given list and not the list pointer
  */
-void krb5_free_list_entries(list)
-    char **list;
+void
+krb5_free_list_entries(char **list)
 {
     if (list == NULL)
-       return;
+        return;
     for (; *list != NULL; list++) {
-       free(*list);
-       *list = NULL;
+        free(*list);
+        *list = NULL;
     }
 
     return;
@@ -94,10 +97,7 @@ void krb5_free_list_entries(list)
  * and return the result as a list
  */
 krb5_error_code
-krb5_parse_list(buffer, delimiter, list)
-    char *buffer;
-    char *delimiter;
-    char **list;
+krb5_parse_list(char *buffer, char *delimiter, char **list)
 {
     char *str = NULL;
     char *token = NULL;
@@ -107,40 +107,39 @@ krb5_parse_list(buffer, delimiter, list)
     int count = 0;
 
     if ((buffer == NULL) || (list == NULL) || (delimiter == NULL)) {
-       return EINVAL;
+        return EINVAL;
     }
 
     str = strdup(buffer);
     if (str == NULL)
-       return ENOMEM;
+        return ENOMEM;
 
     token = strtok_r(str, delimiter, &ptrptr);
     for (count = 1; ((token != NULL) && (count < MAX_LIST_ENTRIES));
-        plist++, count++) {
-       *plist = strdup(token);
-       if (*plist == NULL) {
-           retval = ENOMEM;
-           goto cleanup;
-       }
-       token = strtok_r(NULL, delimiter, &ptrptr);
+         plist++, count++) {
+        *plist = strdup(token);
+        if (*plist == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        token = strtok_r(NULL, delimiter, &ptrptr);
     }
     *plist = NULL;
 
 cleanup:
     if (str) {
-       free(str);
-       str = NULL;
+        free(str);
+        str = NULL;
     }
     if (retval)
-       krb5_free_list_entries(list);
+        krb5_free_list_entries(list);
 
     return retval;
 }
 
 
-int compare_int(m1, m2)
-    const void *m1;
-    const void *m2;
+int
+compare_int(const void *m1, const void *m2)
 {
     int mi1 = *(const int *)m1;
     int mi2 = *(const int *)m2;
@@ -154,10 +153,8 @@ int compare_int(m1, m2)
  * entries present in the source list, depending on the mode
  * (ADD or DELETE).
  */
-void list_modify_str_array(destlist, sourcelist, mode)
-    char ***destlist;
-    const char **sourcelist;
-    int mode;
+void
+list_modify_str_array(char ***destlist, const char **sourcelist, int mode)
 {
     char **dlist = NULL, **tmplist = NULL;
     const char **slist = NULL;
@@ -165,52 +162,52 @@ void list_modify_str_array(destlist, sourcelist, mode)
     int found = 0;
 
     if ((destlist == NULL) || (*destlist == NULL) || (sourcelist == NULL))
-       return;
+        return;
 
     /* We need to add every entry present in the source list to
      * the destination list */
     if (mode == LIST_MODE_ADD) {
-       /* Traverse throught the end of destlist for appending */
-       for (dlist = *destlist, dcount = 0; *dlist != NULL;
-            dlist++, dcount++) {
-           ;   /* NULL statement */
-       }
-       /* Count the number of entries in the source list */
-       for (slist = sourcelist, scount = 0; *slist != NULL;
-            slist++, scount++) {
-           ;   /* NULL statement */
-       }
-       /* Reset the slist pointer to the start of source list */
-       slist = sourcelist;
-
-       /* Now append the source list to the existing destlist */
-       if ((dcount + scount) < MAX_LIST_ENTRIES)
-           copycount = scount;
-       else
-           /* Leave the last entry for list terminator(=NULL) */
-           copycount = (MAX_LIST_ENTRIES -1) - dcount;
-
-       memcpy(dlist, slist, (sizeof(char *) * copycount));
-       dlist += copycount;
-       *dlist = NULL;
+        /* Traverse throught the end of destlist for appending */
+        for (dlist = *destlist, dcount = 0; *dlist != NULL;
+             dlist++, dcount++) {
+            ;   /* NULL statement */
+        }
+        /* Count the number of entries in the source list */
+        for (slist = sourcelist, scount = 0; *slist != NULL;
+             slist++, scount++) {
+            ;   /* NULL statement */
+        }
+        /* Reset the slist pointer to the start of source list */
+        slist = sourcelist;
+
+        /* Now append the source list to the existing destlist */
+        if ((dcount + scount) < MAX_LIST_ENTRIES)
+            copycount = scount;
+        else
+            /* Leave the last entry for list terminator(=NULL) */
+            copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+        memcpy(dlist, slist, (sizeof(char *) * copycount));
+        dlist += copycount;
+        *dlist = NULL;
     } else if (mode == LIST_MODE_DELETE) {
-       /* We need to delete every entry present in the source list
-        * from the destination list */
-       for (slist = sourcelist; *slist != NULL; slist++) {
-           for (dlist = *destlist; *dlist != NULL; dlist++) {
-               found = 0; /* value not found */
-               /* DN is case insensitive string */
-               if (strcasecmp(*dlist, *slist) == 0) {
-                   found = 1;
-                   free(*dlist);
-                   /* Advance the rest of the entries by one */
-                   for (tmplist = dlist; *tmplist != NULL; tmplist++) {
-                       *tmplist = *(tmplist+1);
-                   }
-                   break;
-               }
-           }
-       }
+        /* We need to delete every entry present in the source list
+         * from the destination list */
+        for (slist = sourcelist; *slist != NULL; slist++) {
+            for (dlist = *destlist; *dlist != NULL; dlist++) {
+                found = 0; /* value not found */
+                /* DN is case insensitive string */
+                if (strcasecmp(*dlist, *slist) == 0) {
+                    found = 1;
+                    free(*dlist);
+                    /* Advance the rest of the entries by one */
+                    for (tmplist = dlist; *tmplist != NULL; tmplist++) {
+                        *tmplist = *(tmplist+1);
+                    }
+                    break;
+                }
+            }
+        }
     }
 
     return;
@@ -222,10 +219,8 @@ void list_modify_str_array(destlist, sourcelist, mode)
  * entries present in the source list, depending on the mode
  * (ADD or DELETE). where the list is array of integers.
  */
-int list_modify_int_array(destlist, sourcelist, mode)
-    int *destlist;
-    const int *sourcelist;
-    int mode;
+int
+list_modify_int_array(int *destlist, const int *sourcelist, int mode)
 {
     int *dlist = NULL, *tmplist = NULL;
     const int *slist = NULL;
@@ -233,53 +228,53 @@ int list_modify_int_array(destlist, sourcelist, mode)
     int tcount = 0;
 
     if ((destlist == NULL) || (sourcelist == NULL))
-       return 0;
+        return 0;
 
     /* We need to add every entry present in the source list to the
      * destination list */
     if (mode == LIST_MODE_ADD) {
-       /* Traverse throught the end of destlist for appending */
-       for (dlist = destlist, dcount = 0; *dlist != END_OF_LIST;
-            dlist++, dcount++)
-           ;   /* NULL statement */
-
-       /* Count the number of entries in the source list */
-       for (slist = sourcelist, scount = 0; *slist != END_OF_LIST;
-            slist++, scount++)
-           ;   /* NULL statement */
-
-       /* Reset the slist pointer to the start of source list */
-       slist = sourcelist;
-
-       /* Now append the source list to the existing destlist */
-       if ((dcount + scount) < MAX_LIST_ENTRIES)
-           copycount = scount;
-       else
-           /* Leave the last entry for list terminator(=NULL) */
-           copycount = (MAX_LIST_ENTRIES -1) - dcount;
-
-       memcpy(dlist, slist, (sizeof(int) * copycount));
-       dlist += copycount;
-       *dlist = END_OF_LIST;
-       tcount = dcount + copycount;
+        /* Traverse throught the end of destlist for appending */
+        for (dlist = destlist, dcount = 0; *dlist != END_OF_LIST;
+             dlist++, dcount++)
+            ;   /* NULL statement */
+
+        /* Count the number of entries in the source list */
+        for (slist = sourcelist, scount = 0; *slist != END_OF_LIST;
+             slist++, scount++)
+            ;   /* NULL statement */
+
+        /* Reset the slist pointer to the start of source list */
+        slist = sourcelist;
+
+        /* Now append the source list to the existing destlist */
+        if ((dcount + scount) < MAX_LIST_ENTRIES)
+            copycount = scount;
+        else
+            /* Leave the last entry for list terminator(=NULL) */
+            copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+        memcpy(dlist, slist, (sizeof(int) * copycount));
+        dlist += copycount;
+        *dlist = END_OF_LIST;
+        tcount = dcount + copycount;
     } else if (mode == LIST_MODE_DELETE) {
-       /* We need to delete every entry present in the source list from
-        * the destination list */
-       for (slist = sourcelist; *slist != END_OF_LIST; slist++) {
-           for (dlist = destlist; *dlist != END_OF_LIST; dlist++) {
-               if (*dlist == *slist) {
-                   /* Advance the rest of the entries by one */
-                   for (tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) {
-                       *tmplist = *(tmplist+1);
-                   }
-                   break;
-               }
-           }
-       }
-       /* count the number of entries */
-       for (dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) {
-           tcount++;
-       }
+        /* We need to delete every entry present in the source list from
+         * the destination list */
+        for (slist = sourcelist; *slist != END_OF_LIST; slist++) {
+            for (dlist = destlist; *dlist != END_OF_LIST; dlist++) {
+                if (*dlist == *slist) {
+                    /* Advance the rest of the entries by one */
+                    for (tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) {
+                        *tmplist = *(tmplist+1);
+                    }
+                    break;
+                }
+            }
+        }
+        /* count the number of entries */
+        for (dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) {
+            tcount++;
+        }
     }
 
     return tcount;
index a251fde3f3bd70030ce62401c8b4b69ad4db1f1e..ff6bde2f546d600a5790ad4fe8f7c91d4770327b 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_list.h
  */
  */
 
 
-#define MAX_LIST_ENTRIES       64
-#define END_OF_LIST            -1      /* End of List */
-#define LIST_DELIMITER         ":"     /* List entry separator */
-#define LIST_MODE_ADD          0x701   /* Add to the List */
-#define LIST_MODE_DELETE       0x702   /* Delete from the list */
-#define MAX_LEN_LIST_ENTRY     512     /* Max len of an entry */
+#define MAX_LIST_ENTRIES        64
+#define END_OF_LIST             -1      /* End of List */
+#define LIST_DELIMITER          ":"     /* List entry separator */
+#define LIST_MODE_ADD           0x701   /* Add to the List */
+#define LIST_MODE_DELETE        0x702   /* Delete from the list */
+#define MAX_LEN_LIST_ENTRY      512     /* Max len of an entry */
 
 extern krb5_error_code krb5_parse_list(char *buffer, char *delimiter, char **list);
 extern void krb5_free_list_entries(char **list);
index b22e63184054103593971e2b4e2bbc079735298f..4cb3c46ad3a49bfcd2d01ff7337d9a338f217c68 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_policy.c
  */
@@ -48,7 +49,9 @@ static char *strdur(time_t duration);
 extern char *yes;
 extern kadm5_config_params global_params;
 
-static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
+static krb5_error_code
+init_ldap_realm(int argc, char *argv[])
+{
     /* This operation is being performed in the context of a realm. So,
      * initialize the realm */
     int mask = 0;
@@ -65,7 +68,7 @@ static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
 
     if (ldap_context->krbcontainer == NULL) {
         retval = krb5_ldap_read_krbcontainer_params (util_context,
-                &(ldap_context->krbcontainer));
+                                                     &(ldap_context->krbcontainer));
         if (retval != 0) {
             com_err(progname, retval, "while reading kerberos container information");
             goto cleanup;
@@ -74,9 +77,9 @@ static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
 
     if (ldap_context->lrparams == NULL) {
         retval = krb5_ldap_read_realm_params(util_context,
-                global_params.realm,
-                &(ldap_context->lrparams),
-                &mask);
+                                             global_params.realm,
+                                             &(ldap_context->lrparams),
+                                             &mask);
 
         if (retval != 0) {
             goto cleanup;
@@ -91,9 +94,7 @@ cleanup:
  * specified attributes.
  */
 void
-kdb5_ldap_create_policy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_create_policy(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -107,14 +108,14 @@ kdb5_ldap_create_policy(argc, argv)
 
     /* Check for number of arguments */
     if ((argc < 2) || (argc > 16)) {
-       goto err_usage;
+        goto err_usage;
     }
 
     /* Allocate memory for policy parameters structure */
     policyparams = (krb5_ldap_policy_params*) calloc(1, sizeof(krb5_ldap_policy_params));
     if (policyparams == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     /* Get current time */
@@ -122,161 +123,161 @@ kdb5_ldap_create_policy(argc, argv)
 
     /* Parse all arguments */
     for (i = 1; i < argc; i++) {
-       if (!strcmp(argv[i], "-maxtktlife")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           date = get_date(argv[i]);
-           if (date == (time_t)(-1)) {
-               retval = EINVAL;
-               com_err (me, retval, "while providing time specification");
-               goto err_nomsg;
-           }
-
-           policyparams->maxtktlife = date - now;
-
-           mask |= LDAP_POLICY_MAXTKTLIFE;
-       } else if (!strcmp(argv[i], "-maxrenewlife")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           date = get_date(argv[i]);
-           if (date == (time_t)(-1)) {
-               retval = EINVAL;
-               com_err (me, retval, "while providing time specification");
-               goto err_nomsg;
-           }
-
-           policyparams->maxrenewlife = date - now;
-
-           mask |= LDAP_POLICY_MAXRENEWLIFE;
-       } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_svr")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_tix")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "needchange")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
-           else
-               goto err_usage;
-
-           mask |= LDAP_POLICY_TKTFLAGS;
-       } else { /* Any other argument must be policy DN */
-           /* First check if policy DN is already provided --
-              if so, there's a usage error */
+        if (!strcmp(argv[i], "-maxtktlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err (me, retval, "while providing time specification");
+                goto err_nomsg;
+            }
+
+            policyparams->maxtktlife = date - now;
+
+            mask |= LDAP_POLICY_MAXTKTLIFE;
+        } else if (!strcmp(argv[i], "-maxrenewlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err (me, retval, "while providing time specification");
+                goto err_nomsg;
+            }
+
+            policyparams->maxrenewlife = date - now;
+
+            mask |= LDAP_POLICY_MAXRENEWLIFE;
+        } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "needchange")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else { /* Any other argument must be policy DN */
+            /* First check if policy DN is already provided --
+               if so, there's a usage error */
             if (policyparams->policy != NULL)
-               goto err_usage;
+                goto err_usage;
 
-           /* If not present already, fill up policy DN */
+            /* If not present already, fill up policy DN */
             policyparams->policy = strdup(argv[i]);
             if (policyparams->policy == NULL) {
-               retval = ENOMEM;
-               com_err(me, retval, "while creating policy object");
-               goto err_nomsg;
-           }
-       }
+                retval = ENOMEM;
+                com_err(me, retval, "while creating policy object");
+                goto err_nomsg;
+            }
+        }
     }
 
     /* policy DN is a mandatory argument. If not provided, print usage */
     if (policyparams->policy == NULL)
-       goto err_usage;
+        goto err_usage;
 
     if ((retval = init_ldap_realm (argc, argv))) {
         com_err(me, retval, "while reading realm information");
@@ -285,7 +286,7 @@ kdb5_ldap_create_policy(argc, argv)
 
     /* Create object with all attributes provided */
     if ((retval = krb5_ldap_create_policy(util_context, policyparams, mask)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     goto cleanup;
 
@@ -300,13 +301,13 @@ cleanup:
     krb5_ldap_free_policy (util_context, policyparams);
 
     if (print_usage)
-       db_usage(CREATE_POLICY);
+        db_usage(CREATE_POLICY);
 
     if (retval) {
-       if (!no_msg)
-           com_err(me, retval, "while creating policy object");
+        if (!no_msg)
+            com_err(me, retval, "while creating policy object");
 
-       exit_status++;
+        exit_status++;
     }
 
     return;
@@ -318,9 +319,7 @@ cleanup:
  * object interactively, unless forced through an option.
  */
 void
-kdb5_ldap_destroy_policy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_destroy_policy(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -334,55 +333,55 @@ kdb5_ldap_destroy_policy(argc, argv)
     int i = 0;
 
     if ((argc < 2) || (argc > 3)) {
-       goto err_usage;
+        goto err_usage;
     }
 
     for (i = 1; i < argc; i++) {
-       if (strcmp(argv[i], "-force") == 0) {
-           force++;
-       } else { /* Any other argument must be policy DN */
-           /* First check if policy DN is already provided --
-              if so, there's a usage error */
+        if (strcmp(argv[i], "-force") == 0) {
+            force++;
+        } else { /* Any other argument must be policy DN */
+            /* First check if policy DN is already provided --
+               if so, there's a usage error */
             if (policy != NULL)
-               goto err_usage;
+                goto err_usage;
 
-           /* If not present already, fill up policy DN */
+            /* If not present already, fill up policy DN */
             policy = strdup(argv[i]);
             if (policy == NULL) {
-               retval = ENOMEM;
-               com_err(me, retval, "while destroying policy object");
-               goto err_nomsg;
-           }
-       }
+                retval = ENOMEM;
+                com_err(me, retval, "while destroying policy object");
+                goto err_nomsg;
+            }
+        }
     }
 
     if (policy == NULL)
-       goto err_usage;
+        goto err_usage;
 
     if (!force) {
         printf("This will delete the policy object '%s', are you sure?\n", policy);
-       printf("(type 'yes' to confirm)? ");
+        printf("(type 'yes' to confirm)? ");
 
-       if (fgets(buf, sizeof(buf), stdin) == NULL) {
-           retval = EINVAL;
-           goto cleanup;
-       }
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            retval = EINVAL;
+            goto cleanup;
+        }
 
-       if (strcmp(buf, yes)) {
-           exit_status++;
-           goto cleanup;
-       }
+        if (strcmp(buf, yes)) {
+            exit_status++;
+            goto cleanup;
+        }
     }
 
     if ((retval = init_ldap_realm (argc, argv)))
         goto err_nomsg;
 
     if ((retval = krb5_ldap_read_policy(util_context, policy, &policyparams, &mask)))
-       goto cleanup;
+        goto cleanup;
 
 
     if ((retval = krb5_ldap_delete_policy(util_context, policy)))
-       goto cleanup;
+        goto cleanup;
 
     printf("** policy object '%s' deleted.\n", policy);
     goto cleanup;
@@ -399,18 +398,18 @@ cleanup:
     krb5_ldap_free_policy (util_context, policyparams);
 
     if (policy) {
-       free (policy);
+        free (policy);
     }
 
     if (print_usage) {
-       db_usage(DESTROY_POLICY);
+        db_usage(DESTROY_POLICY);
     }
 
     if (retval) {
-       if (!no_msg)
-           com_err(me, retval, "while destroying policy object");
+        if (!no_msg)
+            com_err(me, retval, "while destroying policy object");
 
-       exit_status++;
+        exit_status++;
     }
 
     return;
@@ -422,9 +421,7 @@ cleanup:
  * policy object.
  */
 void
-kdb5_ldap_modify_policy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_modify_policy(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -441,57 +438,57 @@ kdb5_ldap_modify_policy(argc, argv)
        since atleast one parameter should be given in
        addition to 'modify_policy' and policy DN */
     if ((argc < 3) || (argc > 16)) {
-       goto err_usage;
+        goto err_usage;
     }
 
     /* Parse all arguments, only to pick up policy DN (Pass 1) */
     for (i = 1; i < argc; i++) {
-       /* Skip arguments next to 'maxtktlife'
-          and 'maxrenewlife' arguments */
-       if (!strcmp(argv[i], "-maxtktlife")) {
-           ++i;
-       } else if (!strcmp(argv[i], "-maxrenewlife")) {
-           ++i;
-       }
-       /* Do nothing for ticket flag arguments */
-       else if (!strcmp((argv[i] + 1), "allow_postdated") ||
-                !strcmp((argv[i] + 1), "allow_forwardable") ||
-                !strcmp((argv[i] + 1), "allow_renewable") ||
-                !strcmp((argv[i] + 1), "allow_proxiable") ||
-                !strcmp((argv[i] + 1), "allow_dup_skey") ||
-                !strcmp((argv[i] + 1), "requires_preauth") ||
-                !strcmp((argv[i] + 1), "requires_hwauth") ||
-                !strcmp((argv[i] + 1), "allow_svr") ||
-                !strcmp((argv[i] + 1), "allow_tgs_req") ||
-                !strcmp((argv[i] + 1), "allow_tix") ||
-                !strcmp((argv[i] + 1), "needchange") ||
-                !strcmp((argv[i] + 1), "password_changing_service")) {
-       } else { /* Any other argument must be policy DN */
-           /* First check if policy DN is already provided --
-              if so, there's a usage error */
+        /* Skip arguments next to 'maxtktlife'
+           and 'maxrenewlife' arguments */
+        if (!strcmp(argv[i], "-maxtktlife")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-maxrenewlife")) {
+            ++i;
+        }
+        /* Do nothing for ticket flag arguments */
+        else if (!strcmp((argv[i] + 1), "allow_postdated") ||
+                 !strcmp((argv[i] + 1), "allow_forwardable") ||
+                 !strcmp((argv[i] + 1), "allow_renewable") ||
+                 !strcmp((argv[i] + 1), "allow_proxiable") ||
+                 !strcmp((argv[i] + 1), "allow_dup_skey") ||
+                 !strcmp((argv[i] + 1), "requires_preauth") ||
+                 !strcmp((argv[i] + 1), "requires_hwauth") ||
+                 !strcmp((argv[i] + 1), "allow_svr") ||
+                 !strcmp((argv[i] + 1), "allow_tgs_req") ||
+                 !strcmp((argv[i] + 1), "allow_tix") ||
+                 !strcmp((argv[i] + 1), "needchange") ||
+                 !strcmp((argv[i] + 1), "password_changing_service")) {
+        } else { /* Any other argument must be policy DN */
+            /* First check if policy DN is already provided --
+               if so, there's a usage error */
             if (policy != NULL)
-               goto err_usage;
+                goto err_usage;
 
-           /* If not present already, fill up policy DN */
+            /* If not present already, fill up policy DN */
             policy = strdup(argv[i]);
             if (policy == NULL) {
-               retval = ENOMEM;
-               com_err(me, retval, "while modifying policy object");
-               goto err_nomsg;
-           }
-       }
+                retval = ENOMEM;
+                com_err(me, retval, "while modifying policy object");
+                goto err_nomsg;
+            }
+        }
     }
 
     if (policy == NULL)
-       goto err_usage;
+        goto err_usage;
 
     if ((retval = init_ldap_realm (argc, argv)))
-       goto cleanup;
+        goto cleanup;
 
     retval = krb5_ldap_read_policy(util_context, policy, &policyparams, &in_mask);
     if (retval) {
         com_err(me, retval, "while reading information of policy '%s'", policy);
-       goto err_nomsg;
+        goto err_nomsg;
     }
 
     /* Get current time */
@@ -499,151 +496,151 @@ kdb5_ldap_modify_policy(argc, argv)
 
     /* Parse all arguments, but skip policy DN (Pass 2) */
     for (i = 1; i < argc; i++) {
-       if (!strcmp(argv[i], "-maxtktlife")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           date = get_date(argv[i]);
-           if (date == (time_t)(-1)) {
-               retval = EINVAL;
-               com_err (me, retval, "while providing time specification");
-               goto err_nomsg;
-           }
-
-           policyparams->maxtktlife = date - now;
-
-           out_mask |= LDAP_POLICY_MAXTKTLIFE;
-       } else if (!strcmp(argv[i], "-maxrenewlife")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           date = get_date(argv[i]);
-           if (date == (time_t)(-1)) {
-               retval = EINVAL;
-               com_err (me, retval, "while providing time specification");
-               goto err_nomsg;
-           }
-
-           policyparams->maxrenewlife = date - now;
-
-           out_mask |= LDAP_POLICY_MAXRENEWLIFE;
-       } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_svr")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "allow_tix")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "needchange")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
-           if (*(argv[i]) == '+')
-               policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
-           else if (*(argv[i]) == '-')
-               policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
-           else
-               goto err_usage;
-
-           out_mask |= LDAP_POLICY_TKTFLAGS;
-       } else {
-           /* Any other argument must be policy DN
-              -- skip it */
-       }
+        if (!strcmp(argv[i], "-maxtktlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err (me, retval, "while providing time specification");
+                goto err_nomsg;
+            }
+
+            policyparams->maxtktlife = date - now;
+
+            out_mask |= LDAP_POLICY_MAXTKTLIFE;
+        } else if (!strcmp(argv[i], "-maxrenewlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err (me, retval, "while providing time specification");
+                goto err_nomsg;
+            }
+
+            policyparams->maxrenewlife = date - now;
+
+            out_mask |= LDAP_POLICY_MAXRENEWLIFE;
+        } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "needchange")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else {
+            /* Any other argument must be policy DN
+               -- skip it */
+        }
     }
 
     /* Modify attributes of object */
     if ((retval = krb5_ldap_modify_policy(util_context, policyparams, out_mask)))
-       goto cleanup;
+        goto cleanup;
 
     goto cleanup;
 
@@ -661,13 +658,13 @@ cleanup:
         free (policy);
 
     if (print_usage)
-       db_usage(MODIFY_POLICY);
+        db_usage(MODIFY_POLICY);
 
     if (retval) {
-       if (!no_msg)
-           com_err(me, retval, "while modifying policy object");
+        if (!no_msg)
+            com_err(me, retval, "while modifying policy object");
 
-       exit_status++;
+        exit_status++;
     }
 
     return;
@@ -679,9 +676,7 @@ cleanup:
  * fetching the information from the LDAP Server.
  */
 void
-kdb5_ldap_view_policy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_view_policy(int argc, char *argv[])
 {
     char *me = progname;
     krb5_ldap_policy_params *policyparams = NULL;
@@ -691,23 +686,23 @@ kdb5_ldap_view_policy(argc, argv)
     int mask = 0;
 
     if (argc != 2) {
-       goto err_usage;
+        goto err_usage;
     }
 
     policy = strdup(argv[1]);
     if (policy == NULL) {
-       com_err(me, ENOMEM, "while viewing policy");
-       exit_status++;
-       goto cleanup;
+        com_err(me, ENOMEM, "while viewing policy");
+        exit_status++;
+        goto cleanup;
     }
 
     if ((retval = init_ldap_realm (argc, argv)))
         goto cleanup;
 
     if ((retval = krb5_ldap_read_policy(util_context, policy, &policyparams, &mask))) {
-       com_err(me, retval, "while viewing policy '%s'", policy);
-       exit_status++;
-       goto cleanup;
+        com_err(me, retval, "while viewing policy '%s'", policy);
+        exit_status++;
+        goto cleanup;
     }
 
     print_policy_params (policyparams, mask);
@@ -721,10 +716,10 @@ cleanup:
     krb5_ldap_free_policy (util_context, policyparams);
 
     if (policy)
-       free (policy);
+        free (policy);
 
     if (print_usage) {
-       db_usage(VIEW_POLICY);
+        db_usage(VIEW_POLICY);
     }
 
     return;
@@ -736,59 +731,57 @@ cleanup:
  * standard output.
  */
 static void
-print_policy_params(policyparams, mask)
-    krb5_ldap_policy_params *policyparams;
-    int mask;
+print_policy_params(krb5_ldap_policy_params *policyparams, int mask)
 {
     /* Print the policy DN */
     printf("%25s: %s\n", "Ticket policy", policyparams->policy);
 
     /* Print max. ticket life and max. renewable life, if present */
     if (mask & LDAP_POLICY_MAXTKTLIFE)
-       printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife));
+        printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife));
     if (mask & LDAP_POLICY_MAXRENEWLIFE)
-       printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife));
+        printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife));
 
     /* Service flags are printed */
     printf("%25s: ", "Ticket flags");
     if (mask & LDAP_POLICY_TKTFLAGS) {
-       int ticketflags = policyparams->tktflags;
+        int ticketflags = policyparams->tktflags;
 
-       if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
-           printf("%s ","DISALLOW_POSTDATED");
+        if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+            printf("%s ","DISALLOW_POSTDATED");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
-           printf("%s ","DISALLOW_FORWARDABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+            printf("%s ","DISALLOW_FORWARDABLE");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
-           printf("%s ","DISALLOW_RENEWABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+            printf("%s ","DISALLOW_RENEWABLE");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
-           printf("%s ","DISALLOW_PROXIABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+            printf("%s ","DISALLOW_PROXIABLE");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
-           printf("%s ","DISALLOW_DUP_SKEY");
+        if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+            printf("%s ","DISALLOW_DUP_SKEY");
 
-       if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
-           printf("%s ","REQUIRES_PRE_AUTH");
+        if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+            printf("%s ","REQUIRES_PRE_AUTH");
 
-       if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
-           printf("%s ","REQUIRES_HW_AUTH");
+        if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+            printf("%s ","REQUIRES_HW_AUTH");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_SVR)
-           printf("%s ","DISALLOW_SVR");
+        if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+            printf("%s ","DISALLOW_SVR");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
-           printf("%s ","DISALLOW_TGT_BASED");
+        if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+            printf("%s ","DISALLOW_TGT_BASED");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
-           printf("%s ","DISALLOW_ALL_TIX");
+        if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+            printf("%s ","DISALLOW_ALL_TIX");
 
-       if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
-           printf("%s ","REQUIRES_PWCHANGE");
+        if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+            printf("%s ","REQUIRES_PWCHANGE");
 
-       if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
-           printf("%s ","PWCHANGE_SERVICE");
+        if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+            printf("%s ","PWCHANGE_SERVICE");
     }
     printf("\n");
 
@@ -800,9 +793,8 @@ print_policy_params(policyparams, mask)
  * This function will list the DNs of policy objects under a specific
  * sub-tree (entire tree by default)
  */
-void kdb5_ldap_list_policies(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_list_policies(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -813,18 +805,18 @@ void kdb5_ldap_list_policies(argc, argv)
 
     /* Check for number of arguments */
     if ((argc != 1) && (argc != 3)) {
-       goto err_usage;
+        goto err_usage;
     }
 
     if ((retval = init_ldap_realm (argc, argv)))
-       goto cleanup;
+        goto cleanup;
 
     retval = krb5_ldap_list_policy(util_context, basedn, &list);
     if ((retval != 0) || (list == NULL))
-       goto cleanup;
+        goto cleanup;
 
     for (plist = list; *plist != NULL; plist++) {
-       printf("%s\n", *plist);
+        printf("%s\n", *plist);
     }
 
     goto cleanup;
@@ -834,20 +826,20 @@ err_usage:
 
 cleanup:
     if (list != NULL) {
-       krb5_free_list_entries (list);
-       free (list);
+        krb5_free_list_entries (list);
+        free (list);
     }
 
     if (basedn)
-       free (basedn);
+        free (basedn);
 
     if (print_usage) {
-       db_usage(LIST_POLICY);
+        db_usage(LIST_POLICY);
     }
 
     if (retval) {
-       com_err(me, retval, "while listing policy objects");
-       exit_status++;
+        com_err(me, retval, "while listing policy objects");
+        exit_status++;
     }
 
     return;
@@ -856,17 +848,17 @@ cleanup:
 
 /* Reproduced from kadmin.c, instead of linking
    the entire kadmin.o */
-static char *strdur(duration)
-    time_t duration;
+static char *
+strdur(time_t duration)
 {
     static char out[50];
     int neg, days, hours, minutes, seconds;
 
     if (duration < 0) {
-       duration *= -1;
-       neg = 1;
+        duration *= -1;
+        neg = 1;
     } else
-       neg = 0;
+        neg = 0;
     days = duration / (24 * 3600);
     duration %= 24 * 3600;
     hours = duration / 3600;
@@ -875,6 +867,6 @@ static char *strdur(duration)
     duration %= 60;
     seconds = duration;
     snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
-            days, days == 1 ? "day" : "days", hours, minutes, seconds);
+             days, days == 1 ? "day" : "days", hours, minutes, seconds);
     return out;
 }
index 105b0a06ba9ebc07295f2773ddf85d297d44d8d8..a176a9facfd442a33f48dabcb4c5aa6596718b77 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_policy.h
  */
index 017a5cddfa854b5b4d6c8dd35cffcdb58115edf3..d96ce0fb1ed2d142ed96c8976799db31158003ca 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_realm.c
  *
@@ -116,11 +117,11 @@ krb5_data db_creator_entries[] = {
 
 
 static krb5_principal_data db_create_princ = {
-    0,                                 /* magic number */
-    {0, 0, 0},                         /* krb5_data realm */
-    db_creator_entries,                        /* krb5_data *data */
-    1,                                 /* int length */
-    KRB5_NT_SRV_INST                   /* int type */
+    0,                                  /* magic number */
+    {0, 0, 0},                          /* krb5_data realm */
+    db_creator_entries,                 /* krb5_data *data */
+    1,                                  /* int length */
+    KRB5_NT_SRV_INST                    /* int type */
 };
 
 extern char *mkey_password;
@@ -129,7 +130,7 @@ extern kadm5_config_params global_params;
 
 static void print_realm_params(krb5_ldap_realm_params *rparams, int mask);
 static int kdb_ldap_create_principal (krb5_context context, krb5_principal
-                                     princ, enum ap_op op, struct realm_info *pblock);
+                                      princ, enum ap_op op, struct realm_info *pblock);
 
 
 static char *strdur(time_t duration);
@@ -141,18 +142,16 @@ static krb5_error_code krb5_dbe_update_tl_data_new ( krb5_context context, krb5_
 #define CHANGEPW_LIFETIME 60*5 /* 5 minutes */
 
 #ifdef HAVE_EDIRECTORY
-#define FREE_DN_LIST(dnlist)    if (dnlist != NULL) { \
-                                   for (idx=0; dnlist[idx] != NULL; idx++) \
-                                        free(dnlist[idx]); \
-                                   free(dnlist); \
-                                }
+#define FREE_DN_LIST(dnlist)    if (dnlist != NULL) {   \
+        for (idx=0; dnlist[idx] != NULL; idx++)         \
+            free(dnlist[idx]);                          \
+        free(dnlist);                                   \
+    }
 #endif
 
-static int get_ticket_policy(rparams,i,argv,argc)
-    krb5_ldap_realm_params *rparams;
-    int *i;
-    char *argv[];
-    int argc;
+static int
+get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+                  int argc)
 {
     time_t date;
     time_t now;
@@ -165,142 +164,142 @@ static int get_ticket_policy(rparams,i,argv,argc)
 
     time(&now);
     if (!strcmp(argv[*i], "-maxtktlife")) {
-       if (++(*i) > argc-1)
-           goto err_usage;
-       date = get_date(argv[*i]);
-       if (date == (time_t)(-1)) {
-           retval = EINVAL;
-           com_err (me, retval, "while providing time specification");
-           goto err_nomsg;
-       }
-       rparams->max_life = date-now;
-       mask |= LDAP_REALM_MAXTICKETLIFE;
+        if (++(*i) > argc-1)
+            goto err_usage;
+        date = get_date(argv[*i]);
+        if (date == (time_t)(-1)) {
+            retval = EINVAL;
+            com_err (me, retval, "while providing time specification");
+            goto err_nomsg;
+        }
+        rparams->max_life = date-now;
+        mask |= LDAP_REALM_MAXTICKETLIFE;
     }
 
 
     else if (!strcmp(argv[*i], "-maxrenewlife")) {
-       if (++(*i) > argc-1)
-           goto err_usage;
-
-       date = get_date(argv[*i]);
-       if (date == (time_t)(-1)) {
-           retval = EINVAL;
-           com_err (me, retval, "while providing time specification");
-           goto err_nomsg;
-       }
-       rparams->max_renewable_life = date-now;
-       mask |= LDAP_REALM_MAXRENEWLIFE;
+        if (++(*i) > argc-1)
+            goto err_usage;
+
+        date = get_date(argv[*i]);
+        if (date == (time_t)(-1)) {
+            retval = EINVAL;
+            com_err (me, retval, "while providing time specification");
+            goto err_nomsg;
+        }
+        rparams->max_renewable_life = date-now;
+        mask |= LDAP_REALM_MAXRENEWLIFE;
     } else if (!strcmp((argv[*i] + 1), "allow_postdated")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
-       else
-           goto err_usage;
-
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
 
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
-       else
-           goto err_usage;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+        else
+            goto err_usage;
 
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
-       else
-           goto err_usage;
-
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
-       else
-           goto err_usage;
-
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
-       else
-           goto err_usage;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+        else
+            goto err_usage;
 
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     }
 
     else if (!strcmp((argv[*i] + 1), "requires_preauth")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
-       else
-           goto err_usage;
-
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
-       else
-           goto err_usage;
-
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_svr")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
-       else
-           goto err_usage;
-
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
-       else
-           goto err_usage;
-
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_tix")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
-       else
-           goto err_usage;
-
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "needchange")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
-       else
-           goto err_usage;
-
-       mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
-       if (*(argv[*i]) == '+')
-           rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
-       else if (*(argv[*i]) == '-')
-           rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
-       else
-           goto err_usage;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+        else
+            goto err_usage;
 
-       mask |=LDAP_REALM_KRBTICKETFLAGS;
+        mask |=LDAP_REALM_KRBTICKETFLAGS;
     }
 err_usage:
     print_usage = TRUE;
@@ -315,9 +314,8 @@ err_nomsg:
  * This function will create a realm on the LDAP Server, with
  * the specified attributes.
  */
-void kdb5_ldap_create(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_create(int argc, char *argv[])
 {
     krb5_error_code retval = 0;
     krb5_keyblock master_keyblock;
@@ -342,140 +340,140 @@ void kdb5_ldap_create(argc, argv)
     memset(&master_keyblock, 0, sizeof(master_keyblock));
 
     rparams = (krb5_ldap_realm_params *)malloc(
-       sizeof(krb5_ldap_realm_params));
+        sizeof(krb5_ldap_realm_params));
     if (rparams == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memset(rparams, 0, sizeof(krb5_ldap_realm_params));
 
     /* Parse the arguments */
     for (i = 1; i < argc; i++) {
-       if (!strcmp(argv[i], "-subtrees")) {
-           if (++i > argc-1)
-               goto err_usage;
-
-           if (strncmp(argv[i], "", strlen(argv[i]))!=0) {
-               list = (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
-               if (list == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                   free(list);
-                   list = NULL;
-                   goto cleanup;
-               }
-
-               rparams->subtreecount=0;
-               while (list[rparams->subtreecount]!=NULL)
-                   (rparams->subtreecount)++;
-               rparams->subtree = list;
-           } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
-               /* dont allow subtree value to be set at the root(NULL, "") of the tree */
-               com_err(progname, EINVAL,
-                       "for subtree while creating realm '%s'",
-                       global_params.realm);
-               goto err_nomsg;
-           }
-           rparams->subtree[rparams->subtreecount] = NULL;
-           mask |= LDAP_REALM_SUBTREE;
-       } else if (!strcmp(argv[i], "-containerref")) {
-           if (++i > argc-1)
-               goto err_usage;
-           if (strncmp(argv[i], "", strlen(argv[i]))==0) {
-               /* dont allow containerref value to be set at the root(NULL, "") of the tree */
-               com_err(progname, EINVAL,
-                       "for container reference while creating realm '%s'",
-                       global_params.realm);
-               goto err_nomsg;
-           }
-           rparams->containerref = strdup(argv[i]);
-           if (rparams->containerref == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-           mask |= LDAP_REALM_CONTREF;
-       } else if (!strcmp(argv[i], "-sscope")) {
-           if (++i > argc-1)
-               goto err_usage;
-           /* Possible values for search scope are
-            * one (or 1) and sub (or 2)
-            */
-           if (!strcasecmp(argv[i], "one")) {
-               rparams->search_scope = 1;
-           } else if (!strcasecmp(argv[i], "sub")) {
-               rparams->search_scope = 2;
-           } else {
-               rparams->search_scope = atoi(argv[i]);
-               if ((rparams->search_scope != 1) &&
-                   (rparams->search_scope != 2)) {
-                   com_err(progname, EINVAL,
-                           "invalid search scope while creating realm '%s'",
-                           global_params.realm);
-                   goto err_nomsg;
-               }
-           }
-           mask |= LDAP_REALM_SEARCHSCOPE;
-       }
+        if (!strcmp(argv[i], "-subtrees")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if (strncmp(argv[i], "", strlen(argv[i]))!=0) {
+                list = (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    free(list);
+                    list = NULL;
+                    goto cleanup;
+                }
+
+                rparams->subtreecount=0;
+                while (list[rparams->subtreecount]!=NULL)
+                    (rparams->subtreecount)++;
+                rparams->subtree = list;
+            } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow subtree value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        "for subtree while creating realm '%s'",
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            rparams->subtree[rparams->subtreecount] = NULL;
+            mask |= LDAP_REALM_SUBTREE;
+        } else if (!strcmp(argv[i], "-containerref")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow containerref value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        "for container reference while creating realm '%s'",
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            rparams->containerref = strdup(argv[i]);
+            if (rparams->containerref == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_CONTREF;
+        } else if (!strcmp(argv[i], "-sscope")) {
+            if (++i > argc-1)
+                goto err_usage;
+            /* Possible values for search scope are
+             * one (or 1) and sub (or 2)
+             */
+            if (!strcasecmp(argv[i], "one")) {
+                rparams->search_scope = 1;
+            } else if (!strcasecmp(argv[i], "sub")) {
+                rparams->search_scope = 2;
+            } else {
+                rparams->search_scope = atoi(argv[i]);
+                if ((rparams->search_scope != 1) &&
+                    (rparams->search_scope != 2)) {
+                    com_err(progname, EINVAL,
+                            "invalid search scope while creating realm '%s'",
+                            global_params.realm);
+                    goto err_nomsg;
+                }
+            }
+            mask |= LDAP_REALM_SEARCHSCOPE;
+        }
 #ifdef HAVE_EDIRECTORY
-       else if (!strcmp(argv[i], "-kdcdn")) {
-           if (++i > argc-1)
-               goto err_usage;
-           rparams->kdcservers = (char **)malloc(
-               sizeof(char *) * MAX_LIST_ENTRIES);
-           if (rparams->kdcservers == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-           memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         rparams->kdcservers))) {
-               goto cleanup;
-           }
-           mask |= LDAP_REALM_KDCSERVERS;
-       } else if (!strcmp(argv[i], "-admindn")) {
-           if (++i > argc-1)
-               goto err_usage;
-           rparams->adminservers = (char **)malloc(
-               sizeof(char *) * MAX_LIST_ENTRIES);
-           if (rparams->adminservers == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-           memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         rparams->adminservers))) {
-               goto cleanup;
-           }
-           mask |= LDAP_REALM_ADMINSERVERS;
-       } else if (!strcmp(argv[i], "-pwddn")) {
-           if (++i > argc-1)
-               goto err_usage;
-           rparams->passwdservers = (char **)malloc(
-               sizeof(char *) * MAX_LIST_ENTRIES);
-           if (rparams->passwdservers == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-           memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         rparams->passwdservers))) {
-               goto cleanup;
-           }
-           mask |= LDAP_REALM_PASSWDSERVERS;
-       }
+        else if (!strcmp(argv[i], "-kdcdn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            rparams->kdcservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->kdcservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->kdcservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_KDCSERVERS;
+        } else if (!strcmp(argv[i], "-admindn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            rparams->adminservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->adminservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->adminservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_ADMINSERVERS;
+        } else if (!strcmp(argv[i], "-pwddn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            rparams->passwdservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->passwdservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->passwdservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_PASSWDSERVERS;
+        }
 #endif
-       else if (!strcmp(argv[i], "-s")) {
-           do_stash = 1;
-       } else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
-           mask|=ret_mask;
-       }
+        else if (!strcmp(argv[i], "-s")) {
+            do_stash = 1;
+        } else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+            mask|=ret_mask;
+        }
 
-       else {
-           printf("'%s' is an invalid option\n", argv[i]);
-           goto err_usage;
-       }
+        else {
+            printf("'%s' is an invalid option\n", argv[i]);
+            goto err_usage;
+        }
     }
 
     /* If the default enctype/salttype is not provided, use the
@@ -496,21 +494,21 @@ void kdb5_ldap_create(argc, argv)
     printf("Initializing database for realm '%s'\n", global_params.realm);
 
     if (!mkey_password) {
-       unsigned int pw_size;
-       printf("You will be prompted for the database Master Password.\n");
-       printf("It is important that you NOT FORGET this password.\n");
-       fflush(stdout);
-
-       pw_size = sizeof (pw_str);
-       memset(pw_str, 0, pw_size);
-
-       retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
-                                   pw_str, &pw_size);
-       if (retval) {
-           com_err(progname, retval, "while reading master key from keyboard");
-           goto err_nomsg;
-       }
-       mkey_password = pw_str;
+        unsigned int pw_size;
+        printf("You will be prompted for the database Master Password.\n");
+        printf("It is important that you NOT FORGET this password.\n");
+        fflush(stdout);
+
+        pw_size = sizeof (pw_str);
+        memset(pw_str, 0, pw_size);
+
+        retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
+                                    pw_str, &pw_size);
+        if (retval) {
+            com_err(progname, retval, "while reading master key from keyboard");
+            goto err_nomsg;
+        }
+        mkey_password = pw_str;
     }
 
     rparams->mkey.enctype = global_params.enctype;
@@ -518,335 +516,335 @@ void kdb5_ldap_create(argc, argv)
     rparams->mkey.length = strlen(mkey_password) + 1;
     rparams->mkey.contents = (krb5_octet *)strdup(mkey_password);
     if (rparams->mkey.contents == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     rparams->realm_name = strdup(global_params.realm);
     if (rparams->realm_name == NULL) {
-       retval = ENOMEM;
-       com_err(progname, ENOMEM, "while creating realm '%s'",
-               global_params.realm);
-       goto err_nomsg;
+        retval = ENOMEM;
+        com_err(progname, ENOMEM, "while creating realm '%s'",
+                global_params.realm);
+        goto err_nomsg;
     }
 
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!ldap_context) {
-       retval = EINVAL;
-       goto cleanup;
+        retval = EINVAL;
+        goto cleanup;
     }
 
     /* read the kerberos container */
     if ((retval=krb5_ldap_read_krbcontainer_params (util_context,
-                                                   &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
-       /* Prompt the user for entering the DN of Kerberos container */
-       char krb_location[MAX_KRB_CONTAINER_LEN];
-       krb5_ldap_krbcontainer_params kparams;
-       int krb_location_len = 0;
-       memset(&kparams, 0, sizeof(kparams));
-
-       /* Read the kerberos container location from configuration file */
-       if (ldap_context->conf_section) {
-           if ((retval=profile_get_string(util_context->profile,
-                                          KDB_MODULE_SECTION, ldap_context->conf_section,
-                                          "ldap_kerberos_container_dn", NULL,
-                                          &kparams.DN)) != 0) {
-               goto cleanup;
-           }
-       }
-       if (kparams.DN == NULL) {
-           if ((retval=profile_get_string(util_context->profile,
-                                          KDB_MODULE_DEF_SECTION,
-                                          "ldap_kerberos_container_dn", NULL,
-                                          NULL, &kparams.DN)) != 0) {
-               goto cleanup;
-           }
-       }
-
-       printf("\nKerberos container is missing. Creating now...\n");
-       if (kparams.DN == NULL) {
+                                                    &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
+        /* Prompt the user for entering the DN of Kerberos container */
+        char krb_location[MAX_KRB_CONTAINER_LEN];
+        krb5_ldap_krbcontainer_params kparams;
+        int krb_location_len = 0;
+        memset(&kparams, 0, sizeof(kparams));
+
+        /* Read the kerberos container location from configuration file */
+        if (ldap_context->conf_section) {
+            if ((retval=profile_get_string(util_context->profile,
+                                           KDB_MODULE_SECTION, ldap_context->conf_section,
+                                           "ldap_kerberos_container_dn", NULL,
+                                           &kparams.DN)) != 0) {
+                goto cleanup;
+            }
+        }
+        if (kparams.DN == NULL) {
+            if ((retval=profile_get_string(util_context->profile,
+                                           KDB_MODULE_DEF_SECTION,
+                                           "ldap_kerberos_container_dn", NULL,
+                                           NULL, &kparams.DN)) != 0) {
+                goto cleanup;
+            }
+        }
+
+        printf("\nKerberos container is missing. Creating now...\n");
+        if (kparams.DN == NULL) {
 #ifdef HAVE_EDIRECTORY
-           printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: ");
+            printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: ");
 #else
-           printf("Enter DN of Kerberos container: ");
+            printf("Enter DN of Kerberos container: ");
 #endif
-           if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
-               /* Remove the newline character at the end */
-               krb_location_len = strlen(krb_location);
-               if ((krb_location[krb_location_len - 1] == '\n') ||
-                   (krb_location[krb_location_len - 1] == '\r')) {
-                   krb_location[krb_location_len - 1] = '\0';
-                   krb_location_len--;
-               }
-               /* If the user has not given any input, take the default location */
-               else if (krb_location[0] == '\0')
-                   kparams.DN = NULL;
-               else
-                   kparams.DN = krb_location;
-           } else
-               kparams.DN = NULL;
-       }
-
-       /* create the kerberos container */
-       retval = krb5_ldap_create_krbcontainer(util_context,
-                                              ((kparams.DN != NULL) ? &kparams : NULL));
-       if (retval)
-           goto cleanup;
-
-       retval = krb5_ldap_read_krbcontainer_params(util_context,
-                                                   &(ldap_context->krbcontainer));
-       if (retval) {
-           com_err(progname, retval, "while reading kerberos container information");
-           goto cleanup;
-       }
+            if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
+                /* Remove the newline character at the end */
+                krb_location_len = strlen(krb_location);
+                if ((krb_location[krb_location_len - 1] == '\n') ||
+                    (krb_location[krb_location_len - 1] == '\r')) {
+                    krb_location[krb_location_len - 1] = '\0';
+                    krb_location_len--;
+                }
+                /* If the user has not given any input, take the default location */
+                else if (krb_location[0] == '\0')
+                    kparams.DN = NULL;
+                else
+                    kparams.DN = krb_location;
+            } else
+                kparams.DN = NULL;
+        }
+
+        /* create the kerberos container */
+        retval = krb5_ldap_create_krbcontainer(util_context,
+                                               ((kparams.DN != NULL) ? &kparams : NULL));
+        if (retval)
+            goto cleanup;
+
+        retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                    &(ldap_context->krbcontainer));
+        if (retval) {
+            com_err(progname, retval, "while reading kerberos container information");
+            goto cleanup;
+        }
     } else if (retval) {
-       com_err(progname, retval, "while reading kerberos container information");
-       goto cleanup;
+        com_err(progname, retval, "while reading kerberos container information");
+        goto cleanup;
     }
 
     if ((retval = krb5_ldap_create_realm(util_context,
-                                        /* global_params.realm, */ rparams, mask))) {
-       goto cleanup;
+                                         /* global_params.realm, */ rparams, mask))) {
+        goto cleanup;
     }
 
     /* We just created the Realm container. Here starts our transaction tracking */
     realm_obj_created = TRUE;
 
     if ((retval = krb5_ldap_read_realm_params(util_context,
-                                             global_params.realm,
-                                             &(ldap_context->lrparams),
-                                             &mask))) {
-       com_err(progname, retval, "while reading information of realm '%s'",
-               global_params.realm);
-       goto err_nomsg;
+                                              global_params.realm,
+                                              &(ldap_context->lrparams),
+                                              &mask))) {
+        com_err(progname, retval, "while reading information of realm '%s'",
+                global_params.realm);
+        goto err_nomsg;
     }
     ldap_context->lrparams->realm_name = strdup(global_params.realm);
     if (ldap_context->lrparams->realm_name == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     /* assemble & parse the master key name */
     if ((retval = krb5_db_setup_mkey_name(util_context,
-                                         global_params.mkey_name,
-                                         global_params.realm,
-                                         0, &master_princ))) {
-       com_err(progname, retval, "while setting up master key name");
-       goto err_nomsg;
+                                          global_params.mkey_name,
+                                          global_params.realm,
+                                          0, &master_princ))) {
+        com_err(progname, retval, "while setting up master key name");
+        goto err_nomsg;
     }
 
     /* Obtain master key from master password */
     {
-       krb5_data master_salt, pwd;
-
-       pwd.data = mkey_password;
-       pwd.length = strlen(mkey_password);
-       retval = krb5_principal2salt(util_context, master_princ, &master_salt);
-       if (retval) {
-           com_err(progname, retval, "while calculating master key salt");
-           goto err_nomsg;
-       }
+        krb5_data master_salt, pwd;
+
+        pwd.data = mkey_password;
+        pwd.length = strlen(mkey_password);
+        retval = krb5_principal2salt(util_context, master_princ, &master_salt);
+        if (retval) {
+            com_err(progname, retval, "while calculating master key salt");
+            goto err_nomsg;
+        }
 
-       retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
-                                     &pwd, &master_salt, &master_keyblock);
+        retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
+                                      &pwd, &master_salt, &master_keyblock);
 
-       if (master_salt.data)
-           free(master_salt.data);
+        if (master_salt.data)
+            free(master_salt.data);
 
-       if (retval) {
-           com_err(progname, retval, "while transforming master key from password");
-           goto err_nomsg;
-       }
+        if (retval) {
+            com_err(progname, retval, "while transforming master key from password");
+            goto err_nomsg;
+        }
 
     }
 
     rblock.key = &master_keyblock;
     ldap_context->lrparams->mkey = master_keyblock;
     ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc
-       (master_keyblock.length);
+        (master_keyblock.length);
     if (ldap_context->lrparams->mkey.contents == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents,
-           master_keyblock.length);
+            master_keyblock.length);
 
     /* Create special principals inside the realm subtree */
     {
-       char princ_name[MAX_PRINC_SIZE];
-       krb5_principal_data tgt_princ = {
-           0,                                  /* magic number */
-           {0, 0, 0},                          /* krb5_data realm */
-           tgt_princ_entries,                  /* krb5_data *data */
-           2,                                  /* int length */
-           KRB5_NT_SRV_INST                    /* int type */
-       };
-       krb5_principal p, temp_p=NULL;
-
-       krb5_princ_set_realm_data(util_context, &tgt_princ, global_params.realm);
-       krb5_princ_set_realm_length(util_context, &tgt_princ, strlen(global_params.realm));
-       krb5_princ_component(util_context, &tgt_princ,1)->data = global_params.realm;
-       krb5_princ_component(util_context, &tgt_princ,1)->length = strlen(global_params.realm);
-       /* The container reference value is set to NULL, to avoid service principals
-        * getting created within the container reference at realm creation */
-       if (ldap_context->lrparams->containerref != NULL) {
-           oldcontainerref = ldap_context->lrparams->containerref;
-           ldap_context->lrparams->containerref = NULL;
-       }
-
-       /* Create 'K/M' ... */
-       rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
-       if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) {
-           com_err(progname, retval, "while adding entries to the database");
-           goto err_nomsg;
-       }
-
-       /* Create 'krbtgt' ... */
-       rblock.flags = 0; /* reset the flags */
-       if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
-           com_err(progname, retval, "while adding entries to the database");
-           goto err_nomsg;
-       }
-
-       /* Create 'kadmin/admin' ... */
-       snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_ADMIN_SERVICE, global_params.realm);
-       if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
-           com_err(progname, retval, "while adding entries to the database");
-           goto err_nomsg;
-       }
-       rblock.max_life = ADMIN_LIFETIME;
-       rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
-       if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
-           krb5_free_principal(util_context, p);
-           com_err(progname, retval, "while adding entries to the database");
-           goto err_nomsg;
-       }
-       krb5_free_principal(util_context, p);
-
-       /* Create 'kadmin/changepw' ... */
-       snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm);
-       if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
-           com_err(progname, retval, "while adding entries to the database");
-           goto err_nomsg;
-       }
-       rblock.max_life = CHANGEPW_LIFETIME;
-       rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED |
-           KRB5_KDB_PWCHANGE_SERVICE;
-       if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
-           krb5_free_principal(util_context, p);
-           com_err(progname, retval, "while adding entries to the database");
-           goto err_nomsg;
-       }
-       krb5_free_principal(util_context, p);
-
-       /* Create 'kadmin/history' ... */
-       snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);
-       if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
-           com_err(progname, retval, "while adding entries to the database");
-           goto err_nomsg;
-       }
-       rblock.max_life = global_params.max_life;
-       rblock.flags = 0;
-       if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
-           krb5_free_principal(util_context, p);
-           com_err(progname, retval, "while adding entries to the database");
-           goto err_nomsg;
-       }
-       krb5_free_principal(util_context, p);
-
-       /* Create 'kadmin/<hostname>' ... */
-       if ((retval=krb5_sname_to_principal(util_context, NULL, "kadmin", KRB5_NT_SRV_HST, &p))) {
-           com_err(progname, retval, "krb5_sname_to_principal, while adding entries to the database");
-           goto err_nomsg;
-       }
-
-       if ((retval=krb5_copy_principal(util_context, p, &temp_p))) {
-           com_err(progname, retval, "krb5_copy_principal, while adding entries to the database");
-           goto err_nomsg;
-       }
-
-       /* change the realm portion to the default realm */
-       free(temp_p->realm.data);
-       temp_p->realm.length = strlen(util_context->default_realm);
-       temp_p->realm.data = strdup(util_context->default_realm);
-       if (temp_p->realm.data == NULL) {
-           com_err(progname, ENOMEM, "while adding entries to the database");
-           goto err_nomsg;
-       }
-
-       rblock.max_life = ADMIN_LIFETIME;
-       rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
-       if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) {
-           krb5_free_principal(util_context, p);
-           com_err(progname, retval, "while adding entries to the database");
-           goto err_nomsg;
-       }
-       krb5_free_principal(util_context, temp_p);
-       krb5_free_principal(util_context, p);
-
-       if (oldcontainerref != NULL) {
-           ldap_context->lrparams->containerref = oldcontainerref;
-           oldcontainerref=NULL;
-       }
+        char princ_name[MAX_PRINC_SIZE];
+        krb5_principal_data tgt_princ = {
+            0,                                  /* magic number */
+            {0, 0, 0},                          /* krb5_data realm */
+            tgt_princ_entries,                  /* krb5_data *data */
+            2,                                  /* int length */
+            KRB5_NT_SRV_INST                    /* int type */
+        };
+        krb5_principal p, temp_p=NULL;
+
+        krb5_princ_set_realm_data(util_context, &tgt_princ, global_params.realm);
+        krb5_princ_set_realm_length(util_context, &tgt_princ, strlen(global_params.realm));
+        krb5_princ_component(util_context, &tgt_princ,1)->data = global_params.realm;
+        krb5_princ_component(util_context, &tgt_princ,1)->length = strlen(global_params.realm);
+        /* The container reference value is set to NULL, to avoid service principals
+         * getting created within the container reference at realm creation */
+        if (ldap_context->lrparams->containerref != NULL) {
+            oldcontainerref = ldap_context->lrparams->containerref;
+            ldap_context->lrparams->containerref = NULL;
+        }
+
+        /* Create 'K/M' ... */
+        rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
+        if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        /* Create 'krbtgt' ... */
+        rblock.flags = 0; /* reset the flags */
+        if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        /* Create 'kadmin/admin' ... */
+        snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_ADMIN_SERVICE, global_params.realm);
+        if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        rblock.max_life = ADMIN_LIFETIME;
+        rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+            krb5_free_principal(util_context, p);
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        krb5_free_principal(util_context, p);
+
+        /* Create 'kadmin/changepw' ... */
+        snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm);
+        if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        rblock.max_life = CHANGEPW_LIFETIME;
+        rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED |
+            KRB5_KDB_PWCHANGE_SERVICE;
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+            krb5_free_principal(util_context, p);
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        krb5_free_principal(util_context, p);
+
+        /* Create 'kadmin/history' ... */
+        snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);
+        if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        rblock.max_life = global_params.max_life;
+        rblock.flags = 0;
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+            krb5_free_principal(util_context, p);
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        krb5_free_principal(util_context, p);
+
+        /* Create 'kadmin/<hostname>' ... */
+        if ((retval=krb5_sname_to_principal(util_context, NULL, "kadmin", KRB5_NT_SRV_HST, &p))) {
+            com_err(progname, retval, "krb5_sname_to_principal, while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        if ((retval=krb5_copy_principal(util_context, p, &temp_p))) {
+            com_err(progname, retval, "krb5_copy_principal, while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        /* change the realm portion to the default realm */
+        free(temp_p->realm.data);
+        temp_p->realm.length = strlen(util_context->default_realm);
+        temp_p->realm.data = strdup(util_context->default_realm);
+        if (temp_p->realm.data == NULL) {
+            com_err(progname, ENOMEM, "while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        rblock.max_life = ADMIN_LIFETIME;
+        rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
+        if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) {
+            krb5_free_principal(util_context, p);
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        krb5_free_principal(util_context, temp_p);
+        krb5_free_principal(util_context, p);
+
+        if (oldcontainerref != NULL) {
+            ldap_context->lrparams->containerref = oldcontainerref;
+            oldcontainerref=NULL;
+        }
     }
 
 #ifdef HAVE_EDIRECTORY
     if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
-       (mask & LDAP_REALM_PASSWDSERVERS)) {
-
-       printf("Changing rights for the service object. Please wait ... ");
-       fflush(stdout);
-
-       rightsmask =0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
-           for (i=0; (rparams->kdcservers[i] != NULL); i++) {
-               if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                        LDAP_KDC_SERVICE, rparams->kdcservers[i],
-                                                        rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                   printf("failed\n");
-                   com_err(progname, retval, "while assigning rights to '%s'",
-                           rparams->realm_name);
-                   goto err_nomsg;
-               }
-           }
-       }
-
-       rightsmask = 0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ((rparams != NULL) && (rparams->adminservers != NULL)) {
-           for (i=0; (rparams->adminservers[i] != NULL); i++) {
-               if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                        LDAP_ADMIN_SERVICE, rparams->adminservers[i],
-                                                        rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                   printf("failed\n");
-                   com_err(progname, retval, "while assigning rights to '%s'",
-                           rparams->realm_name);
-                   goto err_nomsg;
-               }
-           }
-       }
-
-       rightsmask = 0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
-           for (i=0; (rparams->passwdservers[i] != NULL); i++) {
-               if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                        LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
-                                                        rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                   printf("failed\n");
-                   com_err(progname, retval, "while assigning rights to '%s'",
-                           rparams->realm_name);
-                   goto err_nomsg;
-               }
-           }
-       }
-
-       printf("done\n");
+        (mask & LDAP_REALM_PASSWDSERVERS)) {
+
+        printf("Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
+
+        rightsmask =0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+            for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+                if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                         LDAP_KDC_SERVICE, rparams->kdcservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    goto err_nomsg;
+                }
+            }
+        }
+
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+            for (i=0; (rparams->adminservers[i] != NULL); i++) {
+                if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                         LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    goto err_nomsg;
+                }
+            }
+        }
+
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+            for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+                if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                         LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    goto err_nomsg;
+                }
+            }
+        }
+
+        printf("done\n");
     }
 #endif
     /* The Realm creation is completed. Here is the end of transaction */
@@ -864,15 +862,15 @@ void kdb5_ldap_create(argc, argv)
         else
             mkey_kvno = 1;  /* Default */
 
-       retval = krb5_def_store_mkey(util_context,
-                                    global_params.stash_file,
-                                    master_princ,
+        retval = krb5_def_store_mkey(util_context,
+                                     global_params.stash_file,
+                                     master_princ,
                                      mkey_kvno,
-                                    &master_keyblock, NULL);
-       if (retval) {
-           com_err(progname, errno, "while storing key");
-           printf("Warning: couldn't stash master key.\n");
-       }
+                                     &master_keyblock, NULL);
+        if (retval) {
+            com_err(progname, errno, "while storing key");
+            printf("Warning: couldn't stash master key.\n");
+        }
     }
 
     goto cleanup;
@@ -887,22 +885,22 @@ err_nomsg:
 cleanup:
     /* If the Realm creation is not complete, do the roll-back here */
     if ((realm_obj_created) && (!create_complete))
-       krb5_ldap_delete_realm(util_context, global_params.realm);
+        krb5_ldap_delete_realm(util_context, global_params.realm);
 
     if (rparams)
-       krb5_ldap_free_realm_params(rparams);
+        krb5_ldap_free_realm_params(rparams);
 
     memset (pw_str, 0, sizeof (pw_str));
 
     if (print_usage)
-       db_usage(CREATE_REALM);
+        db_usage(CREATE_REALM);
 
     if (retval) {
-       if (!no_msg) {
-           com_err(progname, retval, "while creating realm '%s'",
-                   global_params.realm);
-       }
-       exit_status++;
+        if (!no_msg) {
+            com_err(progname, retval, "while creating realm '%s'",
+                    global_params.realm);
+        }
+        exit_status++;
     }
 
     return;
@@ -912,9 +910,8 @@ cleanup:
 /*
  * This function will modify the attributes of a given realm object
  */
-void kdb5_ldap_modify(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_modify(int argc, char *argv[])
 {
     krb5_error_code retval = 0;
     krb5_ldap_realm_params *rparams = NULL;
@@ -947,514 +944,514 @@ void kdb5_ldap_modify(argc, argv)
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-       retval = EINVAL;
-       goto cleanup;
+        retval = EINVAL;
+        goto cleanup;
     }
 
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-                                                    &(ldap_context->krbcontainer)))) {
-       com_err(progname, retval, "while reading Kerberos container information");
-       goto err_nomsg;
+                                                     &(ldap_context->krbcontainer)))) {
+        com_err(progname, retval, "while reading Kerberos container information");
+        goto err_nomsg;
     }
 
     retval = krb5_ldap_read_realm_params(util_context,
-                                        global_params.realm, &rparams, &rmask);
+                                         global_params.realm, &rparams, &rmask);
     if (retval)
-       goto cleanup;
+        goto cleanup;
     /* Parse the arguments */
     for (i = 1; i < argc; i++) {
-       int k = 0;
-       if (!strcmp(argv[i], "-subtrees")) {
-           if (++i > argc-1)
-               goto err_usage;
+        int k = 0;
+        if (!strcmp(argv[i], "-subtrees")) {
+            if (++i > argc-1)
+                goto err_usage;
 
-           if (rmask & LDAP_REALM_SUBTREE) {
-               if (rparams->subtree) {
+            if (rmask & LDAP_REALM_SUBTREE) {
+                if (rparams->subtree) {
 #ifdef HAVE_EDIRECTORY
-                   oldsubtrees =  (char **) calloc(rparams->subtreecount+1, sizeof(char *));
-                   if (oldsubtrees == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-                   for (k=0; rparams->subtree[k]!=NULL && rparams->subtreecount; k++) {
-                       oldsubtrees[k] = strdup(rparams->subtree[k]);
-                       if (oldsubtrees[k] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
+                    oldsubtrees =  (char **) calloc(rparams->subtreecount+1, sizeof(char *));
+                    if (oldsubtrees == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    for (k=0; rparams->subtree[k]!=NULL && rparams->subtreecount; k++) {
+                        oldsubtrees[k] = strdup(rparams->subtree[k]);
+                        if (oldsubtrees[k] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
 #endif
-                   for (k=0; k<rparams->subtreecount && rparams->subtree[k]; k++)
-                       free(rparams->subtree[k]);
-                   rparams->subtreecount=0;
-               }
-           }
-           if (strncmp(argv[i] ,"", strlen(argv[i]))!=0) {
-               slist =  (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
-               if (slist == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, slist))) {
-                   free(slist);
-                   slist = NULL;
-                   goto cleanup;
-               }
-
-               rparams->subtreecount=0;
-               while (slist[rparams->subtreecount]!=NULL)
-                   (rparams->subtreecount)++;
-               rparams->subtree =  slist;
-           } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
-               /* dont allow subtree value to be set at the root(NULL, "") of the tree */
-               com_err(progname, EINVAL,
-                       "for subtree while modifying realm '%s'",
-                       global_params.realm);
-               goto err_nomsg;
-           }
-           rparams->subtree[rparams->subtreecount] = NULL;
-           mask |= LDAP_REALM_SUBTREE;
-       } else if (!strncmp(argv[i], "-containerref", strlen(argv[i]))) {
-           if (++i > argc-1)
-               goto err_usage;
-           if (strncmp(argv[i], "", strlen(argv[i]))==0) {
-               /* dont allow containerref value to be set at the root(NULL, "") of the tree */
-               com_err(progname, EINVAL,
-                       "for container reference while modifying realm '%s'",
-                       global_params.realm);
-               goto err_nomsg;
-           }
+                    for (k=0; k<rparams->subtreecount && rparams->subtree[k]; k++)
+                        free(rparams->subtree[k]);
+                    rparams->subtreecount=0;
+                }
+            }
+            if (strncmp(argv[i] ,"", strlen(argv[i]))!=0) {
+                slist =  (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
+                if (slist == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, slist))) {
+                    free(slist);
+                    slist = NULL;
+                    goto cleanup;
+                }
+
+                rparams->subtreecount=0;
+                while (slist[rparams->subtreecount]!=NULL)
+                    (rparams->subtreecount)++;
+                rparams->subtree =  slist;
+            } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow subtree value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        "for subtree while modifying realm '%s'",
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            rparams->subtree[rparams->subtreecount] = NULL;
+            mask |= LDAP_REALM_SUBTREE;
+        } else if (!strncmp(argv[i], "-containerref", strlen(argv[i]))) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow containerref value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        "for container reference while modifying realm '%s'",
+                        global_params.realm);
+                goto err_nomsg;
+            }
 #ifdef HAVE_EDIRECTORY
             if (rparams->containerref != NULL) {
                 oldcontainerref = rparams->containerref;
             }
 #endif
-           rparams->containerref = strdup(argv[i]);
-           if (rparams->containerref == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-           mask |= LDAP_REALM_CONTREF;
-       } else if (!strcmp(argv[i], "-sscope")) {
-           if (++i > argc-1)
-               goto err_usage;
-           /* Possible values for search scope are
-            * one (or 1) and sub (or 2)
-            */
-           if (strcasecmp(argv[i], "one") == 0) {
-               rparams->search_scope = 1;
-           } else if (strcasecmp(argv[i], "sub") == 0) {
-               rparams->search_scope = 2;
-           } else {
-               rparams->search_scope = atoi(argv[i]);
-               if ((rparams->search_scope != 1) &&
-                   (rparams->search_scope != 2)) {
-                   retval = EINVAL;
-                   com_err(progname, retval,
-                           "specified for search scope while modifying information of realm '%s'",
-                           global_params.realm);
-                   goto err_nomsg;
-               }
-           }
-           mask |= LDAP_REALM_SEARCHSCOPE;
-       }
+            rparams->containerref = strdup(argv[i]);
+            if (rparams->containerref == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_CONTREF;
+        } else if (!strcmp(argv[i], "-sscope")) {
+            if (++i > argc-1)
+                goto err_usage;
+            /* Possible values for search scope are
+             * one (or 1) and sub (or 2)
+             */
+            if (strcasecmp(argv[i], "one") == 0) {
+                rparams->search_scope = 1;
+            } else if (strcasecmp(argv[i], "sub") == 0) {
+                rparams->search_scope = 2;
+            } else {
+                rparams->search_scope = atoi(argv[i]);
+                if ((rparams->search_scope != 1) &&
+                    (rparams->search_scope != 2)) {
+                    retval = EINVAL;
+                    com_err(progname, retval,
+                            "specified for search scope while modifying information of realm '%s'",
+                            global_params.realm);
+                    goto err_nomsg;
+                }
+            }
+            mask |= LDAP_REALM_SEARCHSCOPE;
+        }
 #ifdef HAVE_EDIRECTORY
-       else if (!strcmp(argv[i], "-kdcdn")) {
-           if (++i > argc-1)
-               goto err_usage;
-
-           if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
-               if (!oldkdcdns) {
-                   /* Store the old kdc dns list for removing rights */
-                   oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldkdcdns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j=0; rparams->kdcservers[j] != NULL; j++) {
-                       oldkdcdns[j] = strdup(rparams->kdcservers[j]);
-                       if (oldkdcdns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldkdcdns[j] = NULL;
-               }
-
-               krb5_free_list_entries(rparams->kdcservers);
-               free(rparams->kdcservers);
-           }
-
-           rparams->kdcservers = (char **)malloc(
-               sizeof(char *) * MAX_LIST_ENTRIES);
-           if (rparams->kdcservers == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-           memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         rparams->kdcservers))) {
-               goto cleanup;
-           }
-           mask |= LDAP_REALM_KDCSERVERS;
-           /* Going to replace the existing value by this new value. Hence
-            * setting flag indicating that add or clear options will be ignored
-            */
-           newkdcdn = 1;
-       } else if (!strcmp(argv[i], "-clearkdcdn")) {
-           if (++i > argc-1)
-               goto err_usage;
-           if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
-               if (!oldkdcdns) {
-                   /* Store the old kdc dns list for removing rights */
-                   oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldkdcdns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j=0; rparams->kdcservers[j] != NULL; j++) {
-                       oldkdcdns[j] = strdup(rparams->kdcservers[j]);
-                       if (oldkdcdns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldkdcdns[j] = NULL;
-               }
-
-               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                   goto cleanup;
-               }
-               list_modify_str_array(&rparams->kdcservers, (const char **)list,
-                                     LIST_MODE_DELETE);
-               mask |= LDAP_REALM_KDCSERVERS;
-               krb5_free_list_entries(list);
-           }
-       } else if (!strcmp(argv[i], "-addkdcdn")) {
-           if (++i > argc-1)
-               goto err_usage;
-           if (!newkdcdn) {
-               if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) {
-                   /* Store the old kdc dns list for removing rights */
-                   oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldkdcdns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j = 0; rparams->kdcservers[j] != NULL; j++) {
-                       oldkdcdns[j] = strdup(rparams->kdcservers[j]);
-                       if (oldkdcdns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldkdcdns[j] = NULL;
-               }
-
-               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                   goto cleanup;
-               }
-               existing_entries = list_count_str_array(rparams->kdcservers);
-               list_entries = list_count_str_array(list);
-               if (rmask & LDAP_REALM_KDCSERVERS) {
-                   tempstr = (char **)realloc(
-                       rparams->kdcservers,
-                       sizeof(char *) * (existing_entries+list_entries+1));
-                   if (tempstr == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-                   rparams->kdcservers = tempstr;
-               } else {
-                   rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1));
-                   if (rparams->kdcservers == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-                   memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1));
-               }
-               list_modify_str_array(&rparams->kdcservers, (const char **)list,
-                                     LIST_MODE_ADD);
-               mask |= LDAP_REALM_KDCSERVERS;
-           }
-       } else if (!strcmp(argv[i], "-admindn")) {
-           if (++i > argc-1)
-               goto err_usage;
-
-           if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
-               if (!oldadmindns) {
-                   /* Store the old admin dns list for removing rights */
-                   oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldadmindns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j=0; rparams->adminservers[j] != NULL; j++) {
-                       oldadmindns[j] = strdup(rparams->adminservers[j]);
-                       if (oldadmindns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldadmindns[j] = NULL;
-               }
-
-               krb5_free_list_entries(rparams->adminservers);
-               free(rparams->adminservers);
-           }
-
-           rparams->adminservers = (char **)malloc(
-               sizeof(char *) * MAX_LIST_ENTRIES);
-           if (rparams->adminservers == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-           memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         rparams->adminservers))) {
-               goto cleanup;
-           }
-           mask |= LDAP_REALM_ADMINSERVERS;
-           /* Going to replace the existing value by this new value. Hence
-            * setting flag indicating that add or clear options will be ignored
-            */
-           newadmindn = 1;
-       } else if (!strcmp(argv[i], "-clearadmindn")) {
-           if (++i > argc-1)
-               goto err_usage;
-
-           if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
-               if (!oldadmindns) {
-                   /* Store the old admin dns list for removing rights */
-                   oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldadmindns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j=0; rparams->adminservers[j] != NULL; j++) {
-                       oldadmindns[j] = strdup(rparams->adminservers[j]);
-                       if (oldadmindns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldadmindns[j] = NULL;
-               }
-
-               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                   goto cleanup;
-               }
-               list_modify_str_array(&rparams->adminservers, (const char **)list,
-                                     LIST_MODE_DELETE);
-               mask |= LDAP_REALM_ADMINSERVERS;
-               krb5_free_list_entries(list);
-           }
-       } else if (!strcmp(argv[i], "-addadmindn")) {
-           if (++i > argc-1)
-               goto err_usage;
-           if (!newadmindn) {
-               if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers) && (!oldadmindns)) {
-                   /* Store the old admin dns list for removing rights */
-                   oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldadmindns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j=0; rparams->adminservers[j] != NULL; j++) {
-                       oldadmindns[j] = strdup(rparams->adminservers[j]);
-                       if (oldadmindns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldadmindns[j] = NULL;
-               }
-
-               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                   goto cleanup;
-               }
-               existing_entries = list_count_str_array(rparams->adminservers);
-               list_entries = list_count_str_array(list);
-               if (rmask & LDAP_REALM_ADMINSERVERS) {
-                   tempstr = (char **)realloc(
-                       rparams->adminservers,
-                       sizeof(char *) * (existing_entries+list_entries+1));
-                   if (tempstr == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-                   rparams->adminservers = tempstr;
-               } else {
-                   rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1));
-                   if (rparams->adminservers == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-                   memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1));
-               }
-               list_modify_str_array(&rparams->adminservers, (const char **)list,
-                                     LIST_MODE_ADD);
-               mask |= LDAP_REALM_ADMINSERVERS;
-           }
-       } else if (!strcmp(argv[i], "-pwddn")) {
-           if (++i > argc-1)
-               goto err_usage;
-
-           if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
-               if (!oldpwddns) {
-                   /* Store the old pwd dns list for removing rights */
-                   oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldpwddns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j=0; rparams->passwdservers[j] != NULL; j++) {
-                       oldpwddns[j] = strdup(rparams->passwdservers[j]);
-                       if (oldpwddns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldpwddns[j] = NULL;
-               }
-
-               krb5_free_list_entries(rparams->passwdservers);
-               free(rparams->passwdservers);
-           }
-
-           rparams->passwdservers = (char **)malloc(
-               sizeof(char *) * MAX_LIST_ENTRIES);
-           if (rparams->passwdservers == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-           memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         rparams->passwdservers))) {
-               goto cleanup;
-           }
-           mask |= LDAP_REALM_PASSWDSERVERS;
-           /* Going to replace the existing value by this new value. Hence
-            * setting flag indicating that add or clear options will be ignored
-            */
-           newpwddn = 1;
-       } else if (!strcmp(argv[i], "-clearpwddn")) {
-           if (++i > argc-1)
-               goto err_usage;
-
-           if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
-               if (!oldpwddns) {
-                   /* Store the old pwd dns list for removing rights */
-                   oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldpwddns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j=0; rparams->passwdservers[j] != NULL; j++) {
-                       oldpwddns[j] = strdup(rparams->passwdservers[j]);
-                       if (oldpwddns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldpwddns[j] = NULL;
-               }
-
-               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                   goto cleanup;
-               }
-               list_modify_str_array(&rparams->passwdservers, (const char**)list,
-                                     LIST_MODE_DELETE);
-               mask |= LDAP_REALM_PASSWDSERVERS;
-               krb5_free_list_entries(list);
-           }
-       } else if (!strcmp(argv[i], "-addpwddn")) {
-           if (++i > argc-1)
-               goto err_usage;
-           if (!newpwddn) {
-               if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) {
-                   /* Store the old pwd dns list for removing rights */
-                   oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldpwddns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j=0; rparams->passwdservers[j] != NULL; j++) {
-                       oldpwddns[j] = strdup(rparams->passwdservers[j]);
-                       if (oldpwddns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldpwddns[j] = NULL;
-               }
-
-               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                   goto cleanup;
-               }
-               existing_entries = list_count_str_array(rparams->passwdservers);
-               list_entries = list_count_str_array(list);
-               if (rmask & LDAP_REALM_PASSWDSERVERS) {
-                   tempstr = (char **)realloc(
-                       rparams->passwdservers,
-                       sizeof(char *) * (existing_entries+list_entries+1));
-                   if (tempstr == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-                   rparams->passwdservers = tempstr;
-               } else {
-                   rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1));
-                   if (rparams->passwdservers == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-                   memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1));
-               }
-               list_modify_str_array(&rparams->passwdservers, (const char**)list,
-                                     LIST_MODE_ADD);
-               mask |= LDAP_REALM_PASSWDSERVERS;
-           }
-       }
+        else if (!strcmp(argv[i], "-kdcdn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
+                if (!oldkdcdns) {
+                    /* Store the old kdc dns list for removing rights */
+                    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldkdcdns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->kdcservers[j] != NULL; j++) {
+                        oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+                        if (oldkdcdns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldkdcdns[j] = NULL;
+                }
+
+                krb5_free_list_entries(rparams->kdcservers);
+                free(rparams->kdcservers);
+            }
+
+            rparams->kdcservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->kdcservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->kdcservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_KDCSERVERS;
+            /* Going to replace the existing value by this new value. Hence
+             * setting flag indicating that add or clear options will be ignored
+             */
+            newkdcdn = 1;
+        } else if (!strcmp(argv[i], "-clearkdcdn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
+                if (!oldkdcdns) {
+                    /* Store the old kdc dns list for removing rights */
+                    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldkdcdns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->kdcservers[j] != NULL; j++) {
+                        oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+                        if (oldkdcdns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldkdcdns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                list_modify_str_array(&rparams->kdcservers, (const char **)list,
+                                      LIST_MODE_DELETE);
+                mask |= LDAP_REALM_KDCSERVERS;
+                krb5_free_list_entries(list);
+            }
+        } else if (!strcmp(argv[i], "-addkdcdn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (!newkdcdn) {
+                if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) {
+                    /* Store the old kdc dns list for removing rights */
+                    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldkdcdns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j = 0; rparams->kdcservers[j] != NULL; j++) {
+                        oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+                        if (oldkdcdns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldkdcdns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                existing_entries = list_count_str_array(rparams->kdcservers);
+                list_entries = list_count_str_array(list);
+                if (rmask & LDAP_REALM_KDCSERVERS) {
+                    tempstr = (char **)realloc(
+                        rparams->kdcservers,
+                        sizeof(char *) * (existing_entries+list_entries+1));
+                    if (tempstr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    rparams->kdcservers = tempstr;
+                } else {
+                    rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+                    if (rparams->kdcservers == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1));
+                }
+                list_modify_str_array(&rparams->kdcservers, (const char **)list,
+                                      LIST_MODE_ADD);
+                mask |= LDAP_REALM_KDCSERVERS;
+            }
+        } else if (!strcmp(argv[i], "-admindn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
+                if (!oldadmindns) {
+                    /* Store the old admin dns list for removing rights */
+                    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldadmindns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->adminservers[j] != NULL; j++) {
+                        oldadmindns[j] = strdup(rparams->adminservers[j]);
+                        if (oldadmindns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldadmindns[j] = NULL;
+                }
+
+                krb5_free_list_entries(rparams->adminservers);
+                free(rparams->adminservers);
+            }
+
+            rparams->adminservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->adminservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->adminservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_ADMINSERVERS;
+            /* Going to replace the existing value by this new value. Hence
+             * setting flag indicating that add or clear options will be ignored
+             */
+            newadmindn = 1;
+        } else if (!strcmp(argv[i], "-clearadmindn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
+                if (!oldadmindns) {
+                    /* Store the old admin dns list for removing rights */
+                    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldadmindns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->adminservers[j] != NULL; j++) {
+                        oldadmindns[j] = strdup(rparams->adminservers[j]);
+                        if (oldadmindns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldadmindns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                list_modify_str_array(&rparams->adminservers, (const char **)list,
+                                      LIST_MODE_DELETE);
+                mask |= LDAP_REALM_ADMINSERVERS;
+                krb5_free_list_entries(list);
+            }
+        } else if (!strcmp(argv[i], "-addadmindn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (!newadmindn) {
+                if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers) && (!oldadmindns)) {
+                    /* Store the old admin dns list for removing rights */
+                    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldadmindns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->adminservers[j] != NULL; j++) {
+                        oldadmindns[j] = strdup(rparams->adminservers[j]);
+                        if (oldadmindns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldadmindns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                existing_entries = list_count_str_array(rparams->adminservers);
+                list_entries = list_count_str_array(list);
+                if (rmask & LDAP_REALM_ADMINSERVERS) {
+                    tempstr = (char **)realloc(
+                        rparams->adminservers,
+                        sizeof(char *) * (existing_entries+list_entries+1));
+                    if (tempstr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    rparams->adminservers = tempstr;
+                } else {
+                    rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+                    if (rparams->adminservers == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1));
+                }
+                list_modify_str_array(&rparams->adminservers, (const char **)list,
+                                      LIST_MODE_ADD);
+                mask |= LDAP_REALM_ADMINSERVERS;
+            }
+        } else if (!strcmp(argv[i], "-pwddn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
+                if (!oldpwddns) {
+                    /* Store the old pwd dns list for removing rights */
+                    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldpwddns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->passwdservers[j] != NULL; j++) {
+                        oldpwddns[j] = strdup(rparams->passwdservers[j]);
+                        if (oldpwddns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldpwddns[j] = NULL;
+                }
+
+                krb5_free_list_entries(rparams->passwdservers);
+                free(rparams->passwdservers);
+            }
+
+            rparams->passwdservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->passwdservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->passwdservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_PASSWDSERVERS;
+            /* Going to replace the existing value by this new value. Hence
+             * setting flag indicating that add or clear options will be ignored
+             */
+            newpwddn = 1;
+        } else if (!strcmp(argv[i], "-clearpwddn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
+                if (!oldpwddns) {
+                    /* Store the old pwd dns list for removing rights */
+                    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldpwddns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->passwdservers[j] != NULL; j++) {
+                        oldpwddns[j] = strdup(rparams->passwdservers[j]);
+                        if (oldpwddns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldpwddns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                list_modify_str_array(&rparams->passwdservers, (const char**)list,
+                                      LIST_MODE_DELETE);
+                mask |= LDAP_REALM_PASSWDSERVERS;
+                krb5_free_list_entries(list);
+            }
+        } else if (!strcmp(argv[i], "-addpwddn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (!newpwddn) {
+                if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) {
+                    /* Store the old pwd dns list for removing rights */
+                    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldpwddns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->passwdservers[j] != NULL; j++) {
+                        oldpwddns[j] = strdup(rparams->passwdservers[j]);
+                        if (oldpwddns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldpwddns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                existing_entries = list_count_str_array(rparams->passwdservers);
+                list_entries = list_count_str_array(list);
+                if (rmask & LDAP_REALM_PASSWDSERVERS) {
+                    tempstr = (char **)realloc(
+                        rparams->passwdservers,
+                        sizeof(char *) * (existing_entries+list_entries+1));
+                    if (tempstr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    rparams->passwdservers = tempstr;
+                } else {
+                    rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+                    if (rparams->passwdservers == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1));
+                }
+                list_modify_str_array(&rparams->passwdservers, (const char**)list,
+                                      LIST_MODE_ADD);
+                mask |= LDAP_REALM_PASSWDSERVERS;
+            }
+        }
 #endif
-       else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
-           mask|=ret_mask;
-       } else {
-           printf("'%s' is an invalid option\n", argv[i]);
-           goto err_usage;
-       }
+        else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+            mask|=ret_mask;
+        } else {
+            printf("'%s' is an invalid option\n", argv[i]);
+            goto err_usage;
+        }
     }
 
     if ((retval = krb5_ldap_modify_realm(util_context,
-                                        /* global_params.realm, */ rparams, mask))) {
-       goto cleanup;
+                                         /* global_params.realm, */ rparams, mask))) {
+        goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
     if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_CONTREF) || (mask & LDAP_REALM_KDCSERVERS) ||
-       (mask & LDAP_REALM_ADMINSERVERS) || (mask & LDAP_REALM_PASSWDSERVERS)) {
+        (mask & LDAP_REALM_ADMINSERVERS) || (mask & LDAP_REALM_PASSWDSERVERS)) {
 
-       printf("Changing rights for the service object. Please wait ... ");
-       fflush(stdout);
+        printf("Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
 
         if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_CONTREF)) {
             subtree_changed = 1;
-       }
+        }
 
         if ((subtree_changed) || (mask & LDAP_REALM_KDCSERVERS)) {
 
@@ -1469,27 +1466,27 @@ void kdb5_ldap_modify(argc, argv)
                         /* Remove the rights on the old subtrees */
                         for (i=0; (kdcdns[i] != NULL); i++) {
                             if ((retval=krb5_ldap_delete_service_rights(util_context,
-                                                                       LDAP_KDC_SERVICE, kdcdns[i],
-                                                                       rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                                                                        LDAP_KDC_SERVICE, kdcdns[i],
+                                                                        rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
                                 printf("failed\n");
                                 com_err(progname, retval, "while assigning rights '%s'",
-                                       rparams->realm_name);
+                                        rparams->realm_name);
                                 goto err_nomsg;
-                           }
-                       }
-                   }
+                            }
+                        }
+                    }
                     for (i=0; (kdcdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                                LDAP_KDC_SERVICE, kdcdns[i],
-                                                                rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_KDC_SERVICE, kdcdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             goto err_nomsg;
-                       }
-                   }
-               }
-           }
+                        }
+                    }
+                }
+            }
 
             if (!subtree_changed) {
                 char **newdns = NULL;
@@ -1500,45 +1497,45 @@ void kdb5_ldap_modify(argc, argv)
                 if (oldkdcdns != NULL) {
                     newdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                     if (newdns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
 
-                   if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
-                       for (j=0;  rparams->kdcservers[j]!= NULL; j++) {
+                    if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+                        for (j=0;  rparams->kdcservers[j]!= NULL; j++) {
                             newdns[j] = strdup(rparams->kdcservers[j]);
                             if (newdns[j] == NULL) {
                                 FREE_DN_LIST(newdns);
-                               retval = ENOMEM;
-                               goto cleanup;
-                           }
-                       }
+                                retval = ENOMEM;
+                                goto cleanup;
+                            }
+                        }
                         newdns[j] = NULL;
-                   }
+                    }
 
                     disjoint_members(oldkdcdns, newdns);
 
                     for (i=0; (oldkdcdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_delete_service_rights(util_context,
-                                                                   LDAP_KDC_SERVICE, oldkdcdns[i],
-                                                                   rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                    LDAP_KDC_SERVICE, oldkdcdns[i],
+                                                                    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-                       }
-                   }
+                        }
+                    }
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                                LDAP_KDC_SERVICE, newdns[i],
-                                                                rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_KDC_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-                       }
+                        }
                     }
                     for (i=0; (newdns[i] != NULL); i++) {
                         free(newdns[i]);
@@ -1548,42 +1545,42 @@ void kdb5_ldap_modify(argc, argv)
                     newdns = rparams->kdcservers;
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                                LDAP_KDC_SERVICE, newdns[i],
-                                                                rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_KDC_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             goto err_nomsg;
-                       }
-                   }
-               }
+                        }
+                    }
+                }
             }
 
             if (subtree_changed && (mask & LDAP_REALM_KDCSERVERS)) {
                 char **newdns = rparams->kdcservers;
 
-               rightsmask =0;
+                rightsmask =0;
                 rightsmask = LDAP_REALM_RIGHTS;
-               rightsmask |= LDAP_SUBTREE_RIGHTS;
+                rightsmask |= LDAP_SUBTREE_RIGHTS;
                 if (oldkdcdns != NULL) {
-                   for (i=0; (oldkdcdns[i] != NULL); i++) {
-                       if ((retval=krb5_ldap_delete_service_rights(util_context,
-                                                                   LDAP_KDC_SERVICE, oldkdcdns[i],
-                                                                   rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
-                           printf("failed\n");
-                           com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
-                           goto err_nomsg;
-                       }
-                   }
-               }
+                    for (i=0; (oldkdcdns[i] != NULL); i++) {
+                        if ((retval=krb5_ldap_delete_service_rights(util_context,
+                                                                    LDAP_KDC_SERVICE, oldkdcdns[i],
+                                                                    rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                            printf("failed\n");
+                            com_err(progname, retval, "while assigning rights '%s'",
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
                 for (i=0; (newdns[i] != NULL); i++) {
                     if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                            LDAP_KDC_SERVICE, newdns[i],
-                                                            rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                             LDAP_KDC_SERVICE, newdns[i],
+                                                             rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                         printf("failed\n");
                         com_err(progname, retval, "while assigning rights '%s'",
-                               rparams->realm_name);
+                                rparams->realm_name);
                         goto err_nomsg;
                     }
                 }
@@ -1596,34 +1593,34 @@ void kdb5_ldap_modify(argc, argv)
                 if (rparams->adminservers != NULL) {
                     char **admindns = rparams->adminservers;
                     /* Only subtree and/or container ref has changed */
-                   rightsmask =0;
+                    rightsmask =0;
                     /*  KADMINSERVERS have not changed. Realm rights need not be changed */;
-                   rightsmask |= LDAP_SUBTREE_RIGHTS;
+                    rightsmask |= LDAP_SUBTREE_RIGHTS;
                     if ((oldsubtrees != NULL) || (oldcontainerref != NULL)) {
                         /* Remove the rights on the old subtrees */
                         for (i=0; (admindns[i] != NULL); i++) {
                             if ((retval=krb5_ldap_delete_service_rights(util_context,
-                                                                       LDAP_ADMIN_SERVICE, admindns[i],
-                                                                       rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                                                                        LDAP_ADMIN_SERVICE, admindns[i],
+                                                                        rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
                                 printf("failed\n");
                                 com_err(progname, retval, "while assigning rights '%s'",
-                                       rparams->realm_name);
+                                        rparams->realm_name);
                                 goto err_nomsg;
                             }
                         }
                     }
                     for (i=0; (admindns[i] != NULL); i++) {
-                       if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                                LDAP_ADMIN_SERVICE, admindns[i],
-                                                                rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                           printf("failed\n");
+                        if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                                 LDAP_ADMIN_SERVICE, admindns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                            printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
-                           goto err_nomsg;
-                       }
-                   }
-               }
-           }
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
+            }
 
             if (!subtree_changed) {
                 char **newdns = NULL;
@@ -1634,46 +1631,46 @@ void kdb5_ldap_modify(argc, argv)
                 if (oldadmindns != NULL) {
                     newdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                     if (newdns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
 
-                   if ((rparams != NULL) && (rparams->adminservers != NULL)) {
-                       for (j=0;  rparams->adminservers[j]!= NULL; j++) {
+                    if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+                        for (j=0;  rparams->adminservers[j]!= NULL; j++) {
                             newdns[j] = strdup(rparams->adminservers[j]);
                             if (newdns[j] == NULL) {
                                 FREE_DN_LIST(newdns);
-                               retval = ENOMEM;
-                               goto cleanup;
-                           }
-                       }
+                                retval = ENOMEM;
+                                goto cleanup;
+                            }
+                        }
                         newdns[j] = NULL;
-                   }
+                    }
 
                     disjoint_members(oldadmindns, newdns);
 
                     for (i=0; (oldadmindns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_delete_service_rights(util_context,
-                                                                   LDAP_ADMIN_SERVICE, oldadmindns[i],
-                                                                   rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                    LDAP_ADMIN_SERVICE, oldadmindns[i],
+                                                                    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-                       }
+                        }
                     }
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                                LDAP_ADMIN_SERVICE, newdns[i],
-                                                                rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_ADMIN_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-                       }
-                   }
+                        }
+                    }
                     for (i=0; (newdns[i] != NULL); i++) {
                         free(newdns[i]);
                     }
@@ -1682,42 +1679,42 @@ void kdb5_ldap_modify(argc, argv)
                     newdns = rparams->adminservers;
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                                LDAP_ADMIN_SERVICE, newdns[i],
-                                                                rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_ADMIN_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             goto err_nomsg;
-                       }
-                   }
-               }
+                        }
+                    }
+                }
             }
 
             if (subtree_changed && (mask & LDAP_REALM_ADMINSERVERS)) {
                 char **newdns = rparams->adminservers;
 
-               rightsmask = 0;
+                rightsmask = 0;
                 rightsmask = LDAP_REALM_RIGHTS;
-               rightsmask |= LDAP_SUBTREE_RIGHTS;
+                rightsmask |= LDAP_SUBTREE_RIGHTS;
                 if (oldadmindns != NULL) {
-                   for (i=0; (oldadmindns[i] != NULL); i++) {
-                       if ((retval=krb5_ldap_delete_service_rights(util_context,
-                                                                   LDAP_ADMIN_SERVICE, oldadmindns[i],
-                                                                   rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
-                           printf("failed\n");
-                           com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
-                           goto err_nomsg;
-                       }
-                   }
-               }
+                    for (i=0; (oldadmindns[i] != NULL); i++) {
+                        if ((retval=krb5_ldap_delete_service_rights(util_context,
+                                                                    LDAP_ADMIN_SERVICE, oldadmindns[i],
+                                                                    rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                            printf("failed\n");
+                            com_err(progname, retval, "while assigning rights '%s'",
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
                 for (i=0; (newdns[i] != NULL); i++) {
                     if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                            LDAP_ADMIN_SERVICE, newdns[i],
-                                                            rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                             LDAP_ADMIN_SERVICE, newdns[i],
+                                                             rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                         printf("failed\n");
                         com_err(progname, retval, "while assigning rights '%s'",
-                               rparams->realm_name);
+                                rparams->realm_name);
                         goto err_nomsg;
                     }
                 }
@@ -1730,34 +1727,34 @@ void kdb5_ldap_modify(argc, argv)
                 if (rparams->passwdservers != NULL) {
                     char **passwddns = rparams->passwdservers;
                     /* Only subtree and/or container ref has changed */
-                   rightsmask = 0;
+                    rightsmask = 0;
                     /*  KPASSWDSERVERS have not changed. Realm rights need not be changed */;
-                   rightsmask |= LDAP_SUBTREE_RIGHTS;
+                    rightsmask |= LDAP_SUBTREE_RIGHTS;
                     if ((oldsubtrees != NULL) || (oldcontainerref != NULL)) {
                         /* Remove the rights on the old subtrees */
                         for (i=0; (passwddns[i] != NULL); i++) {
                             if ((retval=krb5_ldap_delete_service_rights(util_context,
-                                                                       LDAP_PASSWD_SERVICE, passwddns[i],
-                                                                       rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                                                                        LDAP_PASSWD_SERVICE, passwddns[i],
+                                                                        rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
                                 printf("failed\n");
                                 com_err(progname, retval, "while assigning rights '%s'",
-                                       rparams->realm_name);
+                                        rparams->realm_name);
                                 goto err_nomsg;
                             }
                         }
                     }
                     for (i=0; (passwddns[i] != NULL); i++) {
-                       if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                                LDAP_PASSWD_SERVICE, passwddns[i],
-                                                                rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                           printf("failed\n");
+                        if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                                 LDAP_PASSWD_SERVICE, passwddns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                            printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
-                           goto err_nomsg;
-                       }
-                   }
-               }
-           }
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
+            }
 
             if (!subtree_changed) {
                 char **newdns = NULL;
@@ -1768,45 +1765,45 @@ void kdb5_ldap_modify(argc, argv)
                 if (oldpwddns != NULL) {
                     newdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                     if (newdns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
 
-                   if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
-                       for (j=0;  rparams->passwdservers[j]!= NULL; j++) {
+                    if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+                        for (j=0;  rparams->passwdservers[j]!= NULL; j++) {
                             newdns[j] = strdup(rparams->passwdservers[j]);
                             if (newdns[j] == NULL) {
                                 FREE_DN_LIST(newdns);
-                               retval = ENOMEM;
-                               goto cleanup;
-                           }
-                       }
+                                retval = ENOMEM;
+                                goto cleanup;
+                            }
+                        }
                         newdns[j] = NULL;
-                   }
+                    }
 
                     disjoint_members(oldpwddns, newdns);
 
                     for (i=0; (oldpwddns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_delete_service_rights(util_context,
-                                                                   LDAP_PASSWD_SERVICE, oldpwddns[i],
-                                                                   rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                    LDAP_PASSWD_SERVICE, oldpwddns[i],
+                                                                    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-                       }
-                   }
+                        }
+                    }
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                                LDAP_PASSWD_SERVICE, newdns[i],
-                                                                rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_PASSWD_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-                       }
+                        }
                     }
                     for (i=0; (newdns[i] != NULL); i++) {
                         free(newdns[i]);
@@ -1816,48 +1813,48 @@ void kdb5_ldap_modify(argc, argv)
                     newdns = rparams->passwdservers;
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-                                                                LDAP_PASSWD_SERVICE, newdns[i],
-                                                                rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_PASSWD_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
+                                    rparams->realm_name);
                             goto err_nomsg;
-                       }
-                   }
-               }
+                        }
+                    }
+                }
             }
 
             if (subtree_changed && (mask & LDAP_REALM_PASSWDSERVERS)) {
                 char **newdns = rparams->passwdservers;
 
-               rightsmask =0;
+                rightsmask =0;
                 rightsmask = LDAP_REALM_RIGHTS;
-               rightsmask |= LDAP_SUBTREE_RIGHTS;
+                rightsmask |= LDAP_SUBTREE_RIGHTS;
                 if (oldpwddns != NULL) {
-                   for (i=0; (oldpwddns[i] != NULL); i++) {
-                       if ((retval = krb5_ldap_delete_service_rights(util_context,
-                                                                     LDAP_PASSWD_SERVICE, oldpwddns[i],
-                                                                     rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
-                           printf("failed\n");
-                           com_err(progname, retval, "while assigning rights '%s'",
-                                   rparams->realm_name);
-                           goto err_nomsg;
-                       }
-                   }
-               }
+                    for (i=0; (oldpwddns[i] != NULL); i++) {
+                        if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                                      LDAP_PASSWD_SERVICE, oldpwddns[i],
+                                                                      rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                            printf("failed\n");
+                            com_err(progname, retval, "while assigning rights '%s'",
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
                 for (i=0; (newdns[i] != NULL); i++) {
-                   if ((retval = krb5_ldap_add_service_rights(util_context,
-                                                              LDAP_PASSWD_SERVICE, newdns[i],
-                                                              rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                       printf("failed\n");
+                    if ((retval = krb5_ldap_add_service_rights(util_context,
+                                                               LDAP_PASSWD_SERVICE, newdns[i],
+                                                               rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                        printf("failed\n");
                         com_err(progname, retval, "while assigning rights '%s'",
-                               rparams->realm_name);
-                       goto err_nomsg;
-                   }
-               }
-           }
-       }
-       printf("done\n");
+                                rparams->realm_name);
+                        goto err_nomsg;
+                    }
+                }
+            }
+        }
+        printf("done\n");
     }
 #endif
 
@@ -1875,55 +1872,55 @@ cleanup:
 
 #ifdef HAVE_EDIRECTORY
     if (oldkdcdns) {
-       for (i=0; oldkdcdns[i] != NULL; i++)
-           free(oldkdcdns[i]);
-       free(oldkdcdns);
+        for (i=0; oldkdcdns[i] != NULL; i++)
+            free(oldkdcdns[i]);
+        free(oldkdcdns);
     }
     if (oldpwddns) {
-       for (i=0; oldpwddns[i] != NULL; i++)
-           free(oldpwddns[i]);
-       free(oldpwddns);
+        for (i=0; oldpwddns[i] != NULL; i++)
+            free(oldpwddns[i]);
+        free(oldpwddns);
     }
     if (oldadmindns) {
-       for (i=0; oldadmindns[i] != NULL; i++)
-           free(oldadmindns[i]);
-       free(oldadmindns);
+        for (i=0; oldadmindns[i] != NULL; i++)
+            free(oldadmindns[i]);
+        free(oldadmindns);
     }
     if (newkdcdns) {
-       for (i=0; newkdcdns[i] != NULL; i++)
-           free(newkdcdns[i]);
-       free(newkdcdns);
+        for (i=0; newkdcdns[i] != NULL; i++)
+            free(newkdcdns[i]);
+        free(newkdcdns);
     }
     if (newpwddns) {
-       for (i=0; newpwddns[i] != NULL; i++)
-           free(newpwddns[i]);
-       free(newpwddns);
+        for (i=0; newpwddns[i] != NULL; i++)
+            free(newpwddns[i]);
+        free(newpwddns);
     }
     if (newadmindns) {
-       for (i=0; newadmindns[i] != NULL; i++)
-           free(newadmindns[i]);
-       free(newadmindns);
+        for (i=0; newadmindns[i] != NULL; i++)
+            free(newadmindns[i]);
+        free(newadmindns);
     }
     if (oldsubtrees) {
-       for (i=0;oldsubtrees[i]!=NULL; i++)
-           free(oldsubtrees[i]);
-       free(oldsubtrees);
+        for (i=0;oldsubtrees[i]!=NULL; i++)
+            free(oldsubtrees[i]);
+        free(oldsubtrees);
     }
     if (newsubtrees) {
-       for (i=0;newsubtrees[i]!=NULL; i++)
-           free(newsubtrees[i]);
-       free(oldsubtrees);
+        for (i=0;newsubtrees[i]!=NULL; i++)
+            free(newsubtrees[i]);
+        free(oldsubtrees);
     }
 #endif
     if (print_usage) {
-       db_usage(MODIFY_REALM);
+        db_usage(MODIFY_REALM);
     }
 
     if (retval) {
-       if (!no_msg)
-           com_err(progname, retval, "while modifying information of realm '%s'",
-                   global_params.realm);
-       exit_status++;
+        if (!no_msg)
+            com_err(progname, retval, "while modifying information of realm '%s'",
+                    global_params.realm);
+        exit_status++;
     }
 
     return;
@@ -1934,9 +1931,8 @@ cleanup:
 /*
  * This function displays the attributes of a Realm
  */
-void kdb5_ldap_view(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_view(int argc, char *argv[])
 {
     krb5_ldap_realm_params *rparams = NULL;
     krb5_error_code retval = 0;
@@ -1947,26 +1943,26 @@ void kdb5_ldap_view(argc, argv)
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-       retval = EINVAL;
-       com_err(progname, retval, "while initializing database");
-       exit_status++;
-       return;
+        retval = EINVAL;
+        com_err(progname, retval, "while initializing database");
+        exit_status++;
+        return;
     }
 
     /* Read the kerberos container information */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-                                                    &(ldap_context->krbcontainer))) != 0) {
-       com_err(progname, retval, "while reading kerberos container information");
-       exit_status++;
-       return;
+                                                     &(ldap_context->krbcontainer))) != 0) {
+        com_err(progname, retval, "while reading kerberos container information");
+        exit_status++;
+        return;
     }
 
     if ((retval = krb5_ldap_read_realm_params(util_context,
-                                             global_params.realm, &rparams, &mask)) || (!rparams)) {
-       com_err(progname, retval, "while reading information of realm '%s'",
-               global_params.realm);
-       exit_status++;
-       return;
+                                              global_params.realm, &rparams, &mask)) || (!rparams)) {
+        com_err(progname, retval, "while reading information of realm '%s'",
+                global_params.realm);
+        exit_status++;
+        return;
     }
     print_realm_params(rparams, mask);
     krb5_ldap_free_realm_params(rparams);
@@ -1974,17 +1970,17 @@ void kdb5_ldap_view(argc, argv)
     return;
 }
 
-static char *strdur(duration)
-    time_t duration;
+static char *
+strdur(time_t duration)
 {
     static char out[50];
     int neg, days, hours, minutes, seconds;
 
     if (duration < 0) {
-       duration *= -1;
-       neg = 1;
+        duration *= -1;
+        neg = 1;
     } else
-       neg = 0;
+        neg = 0;
     days = duration / (24 * 3600);
     duration %= 24 * 3600;
     hours = duration / 3600;
@@ -1993,8 +1989,8 @@ static char *strdur(duration)
     duration %= 60;
     seconds = duration;
     snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
-           days, days == 1 ? "day" : "days",
-           hours, minutes, seconds);
+             days, days == 1 ? "day" : "days",
+             hours, minutes, seconds);
     return out;
 }
 
@@ -2002,7 +1998,8 @@ static char *strdur(duration)
  * This function prints the attributes of a given realm to the
  * standard output.
  */
-static void print_realm_params(krb5_ldap_realm_params *rparams, int mask)
+static void
+print_realm_params(krb5_ldap_realm_params *rparams, int mask)
 {
     char **slist = NULL;
     unsigned int num_entry_printed = 0, i = 0;
@@ -2010,117 +2007,117 @@ static void print_realm_params(krb5_ldap_realm_params *rparams, int mask)
     /* Print the Realm Attributes on the standard output */
     printf("%25s: %-50s\n", "Realm Name", global_params.realm);
     if (mask & LDAP_REALM_SUBTREE) {
-       for (i=0; rparams->subtree[i]!=NULL; i++)
-           printf("%25s: %-50s\n", "Subtree", rparams->subtree[i]);
+        for (i=0; rparams->subtree[i]!=NULL; i++)
+            printf("%25s: %-50s\n", "Subtree", rparams->subtree[i]);
     }
     if (mask & LDAP_REALM_CONTREF)
-       printf("%25s: %-50s\n", "Principal Container Reference", rparams->containerref);
+        printf("%25s: %-50s\n", "Principal Container Reference", rparams->containerref);
     if (mask & LDAP_REALM_SEARCHSCOPE) {
-       if ((rparams->search_scope != 1) &&
-           (rparams->search_scope != 2)) {
-           printf("%25s: %-50s\n", "SearchScope", "Invalid !");
-       } else {
-           printf("%25s: %-50s\n", "SearchScope",
-                  (rparams->search_scope == 1) ? "ONE" : "SUB");
-       }
+        if ((rparams->search_scope != 1) &&
+            (rparams->search_scope != 2)) {
+            printf("%25s: %-50s\n", "SearchScope", "Invalid !");
+        } else {
+            printf("%25s: %-50s\n", "SearchScope",
+                   (rparams->search_scope == 1) ? "ONE" : "SUB");
+        }
     }
     if (mask & LDAP_REALM_KDCSERVERS) {
-       printf("%25s:", "KDC Services");
-       if (rparams->kdcservers != NULL) {
-           num_entry_printed = 0;
-           for (slist = rparams->kdcservers; *slist != NULL; slist++) {
-               if (num_entry_printed)
-                   printf(" %25s %-50s\n", " ", *slist);
-               else
-                   printf(" %-50s\n", *slist);
-               num_entry_printed++;
-           }
-       }
-       if (num_entry_printed == 0)
-           printf("\n");
+        printf("%25s:", "KDC Services");
+        if (rparams->kdcservers != NULL) {
+            num_entry_printed = 0;
+            for (slist = rparams->kdcservers; *slist != NULL; slist++) {
+                if (num_entry_printed)
+                    printf(" %25s %-50s\n", " ", *slist);
+                else
+                    printf(" %-50s\n", *slist);
+                num_entry_printed++;
+            }
+        }
+        if (num_entry_printed == 0)
+            printf("\n");
     }
     if (mask & LDAP_REALM_ADMINSERVERS) {
-       printf("%25s:", "Admin Services");
-       if (rparams->adminservers != NULL) {
-           num_entry_printed = 0;
-           for (slist = rparams->adminservers; *slist != NULL; slist++) {
-               if (num_entry_printed)
-                   printf(" %25s %-50s\n", " ", *slist);
-               else
-                   printf(" %-50s\n", *slist);
-               num_entry_printed++;
-           }
-       }
-       if (num_entry_printed == 0)
-           printf("\n");
+        printf("%25s:", "Admin Services");
+        if (rparams->adminservers != NULL) {
+            num_entry_printed = 0;
+            for (slist = rparams->adminservers; *slist != NULL; slist++) {
+                if (num_entry_printed)
+                    printf(" %25s %-50s\n", " ", *slist);
+                else
+                    printf(" %-50s\n", *slist);
+                num_entry_printed++;
+            }
+        }
+        if (num_entry_printed == 0)
+            printf("\n");
     }
     if (mask & LDAP_REALM_PASSWDSERVERS) {
-       printf("%25s:", "Passwd Services");
-       if (rparams->passwdservers != NULL) {
-           num_entry_printed = 0;
-           for (slist = rparams->passwdservers; *slist != NULL; slist++) {
-               if (num_entry_printed)
-                   printf(" %25s %-50s\n", " ", *slist);
-               else
-                   printf(" %-50s\n", *slist);
-               num_entry_printed++;
-           }
-       }
-       if (num_entry_printed == 0)
-           printf("\n");
+        printf("%25s:", "Passwd Services");
+        if (rparams->passwdservers != NULL) {
+            num_entry_printed = 0;
+            for (slist = rparams->passwdservers; *slist != NULL; slist++) {
+                if (num_entry_printed)
+                    printf(" %25s %-50s\n", " ", *slist);
+                else
+                    printf(" %-50s\n", *slist);
+                num_entry_printed++;
+            }
+        }
+        if (num_entry_printed == 0)
+            printf("\n");
     }
 
     if (mask & LDAP_REALM_MAXTICKETLIFE) {
-       printf("%25s:", "Maximum Ticket Life");
-       printf(" %s \n", strdur(rparams->max_life));
+        printf("%25s:", "Maximum Ticket Life");
+        printf(" %s \n", strdur(rparams->max_life));
     }
 
     if (mask & LDAP_REALM_MAXRENEWLIFE) {
-       printf("%25s:", "Maximum Renewable Life");
-       printf(" %s \n", strdur(rparams->max_renewable_life));
+        printf("%25s:", "Maximum Renewable Life");
+        printf(" %s \n", strdur(rparams->max_renewable_life));
     }
 
     if (mask & LDAP_REALM_KRBTICKETFLAGS) {
-       int ticketflags = rparams->tktflags;
+        int ticketflags = rparams->tktflags;
 
-       printf("%25s: ", "Ticket flags");
-       if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
-           printf("%s ","DISALLOW_POSTDATED");
+        printf("%25s: ", "Ticket flags");
+        if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+            printf("%s ","DISALLOW_POSTDATED");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
-           printf("%s ","DISALLOW_FORWARDABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+            printf("%s ","DISALLOW_FORWARDABLE");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
-           printf("%s ","DISALLOW_RENEWABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+            printf("%s ","DISALLOW_RENEWABLE");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
-           printf("%s ","DISALLOW_PROXIABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+            printf("%s ","DISALLOW_PROXIABLE");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
-           printf("%s ","DISALLOW_DUP_SKEY");
+        if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+            printf("%s ","DISALLOW_DUP_SKEY");
 
-       if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
-           printf("%s ","REQUIRES_PRE_AUTH");
+        if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+            printf("%s ","REQUIRES_PRE_AUTH");
 
-       if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
-           printf("%s ","REQUIRES_HW_AUTH");
+        if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+            printf("%s ","REQUIRES_HW_AUTH");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_SVR)
-           printf("%s ","DISALLOW_SVR");
+        if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+            printf("%s ","DISALLOW_SVR");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
-           printf("%s ","DISALLOW_TGT_BASED");
+        if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+            printf("%s ","DISALLOW_TGT_BASED");
 
-       if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
-           printf("%s ","DISALLOW_ALL_TIX");
+        if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+            printf("%s ","DISALLOW_ALL_TIX");
 
-       if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
-           printf("%s ","REQUIRES_PWCHANGE");
+        if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+            printf("%s ","REQUIRES_PWCHANGE");
 
-       if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
-           printf("%s ","PWCHANGE_SERVICE");
+        if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+            printf("%s ","PWCHANGE_SERVICE");
 
-       printf("\n");
+        printf("\n");
     }
 
 
@@ -2133,9 +2130,8 @@ static void print_realm_params(krb5_ldap_realm_params *rparams, int mask)
  * This function lists the Realm(s) present under the Kerberos container
  * on the LDAP Server.
  */
-void kdb5_ldap_list(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_list(int argc, char *argv[])
 {
     char **list = NULL;
     char **plist = NULL;
@@ -2146,36 +2142,36 @@ void kdb5_ldap_list(argc, argv)
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-       retval = EINVAL;
-       exit_status++;
-       return;
+        retval = EINVAL;
+        exit_status++;
+        return;
     }
 
     /* Read the kerberos container information */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-                                                    &(ldap_context->krbcontainer))) != 0) {
-       com_err(progname, retval, "while reading kerberos container information");
-       exit_status++;
-       return;
+                                                     &(ldap_context->krbcontainer))) != 0) {
+        com_err(progname, retval, "while reading kerberos container information");
+        exit_status++;
+        return;
     }
 
     retval = krb5_ldap_list_realm(util_context, &list);
     if (retval != 0) {
-       krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
-       ldap_context->krbcontainer = NULL;
-       com_err (progname, retval, "while listing realms");
-       exit_status++;
-       return;
+        krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
+        ldap_context->krbcontainer = NULL;
+        com_err (progname, retval, "while listing realms");
+        exit_status++;
+        return;
     }
     /* This is to handle the case of realm not present */
     if (list == NULL) {
-       krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
-       ldap_context->krbcontainer = NULL;
-       return;
+        krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
+        ldap_context->krbcontainer = NULL;
+        return;
     }
 
     for (plist = list; *plist != NULL; plist++) {
-       printf("%s\n", *plist);
+        printf("%s\n", *plist);
     }
     krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
     ldap_context->krbcontainer = NULL;
@@ -2197,10 +2193,8 @@ void kdb5_ldap_list(argc, argv)
 /* Start duplicate code ... */
 
 static krb5_error_code
-krb5_dbe_update_tl_data_new(context, entry, new_tl_data)
-    krb5_context context;
-    krb5_db_entry *entry;
-    krb5_tl_data *new_tl_data;
+krb5_dbe_update_tl_data_new(krb5_context context, krb5_db_entry *entry,
+                            krb5_tl_data *new_tl_data)
 {
     krb5_tl_data *tl_data = NULL;
     krb5_octet *tmp;
@@ -2208,46 +2202,46 @@ krb5_dbe_update_tl_data_new(context, entry, new_tl_data)
     /* copy the new data first, so we can fail cleanly if malloc()
      * fails */
 /*
-    if ((tmp =
-        (krb5_octet *) krb5_db_alloc(context, NULL,
-                                     new_tl_data->tl_data_length)) == NULL)
+  if ((tmp =
+  (krb5_octet *) krb5_db_alloc(context, NULL,
+  new_tl_data->tl_data_length)) == NULL)
 */
     if ((tmp = (krb5_octet *) malloc (new_tl_data->tl_data_length)) == NULL)
-       return (ENOMEM);
+        return (ENOMEM);
 
     /* Find an existing entry of the specified type and point at
      * it, or NULL if not found */
 
-    if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) {        /* db_args can be multiple */
-       for (tl_data = entry->tl_data; tl_data;
-            tl_data = tl_data->tl_data_next)
-           if (tl_data->tl_data_type == new_tl_data->tl_data_type)
-               break;
+    if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */
+        for (tl_data = entry->tl_data; tl_data;
+             tl_data = tl_data->tl_data_next)
+            if (tl_data->tl_data_type == new_tl_data->tl_data_type)
+                break;
     }
 
     /* if necessary, chain a new record in the beginning and point at it */
 
     if (!tl_data) {
 /*
-       if ((tl_data =
-            (krb5_tl_data *) krb5_db_alloc(context, NULL,
-                                           sizeof(krb5_tl_data)))
-           == NULL) {
+  if ((tl_data =
+  (krb5_tl_data *) krb5_db_alloc(context, NULL,
+  sizeof(krb5_tl_data)))
+  == NULL) {
 */
-       if ((tl_data = (krb5_tl_data *) malloc (sizeof(krb5_tl_data))) == NULL) {
-           free(tmp);
-           return (ENOMEM);
-       }
-       memset(tl_data, 0, sizeof(krb5_tl_data));
-       tl_data->tl_data_next = entry->tl_data;
-       entry->tl_data = tl_data;
-       entry->n_tl_data++;
+        if ((tl_data = (krb5_tl_data *) malloc (sizeof(krb5_tl_data))) == NULL) {
+            free(tmp);
+            return (ENOMEM);
+        }
+        memset(tl_data, 0, sizeof(krb5_tl_data));
+        tl_data->tl_data_next = entry->tl_data;
+        entry->tl_data = tl_data;
+        entry->n_tl_data++;
     }
 
     /* fill in the record */
 
     if (tl_data->tl_data_contents)
-       krb5_db_free(context, tl_data->tl_data_contents);
+        krb5_db_free(context, tl_data->tl_data_contents);
 
     tl_data->tl_data_type = new_tl_data->tl_data_type;
     tl_data->tl_data_length = new_tl_data->tl_data_length;
@@ -2258,29 +2252,27 @@ krb5_dbe_update_tl_data_new(context, entry, new_tl_data)
 }
 
 static krb5_error_code
-krb5_dbe_update_mod_princ_data_new(context, entry, mod_date, mod_princ)
-    krb5_context         context;
-    krb5_db_entry      * entry;
-    krb5_timestamp       mod_date;
-    krb5_const_principal  mod_princ;
+krb5_dbe_update_mod_princ_data_new(krb5_context context, krb5_db_entry *entry,
+                                   krb5_timestamp mod_date,
+                                   krb5_const_principal mod_princ)
 {
     krb5_tl_data          tl_data;
 
-    krb5_error_code      retval = 0;
-    krb5_octet         * nextloc = 0;
-    char               * unparse_mod_princ = 0;
-    unsigned int       unparse_mod_princ_size;
+    krb5_error_code       retval = 0;
+    krb5_octet          * nextloc = 0;
+    char                * unparse_mod_princ = 0;
+    unsigned int        unparse_mod_princ_size;
 
     if ((retval = krb5_unparse_name(context, mod_princ,
-                                   &unparse_mod_princ)))
-       return(retval);
+                                    &unparse_mod_princ)))
+        return(retval);
 
     unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
 
     if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
-       == NULL) {
-       free(unparse_mod_princ);
-       return(ENOMEM);
+        == NULL) {
+        free(unparse_mod_princ);
+        return(ENOMEM);
     }
 
     tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
@@ -2302,9 +2294,7 @@ krb5_dbe_update_mod_princ_data_new(context, entry, mod_date, mod_princ)
 }
 
 static krb5_error_code
-kdb_ldap_tgt_keysalt_iterate(ksent, ptr)
-    krb5_key_salt_tuple *ksent;
-    krb5_pointer        ptr;
+kdb_ldap_tgt_keysalt_iterate(krb5_key_salt_tuple *ksent, krb5_pointer ptr)
 {
     krb5_context        context;
     krb5_error_code     kret;
@@ -2328,27 +2318,27 @@ kdb_ldap_tgt_keysalt_iterate(ksent, ptr)
     pwd.length = strlen(mkey_password);
     kret = krb5_c_random_seed(context, &pwd);
     if (kret)
-       return kret;
+        return kret;
 
     /*if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) {*/
     if ((entry->key_data =
-        (krb5_key_data *) realloc(entry->key_data,
-                                  (sizeof(krb5_key_data) *
-                                   (entry->n_key_data + 1)))) == NULL)
-       return (ENOMEM);
+         (krb5_key_data *) realloc(entry->key_data,
+                                   (sizeof(krb5_key_data) *
+                                    (entry->n_key_data + 1)))) == NULL)
+        return (ENOMEM);
 
     memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data));
     ind = entry->n_key_data++;
 
     if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
-                                       &key))) {
-       kret = krb5_dbekd_encrypt_key_data(context,
-                                          iargs->rblock->key,
-                                          &key,
-                                          NULL,
-                                          1,
-                                          &entry->key_data[ind]);
-       krb5_free_keyblock_contents(context, &key);
+                                        &key))) {
+        kret = krb5_dbekd_encrypt_key_data(context,
+                                           iargs->rblock->key,
+                                           &key,
+                                           NULL,
+                                           1,
+                                           &entry->key_data[ind]);
+        krb5_free_keyblock_contents(context, &key);
     }
     /*}*/
 
@@ -2361,11 +2351,8 @@ kdb_ldap_tgt_keysalt_iterate(ksent, ptr)
  * creating the realm object.
  */
 static int
-kdb_ldap_create_principal (context, princ, op, pblock)
-    krb5_context context;
-    krb5_principal princ;
-    enum ap_op op;
-    struct realm_info *pblock;
+kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
+                          enum ap_op op, struct realm_info *pblock)
 {
     int              retval=0, currlen=0, princtype = 2 /* Service Principal */;
     unsigned char    *curr=NULL;
@@ -2383,30 +2370,30 @@ kdb_ldap_create_principal (context, princ, op, pblock)
     krb5_actkvno_node     actkvno;
 
     if ((pblock == NULL) || (context == NULL)) {
-       retval = EINVAL;
-       goto cleanup;
+        retval = EINVAL;
+        goto cleanup;
     }
     dal_handle = context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-       retval = EINVAL;
-       goto cleanup;
+        retval = EINVAL;
+        goto cleanup;
     }
 
     memset(&entry, 0, sizeof(entry));
 
     tl_data = malloc(sizeof(*tl_data));
     if (tl_data == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memset(tl_data, 0, sizeof(*tl_data));
     tl_data->tl_data_length = 1 + 2 + 2 + 1 + 2 + 4;
     tl_data->tl_data_type = 7; /* KDB_TL_USER_INFO */
     curr = tl_data->tl_data_contents = malloc(tl_data->tl_data_length);
     if (tl_data->tl_data_contents == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     memset(curr, 1, 1); /* Passing the mask as principal type */
@@ -2439,74 +2426,74 @@ kdb_ldap_create_principal (context, princ, op, pblock)
     entry.expiration = pblock->expiration;
     entry.mask = mask;
     if ((retval = krb5_copy_principal(context, princ, &entry.princ)))
-       goto cleanup;
+        goto cleanup;
 
 
     switch (op) {
     case TGT_KEY:
-       if ((pdata = krb5_princ_component(context, princ, 1)) &&
-           pdata->length == strlen("history") &&
-           !memcmp(pdata->data, "history", strlen("history"))) {
-
-           /* Allocate memory for storing the key */
-           if ((entry.key_data = (krb5_key_data *) malloc(
-                    sizeof(krb5_key_data))) == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-
-           memset(entry.key_data, 0, sizeof(krb5_key_data));
-           entry.n_key_data++;
-
-           retval = krb5_c_make_random_key(context, global_params.enctype, &key);
-           if (retval) {
-               goto cleanup;
-           }
-           kvno = 1; /* New key is getting set */
-           retval = krb5_dbekd_encrypt_key_data(context,
-                                                &ldap_context->lrparams->mkey,
-                                                &key, NULL, kvno,
-                                                &entry.key_data[entry.n_key_data - 1]);
-           krb5_free_keyblock_contents(context, &key);
-           if (retval) {
-               goto cleanup;
-           }
-       } else {
-           /*retval = krb5_c_make_random_key(context, 16, &key) ;*/
-           iargs.ctx = context;
-           iargs.rblock = pblock;
-           iargs.dbentp = &entry;
-
-           /*
-            * Iterate through the key/salt list, ignoring salt types.
-            */
-           if ((retval = krb5_keysalt_iterate(pblock->kslist,
-                                              pblock->nkslist,
-                                              1,
-                                              kdb_ldap_tgt_keysalt_iterate,
-                                              (krb5_pointer) &iargs)))
-               return retval;
-       }
-       break;
+        if ((pdata = krb5_princ_component(context, princ, 1)) &&
+            pdata->length == strlen("history") &&
+            !memcmp(pdata->data, "history", strlen("history"))) {
+
+            /* Allocate memory for storing the key */
+            if ((entry.key_data = (krb5_key_data *) malloc(
+                     sizeof(krb5_key_data))) == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            memset(entry.key_data, 0, sizeof(krb5_key_data));
+            entry.n_key_data++;
+
+            retval = krb5_c_make_random_key(context, global_params.enctype, &key);
+            if (retval) {
+                goto cleanup;
+            }
+            kvno = 1; /* New key is getting set */
+            retval = krb5_dbekd_encrypt_key_data(context,
+                                                 &ldap_context->lrparams->mkey,
+                                                 &key, NULL, kvno,
+                                                 &entry.key_data[entry.n_key_data - 1]);
+            krb5_free_keyblock_contents(context, &key);
+            if (retval) {
+                goto cleanup;
+            }
+        } else {
+            /*retval = krb5_c_make_random_key(context, 16, &key) ;*/
+            iargs.ctx = context;
+            iargs.rblock = pblock;
+            iargs.dbentp = &entry;
+
+            /*
+             * Iterate through the key/salt list, ignoring salt types.
+             */
+            if ((retval = krb5_keysalt_iterate(pblock->kslist,
+                                               pblock->nkslist,
+                                               1,
+                                               kdb_ldap_tgt_keysalt_iterate,
+                                               (krb5_pointer) &iargs)))
+                return retval;
+        }
+        break;
 
     case MASTER_KEY:
-       /* Allocate memory for storing the key */
-       if ((entry.key_data = (krb5_key_data *) malloc(
-                sizeof(krb5_key_data))) == NULL) {
-           retval = ENOMEM;
-           goto cleanup;
-       }
-
-       memset(entry.key_data, 0, sizeof(krb5_key_data));
-       entry.n_key_data++;
-       kvno = 1; /* New key is getting set */
-       retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
-                                            &ldap_context->lrparams->mkey,
-                                            NULL, kvno,
-                                            &entry.key_data[entry.n_key_data - 1]);
-       if (retval) {
-           goto cleanup;
-       }
+        /* Allocate memory for storing the key */
+        if ((entry.key_data = (krb5_key_data *) malloc(
+                 sizeof(krb5_key_data))) == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+
+        memset(entry.key_data, 0, sizeof(krb5_key_data));
+        entry.n_key_data++;
+        kvno = 1; /* New key is getting set */
+        retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
+                                             &ldap_context->lrparams->mkey,
+                                             NULL, kvno,
+                                             &entry.key_data[entry.n_key_data - 1]);
+        if (retval) {
+            goto cleanup;
+        }
         /*
          * There should always be at least one "active" mkey so creating the
          * KRB5_TL_ACTKVNO entry now so the initial mkey is active.
@@ -2515,20 +2502,20 @@ kdb_ldap_create_principal (context, princ, op, pblock)
         actkvno.act_kvno = kvno;
         actkvno.act_time = now;
         retval = krb5_dbe_update_actkvno(context, &entry, &actkvno);
-       if (retval)
-           goto cleanup;
+        if (retval)
+            goto cleanup;
 
-       break;
+        break;
 
     case NULL_KEY:
     default:
-       break;
+        break;
     } /* end of switch */
 
     retval = krb5_ldap_put_principal(context, &entry, &nentry, NULL);
     if (retval) {
-       com_err(NULL, retval, "while adding entries to database");
-       goto cleanup;
+        com_err(NULL, retval, "while adding entries to database");
+        goto cleanup;
     }
 
 cleanup:
@@ -2541,9 +2528,7 @@ cleanup:
  * This function destroys the realm object and the associated principals
  */
 void
-kdb5_ldap_destroy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_destroy(int argc, char *argv[])
 {
     extern char *optarg;
     extern int optind;
@@ -2561,118 +2546,118 @@ kdb5_ldap_destroy(argc, argv)
 
     optind = 1;
     while ((optchar = getopt(argc, argv, "f")) != -1) {
-       switch (optchar) {
-       case 'f':
-           force++;
-           break;
-       case '?':
-       default:
-           db_usage(DESTROY_REALM);
-           return;
-           /*NOTREACHED*/
-       }
+        switch (optchar) {
+        case 'f':
+            force++;
+            break;
+        case '?':
+        default:
+            db_usage(DESTROY_REALM);
+            return;
+            /*NOTREACHED*/
+        }
     }
 
     if (!force) {
-       printf("Deleting KDC database of '%s', are you sure?\n", global_params.realm);
-       printf("(type 'yes' to confirm)? ");
-       if (fgets(buf, sizeof(buf), stdin) == NULL) {
-           exit_status++;
-           return;
-       }
-       if (strcmp(buf, yes)) {
-           exit_status++;
-           return;
-       }
-       printf("OK, deleting database of '%s'...\n", global_params.realm);
+        printf("Deleting KDC database of '%s', are you sure?\n", global_params.realm);
+        printf("(type 'yes' to confirm)? ");
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            exit_status++;
+            return;
+        }
+        if (strcmp(buf, yes)) {
+            exit_status++;
+            return;
+        }
+        printf("OK, deleting database of '%s'...\n", global_params.realm);
     }
 
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-       com_err(progname, EINVAL, "while initializing database");
-       exit_status++;
-       return;
+        com_err(progname, EINVAL, "while initializing database");
+        exit_status++;
+        return;
     }
 
     /* Read the kerberos container from the LDAP Server */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-                                                    &(ldap_context->krbcontainer))) != 0) {
-       com_err(progname, retval, "while reading kerberos container information");
-       exit_status++;
-       return;
+                                                     &(ldap_context->krbcontainer))) != 0) {
+        com_err(progname, retval, "while reading kerberos container information");
+        exit_status++;
+        return;
     }
 
     /* Read the Realm information from the LDAP Server */
     if ((retval = krb5_ldap_read_realm_params(util_context, global_params.realm,
-                                             &(ldap_context->lrparams), &mask)) != 0) {
-       com_err(progname, retval, "while reading realm information");
-       exit_status++;
-       return;
+                                              &(ldap_context->lrparams), &mask)) != 0) {
+        com_err(progname, retval, "while reading realm information");
+        exit_status++;
+        return;
     }
 
 #ifdef HAVE_EDIRECTORY
     if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
-       (mask & LDAP_REALM_PASSWDSERVERS)) {
-
-       printf("Changing rights for the service object. Please wait ... ");
-       fflush(stdout);
-
-       rparams = ldap_context->lrparams;
-       rightsmask = 0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
-           for (i=0; (rparams->kdcservers[i] != NULL); i++) {
-               if ((retval = krb5_ldap_delete_service_rights(util_context,
-                                                             LDAP_KDC_SERVICE, rparams->kdcservers[i],
-                                                             rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                   printf("failed\n");
-                   com_err(progname, retval, "while assigning rights to '%s'",
-                           rparams->realm_name);
-                   return;
-               }
-           }
-       }
-       rightsmask = 0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ((rparams != NULL) && (rparams->adminservers != NULL)) {
-           for (i=0; (rparams->adminservers[i] != NULL); i++) {
-               if ((retval = krb5_ldap_delete_service_rights(util_context,
-                                                             LDAP_ADMIN_SERVICE, rparams->adminservers[i],
-                                                             rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                   printf("failed\n");
-                   com_err(progname, retval, "while assigning rights to '%s'",
-                           rparams->realm_name);
-                   return;
-               }
-           }
-       }
-       rightsmask = 0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
-           for (i=0; (rparams->passwdservers[i] != NULL); i++) {
-               if ((retval = krb5_ldap_delete_service_rights(util_context,
-                                                             LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
-                                                             rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                   printf("failed\n");
-                   com_err(progname, retval, "while assigning rights to '%s'",
-                           rparams->realm_name);
-                   return;
-               }
-           }
-       }
-       printf("done\n");
+        (mask & LDAP_REALM_PASSWDSERVERS)) {
+
+        printf("Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
+
+        rparams = ldap_context->lrparams;
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+            for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+                if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                              LDAP_KDC_SERVICE, rparams->kdcservers[i],
+                                                              rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    return;
+                }
+            }
+        }
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+            for (i=0; (rparams->adminservers[i] != NULL); i++) {
+                if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                              LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+                                                              rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    return;
+                }
+            }
+        }
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+            for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+                if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                              LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+                                                              rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    return;
+                }
+            }
+        }
+        printf("done\n");
     }
 #endif
     /* Delete the realm container and all the associated principals */
     retval = krb5_ldap_delete_realm(util_context, global_params.realm);
     if (retval) {
-       com_err(progname, retval, "deleting database of '%s'", global_params.realm);
-       exit_status++;
-       return;
+        com_err(progname, retval, "deleting database of '%s'", global_params.realm);
+        exit_status++;
+        return;
     }
 
     printf("** Database of '%s' destroyed.\n", global_params.realm);
index 9a2972a5ad1e80e2900bf6b1f68c2310c081aceb..a8225210f063bbcbf32a78f371c1d61923907a21 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_realm.h
  */
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
-#define BUFF_LEN               64      /* Max len of enctype string */
-#define MAX_PRINC_SIZE                 256
+#define BUFF_LEN                64      /* Max len of enctype string */
+#define MAX_PRINC_SIZE          256
 
 enum ap_op {
-    NULL_KEY,  /* setup null keys */
-    MASTER_KEY,        /* use master key as new key */
-    TGT_KEY    /* special handling for tgt key */
+    NULL_KEY,   /* setup null keys */
+    MASTER_KEY, /* use master key as new key */
+    TGT_KEY     /* special handling for tgt key */
 };
 
 struct realm_info {
@@ -49,13 +50,13 @@ struct realm_info {
 };
 
 struct iterate_args {
-    krb5_context       ctx;
-    struct realm_info  *rblock;
-    krb5_db_entry      *dbentp;
+    krb5_context        ctx;
+    struct realm_info   *rblock;
+    krb5_db_entry       *dbentp;
 };
 
-extern void kdb5_ldap_create (int argc, char **argv);
-extern void kdb5_ldap_destroy (int argc, char **argv);
-extern void kdb5_ldap_modify (int argc, char **argv);
-extern void kdb5_ldap_view (int argc, char **argv);
-extern void kdb5_ldap_list (int argc, char **argv);
+extern void kdb5_ldap_create(int argc, char **argv);
+extern void kdb5_ldap_destroy(int argc, char **argv);
+extern void kdb5_ldap_modify(int argc, char **argv);
+extern void kdb5_ldap_view(int argc, char **argv);
+extern void kdb5_ldap_list(int argc, char **argv);
index 48cbe5a88562d2a045c2129e0bc47866ed486929..fb384d38160857c68b6e89ef503d7c58e3e4b5ea 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_services.c
  */
@@ -50,9 +51,9 @@ convert_realm_name2dn_list(char **list, const char *krbcontainer_loc);
 
 static krb5_error_code
 rem_service_entry_from_file(int argc,
-                           char *argv[],
-                           char *file_name,
-                           char *service_object);
+                            char *argv[],
+                            char *file_name,
+                            char *service_object);
 
 static void
 print_service_params(krb5_ldap_service_params *lserparams, int mask);
@@ -60,7 +61,8 @@ print_service_params(krb5_ldap_service_params *lserparams, int mask);
 extern char *yes;
 extern krb5_boolean db_inited;
 
-static int process_host_list(char **host_list, int servicetype)
+static int
+process_host_list(char **host_list, int servicetype)
 {
     krb5_error_code retval = 0;
     char *pchr = NULL;
@@ -69,93 +71,93 @@ static int process_host_list(char **host_list, int servicetype)
 
     /* Protocol and port number processing */
     for (j = 0; host_list[j]; j++) {
-       /* Look for one hash */
-       if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) {
-           unsigned int hostname_len = pchr - host_list[j];
-
-           /* Check input for buffer overflow */
-           if (hostname_len >= MAX_LEN_LIST_ENTRY) {
-               retval = EINVAL;
-               goto cleanup;
-           }
-
-           /* First copy off the host name portion */
-           strncpy (host_str, host_list[j], hostname_len);
-
-           /* Parse for the protocol string and translate to number */
-           strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN);
-           if (!strcmp(proto_str, "udp"))
-               snprintf (proto_str, sizeof(proto_str), "%d",
-                         PROTOCOL_NUM_UDP);
-           else if (!strcmp(proto_str, "tcp"))
-               snprintf (proto_str, sizeof(proto_str), "%d",
-                         PROTOCOL_NUM_TCP);
-           else
-               proto_str[0] = '\0'; /* Make the string null if invalid */
-
-           /* Look for one more hash */
-           if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) {
-               /* Parse for the port string and check if it is numeric */
-               strncpy (port_str, pchr + 1, PORT_STR_LEN);
-               if (!strtol(port_str, NULL, 10)) /* Not a valid number */
-                   port_str[0] = '\0';
-           } else
-               port_str[0] = '\0';
-       } else { /* We have only host name */
-           strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1);
-           proto_str[0] = '\0';
-           port_str[0] = '\0';
-       }
-
-       /* Now, based on service type, fill in suitable protocol
-          and port values if they are absent or not matching */
-       if (servicetype == LDAP_KDC_SERVICE) {
-           if (proto_str[0] == '\0')
-               snprintf (proto_str, sizeof(proto_str), "%d",
-                         PROTOCOL_DEFAULT_KDC);
-
-           if (port_str[0] == '\0')
-               snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_KDC);
-       } else if (servicetype == LDAP_ADMIN_SERVICE) {
-           if (proto_str[0] == '\0')
-               snprintf (proto_str, sizeof(proto_str), "%d",
-                         PROTOCOL_DEFAULT_ADM);
-           else if (strcmp(proto_str, "1")) {
-               snprintf (proto_str, sizeof(proto_str), "%d",
-                         PROTOCOL_DEFAULT_ADM);
-
-               /* Print warning message */
-               printf ("Admin Server supports only TCP protocol, hence setting that\n");
-           }
-
-           if (port_str[0] == '\0')
-               snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_ADM);
-       } else if (servicetype == LDAP_PASSWD_SERVICE) {
-           if (proto_str[0] == '\0')
-               snprintf (proto_str, sizeof(proto_str), "%d",
-                         PROTOCOL_DEFAULT_PWD);
-           else if (strcmp(proto_str, "0")) {
-               snprintf (proto_str, sizeof(proto_str), "%d",
-                         PROTOCOL_DEFAULT_PWD);
-
-               /* Print warning message */
-               printf ("Password Server supports only UDP protocol, hence setting that\n");
-           }
-
-           if (port_str[0] == '\0')
-               sprintf (port_str, "%d", PORT_DEFAULT_PWD);
-       }
-
-       /* Finally form back the string */
-       free (host_list[j]);
-       host_list[j] = (char*) malloc(sizeof(char) *
-                                     (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1));
-       if (host_list[j] == NULL) {
-           retval = ENOMEM;
-           goto cleanup;
-       }
-       snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1,
-                 "%s#%s#%s", host_str, proto_str, port_str);
+        /* Look for one hash */
+        if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) {
+            unsigned int hostname_len = pchr - host_list[j];
+
+            /* Check input for buffer overflow */
+            if (hostname_len >= MAX_LEN_LIST_ENTRY) {
+                retval = EINVAL;
+                goto cleanup;
+            }
+
+            /* First copy off the host name portion */
+            strncpy (host_str, host_list[j], hostname_len);
+
+            /* Parse for the protocol string and translate to number */
+            strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN);
+            if (!strcmp(proto_str, "udp"))
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_NUM_UDP);
+            else if (!strcmp(proto_str, "tcp"))
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_NUM_TCP);
+            else
+                proto_str[0] = '\0'; /* Make the string null if invalid */
+
+            /* Look for one more hash */
+            if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) {
+                /* Parse for the port string and check if it is numeric */
+                strncpy (port_str, pchr + 1, PORT_STR_LEN);
+                if (!strtol(port_str, NULL, 10)) /* Not a valid number */
+                    port_str[0] = '\0';
+            } else
+                port_str[0] = '\0';
+        } else { /* We have only host name */
+            strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1);
+            proto_str[0] = '\0';
+            port_str[0] = '\0';
+        }
+
+        /* Now, based on service type, fill in suitable protocol
+           and port values if they are absent or not matching */
+        if (servicetype == LDAP_KDC_SERVICE) {
+            if (proto_str[0] == '\0')
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_KDC);
+
+            if (port_str[0] == '\0')
+                snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_KDC);
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            if (proto_str[0] == '\0')
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_ADM);
+            else if (strcmp(proto_str, "1")) {
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_ADM);
+
+                /* Print warning message */
+                printf ("Admin Server supports only TCP protocol, hence setting that\n");
+            }
+
+            if (port_str[0] == '\0')
+                snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_ADM);
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            if (proto_str[0] == '\0')
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_PWD);
+            else if (strcmp(proto_str, "0")) {
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_PWD);
+
+                /* Print warning message */
+                printf ("Password Server supports only UDP protocol, hence setting that\n");
+            }
+
+            if (port_str[0] == '\0')
+                sprintf (port_str, "%d", PORT_DEFAULT_PWD);
+        }
+
+        /* Finally form back the string */
+        free (host_list[j]);
+        host_list[j] = (char*) malloc(sizeof(char) *
+                                      (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1));
+        if (host_list[j] == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1,
+                  "%s#%s#%s", host_str, proto_str, port_str);
     }
 
 cleanup:
@@ -168,9 +170,7 @@ cleanup:
  * Kerberos container location.
  */
 static krb5_error_code
-convert_realm_name2dn_list(list, krbcontainer_loc)
-    char **list;
-    const char *krbcontainer_loc;
+convert_realm_name2dn_list(char **list, const char *krbcontainer_loc)
 {
     krb5_error_code retval = 0;
     char temp_str[MAX_DN_CHARS] = "\0";
@@ -178,24 +178,24 @@ convert_realm_name2dn_list(list, krbcontainer_loc)
     int i = 0;
 
     if (list == NULL) {
-       return EINVAL;
+        return EINVAL;
     }
 
     for (i = 0; (list[i] != NULL) && (i < MAX_LIST_ENTRIES); i++) {
-       /* Restrict copying to max. length to avoid buffer overflow */
-       snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc);
+        /* Restrict copying to max. length to avoid buffer overflow */
+        snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc);
 
-       /* Make copy of string to temporary node */
-       temp_node = strdup(temp_str);
-       if (list[i] == NULL) {
-           retval = ENOMEM;
-           goto cleanup;
-       }
+        /* Make copy of string to temporary node */
+        temp_node = strdup(temp_str);
+        if (list[i] == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
 
-       /* On success, free list node and attach new one */
-       free (list[i]);
-       list[i] = temp_node;
-       temp_node = NULL;
+        /* On success, free list node and attach new one */
+        free (list[i]);
+        list[i] = temp_node;
+        temp_node = NULL;
     }
 
 cleanup:
@@ -207,9 +207,8 @@ cleanup:
  * This function will create a service object on the LDAP Server, with the
  * specified attributes.
  */
-void kdb5_ldap_create_service(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_create_service(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -231,15 +230,15 @@ void kdb5_ldap_create_service(argc, argv)
 
     /* Check for number of arguments */
     if ((argc < 3) || (argc > 10)) {
-       exit_status++;
-       goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     /* Allocate memory for service parameters structure */
     srvparams = (krb5_ldap_service_params*) calloc(1, sizeof(krb5_ldap_service_params));
     if (srvparams == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     dal_handle = util_context->dal_handle;
@@ -250,8 +249,8 @@ void kdb5_ldap_create_service(argc, argv)
        of arguments */
     extra_argv = (char **) calloc((unsigned int)argc, sizeof(char*));
     if (extra_argv == NULL) {
-       retval = ENOMEM;
-       goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     /* Set first of the extra arguments as the program name */
@@ -262,128 +261,128 @@ void kdb5_ldap_create_service(argc, argv)
      * and for assigning rights
      */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-                                                    &(ldap_context->krbcontainer)))) {
-       com_err(me, retval, "while reading Kerberos container information");
-       goto cleanup;
+                                                     &(ldap_context->krbcontainer)))) {
+        com_err(me, retval, "while reading Kerberos container information");
+        goto cleanup;
     }
 
     /* Parse all arguments */
     for (i = 1; i < argc; i++) {
-       if (!strcmp(argv[i], "-kdc")) {
-           srvparams->servicetype = LDAP_KDC_SERVICE;
-       } else if (!strcmp(argv[i], "-admin")) {
-           srvparams->servicetype = LDAP_ADMIN_SERVICE;
-       } else if (!strcmp(argv[i], "-pwd")) {
-           srvparams->servicetype = LDAP_PASSWD_SERVICE;
-       } else if (!strcmp(argv[i], "-servicehost")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
-                                                       sizeof(char *));
-           if (srvparams->krbhostservers == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         srvparams->krbhostservers))) {
-               goto cleanup;
-           }
-
-           if ((retval = process_host_list (srvparams->krbhostservers,
-                                            srvparams->servicetype))) {
-               goto cleanup;
-           }
-
-           mask |= LDAP_SERVICE_HOSTSERVER;
-       } else if (!strcmp(argv[i], "-realm")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
-                                                           sizeof(char *));
-           if (srvparams->krbrealmreferences == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         srvparams->krbrealmreferences))) {
-               goto cleanup;
-           }
-
-           /* Convert realm names to realm DNs */
-           if ((retval = convert_realm_name2dn_list(
-                    srvparams->krbrealmreferences,
-                    ldap_context->krbcontainer->DN))) {
-               goto cleanup;
-           }
-
-           mask |= LDAP_SERVICE_REALMREFERENCE;
-       }
-       /* If argument is none of the above and beginning with '-',
-        * it must be related to password -- collect it
-        * to pass onto kdb5_ldap_set_service_password()
-        */
-       else if (*(argv[i]) == '-') {
-           /* Checking for options of setting the password for the
-            * service (by using 'setsrvpw') is not modular. --need to
-            * have a common function that can be shared with 'setsrvpw'
-            */
-           if (!strcmp(argv[i], "-randpw")) {
-               extra_argv[extra_argc] = argv[i];
-               extra_argc++;
-           } else if (!strcmp(argv[i], "-fileonly")) {
-               extra_argv[extra_argc] = argv[i];
-               extra_argc++;
-           }
-           /* For '-f' option alone, pick up the following argument too */
-           else if (!strcmp(argv[i], "-f")) {
-               extra_argv[extra_argc] = argv[i];
-               extra_argc++;
-
-               if (++i > argc - 1)
-                   goto err_usage;
-
-               extra_argv[extra_argc] = argv[i];
-               extra_argc++;
-           } else { /* Any other option is invalid */
-               exit_status++;
-               goto err_usage;
-           }
-       } else { /* Any other argument must be service DN */
-           /* First check if service DN is already provided --
-            * if so, there's a usage error
-            */
-           if (srvparams->servicedn != NULL) {
-               com_err(me, EINVAL, "while creating service object");
-               goto err_usage;
-           }
-
-           /* If not present already, fill up service DN */
-           srvparams->servicedn = strdup(argv[i]);
-           if (srvparams->servicedn == NULL) {
-               com_err(me, ENOMEM, "while creating service object");
-               goto err_nomsg;
-           }
-       }
+        if (!strcmp(argv[i], "-kdc")) {
+            srvparams->servicetype = LDAP_KDC_SERVICE;
+        } else if (!strcmp(argv[i], "-admin")) {
+            srvparams->servicetype = LDAP_ADMIN_SERVICE;
+        } else if (!strcmp(argv[i], "-pwd")) {
+            srvparams->servicetype = LDAP_PASSWD_SERVICE;
+        } else if (!strcmp(argv[i], "-servicehost")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
+                                                        sizeof(char *));
+            if (srvparams->krbhostservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          srvparams->krbhostservers))) {
+                goto cleanup;
+            }
+
+            if ((retval = process_host_list (srvparams->krbhostservers,
+                                             srvparams->servicetype))) {
+                goto cleanup;
+            }
+
+            mask |= LDAP_SERVICE_HOSTSERVER;
+        } else if (!strcmp(argv[i], "-realm")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
+                                                            sizeof(char *));
+            if (srvparams->krbrealmreferences == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          srvparams->krbrealmreferences))) {
+                goto cleanup;
+            }
+
+            /* Convert realm names to realm DNs */
+            if ((retval = convert_realm_name2dn_list(
+                     srvparams->krbrealmreferences,
+                     ldap_context->krbcontainer->DN))) {
+                goto cleanup;
+            }
+
+            mask |= LDAP_SERVICE_REALMREFERENCE;
+        }
+        /* If argument is none of the above and beginning with '-',
+         * it must be related to password -- collect it
+         * to pass onto kdb5_ldap_set_service_password()
+         */
+        else if (*(argv[i]) == '-') {
+            /* Checking for options of setting the password for the
+             * service (by using 'setsrvpw') is not modular. --need to
+             * have a common function that can be shared with 'setsrvpw'
+             */
+            if (!strcmp(argv[i], "-randpw")) {
+                extra_argv[extra_argc] = argv[i];
+                extra_argc++;
+            } else if (!strcmp(argv[i], "-fileonly")) {
+                extra_argv[extra_argc] = argv[i];
+                extra_argc++;
+            }
+            /* For '-f' option alone, pick up the following argument too */
+            else if (!strcmp(argv[i], "-f")) {
+                extra_argv[extra_argc] = argv[i];
+                extra_argc++;
+
+                if (++i > argc - 1)
+                    goto err_usage;
+
+                extra_argv[extra_argc] = argv[i];
+                extra_argc++;
+            } else { /* Any other option is invalid */
+                exit_status++;
+                goto err_usage;
+            }
+        } else { /* Any other argument must be service DN */
+            /* First check if service DN is already provided --
+             * if so, there's a usage error
+             */
+            if (srvparams->servicedn != NULL) {
+                com_err(me, EINVAL, "while creating service object");
+                goto err_usage;
+            }
+
+            /* If not present already, fill up service DN */
+            srvparams->servicedn = strdup(argv[i]);
+            if (srvparams->servicedn == NULL) {
+                com_err(me, ENOMEM, "while creating service object");
+                goto err_nomsg;
+            }
+        }
     }
 
     /* No point in proceeding further if service DN value is not available */
     if (srvparams->servicedn == NULL) {
-       com_err(me, EINVAL, "while creating service object");
-       goto err_usage;
+        com_err(me, EINVAL, "while creating service object");
+        goto err_usage;
     }
 
     if (srvparams->servicetype == 0) { /* Not provided and hence not set */
-       com_err(me, EINVAL, "while creating service object");
-       goto err_usage;
+        com_err(me, EINVAL, "while creating service object");
+        goto err_usage;
     }
 
     /* Create object with all attributes provided */
     if ((retval = krb5_ldap_create_service(util_context, srvparams, mask)))
-       goto cleanup;
+        goto cleanup;
 
     service_obj_created = TRUE;
 
@@ -394,66 +393,66 @@ void kdb5_ldap_create_service(argc, argv)
 
     /* Set password too */
     if (extra_argc >= 1) {
-       /* Set service DN as the last argument */
-       extra_argv[extra_argc] = strdup(srvparams->servicedn);
-       if (extra_argv[extra_argc] == NULL) {
+        /* Set service DN as the last argument */
+        extra_argv[extra_argc] = strdup(srvparams->servicedn);
+        if (extra_argv[extra_argc] == NULL) {
             retval = ENOMEM;
             goto cleanup;
         }
-       extra_argc++;
+        extra_argc++;
 
-       if ((retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0) {
-           goto err_nomsg;
-       }
+        if ((retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0) {
+            goto err_nomsg;
+        }
     }
     /* Rights assignment */
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
 
-       printf("%s","Changing rights for the service object. Please wait ... ");
-       fflush(stdout);
-
-       rightsmask =0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-
-       if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
-           for (i=0; (srvparams->krbrealmreferences[i] != NULL); i++) {
-
-               /* Get the realm name, not the dn */
-               temprdns = ldap_explode_dn(srvparams->krbrealmreferences[i], 1);
-
-               if (temprdns[0] == NULL) {
-                   retval = EINVAL;
-                   goto cleanup;
-               }
-
-               realmName = strdup(temprdns[0]);
-               if (realmName == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-
-               if ((retval = krb5_ldap_read_realm_params(util_context,
-                                                         realmName, &rparams, &rmask))) {
-                   com_err(me, retval, "while reading information of realm '%s'",
-                           realmName);
-                   goto cleanup;
-               }
-
-               if ((retval = krb5_ldap_add_service_rights(util_context,
-                                                          srvparams->servicetype, srvparams->servicedn,
-                                                          realmName, rparams->subtree, rparams->containerref, rightsmask))) {
-                   printf("failed\n");
-                   com_err(me, retval, "while assigning rights '%s'",
-                           srvparams->servicedn);
-                   goto cleanup;
-               }
-
-               if (rparams)
-                   krb5_ldap_free_realm_params(rparams);
-           }
-       }
-       printf("done\n");
+        printf("%s","Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
+
+        rightsmask =0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+
+        if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
+            for (i=0; (srvparams->krbrealmreferences[i] != NULL); i++) {
+
+                /* Get the realm name, not the dn */
+                temprdns = ldap_explode_dn(srvparams->krbrealmreferences[i], 1);
+
+                if (temprdns[0] == NULL) {
+                    retval = EINVAL;
+                    goto cleanup;
+                }
+
+                realmName = strdup(temprdns[0]);
+                if (realmName == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_read_realm_params(util_context,
+                                                          realmName, &rparams, &rmask))) {
+                    com_err(me, retval, "while reading information of realm '%s'",
+                            realmName);
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_add_service_rights(util_context,
+                                                           srvparams->servicetype, srvparams->servicedn,
+                                                           realmName, rparams->subtree, rparams->containerref, rightsmask))) {
+                    printf("failed\n");
+                    com_err(me, retval, "while assigning rights '%s'",
+                            srvparams->servicedn);
+                    goto cleanup;
+                }
+
+                if (rparams)
+                    krb5_ldap_free_realm_params(rparams);
+            }
+        }
+        printf("done\n");
     }
     goto cleanup;
 
@@ -466,35 +465,35 @@ err_nomsg:
 cleanup:
 
     if ((retval != 0) && (service_obj_created == TRUE)) {
-       /* This is for deleting the service object if something goes
-        * wrong in creating the service object
-        */
+        /* This is for deleting the service object if something goes
+         * wrong in creating the service object
+         */
 
-       /* srvparams is populated from the user input and should be correct as
-        * we were successful in creating a service object. Reusing the same
-        */
-       krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn);
+        /* srvparams is populated from the user input and should be correct as
+         * we were successful in creating a service object. Reusing the same
+         */
+        krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn);
     }
 
     /* Clean-up structure */
     krb5_ldap_free_service (util_context, srvparams);
 
     if (extra_argv) {
-       free (extra_argv);
-       extra_argv = NULL;
+        free (extra_argv);
+        extra_argv = NULL;
     }
     if (realmName) {
-       free(realmName);
-       realmName = NULL;
+        free(realmName);
+        realmName = NULL;
     }
     if (print_usage)
-       db_usage (CREATE_SERVICE);
+        db_usage (CREATE_SERVICE);
 
     if (retval) {
-       if (!no_msg)
-           com_err(me, retval, "while creating service object");
+        if (!no_msg)
+            com_err(me, retval, "while creating service object");
 
-       exit_status++;
+        exit_status++;
     }
 
     return;
@@ -505,9 +504,8 @@ cleanup:
  * This function will modify the attributes of a given service
  * object on the LDAP Server
  */
-void kdb5_ldap_modify_service(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_modify_service(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -534,8 +532,8 @@ void kdb5_ldap_modify_service(argc, argv)
 
     /* Check for number of arguments */
     if ((argc < 3) || (argc > 10)) {
-       exit_status++;
-       goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     dal_handle = util_context->dal_handle;
@@ -543,475 +541,475 @@ void kdb5_ldap_modify_service(argc, argv)
 
     /* Parse all arguments, only to pick up service DN (Pass 1) */
     for (i = 1; i < argc; i++) {
-       /* Skip arguments next to 'servicehost'
-          and 'realmdn' arguments */
-       if (!strcmp(argv[i], "-servicehost")) {
-           ++i;
-       } else if (!strcmp(argv[i], "-clearservicehost")) {
-           ++i;
-       } else if (!strcmp(argv[i], "-addservicehost")) {
-           ++i;
-       } else if (!strcmp(argv[i], "-realm")) {
-           ++i;
-       } else if (!strcmp(argv[i], "-clearrealm")) {
-           ++i;
-       } else if (!strcmp(argv[i], "-addrealm")) {
-           ++i;
-       } else { /* Any other argument must be service DN */
-           /* First check if service DN is already provided --
-              if so, there's a usage error */
-           if (servicedn != NULL) {
-               com_err(me, EINVAL, "while modifying service object");
-               goto err_usage;
-           }
-
-           /* If not present already, fill up service DN */
-           servicedn = strdup(argv[i]);
-           if (servicedn == NULL) {
-               com_err(me, ENOMEM, "while modifying service object");
-               goto err_nomsg;
-           }
-       }
+        /* Skip arguments next to 'servicehost'
+           and 'realmdn' arguments */
+        if (!strcmp(argv[i], "-servicehost")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-clearservicehost")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-addservicehost")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-realm")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-clearrealm")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-addrealm")) {
+            ++i;
+        } else { /* Any other argument must be service DN */
+            /* First check if service DN is already provided --
+               if so, there's a usage error */
+            if (servicedn != NULL) {
+                com_err(me, EINVAL, "while modifying service object");
+                goto err_usage;
+            }
+
+            /* If not present already, fill up service DN */
+            servicedn = strdup(argv[i]);
+            if (servicedn == NULL) {
+                com_err(me, ENOMEM, "while modifying service object");
+                goto err_nomsg;
+            }
+        }
     }
 
     /* No point in proceeding further if service DN value is not available */
     if (servicedn == NULL) {
-       com_err(me, EINVAL, "while modifying service object");
-       goto err_usage;
+        com_err(me, EINVAL, "while modifying service object");
+        goto err_usage;
     }
 
     retval = krb5_ldap_read_service(util_context, servicedn, &srvparams, &in_mask);
     if (retval) {
-       com_err(me, retval, "while reading information of service '%s'",
-               servicedn);
-       goto err_nomsg;
+        com_err(me, retval, "while reading information of service '%s'",
+                servicedn);
+        goto err_nomsg;
     }
 
     /* Read Kerberos container info, to construct realm DN from name
      * and for assigning rights
      */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-                                                    &(ldap_context->krbcontainer)))) {
-       com_err(me, retval, "while reading Kerberos container information");
-       goto cleanup;
+                                                     &(ldap_context->krbcontainer)))) {
+        com_err(me, retval, "while reading Kerberos container information");
+        goto cleanup;
     }
 
     /* Parse all arguments, but skip the service DN (Pass 2) */
     for (i = 1; i < argc; i++) {
-       if (!strcmp(argv[i], "-servicehost")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           /* Free the old list if available */
-           if (srvparams->krbhostservers) {
-               krb5_free_list_entries (srvparams->krbhostservers);
-               free (srvparams->krbhostservers);
-           }
-
-           srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
-                                                       sizeof(char *));
-           if (srvparams->krbhostservers == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         srvparams->krbhostservers))) {
-               goto cleanup;
-           }
-
-           if ((retval = process_host_list (srvparams->krbhostservers,
-                                            srvparams->servicetype))) {
-               goto cleanup;
-           }
-
-           out_mask |= LDAP_SERVICE_HOSTSERVER;
-
-           /* Set flag to ignore 'add' and 'clear' */
-           srvhost_flag = 1;
-       } else if (!strcmp(argv[i], "-clearservicehost")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           if (!srvhost_flag) {
-               /* If attribute doesn't exist, don't permit 'clear' option */
-               if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) {
-                   /* Send out some proper error message here */
-                   com_err(me, EINVAL, "service host list is empty\n");
-                   goto err_nomsg;
-               }
-
-               /* Allocate list for processing */
-               list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-               if (list == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-                   goto cleanup;
-
-               if ((retval = process_host_list (list, srvparams->servicetype))) {
-                   goto cleanup;
-               }
-
-               list_modify_str_array(&(srvparams->krbhostservers),
-                                     (const char**)list, LIST_MODE_DELETE);
-
-               out_mask |= LDAP_SERVICE_HOSTSERVER;
-
-               /* Clean up */
-               free (list);
-               list = NULL;
-           }
-       } else if (!strcmp(argv[i], "-addservicehost")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           if (!srvhost_flag) {
-               /* Allocate list for processing */
-               list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-               if (list == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-                   goto cleanup;
-
-               if ((retval = process_host_list (list, srvparams->servicetype))) {
-                   goto cleanup;
-               }
-
-               /* Call list_modify_str_array() only if host server attribute
-                * exists already --Actually, it's better to handle this
-                * within list_modify_str_array()
-                */
-               if (in_mask & LDAP_SERVICE_HOSTSERVER) {
-                   /* Re-size existing list */
-                   existing_entries = list_count_str_array(srvparams->krbhostservers);
-                   new_entries = list_count_str_array(list);
-                   temp_ptr = (char **) realloc(srvparams->krbhostservers,
-                                                sizeof(char *) * (existing_entries + new_entries + 1));
-                   if (temp_ptr == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-                   srvparams->krbhostservers = temp_ptr;
-
-                   list_modify_str_array(&(srvparams->krbhostservers),
-                                         (const char**)list, LIST_MODE_ADD);
-
-                   /* Clean up */
-                   free (list);
-                   list = NULL;
-               } else
-                   srvparams->krbhostservers = list;
-
-               out_mask |= LDAP_SERVICE_HOSTSERVER;
-           }
-       } else if (!strcmp(argv[i], "-realm")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) {
-               if (!oldrealmrefs) {
-                   /* Store the old realm list for removing rights */
-                   oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldrealmrefs == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-                       oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-                       if (oldrealmrefs[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldrealmrefs[j] = NULL;
-               }
-
-               /* Free the old list if available */
-               krb5_free_list_entries (srvparams->krbrealmreferences);
-               free (srvparams->krbrealmreferences);
-           }
-
-           srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
-                                                           sizeof(char *));
-           if (srvparams->krbrealmreferences == NULL) {
-               retval = ENOMEM;
-               goto cleanup;
-           }
-
-           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                         srvparams->krbrealmreferences))) {
-               goto cleanup;
-           }
-
-           /* Convert realm names to realm DNs */
-           if ((retval = convert_realm_name2dn_list(
-                    srvparams->krbrealmreferences,
-                    ldap_context->krbcontainer->DN))) {
-               goto cleanup;
-           }
-
-           out_mask |= LDAP_SERVICE_REALMREFERENCE;
-
-           /* Set flag to ignore 'add' and 'clear' */
-           realmdn_flag = 1;
-       } else if (!strcmp(argv[i], "-clearrealm")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           if (!realmdn_flag) {
-               /* If attribute doesn't exist, don't permit 'clear' option */
-               if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) {
-                   /* Send out some proper error message here */
-                   goto err_nomsg;
-               }
-
-               if (!oldrealmrefs) {
-                   /* Store the old realm list for removing rights */
-                   oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldrealmrefs == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-                       oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-                       if (oldrealmrefs[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldrealmrefs[j] = NULL;
-               }
-
-               /* Allocate list for processing */
-               list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-               if (list == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-                   goto cleanup;
-
-               /* Convert realm names to realm DNs */
-               if ((retval = convert_realm_name2dn_list(list,
-                                                        ldap_context->krbcontainer->DN))) {
-                   goto cleanup;
-               }
-
-               list_modify_str_array(&(srvparams->krbrealmreferences),
-                                     (const char**)list, LIST_MODE_DELETE);
-
-               out_mask |= LDAP_SERVICE_REALMREFERENCE;
-
-               /* Clean up */
-               free (list);
-               list = NULL;
-           }
-       } else if (!strcmp(argv[i], "-addrealm")) {
-           if (++i > argc - 1)
-               goto err_usage;
-
-           if (!realmdn_flag) {
-               /* Allocate list for processing */
-               list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-               if (list == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-
-               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-                   goto cleanup;
-
-               /* Convert realm names to realm DNs */
-               if ((retval = convert_realm_name2dn_list(list,
-                                                        ldap_context->krbcontainer->DN))) {
-                   goto cleanup;
-               }
-
-               if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) {
-                   /* Store the old realm list for removing rights */
-                   oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldrealmrefs == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-
-                   for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-                       oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-                       if (oldrealmrefs[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldrealmrefs[j] = NULL;
-               }
-
-               /* Call list_modify_str_array() only if realm DN attribute
-                * exists already -- Actually, it's better to handle this
-                * within list_modify_str_array() */
-               if (in_mask & LDAP_SERVICE_REALMREFERENCE) {
-                   /* Re-size existing list */
-                   existing_entries = list_count_str_array(
-                       srvparams->krbrealmreferences);
-                   new_entries = list_count_str_array(list);
-                   temp_ptr = (char **) realloc(srvparams->krbrealmreferences,
-                                                sizeof(char *) * (existing_entries + new_entries + 1));
-                   if (temp_ptr == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-                   srvparams->krbrealmreferences = temp_ptr;
-
-                   list_modify_str_array(&(srvparams->krbrealmreferences),
-                                         (const char**)list, LIST_MODE_ADD);
-
-                   /* Clean up */
-                   free (list);
-                   list = NULL;
-               } else
-                   srvparams->krbrealmreferences = list;
-
-               out_mask |= LDAP_SERVICE_REALMREFERENCE;
-           }
-       } else {
-           /* Any other argument must be service DN
-              -- skip it */
-       }
+        if (!strcmp(argv[i], "-servicehost")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            /* Free the old list if available */
+            if (srvparams->krbhostservers) {
+                krb5_free_list_entries (srvparams->krbhostservers);
+                free (srvparams->krbhostservers);
+            }
+
+            srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
+                                                        sizeof(char *));
+            if (srvparams->krbhostservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          srvparams->krbhostservers))) {
+                goto cleanup;
+            }
+
+            if ((retval = process_host_list (srvparams->krbhostservers,
+                                             srvparams->servicetype))) {
+                goto cleanup;
+            }
+
+            out_mask |= LDAP_SERVICE_HOSTSERVER;
+
+            /* Set flag to ignore 'add' and 'clear' */
+            srvhost_flag = 1;
+        } else if (!strcmp(argv[i], "-clearservicehost")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if (!srvhost_flag) {
+                /* If attribute doesn't exist, don't permit 'clear' option */
+                if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) {
+                    /* Send out some proper error message here */
+                    com_err(me, EINVAL, "service host list is empty\n");
+                    goto err_nomsg;
+                }
+
+                /* Allocate list for processing */
+                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                    goto cleanup;
+
+                if ((retval = process_host_list (list, srvparams->servicetype))) {
+                    goto cleanup;
+                }
+
+                list_modify_str_array(&(srvparams->krbhostservers),
+                                      (const char**)list, LIST_MODE_DELETE);
+
+                out_mask |= LDAP_SERVICE_HOSTSERVER;
+
+                /* Clean up */
+                free (list);
+                list = NULL;
+            }
+        } else if (!strcmp(argv[i], "-addservicehost")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if (!srvhost_flag) {
+                /* Allocate list for processing */
+                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                    goto cleanup;
+
+                if ((retval = process_host_list (list, srvparams->servicetype))) {
+                    goto cleanup;
+                }
+
+                /* Call list_modify_str_array() only if host server attribute
+                 * exists already --Actually, it's better to handle this
+                 * within list_modify_str_array()
+                 */
+                if (in_mask & LDAP_SERVICE_HOSTSERVER) {
+                    /* Re-size existing list */
+                    existing_entries = list_count_str_array(srvparams->krbhostservers);
+                    new_entries = list_count_str_array(list);
+                    temp_ptr = (char **) realloc(srvparams->krbhostservers,
+                                                 sizeof(char *) * (existing_entries + new_entries + 1));
+                    if (temp_ptr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    srvparams->krbhostservers = temp_ptr;
+
+                    list_modify_str_array(&(srvparams->krbhostservers),
+                                          (const char**)list, LIST_MODE_ADD);
+
+                    /* Clean up */
+                    free (list);
+                    list = NULL;
+                } else
+                    srvparams->krbhostservers = list;
+
+                out_mask |= LDAP_SERVICE_HOSTSERVER;
+            }
+        } else if (!strcmp(argv[i], "-realm")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) {
+                if (!oldrealmrefs) {
+                    /* Store the old realm list for removing rights */
+                    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldrealmrefs == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
+                        oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                        if (oldrealmrefs[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldrealmrefs[j] = NULL;
+                }
+
+                /* Free the old list if available */
+                krb5_free_list_entries (srvparams->krbrealmreferences);
+                free (srvparams->krbrealmreferences);
+            }
+
+            srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
+                                                            sizeof(char *));
+            if (srvparams->krbrealmreferences == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          srvparams->krbrealmreferences))) {
+                goto cleanup;
+            }
+
+            /* Convert realm names to realm DNs */
+            if ((retval = convert_realm_name2dn_list(
+                     srvparams->krbrealmreferences,
+                     ldap_context->krbcontainer->DN))) {
+                goto cleanup;
+            }
+
+            out_mask |= LDAP_SERVICE_REALMREFERENCE;
+
+            /* Set flag to ignore 'add' and 'clear' */
+            realmdn_flag = 1;
+        } else if (!strcmp(argv[i], "-clearrealm")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if (!realmdn_flag) {
+                /* If attribute doesn't exist, don't permit 'clear' option */
+                if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) {
+                    /* Send out some proper error message here */
+                    goto err_nomsg;
+                }
+
+                if (!oldrealmrefs) {
+                    /* Store the old realm list for removing rights */
+                    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldrealmrefs == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
+                        oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                        if (oldrealmrefs[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldrealmrefs[j] = NULL;
+                }
+
+                /* Allocate list for processing */
+                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                    goto cleanup;
+
+                /* Convert realm names to realm DNs */
+                if ((retval = convert_realm_name2dn_list(list,
+                                                         ldap_context->krbcontainer->DN))) {
+                    goto cleanup;
+                }
+
+                list_modify_str_array(&(srvparams->krbrealmreferences),
+                                      (const char**)list, LIST_MODE_DELETE);
+
+                out_mask |= LDAP_SERVICE_REALMREFERENCE;
+
+                /* Clean up */
+                free (list);
+                list = NULL;
+            }
+        } else if (!strcmp(argv[i], "-addrealm")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if (!realmdn_flag) {
+                /* Allocate list for processing */
+                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                    goto cleanup;
+
+                /* Convert realm names to realm DNs */
+                if ((retval = convert_realm_name2dn_list(list,
+                                                         ldap_context->krbcontainer->DN))) {
+                    goto cleanup;
+                }
+
+                if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) {
+                    /* Store the old realm list for removing rights */
+                    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldrealmrefs == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
+                        oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                        if (oldrealmrefs[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldrealmrefs[j] = NULL;
+                }
+
+                /* Call list_modify_str_array() only if realm DN attribute
+                 * exists already -- Actually, it's better to handle this
+                 * within list_modify_str_array() */
+                if (in_mask & LDAP_SERVICE_REALMREFERENCE) {
+                    /* Re-size existing list */
+                    existing_entries = list_count_str_array(
+                        srvparams->krbrealmreferences);
+                    new_entries = list_count_str_array(list);
+                    temp_ptr = (char **) realloc(srvparams->krbrealmreferences,
+                                                 sizeof(char *) * (existing_entries + new_entries + 1));
+                    if (temp_ptr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    srvparams->krbrealmreferences = temp_ptr;
+
+                    list_modify_str_array(&(srvparams->krbrealmreferences),
+                                          (const char**)list, LIST_MODE_ADD);
+
+                    /* Clean up */
+                    free (list);
+                    list = NULL;
+                } else
+                    srvparams->krbrealmreferences = list;
+
+                out_mask |= LDAP_SERVICE_REALMREFERENCE;
+            }
+        } else {
+            /* Any other argument must be service DN
+               -- skip it */
+        }
     }
 
     /* Modify attributes of object */
     if ((retval = krb5_ldap_modify_service(util_context, srvparams, out_mask)))
-       goto cleanup;
+        goto cleanup;
 
     /* Service rights modification code */
     if (out_mask & LDAP_SERVICE_REALMREFERENCE) {
 
-       printf("%s","Changing rights for the service object. Please wait ... ");
-       fflush(stdout);
-
-       newrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-       if (newrealmrefs == NULL) {
-           retval = ENOMEM;
-           goto cleanup;
-       }
-
-       if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
-           for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-               newrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-               if (newrealmrefs[j] == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-           }
-           newrealmrefs[j] = NULL;
-       }
-       disjoint_members(oldrealmrefs, newrealmrefs);
-
-       /* Delete the rights for the given service, on each of the realm
-        * container & subtree in the old realm reference list.
-        */
-       if (oldrealmrefs) {
-           rightsmask = 0;
-           rightsmask |= LDAP_REALM_RIGHTS;
-           rightsmask |= LDAP_SUBTREE_RIGHTS;
-
-           for (i = 0; (oldrealmrefs[i] != NULL); i++) {
-               /* Get the realm name, not the dn */
-               temprdns = ldap_explode_dn(oldrealmrefs[i], 1);
-
-               if (temprdns[0] == NULL) {
-                   retval = EINVAL;
-                   goto cleanup;
-               }
-
-               realmName = strdup(temprdns[0]);
-               if (realmName == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-
-               if ((retval = krb5_ldap_read_realm_params(util_context,
-                                                         realmName, &rparams, &rmask))) {
-                   com_err(me, retval, "while reading information of realm '%s'",
-                           realmName);
-                   goto err_nomsg;
-               }
-
-               if ((retval = krb5_ldap_delete_service_rights(util_context,
-                                                             srvparams->servicetype, srvparams->servicedn,
-                                                             realmName, rparams->subtree, rparams->containerref, rightsmask))) {
-                   printf("failed\n");
-                   com_err(me, retval, "while assigning rights '%s'",
-                           srvparams->servicedn);
-                   goto err_nomsg;
-               }
-
-               if (rparams)
-                   krb5_ldap_free_realm_params(rparams);
-           }
-       }
-
-       /* Add the rights for the given service, on each of the realm
-        * container & subtree in the new realm reference list.
-        */
-       if (newrealmrefs) {
-           rightsmask = 0;
-           rightsmask |= LDAP_REALM_RIGHTS;
-           rightsmask |= LDAP_SUBTREE_RIGHTS;
-
-           for (i = 0; (newrealmrefs[i] != NULL); i++) {
-               /* Get the realm name, not the dn */
-               temprdns = ldap_explode_dn(newrealmrefs[i], 1);
-
-               if (temprdns[0] == NULL) {
-                   retval = EINVAL;
-                   goto cleanup;
-               }
-
-               realmName = strdup(temprdns[0]);
-               if (realmName == NULL) {
-                   retval = ENOMEM;
-                   goto cleanup;
-               }
-
-               if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-                                                                &(ldap_context->krbcontainer)))) {
-                   com_err(me, retval,
-                           "while reading Kerberos container information");
-                   goto cleanup;
-               }
-
-               if ((retval = krb5_ldap_read_realm_params(util_context,
-                                                         realmName, &rparams, &rmask))) {
-                   com_err(me, retval, "while reading information of realm '%s'",
-                           realmName);
-                   goto err_nomsg;
-               }
-
-               if ((retval = krb5_ldap_add_service_rights(util_context,
-                                                          srvparams->servicetype, srvparams->servicedn,
-                                                          realmName, rparams->subtree, rparams->containerref, rightsmask))) {
-                   printf("failed\n");
-                   com_err(me, retval, "while assigning rights '%s'",
-                           srvparams->servicedn);
-                   goto err_nomsg;
-               }
-
-               if (rparams) {
-                   krb5_ldap_free_realm_params(rparams);
-                   rparams = NULL;
-               }
-           }
-           printf("done\n");
-       }
+        printf("%s","Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
+
+        newrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+        if (newrealmrefs == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+
+        if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
+            for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
+                newrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                if (newrealmrefs[j] == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+            }
+            newrealmrefs[j] = NULL;
+        }
+        disjoint_members(oldrealmrefs, newrealmrefs);
+
+        /* Delete the rights for the given service, on each of the realm
+         * container & subtree in the old realm reference list.
+         */
+        if (oldrealmrefs) {
+            rightsmask = 0;
+            rightsmask |= LDAP_REALM_RIGHTS;
+            rightsmask |= LDAP_SUBTREE_RIGHTS;
+
+            for (i = 0; (oldrealmrefs[i] != NULL); i++) {
+                /* Get the realm name, not the dn */
+                temprdns = ldap_explode_dn(oldrealmrefs[i], 1);
+
+                if (temprdns[0] == NULL) {
+                    retval = EINVAL;
+                    goto cleanup;
+                }
+
+                realmName = strdup(temprdns[0]);
+                if (realmName == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_read_realm_params(util_context,
+                                                          realmName, &rparams, &rmask))) {
+                    com_err(me, retval, "while reading information of realm '%s'",
+                            realmName);
+                    goto err_nomsg;
+                }
+
+                if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                              srvparams->servicetype, srvparams->servicedn,
+                                                              realmName, rparams->subtree, rparams->containerref, rightsmask))) {
+                    printf("failed\n");
+                    com_err(me, retval, "while assigning rights '%s'",
+                            srvparams->servicedn);
+                    goto err_nomsg;
+                }
+
+                if (rparams)
+                    krb5_ldap_free_realm_params(rparams);
+            }
+        }
+
+        /* Add the rights for the given service, on each of the realm
+         * container & subtree in the new realm reference list.
+         */
+        if (newrealmrefs) {
+            rightsmask = 0;
+            rightsmask |= LDAP_REALM_RIGHTS;
+            rightsmask |= LDAP_SUBTREE_RIGHTS;
+
+            for (i = 0; (newrealmrefs[i] != NULL); i++) {
+                /* Get the realm name, not the dn */
+                temprdns = ldap_explode_dn(newrealmrefs[i], 1);
+
+                if (temprdns[0] == NULL) {
+                    retval = EINVAL;
+                    goto cleanup;
+                }
+
+                realmName = strdup(temprdns[0]);
+                if (realmName == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                                 &(ldap_context->krbcontainer)))) {
+                    com_err(me, retval,
+                            "while reading Kerberos container information");
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_read_realm_params(util_context,
+                                                          realmName, &rparams, &rmask))) {
+                    com_err(me, retval, "while reading information of realm '%s'",
+                            realmName);
+                    goto err_nomsg;
+                }
+
+                if ((retval = krb5_ldap_add_service_rights(util_context,
+                                                           srvparams->servicetype, srvparams->servicedn,
+                                                           realmName, rparams->subtree, rparams->containerref, rightsmask))) {
+                    printf("failed\n");
+                    com_err(me, retval, "while assigning rights '%s'",
+                            srvparams->servicedn);
+                    goto err_nomsg;
+                }
+
+                if (rparams) {
+                    krb5_ldap_free_realm_params(rparams);
+                    rparams = NULL;
+                }
+            }
+            printf("done\n");
+        }
     }
     goto cleanup;
 
@@ -1026,36 +1024,36 @@ cleanup:
     krb5_ldap_free_service(util_context, srvparams);
 
     if (servicedn)
-       free(servicedn);
+        free(servicedn);
 
     if (list) {
-       free(list);
-       list = NULL;
+        free(list);
+        list = NULL;
     }
 
     if (oldrealmrefs) {
-       for (i = 0; oldrealmrefs[i] != NULL; i++)
-           free(oldrealmrefs[i]);
-       free(oldrealmrefs);
+        for (i = 0; oldrealmrefs[i] != NULL; i++)
+            free(oldrealmrefs[i]);
+        free(oldrealmrefs);
     }
 
     if (newrealmrefs) {
-       for (i = 0; newrealmrefs[i] != NULL; i++)
-           free(newrealmrefs[i]);
-       free(newrealmrefs);
+        for (i = 0; newrealmrefs[i] != NULL; i++)
+            free(newrealmrefs[i]);
+        free(newrealmrefs);
     }
     if (realmName) {
-       free(realmName);
-       realmName = NULL;
+        free(realmName);
+        realmName = NULL;
     }
 
     if (print_usage)
-       db_usage(MODIFY_SERVICE);
+        db_usage(MODIFY_SERVICE);
 
     if (retval) {
-       if (!no_msg)
-           com_err(me, retval, "while modifying service object");
-       exit_status++;
+        if (!no_msg)
+            com_err(me, retval, "while modifying service object");
+        exit_status++;
     }
 
     return;
@@ -1067,11 +1065,8 @@ cleanup:
  * from the service password file.
  */
 static krb5_error_code
-rem_service_entry_from_file(argc, argv, file_name, service_object)
-    int argc;
-    char *argv[];
-    char *file_name;
-    char *service_object;
+rem_service_entry_from_file(int argc, char *argv[], char *file_name,
+                            char *service_object)
 {
     int     st        = EINVAL;
     char    *me       = progname;
@@ -1084,31 +1079,31 @@ rem_service_entry_from_file(argc, argv, file_name, service_object)
 
     /* Check for permissions on the password file */
     if (access(file_name, W_OK) == -1) {
-       /* If the specified file itself is not there, no need to show error */
-       if (errno == ENOENT) {
-           st=0;
-           goto cleanup;
-       } else {
-           com_err(me, errno, "while deleting entry from file %s", file_name);
-           goto cleanup;
-       }
+        /* If the specified file itself is not there, no need to show error */
+        if (errno == ENOENT) {
+            st=0;
+            goto cleanup;
+        } else {
+            com_err(me, errno, "while deleting entry from file %s", file_name);
+            goto cleanup;
+        }
     }
 
     /* Create a temporary file which contains all the entries except the
        entry for the given service dn */
     pfile = fopen(file_name, "r+");
     if (pfile == NULL) {
-       com_err(me, errno, "while deleting entry from file %s", file_name);
-       goto cleanup;
+        com_err(me, errno, "while deleting entry from file %s", file_name);
+        goto cleanup;
     }
     set_cloexec_file(pfile);
 
     /* Create a new file with the extension .tmp */
     tmp_file = (char *)malloc(strlen(file_name) + 4 + 1);
     if (tmp_file == NULL) {
-       com_err(me, ENOMEM, "while deleting entry from file");
-       fclose(pfile);
-       goto cleanup;
+        com_err(me, ENOMEM, "while deleting entry from file");
+        fclose(pfile);
+        goto cleanup;
     }
     snprintf (tmp_file, strlen(file_name) + 4 + 1, "%s%s", file_name, ".tmp");
 
@@ -1116,33 +1111,33 @@ rem_service_entry_from_file(argc, argv, file_name, service_object)
     tmpfd = creat(tmp_file, S_IRUSR|S_IWUSR);
     umask(omask);
     if (tmpfd == -1) {
-       com_err(me, errno, "while deleting entry from file\n");
-       fclose(pfile);
-       goto cleanup;
+        com_err(me, errno, "while deleting entry from file\n");
+        fclose(pfile);
+        goto cleanup;
     }
 
     /* Copy only those lines which donot have the specified service dn */
     while (fgets(line, MAX_LEN, pfile) != NULL) {
-       if ((strstr(line, service_object) != NULL) &&
-           (line[strlen(service_object)] == '#')) {
-           continue;
-       } else {
-           len = strlen(line);
-           if (write(tmpfd, line, len) != len) {
-               com_err(me, errno, "while deleting entry from file\n");
-               close(tmpfd);
-               unlink(tmp_file);
-               fclose(pfile);
-               goto cleanup;
-           }
-       }
+        if ((strstr(line, service_object) != NULL) &&
+            (line[strlen(service_object)] == '#')) {
+            continue;
+        } else {
+            len = strlen(line);
+            if (write(tmpfd, line, len) != len) {
+                com_err(me, errno, "while deleting entry from file\n");
+                close(tmpfd);
+                unlink(tmp_file);
+                fclose(pfile);
+                goto cleanup;
+            }
+        }
     }
 
     fclose(pfile);
     if (unlink(file_name) == 0) {
-       link(tmp_file, file_name);
+        link(tmp_file, file_name);
     } else {
-       com_err(me, errno, "while deleting entry from file\n");
+        com_err(me, errno, "while deleting entry from file\n");
     }
     unlink(tmp_file);
 
@@ -1151,7 +1146,7 @@ rem_service_entry_from_file(argc, argv, file_name, service_object)
 cleanup:
 
     if (tmp_file)
-       free(tmp_file);
+        free(tmp_file);
 
     return st;
 }
@@ -1162,9 +1157,7 @@ cleanup:
  * and unlink the references to the Realm objects (if any)
  */
 void
-kdb5_ldap_destroy_service(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_destroy_service(int argc, char *argv[])
 {
     int i = 0;
     char buf[5] = {0};
@@ -1177,89 +1170,89 @@ kdb5_ldap_destroy_service(argc, argv)
     krb5_boolean print_usage = FALSE;
 
     if ((argc < 2) || (argc > 5)) {
-       exit_status++;
-       goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     for (i=1; i < argc; i++) {
 
-       if (strcmp(argv[i],"-force")==0) {
-           force++;
-       } else if (strcmp(argv[i],"-f")==0) {
-           if (argv[i+1]) {
-               stashfilename=strdup(argv[i+1]);
-               if (stashfilename == NULL) {
-                   com_err(progname, ENOMEM, "while destroying service");
-                   exit_status++;
-                   goto cleanup;
-               }
-               i++;
-           } else {
-               exit_status++;
-               goto err_usage;
-           }
-       } else {
-           if ((argv[i]) && (servicedn == NULL)) {
-               servicedn=strdup(argv[i]);
-               if (servicedn == NULL) {
-                   com_err(progname, ENOMEM, "while destroying service");
-                   exit_status++;
-                   goto cleanup;
-               }
-           } else {
-               exit_status++;
-               goto err_usage;
-           }
-       }
+        if (strcmp(argv[i],"-force")==0) {
+            force++;
+        } else if (strcmp(argv[i],"-f")==0) {
+            if (argv[i+1]) {
+                stashfilename=strdup(argv[i+1]);
+                if (stashfilename == NULL) {
+                    com_err(progname, ENOMEM, "while destroying service");
+                    exit_status++;
+                    goto cleanup;
+                }
+                i++;
+            } else {
+                exit_status++;
+                goto err_usage;
+            }
+        } else {
+            if ((argv[i]) && (servicedn == NULL)) {
+                servicedn=strdup(argv[i]);
+                if (servicedn == NULL) {
+                    com_err(progname, ENOMEM, "while destroying service");
+                    exit_status++;
+                    goto cleanup;
+                }
+            } else {
+                exit_status++;
+                goto err_usage;
+            }
+        }
     }
 
     if (!servicedn) {
-       exit_status++;
-       goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     if (!force) {
-       printf("This will delete the service object '%s', are you sure?\n", servicedn);
-       printf("(type 'yes' to confirm)? ");
-       if (fgets(buf, sizeof(buf), stdin) == NULL) {
-           exit_status++;
-           goto cleanup;;
-       }
-       if (strcmp(buf, yes)) {
-           exit_status++;
-           goto cleanup;
-       }
+        printf("This will delete the service object '%s', are you sure?\n", servicedn);
+        printf("(type 'yes' to confirm)? ");
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            exit_status++;
+            goto cleanup;;
+        }
+        if (strcmp(buf, yes)) {
+            exit_status++;
+            goto cleanup;
+        }
     }
 
     if ((retval = krb5_ldap_read_service(util_context, servicedn,
-                                        &lserparams, &mask))) {
-       com_err(progname, retval, "while destroying service '%s'",servicedn);
-       exit_status++;
-       goto cleanup;
+                                         &lserparams, &mask))) {
+        com_err(progname, retval, "while destroying service '%s'",servicedn);
+        exit_status++;
+        goto cleanup;
     }
 
     retval = krb5_ldap_delete_service(util_context, lserparams, servicedn);
 
     if (retval) {
-       com_err(progname, retval, "while destroying service '%s'", servicedn);
-       exit_status++;
-       goto cleanup;
+        com_err(progname, retval, "while destroying service '%s'", servicedn);
+        exit_status++;
+        goto cleanup;
     }
 
     if (stashfilename == NULL) {
-       stashfilename = strdup(DEF_SERVICE_PASSWD_FILE);
-       if (stashfilename == NULL) {
-           com_err(progname, ENOMEM, "while destroying service");
-           exit_status++;
-           goto cleanup;
-       }
+        stashfilename = strdup(DEF_SERVICE_PASSWD_FILE);
+        if (stashfilename == NULL) {
+            com_err(progname, ENOMEM, "while destroying service");
+            exit_status++;
+            goto cleanup;
+        }
     }
     printf("** service object '%s' deleted.\n", servicedn);
     retval = rem_service_entry_from_file(argc, argv, stashfilename, servicedn);
 
     if (retval)
-       printf("** error removing service object entry '%s' from password file.\n",
-              servicedn);
+        printf("** error removing service object entry '%s' from password file.\n",
+               servicedn);
 
     goto cleanup;
 
@@ -1270,19 +1263,19 @@ err_usage:
 cleanup:
 
     if (lserparams) {
-       krb5_ldap_free_service(util_context, lserparams);
+        krb5_ldap_free_service(util_context, lserparams);
     }
 
     if (servicedn) {
-       free(servicedn);
+        free(servicedn);
     }
 
     if (stashfilename) {
-       free(stashfilename);
+        free(stashfilename);
     }
 
     if (print_usage) {
-       db_usage(DESTROY_SERVICE);
+        db_usage(DESTROY_SERVICE);
     }
 
     return;
@@ -1292,9 +1285,8 @@ cleanup:
 /*
  * This function will display information about the given service object
  */
-void kdb5_ldap_view_service(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_view_service(int argc, char *argv[])
 {
     krb5_ldap_service_params *lserparams = NULL;
     krb5_error_code retval = 0;
@@ -1303,21 +1295,21 @@ void kdb5_ldap_view_service(argc, argv)
     krb5_boolean print_usage = FALSE;
 
     if (!(argc == 2)) {
-       exit_status++;
-       goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     servicedn=strdup(argv[1]);
     if (servicedn == NULL) {
-       com_err(progname, ENOMEM, "while viewing service");
-       exit_status++;
-       goto cleanup;
+        com_err(progname, ENOMEM, "while viewing service");
+        exit_status++;
+        goto cleanup;
     }
 
     if ((retval = krb5_ldap_read_service(util_context, servicedn, &lserparams, &mask))) {
-       com_err(progname, retval, "while viewing service '%s'",servicedn);
-       exit_status++;
-       goto cleanup;
+        com_err(progname, retval, "while viewing service '%s'",servicedn);
+        exit_status++;
+        goto cleanup;
     }
 
     print_service_params(lserparams, mask);
@@ -1330,14 +1322,14 @@ err_usage:
 cleanup:
 
     if (lserparams) {
-       krb5_ldap_free_service(util_context, lserparams);
+        krb5_ldap_free_service(util_context, lserparams);
     }
 
     if (servicedn)
-       free(servicedn);
+        free(servicedn);
 
     if (print_usage) {
-       db_usage(VIEW_SERVICE);
+        db_usage(VIEW_SERVICE);
     }
 
     return;
@@ -1348,9 +1340,8 @@ cleanup:
  * This function will list the DNs of kerberos services present on
  * the LDAP Server under a specific sub-tree (entire tree by default)
  */
-void kdb5_ldap_list_services(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_list_services(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -1361,33 +1352,33 @@ void kdb5_ldap_list_services(argc, argv)
 
     /* Check for number of arguments */
     if ((argc != 1) && (argc != 3)) {
-       exit_status++;
-       goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     /* Parse base DN argument if present */
     if (argc == 3) {
-       if (strcmp(argv[1], "-basedn")) {
-           retval = EINVAL;
-           goto err_usage;
-       }
+        if (strcmp(argv[1], "-basedn")) {
+            retval = EINVAL;
+            goto err_usage;
+        }
 
-       basedn = strdup(argv[2]);
-       if (basedn == NULL) {
-           com_err(me, ENOMEM, "while listing services");
-           exit_status++;
-           goto cleanup;
-       }
+        basedn = strdup(argv[2]);
+        if (basedn == NULL) {
+            com_err(me, ENOMEM, "while listing services");
+            exit_status++;
+            goto cleanup;
+        }
     }
 
     retval = krb5_ldap_list_services(util_context, basedn, &list);
     if ((retval != 0) || (list == NULL)) {
-       exit_status++;
-       goto cleanup;
+        exit_status++;
+        goto cleanup;
     }
 
     for (plist = list; *plist != NULL; plist++) {
-       printf("%s\n", *plist);
+        printf("%s\n", *plist);
     }
 
     goto cleanup;
@@ -1397,20 +1388,20 @@ err_usage:
 
 cleanup:
     if (list != NULL) {
-       krb5_free_list_entries (list);
-       free (list);
+        krb5_free_list_entries (list);
+        free (list);
     }
 
     if (basedn)
-       free (basedn);
+        free (basedn);
 
     if (print_usage) {
-       db_usage(LIST_SERVICE);
+        db_usage(LIST_SERVICE);
     }
 
     if (retval) {
-       com_err(me, retval, "while listing policy objects");
-       exit_status++;
+        com_err(me, retval, "while listing policy objects");
+        exit_status++;
     }
 
     return;
@@ -1422,9 +1413,7 @@ cleanup:
  * to the standard output
  */
 static void
-print_service_params(lserparams, mask)
-    krb5_ldap_service_params *lserparams;
-    int mask;
+print_service_params(krb5_ldap_service_params *lserparams, int mask)
 {
     int            i=0;
 
@@ -1433,27 +1422,27 @@ print_service_params(lserparams, mask)
 
     /* Print the service type of the object to be read */
     if (lserparams->servicetype == LDAP_KDC_SERVICE) {
-       printf("%20s%-20s\n","Service type: ","kdc");
+        printf("%20s%-20s\n","Service type: ","kdc");
     } else if (lserparams->servicetype == LDAP_ADMIN_SERVICE) {
-       printf("%20s%-20s\n","Service type: ","admin");
+        printf("%20s%-20s\n","Service type: ","admin");
     } else if (lserparams->servicetype == LDAP_PASSWD_SERVICE) {
-       printf("%20s%-20s\n","Service type: ","pwd");
+        printf("%20s%-20s\n","Service type: ","pwd");
     }
 
     /* Print the host server values */
     printf("%20s\n","Service host list: ");
     if (mask & LDAP_SERVICE_HOSTSERVER) {
-       for (i=0; lserparams->krbhostservers[i] != NULL; ++i) {
-           printf("%20s%-50s\n","",lserparams->krbhostservers[i]);
-       }
+        for (i=0; lserparams->krbhostservers[i] != NULL; ++i) {
+            printf("%20s%-50s\n","",lserparams->krbhostservers[i]);
+        }
     }
 
     /* Print the realm reference dn values */
     printf("%20s\n","Realm DN list: ");
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-       for (i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i) {
-           printf("%20s%-50s\n","",lserparams->krbrealmreferences[i]);
-       }
+        for (i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i) {
+            printf("%20s%-50s\n","",lserparams->krbrealmreferences[i]);
+        }
     }
 
     return;
@@ -1470,7 +1459,9 @@ print_service_params(lserparams, mask)
  * OUTPUT:
  *     RANDOM_PASSWD_LEN length random password
  */
-static int generate_random_password(krb5_context ctxt, char **randpwd, unsigned int *passlen)
+static int
+generate_random_password(krb5_context ctxt, char **randpwd,
+                         unsigned int *passlen)
 {
     char *random_pwd = NULL;
     int ret = 0;
@@ -1484,26 +1475,26 @@ static int generate_random_password(krb5_context ctxt, char **randpwd, unsigned
     data.length = RANDOM_PASSWD_LEN;
     random_pwd = (char *)malloc(data.length + 1);
     if (random_pwd == NULL) {
-       com_err("setsrvpw", ENOMEM, "while generating random password");
-       return ENOMEM;
+        com_err("setsrvpw", ENOMEM, "while generating random password");
+        return ENOMEM;
     }
     memset(random_pwd, 0, data.length + 1);
     data.data = random_pwd;
 
     ret = krb5_c_random_make_octets(ctxt, &data);
     if (ret) {
-       com_err("setsrvpw", ret, "Error generating random password");
-       free(random_pwd);
-       return ret;
+        com_err("setsrvpw", ret, "Error generating random password");
+        free(random_pwd);
+        return ret;
     }
 
     for (i=0; i<data.length; i++) {
-       /* restricting to ascii chars. Need to change this when 8.8 supports */
-       if ((unsigned char)random_pwd[i] > 127) {
-           random_pwd[i] = (unsigned char)random_pwd[i] % 128;
-       } else if (random_pwd[i] == 0) {
-           random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1;
-       }
+        /* restricting to ascii chars. Need to change this when 8.8 supports */
+        if ((unsigned char)random_pwd[i] > 127) {
+            random_pwd[i] = (unsigned char)random_pwd[i] % 128;
+        } else if (random_pwd[i] == 0) {
+            random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1;
+        }
     }
 
     *randpwd = random_pwd;
@@ -1526,9 +1517,7 @@ static int generate_random_password(krb5_context ctxt, char **randpwd, unsigned
  *      void
  */
 int
-kdb5_ldap_set_service_password(argc, argv)
-    int argc;
-    char **argv;
+kdb5_ldap_set_service_password(int argc, char **argv)
 {
     krb5_ldap_context *lparams = NULL;
     char *file_name = NULL;
@@ -1555,211 +1544,211 @@ kdb5_ldap_set_service_password(argc, argv)
     /* The arguments for setsrv password should contain the service object DN
      * and options to specify whether the password should be updated in file only
      * or both file and directory. So the possible combination of arguments are:
-     * setsrvpw servicedn                              wherein argc is 2
-     * setsrvpw        -fileonly servicedn                     wherein argc is 3
-     * setsrvpw -randpw servicedn                      wherein argc is 3
-     * setsrvpw -f filename servicedn                  wherein argc is 4
-     * setsrvpw -fileonly -f filename servicedn        wherein argc is 5
-     * setsrvpw -randpw -f filename servicedn          wherein argc is 5
+     * setsrvpw servicedn                               wherein argc is 2
+     * setsrvpw -fileonly servicedn                     wherein argc is 3
+     * setsrvpw -randpw servicedn                       wherein argc is 3
+     * setsrvpw -f filename servicedn                   wherein argc is 4
+     * setsrvpw -fileonly -f filename servicedn         wherein argc is 5
+     * setsrvpw -randpw -f filename servicedn           wherein argc is 5
      */
     if ((argc < 2) || (argc > 5)) {
-       print_usage = TRUE;
-       goto cleanup;
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     dal_handle = util_context->dal_handle;
     lparams = (krb5_ldap_context *) dal_handle->db_context;
 
     if (lparams == NULL) {
-       printf("%s: Invalid LDAP handle\n", me);
-       goto cleanup;
+        printf("%s: Invalid LDAP handle\n", me);
+        goto cleanup;
     }
 
     /* Parse the arguments */
     for (i = 1; i < argc -1 ; i++) {
-       if (strcmp(argv[i], "-randpw") == 0) {
-           random_passwd = 1;
-       } else if (strcmp(argv[i], "-fileonly") == 0) {
-           set_dir_pwd = 0;
-       } else if (strcmp(argv[i], "-f") == 0) {
-           if (argv[++i] == NULL) {
-               print_usage = TRUE;
-               goto cleanup;
-           }
-
-           file_name = strdup(argv[i]);
-           if (file_name == NULL) {
-               com_err(me, ENOMEM, "while setting service object password");
-               goto cleanup;
-           }
-           /* Verify if the file location has the proper file name
-            * for eg, if the file location is a directory like /home/temp/,
-            * we reject it.
-            */
-           filelen = strlen(file_name);
-           if ((filelen == 0) || (file_name[filelen-1] == '/')) {
-               printf("%s: Filename not specified for setting service object password\n", me);
-               print_usage = TRUE;
-               goto cleanup;
-           }
-       } else {
-           printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
-           print_usage = TRUE;
-           goto cleanup;
-       }
+        if (strcmp(argv[i], "-randpw") == 0) {
+            random_passwd = 1;
+        } else if (strcmp(argv[i], "-fileonly") == 0) {
+            set_dir_pwd = 0;
+        } else if (strcmp(argv[i], "-f") == 0) {
+            if (argv[++i] == NULL) {
+                print_usage = TRUE;
+                goto cleanup;
+            }
+
+            file_name = strdup(argv[i]);
+            if (file_name == NULL) {
+                com_err(me, ENOMEM, "while setting service object password");
+                goto cleanup;
+            }
+            /* Verify if the file location has the proper file name
+             * for eg, if the file location is a directory like /home/temp/,
+             * we reject it.
+             */
+            filelen = strlen(file_name);
+            if ((filelen == 0) || (file_name[filelen-1] == '/')) {
+                printf("%s: Filename not specified for setting service object password\n", me);
+                print_usage = TRUE;
+                goto cleanup;
+            }
+        } else {
+            printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
+            print_usage = TRUE;
+            goto cleanup;
+        }
     }
 
     if (i != argc-1) {
-       print_usage = TRUE;
-       goto cleanup;
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     service_object = strdup(argv[i]);
     if (service_object == NULL) {
-       com_err(me, ENOMEM, "while setting service object password");
-       goto cleanup;
+        com_err(me, ENOMEM, "while setting service object password");
+        goto cleanup;
     }
 
     if (strlen(service_object) == 0) {
-       printf("%s: Service object not specified for \"setsrvpw\" command\n", me);
-       print_usage = TRUE;
-       goto cleanup;
+        printf("%s: Service object not specified for \"setsrvpw\" command\n", me);
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     if (service_object[0] == '-') {
-       print_usage = TRUE;
-       goto cleanup;
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     if (file_name == NULL) {
-       file_name = strdup(DEF_SERVICE_PASSWD_FILE);
-       if (file_name == NULL) {
-           com_err(me, ENOMEM, "while setting service object password");
-           goto cleanup;
-       }
+        file_name = strdup(DEF_SERVICE_PASSWD_FILE);
+        if (file_name == NULL) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
     }
 
     if (set_dir_pwd) {
-       if (db_inited == FALSE) {
-           if ((errcode = krb5_ldap_db_init(util_context, lparams))) {
-               com_err(me, errcode, "while initializing database");
-               goto cleanup;
-           }
-           db_init_local = TRUE;
-       }
+        if (db_inited == FALSE) {
+            if ((errcode = krb5_ldap_db_init(util_context, lparams))) {
+                com_err(me, errcode, "while initializing database");
+                goto cleanup;
+            }
+            db_init_local = TRUE;
+        }
     }
 
     if (random_passwd) {
-       if (!set_dir_pwd) {
-           printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
-           print_usage = TRUE;
-           goto cleanup;
-       } else {
-           /* Generate random password */
-
-           if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) {
-               printf("%s: Failed to set service object password\n", me);
-               goto cleanup;
-           }
-           passwd_len = strlen(passwd);
-       }
+        if (!set_dir_pwd) {
+            printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
+            print_usage = TRUE;
+            goto cleanup;
+        } else {
+            /* Generate random password */
+
+            if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) {
+                printf("%s: Failed to set service object password\n", me);
+                goto cleanup;
+            }
+            passwd_len = strlen(passwd);
+        }
     } else {
-       /* Get the service object password from the terminal */
-       passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1);
-       if (passwd == NULL) {
-           com_err(me, ENOMEM, "while setting service object password");
-           goto cleanup;
-       }
-       memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1);
-       passwd_len = MAX_SERVICE_PASSWD_LEN;
-
-       if (asprintf(&prompt1, "Password for \"%s\"", service_object) < 0) {
-           com_err(me, ENOMEM, "while setting service object password");
-           goto cleanup;
-       }
-
-       if (asprintf(&prompt2, "Re-enter password for \"%s\"",
-                    service_object) < 0) {
-           com_err(me, ENOMEM, "while setting service object password");
-           free(prompt1);
-           goto cleanup;
-       }
-
-       retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
-       free(prompt1);
-       free(prompt2);
-       if (retval) {
-           com_err(me, retval, "while setting service object password");
-           memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
-           goto cleanup;
-       }
-       if (passwd_len == 0) {
-           printf("%s: Invalid password\n", me);
-           memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
-           goto cleanup;
-       }
-       passwd_len = strlen(passwd);
+        /* Get the service object password from the terminal */
+        passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1);
+        if (passwd == NULL) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
+        memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1);
+        passwd_len = MAX_SERVICE_PASSWD_LEN;
+
+        if (asprintf(&prompt1, "Password for \"%s\"", service_object) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
+
+        if (asprintf(&prompt2, "Re-enter password for \"%s\"",
+                     service_object) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            free(prompt1);
+            goto cleanup;
+        }
+
+        retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
+        free(prompt1);
+        free(prompt2);
+        if (retval) {
+            com_err(me, retval, "while setting service object password");
+            memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+            goto cleanup;
+        }
+        if (passwd_len == 0) {
+            printf("%s: Invalid password\n", me);
+            memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+            goto cleanup;
+        }
+        passwd_len = strlen(passwd);
     }
 
     /* Hex the password */
     {
-       krb5_data pwd, hex;
-       pwd.length = passwd_len;
-       pwd.data = passwd;
-
-       errcode = tohex(pwd, &hex);
-       if (errcode != 0) {
-           if (hex.length != 0) {
-               memset(hex.data, 0, hex.length);
-               free(hex.data);
-           }
-           com_err(me, errcode, "Failed to convert the password to hex");
-           memset(passwd, 0, passwd_len);
-           goto cleanup;
-       }
-       /* Password = {HEX}<encrypted password>:<encrypted key> */
-       if (asprintf(&str, "%s#{HEX}%s\n", service_object, hex.data) < 0) {
-           com_err(me, ENOMEM, "while setting service object password");
-           memset(passwd, 0, passwd_len);
-           memset(hex.data, 0, hex.length);
-           free(hex.data);
-           goto cleanup;
-       }
-       encrypted_passwd.value = (unsigned char *)str;
-       encrypted_passwd.len = strlen(str);
-       memset(hex.data, 0, hex.length);
-       free(hex.data);
+        krb5_data pwd, hex;
+        pwd.length = passwd_len;
+        pwd.data = passwd;
+
+        errcode = tohex(pwd, &hex);
+        if (errcode != 0) {
+            if (hex.length != 0) {
+                memset(hex.data, 0, hex.length);
+                free(hex.data);
+            }
+            com_err(me, errcode, "Failed to convert the password to hex");
+            memset(passwd, 0, passwd_len);
+            goto cleanup;
+        }
+        /* Password = {HEX}<encrypted password>:<encrypted key> */
+        if (asprintf(&str, "%s#{HEX}%s\n", service_object, hex.data) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            memset(passwd, 0, passwd_len);
+            memset(hex.data, 0, hex.length);
+            free(hex.data);
+            goto cleanup;
+        }
+        encrypted_passwd.value = (unsigned char *)str;
+        encrypted_passwd.len = strlen(str);
+        memset(hex.data, 0, hex.length);
+        free(hex.data);
     }
 
     /* We should check if the file exists and we have permission to write into that file */
     if (access(file_name, W_OK) == -1) {
-       if (errno == ENOENT) {
-           mode_t omask;
-           int fd = -1;
-
-           printf("File does not exist. Creating the file %s...\n", file_name);
-           omask = umask(077);
-           fd = creat(file_name, S_IRUSR|S_IWUSR);
-           umask(omask);
-           if (fd == -1) {
-               com_err(me, errno, "Error creating file %s", file_name);
-               memset(passwd, 0, passwd_len);
-               goto cleanup;
-           }
-           close(fd);
-       } else {
-           com_err(me, errno, "Unable to access the file %s", file_name);
-           memset(passwd, 0, passwd_len);
-           goto cleanup;
-       }
+        if (errno == ENOENT) {
+            mode_t omask;
+            int fd = -1;
+
+            printf("File does not exist. Creating the file %s...\n", file_name);
+            omask = umask(077);
+            fd = creat(file_name, S_IRUSR|S_IWUSR);
+            umask(omask);
+            if (fd == -1) {
+                com_err(me, errno, "Error creating file %s", file_name);
+                memset(passwd, 0, passwd_len);
+                goto cleanup;
+            }
+            close(fd);
+        } else {
+            com_err(me, errno, "Unable to access the file %s", file_name);
+            memset(passwd, 0, passwd_len);
+            goto cleanup;
+        }
     }
 
     if (set_dir_pwd) {
-       if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) {
-           com_err(me, errcode, "Failed to set password for service object %s", service_object);
-           memset(passwd, 0, passwd_len);
-           goto cleanup;
-       }
+        if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) {
+            com_err(me, errcode, "Failed to set password for service object %s", service_object);
+            memset(passwd, 0, passwd_len);
+            goto cleanup;
+        }
     }
 
     memset(passwd, 0, passwd_len);
@@ -1769,123 +1758,123 @@ kdb5_ldap_set_service_password(argc, argv)
     /* set password in the file */
     pfile = fopen(file_name, "r+");
     if (pfile == NULL) {
-       com_err(me, errno, "Failed to open file %s", file_name);
-       goto cleanup;
+        com_err(me, errno, "Failed to open file %s", file_name);
+        goto cleanup;
     }
     set_cloexec_file(pfile);
 
     while (fgets(line, MAX_LEN, pfile) != NULL) {
-       if ((str = strstr(line, service_object)) != NULL) {
-           if (line[strlen(service_object)] == '#') {
-               break;
-           }
-           str = NULL;
-       }
+        if ((str = strstr(line, service_object)) != NULL) {
+            if (line[strlen(service_object)] == '#') {
+                break;
+            }
+            str = NULL;
+        }
     }
     if (str == NULL) {
-       if (feof(pfile)) {
-           /* If the service object dn is not present in the service password file */
-           if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) {
-               com_err(me, errno, "Failed to write service object password to file");
-               goto cleanup;
-           }
-       } else {
-           com_err(me, errno, "Error reading service object password file");
-           goto cleanup;
-       }
-       fclose(pfile);
-       pfile = NULL;
+        if (feof(pfile)) {
+            /* If the service object dn is not present in the service password file */
+            if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) {
+                com_err(me, errno, "Failed to write service object password to file");
+                goto cleanup;
+            }
+        } else {
+            com_err(me, errno, "Error reading service object password file");
+            goto cleanup;
+        }
+        fclose(pfile);
+        pfile = NULL;
     } else {
-       /* Password entry for the service object is already present in the file */
-       /* Delete the existing entry and add the new entry */
-       FILE *newfile = NULL;
-       mode_t omask;
-
-       /* Create a new file with the extension .tmp */
-       if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) {
-           com_err(me, ENOMEM, "while setting service object password");
-           goto cleanup;
-       }
-
-       omask = umask(077);
-       newfile = fopen(tmp_file, "w+");
-       umask(omask);
-       if (newfile == NULL) {
-           com_err(me, errno, "Error creating file %s", tmp_file);
-           goto cleanup;
-       }
-       set_cloexec_file(newfile);
-
-       fseek(pfile, 0, SEEK_SET);
-       while (fgets(line, MAX_LEN, pfile) != NULL) {
-           if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) {
-               if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) {
-                   com_err(me, errno, "Failed to write service object password to file");
-                   fclose(newfile);
-                   unlink(tmp_file);
-                   goto cleanup;
-               }
-           } else {
-               if (fprintf(newfile, "%s", line) < 0) {
-                   com_err(me, errno, "Failed to write service object password to file");
-                   fclose(newfile);
-                   unlink(tmp_file);
-                   goto cleanup;
-               }
-           }
-       }
-
-       if (!feof(pfile)) {
-           com_err(me, errno, "Error reading service object password file");
-           fclose(newfile);
-           unlink(tmp_file);
-           goto cleanup;
-       }
-
-       /* TODO: file lock for the service password file */
-       fclose(pfile);
-       pfile = NULL;
-
-       fclose(newfile);
-       newfile = NULL;
-
-       if (unlink(file_name) == 0) {
-           link(tmp_file, file_name);
-       } else {
-           com_err(me, errno, "Failed to write service object password to file");
-           unlink(tmp_file);
-           goto cleanup;
-       }
-       unlink(tmp_file);
+        /* Password entry for the service object is already present in the file */
+        /* Delete the existing entry and add the new entry */
+        FILE *newfile = NULL;
+        mode_t omask;
+
+        /* Create a new file with the extension .tmp */
+        if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
+
+        omask = umask(077);
+        newfile = fopen(tmp_file, "w+");
+        umask(omask);
+        if (newfile == NULL) {
+            com_err(me, errno, "Error creating file %s", tmp_file);
+            goto cleanup;
+        }
+        set_cloexec_file(newfile);
+
+        fseek(pfile, 0, SEEK_SET);
+        while (fgets(line, MAX_LEN, pfile) != NULL) {
+            if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) {
+                if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) {
+                    com_err(me, errno, "Failed to write service object password to file");
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    goto cleanup;
+                }
+            } else {
+                if (fprintf(newfile, "%s", line) < 0) {
+                    com_err(me, errno, "Failed to write service object password to file");
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    goto cleanup;
+                }
+            }
+        }
+
+        if (!feof(pfile)) {
+            com_err(me, errno, "Error reading service object password file");
+            fclose(newfile);
+            unlink(tmp_file);
+            goto cleanup;
+        }
+
+        /* TODO: file lock for the service password file */
+        fclose(pfile);
+        pfile = NULL;
+
+        fclose(newfile);
+        newfile = NULL;
+
+        if (unlink(file_name) == 0) {
+            link(tmp_file, file_name);
+        } else {
+            com_err(me, errno, "Failed to write service object password to file");
+            unlink(tmp_file);
+            goto cleanup;
+        }
+        unlink(tmp_file);
     }
     errcode = 0;
 
 cleanup:
     if (db_init_local)
-       krb5_ldap_close(util_context);
+        krb5_ldap_close(util_context);
 
     if (service_object)
-       free(service_object);
+        free(service_object);
 
     if (file_name)
-       free(file_name);
+        free(file_name);
 
     if (passwd)
-       free(passwd);
+        free(passwd);
 
     if (encrypted_passwd.value) {
-       memset(encrypted_passwd.value, 0, encrypted_passwd.len);
-       free(encrypted_passwd.value);
+        memset(encrypted_passwd.value, 0, encrypted_passwd.len);
+        free(encrypted_passwd.value);
     }
 
     if (pfile)
-       fclose(pfile);
+        fclose(pfile);
 
     if (tmp_file)
-       free(tmp_file);
+        free(tmp_file);
 
     if (print_usage)
-       db_usage(SET_SRV_PW);
+        db_usage(SET_SRV_PW);
 
     return errcode;
 }
@@ -1897,9 +1886,7 @@ cleanup:
  * little more secure than storing plain password in the file ...
  */
 void
-kdb5_ldap_stash_service_password(argc, argv)
-    int argc;
-    char **argv;
+kdb5_ldap_stash_service_password(int argc, char **argv)
 {
     int ret = 0;
     unsigned int passwd_len = 0;
@@ -1922,109 +1909,109 @@ kdb5_ldap_stash_service_password(argc, argv)
      *   'filename' is the path of the stash file
      */
     if (argc != 2 && argc != 4) {
-       print_usage = TRUE;
-       goto cleanup;
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     if (argc == 4) {
-       /* Find the stash file name */
-       if (strcmp (argv[1], "-f") == 0) {
-           if (((file_name = strdup (argv[2])) == NULL) ||
-               ((service_object = strdup (argv[3])) == NULL)) {
-               com_err(me, ENOMEM, "while setting service object password");
-               goto cleanup;
-           }
-       } else if (strcmp (argv[2], "-f") == 0) {
-           if (((file_name = strdup (argv[3])) == NULL) ||
-               ((service_object = strdup (argv[1])) == NULL)) {
-               com_err(me, ENOMEM, "while setting service object password");
-               goto cleanup;
-           }
-       } else {
-           print_usage = TRUE;
-           goto cleanup;
-       }
-       if (file_name == NULL) {
-           com_err(me, ENOMEM, "while setting service object password");
-           goto cleanup;
-       }
+        /* Find the stash file name */
+        if (strcmp (argv[1], "-f") == 0) {
+            if (((file_name = strdup (argv[2])) == NULL) ||
+                ((service_object = strdup (argv[3])) == NULL)) {
+                com_err(me, ENOMEM, "while setting service object password");
+                goto cleanup;
+            }
+        } else if (strcmp (argv[2], "-f") == 0) {
+            if (((file_name = strdup (argv[3])) == NULL) ||
+                ((service_object = strdup (argv[1])) == NULL)) {
+                com_err(me, ENOMEM, "while setting service object password");
+                goto cleanup;
+            }
+        } else {
+            print_usage = TRUE;
+            goto cleanup;
+        }
+        if (file_name == NULL) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
     } else { /* argc == 2 */
-       char *section;
-
-       service_object = strdup (argv[1]);
-       if (service_object == NULL) {
-           com_err(me, ENOMEM, "while setting service object password");
-           goto cleanup;
-       }
-
-       /* Pick up the stash-file name from krb5.conf */
-       profile_get_string(util_context->profile, KDB_REALM_SECTION,
-                          util_context->default_realm, KDB_MODULE_POINTER, NULL, &section);
-
-       if (section == NULL) {
-           profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
-                              KDB_MODULE_POINTER, NULL, NULL, &section);
-           if (section == NULL) {
-               /* Stash file path neither in krb5.conf nor on command line */
-               file_name = strdup(DEF_SERVICE_PASSWD_FILE);
-               if (file_name == NULL) {
-                   com_err(me, ENOMEM, "while setting service object password");
-                   goto cleanup;
-               }
-               goto done;
-           }
-       }
-
-       profile_get_string (util_context->profile, KDB_MODULE_SECTION, section,
-                           "ldap_service_password_file", NULL, &file_name);
+        char *section;
+
+        service_object = strdup (argv[1]);
+        if (service_object == NULL) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
+
+        /* Pick up the stash-file name from krb5.conf */
+        profile_get_string(util_context->profile, KDB_REALM_SECTION,
+                           util_context->default_realm, KDB_MODULE_POINTER, NULL, &section);
+
+        if (section == NULL) {
+            profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
+                               KDB_MODULE_POINTER, NULL, NULL, &section);
+            if (section == NULL) {
+                /* Stash file path neither in krb5.conf nor on command line */
+                file_name = strdup(DEF_SERVICE_PASSWD_FILE);
+                if (file_name == NULL) {
+                    com_err(me, ENOMEM, "while setting service object password");
+                    goto cleanup;
+                }
+                goto done;
+            }
+        }
+
+        profile_get_string (util_context->profile, KDB_MODULE_SECTION, section,
+                            "ldap_service_password_file", NULL, &file_name);
     }
 done:
 
     /* Get password from user */
     {
-       char prompt1[256], prompt2[256];
-
-       /* Get the service object password from the terminal */
-       memset(passwd, 0, sizeof (passwd));
-       passwd_len = sizeof (passwd);
-
-       /* size of prompt = strlen of servicedn + strlen("Password for \" \"") */
-       assert (sizeof (prompt1) > (strlen (service_object)
-                                   + sizeof ("Password for \" \"")));
-       snprintf(prompt1, sizeof(prompt1), "Password for \"%s\"", service_object);
-
-       /* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */
-       assert (sizeof (prompt2) > (strlen (service_object)
-                                   + sizeof ("Re-enter Password for \" \"")));
-       snprintf(prompt2, sizeof(prompt2), "Re-enter password for \"%s\"", service_object);
-
-       ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
-       if (ret != 0) {
-           com_err(me, ret, "while setting service object password");
-           memset(passwd, 0, sizeof (passwd));
-           goto cleanup;
-       }
+        char prompt1[256], prompt2[256];
+
+        /* Get the service object password from the terminal */
+        memset(passwd, 0, sizeof (passwd));
+        passwd_len = sizeof (passwd);
+
+        /* size of prompt = strlen of servicedn + strlen("Password for \" \"") */
+        assert (sizeof (prompt1) > (strlen (service_object)
+                                    + sizeof ("Password for \" \"")));
+        snprintf(prompt1, sizeof(prompt1), "Password for \"%s\"", service_object);
+
+        /* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */
+        assert (sizeof (prompt2) > (strlen (service_object)
+                                    + sizeof ("Re-enter Password for \" \"")));
+        snprintf(prompt2, sizeof(prompt2), "Re-enter password for \"%s\"", service_object);
+
+        ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
+        if (ret != 0) {
+            com_err(me, ret, "while setting service object password");
+            memset(passwd, 0, sizeof (passwd));
+            goto cleanup;
+        }
 
-       if (passwd_len == 0) {
-           printf("%s: Invalid password\n", me);
-           memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
-           goto cleanup;
-       }
+        if (passwd_len == 0) {
+            printf("%s: Invalid password\n", me);
+            memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+            goto cleanup;
+        }
     }
 
     /* Convert the password to hexadecimal */
     {
-       krb5_data pwd;
+        krb5_data pwd;
 
-       pwd.length = passwd_len;
-       pwd.data = passwd;
+        pwd.length = passwd_len;
+        pwd.data = passwd;
 
-       ret = tohex(pwd, &hexpasswd);
-       if (ret != 0) {
-           com_err(me, ret, "Failed to convert the password to hexadecimal");
-           memset(passwd, 0, passwd_len);
-           goto cleanup;
-       }
+        ret = tohex(pwd, &hexpasswd);
+        if (ret != 0) {
+            com_err(me, ret, "Failed to convert the password to hexadecimal");
+            memset(passwd, 0, passwd_len);
+            goto cleanup;
+        }
     }
     memset(passwd, 0, passwd_len);
 
@@ -2034,129 +2021,129 @@ done:
     old_mode = umask(0177);
     pfile = fopen(file_name, "a+");
     if (pfile == NULL) {
-       com_err(me, errno, "Failed to open file %s: %s", file_name,
-               strerror (errno));
-       goto cleanup;
+        com_err(me, errno, "Failed to open file %s: %s", file_name,
+                strerror (errno));
+        goto cleanup;
     }
     set_cloexec_file(pfile);
     rewind (pfile);
     umask(old_mode);
 
     while (fgets (line, MAX_LEN, pfile) != NULL) {
-       if ((str = strstr (line, service_object)) != NULL) {
-           /* White spaces not allowed */
-           if (line [strlen (service_object)] == '#')
-               break;
-           str = NULL;
-       }
+        if ((str = strstr (line, service_object)) != NULL) {
+            /* White spaces not allowed */
+            if (line [strlen (service_object)] == '#')
+                break;
+            str = NULL;
+        }
     }
 
     if (str == NULL) {
-       if (feof(pfile)) {
-           /* If the service object dn is not present in the service password file */
-           if (fprintf(pfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
-               com_err(me, errno, "Failed to write service object password to file");
-               fclose(pfile);
-               goto cleanup;
-           }
-       } else {
-           com_err(me, errno, "Error reading service object password file");
-           fclose(pfile);
-           goto cleanup;
-       }
-       fclose(pfile);
+        if (feof(pfile)) {
+            /* If the service object dn is not present in the service password file */
+            if (fprintf(pfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
+                com_err(me, errno, "Failed to write service object password to file");
+                fclose(pfile);
+                goto cleanup;
+            }
+        } else {
+            com_err(me, errno, "Error reading service object password file");
+            fclose(pfile);
+            goto cleanup;
+        }
+        fclose(pfile);
     } else {
-       /*
-        * Password entry for the service object is already present in the file
-        * Delete the existing entry and add the new entry
-        */
-       FILE *newfile;
-
-       mode_t omask;
-
-       /* Create a new file with the extension .tmp */
-       if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) {
-           com_err(me, ENOMEM, "while setting service object password");
-           fclose(pfile);
-           goto cleanup;
-       }
-
-       omask = umask(077);
-       newfile = fopen(tmp_file, "w");
-       umask (omask);
-       if (newfile == NULL) {
-           com_err(me, errno, "Error creating file %s", tmp_file);
-           fclose(pfile);
-           goto cleanup;
-       }
-       set_cloexec_file(newfile);
-
-       fseek(pfile, 0, SEEK_SET);
-       while (fgets(line, MAX_LEN, pfile) != NULL) {
-           if (((str = strstr(line, service_object)) != NULL) &&
-               (line[strlen(service_object)] == '#')) {
-               if (fprintf(newfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
-                   com_err(me, errno, "Failed to write service object password to file");
-                   fclose(newfile);
-                   unlink(tmp_file);
-                   fclose(pfile);
-                   goto cleanup;
-               }
-           } else {
-               if (fprintf (newfile, "%s", line) < 0) {
-                   com_err(me, errno, "Failed to write service object password to file");
-                   fclose(newfile);
-                   unlink(tmp_file);
-                   fclose(pfile);
-                   goto cleanup;
-               }
-           }
-       }
-
-       if (!feof(pfile)) {
-           com_err(me, errno, "Error reading service object password file");
-           fclose(newfile);
-           unlink(tmp_file);
-           fclose(pfile);
-           goto cleanup;
-       }
-
-       /* TODO: file lock for the service passowrd file */
-
-       fclose(pfile);
-       fclose(newfile);
-
-       ret = rename(tmp_file, file_name);
-       if (ret != 0) {
-           com_err(me, errno, "Failed to write service object password to "
-                   "file");
-           goto cleanup;
-       }
+        /*
+         * Password entry for the service object is already present in the file
+         * Delete the existing entry and add the new entry
+         */
+        FILE *newfile;
+
+        mode_t omask;
+
+        /* Create a new file with the extension .tmp */
+        if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            fclose(pfile);
+            goto cleanup;
+        }
+
+        omask = umask(077);
+        newfile = fopen(tmp_file, "w");
+        umask (omask);
+        if (newfile == NULL) {
+            com_err(me, errno, "Error creating file %s", tmp_file);
+            fclose(pfile);
+            goto cleanup;
+        }
+        set_cloexec_file(newfile);
+
+        fseek(pfile, 0, SEEK_SET);
+        while (fgets(line, MAX_LEN, pfile) != NULL) {
+            if (((str = strstr(line, service_object)) != NULL) &&
+                (line[strlen(service_object)] == '#')) {
+                if (fprintf(newfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
+                    com_err(me, errno, "Failed to write service object password to file");
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    fclose(pfile);
+                    goto cleanup;
+                }
+            } else {
+                if (fprintf (newfile, "%s", line) < 0) {
+                    com_err(me, errno, "Failed to write service object password to file");
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    fclose(pfile);
+                    goto cleanup;
+                }
+            }
+        }
+
+        if (!feof(pfile)) {
+            com_err(me, errno, "Error reading service object password file");
+            fclose(newfile);
+            unlink(tmp_file);
+            fclose(pfile);
+            goto cleanup;
+        }
+
+        /* TODO: file lock for the service passowrd file */
+
+        fclose(pfile);
+        fclose(newfile);
+
+        ret = rename(tmp_file, file_name);
+        if (ret != 0) {
+            com_err(me, errno, "Failed to write service object password to "
+                    "file");
+            goto cleanup;
+        }
     }
     ret = 0;
 
 cleanup:
 
     if (hexpasswd.length != 0) {
-       memset(hexpasswd.data, 0, hexpasswd.length);
-       free(hexpasswd.data);
+        memset(hexpasswd.data, 0, hexpasswd.length);
+        free(hexpasswd.data);
     }
 
     if (service_object)
-       free(service_object);
+        free(service_object);
 
     if (file_name)
-       free(file_name);
+        free(file_name);
 
     if (tmp_file)
-       free(tmp_file);
+        free(tmp_file);
 
     if (print_usage)
-       usage();
-/*     db_usage(STASH_SRV_PW); */
+        usage();
+/*      db_usage(STASH_SRV_PW); */
 
     if (ret)
-       exit_status++;
+        exit_status++;
 }
 
 #endif /* #ifdef HAVE_EDIRECTORY */
index 0322558cc7ada95ecc088db2a726c2e5d25c13a7..a2816d8642e7c410a8ad3eb2be4e1061be54c42d 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_services.h
  */
 
 #include "ldap_misc.h"
 
-#define MAX_DN_CHARS           256
-#define HOST_INFO_DELIMITER    '#'
-#define PROTOCOL_STR_LEN       3
-#define PROTOCOL_NUM_UDP       0
-#define PROTOCOL_NUM_TCP       1
-#define PROTOCOL_DEFAULT_KDC   PROTOCOL_NUM_UDP
-#define PROTOCOL_DEFAULT_ADM   PROTOCOL_NUM_TCP
-#define PROTOCOL_DEFAULT_PWD   PROTOCOL_NUM_UDP
-#define PORT_STR_LEN           5
-#define PORT_DEFAULT_KDC       88
-#define PORT_DEFAULT_ADM       749
-#define PORT_DEFAULT_PWD       464
+#define MAX_DN_CHARS            256
+#define HOST_INFO_DELIMITER     '#'
+#define PROTOCOL_STR_LEN        3
+#define PROTOCOL_NUM_UDP        0
+#define PROTOCOL_NUM_TCP        1
+#define PROTOCOL_DEFAULT_KDC    PROTOCOL_NUM_UDP
+#define PROTOCOL_DEFAULT_ADM    PROTOCOL_NUM_TCP
+#define PROTOCOL_DEFAULT_PWD    PROTOCOL_NUM_UDP
+#define PORT_STR_LEN            5
+#define PORT_DEFAULT_KDC        88
+#define PORT_DEFAULT_ADM        749
+#define PORT_DEFAULT_PWD        464
 
-#define MAX_LEN                1024
-#define MAX_SERVICE_PASSWD_LEN         256
-#define RANDOM_PASSWD_LEN      128
+#define MAX_LEN                 1024
+#define MAX_SERVICE_PASSWD_LEN  256
+#define RANDOM_PASSWD_LEN       128
 
 #define DEF_SERVICE_PASSWD_FILE "/usr/local/var/service_passwd"
 
@@ -58,8 +59,8 @@ struct data{
 extern int enc_password(struct data pwd, struct data *enc_key, struct data *enc_pass);
 extern int tohex(krb5_data, krb5_data *);
 
-extern void kdb5_ldap_create_service (int argc, char **argv);
-extern void kdb5_ldap_modify_service (int argc, char **argv);
+extern void kdb5_ldap_create_service(int argc, char **argv);
+extern void kdb5_ldap_modify_service(int argc, char **argv);
 extern void kdb5_ldap_destroy_service(int argc, char **argv);
 extern void kdb5_ldap_list_services(int argc, char **argv);
 extern void kdb5_ldap_view_service(int argc, char **argv);
index 0c9929562a3c2314ea95af29c6f6f243108168e0..9357cc4115b23957f0336a67140e7a55efabfe74 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_util.c
  *
@@ -104,95 +105,98 @@ krb5_boolean manual_mkey = FALSE;
  * This function prints the usage of kdb5_ldap_util, which is
  * the LDAP configuration utility.
  */
-void usage(void)
+void
+usage(void)
 {
     fprintf(stderr, "Usage: "
-"kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
-"\tcmd [cmd_options]\n"
+            "kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
+            "\tcmd [cmd_options]\n"
 
 /* Create realm */
-"create          [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
+            "create          [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
 #ifdef HAVE_EDIRECTORY
-"\t\t[-kdcdn kdc_service_list] [-admindn admin_service_list]\n"
-"\t\t[-pwddn passwd_service_list]\n"
+            "\t\t[-kdcdn kdc_service_list] [-admindn admin_service_list]\n"
+            "\t\t[-pwddn passwd_service_list]\n"
 #endif
-"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
-"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
-"\t\t[ticket_flags] [-r realm]\n"
+            "\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
+            "\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
+            "\t\t[ticket_flags] [-r realm]\n"
 
 /* modify realm */
-"modify          [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
+            "modify          [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
 #ifdef HAVE_EDIRECTORY
-"\t\t[-kdcdn kdc_service_list |\n"
-"\t\t[-clearkdcdn kdc_service_list] [-addkdcdn kdc_service_list]]\n"
-"\t\t[-admindn admin_service_list | [-clearadmindn admin_service_list]\n"
-"\t\t[-addadmindn admin_service_list]] [-pwddn passwd_service_list |\n"
-"\t\t[-clearpwddn passwd_service_list] [-addpwddn passwd_service_list]]\n"
+            "\t\t[-kdcdn kdc_service_list |\n"
+            "\t\t[-clearkdcdn kdc_service_list] [-addkdcdn kdc_service_list]]\n"
+            "\t\t[-admindn admin_service_list | [-clearadmindn admin_service_list]\n"
+            "\t\t[-addadmindn admin_service_list]] [-pwddn passwd_service_list |\n"
+            "\t\t[-clearpwddn passwd_service_list] [-addpwddn passwd_service_list]]\n"
 #endif
-"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
-"\t\t[ticket_flags] [-r realm]\n"
+            "\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
+            "\t\t[ticket_flags] [-r realm]\n"
 /* View realm */
-"view            [-r realm]\n"
+            "view            [-r realm]\n"
 
 /* Destroy realm */
-"destroy               [-f] [-r realm]\n"
+            "destroy                [-f] [-r realm]\n"
 
 /* List realms */
-"list\n"
+            "list\n"
 
 #ifdef HAVE_EDIRECTORY
 /* Create Service */
-"create_service  {-kdc|-admin|-pwd} [-servicehost service_host_list]\n"
-"\t\t[-realm realm_list] \n"
-"\t\t[-randpw|-fileonly] [-f filename] service_dn\n"
+            "create_service  {-kdc|-admin|-pwd} [-servicehost service_host_list]\n"
+            "\t\t[-realm realm_list] \n"
+            "\t\t[-randpw|-fileonly] [-f filename] service_dn\n"
 
 /* Modify service */
-"modify_service  [-servicehost service_host_list |\n"
-"\t\t[-clearservicehost service_host_list]\n"
-"\t\t[-addservicehost service_host_list]]\n"
-"\t\t[-realm realm_list | [-clearrealm realm_list]\n"
-"\t\t[-addrealm realm_list]] service_dn\n"
+            "modify_service  [-servicehost service_host_list |\n"
+            "\t\t[-clearservicehost service_host_list]\n"
+            "\t\t[-addservicehost service_host_list]]\n"
+            "\t\t[-realm realm_list | [-clearrealm realm_list]\n"
+            "\t\t[-addrealm realm_list]] service_dn\n"
 
 /* View Service */
-"view_service    service_dn\n"
+            "view_service    service_dn\n"
 
 /* Destroy Service */
-"destroy_service [-force] [-f stashfilename] service_dn\n"
+            "destroy_service [-force] [-f stashfilename] service_dn\n"
 
 /* List services */
-"list_service    [-basedn base_dn]\n"
+            "list_service    [-basedn base_dn]\n"
 
 /* Set Service password */
-"setsrvpw        [-randpw|-fileonly] [-f filename] service_dn\n"
+            "setsrvpw        [-randpw|-fileonly] [-f filename] service_dn\n"
 
 #else
 
 /* Stash the service password */
-"stashsrvpw      [-f filename] service_dn\n"
+            "stashsrvpw      [-f filename] service_dn\n"
 
 #endif
 
 /* Create policy */
-"create_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
-"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+            "create_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
+            "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
 
 /* Modify policy */
-"modify_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
-"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+            "modify_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
+            "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
 
 /* View policy */
-"view_policy     [-r realm] policy\n"
+            "view_policy     [-r realm] policy\n"
 
 /* Destroy policy */
-"destroy_policy  [-r realm] [-force] policy\n"
+            "destroy_policy  [-r realm] [-force] policy\n"
 
 /* List policies */
-"list_policy     [-r realm]\n"
+            "list_policy     [-r realm]\n"
 
-       );
+    );
 }
 
-void db_usage (int type) {
+void
+db_usage(int type)
+{
     /*
      * This should print usage of 'type' command. For now, we will print usage
      * of all commands.
@@ -242,8 +246,8 @@ static struct _cmd_table *cmd_lookup(name)
     int i;
 
     for (i = 0; cmd_table[i].name != NULL; i++)
-       if (strcmp(cmd_table[i].name, name) == 0)
-           return &cmd_table[i];
+        if (strcmp(cmd_table[i].name, name) == 0)
+            return &cmd_table[i];
 
     return NULL;
 }
@@ -254,23 +258,24 @@ static struct _cmd_table *cmd_lookup(name)
  * in the command table, which can be used to get the corresponding
  * help from the help message table.
  */
-int cmd_index(name)
-    char *name;
+int
+cmd_index(char *name)
 {
     int i;
 
     if (name == NULL)
-       return -1;
+        return -1;
 
     for (i = 0; cmd_table[i].name != NULL; i++)
-       if (strcmp(cmd_table[i].name, name) == 0)
-           return i;
+        if (strcmp(cmd_table[i].name, name) == 0)
+            return i;
 
     return -1;
 }
 
-static void extended_com_err_fn (const char *myprog, errcode_t code,
-                                const char *fmt, va_list args)
+static void
+extended_com_err_fn(const char *myprog, errcode_t code, const char *fmt,
+                    va_list args)
 {
     const char *emsg;
     emsg = krb5_get_error_message (util_context, code);
@@ -280,9 +285,8 @@ static void extended_com_err_fn (const char *myprog, errcode_t code,
     fprintf (stderr, "\n");
 }
 
-int main(argc, argv)
-    int argc;
-    char *argv[];
+int
+main(int argc, char *argv[])
 {
     struct _cmd_table *cmd = NULL;
     char *koptarg = NULL, **cmd_argv = NULL;
@@ -310,16 +314,16 @@ int main(argc, argv)
     retval = krb5_init_context(&util_context);
     set_com_err_hook(extended_com_err_fn);
     if (retval) {
-       com_err (progname, retval, "while initializing Kerberos code");
-       exit_status++;
-       goto cleanup;
+        com_err (progname, retval, "while initializing Kerberos code");
+        exit_status++;
+        goto cleanup;
     }
 
     cmd_argv = (char **) malloc(sizeof(char *)*argc);
     if (cmd_argv == NULL) {
-       com_err(progname, ENOMEM, "while creating sub-command arguments");
-       exit_status++;
-       goto cleanup;
+        com_err(progname, ENOMEM, "while creating sub-command arguments");
+        exit_status++;
+        goto cleanup;
     }
     memset(cmd_argv, 0, sizeof(char *)*argc);
     cmd_argc = 1;
@@ -328,101 +332,101 @@ int main(argc, argv)
 
     argv++; argc--;
     while (*argv) {
-       if (strcmp(*argv, "--help") == 0) {
-           print_help_message = TRUE;
-       }
-       if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
-           mkey_password = koptarg;
-           manual_mkey = TRUE;
-       } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
-           global_params.realm = koptarg;
-           global_params.mask |= KADM5_CONFIG_REALM;
-           /* not sure this is really necessary */
-           if ((retval = krb5_set_default_realm(util_context,
-                                                global_params.realm))) {
-               com_err(progname, retval, "while setting default realm name");
-               exit_status++;
-               goto cleanup;
-           }
-       } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
-           if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
-               com_err(progname, EINVAL, ": %s is an invalid enctype", koptarg);
-               exit_status++;
-               goto cleanup;
+        if (strcmp(*argv, "--help") == 0) {
+            print_help_message = TRUE;
+        }
+        if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
+            mkey_password = koptarg;
+            manual_mkey = TRUE;
+        } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
+            global_params.realm = koptarg;
+            global_params.mask |= KADM5_CONFIG_REALM;
+            /* not sure this is really necessary */
+            if ((retval = krb5_set_default_realm(util_context,
+                                                 global_params.realm))) {
+                com_err(progname, retval, "while setting default realm name");
+                exit_status++;
+                goto cleanup;
+            }
+        } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
+            if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
+                com_err(progname, EINVAL, ": %s is an invalid enctype", koptarg);
+                exit_status++;
+                goto cleanup;
             } else
-               global_params.mask |= KADM5_CONFIG_ENCTYPE;
-       } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) {
-           global_params.kvno = (krb5_kvno) atoi(koptarg);
+                global_params.mask |= KADM5_CONFIG_ENCTYPE;
+        } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) {
+            global_params.kvno = (krb5_kvno) atoi(koptarg);
             if (global_params.kvno == IGNORE_VNO) {
                 com_err(progname, EINVAL, ": %s is an invalid mkeyVNO", koptarg);
-               exit_status++;
-               goto cleanup;
+                exit_status++;
+                goto cleanup;
             } else
                 global_params.mask |= KADM5_CONFIG_KVNO;
-       } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
-           global_params.mkey_name = koptarg;
-           global_params.mask |= KADM5_CONFIG_MKEY_NAME;
-       } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
-           global_params.stash_file = koptarg;
-           global_params.mask |= KADM5_CONFIG_STASH_FILE;
-       } else if (strcmp(*argv, "-m") == 0) {
-           manual_mkey = TRUE;
-           global_params.mkey_from_kbd = 1;
-           global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
-       } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
-           bind_dn = koptarg;
-           if (bind_dn == NULL) {
-               com_err(progname, ENOMEM, "while reading ldap parameters");
-               exit_status++;
-               goto cleanup;
-           }
-           ldapmask |= CMD_LDAP_D;
-       } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
-           passwd = strdup(koptarg);
-           if (passwd == NULL) {
-               com_err(progname, ENOMEM, "while reading ldap parameters");
-               exit_status++;
-               goto cleanup;
-           }
-           ldapmask |= CMD_LDAP_W;
-       } else if (strcmp(*argv, "-H") == 0 && ARG_VAL) {
-           ldap_server = koptarg;
-           if (ldap_server == NULL) {
-               com_err(progname, ENOMEM, "while reading ldap parameters");
-               exit_status++;
-               goto cleanup;
-           }
-           ldapmask |= CMD_LDAP_H;
-       } else if (cmd_lookup(*argv) != NULL) {
-           if (cmd_argv[0] == NULL)
-               cmd_argv[0] = *argv;
-           else {
-               free(cmd_argv);
-               cmd_argv = NULL;
-               usage();
-               goto cleanup;
-           }
-       } else {
-           cmd_argv[cmd_argc++] = *argv;
-       }
-       argv++; argc--;
+        } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
+            global_params.mkey_name = koptarg;
+            global_params.mask |= KADM5_CONFIG_MKEY_NAME;
+        } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
+            global_params.stash_file = koptarg;
+            global_params.mask |= KADM5_CONFIG_STASH_FILE;
+        } else if (strcmp(*argv, "-m") == 0) {
+            manual_mkey = TRUE;
+            global_params.mkey_from_kbd = 1;
+            global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+        } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
+            bind_dn = koptarg;
+            if (bind_dn == NULL) {
+                com_err(progname, ENOMEM, "while reading ldap parameters");
+                exit_status++;
+                goto cleanup;
+            }
+            ldapmask |= CMD_LDAP_D;
+        } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
+            passwd = strdup(koptarg);
+            if (passwd == NULL) {
+                com_err(progname, ENOMEM, "while reading ldap parameters");
+                exit_status++;
+                goto cleanup;
+            }
+            ldapmask |= CMD_LDAP_W;
+        } else if (strcmp(*argv, "-H") == 0 && ARG_VAL) {
+            ldap_server = koptarg;
+            if (ldap_server == NULL) {
+                com_err(progname, ENOMEM, "while reading ldap parameters");
+                exit_status++;
+                goto cleanup;
+            }
+            ldapmask |= CMD_LDAP_H;
+        } else if (cmd_lookup(*argv) != NULL) {
+            if (cmd_argv[0] == NULL)
+                cmd_argv[0] = *argv;
+            else {
+                free(cmd_argv);
+                cmd_argv = NULL;
+                usage();
+                goto cleanup;
+            }
+        } else {
+            cmd_argv[cmd_argc++] = *argv;
+        }
+        argv++; argc--;
     }
 
     if (cmd_argv[0] == NULL) {
-       free(cmd_argv);
-       cmd_argv = NULL;
-       usage();
-       goto cleanup;
+        free(cmd_argv);
+        cmd_argv = NULL;
+        usage();
+        goto cleanup;
     }
 
     /* if we need to print the help message (because of --help option)
      * we will print the help corresponding to the sub-command.
      */
     if (print_help_message) {
-       free(cmd_argv);
-       cmd_argv = NULL;
-       usage();
-       goto cleanup;
+        free(cmd_argv);
+        cmd_argv = NULL;
+        usage();
+        goto cleanup;
     }
 
     /* We need to check for the presence of default realm name only in
@@ -434,153 +438,153 @@ int main(argc, argv)
     }
 
     if (!util_context->default_realm) {
-       char *temp = NULL;
-       retval = krb5_get_default_realm(util_context, &temp);
-       if (retval) {
-           if (realm_name_required) {
-               com_err (progname, retval, "while getting default realm");
-               exit_status++;
-               goto cleanup;
-           }
-       } else
-           util_context->default_realm = temp;
+        char *temp = NULL;
+        retval = krb5_get_default_realm(util_context, &temp);
+        if (retval) {
+            if (realm_name_required) {
+                com_err (progname, retval, "while getting default realm");
+                exit_status++;
+                goto cleanup;
+            }
+        } else
+            util_context->default_realm = temp;
     }
     /* If we have the realm name, we can safely say that
      * realm_name is required so that we don't neglect any information.
      */
     else
-       realm_name_required = TRUE;
+        realm_name_required = TRUE;
 
     retval = profile_get_string(util_context->profile, KDB_REALM_SECTION,
-                               util_context->default_realm, KDB_MODULE_POINTER,
-                               NULL,
-                               &value);
+                                util_context->default_realm, KDB_MODULE_POINTER,
+                                NULL,
+                                &value);
 
     if (!(value)) {
-       retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
-                                   KDB_MODULE_POINTER, NULL,
-                                   NULL,
-                                   &value);
-       if (!(value)) {
-           if (util_context->default_realm)
-               conf_section = strdup(util_context->default_realm);
-       } else {
-           conf_section = strdup(value);
-           free(value);
-       }
+        retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
+                                    KDB_MODULE_POINTER, NULL,
+                                    NULL,
+                                    &value);
+        if (!(value)) {
+            if (util_context->default_realm)
+                conf_section = strdup(util_context->default_realm);
+        } else {
+            conf_section = strdup(value);
+            free(value);
+        }
     } else {
-       conf_section = strdup(value);
-       free(value);
+        conf_section = strdup(value);
+        free(value);
     }
 
     if (realm_name_required) {
-       retval = kadm5_get_config_params(util_context, 1,
-                                        &global_params, &global_params);
-       if (retval) {
-           com_err(progname, retval, "while retreiving configuration parameters");
-           exit_status++;
-           goto cleanup;
-       }
-       gp_is_static = 0;
+        retval = kadm5_get_config_params(util_context, 1,
+                                         &global_params, &global_params);
+        if (retval) {
+            com_err(progname, retval, "while retreiving configuration parameters");
+            exit_status++;
+            goto cleanup;
+        }
+        gp_is_static = 0;
     }
 
     if ((retval = krb5_ldap_lib_init()) != 0) {
-       com_err(progname, retval, "while initializing error handling");
-       exit_status++;
-       goto cleanup;
+        com_err(progname, retval, "while initializing error handling");
+        exit_status++;
+        goto cleanup;
     }
 
     /* Initialize the ldap context */
     ldap_context = calloc(sizeof(krb5_ldap_context), 1);
     if (ldap_context == NULL) {
-       com_err(progname, ENOMEM, "while initializing ldap handle");
-       exit_status++;
-       goto cleanup;
+        com_err(progname, ENOMEM, "while initializing ldap handle");
+        exit_status++;
+        goto cleanup;
     }
 
     ldap_context->kcontext = util_context;
 
     /* If LDAP parameters are specified, replace them with the values from config */
     if (ldapmask & CMD_LDAP_D) {
-       /* If password is not specified, prompt for it */
-       if (passwd == NULL) {
-           passwd = (char *)malloc(MAX_PASSWD_LEN);
-           if (passwd == NULL) {
-               com_err(progname, ENOMEM, "while retrieving ldap configuration");
-               exit_status++;
-               goto cleanup;
-           }
-           prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
-           if (prompt == NULL) {
-               free(passwd);
-               passwd = NULL;
-               com_err(progname, ENOMEM, "while retrieving ldap configuration");
-               exit_status++;
-               goto cleanup;
-           }
-           memset(passwd, 0, MAX_PASSWD_LEN);
-           passwd_len = MAX_PASSWD_LEN - 1;
-           snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn);
-
-           db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
-
-           if ((db_retval) || (passwd_len == 0)) {
-               com_err(progname, ENOMEM, "while retrieving ldap configuration");
-               free(passwd);
-               passwd = NULL;
-               exit_status++;
-               goto cleanup;
-           }
-       }
-
-       ldap_context->bind_pwd = passwd;
-       passwd = NULL;
+        /* If password is not specified, prompt for it */
+        if (passwd == NULL) {
+            passwd = (char *)malloc(MAX_PASSWD_LEN);
+            if (passwd == NULL) {
+                com_err(progname, ENOMEM, "while retrieving ldap configuration");
+                exit_status++;
+                goto cleanup;
+            }
+            prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
+            if (prompt == NULL) {
+                free(passwd);
+                passwd = NULL;
+                com_err(progname, ENOMEM, "while retrieving ldap configuration");
+                exit_status++;
+                goto cleanup;
+            }
+            memset(passwd, 0, MAX_PASSWD_LEN);
+            passwd_len = MAX_PASSWD_LEN - 1;
+            snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn);
+
+            db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
+
+            if ((db_retval) || (passwd_len == 0)) {
+                com_err(progname, ENOMEM, "while retrieving ldap configuration");
+                free(passwd);
+                passwd = NULL;
+                exit_status++;
+                goto cleanup;
+            }
+        }
+
+        ldap_context->bind_pwd = passwd;
+        passwd = NULL;
     }
 
     /* If ldaphost is specified, release entry filled by configuration & use this */
     if (ldapmask & CMD_LDAP_H) {
 
-       ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
-       if (ldap_context->server_info_list == NULL) {
-           com_err(progname, ENOMEM, "while initializing server list");
-           exit_status++;
-           goto cleanup;
-       }
-
-       ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
-       if (ldap_context->server_info_list[0] == NULL) {
-           com_err(progname, ENOMEM, "while initializing server list");
-           exit_status++;
-           goto cleanup;
-       }
-
-       ldap_context->server_info_list[0]->server_status = NOTSET;
-
-       ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
-       if (ldap_context->server_info_list[0]->server_name == NULL) {
-           com_err(progname, ENOMEM, "while initializing server list");
-           exit_status++;
-           goto cleanup;
-       }
+        ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
+        if (ldap_context->server_info_list == NULL) {
+            com_err(progname, ENOMEM, "while initializing server list");
+            exit_status++;
+            goto cleanup;
+        }
+
+        ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
+        if (ldap_context->server_info_list[0] == NULL) {
+            com_err(progname, ENOMEM, "while initializing server list");
+            exit_status++;
+            goto cleanup;
+        }
+
+        ldap_context->server_info_list[0]->server_status = NOTSET;
+
+        ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
+        if (ldap_context->server_info_list[0]->server_name == NULL) {
+            com_err(progname, ENOMEM, "while initializing server list");
+            exit_status++;
+            goto cleanup;
+        }
     }
     if (bind_dn) {
-       ldap_context->bind_dn = strdup(bind_dn);
-       if (ldap_context->bind_dn == NULL) {
-           com_err(progname, ENOMEM, "while retrieving ldap configuration");
-           exit_status++;
-           goto cleanup;
-       }
+        ldap_context->bind_dn = strdup(bind_dn);
+        if (ldap_context->bind_dn == NULL) {
+            com_err(progname, ENOMEM, "while retrieving ldap configuration");
+            exit_status++;
+            goto cleanup;
+        }
     } else
-       ldap_context->bind_dn = NULL;
+        ldap_context->bind_dn = NULL;
 
     ldap_context->service_type = SERVICE_DN_TYPE_CLIENT;
 
     if (realm_name_required) {
-       if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
-           (!krb5_c_valid_enctype(global_params.enctype))) {
-           com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
-                   "while setting up enctype %d", global_params.enctype);
-       }
+        if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
+            (!krb5_c_valid_enctype(global_params.enctype))) {
+            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
+                    "while setting up enctype %d", global_params.enctype);
+        }
     }
 
     cmd = cmd_lookup(cmd_argv[0]);
@@ -588,28 +592,28 @@ int main(argc, argv)
     /* Setup DAL handle to access the database */
     db_retval = krb5_db_setup_lib_handle(util_context);
     if (db_retval) {
-       com_err(progname, db_retval, "while setting up lib handle");
-       exit_status++;
-       goto cleanup;
+        com_err(progname, db_retval, "while setting up lib handle");
+        exit_status++;
+        goto cleanup;
     }
     util_context->dal_handle->db_context = ldap_context;
     ldap_context = NULL;
 
     db_retval = krb5_ldap_read_server_params(util_context, conf_section, KRB5_KDB_SRV_TYPE_OTHER);
     if (db_retval) {
-       com_err(progname, db_retval, "while reading ldap configuration");
-       exit_status++;
-       goto cleanup;
+        com_err(progname, db_retval, "while reading ldap configuration");
+        exit_status++;
+        goto cleanup;
     }
 
     if (cmd->opendb) {
-       db_retval = krb5_ldap_db_init(util_context, (krb5_ldap_context *)util_context->dal_handle->db_context);
-       if (db_retval) {
-           com_err(progname, db_retval, "while initializing database");
-           exit_status++;
-           goto cleanup;
-       }
-       db_inited = TRUE;
+        db_retval = krb5_ldap_db_init(util_context, (krb5_ldap_context *)util_context->dal_handle->db_context);
+        if (db_retval) {
+            com_err(progname, db_retval, "while initializing database");
+            exit_status++;
+            goto cleanup;
+        }
+        db_inited = TRUE;
     }
     (*cmd->func)(cmd_argc, cmd_argv);
 
@@ -617,31 +621,31 @@ int main(argc, argv)
 
 cleanup:
     if (passwd) {
-       memset(passwd, 0, strlen(passwd));
-       free(passwd);
+        memset(passwd, 0, strlen(passwd));
+        free(passwd);
     }
 
     if (ldap_context) {
-       krb5_ldap_free_server_context_params(ldap_context);
-       free(ldap_context);
+        krb5_ldap_free_server_context_params(ldap_context);
+        free(ldap_context);
     }
 
     if (util_context) {
-       if (gp_is_static == 0)
-           kadm5_free_config_params(util_context, &global_params);
-       krb5_ldap_close(util_context);
-       krb5_free_context(util_context);
+        if (gp_is_static == 0)
+            kadm5_free_config_params(util_context, &global_params);
+        krb5_ldap_close(util_context);
+        krb5_free_context(util_context);
     }
 
     if (cmd_argv)
-       free(cmd_argv);
+        free(cmd_argv);
     if (prompt)
-       free(prompt);
+        free(prompt);
     if (conf_section)
-       free(conf_section);
+        free(conf_section);
 
     if (usage_print) {
-       usage();
+        usage();
     }
 
     return exit_status;
index 8eb65af5d55d2b671aba04bd0b0a0303c5f13dc2..572236bd2234bf6c9ff8cc6764b074c560a98b29 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_util.h
  */
@@ -71,10 +72,10 @@ extern void db_usage(int);
 /* Following are the bitmaps that indicate which of the options among -D, -w, -h, -p & -t
  * were specified on the command line.
  */
-#define CMD_LDAP_D     0x1     /* set if -D option is specified */
-#define CMD_LDAP_W     0x2     /* set if -w option is specified */
-#define CMD_LDAP_H     0x4     /* set if -h option is specified */
-#define CMD_LDAP_P     0x8     /* set if -p option is specified */
+#define CMD_LDAP_D      0x1     /* set if -D option is specified */
+#define CMD_LDAP_W      0x2     /* set if -w option is specified */
+#define CMD_LDAP_H      0x4     /* set if -h option is specified */
+#define CMD_LDAP_P      0x8     /* set if -p option is specified */
 
 #define MAX_PASSWD_LEN          1024
 #define MAX_PASSWD_PROMPT_LEN   276     /* max_dn_size(=256) + strlen("Password for \" \"")=20 */
index 27f094f82e8faea31b659cf1f619169b2879de4c..d443f8d877c106e92a4f10b60cecaacb8c085e70 100644 (file)
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/ldap/kdb_ext.c
  *
index 8f7e3bdd3919401272414dd414ee05a020c7521c..1966aa970e5619bf6e93c90e13f59e0489c82ea1 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/kdb_ldap.c
  *
@@ -50,32 +51,32 @@ krb5_ldap_get_db_opt(char *input, char **opt, char **val)
 
     *val = NULL;
     if (pos == NULL) {
-       *opt = strdup(input);
-       if (*opt == NULL) {
-           return ENOMEM;
-       }
+        *opt = strdup(input);
+        if (*opt == NULL) {
+            return ENOMEM;
+        }
     } else {
-       int len = pos - input;
-       *opt = malloc((unsigned) len + 1);
-       if (!*opt) {
-           return ENOMEM;
-       }
-       memcpy(*opt, input, (unsigned) len);
-       /* ignore trailing blanks */
-       while (isblank((*opt)[len-1]))
-           --len;
-       (*opt)[len] = '\0';
-
-       pos += 1; /* move past '=' */
-       while (isblank(*pos))  /* ignore leading blanks */
-           pos += 1;
-       if (*pos != '\0') {
-           *val = strdup (pos);
-           if (!*val) {
-               free (*opt);
-               return ENOMEM;
-           }
-       }
+        int len = pos - input;
+        *opt = malloc((unsigned) len + 1);
+        if (!*opt) {
+            return ENOMEM;
+        }
+        memcpy(*opt, input, (unsigned) len);
+        /* ignore trailing blanks */
+        while (isblank((*opt)[len-1]))
+            --len;
+        (*opt)[len] = '\0';
+
+        pos += 1; /* move past '=' */
+        while (isblank(*pos))  /* ignore leading blanks */
+            pos += 1;
+        if (*pos != '\0') {
+            *val = strdup (pos);
+            if (!*val) {
+                free (*opt);
+                return ENOMEM;
+            }
+        }
     }
     return (0);
 
@@ -108,17 +109,17 @@ krb5_ldap_read_startup_information(krb5_context context)
 
     SETUP_CONTEXT();
     if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) {
-       prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
-       goto cleanup;
+        prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
+        goto cleanup;
     }
 
     if ((retval=krb5_ldap_read_realm_params(context, context->default_realm, &(ldap_context->lrparams), &mask))) {
-       prepend_err_str (context, "Unable to read Realm", retval, retval);
-       goto cleanup;
+        prepend_err_str (context, "Unable to read Realm", retval, retval);
+        goto cleanup;
     }
 
     if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0)
-                                                 || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) {
+        || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) {
         kadm5_config_params  params_in, params_out;
 
         memset(&params_in, 0, sizeof(params_in));
@@ -167,11 +168,8 @@ cleanup:
  * value assertion.
  */
 static int
-has_rootdse_ava(context, ldap_server, attribute, value)
-    krb5_context     context;
-    char             *ldap_server;
-    char             *attribute;
-    char             *value;
+has_rootdse_ava(krb5_context context, char *ldap_server, char *attribute,
+                char *value)
 {
     int               i=0, flag=0, ret=0, retval=0;
     char              *attrs[2], **values=NULL;
@@ -184,8 +182,8 @@ has_rootdse_ava(context, ldap_server, attribute, value)
 
     retval = ldap_initialize(&ld, ldap_server);
     if (retval != LDAP_SUCCESS) {
-       ret = 2; /* Don't know */
-       goto cleanup;
+        ret = 2; /* Don't know */
+        goto cleanup;
     }
 
     cred.bv_val = "";
@@ -194,50 +192,50 @@ has_rootdse_ava(context, ldap_server, attribute, value)
     /* Anonymous bind */
     retval = ldap_sasl_bind_s(ld, "", NULL, &cred, NULL, NULL, NULL);
     if (retval != LDAP_SUCCESS) {
-       ret = 2; /* Don't know */
-       goto cleanup;
+        ret = 2; /* Don't know */
+        goto cleanup;
     }
 
     retval = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, NULL, NULL, NULL, 0, &res);
     if (retval != LDAP_SUCCESS) {
-       ret = 2; /* Don't know */
-       goto cleanup;
+        ret = 2; /* Don't know */
+        goto cleanup;
     }
 
     msg = ldap_first_message(ld, res);
     if (msg == NULL) {
-       ret = 2; /* Don't know */
-       goto cleanup;
+        ret = 2; /* Don't know */
+        goto cleanup;
     }
 
     values = ldap_get_values(ld, msg, attribute);
     if (values == NULL) {
-       ret = 1; /* Not supported */
-       goto cleanup;
+        ret = 1; /* Not supported */
+        goto cleanup;
     }
 
     for (i = 0; values[i] != NULL; i++) {
-       if (strcmp(values[i], value) == 0) {
-           flag = 1;
-           break;
-       }
+        if (strcmp(values[i], value) == 0) {
+            flag = 1;
+            break;
+        }
     }
 
     if (flag != 1) {
-       ret = 1; /* Not supported */
-       goto cleanup;
+        ret = 1; /* Not supported */
+        goto cleanup;
     }
 
 cleanup:
 
     if (values != NULL)
-       ldap_value_free(values);
+        ldap_value_free(values);
 
     if (res != NULL)
-       ldap_msgfree(res);
+        ldap_msgfree(res);
 
     if (ld != NULL)
-       ldap_unbind_ext_s(ld, NULL, NULL);
+        ldap_unbind_ext_s(ld, NULL, NULL);
 
     return ret;
 }
@@ -252,23 +250,21 @@ cleanup:
  *   2 => don't know
  */
 int
-has_sasl_external_mech(context, ldap_server)
-    krb5_context     context;
-    char             *ldap_server;
+has_sasl_external_mech(krb5_context context, char *ldap_server)
 {
     int ret;
 
     ret = has_rootdse_ava(context, ldap_server,
-                         "supportedSASLMechanisms", "EXTERNAL");
+                          "supportedSASLMechanisms", "EXTERNAL");
     switch (ret) {
     case 1: /* not supported */
-       krb5_set_error_message(context, 1, "%s", ERR_MSG2);
-       break;
+        krb5_set_error_message(context, 1, "%s", ERR_MSG2);
+        break;
     case 2: /* don't know */
-       krb5_set_error_message(context, 1, "%s", ERR_MSG1);
-       break;
+        krb5_set_error_message(context, 1, "%s", ERR_MSG1);
+        break;
     default:
-       break;
+        break;
     }
 
     return ret;
@@ -280,24 +276,24 @@ has_modify_increment(context, ldap_server)
     char             *ldap_server;
 {
     return has_rootdse_ava(context, ldap_server,
-                          "supportedFeatures", "1.3.6.1.1.14");
+                           "supportedFeatures", "1.3.6.1.1.14");
 }
 
-void * krb5_ldap_alloc(krb5_context context, void *ptr, size_t size)
+void *
+krb5_ldap_alloc(krb5_context context, void *ptr, size_t size)
 {
     return realloc(ptr, size);
 }
 
-void krb5_ldap_free(krb5_context context, void *ptr)
-
+void
+krb5_ldap_free(krb5_context context, void *ptr)
 {
     free(ptr);
 }
 
-krb5_error_code krb5_ldap_open(krb5_context context,
-                              char *conf_section,
-                              char **db_args,
-                              int mode)
+krb5_error_code
+krb5_ldap_open(krb5_context context, char *conf_section, char **db_args,
+               int mode)
 {
     krb5_error_code status  = 0;
     char **t_ptr = db_args;
@@ -310,196 +306,196 @@ krb5_error_code krb5_ldap_open(krb5_context context,
 
     ldap_context = calloc(1, sizeof(krb5_ldap_context));
     if (ldap_context == NULL) {
-       status = ENOMEM;
-       goto clean_n_exit;
+        status = ENOMEM;
+        goto clean_n_exit;
     }
 
     ldap_context->kcontext = context;
 
     while (t_ptr && *t_ptr) {
-       char *opt = NULL, *val = NULL;
-
-       if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
-           goto clean_n_exit;
-       }
-       if (opt && !strcmp(opt, "binddn")) {
-           if (ldap_context->bind_dn) {
-               free (opt);
-               free (val);
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'binddn' missing");
-               goto clean_n_exit;
-           }
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'binddn' value missing");
-               free(opt);
-               goto clean_n_exit;
-           }
-           ldap_context->bind_dn = strdup(val);
-           if (ldap_context->bind_dn == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto clean_n_exit;
-           }
-       } else if (opt && !strcmp(opt, "nconns")) {
-           if (ldap_context->max_server_conns) {
-               free (opt);
-               free (val);
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'nconns' missing");
-               goto clean_n_exit;
-           }
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'nconns' value missing");
-               free(opt);
-               goto clean_n_exit;
-           }
-           ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
-       } else if (opt && !strcmp(opt, "bindpwd")) {
-           if (ldap_context->bind_pwd) {
-               free (opt);
-               free (val);
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'bindpwd' missing");
-               goto clean_n_exit;
-           }
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'bindpwd' value missing");
-               free(opt);
-               goto clean_n_exit;
-           }
-           ldap_context->bind_pwd = strdup(val);
-           if (ldap_context->bind_pwd == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto clean_n_exit;
-           }
-       } else if (opt && !strcmp(opt, "host")) {
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'host' value missing");
-               free(opt);
-               goto clean_n_exit;
-           }
-           if (ldap_context->server_info_list == NULL)
-               ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (SERV_COUNT+1, sizeof (krb5_ldap_server_info *)) ;
-
-           if (ldap_context->server_info_list == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto clean_n_exit;
-           }
-
-           ldap_context->server_info_list[srv_cnt] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
-           if (ldap_context->server_info_list[srv_cnt] == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto clean_n_exit;
-           }
-
-           ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
-
-           ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
-           if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto clean_n_exit;
-           }
-
-           srv_cnt++;
+        char *opt = NULL, *val = NULL;
+
+        if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
+            goto clean_n_exit;
+        }
+        if (opt && !strcmp(opt, "binddn")) {
+            if (ldap_context->bind_dn) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'binddn' missing");
+                goto clean_n_exit;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'binddn' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+            ldap_context->bind_dn = strdup(val);
+            if (ldap_context->bind_dn == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+        } else if (opt && !strcmp(opt, "nconns")) {
+            if (ldap_context->max_server_conns) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'nconns' missing");
+                goto clean_n_exit;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'nconns' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+            ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
+        } else if (opt && !strcmp(opt, "bindpwd")) {
+            if (ldap_context->bind_pwd) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'bindpwd' missing");
+                goto clean_n_exit;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'bindpwd' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+            ldap_context->bind_pwd = strdup(val);
+            if (ldap_context->bind_pwd == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+        } else if (opt && !strcmp(opt, "host")) {
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'host' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+            if (ldap_context->server_info_list == NULL)
+                ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (SERV_COUNT+1, sizeof (krb5_ldap_server_info *)) ;
+
+            if (ldap_context->server_info_list == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+
+            ldap_context->server_info_list[srv_cnt] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
+            if (ldap_context->server_info_list[srv_cnt] == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+
+            ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
+
+            ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
+            if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+
+            srv_cnt++;
 #ifdef HAVE_EDIRECTORY
-       } else if (opt && !strcmp(opt, "cert")) {
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'cert' value missing");
-               free(opt);
-               goto clean_n_exit;
-           }
-
-           if (ldap_context->root_certificate_file == NULL) {
-               ldap_context->root_certificate_file = strdup(val);
-               if (ldap_context->root_certificate_file == NULL) {
-                   free (opt);
-                   free (val);
-                   status = ENOMEM;
-                   goto clean_n_exit;
-               }
-           } else {
-               char *newstr;
-
-               if (asprintf(&newstr, "%s %s",
-                            ldap_context->root_certificate_file, val) < 0) {
-                   free (opt);
-                   free (val);
-                   status = ENOMEM;
-                   goto clean_n_exit;
-               }
-               free(ldap_context->root_certificate_file);
-               ldap_context->root_certificate_file = newstr;
-           }
+        } else if (opt && !strcmp(opt, "cert")) {
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'cert' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+
+            if (ldap_context->root_certificate_file == NULL) {
+                ldap_context->root_certificate_file = strdup(val);
+                if (ldap_context->root_certificate_file == NULL) {
+                    free (opt);
+                    free (val);
+                    status = ENOMEM;
+                    goto clean_n_exit;
+                }
+            } else {
+                char *newstr;
+
+                if (asprintf(&newstr, "%s %s",
+                             ldap_context->root_certificate_file, val) < 0) {
+                    free (opt);
+                    free (val);
+                    status = ENOMEM;
+                    goto clean_n_exit;
+                }
+                free(ldap_context->root_certificate_file);
+                ldap_context->root_certificate_file = newstr;
+            }
 #endif
-       } else {
-           /* ignore hash argument. Might have been passed from create */
-           status = EINVAL;
-           if (opt && !strcmp(opt, "temporary")) {
-               /*
-                * temporary is passed in when kdb5_util load without -update is done.
-                * This is unsupported by the LDAP plugin.
-                */
-               krb5_set_error_message (context, status,
-                                       "open of LDAP directory aborted, plugin requires -update argument");
-           } else {
-               krb5_set_error_message (context, status, "unknown option \'%s\'",
-                                       opt?opt:val);
-           }
-           free(opt);
-           free(val);
-           goto clean_n_exit;
-       }
-
-       free(opt);
-       free(val);
-       t_ptr++;
+        } else {
+            /* ignore hash argument. Might have been passed from create */
+            status = EINVAL;
+            if (opt && !strcmp(opt, "temporary")) {
+                /*
+                 * temporary is passed in when kdb5_util load without -update is done.
+                 * This is unsupported by the LDAP plugin.
+                 */
+                krb5_set_error_message (context, status,
+                                        "open of LDAP directory aborted, plugin requires -update argument");
+            } else {
+                krb5_set_error_message (context, status, "unknown option \'%s\'",
+                                        opt?opt:val);
+            }
+            free(opt);
+            free(val);
+            goto clean_n_exit;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
 
     dal_handle = context->dal_handle;
     dal_handle->db_context = ldap_context;
     status = krb5_ldap_read_server_params(context, conf_section, mode & 0x0300);
     if (status) {
-       if (ldap_context)
-           krb5_ldap_free_ldap_context(ldap_context);
-       ldap_context = NULL;
-       dal_handle->db_context = NULL;
-       prepend_err_str (context, "Error reading LDAP server params: ", status, status);
-       goto clean_n_exit;
+        if (ldap_context)
+            krb5_ldap_free_ldap_context(ldap_context);
+        ldap_context = NULL;
+        dal_handle->db_context = NULL;
+        prepend_err_str (context, "Error reading LDAP server params: ", status, status);
+        goto clean_n_exit;
     }
     if ((status=krb5_ldap_db_init(context, ldap_context)) != 0) {
-       goto clean_n_exit;
+        goto clean_n_exit;
     }
 
     if ((status=krb5_ldap_read_startup_information(context)) != 0) {
-       goto clean_n_exit;
+        goto clean_n_exit;
     }
 
 clean_n_exit:
     /* may be clearing up is not required  db_fini might do it for us, check out */
     if (status) {
-       krb5_ldap_close(context);
+        krb5_ldap_close(context);
     }
     return status;
 }
 
 #include "ldap_err.h"
 int
-set_ldap_error (krb5_context ctx, int st, int op)
+set_ldap_error(krb5_context ctx, int st, int op)
 {
     int translated_st = translate_ldap_error(st, op);
     krb5_set_error_message(ctx, translated_st, "%s", ldap_err2string(st));
@@ -507,8 +503,8 @@ set_ldap_error (krb5_context ctx, int st, int op)
 }
 
 void
-prepend_err_str (krb5_context ctx, const char *str, krb5_error_code err,
-                krb5_error_code oerr)
+prepend_err_str(krb5_context ctx, const char *str, krb5_error_code err,
+                krb5_error_code oerr)
 {
     const char *omsg;
     if (oerr == 0) oerr = err;
@@ -519,13 +515,15 @@ prepend_err_str (krb5_context ctx, const char *str, krb5_error_code err,
 extern krb5int_access accessor;
 MAKE_INIT_FUNCTION(kldap_init_fn);
 
-int kldap_init_fn(void)
+int
+kldap_init_fn(void)
 {
     /* Global (per-module) initialization.  */
     return krb5int_accessor (&accessor, KRB5INT_ACCESS_VERSION);
 }
 
-int kldap_ensure_initialized(void)
+int
+kldap_ensure_initialized(void)
 {
     return CALL_INIT_FUNCTION (kldap_init_fn);
 }
index ea6d3706afbd798ac6957123332d3dc565337446..1ca09b499d3b14c50c52d4f0ce07e00b93d98163 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/kdb_ldap.h
  *
@@ -78,21 +79,21 @@ extern struct timeval timelimit;
 #define CHECK_STATUS               1
 
 #define SETUP_CONTEXT() if (context == NULL || context->dal_handle == NULL \
-            || context->dal_handle->db_context == NULL) { \
-        return EINVAL; \
-    } \
-    dal_handle = context->dal_handle; \
-    ldap_context = (krb5_ldap_context *) dal_handle->db_context; \
+                            || context->dal_handle->db_context == NULL) { \
+        return EINVAL;                                                  \
+    }                                                                   \
+    dal_handle = context->dal_handle;                                   \
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;        \
     if (ldap_context == NULL || ldap_context->server_info_list == NULL) \
         return KRB5_KDB_DBNOTINITED;
 
-#define GET_HANDLE()  ld = NULL; \
+#define GET_HANDLE()  ld = NULL;                                        \
     st = krb5_ldap_request_handle_from_pool(ldap_context, &ldap_server_handle); \
-    if (st != 0) { \
+    if (st != 0) {                                                      \
         prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \
-        st = KRB5_KDB_ACCESS_ERROR; \
-        goto cleanup; \
-    } \
+        st = KRB5_KDB_ACCESS_ERROR;                                     \
+        goto cleanup;                                                   \
+    }                                                                   \
     ld = ldap_server_handle->ldap_handle;
 
 extern int set_ldap_error (krb5_context ctx, int st, int op);
@@ -100,44 +101,44 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
 
 #define LDAP_SEARCH(base, scope, filter, attrs)   LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
 
-#define LDAP_SEARCH_1(base, scope, filter, attrs, status_check)        \
-      do { \
-         st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
-         if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
-              tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
-             if (ldap_server_handle) \
-                 ld = ldap_server_handle->ldap_handle; \
-         } \
-      }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
-      \
-      if (status_check != IGNORE_STATUS) { \
-        if (tempst != 0) { \
+#define LDAP_SEARCH_1(base, scope, filter, attrs, status_check)         \
+    do {                                                                \
+        st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
+        if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
+            tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
+            if (ldap_server_handle)                                     \
+                ld = ldap_server_handle->ldap_handle;                   \
+        }                                                               \
+    }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
+                                                                        \
+    if (status_check != IGNORE_STATUS) {                                \
+        if (tempst != 0) {                                              \
             prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \
-            st = KRB5_KDB_ACCESS_ERROR; \
-            goto cleanup; \
-        } \
-        if (st != LDAP_SUCCESS) { \
-            st = set_ldap_error(context, st, OP_SEARCH); \
-            goto cleanup; \
-        } \
-      }
-
-
-#define CHECK_CLASS_VALIDITY(st, mask, str) \
-       if (st != 0 || mask == 0) { \
-           if (st == 0 && mask == 0) { \
-              st = set_ldap_error(context, LDAP_OBJECT_CLASS_VIOLATION, OP_SEARCH); \
-           } \
-           prepend_err_str(context, str, st, st); \
-           goto cleanup; \
-        }
-
-#define CHECK_NULL(ptr) if (ptr == NULL) { \
-                            st = ENOMEM; \
-                            goto cleanup; \
-                        }
-
-#define  STORE16_INT(ptr, val) store_16_be(val, ptr)
+            st = KRB5_KDB_ACCESS_ERROR;                                 \
+            goto cleanup;                                               \
+        }                                                               \
+        if (st != LDAP_SUCCESS) {                                       \
+            st = set_ldap_error(context, st, OP_SEARCH);                \
+            goto cleanup;                                               \
+        }                                                               \
+    }
+
+
+#define CHECK_CLASS_VALIDITY(st, mask, str)                             \
+    if (st != 0 || mask == 0) {                                         \
+        if (st == 0 && mask == 0) {                                     \
+            st = set_ldap_error(context, LDAP_OBJECT_CLASS_VIOLATION, OP_SEARCH); \
+        }                                                               \
+        prepend_err_str(context, str, st, st);                          \
+        goto cleanup;                                                   \
+    }
+
+#define CHECK_NULL(ptr) if (ptr == NULL) {      \
+        st = ENOMEM;                            \
+        goto cleanup;                           \
+    }
+
+#define  STORE16_INT(ptr, val)  store_16_be(val, ptr)
 #define  STORE32_INT(ptr, val)  store_32_be(val, ptr)
 #define UNSTORE16_INT(ptr, val) (val = load_16_be(ptr))
 #define UNSTORE32_INT(ptr, val) (val = load_32_be(ptr))
@@ -157,10 +158,10 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
 #define KDB_TL_LINKDN             0x07
 
 
-#define CHECK_LDAP_HANDLE(lcontext)     if (!(ldap_context \
-                                             && ldap_context->server_info_list)) { \
-                                         return KRB5_KDB_DBNOTINITED; \
-                                       }
+#define CHECK_LDAP_HANDLE(lcontext)     if (!(ldap_context              \
+                                              && ldap_context->server_info_list)) { \
+        return KRB5_KDB_DBNOTINITED;                                    \
+    }
 
 #define HNDL_LOCK(lcontext) k5_mutex_lock(&lcontext->hndl_lock)
 #define HNDL_UNLOCK(lcontext) k5_mutex_unlock(&lcontext->hndl_lock)
@@ -188,16 +189,16 @@ typedef struct  _krb5_ldap_server_handle {
 } krb5_ldap_server_handle;
 
 struct _krb5_ldap_server_info {
-    krb5_ldap_server_type       server_type;
+    krb5_ldap_server_type        server_type;
     krb5_ldap_server_status      server_status;
     krb5_ui_4                    num_conns;
     krb5_ldap_server_handle      *ldap_server_handles;
     time_t                       downtime;
-    char                       *server_name;
+    char                        *server_name;
 #ifdef HAVE_EDIRECTORY
-    char                       *root_certificate_file;
+    char                        *root_certificate_file;
 #endif
-    int                                 modify_increment;
+    int                          modify_increment;
     struct _krb5_ldap_server_info *next;
 };
 
@@ -207,33 +208,33 @@ struct _krb5_ldap_server_info {
 typedef enum {SERVICE_DN_TYPE_SERVER, SERVICE_DN_TYPE_CLIENT} krb5_ldap_servicetype;
 
 typedef struct _krb5_ldap_context {
-  krb5_ldap_servicetype         service_type;
-  krb5_ldap_server_info         **server_info_list;
-  krb5_ui_4                     max_server_conns;
-  char                          *conf_section;
-  char                                 *bind_dn;
-  char                          *bind_pwd;
-  char                                 *service_password_file;
-  char                                 *root_certificate_file;
-  char                          *service_cert_path;
-  char                          *service_cert_pass;
-  krb5_ldap_certificates        **certificates;
-  krb5_ui_4                     cert_count; /* certificate count */
-  k5_mutex_t                    hndl_lock;
-  krb5_ldap_krbcontainer_params *krbcontainer;
-  krb5_ldap_realm_params        *lrparams;
-  krb5_context                  kcontext;   /* to set the error code and message */
+    krb5_ldap_servicetype         service_type;
+    krb5_ldap_server_info         **server_info_list;
+    krb5_ui_4                     max_server_conns;
+    char                          *conf_section;
+    char                          *bind_dn;
+    char                          *bind_pwd;
+    char                          *service_password_file;
+    char                          *root_certificate_file;
+    char                          *service_cert_path;
+    char                          *service_cert_pass;
+    krb5_ldap_certificates        **certificates;
+    krb5_ui_4                     cert_count; /* certificate count */
+    k5_mutex_t                    hndl_lock;
+    krb5_ldap_krbcontainer_params *krbcontainer;
+    krb5_ldap_realm_params        *lrparams;
+    krb5_context                  kcontext;   /* to set the error code and message */
 } krb5_ldap_context;
 
 
 typedef struct {
-  int           nkey;
-  struct berval **keys;
+    int           nkey;
+    struct berval **keys;
 }KEY;
 
-#define k5ldap_inited(c) (c && c->db_context \
-                         && ((kdb5_dal_handle*)c->db_context)->db_context \
-                         && ((krb5_ldap_context *) ((kdb5_dal_handle*)c->db_context)->db_context))
+#define k5ldap_inited(c) (c && c->db_context                            \
+                          && ((kdb5_dal_handle*)c->db_context)->db_context \
+                          && ((krb5_ldap_context *) ((kdb5_dal_handle*)c->db_context)->db_context))
 
 
 /* misc functions */
@@ -278,8 +279,8 @@ krb5_ldap_create(krb5_context , char *, char **);
 
 krb5_error_code
 krb5_ldap_open( krb5_context , char *,
-               char **db_args,
-               int mode );
+                char **db_args,
+                int mode );
 krb5_error_code
 krb5_ldap_close( krb5_context );
 
index d757a6ee369036dd7d314749f3c6592502d3cbf5..82b0333cdd7034481425b4e2d363deff96ca2b3b 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/kdb_ldap_conn.c
  *
 #include <kdb5.h>
 
 static krb5_error_code
-krb5_validate_ldap_context(krb5_context context, krb5_ldap_context *ldap_context)
+krb5_validate_ldap_context(krb5_context context,
+                           krb5_ldap_context *ldap_context)
 {
     krb5_error_code             st=0;
     unsigned char               *password=NULL;
 
     if (ldap_context->bind_dn == NULL) {
-       st = EINVAL;
-       krb5_set_error_message(context, st, "LDAP bind dn value missing ");
-       goto err_out;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "LDAP bind dn value missing ");
+        goto err_out;
     }
 
     if (ldap_context->bind_pwd == NULL && ldap_context->service_password_file == NULL) {
-       st = EINVAL;
-       krb5_set_error_message(context, st, "LDAP bind password value missing ");
-       goto err_out;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "LDAP bind password value missing ");
+        goto err_out;
     }
 
     if (ldap_context->bind_pwd == NULL && ldap_context->service_password_file !=
-       NULL && ldap_context->service_cert_path == NULL) {
-       if ((st=krb5_ldap_readpassword(context, ldap_context, &password)) != 0) {
-           prepend_err_str(context, "Error reading password from stash: ", st, st);
-           goto err_out;
-       }
-
-       /* Check if the returned 'password' is actually the path of a certificate */
-       if (!strncmp("{FILE}", (char *)password, 6)) {
-           /* 'password' format: <path>\0<password> */
-           ldap_context->service_cert_path = strdup((char *)password + strlen("{FILE}"));
-           if (password[strlen((char *)password) + 1] == '\0')
-               ldap_context->service_cert_pass = NULL;
-           else
-               ldap_context->service_cert_pass = strdup((char *)password +
-                                                        strlen((char *)password) + 1);
-           free(password);
-       } else {
-           ldap_context->bind_pwd = (char *)password;
-           if (ldap_context->bind_pwd == NULL) {
-               st = EINVAL;
-               krb5_set_error_message(context, st, "Error reading password from stash");
-               goto err_out;
-           }
-       }
+        NULL && ldap_context->service_cert_path == NULL) {
+        if ((st=krb5_ldap_readpassword(context, ldap_context, &password)) != 0) {
+            prepend_err_str(context, "Error reading password from stash: ", st, st);
+            goto err_out;
+        }
+
+        /* Check if the returned 'password' is actually the path of a certificate */
+        if (!strncmp("{FILE}", (char *)password, 6)) {
+            /* 'password' format: <path>\0<password> */
+            ldap_context->service_cert_path = strdup((char *)password + strlen("{FILE}"));
+            if (password[strlen((char *)password) + 1] == '\0')
+                ldap_context->service_cert_pass = NULL;
+            else
+                ldap_context->service_cert_pass = strdup((char *)password +
+                                                         strlen((char *)password) + 1);
+            free(password);
+        } else {
+            ldap_context->bind_pwd = (char *)password;
+            if (ldap_context->bind_pwd == NULL) {
+                st = EINVAL;
+                krb5_set_error_message(context, st, "Error reading password from stash");
+                goto err_out;
+            }
+        }
     }
 
     /* NULL password not allowed */
     if (ldap_context->bind_pwd != NULL && strlen(ldap_context->bind_pwd) == 0) {
-       st = EINVAL;
-       krb5_set_error_message(context, st, "Service password length is zero");
-       goto err_out;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "Service password length is zero");
+        goto err_out;
     }
 
 err_out:
@@ -98,49 +100,47 @@ err_out:
  */
 
 static krb5_error_code
-krb5_ldap_bind(ldap_context, ldap_server_handle)
-    krb5_ldap_context           *ldap_context;
-    krb5_ldap_server_handle     *ldap_server_handle;
+krb5_ldap_bind(krb5_ldap_context *ldap_context,
+               krb5_ldap_server_handle *ldap_server_handle)
 {
     krb5_error_code             st=0;
     struct berval               bv={0, NULL}, *servercreds=NULL;
 
     if (ldap_context->service_cert_path != NULL) {
-       /* Certificate based bind (SASL EXTERNAL mechanism) */
-
-       st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
-                             NULL,        /* Authenticating dn */
-                             "EXTERNAL",  /* Method used for authentication */
-                             &bv,
-                             NULL,
-                             NULL,
-                             &servercreds);
-
-       if (st == LDAP_SASL_BIND_IN_PROGRESS) {
-           st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
-                                 NULL,
-                                 "EXTERNAL",
-                                 servercreds,
-                                 NULL,
-                                 NULL,
-                                 &servercreds);
-       }
+        /* Certificate based bind (SASL EXTERNAL mechanism) */
+
+        st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
+                              NULL,        /* Authenticating dn */
+                              "EXTERNAL",  /* Method used for authentication */
+                              &bv,
+                              NULL,
+                              NULL,
+                              &servercreds);
+
+        if (st == LDAP_SASL_BIND_IN_PROGRESS) {
+            st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
+                                  NULL,
+                                  "EXTERNAL",
+                                  servercreds,
+                                  NULL,
+                                  NULL,
+                                  &servercreds);
+        }
     } else {
-       /* password based simple bind */
+        /* password based simple bind */
         bv.bv_val = ldap_context->bind_pwd;
         bv.bv_len = strlen(ldap_context->bind_pwd);
         st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
-                                ldap_context->bind_dn,
-                                NULL, &bv, NULL,
-                                NULL, NULL);
+                              ldap_context->bind_dn,
+                              NULL, &bv, NULL,
+                              NULL, NULL);
     }
     return st;
 }
 
 static krb5_error_code
-krb5_ldap_initialize(ldap_context, server_info)
-    krb5_ldap_context *ldap_context;
-    krb5_ldap_server_info *server_info;
+krb5_ldap_initialize(krb5_ldap_context *ldap_context,
+                     krb5_ldap_server_info *server_info)
 {
     krb5_error_code             st=0;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -148,33 +148,33 @@ krb5_ldap_initialize(ldap_context, server_info)
 
     ldap_server_handle = calloc(1, sizeof(krb5_ldap_server_handle));
     if (ldap_server_handle == NULL) {
-       st = ENOMEM;
-       goto err_out;
+        st = ENOMEM;
+        goto err_out;
     }
 
     /* ldap init */
     if ((st = ldap_initialize(&ldap_server_handle->ldap_handle, server_info->server_name)) != 0) {
-       if (ldap_context->kcontext)
-           krb5_set_error_message (ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, "%s",
-                                   ldap_err2string(st));
-       st = KRB5_KDB_ACCESS_ERROR;
-       goto err_out;
+        if (ldap_context->kcontext)
+            krb5_set_error_message (ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, "%s",
+                                    ldap_err2string(st));
+        st = KRB5_KDB_ACCESS_ERROR;
+        goto err_out;
     }
 
     if ((st=krb5_ldap_bind(ldap_context, ldap_server_handle)) == 0) {
-       ldap_server_handle->server_info_update_pending = FALSE;
-       server_info->server_status = ON;
-       krb5_update_ldap_handle(ldap_server_handle, server_info);
+        ldap_server_handle->server_info_update_pending = FALSE;
+        server_info->server_status = ON;
+        krb5_update_ldap_handle(ldap_server_handle, server_info);
     } else {
-       if (ldap_context->kcontext)
-           krb5_set_error_message (ldap_context->kcontext,
-                                   KRB5_KDB_ACCESS_ERROR, "%s",
-                                   ldap_err2string(st));
-       st = KRB5_KDB_ACCESS_ERROR;
-       server_info->server_status = OFF;
-       time(&server_info->downtime);
-       /* ldap_unbind_s(ldap_server_handle->ldap_handle); */
-       free(ldap_server_handle);
+        if (ldap_context->kcontext)
+            krb5_set_error_message (ldap_context->kcontext,
+                                    KRB5_KDB_ACCESS_ERROR, "%s",
+                                    ldap_err2string(st));
+        st = KRB5_KDB_ACCESS_ERROR;
+        server_info->server_status = OFF;
+        time(&server_info->downtime);
+        /* ldap_unbind_s(ldap_server_handle->ldap_handle); */
+        free(ldap_server_handle);
     }
 
 err_out:
@@ -194,7 +194,7 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context)
     struct timeval              local_timelimit = {10,0};
 
     if ((st=krb5_validate_ldap_context(context, ldap_context)) != 0)
-       goto err_out;
+        goto err_out;
 
     ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
 #ifdef LDAP_OPT_NETWORK_TIMEOUT
@@ -205,55 +205,55 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context)
 
     st = HNDL_LOCK(ldap_context);
     if (st)
-       return st;
+        return st;
     while (ldap_context->server_info_list[cnt] != NULL) {
-       krb5_ldap_server_info *server_info=NULL;
+        krb5_ldap_server_info *server_info=NULL;
 
-       server_info = ldap_context->server_info_list[cnt];
+        server_info = ldap_context->server_info_list[cnt];
 
-       if (server_info->server_status == NOTSET) {
-           unsigned int conns=0;
+        if (server_info->server_status == NOTSET) {
+            unsigned int conns=0;
 
-           /*
-            * Check if the server has to perform certificate-based authentication
-            */
-           if (ldap_context->service_cert_path != NULL) {
-               /* Find out if the server supports SASL EXTERNAL mechanism */
-               if (has_sasl_external_mech(context, server_info->server_name) == 1) {
-                   cnt++;
-                   sasl_mech_supported = FALSE;
-                   continue; /* Check the next LDAP server */
-               }
-               sasl_mech_supported = TRUE;
-           }
+            /*
+             * Check if the server has to perform certificate-based authentication
+             */
+            if (ldap_context->service_cert_path != NULL) {
+                /* Find out if the server supports SASL EXTERNAL mechanism */
+                if (has_sasl_external_mech(context, server_info->server_name) == 1) {
+                    cnt++;
+                    sasl_mech_supported = FALSE;
+                    continue; /* Check the next LDAP server */
+                }
+                sasl_mech_supported = TRUE;
+            }
 
-           krb5_clear_error_message(context);
+            krb5_clear_error_message(context);
 
 #ifdef LDAP_MOD_INCREMENT
-           server_info->modify_increment =
-               (has_modify_increment(context, server_info->server_name) == 0);
+            server_info->modify_increment =
+                (has_modify_increment(context, server_info->server_name) == 0);
 #else
-           server_info->modify_increment = 0;
+            server_info->modify_increment = 0;
 #endif /* LDAP_MOD_INCREMENT */
 
-           for (conns=0; conns < ldap_context->max_server_conns; ++conns) {
-               if ((st=krb5_ldap_initialize(ldap_context, server_info)) != 0)
-                   break;
-           } /* for (conn= ... */
+            for (conns=0; conns < ldap_context->max_server_conns; ++conns) {
+                if ((st=krb5_ldap_initialize(ldap_context, server_info)) != 0)
+                    break;
+            } /* for (conn= ... */
 
-           if (server_info->server_status == ON)
-               break;  /* server init successful, so break */
-       }
-       ++cnt;
+            if (server_info->server_status == ON)
+                break;  /* server init successful, so break */
+        }
+        ++cnt;
     }
     HNDL_UNLOCK(ldap_context);
 
 err_out:
     if (sasl_mech_supported == FALSE) {
-       st = KRB5_KDB_ACCESS_ERROR;
-       krb5_set_error_message (context, st,
-                               "Certificate based authentication requested but "
-                               "not supported by LDAP servers");
+        st = KRB5_KDB_ACCESS_ERROR;
+        krb5_set_error_message (context, st,
+                                "Certificate based authentication requested but "
+                                "not supported by LDAP servers");
     }
     return (st);
 }
@@ -271,53 +271,54 @@ krb5_ldap_db_single_init(krb5_ldap_context *ldap_context)
     krb5_ldap_server_info       *server_info=NULL;
 
     while (ldap_context->server_info_list[cnt] != NULL) {
-       server_info = ldap_context->server_info_list[cnt];
-       if ((server_info->server_status == NOTSET || server_info->server_status == ON)) {
-           if (server_info->num_conns < ldap_context->max_server_conns-1) {
-               st = krb5_ldap_initialize(ldap_context, server_info);
-               if (st == LDAP_SUCCESS)
-                   goto cleanup;
-           }
-       }
-       ++cnt;
+        server_info = ldap_context->server_info_list[cnt];
+        if ((server_info->server_status == NOTSET || server_info->server_status == ON)) {
+            if (server_info->num_conns < ldap_context->max_server_conns-1) {
+                st = krb5_ldap_initialize(ldap_context, server_info);
+                if (st == LDAP_SUCCESS)
+                    goto cleanup;
+            }
+        }
+        ++cnt;
     }
 
     /* If we are here, try to connect to all the servers */
 
     cnt = 0;
     while (ldap_context->server_info_list[cnt] != NULL) {
-       server_info = ldap_context->server_info_list[cnt];
-       st = krb5_ldap_initialize(ldap_context, server_info);
-       if (st == LDAP_SUCCESS)
-           goto cleanup;
-       ++cnt;
+        server_info = ldap_context->server_info_list[cnt];
+        st = krb5_ldap_initialize(ldap_context, server_info);
+        if (st == LDAP_SUCCESS)
+            goto cleanup;
+        ++cnt;
     }
 cleanup:
     return (st);
 }
 
 krb5_error_code
-krb5_ldap_rebind(ldap_context, ldap_server_handle)
-    krb5_ldap_context           *ldap_context;
-    krb5_ldap_server_handle     **ldap_server_handle;
+krb5_ldap_rebind(krb5_ldap_context *ldap_context,
+                 krb5_ldap_server_handle **ldap_server_handle)
 {
     krb5_ldap_server_handle     *handle = *ldap_server_handle;
 
     if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
-       || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
-       return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
+        || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
+        return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
     return LDAP_SUCCESS;
 }
 
 /*
  *     DAL API functions
  */
-krb5_error_code krb5_ldap_lib_init()
+krb5_error_code
+krb5_ldap_lib_init()
 {
     return 0;
 }
 
-krb5_error_code krb5_ldap_lib_cleanup()
+krb5_error_code
+krb5_ldap_lib_cleanup()
 {
     /* right now, no cleanup required */
     return 0;
@@ -327,7 +328,7 @@ krb5_error_code
 krb5_ldap_free_ldap_context(krb5_ldap_context *ldap_context)
 {
     if (ldap_context == NULL)
-       return 0;
+        return 0;
 
     krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
     ldap_context->krbcontainer = NULL;
@@ -347,9 +348,9 @@ krb5_ldap_close(krb5_context context)
     krb5_ldap_context *ldap_context=NULL;
 
     if (context == NULL ||
-       context->dal_handle == NULL ||
-       context->dal_handle->db_context == NULL)
-       return 0;
+        context->dal_handle == NULL ||
+        context->dal_handle->db_context == NULL)
+        return 0;
 
     dal_handle = context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
index d4c6ac832bc90ca853d780b0aadeeff1082caa3d..6085efb6a524951d04340fe32764e192ca8416da 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/kdb_xdr.c
  *
 #define safe_realloc(p,n) ((p)?(realloc(p,n)):(malloc(n)))
 
 krb5_error_code
-krb5_dbe_update_tl_data(context, entry, new_tl_data)
-    krb5_context          context;
-    krb5_db_entry       * entry;
-    krb5_tl_data       * new_tl_data;
+krb5_dbe_update_tl_data(krb5_context context, krb5_db_entry *entry,
+                        krb5_tl_data *new_tl_data)
 {
     krb5_tl_data        * tl_data;
     krb5_octet          * tmp;
@@ -46,32 +45,32 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data)
        fails */
 
     if ((tmp = (krb5_octet *) malloc(new_tl_data->tl_data_length)) == NULL)
-       return(ENOMEM);
+        return(ENOMEM);
 
     /* Find an existing entry of the specified type and point at
        it, or NULL if not found */
 
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next)
-       if (tl_data->tl_data_type == new_tl_data->tl_data_type)
-           break;
+        if (tl_data->tl_data_type == new_tl_data->tl_data_type)
+            break;
 
     /* if necessary, chain a new record in the beginning and point at it */
 
     if (!tl_data) {
-       if ((tl_data = (krb5_tl_data *) calloc(1, sizeof(krb5_tl_data)))
-           == NULL) {
-           free(tmp);
-           return(ENOMEM);
-       }
-       tl_data->tl_data_next = entry->tl_data;
-       entry->tl_data = tl_data;
-       entry->n_tl_data++;
+        if ((tl_data = (krb5_tl_data *) calloc(1, sizeof(krb5_tl_data)))
+            == NULL) {
+            free(tmp);
+            return(ENOMEM);
+        }
+        tl_data->tl_data_next = entry->tl_data;
+        entry->tl_data = tl_data;
+        entry->n_tl_data++;
     }
 
     /* fill in the record */
 
     if (tl_data->tl_data_contents)
-       free(tl_data->tl_data_contents);
+        free(tl_data->tl_data_contents);
 
     tl_data->tl_data_type = new_tl_data->tl_data_type;
     tl_data->tl_data_length = new_tl_data->tl_data_length;
@@ -82,18 +81,16 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data)
 }
 
 krb5_error_code
-krb5_dbe_lookup_tl_data(context, entry, ret_tl_data)
-    krb5_context          context;
-    krb5_db_entry       * entry;
-    krb5_tl_data        * ret_tl_data;
+krb5_dbe_lookup_tl_data(krb5_context context, krb5_db_entry *entry,
+                        krb5_tl_data *ret_tl_data)
 {
     krb5_tl_data *tl_data;
 
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
-       if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
-           *ret_tl_data = *tl_data;
-           return(0);
-       }
+        if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
+            *ret_tl_data = *tl_data;
+            return(0);
+        }
     }
 
     /* if the requested record isn't found, return zero bytes.
@@ -106,10 +103,8 @@ krb5_dbe_lookup_tl_data(context, entry, ret_tl_data)
 }
 
 krb5_error_code
-krb5_dbe_update_last_pwd_change(context, entry, stamp)
-    krb5_context          context;
-    krb5_db_entry       * entry;
-    krb5_timestamp       stamp;
+krb5_dbe_update_last_pwd_change(krb5_context context, krb5_db_entry *entry,
+                                krb5_timestamp stamp)
 {
     krb5_tl_data        tl_data;
     krb5_octet          buf[4]; /* this is the encoded size of an int32 */
@@ -123,23 +118,21 @@ krb5_dbe_update_last_pwd_change(context, entry, stamp)
 }
 
 krb5_error_code
-krb5_dbe_lookup_last_pwd_change(context, entry, stamp)
-    krb5_context          context;
-    krb5_db_entry       * entry;
-    krb5_timestamp     * stamp;
+krb5_dbe_lookup_last_pwd_change(krb5_context context, krb5_db_entry *entry,
+                                krb5_timestamp *stamp)
 {
     krb5_tl_data        tl_data;
-    krb5_error_code    code;
-    krb5_int32         tmp;
+    krb5_error_code     code;
+    krb5_int32          tmp;
 
     tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
 
     if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
-       return(code);
+        return(code);
 
     if (tl_data.tl_data_length != 4) {
-       *stamp = 0;
-       return(0);
+        *stamp = 0;
+        return(0);
     }
 
     krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp);
@@ -153,29 +146,27 @@ krb5_dbe_lookup_last_pwd_change(context, entry, stamp)
    I need one, I'll add one */
 
 krb5_error_code
-krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ)
-    krb5_context         context;
-    krb5_db_entry      * entry;
-    krb5_timestamp       mod_date;
-    krb5_const_principal  mod_princ;
+krb5_dbe_update_mod_princ_data(krb5_context context, krb5_db_entry *entry,
+                               krb5_timestamp mod_date,
+                               krb5_const_principal mod_princ)
 {
     krb5_tl_data          tl_data;
 
-    krb5_error_code      retval = 0;
-    krb5_octet         * nextloc = 0;
-    char               * unparse_mod_princ = 0;
-    unsigned int       unparse_mod_princ_size;
+    krb5_error_code       retval = 0;
+    krb5_octet          * nextloc = 0;
+    char                * unparse_mod_princ = 0;
+    unsigned int        unparse_mod_princ_size;
 
     if ((retval = krb5_unparse_name(context, mod_princ,
-                                   &unparse_mod_princ)))
-       return(retval);
+                                    &unparse_mod_princ)))
+        return(retval);
 
     unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
 
     if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
-       == NULL) {
-       free(unparse_mod_princ);
-       return(ENOMEM);
+        == NULL) {
+        free(unparse_mod_princ);
+        return(ENOMEM);
     }
 
     tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
@@ -197,32 +188,30 @@ krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ)
 }
 
 krb5_error_code
-krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
-    krb5_context         context;
-    krb5_db_entry      * entry;
-    krb5_timestamp     * mod_time;
-    krb5_principal     * mod_princ;
+krb5_dbe_lookup_mod_princ_data(krb5_context context, krb5_db_entry *entry,
+                               krb5_timestamp *mod_time,
+                               krb5_principal *mod_princ)
 {
     krb5_tl_data        tl_data;
-    krb5_error_code    code;
+    krb5_error_code     code;
 
     tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
 
     if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
-       return(code);
+        return(code);
 
     if ((tl_data.tl_data_length < 5) ||
-       (tl_data.tl_data_contents[tl_data.tl_data_length-1] != '\0'))
-       return(KRB5_KDB_TRUNCATED_RECORD);
+        (tl_data.tl_data_contents[tl_data.tl_data_length-1] != '\0'))
+        return(KRB5_KDB_TRUNCATED_RECORD);
 
     /* Mod Date */
     krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time);
 
     /* Mod Princ */
     if ((code = krb5_parse_name(context,
-                               (const char *) (tl_data.tl_data_contents+4),
-                               mod_princ)))
-       return(code);
+                                (const char *) (tl_data.tl_data_contents+4),
+                                mod_princ)))
+        return(code);
 
     return(0);
 }
index bd01ead276857129336a20ebd13b9b0e34195774..7e45710b800ef76e79a77b7dda3f066b13f5e730 100644 (file)
@@ -1,34 +1,35 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _KDB2_XDR_H
 #define _KDB2_XDR_H
 
 #include "kdb.h"
 
 krb5_error_code
-krb5_encode_princ_dbkey( krb5_context context,
-                        krb5_data  *key,
-                        krb5_const_principal principal);
+krb5_encode_princ_dbkey(krb5_context context,
+                        krb5_data *key,
+                        krb5_const_principal principal);
 
 krb5_error_code
-krb5_decode_princ_contents( krb5_context         context,
-                           krb5_data           * content,
-                           krb5_db_entry       * entry);
+krb5_decode_princ_contents(krb5_context context,
+                           krb5_data *content,
+                           krb5_db_entry *entry);
 
 void
-krb5_dbe_free_contents( krb5_context     context,
-                       krb5_db_entry   * entry);
+krb5_dbe_free_contents(krb5_context context,
+                       krb5_db_entry *entry);
 
 krb5_error_code
-krb5_encode_princ_contents( krb5_context         context,
-                           krb5_data           * content,
-                           krb5_db_entry       * entry);
+krb5_encode_princ_contents(krb5_context context,
+                           krb5_data *content,
+                           krb5_db_entry *entry);
 
 
 void
-krb5_free_princ_dbkey( krb5_context context,
-                      krb5_data  *key);
+krb5_free_princ_dbkey(krb5_context context,
+                      krb5_data *key);
 
 void
-krb5_free_princ_contents( krb5_context context,
-                         krb5_data *contents);
+krb5_free_princ_contents(krb5_context context,
+                         krb5_data *contents);
 
 #endif
index 9974b1721cfc3ff6e2819364754db5908c41d61d..3027316e9f0110e94310451c840a5e97f7aee7fa 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_create.c
  *
@@ -50,7 +51,7 @@
  * the specified attributes.
  */
 krb5_error_code
-krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
+krb5_ldap_create(krb5_context context, char *conf_section, char **db_args)
 {
     krb5_error_code status = 0;
     char  **t_ptr = db_args;
@@ -71,8 +72,8 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
 
     ldap_context = malloc(sizeof(krb5_ldap_context));
     if (ldap_context == NULL) {
-       status = ENOMEM;
-       goto cleanup;
+        status = ENOMEM;
+        goto cleanup;
     }
     memset(ldap_context, 0, sizeof(*ldap_context));
 
@@ -80,158 +81,158 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
 
     /* populate ldap_context with ldap specific options */
     while (t_ptr && *t_ptr) {
-       char *opt = NULL, *val = NULL;
-
-       if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
-           goto cleanup;
-       }
-       if (opt && !strcmp(opt, "binddn")) {
-           if (ldap_context->bind_dn) {
-               free (opt);
-               free (val);
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'binddn' missing");
-               goto cleanup;
-           }
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'binddn' value missing");
-               free(opt);
-               goto cleanup;
-           }
-           ldap_context->bind_dn = strdup(val);
-           if (ldap_context->bind_dn == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto cleanup;
-           }
-       } else if (opt && !strcmp(opt, "nconns")) {
-           if (ldap_context->max_server_conns) {
-               free (opt);
-               free (val);
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'nconns' missing");
-               goto cleanup;
-           }
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'nconns' value missing");
-               free(opt);
-               goto cleanup;
-           }
-           ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
-       } else if (opt && !strcmp(opt, "bindpwd")) {
-           if (ldap_context->bind_pwd) {
-               free (opt);
-               free (val);
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'bindpwd' missing");
-               goto cleanup;
-           }
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'bindpwd' value missing");
-               free(opt);
-               goto cleanup;
-           }
-           ldap_context->bind_pwd = strdup(val);
-           if (ldap_context->bind_pwd == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto cleanup;
-           }
-       } else if (opt && !strcmp(opt, "host")) {
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'host' value missing");
-               free(opt);
-               goto cleanup;
-           }
-           if (ldap_context->server_info_list == NULL)
-               ldap_context->server_info_list =
-                   (krb5_ldap_server_info **) calloc(SERV_COUNT+1, sizeof(krb5_ldap_server_info *));
-
-           if (ldap_context->server_info_list == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto cleanup;
-           }
-
-           ldap_context->server_info_list[srv_cnt] =
-               (krb5_ldap_server_info *) calloc(1, sizeof(krb5_ldap_server_info));
-           if (ldap_context->server_info_list[srv_cnt] == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto cleanup;
-           }
-
-           ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
-
-           ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
-           if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
-               free (opt);
-               free (val);
-               status = ENOMEM;
-               goto cleanup;
-           }
-
-           srv_cnt++;
+        char *opt = NULL, *val = NULL;
+
+        if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
+            goto cleanup;
+        }
+        if (opt && !strcmp(opt, "binddn")) {
+            if (ldap_context->bind_dn) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'binddn' missing");
+                goto cleanup;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'binddn' value missing");
+                free(opt);
+                goto cleanup;
+            }
+            ldap_context->bind_dn = strdup(val);
+            if (ldap_context->bind_dn == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+        } else if (opt && !strcmp(opt, "nconns")) {
+            if (ldap_context->max_server_conns) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'nconns' missing");
+                goto cleanup;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'nconns' value missing");
+                free(opt);
+                goto cleanup;
+            }
+            ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
+        } else if (opt && !strcmp(opt, "bindpwd")) {
+            if (ldap_context->bind_pwd) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'bindpwd' missing");
+                goto cleanup;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'bindpwd' value missing");
+                free(opt);
+                goto cleanup;
+            }
+            ldap_context->bind_pwd = strdup(val);
+            if (ldap_context->bind_pwd == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+        } else if (opt && !strcmp(opt, "host")) {
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'host' value missing");
+                free(opt);
+                goto cleanup;
+            }
+            if (ldap_context->server_info_list == NULL)
+                ldap_context->server_info_list =
+                    (krb5_ldap_server_info **) calloc(SERV_COUNT+1, sizeof(krb5_ldap_server_info *));
+
+            if (ldap_context->server_info_list == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+
+            ldap_context->server_info_list[srv_cnt] =
+                (krb5_ldap_server_info *) calloc(1, sizeof(krb5_ldap_server_info));
+            if (ldap_context->server_info_list[srv_cnt] == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+
+            ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
+
+            ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
+            if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+
+            srv_cnt++;
 #ifdef HAVE_EDIRECTORY
-       } else if (opt && !strcmp(opt, "cert")) {
-           if (val == NULL) {
-               status = EINVAL;
-               krb5_set_error_message (context, status, "'cert' value missing");
-               free(opt);
-               goto cleanup;
-           }
-
-           if (ldap_context->root_certificate_file == NULL) {
-               ldap_context->root_certificate_file = strdup(val);
-               if (ldap_context->root_certificate_file == NULL) {
-                   free (opt);
-                   free (val);
-                   status = ENOMEM;
-                   goto cleanup;
-               }
-           } else {
-               char *newstr;
-
-               if (asprintf(&newstr, "%s %s",
-                            ldap_context->root_certificate_file, val) < 0) {
-                   free (opt);
-                   free (val);
-                   status = ENOMEM;
-                   goto cleanup;
-               }
-               ldap_context->root_certificate_file = newstr;
-           }
+        } else if (opt && !strcmp(opt, "cert")) {
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'cert' value missing");
+                free(opt);
+                goto cleanup;
+            }
+
+            if (ldap_context->root_certificate_file == NULL) {
+                ldap_context->root_certificate_file = strdup(val);
+                if (ldap_context->root_certificate_file == NULL) {
+                    free (opt);
+                    free (val);
+                    status = ENOMEM;
+                    goto cleanup;
+                }
+            } else {
+                char *newstr;
+
+                if (asprintf(&newstr, "%s %s",
+                             ldap_context->root_certificate_file, val) < 0) {
+                    free (opt);
+                    free (val);
+                    status = ENOMEM;
+                    goto cleanup;
+                }
+                ldap_context->root_certificate_file = newstr;
+            }
 #endif
-       } else {
-       /* ignore hash argument. Might have been passed from create */
-           status = EINVAL;
-           if (opt && !strcmp(opt, "temporary")) {
-               /*
-                * temporary is passed in when kdb5_util load without -update is done.
-                * This is unsupported by the LDAP plugin.
-                */
-               krb5_set_error_message (context, status,
-                   "creation of LDAP entries aborted, plugin requires -update argument");
-           } else {
-               krb5_set_error_message (context, status, "unknown option \'%s\'",
-                                       opt?opt:val);
-           }
-           free(opt);
-           free(val);
-           goto cleanup;
-       }
-
-       free(opt);
-       free(val);
-       t_ptr++;
+        } else {
+            /* ignore hash argument. Might have been passed from create */
+            status = EINVAL;
+            if (opt && !strcmp(opt, "temporary")) {
+                /*
+                 * temporary is passed in when kdb5_util load without -update is done.
+                 * This is unsupported by the LDAP plugin.
+                 */
+                krb5_set_error_message (context, status,
+                                        "creation of LDAP entries aborted, plugin requires -update argument");
+            } else {
+                krb5_set_error_message (context, status, "unknown option \'%s\'",
+                                        opt?opt:val);
+            }
+            free(opt);
+            free(val);
+            goto cleanup;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
 
     dal_handle = context->dal_handle;
@@ -239,121 +240,121 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
 
     status = krb5_ldap_read_server_params(context, conf_section, KRB5_KDB_SRV_TYPE_ADMIN);
     if (status) {
-       dal_handle->db_context = NULL;
-       prepend_err_str (context, "Error reading LDAP server params: ", status, status);
-       goto cleanup;
+        dal_handle->db_context = NULL;
+        prepend_err_str (context, "Error reading LDAP server params: ", status, status);
+        goto cleanup;
     }
     status = krb5_ldap_db_init(context, ldap_context);
     if (status) {
-       goto cleanup;
+        goto cleanup;
     }
 
     /* read the kerberos container */
     if ((status = krb5_ldap_read_krbcontainer_params(context,
-                           &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
-
-       /* Read the kerberos container location from configuration file */
-       if (ldap_context->conf_section) {
-           if ((status = profile_get_string(context->profile,
-                                          KDB_MODULE_SECTION, ldap_context->conf_section,
-                                          "ldap_kerberos_container_dn", NULL,
-                                          &kparams.DN)) != 0) {
-               goto cleanup;
-           }
-       }
-       if (kparams.DN == NULL) {
-           if ((status = profile_get_string(context->profile,
-                                          KDB_MODULE_DEF_SECTION,
-                                          "ldap_kerberos_container_dn", NULL,
-                                          NULL, &kparams.DN)) != 0) {
-               goto cleanup;
-           }
-       }
-
-       /* create the kerberos container */
-       status = krb5_ldap_create_krbcontainer(context,
-                                              ((kparams.DN != NULL) ? &kparams : NULL));
-       if (status)
-           goto cleanup;
-
-       krbcontainer_obj_created = TRUE;
-
-       status = krb5_ldap_read_krbcontainer_params(context,
-                                                   &(ldap_context->krbcontainer));
-       if (status)
-           goto cleanup;
+                                                     &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
+
+        /* Read the kerberos container location from configuration file */
+        if (ldap_context->conf_section) {
+            if ((status = profile_get_string(context->profile,
+                                             KDB_MODULE_SECTION, ldap_context->conf_section,
+                                             "ldap_kerberos_container_dn", NULL,
+                                             &kparams.DN)) != 0) {
+                goto cleanup;
+            }
+        }
+        if (kparams.DN == NULL) {
+            if ((status = profile_get_string(context->profile,
+                                             KDB_MODULE_DEF_SECTION,
+                                             "ldap_kerberos_container_dn", NULL,
+                                             NULL, &kparams.DN)) != 0) {
+                goto cleanup;
+            }
+        }
+
+        /* create the kerberos container */
+        status = krb5_ldap_create_krbcontainer(context,
+                                               ((kparams.DN != NULL) ? &kparams : NULL));
+        if (status)
+            goto cleanup;
+
+        krbcontainer_obj_created = TRUE;
+
+        status = krb5_ldap_read_krbcontainer_params(context,
+                                                    &(ldap_context->krbcontainer));
+        if (status)
+            goto cleanup;
 
     } else if (status) {
-       goto cleanup;
+        goto cleanup;
     }
 
     rparams = (krb5_ldap_realm_params *) malloc(sizeof(krb5_ldap_realm_params));
     if (rparams == NULL) {
-       status = ENOMEM;
-       goto cleanup;
+        status = ENOMEM;
+        goto cleanup;
     }
     memset(rparams, 0, sizeof(*rparams));
     rparams->realm_name = strdup(context->default_realm);
     if (rparams->realm_name == NULL) {
-       status = ENOMEM;
-       goto cleanup;
+        status = ENOMEM;
+        goto cleanup;
     }
 
     if ((status = krb5_ldap_create_realm(context, rparams, mask)))
-       goto cleanup;
+        goto cleanup;
 
     /* We just created the Realm container. Here starts our transaction tracking */
     realm_obj_created = TRUE;
 
     /* verify realm object */
     if ((status = krb5_ldap_read_realm_params(context,
-                                             rparams->realm_name,
-                                             &(ldap_context->lrparams),
-                                             &mask)))
-       goto cleanup;
+                                              rparams->realm_name,
+                                              &(ldap_context->lrparams),
+                                              &mask)))
+        goto cleanup;
 
 #ifdef HAVE_EDIRECTORY
     if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
-       (mask & LDAP_REALM_PASSWDSERVERS)) {
-
-       rightsmask =0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
-           for (i=0; (rparams->kdcservers[i] != NULL); i++) {
-               if ((status=krb5_ldap_add_service_rights(context,
-                                    LDAP_KDC_SERVICE, rparams->kdcservers[i],
-                                    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                   goto cleanup;
-               }
-           }
-       }
-
-       rightsmask = 0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ((rparams != NULL) && (rparams->adminservers != NULL)) {
-           for (i=0; (rparams->adminservers[i] != NULL); i++) {
-               if ((status=krb5_ldap_add_service_rights(context,
-                                    LDAP_ADMIN_SERVICE, rparams->adminservers[i],
-                                    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                   goto cleanup;
-               }
-           }
-       }
-
-       rightsmask = 0;
-       rightsmask |= LDAP_REALM_RIGHTS;
-       rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
-           for (i=0; (rparams->passwdservers[i] != NULL); i++) {
-               if ((status=krb5_ldap_add_service_rights(context,
-                                    LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
-                                    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-                   goto cleanup;
-               }
-           }
-       }
+        (mask & LDAP_REALM_PASSWDSERVERS)) {
+
+        rightsmask =0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+            for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+                if ((status=krb5_ldap_add_service_rights(context,
+                                                         LDAP_KDC_SERVICE, rparams->kdcservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    goto cleanup;
+                }
+            }
+        }
+
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+            for (i=0; (rparams->adminservers[i] != NULL); i++) {
+                if ((status=krb5_ldap_add_service_rights(context,
+                                                         LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    goto cleanup;
+                }
+            }
+        }
+
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+            for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+                if ((status=krb5_ldap_add_service_rights(context,
+                                                         LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    goto cleanup;
+                }
+            }
+        }
     }
 #endif
 
@@ -361,19 +362,19 @@ cleanup:
 
     /* If the krbcontainer/realm creation is not complete, do the roll-back here */
     if ((krbcontainer_obj_created) && (!realm_obj_created)) {
-       int rc;
-       rc = krb5_ldap_delete_krbcontainer(context,
-                   ((kparams.DN != NULL) ? &kparams : NULL));
-       krb5_set_error_message(context, rc,
-           "could not complete roll-back, error deleting Kerberos Container");
+        int rc;
+        rc = krb5_ldap_delete_krbcontainer(context,
+                                           ((kparams.DN != NULL) ? &kparams : NULL));
+        krb5_set_error_message(context, rc,
+                               "could not complete roll-back, error deleting Kerberos Container");
     }
 
     /* should call krb5_ldap_free_krbcontainer_params() but can't */
     if (kparams.DN != NULL)
-       krb5_xfree(kparams.DN);
+        krb5_xfree(kparams.DN);
 
     if (rparams)
-       krb5_ldap_free_realm_params(rparams);
+        krb5_ldap_free_realm_params(rparams);
 
     return(status);
 }
index 5bfaa7801604d90a4dc722aa1598bc5ba42349fb..16f9dccd55a960c2dec0b4262d3edae571aefd56 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <ldap.h>
 #include <errno.h>
 #include <krb5.h>
  *  OP_ABANDON => ldap_abandon
  */
 
-int translate_ldap_error(int err, int op) {
+int
+translate_ldap_error(int err, int op) {
 
     switch (err) {
     case LDAP_SUCCESS:
-       return 0;
+        return 0;
 
     case LDAP_OPERATIONS_ERROR:
-       /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is
-        * unable to respond with a more specific error and is also unable
-        * to properly respond to a request */
+        /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is
+         * unable to respond with a more specific error and is also unable
+         * to properly respond to a request */
     case LDAP_UNAVAILABLE_CRITICAL_EXTENSION:
-       /* LDAP server was unable to satisfy a request because one or more
-        * critical extensions were not available */
-       /* This might mean that the schema was not extended ... */
+        /* LDAP server was unable to satisfy a request because one or more
+         * critical extensions were not available */
+        /* This might mean that the schema was not extended ... */
     case LDAP_UNDEFINED_TYPE:
-       /* The attribute specified in the modify or add operation does not
-        * exist in the LDAP server's schema. */
-       return KRB5_KDB_INTERNAL_ERROR;
+        /* The attribute specified in the modify or add operation does not
+         * exist in the LDAP server's schema. */
+        return KRB5_KDB_INTERNAL_ERROR;
 
 
     case LDAP_INAPPROPRIATE_MATCHING:
-       /* The matching rule specified in the search filter does not match a
-        * rule defined for the attribute's syntax */
-       return KRB5_KDB_UK_RERROR;
+        /* The matching rule specified in the search filter does not match a
+         * rule defined for the attribute's syntax */
+        return KRB5_KDB_UK_RERROR;
 
     case LDAP_CONSTRAINT_VIOLATION:
-       /* The attribute value specified in a modify, add, or modify DN
-        * operation violates constraints placed on the attribute */
+        /* The attribute value specified in a modify, add, or modify DN
+         * operation violates constraints placed on the attribute */
     case LDAP_TYPE_OR_VALUE_EXISTS:
-       /* The attribute value specified in a modify or add operation
-        * already exists as a value for that attribute */
-       return KRB5_KDB_UK_SERROR;
+        /* The attribute value specified in a modify or add operation
+         * already exists as a value for that attribute */
+        return KRB5_KDB_UK_SERROR;
 
     case LDAP_INVALID_SYNTAX:
-       /* The attribute value specified in an add, compare, or modify
-        * operation is an unrecognized or invalid syntax for the attribute */
-       if (op == OP_ADD || op == OP_MOD)
-           return KRB5_KDB_UK_SERROR;
-       else /* OP_CMP */
-           return KRB5_KDB_UK_RERROR;
-
-       /* Ensure that the following don't occur in the DAL-LDAP code.
-        * Don't rely on the LDAP server to catch it */
+        /* The attribute value specified in an add, compare, or modify
+         * operation is an unrecognized or invalid syntax for the attribute */
+        if (op == OP_ADD || op == OP_MOD)
+            return KRB5_KDB_UK_SERROR;
+        else /* OP_CMP */
+            return KRB5_KDB_UK_RERROR;
+
+        /* Ensure that the following don't occur in the DAL-LDAP code.
+         * Don't rely on the LDAP server to catch it */
     case LDAP_SASL_BIND_IN_PROGRESS:
-       /* This is not an error. So, this function should not be called */
+        /* This is not an error. So, this function should not be called */
     case LDAP_COMPARE_FALSE:
     case LDAP_COMPARE_TRUE:
-       /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This
-        * function should not be invoked for them */
+        /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This
+         * function should not be invoked for them */
     case LDAP_RESULTS_TOO_LARGE: /* CLDAP */
     case LDAP_TIMELIMIT_EXCEEDED:
     case LDAP_SIZELIMIT_EXCEEDED:
-       return KRB5_KDB_SERVER_INTERNAL_ERR;
+        return KRB5_KDB_SERVER_INTERNAL_ERR;
 
     case LDAP_INVALID_DN_SYNTAX:
-       /* The syntax of the DN is incorrect */
-       return EINVAL;
+        /* The syntax of the DN is incorrect */
+        return EINVAL;
 
     case LDAP_PROTOCOL_ERROR:
-       /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an
-        * invalid or malformed request from the client */
+        /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an
+         * invalid or malformed request from the client */
     case LDAP_CONFIDENTIALITY_REQUIRED:
 
-       /* Bind problems ... */
+        /* Bind problems ... */
     case LDAP_AUTH_METHOD_NOT_SUPPORTED:
-/*     case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */
+/*      case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */
     case LDAP_INAPPROPRIATE_AUTH:
     case LDAP_INVALID_CREDENTIALS:
     case LDAP_UNAVAILABLE:
-       return KRB5_KDB_ACCESS_ERROR;
+        return KRB5_KDB_ACCESS_ERROR;
 
     case LDAP_STRONG_AUTH_REQUIRED:
-       if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */
-           return KRB5_KDB_ACCESS_ERROR;
-       else /* Client requested an operation such that requires strong authentication */
-           return KRB5_KDB_CONSTRAINT_VIOLATION;
+        if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */
+            return KRB5_KDB_ACCESS_ERROR;
+        else /* Client requested an operation such that requires strong authentication */
+            return KRB5_KDB_CONSTRAINT_VIOLATION;
 
     case LDAP_REFERRAL:
-       return KRB5_KDB_NOENTRY;
+        return KRB5_KDB_NOENTRY;
 
     case LDAP_ADMINLIMIT_EXCEEDED:
-       /* An LDAP server limit set by an administrative authority has been
-        * exceeded */
-       return KRB5_KDB_CONSTRAINT_VIOLATION;
+        /* An LDAP server limit set by an administrative authority has been
+         * exceeded */
+        return KRB5_KDB_CONSTRAINT_VIOLATION;
     case LDAP_UNWILLING_TO_PERFORM:
-       /* The LDAP server cannot process the request because of
-        * server-defined restrictions */
-       return KRB5_KDB_CONSTRAINT_VIOLATION;
+        /* The LDAP server cannot process the request because of
+         * server-defined restrictions */
+        return KRB5_KDB_CONSTRAINT_VIOLATION;
 
 
     case LDAP_NO_SUCH_ATTRIBUTE:
-       /* Indicates that the attribute specified in the modify or compare
-        * operation does not exist in the entry */
-       if (op == OP_MOD)
-           return KRB5_KDB_UK_SERROR;
-       else /* OP_CMP */
-           return KRB5_KDB_TRUNCATED_RECORD;
+        /* Indicates that the attribute specified in the modify or compare
+         * operation does not exist in the entry */
+        if (op == OP_MOD)
+            return KRB5_KDB_UK_SERROR;
+        else /* OP_CMP */
+            return KRB5_KDB_TRUNCATED_RECORD;
 
 
     case LDAP_ALIAS_DEREF_PROBLEM:
-       /* Either the client does not have access rights to read the aliased
-        * object's name or dereferencing is not allowed */
+        /* Either the client does not have access rights to read the aliased
+         * object's name or dereferencing is not allowed */
 #ifdef LDAP_PROXY_AUTHZ_FAILURE
     case LDAP_PROXY_AUTHZ_FAILURE: // Is this correct ?
 #endif
     case LDAP_INSUFFICIENT_ACCESS:
-       /* Caller does not have sufficient rights to perform the requested
-        * operation */
-       return KRB5_KDB_UNAUTH;
+        /* Caller does not have sufficient rights to perform the requested
+         * operation */
+        return KRB5_KDB_UNAUTH;
 
     case LDAP_LOOP_DETECT:
-       /* Client discovered an alias or referral loop */
-       return KRB5_KDB_DB_CORRUPT;
+        /* Client discovered an alias or referral loop */
+        return KRB5_KDB_DB_CORRUPT;
 
     default:
 
-       if (LDAP_NAME_ERROR (err))
-           return KRB5_KDB_NOENTRY;
+        if (LDAP_NAME_ERROR (err))
+            return KRB5_KDB_NOENTRY;
 
-       if (LDAP_SECURITY_ERROR (err))
-           return KRB5_KDB_UNAUTH;
+        if (LDAP_SECURITY_ERROR (err))
+            return KRB5_KDB_UNAUTH;
 
-       if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err))
-           return KRB5_KDB_ACCESS_ERROR;
+        if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err))
+            return KRB5_KDB_ACCESS_ERROR;
 
-       if (LDAP_UPDATE_ERROR(err))
-           return KRB5_KDB_UK_SERROR;
+        if (LDAP_UPDATE_ERROR(err))
+            return KRB5_KDB_UK_SERROR;
 
-       /* LDAP_OTHER */
-       return KRB5_KDB_SERVER_INTERNAL_ERR;
+        /* LDAP_OTHER */
+        return KRB5_KDB_SERVER_INTERNAL_ERR;
     }
 }
index f83e583dd1e4517a9f6aad7f09b9d08db1d903f6..1f866925268809cf35278e5d82a31ee287e42ac0 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #define OP_INIT 1
 #define OP_BIND 2
 #define OP_UNBIND 3
index ad90109da2acb9440c528def3029ae7a1c41275b..ca4fc7de657ff3a810858c2a351d666bccf2ca11 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_fetch_mkey.c
  *
  */
 
 krb5_error_code
-krb5_ldap_get_mkey (context, key)
-    krb5_context               context;
-    krb5_keyblock              **key;
-
+krb5_ldap_get_mkey(krb5_context context, krb5_keyblock **key)
 {
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -51,7 +49,7 @@ krb5_ldap_get_mkey (context, key)
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
 
     if (ldap_context == NULL || ldap_context->lrparams == NULL)
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     *key = &ldap_context->lrparams->mkey;
     return 0;
@@ -63,10 +61,7 @@ krb5_ldap_get_mkey (context, key)
  */
 
 krb5_error_code
-krb5_ldap_set_mkey (context, pwd, key)
-    krb5_context                context;
-    char                        *pwd;
-    krb5_keyblock               *key;
+krb5_ldap_set_mkey(krb5_context context, char *pwd, krb5_keyblock *key)
 {
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -79,13 +74,13 @@ krb5_ldap_set_mkey (context, pwd, key)
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
 
     if (ldap_context == NULL || ldap_context->lrparams == NULL)
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     r_params = ldap_context->lrparams;
 
     if (r_params->mkey.contents) {
-       free (r_params->mkey.contents);
-       r_params->mkey.contents=NULL;
+        free (r_params->mkey.contents);
+        r_params->mkey.contents=NULL;
     }
 
     r_params->mkey.magic = key->magic;
@@ -93,15 +88,14 @@ krb5_ldap_set_mkey (context, pwd, key)
     r_params->mkey.length = key->length;
     r_params->mkey.contents = malloc(key->length);
     if (r_params->mkey.contents == NULL)
-       return ENOMEM;
+        return ENOMEM;
 
     memcpy(r_params->mkey.contents, key->contents, key->length);
     return 0;
 }
 
 krb5_error_code
-krb5_ldap_get_mkey_list (krb5_context context, krb5_keylist_node **key_list)
-
+krb5_ldap_get_mkey_list(krb5_context context, krb5_keylist_node **key_list)
 {
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -113,7 +107,7 @@ krb5_ldap_get_mkey_list (krb5_context context, krb5_keylist_node **key_list)
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
 
     if (ldap_context == NULL || ldap_context->lrparams == NULL)
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     *key_list = ldap_context->lrparams->mkey_list;
     return 0;
@@ -133,7 +127,7 @@ krb5_ldap_set_mkey_list(krb5_context context, krb5_keylist_node *key_list)
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
 
     if (ldap_context == NULL || ldap_context->lrparams == NULL)
-       return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     r_params = ldap_context->lrparams;
     r_params->mkey_list = key_list;
index 8187cdc02f364a2a0d6c4a0cfa7f9c2394fd7849..90359493e96e8b8e2be5a725f307e8e887e1b334 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_handle.c
  *
  */
 
 static krb5_error_code
-krb5_update_server_info(ldap_server_handle, server_info)
-    krb5_ldap_server_handle    *ldap_server_handle;
-    krb5_ldap_server_info      *server_info;
+krb5_update_server_info(krb5_ldap_server_handle *ldap_server_handle,
+                        krb5_ldap_server_info *server_info)
 {
     krb5_error_code            st=0;
     struct timeval             ztime={0, 0};
     LDAPMessage                *result=NULL;
 
     if (ldap_server_handle == NULL || server_info == NULL)
-       return -1;
+        return -1;
 
     while (st == 0) {
-       st = ldap_result(ldap_server_handle->ldap_handle, ldap_server_handle->msgid,
-                        LDAP_MSG_ALL, &ztime, &result);
-       switch (st) {
-       case -1:
-           server_info->server_status = OFF;
-           time(&server_info->downtime);
-           break;
-
-       case 0:
-           continue;
-           break;
-
-       case LDAP_RES_BIND:
-           if ((st=ldap_result2error(ldap_server_handle->ldap_handle, result, 1)) == LDAP_SUCCESS) {
-               server_info->server_status = ON;
-           } else {
-               /* ?? */        krb5_set_error_message(0, 0, "%s", ldap_err2string(st));
-               server_info->server_status = OFF;
-               time(&server_info->downtime);
-           }
-           ldap_msgfree(result);
-           break;
-       default:
-           ldap_msgfree(result);
-           continue;
-           break;
-       }
+        st = ldap_result(ldap_server_handle->ldap_handle, ldap_server_handle->msgid,
+                         LDAP_MSG_ALL, &ztime, &result);
+        switch (st) {
+        case -1:
+            server_info->server_status = OFF;
+            time(&server_info->downtime);
+            break;
+
+        case 0:
+            continue;
+            break;
+
+        case LDAP_RES_BIND:
+            if ((st=ldap_result2error(ldap_server_handle->ldap_handle, result, 1)) == LDAP_SUCCESS) {
+                server_info->server_status = ON;
+            } else {
+                /* ?? */        krb5_set_error_message(0, 0, "%s", ldap_err2string(st));
+                server_info->server_status = OFF;
+                time(&server_info->downtime);
+            }
+            ldap_msgfree(result);
+            break;
+        default:
+            ldap_msgfree(result);
+            continue;
+            break;
+        }
     }
     ldap_server_handle->server_info_update_pending = FALSE;
     return 0;
@@ -94,35 +94,34 @@ krb5_update_server_info(ldap_server_handle, server_info)
  */
 
 static krb5_ldap_server_handle *
-krb5_get_ldap_handle(ldap_context)
-    krb5_ldap_context          *ldap_context;
+krb5_get_ldap_handle(krb5_ldap_context *ldap_context)
 {
     krb5_ldap_server_handle    *ldap_server_handle=NULL;
     krb5_ldap_server_info      *ldap_server_info=NULL;
     int                        cnt=0;
 
     while (ldap_context->server_info_list[cnt] != NULL) {
-       ldap_server_info = ldap_context->server_info_list[cnt];
-       if (ldap_server_info->server_status != OFF) {
-           if (ldap_server_info->ldap_server_handles != NULL) {
-               ldap_server_handle = ldap_server_info->ldap_server_handles;
-               ldap_server_info->ldap_server_handles = ldap_server_handle->next;
-               break;
+        ldap_server_info = ldap_context->server_info_list[cnt];
+        if (ldap_server_info->server_status != OFF) {
+            if (ldap_server_info->ldap_server_handles != NULL) {
+                ldap_server_handle = ldap_server_info->ldap_server_handles;
+                ldap_server_info->ldap_server_handles = ldap_server_handle->next;
+                break;
 #ifdef ASYNC_BIND
-               if (ldap_server_handle->server_info_update_pending == TRUE) {
-                   krb5_update_server_info(context, ldap_server_handle,
-                                           ldap_server_info);
-               }
-
-               if (ldap_server_info->server_status == ON) {
-                   ldap_server_info->ldap_server_handles = ldap_server_handle->next;
-                   break;
-               } else
-                   ldap_server_handle = NULL;
+                if (ldap_server_handle->server_info_update_pending == TRUE) {
+                    krb5_update_server_info(context, ldap_server_handle,
+                                            ldap_server_info);
+                }
+
+                if (ldap_server_info->server_status == ON) {
+                    ldap_server_info->ldap_server_handles = ldap_server_handle->next;
+                    break;
+                } else
+                    ldap_server_handle = NULL;
 #endif
-           }
-       }
-       ++cnt;
+            }
+        }
+        ++cnt;
     }
     return ldap_server_handle;
 }
@@ -135,14 +134,13 @@ krb5_get_ldap_handle(ldap_context)
  */
 
 static krb5_ldap_server_handle *
-krb5_retry_get_ldap_handle(ldap_context, st)
-    krb5_ldap_context          *ldap_context;
-    krb5_error_code            *st;
+krb5_retry_get_ldap_handle(krb5_ldap_context *ldap_context,
+                           krb5_error_code *st)
 {
     krb5_ldap_server_handle    *ldap_server_handle=NULL;
 
     if ((*st=krb5_ldap_db_single_init(ldap_context)) != 0)
-       return NULL;
+        return NULL;
 
     ldap_server_handle = krb5_get_ldap_handle(ldap_context);
     return ldap_server_handle;
@@ -155,12 +153,11 @@ krb5_retry_get_ldap_handle(ldap_context, st)
  */
 
 static krb5_error_code
-krb5_put_ldap_handle(ldap_server_handle)
-    krb5_ldap_server_handle    *ldap_server_handle;
+krb5_put_ldap_handle(krb5_ldap_server_handle *ldap_server_handle)
 {
 
     if (ldap_server_handle == NULL)
-       return 0;
+        return 0;
 
     ldap_server_handle->next = ldap_server_handle->server_info->ldap_server_handles;
     ldap_server_handle->server_info->ldap_server_handles = ldap_server_handle;
@@ -174,13 +171,12 @@ krb5_put_ldap_handle(ldap_server_handle)
  */
 
 krb5_error_code
-krb5_update_ldap_handle(ldap_server_handle, server_info)
-    krb5_ldap_server_handle    *ldap_server_handle;
-    krb5_ldap_server_info      *server_info;
+krb5_update_ldap_handle(krb5_ldap_server_handle *ldap_server_handle,
+                        krb5_ldap_server_info *server_info)
 {
 
     if (ldap_server_handle == NULL || server_info == NULL)
-       return 0;
+        return 0;
 
     ldap_server_handle->next = server_info->ldap_server_handles;
     server_info->ldap_server_handles = ldap_server_handle;
@@ -195,17 +191,16 @@ krb5_update_ldap_handle(ldap_server_handle, server_info)
  */
 
 static krb5_error_code
-krb5_ldap_cleanup_handles(ldap_server_info)
-    krb5_ldap_server_info      *ldap_server_info;
+krb5_ldap_cleanup_handles(krb5_ldap_server_info *ldap_server_info)
 {
     krb5_ldap_server_handle    *ldap_server_handle = NULL;
 
     while (ldap_server_info->ldap_server_handles != NULL) {
-       ldap_server_handle = ldap_server_info->ldap_server_handles;
-       ldap_server_info->ldap_server_handles = ldap_server_handle->next;
-       /* ldap_unbind_s(ldap_server_handle); */
-       free (ldap_server_handle);
-       ldap_server_handle = NULL;
+        ldap_server_handle = ldap_server_info->ldap_server_handles;
+        ldap_server_info->ldap_server_handles = ldap_server_handle->next;
+        /* ldap_unbind_s(ldap_server_handle); */
+        free (ldap_server_handle);
+        ldap_server_handle = NULL;
     }
     return 0;
 }
@@ -215,9 +210,9 @@ krb5_ldap_cleanup_handles(ldap_server_info)
  */
 
 krb5_error_code
-krb5_ldap_request_handle_from_pool(ldap_context, ldap_server_handle)
-    krb5_ldap_context          *ldap_context;
-    krb5_ldap_server_handle    **ldap_server_handle;
+krb5_ldap_request_handle_from_pool(krb5_ldap_context *ldap_context,
+                                   krb5_ldap_server_handle **
+                                   ldap_server_handle)
 {
     krb5_error_code            st=0;
 
@@ -225,9 +220,9 @@ krb5_ldap_request_handle_from_pool(ldap_context, ldap_server_handle)
 
     st = HNDL_LOCK(ldap_context);
     if (st)
-       return st;
+        return st;
     if (((*ldap_server_handle)=krb5_get_ldap_handle(ldap_context)) == NULL)
-       (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
+        (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
     HNDL_UNLOCK(ldap_context);
     return st;
 }
@@ -238,22 +233,22 @@ krb5_ldap_request_handle_from_pool(ldap_context, ldap_server_handle)
  */
 
 krb5_error_code
-krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle)
-    krb5_ldap_context          *ldap_context;
-    krb5_ldap_server_handle    **ldap_server_handle;
+krb5_ldap_request_next_handle_from_pool(krb5_ldap_context *ldap_context,
+                                        krb5_ldap_server_handle **
+                                        ldap_server_handle)
 {
     krb5_error_code            st=0;
 
     st = HNDL_LOCK(ldap_context);
     if (st)
-       return st;
+        return st;
     (*ldap_server_handle)->server_info->server_status = OFF;
     time(&(*ldap_server_handle)->server_info->downtime);
     krb5_put_ldap_handle(*ldap_server_handle);
     krb5_ldap_cleanup_handles((*ldap_server_handle)->server_info);
 
     if (((*ldap_server_handle)=krb5_get_ldap_handle(ldap_context)) == NULL)
-       (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
+        (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
     HNDL_UNLOCK(ldap_context);
     return st;
 }
@@ -263,15 +258,14 @@ krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle)
  */
 
 void
-krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle)
-    krb5_ldap_context          *ldap_context;
-    krb5_ldap_server_handle    *ldap_server_handle;
+krb5_ldap_put_handle_to_pool(krb5_ldap_context *ldap_context,
+                             krb5_ldap_server_handle *ldap_server_handle)
 {
     if (ldap_server_handle != NULL) {
-       if (HNDL_LOCK(ldap_context) == 0) {
-           krb5_put_ldap_handle(ldap_server_handle);
-           HNDL_UNLOCK(ldap_context);
-       }
+        if (HNDL_LOCK(ldap_context) == 0) {
+            krb5_put_ldap_handle(ldap_server_handle);
+            HNDL_UNLOCK(ldap_context);
+        }
     }
     return;
 }
index c351c1fd789d92859ddfcc77c400b6649f9df8f9..4f289c84c2a3f65e6d1ec156872394b2e9777f4c 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_handle.h
  *
index 5b9fa5ce6c458fe13af06e5a3007ad1c6d3688ca..0b5f099f8c959117c65a398452a6cc59413df68f 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_krbcontainer.c
  *
@@ -43,16 +44,16 @@ void
 krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *cparams)
 {
     if (cparams == NULL)
-       return;
+        return;
 
     if (cparams->policyreference)
-       krb5_xfree(cparams->policyreference);
+        krb5_xfree(cparams->policyreference);
 
     if (cparams->parent)
-       krb5_xfree(cparams->parent);
+        krb5_xfree(cparams->parent);
 
     if (cparams->DN)
-       krb5_xfree(cparams->DN);
+        krb5_xfree(cparams->DN);
 
     krb5_xfree(cparams);
 
@@ -69,8 +70,8 @@ krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *cparams)
  */
 
 krb5_error_code
-krb5_ldap_read_krbcontainer_params(krb5_context        context,
-                                  krb5_ldap_krbcontainer_params **cparamp)
+krb5_ldap_read_krbcontainer_params(krb5_context context,
+                                   krb5_ldap_krbcontainer_params **cparamp)
 
 {
     krb5_error_code                 st=0, tempst=0;
@@ -90,24 +91,24 @@ krb5_ldap_read_krbcontainer_params(krb5_context     context,
 
     /* read kerberos containter location from [dbmodules] section of krb5.conf file */
     if (ldap_context->conf_section) {
-       if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section,
-                                  "ldap_kerberos_container_dn", NULL,
-                                  &cparams->DN)) != 0) {
-           krb5_set_error_message(context, st, "Error reading kerberos container location "
-                                  "from krb5.conf");
-           goto cleanup;
-       }
+        if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section,
+                                   "ldap_kerberos_container_dn", NULL,
+                                   &cparams->DN)) != 0) {
+            krb5_set_error_message(context, st, "Error reading kerberos container location "
+                                   "from krb5.conf");
+            goto cleanup;
+        }
     }
 
     /* read kerberos containter location from [dbdefaults] section of krb5.conf file */
     if (cparams->DN == NULL) {
-       if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
-                                  "ldap_kerberos_container_dn", NULL,
-                                  NULL, &cparams->DN)) != 0) {
-           krb5_set_error_message(context, st, "Error reading kerberos container location "
-                                  "from krb5.conf");
-           goto cleanup;
-       }
+        if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
+                                   "ldap_kerberos_container_dn", NULL,
+                                   NULL, &cparams->DN)) != 0) {
+            krb5_set_error_message(context, st, "Error reading kerberos container location "
+                                   "from krb5.conf");
+            goto cleanup;
+        }
     }
 
 #ifndef HAVE_EDIRECTORY
@@ -116,26 +117,26 @@ krb5_ldap_read_krbcontainer_params(krb5_context   context,
  * is missing in the conf file. In openldap we will have to return an error.
  */
     if (cparams->DN == NULL) {
-       st = KRB5_KDB_SERVER_INTERNAL_ERR;
-       krb5_set_error_message(context, st, "Kerberos container location not specified");
-       goto cleanup;
+        st = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message(context, st, "Kerberos container location not specified");
+        goto cleanup;
     }
 #endif
 
     if (cparams->DN != NULL) {
-       /* NOTE: krbmaxtktlife, krbmaxrenewableage ... present on Kerberos Container is
-        * not read
-        */
-       LDAP_SEARCH_1(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute, IGNORE_STATUS);
-       if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
-           st = set_ldap_error(context, st, OP_SEARCH);
-           goto cleanup;
-       }
-
-       if (st == LDAP_NO_SUCH_OBJECT) {
-           st = KRB5_KDB_NOENTRY;
-           goto cleanup;
-       }
+        /* NOTE: krbmaxtktlife, krbmaxrenewableage ... present on Kerberos Container is
+         * not read
+         */
+        LDAP_SEARCH_1(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute, IGNORE_STATUS);
+        if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
+            st = set_ldap_error(context, st, OP_SEARCH);
+            goto cleanup;
+        }
+
+        if (st == LDAP_NO_SUCH_OBJECT) {
+            st = KRB5_KDB_NOENTRY;
+            goto cleanup;
+        }
     }
 
 #ifdef HAVE_EDIRECTORY
@@ -145,58 +146,58 @@ krb5_ldap_read_krbcontainer_params(krb5_context   context,
      * then fall back to the default value
      */
     if ((cparams->DN == NULL) || (st == LDAP_NO_SUCH_OBJECT)) {
-       /*
-        * kerberos container can be anywhere. locate it by reading the security
-        * container to find the location.
-        */
-       LDAP_SEARCH(SECURITY_CONTAINER, LDAP_SCOPE_BASE, NULL, krbcontainerrefattr);
-       if ((ent = ldap_first_entry(ld, result)) != NULL) {
-           if ((st=krb5_ldap_get_string(ld, ent, "krbcontainerreference",
-                                        &(cparams->DN), NULL)) != 0)
-               goto cleanup;
-           if (cparams->DN == NULL) {
-               cparams->DN = strdup(KERBEROS_CONTAINER);
-               CHECK_NULL(cparams->DN);
-           }
-       }
-       ldap_msgfree(result);
-
-       /* NOTE: krbmaxtktlife, krbmaxrenewableage ... attributes present on
-        * Kerberos Container is not read
-        */
-       LDAP_SEARCH(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute);
+        /*
+         * kerberos container can be anywhere. locate it by reading the security
+         * container to find the location.
+         */
+        LDAP_SEARCH(SECURITY_CONTAINER, LDAP_SCOPE_BASE, NULL, krbcontainerrefattr);
+        if ((ent = ldap_first_entry(ld, result)) != NULL) {
+            if ((st=krb5_ldap_get_string(ld, ent, "krbcontainerreference",
+                                         &(cparams->DN), NULL)) != 0)
+                goto cleanup;
+            if (cparams->DN == NULL) {
+                cparams->DN = strdup(KERBEROS_CONTAINER);
+                CHECK_NULL(cparams->DN);
+            }
+        }
+        ldap_msgfree(result);
+
+        /* NOTE: krbmaxtktlife, krbmaxrenewableage ... attributes present on
+         * Kerberos Container is not read
+         */
+        LDAP_SEARCH(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute);
     }
 #endif
 
     if ((ent = ldap_first_entry(ld, result))) {
-       if ((st=krb5_ldap_get_string(ld, ent, "krbticketpolicyreference",
-                                    &(cparams->policyreference), NULL)) != 0)
-           goto cleanup;
+        if ((st=krb5_ldap_get_string(ld, ent, "krbticketpolicyreference",
+                                     &(cparams->policyreference), NULL)) != 0)
+            goto cleanup;
     }
     ldap_msgfree(result);
 
     if (cparams->policyreference != NULL) {
-       LDAP_SEARCH_1(cparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
-       if (st != LDAP_SUCCESS && st!= LDAP_NO_SUCH_OBJECT) {
-           st = set_ldap_error(context, st, OP_SEARCH);
-           goto cleanup;
-       }
-       st = LDAP_SUCCESS; /* reset the return status in case it is LDAP_NO_SUCH_OBJECT */
-
-       ent=ldap_first_entry(ld, result);
-       if (ent != NULL) {
-           krb5_ldap_get_value(ld, ent, "krbmaxtktlife", &(cparams->max_life));
-           krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &(cparams->max_renewable_life));
-           krb5_ldap_get_value(ld, ent, "krbticketflags", &(cparams->tktflags));
-       }
-       ldap_msgfree(result);
+        LDAP_SEARCH_1(cparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
+        if (st != LDAP_SUCCESS && st!= LDAP_NO_SUCH_OBJECT) {
+            st = set_ldap_error(context, st, OP_SEARCH);
+            goto cleanup;
+        }
+        st = LDAP_SUCCESS; /* reset the return status in case it is LDAP_NO_SUCH_OBJECT */
+
+        ent=ldap_first_entry(ld, result);
+        if (ent != NULL) {
+            krb5_ldap_get_value(ld, ent, "krbmaxtktlife", &(cparams->max_life));
+            krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &(cparams->max_renewable_life));
+            krb5_ldap_get_value(ld, ent, "krbticketflags", &(cparams->tktflags));
+        }
+        ldap_msgfree(result);
     }
     *cparamp=cparams;
 
 cleanup:
     if (st != 0) {
-       krb5_ldap_free_krbcontainer_params(cparams);
-       *cparamp=NULL;
+        krb5_ldap_free_krbcontainer_params(cparams);
+        *cparamp=NULL;
     }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
index f4510d69c6826a13007147bb2c4ec4eed7ea3205..3b89aea3a8e64c6def337a6c5fc2e5a1b829552b 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_krbcontainer.h
  *
 #ifndef _LDAP_KRBCONTAINER_H_
 #define _LDAP_KRBCONTAINER_H_ 1
 
-#define MAX_KRB_CONTAINER_LEN  256
+#define MAX_KRB_CONTAINER_LEN   256
 
 /* kerberos container structure */
 
 typedef struct _krb5_ldap_krbcontainer_params {
-  char            *parent;
-  char            *DN;
-  char            *policyreference;
-  krb5_int32      max_life;
-  krb5_int32      max_renewable_life;
-  krb5_int32      tktflags;
+    char            *parent;
+    char            *DN;
+    char            *policyreference;
+    krb5_int32      max_life;
+    krb5_int32      max_renewable_life;
+    krb5_int32      tktflags;
 } krb5_ldap_krbcontainer_params;
 
 void
 krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *);
 
 krb5_error_code
-krb5_ldap_read_krbcontainer_params(krb5_context , krb5_ldap_krbcontainer_params **);
+krb5_ldap_read_krbcontainer_params(krb5_context,
+                                   krb5_ldap_krbcontainer_params **);
 
 krb5_error_code
-krb5_ldap_create_krbcontainer(krb5_context, const krb5_ldap_krbcontainer_params *);
+krb5_ldap_create_krbcontainer(krb5_context,
+                              const krb5_ldap_krbcontainer_params *);
 
 krb5_error_code
 krb5_ldap_delete_krbcontainer(krb5_context,
-    const krb5_ldap_krbcontainer_params *);
+                              const krb5_ldap_krbcontainer_params *);
 
 #endif
index 95a837929af51eef1243223180046358dfd9cc72..878c6f360c2c8fb48a4937cfe74555b9d4269564 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_main.h
  *
index a5ab6598a1b80318520abae744f55e548dcb1346..f549e2393d4634d94c0870f0002852310acbd12e 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_misc.c
  *
@@ -47,26 +48,27 @@ extern char *strptime (const char *, const char *, struct tm *);
 
 static krb5_error_code
 remove_overlapping_subtrees(char **listin, char **listop, int *subtcount,
-                           int sscope);
+                            int sscope);
 
 /* Linux (GNU Libc) provides a length-limited variant of strdup.
    But all the world's not Linux.  */
 #undef strndup
 #define strndup my_strndup
 #ifdef HAVE_LDAP_STR2DN
-static char *my_strndup (const char *input, size_t limit)
+static char *
+my_strndup(const char *input, size_t limit)
 {
     size_t len = strlen(input);
     char *result;
     if (len > limit) {
-       result = malloc(1 + limit);
-       if (result != NULL) {
-           memcpy(result, input, limit);
-           result[limit] = 0;
-       }
-       return result;
+        result = malloc(1 + limit);
+        if (result != NULL) {
+            memcpy(result, input, limit);
+            result[limit] = 0;
+        }
+        return result;
     } else
-       return strdup(input);
+        return strdup(input);
 }
 #endif
 
@@ -74,30 +76,30 @@ static char *my_strndup (const char *input, size_t limit)
    to the default section, then to hard-coded values.  */
 static errcode_t
 prof_get_integer_def(krb5_context ctx, const char *conf_section,
-                    const char *name, int dfl, krb5_ui_4 *out)
+                     const char *name, int dfl, krb5_ui_4 *out)
 {
     errcode_t err;
     int out_temp = 0;
 
     err = profile_get_integer (ctx->profile,
-                              KDB_MODULE_SECTION, conf_section, name,
-                              0, &out_temp);
+                               KDB_MODULE_SECTION, conf_section, name,
+                               0, &out_temp);
     if (err) {
-       krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
-                               name, error_message(err));
-       return err;
+        krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
+                                name, error_message(err));
+        return err;
     }
     if (out_temp != 0) {
-       *out = out_temp;
-       return 0;
+        *out = out_temp;
+        return 0;
     }
     err = profile_get_integer (ctx->profile,
-                              KDB_MODULE_DEF_SECTION, name, 0,
-                              dfl, &out_temp);
+                               KDB_MODULE_DEF_SECTION, name, 0,
+                               dfl, &out_temp);
     if (err) {
-       krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
-                               name, error_message(err));
-       return err;
+        krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
+                                name, error_message(err));
+        return err;
     }
     *out = out_temp;
     return 0;
@@ -107,27 +109,27 @@ prof_get_integer_def(krb5_context ctx, const char *conf_section,
    bother with the extra argument.  */
 static errcode_t
 prof_get_string_def(krb5_context ctx, const char *conf_section,
-                   const char *name, char **out)
+                    const char *name, char **out)
 {
     errcode_t err;
 
     err = profile_get_string (ctx->profile,
-                             KDB_MODULE_SECTION, conf_section, name,
-                             0, out);
+                              KDB_MODULE_SECTION, conf_section, name,
+                              0, out);
     if (err) {
-       krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
-                               name, error_message(err));
-       return err;
+        krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
+                                name, error_message(err));
+        return err;
     }
     if (*out != 0)
-       return 0;
+        return 0;
     err = profile_get_string (ctx->profile,
-                             KDB_MODULE_DEF_SECTION, name, 0,
-                             0, out);
+                              KDB_MODULE_DEF_SECTION, name, 0,
+                              0, out);
     if (err) {
-       krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
-                               name, error_message(err));
-       return err;
+        krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
+                                name, error_message(err));
+        return err;
     }
     return 0;
 }
@@ -140,10 +142,8 @@ prof_get_string_def(krb5_context ctx, const char *conf_section,
  * these are ldap_server ....
  */
 krb5_error_code
-krb5_ldap_read_server_params(context, conf_section, srv_type)
-    krb5_context               context;
-    char                       *conf_section;
-    int                        srv_type;
+krb5_ldap_read_server_params(krb5_context context, char *conf_section,
+                             int srv_type)
 {
     char                        *tempval=NULL, *save_ptr=NULL;
     const char                  *delims="\t\n\f\v\r ,";
@@ -157,11 +157,11 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
 
     /* copy the conf_section into ldap_context for later use */
     if (conf_section) {
-       ldap_context->conf_section = strdup (conf_section);
-       if (ldap_context->conf_section == NULL) {
-           st = ENOMEM;
-           goto cleanup;
-       }
+        ldap_context->conf_section = strdup (conf_section);
+        if (ldap_context->conf_section == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
     }
 
     /* initialize the mutexs and condition variable */
@@ -169,13 +169,13 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
 
     /* this mutex is used in ldap reconnection pool */
     if (k5_mutex_init(&(ldap_context->hndl_lock)) != 0) {
-       st = KRB5_KDB_SERVER_INTERNAL_ERR;
+        st = KRB5_KDB_SERVER_INTERNAL_ERR;
 #if 0
-       st = -1;
-       krb5_ldap_dal_err_funcp(context, krb5_err_have_str, st,
-                               "k5_mutex_init failed");
+        st = -1;
+        krb5_ldap_dal_err_funcp(context, krb5_err_have_str, st,
+                                "k5_mutex_init failed");
 #endif
-       goto cleanup;
+        goto cleanup;
     }
 
     /*
@@ -184,19 +184,19 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      * connections per ldap server.
      */
     if (ldap_context->max_server_conns == 0) {
-       st = prof_get_integer_def (context, conf_section,
-                                  KRB5_CONF_LDAP_CONNS_PER_SERVER,
-                                  DEFAULT_CONNS_PER_SERVER,
-                                  &ldap_context->max_server_conns);
-       if (st)
-           goto cleanup;
+        st = prof_get_integer_def (context, conf_section,
+                                   KRB5_CONF_LDAP_CONNS_PER_SERVER,
+                                   DEFAULT_CONNS_PER_SERVER,
+                                   &ldap_context->max_server_conns);
+        if (st)
+            goto cleanup;
     }
 
     if (ldap_context->max_server_conns < 2) {
-       st = EINVAL;
-       krb5_set_error_message (context, st,
-                               "Minimum connections required per server is 2");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st,
+                                "Minimum connections required per server is 2");
+        goto cleanup;
     }
 
     /*
@@ -206,20 +206,20 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      * server.  The srv_type decides which dn to read.
      */
     if (ldap_context->bind_dn == NULL) {
-       char *name = 0;
-       if (srv_type == KRB5_KDB_SRV_TYPE_KDC)
-           name = KRB5_CONF_LDAP_KDC_DN;
-       else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN)
-           name = KRB5_CONF_LDAP_KADMIN_DN;
-       else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD)
-           name = "ldap_kpasswdd_dn";
-
-       if (name) {
-           st = prof_get_string_def (context, conf_section, name,
-                                     &ldap_context->bind_dn);
-           if (st)
-               goto cleanup;
-       }
+        char *name = 0;
+        if (srv_type == KRB5_KDB_SRV_TYPE_KDC)
+            name = KRB5_CONF_LDAP_KDC_DN;
+        else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN)
+            name = KRB5_CONF_LDAP_KADMIN_DN;
+        else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD)
+            name = "ldap_kpasswdd_dn";
+
+        if (name) {
+            st = prof_get_string_def (context, conf_section, name,
+                                      &ldap_context->bind_dn);
+            if (st)
+                goto cleanup;
+        }
     }
 
     /*
@@ -228,11 +228,11 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      * the KDC, ADMIN and PASSWD dns.
      */
     if (ldap_context->service_password_file == NULL) {
-       st = prof_get_string_def (context, conf_section,
-                                 KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE,
-                                 &ldap_context->service_password_file);
-       if (st)
-           goto cleanup;
+        st = prof_get_string_def (context, conf_section,
+                                  KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE,
+                                  &ldap_context->service_password_file);
+        if (st)
+            goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
@@ -242,11 +242,11 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      * certificate of the Directory.
      */
     if (ldap_context->root_certificate_file == NULL) {
-       st = prof_get_string_def (context, conf_section,
-                                 KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE,
-                                 &ldap_context->root_certificate_file);
-       if (st)
-           goto cleanup;
+        st = prof_get_string_def (context, conf_section,
+                                  KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE,
+                                  &ldap_context->root_certificate_file);
+        if (st)
+            goto cleanup;
     }
 #endif
 
@@ -256,57 +256,57 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      */
 
     if (ldap_context->server_info_list == NULL) {
-       unsigned int ele=0;
-
-       server_info = &(ldap_context->server_info_list);
-       *server_info = (krb5_ldap_server_info **) calloc (SERV_COUNT+1,
-                                                         sizeof (krb5_ldap_server_info *));
-
-       if (*server_info == NULL) {
-           st = ENOMEM;
-           goto cleanup;
-       }
-
-       if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
-                                  KRB5_CONF_LDAP_SERVERS, NULL, &tempval)) != 0) {
-           krb5_set_error_message (context, st, "Error reading 'ldap_servers' attribute");
-           goto cleanup;
-       }
-
-       if (tempval == NULL) {
-
-           (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
-                                                                 sizeof(krb5_ldap_server_info));
-
-           (*server_info)[ele]->server_name = strdup("ldapi://");
-           if ((*server_info)[ele]->server_name == NULL) {
-               st = ENOMEM;
-               goto cleanup;
-           }
-           (*server_info)[ele]->server_status = NOTSET;
-       } else {
-           char *item=NULL;
-
-           item = strtok_r(tempval,delims,&save_ptr);
-           while (item != NULL && ele<SERV_COUNT) {
-               (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
-                                                                     sizeof(krb5_ldap_server_info));
-               if ((*server_info)[ele] == NULL) {
-                   st = ENOMEM;
-                   goto cleanup;
-               }
-               (*server_info)[ele]->server_name = strdup(item);
-               if ((*server_info)[ele]->server_name == NULL) {
-                   st = ENOMEM;
-                   goto cleanup;
-               }
-
-               (*server_info)[ele]->server_status = NOTSET;
-               item = strtok_r(NULL,delims,&save_ptr);
-               ++ele;
-           }
-           profile_release_string(tempval);
-       }
+        unsigned int ele=0;
+
+        server_info = &(ldap_context->server_info_list);
+        *server_info = (krb5_ldap_server_info **) calloc (SERV_COUNT+1,
+                                                          sizeof (krb5_ldap_server_info *));
+
+        if (*server_info == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
+
+        if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
+                                   KRB5_CONF_LDAP_SERVERS, NULL, &tempval)) != 0) {
+            krb5_set_error_message (context, st, "Error reading 'ldap_servers' attribute");
+            goto cleanup;
+        }
+
+        if (tempval == NULL) {
+
+            (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
+                                                                  sizeof(krb5_ldap_server_info));
+
+            (*server_info)[ele]->server_name = strdup("ldapi://");
+            if ((*server_info)[ele]->server_name == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+            (*server_info)[ele]->server_status = NOTSET;
+        } else {
+            char *item=NULL;
+
+            item = strtok_r(tempval,delims,&save_ptr);
+            while (item != NULL && ele<SERV_COUNT) {
+                (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
+                                                                      sizeof(krb5_ldap_server_info));
+                if ((*server_info)[ele] == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+                (*server_info)[ele]->server_name = strdup(item);
+                if ((*server_info)[ele]->server_name == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+
+                (*server_info)[ele]->server_status = NOTSET;
+                item = strtok_r(NULL,delims,&save_ptr);
+                ++ele;
+            }
+            profile_release_string(tempval);
+        }
     }
 
 cleanup:
@@ -318,97 +318,95 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_free_server_context_params(ldap_context)
-    krb5_ldap_context           *ldap_context;
+krb5_ldap_free_server_context_params(krb5_ldap_context *ldap_context)
 {
     int                         i=0;
     krb5_ldap_server_handle     *ldap_server_handle=NULL, *next_ldap_server_handle=NULL;
 
     if (ldap_context == NULL)
-       return 0;
+        return 0;
 
     /* Free all ldap servers list and the ldap handles associated with
        the ldap server.  */
     if (ldap_context->server_info_list) {
-       while (ldap_context->server_info_list[i]) {
-           if (ldap_context->server_info_list[i]->server_name) {
-               free (ldap_context->server_info_list[i]->server_name);
-           }
+        while (ldap_context->server_info_list[i]) {
+            if (ldap_context->server_info_list[i]->server_name) {
+                free (ldap_context->server_info_list[i]->server_name);
+            }
 #ifdef HAVE_EDIRECTORY
-           if (ldap_context->server_info_list[i]->root_certificate_file) {
-               free (ldap_context->server_info_list[i]->root_certificate_file);
-           }
+            if (ldap_context->server_info_list[i]->root_certificate_file) {
+                free (ldap_context->server_info_list[i]->root_certificate_file);
+            }
 #endif
-           if (ldap_context->server_info_list[i]->ldap_server_handles) {
-               ldap_server_handle = ldap_context->server_info_list[i]->ldap_server_handles;
-               while (ldap_server_handle) {
-                   ldap_unbind_ext_s(ldap_server_handle->ldap_handle, NULL, NULL);
-                   ldap_server_handle->ldap_handle = NULL;
-                   next_ldap_server_handle = ldap_server_handle->next;
-                   krb5_xfree(ldap_server_handle);
-                   ldap_server_handle = next_ldap_server_handle;
-               }
-           }
-           krb5_xfree(ldap_context->server_info_list[i]);
-           i++;
-       }
-       krb5_xfree(ldap_context->server_info_list);
+            if (ldap_context->server_info_list[i]->ldap_server_handles) {
+                ldap_server_handle = ldap_context->server_info_list[i]->ldap_server_handles;
+                while (ldap_server_handle) {
+                    ldap_unbind_ext_s(ldap_server_handle->ldap_handle, NULL, NULL);
+                    ldap_server_handle->ldap_handle = NULL;
+                    next_ldap_server_handle = ldap_server_handle->next;
+                    krb5_xfree(ldap_server_handle);
+                    ldap_server_handle = next_ldap_server_handle;
+                }
+            }
+            krb5_xfree(ldap_context->server_info_list[i]);
+            i++;
+        }
+        krb5_xfree(ldap_context->server_info_list);
     }
 
     if (ldap_context->conf_section != NULL) {
-       krb5_xfree(ldap_context->conf_section);
-       ldap_context->conf_section = NULL;
+        krb5_xfree(ldap_context->conf_section);
+        ldap_context->conf_section = NULL;
     }
 
     if (ldap_context->bind_dn != NULL) {
-       krb5_xfree(ldap_context->bind_dn);
-       ldap_context->bind_dn = NULL;
+        krb5_xfree(ldap_context->bind_dn);
+        ldap_context->bind_dn = NULL;
     }
 
     if (ldap_context->bind_pwd != NULL) {
-       memset(ldap_context->bind_pwd, 0, strlen(ldap_context->bind_pwd));
-       krb5_xfree(ldap_context->bind_pwd);
-       ldap_context->bind_pwd = NULL;
+        memset(ldap_context->bind_pwd, 0, strlen(ldap_context->bind_pwd));
+        krb5_xfree(ldap_context->bind_pwd);
+        ldap_context->bind_pwd = NULL;
     }
 
     if (ldap_context->service_password_file != NULL) {
-       krb5_xfree(ldap_context->service_password_file);
-       ldap_context->service_password_file = NULL;
+        krb5_xfree(ldap_context->service_password_file);
+        ldap_context->service_password_file = NULL;
     }
 
 #ifdef HAVE_EDIRECTORY
     if (ldap_context->root_certificate_file != NULL) {
-       krb5_xfree(ldap_context->root_certificate_file);
-       ldap_context->root_certificate_file = NULL;
+        krb5_xfree(ldap_context->root_certificate_file);
+        ldap_context->root_certificate_file = NULL;
     }
 #endif
 
     if (ldap_context->service_cert_path != NULL) {
-       krb5_xfree(ldap_context->service_cert_path);
-       ldap_context->service_cert_path = NULL;
+        krb5_xfree(ldap_context->service_cert_path);
+        ldap_context->service_cert_path = NULL;
     }
 
     if (ldap_context->service_cert_pass != NULL) {
-       krb5_xfree(ldap_context->service_cert_pass);
-       ldap_context->service_cert_pass = NULL;
+        krb5_xfree(ldap_context->service_cert_pass);
+        ldap_context->service_cert_pass = NULL;
     }
 
     if (ldap_context->certificates) {
-       i=0;
-       while (ldap_context->certificates[i] != NULL) {
-           krb5_xfree(ldap_context->certificates[i]->certificate);
-           krb5_xfree(ldap_context->certificates[i]);
-           ++i;
-       }
-       krb5_xfree(ldap_context->certificates);
+        i=0;
+        while (ldap_context->certificates[i] != NULL) {
+            krb5_xfree(ldap_context->certificates[i]->certificate);
+            krb5_xfree(ldap_context->certificates[i]);
+            ++i;
+        }
+        krb5_xfree(ldap_context->certificates);
     }
 
     return(0);
 }
 
 krb5_error_code
-krb5_ldap_free_server_params(ldap_context)
-    krb5_ldap_context           *ldap_context;
+krb5_ldap_free_server_params(krb5_ldap_context *ldap_context)
 {
     if (ldap_context == NULL)
         return 0;
@@ -429,9 +427,8 @@ krb5_ldap_free_server_params(ldap_context)
  */
 
 krb5_error_code
-is_principal_in_realm(ldap_context, searchfor)
-    krb5_ldap_context          *ldap_context;
-    krb5_const_principal       searchfor;
+is_principal_in_realm(krb5_ldap_context *ldap_context,
+                      krb5_const_principal searchfor)
 {
     size_t                      defrealmlen=0;
     char                        *defrealm=NULL;
@@ -450,20 +447,20 @@ is_principal_in_realm(ldap_context, searchfor)
      * "krbtgt".  All this check is done in the immediate block.
      */
     if (searchfor->length == 2)
-       if ((strncasecmp(searchfor->data[0].data, "krbtgt",
-                        FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
-           (strncasecmp(searchfor->data[1].data, defrealm,
-                        FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
-           return 0;
+        if ((strncasecmp(searchfor->data[0].data, "krbtgt",
+                         FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
+            (strncasecmp(searchfor->data[1].data, defrealm,
+                         FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
+            return 0;
 
     /* first check the length, if they are not equal, then they are not same */
     if (strlen(defrealm) != searchfor->realm.length)
-       return 1;
+        return 1;
 
     /* if the length is equal, check for the contents */
     if (strncmp(defrealm, searchfor->realm.data,
-               searchfor->realm.length) != 0)
-       return 1;
+                searchfor->realm.length) != 0)
+        return 1;
     /* if we are here, then the realm portions match, return 0 */
     return 0;
 }
@@ -490,17 +487,15 @@ is_principal_in_realm(ldap_context, searchfor)
  *    it is the subtree information associated with the realm.
  */
 krb5_error_code
-krb5_get_subtree_info(ldap_context, subtreearr, ntree)
-    krb5_ldap_context           *ldap_context;
-    char                        ***subtreearr;
-    unsigned int                *ntree;
+krb5_get_subtree_info(krb5_ldap_context *ldap_context, char ***subtreearr,
+                      unsigned int *ntree)
 {
     int                         st=0, i=0, subtreecount=0;
-    int                                ncount=0, search_scope=0;
+    int                         ncount=0, search_scope=0;
     char                        **subtree=NULL, *realm_cont_dn=NULL;
     char                        **subtarr=NULL;
     char                        *containerref=NULL;
-    char                       **newsubtree=NULL;
+    char                        **newsubtree=NULL;
 
     containerref = ldap_context->lrparams->containerref;
     subtree = ldap_context->lrparams->subtree;
@@ -510,32 +505,32 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree)
 
     subtarr = (char **) malloc(sizeof(char *) * (subtreecount + 1 /*realm dn*/ + 1 /*containerref*/ + 1));
     if (subtarr == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     memset(subtarr, 0, (sizeof(char *) * (subtreecount+1+1+1)));
 
     /* get the complete subtree list */
     for (i=0; i<subtreecount && subtree[i]!=NULL; i++) {
-       subtarr[i] = strdup(subtree[i]);
-       if (subtarr[i] == NULL) {
-           st = ENOMEM;
-           goto cleanup;
-       }
+        subtarr[i] = strdup(subtree[i]);
+        if (subtarr[i] == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
     }
 
     subtarr[i] = strdup(realm_cont_dn);
     if (subtarr[i++] == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     if (containerref != NULL) {
-       subtarr[i] = strdup(containerref);
-       if (subtarr[i++] == NULL) {
-           st = ENOMEM;
-           goto cleanup;
-       }
+        subtarr[i] = strdup(containerref);
+        if (subtarr[i++] == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
     }
 
     ncount = i;
@@ -546,7 +541,7 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree)
     }
     memset(newsubtree, 0, (sizeof(char *) * (ncount+1)));
     if ((st = remove_overlapping_subtrees(subtarr, newsubtree, &ncount,
-               search_scope)) != 0) {
+                                          search_scope)) != 0) {
         goto cleanup;
     }
 
@@ -555,16 +550,16 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree)
 
 cleanup:
     if (subtarr != NULL) {
-       for (i=0; subtarr[i] != NULL; i++)
-           free(subtarr[i]);
-       free(subtarr);
+        for (i=0; subtarr[i] != NULL; i++)
+            free(subtarr[i]);
+        free(subtarr);
     }
 
     if (st != 0) {
         if (newsubtree != NULL) {
-           for (i=0; newsubtree[i] != NULL; i++)
-               free(newsubtree[i]);
-           free(newsubtree);
+            for (i=0; newsubtree[i] != NULL; i++)
+                free(newsubtree[i]);
+            free(newsubtree);
         }
     }
     return st;
@@ -578,10 +573,7 @@ cleanup:
  */
 
 krb5_error_code
-store_tl_data(tl_data, tl_type, value)
-    krb5_tl_data                *tl_data;
-    int                         tl_type;
-    void                        *value;
+store_tl_data(krb5_tl_data *tl_data, int tl_type, void *value)
 {
     unsigned int                currlen=0, tldatalen=0;
     unsigned char               *curr=NULL;
@@ -593,68 +585,68 @@ store_tl_data(tl_data, tl_type, value)
     case KDB_TL_PRINCTYPE:
     case KDB_TL_MASK:
     {
-       int *iptr = (int *)value;
-       int ivalue = *iptr;
-
-       currlen = tl_data->tl_data_length;
-       tl_data->tl_data_length += 1 + 2 + 2;
-       /* allocate required memory */
-       reallocptr = tl_data->tl_data_contents;
-       tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
-                                           tl_data->tl_data_length);
-       if (tl_data->tl_data_contents == NULL) {
-           if (reallocptr)
-               free (reallocptr);
-           return ENOMEM;
-       }
-       curr = (tl_data->tl_data_contents + currlen);
-
-       /* store the tl_type value */
-       memset(curr, tl_type, 1);
-       curr += 1;
-       /* store the content length */
-       tldatalen = 2;
-       STORE16_INT(curr, tldatalen);
-       curr += 2;
-       /* store the content */
-       STORE16_INT(curr, ivalue);
-       curr += 2;
-       break;
+        int *iptr = (int *)value;
+        int ivalue = *iptr;
+
+        currlen = tl_data->tl_data_length;
+        tl_data->tl_data_length += 1 + 2 + 2;
+        /* allocate required memory */
+        reallocptr = tl_data->tl_data_contents;
+        tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
+                                            tl_data->tl_data_length);
+        if (tl_data->tl_data_contents == NULL) {
+            if (reallocptr)
+                free (reallocptr);
+            return ENOMEM;
+        }
+        curr = (tl_data->tl_data_contents + currlen);
+
+        /* store the tl_type value */
+        memset(curr, tl_type, 1);
+        curr += 1;
+        /* store the content length */
+        tldatalen = 2;
+        STORE16_INT(curr, tldatalen);
+        curr += 2;
+        /* store the content */
+        STORE16_INT(curr, ivalue);
+        curr += 2;
+        break;
     }
 
     case KDB_TL_USERDN:
     case KDB_TL_LINKDN:
     {
-       char *cptr = (char *)value;
-
-       currlen = tl_data->tl_data_length;
-       tl_data->tl_data_length += 1 + 2 + strlen(cptr);
-       /* allocate required memory */
-       reallocptr = tl_data->tl_data_contents;
-       tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
-                                           tl_data->tl_data_length);
-       if (tl_data->tl_data_contents == NULL) {
-           if (reallocptr)
-               free (reallocptr);
-           return ENOMEM;
-       }
-       curr = (tl_data->tl_data_contents + currlen);
-
-       /* store the tl_type value */
-       memset(curr, tl_type, 1);
-       curr += 1;
-       /* store the content length */
-       tldatalen = strlen(cptr);
-       STORE16_INT(curr, tldatalen);
-       curr += 2;
-       /* store the content */
-       memcpy(curr, cptr, tldatalen);
-       curr += tldatalen;
-       break;
+        char *cptr = (char *)value;
+
+        currlen = tl_data->tl_data_length;
+        tl_data->tl_data_length += 1 + 2 + strlen(cptr);
+        /* allocate required memory */
+        reallocptr = tl_data->tl_data_contents;
+        tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
+                                            tl_data->tl_data_length);
+        if (tl_data->tl_data_contents == NULL) {
+            if (reallocptr)
+                free (reallocptr);
+            return ENOMEM;
+        }
+        curr = (tl_data->tl_data_contents + currlen);
+
+        /* store the tl_type value */
+        memset(curr, tl_type, 1);
+        curr += 1;
+        /* store the content length */
+        tldatalen = strlen(cptr);
+        STORE16_INT(curr, tldatalen);
+        curr += 2;
+        /* store the content */
+        memcpy(curr, cptr, tldatalen);
+        curr += tldatalen;
+        break;
     }
 
     default:
-       return 1;
+        return 1;
 
     }
     return 0;
@@ -671,10 +663,7 @@ store_tl_data(tl_data, tl_type, value)
  */
 
 krb5_error_code
-decode_tl_data(tl_data, tl_type, data)
-    krb5_tl_data                *tl_data;
-    int                         tl_type;
-    void                        **data;
+decode_tl_data(krb5_tl_data *tl_data, int tl_type, void **data)
 {
     int                         subtype=0, i=0, limit=10;
     unsigned int                sublen=0;
@@ -689,93 +678,93 @@ decode_tl_data(tl_data, tl_type, data)
     curr = tl_data->tl_data_contents;
     while (curr < (tl_data->tl_data_contents + tl_data->tl_data_length)) {
 
-       /* get the type of the content */
-       subtype = (int) curr[0];
-       /* forward by 1 byte*/
-       curr += 1;
-
-       if (subtype == tl_type) {
-           switch (subtype) {
-
-           case KDB_TL_PRINCCOUNT:
-           case KDB_TL_PRINCTYPE:
-           case KDB_TL_MASK:
-               /* get the length of the content */
-               UNSTORE16_INT(curr, sublen);
-               /* forward by 2 bytes */
-               curr += 2;
-               /* get the actual content */
-               if (sublen == 2) {
-                   /* intptr = malloc(sublen);   */
-                   intptr = malloc(sizeof(krb5_int32));
-                   if (intptr == NULL)
-                       return ENOMEM;
-                   memset(intptr, 0, sublen);
-                   UNSTORE16_INT(curr, (*intptr));
-                   *data = intptr;
-               } else {
-                   longptr = malloc(sublen);
-                   if (longptr == NULL)
-                       return ENOMEM;
-                   memset(longptr, 0, sublen);
-                   UNSTORE32_INT(curr, (*longptr));
-                   *data = longptr;
-               }
-               curr += sublen;
-               st = 0;
-               return st;
-               break;
-
-           case KDB_TL_CONTAINERDN:
-           case KDB_TL_USERDN:
-               /* get the length of the content */
-               UNSTORE16_INT(curr, sublen);
-               /* forward by 2 bytes */
-               curr += 2;
-               DN = malloc (sublen + 1);
-               if (DN == NULL)
-                   return ENOMEM;
-               memcpy(DN, curr, sublen);
-               DN[sublen] = 0;
-               *data = DN;
-               curr += sublen;
-               st = 0;
-               return st;
-               break;
-
-           case KDB_TL_LINKDN:
-               if (DNarr == NULL) {
-                   DNarr = calloc(limit, sizeof(char *));
-                   if (DNarr == NULL)
-                       return ENOMEM;
-               }
-               if (i == limit-1) {
-                   limit *= 2;
-                   DNarr = realloc(DNarr, sizeof(char *) * (limit));
-                   if (DNarr == NULL)
-                       return ENOMEM;
-               }
-
-               /* get the length of the content */
-               UNSTORE16_INT(curr, sublen);
-               /* forward by 2 bytes */
-               curr += 2;
-               DNarr[i] = malloc (sublen + 1);
-               if (DNarr[i] == NULL)
-                   return ENOMEM;
-               memcpy(DNarr[i], curr, sublen);
-               DNarr[i][sublen] = 0;
-               ++i;
-               curr += sublen;
-               *data = DNarr;
-               st=0;
-               break;
-           }
-       } else {
-           /* move to the current content block */
-           UNSTORE16_INT(curr, sublen);
-           curr += 2 + sublen;
-       }
+        /* get the type of the content */
+        subtype = (int) curr[0];
+        /* forward by 1 byte*/
+        curr += 1;
+
+        if (subtype == tl_type) {
+            switch (subtype) {
+
+            case KDB_TL_PRINCCOUNT:
+            case KDB_TL_PRINCTYPE:
+            case KDB_TL_MASK:
+                /* get the length of the content */
+                UNSTORE16_INT(curr, sublen);
+                /* forward by 2 bytes */
+                curr += 2;
+                /* get the actual content */
+                if (sublen == 2) {
+                    /* intptr = malloc(sublen);   */
+                    intptr = malloc(sizeof(krb5_int32));
+                    if (intptr == NULL)
+                        return ENOMEM;
+                    memset(intptr, 0, sublen);
+                    UNSTORE16_INT(curr, (*intptr));
+                    *data = intptr;
+                } else {
+                    longptr = malloc(sublen);
+                    if (longptr == NULL)
+                        return ENOMEM;
+                    memset(longptr, 0, sublen);
+                    UNSTORE32_INT(curr, (*longptr));
+                    *data = longptr;
+                }
+                curr += sublen;
+                st = 0;
+                return st;
+                break;
+
+            case KDB_TL_CONTAINERDN:
+            case KDB_TL_USERDN:
+                /* get the length of the content */
+                UNSTORE16_INT(curr, sublen);
+                /* forward by 2 bytes */
+                curr += 2;
+                DN = malloc (sublen + 1);
+                if (DN == NULL)
+                    return ENOMEM;
+                memcpy(DN, curr, sublen);
+                DN[sublen] = 0;
+                *data = DN;
+                curr += sublen;
+                st = 0;
+                return st;
+                break;
+
+            case KDB_TL_LINKDN:
+                if (DNarr == NULL) {
+                    DNarr = calloc(limit, sizeof(char *));
+                    if (DNarr == NULL)
+                        return ENOMEM;
+                }
+                if (i == limit-1) {
+                    limit *= 2;
+                    DNarr = realloc(DNarr, sizeof(char *) * (limit));
+                    if (DNarr == NULL)
+                        return ENOMEM;
+                }
+
+                /* get the length of the content */
+                UNSTORE16_INT(curr, sublen);
+                /* forward by 2 bytes */
+                curr += 2;
+                DNarr[i] = malloc (sublen + 1);
+                if (DNarr[i] == NULL)
+                    return ENOMEM;
+                memcpy(DNarr[i], curr, sublen);
+                DNarr[i][sublen] = 0;
+                ++i;
+                curr += sublen;
+                *data = DNarr;
+                st=0;
+                break;
+            }
+        } else {
+            /* move to the current content block */
+            UNSTORE16_INT(curr, sublen);
+            curr += 2 + sublen;
+        }
     }
     return st;
 }
@@ -784,11 +773,8 @@ decode_tl_data(tl_data, tl_type, data)
  * wrapper routines for decode_tl_data
  */
 static krb5_error_code
-krb5_get_int_from_tl_data(context, entries, type, intval)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         type;
-    int                         *intval;
+krb5_get_int_from_tl_data(krb5_context context, krb5_db_entry *entries,
+                          int type, int *intval)
 {
     krb5_error_code             st=0;
     krb5_tl_data                tl_data;
@@ -797,12 +783,12 @@ krb5_get_int_from_tl_data(context, entries, type, intval)
 
     tl_data.tl_data_type = KDB_TL_USER_INFO;
     if (((st=krb5_dbe_lookup_tl_data(context, entries, &tl_data)) != 0) || tl_data.tl_data_length == 0)
-       goto cleanup;
+        goto cleanup;
 
     if (decode_tl_data(&tl_data, type, &voidptr) == 0) {
-       intptr = (int *) voidptr;
-       *intval = *intptr;
-       free(intptr);
+        intptr = (int *) voidptr;
+        *intval = *intptr;
+        free(intptr);
     }
 
 cleanup:
@@ -814,37 +800,26 @@ cleanup:
  * object (user, policy ...).
  */
 krb5_error_code
-krb5_get_attributes_mask(context, entries, mask)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         *mask;
+krb5_get_attributes_mask(krb5_context context, krb5_db_entry *entries,
+                         int *mask)
 {
     return krb5_get_int_from_tl_data(context, entries, KDB_TL_MASK, mask);
 }
 
 krb5_error_code
-krb5_get_princ_type(context, entries, ptype)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         *ptype;
+krb5_get_princ_type(krb5_context context, krb5_db_entry *entries, int *ptype)
 {
     return krb5_get_int_from_tl_data(context, entries, KDB_TL_PRINCTYPE, ptype);
 }
 
 krb5_error_code
-krb5_get_princ_count(context, entries, pcount)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         *pcount;
+krb5_get_princ_count(krb5_context context, krb5_db_entry *entries, int *pcount)
 {
     return krb5_get_int_from_tl_data(context, entries, KDB_TL_PRINCCOUNT, pcount);
 }
 
 krb5_error_code
-krb5_get_linkdn(context, entries, link_dn)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    char                        ***link_dn;
+krb5_get_linkdn(krb5_context context, krb5_db_entry *entries, char ***link_dn)
 {
     krb5_error_code             st=0;
     krb5_tl_data                tl_data;
@@ -853,10 +828,10 @@ krb5_get_linkdn(context, entries, link_dn)
     *link_dn = NULL;
     tl_data.tl_data_type = KDB_TL_USER_INFO;
     if (((st=krb5_dbe_lookup_tl_data(context, entries, &tl_data)) != 0) || tl_data.tl_data_length == 0)
-       goto cleanup;
+        goto cleanup;
 
     if (decode_tl_data(&tl_data, KDB_TL_LINKDN, &voidptr) == 0) {
-       *link_dn = (char **) voidptr;
+        *link_dn = (char **) voidptr;
     }
 
 cleanup:
@@ -864,27 +839,24 @@ cleanup:
 }
 
 static krb5_error_code
-krb5_get_str_from_tl_data(context, entries, type, strval)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         type;
-    char                        **strval;
+krb5_get_str_from_tl_data(krb5_context context, krb5_db_entry *entries,
+                          int type, char **strval)
 {
     krb5_error_code             st=0;
     krb5_tl_data                tl_data;
     void                        *voidptr=NULL;
 
     if (type != KDB_TL_USERDN && type != KDB_TL_CONTAINERDN) {
-       st = EINVAL;
-       goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     tl_data.tl_data_type = KDB_TL_USER_INFO;
     if (((st=krb5_dbe_lookup_tl_data(context, entries, &tl_data)) != 0) || tl_data.tl_data_length == 0)
-       goto cleanup;
+        goto cleanup;
 
     if (decode_tl_data(&tl_data, type, &voidptr) == 0) {
-       *strval = (char *) voidptr;
+        *strval = (char *) voidptr;
     }
 
 cleanup:
@@ -892,20 +864,15 @@ cleanup:
 }
 
 krb5_error_code
-krb5_get_userdn(context, entries, userdn)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    char                        **userdn;
+krb5_get_userdn(krb5_context context, krb5_db_entry *entries, char **userdn)
 {
     *userdn = NULL;
     return krb5_get_str_from_tl_data(context, entries, KDB_TL_USERDN, userdn);
 }
 
 krb5_error_code
-krb5_get_containerdn(context, entries, containerdn)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    char                        **containerdn;
+krb5_get_containerdn(krb5_context context, krb5_db_entry *entries,
+                     char **containerdn)
 {
     *containerdn = NULL;
     return krb5_get_str_from_tl_data(context, entries, KDB_TL_CONTAINERDN, containerdn);
@@ -927,38 +894,34 @@ krb5_get_containerdn(context, entries, containerdn)
  */
 
 krb5_error_code
-checkattributevalue (ld, dn, attribute, attrvalues, mask)
-    LDAP                        *ld;
-    char                        *dn;
-    char                        *attribute;
-    char                        **attrvalues;
-    int                         *mask;
+checkattributevalue(LDAP *ld, char *dn, char *attribute, char **attrvalues,
+                    int *mask)
 {
     int                         st=0, one=1;
     char                        **values=NULL, *attributes[2] = {NULL};
     LDAPMessage                 *result=NULL, *entry=NULL;
 
     if (strlen(dn) == 0) {
-       st = set_ldap_error(0, LDAP_NO_SUCH_OBJECT, OP_SEARCH);
-       return st;
+        st = set_ldap_error(0, LDAP_NO_SUCH_OBJECT, OP_SEARCH);
+        return st;
     }
 
     attributes[0] = attribute;
 
     /* read the attribute values from the dn */
     if ((st = ldap_search_ext_s(ld,
-                               dn,
-                               LDAP_SCOPE_BASE,
-                               0,
-                               attributes,
-                               0,
-                               NULL,
-                               NULL,
-                               &timelimit,
-                               LDAP_NO_LIMIT,
-                               &result)) != LDAP_SUCCESS) {
-       st = set_ldap_error(0, st, OP_SEARCH);
-       return st;
+                                dn,
+                                LDAP_SCOPE_BASE,
+                                0,
+                                attributes,
+                                0,
+                                NULL,
+                                NULL,
+                                &timelimit,
+                                LDAP_NO_LIMIT,
+                                &result)) != LDAP_SUCCESS) {
+        st = set_ldap_error(0, st, OP_SEARCH);
+        return st;
     }
 
     /*
@@ -966,30 +929,30 @@ checkattributevalue (ld, dn, attribute, attrvalues, mask)
      * existence of the object alone.
      */
     if (attribute == NULL || attrvalues == NULL)
-       goto cleanup;
+        goto cleanup;
 
     /* reset the bit mask */
     *mask = 0;
 
     if ((entry=ldap_first_entry(ld, result)) != NULL) {
-       /* read the attribute values */
-       if ((values=ldap_get_values(ld, entry, attribute)) != NULL) {
-           int i,j;
-
-           /*
-            * Compare the read attribute values with the attrvalues
-            * array and set the appropriate bit mask.
-            */
-           for (j=0; attrvalues[j]; ++j) {
-               for (i=0; values[i]; ++i) {
-                   if (strcasecmp(values[i], attrvalues[j]) == 0) {
-                       *mask |= (one<<j);
-                       break;
-                   }
-               }
-           }
-           ldap_value_free(values);
-       }
+        /* read the attribute values */
+        if ((values=ldap_get_values(ld, entry, attribute)) != NULL) {
+            int i,j;
+
+            /*
+             * Compare the read attribute values with the attrvalues
+             * array and set the appropriate bit mask.
+             */
+            for (j=0; attrvalues[j]; ++j) {
+                for (i=0; values[i]; ++i) {
+                    if (strcasecmp(values[i], attrvalues[j]) == 0) {
+                        *mask |= (one<<j);
+                        break;
+                    }
+                }
+            }
+            ldap_value_free(values);
+        }
     }
 
 cleanup:
@@ -1007,11 +970,7 @@ cleanup:
  */
 
 krb5_error_code
-updateAttribute (ld, dn, attribute, value)
-    LDAP                        *ld;
-    char                        *dn;
-    char                        *attribute;
-    char                        *value;
+updateAttribute(LDAP *ld, char *dn, char *attribute, char *value)
 {
     int                         st=0;
     LDAPMod                     modAttr, *mods[2]={NULL};
@@ -1034,10 +993,10 @@ updateAttribute (ld, dn, attribute, value)
      * LDAP_TYPE_OR_VALUE_EXISTS is for multi-valued attribute
      */
     if (st == LDAP_ALREADY_EXISTS || st == LDAP_TYPE_OR_VALUE_EXISTS)
-       st = 0;
+        st = 0;
 
     if (st != 0) {
-       st = set_ldap_error (0, st, OP_MOD);
+        st = set_ldap_error (0, st, OP_MOD);
     }
 
     return st;
@@ -1052,11 +1011,7 @@ updateAttribute (ld, dn, attribute, value)
  */
 
 krb5_error_code
-deleteAttribute (ld, dn, attribute, value)
-    LDAP                        *ld;
-    char                        *dn;
-    char                        *attribute;
-    char                        *value;
+deleteAttribute(LDAP *ld, char *dn, char *attribute, char *value)
 {
     krb5_error_code             st=0;
     LDAPMod                     modAttr, *mods[2]={NULL};
@@ -1076,10 +1031,10 @@ deleteAttribute (ld, dn, attribute, value)
 
     /* if either the attribute or the attribute value is missing return a success */
     if (st == LDAP_NO_SUCH_ATTRIBUTE || st == LDAP_UNDEFINED_TYPE)
-       st = 0;
+        st = 0;
 
     if (st != 0) {
-       st = set_ldap_error (0, st, OP_MOD);
+        st = set_ldap_error (0, st, OP_MOD);
     }
 
     return st;
@@ -1097,34 +1052,32 @@ deleteAttribute (ld, dn, attribute, value)
  */
 
 krb5_error_code
-disjoint_members(src, dest)
-    char                        **src;
-    char                        **dest;
+disjoint_members(char **src, char **dest)
 {
     int                         i=0, j=0, slen=0, dlen=0;
 
     /* validate the input parameters */
     if (src == NULL || dest == NULL)
-       return 0;
+        return 0;
 
     /* compute the first array length */
     for (i=0;src[i]; ++i)
-       ;
+        ;
 
     /* return if the length is 0 */
     if (i==0)
-       return 0;
+        return 0;
 
     /* index of the last element and also the length of the array */
     slen = i-1;
 
     /* compute the second array length */
     for (i=0;dest[i]; ++i)
-       ;
+        ;
 
     /* return if the length is 0 */
     if (i==0)
-       return 0;
+        return 0;
 
     /* index of the last element and also the length of the array */
     dlen = i-1;
@@ -1132,50 +1085,50 @@ disjoint_members(src, dest)
     /* check for the similar elements and delete them from both the arrays */
     for (i=0; src[i]; ++i) {
 
-       for (j=0; dest[j]; ++j) {
-
-           /* if the element are same */
-           if (strcasecmp(src[i], dest[j]) == 0) {
-               /*
-                * If the matched element is in the middle, then copy
-                * the last element to the matched index.
-                */
-               if (i != slen) {
-                   free (src[i]);
-                   src[i] = src[slen];
-                   src[slen] = NULL;
-               } else {
-                   /*
-                    * If the matched element is the last, free it and
-                    * set it to NULL.
-                    */
-                   free (src[i]);
-                   src[i] = NULL;
-               }
-               /* reduce the array length by 1 */
-               slen -= 1;
-
-               /* repeat the same processing for the second array too */
-               if (j != dlen) {
-                   free(dest[j]);
-                   dest[j] = dest[dlen];
-                   dest[dlen] = NULL;
-               } else {
-                   free(dest[j]);
-                   dest[j] = NULL;
-               }
-               dlen -=1;
-
-               /*
-                * The source array is reduced by 1, so reduce the
-                * index variable used for source array by 1.  No need
-                * to adjust the second array index variable as it is
-                * reset while entering the inner loop.
-                */
-               i -= 1;
-               break;
-           }
-       }
+        for (j=0; dest[j]; ++j) {
+
+            /* if the element are same */
+            if (strcasecmp(src[i], dest[j]) == 0) {
+                /*
+                 * If the matched element is in the middle, then copy
+                 * the last element to the matched index.
+                 */
+                if (i != slen) {
+                    free (src[i]);
+                    src[i] = src[slen];
+                    src[slen] = NULL;
+                } else {
+                    /*
+                     * If the matched element is the last, free it and
+                     * set it to NULL.
+                     */
+                    free (src[i]);
+                    src[i] = NULL;
+                }
+                /* reduce the array length by 1 */
+                slen -= 1;
+
+                /* repeat the same processing for the second array too */
+                if (j != dlen) {
+                    free(dest[j]);
+                    dest[j] = dest[dlen];
+                    dest[dlen] = NULL;
+                } else {
+                    free(dest[j]);
+                    dest[j] = NULL;
+                }
+                dlen -=1;
+
+                /*
+                 * The source array is reduced by 1, so reduce the
+                 * index variable used for source array by 1.  No need
+                 * to adjust the second array index variable as it is
+                 * reset while entering the inner loop.
+                 */
+                i -= 1;
+                break;
+            }
+        }
     }
     return 0;
 }
@@ -1187,60 +1140,55 @@ disjoint_members(src, dest)
  */
 
 krb5_error_code
-copy_arrays(src, dest, count)
-    char                        **src;
-    char                        ***dest;
-    int                         count;
+copy_arrays(char **src, char ***dest, int count)
 {
     krb5_error_code             st=0;
     int                         i=0;
 
     /* validate the input parameters */
     if (src == NULL || dest == NULL)
-       return 0;
+        return 0;
 
     /* allocate memory for the dest array */
     *dest = (char **) calloc((unsigned) count+1, sizeof(char *));
     if (*dest == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     /* copy the members from src to dest array. */
     for (i=0; i < count && src[i] != NULL; ++i) {
-       (*dest)[i] = strdup(src[i]);
-       if ((*dest)[i] == NULL) {
-           st = ENOMEM;
-           goto cleanup;
-       }
+        (*dest)[i] = strdup(src[i]);
+        if ((*dest)[i] == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
     }
 
 cleanup:
     /* in case of error free up everything and return */
     if (st != 0) {
-       if (*dest != NULL) {
-           for (i=0; (*dest)[i]; ++i) {
-               free ((*dest)[i]);
-               (*dest)[i] = NULL;
-           }
-           free (*dest);
-           *dest = NULL;
-       }
+        if (*dest != NULL) {
+            for (i=0; (*dest)[i]; ++i) {
+                free ((*dest)[i]);
+                (*dest)[i] = NULL;
+            }
+            free (*dest);
+            *dest = NULL;
+        }
     }
     return st;
 }
 
 static krb5_error_code
-getepochtime(strtime, epochtime)
-    char              *strtime;
-    krb5_timestamp    *epochtime;
+getepochtime(char *strtime, krb5_timestamp *epochtime)
 {
     struct tm           tme;
 
     memset(&tme, 0, sizeof(tme));
     if (strptime(strtime,"%Y%m%d%H%M%SZ", &tme) == NULL) {
-       *epochtime = 0;
-       return EINVAL;
+        *epochtime = 0;
+        return EINVAL;
     }
     *epochtime = krb5int_gmt_mktime(&tme);
     return 0;
@@ -1253,21 +1201,17 @@ getepochtime(strtime, epochtime)
  */
 
 krb5_error_code
-krb5_ldap_get_value(ld, ent, attribute, retval)
-    LDAP                        *ld;
-    LDAPMessage                 *ent;
-    char                        *attribute;
-    int                         *retval;
+krb5_ldap_get_value(LDAP *ld, LDAPMessage *ent, char *attribute, int *retval)
 {
     char                           **values=NULL;
 
     *retval = 0;
     values=ldap_get_values(ld, ent, attribute);
     if (values != NULL) {
-       if (values[0] != NULL)
-           *retval = atoi(values[0]);
-       ldap_value_free(values);
-       return 0;
+        if (values[0] != NULL)
+            *retval = atoi(values[0]);
+        ldap_value_free(values);
+        return 0;
     }
     return 1;
 }
@@ -1279,30 +1223,26 @@ krb5_ldap_get_value(ld, ent, attribute, retval)
  *
  */
 krb5_error_code
-krb5_ldap_get_string(ld, ent, attribute, retstr, attr_present)
-    LDAP                        *ld;
-    LDAPMessage                 *ent;
-    char                        *attribute;
-    char                        **retstr;
-    krb5_boolean                *attr_present;
+krb5_ldap_get_string(LDAP *ld, LDAPMessage *ent, char *attribute,
+                     char **retstr, krb5_boolean *attr_present)
 {
     char                           **values=NULL;
     krb5_error_code                st=0;
 
     *retstr = NULL;
     if (attr_present != NULL)
-       *attr_present = FALSE;
+        *attr_present = FALSE;
 
     values=ldap_get_values(ld, ent, attribute);
     if (values != NULL) {
-       if (values[0] != NULL) {
-           if (attr_present!= NULL)
-               *attr_present = TRUE;
-           *retstr = strdup(values[0]);
-           if (*retstr == NULL)
-               st = ENOMEM;
-       }
-       ldap_value_free(values);
+        if (values[0] != NULL) {
+            if (attr_present!= NULL)
+                *attr_present = TRUE;
+            *retstr = strdup(values[0]);
+            if (*retstr == NULL)
+                st = ENOMEM;
+        }
+        ldap_value_free(values);
     }
     return st;
 }
@@ -1312,12 +1252,8 @@ krb5_ldap_get_string(ld, ent, attribute, retstr, attr_present)
  * of the attribute.
  */
 krb5_error_code
-krb5_ldap_get_strings(ld, ent, attribute, retarr, attr_present)
-    LDAP                        *ld;
-    LDAPMessage                 *ent;
-    char                        *attribute;
-    char                        ***retarr;
-    krb5_boolean                *attr_present;
+krb5_ldap_get_strings(LDAP *ld, LDAPMessage *ent, char *attribute,
+                      char ***retarr, krb5_boolean *attr_present)
 {
     char                        **values=NULL;
     krb5_error_code             st=0;
@@ -1325,48 +1261,44 @@ krb5_ldap_get_strings(ld, ent, attribute, retarr, attr_present)
 
     *retarr = NULL;
     if (attr_present != NULL)
-       *attr_present = FALSE;
+        *attr_present = FALSE;
 
     values=ldap_get_values(ld, ent, attribute);
     if (values != NULL) {
-       if (attr_present != NULL)
-           *attr_present = TRUE;
-
-       count = ldap_count_values(values);
-       *retarr  = (char **) calloc(count+1, sizeof(char *));
-       if (*retarr == NULL) {
-           st = ENOMEM;
-           return st;
-       }
-       for (i=0; i< count; ++i) {
-           (*retarr)[i] = strdup(values[i]);
-           if ((*retarr)[i] == NULL) {
-               st = ENOMEM;
-               goto cleanup;
-           }
-       }
-       ldap_value_free(values);
+        if (attr_present != NULL)
+            *attr_present = TRUE;
+
+        count = ldap_count_values(values);
+        *retarr  = (char **) calloc(count+1, sizeof(char *));
+        if (*retarr == NULL) {
+            st = ENOMEM;
+            return st;
+        }
+        for (i=0; i< count; ++i) {
+            (*retarr)[i] = strdup(values[i]);
+            if ((*retarr)[i] == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+        }
+        ldap_value_free(values);
     }
 
 cleanup:
     if (st != 0) {
-       if (*retarr != NULL) {
-           for (i=0; i< count; ++i)
-               if ((*retarr)[i] != NULL)
-                   free ((*retarr)[i]);
-           free (*retarr);
-       }
+        if (*retarr != NULL) {
+            for (i=0; i< count; ++i)
+                if ((*retarr)[i] != NULL)
+                    free ((*retarr)[i]);
+            free (*retarr);
+        }
     }
     return st;
 }
 
 krb5_error_code
-krb5_ldap_get_time(ld, ent, attribute, rettime, attr_present)
-    LDAP                        *ld;
-    LDAPMessage                 *ent;
-    char                        *attribute;
-    krb5_timestamp              *rettime;
-    krb5_boolean                *attr_present;
+krb5_ldap_get_time(LDAP *ld, LDAPMessage *ent, char *attribute,
+                   krb5_timestamp *rettime, krb5_boolean *attr_present)
 {
     char                         **values=NULL;
     krb5_error_code              st=0;
@@ -1376,11 +1308,11 @@ krb5_ldap_get_time(ld, ent, attribute, rettime, attr_present)
 
     values=ldap_get_values(ld, ent, attribute);
     if (values != NULL) {
-       if (values[0] != NULL) {
-           *attr_present = TRUE;
-           st = getepochtime(values[0], rettime);
-       }
-       ldap_value_free(values);
+        if (values[0] != NULL) {
+            *attr_present = TRUE;
+            st = getepochtime(values[0], rettime);
+        }
+        ldap_value_free(values);
     }
     return st;
 }
@@ -1391,105 +1323,95 @@ krb5_ldap_get_time(ld, ent, attribute, rettime, attr_present)
  */
 
 krb5_error_code
-krb5_add_member(mods, count)
-    LDAPMod          ***mods;
-    int              *count;
+krb5_add_member(LDAPMod ***mods, int *count)
 {
     int i=0;
     LDAPMod **lmods=NULL;
 
     if ((*mods) != NULL) {
-       for (;(*mods)[i] != NULL; ++i)
-           ;
+        for (;(*mods)[i] != NULL; ++i)
+            ;
     }
     lmods = (LDAPMod **) realloc((*mods), (2+i) * sizeof(LDAPMod *));
     if (lmods == NULL)
-       return ENOMEM;
+        return ENOMEM;
 
     *mods = lmods;
     (*mods)[i+1] = NULL;
     (*mods)[i] = (LDAPMod *) calloc(1, sizeof (LDAPMod));
     if ((*mods)[i] == NULL)
-       return ENOMEM;
+        return ENOMEM;
     *count = i;
     return 0;
 }
 
 krb5_error_code
-krb5_add_str_mem_ldap_mod(mods, attribute, op, values)
-    LDAPMod  ***mods;
-    char     *attribute;
-    int      op;
-    char     **values;
-
+krb5_add_str_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op,
+                          char **values)
 {
     int i=0, j=0;
     krb5_error_code   st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-       return st;
+        return st;
 
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-       return ENOMEM;
+        return ENOMEM;
     (*mods)[i]->mod_op = op;
 
     (*mods)[i]->mod_values = NULL;
 
     if (values != NULL) {
-       for (j=0; values[j] != NULL; ++j)
-           ;
-       (*mods)[i]->mod_values = malloc (sizeof(char *) * (j+1));
-       if ((*mods)[i]->mod_values == NULL)
-           return ENOMEM;
-
-       for (j=0; values[j] != NULL; ++j) {
-           (*mods)[i]->mod_values[j] = strdup(values[j]);
-           if ((*mods)[i]->mod_values[j] == NULL)
-               return ENOMEM;
-       }
-       (*mods)[i]->mod_values[j] = NULL;
+        for (j=0; values[j] != NULL; ++j)
+            ;
+        (*mods)[i]->mod_values = malloc (sizeof(char *) * (j+1));
+        if ((*mods)[i]->mod_values == NULL)
+            return ENOMEM;
+
+        for (j=0; values[j] != NULL; ++j) {
+            (*mods)[i]->mod_values[j] = strdup(values[j]);
+            if ((*mods)[i]->mod_values[j] == NULL)
+                return ENOMEM;
+        }
+        (*mods)[i]->mod_values[j] = NULL;
     }
     return 0;
 }
 
 krb5_error_code
-krb5_add_ber_mem_ldap_mod(mods, attribute, op, ber_values)
-    LDAPMod  ***mods;
-    char     *attribute;
-    int      op;
-    struct berval **ber_values;
-
+krb5_add_ber_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op,
+                          struct berval **ber_values)
 {
     int i=0, j=0;
     krb5_error_code   st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-       return st;
+        return st;
 
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-       return ENOMEM;
+        return ENOMEM;
     (*mods)[i]->mod_op = op;
 
     for (j=0; ber_values[j] != NULL; ++j)
-       ;
+        ;
     (*mods)[i]->mod_bvalues = malloc (sizeof(struct berval *) * (j+1));
     if ((*mods)[i]->mod_bvalues == NULL)
-       return ENOMEM;
+        return ENOMEM;
 
     for (j=0; ber_values[j] != NULL; ++j) {
-       (*mods)[i]->mod_bvalues[j] = calloc(1, sizeof(struct berval));
-       if ((*mods)[i]->mod_bvalues[j] == NULL)
-           return ENOMEM;
+        (*mods)[i]->mod_bvalues[j] = calloc(1, sizeof(struct berval));
+        if ((*mods)[i]->mod_bvalues[j] == NULL)
+            return ENOMEM;
 
-       (*mods)[i]->mod_bvalues[j]->bv_len = ber_values[j]->bv_len;
-       (*mods)[i]->mod_bvalues[j]->bv_val = malloc((*mods)[i]->mod_bvalues[j]->bv_len);
-       if ((*mods)[i]->mod_bvalues[j]->bv_val == NULL)
-           return ENOMEM;
+        (*mods)[i]->mod_bvalues[j]->bv_len = ber_values[j]->bv_len;
+        (*mods)[i]->mod_bvalues[j]->bv_val = malloc((*mods)[i]->mod_bvalues[j]->bv_len);
+        if ((*mods)[i]->mod_bvalues[j]->bv_val == NULL)
+            return ENOMEM;
 
-       memcpy((*mods)[i]->mod_bvalues[j]->bv_val, ber_values[j]->bv_val,
-              ber_values[j]->bv_len);
+        memcpy((*mods)[i]->mod_bvalues[j]->bv_val, ber_values[j]->bv_val,
+               ber_values[j]->bv_len);
     }
     (*mods)[i]->mod_bvalues[j] = NULL;
     return 0;
@@ -1504,59 +1426,50 @@ format_d (int val)
 }
 
 krb5_error_code
-krb5_add_int_arr_mem_ldap_mod(mods, attribute, op, value)
-    LDAPMod  ***mods;
-    char     *attribute;
-    int      op;
-    int      *value;
-
+krb5_add_int_arr_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op,
+                              int *value)
 {
     int i=0, j=0;
     krb5_error_code   st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-       return st;
+        return st;
 
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-       return ENOMEM;
+        return ENOMEM;
     (*mods)[i]->mod_op = op;
 
     for (j=0; value[j] != -1; ++j)
-       ;
+        ;
 
     (*mods)[i]->mod_values = malloc(sizeof(char *) * (j+1));
 
     for (j=0; value[j] != -1; ++j) {
-       if (((*mods)[i]->mod_values[j] = format_d(value[j])) == NULL)
-           return ENOMEM;
+        if (((*mods)[i]->mod_values[j] = format_d(value[j])) == NULL)
+            return ENOMEM;
     }
     (*mods)[i]->mod_values[j] = NULL;
     return 0;
 }
 
 krb5_error_code
-krb5_add_int_mem_ldap_mod(mods, attribute, op, value)
-    LDAPMod  ***mods;
-    char     *attribute;
-    int      op;
-    int      value;
-
+krb5_add_int_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op, int value)
 {
     int i=0;
     krb5_error_code      st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-       return st;
+        return st;
 
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-       return ENOMEM;
+        return ENOMEM;
 
     (*mods)[i]->mod_op = op;
     (*mods)[i]->mod_values = calloc (2, sizeof(char *));
     if (((*mods)[i]->mod_values[0] = format_d(value)) == NULL)
-       return ENOMEM;
+        return ENOMEM;
     return 0;
 }
 
@@ -1621,11 +1534,11 @@ krb5_ldap_release_errcode_string(krb5_context kcontext, const char *msg)
  * are a limited number of LDAP handles.
  */
 krb5_error_code
-krb5_ldap_get_reference_count (krb5_context context, char *dn, char *refattr,
-                              int *count, LDAP *ld)
+krb5_ldap_get_reference_count(krb5_context context, char *dn, char *refattr,
+                              int *count, LDAP *ld)
 {
     int                         st = 0, tempst = 0, gothandle = 0;
-    unsigned int               i, ntrees;
+    unsigned int                i, ntrees;
     char                        *refcntattr[2];
     char                        *filter = NULL;
     char                        **subtree = NULL, *ptr = NULL;
@@ -1636,14 +1549,14 @@ krb5_ldap_get_reference_count (krb5_context context, char *dn, char *refattr,
 
 
     if (dn == NULL || refattr == NULL) {
-       st = EINVAL;
-       goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     if (ld == NULL) {
-       GET_HANDLE();
-       gothandle = 1;
+        GET_HANDLE();
+        gothandle = 1;
     }
 
     refcntattr [0] = refattr;
@@ -1651,60 +1564,60 @@ krb5_ldap_get_reference_count (krb5_context context, char *dn, char *refattr,
 
     ptr = ldap_filter_correct (dn);
     if (ptr == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     if (asprintf (&filter, "%s=%s", refattr, ptr) < 0) {
-       filter = NULL;
-       st = ENOMEM;
-       goto cleanup;
+        filter = NULL;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     for (i = 0, *count = 0; i < ntrees; i++) {
-       int n;
-
-       LDAP_SEARCH(subtree[i],
-                   LDAP_SCOPE_SUBTREE,
-                   filter,
-                   refcntattr);
-       n = ldap_count_entries (ld, result);
-       if (n == -1) {
-           int ret, errcode = 0;
-           ret = ldap_parse_result (ld, result, &errcode, NULL, NULL, NULL, NULL, 0);
-           if (ret != LDAP_SUCCESS)
-               errcode = ret;
-           st = translate_ldap_error (errcode, OP_SEARCH);
-           goto cleanup;
-       }
+        int n;
+
+        LDAP_SEARCH(subtree[i],
+                    LDAP_SCOPE_SUBTREE,
+                    filter,
+                    refcntattr);
+        n = ldap_count_entries (ld, result);
+        if (n == -1) {
+            int ret, errcode = 0;
+            ret = ldap_parse_result (ld, result, &errcode, NULL, NULL, NULL, NULL, 0);
+            if (ret != LDAP_SUCCESS)
+                errcode = ret;
+            st = translate_ldap_error (errcode, OP_SEARCH);
+            goto cleanup;
+        }
 
-       ldap_msgfree(result);
-       result = NULL;
+        ldap_msgfree(result);
+        result = NULL;
 
-       *count += n;
+        *count += n;
     }
 
 cleanup:
     if (filter != NULL)
-       free (filter);
+        free (filter);
 
     if (result != NULL)
-       ldap_msgfree (result);
+        ldap_msgfree (result);
 
     if (subtree != NULL) {
-       for (i = 0; i < ntrees; i++)
-           free (subtree[i]);
-       free (subtree);
+        for (i = 0; i < ntrees; i++)
+            free (subtree[i]);
+        free (subtree);
     }
 
     if (ptr != NULL)
-       free (ptr);
+        free (ptr);
 
     if (gothandle == 1)
-       krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+        krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
 
     return st;
 }
@@ -1713,10 +1626,8 @@ cleanup:
  * For now, policy objects are expected to be directly under the realm
  * container.
  */
-krb5_error_code krb5_ldap_policydn_to_name (context, policy_dn, name)
-    krb5_context                context;
-    char                        *policy_dn;
-    char                        **name;
+krb5_error_code
+krb5_ldap_policydn_to_name(krb5_context context, char *policy_dn, char **name)
 {
     int len1, len2;
     krb5_error_code             st = 0;
@@ -1726,59 +1637,59 @@ krb5_error_code krb5_ldap_policydn_to_name (context, policy_dn, name)
     SETUP_CONTEXT();
 
     if (ldap_context->lrparams->realmdn == NULL) {
-       st = EINVAL;
-       goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     len1 = strlen (ldap_context->lrparams->realmdn);
     len2 = strlen (policy_dn);
     if (len1 == 0 || len2 == 0 || len1 > len2) {
-       st = EINVAL;
-       goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     if (strcmp (ldap_context->lrparams->realmdn, policy_dn + (len2 - len1)) != 0) {
-       st = EINVAL;
-       goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
 #if defined HAVE_LDAP_STR2DN
     {
-       char *rdn;
-       LDAPDN dn;
-       rdn = strndup(policy_dn, len2 - len1 - 1); /* 1 character for ',' */
-
-       if (ldap_str2dn (rdn, &dn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PEDANTIC) != 0) {
-           st = EINVAL;
-           goto cleanup;
-       }
-       if (dn[0] == NULL || dn[1] != NULL)
-           st = EINVAL;
-       else if (strcasecmp (dn[0][0]->la_attr.bv_val, "cn") != 0)
-           st = EINVAL;
-       else {
-           *name = strndup(dn[0][0]->la_value.bv_val, dn[0][0]->la_value.bv_len);
-           if (*name == NULL)
-               st = EINVAL;
-       }
-
-       ldap_memfree (dn);
+        char *rdn;
+        LDAPDN dn;
+        rdn = strndup(policy_dn, len2 - len1 - 1); /* 1 character for ',' */
+
+        if (ldap_str2dn (rdn, &dn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PEDANTIC) != 0) {
+            st = EINVAL;
+            goto cleanup;
+        }
+        if (dn[0] == NULL || dn[1] != NULL)
+            st = EINVAL;
+        else if (strcasecmp (dn[0][0]->la_attr.bv_val, "cn") != 0)
+            st = EINVAL;
+        else {
+            *name = strndup(dn[0][0]->la_value.bv_val, dn[0][0]->la_value.bv_len);
+            if (*name == NULL)
+                st = EINVAL;
+        }
+
+        ldap_memfree (dn);
     }
 #elif defined HAVE_LDAP_EXPLODE_DN
     {
-       char **parsed_dn;
-
-       /* 1 = return DN components without type prefix */
-       parsed_dn = ldap_explode_dn(policy_dn, 1);
-       if (parsed_dn == NULL) {
-           st = EINVAL;
-       } else {
-           *name = strdup(parsed_dn[0]);
-           if (*name == NULL)
-               st = EINVAL;
-
-           ldap_value_free(parsed_dn);
-       }
+        char **parsed_dn;
+
+        /* 1 = return DN components without type prefix */
+        parsed_dn = ldap_explode_dn(policy_dn, 1);
+        if (parsed_dn == NULL) {
+            st = EINVAL;
+        } else {
+            *name = strdup(parsed_dn[0]);
+            if (*name == NULL)
+                st = EINVAL;
+
+            ldap_value_free(parsed_dn);
+        }
     }
 #else
     st = EINVAL;
@@ -1788,10 +1699,8 @@ cleanup:
     return st;
 }
 
-krb5_error_code krb5_ldap_name_to_policydn (context, name, policy_dn)
-    krb5_context                context;
-    char                        *name;
-    char                        **policy_dn;
+krb5_error_code
+krb5_ldap_name_to_policydn(krb5_context context, char *name, char **policy_dn)
 {
     int                         len;
     char                        *ptr = NULL;
@@ -1803,29 +1712,29 @@ krb5_error_code krb5_ldap_name_to_policydn (context, name, policy_dn)
 
     /* validate the input parameters */
     if (name == NULL) {
-       st = EINVAL;
-       goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     /* Used for removing policy reference from an object */
     if (name[0] == '\0') {
-       if ((*policy_dn = strdup ("")) == NULL)
-           st = ENOMEM;
-       goto cleanup;
+        if ((*policy_dn = strdup ("")) == NULL)
+            st = ENOMEM;
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
 
     if (ldap_context->lrparams->realmdn == NULL) {
-       st = EINVAL;
-       goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
     len = strlen (ldap_context->lrparams->realmdn);
 
     ptr = ldap_filter_correct (name);
     if (ptr == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     len += strlen (ptr);
 
@@ -1833,21 +1742,22 @@ krb5_error_code krb5_ldap_name_to_policydn (context, name, policy_dn)
 
     *policy_dn = (char *) malloc (len);
     if (*policy_dn == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     sprintf (*policy_dn, "cn=%s,%s", ptr, ldap_context->lrparams->realmdn);
 
 cleanup:
     if (ptr != NULL)
-       free (ptr);
+        free (ptr);
     return st;
 }
 
 /* remove overlapping and repeated subtree entries from the list of subtrees */
 static krb5_error_code
-remove_overlapping_subtrees(char **listin, char **listop, int *subtcount, int sscope)
+remove_overlapping_subtrees(char **listin, char **listop, int *subtcount,
+                            int sscope)
 {
     int     slen=0, k=0, j=0, lendiff=0;
     int     count = *subtcount;
@@ -1855,54 +1765,54 @@ remove_overlapping_subtrees(char **listin, char **listop, int *subtcount, int ss
 
     slen = count-1;
     for (k=0; k<=slen && listin[k]!=NULL ; k++) {
-       for (j=k+1; j<=slen && listin[j]!=NULL ;j++) {
-           lendiff = strlen(listin[k]) - strlen(listin[j]);
-           if (sscope == 2) {
-               if ((lendiff > 0) && (strcasecmp((listin[k])+lendiff, listin[j])==0)) {
-                   if (k != slen) {
-                       free(listin[k]);
-                       listin[k] = listin[slen];
-                       listin[slen] = NULL;
-                   } else {
-                       free(listin[k]);
-                       listin[k] = NULL;
-                   }
-                   slen-=1;
-                   k-=1;
-                   break;
-               } else if ((lendiff < 0) && (strcasecmp((listin[j])+abs(lendiff), listin[k])==0)) {
-                   if (j != slen) {
-                       free(listin[j]);
-                       listin[j] = listin[slen];
-                       listin[slen]=NULL;
-                   } else {
-                       free(listin[j]);
-                       listin[j] = NULL;
-                   }
-                   slen-=1;
-                   j-=1;
-               }
-           }
-           if ((lendiff == 0) && (strcasecmp(listin[j], listin[k])==0)) {
-               if (j != slen) {
-                   free(listin[j]);
-                   listin[j] = listin[slen];
-                   listin[slen]=NULL;
-               } else {
-                   free(listin[j]);
-                   listin[j] = NULL;
-               }
-               slen -=1;
-               j-=1;
-           }
-       }
+        for (j=k+1; j<=slen && listin[j]!=NULL ;j++) {
+            lendiff = strlen(listin[k]) - strlen(listin[j]);
+            if (sscope == 2) {
+                if ((lendiff > 0) && (strcasecmp((listin[k])+lendiff, listin[j])==0)) {
+                    if (k != slen) {
+                        free(listin[k]);
+                        listin[k] = listin[slen];
+                        listin[slen] = NULL;
+                    } else {
+                        free(listin[k]);
+                        listin[k] = NULL;
+                    }
+                    slen-=1;
+                    k-=1;
+                    break;
+                } else if ((lendiff < 0) && (strcasecmp((listin[j])+abs(lendiff), listin[k])==0)) {
+                    if (j != slen) {
+                        free(listin[j]);
+                        listin[j] = listin[slen];
+                        listin[slen]=NULL;
+                    } else {
+                        free(listin[j]);
+                        listin[j] = NULL;
+                    }
+                    slen-=1;
+                    j-=1;
+                }
+            }
+            if ((lendiff == 0) && (strcasecmp(listin[j], listin[k])==0)) {
+                if (j != slen) {
+                    free(listin[j]);
+                    listin[j] = listin[slen];
+                    listin[slen]=NULL;
+                } else {
+                    free(listin[j]);
+                    listin[j] = NULL;
+                }
+                slen -=1;
+                j-=1;
+            }
+        }
     }
     *subtcount=slen+1;
     for (k=0; k<*subtcount && listin[k]!=NULL; k++) {
-       subtree[k] = strdup(listin[k]);
-       if (subtree[k] == NULL) {
-           return ENOMEM;
-       }
+        subtree[k] = strdup(listin[k]);
+        if (subtree[k] == NULL) {
+            return ENOMEM;
+        }
     }
     return 0;
 }
@@ -1912,12 +1822,9 @@ remove_overlapping_subtrees(char **listin, char **listop, int *subtcount, int ss
  * the results of a principal search of the directory.
  */
 krb5_error_code
-populate_krb5_db_entry (krb5_context context,
-                       krb5_ldap_context *ldap_context,
-                       LDAP *ld,
-                       LDAPMessage *ent,
-                       krb5_const_principal princ,
-                       krb5_db_entry *entry)
+populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
+                       LDAP *ld, LDAPMessage *ent, krb5_const_principal princ,
+                       krb5_db_entry *entry)
 {
     krb5_error_code st = 0;
     unsigned int    mask = 0;
@@ -1930,140 +1837,140 @@ populate_krb5_db_entry (krb5_context context,
     char *DN = NULL;
 
     if (princ == NULL) {
-       /* XXX WAF probably should just extract princ from ldap result */
-       st = EINVAL;
-       goto cleanup;
+        /* XXX WAF probably should just extract princ from ldap result */
+        st = EINVAL;
+        goto cleanup;
     } else {
-       if ((st=krb5_copy_principal(context, princ, &(entry->princ))) != 0)
-           goto cleanup;
+        if ((st=krb5_copy_principal(context, princ, &(entry->princ))) != 0)
+            goto cleanup;
     }
     /* get the associated directory user information */
     if ((values = ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
-       int i, pcount=0, kerberos_principal_object_type=0;
-       char *user;
-
-       if ((st=krb5_unparse_name(context, princ, &user)) != 0)
-           goto cleanup;
-
-       for (i=0; values[i] != NULL; ++i) {
-           if (strcasecmp(values[i], user) == 0) {
-               pcount = ldap_count_values(values);
-               break;
-           }
-       }
-       ldap_value_free(values);
-       free(user);
-
-       if ((DN = ldap_get_dn(ld, ent)) == NULL) {
-           ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &st);
-           st = set_ldap_error(context, st, 0);
-           goto cleanup;
-       }
-
-       if ((values=ldap_get_values(ld, ent, "objectclass")) != NULL) {
-           for (i=0; values[i] != NULL; ++i)
-               if (strcasecmp(values[i], "krbprincipal") == 0) {
-                   kerberos_principal_object_type = KDB_STANDALONE_PRINCIPAL_OBJECT;
-                   if ((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCTYPE,
-                               &kerberos_principal_object_type)) != 0)
-                       goto cleanup;
-                   break;
-               }
-           ldap_value_free(values);
-       }
-
-       /* add principalcount, DN and principaltype user information to tl_data */
-       if (((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCCOUNT, &pcount)) != 0) ||
-           ((st=store_tl_data(&userinfo_tl_data, KDB_TL_USERDN, DN)) != 0))
-           goto cleanup;
+        int i, pcount=0, kerberos_principal_object_type=0;
+        char *user;
+
+        if ((st=krb5_unparse_name(context, princ, &user)) != 0)
+            goto cleanup;
+
+        for (i=0; values[i] != NULL; ++i) {
+            if (strcasecmp(values[i], user) == 0) {
+                pcount = ldap_count_values(values);
+                break;
+            }
+        }
+        ldap_value_free(values);
+        free(user);
+
+        if ((DN = ldap_get_dn(ld, ent)) == NULL) {
+            ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &st);
+            st = set_ldap_error(context, st, 0);
+            goto cleanup;
+        }
+
+        if ((values=ldap_get_values(ld, ent, "objectclass")) != NULL) {
+            for (i=0; values[i] != NULL; ++i)
+                if (strcasecmp(values[i], "krbprincipal") == 0) {
+                    kerberos_principal_object_type = KDB_STANDALONE_PRINCIPAL_OBJECT;
+                    if ((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCTYPE,
+                                          &kerberos_principal_object_type)) != 0)
+                        goto cleanup;
+                    break;
+                }
+            ldap_value_free(values);
+        }
+
+        /* add principalcount, DN and principaltype user information to tl_data */
+        if (((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCCOUNT, &pcount)) != 0) ||
+            ((st=store_tl_data(&userinfo_tl_data, KDB_TL_USERDN, DN)) != 0))
+            goto cleanup;
     }
 
     /* read all the kerberos attributes */
 
     /* KRBLASTSUCCESSFULAUTH */
     if ((st=krb5_ldap_get_time(ld, ent, "krbLastSuccessfulAuth",
-               &(entry->last_success), &attr_present)) != 0)
-       goto cleanup;
+                               &(entry->last_success), &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE)
-       mask |= KDB_LAST_SUCCESS_ATTR;
+        mask |= KDB_LAST_SUCCESS_ATTR;
 
     /* KRBLASTFAILEDAUTH */
     if ((st=krb5_ldap_get_time(ld, ent, "krbLastFailedAuth",
-               &(entry->last_failed), &attr_present)) != 0)
-       goto cleanup;
+                               &(entry->last_failed), &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE)
-       mask |= KDB_LAST_FAILED_ATTR;
+        mask |= KDB_LAST_FAILED_ATTR;
 
     /* KRBLOGINFAILEDCOUNT */
     if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount",
-           &(entry->fail_auth_count)) == 0)
-       mask |= KDB_FAIL_AUTH_COUNT_ATTR;
+                            &(entry->fail_auth_count)) == 0)
+        mask |= KDB_FAIL_AUTH_COUNT_ATTR;
 
     /* KRBMAXTICKETLIFE */
     if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &(entry->max_life)) == 0)
-       mask |= KDB_MAX_LIFE_ATTR;
+        mask |= KDB_MAX_LIFE_ATTR;
 
     /* KRBMAXRENEWABLEAGE */
     if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage",
-           &(entry->max_renewable_life)) == 0)
-       mask |= KDB_MAX_RLIFE_ATTR;
+                            &(entry->max_renewable_life)) == 0)
+        mask |= KDB_MAX_RLIFE_ATTR;
 
     /* KRBTICKETFLAGS */
     if (krb5_ldap_get_value(ld, ent, "krbticketflags", &(entry->attributes)) == 0)
-       mask |= KDB_TKT_FLAGS_ATTR;
+        mask |= KDB_TKT_FLAGS_ATTR;
 
     /* PRINCIPAL EXPIRATION TIME */
     if ((st=krb5_ldap_get_time(ld, ent, "krbprincipalexpiration", &(entry->expiration),
-               &attr_present)) != 0)
-       goto cleanup;
+                               &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE)
-       mask |= KDB_PRINC_EXPIRE_TIME_ATTR;
+        mask |= KDB_PRINC_EXPIRE_TIME_ATTR;
 
     /* PASSWORD EXPIRATION TIME */
     if ((st=krb5_ldap_get_time(ld, ent, "krbpasswordexpiration", &(entry->pw_expiration),
-               &attr_present)) != 0)
-       goto cleanup;
+                               &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE)
-       mask |= KDB_PWD_EXPIRE_TIME_ATTR;
+        mask |= KDB_PWD_EXPIRE_TIME_ATTR;
 
     /* KRBPOLICYREFERENCE */
 
     if ((st=krb5_ldap_get_string(ld, ent, "krbticketpolicyreference", &policydn,
-               &attr_present)) != 0)
-       goto cleanup;
+                                 &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE) {
-       mask |= KDB_POL_REF_ATTR;
-       /* Ensure that the policy is inside the realm container */
-       if ((st = krb5_ldap_policydn_to_name (context, policydn, &tktpolname)) != 0)
-           goto cleanup;
+        mask |= KDB_POL_REF_ATTR;
+        /* Ensure that the policy is inside the realm container */
+        if ((st = krb5_ldap_policydn_to_name (context, policydn, &tktpolname)) != 0)
+            goto cleanup;
     }
 
     /* KRBPWDPOLICYREFERENCE */
     if ((st=krb5_ldap_get_string(ld, ent, "krbpwdpolicyreference", &pwdpolicydn,
-               &attr_present)) != 0)
-       goto cleanup;
+                                 &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE) {
-       krb5_tl_data  kadm_tl_data;
+        krb5_tl_data  kadm_tl_data;
 
-       mask |= KDB_PWD_POL_REF_ATTR;
+        mask |= KDB_PWD_POL_REF_ATTR;
 
-       /* Ensure that the policy is inside the realm container */
-       if ((st = krb5_ldap_policydn_to_name (context, pwdpolicydn, &polname)) != 0)
-           goto cleanup;
+        /* Ensure that the policy is inside the realm container */
+        if ((st = krb5_ldap_policydn_to_name (context, pwdpolicydn, &polname)) != 0)
+            goto cleanup;
 
-       if ((st = krb5_update_tl_kadm_data(polname, &kadm_tl_data)) != 0) {
-           goto cleanup;
-       }
-       krb5_dbe_update_tl_data(context, entry, &kadm_tl_data);
+        if ((st = krb5_update_tl_kadm_data(polname, &kadm_tl_data)) != 0) {
+            goto cleanup;
+        }
+        krb5_dbe_update_tl_data(context, entry, &kadm_tl_data);
     }
 
     /* KRBSECRETKEY */
     if ((bvalues=ldap_get_values_len(ld, ent, "krbprincipalkey")) != NULL) {
         krb5_kvno mkvno = 0;
 
-       mask |= KDB_SECRET_KEY_ATTR;
-       if ((st=krb5_decode_krbsecretkey(context, entry, bvalues, &userinfo_tl_data, &mkvno)) != 0)
-           goto cleanup;
+        mask |= KDB_SECRET_KEY_ATTR;
+        if ((st=krb5_decode_krbsecretkey(context, entry, bvalues, &userinfo_tl_data, &mkvno)) != 0)
+            goto cleanup;
         if (mkvno != 0) {
             /* don't add the tl data if mkvno == 0 */
             if ((st=krb5_dbe_update_mkvno(context, entry, mkvno)) != 0)
@@ -2073,155 +1980,155 @@ populate_krb5_db_entry (krb5_context context,
 
     /* LAST PASSWORD CHANGE */
     {
-       krb5_timestamp lstpwdchng=0;
-       if ((st=krb5_ldap_get_time(ld, ent, "krbLastPwdChange",
-                   &lstpwdchng, &attr_present)) != 0)
-           goto cleanup;
-       if (attr_present == TRUE) {
-           if ((st=krb5_dbe_update_last_pwd_change(context, entry,
-                       lstpwdchng)))
-               goto cleanup;
-           mask |= KDB_LAST_PWD_CHANGE_ATTR;
-       }
+        krb5_timestamp lstpwdchng=0;
+        if ((st=krb5_ldap_get_time(ld, ent, "krbLastPwdChange",
+                                   &lstpwdchng, &attr_present)) != 0)
+            goto cleanup;
+        if (attr_present == TRUE) {
+            if ((st=krb5_dbe_update_last_pwd_change(context, entry,
+                                                    lstpwdchng)))
+                goto cleanup;
+            mask |= KDB_LAST_PWD_CHANGE_ATTR;
+        }
     }
 
     /* ALLOWED TO DELEGATE TO */
     {
-       char **a2d2 = NULL;
-       int i;
-       krb5_tl_data **tlp;
-
-       st = krb5_ldap_get_strings(ld, ent, "krbAllowedToDelegateTo",
-                                  &a2d2, &attr_present);
-       if (st != 0)
-           goto cleanup;
-
-       if (attr_present == TRUE) {
-           for (tlp = &entry->tl_data; *tlp; tlp = &(*tlp)->tl_data_next)
-               ;
-           for (i = 0; a2d2[i] != NULL; i++) {
-               krb5_tl_data *tl = k5alloc(sizeof(*tl), &st);
-               if (st != 0) {
-                   ldap_value_free(a2d2);
-                   goto cleanup;
-               }
-               tl->tl_data_type = KRB5_TL_CONSTRAINED_DELEGATION_ACL;
-               tl->tl_data_length = strlen(a2d2[i]);
-               tl->tl_data_contents = (krb5_octet *)strdup(a2d2[i]);
-               if (tl->tl_data_contents == NULL) {
-                   st = ENOMEM;
-                   ldap_value_free(a2d2);
-                   free(tl);
-                   goto cleanup;
-               }
-               tl->tl_data_next = NULL;
-               *tlp = tl;
-               tlp = &tl->tl_data_next;
-           }
-           ldap_value_free(a2d2);
-       }
+        char **a2d2 = NULL;
+        int i;
+        krb5_tl_data **tlp;
+
+        st = krb5_ldap_get_strings(ld, ent, "krbAllowedToDelegateTo",
+                                   &a2d2, &attr_present);
+        if (st != 0)
+            goto cleanup;
+
+        if (attr_present == TRUE) {
+            for (tlp = &entry->tl_data; *tlp; tlp = &(*tlp)->tl_data_next)
+                ;
+            for (i = 0; a2d2[i] != NULL; i++) {
+                krb5_tl_data *tl = k5alloc(sizeof(*tl), &st);
+                if (st != 0) {
+                    ldap_value_free(a2d2);
+                    goto cleanup;
+                }
+                tl->tl_data_type = KRB5_TL_CONSTRAINED_DELEGATION_ACL;
+                tl->tl_data_length = strlen(a2d2[i]);
+                tl->tl_data_contents = (krb5_octet *)strdup(a2d2[i]);
+                if (tl->tl_data_contents == NULL) {
+                    st = ENOMEM;
+                    ldap_value_free(a2d2);
+                    free(tl);
+                    goto cleanup;
+                }
+                tl->tl_data_next = NULL;
+                *tlp = tl;
+                tlp = &tl->tl_data_next;
+            }
+            ldap_value_free(a2d2);
+        }
     }
 
     /* KRBOBJECTREFERENCES */
     {
-       int i=0;
-
-       if ((st = krb5_ldap_get_strings(ld, ent, "krbobjectreferences",
-                   &link_references, &attr_present)) != 0)
-           goto cleanup;
-       if (link_references != NULL) {
-           for (i=0; link_references[i] != NULL; ++i) {
-               if ((st = store_tl_data(&userinfo_tl_data, KDB_TL_LINKDN,
-                           link_references[i])) != 0)
-                   goto cleanup;
-           }
-       }
+        int i=0;
+
+        if ((st = krb5_ldap_get_strings(ld, ent, "krbobjectreferences",
+                                        &link_references, &attr_present)) != 0)
+            goto cleanup;
+        if (link_references != NULL) {
+            for (i=0; link_references[i] != NULL; ++i) {
+                if ((st = store_tl_data(&userinfo_tl_data, KDB_TL_LINKDN,
+                                        link_references[i])) != 0)
+                    goto cleanup;
+            }
+        }
     }
 
     /* Set tl_data */
     {
-       int i;
-       struct berval **ber_tl_data = NULL;
-       krb5_tl_data *ptr = NULL;
-
-       if ((ber_tl_data = ldap_get_values_len (ld, ent, "krbExtraData")) != NULL) {
-           for (i = 0; ber_tl_data[i] != NULL; i++) {
-               if ((st = berval2tl_data (ber_tl_data[i] , &ptr)) != 0)
-                   break;
-               if ((st = krb5_dbe_update_tl_data(context, entry, ptr)) != 0)
-                   break;
-           }
-           ldap_value_free_len (ber_tl_data);
-           if (st != 0)
-               goto cleanup;
-           mask |= KDB_EXTRA_DATA_ATTR;
-       }
+        int i;
+        struct berval **ber_tl_data = NULL;
+        krb5_tl_data *ptr = NULL;
+
+        if ((ber_tl_data = ldap_get_values_len (ld, ent, "krbExtraData")) != NULL) {
+            for (i = 0; ber_tl_data[i] != NULL; i++) {
+                if ((st = berval2tl_data (ber_tl_data[i] , &ptr)) != 0)
+                    break;
+                if ((st = krb5_dbe_update_tl_data(context, entry, ptr)) != 0)
+                    break;
+            }
+            ldap_value_free_len (ber_tl_data);
+            if (st != 0)
+                goto cleanup;
+            mask |= KDB_EXTRA_DATA_ATTR;
+        }
     }
 
     /* update the mask of attributes present on the directory object to the tl_data */
     if ((st=store_tl_data(&userinfo_tl_data, KDB_TL_MASK, &mask)) != 0)
-       goto cleanup;
+        goto cleanup;
     if ((st=krb5_dbe_update_tl_data(context, entry, &userinfo_tl_data)) != 0)
-       goto cleanup;
+        goto cleanup;
 
 #ifdef HAVE_EDIRECTORY
     {
-       krb5_timestamp              expiretime=0;
-       char                        *is_login_disabled=NULL;
-
-       /* LOGIN EXPIRATION TIME */
-       if ((st=krb5_ldap_get_time(ld, ent, "loginexpirationtime", &expiretime,
-                   &attr_present)) != 0)
-           goto cleanup;
-
-       if (attr_present == TRUE) {
-           if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {
-               if (expiretime < entry->expiration)
-                   entry->expiration = expiretime;
-           } else {
-               entry->expiration = expiretime;
-           }
-       }
-
-       /* LOGIN DISABLED */
-       if ((st=krb5_ldap_get_string(ld, ent, "logindisabled", &is_login_disabled,
-                   &attr_present)) != 0)
-           goto cleanup;
-       if (attr_present == TRUE) {
-           if (strcasecmp(is_login_disabled, "TRUE")== 0)
-               entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-           free (is_login_disabled);
-       }
+        krb5_timestamp              expiretime=0;
+        char                        *is_login_disabled=NULL;
+
+        /* LOGIN EXPIRATION TIME */
+        if ((st=krb5_ldap_get_time(ld, ent, "loginexpirationtime", &expiretime,
+                                   &attr_present)) != 0)
+            goto cleanup;
+
+        if (attr_present == TRUE) {
+            if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {
+                if (expiretime < entry->expiration)
+                    entry->expiration = expiretime;
+            } else {
+                entry->expiration = expiretime;
+            }
+        }
+
+        /* LOGIN DISABLED */
+        if ((st=krb5_ldap_get_string(ld, ent, "logindisabled", &is_login_disabled,
+                                     &attr_present)) != 0)
+            goto cleanup;
+        if (attr_present == TRUE) {
+            if (strcasecmp(is_login_disabled, "TRUE")== 0)
+                entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+            free (is_login_disabled);
+        }
     }
 #endif
 
     if ((st=krb5_read_tkt_policy (context, ldap_context, entry, tktpolname)) !=0)
-       goto cleanup;
+        goto cleanup;
 
     /* We already know that the policy is inside the realm container. */
     if (polname) {
-       osa_policy_ent_t   pwdpol;
-       int                cnt=0;
-       krb5_timestamp     last_pw_changed;
-       krb5_ui_4          pw_max_life;
+        osa_policy_ent_t   pwdpol;
+        int                cnt=0;
+        krb5_timestamp     last_pw_changed;
+        krb5_ui_4          pw_max_life;
 
-       memset(&pwdpol, 0, sizeof(pwdpol));
+        memset(&pwdpol, 0, sizeof(pwdpol));
 
-       if ((st=krb5_ldap_get_password_policy(context, polname, &pwdpol, &cnt)) != 0)
-           goto cleanup;
-       pw_max_life = pwdpol->pw_max_life;
-       free (pwdpol);
+        if ((st=krb5_ldap_get_password_policy(context, polname, &pwdpol, &cnt)) != 0)
+            goto cleanup;
+        pw_max_life = pwdpol->pw_max_life;
+        free (pwdpol);
 
-       if (pw_max_life > 0) {
-           if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0)
-               goto cleanup;
+        if (pw_max_life > 0) {
+            if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0)
+                goto cleanup;
 
-           if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) {
-               if ((last_pw_changed + pw_max_life) < entry->pw_expiration)
-                   entry->pw_expiration = last_pw_changed + pw_max_life;
-           } else
-               entry->pw_expiration = last_pw_changed + pw_max_life;
-       }
+            if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) {
+                if ((last_pw_changed + pw_max_life) < entry->pw_expiration)
+                    entry->pw_expiration = last_pw_changed + pw_max_life;
+            } else
+                entry->pw_expiration = last_pw_changed + pw_max_life;
+        }
     }
     /* XXX so krb5_encode_princ_contents() will be happy */
     entry->len = KRB5_KDB_V1_BASE_LENGTH;
@@ -2229,22 +2136,22 @@ populate_krb5_db_entry (krb5_context context,
 cleanup:
 
     if (DN != NULL)
-       ldap_memfree(DN);
+        ldap_memfree(DN);
 
     if (userinfo_tl_data.tl_data_contents != NULL)
-       free(userinfo_tl_data.tl_data_contents);
+        free(userinfo_tl_data.tl_data_contents);
 
     if (pwdpolicydn != NULL)
-       free(pwdpolicydn);
+        free(pwdpolicydn);
 
     if (polname != NULL)
-       free(polname);
+        free(polname);
 
     if (tktpolname != NULL)
-       free (tktpolname);
+        free (tktpolname);
 
     if (policydn != NULL)
-       free(policydn);
+        free(policydn);
 
     if (link_references) {
         int i;
@@ -2282,18 +2189,18 @@ ldap_initialize(LDAP **ldp, char *url)
 #endif
     if (rc == 0) {
 
-       ld = ldap_init(ludp->lud_host, ludp->lud_port);
-       if (ld != NULL) {
-           *ldp = ld;
+        ld = ldap_init(ludp->lud_host, ludp->lud_port);
+        if (ld != NULL) {
+            *ldp = ld;
 #if 0
-           printf("lud_host %s lud_port %d\n", ludp->lud_host,
-                  ludp->lud_port);
+            printf("lud_host %s lud_port %d\n", ludp->lud_host,
+                   ludp->lud_port);
 #endif
-       }
-       else
-           rc = KRB5_KDB_ACCESS_ERROR;
+        }
+        else
+            rc = KRB5_KDB_ACCESS_ERROR;
 
-       ldap_free_urldesc(ludp);
+        ldap_free_urldesc(ludp);
     }
     return rc;
 }
index 27531a8da2b636935bed074b08dc911fa48bea59..a1d7edc1528fb095633469eae12ea7992716ac25 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_misc.h
  *
@@ -144,11 +145,11 @@ krb5_ldap_get_db_opt(char *, char **, char **);
 
 krb5_error_code
 populate_krb5_db_entry(krb5_context context,
-    krb5_ldap_context *ldap_context,
-    LDAP *ld,
-    LDAPMessage *ent,
-    krb5_const_principal princ,
-    krb5_db_entry *entry);
+                       krb5_ldap_context *ldap_context,
+                       LDAP *ld,
+                       LDAPMessage *ent,
+                       krb5_const_principal princ,
+                       krb5_db_entry *entry);
 
 int kldap_ensure_initialized (void);
 
index c59944406cda9ce2efa9c3ad60fb801ecf71c55d..5fcc92b68df51710ab41ae464bb935bd06ebfe60 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_principal.c
  *
 
 struct timeval timelimit = {300, 0};  /* 5 minutes */
 char     *principal_attributes[] = { "krbprincipalname",
-                                    "krbcanonicalname",
-                                    "objectclass",
-                                    "krbprincipalkey",
-                                    "krbmaxrenewableage",
-                                    "krbmaxticketlife",
-                                    "krbticketflags",
-                                    "krbprincipalexpiration",
-                                    "krbticketpolicyreference",
-                                    "krbUpEnabled",
-                                    "krbpwdpolicyreference",
-                                    "krbpasswordexpiration",
+                                     "krbcanonicalname",
+                                     "objectclass",
+                                     "krbprincipalkey",
+                                     "krbmaxrenewableage",
+                                     "krbmaxticketlife",
+                                     "krbticketflags",
+                                     "krbprincipalexpiration",
+                                     "krbticketpolicyreference",
+                                     "krbUpEnabled",
+                                     "krbpwdpolicyreference",
+                                     "krbpasswordexpiration",
                                      "krbLastFailedAuth",
                                      "krbLoginFailedCount",
                                      "krbLastSuccessfulAuth",
 #ifdef HAVE_EDIRECTORY
-                                    "loginexpirationtime",
-                                    "logindisabled",
+                                     "loginexpirationtime",
+                                     "logindisabled",
 #endif
-                                    "krbLastPwdChange",
-                                    "krbExtraData",
-                                    "krbObjectReferences",
-                                    "krbAllowedToDelegateTo",
-                                    NULL };
+                                     "krbLastPwdChange",
+                                     "krbExtraData",
+                                     "krbObjectReferences",
+                                     "krbAllowedToDelegateTo",
+                                     NULL };
 
 /* Must match KDB_*_ATTR macros in ldap_principal.h.  */
 static char *attributes_set[] = { "krbmaxticketlife",
-                                 "krbmaxrenewableage",
-                                 "krbticketflags",
-                                 "krbprincipalexpiration",
-                                 "krbticketpolicyreference",
-                                 "krbUpEnabled",
-                                 "krbpwdpolicyreference",
-                                 "krbpasswordexpiration",
-                                 "krbprincipalkey",
+                                  "krbmaxrenewableage",
+                                  "krbticketflags",
+                                  "krbprincipalexpiration",
+                                  "krbticketpolicyreference",
+                                  "krbUpEnabled",
+                                  "krbpwdpolicyreference",
+                                  "krbpasswordexpiration",
+                                  "krbprincipalkey",
                                   "krblastpwdchange",
                                   "krbextradata",
                                   "krbLastSuccessfulAuth",
                                   "krbLastFailedAuth",
                                   "krbLoginFailedCount",
-                                 NULL };
+                                  NULL };
 
 void
-krb5_dbe_free_contents(context, entry)
-    krb5_context        context;
-    krb5_db_entry      *entry;
+krb5_dbe_free_contents(krb5_context context, krb5_db_entry *entry)
 {
-    krb5_tl_data       *tl_data_next=NULL;
-    krb5_tl_data       *tl_data=NULL;
+    krb5_tl_data        *tl_data_next=NULL;
+    krb5_tl_data        *tl_data=NULL;
     int i, j;
 
     if (entry->e_data)
-       free(entry->e_data);
+        free(entry->e_data);
     if (entry->princ)
-       krb5_free_principal(context, entry->princ);
+        krb5_free_principal(context, entry->princ);
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
-       tl_data_next = tl_data->tl_data_next;
-       if (tl_data->tl_data_contents)
-           free(tl_data->tl_data_contents);
-       free(tl_data);
+        tl_data_next = tl_data->tl_data_next;
+        if (tl_data->tl_data_contents)
+            free(tl_data->tl_data_contents);
+        free(tl_data);
     }
     if (entry->key_data) {
-       for (i = 0; i < entry->n_key_data; i++) {
-           for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
-               if (entry->key_data[i].key_data_length[j]) {
-                   if (entry->key_data[i].key_data_contents[j]) {
-                       memset(entry->key_data[i].key_data_contents[j],
-                              0,
-                              (unsigned) entry->key_data[i].key_data_length[j]);
-                       free (entry->key_data[i].key_data_contents[j]);
-                   }
-               }
-               entry->key_data[i].key_data_contents[j] = NULL;
-               entry->key_data[i].key_data_length[j] = 0;
-               entry->key_data[i].key_data_type[j] = 0;
-           }
-       }
-       free(entry->key_data);
+        for (i = 0; i < entry->n_key_data; i++) {
+            for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+                if (entry->key_data[i].key_data_length[j]) {
+                    if (entry->key_data[i].key_data_contents[j]) {
+                        memset(entry->key_data[i].key_data_contents[j],
+                               0,
+                               (unsigned) entry->key_data[i].key_data_length[j]);
+                        free (entry->key_data[i].key_data_contents[j]);
+                    }
+                }
+                entry->key_data[i].key_data_contents[j] = NULL;
+                entry->key_data[i].key_data_length[j] = 0;
+                entry->key_data[i].key_data_type[j] = 0;
+            }
+        }
+        free(entry->key_data);
     }
     memset(entry, 0, sizeof(*entry));
     return;
@@ -124,23 +123,19 @@ krb5_dbe_free_contents(context, entry)
 
 
 krb5_error_code
-krb5_ldap_free_principal(kcontext , entries, nentries)
-    krb5_context  kcontext;
-    krb5_db_entry *entries;
-    int           nentries;
+krb5_ldap_free_principal(krb5_context kcontext, krb5_db_entry *entries,
+                         int nentries)
 {
     register int i;
     for (i = 0; i < nentries; i++)
-       krb5_dbe_free_contents(kcontext, &entries[i]);
+        krb5_dbe_free_contents(kcontext, &entries[i]);
     return 0;
 }
 
 krb5_error_code
-krb5_ldap_iterate(context, match_expr, func, func_arg)
-    krb5_context           context;
-    char                   *match_expr;
-    krb5_error_code        (*func) (krb5_pointer, krb5_db_entry *);
-    krb5_pointer           func_arg;
+krb5_ldap_iterate(krb5_context context, char *match_expr,
+                  krb5_error_code (*func)(krb5_pointer, krb5_db_entry *),
+                  krb5_pointer func_arg)
 {
     krb5_db_entry            entry;
     krb5_principal           principal;
@@ -162,68 +157,68 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
 
     realm = ldap_context->lrparams->realm_name;
     if (realm == NULL) {
-       realm = context->default_realm;
-       if (realm == NULL) {
-           st = EINVAL;
-           krb5_set_error_message(context, st, "Default realm not set");
-           goto cleanup;
-       }
+        realm = context->default_realm;
+        if (realm == NULL) {
+            st = EINVAL;
+            krb5_set_error_message(context, st, "Default realm not set");
+            goto cleanup;
+        }
     }
 
     /*
      * If no match_expr then iterate through all krb princs like the db2 plugin
      */
     if (match_expr == NULL)
-       match_expr = default_match_expr;
+        match_expr = default_match_expr;
 
     if (asprintf(&filter, FILTER"%s))", match_expr) < 0)
-       filter = NULL;
+        filter = NULL;
     CHECK_NULL(filter);
 
     if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     GET_HANDLE();
 
     for (tree=0; tree < ntree; ++tree) {
 
-       LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
-       for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
-           values=ldap_get_values(ld, ent, "krbcanonicalname");
-           if (values == NULL)
-               values=ldap_get_values(ld, ent, "krbprincipalname");
-           if (values != NULL) {
-               for (i=0; values[i] != NULL; ++i) {
-                   if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
-                       continue;
-                   if (krb5_parse_name(context, princ_name, &principal) != 0)
-                       continue;
-                   if (is_principal_in_realm(ldap_context, principal) == 0) {
-                       if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent, principal,
-                                   &entry)) != 0)
-                           goto cleanup;
-                       (*func)(func_arg, &entry);
-                       krb5_dbe_free_contents(context, &entry);
-                       (void) krb5_free_principal(context, principal);
-                       free(princ_name);
-                       break;
-                   }
-                   (void) krb5_free_principal(context, principal);
-                   free(princ_name);
-               }
-               ldap_value_free(values);
-           }
-       } /* end of for (ent= ... */
-       ldap_msgfree(result);
+        LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
+        for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
+            values=ldap_get_values(ld, ent, "krbcanonicalname");
+            if (values == NULL)
+                values=ldap_get_values(ld, ent, "krbprincipalname");
+            if (values != NULL) {
+                for (i=0; values[i] != NULL; ++i) {
+                    if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
+                        continue;
+                    if (krb5_parse_name(context, princ_name, &principal) != 0)
+                        continue;
+                    if (is_principal_in_realm(ldap_context, principal) == 0) {
+                        if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent, principal,
+                                                         &entry)) != 0)
+                            goto cleanup;
+                        (*func)(func_arg, &entry);
+                        krb5_dbe_free_contents(context, &entry);
+                        (void) krb5_free_principal(context, principal);
+                        free(princ_name);
+                        break;
+                    }
+                    (void) krb5_free_principal(context, principal);
+                    free(princ_name);
+                }
+                ldap_value_free(values);
+            }
+        } /* end of for (ent= ... */
+        ldap_msgfree(result);
     } /* end of for (tree= ... */
 
 cleanup:
     if (filter)
-       free (filter);
+        free (filter);
 
     for (;ntree; --ntree)
-       if (subtree[ntree-1])
-           free (subtree[ntree-1]);
+        if (subtree[ntree-1])
+            free (subtree[ntree-1]);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -234,15 +229,13 @@ cleanup:
  * delete a principal from the directory.
  */
 krb5_error_code
-krb5_ldap_delete_principal(context, searchfor, nentries)
-    krb5_context context;
-    krb5_const_principal searchfor;
-    int *nentries;             /* how many found & deleted */
+krb5_ldap_delete_principal(krb5_context context,
+                           krb5_const_principal searchfor, int *nentries)
 {
     char                      *user=NULL, *DN=NULL, *strval[10] = {NULL};
     LDAPMod                   **mods=NULL;
     LDAP                      *ld=NULL;
-    int                      j=0, ptype=0, pcount=0, attrsetmask=0;
+    int                       j=0, ptype=0, pcount=0, attrsetmask=0;
     krb5_error_code           st=0;
     krb5_boolean              singleentry=FALSE;
     KEY                       *secretkey=NULL;
@@ -258,18 +251,18 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
     SETUP_CONTEXT();
     /* get the principal info */
     if ((st=krb5_ldap_get_principal(context, searchfor, 0, &entries, nentries, &more)) != 0 || *nentries == 0)
-       goto cleanup;
+        goto cleanup;
 
     if (((st=krb5_get_princ_type(context, &entries, &(ptype))) != 0) ||
-       ((st=krb5_get_attributes_mask(context, &entries, &(attrsetmask))) != 0) ||
-       ((st=krb5_get_princ_count(context, &entries, &(pcount))) != 0) ||
-       ((st=krb5_get_userdn(context, &entries, &(DN))) != 0))
-       goto cleanup;
+        ((st=krb5_get_attributes_mask(context, &entries, &(attrsetmask))) != 0) ||
+        ((st=krb5_get_princ_count(context, &entries, &(pcount))) != 0) ||
+        ((st=krb5_get_userdn(context, &entries, &(DN))) != 0))
+        goto cleanup;
 
     if (DN == NULL) {
-       st = EINVAL;
-       krb5_set_error_message(context, st, "DN information missing");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "DN information missing");
+        goto cleanup;
     }
 
     GET_HANDLE();
@@ -281,90 +274,90 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
             goto cleanup;
         }
     } else {
-       if (((st=krb5_unparse_name(context, searchfor, &user)) != 0)
-           || ((st=krb5_ldap_unparse_principal_name(user)) != 0))
-           goto cleanup;
-
-       memset(strval, 0, sizeof(strval));
-       strval[0] = user;
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_DELETE,
-                                         strval)) != 0)
-           goto cleanup;
-
-       singleentry = (pcount == 1) ? TRUE: FALSE;
-       if (singleentry == FALSE) {
-           if (secretkey != NULL) {
-               if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey", LDAP_MOD_DELETE | LDAP_MOD_BVALUES,
-                                                 secretkey->keys)) != 0)
-                   goto cleanup;
-           }
-       } else {
-           /*
-            * If the Kerberos user principal to be deleted happens to be the last one associated
-            * with the directory user object, then it is time to delete the other kerberos
-            * specific attributes like krbmaxticketlife, i.e, unkerberize the directory user.
-            * From the attrsetmask value, identify the attributes set on the directory user
-            * object and delete them.
-            * NOTE: krbsecretkey attribute has per principal entries. There can be chances that the
-            * other principals' keys are exisiting/left-over. So delete all the values.
-            */
-           while (attrsetmask) {
-               if (attrsetmask & 1) {
-                   if ((st=krb5_add_str_mem_ldap_mod(&mods, attributes_set[j], LDAP_MOD_DELETE,
-                                                     NULL)) != 0)
-                       goto cleanup;
-               }
-               attrsetmask >>= 1;
-               ++j;
-           }
-
-           /* the same should be done with the objectclass attributes */
-           {
-               char *attrvalues[] = {"krbticketpolicyaux", "krbprincipalaux", NULL};
-/*             char *attrvalues[] = {"krbpwdpolicyrefaux", "krbticketpolicyaux", "krbprincipalaux", NULL};  */
-               int p, q, r=0, amask=0;
-
-               if ((st=checkattributevalue(ld, DN, "objectclass", attrvalues, &amask)) != 0)
-                   goto cleanup;
-               memset(strval, 0, sizeof(strval));
-               for (p=1, q=0; p<=4; p<<=1, ++q)
-                   if (p & amask)
-                       strval[r++] = attrvalues[q];
-               strval[r] = NULL;
-               if (r > 0) {
-                   if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_DELETE,
-                                                     strval)) != 0)
-                       goto cleanup;
-               }
-           }
-       }
-       st=ldap_modify_ext_s(ld, DN, mods, NULL, NULL);
-       if (st != LDAP_SUCCESS) {
-           st = set_ldap_error(context, st, OP_MOD);
-           goto cleanup;
-       }
+        if (((st=krb5_unparse_name(context, searchfor, &user)) != 0)
+            || ((st=krb5_ldap_unparse_principal_name(user)) != 0))
+            goto cleanup;
+
+        memset(strval, 0, sizeof(strval));
+        strval[0] = user;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_DELETE,
+                                          strval)) != 0)
+            goto cleanup;
+
+        singleentry = (pcount == 1) ? TRUE: FALSE;
+        if (singleentry == FALSE) {
+            if (secretkey != NULL) {
+                if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey", LDAP_MOD_DELETE | LDAP_MOD_BVALUES,
+                                                  secretkey->keys)) != 0)
+                    goto cleanup;
+            }
+        } else {
+            /*
+             * If the Kerberos user principal to be deleted happens to be the last one associated
+             * with the directory user object, then it is time to delete the other kerberos
+             * specific attributes like krbmaxticketlife, i.e, unkerberize the directory user.
+             * From the attrsetmask value, identify the attributes set on the directory user
+             * object and delete them.
+             * NOTE: krbsecretkey attribute has per principal entries. There can be chances that the
+             * other principals' keys are exisiting/left-over. So delete all the values.
+             */
+            while (attrsetmask) {
+                if (attrsetmask & 1) {
+                    if ((st=krb5_add_str_mem_ldap_mod(&mods, attributes_set[j], LDAP_MOD_DELETE,
+                                                      NULL)) != 0)
+                        goto cleanup;
+                }
+                attrsetmask >>= 1;
+                ++j;
+            }
+
+            /* the same should be done with the objectclass attributes */
+            {
+                char *attrvalues[] = {"krbticketpolicyaux", "krbprincipalaux", NULL};
+/*              char *attrvalues[] = {"krbpwdpolicyrefaux", "krbticketpolicyaux", "krbprincipalaux", NULL};  */
+                int p, q, r=0, amask=0;
+
+                if ((st=checkattributevalue(ld, DN, "objectclass", attrvalues, &amask)) != 0)
+                    goto cleanup;
+                memset(strval, 0, sizeof(strval));
+                for (p=1, q=0; p<=4; p<<=1, ++q)
+                    if (p & amask)
+                        strval[r++] = attrvalues[q];
+                strval[r] = NULL;
+                if (r > 0) {
+                    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_DELETE,
+                                                      strval)) != 0)
+                        goto cleanup;
+                }
+            }
+        }
+        st=ldap_modify_ext_s(ld, DN, mods, NULL, NULL);
+        if (st != LDAP_SUCCESS) {
+            st = set_ldap_error(context, st, OP_MOD);
+            goto cleanup;
+        }
     }
 
 cleanup:
     if (user)
-       free (user);
+        free (user);
 
     if (DN)
-       free (DN);
+        free (DN);
 
     if (secretkey != NULL) {
-       int i=0;
-       while (i < secretkey->nkey) {
-           free (secretkey->keys[i]->bv_val);
-           free (secretkey->keys[i]);
-           ++i;
-       }
-       free (secretkey->keys);
-       free (secretkey);
+        int i=0;
+        while (i < secretkey->nkey) {
+            free (secretkey->keys[i]->bv_val);
+            free (secretkey->keys[i]);
+            ++i;
+        }
+        free (secretkey->keys);
+        free (secretkey);
     }
 
     if (st == 0)
-       krb5_ldap_free_principal(context, &entries, *nentries);
+        krb5_ldap_free_principal(context, &entries, *nentries);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -390,9 +383,9 @@ krb5_ldap_unparse_principal_name(char *user_name)
 
     out = user_name;
     for (in = user_name; *in; in++) {
-       if (*in == '\\' && *(in + 1) == '@')
-           continue;
-       *out++ = *in;
+        if (*in == '\\' && *(in + 1) == '@')
+            continue;
+        *out++ = *in;
     }
     *out = '\0';
 
@@ -414,29 +407,27 @@ krb5_ldap_unparse_principal_name(char *user_name)
  */
 
 krb5_error_code
-krb5_ldap_parse_principal_name(i_princ_name, o_princ_name)
-    char              *i_princ_name;
-    char              **o_princ_name;
+krb5_ldap_parse_principal_name(char *i_princ_name, char **o_princ_name)
 {
     const char *at_rlm_name, *p;
     struct k5buf buf;
 
     at_rlm_name = strrchr(i_princ_name, '@');
     if (!at_rlm_name) {
-       *o_princ_name = strdup(i_princ_name);
-       if (!o_princ_name)
-           return ENOMEM;
+        *o_princ_name = strdup(i_princ_name);
+        if (!o_princ_name)
+            return ENOMEM;
     } else {
-       krb5int_buf_init_dynamic(&buf);
-       for (p = i_princ_name; p < at_rlm_name; p++) {
-           if (*p == '@')
-               krb5int_buf_add(&buf, "\\");
-           krb5int_buf_add_len(&buf, p, 1);
-       }
-       krb5int_buf_add(&buf, at_rlm_name);
-       *o_princ_name = krb5int_buf_data(&buf);
-       if (!*o_princ_name)
-           return ENOMEM;
+        krb5int_buf_init_dynamic(&buf);
+        for (p = i_princ_name; p < at_rlm_name; p++) {
+            if (*p == '@')
+                krb5int_buf_add(&buf, "\\");
+            krb5int_buf_add_len(&buf, p, 1);
+        }
+        krb5int_buf_add(&buf, at_rlm_name);
+        *o_princ_name = krb5int_buf_data(&buf);
+        if (!*o_princ_name)
+            return ENOMEM;
     }
     return 0;
 }
index abc27f1148d00415b983aac4ef405b2c27993426..9969d532ad8aa803d56d7cd40b7b12e75c38ea92 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_principal.h
  *
 
 #define  KEYHEADER  12
 
-#define  NOOFKEYS(ptr)                 ((ptr[10]<<8) | ptr[11])
+#define  NOOFKEYS(ptr)          ((ptr[10]<<8) | ptr[11])
 
-#define  PRINCIPALLEN(ptr)     ((ptr[0]<<8) | ptr[1])
-#define  PRINCIPALNAME(ptr)    (ptr + KEYHEADER + (NOOFKEYS(ptr) *8))
+#define  PRINCIPALLEN(ptr)      ((ptr[0]<<8) | ptr[1])
+#define  PRINCIPALNAME(ptr)     (ptr + KEYHEADER + (NOOFKEYS(ptr) *8))
 
-#define  KEYBODY(ptr)          PRINCIPALNAME(ptr) + PRINCIPALLEN(ptr)
+#define  KEYBODY(ptr)           PRINCIPALNAME(ptr) + PRINCIPALLEN(ptr)
 
-#define  PKEYVER(ptr)          ((ptr[2]<<8) | ptr[3])
-#define  MKEYVER(ptr)          ((ptr[4]<<8) | ptr[5])
+#define  PKEYVER(ptr)           ((ptr[2]<<8) | ptr[3])
+#define  MKEYVER(ptr)           ((ptr[4]<<8) | ptr[5])
 
-#define  KEYTYPE(ptr,j)        ((ptr[KEYHEADER+(j*8)]<<8) | ptr[KEYHEADER+1+(j*8)])
-#define  KEYLENGTH(ptr,j)      ((ptr[KEYHEADER+2+(j*8)]<<8) | ptr[KEYHEADER+3+(j*8)])
-#define  SALTTYPE(ptr,j)       ((ptr[KEYHEADER+4+(j*8)]<<8) | ptr[KEYHEADER+5+(j*8)])
-#define  SALTLENGTH(ptr,j)     ((ptr[KEYHEADER+6+(j*8)]<<8) | ptr[KEYHEADER+7+(j*8)])
+#define  KEYTYPE(ptr,j)         ((ptr[KEYHEADER+(j*8)]<<8) | ptr[KEYHEADER+1+(j*8)])
+#define  KEYLENGTH(ptr,j)       ((ptr[KEYHEADER+2+(j*8)]<<8) | ptr[KEYHEADER+3+(j*8)])
+#define  SALTTYPE(ptr,j)        ((ptr[KEYHEADER+4+(j*8)]<<8) | ptr[KEYHEADER+5+(j*8)])
+#define  SALTLENGTH(ptr,j)      ((ptr[KEYHEADER+6+(j*8)]<<8) | ptr[KEYHEADER+7+(j*8)])
 
 #define MAX_KEY_LENGTH         1024
 #define CONTAINERDN_ARG        "containerdn"
@@ -57,7 +58,7 @@
 #define LINKDN_ARG             "linkdn"
 
 /* #define FILTER   "(&(objectclass=krbprincipalaux)(krbprincipalname=" */
- #define FILTER   "(&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal))(krbprincipalname="
+#define FILTER   "(&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal))(krbprincipalname="
 
 #define  KDB_USER_PRINCIPAL    0x01
 #define  KDB_SERVICE_PRINCIPAL 0x02
@@ -88,7 +89,7 @@
  * and krb5_ldap_put_principal(). If present, it means that the
  * krbPwdMaxFailure attribute should be incremented by one.
  */
-#define KADM5_FAIL_AUTH_COUNT_INCREMENT             0x080000 /* KADM5_CPW_FUNCTION */
+#define KADM5_FAIL_AUTH_COUNT_INCREMENT      0x080000 /* KADM5_CPW_FUNCTION */
 
 extern struct timeval timeout;
 extern char *policyclass[];
@@ -98,7 +99,7 @@ krb5_ldap_put_principal(krb5_context, krb5_db_entry *, int *, char **);
 
 krb5_error_code
 krb5_ldap_get_principal(krb5_context , krb5_const_principal ,
-                        unsigned int, krb5_db_entry *,int *, krb5_boolean *);
+                        unsigned int, krb5_db_entry *, int *, krb5_boolean *);
 
 krb5_error_code
 krb5_ldap_delete_principal(krb5_context, krb5_const_principal, int *);
@@ -107,7 +108,8 @@ krb5_error_code
 krb5_ldap_free_principal(krb5_context, krb5_db_entry *, int );
 
 krb5_error_code
-krb5_ldap_iterate(krb5_context, char *, krb5_error_code (*) (krb5_pointer, krb5_db_entry *),
+krb5_ldap_iterate(krb5_context, char *,
+                  krb5_error_code (*)(krb5_pointer, krb5_db_entry *),
                   krb5_pointer/*, int */);
 
 void
@@ -121,11 +123,12 @@ krb5_ldap_parse_principal_name(char *, char **);
 
 krb5_error_code
 krb5_decode_krbsecretkey(krb5_context, krb5_db_entry *, struct berval **,
-                        krb5_tl_data *, krb5_kvno *);
+                         krb5_tl_data *, krb5_kvno *);
 
 krb5_error_code
 berval2tl_data(struct berval *in, krb5_tl_data **out);
 
 krb5_error_code
-krb5_read_tkt_policy (krb5_context, krb5_ldap_context *, krb5_db_entry *, char *);
+krb5_read_tkt_policy(krb5_context, krb5_ldap_context *, krb5_db_entry *,
+                     char *);
 #endif
index 3474b7cda15a1fcaeca493ce2cddd4dd4fed4cf5..220602ac942aba9001a80e7b9086e60ab7616133 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_principal2.c
  *
@@ -53,14 +54,14 @@ berval2tl_data(struct berval *in, krb5_tl_data **out)
 {
     *out = (krb5_tl_data *) malloc (sizeof (krb5_tl_data));
     if (*out == NULL)
-       return ENOMEM;
+        return ENOMEM;
 
     (*out)->tl_data_length = in->bv_len - 2;
     (*out)->tl_data_contents =  (krb5_octet *) malloc
-       ((*out)->tl_data_length * sizeof (krb5_octet));
+        ((*out)->tl_data_length * sizeof (krb5_octet));
     if ((*out)->tl_data_contents == NULL) {
-       free (*out);
-       return ENOMEM;
+        free (*out);
+        return ENOMEM;
     }
 
     UNSTORE16_INT (in->bv_val, (*out)->tl_data_type);
@@ -87,9 +88,9 @@ aliases_ok(unsigned int flags)
      * okay.
      */
     if (!(flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY))
-       return TRUE;
+        return TRUE;
     if (flags & KRB5_KDB_FLAG_CANONICALIZE)
-       return TRUE;
+        return TRUE;
     return FALSE;
 }
 
@@ -98,24 +99,20 @@ aliases_ok(unsigned int flags)
  */
 
 krb5_error_code
-krb5_ldap_get_principal(context, searchfor, flags, entries, nentries, more)
-    krb5_context context;
-    krb5_const_principal searchfor;
-    unsigned int flags;
-    krb5_db_entry *entries;    /* filled in */
-    int *nentries;             /* how much room/how many found */
-    krb5_boolean *more;                /* are there more? */
+krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
+                        unsigned int flags, krb5_db_entry *entries,
+                        int *nentries, krb5_boolean *more)
 {
     char                        *user=NULL, *filter=NULL, **subtree=NULL;
     unsigned int                tree=0, ntrees=1, princlen=0;
-    krb5_error_code            tempst=0, st=0;
+    krb5_error_code             tempst=0, st=0;
     char                        **values=NULL, *cname=NULL;
-    LDAP                       *ld=NULL;
-    LDAPMessage                        *result=NULL, *ent=NULL;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL, *ent=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
-    krb5_principal             cprinc=NULL;
+    krb5_principal              cprinc=NULL;
 
     /* Clear the global error string */
     krb5_clear_error_message(context);
@@ -126,7 +123,7 @@ krb5_ldap_get_principal(context, searchfor, flags, entries, nentries, more)
     memset(entries, 0, sizeof(*entries));
 
     if (searchfor == NULL)
-       return EINVAL;
+        return EINVAL;
 
     dal_handle = context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
@@ -134,78 +131,78 @@ krb5_ldap_get_principal(context, searchfor, flags, entries, nentries, more)
     CHECK_LDAP_HANDLE(ldap_context);
 
     if (is_principal_in_realm(ldap_context, searchfor) != 0) {
-       *more = 0;
-       krb5_set_error_message (context, st, "Principal does not belong to realm");
-       goto cleanup;
+        *more = 0;
+        krb5_set_error_message (context, st, "Principal does not belong to realm");
+        goto cleanup;
     }
 
     if ((st=krb5_unparse_name(context, searchfor, &user)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
     if ((filter = malloc(princlen)) == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     snprintf(filter, princlen, FILTER"%s))", user);
 
     if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     GET_HANDLE();
     for (tree=0; tree < ntrees && *nentries == 0; ++tree) {
 
-       LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
-       for (ent=ldap_first_entry(ld, result); ent != NULL && *nentries == 0; ent=ldap_next_entry(ld, ent)) {
-
-           /* get the associated directory user information */
-           if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
-               int i;
-
-               /* a wild-card in a principal name can return a list of kerberos principals.
-                * Make sure that the correct principal is returned.
-                * NOTE: a principalname k* in ldap server will return all the principals starting with a k
-                */
-               for (i=0; values[i] != NULL; ++i) {
-                   if (strcmp(values[i], user) == 0) {
-                       *nentries = 1;
-                       break;
-                   }
-               }
-               ldap_value_free(values);
-
-               if (*nentries == 0) /* no matching principal found */
-                   continue;
-           }
-
-           if ((values=ldap_get_values(ld, ent, "krbcanonicalname")) != NULL) {
-               if (values[0] && strcmp(values[0], user) != 0) {
-                   /* We matched an alias, not the canonical name. */
-                   if (aliases_ok(flags)) {
-                       st = krb5_ldap_parse_principal_name(values[0], &cname);
-                       if (st != 0)
-                           goto cleanup;
-                       st = krb5_parse_name(context, cname, &cprinc);
-                       if (st != 0)
-                           goto cleanup;
-                   } else /* No canonicalization, so don't return aliases. */
-                       *nentries = 0;
-               }
-               ldap_value_free(values);
-               if (*nentries == 0)
-                   continue;
-           }
-
-           if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent,
-                                            cprinc ? cprinc : searchfor,
-                                            entries)) != 0)
-               goto cleanup;
-       }
-       ldap_msgfree(result);
-       result = NULL;
+        LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
+        for (ent=ldap_first_entry(ld, result); ent != NULL && *nentries == 0; ent=ldap_next_entry(ld, ent)) {
+
+            /* get the associated directory user information */
+            if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
+                int i;
+
+                /* a wild-card in a principal name can return a list of kerberos principals.
+                 * Make sure that the correct principal is returned.
+                 * NOTE: a principalname k* in ldap server will return all the principals starting with a k
+                 */
+                for (i=0; values[i] != NULL; ++i) {
+                    if (strcmp(values[i], user) == 0) {
+                        *nentries = 1;
+                        break;
+                    }
+                }
+                ldap_value_free(values);
+
+                if (*nentries == 0) /* no matching principal found */
+                    continue;
+            }
+
+            if ((values=ldap_get_values(ld, ent, "krbcanonicalname")) != NULL) {
+                if (values[0] && strcmp(values[0], user) != 0) {
+                    /* We matched an alias, not the canonical name. */
+                    if (aliases_ok(flags)) {
+                        st = krb5_ldap_parse_principal_name(values[0], &cname);
+                        if (st != 0)
+                            goto cleanup;
+                        st = krb5_parse_name(context, cname, &cprinc);
+                        if (st != 0)
+                            goto cleanup;
+                    } else /* No canonicalization, so don't return aliases. */
+                        *nentries = 0;
+                }
+                ldap_value_free(values);
+                if (*nentries == 0)
+                    continue;
+            }
+
+            if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent,
+                                             cprinc ? cprinc : searchfor,
+                                             entries)) != 0)
+                goto cleanup;
+        }
+        ldap_msgfree(result);
+        result = NULL;
     } /* for (tree=0 ... */
 
     /* once done, put back the ldap handle */
@@ -216,29 +213,29 @@ cleanup:
     ldap_msgfree(result);
 
     if (*nentries == 0 || st != 0)
-       krb5_dbe_free_contents(context, entries);
+        krb5_dbe_free_contents(context, entries);
 
     if (filter)
-       free (filter);
+        free (filter);
 
     if (subtree) {
-       for (; ntrees; --ntrees)
-           if (subtree[ntrees-1])
-               free (subtree[ntrees-1]);
-       free (subtree);
+        for (; ntrees; --ntrees)
+            if (subtree[ntrees-1])
+                free (subtree[ntrees-1]);
+        free (subtree);
     }
 
     if (ldap_server_handle)
-       krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+        krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
 
     if (user)
-       free(user);
+        free(user);
 
     if (cname)
-       free(cname);
+        free(cname);
 
     if (cprinc)
-       krb5_free_principal(context, cprinc);
+        krb5_free_principal(context, cprinc);
 
     return st;
 }
@@ -260,25 +257,21 @@ typedef struct _xargs_t {
 }xargs_t;
 
 static void
-free_xargs(xargs)
-    xargs_t xargs;
+free_xargs(xargs_t xargs)
 {
     if (xargs.dn)
-       free (xargs.dn);
+        free (xargs.dn);
     if (xargs.linkdn)
-       free(xargs.linkdn);
+        free(xargs.linkdn);
     if (xargs.containerdn)
-       free (xargs.containerdn);
+        free (xargs.containerdn);
     if (xargs.tktpolicydn)
-       free (xargs.tktpolicydn);
+        free (xargs.tktpolicydn);
 }
 
 static krb5_error_code
-process_db_args(context, db_args, xargs, optype)
-    krb5_context   context;
-    char           **db_args;
-    xargs_t        *xargs;
-    OPERATION      optype;
+process_db_args(krb5_context context, char **db_args, xargs_t *xargs,
+                OPERATION optype)
 {
     int                   i=0;
     krb5_error_code       st=0;
@@ -288,81 +281,81 @@ process_db_args(context, db_args, xargs, optype)
     unsigned int          arg_val_len=0;
 
     if (db_args) {
-       for (i=0; db_args[i]; ++i) {
-           arg = strtok_r(db_args[i], "=", &arg_val);
-           if (strcmp(arg, TKTPOLICY_ARG) == 0) {
-               dptr = &xargs->tktpolicydn;
-           } else {
-               if (strcmp(arg, USERDN_ARG) == 0) {
-                   if (optype == MODIFY_PRINCIPAL ||
-                       xargs->dn != NULL || xargs->containerdn != NULL ||
-                       xargs->linkdn != NULL) {
-                       st = EINVAL;
-                       snprintf(errbuf, sizeof(errbuf),
-                                "%s option not supported", arg);
-                       krb5_set_error_message(context, st, "%s", errbuf);
-                       goto cleanup;
-                   }
-                   dptr = &xargs->dn;
-               } else if (strcmp(arg, CONTAINERDN_ARG) == 0) {
-                   if (optype == MODIFY_PRINCIPAL ||
-                       xargs->dn != NULL || xargs->containerdn != NULL) {
-                       st = EINVAL;
-                       snprintf(errbuf, sizeof(errbuf),
-                                "%s option not supported", arg);
-                       krb5_set_error_message(context, st, "%s", errbuf);
-                       goto cleanup;
-                   }
-                   dptr = &xargs->containerdn;
-               } else if (strcmp(arg, LINKDN_ARG) == 0) {
-                   if (xargs->dn != NULL || xargs->linkdn != NULL) {
-                       st = EINVAL;
-                       snprintf(errbuf, sizeof(errbuf),
-                                "%s option not supported", arg);
-                       krb5_set_error_message(context, st, "%s", errbuf);
-                       goto cleanup;
-                   }
-                   dptr = &xargs->linkdn;
-               } else {
-                   st = EINVAL;
-                   snprintf(errbuf, sizeof(errbuf), "unknown option: %s", arg);
-                   krb5_set_error_message(context, st, "%s", errbuf);
-                   goto cleanup;
-               }
-
-               xargs->dn_from_kbd = TRUE;
-               if (arg_val == NULL || strlen(arg_val) == 0) {
-                   st = EINVAL;
-                   snprintf(errbuf, sizeof(errbuf),
-                            "%s option value missing", arg);
-                   krb5_set_error_message(context, st, "%s", errbuf);
-                   goto cleanup;
-               }
-           }
-
-           if (arg_val == NULL) {
-               st = EINVAL;
-               snprintf(errbuf, sizeof(errbuf),
-                        "%s option value missing", arg);
-               krb5_set_error_message(context, st, "%s", errbuf);
-               goto cleanup;
-           }
-           arg_val_len = strlen(arg_val) + 1;
-
-           if (strcmp(arg, TKTPOLICY_ARG) == 0) {
-               if ((st = krb5_ldap_name_to_policydn (context,
-                                                     arg_val,
-                                                     dptr)) != 0)
-                   goto cleanup;
-           } else {
-               *dptr = calloc (1, arg_val_len);
-               if (*dptr == NULL) {
-                   st = ENOMEM;
-                   goto cleanup;
-               }
-               memcpy(*dptr, arg_val, arg_val_len);
-           }
-       }
+        for (i=0; db_args[i]; ++i) {
+            arg = strtok_r(db_args[i], "=", &arg_val);
+            if (strcmp(arg, TKTPOLICY_ARG) == 0) {
+                dptr = &xargs->tktpolicydn;
+            } else {
+                if (strcmp(arg, USERDN_ARG) == 0) {
+                    if (optype == MODIFY_PRINCIPAL ||
+                        xargs->dn != NULL || xargs->containerdn != NULL ||
+                        xargs->linkdn != NULL) {
+                        st = EINVAL;
+                        snprintf(errbuf, sizeof(errbuf),
+                                 "%s option not supported", arg);
+                        krb5_set_error_message(context, st, "%s", errbuf);
+                        goto cleanup;
+                    }
+                    dptr = &xargs->dn;
+                } else if (strcmp(arg, CONTAINERDN_ARG) == 0) {
+                    if (optype == MODIFY_PRINCIPAL ||
+                        xargs->dn != NULL || xargs->containerdn != NULL) {
+                        st = EINVAL;
+                        snprintf(errbuf, sizeof(errbuf),
+                                 "%s option not supported", arg);
+                        krb5_set_error_message(context, st, "%s", errbuf);
+                        goto cleanup;
+                    }
+                    dptr = &xargs->containerdn;
+                } else if (strcmp(arg, LINKDN_ARG) == 0) {
+                    if (xargs->dn != NULL || xargs->linkdn != NULL) {
+                        st = EINVAL;
+                        snprintf(errbuf, sizeof(errbuf),
+                                 "%s option not supported", arg);
+                        krb5_set_error_message(context, st, "%s", errbuf);
+                        goto cleanup;
+                    }
+                    dptr = &xargs->linkdn;
+                } else {
+                    st = EINVAL;
+                    snprintf(errbuf, sizeof(errbuf), "unknown option: %s", arg);
+                    krb5_set_error_message(context, st, "%s", errbuf);
+                    goto cleanup;
+                }
+
+                xargs->dn_from_kbd = TRUE;
+                if (arg_val == NULL || strlen(arg_val) == 0) {
+                    st = EINVAL;
+                    snprintf(errbuf, sizeof(errbuf),
+                             "%s option value missing", arg);
+                    krb5_set_error_message(context, st, "%s", errbuf);
+                    goto cleanup;
+                }
+            }
+
+            if (arg_val == NULL) {
+                st = EINVAL;
+                snprintf(errbuf, sizeof(errbuf),
+                         "%s option value missing", arg);
+                krb5_set_error_message(context, st, "%s", errbuf);
+                goto cleanup;
+            }
+            arg_val_len = strlen(arg_val) + 1;
+
+            if (strcmp(arg, TKTPOLICY_ARG) == 0) {
+                if ((st = krb5_ldap_name_to_policydn (context,
+                                                      arg_val,
+                                                      dptr)) != 0)
+                    goto cleanup;
+            } else {
+                *dptr = calloc (1, arg_val_len);
+                if (*dptr == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+                memcpy(*dptr, arg_val, arg_val_len);
+            }
+        }
     }
 
 cleanup:
@@ -372,8 +365,8 @@ cleanup:
 krb5int_access accessor;
 
 static krb5_error_code
-asn1_encode_sequence_of_keys (krb5_key_data *key_data, krb5_int16 n_key_data,
-                             krb5_int32 mkvno, krb5_data **code)
+asn1_encode_sequence_of_keys(krb5_key_data *key_data, krb5_int16 n_key_data,
+                             krb5_int32 mkvno, krb5_data **code)
 {
     krb5_error_code err;
     ldap_seqof_key_data val;
@@ -384,7 +377,7 @@ asn1_encode_sequence_of_keys (krb5_key_data *key_data, krb5_int16 n_key_data,
      */
     err = kldap_ensure_initialized ();
     if (err)
-       return err;
+        return err;
 
     val.key_data = key_data;
     val.n_key_data = n_key_data;
@@ -394,8 +387,8 @@ asn1_encode_sequence_of_keys (krb5_key_data *key_data, krb5_int16 n_key_data,
 }
 
 static krb5_error_code
-asn1_decode_sequence_of_keys (krb5_data *in, krb5_key_data **out,
-                             krb5_int16 *n_key_data, krb5_kvno *mkvno)
+asn1_decode_sequence_of_keys(krb5_data *in, krb5_key_data **out,
+                             krb5_int16 *n_key_data, krb5_kvno *mkvno)
 {
     krb5_error_code err;
     ldap_seqof_key_data *p;
@@ -406,11 +399,11 @@ asn1_decode_sequence_of_keys (krb5_data *in, krb5_key_data **out,
      */
     err = kldap_ensure_initialized ();
     if (err)
-       return err;
+        return err;
 
     err = accessor.asn1_ldap_decode_sequence_of_keys(in, &p);
     if (err)
-       return err;
+        return err;
     *out = p->key_data;
     *n_key_data = p->n_key_data;
     *mkvno = p->mkvno;
@@ -421,7 +414,8 @@ asn1_decode_sequence_of_keys (krb5_data *in, krb5_key_data **out,
 
 /* Decoding ASN.1 encoded key */
 static struct berval **
-krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data, krb5_kvno mkvno) {
+krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data,
+                         krb5_kvno mkvno) {
     struct berval **ret = NULL;
     int currkvno;
     int num_versions = 1;
@@ -429,66 +423,68 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data, krb5_kvno mkvn
     krb5_error_code err = 0;
 
     if (n_key_data <= 0)
-       return NULL;
+        return NULL;
 
     /* Find the number of key versions */
     for (i = 0; i < n_key_data - 1; i++)
-       if (key_data[i].key_data_kvno != key_data[i + 1].key_data_kvno)
-           num_versions++;
+        if (key_data[i].key_data_kvno != key_data[i + 1].key_data_kvno)
+            num_versions++;
 
     ret = (struct berval **) calloc (num_versions + 1, sizeof (struct berval *));
     if (ret == NULL) {
-       err = ENOMEM;
-       goto cleanup;
+        err = ENOMEM;
+        goto cleanup;
     }
     for (i = 0, last = 0, j = 0, currkvno = key_data[0].key_data_kvno; i < n_key_data; i++) {
-       krb5_data *code;
-       if (i == n_key_data - 1 || key_data[i + 1].key_data_kvno != currkvno) {
-           asn1_encode_sequence_of_keys (key_data+last,
-                                         (krb5_int16) i - last + 1,
-                                         mkvno,
-                                         &code);
-           ret[j] = malloc (sizeof (struct berval));
-           if (ret[j] == NULL) {
-               err = ENOMEM;
-               goto cleanup;
-           }
-           /*CHECK_NULL(ret[j]); */
-           ret[j]->bv_len = code->length;
-           ret[j]->bv_val = code->data;
-           j++;
-           last = i + 1;
-
-           currkvno = key_data[i].key_data_kvno;
-       }
+        krb5_data *code;
+        if (i == n_key_data - 1 || key_data[i + 1].key_data_kvno != currkvno) {
+            asn1_encode_sequence_of_keys (key_data+last,
+                                          (krb5_int16) i - last + 1,
+                                          mkvno,
+                                          &code);
+            ret[j] = malloc (sizeof (struct berval));
+            if (ret[j] == NULL) {
+                err = ENOMEM;
+                goto cleanup;
+            }
+            /*CHECK_NULL(ret[j]); */
+            ret[j]->bv_len = code->length;
+            ret[j]->bv_val = code->data;
+            j++;
+            last = i + 1;
+
+            currkvno = key_data[i].key_data_kvno;
+        }
     }
     ret[num_versions] = NULL;
 
 cleanup:
 
     if (err != 0) {
-       if (ret != NULL) {
-           for (i = 0; i <= num_versions; i++)
-               if (ret[i] != NULL)
-                   free (ret[i]);
-           free (ret);
-           ret = NULL;
-       }
+        if (ret != NULL) {
+            for (i = 0; i <= num_versions; i++)
+                if (ret[i] != NULL)
+                    free (ret[i]);
+            free (ret);
+            ret = NULL;
+        }
     }
 
     return ret;
 }
 
-static krb5_error_code tl_data2berval (krb5_tl_data *in, struct berval **out) {
+static krb5_error_code
+tl_data2berval (krb5_tl_data *in, struct berval **out)
+{
     *out = (struct berval *) malloc (sizeof (struct berval));
     if (*out == NULL)
-       return ENOMEM;
+        return ENOMEM;
 
     (*out)->bv_len = in->tl_data_length + 2;
     (*out)->bv_val =  (char *) malloc ((*out)->bv_len);
     if ((*out)->bv_val == NULL) {
-       free (*out);
-       return ENOMEM;
+        free (*out);
+        return ENOMEM;
     }
 
     STORE16_INT((*out)->bv_val, in->tl_data_type);
@@ -498,20 +494,17 @@ static krb5_error_code tl_data2berval (krb5_tl_data *in, struct berval **out) {
 }
 
 krb5_error_code
-krb5_ldap_put_principal(context, entries, nentries, db_args)
-    krb5_context               context;
-    krb5_db_entry              *entries;
-    register int               *nentries;         /* number of entry structs to update */
-    char                       **db_args;
+krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entries,
+                        int *nentries, char **db_args)
 {
-    int                        i=0, l=0, kerberos_principal_object_type=0;
-    krb5_error_code            st=0, tempst=0;
-    LDAP                       *ld=NULL;
+    int                         i=0, l=0, kerberos_principal_object_type=0;
+    krb5_error_code             st=0, tempst=0;
+    LDAP                        *ld=NULL;
     LDAPMessage                 *result=NULL, *ent=NULL;
     char                        *user=NULL, *subtree=NULL, *principal_dn=NULL;
     char                        **values=NULL, *strval[10]={NULL}, errbuf[1024];
-    struct berval              **bersecretkey=NULL;
-    LDAPMod                    **mods=NULL;
+    struct berval               **bersecretkey=NULL;
+    LDAPMod                     **mods=NULL;
     krb5_boolean                create_standalone_prinicipal=FALSE;
     krb5_boolean                krb_identity_exists=FALSE, establish_links=FALSE;
     char                        *standalone_principal_dn=NULL;
@@ -520,319 +513,319 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
-    osa_princ_ent_rec          princ_ent;
+    osa_princ_ent_rec           princ_ent;
     xargs_t                     xargs = {0};
     char                        *polname = NULL;
     OPERATION optype;
-    krb5_boolean               found_entry = FALSE;
+    krb5_boolean                found_entry = FALSE;
 
     /* Clear the global error string */
     krb5_clear_error_message(context);
 
     SETUP_CONTEXT();
     if (ldap_context->lrparams == NULL || ldap_context->krbcontainer == NULL)
-       return EINVAL;
+        return EINVAL;
 
     /* get ldap handle */
     GET_HANDLE();
 
     for (i=0; i < *nentries; ++i, ++entries) {
-       if (is_principal_in_realm(ldap_context, entries->princ) != 0) {
-           st = EINVAL;
-           krb5_set_error_message(context, st, "Principal does not belong to the default realm");
-           goto cleanup;
-       }
-
-       /* get the principal information to act on */
-       if (entries->princ) {
-           if (((st=krb5_unparse_name(context, entries->princ, &user)) != 0) ||
-               ((st=krb5_ldap_unparse_principal_name(user)) != 0))
-               goto cleanup;
-       }
-
-       /* Identity the type of operation, it can be
-        * add principal or modify principal.
-        * hack if the entries->mask has KRB_PRINCIPAL flag set
-        * then it is a add operation
-        */
-       if (entries->mask & KADM5_PRINCIPAL)
-           optype = ADD_PRINCIPAL;
-       else
-           optype = MODIFY_PRINCIPAL;
-
-       if (((st=krb5_get_princ_type(context, entries, &kerberos_principal_object_type)) != 0) ||
-           ((st=krb5_get_userdn(context, entries, &principal_dn)) != 0))
-           goto cleanup;
-
-       if ((st=process_db_args(context, db_args, &xargs, optype)) != 0)
-           goto cleanup;
-
-       if (entries->mask & KADM5_LOAD) {
-           int              tree = 0, ntrees = 0, princlen = 0, numlentries = 0;
-           char             **subtreelist = NULL, *filter = NULL;
-
-           /*  A load operation is special, will do a mix-in (add krbprinc
-            *  attrs to a non-krb object entry) if an object exists with a
-            *  matching krbprincipalname attribute so try to find existing
-            *  object and set principal_dn.  This assumes that the
-            *  krbprincipalname attribute is unique (only one object entry has
-            *  a particular krbprincipalname attribute).
-            */
-           if (user == NULL) {
-               /* must have principal name for search */
-               st = EINVAL;
-               krb5_set_error_message(context, st, "operation can not continue, principal name not found");
-               goto cleanup;
-           }
-           princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
-           if ((filter = malloc(princlen)) == NULL) {
-               st = ENOMEM;
-               goto cleanup;
-           }
-           snprintf(filter, princlen, FILTER"%s))", user);
-
-           /* get the current subtree list */
-           if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
-               goto cleanup;
-
-           found_entry = FALSE;
-           /* search for entry with matching krbprincipalname attribute */
-           for (tree = 0; found_entry == FALSE && tree < ntrees; ++tree) {
-               result = NULL;
-               if (principal_dn == NULL) {
-                   LDAP_SEARCH_1(subtreelist[tree], ldap_context->lrparams->search_scope, filter, principal_attributes, IGNORE_STATUS);
-               } else {
-                   /* just look for entry with principal_dn */
-                   LDAP_SEARCH_1(principal_dn, LDAP_SCOPE_BASE, filter, principal_attributes, IGNORE_STATUS);
-               }
-               if (st == LDAP_SUCCESS) {
-                   numlentries = ldap_count_entries(ld, result);
-                   if (numlentries > 1) {
-                       ldap_msgfree(result);
-                       free(filter);
-                       st = EINVAL;
-                       krb5_set_error_message(context, st,
-                           "operation can not continue, more than one entry with principal name \"%s\" found",
-                           user);
-                       goto cleanup;
-                   } else if (numlentries == 1) {
-                       found_entry = TRUE;
-                       if (principal_dn == NULL) {
-                           ent = ldap_first_entry(ld, result);
-                           if (ent != NULL) {
-                               /* setting principal_dn will cause that entry to be modified further down */
-                               if ((principal_dn = ldap_get_dn(ld, ent)) == NULL) {
-                                   ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st);
-                                   st = set_ldap_error (context, st, 0);
-                                   ldap_msgfree(result);
-                                   free(filter);
-                                   goto cleanup;
-                               }
-                           }
-                       }
-                   }
-                   if (result)
-                       ldap_msgfree(result);
-               } else if (st != LDAP_NO_SUCH_OBJECT) {
-                   /* could not perform search, return with failure */
-                   st = set_ldap_error (context, st, 0);
-                   free(filter);
-                   goto cleanup;
-               }
-               /*
-                * If it isn't found then assume a standalone princ entry is to
-                * be created.
-                */
-           } /* end for (tree = 0; principal_dn == ... */
-
-           free(filter);
-
-           if (found_entry == FALSE && principal_dn != NULL) {
-               /*
-                * if principal_dn is null then there is code further down to
-                * deal with setting standalone_principal_dn.  Also note that
-                * this will set create_standalone_prinicipal true for
-                * non-mix-in entries which is okay if loading from a dump.
-                */
-               create_standalone_prinicipal = TRUE;
-               standalone_principal_dn = strdup(principal_dn);
-               CHECK_NULL(standalone_principal_dn);
-           }
-       } /* end if (entries->mask & KADM5_LOAD */
-
-       /* time to generate the DN information with the help of
-        * containerdn, principalcontainerreference or
-        * realmcontainerdn information
-        */
-       if (principal_dn == NULL && xargs.dn == NULL) { /* creation of standalone principal */
-           /* get the subtree information */
-           if (entries->princ->length == 2 && entries->princ->data[0].length == strlen("krbtgt") &&
-               strncmp(entries->princ->data[0].data, "krbtgt", entries->princ->data[0].length) == 0) {
-               /* if the principal is a inter-realm principal, always created in the realm container */
-               subtree = strdup(ldap_context->lrparams->realmdn);
-           } else if (xargs.containerdn) {
-               if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) {
-                   if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) {
-                       int ost = st;
-                       st = EINVAL;
-                       snprintf(errbuf, sizeof(errbuf), "'%s' not found: ",
-                                xargs.containerdn);
-                       prepend_err_str(context, errbuf, st, ost);
-                   }
-                   goto cleanup;
-               }
-               subtree = strdup(xargs.containerdn);
-           } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) {
-               /*
-                * Here the subtree should be changed with
-                * principalcontainerreference attribute value
-                */
-               subtree = strdup(ldap_context->lrparams->containerref);
-           } else {
-               subtree = strdup(ldap_context->lrparams->realmdn);
-           }
-           CHECK_NULL(subtree);
-
-           if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s",
-                        user, subtree) < 0)
-               standalone_principal_dn = NULL;
-           CHECK_NULL(standalone_principal_dn);
-           /*
-            * free subtree when you are done using the subtree
-            * set the boolean create_standalone_prinicipal to TRUE
-            */
-           create_standalone_prinicipal = TRUE;
-           free(subtree);
-           subtree = NULL;
-       }
-
-       /*
-        * If the DN information is presented by the user, time to
-        * validate the input to ensure that the DN falls under
-        * any of the subtrees
-        */
-       if (xargs.dn_from_kbd == TRUE) {
-           /* make sure the DN falls in the subtree */
-           int              tre=0, dnlen=0, subtreelen=0, ntrees=0;
-           char             **subtreelist=NULL;
-           char             *dn=NULL;
-           krb5_boolean     outofsubtree=TRUE;
-
-           if (xargs.dn != NULL) {
-               dn = xargs.dn;
-           } else if (xargs.linkdn != NULL) {
-               dn = xargs.linkdn;
-           } else if (standalone_principal_dn != NULL) {
-               /*
-                * Even though the standalone_principal_dn is constructed
-                * within this function, there is the containerdn input
-                * from the user that can become part of the it.
-                */
-               dn = standalone_principal_dn;
-           }
-
-           /* get the current subtree list */
-           if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
-               goto cleanup;
-
-           for (tre=0; tre<ntrees; ++tre) {
-               if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) {
-                   outofsubtree = FALSE;
-                   break;
-               } else {
-                   dnlen = strlen (dn);
-                   subtreelen = strlen(subtreelist[tre]);
-                   if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) {
-                       outofsubtree = FALSE;
-                       break;
-                   }
-               }
-           }
-
-           for (tre=0; tre < ntrees; ++tre) {
-               free(subtreelist[tre]);
-           }
-
-           if (outofsubtree == TRUE) {
-               st = EINVAL;
-               krb5_set_error_message(context, st, "DN is out of the realm subtree");
-               goto cleanup;
-           }
-
-           /*
-            * dn value will be set either by dn, linkdn or the standalone_principal_dn
-            * In the first 2 cases, the dn should be existing and in the last case we
-            * are supposed to create the ldap object. so the below should not be
-            * executed for the last case.
-            */
-
-           if (standalone_principal_dn == NULL) {
-               /*
-                * If the ldap object is missing, this results in an error.
-                */
-
-               /*
-                * Search for krbprincipalname attribute here.
-                * This is to find if a kerberos identity is already present
-                * on the ldap object, in which case adding a kerberos identity
-                * on the ldap object should result in an error.
-                */
-               char  *attributes[]={"krbticketpolicyreference", "krbprincipalname", NULL};
-
-               LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS);
-               if (st == LDAP_SUCCESS) {
-                   ent = ldap_first_entry(ld, result);
-                   if (ent != NULL) {
-                       if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) {
-                           ldap_value_free(values);
-                       }
-
-                       if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
-                           krb_identity_exists = TRUE;
-                           ldap_value_free(values);
-                       }
-                   }
-                   ldap_msgfree(result);
-               } else {
-                   st = set_ldap_error(context, st, OP_SEARCH);
-                   goto cleanup;
-               }
-           }
-       }
-
-       /*
-        * If xargs.dn is set then the request is to add a
-        * kerberos principal on a ldap object, but if
-        * there is one already on the ldap object this
-        * should result in an error.
-        */
-
-       if (xargs.dn != NULL && krb_identity_exists == TRUE) {
-           st = EINVAL;
-           snprintf(errbuf, sizeof(errbuf), "ldap object is already kerberized");
-           krb5_set_error_message(context, st, "%s", errbuf);
-           goto cleanup;
-       }
-
-       if (xargs.linkdn != NULL) {
-           /*
-            * link information can be changed using modprinc.
-            * However, link information can be changed only on the
-            * standalone kerberos principal objects. A standalone
-            * kerberos principal object is of type krbprincipal
-            * structural objectclass.
-            *
-            * NOTE: kerberos principals on an ldap object can't be
-            * linked to other ldap objects.
-            */
-           if (optype == MODIFY_PRINCIPAL &&
-               kerberos_principal_object_type != KDB_STANDALONE_PRINCIPAL_OBJECT) {
-               st = EINVAL;
-               snprintf(errbuf, sizeof(errbuf),
-                   "link information can not be set/updated as the kerberos principal belongs to an ldap object");
-               krb5_set_error_message(context, st, "%s", errbuf);
-               goto cleanup;
-           }
+        if (is_principal_in_realm(ldap_context, entries->princ) != 0) {
+            st = EINVAL;
+            krb5_set_error_message(context, st, "Principal does not belong to the default realm");
+            goto cleanup;
+        }
+
+        /* get the principal information to act on */
+        if (entries->princ) {
+            if (((st=krb5_unparse_name(context, entries->princ, &user)) != 0) ||
+                ((st=krb5_ldap_unparse_principal_name(user)) != 0))
+                goto cleanup;
+        }
+
+        /* Identity the type of operation, it can be
+         * add principal or modify principal.
+         * hack if the entries->mask has KRB_PRINCIPAL flag set
+         * then it is a add operation
+         */
+        if (entries->mask & KADM5_PRINCIPAL)
+            optype = ADD_PRINCIPAL;
+        else
+            optype = MODIFY_PRINCIPAL;
+
+        if (((st=krb5_get_princ_type(context, entries, &kerberos_principal_object_type)) != 0) ||
+            ((st=krb5_get_userdn(context, entries, &principal_dn)) != 0))
+            goto cleanup;
+
+        if ((st=process_db_args(context, db_args, &xargs, optype)) != 0)
+            goto cleanup;
+
+        if (entries->mask & KADM5_LOAD) {
+            int              tree = 0, ntrees = 0, princlen = 0, numlentries = 0;
+            char             **subtreelist = NULL, *filter = NULL;
+
+            /*  A load operation is special, will do a mix-in (add krbprinc
+             *  attrs to a non-krb object entry) if an object exists with a
+             *  matching krbprincipalname attribute so try to find existing
+             *  object and set principal_dn.  This assumes that the
+             *  krbprincipalname attribute is unique (only one object entry has
+             *  a particular krbprincipalname attribute).
+             */
+            if (user == NULL) {
+                /* must have principal name for search */
+                st = EINVAL;
+                krb5_set_error_message(context, st, "operation can not continue, principal name not found");
+                goto cleanup;
+            }
+            princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
+            if ((filter = malloc(princlen)) == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+            snprintf(filter, princlen, FILTER"%s))", user);
+
+            /* get the current subtree list */
+            if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
+                goto cleanup;
+
+            found_entry = FALSE;
+            /* search for entry with matching krbprincipalname attribute */
+            for (tree = 0; found_entry == FALSE && tree < ntrees; ++tree) {
+                result = NULL;
+                if (principal_dn == NULL) {
+                    LDAP_SEARCH_1(subtreelist[tree], ldap_context->lrparams->search_scope, filter, principal_attributes, IGNORE_STATUS);
+                } else {
+                    /* just look for entry with principal_dn */
+                    LDAP_SEARCH_1(principal_dn, LDAP_SCOPE_BASE, filter, principal_attributes, IGNORE_STATUS);
+                }
+                if (st == LDAP_SUCCESS) {
+                    numlentries = ldap_count_entries(ld, result);
+                    if (numlentries > 1) {
+                        ldap_msgfree(result);
+                        free(filter);
+                        st = EINVAL;
+                        krb5_set_error_message(context, st,
+                                               "operation can not continue, more than one entry with principal name \"%s\" found",
+                                               user);
+                        goto cleanup;
+                    } else if (numlentries == 1) {
+                        found_entry = TRUE;
+                        if (principal_dn == NULL) {
+                            ent = ldap_first_entry(ld, result);
+                            if (ent != NULL) {
+                                /* setting principal_dn will cause that entry to be modified further down */
+                                if ((principal_dn = ldap_get_dn(ld, ent)) == NULL) {
+                                    ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st);
+                                    st = set_ldap_error (context, st, 0);
+                                    ldap_msgfree(result);
+                                    free(filter);
+                                    goto cleanup;
+                                }
+                            }
+                        }
+                    }
+                    if (result)
+                        ldap_msgfree(result);
+                } else if (st != LDAP_NO_SUCH_OBJECT) {
+                    /* could not perform search, return with failure */
+                    st = set_ldap_error (context, st, 0);
+                    free(filter);
+                    goto cleanup;
+                }
+                /*
+                 * If it isn't found then assume a standalone princ entry is to
+                 * be created.
+                 */
+            } /* end for (tree = 0; principal_dn == ... */
+
+            free(filter);
+
+            if (found_entry == FALSE && principal_dn != NULL) {
+                /*
+                 * if principal_dn is null then there is code further down to
+                 * deal with setting standalone_principal_dn.  Also note that
+                 * this will set create_standalone_prinicipal true for
+                 * non-mix-in entries which is okay if loading from a dump.
+                 */
+                create_standalone_prinicipal = TRUE;
+                standalone_principal_dn = strdup(principal_dn);
+                CHECK_NULL(standalone_principal_dn);
+            }
+        } /* end if (entries->mask & KADM5_LOAD */
+
+        /* time to generate the DN information with the help of
+         * containerdn, principalcontainerreference or
+         * realmcontainerdn information
+         */
+        if (principal_dn == NULL && xargs.dn == NULL) { /* creation of standalone principal */
+            /* get the subtree information */
+            if (entries->princ->length == 2 && entries->princ->data[0].length == strlen("krbtgt") &&
+                strncmp(entries->princ->data[0].data, "krbtgt", entries->princ->data[0].length) == 0) {
+                /* if the principal is a inter-realm principal, always created in the realm container */
+                subtree = strdup(ldap_context->lrparams->realmdn);
+            } else if (xargs.containerdn) {
+                if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) {
+                    if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) {
+                        int ost = st;
+                        st = EINVAL;
+                        snprintf(errbuf, sizeof(errbuf), "'%s' not found: ",
+                                 xargs.containerdn);
+                        prepend_err_str(context, errbuf, st, ost);
+                    }
+                    goto cleanup;
+                }
+                subtree = strdup(xargs.containerdn);
+            } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) {
+                /*
+                 * Here the subtree should be changed with
+                 * principalcontainerreference attribute value
+                 */
+                subtree = strdup(ldap_context->lrparams->containerref);
+            } else {
+                subtree = strdup(ldap_context->lrparams->realmdn);
+            }
+            CHECK_NULL(subtree);
+
+            if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s",
+                         user, subtree) < 0)
+                standalone_principal_dn = NULL;
+            CHECK_NULL(standalone_principal_dn);
+            /*
+             * free subtree when you are done using the subtree
+             * set the boolean create_standalone_prinicipal to TRUE
+             */
+            create_standalone_prinicipal = TRUE;
+            free(subtree);
+            subtree = NULL;
+        }
+
+        /*
+         * If the DN information is presented by the user, time to
+         * validate the input to ensure that the DN falls under
+         * any of the subtrees
+         */
+        if (xargs.dn_from_kbd == TRUE) {
+            /* make sure the DN falls in the subtree */
+            int              tre=0, dnlen=0, subtreelen=0, ntrees=0;
+            char             **subtreelist=NULL;
+            char             *dn=NULL;
+            krb5_boolean     outofsubtree=TRUE;
+
+            if (xargs.dn != NULL) {
+                dn = xargs.dn;
+            } else if (xargs.linkdn != NULL) {
+                dn = xargs.linkdn;
+            } else if (standalone_principal_dn != NULL) {
+                /*
+                 * Even though the standalone_principal_dn is constructed
+                 * within this function, there is the containerdn input
+                 * from the user that can become part of the it.
+                 */
+                dn = standalone_principal_dn;
+            }
+
+            /* get the current subtree list */
+            if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
+                goto cleanup;
+
+            for (tre=0; tre<ntrees; ++tre) {
+                if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) {
+                    outofsubtree = FALSE;
+                    break;
+                } else {
+                    dnlen = strlen (dn);
+                    subtreelen = strlen(subtreelist[tre]);
+                    if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) {
+                        outofsubtree = FALSE;
+                        break;
+                    }
+                }
+            }
+
+            for (tre=0; tre < ntrees; ++tre) {
+                free(subtreelist[tre]);
+            }
+
+            if (outofsubtree == TRUE) {
+                st = EINVAL;
+                krb5_set_error_message(context, st, "DN is out of the realm subtree");
+                goto cleanup;
+            }
+
+            /*
+             * dn value will be set either by dn, linkdn or the standalone_principal_dn
+             * In the first 2 cases, the dn should be existing and in the last case we
+             * are supposed to create the ldap object. so the below should not be
+             * executed for the last case.
+             */
+
+            if (standalone_principal_dn == NULL) {
+                /*
+                 * If the ldap object is missing, this results in an error.
+                 */
+
+                /*
+                 * Search for krbprincipalname attribute here.
+                 * This is to find if a kerberos identity is already present
+                 * on the ldap object, in which case adding a kerberos identity
+                 * on the ldap object should result in an error.
+                 */
+                char  *attributes[]={"krbticketpolicyreference", "krbprincipalname", NULL};
+
+                LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS);
+                if (st == LDAP_SUCCESS) {
+                    ent = ldap_first_entry(ld, result);
+                    if (ent != NULL) {
+                        if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) {
+                            ldap_value_free(values);
+                        }
+
+                        if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
+                            krb_identity_exists = TRUE;
+                            ldap_value_free(values);
+                        }
+                    }
+                    ldap_msgfree(result);
+                } else {
+                    st = set_ldap_error(context, st, OP_SEARCH);
+                    goto cleanup;
+                }
+            }
+        }
+
+        /*
+         * If xargs.dn is set then the request is to add a
+         * kerberos principal on a ldap object, but if
+         * there is one already on the ldap object this
+         * should result in an error.
+         */
+
+        if (xargs.dn != NULL && krb_identity_exists == TRUE) {
+            st = EINVAL;
+            snprintf(errbuf, sizeof(errbuf), "ldap object is already kerberized");
+            krb5_set_error_message(context, st, "%s", errbuf);
+            goto cleanup;
+        }
+
+        if (xargs.linkdn != NULL) {
+            /*
+             * link information can be changed using modprinc.
+             * However, link information can be changed only on the
+             * standalone kerberos principal objects. A standalone
+             * kerberos principal object is of type krbprincipal
+             * structural objectclass.
+             *
+             * NOTE: kerberos principals on an ldap object can't be
+             * linked to other ldap objects.
+             */
+            if (optype == MODIFY_PRINCIPAL &&
+                kerberos_principal_object_type != KDB_STANDALONE_PRINCIPAL_OBJECT) {
+                st = EINVAL;
+                snprintf(errbuf, sizeof(errbuf),
+                         "link information can not be set/updated as the kerberos principal belongs to an ldap object");
+                krb5_set_error_message(context, st, "%s", errbuf);
+                goto cleanup;
+            }
             /*
              * Check the link information. If there is already a link
              * existing then this operation is not allowed.
@@ -860,412 +853,412 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                 }
             }
 
-           establish_links = TRUE;
-       }
-
-       if (entries->mask & KADM5_LAST_SUCCESS) {
-           memset(strval, 0, sizeof(strval));
-           if ((strval[0]=getstringtime(entries->last_success)) == NULL)
-               goto cleanup;
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastSuccessfulAuth", LDAP_MOD_REPLACE, strval)) != 0) {
-               free (strval[0]);
-               goto cleanup;
-           }
-           free (strval[0]);
-       }
-
-       if (entries->mask & KADM5_LAST_FAILED) {
-           memset(strval, 0, sizeof(strval));
-           if ((strval[0]=getstringtime(entries->last_failed)) == NULL)
-               goto cleanup;
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastFailedAuth", LDAP_MOD_REPLACE, strval)) != 0) {
-               free (strval[0]);
-               goto cleanup;
-           }
-           free(strval[0]);
-       }
-
-       if (entries->mask & KADM5_FAIL_AUTH_COUNT) {
-           krb5_kvno fail_auth_count;
-
-           fail_auth_count = entries->fail_auth_count;
-           if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
-               fail_auth_count++;
-
-           st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-                                          LDAP_MOD_REPLACE,
-                                          fail_auth_count);
-           if (st != 0)
-               goto cleanup;
-       } else if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) {
-           /*
-            * If the client library and server supports RFC 4525,
-            * then use it to increment by one the value of the
-            * krbLoginFailedCount attribute. Otherwise, assert the
-            * (provided) old value by deleting it before adding.
-            */
+            establish_links = TRUE;
+        }
+
+        if (entries->mask & KADM5_LAST_SUCCESS) {
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0]=getstringtime(entries->last_success)) == NULL)
+                goto cleanup;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastSuccessfulAuth", LDAP_MOD_REPLACE, strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free (strval[0]);
+        }
+
+        if (entries->mask & KADM5_LAST_FAILED) {
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0]=getstringtime(entries->last_failed)) == NULL)
+                goto cleanup;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastFailedAuth", LDAP_MOD_REPLACE, strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free(strval[0]);
+        }
+
+        if (entries->mask & KADM5_FAIL_AUTH_COUNT) {
+            krb5_kvno fail_auth_count;
+
+            fail_auth_count = entries->fail_auth_count;
+            if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
+                fail_auth_count++;
+
+            st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                           LDAP_MOD_REPLACE,
+                                           fail_auth_count);
+            if (st != 0)
+                goto cleanup;
+        } else if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) {
+            /*
+             * If the client library and server supports RFC 4525,
+             * then use it to increment by one the value of the
+             * krbLoginFailedCount attribute. Otherwise, assert the
+             * (provided) old value by deleting it before adding.
+             */
 #ifdef LDAP_MOD_INCREMENT
-           if (ldap_server_handle->server_info->modify_increment) {
-               st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-                                              LDAP_MOD_INCREMENT, 1);
-               if (st != 0)
-                   goto cleanup;
-           } else
+            if (ldap_server_handle->server_info->modify_increment) {
+                st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                               LDAP_MOD_INCREMENT, 1);
+                if (st != 0)
+                    goto cleanup;
+            } else
 #endif /* LDAP_MOD_INCREMENT */
-           if (entries->fail_auth_count == 0) {
-               /*
-                * Unfortunately we have no way of distinguishing between
-                * an absent and a zero-valued attribute by the time we are
-                * called here. So, although this creates a race condition,
-                * it appears impossible to assert the old value as that
-                * would fail were the attribute absent.
-                */
-               st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-                                              LDAP_MOD_REPLACE, 1);
-               if (st != 0)
-                   goto cleanup;
-           } else {
-               st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-                                              LDAP_MOD_DELETE,
-                                              entries->fail_auth_count);
-               if (st != 0)
-                   goto cleanup;
-
-               st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-                                              LDAP_MOD_ADD,
-                                              entries->fail_auth_count + 1);
-               if (st != 0)
-                   goto cleanup;
-           }
-       }
-
-       if (entries->mask & KADM5_MAX_LIFE) {
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE, entries->max_life)) != 0)
-               goto cleanup;
-       }
-
-       if (entries->mask & KADM5_MAX_RLIFE) {
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
-                                             entries->max_renewable_life)) != 0)
-               goto cleanup;
-       }
-
-       if (entries->mask & KADM5_ATTRIBUTES) {
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
-                                             entries->attributes)) != 0)
-               goto cleanup;
-       }
-
-       if (entries->mask & KADM5_PRINCIPAL) {
-           memset(strval, 0, sizeof(strval));
-           strval[0] = user;
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_REPLACE, strval)) != 0)
-               goto cleanup;
-       }
-
-       if (entries->mask & KADM5_PRINC_EXPIRE_TIME) {
-           memset(strval, 0, sizeof(strval));
-           if ((strval[0]=getstringtime(entries->expiration)) == NULL)
-               goto cleanup;
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalexpiration", LDAP_MOD_REPLACE, strval)) != 0) {
-               free (strval[0]);
-               goto cleanup;
-           }
-           free (strval[0]);
-       }
-
-       if (entries->mask & KADM5_PW_EXPIRATION) {
-           memset(strval, 0, sizeof(strval));
-           if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
-               goto cleanup;
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpasswordexpiration",
-                                             LDAP_MOD_REPLACE,
-                                             strval)) != 0) {
-               free (strval[0]);
-               goto cleanup;
-           }
-           free (strval[0]);
-       }
-
-       if (entries->mask & KADM5_POLICY) {
-           memset(&princ_ent, 0, sizeof(princ_ent));
-           for (tl_data=entries->tl_data; tl_data; tl_data=tl_data->tl_data_next) {
-               if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) {
-                   /* FIX ME: I guess the princ_ent should be freed after this call */
-                   if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) {
-                       goto cleanup;
-                   }
-               }
-           }
-
-           if (princ_ent.aux_attributes & KADM5_POLICY) {
-               memset(strval, 0, sizeof(strval));
-               if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0)
-                   goto cleanup;
-               strval[0] = polname;
-               if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
-                   goto cleanup;
-           } else {
-               st = EINVAL;
-               krb5_set_error_message(context, st, "Password policy value null");
-               goto cleanup;
-           }
-       } else if (entries->mask & KADM5_LOAD && found_entry == TRUE) {
-           /*
-            * a load is special in that existing entries must have attrs that
-            * removed.
-            */
-
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, NULL)) != 0)
-               goto cleanup;
-       }
-
-       if (entries->mask & KADM5_POLICY_CLR) {
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
-               goto cleanup;
-       }
-
-       if (entries->mask & KADM5_KEY_DATA || entries->mask & KADM5_KVNO) {
+                if (entries->fail_auth_count == 0) {
+                    /*
+                     * Unfortunately we have no way of distinguishing between
+                     * an absent and a zero-valued attribute by the time we are
+                     * called here. So, although this creates a race condition,
+                     * it appears impossible to assert the old value as that
+                     * would fail were the attribute absent.
+                     */
+                    st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                                   LDAP_MOD_REPLACE, 1);
+                    if (st != 0)
+                        goto cleanup;
+                } else {
+                    st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                                   LDAP_MOD_DELETE,
+                                                   entries->fail_auth_count);
+                    if (st != 0)
+                        goto cleanup;
+
+                    st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                                   LDAP_MOD_ADD,
+                                                   entries->fail_auth_count + 1);
+                    if (st != 0)
+                        goto cleanup;
+                }
+        }
+
+        if (entries->mask & KADM5_MAX_LIFE) {
+            if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE, entries->max_life)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_MAX_RLIFE) {
+            if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
+                                              entries->max_renewable_life)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_ATTRIBUTES) {
+            if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
+                                              entries->attributes)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_PRINCIPAL) {
+            memset(strval, 0, sizeof(strval));
+            strval[0] = user;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_REPLACE, strval)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_PRINC_EXPIRE_TIME) {
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0]=getstringtime(entries->expiration)) == NULL)
+                goto cleanup;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalexpiration", LDAP_MOD_REPLACE, strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free (strval[0]);
+        }
+
+        if (entries->mask & KADM5_PW_EXPIRATION) {
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
+                goto cleanup;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpasswordexpiration",
+                                              LDAP_MOD_REPLACE,
+                                              strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free (strval[0]);
+        }
+
+        if (entries->mask & KADM5_POLICY) {
+            memset(&princ_ent, 0, sizeof(princ_ent));
+            for (tl_data=entries->tl_data; tl_data; tl_data=tl_data->tl_data_next) {
+                if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) {
+                    /* FIX ME: I guess the princ_ent should be freed after this call */
+                    if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) {
+                        goto cleanup;
+                    }
+                }
+            }
+
+            if (princ_ent.aux_attributes & KADM5_POLICY) {
+                memset(strval, 0, sizeof(strval));
+                if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0)
+                    goto cleanup;
+                strval[0] = polname;
+                if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
+                    goto cleanup;
+            } else {
+                st = EINVAL;
+                krb5_set_error_message(context, st, "Password policy value null");
+                goto cleanup;
+            }
+        } else if (entries->mask & KADM5_LOAD && found_entry == TRUE) {
+            /*
+             * a load is special in that existing entries must have attrs that
+             * removed.
+             */
+
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, NULL)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_POLICY_CLR) {
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_KEY_DATA || entries->mask & KADM5_KVNO) {
             krb5_kvno mkvno;
 
             if ((st=krb5_dbe_lookup_mkvno(context, entries, &mkvno)) != 0)
                 goto cleanup;
-           bersecretkey = krb5_encode_krbsecretkey (entries->key_data,
-                                                    entries->n_key_data, mkvno);
-
-           if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
-                                             LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0)
-               goto cleanup;
-
-           if (!(entries->mask & KADM5_PRINCIPAL)) {
-               memset(strval, 0, sizeof(strval));
-               if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
-                   goto cleanup;
-               if ((st=krb5_add_str_mem_ldap_mod(&mods,
-                                                 "krbpasswordexpiration",
-                                                 LDAP_MOD_REPLACE, strval)) != 0) {
-                   free (strval[0]);
-                   goto cleanup;
-               }
-               free (strval[0]);
-           }
-
-           /* Update last password change whenever a new key is set */
-           {
-               krb5_timestamp last_pw_changed;
-               if ((st=krb5_dbe_lookup_last_pwd_change(context, entries,
-                                                       &last_pw_changed)) != 0)
-                   goto cleanup;
-
-               memset(strval, 0, sizeof(strval));
-               if ((strval[0] = getstringtime(last_pw_changed)) == NULL)
-                   goto cleanup;
-
-               if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastPwdChange",
-                                                 LDAP_MOD_REPLACE, strval)) != 0) {
-                   free (strval[0]);
-                   goto cleanup;
-               }
-               free (strval[0]);
-           }
-
-       } /* Modify Key data ends here */
-
-       /* Set tl_data */
-       if (entries->tl_data != NULL) {
-           int count = 0;
-           struct berval **ber_tl_data = NULL;
-           krb5_tl_data *ptr;
-           for (ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
-               if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
+            bersecretkey = krb5_encode_krbsecretkey (entries->key_data,
+                                                     entries->n_key_data, mkvno);
+
+            if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
+                                              LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0)
+                goto cleanup;
+
+            if (!(entries->mask & KADM5_PRINCIPAL)) {
+                memset(strval, 0, sizeof(strval));
+                if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
+                    goto cleanup;
+                if ((st=krb5_add_str_mem_ldap_mod(&mods,
+                                                  "krbpasswordexpiration",
+                                                  LDAP_MOD_REPLACE, strval)) != 0) {
+                    free (strval[0]);
+                    goto cleanup;
+                }
+                free (strval[0]);
+            }
+
+            /* Update last password change whenever a new key is set */
+            {
+                krb5_timestamp last_pw_changed;
+                if ((st=krb5_dbe_lookup_last_pwd_change(context, entries,
+                                                        &last_pw_changed)) != 0)
+                    goto cleanup;
+
+                memset(strval, 0, sizeof(strval));
+                if ((strval[0] = getstringtime(last_pw_changed)) == NULL)
+                    goto cleanup;
+
+                if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastPwdChange",
+                                                  LDAP_MOD_REPLACE, strval)) != 0) {
+                    free (strval[0]);
+                    goto cleanup;
+                }
+                free (strval[0]);
+            }
+
+        } /* Modify Key data ends here */
+
+        /* Set tl_data */
+        if (entries->tl_data != NULL) {
+            int count = 0;
+            struct berval **ber_tl_data = NULL;
+            krb5_tl_data *ptr;
+            for (ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
+                if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
 #ifdef SECURID
-                   || ptr->tl_data_type == KRB5_TL_DB_ARGS
+                    || ptr->tl_data_type == KRB5_TL_DB_ARGS
 #endif
-                   || ptr->tl_data_type == KRB5_TL_KADM_DATA
-                   || ptr->tl_data_type == KDB_TL_USER_INFO
-                   || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL)
-                   continue;
-               count++;
-           }
-           if (count != 0) {
-               int j;
-               ber_tl_data = (struct berval **) calloc (count + 1,
-                                                        sizeof (struct berval*));
-               if (ber_tl_data == NULL) {
-                   st = ENOMEM;
-                   goto cleanup;
-               }
-               for (j = 0, ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
-                   /* Ignore tl_data that are stored in separate directory
-                    * attributes */
-                   if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
+                    || ptr->tl_data_type == KRB5_TL_KADM_DATA
+                    || ptr->tl_data_type == KDB_TL_USER_INFO
+                    || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL)
+                    continue;
+                count++;
+            }
+            if (count != 0) {
+                int j;
+                ber_tl_data = (struct berval **) calloc (count + 1,
+                                                         sizeof (struct berval*));
+                if (ber_tl_data == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+                for (j = 0, ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
+                    /* Ignore tl_data that are stored in separate directory
+                     * attributes */
+                    if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
 #ifdef SECURID
-                       || ptr->tl_data_type == KRB5_TL_DB_ARGS
+                        || ptr->tl_data_type == KRB5_TL_DB_ARGS
 #endif
-                       || ptr->tl_data_type == KRB5_TL_KADM_DATA
-                       || ptr->tl_data_type == KDB_TL_USER_INFO
-                       || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL)
-                       continue;
-                   if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0)
-                       break;
-                   j++;
-               }
-               if (st != 0) {
-                   for (j = 0; ber_tl_data[j] != NULL; j++) {
-                       free (ber_tl_data[j]->bv_val);
-                       free (ber_tl_data[j]);
-                   }
-                   free (ber_tl_data);
-                   goto cleanup;
-               }
-               ber_tl_data[count] = NULL;
-               if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbExtraData",
-                                                 LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
-                                                 ber_tl_data)) != 0)
-                   goto cleanup;
-           }
-       }
-
-       /* Directory specific attribute */
-       if (xargs.tktpolicydn != NULL) {
-           int tmask=0;
-
-           if (strlen(xargs.tktpolicydn) != 0) {
-               st = checkattributevalue(ld, xargs.tktpolicydn, "objectclass", policyclass, &tmask);
-               CHECK_CLASS_VALIDITY(st, tmask, "ticket policy object value: ");
-
-               strval[0] = xargs.tktpolicydn;
-               strval[1] = NULL;
-               if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
-                   goto cleanup;
-
-           } else {
-               /* if xargs.tktpolicydn is a empty string, then delete
-                * already existing krbticketpolicyreference attr */
-               if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
-                   goto cleanup;
-           }
-
-       }
-
-       if (establish_links == TRUE) {
-           memset(strval, 0, sizeof(strval));
-           strval[0] = xargs.linkdn;
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbObjectReferences", LDAP_MOD_REPLACE, strval)) != 0)
-               goto cleanup;
-       }
-
-       /*
-        * in case mods is NULL then return
-        * not sure but can happen in a modprinc
-        * so no need to return an error
-        * addprinc will at least have the principal name
-        * and the keys passed in
-        */
-       if (mods == NULL)
-           goto cleanup;
-
-       if (create_standalone_prinicipal == TRUE) {
-           memset(strval, 0, sizeof(strval));
-           strval[0] = "krbprincipal";
-           strval[1] = "krbprincipalaux";
-           strval[2] = "krbTicketPolicyAux";
-
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-               goto cleanup;
-
-           st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
-           if (st == LDAP_ALREADY_EXISTS && entries->mask & KADM5_LOAD) {
-               /* a load operation must replace an existing entry */
-               st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL);
-               if (st != LDAP_SUCCESS) {
-                   snprintf(errbuf, sizeof(errbuf), "Principal delete failed (trying to replace entry): %s",
-                       ldap_err2string(st));
-                   st = translate_ldap_error (st, OP_ADD);
-                   krb5_set_error_message(context, st, "%s", errbuf);
-                   goto cleanup;
-               } else {
-                   st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
-               }
-           }
-           if (st != LDAP_SUCCESS) {
-               snprintf(errbuf, sizeof(errbuf), "Principal add failed: %s", ldap_err2string(st));
-               st = translate_ldap_error (st, OP_ADD);
-               krb5_set_error_message(context, st, "%s", errbuf);
-               goto cleanup;
-           }
-       } else {
-           /*
-            * Here existing ldap object is modified and can be related
-            * to any attribute, so always ensure that the ldap
-            * object is extended with all the kerberos related
-            * objectclasses so that there are no constraint
-            * violations.
-            */
-           {
-               char *attrvalues[] = {"krbprincipalaux", "krbTicketPolicyAux", NULL};
-               int p, q, r=0, amask=0;
-
-               if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn,
-                                           "objectclass", attrvalues, &amask)) != 0)
-                   goto cleanup;
-
-               memset(strval, 0, sizeof(strval));
-               for (p=1, q=0; p<=2; p<<=1, ++q) {
-                   if ((p & amask) == 0)
-                       strval[r++] = attrvalues[q];
-               }
-               if (r != 0) {
-                   if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-                       goto cleanup;
-               }
-           }
-           if (xargs.dn != NULL)
-               st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL);
-           else
-               st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL);
-
-           if (st != LDAP_SUCCESS) {
-               snprintf(errbuf, sizeof(errbuf), "User modification failed: %s", ldap_err2string(st));
-               st = translate_ldap_error (st, OP_MOD);
-               krb5_set_error_message(context, st, "%s", errbuf);
-               goto cleanup;
-           }
-
-           if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
-               entries->fail_auth_count++;
-       }
+                        || ptr->tl_data_type == KRB5_TL_KADM_DATA
+                        || ptr->tl_data_type == KDB_TL_USER_INFO
+                        || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL)
+                        continue;
+                    if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0)
+                        break;
+                    j++;
+                }
+                if (st != 0) {
+                    for (j = 0; ber_tl_data[j] != NULL; j++) {
+                        free (ber_tl_data[j]->bv_val);
+                        free (ber_tl_data[j]);
+                    }
+                    free (ber_tl_data);
+                    goto cleanup;
+                }
+                ber_tl_data[count] = NULL;
+                if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbExtraData",
+                                                  LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
+                                                  ber_tl_data)) != 0)
+                    goto cleanup;
+            }
+        }
+
+        /* Directory specific attribute */
+        if (xargs.tktpolicydn != NULL) {
+            int tmask=0;
+
+            if (strlen(xargs.tktpolicydn) != 0) {
+                st = checkattributevalue(ld, xargs.tktpolicydn, "objectclass", policyclass, &tmask);
+                CHECK_CLASS_VALIDITY(st, tmask, "ticket policy object value: ");
+
+                strval[0] = xargs.tktpolicydn;
+                strval[1] = NULL;
+                if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
+                    goto cleanup;
+
+            } else {
+                /* if xargs.tktpolicydn is a empty string, then delete
+                 * already existing krbticketpolicyreference attr */
+                if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
+                    goto cleanup;
+            }
+
+        }
+
+        if (establish_links == TRUE) {
+            memset(strval, 0, sizeof(strval));
+            strval[0] = xargs.linkdn;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbObjectReferences", LDAP_MOD_REPLACE, strval)) != 0)
+                goto cleanup;
+        }
+
+        /*
+         * in case mods is NULL then return
+         * not sure but can happen in a modprinc
+         * so no need to return an error
+         * addprinc will at least have the principal name
+         * and the keys passed in
+         */
+        if (mods == NULL)
+            goto cleanup;
+
+        if (create_standalone_prinicipal == TRUE) {
+            memset(strval, 0, sizeof(strval));
+            strval[0] = "krbprincipal";
+            strval[1] = "krbprincipalaux";
+            strval[2] = "krbTicketPolicyAux";
+
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+                goto cleanup;
+
+            st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
+            if (st == LDAP_ALREADY_EXISTS && entries->mask & KADM5_LOAD) {
+                /* a load operation must replace an existing entry */
+                st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL);
+                if (st != LDAP_SUCCESS) {
+                    snprintf(errbuf, sizeof(errbuf), "Principal delete failed (trying to replace entry): %s",
+                             ldap_err2string(st));
+                    st = translate_ldap_error (st, OP_ADD);
+                    krb5_set_error_message(context, st, "%s", errbuf);
+                    goto cleanup;
+                } else {
+                    st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
+                }
+            }
+            if (st != LDAP_SUCCESS) {
+                snprintf(errbuf, sizeof(errbuf), "Principal add failed: %s", ldap_err2string(st));
+                st = translate_ldap_error (st, OP_ADD);
+                krb5_set_error_message(context, st, "%s", errbuf);
+                goto cleanup;
+            }
+        } else {
+            /*
+             * Here existing ldap object is modified and can be related
+             * to any attribute, so always ensure that the ldap
+             * object is extended with all the kerberos related
+             * objectclasses so that there are no constraint
+             * violations.
+             */
+            {
+                char *attrvalues[] = {"krbprincipalaux", "krbTicketPolicyAux", NULL};
+                int p, q, r=0, amask=0;
+
+                if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn,
+                                            "objectclass", attrvalues, &amask)) != 0)
+                    goto cleanup;
+
+                memset(strval, 0, sizeof(strval));
+                for (p=1, q=0; p<=2; p<<=1, ++q) {
+                    if ((p & amask) == 0)
+                        strval[r++] = attrvalues[q];
+                }
+                if (r != 0) {
+                    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+                        goto cleanup;
+                }
+            }
+            if (xargs.dn != NULL)
+                st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL);
+            else
+                st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL);
+
+            if (st != LDAP_SUCCESS) {
+                snprintf(errbuf, sizeof(errbuf), "User modification failed: %s", ldap_err2string(st));
+                st = translate_ldap_error (st, OP_MOD);
+                krb5_set_error_message(context, st, "%s", errbuf);
+                goto cleanup;
+            }
+
+            if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
+                entries->fail_auth_count++;
+        }
     }
 
 cleanup:
     if (user)
-       free(user);
+        free(user);
 
     free_xargs(xargs);
 
     if (standalone_principal_dn)
-       free(standalone_principal_dn);
+        free(standalone_principal_dn);
 
     if (principal_dn)
-       free (principal_dn);
+        free (principal_dn);
 
     if (polname != NULL)
-       free(polname);
+        free(polname);
 
     if (subtree)
-       free (subtree);
+        free (subtree);
 
     if (bersecretkey) {
-       for (l=0; bersecretkey[l]; ++l) {
-           if (bersecretkey[l]->bv_val)
-               free (bersecretkey[l]->bv_val);
-           free (bersecretkey[l]);
-       }
-       free (bersecretkey);
+        for (l=0; bersecretkey[l]; ++l) {
+            if (bersecretkey[l]->bv_val)
+                free (bersecretkey[l]->bv_val);
+            free (bersecretkey[l]);
+        }
+        free (bersecretkey);
     }
 
     if (keys)
-       free (keys);
+        free (keys);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -1274,11 +1267,8 @@ cleanup:
 }
 
 krb5_error_code
-krb5_read_tkt_policy (context, ldap_context, entries, policy)
-    krb5_context                context;
-    krb5_ldap_context           *ldap_context;
-    krb5_db_entry               *entries;
-    char                        *policy;
+krb5_read_tkt_policy(krb5_context context, krb5_ldap_context *ldap_context,
+                     krb5_db_entry *entries, char *policy)
 {
     krb5_error_code             st=0;
     unsigned int                mask=0, omask=0;
@@ -1286,40 +1276,40 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy)
     krb5_ldap_policy_params     *tktpoldnparam=NULL;
 
     if ((st=krb5_get_attributes_mask(context, entries, &mask)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     if ((mask & tkt_mask) == tkt_mask)
-       goto cleanup;
+        goto cleanup;
 
     if (policy != NULL) {
-       st = krb5_ldap_read_policy(context, policy, &tktpoldnparam, &omask);
-       if (st && st != KRB5_KDB_NOENTRY) {
-           prepend_err_str(context, "Error reading ticket policy. ", st, st);
-           goto cleanup;
-       }
+        st = krb5_ldap_read_policy(context, policy, &tktpoldnparam, &omask);
+        if (st && st != KRB5_KDB_NOENTRY) {
+            prepend_err_str(context, "Error reading ticket policy. ", st, st);
+            goto cleanup;
+        }
 
-       st = 0; /* reset the return status */
+        st = 0; /* reset the return status */
     }
 
     if ((mask & KDB_MAX_LIFE_ATTR) == 0) {
-       if ((omask & KDB_MAX_LIFE_ATTR) ==  KDB_MAX_LIFE_ATTR)
-           entries->max_life = tktpoldnparam->maxtktlife;
-       else if (ldap_context->lrparams->max_life)
-           entries->max_life = ldap_context->lrparams->max_life;
+        if ((omask & KDB_MAX_LIFE_ATTR) ==  KDB_MAX_LIFE_ATTR)
+            entries->max_life = tktpoldnparam->maxtktlife;
+        else if (ldap_context->lrparams->max_life)
+            entries->max_life = ldap_context->lrparams->max_life;
     }
 
     if ((mask & KDB_MAX_RLIFE_ATTR) == 0) {
-       if ((omask & KDB_MAX_RLIFE_ATTR) == KDB_MAX_RLIFE_ATTR)
-           entries->max_renewable_life = tktpoldnparam->maxrenewlife;
-       else if (ldap_context->lrparams->max_renewable_life)
-           entries->max_renewable_life = ldap_context->lrparams->max_renewable_life;
+        if ((omask & KDB_MAX_RLIFE_ATTR) == KDB_MAX_RLIFE_ATTR)
+            entries->max_renewable_life = tktpoldnparam->maxrenewlife;
+        else if (ldap_context->lrparams->max_renewable_life)
+            entries->max_renewable_life = ldap_context->lrparams->max_renewable_life;
     }
 
     if ((mask & KDB_TKT_FLAGS_ATTR) == 0) {
-       if ((omask & KDB_TKT_FLAGS_ATTR) == KDB_TKT_FLAGS_ATTR)
-           entries->attributes = tktpoldnparam->tktflags;
-       else if (ldap_context->lrparams->tktflags)
-           entries->attributes |= ldap_context->lrparams->tktflags;
+        if ((omask & KDB_TKT_FLAGS_ATTR) == KDB_TKT_FLAGS_ATTR)
+            entries->attributes = tktpoldnparam->tktflags;
+        else if (ldap_context->lrparams->tktflags)
+            entries->attributes |= ldap_context->lrparams->tktflags;
     }
     krb5_ldap_free_policy(context, tktpoldnparam);
 
@@ -1328,12 +1318,9 @@ cleanup:
 }
 
 krb5_error_code
-krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data, mkvno)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    struct berval               **bvalues;
-    krb5_tl_data                *userinfo_tl_data;
-    krb5_kvno                   *mkvno;
+krb5_decode_krbsecretkey(krb5_context context, krb5_db_entry *entries,
+                         struct berval **bvalues,
+                         krb5_tl_data *userinfo_tl_data, krb5_kvno *mkvno)
 {
     char                        *user=NULL;
     int                         i=0, j=0, noofkeys=0;
@@ -1341,41 +1328,41 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data, mkvno)
     krb5_error_code             st=0;
 
     if ((st=krb5_unparse_name(context, entries->princ, &user)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     for (i=0; bvalues[i] != NULL; ++i) {
-       krb5_int16 n_kd;
-       krb5_key_data *kd;
-       krb5_data in;
-
-       if (bvalues[i]->bv_len == 0)
-           continue;
-       in.length = bvalues[i]->bv_len;
-       in.data = bvalues[i]->bv_val;
-
-       st = asn1_decode_sequence_of_keys (&in,
-                                          &kd,
-                                          &n_kd,
-                                          mkvno);
-
-       if (st != 0) {
-           const char *msg = error_message(st);
-           st = -1; /* Something more appropriate ? */
-           krb5_set_error_message (context, st,
-                                   "unable to decode stored principal key data (%s)", msg);
-           goto cleanup;
-       }
-       noofkeys += n_kd;
-       tmp = key_data;
-       key_data = realloc (key_data, noofkeys * sizeof (krb5_key_data));
-       if (key_data == NULL) {
-           key_data = tmp;
-           st = ENOMEM;
-           goto cleanup;
-       }
-       for (j = 0; j < n_kd; j++)
-           key_data[noofkeys - n_kd + j] = kd[j];
-       free (kd);
+        krb5_int16 n_kd;
+        krb5_key_data *kd;
+        krb5_data in;
+
+        if (bvalues[i]->bv_len == 0)
+            continue;
+        in.length = bvalues[i]->bv_len;
+        in.data = bvalues[i]->bv_val;
+
+        st = asn1_decode_sequence_of_keys (&in,
+                                           &kd,
+                                           &n_kd,
+                                           mkvno);
+
+        if (st != 0) {
+            const char *msg = error_message(st);
+            st = -1; /* Something more appropriate ? */
+            krb5_set_error_message (context, st,
+                                    "unable to decode stored principal key data (%s)", msg);
+            goto cleanup;
+        }
+        noofkeys += n_kd;
+        tmp = key_data;
+        key_data = realloc (key_data, noofkeys * sizeof (krb5_key_data));
+        if (key_data == NULL) {
+            key_data = tmp;
+            st = ENOMEM;
+            goto cleanup;
+        }
+        for (j = 0; j < n_kd; j++)
+            key_data[noofkeys - n_kd + j] = kd[j];
+        free (kd);
     }
 
     entries->n_key_data = noofkeys;
@@ -1388,19 +1375,18 @@ cleanup:
 }
 
 static char *
-getstringtime(epochtime)
-    krb5_timestamp    epochtime;
+getstringtime(krb5_timestamp epochtime)
 {
     struct tm           tme;
     char                *strtime=NULL;
-    time_t             posixtime = epochtime;
+    time_t              posixtime = epochtime;
 
     strtime = calloc (50, 1);
     if (strtime == NULL)
-       return NULL;
+        return NULL;
 
     if (gmtime_r(&posixtime, &tme) == NULL)
-       return NULL;
+        return NULL;
 
     strftime(strtime, 50, "%Y%m%d%H%M%SZ", &tme);
     return strtime;
index ed63e0812e15ca2625c3cd2b5ba0b065671d9b34..6d25ca1d8c3783f80913a2c3ef7d408726fd5598 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_pwd_policy.c
  *
 #include "ldap_err.h"
 
 static char *password_policy_attributes[] = { "cn", "krbmaxpwdlife", "krbminpwdlife",
-                                             "krbpwdmindiffchars", "krbpwdminlength",
-                                             "krbpwdhistorylength", "krbpwdmaxfailure",
-                                             "krbpwdfailurecountinterval",
-                                             "krbpwdlockoutduration", NULL };
+                                              "krbpwdmindiffchars", "krbpwdminlength",
+                                              "krbpwdhistorylength", "krbpwdmaxfailure",
+                                              "krbpwdfailurecountinterval",
+                                              "krbpwdlockoutduration", NULL };
 
 /*
  * Function to create password policy object.
  */
 
 krb5_error_code
-krb5_ldap_create_password_policy (context, policy)
-    krb5_context                context;
-    osa_policy_ent_t            policy;
+krb5_ldap_create_password_policy(krb5_context context, osa_policy_ent_t policy)
 {
-    krb5_error_code            st=0;
-    LDAP                       *ld=NULL;
-    LDAPMod                    **mods={NULL};
+    krb5_error_code             st=0;
+    LDAP                        *ld=NULL;
+    LDAPMod                     **mods={NULL};
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -65,61 +64,61 @@ krb5_ldap_create_password_policy (context, policy)
 
     /* validate the input parameters */
     if (policy == NULL || policy->name == NULL)
-       return EINVAL;
+        return EINVAL;
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     st = krb5_ldap_name_to_policydn (context, policy->name, &policy_dn);
     if (st != 0)
-       goto cleanup;
+        goto cleanup;
 
     /* get the first component of the dn to set the cn attribute */
     rdns = ldap_explode_dn(policy_dn, 1);
     if (rdns == NULL) {
-       st = EINVAL;
-       krb5_set_error_message(context, st, "Invalid password policy DN syntax");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "Invalid password policy DN syntax");
+        goto cleanup;
     }
 
     strval[0] = rdns[0];
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     strval[0] = "krbPwdPolicy";
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     if (((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxpwdlife", LDAP_MOD_ADD,
-                                      (signed) policy->pw_max_life)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_ADD,
-                                         (signed) policy->pw_min_life)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_ADD,
-                                         (signed) policy->pw_min_classes)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_ADD,
-                                         (signed) policy->pw_min_length)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_ADD,
-                                         (signed) policy->pw_history_num)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_ADD,
-                                         (signed) policy->pw_max_fail)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_ADD,
-                                         (signed) policy->pw_failcnt_interval)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_ADD,
-                                         (signed) policy->pw_lockout_duration)) != 0))
-       goto cleanup;
+                                       (signed) policy->pw_max_life)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_ADD,
+                                          (signed) policy->pw_min_life)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_ADD,
+                                          (signed) policy->pw_min_classes)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_ADD,
+                                          (signed) policy->pw_min_length)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_ADD,
+                                          (signed) policy->pw_history_num)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_ADD,
+                                          (signed) policy->pw_max_fail)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_ADD,
+                                          (signed) policy->pw_failcnt_interval)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_ADD,
+                                          (signed) policy->pw_lockout_duration)) != 0))
+        goto cleanup;
 
     /* password policy object creation */
     if ((st=ldap_add_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-       st = set_ldap_error (context, st, OP_ADD);
-       goto cleanup;
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
     }
 
 cleanup:
     if (rdns)
-       ldap_value_free(rdns);
+        ldap_value_free(rdns);
 
     if (policy_dn != NULL)
-       free (policy_dn);
+        free (policy_dn);
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return(st);
@@ -130,14 +129,12 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_put_password_policy (context, policy)
-    krb5_context                context;
-    osa_policy_ent_t            policy;
+krb5_ldap_put_password_policy(krb5_context context, osa_policy_ent_t policy)
 {
     char                        *policy_dn;
-    krb5_error_code            st=0;
-    LDAP                       *ld=NULL;
-    LDAPMod                    **mods=NULL;
+    krb5_error_code             st=0;
+    LDAP                        *ld=NULL;
+    LDAPMod                     **mods=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -147,32 +144,32 @@ krb5_ldap_put_password_policy (context, policy)
 
     /* validate the input parameters */
     if (policy == NULL || policy->name == NULL)
-       return EINVAL;
+        return EINVAL;
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     st = krb5_ldap_name_to_policydn (context, policy->name, &policy_dn);
     if (st != 0)
-       goto cleanup;
+        goto cleanup;
 
     if (((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxpwdlife", LDAP_MOD_REPLACE,
-                                      (signed) policy->pw_max_life)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_REPLACE,
-                                         (signed) policy->pw_min_life)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_REPLACE,
-                                         (signed) policy->pw_min_classes)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_REPLACE,
-                                         (signed) policy->pw_min_length)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_REPLACE,
-                                         (signed) policy->pw_history_num)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_REPLACE,
-                                         (signed) policy->pw_max_fail)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_REPLACE,
-                                         (signed) policy->pw_failcnt_interval)) != 0)
-       || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_REPLACE,
-                                         (signed) policy->pw_lockout_duration)) != 0))
-       goto cleanup;
+                                       (signed) policy->pw_max_life)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_min_life)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_min_classes)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_min_length)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_history_num)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_max_fail)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_failcnt_interval)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_lockout_duration)) != 0))
+        goto cleanup;
 
     /* modify the password policy object. */
     /*
@@ -181,13 +178,13 @@ krb5_ldap_put_password_policy (context, policy)
      * management of only such policy objects.
      */
     if ((st=ldap_modify_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-       st = set_ldap_error (context, st, OP_MOD);
-       goto cleanup;
+        st = set_ldap_error (context, st, OP_MOD);
+        goto cleanup;
     }
 
 cleanup:
     if (policy_dn != NULL)
-       free (policy_dn);
+        free (policy_dn);
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return(st);
@@ -195,10 +192,10 @@ cleanup:
 
 static krb5_error_code
 populate_policy(krb5_context context,
-    LDAP *ld,
-    LDAPMessage *ent,
-    char *pol_name,
-    osa_policy_ent_t pol_entry)
+                LDAP *ld,
+                LDAPMessage *ent,
+                char *pol_name,
+                osa_policy_ent_t pol_entry)
 {
     int st = 0;
     char *pol_dn;
@@ -220,7 +217,7 @@ populate_policy(krb5_context context,
     /* Get the reference count */
     pol_dn = ldap_get_dn(ld, ent);
     st = krb5_ldap_get_reference_count (context, pol_dn, "krbPwdPolicyReference",
-           &(pol_entry->policy_refcnt), ld);
+                                        &(pol_entry->policy_refcnt), ld);
     ldap_memfree(pol_dn);
 
 cleanup:
@@ -228,14 +225,12 @@ cleanup:
 }
 
 static krb5_error_code
-krb5_ldap_get_password_policy_from_dn (krb5_context context,
-    char *pol_name,
-    char *pol_dn,
-    osa_policy_ent_t *policy,
-    int *cnt)
+krb5_ldap_get_password_policy_from_dn(krb5_context context, char *pol_name,
+                                      char *pol_dn, osa_policy_ent_t *policy,
+                                      int *cnt)
 {
     krb5_error_code             st=0, tempst=0;
-    LDAP                       *ld=NULL;
+    LDAP                        *ld=NULL;
     LDAPMessage                 *result=NULL,*ent=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -246,7 +241,7 @@ krb5_ldap_get_password_policy_from_dn (krb5_context context,
 
     /* validate the input parameters */
     if (pol_dn == NULL)
-       return EINVAL;
+        return EINVAL;
 
     *policy = NULL;
     SETUP_CONTEXT();
@@ -255,8 +250,8 @@ krb5_ldap_get_password_policy_from_dn (krb5_context context,
     *cnt = 0;
     *(policy) = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec));
     if (*policy == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     memset(*policy, 0, sizeof(osa_policy_ent_rec));
 
@@ -270,31 +265,31 @@ krb5_ldap_get_password_policy_from_dn (krb5_context context,
 
     ent=ldap_first_entry(ld, result);
     if (ent != NULL) {
-       if ((st = populate_policy(context, ld, ent, pol_name, *policy)) != 0)
-           goto cleanup;
+        if ((st = populate_policy(context, ld, ent, pol_name, *policy)) != 0)
+            goto cleanup;
 #if 0 /************** Begin IFDEF'ed OUT *******************************/
-       krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &((*policy)->pw_max_life));
-       krb5_ldap_get_value(ld, ent, "krbminpwdlife", &((*policy)->pw_min_life));
-       krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &((*policy)->pw_min_classes));
-       krb5_ldap_get_value(ld, ent, "krbpwdminlength", &((*policy)->pw_min_length));
-       krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &((*policy)->pw_history_num));
-
-       /* Get the reference count */
-       st = krb5_ldap_get_reference_count (context,
-                                           name,
-                                           "krbPwdPolicyReference",
-                                           &(*policy)->policy_refcnt,
-                                           ld);
+        krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &((*policy)->pw_max_life));
+        krb5_ldap_get_value(ld, ent, "krbminpwdlife", &((*policy)->pw_min_life));
+        krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &((*policy)->pw_min_classes));
+        krb5_ldap_get_value(ld, ent, "krbpwdminlength", &((*policy)->pw_min_length));
+        krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &((*policy)->pw_history_num));
+
+        /* Get the reference count */
+        st = krb5_ldap_get_reference_count (context,
+                                            name,
+                                            "krbPwdPolicyReference",
+                                            &(*policy)->policy_refcnt,
+                                            ld);
 #endif /**************** END IFDEF'ed OUT *******************************/
     }
 
 cleanup:
     ldap_msgfree(result);
     if (st != 0) {
-       if (*policy != NULL) {
-           krb5_ldap_free_password_policy(context, *policy);
-           *policy = NULL;
-       }
+        if (*policy != NULL) {
+            krb5_ldap_free_password_policy(context, *policy);
+            *policy = NULL;
+        }
     }
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -306,11 +301,8 @@ cleanup:
  * 'krb5_ldap_get_password_policy_from_dn'
  */
 krb5_error_code
-krb5_ldap_get_password_policy (context, name, policy, cnt)
-    krb5_context                context;
-    char                        *name;
-    osa_policy_ent_t            *policy;
-    int                         *cnt;
+krb5_ldap_get_password_policy(krb5_context context, char *name,
+                              osa_policy_ent_t *policy, int *cnt)
 {
     krb5_error_code             st = 0;
     char                        *policy_dn = NULL;
@@ -320,26 +312,24 @@ krb5_ldap_get_password_policy (context, name, policy, cnt)
 
     /* validate the input parameters */
     if (name == NULL) {
-       st = EINVAL;
-       goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     st = krb5_ldap_name_to_policydn(context, name, &policy_dn);
     if (st != 0)
-       goto cleanup;
+        goto cleanup;
 
     st = krb5_ldap_get_password_policy_from_dn(context, name, policy_dn, policy, cnt);
 
 cleanup:
     if (policy_dn != NULL)
-       free (policy_dn);
+        free (policy_dn);
     return st;
 }
 
 krb5_error_code
-krb5_ldap_delete_password_policy (context, policy)
-    krb5_context                context;
-    char                        *policy;
+krb5_ldap_delete_password_policy(krb5_context context, char *policy)
 {
     int                         mask = 0;
     char                        *policy_dn = NULL, *class[] = {"krbpwdpolicy", NULL};
@@ -354,49 +344,47 @@ krb5_ldap_delete_password_policy (context, policy)
 
     /* validate the input parameters */
     if (policy == NULL)
-       return EINVAL;
+        return EINVAL;
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     st = krb5_ldap_name_to_policydn (context, policy, &policy_dn);
     if (st != 0)
-       goto cleanup;
+        goto cleanup;
 
     /* Ensure that the object is a password policy */
     if ((st=checkattributevalue(ld, policy_dn, "objectclass", class, &mask)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     if (mask == 0) {
-       st = KRB5_KDB_NOENTRY;
-       goto cleanup;
+        st = KRB5_KDB_NOENTRY;
+        goto cleanup;
     }
 
     if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != LDAP_SUCCESS) {
-       st = set_ldap_error (context, st, OP_DEL);
-       goto cleanup;
+        st = set_ldap_error (context, st, OP_DEL);
+        goto cleanup;
     }
 
 cleanup:
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     if (policy_dn != NULL)
-       free (policy_dn);
+        free (policy_dn);
 
     return st;
 }
 
 krb5_error_code
-krb5_ldap_iterate_password_policy(context, match_expr, func, func_arg)
-    krb5_context                context;
-    char                        *match_expr;
-    void                        (*func) (krb5_pointer, osa_policy_ent_t);
-    krb5_pointer                func_arg;
+krb5_ldap_iterate_password_policy(krb5_context context, char *match_expr,
+                                  void (*func)(krb5_pointer, osa_policy_ent_t),
+                                  krb5_pointer func_arg)
 {
     osa_policy_ent_rec          *entry=NULL;
-    char                       *policy=NULL;
+    char                        *policy=NULL;
     krb5_error_code             st=0, tempst=0;
-    LDAP                       *ld=NULL;
-    LDAPMessage                        *result=NULL, *ent=NULL;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL, *ent=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -408,53 +396,53 @@ krb5_ldap_iterate_password_policy(context, match_expr, func, func_arg)
     GET_HANDLE();
 
     if (ldap_context->lrparams->realmdn == NULL) {
-       st = EINVAL;
-       goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     LDAP_SEARCH(ldap_context->lrparams->realmdn, LDAP_SCOPE_ONELEVEL, "(objectclass=krbpwdpolicy)", password_policy_attributes);
     for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
-       krb5_boolean attr_present;
-
-       st = krb5_ldap_get_string(ld, ent, "cn", &policy, &attr_present);
-       if (st != 0)
-           goto cleanup;
-       if (attr_present == FALSE)
-           continue;
-
-       entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec));
-       CHECK_NULL(entry);
-       memset(entry, 0, sizeof(osa_policy_ent_rec));
-       if ((st = populate_policy(context, ld, ent, policy, entry)) != 0)
-           goto cleanup;
+        krb5_boolean attr_present;
+
+        st = krb5_ldap_get_string(ld, ent, "cn", &policy, &attr_present);
+        if (st != 0)
+            goto cleanup;
+        if (attr_present == FALSE)
+            continue;
+
+        entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec));
+        CHECK_NULL(entry);
+        memset(entry, 0, sizeof(osa_policy_ent_rec));
+        if ((st = populate_policy(context, ld, ent, policy, entry)) != 0)
+            goto cleanup;
 #if 0 /************** Begin IFDEF'ed OUT *******************************/
-       entry->name = policy;
-       entry->version = 1;
-
-       krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &(entry->pw_max_life));
-       krb5_ldap_get_value(ld, ent, "krbminpwdlife", &(entry->pw_min_life));
-       krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &(entry->pw_min_classes));
-       krb5_ldap_get_value(ld, ent, "krbpwdminlength", &(entry->pw_min_length));
-       krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &(entry->pw_history_num));
-
-       /* Get the reference count */
-       st = krb5_ldap_get_reference_count (context,
-                                           policy,
-                                           "krbPwdPolicyReference",
-                                           &(entry->policy_refcnt),
-                                           ld);
+        entry->name = policy;
+        entry->version = 1;
+
+        krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &(entry->pw_max_life));
+        krb5_ldap_get_value(ld, ent, "krbminpwdlife", &(entry->pw_min_life));
+        krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &(entry->pw_min_classes));
+        krb5_ldap_get_value(ld, ent, "krbpwdminlength", &(entry->pw_min_length));
+        krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &(entry->pw_history_num));
+
+        /* Get the reference count */
+        st = krb5_ldap_get_reference_count (context,
+                                            policy,
+                                            "krbPwdPolicyReference",
+                                            &(entry->policy_refcnt),
+                                            ld);
 #endif /**************** END IFDEF'ed OUT *******************************/
 
-       (*func)(func_arg, entry);
-       /* XXX this will free policy so don't free it */
-       krb5_ldap_free_password_policy(context, entry);
-       entry = NULL;
+        (*func)(func_arg, entry);
+        /* XXX this will free policy so don't free it */
+        krb5_ldap_free_password_policy(context, entry);
+        entry = NULL;
     }
     ldap_msgfree(result);
 
 cleanup:
     if (entry)
-       free (entry);
+        free (entry);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -466,9 +454,9 @@ krb5_ldap_free_password_policy (context, entry)
     osa_policy_ent_t            entry;
 {
     if (entry) {
-       if (entry->name)
-           free(entry->name);
-       free(entry);
+        if (entry->name)
+            free(entry->name);
+        free(entry);
     }
     return;
 }
index 846014eb63624d0b5a06d11c2759ac20bc35a923..12396ac122d3d8a6df123179bbd06649061b90ee 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_pwd_policy.h
  *
 #define _LDAP_KRBPWDPOLICY_H_
 
 krb5_error_code
-krb5_ldap_get_password_policy (krb5_context , char *, osa_policy_ent_t *, int *);
+krb5_ldap_get_password_policy(krb5_context, char *, osa_policy_ent_t *, int *);
 
 krb5_error_code
-krb5_ldap_create_password_policy (krb5_context , osa_policy_ent_t );
+krb5_ldap_create_password_policy(krb5_context, osa_policy_ent_t);
 
 krb5_error_code
-krb5_ldap_put_password_policy ( krb5_context kcontext, osa_policy_ent_t policy );
+krb5_ldap_put_password_policy(krb5_context kcontext, osa_policy_ent_t policy);
 
 krb5_error_code
-krb5_ldap_delete_password_policy ( krb5_context kcontext, char *policy );
+krb5_ldap_delete_password_policy (krb5_context kcontext, char *policy);
 
 krb5_error_code
 krb5_ldap_iterate_password_policy(krb5_context, char *,
-                                 void (*) (krb5_pointer, osa_policy_ent_t ),
-                                 krb5_pointer);
+                                  void (*)(krb5_pointer, osa_policy_ent_t),
+                                  krb5_pointer);
 
 void
-krb5_ldap_free_password_policy( krb5_context kcontext, osa_policy_ent_t entry );
+krb5_ldap_free_password_policy(krb5_context kcontext, osa_policy_ent_t entry);
 
 #endif
index fc84019e5af090986ea37f8206b92c48a82ad424..7096c0b230f0ccb6a327334492fe67594bd5df72 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_realm.c
  *
 
 #define END_OF_LIST -1
 char  *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef",
-                            "krbMaxTicketLife", "krbMaxRenewableAge",
-                            "krbTicketFlags", "krbUpEnabled",
-                            "krbTicketPolicyReference",
-                            "krbLdapServers",
-                            "krbKdcServers",  "krbAdmServers",
-                            "krbPwdServers", NULL};
+                             "krbMaxTicketLife", "krbMaxRenewableAge",
+                             "krbTicketFlags", "krbUpEnabled",
+                             "krbTicketPolicyReference",
+                             "krbLdapServers",
+                             "krbKdcServers",  "krbAdmServers",
+                             "krbPwdServers", NULL};
 
 
 char  *policy_attributes[] = { "krbMaxTicketLife",
-                              "krbMaxRenewableAge",
-                              "krbTicketFlags",
-                              NULL };
+                               "krbMaxRenewableAge",
+                               "krbTicketFlags",
+                               NULL };
 
 
 
@@ -74,83 +75,85 @@ char  *krbContainerRefclass[] = { "krbContainerRefAux", NULL};
  * Function to remove all special characters from a string (rfc2254).
  * Use whenever exact matching is to be done ...
  */
-char *ldap_filter_correct (char *in)
+char *
+ldap_filter_correct (char *in)
 {
     size_t i, count;
     char *out, *ptr;
     size_t len = strlen(in);
 
     for (i = 0, count = 0; i < len; i++)
-       switch (in[i]) {
-       case '*':
-       case '(':
-       case ')':
-       case '\\':
-       case '\0':
-           count ++;
-       }
+        switch (in[i]) {
+        case '*':
+        case '(':
+        case ')':
+        case '\\':
+        case '\0':
+            count ++;
+        }
 
     out = (char *)malloc((len + (count * 2) + 1) * sizeof (char));
     assert (out != NULL);
     memset(out, 0, len + (count * 2) + 1);
 
     for (i = 0, ptr = out; i < len; i++)
-       switch (in[i]) {
-       case '*':
-           ptr[0] = '\\';
-           ptr[1] = '2';
-           ptr[2] = 'a';
-           ptr += 3;
-           break;
-       case '(':
-           ptr[0] = '\\';
-           ptr[1] = '2';
-           ptr[2] = '8';
-           ptr += 3;
-           break;
-       case ')':
-           ptr[0] = '\\';
-           ptr[1] = '2';
-           ptr[2] = '9';
-           ptr += 3;
-           break;
-       case '\\':
-           ptr[0] = '\\';
-           ptr[1] = '5';
-           ptr[2] = 'c';
-           ptr += 3;
-           break;
-       case '\0':
-           ptr[0] = '\\';
-           ptr[1] = '0';
-           ptr[2] = '0';
-           ptr += 3;
-           break;
-       default:
-           ptr[0] = in[i];
-           ptr += 1;
-           break;
-       }
+        switch (in[i]) {
+        case '*':
+            ptr[0] = '\\';
+            ptr[1] = '2';
+            ptr[2] = 'a';
+            ptr += 3;
+            break;
+        case '(':
+            ptr[0] = '\\';
+            ptr[1] = '2';
+            ptr[2] = '8';
+            ptr += 3;
+            break;
+        case ')':
+            ptr[0] = '\\';
+            ptr[1] = '2';
+            ptr[2] = '9';
+            ptr += 3;
+            break;
+        case '\\':
+            ptr[0] = '\\';
+            ptr[1] = '5';
+            ptr[2] = 'c';
+            ptr += 3;
+            break;
+        case '\0':
+            ptr[0] = '\\';
+            ptr[1] = '0';
+            ptr[2] = '0';
+            ptr += 3;
+            break;
+        default:
+            ptr[0] = in[i];
+            ptr += 1;
+            break;
+        }
 
     /* ptr[count - 1] = '\0'; */
 
     return out;
 }
 
-static int principal_in_realm_2(krb5_principal principal, char *realm) {
+static int
+principal_in_realm_2(krb5_principal principal, char *realm) {
     /* Cross realm trust ... */
     if (principal->length == 2 &&
-       principal->data[0].length == sizeof ("krbtgt") &&
-       strncasecmp (principal->data[0].data, "krbtgt", sizeof ("krbtgt")) &&
-       principal->data[1].length == strlen (realm) &&
-       strncasecmp (principal->data[1].data, realm, strlen (realm)))
-       return 0;
+        principal->data[0].length == sizeof ("krbtgt") &&
+        strncasecmp (principal->data[0].data, "krbtgt", sizeof ("krbtgt")) &&
+        principal->data[1].length == strlen (realm) &&
+        strncasecmp (principal->data[1].data, realm, strlen (realm)))
+        return 0;
 
     if (strlen(realm) != principal->realm.length)
-       return 1;
+        return 1;
 
     if (strncasecmp(realm, principal->realm.data, principal->realm.length) != 0)
-       return 1;
+        return 1;
 
     return 0;
 }
@@ -160,13 +163,11 @@ static int principal_in_realm_2(krb5_principal principal, char *realm) {
  */
 
 krb5_error_code
-krb5_ldap_list_realm(context, realms)
-    krb5_context               context;
-    char                        ***realms;
+krb5_ldap_list_realm(krb5_context context, char ***realms)
 {
     char                        **values = NULL;
     unsigned int                i = 0;
-    int                                count = 0;
+    int                         count = 0;
     krb5_error_code             st = 0, tempst = 0;
     LDAP                        *ld = NULL;
     LDAPMessage                 *result = NULL, *ent = NULL;
@@ -178,45 +179,45 @@ krb5_ldap_list_realm(context, realms)
 
     /* get the kerberos container DN information */
     if (ldap_context->krbcontainer == NULL) {
-       if ((st = krb5_ldap_read_krbcontainer_params(context,
-                                                    &(ldap_context->krbcontainer))) != 0)
-           goto cleanup;
+        if ((st = krb5_ldap_read_krbcontainer_params(context,
+                                                     &(ldap_context->krbcontainer))) != 0)
+            goto cleanup;
     }
 
     /* get ldap handle */
     GET_HANDLE ();
 
     {
-       char *cn[] = {"cn", NULL};
-       LDAP_SEARCH(ldap_context->krbcontainer->DN,
-                   LDAP_SCOPE_ONELEVEL,
-                   "(objectclass=krbRealmContainer)",
-                   cn);
+        char *cn[] = {"cn", NULL};
+        LDAP_SEARCH(ldap_context->krbcontainer->DN,
+                    LDAP_SCOPE_ONELEVEL,
+                    "(objectclass=krbRealmContainer)",
+                    cn);
     }
 
     *realms = NULL;
 
     count = ldap_count_entries (ld, result);
     if (count == -1) {
-       ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
-       st = set_ldap_error (context, st, OP_SEARCH);
-       goto cleanup;
+        ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
+        st = set_ldap_error (context, st, OP_SEARCH);
+        goto cleanup;
     }
 
     *realms = calloc((unsigned int) count+1, sizeof (char *));
     CHECK_NULL(*realms);
 
     for (ent = ldap_first_entry(ld, result), count = 0; ent != NULL;
-        ent = ldap_next_entry(ld, ent)) {
+         ent = ldap_next_entry(ld, ent)) {
 
-       if ((values = ldap_get_values (ld, ent, "cn")) != NULL) {
+        if ((values = ldap_get_values (ld, ent, "cn")) != NULL) {
 
-           (*realms)[count] = strdup(values[0]);
-           CHECK_NULL((*realms)[count]);
-           count += 1;
+            (*realms)[count] = strdup(values[0]);
+            CHECK_NULL((*realms)[count]);
+            count += 1;
 
-           ldap_value_free(values);
-       }
+            ldap_value_free(values);
+        }
     } /* for (ent= ... */
     ldap_msgfree(result);
 
@@ -224,13 +225,13 @@ cleanup:
 
     /* some error, free up all the memory */
     if (st != 0) {
-       if (*realms) {
-           for (i=0; (*realms)[i] != NULL; ++i) {
-               free ((*realms)[i]);
-           }
-           free (*realms);
-           *realms = NULL;
-       }
+        if (*realms) {
+            for (i=0; (*realms)[i] != NULL; ++i) {
+                free ((*realms)[i]);
+            }
+            free (*realms);
+            *realms = NULL;
+        }
     }
 
     /* If there are no elements, still return a NULL terminated array */
@@ -250,9 +251,7 @@ delete_password_policy (krb5_pointer ptr, osa_policy_ent_t pol)
 }
 
 krb5_error_code
-krb5_ldap_delete_realm (context, lrealm)
-    krb5_context                context;
-    char                        *lrealm;
+krb5_ldap_delete_realm (krb5_context context, char *lrealm)
 {
     LDAP                        *ld = NULL;
     krb5_error_code             st = 0, tempst=0;
@@ -268,46 +267,46 @@ krb5_ldap_delete_realm (context, lrealm)
     SETUP_CONTEXT ();
 
     if (lrealm == NULL) {
-       st = EINVAL;
-       krb5_set_error_message (context, st, "Realm information not available");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Realm information not available");
+        goto cleanup;
     }
 
     if ((st=krb5_ldap_read_realm_params(context, lrealm, &rparam, &mask)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     /* get ldap handle */
     GET_HANDLE ();
 
     /* delete all the principals belonging to the realm in the tree */
     {
-       char *attr[] = {"krbprincipalname", NULL}, *realm=NULL, filter[256];
-       krb5_ldap_context lcontext;
+        char *attr[] = {"krbprincipalname", NULL}, *realm=NULL, filter[256];
+        krb5_ldap_context lcontext;
 
-       realm = ldap_filter_correct (lrealm);
-       assert (sizeof (filter) >= sizeof ("(krbprincipalname=)") +
-               strlen (realm) + 2 /* "*@" */ + 1);
+        realm = ldap_filter_correct (lrealm);
+        assert (sizeof (filter) >= sizeof ("(krbprincipalname=)") +
+                strlen (realm) + 2 /* "*@" */ + 1);
 
-       snprintf (filter, sizeof(filter), "(krbprincipalname=*@%s)", realm);
-       free (realm);
+        snprintf (filter, sizeof(filter), "(krbprincipalname=*@%s)", realm);
+        free (realm);
 
-       /* LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, filter, attr); */
-       memset(&lcontext, 0, sizeof(krb5_ldap_context));
-       lcontext.lrparams = rparam;
-       if ((st=krb5_get_subtree_info(&lcontext, &subtrees, &ntree)) != 0)
-           goto cleanup;
+        /* LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, filter, attr); */
+        memset(&lcontext, 0, sizeof(krb5_ldap_context));
+        lcontext.lrparams = rparam;
+        if ((st=krb5_get_subtree_info(&lcontext, &subtrees, &ntree)) != 0)
+            goto cleanup;
 
         result_arr = (LDAPMessage **)  calloc((unsigned int)ntree+1,
-                                             sizeof(LDAPMessage *));
+                                              sizeof(LDAPMessage *));
         if (result_arr == NULL) {
             st = ENOMEM;
             goto cleanup;
         }
 
-       for (l=0; l < ntree; ++l) {
-           LDAP_SEARCH(subtrees[l], rparam->search_scope, filter, attr);
-           result_arr[l] = result;
-       }
+        for (l=0; l < ntree; ++l) {
+            LDAP_SEARCH(subtrees[l], rparam->search_scope, filter, attr);
+            result_arr[l] = result;
+        }
     }
 
     /* NOTE: Here all the principals should be cached and the ldap handle should be freed,
@@ -317,23 +316,23 @@ krb5_ldap_delete_realm (context, lrealm)
      * thread-safe this should suffice.
      */
     for (j=0; (result=result_arr[j]) != NULL; ++j) {
-       for (ent = ldap_first_entry (ld, result); ent != NULL;
-            ent = ldap_next_entry (ld, ent)) {
-           if ((values = ldap_get_values(ld, ent, "krbPrincipalName")) != NULL) {
-               for (i = 0; values[i] != NULL; ++i) {
-                   krb5_parse_name(context, values[i], &principal);
-                   if (principal_in_realm_2(principal, lrealm) == 0) {
-                       int nent = 0;
-                       if ((st=krb5_ldap_delete_principal(context, principal,
-                                                          &nent)) != LDAP_SUCCESS)
-                           goto cleanup;
-                   }
-                   krb5_free_principal(context, principal);
-               }
-               ldap_value_free(values);
-           }
-       }
-       ldap_msgfree(result);
+        for (ent = ldap_first_entry (ld, result); ent != NULL;
+             ent = ldap_next_entry (ld, ent)) {
+            if ((values = ldap_get_values(ld, ent, "krbPrincipalName")) != NULL) {
+                for (i = 0; values[i] != NULL; ++i) {
+                    krb5_parse_name(context, values[i], &principal);
+                    if (principal_in_realm_2(principal, lrealm) == 0) {
+                        int nent = 0;
+                        if ((st=krb5_ldap_delete_principal(context, principal,
+                                                           &nent)) != LDAP_SUCCESS)
+                            goto cleanup;
+                    }
+                    krb5_free_principal(context, principal);
+                }
+                ldap_value_free(values);
+            }
+        }
+        ldap_msgfree(result);
     }
 
     /* Delete all password policies */
@@ -341,36 +340,36 @@ krb5_ldap_delete_realm (context, lrealm)
 
     /* Delete all ticket policies */
     {
-       if ((st = krb5_ldap_list_policy (context, ldap_context->lrparams->realmdn, &policy)) != 0) {
-           prepend_err_str (context, "Error reading ticket policy: ", st, st);
-           goto cleanup;
-       }
+        if ((st = krb5_ldap_list_policy (context, ldap_context->lrparams->realmdn, &policy)) != 0) {
+            prepend_err_str (context, "Error reading ticket policy: ", st, st);
+            goto cleanup;
+        }
 
-       for (i = 0; policy [i] != NULL; i++)
-           krb5_ldap_delete_policy(context, policy[i]);
+        for (i = 0; policy [i] != NULL; i++)
+            krb5_ldap_delete_policy(context, policy[i]);
     }
 
     /* Delete the realm object */
     if ((st=ldap_delete_ext_s(ld, ldap_context->lrparams->realmdn, NULL, NULL)) != LDAP_SUCCESS) {
-       int ost = st;
-       st = translate_ldap_error (st, OP_DEL);
-       krb5_set_error_message (context, st, "Realm Delete FAILED: %s",
-                               ldap_err2string(ost));
+        int ost = st;
+        st = translate_ldap_error (st, OP_DEL);
+        krb5_set_error_message (context, st, "Realm Delete FAILED: %s",
+                                ldap_err2string(ost));
     }
 
 cleanup:
     if (subtrees) {
-       for (l=0; l < ntree; ++l) {
-       if (subtrees[l])
-           free (subtrees[l]);
+        for (l=0; l < ntree; ++l) {
+            if (subtrees[l])
+                free (subtrees[l]);
         }
-       free (subtrees);
+        free (subtrees);
     }
 
     if (policy != NULL) {
-       for (i = 0; policy[i] != NULL; i++)
-           free (policy[i]);
-       free (policy);
+        for (i = 0; policy[i] != NULL; i++)
+            free (policy[i]);
+        free (policy);
     }
 
     krb5_ldap_free_realm_params(rparam);
@@ -384,10 +383,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_modify_realm(context, rparams, mask)
-    krb5_context             context;
-    krb5_ldap_realm_params   *rparams;
-    int                      mask;
+krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams,
+                       int mask)
 {
     LDAP                  *ld=NULL;
     krb5_error_code       st=0;
@@ -409,29 +406,29 @@ krb5_ldap_modify_realm(context, rparams, mask)
     krb5_ldap_server_handle *ldap_server_handle=NULL;
 
     if (mask == 0)
-       return 0;
+        return 0;
 
     if (rparams == NULL) {
-       st = EINVAL;
-       return st;
+        st = EINVAL;
+        return st;
     }
 
     SETUP_CONTEXT ();
 
     /* Check validity of arguments */
     if (ldap_context->krbcontainer == NULL ||
-       rparams->tl_data == NULL ||
-       rparams->tl_data->tl_data_contents == NULL ||
-       ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
-       ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
+        rparams->tl_data == NULL ||
+        rparams->tl_data->tl_data_contents == NULL ||
+        ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
+        ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
 #ifdef HAVE_EDIRECTORY
-       ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
-       ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
-       ((mask & LDAP_REALM_PASSWDSERVERS) && rparams->passwdservers == NULL) ||
+        ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
+        ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
+        ((mask & LDAP_REALM_PASSWDSERVERS) && rparams->passwdservers == NULL) ||
 #endif
-       0) {
-       st = EINVAL;
-       goto cleanup;
+        0) {
+        st = EINVAL;
+        goto cleanup;
     }
 
     /* get ldap handle */
@@ -439,16 +436,16 @@ krb5_ldap_modify_realm(context, rparams, mask)
 
     /* get the oldmask obtained from the krb5_ldap_read_realm_params */
     {
-       void *voidptr=NULL;
-
-       if ((st=decode_tl_data(rparams->tl_data, KDB_TL_MASK, &voidptr)) == 0) {
-           oldmask = *((int *) voidptr);
-           free (voidptr);
-       } else {
-           st = EINVAL;
-           krb5_set_error_message (context, st, "tl_data not available");
-           return st;
-       }
+        void *voidptr=NULL;
+
+        if ((st=decode_tl_data(rparams->tl_data, KDB_TL_MASK, &voidptr)) == 0) {
+            oldmask = *((int *) voidptr);
+            free (voidptr);
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "tl_data not available");
+            return st;
+        }
     }
 
 
@@ -457,17 +454,17 @@ krb5_ldap_modify_realm(context, rparams, mask)
         if ( rparams->subtree!=NULL)  {
             /*replace the subtrees with the present if the subtrees are present*/
             for(k=0;k<rparams->subtreecount && rparams->subtree[k]!=NULL;k++) {
-                    if (strlen(rparams->subtree[k]) != 0) {
-                        st = checkattributevalue(ld, rparams->subtree[k], "Objectclass", subtreeclass,
-                                &objectmask);
-                        CHECK_CLASS_VALIDITY(st, objectmask, "subtree value: ");
-                    }
+                if (strlen(rparams->subtree[k]) != 0) {
+                    st = checkattributevalue(ld, rparams->subtree[k], "Objectclass", subtreeclass,
+                                             &objectmask);
+                    CHECK_CLASS_VALIDITY(st, objectmask, "subtree value: ");
+                }
+            }
+            strval = rparams->subtree;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_REPLACE,
+                                              strval)) != 0) {
+                goto cleanup;
             }
-           strval = rparams->subtree;
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_REPLACE,
-                                           strval)) != 0) {
-              goto cleanup;
-           }
         }
     }
 
@@ -475,48 +472,48 @@ krb5_ldap_modify_realm(context, rparams, mask)
     if (mask & LDAP_REALM_CONTREF) {
         if (strlen(rparams->containerref) != 0 ) {
             st = checkattributevalue(ld, rparams->containerref, "Objectclass", subtreeclass,
-                     &objectmask);
+                                     &objectmask);
             CHECK_CLASS_VALIDITY(st, objectmask, "container reference value: ");
             strvalprc[0] = rparams->containerref;
             strvalprc[1] = NULL;
             if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbPrincContainerRef", LDAP_MOD_REPLACE,
-                            strvalprc)) != 0)
+                                              strvalprc)) != 0)
                 goto cleanup;
         }
     }
 
     /* SEARCHSCOPE ATTRIBUTE */
     if (mask & LDAP_REALM_SEARCHSCOPE) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_REPLACE,
-                                         (rparams->search_scope == LDAP_SCOPE_ONELEVEL
-                                          || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
-                                         rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_REPLACE,
+                                          (rparams->search_scope == LDAP_SCOPE_ONELEVEL
+                                           || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
+                                          rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_REALM_MAXRENEWLIFE) {
 
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_REPLACE,
-                                         rparams->max_renewable_life)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_REPLACE,
+                                          rparams->max_renewable_life)) != 0)
+            goto cleanup;
     }
 
     /* krbMaxTicketLife ATTRIBUTE */
 
     if (mask & LDAP_REALM_MAXTICKETLIFE) {
 
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_REPLACE,
-                                         rparams->max_life)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_REPLACE,
+                                          rparams->max_life)) != 0)
+            goto cleanup;
     }
 
     /* krbTicketFlags ATTRIBUTE */
 
     if (mask & LDAP_REALM_KRBTICKETFLAGS) {
 
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_REPLACE,
-                                         rparams->tktflags)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_REPLACE,
+                                          rparams->tktflags)) != 0)
+            goto cleanup;
     }
 
 
@@ -524,44 +521,44 @@ krb5_ldap_modify_realm(context, rparams, mask)
 
     /* KDCSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_KDCSERVERS) {
-       /* validate the server list */
-       for (i=0; rparams->kdcservers[i] != NULL; ++i) {
-           st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
-                                    &objectmask);
-           CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
-       }
-
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_REPLACE,
-                                         rparams->kdcservers)) != 0)
-           goto cleanup;
+        /* validate the server list */
+        for (i=0; rparams->kdcservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
+        }
+
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_REPLACE,
+                                          rparams->kdcservers)) != 0)
+            goto cleanup;
     }
 
     /* ADMINSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_ADMINSERVERS) {
-       /* validate the server list */
-       for (i=0; rparams->adminservers[i] != NULL; ++i) {
-           st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
-                                    &objectmask);
-           CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
-       }
-
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_REPLACE,
-                                         rparams->adminservers)) != 0)
-           goto cleanup;
+        /* validate the server list */
+        for (i=0; rparams->adminservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
+        }
+
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_REPLACE,
+                                          rparams->adminservers)) != 0)
+            goto cleanup;
     }
 
     /* PASSWDSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_PASSWDSERVERS) {
-       /* validate the server list */
-       for (i=0; rparams->passwdservers[i] != NULL; ++i) {
-           st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
-                                    &objectmask);
-           CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
-       }
-
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_REPLACE,
-                                         rparams->passwdservers)) != 0)
-           goto cleanup;
+        /* validate the server list */
+        for (i=0; rparams->passwdservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
+        }
+
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_REPLACE,
+                                          rparams->passwdservers)) != 0)
+            goto cleanup;
     }
 
     /*
@@ -570,56 +567,56 @@ krb5_ldap_modify_realm(context, rparams, mask)
      * deletions/additions to the list.
      */
     if (mask & LDAP_REALM_KDCSERVERS || mask & LDAP_REALM_ADMINSERVERS ||
-       mask & LDAP_REALM_PASSWDSERVERS) {
-       char *servers[] = {"krbKdcServers", "krbAdmServers", "krbPwdServers", NULL};
-
-       if ((st= ldap_search_ext_s(ld,
-                                  rparams->realmdn,
-                                  LDAP_SCOPE_BASE,
-                                  0,
-                                  servers,
-                                  0,
-                                  NULL,
-                                  NULL,
-                                  NULL,
-                                  0,
-                                  &result)) != LDAP_SUCCESS) {
-           st = set_ldap_error (context, st, OP_SEARCH);
-           goto cleanup;
-       }
-
-       ent = ldap_first_entry(ld, result);
-       if (ent) {
-           if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
-               count = ldap_count_values(values);
-               if ((st=copy_arrays(values, &oldkdcservers, count)) != 0)
-                   goto cleanup;
-               ldap_value_free(values);
-           }
-
-           if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
-               count = ldap_count_values(values);
-               if ((st=copy_arrays(values, &oldadminservers, count)) != 0)
-                   goto cleanup;
-               ldap_value_free(values);
-           }
-
-           if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
-               count = ldap_count_values(values);
-               if ((st=copy_arrays(values, &oldpasswdservers, count)) != 0)
-                   goto cleanup;
-               ldap_value_free(values);
-           }
-       }
-       ldap_msgfree(result);
+        mask & LDAP_REALM_PASSWDSERVERS) {
+        char *servers[] = {"krbKdcServers", "krbAdmServers", "krbPwdServers", NULL};
+
+        if ((st= ldap_search_ext_s(ld,
+                                   rparams->realmdn,
+                                   LDAP_SCOPE_BASE,
+                                   0,
+                                   servers,
+                                   0,
+                                   NULL,
+                                   NULL,
+                                   NULL,
+                                   0,
+                                   &result)) != LDAP_SUCCESS) {
+            st = set_ldap_error (context, st, OP_SEARCH);
+            goto cleanup;
+        }
+
+        ent = ldap_first_entry(ld, result);
+        if (ent) {
+            if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
+                count = ldap_count_values(values);
+                if ((st=copy_arrays(values, &oldkdcservers, count)) != 0)
+                    goto cleanup;
+                ldap_value_free(values);
+            }
+
+            if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
+                count = ldap_count_values(values);
+                if ((st=copy_arrays(values, &oldadminservers, count)) != 0)
+                    goto cleanup;
+                ldap_value_free(values);
+            }
+
+            if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
+                count = ldap_count_values(values);
+                if ((st=copy_arrays(values, &oldpasswdservers, count)) != 0)
+                    goto cleanup;
+                ldap_value_free(values);
+            }
+        }
+        ldap_msgfree(result);
     }
 #endif
 
     /* Realm modify opearation */
     if (mods != NULL) {
         if ((st=ldap_modify_ext_s(ld, rparams->realmdn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-           st = set_ldap_error (context, st, OP_MOD);
-           goto cleanup;
+            st = set_ldap_error (context, st, OP_MOD);
+            goto cleanup;
         }
     }
 
@@ -628,112 +625,112 @@ krb5_ldap_modify_realm(context, rparams, mask)
      * to the 4 servers' list.
      */
     if (mask & LDAP_REALM_KDCSERVERS) {
-       char **newkdcservers=NULL;
-
-       count = ldap_count_values(rparams->kdcservers);
-       if ((st=copy_arrays(rparams->kdcservers, &newkdcservers, count)) != 0)
-           goto cleanup;
-
-       /* find the deletions and additions to the server list */
-       if (oldkdcservers && newkdcservers)
-           disjoint_members(oldkdcservers, newkdcservers);
-
-       /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
-       if (oldkdcservers)
-           for (i=0; oldkdcservers[i]; ++i)
-               if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences",
-                                       rparams->realmdn)) != 0) {
-                   snprintf (errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from %s: ",
-                             oldkdcservers[i]);
-                   prepend_err_str (context, errbuf, st, st);
-                   goto cleanup;
-               }
-
-       /* add the krbRealmReferences attribute from the servers that are associated. */
-       if (newkdcservers)
-           for (i=0; newkdcservers[i]; ++i)
-               if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences",
-                                       rparams->realmdn)) != 0) {
-                   snprintf (errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-                             newkdcservers[i]);
-                   prepend_err_str (context, errbuf, st, st);
-                   goto cleanup;
-               }
-
-       if (newkdcservers)
-           ldap_value_free(newkdcservers);
+        char **newkdcservers=NULL;
+
+        count = ldap_count_values(rparams->kdcservers);
+        if ((st=copy_arrays(rparams->kdcservers, &newkdcservers, count)) != 0)
+            goto cleanup;
+
+        /* find the deletions and additions to the server list */
+        if (oldkdcservers && newkdcservers)
+            disjoint_members(oldkdcservers, newkdcservers);
+
+        /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
+        if (oldkdcservers)
+            for (i=0; oldkdcservers[i]; ++i)
+                if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf (errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from %s: ",
+                              oldkdcservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+
+        /* add the krbRealmReferences attribute from the servers that are associated. */
+        if (newkdcservers)
+            for (i=0; newkdcservers[i]; ++i)
+                if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf (errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                              newkdcservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+
+        if (newkdcservers)
+            ldap_value_free(newkdcservers);
     }
 
     if (mask & LDAP_REALM_ADMINSERVERS) {
-       char **newadminservers=NULL;
-
-       count = ldap_count_values(rparams->adminservers);
-       if ((st=copy_arrays(rparams->adminservers, &newadminservers, count)) != 0)
-           goto cleanup;
-
-       /* find the deletions and additions to the server list */
-       if (oldadminservers && newadminservers)
-           disjoint_members(oldadminservers, newadminservers);
-
-       /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
-       if (oldadminservers)
-           for (i=0; oldadminservers[i]; ++i)
-               if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences",
-                                       rparams->realmdn)) != 0) {
-                   snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
-                            "%s: ", oldadminservers[i]);
-                   prepend_err_str (context, errbuf, st, st);
-                   goto cleanup;
-               }
-
-       /* add the krbRealmReferences attribute from the servers that are associated. */
-       if (newadminservers)
-           for (i=0; newadminservers[i]; ++i)
-               if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences",
-                                       rparams->realmdn)) != 0) {
-                   snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-                            newadminservers[i]);
-                   prepend_err_str (context, errbuf, st, st);
-                   goto cleanup;
-               }
-       if (newadminservers)
-           ldap_value_free(newadminservers);
+        char **newadminservers=NULL;
+
+        count = ldap_count_values(rparams->adminservers);
+        if ((st=copy_arrays(rparams->adminservers, &newadminservers, count)) != 0)
+            goto cleanup;
+
+        /* find the deletions and additions to the server list */
+        if (oldadminservers && newadminservers)
+            disjoint_members(oldadminservers, newadminservers);
+
+        /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
+        if (oldadminservers)
+            for (i=0; oldadminservers[i]; ++i)
+                if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
+                             "%s: ", oldadminservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+
+        /* add the krbRealmReferences attribute from the servers that are associated. */
+        if (newadminservers)
+            for (i=0; newadminservers[i]; ++i)
+                if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                             newadminservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+        if (newadminservers)
+            ldap_value_free(newadminservers);
     }
 
     if (mask & LDAP_REALM_PASSWDSERVERS) {
-       char **newpasswdservers=NULL;
-
-       count = ldap_count_values(rparams->passwdservers);
-       if ((st=copy_arrays(rparams->passwdservers, &newpasswdservers, count)) != 0)
-           goto cleanup;
-
-       /* find the deletions and additions to the server list */
-       if (oldpasswdservers && newpasswdservers)
-           disjoint_members(oldpasswdservers, newpasswdservers);
-
-       /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
-       if (oldpasswdservers)
-           for (i=0; oldpasswdservers[i]; ++i)
-               if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences",
-                                       rparams->realmdn)) != 0) {
-                   snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
-                            "%s: ", oldpasswdservers[i]);
-                   prepend_err_str (context, errbuf, st, st);
-                   goto cleanup;
-               }
-
-       /* add the krbRealmReferences attribute from the servers that are associated. */
-       if (newpasswdservers)
-           for (i=0; newpasswdservers[i]; ++i)
-               if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences",
-                                       rparams->realmdn)) != 0) {
-                   snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-                            newpasswdservers[i]);
-                   prepend_err_str (context, errbuf, st, st);
-                   goto cleanup;
-               }
-       if (newpasswdservers)
-           ldap_value_free(newpasswdservers);
+        char **newpasswdservers=NULL;
+
+        count = ldap_count_values(rparams->passwdservers);
+        if ((st=copy_arrays(rparams->passwdservers, &newpasswdservers, count)) != 0)
+            goto cleanup;
+
+        /* find the deletions and additions to the server list */
+        if (oldpasswdservers && newpasswdservers)
+            disjoint_members(oldpasswdservers, newpasswdservers);
+
+        /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
+        if (oldpasswdservers)
+            for (i=0; oldpasswdservers[i]; ++i)
+                if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
+                             "%s: ", oldpasswdservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+
+        /* add the krbRealmReferences attribute from the servers that are associated. */
+        if (newpasswdservers)
+            for (i=0; newpasswdservers[i]; ++i)
+                if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                             newpasswdservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+        if (newpasswdservers)
+            ldap_value_free(newpasswdservers);
     }
 #endif
 
@@ -741,21 +738,21 @@ cleanup:
 
 #ifdef HAVE_EDIRECTORY
     if (oldkdcservers) {
-       for (i=0; oldkdcservers[i]; ++i)
-           free(oldkdcservers[i]);
-       free(oldkdcservers);
+        for (i=0; oldkdcservers[i]; ++i)
+            free(oldkdcservers[i]);
+        free(oldkdcservers);
     }
 
     if (oldadminservers) {
-       for (i=0; oldadminservers[i]; ++i)
-           free(oldadminservers[i]);
-       free(oldadminservers);
+        for (i=0; oldadminservers[i]; ++i)
+            free(oldadminservers[i]);
+        free(oldadminservers);
     }
 
     if (oldpasswdservers) {
-       for (i=0; oldpasswdservers[i]; ++i)
-           free(oldpasswdservers[i]);
-       free(oldpasswdservers);
+        for (i=0; oldpasswdservers[i]; ++i)
+            free(oldpasswdservers[i]);
+        free(oldpasswdservers);
     }
 #endif
 
@@ -771,9 +768,9 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_create_krbcontainer(context, krbcontparams)
-    krb5_context                          context;
-    const krb5_ldap_krbcontainer_params   *krbcontparams;
+krb5_ldap_create_krbcontainer(krb5_context context,
+                              const
+                              krb5_ldap_krbcontainer_params *krbcontparams)
 {
     LDAP                        *ld=NULL;
     char                        *strval[2]={NULL}, *kerberoscontdn=NULL, **rdns=NULL;
@@ -793,54 +790,54 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
     GET_HANDLE ();
 
     if (krbcontparams != NULL && krbcontparams->DN != NULL) {
-       kerberoscontdn = krbcontparams->DN;
+        kerberoscontdn = krbcontparams->DN;
     } else {
-       /* If the user has not given, use the default cn=Kerberos,cn=Security */
+        /* If the user has not given, use the default cn=Kerberos,cn=Security */
 #ifdef HAVE_EDIRECTORY
-       kerberoscontdn = KERBEROS_CONTAINER;
+        kerberoscontdn = KERBEROS_CONTAINER;
 #else
-       st = EINVAL;
-       krb5_set_error_message (context, st, "Kerberos Container information is missing");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Kerberos Container information is missing");
+        goto cleanup;
 #endif
     }
 
     strval[0] = "krbContainer";
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     rdns = ldap_explode_dn(kerberoscontdn, 1);
     if (rdns == NULL) {
-       st = EINVAL;
-       krb5_set_error_message(context, st, "Invalid Kerberos container DN");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "Invalid Kerberos container DN");
+        goto cleanup;
     }
 
     strval[0] = rdns[0];
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     /* check if the policy reference value exists and is of krbticketpolicyreference object class */
     if (krbcontparams && krbcontparams->policyreference) {
-       st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass,
-                                &pmask);
-       CHECK_CLASS_VALIDITY(st, pmask, "ticket policy object value: ");
-
-       strval[0] = krbcontparams->policyreference;
-       strval[1] = NULL;
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_ADD,
-                                         strval)) != 0)
-           goto cleanup;
+        st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass,
+                                 &pmask);
+        CHECK_CLASS_VALIDITY(st, pmask, "ticket policy object value: ");
+
+        strval[0] = krbcontparams->policyreference;
+        strval[1] = NULL;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_ADD,
+                                          strval)) != 0)
+            goto cleanup;
     }
 
     /* create the kerberos container */
     if ((st = ldap_add_ext_s(ld, kerberoscontdn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-       int ost = st;
-       st = translate_ldap_error (st, OP_ADD);
-       krb5_set_error_message (context, st, "Kerberos Container create FAILED: %s", ldap_err2string(ost));
-       goto cleanup;
+        int ost = st;
+        st = translate_ldap_error (st, OP_ADD);
+        krb5_set_error_message (context, st, "Kerberos Container create FAILED: %s", ldap_err2string(ost));
+        goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
@@ -851,40 +848,40 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
 
     /* check whether the security container is bound to krbcontainerrefaux object class */
     if ((st=checkattributevalue(ld, SECURITY_CONTAINER, "objectClass",
-                               krbContainerRefclass, &crmask)) != 0) {
-       prepend_err_str (context, "Security Container read FAILED: ", st, st);
-       /* delete Kerberos Container, status ignored intentionally */
-       ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
-       goto cleanup;
+                                krbContainerRefclass, &crmask)) != 0) {
+        prepend_err_str (context, "Security Container read FAILED: ", st, st);
+        /* delete Kerberos Container, status ignored intentionally */
+        ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
+        goto cleanup;
     }
 
     if (crmask == 0) {
-       /* Security Container is extended with krbcontainerrefaux object class */
-       strval[0] = "krbContainerRefAux";
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-           goto cleanup;
+        /* Security Container is extended with krbcontainerrefaux object class */
+        strval[0] = "krbContainerRefAux";
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+            goto cleanup;
     }
 
     strval[0] = kerberoscontdn;
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbcontainerreference", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     /* update the security container with krbContainerReference attribute */
     if ((st=ldap_modify_ext_s(ld, SECURITY_CONTAINER, mods, NULL, NULL)) != LDAP_SUCCESS) {
-       int ost = st;
-       st = translate_ldap_error (st, OP_MOD);
-       krb5_set_error_message (context, st, "Security Container update FAILED: %s", ldap_err2string(ost));
-       /* delete Kerberos Container, status ignored intentionally */
-       ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
-       goto cleanup;
+        int ost = st;
+        st = translate_ldap_error (st, OP_MOD);
+        krb5_set_error_message (context, st, "Security Container update FAILED: %s", ldap_err2string(ost));
+        /* delete Kerberos Container, status ignored intentionally */
+        ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
+        goto cleanup;
     }
 #endif
 
 cleanup:
 
     if (rdns)
-       ldap_value_free (rdns);
+        ldap_value_free (rdns);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -897,7 +894,8 @@ cleanup:
 
 krb5_error_code
 krb5_ldap_delete_krbcontainer(krb5_context context,
-    const krb5_ldap_krbcontainer_params *krbcontparams)
+                              const
+                              krb5_ldap_krbcontainer_params *krbcontparams)
 {
     LDAP                        *ld=NULL;
     char                        *kerberoscontdn=NULL;
@@ -912,24 +910,24 @@ krb5_ldap_delete_krbcontainer(krb5_context context,
     GET_HANDLE ();
 
     if (krbcontparams != NULL && krbcontparams->DN != NULL) {
-       kerberoscontdn = krbcontparams->DN;
+        kerberoscontdn = krbcontparams->DN;
     } else {
-       /* If the user has not given, use the default cn=Kerberos,cn=Security */
+        /* If the user has not given, use the default cn=Kerberos,cn=Security */
 #ifdef HAVE_EDIRECTORY
-       kerberoscontdn = KERBEROS_CONTAINER;
+        kerberoscontdn = KERBEROS_CONTAINER;
 #else
-       st = EINVAL;
-       krb5_set_error_message (context, st, "Kerberos Container information is missing");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Kerberos Container information is missing");
+        goto cleanup;
 #endif
     }
 
     /* delete the kerberos container */
     if ((st = ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL)) != LDAP_SUCCESS) {
-       int ost = st;
-       st = translate_ldap_error (st, OP_ADD);
-       krb5_set_error_message (context, st, "Kerberos Container delete FAILED: %s", ldap_err2string(ost));
-       goto cleanup;
+        int ost = st;
+        st = translate_ldap_error (st, OP_ADD);
+        krb5_set_error_message (context, st, "Kerberos Container delete FAILED: %s", ldap_err2string(ost));
+        goto cleanup;
     }
 
 cleanup:
@@ -944,16 +942,14 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_create_realm(context, rparams, mask)
-    krb5_context                context;
-    krb5_ldap_realm_params      *rparams;
-    int                         mask;
+krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams,
+                       int mask)
 {
     LDAP                        *ld=NULL;
     krb5_error_code             st=0;
     char                        *dn=NULL;
     char                        *strval[4]={NULL};
-    char                       *contref[2]={NULL};
+    char                        *contref[2]={NULL};
     LDAPMod                     **mods = NULL;
     int                         i=0, objectmask=0, subtreecount=0;
     kdb5_dal_handle             *dal_handle=NULL;
@@ -968,26 +964,26 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     /* Check input validity ... */
     if (ldap_context->krbcontainer == NULL ||
-       ldap_context->krbcontainer->DN == NULL ||
-       rparams == NULL ||
-       rparams->realm_name == NULL ||
-       ((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
-       ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
-       ((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) ||
+        ldap_context->krbcontainer->DN == NULL ||
+        rparams == NULL ||
+        rparams->realm_name == NULL ||
+        ((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
+        ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
+        ((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) ||
 #ifdef HAVE_EDIRECTORY
-       ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
-       ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
-       ((mask & LDAP_REALM_PASSWDSERVERS) && rparams->passwdservers == NULL) ||
+        ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
+        ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
+        ((mask & LDAP_REALM_PASSWDSERVERS) && rparams->passwdservers == NULL) ||
 #endif
-       0) {
-       st = EINVAL;
-       return st;
+        0) {
+        st = EINVAL;
+        return st;
     }
 
     if (ldap_context->krbcontainer == NULL) {
-       if ((st = krb5_ldap_read_krbcontainer_params(context,
-                                                    &(ldap_context->krbcontainer))) != 0)
-           goto cleanup;
+        if ((st = krb5_ldap_read_krbcontainer_params(context,
+                                                     &(ldap_context->krbcontainer))) != 0)
+            goto cleanup;
     }
 
     /* get ldap handle */
@@ -996,14 +992,14 @@ krb5_ldap_create_realm(context, rparams, mask)
     realm_name = rparams->realm_name;
 
     if (asprintf(&dn, "cn=%s,%s", realm_name,
-                ldap_context->krbcontainer->DN) < 0)
-       dn = NULL;
+                 ldap_context->krbcontainer->DN) < 0)
+        dn = NULL;
     CHECK_NULL(dn);
 
     strval[0] = realm_name;
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     strval[0] = "top";
     strval[1] = "krbrealmcontainer";
@@ -1011,31 +1007,31 @@ krb5_ldap_create_realm(context, rparams, mask)
     strval[3] = NULL;
 
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     /* SUBTREE ATTRIBUTE */
     if (mask & LDAP_REALM_SUBTREE) {
         if ( rparams->subtree!=NULL)  {
-              subtreecount = rparams->subtreecount;
-             for (i=0; rparams->subtree[i]!=NULL && i<subtreecount; i++) {
-                 if (strlen(rparams->subtree[i]) != 0) {
-                      st = checkattributevalue(ld, rparams->subtree[i], "Objectclass", subtreeclass,
-                             &objectmask);
-                      CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: ");
-                 }
-             }
-             if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_ADD,
-                              rparams->subtree)) != 0) {
-                goto cleanup;
-             }
-       }
+            subtreecount = rparams->subtreecount;
+            for (i=0; rparams->subtree[i]!=NULL && i<subtreecount; i++) {
+                if (strlen(rparams->subtree[i]) != 0) {
+                    st = checkattributevalue(ld, rparams->subtree[i], "Objectclass", subtreeclass,
+                                             &objectmask);
+                    CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: ");
+                }
+            }
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_ADD,
+                                              rparams->subtree)) != 0) {
+                goto cleanup;
+            }
+        }
     }
 
     /* CONTAINER REFERENCE ATTRIBUTE */
     if (mask & LDAP_REALM_CONTREF) {
         if (strlen(rparams->containerref) != 0 ) {
             st = checkattributevalue(ld, rparams->containerref, "Objectclass", subtreeclass,
-                             &objectmask);
+                                     &objectmask);
             CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: ");
             contref[0] = rparams->containerref;
             contref[1] = NULL;
@@ -1047,35 +1043,35 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     /* SEARCHSCOPE ATTRIBUTE */
     if (mask & LDAP_REALM_SEARCHSCOPE) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_ADD,
-                                         (rparams->search_scope == LDAP_SCOPE_ONELEVEL
-                                          || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
-                                         rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_ADD,
+                                          (rparams->search_scope == LDAP_SCOPE_ONELEVEL
+                                           || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
+                                          rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
+            goto cleanup;
     }
     if (mask & LDAP_REALM_MAXRENEWLIFE) {
 
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_ADD,
-                                         rparams->max_renewable_life)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_ADD,
+                                          rparams->max_renewable_life)) != 0)
+            goto cleanup;
     }
 
     /* krbMaxTicketLife ATTRIBUTE */
 
     if (mask & LDAP_REALM_MAXTICKETLIFE) {
 
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_ADD,
-                                         rparams->max_life)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_ADD,
+                                          rparams->max_life)) != 0)
+            goto cleanup;
     }
 
     /* krbTicketFlags ATTRIBUTE */
 
     if (mask & LDAP_REALM_KRBTICKETFLAGS) {
 
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_ADD,
-                                         rparams->tktflags)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_ADD,
+                                          rparams->tktflags)) != 0)
+            goto cleanup;
     }
 
 
@@ -1083,95 +1079,95 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     /* KDCSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_KDCSERVERS) {
-       /* validate the server list */
-       for (i=0; rparams->kdcservers[i] != NULL; ++i) {
-           st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
-                                    &objectmask);
-           CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
+        /* validate the server list */
+        for (i=0; rparams->kdcservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
 
-       }
+        }
 
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_ADD,
-                                         rparams->kdcservers)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_ADD,
+                                          rparams->kdcservers)) != 0)
+            goto cleanup;
     }
 
     /* ADMINSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_ADMINSERVERS) {
-       /* validate the server list */
-       for (i=0; rparams->adminservers[i] != NULL; ++i) {
-           st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
-                                    &objectmask);
-           CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
+        /* validate the server list */
+        for (i=0; rparams->adminservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
 
-       }
+        }
 
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_ADD,
-                                         rparams->adminservers)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_ADD,
+                                          rparams->adminservers)) != 0)
+            goto cleanup;
     }
 
     /* PASSWDSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_PASSWDSERVERS) {
-       /* validate the server list */
-       for (i=0; rparams->passwdservers[i] != NULL; ++i) {
-           st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
-                                    &objectmask);
-           CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
+        /* validate the server list */
+        for (i=0; rparams->passwdservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
 
-       }
+        }
 
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_ADD,
-                                         rparams->passwdservers)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_ADD,
+                                          rparams->passwdservers)) != 0)
+            goto cleanup;
     }
 #endif
 
     /* realm creation operation */
     if ((st=ldap_add_ext_s(ld, dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-       st = set_ldap_error (context, st, OP_ADD);
-       goto cleanup;
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
     if (mask & LDAP_REALM_KDCSERVERS)
-       for (i=0; rparams->kdcservers[i]; ++i)
-           if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) {
-               snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-                        rparams->kdcservers[i]);
-               prepend_err_str (context, errbuf, st, st);
-               /* delete Realm, status ignored intentionally */
-               ldap_delete_ext_s(ld, dn, NULL, NULL);
-               goto cleanup;
-           }
+        for (i=0; rparams->kdcservers[i]; ++i)
+            if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) {
+                snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                         rparams->kdcservers[i]);
+                prepend_err_str (context, errbuf, st, st);
+                /* delete Realm, status ignored intentionally */
+                ldap_delete_ext_s(ld, dn, NULL, NULL);
+                goto cleanup;
+            }
 
     if (mask & LDAP_REALM_ADMINSERVERS)
-       for (i=0; rparams->adminservers[i]; ++i)
-           if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) {
-               snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-                        rparams->adminservers[i]);
-               prepend_err_str (context, errbuf, st, st);
-               /* delete Realm, status ignored intentionally */
-               ldap_delete_ext_s(ld, dn, NULL, NULL);
-               goto cleanup;
-           }
+        for (i=0; rparams->adminservers[i]; ++i)
+            if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) {
+                snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                         rparams->adminservers[i]);
+                prepend_err_str (context, errbuf, st, st);
+                /* delete Realm, status ignored intentionally */
+                ldap_delete_ext_s(ld, dn, NULL, NULL);
+                goto cleanup;
+            }
 
     if (mask & LDAP_REALM_PASSWDSERVERS)
-       for (i=0; rparams->passwdservers[i]; ++i)
-           if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) {
-               snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-                        rparams->passwdservers[i]);
-               prepend_err_str (context, errbuf, st, st);
-               /* delete Realm, status ignored intentionally */
-               ldap_delete_ext_s(ld, dn, NULL, NULL);
-               goto cleanup;
-           }
+        for (i=0; rparams->passwdservers[i]; ++i)
+            if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) {
+                snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                         rparams->passwdservers[i]);
+                prepend_err_str (context, errbuf, st, st);
+                /* delete Realm, status ignored intentionally */
+                ldap_delete_ext_s(ld, dn, NULL, NULL);
+                goto cleanup;
+            }
 #endif
 
 cleanup:
 
     if (dn)
-       free(dn);
+        free(dn);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -1183,11 +1179,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
-    krb5_context       context;
-    char            *lrealm;
-    krb5_ldap_realm_params **rlparamp;
-    int             *mask;
+krb5_ldap_read_realm_params(krb5_context context, char *lrealm,
+                            krb5_ldap_realm_params **rlparamp, int *mask)
 {
     char                   **values=NULL, *krbcontDN=NULL /*, *curr=NULL */;
 #ifdef HAVE_EDIRECTORY
@@ -1206,17 +1199,17 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 
     /* validate the input parameter */
     if (lrealm == NULL ||
-       ldap_context->krbcontainer == NULL ||
-       ldap_context->krbcontainer->DN == NULL) {
-       st = EINVAL;
-       goto cleanup;
+        ldap_context->krbcontainer == NULL ||
+        ldap_context->krbcontainer->DN == NULL) {
+        st = EINVAL;
+        goto cleanup;
     }
 
     /* read kerberos container, if not read already */
     if (ldap_context->krbcontainer == NULL) {
-       if ((st = krb5_ldap_read_krbcontainer_params(context,
-                                                    &(ldap_context->krbcontainer))) != 0)
-           goto cleanup;
+        if ((st = krb5_ldap_read_krbcontainer_params(context,
+                                                     &(ldap_context->krbcontainer))) != 0)
+            goto cleanup;
     }
     /* get ldap handle */
     GET_HANDLE ();
@@ -1229,8 +1222,8 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
     /* allocate tl_data structure to store MASK information */
     rlparams->tl_data = malloc (sizeof(krb5_tl_data));
     if (rlparams->tl_data == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     memset(rlparams->tl_data, 0, sizeof(krb5_tl_data));
     rlparams->tl_data->tl_data_type = KDB_TL_USER_INFO;
@@ -1244,9 +1237,9 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
     krbcontDN = ldap_context->krbcontainer->DN;
 
     if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN) < 0) {
-       rlparams->realmdn = NULL;
-       st = ENOMEM;
-       goto cleanup;
+        rlparams->realmdn = NULL;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     /* populate the realm name in the structure */
@@ -1265,33 +1258,33 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 
     ent = ldap_first_entry (ld, result);
     if (ent == NULL) {
-       ldap_get_option (ld, LDAP_OPT_ERROR_NUMBER, (void *) &st);
+        ldap_get_option (ld, LDAP_OPT_ERROR_NUMBER, (void *) &st);
 #if 0
-       st = translate_ldap_error(st, OP_SEARCH);
+        st = translate_ldap_error(st, OP_SEARCH);
 #endif
-       goto cleanup;
+        goto cleanup;
     }
 
     /* Read the attributes */
     {
-       if ((values=ldap_get_values(ld, ent, "krbSubTrees")) != NULL) {
+        if ((values=ldap_get_values(ld, ent, "krbSubTrees")) != NULL) {
             rlparams->subtreecount = ldap_count_values(values);
             rlparams->subtree = (char **) malloc(sizeof(char *) * (rlparams->subtreecount + 1));
-           if (rlparams->subtree == NULL) {
-               st = ENOMEM;
-               goto cleanup;
-           }
+            if (rlparams->subtree == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
             for (x=0; x<rlparams->subtreecount; x++) {
                 rlparams->subtree[x] = strdup(values[x]);
-               if (rlparams->subtree[x] == NULL) {
-                   st = ENOMEM;
-                   goto cleanup;
-               }
+                if (rlparams->subtree[x] == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
             }
             rlparams->subtree[rlparams->subtreecount] = NULL;
-           *mask |= LDAP_REALM_SUBTREE;
-           ldap_value_free(values);
-       }
+            *mask |= LDAP_REALM_SUBTREE;
+            ldap_value_free(values);
+        }
 
         if((values=ldap_get_values(ld, ent, "krbPrincContainerRef")) != NULL) {
             rlparams->containerref = strdup(values[0]);
@@ -1303,58 +1296,58 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
             ldap_value_free(values);
         }
 
-       if ((values=ldap_get_values(ld, ent, "krbSearchScope")) != NULL) {
-           rlparams->search_scope=atoi(values[0]);
-           /* searchscope can be ONE-LEVEL or SUBTREE, else default to SUBTREE */
-           if (!(rlparams->search_scope==1 || rlparams->search_scope==2))
-               rlparams->search_scope = LDAP_SCOPE_SUBTREE;
-           *mask |= LDAP_REALM_SEARCHSCOPE;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "krbMaxTicketLife")) != NULL) {
-           rlparams->max_life = atoi(values[0]);
-           *mask |= LDAP_REALM_MAXTICKETLIFE;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "krbMaxRenewableAge")) != NULL) {
-           rlparams->max_renewable_life = atoi(values[0]);
-           *mask |= LDAP_REALM_MAXRENEWLIFE;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "krbTicketFlags")) != NULL) {
-           rlparams->tktflags = atoi(values[0]);
-           *mask |= LDAP_REALM_KRBTICKETFLAGS;
-           ldap_value_free(values);
-       }
+        if ((values=ldap_get_values(ld, ent, "krbSearchScope")) != NULL) {
+            rlparams->search_scope=atoi(values[0]);
+            /* searchscope can be ONE-LEVEL or SUBTREE, else default to SUBTREE */
+            if (!(rlparams->search_scope==1 || rlparams->search_scope==2))
+                rlparams->search_scope = LDAP_SCOPE_SUBTREE;
+            *mask |= LDAP_REALM_SEARCHSCOPE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbMaxTicketLife")) != NULL) {
+            rlparams->max_life = atoi(values[0]);
+            *mask |= LDAP_REALM_MAXTICKETLIFE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbMaxRenewableAge")) != NULL) {
+            rlparams->max_renewable_life = atoi(values[0]);
+            *mask |= LDAP_REALM_MAXRENEWLIFE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbTicketFlags")) != NULL) {
+            rlparams->tktflags = atoi(values[0]);
+            *mask |= LDAP_REALM_KRBTICKETFLAGS;
+            ldap_value_free(values);
+        }
 
 #ifdef HAVE_EDIRECTORY
 
-       if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
-           count = ldap_count_values(values);
-           if ((st=copy_arrays(values, &(rlparams->kdcservers), (int) count)) != 0)
-               goto cleanup;
-           *mask |= LDAP_REALM_KDCSERVERS;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
-           count = ldap_count_values(values);
-           if ((st=copy_arrays(values, &(rlparams->adminservers), (int) count)) != 0)
-               goto cleanup;
-           *mask |= LDAP_REALM_ADMINSERVERS;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
-           count = ldap_count_values(values);
-           if ((st=copy_arrays(values, &(rlparams->passwdservers), (int) count)) != 0)
-               goto cleanup;
-           *mask |= LDAP_REALM_PASSWDSERVERS;
-           ldap_value_free(values);
-       }
+        if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(rlparams->kdcservers), (int) count)) != 0)
+                goto cleanup;
+            *mask |= LDAP_REALM_KDCSERVERS;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(rlparams->adminservers), (int) count)) != 0)
+                goto cleanup;
+            *mask |= LDAP_REALM_ADMINSERVERS;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(rlparams->passwdservers), (int) count)) != 0)
+                goto cleanup;
+            *mask |= LDAP_REALM_PASSWDSERVERS;
+            ldap_value_free(values);
+        }
 #endif
     }
     ldap_msgfree(result);
@@ -1366,42 +1359,42 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
      */
 
     if ((!(*mask & LDAP_REALM_MAXTICKETLIFE && *mask & LDAP_REALM_MAXRENEWLIFE &&
-          *mask & LDAP_REALM_KRBTICKETFLAGS)) && rlparams->policyreference) {
-
-       LDAP_SEARCH_1(rlparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
-       if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
-           int ost = st;
-           st = translate_ldap_error (st, OP_SEARCH);
-           krb5_set_error_message (context, st, "Policy object read failed: %s", ldap_err2string(ost));
-           goto cleanup;
-       }
-       ent = ldap_first_entry (ld, result);
-       if (ent != NULL) {
-           if ((*mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
-               if ((values=ldap_get_values(ld, ent, "krbmaxticketlife")) != NULL) {
-                   rlparams->max_life = atoi(values[0]);
-                   *mask |= LDAP_REALM_MAXTICKETLIFE;
-                   ldap_value_free(values);
-               }
-           }
-
-           if ((*mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
-               if ((values=ldap_get_values(ld, ent, "krbmaxrenewableage")) != NULL) {
-                   rlparams->max_renewable_life = atoi(values[0]);
-                   *mask |= LDAP_REALM_MAXRENEWLIFE;
-                   ldap_value_free(values);
-               }
-           }
-
-           if ((*mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
-               if ((values=ldap_get_values(ld, ent, "krbticketflags")) != NULL) {
-                   rlparams->tktflags = atoi(values[0]);
-                   *mask |= LDAP_REALM_KRBTICKETFLAGS;
-                   ldap_value_free(values);
-               }
-           }
-       }
-       ldap_msgfree(result);
+           *mask & LDAP_REALM_KRBTICKETFLAGS)) && rlparams->policyreference) {
+
+        LDAP_SEARCH_1(rlparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
+        if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
+            int ost = st;
+            st = translate_ldap_error (st, OP_SEARCH);
+            krb5_set_error_message (context, st, "Policy object read failed: %s", ldap_err2string(ost));
+            goto cleanup;
+        }
+        ent = ldap_first_entry (ld, result);
+        if (ent != NULL) {
+            if ((*mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+                if ((values=ldap_get_values(ld, ent, "krbmaxticketlife")) != NULL) {
+                    rlparams->max_life = atoi(values[0]);
+                    *mask |= LDAP_REALM_MAXTICKETLIFE;
+                    ldap_value_free(values);
+                }
+            }
+
+            if ((*mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+                if ((values=ldap_get_values(ld, ent, "krbmaxrenewableage")) != NULL) {
+                    rlparams->max_renewable_life = atoi(values[0]);
+                    *mask |= LDAP_REALM_MAXRENEWLIFE;
+                    ldap_value_free(values);
+                }
+            }
+
+            if ((*mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+                if ((values=ldap_get_values(ld, ent, "krbticketflags")) != NULL) {
+                    rlparams->tktflags = atoi(values[0]);
+                    *mask |= LDAP_REALM_KRBTICKETFLAGS;
+                    ldap_value_free(values);
+                }
+            }
+        }
+        ldap_msgfree(result);
     }
 
     rlparams->mask = *mask;
@@ -1412,8 +1405,8 @@ cleanup:
 
     /* if there is an error, free allocated structures */
     if (st != 0) {
-       krb5_ldap_free_realm_params(rlparams);
-       *rlparamp=NULL;
+        krb5_ldap_free_realm_params(rlparams);
+        *rlparamp=NULL;
     }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -1424,54 +1417,53 @@ cleanup:
   Free the krb5_ldap_realm_params.
 */
 void
-krb5_ldap_free_realm_params(rparams)
-    krb5_ldap_realm_params *rparams;
+krb5_ldap_free_realm_params(krb5_ldap_realm_params *rparams)
 {
     int i=0;
 
     if (rparams) {
-       if (rparams->realmdn)
-           free(rparams->realmdn);
+        if (rparams->realmdn)
+            free(rparams->realmdn);
 
-       if (rparams->realm_name)
-           krb5_xfree(rparams->realm_name);
+        if (rparams->realm_name)
+            krb5_xfree(rparams->realm_name);
+
+        if (rparams->subtree) {
+            for (i=0; i<rparams->subtreecount && rparams->subtree[i] ; i++)
+                krb5_xfree(rparams->subtree[i]);
+            krb5_xfree(rparams->subtree);
+        }
+
+        if (rparams->kdcservers) {
+            for (i=0; rparams->kdcservers[i]; ++i)
+                krb5_xfree(rparams->kdcservers[i]);
+            krb5_xfree(rparams->kdcservers);
+        }
+
+        if (rparams->adminservers) {
+            for (i=0; rparams->adminservers[i]; ++i)
+                krb5_xfree(rparams->adminservers[i]);
+            krb5_xfree(rparams->adminservers);
+        }
+
+        if (rparams->passwdservers) {
+            for (i=0; rparams->passwdservers[i]; ++i)
+                krb5_xfree(rparams->passwdservers[i]);
+            krb5_xfree(rparams->passwdservers);
+        }
+
+        if (rparams->tl_data) {
+            if (rparams->tl_data->tl_data_contents)
+                krb5_xfree(rparams->tl_data->tl_data_contents);
+            krb5_xfree(rparams->tl_data);
+        }
 
-       if (rparams->subtree) {
-           for (i=0; i<rparams->subtreecount && rparams->subtree[i] ; i++)
-               krb5_xfree(rparams->subtree[i]);
-           krb5_xfree(rparams->subtree);
+        if (rparams->mkey.contents) {
+            memset(rparams->mkey.contents, 0, rparams->mkey.length);
+            krb5_xfree(rparams->mkey.contents);
         }
 
-       if (rparams->kdcservers) {
-           for (i=0; rparams->kdcservers[i]; ++i)
-               krb5_xfree(rparams->kdcservers[i]);
-           krb5_xfree(rparams->kdcservers);
-       }
-
-       if (rparams->adminservers) {
-           for (i=0; rparams->adminservers[i]; ++i)
-               krb5_xfree(rparams->adminservers[i]);
-           krb5_xfree(rparams->adminservers);
-       }
-
-       if (rparams->passwdservers) {
-           for (i=0; rparams->passwdservers[i]; ++i)
-               krb5_xfree(rparams->passwdservers[i]);
-           krb5_xfree(rparams->passwdservers);
-       }
-
-       if (rparams->tl_data) {
-           if (rparams->tl_data->tl_data_contents)
-               krb5_xfree(rparams->tl_data->tl_data_contents);
-           krb5_xfree(rparams->tl_data);
-       }
-
-       if (rparams->mkey.contents) {
-           memset(rparams->mkey.contents, 0, rparams->mkey.length);
-           krb5_xfree(rparams->mkey.contents);
-       }
-
-       krb5_xfree(rparams);
+        krb5_xfree(rparams);
     }
     return;
 }
@@ -1483,7 +1475,8 @@ krb5_ldap_free_realm_params(rparams)
  */
 
 krb5_error_code
-krb5_ldap_delete_realm_1(krb5_context kcontext, char *conf_section, char **db_args)
+krb5_ldap_delete_realm_1(krb5_context kcontext, char *conf_section,
+                         char **db_args)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
     krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
index cfdf39c55f294f9f1b888ed588cf32ec245224f2..dcb3fcb3dcc0eb15c46c9a98ff98cf0d6970374f 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_realm.h
  *
@@ -43,7 +44,7 @@
 #define LDAP_REALM_MAXTICKETLIFE      0x0100
 #define LDAP_REALM_MAXRENEWLIFE       0x0200
 #define LDAP_REALM_KRBTICKETFLAGS     0x0400
-#define LDAP_REALM_CONTREF           0x0800
+#define LDAP_REALM_CONTREF            0x0800
 
 extern char *policy_attributes[];
 
@@ -52,24 +53,24 @@ extern char *realm_attributes[];
 /* realm container structure */
 
 typedef struct _krb5_ldap_realm_params {
-  char          *realmdn;
-  char          *realm_name;
-  char          **subtree;
-  char         *containerref;
-  char          *policyreference;
-  int           search_scope;
-  int           upenabled;
-  int          subtreecount;
-  krb5_int32    max_life;
-  krb5_int32    max_renewable_life;
-  krb5_int32    tktflags;
-  char          **kdcservers;
-  char          **adminservers;
-  char          **passwdservers;
-  krb5_tl_data  *tl_data;
-  krb5_keyblock mkey;
-  krb5_keylist_node *mkey_list; /* all master keys in use for the realm */
-  long          mask;
+    char          *realmdn;
+    char          *realm_name;
+    char          **subtree;
+    char          *containerref;
+    char          *policyreference;
+    int           search_scope;
+    int           upenabled;
+    int           subtreecount;
+    krb5_int32    max_life;
+    krb5_int32    max_renewable_life;
+    krb5_int32    tktflags;
+    char          **kdcservers;
+    char          **adminservers;
+    char          **passwdservers;
+    krb5_tl_data  *tl_data;
+    krb5_keyblock mkey;
+    krb5_keylist_node *mkey_list; /* all master keys in use for the realm */
+    long          mask;
 } krb5_ldap_realm_params;
 
 
@@ -86,7 +87,8 @@ krb5_error_code
 krb5_ldap_create_realm(krb5_context, krb5_ldap_realm_params *, int);
 
 krb5_error_code
-krb5_ldap_read_realm_params(krb5_context , char *, krb5_ldap_realm_params **, int *);
+krb5_ldap_read_realm_params(krb5_context, char *, krb5_ldap_realm_params **,
+                            int *);
 
 void
 krb5_ldap_free_realm_params(krb5_ldap_realm_params *);
index 8d87d46ace98c92a09239a0a2c92c16468862b05..be01f394a62d9f99d0806472460be83446265df0 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_service_rights.c
  *
@@ -266,14 +267,9 @@ static char *kerberos_container[][2] = {
  */
 
 krb5_error_code
-krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subtreeparam, contref, mask)
-    krb5_context       context;
-    int                 servicetype;
-    char                *serviceobjdn;
-    char                *realmname;
-    char                **subtreeparam;
-    char                *contref;
-    int                 mask;
+krb5_ldap_add_service_rights(krb5_context context, int servicetype,
+                             char *serviceobjdn, char *realmname,
+                             char **subtreeparam, char *contref, int mask)
 {
 
     int                    st=0,i=0,j=0;
@@ -291,9 +287,9 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt
     GET_HANDLE();
 
     if ((serviceobjdn == NULL) || (realmname == NULL) || (servicetype < 0) || (servicetype > 4)
-       || (ldap_context->krbcontainer->DN == NULL)) {
-       st=-1;
-       goto cleanup;
+        || (ldap_context->krbcontainer->DN == NULL)) {
+        st=-1;
+        goto cleanup;
     }
 
     if (subtreeparam != NULL) {
@@ -313,13 +309,13 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt
         memset(subtree, 0, sizeof(char *) * (subtreecount + 1));
         if (subtreeparam != NULL) {
             for(i=0; subtreeparam[i]!=NULL; i++) {
-            subtree[i] = strdup(subtreeparam[i]);
-            if(subtree[i] == NULL) {
-                st = ENOMEM;
-                goto cleanup;
+                subtree[i] = strdup(subtreeparam[i]);
+                if(subtree[i] == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
             }
         }
-    }
         if (contref != NULL) {
             subtree[i] = strdup(contref);
         }
@@ -328,213 +324,213 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt
     /* Set the rights for the realm */
     if (mask & LDAP_REALM_RIGHTS) {
 
-    /* Set the rights for the service object on the security container */
-    seccontclass.mod_op = LDAP_MOD_ADD;
-    seccontclass.mod_type = "ACL";
-
-    for (i=0; strcmp(security_container[i][0], "") != 0; i++) {
-
-       asprintf(&seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn,
-                security_container[i][1]);
-       seccontclass.mod_values = seccontacls;
-
-       seccontarr[0] = &seccontclass;
-
-       st = ldap_modify_ext_s(ld,
-                              SECURITY_CONTAINER,
-                              seccontarr,
-                              NULL,
-                              NULL);
-       if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-           free(seccontacls[0]);
-           st = set_ldap_error (context, st, OP_MOD);
-           goto cleanup;
-       }
-       free(seccontacls[0]);
-    }
+        /* Set the rights for the service object on the security container */
+        seccontclass.mod_op = LDAP_MOD_ADD;
+        seccontclass.mod_type = "ACL";
 
+        for (i=0; strcmp(security_container[i][0], "") != 0; i++) {
 
-    /* Set the rights for the service object on the kerberos container */
-    krbcontclass.mod_op = LDAP_MOD_ADD;
-    krbcontclass.mod_type = "ACL";
-
-    for (i=0; strcmp(kerberos_container[i][0], "") != 0; i++) {
-       asprintf(&krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn,
-                kerberos_container[i][1]);
-       krbcontclass.mod_values = krbcontacls;
-
-       krbcontarr[0] = &krbcontclass;
-
-       st = ldap_modify_ext_s(ld,
-                              ldap_context->krbcontainer->DN,
-                              krbcontarr,
-                              NULL,
-                              NULL);
-       if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-           free(krbcontacls[0]);
-           st = set_ldap_error (context, st, OP_MOD);
-           goto cleanup;
-       }
-       free(krbcontacls[0]);
-    }
+            asprintf(&seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn,
+                     security_container[i][1]);
+            seccontclass.mod_values = seccontacls;
+
+            seccontarr[0] = &seccontclass;
+
+            st = ldap_modify_ext_s(ld,
+                                   SECURITY_CONTAINER,
+                                   seccontarr,
+                                   NULL,
+                                   NULL);
+            if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                free(seccontacls[0]);
+                st = set_ldap_error (context, st, OP_MOD);
+                goto cleanup;
+            }
+            free(seccontacls[0]);
+        }
+
+
+        /* Set the rights for the service object on the kerberos container */
+        krbcontclass.mod_op = LDAP_MOD_ADD;
+        krbcontclass.mod_type = "ACL";
+
+        for (i=0; strcmp(kerberos_container[i][0], "") != 0; i++) {
+            asprintf(&krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn,
+                     kerberos_container[i][1]);
+            krbcontclass.mod_values = krbcontacls;
+
+            krbcontarr[0] = &krbcontclass;
 
-       /* Construct the realm dn from realm name */
-       asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
-
-       realmclass.mod_op = LDAP_MOD_ADD;
-       realmclass.mod_type = "ACL";
-
-       if (servicetype == LDAP_KDC_SERVICE) {
-           for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
-               asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
-                        kdcrights_realmcontainer[i][1]);
-               realmclass.mod_values = realmacls;
-
-               realmarr[0] = &realmclass;
-
-               st = ldap_modify_ext_s(ld,
-                                      realmdn,
-                                      realmarr,
-                                      NULL,
-                                      NULL);
-               if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-                   free(realmacls[0]);
-                   st = set_ldap_error (context, st, OP_MOD);
-                   goto cleanup;
-               }
-               free(realmacls[0]);
-           }
-       } else if (servicetype == LDAP_ADMIN_SERVICE) {
-           for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
-               asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
-                        adminrights_realmcontainer[i][1]);
-               realmclass.mod_values = realmacls;
-
-               realmarr[0] = &realmclass;
-
-               st = ldap_modify_ext_s(ld,
-                                      realmdn,
-                                      realmarr,
-                                      NULL,
-                                      NULL);
-               if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-                   free(realmacls[0]);
-                   st = set_ldap_error (context, st, OP_MOD);
-                   goto cleanup;
-               }
-               free(realmacls[0]);
-           }
-       } else if (servicetype == LDAP_PASSWD_SERVICE) {
-           for (i=0; strcmp(pwdrights_realmcontainer[i][0], "")!=0; i++) {
-               asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
-                        pwdrights_realmcontainer[i][1]);
-               realmclass.mod_values = realmacls;
-
-               realmarr[0] = &realmclass;
-
-
-               st = ldap_modify_ext_s(ld,
-                                      realmdn,
-                                      realmarr,
-                                      NULL,
-                                      NULL);
-               if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-                   free(realmacls[0]);
-                   st = set_ldap_error (context, st, OP_MOD);
-                   goto cleanup;
-               }
-               free(realmacls[0]);
-           }
-       }
+            st = ldap_modify_ext_s(ld,
+                                   ldap_context->krbcontainer->DN,
+                                   krbcontarr,
+                                   NULL,
+                                   NULL);
+            if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                free(krbcontacls[0]);
+                st = set_ldap_error (context, st, OP_MOD);
+                goto cleanup;
+            }
+            free(krbcontacls[0]);
+        }
+
+        /* Construct the realm dn from realm name */
+        asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
+
+        realmclass.mod_op = LDAP_MOD_ADD;
+        realmclass.mod_type = "ACL";
+
+        if (servicetype == LDAP_KDC_SERVICE) {
+            for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
+                         kdcrights_realmcontainer[i][1]);
+                realmclass.mod_values = realmacls;
+
+                realmarr[0] = &realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
+                         adminrights_realmcontainer[i][1]);
+                realmclass.mod_values = realmacls;
+
+                realmarr[0] = &realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            for (i=0; strcmp(pwdrights_realmcontainer[i][0], "")!=0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
+                         pwdrights_realmcontainer[i][1]);
+                realmclass.mod_values = realmacls;
+
+                realmarr[0] = &realmclass;
+
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        }
     } /* Realm rights settings ends here */
 
 
     /* Subtree rights to be set */
     if ((mask & LDAP_SUBTREE_RIGHTS) && (subtree != NULL)) {
-       /* Populate the acl data to be added to the subtree */
-       subtreeclass.mod_op = LDAP_MOD_ADD;
-       subtreeclass.mod_type = "ACL";
+        /* Populate the acl data to be added to the subtree */
+        subtreeclass.mod_op = LDAP_MOD_ADD;
+        subtreeclass.mod_type = "ACL";
 
-       if (servicetype == LDAP_KDC_SERVICE) {
-           for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
-               asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
-                        kdcrights_subtree[i][1]);
-               subtreeclass.mod_values = subtreeacls;
+        if (servicetype == LDAP_KDC_SERVICE) {
+            for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
+                         kdcrights_subtree[i][1]);
+                subtreeclass.mod_values = subtreeacls;
 
-               subtreearr[0] = &subtreeclass;
+                subtreearr[0] = &subtreeclass;
 
                 /* set rights to a list of subtrees */
                 for(j=0; subtree[j]!=NULL && j<subtreecount;j++) {
-                   st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-                   if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-                       free(subtreeacls[0]);
-                       st = set_ldap_error (context, st, OP_MOD);
-                       goto cleanup;
-                   }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-               free(subtreeacls[0]);
-           }
-       } else if (servicetype == LDAP_ADMIN_SERVICE) {
-           for (i=0; strcmp(adminrights_subtree[i][0], "")!=0; i++) {
-               asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
-                        adminrights_subtree[i][1]);
-               subtreeclass.mod_values = subtreeacls;
+                free(subtreeacls[0]);
+            }
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            for (i=0; strcmp(adminrights_subtree[i][0], "")!=0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
+                         adminrights_subtree[i][1]);
+                subtreeclass.mod_values = subtreeacls;
 
-               subtreearr[0] = &subtreeclass;
+                subtreearr[0] = &subtreeclass;
 
                 /* set rights to a list of subtrees */
                 for(j=0; subtree[j]!=NULL && j<subtreecount;j++) {
-                   st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-                   if (st != LDAP_SUCCESS && st !=LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-                       free(subtreeacls[0]);
-                       st = set_ldap_error (context, st, OP_MOD);
-                       goto cleanup;
-                   }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st !=LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-               free(subtreeacls[0]);
-           }
-       } else if (servicetype == LDAP_PASSWD_SERVICE) {
-           for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
-               asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
-                        pwdrights_subtree[i][1]);
-               subtreeclass.mod_values = subtreeacls;
+                free(subtreeacls[0]);
+            }
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
+                         pwdrights_subtree[i][1]);
+                subtreeclass.mod_values = subtreeacls;
 
-               subtreearr[0] = &subtreeclass;
+                subtreearr[0] = &subtreeclass;
 
                 /* set rights to a list of subtrees */
                 for(j=0; subtree[j]!=NULL && j<subtreecount;j++) {
-                   st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-                   if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-                       free(subtreeacls[0]);
-                       st = set_ldap_error (context, st, OP_MOD);
-                       goto cleanup;
-                   }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-               free(subtreeacls[0]);
-           }
-       }
+                free(subtreeacls[0]);
+            }
+        }
     } /* Subtree rights settings ends here */
     st = 0;
 
 cleanup:
 
     if (realmdn)
-       free(realmdn);
+        free(realmdn);
 
     if (subtree)
-       free(subtree);
+        free(subtree);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -554,14 +550,9 @@ cleanup:
 */
 
 krb5_error_code
-krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, subtreeparam, contref, mask)
-    krb5_context       context;
-    int             servicetype;
-    char            *serviceobjdn;
-    char            *realmname;
-    char            **subtreeparam;
-    char            *contref;
-    int             mask;
+krb5_ldap_delete_service_rights(krb5_context context, int servicetype,
+                                char *serviceobjdn, char *realmname,
+                                char **subtreeparam, char *contref, int mask)
 {
 
     int                    st=0,i=0,j=0;
@@ -580,14 +571,14 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
     GET_HANDLE();
 
     if ((serviceobjdn == NULL) || (realmname == NULL) || (servicetype < 0) || (servicetype > 4)
-       || (ldap_context->krbcontainer->DN == NULL)) {
-       st = -1;
-       goto cleanup;
+        || (ldap_context->krbcontainer->DN == NULL)) {
+        st = -1;
+        goto cleanup;
     }
 
     if (subtreeparam != NULL) {
-    while(subtreeparam[subtreecount])
-        subtreecount++;
+        while(subtreeparam[subtreecount])
+            subtreecount++;
     }
     if (contref != NULL) {
         subtreecount++;
@@ -602,12 +593,12 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
         memset(subtree, 0, sizeof(char *) * (subtreecount + 1));
         if (subtreeparam != NULL) {
             for(i=0; subtreeparam[i]!=NULL; i++) {
-        subtree[i] = strdup(subtreeparam[i]);
-        if(subtree[i] == NULL) {
-            st = ENOMEM;
-            goto cleanup;
-        }
-    }
+                subtree[i] = strdup(subtreeparam[i]);
+                if(subtree[i] == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+            }
         }
         if (contref != NULL) {
             subtree[i] = strdup(contref);
@@ -618,72 +609,72 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
     /* Set the rights for the realm */
     if (mask & LDAP_REALM_RIGHTS) {
 
-       asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
-
-       realmclass.mod_op=LDAP_MOD_DELETE;
-       realmclass.mod_type="ACL";
-
-       if (servicetype == LDAP_KDC_SERVICE) {
-           for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
-               asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
-                        kdcrights_realmcontainer[i][1]);
-               realmclass.mod_values= realmacls;
-
-               realmarr[0]=&realmclass;
-
-               st = ldap_modify_ext_s(ld,
-                                      realmdn,
-                                      realmarr,
-                                      NULL,
-                                      NULL);
-               if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-                   free(realmacls[0]);
-                   st = set_ldap_error (context, st, OP_MOD);
-                   goto cleanup;
-               }
-               free(realmacls[0]);
-           }
-       } else if (servicetype == LDAP_ADMIN_SERVICE) {
-           for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
-               asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
-                        adminrights_realmcontainer[i][1]);
-               realmclass.mod_values= realmacls;
-
-               realmarr[0]=&realmclass;
-
-               st = ldap_modify_ext_s(ld,
-                                      realmdn,
-                                      realmarr,
-                                      NULL,
-                                      NULL);
-               if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-                   free(realmacls[0]);
-                   st = set_ldap_error (context, st, OP_MOD);
-                   goto cleanup;
-               }
-               free(realmacls[0]);
-           }
-       } else if (servicetype == LDAP_PASSWD_SERVICE) {
-           for (i=0; strcmp(pwdrights_realmcontainer[i][0], "") != 0; i++) {
-               asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
-                        pwdrights_realmcontainer[i][1]);
-               realmclass.mod_values= realmacls;
-
-               realmarr[0]=&realmclass;
-
-               st = ldap_modify_ext_s(ld,
-                                      realmdn,
-                                      realmarr,
-                                      NULL,
-                                      NULL);
-               if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-                   free(realmacls[0]);
-                   st = set_ldap_error (context, st, OP_MOD);
-                   goto cleanup;
-               }
-               free(realmacls[0]);
-           }
-       }
+        asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
+
+        realmclass.mod_op=LDAP_MOD_DELETE;
+        realmclass.mod_type="ACL";
+
+        if (servicetype == LDAP_KDC_SERVICE) {
+            for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
+                         kdcrights_realmcontainer[i][1]);
+                realmclass.mod_values= realmacls;
+
+                realmarr[0]=&realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
+                         adminrights_realmcontainer[i][1]);
+                realmclass.mod_values= realmacls;
+
+                realmarr[0]=&realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            for (i=0; strcmp(pwdrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
+                         pwdrights_realmcontainer[i][1]);
+                realmclass.mod_values= realmacls;
+
+                realmarr[0]=&realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        }
 
     } /* Realm rights setting ends here */
 
@@ -691,77 +682,77 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
     /* Set the rights for the subtree */
     if ((mask & LDAP_SUBTREE_RIGHTS) && (subtree != NULL)) {
 
-       /* Populate the acl data to be added to the subtree */
-       subtreeclass.mod_op=LDAP_MOD_DELETE;
-       subtreeclass.mod_type="ACL";
+        /* Populate the acl data to be added to the subtree */
+        subtreeclass.mod_op=LDAP_MOD_DELETE;
+        subtreeclass.mod_type="ACL";
 
-       if (servicetype == LDAP_KDC_SERVICE) {
-           for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
-               asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
-                        kdcrights_subtree[i][1]);
-               subtreeclass.mod_values= subtreeacls;
+        if (servicetype == LDAP_KDC_SERVICE) {
+            for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
+                         kdcrights_subtree[i][1]);
+                subtreeclass.mod_values= subtreeacls;
 
-               subtreearr[0]=&subtreeclass;
+                subtreearr[0]=&subtreeclass;
 
                 for(j=0; subtree[j]!=NULL && j<subtreecount; j++) {
-                   st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-                   if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-                       free(subtreeacls[0]);
-                       st = set_ldap_error (context, st, OP_MOD);
-                       goto cleanup;
-                   }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-               free(subtreeacls[0]);
-           }
-       } else if (servicetype == LDAP_ADMIN_SERVICE) {
-           for (i=0; strcmp(adminrights_subtree[i][0], "") != 0; i++) {
-               asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
-                        adminrights_subtree[i][1]);
-               subtreeclass.mod_values= subtreeacls;
+                free(subtreeacls[0]);
+            }
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            for (i=0; strcmp(adminrights_subtree[i][0], "") != 0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
+                         adminrights_subtree[i][1]);
+                subtreeclass.mod_values= subtreeacls;
 
-               subtreearr[0]=&subtreeclass;
+                subtreearr[0]=&subtreeclass;
 
                 for(j=0; subtree[j]!=NULL && j<subtreecount; j++) {
-                   st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-                   if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-                       free(subtreeacls[0]);
-                       st = set_ldap_error (context, st, OP_MOD);
-                       goto cleanup;
-                   }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-               free(subtreeacls[0]);
-           }
-       } else if (servicetype == LDAP_PASSWD_SERVICE) {
-           for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
-               asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
-                        pwdrights_subtree[i][1]);
-               subtreeclass.mod_values= subtreeacls;
+                free(subtreeacls[0]);
+            }
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
+                         pwdrights_subtree[i][1]);
+                subtreeclass.mod_values= subtreeacls;
 
-               subtreearr[0]=&subtreeclass;
+                subtreearr[0]=&subtreeclass;
 
                 for(j=0; subtree[j]!=NULL && j<subtreecount; j++) {
-                   st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-                   if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-                       free(subtreeacls[0]);
-                       st = set_ldap_error (context, st, OP_MOD);
-                       goto cleanup;
-                   }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-               free(subtreeacls[0]);
-           }
-       }
+                free(subtreeacls[0]);
+            }
+        }
     } /* Subtree rights setting ends here */
 
     st = 0;
@@ -769,10 +760,10 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
 cleanup:
 
     if (realmdn)
-       free(realmdn);
+        free(realmdn);
 
     if (subtree)
-       free(subtree);
+        free(subtree);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
index b799756a0ab131b1b8ad87949372e87a172ab24a..f14858b76e73ab2350fe622ee93079b1c88cc241 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_service_stash.c
  *
 #include "ldap_service_stash.h"
 
 krb5_error_code
-krb5_ldap_readpassword(context, ldap_context, password)
-    krb5_context                context;
-    krb5_ldap_context           *ldap_context;
-    unsigned char               **password;
+krb5_ldap_readpassword(krb5_context context, krb5_ldap_context *ldap_context,
+                       unsigned char **password)
 {
     int                         entryfound=0;
     krb5_error_code             st=0;
@@ -48,7 +47,7 @@ krb5_ldap_readpassword(context, ldap_context, password)
     *password = NULL;
 
     if (ldap_context->service_password_file)
-       file = ldap_context->service_password_file;
+        file = ldap_context->service_password_file;
 
 #ifndef HAVE_STRERROR_R
 # undef strerror_r
@@ -57,122 +56,122 @@ krb5_ldap_readpassword(context, ldap_context, password)
 
     /* check whether file exists */
     if (access(file, F_OK) < 0) {
-       st = errno;
-       strerror_r(errno, errbuf, sizeof(errbuf));
-       krb5_set_error_message (context, st, "%s", errbuf);
-       goto rp_exit;
+        st = errno;
+        strerror_r(errno, errbuf, sizeof(errbuf));
+        krb5_set_error_message (context, st, "%s", errbuf);
+        goto rp_exit;
     }
 
     /* check read access */
     if (access(file, R_OK) < 0) {
-       st = errno;
-       strerror_r(errno, errbuf, sizeof(errbuf));
-       krb5_set_error_message (context, st, "%s", errbuf);
-       goto rp_exit;
+        st = errno;
+        strerror_r(errno, errbuf, sizeof(errbuf));
+        krb5_set_error_message (context, st, "%s", errbuf);
+        goto rp_exit;
     }
 
     if ((fptr=fopen(file, "r")) == NULL) {
-       st = errno;
-       strerror_r(errno, errbuf, sizeof(errbuf));
-       krb5_set_error_message (context, st, "%s", errbuf);
-       goto rp_exit;
+        st = errno;
+        strerror_r(errno, errbuf, sizeof(errbuf));
+        krb5_set_error_message (context, st, "%s", errbuf);
+        goto rp_exit;
     }
     set_cloexec_file(fptr);
 
     /* get the record from the file */
     while (fgets(line, RECORDLEN, fptr)!= NULL) {
-       char tmp[RECORDLEN];
-
-       tmp[0] = '\0';
-       /* Handle leading white-spaces */
-       for (start = line; isspace(*start); ++start);
-
-       /* Handle comment lines */
-       if (*start == '!' || *start == '#')
-           continue;
-       sscanf(line, "%*[ \t]%[^#]", tmp);
-       if (tmp[0] == '\0')
-           sscanf(line, "%[^#]", tmp);
-       if (strcasecmp(tmp, ldap_context->bind_dn) == 0) {
-           entryfound = 1; /* service_dn record found !!! */
-           break;
-       }
+        char tmp[RECORDLEN];
+
+        tmp[0] = '\0';
+        /* Handle leading white-spaces */
+        for (start = line; isspace(*start); ++start);
+
+        /* Handle comment lines */
+        if (*start == '!' || *start == '#')
+            continue;
+        sscanf(line, "%*[ \t]%[^#]", tmp);
+        if (tmp[0] == '\0')
+            sscanf(line, "%[^#]", tmp);
+        if (strcasecmp(tmp, ldap_context->bind_dn) == 0) {
+            entryfound = 1; /* service_dn record found !!! */
+            break;
+        }
     }
     fclose (fptr);
 
     if (entryfound == 0)  {
-       st = KRB5_KDB_SERVER_INTERNAL_ERR;
-       krb5_set_error_message (context, st, "Bind DN entry missing in stash file");
-       goto rp_exit;
+        st = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message (context, st, "Bind DN entry missing in stash file");
+        goto rp_exit;
     }
     /* replace the \n with \0 */
     start = strchr(line, '\n');
     if (start)
-       *start = '\0';
+        *start = '\0';
 
     start = strchr(line, '#');
     if (start == NULL) {
-       /* password field missing */
-       st = KRB5_KDB_SERVER_INTERNAL_ERR;
-       krb5_set_error_message (context, st, "Stash file entry corrupt");
-       goto rp_exit;
+        /* password field missing */
+        st = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message (context, st, "Stash file entry corrupt");
+        goto rp_exit;
     }
     ++ start;
     /* Extract the plain password / certificate file information */
     {
-       struct data PT, CT;
-
-       /* Check if the entry has the path of a certificate */
-       if (!strncmp(start, "{FILE}", strlen("{FILE}"))) {
-           /* Set *password = {FILE}<path to cert>\0<cert password> */
-           size_t len = strlen(start);
-
-           *password = (unsigned char *)malloc(len + 2);
-           if (*password == NULL) {
-               st = ENOMEM;
-               goto rp_exit;
-           }
-           memcpy(*password, start, len);
-           (*password)[len] = '\0';
-           (*password)[len + 1] = '\0';
-           goto got_password;
-       } else {
-           CT.value = (unsigned char *)start;
-           CT.len = strlen((char *)CT.value);
-           st = dec_password(CT, &PT);
-           if (st != 0) {
-               switch (st) {
-               case ERR_NO_MEM:
-                   st = ENOMEM;
-                   break;
-               case ERR_PWD_ZERO:
-                   st = EINVAL;
-                   krb5_set_error_message(context, st, "Password has zero length");
-                   break;
-               case ERR_PWD_BAD:
-                   st = EINVAL;
-                   krb5_set_error_message(context, st, "Password corrupted");
-                   break;
-               case ERR_PWD_NOT_HEX:
-                   st = EINVAL;
-                   krb5_set_error_message(context, st, "Not a hexadecimal password");
-                   break;
-               default:
-                   st = KRB5_KDB_SERVER_INTERNAL_ERR;
-                   break;
-               }
-               goto rp_exit;
-           }
-           *password = PT.value;
-       }
+        struct data PT, CT;
+
+        /* Check if the entry has the path of a certificate */
+        if (!strncmp(start, "{FILE}", strlen("{FILE}"))) {
+            /* Set *password = {FILE}<path to cert>\0<cert password> */
+            size_t len = strlen(start);
+
+            *password = (unsigned char *)malloc(len + 2);
+            if (*password == NULL) {
+                st = ENOMEM;
+                goto rp_exit;
+            }
+            memcpy(*password, start, len);
+            (*password)[len] = '\0';
+            (*password)[len + 1] = '\0';
+            goto got_password;
+        } else {
+            CT.value = (unsigned char *)start;
+            CT.len = strlen((char *)CT.value);
+            st = dec_password(CT, &PT);
+            if (st != 0) {
+                switch (st) {
+                case ERR_NO_MEM:
+                    st = ENOMEM;
+                    break;
+                case ERR_PWD_ZERO:
+                    st = EINVAL;
+                    krb5_set_error_message(context, st, "Password has zero length");
+                    break;
+                case ERR_PWD_BAD:
+                    st = EINVAL;
+                    krb5_set_error_message(context, st, "Password corrupted");
+                    break;
+                case ERR_PWD_NOT_HEX:
+                    st = EINVAL;
+                    krb5_set_error_message(context, st, "Not a hexadecimal password");
+                    break;
+                default:
+                    st = KRB5_KDB_SERVER_INTERNAL_ERR;
+                    break;
+                }
+                goto rp_exit;
+            }
+            *password = PT.value;
+        }
     }
 got_password:
 
 rp_exit:
     if (st) {
-       if (*password)
-           free (*password);
-       *password = NULL;
+        if (*password)
+            free (*password);
+        *password = NULL;
     }
     return st;
 }
@@ -180,9 +179,7 @@ rp_exit:
 /* Encodes a sequence of bytes in hexadecimal */
 
 int
-tohex(in, ret)
-    krb5_data         in;
-    krb5_data         *ret;
+tohex(krb5_data in, krb5_data *ret)
 {
     int                i=0, err = 0;
 
@@ -191,20 +188,20 @@ tohex(in, ret)
 
     ret->data = malloc((unsigned int)in.length * 2 + 1 /*Null termination */);
     if (ret->data == NULL) {
-       err = ENOMEM;
-       goto cleanup;
+        err = ENOMEM;
+        goto cleanup;
     }
     ret->length = in.length * 2;
     ret->data[ret->length] = 0;
 
     for (i = 0; i < in.length; i++)
-       snprintf(ret->data + 2 * i, 3, "%02x", in.data[i] & 0xff);
+        snprintf(ret->data + 2 * i, 3, "%02x", in.data[i] & 0xff);
 
 cleanup:
 
     if (ret->length == 0) {
-       free(ret->data);
-       ret->data = NULL;
+        free(ret->data);
+        ret->data = NULL;
     }
 
     return err;
@@ -222,7 +219,9 @@ cleanup:
  * ERR_PWD_NOT_HEX - Not a hexadecimal password
  */
 
-int dec_password(struct data pwd, struct data *ret) {
+int
+dec_password(struct data pwd, struct data *ret)
+{
     int err=0;
     int i=0, j=0;
 
@@ -230,52 +229,52 @@ int dec_password(struct data pwd, struct data *ret) {
     ret->value = NULL;
 
     if (pwd.len == 0) {
-       err = ERR_PWD_ZERO;
-       ret->len = 0;
-       goto cleanup;
+        err = ERR_PWD_ZERO;
+        ret->len = 0;
+        goto cleanup;
     }
 
     /* Check if it is a hexadecimal encoded password */
     if (pwd.len >= strlen("{HEX}") &&
-       strncmp((char *)pwd.value, "{HEX}", strlen("{HEX}")) == 0) {
-
-       if ((pwd.len - strlen("{HEX}")) % 2 != 0) {
-           /* A hexadecimal encoded password should have even length */
-           err = ERR_PWD_BAD;
-           ret->len = 0;
-           goto cleanup;
-       }
-       ret->value = (unsigned char *)malloc((pwd.len - strlen("{HEX}")) / 2 + 1);
-       if (ret->value == NULL) {
-           err = ERR_NO_MEM;
-           ret->len = 0;
-           goto cleanup;
-       }
-       ret->len = (pwd.len - strlen("{HEX}")) / 2;
-       ret->value[ret->len] = '\0';
-       for (i = strlen("{HEX}"), j = 0; i < pwd.len; i += 2, j++) {
-           unsigned int k;
-           /* Check if it is a hexadecimal number */
-           if (isxdigit(pwd.value[i]) == 0 || isxdigit(pwd.value[i + 1]) == 0) {
-               err = ERR_PWD_NOT_HEX;
-               ret->len = 0;
-               goto cleanup;
-           }
-           sscanf((char *)pwd.value + i, "%2x", &k);
-           ret->value[j] = k;
-       }
-       goto cleanup;
+        strncmp((char *)pwd.value, "{HEX}", strlen("{HEX}")) == 0) {
+
+        if ((pwd.len - strlen("{HEX}")) % 2 != 0) {
+            /* A hexadecimal encoded password should have even length */
+            err = ERR_PWD_BAD;
+            ret->len = 0;
+            goto cleanup;
+        }
+        ret->value = (unsigned char *)malloc((pwd.len - strlen("{HEX}")) / 2 + 1);
+        if (ret->value == NULL) {
+            err = ERR_NO_MEM;
+            ret->len = 0;
+            goto cleanup;
+        }
+        ret->len = (pwd.len - strlen("{HEX}")) / 2;
+        ret->value[ret->len] = '\0';
+        for (i = strlen("{HEX}"), j = 0; i < pwd.len; i += 2, j++) {
+            unsigned int k;
+            /* Check if it is a hexadecimal number */
+            if (isxdigit(pwd.value[i]) == 0 || isxdigit(pwd.value[i + 1]) == 0) {
+                err = ERR_PWD_NOT_HEX;
+                ret->len = 0;
+                goto cleanup;
+            }
+            sscanf((char *)pwd.value + i, "%2x", &k);
+            ret->value[j] = k;
+        }
+        goto cleanup;
     } else {
-       err = ERR_PWD_NOT_HEX;
-       ret->len = 0;
-       goto cleanup;
+        err = ERR_PWD_NOT_HEX;
+        ret->len = 0;
+        goto cleanup;
     }
 
 cleanup:
 
     if (ret->len == 0) {
-       free(ret->value);
-       ret->value = NULL;
+        free(ret->value);
+        ret->value = NULL;
     }
     return(err);
 }
index 05dd40a958c1b37da8656413498ab89e33eae2e7..aecaa4942e38eaf9dd02b8345fabe0097d7568a8 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_service_stash.h
  *
index 11f78efb1d73a481d243873796c6ece8610e2211..9be977246c9942d2ffffdfcce33c353a023c6cbd 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_services.c
  *
@@ -42,10 +43,8 @@ static char *realmcontclass[] = {"krbRealmContainer", NULL};
  */
 
 krb5_error_code
-krb5_ldap_create_service(context, service, mask)
-    krb5_context               context;
-    krb5_ldap_service_params    *service;
-    int                         mask;
+krb5_ldap_create_service(krb5_context context,
+                         krb5_ldap_service_params *service, int mask)
 {
     int                         i=0, j=0;
     krb5_error_code             st=0;
@@ -59,9 +58,9 @@ krb5_ldap_create_service(context, service, mask)
 
     /* validate the input parameter */
     if (service == NULL || service->servicedn == NULL) {
-       st = EINVAL;
-       krb5_set_error_message (context, st, "Service DN NULL");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Service DN NULL");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
@@ -71,73 +70,73 @@ krb5_ldap_create_service(context, service, mask)
     memset(strval, 0, sizeof(strval));
     strval[0] = "krbService";
     if (service->servicetype == LDAP_KDC_SERVICE) {
-       strval[1] = "krbKdcService";
-       realmattr = "krbKdcServers";
+        strval[1] = "krbKdcService";
+        realmattr = "krbKdcServers";
     } else if (service->servicetype == LDAP_ADMIN_SERVICE) {
-       strval[1] = "krbAdmService";
-       realmattr = "krbAdmServers";
+        strval[1] = "krbAdmService";
+        realmattr = "krbAdmServers";
     } else if (service->servicetype == LDAP_PASSWD_SERVICE) {
-       strval[1] = "krbPwdService";
-       realmattr = "krbPwdServers";
+        strval[1] = "krbPwdService";
+        realmattr = "krbPwdServers";
     } else {
-       strval[1] = "krbKdcService";
-       realmattr = "krbKdcServers";
+        strval[1] = "krbKdcService";
+        realmattr = "krbKdcServers";
     }
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     rdns = ldap_explode_dn(service->servicedn, 1);
     if (rdns == NULL) {
-       st = LDAP_INVALID_DN_SYNTAX;
-       goto cleanup;
+        st = LDAP_INVALID_DN_SYNTAX;
+        goto cleanup;
     }
     memset(strval, 0, sizeof(strval));
     strval[0] = rdns[0];
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     if (mask & LDAP_SERVICE_SERVICEFLAG) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_ADD,
-                                         service->krbserviceflags)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_ADD,
+                                          service->krbserviceflags)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_SERVICE_HOSTSERVER) {
-       if (service->krbhostservers != NULL) {
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_ADD,
-                                             service->krbhostservers)) != 0)
-               goto cleanup;
-       } else {
-           st = EINVAL;
-           krb5_set_error_message (context, st, "'krbhostserver' argument invalid");
-           goto cleanup;
-       }
+        if (service->krbhostservers != NULL) {
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_ADD,
+                                              service->krbhostservers)) != 0)
+                goto cleanup;
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "'krbhostserver' argument invalid");
+            goto cleanup;
+        }
     }
 
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-       if (service->krbrealmreferences != NULL) {
-           unsigned int realmmask=0;
-
-           /* check for the validity of the values */
-           for (j=0; service->krbrealmreferences[j] != NULL; ++j) {
-               st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
-                                        realmcontclass, &realmmask);
-               CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
-           }
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_ADD,
-                                             service->krbrealmreferences)) != 0)
-               goto cleanup;
-       } else {
-           st = EINVAL;
-           krb5_set_error_message (context, st, "Server has no 'krbrealmreferences'");
-           goto cleanup;
-       }
+        if (service->krbrealmreferences != NULL) {
+            unsigned int realmmask=0;
+
+            /* check for the validity of the values */
+            for (j=0; service->krbrealmreferences[j] != NULL; ++j) {
+                st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
+                                         realmcontclass, &realmmask);
+                CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
+            }
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_ADD,
+                                              service->krbrealmreferences)) != 0)
+                goto cleanup;
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "Server has no 'krbrealmreferences'");
+            goto cleanup;
+        }
     }
 
     /* ldap add operation */
     if ((st=ldap_add_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-       st = set_ldap_error (context, st, OP_ADD);
-       goto cleanup;
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
     }
 
     /*
@@ -145,24 +144,24 @@ krb5_ldap_create_service(context, service, mask)
      * to have a reference to the service object just created.
      */
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-       for (i=0; service->krbrealmreferences[i]; ++i) {
-           if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr,
-                                   service->servicedn)) != 0) {
-               snprintf (errbuf, sizeof(errbuf),
-                         "Error adding 'krbRealmReferences' to %s: ",
-                         service->krbrealmreferences[i]);
-               prepend_err_str (context, errbuf, st, st);
-               /* delete service object, status ignored intentionally */
-               ldap_delete_ext_s(ld, service->servicedn, NULL, NULL);
-               goto cleanup;
-           }
-       }
+        for (i=0; service->krbrealmreferences[i]; ++i) {
+            if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr,
+                                    service->servicedn)) != 0) {
+                snprintf (errbuf, sizeof(errbuf),
+                          "Error adding 'krbRealmReferences' to %s: ",
+                          service->krbrealmreferences[i]);
+                prepend_err_str (context, errbuf, st, st);
+                /* delete service object, status ignored intentionally */
+                ldap_delete_ext_s(ld, service->servicedn, NULL, NULL);
+                goto cleanup;
+            }
+        }
     }
 
 cleanup:
 
     if (rdns)
-       ldap_value_free (rdns);
+        ldap_value_free (rdns);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -175,10 +174,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_modify_service(context, service, mask)
-    krb5_context               context;
-    krb5_ldap_service_params    *service;
-    int                         mask;
+krb5_ldap_modify_service(krb5_context context,
+                         krb5_ldap_service_params *service, int mask)
 {
     int                         i=0, j=0, count=0;
     krb5_error_code             st=0;
@@ -194,94 +191,94 @@ krb5_ldap_modify_service(context, service, mask)
 
     /* validate the input parameter */
     if (service == NULL || service->servicedn == NULL) {
-       st = EINVAL;
-       krb5_set_error_message (context, st, "Service DN is NULL");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Service DN is NULL");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     if (mask & LDAP_SERVICE_SERVICEFLAG) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_REPLACE,
-                                         service->krbserviceflags)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_REPLACE,
+                                          service->krbserviceflags)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_SERVICE_HOSTSERVER) {
-       if (service->krbhostservers != NULL) {
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_REPLACE,
-                                             service->krbhostservers)) != 0)
-               goto cleanup;
-       } else {
-           st = EINVAL;
-           krb5_set_error_message (context, st, "'krbhostserver' value invalid");
-           goto cleanup;
-       }
+        if (service->krbhostservers != NULL) {
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_REPLACE,
+                                              service->krbhostservers)) != 0)
+                goto cleanup;
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "'krbhostserver' value invalid");
+            goto cleanup;
+        }
     }
 
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-       if (service->krbrealmreferences != NULL) {
-           unsigned int realmmask=0;
-
-           /* check for the validity of the values */
-           for (j=0; service->krbrealmreferences[j]; ++j) {
-               st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
-                                        realmcontclass, &realmmask);
-               CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
-           }
-           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_REPLACE,
-                                             service->krbrealmreferences)) != 0)
-               goto cleanup;
-
-
-           /* get the attribute of the realm to be set */
-           if (service->servicetype == LDAP_KDC_SERVICE)
-               realmattr = "krbKdcServers";
-           else if (service->servicetype == LDAP_ADMIN_SERVICE)
-               realmattr = "krbAdmservers";
-           else if (service->servicetype == LDAP_PASSWD_SERVICE)
-               realmattr = "krbPwdServers";
-           else
-               realmattr = "krbKdcServers";
-
-           /* read the existing list of krbRealmreferences. this will needed  */
-           if ((st = ldap_search_ext_s (ld,
-                                        service->servicedn,
-                                        LDAP_SCOPE_BASE,
-                                        0,
-                                        attr,
-                                        0,
-                                        NULL,
-                                        NULL,
-                                        NULL,
-                                        0,
-                                        &result)) != LDAP_SUCCESS) {
-               st = set_ldap_error (context, st, OP_SEARCH);
-               goto cleanup;
-           }
-
-           ent = ldap_first_entry(ld, result);
-           if (ent) {
-               if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
-                   count = ldap_count_values(values);
-                   if ((st=copy_arrays(values, &oldrealmrefs, count)) != 0)
-                       goto cleanup;
-                   ldap_value_free(values);
-               }
-           }
-           ldap_msgfree(result);
-       } else {
-           st = EINVAL;
-           krb5_set_error_message (context, st, "'krbRealmReferences' value invalid");
-           goto cleanup;
-       }
+        if (service->krbrealmreferences != NULL) {
+            unsigned int realmmask=0;
+
+            /* check for the validity of the values */
+            for (j=0; service->krbrealmreferences[j]; ++j) {
+                st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
+                                         realmcontclass, &realmmask);
+                CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
+            }
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_REPLACE,
+                                              service->krbrealmreferences)) != 0)
+                goto cleanup;
+
+
+            /* get the attribute of the realm to be set */
+            if (service->servicetype == LDAP_KDC_SERVICE)
+                realmattr = "krbKdcServers";
+            else if (service->servicetype == LDAP_ADMIN_SERVICE)
+                realmattr = "krbAdmservers";
+            else if (service->servicetype == LDAP_PASSWD_SERVICE)
+                realmattr = "krbPwdServers";
+            else
+                realmattr = "krbKdcServers";
+
+            /* read the existing list of krbRealmreferences. this will needed  */
+            if ((st = ldap_search_ext_s (ld,
+                                         service->servicedn,
+                                         LDAP_SCOPE_BASE,
+                                         0,
+                                         attr,
+                                         0,
+                                         NULL,
+                                         NULL,
+                                         NULL,
+                                         0,
+                                         &result)) != LDAP_SUCCESS) {
+                st = set_ldap_error (context, st, OP_SEARCH);
+                goto cleanup;
+            }
+
+            ent = ldap_first_entry(ld, result);
+            if (ent) {
+                if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
+                    count = ldap_count_values(values);
+                    if ((st=copy_arrays(values, &oldrealmrefs, count)) != 0)
+                        goto cleanup;
+                    ldap_value_free(values);
+                }
+            }
+            ldap_msgfree(result);
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "'krbRealmReferences' value invalid");
+            goto cleanup;
+        }
     }
 
     /* ldap modify operation */
     if ((st=ldap_modify_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-       st = set_ldap_error (context, st, OP_MOD);
-       goto cleanup;
+        st = set_ldap_error (context, st, OP_MOD);
+        goto cleanup;
     }
 
     /*
@@ -290,49 +287,49 @@ krb5_ldap_modify_service(context, service, mask)
      */
 
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-       /* get the count of the new list of krbrealmreferences */
-       for (i=0; service->krbrealmreferences[i]; ++i)
-           ;
-
-       /* make a new copy of the krbrealmreferences */
-       if ((st=copy_arrays(service->krbrealmreferences, &newrealmrefs, i)) != 0)
-           goto cleanup;
-
-       /* find the deletions/additions to the list of krbrealmreferences */
-       if (disjoint_members(oldrealmrefs, newrealmrefs) != 0)
-           goto cleanup;
-
-       /* see if some of the attributes have to be deleted */
-       if (oldrealmrefs) {
-
-           /* update the dn represented by the attribute that is to be deleted */
-           for (i=0; oldrealmrefs[i]; ++i)
-               if ((st=deleteAttribute(ld, oldrealmrefs[i], realmattr, service->servicedn)) != 0) {
-                   prepend_err_str (context, "Error deleting realm attribute:", st, st);
-                   goto cleanup;
-               }
-       }
-
-       /* see if some of the attributes have to be added */
-       for (i=0; newrealmrefs[i]; ++i)
-           if ((st=updateAttribute(ld, newrealmrefs[i], realmattr, service->servicedn)) != 0) {
-               prepend_err_str (context, "Error updating realm attribute: ", st, st);
-               goto cleanup;
-           }
+        /* get the count of the new list of krbrealmreferences */
+        for (i=0; service->krbrealmreferences[i]; ++i)
+            ;
+
+        /* make a new copy of the krbrealmreferences */
+        if ((st=copy_arrays(service->krbrealmreferences, &newrealmrefs, i)) != 0)
+            goto cleanup;
+
+        /* find the deletions/additions to the list of krbrealmreferences */
+        if (disjoint_members(oldrealmrefs, newrealmrefs) != 0)
+            goto cleanup;
+
+        /* see if some of the attributes have to be deleted */
+        if (oldrealmrefs) {
+
+            /* update the dn represented by the attribute that is to be deleted */
+            for (i=0; oldrealmrefs[i]; ++i)
+                if ((st=deleteAttribute(ld, oldrealmrefs[i], realmattr, service->servicedn)) != 0) {
+                    prepend_err_str (context, "Error deleting realm attribute:", st, st);
+                    goto cleanup;
+                }
+        }
+
+        /* see if some of the attributes have to be added */
+        for (i=0; newrealmrefs[i]; ++i)
+            if ((st=updateAttribute(ld, newrealmrefs[i], realmattr, service->servicedn)) != 0) {
+                prepend_err_str (context, "Error updating realm attribute: ", st, st);
+                goto cleanup;
+            }
     }
 
 cleanup:
 
     if (oldrealmrefs) {
-       for (i=0; oldrealmrefs[i]; ++i)
-           free (oldrealmrefs[i]);
-       free (oldrealmrefs);
+        for (i=0; oldrealmrefs[i]; ++i)
+            free (oldrealmrefs[i]);
+        free (oldrealmrefs);
     }
 
     if (newrealmrefs) {
-       for (i=0; newrealmrefs[i]; ++i)
-           free (newrealmrefs[i]);
-       free (newrealmrefs);
+        for (i=0; newrealmrefs[i]; ++i)
+            free (newrealmrefs[i]);
+        free (newrealmrefs);
     }
 
     ldap_mods_free(mods, 1);
@@ -342,10 +339,8 @@ cleanup:
 
 
 krb5_error_code
-krb5_ldap_delete_service(context, service, servicedn)
-    krb5_context                context;
-    krb5_ldap_service_params    *service;
-    char                        *servicedn;
+krb5_ldap_delete_service(krb5_context context,
+                         krb5_ldap_service_params *service, char *servicedn)
 {
     krb5_error_code             st = 0;
     LDAP                        *ld=NULL;
@@ -358,30 +353,30 @@ krb5_ldap_delete_service(context, service, servicedn)
 
     st = ldap_delete_ext_s(ld, servicedn, NULL, NULL);
     if (st != 0) {
-       st = set_ldap_error (context, st, OP_DEL);
+        st = set_ldap_error (context, st, OP_DEL);
     }
 
     /* NOTE: This should be removed now as the backlinks are going off in OpenLDAP */
     /* time to delete krbrealmreferences. This is only for OpenLDAP */
 #ifndef HAVE_EDIRECTORY
     {
-       int                         i=0;
-       char                        *attr=NULL;
-
-       if (service) {
-           if (service->krbrealmreferences) {
-               if (service->servicetype == LDAP_KDC_SERVICE)
-                   attr = "krbkdcservers";
-               else if (service->servicetype == LDAP_ADMIN_SERVICE)
-                   attr = "krbadmservers";
-               else if (service->servicetype == LDAP_PASSWD_SERVICE)
-                   attr = "krbpwdservers";
-
-               for (i=0; service->krbrealmreferences[i]; ++i) {
-                   deleteAttribute(ld, service->krbrealmreferences[i], attr, servicedn);
-               }
-           }
-       }
+        int                         i=0;
+        char                        *attr=NULL;
+
+        if (service) {
+            if (service->krbrealmreferences) {
+                if (service->servicetype == LDAP_KDC_SERVICE)
+                    attr = "krbkdcservers";
+                else if (service->servicetype == LDAP_ADMIN_SERVICE)
+                    attr = "krbadmservers";
+                else if (service->servicetype == LDAP_PASSWD_SERVICE)
+                    attr = "krbpwdservers";
+
+                for (i=0; service->krbrealmreferences[i]; ++i) {
+                    deleteAttribute(ld, service->krbrealmreferences[i], attr, servicedn);
+                }
+            }
+        }
     }
 #endif
 
@@ -397,10 +392,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_list_services(context, containerdn, services)
-    krb5_context               context;
-    char                        *containerdn;
-    char                        ***services;
+krb5_ldap_list_services(krb5_context context, char *containerdn,
+                        char ***services)
 {
     return (krb5_ldap_list(context, services, "krbService", containerdn));
 }
@@ -409,18 +402,15 @@ krb5_ldap_list_services(context, containerdn, services)
  * This function reads the service object from Directory
  */
 krb5_error_code
-krb5_ldap_read_service(context, servicedn, service, omask)
-    krb5_context               context;
-    char                        *servicedn;
-    krb5_ldap_service_params    **service;
-    int                         *omask;
+krb5_ldap_read_service(krb5_context context, char *servicedn,
+                       krb5_ldap_service_params **service, int *omask)
 {
     char                        **values=NULL;
     int                         i=0, count=0, objectmask=0;
     krb5_error_code             st=0, tempst=0;
     LDAPMessage                 *result=NULL,*ent=NULL;
     char                        *attributes[] = {"krbHostServer", "krbServiceflags",
-                                                "krbRealmReferences", "objectclass", NULL};
+                                                 "krbRealmReferences", "objectclass", NULL};
     char                        *attrvalues[] = {"krbService", NULL};
     krb5_ldap_service_params    *lservice=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -430,9 +420,9 @@ krb5_ldap_read_service(context, servicedn, service, omask)
 
     /* validate the input parameter */
     if (servicedn == NULL) {
-       st = EINVAL;
-       krb5_set_error_message (context, st, "Service DN NULL");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Service DN NULL");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
@@ -447,15 +437,15 @@ krb5_ldap_read_service(context, servicedn, service, omask)
     /* Initialize service structure */
     lservice =(krb5_ldap_service_params *) calloc(1, sizeof(krb5_ldap_service_params));
     if (lservice == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     /* allocate tl_data structure to store MASK information */
     lservice->tl_data = calloc (1, sizeof(*lservice->tl_data));
     if (lservice->tl_data == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     lservice->tl_data->tl_data_type = KDB_TL_USER_INFO;
 
@@ -467,57 +457,57 @@ krb5_ldap_read_service(context, servicedn, service, omask)
     ent=ldap_first_entry(ld, result);
     if (ent != NULL) {
 
-       if ((values=ldap_get_values(ld, ent, "krbServiceFlags")) != NULL) {
-           lservice->krbserviceflags = atoi(values[0]);
-           *omask |= LDAP_SERVICE_SERVICEFLAG;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "krbHostServer")) != NULL) {
-           count = ldap_count_values(values);
-           if ((st=copy_arrays(values, &(lservice->krbhostservers), count)) != 0)
-               goto cleanup;
-           *omask |= LDAP_SERVICE_HOSTSERVER;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
-           count = ldap_count_values(values);
-           if ((st=copy_arrays(values, &(lservice->krbrealmreferences), count)) != 0)
-               goto cleanup;
-           *omask |= LDAP_SERVICE_REALMREFERENCE;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "objectClass")) != NULL) {
-           for (i=0; values[i]; ++i) {
-               if (strcasecmp(values[i], "krbKdcService") == 0) {
-                   lservice->servicetype = LDAP_KDC_SERVICE;
-                   break;
-               }
-
-               if (strcasecmp(values[i], "krbAdmService") == 0) {
-                   lservice->servicetype = LDAP_ADMIN_SERVICE;
-                   break;
-               }
-
-               if (strcasecmp(values[i], "krbPwdService") == 0) {
-                   lservice->servicetype = LDAP_PASSWD_SERVICE;
-                   break;
-               }
-           }
-           ldap_value_free(values);
-       }
+        if ((values=ldap_get_values(ld, ent, "krbServiceFlags")) != NULL) {
+            lservice->krbserviceflags = atoi(values[0]);
+            *omask |= LDAP_SERVICE_SERVICEFLAG;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbHostServer")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(lservice->krbhostservers), count)) != 0)
+                goto cleanup;
+            *omask |= LDAP_SERVICE_HOSTSERVER;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(lservice->krbrealmreferences), count)) != 0)
+                goto cleanup;
+            *omask |= LDAP_SERVICE_REALMREFERENCE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "objectClass")) != NULL) {
+            for (i=0; values[i]; ++i) {
+                if (strcasecmp(values[i], "krbKdcService") == 0) {
+                    lservice->servicetype = LDAP_KDC_SERVICE;
+                    break;
+                }
+
+                if (strcasecmp(values[i], "krbAdmService") == 0) {
+                    lservice->servicetype = LDAP_ADMIN_SERVICE;
+                    break;
+                }
+
+                if (strcasecmp(values[i], "krbPwdService") == 0) {
+                    lservice->servicetype = LDAP_PASSWD_SERVICE;
+                    break;
+                }
+            }
+            ldap_value_free(values);
+        }
     }
     ldap_msgfree(result);
 
 cleanup:
     if (st != 0) {
-       krb5_ldap_free_service(context, lservice);
-       *service = NULL;
+        krb5_ldap_free_service(context, lservice);
+        *service = NULL;
     } else {
-       store_tl_data(lservice->tl_data, KDB_TL_MASK, omask);
-       *service = lservice;
+        store_tl_data(lservice->tl_data, KDB_TL_MASK, omask);
+        *service = lservice;
     }
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -529,34 +519,32 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_free_service(context, service)
-    krb5_context                context;
-    krb5_ldap_service_params    *service;
+krb5_ldap_free_service(krb5_context context, krb5_ldap_service_params *service)
 {
     int                         i=0;
 
     if (service == NULL)
-       return 0;
+        return 0;
 
     if (service->servicedn)
-       free (service->servicedn);
+        free (service->servicedn);
 
     if (service->krbrealmreferences) {
-       for (i=0; service->krbrealmreferences[i]; ++i)
-           free (service->krbrealmreferences[i]);
-       free (service->krbrealmreferences);
+        for (i=0; service->krbrealmreferences[i]; ++i)
+            free (service->krbrealmreferences[i]);
+        free (service->krbrealmreferences);
     }
 
     if (service->krbhostservers) {
-       for (i=0; service->krbhostservers[i]; ++i)
-           free (service->krbhostservers[i]);
-       free (service->krbhostservers);
+        for (i=0; service->krbhostservers[i]; ++i)
+            free (service->krbhostservers[i]);
+        free (service->krbhostservers);
     }
 
     if (service->tl_data) {
-       if (service->tl_data->tl_data_contents)
-           free (service->tl_data->tl_data_contents);
-       free (service->tl_data);
+        if (service->tl_data->tl_data_contents)
+            free (service->tl_data->tl_data_contents);
+        free (service->tl_data);
     }
 
     free (service);
@@ -564,10 +552,7 @@ krb5_ldap_free_service(context, service)
 }
 
 krb5_error_code
-krb5_ldap_set_service_passwd(context, service, passwd)
-    krb5_context                context;
-    char                        *service;
-    char                        *passwd;
+krb5_ldap_set_service_passwd(krb5_context context, char *service, char *passwd)
 {
     krb5_error_code             st=0;
     LDAPMod                     **mods=NULL;
@@ -583,11 +568,11 @@ krb5_ldap_set_service_passwd(context, service, passwd)
     GET_HANDLE();
 
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "userPassword", LDAP_MOD_REPLACE, password)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     st = ldap_modify_ext_s(ld, service, mods, NULL, NULL);
     if (st) {
-       st = set_ldap_error (context, st, OP_MOD);
+        st = set_ldap_error (context, st, OP_MOD);
     }
 
 cleanup:
index 5f0b1d7e6e1aa945fce9514f489be7294778b771..5c9f524e86430b8177d4d4c5a4e359bba25bc2e4 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_services.h
  *
 #define SERVICE_PROTOCOL_TYPE_TCP     "1"
 
 typedef struct _krb5_ldap_service_params {
-        char            *servicedn;
-        int             servicetype;
-        int             krbserviceflags;
-        char            **krbhostservers;
-        char            **krbrealmreferences;
-        krb5_tl_data    *tl_data;
+    char            *servicedn;
+    int             servicetype;
+    int             krbserviceflags;
+    char            **krbhostservers;
+    char            **krbrealmreferences;
+    krb5_tl_data    *tl_data;
 } krb5_ldap_service_params;
 
 #ifdef HAVE_EDIRECTORY
 
 krb5_error_code
-krb5_ldap_read_service( krb5_context, char *, krb5_ldap_service_params **, int *);
+krb5_ldap_read_service(krb5_context, char *, krb5_ldap_service_params **,
+                       int *);
 
 krb5_error_code
-krb5_ldap_create_service( krb5_context, krb5_ldap_service_params *,int);
+krb5_ldap_create_service(krb5_context, krb5_ldap_service_params *, int);
 
 krb5_error_code
-krb5_ldap_modify_service( krb5_context, krb5_ldap_service_params *, int);
+krb5_ldap_modify_service(krb5_context, krb5_ldap_service_params *, int);
 
 krb5_error_code
-krb5_ldap_delete_service( krb5_context, krb5_ldap_service_params *, char *);
+krb5_ldap_delete_service(krb5_context, krb5_ldap_service_params *, char *);
 
 krb5_error_code
-krb5_ldap_list_services( krb5_context, char *, char ***);
+krb5_ldap_list_services(krb5_context, char *, char ***);
 
 krb5_error_code
-krb5_ldap_free_service( krb5_context, krb5_ldap_service_params *);
+krb5_ldap_free_service(krb5_context, krb5_ldap_service_params *);
 
 
 krb5_error_code
-krb5_ldap_set_service_passwd( krb5_context, char *, char *);
+krb5_ldap_set_service_passwd(krb5_context, char *, char *);
 
 krb5_error_code
-krb5_ldap_add_service_rights( krb5_context, int, char *, char *, char **, char *, int);
+krb5_ldap_add_service_rights(krb5_context, int, char *, char *, char **,
+                             char *, int);
 
 krb5_error_code
-krb5_ldap_delete_service_rights( krb5_context, int, char *, char *, char **, char *, int);
+krb5_ldap_delete_service_rights(krb5_context, int, char *, char *, char **,
+                                char *, int);
 #endif
 
 #endif
index face0385989b302cb5068d758474defdf8ade8be..e8f1c57f08fa3728128c813358eb28c9f000adcc 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_tkt_policy.c
  *
  * create the Ticket policy object in Directory.
  */
 krb5_error_code
-krb5_ldap_create_policy(context, policy, mask)
-    krb5_context               context;
-    krb5_ldap_policy_params     *policy;
-    int                         mask;
+krb5_ldap_create_policy(krb5_context context, krb5_ldap_policy_params *policy,
+                        int mask)
 {
     krb5_error_code             st=0;
     LDAP                        *ld=NULL;
@@ -54,55 +53,55 @@ krb5_ldap_create_policy(context, policy, mask)
 
     /* validate the input parameters */
     if (policy == NULL || policy->policy == NULL) {
-       st = EINVAL;
-       krb5_set_error_message (context, st, "Ticket Policy Name missing");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Ticket Policy Name missing");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     if ((st = krb5_ldap_name_to_policydn (context, policy->policy, &policy_dn)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     memset(strval, 0, sizeof(strval));
     strval[0] = policy->policy;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     memset(strval, 0, sizeof(strval));
     strval[0] = "krbTicketPolicy";
     strval[1] = "krbTicketPolicyaux";
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     if (mask & LDAP_POLICY_MAXTKTLIFE) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_ADD,
-                                         policy->maxtktlife)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_ADD,
+                                          policy->maxtktlife)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_MAXRENEWLIFE) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_ADD,
-                                         policy->maxrenewlife)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_ADD,
+                                          policy->maxrenewlife)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_TKTFLAGS) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_ADD,
-                                         policy->tktflags)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_ADD,
+                                          policy->tktflags)) != 0)
+            goto cleanup;
     }
 
     /* ldap add operation */
     if ((st=ldap_add_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-       st = set_ldap_error (context, st, OP_ADD);
-       goto cleanup;
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
     }
 
 cleanup:
     if (policy_dn != NULL)
-       free(policy_dn);
+        free(policy_dn);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -115,10 +114,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_modify_policy(context, policy, mask)
-    krb5_context               context;
-    krb5_ldap_policy_params     *policy;
-    int                         mask;
+krb5_ldap_modify_policy(krb5_context context, krb5_ldap_policy_params *policy,
+                        int mask)
 {
     int                         objectmask=0;
     krb5_error_code             st=0;
@@ -132,49 +129,49 @@ krb5_ldap_modify_policy(context, policy, mask)
 
     /* validate the input parameters */
     if (policy == NULL || policy->policy==NULL) {
-       st = EINVAL;
-       krb5_set_error_message (context, st, "Ticket Policy Name missing");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Ticket Policy Name missing");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     if ((st = krb5_ldap_name_to_policydn (context, policy->policy, &policy_dn)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     /* the policydn object should be of the krbTicketPolicy object class */
     st = checkattributevalue(ld, policy_dn, "objectClass", attrvalues, &objectmask);
     CHECK_CLASS_VALIDITY(st, objectmask, "ticket policy object: ");
 
     if ((objectmask & 0x02) == 0) { /* add krbticketpolicyaux to the object class list */
-       memset(strval, 0, sizeof(strval));
-       strval[0] = "krbTicketPolicyAux";
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-           goto cleanup;
+        memset(strval, 0, sizeof(strval));
+        strval[0] = "krbTicketPolicyAux";
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_MAXTKTLIFE) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE,
-                                         policy->maxtktlife)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE,
+                                          policy->maxtktlife)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_MAXRENEWLIFE) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
-                                         policy->maxrenewlife)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
+                                          policy->maxrenewlife)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_TKTFLAGS) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
-                                         policy->tktflags)) != 0)
-           goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
+                                          policy->tktflags)) != 0)
+            goto cleanup;
     }
 
     if ((st=ldap_modify_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-       st = set_ldap_error (context, st, OP_MOD);
-       goto cleanup;
+        st = set_ldap_error (context, st, OP_MOD);
+        goto cleanup;
     }
 
 cleanup:
@@ -193,11 +190,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_read_policy(context, policyname, policy, omask)
-    krb5_context               context;
-    char                        *policyname;
-    krb5_ldap_policy_params     **policy;
-    int                         *omask;
+krb5_ldap_read_policy(krb5_context context, char *policyname,
+                      krb5_ldap_policy_params **policy, int *omask)
 {
     krb5_error_code             st=0, tempst=0;
     int                         objectmask=0;
@@ -212,16 +206,16 @@ krb5_ldap_read_policy(context, policyname, policy, omask)
 
     /* validate the input parameters */
     if (policyname == NULL  || policy == NULL) {
-       st = EINVAL;
-       krb5_set_error_message(context, st, "Ticket Policy Object information missing");
-       goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "Ticket Policy Object information missing");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     if ((st = krb5_ldap_name_to_policydn (context, policyname, &policy_dn)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     /* the policydn object should be of the krbTicketPolicy object class */
     st = checkattributevalue(ld, policy_dn, "objectClass", attrvalues, &objectmask);
@@ -233,8 +227,8 @@ krb5_ldap_read_policy(context, policyname, policy, omask)
     memset(lpolicy, 0, sizeof(krb5_ldap_policy_params));
 
     if ((lpolicy->policy = strdup (policyname)) == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     lpolicy->tl_data = calloc (1, sizeof(*lpolicy->tl_data));
@@ -247,14 +241,14 @@ krb5_ldap_read_policy(context, policyname, policy, omask)
 
     ent=ldap_first_entry(ld, result);
     if (ent != NULL) {
-       if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", (int *) &(lpolicy->maxtktlife)) == 0)
-           *omask |= LDAP_POLICY_MAXTKTLIFE;
+        if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", (int *) &(lpolicy->maxtktlife)) == 0)
+            *omask |= LDAP_POLICY_MAXTKTLIFE;
 
-       if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", (int *) &(lpolicy->maxrenewlife)) == 0)
-           *omask |= LDAP_POLICY_MAXRENEWLIFE;
+        if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", (int *) &(lpolicy->maxrenewlife)) == 0)
+            *omask |= LDAP_POLICY_MAXRENEWLIFE;
 
-       if (krb5_ldap_get_value(ld, ent, "krbticketflags", (int *) &(lpolicy->tktflags)) == 0)
-           *omask |= LDAP_POLICY_TKTFLAGS;
+        if (krb5_ldap_get_value(ld, ent, "krbticketflags", (int *) &(lpolicy->tktflags)) == 0)
+            *omask |= LDAP_POLICY_TKTFLAGS;
     }
     ldap_msgfree(result);
 
@@ -264,8 +258,8 @@ krb5_ldap_read_policy(context, policyname, policy, omask)
 
 cleanup:
     if (st != 0) {
-       krb5_ldap_free_policy(context, lpolicy);
-       *policy = NULL;
+        krb5_ldap_free_policy(context, lpolicy);
+        *policy = NULL;
     }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -288,22 +282,20 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_delete_policy(context, policyname)
-    krb5_context                context;
-    char                        *policyname;
+krb5_ldap_delete_policy(krb5_context context, char *policyname)
 {
-       int                         refcount = 0;
-       char                        *policy_dn = NULL;
+    int                         refcount = 0;
+    char                        *policy_dn = NULL;
     krb5_error_code             st = 0;
     LDAP                        *ld = NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
 
-       if (policyname == NULL) {
-       st = EINVAL;
-       prepend_err_str (context,"Ticket Policy Object DN missing",st,st);
-       goto cleanup;
+    if (policyname == NULL) {
+        st = EINVAL;
+        prepend_err_str (context,"Ticket Policy Object DN missing",st,st);
+        goto cleanup;
     }
 
 
@@ -317,19 +309,19 @@ krb5_ldap_delete_policy(context, policyname)
      * it is greater than 0.  */
 
     if ((st = krb5_ldap_get_reference_count (context, policy_dn,
-                    "krbTicketPolicyReference", &refcount, ld)) != 0)
+                                             "krbTicketPolicyReference", &refcount, ld)) != 0)
         goto cleanup;
 
     if (refcount == 0) {
-       if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != 0) {
-           prepend_err_str (context,ldap_err2string(st),st,st);
+        if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != 0) {
+            prepend_err_str (context,ldap_err2string(st),st,st);
 
-           goto cleanup;
-       }
+            goto cleanup;
+        }
     } else {
-       st = EINVAL;
-       prepend_err_str (context,"Delete Failed: One or more Principals associated with the Ticket Policy",st,st);
-       goto cleanup;
+        st = EINVAL;
+        prepend_err_str (context,"Delete Failed: One or more Principals associated with the Ticket Policy",st,st);
+        goto cleanup;
     }
 
 cleanup:
@@ -345,10 +337,7 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_list_policy(context, containerdn, policy)
-    krb5_context               context;
-    char                        *containerdn;
-    char                        ***policy;
+krb5_ldap_list_policy(krb5_context context, char *containerdn, char ***policy)
 {
     int                         i, j, count;
     char                        **list = NULL;
@@ -363,7 +352,7 @@ krb5_ldap_list_policy(context, containerdn, policy)
     }
 
     if ((st = krb5_ldap_list(context, &list, "krbTicketPolicy", policycontainerdn)) != 0)
-       goto cleanup;
+        goto cleanup;
 
     for (i = 0; list[i] != NULL; i++);
 
@@ -371,15 +360,15 @@ krb5_ldap_list_policy(context, containerdn, policy)
 
     *policy = (char **) calloc ((unsigned) count + 1, sizeof(char *));
     if (*policy == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     for (i = 0, j = 0; list[i] != NULL; i++, j++) {
-       int ret;
-       ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[i]);
-       if (ret != 0)
-           j--;
+        int ret;
+        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[i]);
+        if (ret != 0)
+            j--;
     }
 
 cleanup:
@@ -393,23 +382,21 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_free_policy(context, policy)
-    krb5_context                context;
-    krb5_ldap_policy_params    *policy;
+krb5_ldap_free_policy(krb5_context context, krb5_ldap_policy_params *policy)
 {
 
     krb5_error_code st=0;
 
     if (policy == NULL)
-       return st;
+        return st;
 
     if (policy->policy)
-       free (policy->policy);
+        free (policy->policy);
 
     if (policy->tl_data) {
-       if (policy->tl_data->tl_data_contents)
-           free (policy->tl_data->tl_data_contents);
-       free (policy->tl_data);
+        if (policy->tl_data->tl_data_contents)
+            free (policy->tl_data->tl_data_contents);
+        free (policy->tl_data);
     }
     free (policy);
 
@@ -422,11 +409,8 @@ krb5_ldap_free_policy(context, policy)
  */
 
 krb5_error_code
-krb5_ldap_list(context, list, objectclass, containerdn)
-    krb5_context               context;
-    char                        ***list;
-    char                        *objectclass;
-    char                        *containerdn;
+krb5_ldap_list(krb5_context context, char ***list, char *objectclass,
+               char *containerdn)
 {
     char                        *filter=NULL, *dn=NULL;
     krb5_error_code             st=0, tempst=0;
@@ -442,18 +426,18 @@ krb5_ldap_list(context, list, objectclass, containerdn)
 
     /* check if the containerdn exists */
     if (containerdn) {
-       if ((st=checkattributevalue(ld, containerdn, NULL, NULL, NULL)) != 0) {
-           prepend_err_str (context, "Error reading container object: ", st, st);
-           goto cleanup;
-       }
+        if ((st=checkattributevalue(ld, containerdn, NULL, NULL, NULL)) != 0) {
+            prepend_err_str (context, "Error reading container object: ", st, st);
+            goto cleanup;
+        }
     }
 
     /* set the filter for the search operation */
     filterlen = strlen("(objectclass=") + strlen(objectclass) + 1 + 1;
     filter = malloc ((unsigned) filterlen);
     if (filter == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     snprintf(filter, (unsigned) filterlen,"(objectclass=%s)",objectclass);
 
@@ -461,40 +445,40 @@ krb5_ldap_list(context, list, objectclass, containerdn)
 
     count = ldap_count_entries(ld, result);
     if (count == -1) {
-       ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
-       st = set_ldap_error(context, st, OP_SEARCH);
-       goto cleanup;
+        ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
+        st = set_ldap_error(context, st, OP_SEARCH);
+        goto cleanup;
     }
     *list = (char **) calloc ((unsigned) count+1, sizeof(char *));
     if (*list == NULL) {
-       st = ENOMEM;
-       goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     for (ent=ldap_first_entry(ld, result), count=0; ent != NULL; ent=ldap_next_entry(ld, ent), ++count) {
-       if ((dn=ldap_get_dn(ld, ent)) == NULL)
-           continue;
-       if (((*list)[count] = strdup(dn)) == NULL) {
-           ldap_memfree (dn);
-           st = ENOMEM;
-           goto cleanup;
-       }
-       ldap_memfree(dn);
+        if ((dn=ldap_get_dn(ld, ent)) == NULL)
+            continue;
+        if (((*list)[count] = strdup(dn)) == NULL) {
+            ldap_memfree (dn);
+            st = ENOMEM;
+            goto cleanup;
+        }
+        ldap_memfree(dn);
     }
     ldap_msgfree(result);
 
 cleanup:
     if (filter)
-       free (filter);
+        free (filter);
 
     /* some error, free up all the memory */
     if (st != 0) {
-       if (*list) {
-           for (i=0; (*list)[i]; ++i)
-               free ((*list)[i]);
-           free (*list);
-           *list = NULL;
-       }
+        if (*list) {
+            for (i=0; (*list)[i]; ++i)
+                free ((*list)[i]);
+            free (*list);
+            *list = NULL;
+        }
     }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
index 9a1f2ea11e5e2047bfddd7d95e6383254cde6058..fceb83216f904d478f598ff3a38fa78319d6cba2 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_tkt_policy.h
  *
 /* policy object structure */
 
 typedef struct _krb5_ldap_policy_params {
-  char                  *policy;
-  long                  mask;
-  long                  maxtktlife;
-  long                  maxrenewlife;
-  long                  tktflags;
-  krb5_tl_data          *tl_data;
+    char                  *policy;
+    long                  mask;
+    long                  maxtktlife;
+    long                  maxrenewlife;
+    long                  tktflags;
+    krb5_tl_data          *tl_data;
 }krb5_ldap_policy_params;
 
 krb5_error_code
@@ -70,6 +71,6 @@ krb5_error_code
 krb5_ldap_free_policy(krb5_context, krb5_ldap_policy_params *);
 
 krb5_error_code
-krb5_ldap_change_count(krb5_context ,char * , int);
+krb5_ldap_change_count(krb5_context, char *, int);
 
 #endif
index 6b2d49e82bfcebdc7dce17d28f8c35e6c2b1bb99..020c77a945ca38087a09b6cc312a24410ae04347 100644 (file)
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/ldap/lockout.c
  *
index 6f4943a756a981f371f8dfdc378b6ba0e38abe74..ca6dcba56aad2a483fafc4ecd46719e915471c02 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/locate/python/py-locate.c
  *
 #error "Where's the Python header file?"
 #endif
 #include <errno.h>
-#include "k5-platform.h"       /* for init/fini macros */
+#include "k5-platform.h"        /* for init/fini macros */
 #include "fake-addrinfo.h"
 
 #include <krb5/locate_plugin.h>
 
-#define LIBDIR                 "/tmp" /* should be imported from configure */
-#define SCRIPT_PATH            LIBDIR "/krb5/locate-service.py"
-#define LOOKUP_FUNC_NAME       "locate"
+#define LIBDIR                  "/tmp" /* should be imported from configure */
+#define SCRIPT_PATH             LIBDIR "/krb5/locate-service.py"
+#define LOOKUP_FUNC_NAME        "locate"
 
 static PyObject *locatefn;
 
 MAKE_INIT_FUNCTION(my_init);
 MAKE_FINI_FUNCTION(my_fini);
 
-#define F      (strchr(__FILE__, '/') ? 1 + strrchr(__FILE__, '/') : __FILE__)
+#define F       (strchr(__FILE__, '/') ? 1 + strrchr(__FILE__, '/') : __FILE__)
 
-static krb5_context sctx;      /* XXX ugly hack! */
+static krb5_context sctx;       /* XXX ugly hack! */
 
 int
-my_init (void)
+my_init(void)
 {
     PyObject *mainmodule;
     FILE *f;
@@ -100,11 +101,11 @@ my_init (void)
 //    fprintf(stderr, "trying to load %s\n", SCRIPT_PATH);
     f = fopen(SCRIPT_PATH, "r");
     if (f == NULL) {
-       if (sctx)
-           krb5_set_error_message(sctx, -1,
-                                  "couldn't open Python script %s (%s)",
-                                  SCRIPT_PATH, strerror(errno));
-       return -1;
+        if (sctx)
+            krb5_set_error_message(sctx, -1,
+                                   "couldn't open Python script %s (%s)",
+                                   SCRIPT_PATH, strerror(errno));
+        return -1;
     }
     set_cloexec_file(f);
     PyRun_SimpleFile (f, SCRIPT_PATH);
@@ -115,29 +116,29 @@ my_init (void)
     if (PyErr_Occurred()) { fprintf(stderr,"%s:%d: python error\n", F, __LINE__); PyErr_Print(); return -1; }
     /* Don't DECREF mainmodule, it's sometimes causing crashes.  */
     if (locatefn == 0)
-       return -1;
+        return -1;
     if (!PyCallable_Check (locatefn)) {
-       Py_DECREF (locatefn);
-       locatefn = 0;
-       return -1;
+        Py_DECREF (locatefn);
+        locatefn = 0;
+        return -1;
     }
     if (PyErr_Occurred()) { fprintf(stderr,"%s:%d: python error\n", F, __LINE__); PyErr_Print(); return -1; }
     return 0;
 }
 
 void
-my_fini (void)
+my_fini(void)
 {
 //    fprintf(stderr, "%s:%d: Python module finalization\n", F, __LINE__);
     if (! INITIALIZER_RAN (my_init))
-       return;
+        return;
     Py_DECREF (locatefn);
     locatefn = 0;
     Py_Finalize ();
 }
 
 static krb5_error_code
-ctxinit (krb5_context ctx, void **blobptr)
+ctxinit(krb5_context ctx, void **blobptr)
 {
     /* If we wanted to create a separate Python interpreter instance,
        look up the pathname of the script in the config file used for
@@ -150,7 +151,7 @@ ctxinit (krb5_context ctx, void **blobptr)
 }
 
 static void
-ctxfini (void *blob)
+ctxfini(void *blob)
 {
 }
 
@@ -170,9 +171,9 @@ ctxfini (void *blob)
    isn't going to be very useful to the caller.)  */
 
 static krb5_error_code
-lookup (void *blob, enum locate_service_type svc, const char *realm,
-       int socktype, int family,
-       int (*cbfunc)(void *, int, struct sockaddr *), void *cbdata)
+lookup(void *blob, enum locate_service_type svc, const char *realm,
+       int socktype, int family,
+       int (*cbfunc)(void *, int, struct sockaddr *), void *cbdata)
 {
     PyObject *py_result, *svcarg, *realmarg, *arglist;
     int listsize, i, x;
@@ -180,17 +181,17 @@ lookup (void *blob, enum locate_service_type svc, const char *realm,
     int thissocktype;
 
 //    fprintf(stderr, "%s:%d: lookup(%d,%s,%d,%d)\n", F, __LINE__,
-//         svc, realm, socktype, family);
-    sctx = blob;               /* XXX: Not thread safe!  */
+//          svc, realm, socktype, family);
+    sctx = blob;                /* XXX: Not thread safe!  */
     i = CALL_INIT_FUNCTION (my_init);
     if (i) {
 #if 0
-       fprintf(stderr, "%s:%d: module initialization failed\n", F, __LINE__);
+        fprintf(stderr, "%s:%d: module initialization failed\n", F, __LINE__);
 #endif
-       return i;
+        return i;
     }
     if (locatefn == 0)
-       return KRB5_PLUGIN_NO_HANDLE;
+        return KRB5_PLUGIN_NO_HANDLE;
     svcarg = PyInt_FromLong (svc);
     /* error? */
     realmarg = PyString_FromString ((char *) realm);
@@ -207,24 +208,24 @@ lookup (void *blob, enum locate_service_type svc, const char *realm,
     py_result = PyObject_CallObject (locatefn, arglist);
     Py_DECREF (arglist);
     if (PyErr_Occurred()) {
-       fprintf(stderr,"%s:%d: python error\n", F, __LINE__);
-       PyErr_Print();
-       krb5_set_error_message(blob, -1,
-                              "Python evaluation error, see stderr");
-       return -1;
+        fprintf(stderr,"%s:%d: python error\n", F, __LINE__);
+        PyErr_Print();
+        krb5_set_error_message(blob, -1,
+                               "Python evaluation error, see stderr");
+        return -1;
     }
     if (py_result == 0) {
-       fprintf(stderr, "%s:%d: returned null object\n", F, __LINE__);
-       return -1;
+        fprintf(stderr, "%s:%d: returned null object\n", F, __LINE__);
+        return -1;
     }
     if (py_result == Py_False)
-       return KRB5_PLUGIN_NO_HANDLE;
+        return KRB5_PLUGIN_NO_HANDLE;
     if (! PyList_Check (py_result)) {
-       Py_DECREF (py_result);
-       fprintf(stderr, "%s:%d: returned non-list, non-False\n", F, __LINE__);
-       krb5_set_error_message(blob, -1,
-                              "Python script error -- returned non-list, non-False result");
-       return -1;
+        Py_DECREF (py_result);
+        fprintf(stderr, "%s:%d: returned non-list, non-False\n", F, __LINE__);
+        krb5_set_error_message(blob, -1,
+                               "Python script error -- returned non-list, non-False result");
+        return -1;
     }
     listsize = PyList_Size (py_result);
     /* allocate */
@@ -232,83 +233,83 @@ lookup (void *blob, enum locate_service_type svc, const char *realm,
     aihints.ai_flags = AI_NUMERICHOST;
     aihints.ai_family = family;
     for (i = 0; i < listsize; i++) {
-       PyObject *answer, *field;
-       char *hoststr, *portstr, portbuf[3*sizeof(long) + 4];
-       int cbret;
+        PyObject *answer, *field;
+        char *hoststr, *portstr, portbuf[3*sizeof(long) + 4];
+        int cbret;
 
-       answer = PyList_GetItem (py_result, i);
-       if (! PyTuple_Check (answer)) {
-           krb5_set_error_message(blob, -1,
-                                  "Python script error -- returned item %d not a tuple", i);
-           /* leak?  */
-           return -1;
-       }
-       if (PyTuple_Size (answer) != 3) {
-           krb5_set_error_message(blob, -1,
-                                  "Python script error -- returned tuple %d size %d should be 3",
-                                  i, PyTuple_Size (answer));
-           /* leak?  */
-           return -1;
-       }
-       field = PyTuple_GetItem (answer, 0);
-       if (! PyString_Check (field)) {
-           /* leak?  */
-           krb5_set_error_message(blob, -1,
-                                  "Python script error -- first component of tuple %d is not a string",
-                                  i);
-           return -1;
-       }
-       hoststr = PyString_AsString (field);
-       field = PyTuple_GetItem (answer, 1);
-       if (PyString_Check (field)) {
-           portstr = PyString_AsString (field);
-       } else if (PyInt_Check (field)) {
-           snprintf(portbuf, sizeof(portbuf), "%ld", PyInt_AsLong (field));
-           portstr = portbuf;
-       } else {
-           krb5_set_error_message(blob, -1,
-                                  "Python script error -- second component of tuple %d neither a string nor an integer",
-                                  i);
-           /* leak?  */
-           return -1;
-       }
-       field = PyTuple_GetItem (answer, 2);
-       if (! PyInt_Check (field)) {
-           krb5_set_error_message(blob, -1,
-                                  "Python script error -- third component of tuple %d not an integer",
-                                  i);
-           /* leak?  */
-           return -1;
-       }
-       thissocktype = PyInt_AsLong (field);
-       switch (thissocktype) {
-       case SOCK_STREAM:
-       case SOCK_DGRAM:
-           /* okay */
-           if (socktype != 0 && socktype != thissocktype) {
-               krb5_set_error_message(blob, -1,
-                                      "Python script error -- tuple %d has socket type %d, should only have %d",
-                                      i, thissocktype, socktype);
-               /* leak?  */
-               return -1;
-           }
-           break;
-       default:
-           /* 0 is not acceptable */
-           krb5_set_error_message(blob, -1,
-                                  "Python script error -- tuple %d has invalid socket type %d",
-                                  i, thissocktype);
-           /* leak?  */
-           return -1;
-       }
-       aihints.ai_socktype = thissocktype;
-       x = getaddrinfo (hoststr, portstr, &aihints, &airesult);
-       if (x != 0)
-           continue;
-       cbret = cbfunc(cbdata, airesult->ai_socktype, airesult->ai_addr);
-       freeaddrinfo(airesult);
-       if (cbret != 0)
-           break;
+        answer = PyList_GetItem (py_result, i);
+        if (! PyTuple_Check (answer)) {
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- returned item %d not a tuple", i);
+            /* leak?  */
+            return -1;
+        }
+        if (PyTuple_Size (answer) != 3) {
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- returned tuple %d size %d should be 3",
+                                   i, PyTuple_Size (answer));
+            /* leak?  */
+            return -1;
+        }
+        field = PyTuple_GetItem (answer, 0);
+        if (! PyString_Check (field)) {
+            /* leak?  */
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- first component of tuple %d is not a string",
+                                   i);
+            return -1;
+        }
+        hoststr = PyString_AsString (field);
+        field = PyTuple_GetItem (answer, 1);
+        if (PyString_Check (field)) {
+            portstr = PyString_AsString (field);
+        } else if (PyInt_Check (field)) {
+            snprintf(portbuf, sizeof(portbuf), "%ld", PyInt_AsLong (field));
+            portstr = portbuf;
+        } else {
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- second component of tuple %d neither a string nor an integer",
+                                   i);
+            /* leak?  */
+            return -1;
+        }
+        field = PyTuple_GetItem (answer, 2);
+        if (! PyInt_Check (field)) {
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- third component of tuple %d not an integer",
+                                   i);
+            /* leak?  */
+            return -1;
+        }
+        thissocktype = PyInt_AsLong (field);
+        switch (thissocktype) {
+        case SOCK_STREAM:
+        case SOCK_DGRAM:
+            /* okay */
+            if (socktype != 0 && socktype != thissocktype) {
+                krb5_set_error_message(blob, -1,
+                                       "Python script error -- tuple %d has socket type %d, should only have %d",
+                                       i, thissocktype, socktype);
+                /* leak?  */
+                return -1;
+            }
+            break;
+        default:
+            /* 0 is not acceptable */
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- tuple %d has invalid socket type %d",
+                                   i, thissocktype);
+            /* leak?  */
+            return -1;
+        }
+        aihints.ai_socktype = thissocktype;
+        x = getaddrinfo (hoststr, portstr, &aihints, &airesult);
+        if (x != 0)
+            continue;
+        cbret = cbfunc(cbdata, airesult->ai_socktype, airesult->ai_addr);
+        freeaddrinfo(airesult);
+        if (cbret != 0)
+            break;
     }
     Py_DECREF (py_result);
     return 0;
index 77de0a8b65612c2a26a8ee6f7e2d0bd5645e4bd5..b03a29a18df0988edfdf9e531b6db2fa553294f3 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2006 Red Hat, Inc.
  * All rights reserved.
@@ -79,22 +80,22 @@ client_get_flags(krb5_context kcontext, krb5_preauthtype pa_type)
 
 static krb5_error_code
 client_process(krb5_context kcontext,
-              void *client_plugin_context,
-              void *client_request_context,
-              krb5_get_init_creds_opt *opt,
-              preauth_get_client_data_proc client_get_data_proc,
-              struct _krb5_preauth_client_rock *rock,
-              krb5_kdc_req *request,
-              krb5_data *encoded_request_body,
-              krb5_data *encoded_previous_request,
-              krb5_pa_data *pa_data,
-              krb5_prompter_fct prompter,
-              void *prompter_data,
-              preauth_get_as_key_proc gak_fct,
-              void *gak_data,
-              krb5_data *salt, krb5_data *s2kparams,
-              krb5_keyblock *as_key,
-              krb5_pa_data ***out_pa_data)
+               void *client_plugin_context,
+               void *client_request_context,
+               krb5_get_init_creds_opt *opt,
+               preauth_get_client_data_proc client_get_data_proc,
+               struct _krb5_preauth_client_rock *rock,
+               krb5_kdc_req *request,
+               krb5_data *encoded_request_body,
+               krb5_data *encoded_previous_request,
+               krb5_pa_data *pa_data,
+               krb5_prompter_fct prompter,
+               void *prompter_data,
+               preauth_get_as_key_proc gak_fct,
+               void *gak_data,
+               krb5_data *salt, krb5_data *s2kparams,
+               krb5_keyblock *as_key,
+               krb5_pa_data ***out_pa_data)
 {
     krb5_pa_data **send_pa;
     krb5_checksum checksum;
@@ -107,20 +108,20 @@ client_process(krb5_context kcontext,
     krb5_gic_opt_pa_data *gic_info;
 
     status = krb5_get_init_creds_opt_get_pa(kcontext, opt,
-                                           &num_gic_info, &gic_info);
+                                            &num_gic_info, &gic_info);
     if (status && status != ENOENT) {
 #ifdef DEBUG
-       fprintf(stderr, "Error from krb5_get_init_creds_opt_get_pa: %s\n",
-               error_message(status));
+        fprintf(stderr, "Error from krb5_get_init_creds_opt_get_pa: %s\n",
+                error_message(status));
 #endif
-       return status;
+        return status;
     }
 #ifdef DEBUG
     fprintf(stderr, "(cksum_body) Got the following gic options:\n");
 #endif
     for (i = 0; i < num_gic_info; i++) {
 #ifdef DEBUG
-       fprintf(stderr, "  '%s' = '%s'\n", gic_info[i].attr, gic_info[i].value);
+        fprintf(stderr, "  '%s' = '%s'\n", gic_info[i].attr, gic_info[i].value);
 #endif
     }
     krb5_get_init_creds_opt_free_pa(kcontext, num_gic_info, gic_info);
@@ -130,33 +131,33 @@ client_process(krb5_context kcontext,
     /* Get the user's long-term key if we haven't asked for it yet.  Try
      * all of the encryption types which the server supports. */
     if (as_key->length == 0) {
-       if ((pa_data != NULL) && (pa_data->length >= 4)) {
+        if ((pa_data != NULL) && (pa_data->length >= 4)) {
 #ifdef DEBUG
-           fprintf(stderr, "%d bytes of preauth data.\n", pa_data->length);
+            fprintf(stderr, "%d bytes of preauth data.\n", pa_data->length);
 #endif
-           n_enctypes = pa_data->length / 4;
-           enctypes = (krb5_int32*) pa_data->contents;
-       } else {
-           n_enctypes = request->nktypes;
-       }
-       for (i = 0; i < n_enctypes; i++) {
-           if ((pa_data != NULL) && (pa_data->length >= 4)) {
-               memcpy(&enctype, pa_data->contents + 4 * i, 4);
-               enctype = ntohl(enctype);
-           } else {
-               enctype = request->ktype[i];
-           }
+            n_enctypes = pa_data->length / 4;
+            enctypes = (krb5_int32*) pa_data->contents;
+        } else {
+            n_enctypes = request->nktypes;
+        }
+        for (i = 0; i < n_enctypes; i++) {
+            if ((pa_data != NULL) && (pa_data->length >= 4)) {
+                memcpy(&enctype, pa_data->contents + 4 * i, 4);
+                enctype = ntohl(enctype);
+            } else {
+                enctype = request->ktype[i];
+            }
 #ifdef DEBUG
-           fprintf(stderr, "Asking for AS key (type = %d).\n", enctype);
+            fprintf(stderr, "Asking for AS key (type = %d).\n", enctype);
 #endif
-           status = (*gak_fct)(kcontext, request->client, enctype,
-                               prompter, prompter_data,
-                               salt, s2kparams, as_key, gak_data);
-           if (status == 0)
-               break;
-       }
-       if (status != 0)
-           return status;
+            status = (*gak_fct)(kcontext, request->client, enctype,
+                                prompter, prompter_data,
+                                salt, s2kparams, as_key, gak_data);
+            if (status == 0)
+                break;
+        }
+        if (status != 0)
+            return status;
     }
 #ifdef DEBUG
     fprintf(stderr, "Got AS key (type = %d).\n", as_key->enctype);
@@ -166,53 +167,53 @@ client_process(krb5_context kcontext,
     cksumtype_count = 0;
     cksumtypes = NULL;
     status = krb5_c_keyed_checksum_types(kcontext, as_key->enctype,
-                                        &cksumtype_count, &cksumtypes);
+                                         &cksumtype_count, &cksumtypes);
     if (status != 0)
-       return status;
+        return status;
 
     /* Generate the checksum. */
     for (i = 0; i < cksumtype_count; i++) {
-       status = krb5_c_make_checksum(kcontext, cksumtypes[i], as_key,
-                                     KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
-                                     encoded_request_body,
-                                     &checksum);
-       if (status == 0) {
+        status = krb5_c_make_checksum(kcontext, cksumtypes[i], as_key,
+                                      KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                      encoded_request_body,
+                                      &checksum);
+        if (status == 0) {
 #ifdef DEBUG
-           fprintf(stderr, "Made checksum (type = %d, %d bytes).\n",
-                   checksum.checksum_type, encoded_request_body->length);
+            fprintf(stderr, "Made checksum (type = %d, %d bytes).\n",
+                    checksum.checksum_type, encoded_request_body->length);
 #endif
-           break;
-       }
+            break;
+        }
     }
     cksumtype = htonl(cksumtypes[i]);
     krb5_free_cksumtypes(kcontext, cksumtypes);
     if (status != 0) {
-       if (checksum.length > 0)
-           krb5_free_checksum_contents(kcontext, &checksum);
-       return status;
+        if (checksum.length > 0)
+            krb5_free_checksum_contents(kcontext, &checksum);
+        return status;
     }
 
     /* Allocate the preauth data structure. */
     send_pa = malloc(2 * sizeof(krb5_pa_data *));
     if (send_pa == NULL) {
-       krb5_free_checksum_contents(kcontext, &checksum);
-       return ENOMEM;
+        krb5_free_checksum_contents(kcontext, &checksum);
+        return ENOMEM;
     }
-    send_pa[1] = NULL; /* Terminate list */
+    send_pa[1] = NULL;  /* Terminate list */
     send_pa[0] = malloc(sizeof(krb5_pa_data));
     if (send_pa[0] == NULL) {
-       krb5_free_checksum_contents(kcontext, &checksum);
-       free(send_pa);
-       return ENOMEM;
+        krb5_free_checksum_contents(kcontext, &checksum);
+        free(send_pa);
+        return ENOMEM;
     }
     send_pa[0]->pa_type = KRB5_PADATA_CKSUM_BODY_REQ;
     send_pa[0]->length = 4 + checksum.length;
     send_pa[0]->contents = malloc(4 + checksum.length);
     if (send_pa[0]->contents == NULL) {
-       krb5_free_checksum_contents(kcontext, &checksum);
-       free(send_pa[0]);
-       free(send_pa);
-       return ENOMEM;
+        krb5_free_checksum_contents(kcontext, &checksum);
+        free(send_pa[0]);
+        free(send_pa);
+        return ENOMEM;
     }
 
     /* Store the checksum. */
@@ -228,14 +229,14 @@ client_process(krb5_context kcontext,
 
 static krb5_error_code
 client_gic_opt(krb5_context kcontext,
-              void *plugin_context,
-              krb5_get_init_creds_opt *opt,
-              const char *attr,
-              const char *value)
+               void *plugin_context,
+               krb5_get_init_creds_opt *opt,
+               const char *attr,
+               const char *value)
 {
 #ifdef DEBUG
     fprintf(stderr, "(cksum_body) client_gic_opt: received '%s' = '%s'\n",
-           attr, value);
+            attr, value);
 #endif
     return 0;
 }
@@ -247,7 +248,7 @@ server_init(krb5_context kcontext, void **module_context, const char **realmname
     struct server_stats *stats;
     stats = malloc(sizeof(struct server_stats));
     if (stats == NULL)
-       return ENOMEM;
+        return ENOMEM;
     stats->successes = 0;
     stats->failures = 0;
     *module_context = stats;
@@ -260,10 +261,10 @@ server_fini(krb5_context kcontext, void *module_context)
     stats = module_context;
     if (stats != NULL) {
 #ifdef DEBUG
-       fprintf(stderr, "Total: %d clients failed, %d succeeded.\n",
-               stats->failures, stats->successes);
+        fprintf(stderr, "Total: %d clients failed, %d succeeded.\n",
+                stats->failures, stats->successes);
 #endif
-       free(stats);
+        free(stats);
     }
 }
 
@@ -271,12 +272,12 @@ server_fini(krb5_context kcontext, void *module_context)
  * client) which matches type data->pa_type. */
 static krb5_error_code
 server_get_edata(krb5_context kcontext,
-                krb5_kdc_req *request,
-                struct _krb5_db_entry_new *client,
-                struct _krb5_db_entry_new *server,
-                preauth_get_entry_data_proc server_get_entry_data,
-                void *pa_module_context,
-                krb5_pa_data *data)
+                 krb5_kdc_req *request,
+                 struct _krb5_db_entry_new *client,
+                 struct _krb5_db_entry_new *server,
+                 preauth_get_entry_data_proc server_get_entry_data,
+                 void *pa_module_context,
+                 krb5_pa_data *data)
 {
     krb5_data *key_data;
     krb5_keyblock *keys, *key;
@@ -286,11 +287,11 @@ server_get_edata(krb5_context kcontext,
     /* Retrieve the client's keys. */
     key_data = NULL;
     if ((*server_get_entry_data)(kcontext, request, client,
-                                krb5plugin_preauth_keys, &key_data) != 0) {
+                                 krb5plugin_preauth_keys, &key_data) != 0) {
 #ifdef DEBUG
-       fprintf(stderr, "Error retrieving client keys.\n");
+        fprintf(stderr, "Error retrieving client keys.\n");
 #endif
-       return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+        return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
     }
 
     /* Count which types of keys we've got, freeing the contents, which we
@@ -298,23 +299,23 @@ server_get_edata(krb5_context kcontext,
     keys = (krb5_keyblock *) key_data->data;
     key = NULL;
     for (i = 0; keys[i].enctype != 0; i++)
-       krb5_free_keyblock_contents(kcontext, &keys[i]);
+        krb5_free_keyblock_contents(kcontext, &keys[i]);
 
     /* Return the list of encryption types. */
     enctypes = malloc((unsigned)i * 4);
     if (enctypes == NULL) {
-       krb5_free_data(kcontext, key_data);
-       return ENOMEM;
+        krb5_free_data(kcontext, key_data);
+        return ENOMEM;
     }
 #ifdef DEBUG
     fprintf(stderr, "Supported enctypes = {");
 #endif
     for (i = 0; keys[i].enctype != 0; i++) {
 #ifdef DEBUG
-       fprintf(stderr, "%s%d", (i > 0) ? ", " : "", keys[i].enctype);
+        fprintf(stderr, "%s%d", (i > 0) ? ", " : "", keys[i].enctype);
 #endif
-       enctype = htonl(keys[i].enctype);
-       memcpy(&enctypes[i], &enctype, 4);
+        enctype = htonl(keys[i].enctype);
+        memcpy(&enctypes[i], &enctype, 4);
     }
 #ifdef DEBUG
     fprintf(stderr, "}.\n");
@@ -329,16 +330,16 @@ server_get_edata(krb5_context kcontext,
 /* Verify a request from a client. */
 static krb5_error_code
 server_verify(krb5_context kcontext,
-             struct _krb5_db_entry_new *client,
-             krb5_data *req_pkt,
-             krb5_kdc_req *request,
-             krb5_enc_tkt_part *enc_tkt_reply,
-             krb5_pa_data *data,
-             preauth_get_entry_data_proc server_get_entry_data,
-             void *pa_module_context,
-             void **pa_request_context,
-             krb5_data **e_data,
-             krb5_authdata ***authz_data)
+              struct _krb5_db_entry_new *client,
+              krb5_data *req_pkt,
+              krb5_kdc_req *request,
+              krb5_enc_tkt_part *enc_tkt_reply,
+              krb5_pa_data *data,
+              preauth_get_entry_data_proc server_get_entry_data,
+              void *pa_module_context,
+              void **pa_request_context,
+              krb5_data **e_data,
+              krb5_authdata ***authz_data)
 {
     krb5_int32 cksumtype;
     krb5_checksum checksum;
@@ -362,8 +363,8 @@ server_verify(krb5_context kcontext,
 #endif
     /* Verify the preauth data.  Start with the checksum type. */
     if (data->length < 4) {
-       stats->failures++;
-       return KRB5KDC_ERR_PREAUTH_FAILED;
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     memcpy(&cksumtype, data->contents, 4);
     memset(&checksum, 0, sizeof(checksum));
@@ -371,75 +372,75 @@ server_verify(krb5_context kcontext,
 
     /* Verify that the amount of data we have left is what we expect. */
     if (krb5_c_checksum_length(kcontext, checksum.checksum_type,
-                              &length) != 0) {
+                               &length) != 0) {
 #ifdef DEBUG
-       fprintf(stderr, "Error determining checksum size (type = %d). "
-               "Is it supported?\n", checksum.checksum_type);
+        fprintf(stderr, "Error determining checksum size (type = %d). "
+                "Is it supported?\n", checksum.checksum_type);
 #endif
-       stats->failures++;
-       return KRB5KDC_ERR_SUMTYPE_NOSUPP;
+        stats->failures++;
+        return KRB5KDC_ERR_SUMTYPE_NOSUPP;
     }
     if (data->length - 4 != length) {
 #ifdef DEBUG
-       fprintf(stderr, "Checksum size doesn't match client packet size.\n");
+        fprintf(stderr, "Checksum size doesn't match client packet size.\n");
 #endif
-       stats->failures++;
-       return KRB5KDC_ERR_PREAUTH_FAILED;
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     checksum.length = length;
 
     /* Pull up the client's keys. */
     key_data = NULL;
     if ((*server_get_entry_data)(kcontext, request, client,
-                                krb5plugin_preauth_keys, &key_data) != 0) {
+                                 krb5plugin_preauth_keys, &key_data) != 0) {
 #ifdef DEBUG
-       fprintf(stderr, "Error retrieving client keys.\n");
+        fprintf(stderr, "Error retrieving client keys.\n");
 #endif
-       stats->failures++;
-       return KRB5KDC_ERR_PREAUTH_FAILED;
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     /* Find the key which would have been used to generate the checksum. */
     keys = (krb5_keyblock *) key_data->data;
     key = NULL;
     for (i = 0; keys[i].enctype != 0; i++) {
-       key = &keys[i];
-       cksumtypes_count = 0;
-       cksumtypes = NULL;
-       if (krb5_c_keyed_checksum_types(kcontext, key->enctype,
-                                       &cksumtypes_count, &cksumtypes) != 0)
-           continue;
-       for (j = 0; j < cksumtypes_count; j++) {
-           if (cksumtypes[j] == checksum.checksum_type)
-               break;
-       }
-       if (cksumtypes != NULL)
-           krb5_free_cksumtypes(kcontext, cksumtypes);
-       if (j < cksumtypes_count) {
+        key = &keys[i];
+        cksumtypes_count = 0;
+        cksumtypes = NULL;
+        if (krb5_c_keyed_checksum_types(kcontext, key->enctype,
+                                        &cksumtypes_count, &cksumtypes) != 0)
+            continue;
+        for (j = 0; j < cksumtypes_count; j++) {
+            if (cksumtypes[j] == checksum.checksum_type)
+                break;
+        }
+        if (cksumtypes != NULL)
+            krb5_free_cksumtypes(kcontext, cksumtypes);
+        if (j < cksumtypes_count) {
 #ifdef DEBUG
-           fprintf(stderr, "Found checksum key.\n");
+            fprintf(stderr, "Found checksum key.\n");
 #endif
-           break;
-       }
+            break;
+        }
     }
     if ((key == NULL) || (key->enctype == 0)) {
-       for (i = 0; keys[i].enctype != 0; i++)
-           krb5_free_keyblock_contents(kcontext, &keys[i]);
-       krb5_free_data(kcontext, key_data);
-       stats->failures++;
-       return KRB5KDC_ERR_SUMTYPE_NOSUPP;
+        for (i = 0; keys[i].enctype != 0; i++)
+            krb5_free_keyblock_contents(kcontext, &keys[i]);
+        krb5_free_data(kcontext, key_data);
+        stats->failures++;
+        return KRB5KDC_ERR_SUMTYPE_NOSUPP;
     }
 
     /* Save a copy of the key. */
     if (krb5_copy_keyblock(kcontext, &keys[i], &key) != 0) {
-       for (i = 0; keys[i].enctype != 0; i++)
-           krb5_free_keyblock_contents(kcontext, &keys[i]);
-       krb5_free_data(kcontext, key_data);
-       stats->failures++;
-       return KRB5KDC_ERR_SUMTYPE_NOSUPP;
+        for (i = 0; keys[i].enctype != 0; i++)
+            krb5_free_keyblock_contents(kcontext, &keys[i]);
+        krb5_free_data(kcontext, key_data);
+        stats->failures++;
+        return KRB5KDC_ERR_SUMTYPE_NOSUPP;
     }
     for (i = 0; keys[i].enctype != 0; i++)
-       krb5_free_keyblock_contents(kcontext, &keys[i]);
+        krb5_free_keyblock_contents(kcontext, &keys[i]);
     krb5_free_data(kcontext, key_data);
 
     /* Rebuild a copy of the client's request-body.  If we were serious
@@ -448,24 +449,24 @@ server_verify(krb5_context kcontext,
      * will probably work if it's us on both ends, though. */
     req_body = NULL;
     if ((*server_get_entry_data)(kcontext, request, client,
-                                krb5plugin_preauth_request_body,
-                                &req_body) != 0) {
-       krb5_free_keyblock(kcontext, key);
-       stats->failures++;
-       return KRB5KDC_ERR_PREAUTH_FAILED;
+                                 krb5plugin_preauth_request_body,
+                                 &req_body) != 0) {
+        krb5_free_keyblock(kcontext, key);
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
 #ifdef DEBUG
     fprintf(stderr, "AS key type %d, checksum type %d, %d bytes.\n",
-           key->enctype, checksum.checksum_type, req_body->length);
+            key->enctype, checksum.checksum_type, req_body->length);
 #endif
 
     /* Verify the checksum itself. */
     checksum.contents = data->contents + 4;
     valid = FALSE;
     status = krb5_c_verify_checksum(kcontext, key,
-                                   KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
-                                   req_body, &checksum, &valid);
+                                    KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                    req_body, &checksum, &valid);
 
     /* Clean up. */
     krb5_free_data(kcontext, req_body);
@@ -474,26 +475,26 @@ server_verify(krb5_context kcontext,
     /* Evaluate our results. */
     if ((status != 0) || (!valid)) {
 #ifdef DEBUG
-       if (status != 0) {
-           fprintf(stderr, "Error in checksum verification.\n");
-       } else {
-           fprintf(stderr, "Checksum mismatch.\n");
-       }
+        if (status != 0) {
+            fprintf(stderr, "Error in checksum verification.\n");
+        } else {
+            fprintf(stderr, "Checksum mismatch.\n");
+        }
 #endif
-       /* Return edata to exercise code that handles edata... */
-       test_edata = malloc(sizeof(*test_edata));
-       if (test_edata != NULL) {
-           test_edata->data = malloc(20);
-           if (test_edata->data == NULL) {
-               free(test_edata);
-           } else {
-               test_edata->length = 20;
-               memset(test_edata->data, 'F', 20); /* fill it with junk */
-               *e_data = test_edata;
-           }
-       }
-       stats->failures++;
-       return KRB5KDC_ERR_PREAUTH_FAILED;
+        /* Return edata to exercise code that handles edata... */
+        test_edata = malloc(sizeof(*test_edata));
+        if (test_edata != NULL) {
+            test_edata->data = malloc(20);
+            if (test_edata->data == NULL) {
+                free(test_edata);
+            } else {
+                test_edata->length = 20;
+                memset(test_edata->data, 'F', 20); /* fill it with junk */
+                *e_data = test_edata;
+            }
+        }
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     /*
@@ -518,54 +519,54 @@ server_verify(krb5_context kcontext,
 #endif
     my_authz_data = malloc(2 * sizeof(*my_authz_data));
     if (my_authz_data != NULL) {
-       my_authz_data[1] = NULL;
-       my_authz_data[0] = malloc(sizeof(krb5_authdata));
-       if (my_authz_data[0] == NULL) {
-           free(my_authz_data);
-           return ENOMEM;
-       }
-       my_authz_data[0]->contents = malloc(AD_ALLOC_SIZE);
-       if (my_authz_data[0]->contents == NULL) {
-           free(my_authz_data[0]);
-           free(my_authz_data);
-           return ENOMEM;
-       }
-       memset(my_authz_data[0]->contents, '\0', AD_ALLOC_SIZE);
-       my_authz_data[0]->magic = KV5M_AUTHDATA;
-       my_authz_data[0]->ad_type = 1;
-       my_authz_data[0]->length = AD_ALLOC_SIZE;
-       memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header));
-       snprintf(my_authz_data[0]->contents + sizeof(ad_header),
-                AD_ALLOC_SIZE - sizeof(ad_header),
-                "cksum authorization data: %d bytes worth!\n", AD_ALLOC_SIZE);
-       *authz_data = my_authz_data;
+        my_authz_data[1] = NULL;
+        my_authz_data[0] = malloc(sizeof(krb5_authdata));
+        if (my_authz_data[0] == NULL) {
+            free(my_authz_data);
+            return ENOMEM;
+        }
+        my_authz_data[0]->contents = malloc(AD_ALLOC_SIZE);
+        if (my_authz_data[0]->contents == NULL) {
+            free(my_authz_data[0]);
+            free(my_authz_data);
+            return ENOMEM;
+        }
+        memset(my_authz_data[0]->contents, '\0', AD_ALLOC_SIZE);
+        my_authz_data[0]->magic = KV5M_AUTHDATA;
+        my_authz_data[0]->ad_type = 1;
+        my_authz_data[0]->length = AD_ALLOC_SIZE;
+        memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header));
+        snprintf(my_authz_data[0]->contents + sizeof(ad_header),
+                 AD_ALLOC_SIZE - sizeof(ad_header),
+                 "cksum authorization data: %d bytes worth!\n", AD_ALLOC_SIZE);
+        *authz_data = my_authz_data;
 #ifdef DEBUG
-       fprintf(stderr, "Returning %d bytes of authorization data\n",
-               AD_ALLOC_SIZE);
+        fprintf(stderr, "Returning %d bytes of authorization data\n",
+                AD_ALLOC_SIZE);
 #endif
     }
 
     /* Return edata to exercise code that handles edata... */
     test_edata = malloc(sizeof(*test_edata));
     if (test_edata != NULL) {
-       test_edata->data = malloc(20);
-       if (test_edata->data == NULL) {
-           free(test_edata);
-       } else {
-           test_edata->length = 20;
-           memset(test_edata->data, 'S', 20); /* fill it with junk */
-           *e_data = test_edata;
-       }
+        test_edata->data = malloc(20);
+        if (test_edata->data == NULL) {
+            free(test_edata);
+        } else {
+            test_edata->length = 20;
+            memset(test_edata->data, 'S', 20); /* fill it with junk */
+            *e_data = test_edata;
+        }
     }
 
     /* Return a request context to exercise code that handles it */
     svr_req_ctx = malloc(sizeof(*svr_req_ctx));
     if (svr_req_ctx != NULL) {
-       svr_req_ctx->value1 = 111111;
-       svr_req_ctx->value2 = 222222;
+        svr_req_ctx->value1 = 111111;
+        svr_req_ctx->value2 = 222222;
 #ifdef DEBUG
-       fprintf(stderr, "server_verify: returning context at %p\n",
-               svr_req_ctx);
+        fprintf(stderr, "server_verify: returning context at %p\n",
+                svr_req_ctx);
 #endif
     }
     *pa_request_context = svr_req_ctx;
@@ -579,17 +580,17 @@ server_verify(krb5_context kcontext,
 /* Create the response for a client. */
 static krb5_error_code
 server_return(krb5_context kcontext,
-             krb5_pa_data *padata,
-             struct _krb5_db_entry_new *client,
-             krb5_data *req_pkt,
-             krb5_kdc_req *request,
-             krb5_kdc_rep *reply,
-             struct _krb5_key_data *client_key,
-             krb5_keyblock *encrypting_key,
-             krb5_pa_data **send_pa,
-             preauth_get_entry_data_proc server_get_entry_data,
-             void *pa_module_context,
-             void **pa_request_context)
+              krb5_pa_data *padata,
+              struct _krb5_db_entry_new *client,
+              krb5_data *req_pkt,
+              krb5_kdc_req *request,
+              krb5_kdc_rep *reply,
+              struct _krb5_key_data *client_key,
+              krb5_keyblock *encrypting_key,
+              krb5_pa_data **send_pa,
+              preauth_get_entry_data_proc server_get_entry_data,
+              void *pa_module_context,
+              void **pa_request_context)
 {
     /* We don't need to send data back on the return trip. */
     *send_pa = NULL;
@@ -599,25 +600,25 @@ server_return(krb5_context kcontext,
 /* Test server request context freeing */
 static krb5_error_code
 server_free_reqctx(krb5_context kcontext,
-                  void *pa_module_context,
-                  void **pa_request_context)
+                   void *pa_module_context,
+                   void **pa_request_context)
 {
     test_svr_req_ctx *svr_req_ctx;
 #ifdef DEBUG
     fprintf(stderr, "server_free_reqctx: entered!\n");
 #endif
     if (pa_request_context == NULL)
-       return 0;
+        return 0;
 
     svr_req_ctx = *pa_request_context;
     if (svr_req_ctx == NULL)
-       return 0;
+        return 0;
 
     if (svr_req_ctx->value1 != 111111 || svr_req_ctx->value2 != 222222) {
-       fprintf(stderr, "server_free_reqctx: got invalid req context "
-               "at %p with values %d and %d\n",
-               svr_req_ctx, svr_req_ctx->value1, svr_req_ctx->value2);
-       return EINVAL;
+        fprintf(stderr, "server_free_reqctx: got invalid req context "
+                "at %p with values %d and %d\n",
+                svr_req_ctx, svr_req_ctx->value1, svr_req_ctx->value2);
+        return EINVAL;
     }
 #ifdef DEBUG
     fprintf(stderr, "server_free_reqctx: freeing context at %p\n", svr_req_ctx);
@@ -641,17 +642,17 @@ static krb5_preauthtype supported_server_pa_types[] = {
 };
 
 struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
-    "cksum_body",                          /* name */
-    &supported_client_pa_types[0],         /* pa_type_list */
-    NULL,                                  /* enctype_list */
-    NULL,                                  /* plugin init function */
-    NULL,                                  /* plugin fini function */
-    client_get_flags,                      /* get flags function */
-    NULL,                                  /* request init function */
-    NULL,                                  /* request fini function */
-    client_process,                        /* process function */
-    NULL,                                  /* try_again function */
-    client_gic_opt                         /* get init creds opt function */
+    "cksum_body",                           /* name */
+    &supported_client_pa_types[0],          /* pa_type_list */
+    NULL,                                   /* enctype_list */
+    NULL,                                   /* plugin init function */
+    NULL,                                   /* plugin fini function */
+    client_get_flags,                       /* get flags function */
+    NULL,                                   /* request init function */
+    NULL,                                   /* request fini function */
+    client_process,                         /* process function */
+    NULL,                                   /* try_again function */
+    client_gic_opt                          /* get init creds opt function */
 };
 
 struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = {
index 45b309d8baededc01147861933e321966b1e94f8..614ee47f27a1a59df9b1e94db4900f7da80b9d35 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/preauth/encrypted_challenge/encrypted_challenge.c
  *
@@ -24,8 +25,8 @@
  * or implied warranty.
  *
  *
- *
- * Implement EncryptedChallenge fast factor from draft-ietf-krb-wg-preauth-framework
+ * Implement Encrypted Challenge fast factor from
+ * draft-ietf-krb-wg-preauth-framework
  */
 
 #include <k5-int.h>
 
 #include <krb5/preauth_plugin.h>
 
-static int preauth_flags
-(krb5_context context, krb5_preauthtype pa_type)
+static int
+preauth_flags(krb5_context context, krb5_preauthtype pa_type)
 {
     return PA_REAL;
 }
 
-static krb5_error_code process_preauth
-(krb5_context context,
-                   void *plugin_context,
-                   void *request_context,
-                   krb5_get_init_creds_opt *opt,
-                   preauth_get_client_data_proc get_data_proc,
-                   struct _krb5_preauth_client_rock *rock,
-                   krb5_kdc_req *request,
-                   krb5_data *encoded_request_body,
-                   krb5_data *encoded_previous_request,
-                   krb5_pa_data *padata,
-                   krb5_prompter_fct prompter,
-                   void *prompter_data,
-                   preauth_get_as_key_proc gak_fct,
-                   void *gak_data,
-                   krb5_data *salt,
-                   krb5_data *s2kparams,
-                   krb5_keyblock *as_key,
-                   krb5_pa_data ***out_padata)
+static krb5_error_code
+process_preauth(krb5_context context, void *plugin_context,
+                void *request_context, krb5_get_init_creds_opt *opt,
+                preauth_get_client_data_proc get_data_proc,
+                struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request,
+                krb5_data *encoded_request_body,
+                krb5_data *encoded_previous_request, krb5_pa_data *padata,
+                krb5_prompter_fct prompter, void *prompter_data,
+                preauth_get_as_key_proc gak_fct, void *gak_data,
+                krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key,
+                krb5_pa_data ***out_padata)
 {
     krb5_error_code retval = 0;
     krb5_enctype enctype = 0;
@@ -87,29 +80,30 @@ static krb5_error_code process_preauth
         if (retval == 0)
             retval = krb5_c_fx_cf2_simple(context,armor_key, "kdcchallengearmor",
                                           as_key, "challengelongterm", &challenge_key);
-    if (retval == 0)
-        retval =kaccess.decode_enc_data(&scratch, &enc);
-    scratch.data = NULL;
-    if (retval == 0) {
-        scratch.data = malloc(enc->ciphertext.length);
-        scratch.length = enc->ciphertext.length;
-        if (scratch.data == NULL)
-            retval = ENOMEM;
-    }
-    if (retval == 0)
-        retval = krb5_c_decrypt(context, challenge_key,
-                                KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, NULL,
-                                enc, &scratch);
-/*Per draft 11 of the preauth framework, the client MAY but
- * is not required  to actually check the timestamp from the KDC other than
- * to confirm it decrypts. This code does not perform that check.
- */
-    if (scratch.data)
-        krb5_free_data_contents(context, &scratch);
-    if (retval == 0)
-        fast_set_kdc_verified(context, get_data_proc, rock);
-    if (enc)
-        kaccess.free_enc_data(context, enc);
+        if (retval == 0)
+            retval =kaccess.decode_enc_data(&scratch, &enc);
+        scratch.data = NULL;
+        if (retval == 0) {
+            scratch.data = malloc(enc->ciphertext.length);
+            scratch.length = enc->ciphertext.length;
+            if (scratch.data == NULL)
+                retval = ENOMEM;
+        }
+        if (retval == 0)
+            retval = krb5_c_decrypt(context, challenge_key,
+                                    KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, NULL,
+                                    enc, &scratch);
+        /*
+         * Per draft 11 of the preauth framework, the client MAY but is not
+         * required to actually check the timestamp from the KDC other than to
+         * confirm it decrypts. This code does not perform that check.
+         */
+        if (scratch.data)
+            krb5_free_data_contents(context, &scratch);
+        if (retval == 0)
+            fast_set_kdc_verified(context, get_data_proc, rock);
+        if (enc)
+            kaccess.free_enc_data(context, enc);
     } else { /*No padata; we send*/
         krb5_enc_data enc;
         krb5_pa_data *pa = NULL;
@@ -136,34 +130,34 @@ static krb5_error_code process_preauth
         if (retval == 0) {
             retval = kaccess.encode_enc_data(&enc, &encoded_ts);
             krb5_free_data_contents(context, &enc.ciphertext);
-    }
-    if (retval == 0) {
-        pa = calloc(1, sizeof(krb5_pa_data));
-        if (pa == NULL)
-            retval = ENOMEM;
-    }
-    if (retval == 0) {
-        pa_array = calloc(2, sizeof(krb5_pa_data *));
-        if (pa_array == NULL)
-            retval = ENOMEM;
-    }
-    if (retval == 0) {
-        pa->length = encoded_ts->length;
-        pa->contents = (unsigned char *) encoded_ts->data;
-        pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
-        free(encoded_ts);
-        encoded_ts = NULL;
-        pa_array[0] = pa;
-        pa = NULL;
-        *out_padata = pa_array;
-        pa_array = NULL;
-    }
-    if (pa)
-        free(pa);
-    if (encoded_ts)
-        krb5_free_data(context, encoded_ts);
-    if (pa_array)
-        free(pa_array);
+        }
+        if (retval == 0) {
+            pa = calloc(1, sizeof(krb5_pa_data));
+            if (pa == NULL)
+                retval = ENOMEM;
+        }
+        if (retval == 0) {
+            pa_array = calloc(2, sizeof(krb5_pa_data *));
+            if (pa_array == NULL)
+                retval = ENOMEM;
+        }
+        if (retval == 0) {
+            pa->length = encoded_ts->length;
+            pa->contents = (unsigned char *) encoded_ts->data;
+            pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
+            free(encoded_ts);
+            encoded_ts = NULL;
+            pa_array[0] = pa;
+            pa = NULL;
+            *out_padata = pa_array;
+            pa_array = NULL;
+        }
+        if (pa)
+            free(pa);
+        if (encoded_ts)
+            krb5_free_data(context, encoded_ts);
+        if (pa_array)
+            free(pa_array);
     }
     if (challenge_key)
         krb5_free_keyblock(context, challenge_key);
@@ -176,16 +170,12 @@ static krb5_error_code process_preauth
 }
 
 
-
-
-static krb5_error_code kdc_include_padata
-(krb5_context context,
-                 krb5_kdc_req *request,
-                 struct _krb5_db_entry_new *client,
-                 struct _krb5_db_entry_new *server,
-                 preauth_get_entry_data_proc get_entry_proc,
-                 void *pa_module_context,
-                 krb5_pa_data *data)
+static krb5_error_code
+kdc_include_padata(krb5_context context, krb5_kdc_req *request,
+                   struct _krb5_db_entry_new *client,
+                   struct _krb5_db_entry_new *server,
+                   preauth_get_entry_data_proc get_entry_proc,
+                   void *pa_module_context, krb5_pa_data *data)
 {
     krb5_error_code retval = 0;
     krb5_keyblock *armor_key = NULL;
@@ -198,18 +188,13 @@ static krb5_error_code kdc_include_padata
     return 0;
 }
 
-static krb5_error_code kdc_verify_preauth
-(krb5_context context,
-                  struct _krb5_db_entry_new *client,
-                  krb5_data *req_pkt,
-                  krb5_kdc_req *request,
-                  krb5_enc_tkt_part *enc_tkt_reply,
-                  krb5_pa_data *data,
-                  preauth_get_entry_data_proc get_entry_proc,
-                  void *pa_module_context,
-                  void **pa_request_context,
-                  krb5_data **e_data,
-                  krb5_authdata ***authz_data)
+static krb5_error_code
+kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client,
+                   krb5_data *req_pkt, krb5_kdc_req *request,
+                   krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data,
+                   preauth_get_entry_data_proc get_entry_proc,
+                   void *pa_module_context, void **pa_request_context,
+                   krb5_data **e_data, krb5_authdata ***authz_data)
 {
     krb5_error_code retval = 0;
     krb5_timestamp now;
@@ -230,7 +215,7 @@ static krb5_error_code kdc_verify_preauth
     retval = fast_kdc_get_armor_key(context, get_entry_proc, request, client, &armor_key);
     if (retval == 0 &&armor_key == NULL) {
         retval = ENOENT;
-    krb5_set_error_message(context, ENOENT, "Encrypted Challenge used outside of FAST tunnel");
+        krb5_set_error_message(context, ENOENT, "Encrypted Challenge used outside of FAST tunnel");
     }
     scratch.data = (char *) data->contents;
     scratch.length = data->length;
@@ -252,28 +237,28 @@ static krb5_error_code kdc_verify_preauth
                                           armor_key, "clientchallengearmor",
                                           &client_keys[i], "challengelongterm",
                                           &challenge_key);
-        if (retval == 0)
-            retval  = krb5_c_decrypt(context, challenge_key,
-                                     KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT,
-                                     NULL, enc, &plain);
-        if (challenge_key)
-            krb5_free_keyblock(context, challenge_key);
-        challenge_key = NULL;
-        if (retval == 0)
-            break;
-        /*We failed to decrypt. Try next key*/
-        retval = 0;
-        krb5_free_keyblock_contents(context, &client_keys[i]);
-    }
-    if (client_keys[i].enctype == 0) {
-        retval = KRB5KDC_ERR_PREAUTH_FAILED;
-        krb5_set_error_message(context, retval, "Incorrect password  in encrypted challenge");
-    } else { /*not run out of keys*/
-        int j;
-        assert (retval == 0);
-        for (j = i+1; client_keys[j].enctype; j++)
-            krb5_free_keyblock_contents(context, &client_keys[j]);
-    }
+            if (retval == 0)
+                retval  = krb5_c_decrypt(context, challenge_key,
+                                         KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT,
+                                         NULL, enc, &plain);
+            if (challenge_key)
+                krb5_free_keyblock(context, challenge_key);
+            challenge_key = NULL;
+            if (retval == 0)
+                break;
+            /*We failed to decrypt. Try next key*/
+            retval = 0;
+            krb5_free_keyblock_contents(context, &client_keys[i]);
+        }
+        if (client_keys[i].enctype == 0) {
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            krb5_set_error_message(context, retval, "Incorrect password  in encrypted challenge");
+        } else { /*not run out of keys*/
+            int j;
+            assert (retval == 0);
+            for (j = i+1; client_keys[j].enctype; j++)
+                krb5_free_keyblock_contents(context, &client_keys[j]);
+        }
 
     }
     if (retval == 0)
@@ -283,13 +268,15 @@ static krb5_error_code kdc_verify_preauth
     if (retval == 0) {
         if (labs(now-ts->patimestamp) < context->clockskew) {
             enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
-            /*If this fails, we won't generate a reply to the client.  That may
-             * cause the client to fail, but at this point the KDC has considered
-             * this a success, so the return value is ignored. */
+            /*
+             * If this fails, we won't generate a reply to the client.  That
+             * may cause the client to fail, but at this point the KDC has
+             * considered this a success, so the return value is ignored.
+             */
             fast_kdc_replace_reply_key(context, get_entry_proc, request);
             krb5_c_fx_cf2_simple(context, armor_key, "kdcchallengearmor",
-                            &client_keys[i], "challengelongterm",
-                            (krb5_keyblock **) pa_request_context);
+                                 &client_keys[i], "challengelongterm",
+                                 (krb5_keyblock **) pa_request_context);
         } else { /*skew*/
             retval = KRB5KRB_AP_ERR_SKEW;
         }
@@ -310,19 +297,14 @@ static krb5_error_code kdc_verify_preauth
     return retval;
 }
 
-static krb5_error_code kdc_return_preauth
-(krb5_context context,
-                  krb5_pa_data * padata,
-                  struct _krb5_db_entry_new *client,
-                  krb5_data *req_pkt,
-                  krb5_kdc_req *request,
-                  krb5_kdc_rep *reply,
-                  struct _krb5_key_data *client_keys,
-                  krb5_keyblock *encrypting_key,
-                  krb5_pa_data **send_pa,
-                  preauth_get_entry_data_proc get_entry_proc,
-                  void *pa_module_context,
-                  void **pa_request_context)
+static krb5_error_code
+kdc_return_preauth(krb5_context context, krb5_pa_data *padata,
+                   struct _krb5_db_entry_new *client, krb5_data *req_pkt,
+                   krb5_kdc_req *request, krb5_kdc_rep *reply,
+                   struct _krb5_key_data *client_keys,
+                   krb5_keyblock *encrypting_key, krb5_pa_data **send_pa,
+                   preauth_get_entry_data_proc get_entry_proc,
+                   void *pa_module_context, void **pa_request_context)
 {
     krb5_error_code retval = 0;
     krb5_keyblock *challenge_key = *pa_request_context;
@@ -338,7 +320,7 @@ static krb5_error_code kdc_return_preauth
     if (challenge_key == NULL)
         return 0;
     * pa_request_context = NULL; /*this function will free the
-                  * challenge key*/
+                                  * challenge key*/
     enc.ciphertext.data = NULL; /* In case of error pass through */
 
     retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
@@ -352,8 +334,8 @@ static krb5_error_code kdc_return_preauth
         retval = kaccess.encode_enc_data(&enc, &encoded);
     if (retval == 0) {
         pa = calloc(1, sizeof(krb5_pa_data));
-    if (pa == NULL)
-        retval = ENOMEM;
+        if (pa == NULL)
+            retval = ENOMEM;
     }
     if (retval == 0) {
         pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
@@ -374,8 +356,8 @@ static krb5_error_code kdc_return_preauth
     return retval;
 }
 
-static int kdc_preauth_flags
-(krb5_context context, krb5_preauthtype  patype)
+static int
+kdc_preauth_flags(krb5_context context, krb5_preauthtype patype)
 {
     return 0;
 }
index 1e7696f02cd2ec0e9efb9672325ee82cf2925403..0789c1ad1822621d6e4362ff8ea60af11df30258 100644 (file)
@@ -1,53 +1,60 @@
-/*Returns success with a null armor_key if  FAST is available but not in use.
-Returns failure if the client library does not support FAST
-*/
-static  krb5_error_code fast_get_armor_key
-(krb5_context context, preauth_get_client_data_proc get_data,
- struct _krb5_preauth_client_rock *rock,
- krb5_keyblock **armor_key)
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+/*
+ * Returns success with a null armor_key if FAST is available but not in use.
+ * Returns failure if the client library does not support FAST.
+ */
+static krb5_error_code
+fast_get_armor_key(krb5_context context, preauth_get_client_data_proc get_data,
+                   struct _krb5_preauth_client_rock *rock,
+                   krb5_keyblock **armor_key)
 {
     krb5_error_code retval = 0;
     krb5_data *data;
     retval = get_data(context, rock, krb5plugin_preauth_client_fast_armor, &data);
     if (retval == 0) {
-       *armor_key = (krb5_keyblock *) data->data;
-       data->data = NULL;
-       get_data(context, rock, krb5plugin_preauth_client_free_fast_armor,
-                &data);
+        *armor_key = (krb5_keyblock *) data->data;
+        data->data = NULL;
+        get_data(context, rock, krb5plugin_preauth_client_free_fast_armor,
+                 &data);
     }
     return retval;
 }
 
-static krb5_error_code fast_kdc_get_armor_key
-(krb5_context context, preauth_get_entry_data_proc get_entry,
- krb5_kdc_req *request,struct _krb5_db_entry_new *client,
- krb5_keyblock **armor_key)
+static krb5_error_code
+fast_kdc_get_armor_key(krb5_context context,
+                       preauth_get_entry_data_proc get_entry,
+                       krb5_kdc_req *request,
+                       struct _krb5_db_entry_new *client,
+                       krb5_keyblock **armor_key)
 {
     krb5_error_code retval;
     krb5_data *data;
-     retval = get_entry(context, request, client,  krb5plugin_preauth_fast_armor,
-                       &data);
-     if (retval == 0) {
-        *armor_key = (krb5_keyblock *) data->data;
-        data->data = NULL;
-        get_entry(context, request, client,
-                  krb5plugin_preauth_free_fast_armor, &data);
-     }
-     return retval;
- }
+    retval = get_entry(context, request, client,  krb5plugin_preauth_fast_armor,
+                       &data);
+    if (retval == 0) {
+        *armor_key = (krb5_keyblock *) data->data;
+        data->data = NULL;
+        get_entry(context, request, client,
+                  krb5plugin_preauth_free_fast_armor, &data);
+    }
+    return retval;
+}
 
 
 
- static krb5_error_code fast_kdc_replace_reply_key
- (krb5_context context, preauth_get_entry_data_proc get_data,
-  krb5_kdc_req *request)
- {
-     return 0;
- }
+static krb5_error_code
+fast_kdc_replace_reply_key(krb5_context context,
+                           preauth_get_entry_data_proc get_data,
+                           krb5_kdc_req *request)
+{
+    return 0;
+}
 
-static krb5_error_code fast_set_kdc_verified
-(krb5_context context, preauth_get_client_data_proc     get_data,
- struct _krb5_preauth_client_rock *rock)
+static krb5_error_code
+fast_set_kdc_verified(krb5_context context,
+                      preauth_get_client_data_proc get_data,
+                      struct _krb5_preauth_client_rock *rock)
 {
     return 0;
 }
index 655f2b94961430b04648c3f8470e6e2d10843663..5576a0837b434d87c11d67bfb52dd71076ea3e8e 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2006 Red Hat, Inc.
  * All rights reserved.
@@ -64,7 +65,7 @@ client_init(krb5_context kcontext, void **ctx)
 
     pctx = malloc(sizeof(int));
     if (pctx == NULL)
-       return ENOMEM;
+        return ENOMEM;
     *pctx = 0;
     *ctx = pctx;
     return 0;
@@ -86,22 +87,22 @@ client_fini(krb5_context kcontext, void *ctx)
 
 static krb5_error_code
 client_process(krb5_context kcontext,
-              void *plugin_context,
-              void *request_context,
-              krb5_get_init_creds_opt *opt,
-              preauth_get_client_data_proc client_get_data_proc,
-              struct _krb5_preauth_client_rock *rock,
-              krb5_kdc_req *request,
-              krb5_data *encoded_request_body,
-              krb5_data *encoded_previous_request,
-              krb5_pa_data *pa_data,
-              krb5_prompter_fct prompter,
-              void *prompter_data,
-              preauth_get_as_key_proc gak_fct,
-              void *gak_data,
-              krb5_data *salt, krb5_data *s2kparams,
-              krb5_keyblock *as_key,
-              krb5_pa_data ***out_pa_data)
+               void *plugin_context,
+               void *request_context,
+               krb5_get_init_creds_opt *opt,
+               preauth_get_client_data_proc client_get_data_proc,
+               struct _krb5_preauth_client_rock *rock,
+               krb5_kdc_req *request,
+               krb5_data *encoded_request_body,
+               krb5_data *encoded_previous_request,
+               krb5_pa_data *pa_data,
+               krb5_prompter_fct prompter,
+               void *prompter_data,
+               preauth_get_as_key_proc gak_fct,
+               void *gak_data,
+               krb5_data *salt, krb5_data *s2kparams,
+               krb5_keyblock *as_key,
+               krb5_pa_data ***out_pa_data)
 {
     krb5_pa_data **send_pa;
     krb5_int32 nnonce, enctype;
@@ -111,58 +112,58 @@ client_process(krb5_context kcontext,
 
 #ifdef DEBUG
     fprintf(stderr, "%d bytes of preauthentication data (type %d)\n",
-           pa_data->length, pa_data->pa_type);
+            pa_data->length, pa_data->pa_type);
 #endif
 
     pctx = plugin_context;
     if (pctx) {
-       (*pctx)++;
+        (*pctx)++;
     }
 
     if (pa_data->length == 0) {
-       /* Create preauth data. */
-       send_pa = malloc(2 * sizeof(krb5_pa_data *));
-       if (send_pa == NULL)
-           return ENOMEM;
-       send_pa[1] = NULL;  /* Terminate list */
-       send_pa[0] = malloc(sizeof(krb5_pa_data));
-       if (send_pa[0] == NULL) {
-           free(send_pa);
-           return ENOMEM;
-       }
-       send_pa[0]->pa_type = KRB5_PADATA_WPSE_REQ;
-       send_pa[0]->length = 4;
-       send_pa[0]->contents = malloc(4);
-       if (send_pa[0]->contents == NULL) {
-           free(send_pa[0]);
-           free(send_pa);
-           return ENOMEM;
-       }
-       /* Store the preauth data. */
-       nnonce = htonl(request->nonce);
-       memcpy(send_pa[0]->contents, &nnonce, 4);
-       *out_pa_data = send_pa;
+        /* Create preauth data. */
+        send_pa = malloc(2 * sizeof(krb5_pa_data *));
+        if (send_pa == NULL)
+            return ENOMEM;
+        send_pa[1] = NULL;  /* Terminate list */
+        send_pa[0] = malloc(sizeof(krb5_pa_data));
+        if (send_pa[0] == NULL) {
+            free(send_pa);
+            return ENOMEM;
+        }
+        send_pa[0]->pa_type = KRB5_PADATA_WPSE_REQ;
+        send_pa[0]->length = 4;
+        send_pa[0]->contents = malloc(4);
+        if (send_pa[0]->contents == NULL) {
+            free(send_pa[0]);
+            free(send_pa);
+            return ENOMEM;
+        }
+        /* Store the preauth data. */
+        nnonce = htonl(request->nonce);
+        memcpy(send_pa[0]->contents, &nnonce, 4);
+        *out_pa_data = send_pa;
     } else {
-       /* A reply from the KDC.  Conventionally this would be
-        * indicated by a different preauthentication type, but this
-        * mechanism/implementation doesn't do that. */
-       if (pa_data->length > 4) {
-           memcpy(&enctype, pa_data->contents, 4);
-           kb = NULL;
-           status = krb5_init_keyblock(kcontext, ntohl(enctype),
-                                       pa_data->length - 4, &kb);
-           if (status != 0)
-               return status;
-           memcpy(kb->contents, pa_data->contents + 4, pa_data->length - 4);
+        /* A reply from the KDC.  Conventionally this would be
+         * indicated by a different preauthentication type, but this
+         * mechanism/implementation doesn't do that. */
+        if (pa_data->length > 4) {
+            memcpy(&enctype, pa_data->contents, 4);
+            kb = NULL;
+            status = krb5_init_keyblock(kcontext, ntohl(enctype),
+                                        pa_data->length - 4, &kb);
+            if (status != 0)
+                return status;
+            memcpy(kb->contents, pa_data->contents + 4, pa_data->length - 4);
 #ifdef DEBUG
-           fprintf(stderr, "Recovered key type=%d, length=%d.\n",
-                   kb->enctype, kb->length);
+            fprintf(stderr, "Recovered key type=%d, length=%d.\n",
+                    kb->enctype, kb->length);
 #endif
-           status = krb5_copy_keyblock_contents(kcontext, kb, as_key);
-           krb5_free_keyblock(kcontext, kb);
-           return status;
-       }
-       return KRB5KRB_ERR_GENERIC;
+            status = krb5_copy_keyblock_contents(kcontext, kb, as_key);
+            krb5_free_keyblock(kcontext, kb);
+            return status;
+        }
+        return KRB5KRB_ERR_GENERIC;
     }
     return 0;
 }
@@ -185,7 +186,7 @@ client_req_init(krb5_context kcontext, void *plugin_context, void **req_context_
      * do per-request cleanup. */
     ctx = (wpse_req_ctx *) malloc(sizeof(*ctx));
     if (ctx == NULL)
-       return;
+        return;
     ctx->magic = WPSE_MAGIC;
     ctx->value = 0xc0dec0de;
 
@@ -199,31 +200,31 @@ client_req_cleanup(krb5_context kcontext, void *plugin_context, void *req_contex
 
     if (ctx) {
 #ifdef DEBUG
-       fprintf(stderr, "client_req_cleanup: req_ctx at %p has magic %x and value %x\n",
-               ctx, ctx->magic, ctx->value);
+        fprintf(stderr, "client_req_cleanup: req_ctx at %p has magic %x and value %x\n",
+                ctx, ctx->magic, ctx->value);
 #endif
-       if (ctx->magic != WPSE_MAGIC) {
+        if (ctx->magic != WPSE_MAGIC) {
 #ifdef DEBUG
-           fprintf(stderr, "client_req_cleanup: req_context at %p has bad magic value %x\n",
-                   ctx, ctx->magic);
+            fprintf(stderr, "client_req_cleanup: req_context at %p has bad magic value %x\n",
+                    ctx, ctx->magic);
 #endif
-           return;
-       }
-       free(ctx);
+            return;
+        }
+        free(ctx);
     }
     return;
 }
 
 static krb5_error_code
 client_gic_opt(krb5_context kcontext,
-              void *plugin_context,
-              krb5_get_init_creds_opt *opt,
-              const char *attr,
-              const char *value)
+               void *plugin_context,
+               krb5_get_init_creds_opt *opt,
+               const char *attr,
+               const char *value)
 {
 #ifdef DEBUG
     fprintf(stderr, "(wpse) client_gic_opt: received '%s' = '%s'\n",
-           attr, value);
+            attr, value);
 #endif
     return 0;
 }
@@ -232,11 +233,11 @@ client_gic_opt(krb5_context kcontext,
 /* Free state. */
 static krb5_error_code
 server_free_pa_request_context(krb5_context kcontext, void *plugin_context,
-                              void **request_context)
+                               void **request_context)
 {
     if (*request_context != NULL) {
-       free(*request_context);
-       *request_context = NULL;
+        free(*request_context);
+        *request_context = NULL;
     }
     return 0;
 }
@@ -245,12 +246,12 @@ server_free_pa_request_context(krb5_context kcontext, void *plugin_context,
  * client) which matches type data->pa_type. */
 static krb5_error_code
 server_get_edata(krb5_context kcontext,
-                krb5_kdc_req *request,
-                struct _krb5_db_entry_new *client,
-                struct _krb5_db_entry_new *server,
-                preauth_get_entry_data_proc server_get_entry_data,
-                void *pa_module_context,
-                krb5_pa_data *data)
+                 krb5_kdc_req *request,
+                 struct _krb5_db_entry_new *client,
+                 struct _krb5_db_entry_new *server,
+                 preauth_get_entry_data_proc server_get_entry_data,
+                 void *pa_module_context,
+                 krb5_pa_data *data)
 {
     /* Return zero bytes of data. */
     data->length = 0;
@@ -261,16 +262,16 @@ server_get_edata(krb5_context kcontext,
 /* Verify a request from a client. */
 static krb5_error_code
 server_verify(krb5_context kcontext,
-             struct _krb5_db_entry_new *client,
-             krb5_data *req_pkt,
-             krb5_kdc_req *request,
-             krb5_enc_tkt_part *enc_tkt_reply,
-             krb5_pa_data *data,
-             preauth_get_entry_data_proc server_get_entry_data,
-             void *pa_module_context,
-             void **pa_request_context,
-             krb5_data **e_data,
-             krb5_authdata ***authz_data)
+              struct _krb5_db_entry_new *client,
+              krb5_data *req_pkt,
+              krb5_kdc_req *request,
+              krb5_enc_tkt_part *enc_tkt_reply,
+              krb5_pa_data *data,
+              preauth_get_entry_data_proc server_get_entry_data,
+              void *pa_module_context,
+              void **pa_request_context,
+              krb5_data **e_data,
+              krb5_authdata ***authz_data)
 {
     krb5_int32 nnonce;
     krb5_data *test_edata;
@@ -281,18 +282,18 @@ server_verify(krb5_context kcontext,
 #endif
     /* Verify the preauth data. */
     if (data->length != 4)
-       return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     memcpy(&nnonce, data->contents, 4);
     nnonce = ntohl(nnonce);
     if (memcmp(&nnonce, &request->nonce, 4) != 0)
-       return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     /* Note that preauthentication succeeded. */
     enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
     enc_tkt_reply->flags |= TKT_FLG_HW_AUTH;
     /* Allocate a context. Useful for verifying that we do in fact do
      * per-request cleanup. */
     if (*pa_request_context == NULL)
-       *pa_request_context = malloc(4);
+        *pa_request_context = malloc(4);
 
     /*
      * Return some junk authorization data just to exercise the
@@ -334,8 +335,8 @@ server_verify(krb5_context kcontext,
         my_authz_data[0]->length = AD_ALLOC_SIZE;
         memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header));
         snprintf(my_authz_data[0]->contents + sizeof(ad_header),
-                AD_ALLOC_SIZE - sizeof(ad_header),
-                "wpse authorization data: %d bytes worth!\n", AD_ALLOC_SIZE);
+                 AD_ALLOC_SIZE - sizeof(ad_header),
+                 "wpse authorization data: %d bytes worth!\n", AD_ALLOC_SIZE);
         *authz_data = my_authz_data;
 #ifdef DEBUG
         fprintf(stderr, "Returning %d bytes of authorization data\n",
@@ -346,14 +347,14 @@ server_verify(krb5_context kcontext,
     /* Return edata to exercise code that handles edata... */
     test_edata = malloc(sizeof(*test_edata));
     if (test_edata != NULL) {
-       test_edata->data = malloc(20);
-       if (test_edata->data == NULL) {
-           free(test_edata);
-       } else {
-           test_edata->length = 20;
-           memset(test_edata->data, '#', 20); /* fill it with junk */
-           *e_data = test_edata;
-       }
+        test_edata->data = malloc(20);
+        if (test_edata->data == NULL) {
+            free(test_edata);
+        } else {
+            test_edata->length = 20;
+            memset(test_edata->data, '#', 20); /* fill it with junk */
+            *e_data = test_edata;
+        }
     }
     return 0;
 }
@@ -361,17 +362,17 @@ server_verify(krb5_context kcontext,
 /* Create the response for a client. */
 static krb5_error_code
 server_return(krb5_context kcontext,
-             krb5_pa_data *padata,
-             struct _krb5_db_entry_new *client,
-             krb5_data *req_pkt,
-             krb5_kdc_req *request,
-             krb5_kdc_rep *reply,
-             struct _krb5_key_data *client_key,
-             krb5_keyblock *encrypting_key,
-             krb5_pa_data **send_pa,
-             preauth_get_entry_data_proc server_get_entry_data,
-             void *pa_module_context,
-             void **pa_request_context)
+              krb5_pa_data *padata,
+              struct _krb5_db_entry_new *client,
+              krb5_data *req_pkt,
+              krb5_kdc_req *request,
+              krb5_kdc_rep *reply,
+              struct _krb5_key_data *client_key,
+              krb5_keyblock *encrypting_key,
+              krb5_pa_data **send_pa,
+              preauth_get_entry_data_proc server_get_entry_data,
+              void *pa_module_context,
+              void **pa_request_context)
 {
     /* This module does a couple of dumb things.  It tags its reply with
      * the same type as the initial challenge (expecting the client to sort
@@ -385,39 +386,39 @@ server_return(krb5_context kcontext,
 
     /* We'll want a key with the first supported enctype. */
     for (i = 0; i < request->nktypes; i++) {
-       kb = NULL;
-       if (krb5_init_keyblock(kcontext, request->ktype[i], 0, &kb) == 0) {
-           break;
-       }
+        kb = NULL;
+        if (krb5_init_keyblock(kcontext, request->ktype[i], 0, &kb) == 0) {
+            break;
+        }
     }
     if (i >= request->nktypes) {
-       /* No matching cipher type found. */
-       return 0;
+        /* No matching cipher type found. */
+        return 0;
     }
 
     /* Randomize a key and save it for the client. */
     if (krb5_c_make_random_key(kcontext, request->ktype[i], kb) != 0) {
-       krb5_free_keyblock(kcontext, kb);
-       return 0;
+        krb5_free_keyblock(kcontext, kb);
+        return 0;
     }
 #ifdef DEBUG
     fprintf(stderr, "Generated random key, type=%d, length=%d.\n",
-           kb->enctype, kb->length);
+            kb->enctype, kb->length);
 #endif
 
     *send_pa = malloc(sizeof(krb5_pa_data));
     if (*send_pa == NULL) {
-       krb5_free_keyblock(kcontext, kb);
-       return ENOMEM;
+        krb5_free_keyblock(kcontext, kb);
+        return ENOMEM;
     }
     (*send_pa)->pa_type = KRB5_PADATA_WPSE_REQ;
     (*send_pa)->length = 4 + kb->length;
     (*send_pa)->contents = malloc(4 + kb->length);
     if ((*send_pa)->contents == NULL) {
-       free(*send_pa);
-       *send_pa = NULL;
-       krb5_free_keyblock(kcontext, kb);
-       return ENOMEM;
+        free(*send_pa);
+        *send_pa = NULL;
+        krb5_free_keyblock(kcontext, kb);
+        return ENOMEM;
     }
 
     /* Store the preauth data. */
@@ -444,17 +445,17 @@ static krb5_preauthtype supported_client_pa_types[] = {KRB5_PADATA_WPSE_REQ, 0};
 static krb5_preauthtype supported_server_pa_types[] = {KRB5_PADATA_WPSE_REQ, 0};
 
 struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
-    "wpse",                                /* name */
-    &supported_client_pa_types[0],         /* pa_type_list */
-    NULL,                                  /* enctype_list */
-    client_init,                           /* plugin init function */
-    client_fini,                           /* plugin fini function */
-    client_get_flags,                      /* get flags function */
-    client_req_init,                       /* request init function */
-    client_req_cleanup,                            /* request fini function */
-    client_process,                        /* process function */
-    NULL,                                  /* try_again function */
-    client_gic_opt                         /* get init creds opts function */
+    "wpse",                                 /* name */
+    &supported_client_pa_types[0],          /* pa_type_list */
+    NULL,                                   /* enctype_list */
+    client_init,                            /* plugin init function */
+    client_fini,                            /* plugin fini function */
+    client_get_flags,                       /* get flags function */
+    client_req_init,                        /* request init function */
+    client_req_cleanup,                     /* request fini function */
+    client_process,                         /* process function */
+    NULL,                                   /* try_again function */
+    client_gic_opt                          /* get init creds opts function */
 };
 
 struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = {