Update the kadmin client code to most current coding practices
authorGreg Hudson <ghudson@mit.edu>
Thu, 24 Sep 2009 16:48:57 +0000 (16:48 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 24 Sep 2009 16:48:57 +0000 (16:48 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22785 dc483132-0cff-0310-8789-dd5450dbe970

src/kadmin/cli/kadmin.c
src/kadmin/cli/keytab.c
src/kadmin/cli/ss_wrapper.c
src/tests/dejagnu/krb-standalone/kadmin.exp

index 6f8c04b8e0a2406058b9bf09bd843175bded5f3a..ad9f6bc9bdab40a523dd74de4e168bbacb79348c 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
 /* special struct to convert flag names for principals
    to actual krb5_flags for a principal */
 struct pflag {
-    char *flagname;            /* name of flag as typed to CLI */
-    int flaglen;               /* length of string (not counting -,+) */
-    krb5_flags theflag;                /* actual principal flag to set/clear */
-    int set;                   /* 0 means clear, 1 means set (on '-') */
+    char *flagname;             /* name of flag as typed to CLI */
+    size_t flaglen;             /* length of string (not counting -,+) */
+    krb5_flags theflag;         /* actual principal flag to set/clear */
+    int set;                    /* 0 means clear, 1 means set (on '-') */
 };
 
 static struct pflag flags[] = {
-{"allow_postdated",    15,     KRB5_KDB_DISALLOW_POSTDATED,    1},
-{"allow_forwardable",  17,     KRB5_KDB_DISALLOW_FORWARDABLE,  1},
-{"allow_tgs_req",      13,     KRB5_KDB_DISALLOW_TGT_BASED,    1},
-{"allow_renewable",    15,     KRB5_KDB_DISALLOW_RENEWABLE,    1},
-{"allow_proxiable",    15,     KRB5_KDB_DISALLOW_PROXIABLE,    1},
-{"allow_dup_skey",     14,     KRB5_KDB_DISALLOW_DUP_SKEY,     1},
-{"allow_tix", 9,       KRB5_KDB_DISALLOW_ALL_TIX,      1},
-{"requires_preauth",   16,     KRB5_KDB_REQUIRES_PRE_AUTH,     0},
-{"requires_hwauth",    15,     KRB5_KDB_REQUIRES_HW_AUTH,      0},
-{"needchange", 10,     KRB5_KDB_REQUIRES_PWCHANGE,     0},
-{"allow_svr", 9,       KRB5_KDB_DISALLOW_SVR, 1},
-{"password_changing_service",  25,     KRB5_KDB_PWCHANGE_SERVICE,      0 },
-{"support_desmd5",     14,     KRB5_KDB_SUPPORT_DESMD5,        0 },
-{"ok_as_delegate",     14,     KRB5_KDB_OK_AS_DELEGATE,        0 },
-{"ok_to_auth_as_delegate", 22, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0 },
-{"no_auth_data_required", 21,  KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0},
+{"allow_postdated",     15,     KRB5_KDB_DISALLOW_POSTDATED,    1 },
+{"allow_forwardable",   17,     KRB5_KDB_DISALLOW_FORWARDABLE,  1 },
+{"allow_tgs_req",       13,     KRB5_KDB_DISALLOW_TGT_BASED,    1 },
+{"allow_renewable",     15,     KRB5_KDB_DISALLOW_RENEWABLE,    1 },
+{"allow_proxiable",     15,     KRB5_KDB_DISALLOW_PROXIABLE,    1 },
+{"allow_dup_skey",      14,     KRB5_KDB_DISALLOW_DUP_SKEY,     1 },
+{"allow_tix",            9,     KRB5_KDB_DISALLOW_ALL_TIX,      1 },
+{"requires_preauth",    16,     KRB5_KDB_REQUIRES_PRE_AUTH,     0 },
+{"requires_hwauth",     15,     KRB5_KDB_REQUIRES_HW_AUTH,      0 },
+{"needchange",          10,     KRB5_KDB_REQUIRES_PWCHANGE,     0 },
+{"allow_svr",            9,     KRB5_KDB_DISALLOW_SVR,          1 },
+{"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE,    0 },
+{"support_desmd5",      14,     KRB5_KDB_SUPPORT_DESMD5,        0 },
+{"ok_as_delegate",      14,     KRB5_KDB_OK_AS_DELEGATE,        0 },
+{"ok_to_auth_as_delegate", 22,  KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0 },
+{"no_auth_data_required", 21,   KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0 },
 };
 
 static char *prflags[] = {
-    "DISALLOW_POSTDATED",      /* 0x00000001 */
-    "DISALLOW_FORWARDABLE",    /* 0x00000002 */
-    "DISALLOW_TGT_BASED",      /* 0x00000004 */
-    "DISALLOW_RENEWABLE",      /* 0x00000008 */
-    "DISALLOW_PROXIABLE",      /* 0x00000010 */
-    "DISALLOW_DUP_SKEY",       /* 0x00000020 */
-    "DISALLOW_ALL_TIX",                /* 0x00000040 */
-    "REQUIRES_PRE_AUTH",       /* 0x00000080 */
-    "REQUIRES_HW_AUTH",                /* 0x00000100 */
-    "REQUIRES_PWCHANGE",       /* 0x00000200 */
-    "UNKNOWN_0x00000400",      /* 0x00000400 */
-    "UNKNOWN_0x00000800",      /* 0x00000800 */
-    "DISALLOW_SVR",            /* 0x00001000 */
-    "PWCHANGE_SERVICE",                /* 0x00002000 */
-    "SUPPORT_DESMD5",          /* 0x00004000 */
-    "NEW_PRINC",               /* 0x00008000 */
-    "UNKNOWN_0x00010000",      /* 0x00010000 */
-    "UNKNOWN_0x00020000",      /* 0x00020000 */
-    "UNKNOWN_0x00040000",      /* 0x00040000 */
-    "UNKNOWN_0x00080000",      /* 0x00080000 */
-    "OK_AS_DELEGATE",          /* 0x00100000 */
-    "OK_TO_AUTH_AS_DELEGATE",  /* 0x00200000 */
-    "NO_AUTH_DATA_REQUIRED",   /* 0x00400000 */
+    "DISALLOW_POSTDATED",       /* 0x00000001 */
+    "DISALLOW_FORWARDABLE",     /* 0x00000002 */
+    "DISALLOW_TGT_BASED",       /* 0x00000004 */
+    "DISALLOW_RENEWABLE",       /* 0x00000008 */
+    "DISALLOW_PROXIABLE",       /* 0x00000010 */
+    "DISALLOW_DUP_SKEY",        /* 0x00000020 */
+    "DISALLOW_ALL_TIX",         /* 0x00000040 */
+    "REQUIRES_PRE_AUTH",        /* 0x00000080 */
+    "REQUIRES_HW_AUTH",         /* 0x00000100 */
+    "REQUIRES_PWCHANGE",        /* 0x00000200 */
+    "UNKNOWN_0x00000400",       /* 0x00000400 */
+    "UNKNOWN_0x00000800",       /* 0x00000800 */
+    "DISALLOW_SVR",             /* 0x00001000 */
+    "PWCHANGE_SERVICE",         /* 0x00002000 */
+    "SUPPORT_DESMD5",           /* 0x00004000 */
+    "NEW_PRINC",                /* 0x00008000 */
+    "UNKNOWN_0x00010000",       /* 0x00010000 */
+    "UNKNOWN_0x00020000",       /* 0x00020000 */
+    "UNKNOWN_0x00040000",       /* 0x00040000 */
+    "UNKNOWN_0x00080000",       /* 0x00080000 */
+    "OK_AS_DELEGATE",           /* 0x00100000 */
+    "OK_TO_AUTH_AS_DELEGATE",   /* 0x00200000 */
+    "NO_AUTH_DATA_REQUIRED",    /* 0x00400000 */
 };
 
-char *getenv();
 int exit_status = 0;
 char *def_realm = NULL;
 char *whoami = NULL;
@@ -114,29 +114,30 @@ char *ccache_name = NULL;
 
 int locked = 0;
 
-static void usage()
+static void
+usage()
 {
     fprintf(stderr,
-           "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
-           "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n"
-           "\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n"
-           "where,\n\t[-x db_args]* - any number of database specific arguments.\n"
-           "\t\t\tLook at each database documentation for supported arguments\n",
-           whoami);
+            "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
+            "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n"
+            "\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n"
+            "where,\n\t[-x db_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n",
+            whoami);
     exit(1);
 }
 
-static char *strdur(duration)
-    time_t duration;
+static char *
+strdur(time_t duration)
 {
     static char out[50];
     int neg, days, hours, minutes, seconds;
 
     if (duration < 0) {
-       duration *= -1;
-       neg = 1;
+        duration *= -1;
+        neg = 1;
     } else
-       neg = 0;
+        neg = 0;
     days = duration / (24 * 3600);
     duration %= 24 * 3600;
     hours = duration / 3600;
@@ -145,13 +146,13 @@ static char *strdur(duration)
     duration %= 60;
     seconds = duration;
     snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
-            days, days == 1 ? "day" : "days",
-            hours, minutes, seconds);
+             days, days == 1 ? "day" : "days",
+             hours, minutes, seconds);
     return out;
 }
 
-static char *strdate(when)
-    krb5_timestamp when;
+static char *
+strdate(krb5_timestamp when)
 {
     struct tm *tm;
     static char out[40];
@@ -165,9 +166,7 @@ static char *strdate(when)
 /* this is a wrapper to go around krb5_parse_principal so we can set
    the default realm up properly */
 static krb5_error_code
-kadmin_parse_name(name, principal)
-    char *name;
-    krb5_principal *principal;
+kadmin_parse_name(char *name, krb5_principal *principal)
 {
     char *cp, *fullname;
     krb5_error_code retval;
@@ -176,63 +175,64 @@ kadmin_parse_name(name, principal)
     /* assumes def_realm is initialized! */
     cp = strchr(name, '@');
     while (cp) {
-       if (cp - name && *(cp - 1) != '\\')
-           break;
-       else
-           cp = strchr(cp + 1, '@');
+        if (cp - name && *(cp - 1) != '\\')
+            break;
+        else
+            cp = strchr(cp + 1, '@');
     }
     if (cp == NULL)
-       result = asprintf(&fullname, "%s@%s", name, def_realm);
+        result = asprintf(&fullname, "%s@%s", name, def_realm);
     else
-       result = asprintf(&fullname, "%s", name);
+        result = asprintf(&fullname, "%s", name);
     if (result < 0)
-       return ENOMEM;
+        return ENOMEM;
     retval = krb5_parse_name(context, fullname, principal);
     free(fullname);
     return retval;
 }
 
-static void extended_com_err_fn (const char *myprog, errcode_t code,
-                                const char *fmt, va_list args)
+static void
+extended_com_err_fn(const char *myprog, errcode_t code,
+                    const char *fmt, va_list args)
 {
+    const char *emsg;
+
     if (code) {
-       const char *emsg;
-       emsg = krb5_get_error_message (context, code);
-       fprintf (stderr, "%s: %s ", myprog, emsg);
-       krb5_free_error_message (context, emsg);
+        emsg = krb5_get_error_message(context, code);
+        fprintf(stderr, "%s: %s ", myprog, emsg);
+        krb5_free_error_message(context, emsg);
     } else {
-       fprintf (stderr, "%s: ", myprog);
+        fprintf(stderr, "%s: ", myprog);
     }
-    vfprintf (stderr, fmt, args);
-    fprintf (stderr, "\n");
+    vfprintf(stderr, fmt, args);
+    fprintf(stderr, "\n");
 }
 
 /* Create a principal using the oldest appropriate kadm5 API. */
 static krb5_error_code
 create_princ(kadm5_principal_ent_rec *princ, long mask, int n_ks,
-            krb5_key_salt_tuple *ks, char *pass)
+             krb5_key_salt_tuple *ks, char *pass)
 {
     if (ks)
-       return kadm5_create_principal_3(handle, princ, mask, n_ks, ks, pass);
+        return kadm5_create_principal_3(handle, princ, mask, n_ks, ks, pass);
     else
-       return kadm5_create_principal(handle, princ, mask, pass);
+        return kadm5_create_principal(handle, princ, mask, pass);
 }
 
 /* Randomize a principal's password using the oldest appropriate kadm5 API. */
 static krb5_error_code
 randkey_princ(krb5_principal princ, krb5_boolean keepold, int n_ks,
-             krb5_key_salt_tuple *ks)
+              krb5_key_salt_tuple *ks)
 {
     if (keepold || ks) {
-       return kadm5_randkey_principal_3(handle, princ, keepold, n_ks, ks,
-                                        NULL, NULL);
+        return kadm5_randkey_principal_3(handle, princ, keepold, n_ks, ks,
+                                         NULL, NULL);
     } else
-       return kadm5_randkey_principal(handle, princ, NULL, NULL);
+        return kadm5_randkey_principal(handle, princ, NULL, NULL);
 }
 
-char *kadmin_startup(argc, argv)
-    int argc;
-    char *argv[];
+char *
+kadmin_startup(int argc, char *argv[])
 {
     extern char *optarg;
     char *princstr = NULL, *keytab_name = NULL, *query = NULL;
@@ -247,155 +247,141 @@ char *kadmin_startup(argc, argv)
     char **db_args = NULL;
     int db_args_size = 0;
     char *db_name = NULL;
-    char *svcname;
+    char *svcname, *realm;
 
     memset(&params, 0, sizeof(params));
 
 #if defined(USE_KIM)
     /* Turn off all password prompting from the KLL */
-    retval = kim_library_set_allow_automatic_prompting (0);
+    retval = kim_library_set_allow_automatic_prompting(0);
     if (retval) {
-       com_err(whoami, retval, 
+        com_err(whoami, retval,
                 "while calling kim_library_set_allow_automatic_prompting()");
-       exit(1);
+        exit(1);
     }
 #endif
 
-    if (strcmp (whoami, "kadmin.local") == 0)
-       set_com_err_hook(extended_com_err_fn);
+    if (strcmp(whoami, "kadmin.local") == 0)
+        set_com_err_hook(extended_com_err_fn);
 
     retval = kadm5_init_krb5_context(&context);
     if (retval) {
-       com_err(whoami, retval, "while initializing krb5 library");
-       exit(1);
+        com_err(whoami, retval, "while initializing krb5 library");
+        exit(1);
     }
 
     while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) {
-       switch (optchar) {
-       case 'x':
-           db_args_size++;
-           {
-               char **temp = realloc(db_args, sizeof(char*) * (db_args_size+1));
-               if (temp == NULL) {
-                   fprintf(stderr,"%s: Cannot initialize. Not enough memory\n",
-                           argv[0]);
-                   exit(1);
-               }
-
-               db_args = temp;
-           }
-           db_args[db_args_size-1] = optarg;
-           db_args[db_args_size]   = NULL;
-           break;
-
-       case 'r':
-           def_realm = optarg;
-           break;
-       case 'p':
-           princstr = optarg;
-           break;
-       case 'c':
-           ccache_name = optarg;
-           break;
-       case 'k':
-           use_keytab++;
-           break;
-       case 't':
-           keytab_name = optarg;
-           break;
-       case 'w':
-           password = optarg;
-           break;
-       case 'q':
-           query = optarg;
-           break;
-       case 'd':
-           /* now db_name is not a seperate argument. It has to be passed as part of the db_args */
-           if (db_name)
-               free(db_name);
-           asprintf(&db_name, "dbname=%s", optarg);
-
-           db_args_size++;
-           {
-               char **temp = realloc(db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
-               if (temp == NULL) {
-                   fprintf(stderr,
-                           "%s: Cannot initialize. Not enough memory\n",
-                           argv[0]);
-                   exit(1);
-               }
-
-               db_args = temp;
-           }
-           db_args[db_args_size-1] = db_name;
-           db_args[db_args_size]   = NULL;
-           break;
-       case 's':
-           params.admin_server = optarg;
-           params.mask |= KADM5_CONFIG_ADMIN_SERVER;
-           break;
-       case 'm':
-           params.mkey_from_kbd = 1;
-           params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
-           break;
-       case 'e':
-           retval = krb5_string_to_keysalts(optarg,
-                                            ", \t",
-                                            ":.-",
-                                            0,
-                                            &params.keysalts,
-                                            &params.num_keysalts);
-           if (retval) {
-               com_err(whoami, retval, "while parsing keysalts %s", optarg);
-               exit(1);
-           }
-           params.mask |= KADM5_CONFIG_ENCTYPES;
-           break;
-       case 'O':
-           params.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
-           break;
-       case 'N':
-           params.mask |= KADM5_CONFIG_AUTH_NOFALLBACK;
-           break;
-       default:
-           usage();
-       }
+        switch (optchar) {
+        case 'x':
+            db_args_size++;
+            db_args = realloc(db_args, sizeof(char*) * (db_args_size + 1));
+            if (db_args == NULL) {
+                fprintf(stderr, "%s: Cannot initialize. Not enough memory\n",
+                        argv[0]);
+                exit(1);
+            }
+            db_args[db_args_size - 1] = optarg;
+            db_args[db_args_size] = NULL;
+            break;
+
+        case 'r':
+            def_realm = optarg;
+            break;
+        case 'p':
+            princstr = optarg;
+            break;
+        case 'c':
+            ccache_name = optarg;
+            break;
+        case 'k':
+            use_keytab++;
+            break;
+        case 't':
+            keytab_name = optarg;
+            break;
+        case 'w':
+            password = optarg;
+            break;
+        case 'q':
+            query = optarg;
+            break;
+        case 'd':
+            /* db_name has to be passed as part of the db_args. */
+            free(db_name);
+            asprintf(&db_name, "dbname=%s", optarg);
+
+            db_args_size++;
+            db_args = realloc(db_args, sizeof(char*) * (db_args_size + 1));
+            if (db_args == NULL) {
+                fprintf(stderr, "%s: Cannot initialize. Not enough memory\n",
+                        argv[0]);
+                exit(1);
+            }
+            db_args[db_args_size - 1] = db_name;
+            db_args[db_args_size] = NULL;
+            break;
+        case 's':
+            params.admin_server = optarg;
+            params.mask |= KADM5_CONFIG_ADMIN_SERVER;
+            break;
+        case 'm':
+            params.mkey_from_kbd = 1;
+            params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+            break;
+        case 'e':
+            retval = krb5_string_to_keysalts(optarg, ", \t", ":.-", 0,
+                                             &params.keysalts,
+                                             &params.num_keysalts);
+            if (retval) {
+                com_err(whoami, retval, "while parsing keysalts %s", optarg);
+                exit(1);
+            }
+            params.mask |= KADM5_CONFIG_ENCTYPES;
+            break;
+        case 'O':
+            params.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
+            break;
+        case 'N':
+            params.mask |= KADM5_CONFIG_AUTH_NOFALLBACK;
+            break;
+        default:
+            usage();
+        }
     }
     if ((ccache_name && use_keytab) ||
-       (keytab_name && !use_keytab))
-       usage();
+        (keytab_name && !use_keytab))
+        usage();
 
     if (def_realm == NULL && krb5_get_default_realm(context, &def_realm)) {
-       if (freeprinc)
-           free(princstr);
-       fprintf(stderr, "%s: unable to get default realm\n", whoami);
-       exit(1);
+        fprintf(stderr, "%s: unable to get default realm\n", whoami);
+        exit(1);
     }
 
     params.mask |= KADM5_CONFIG_REALM;
     params.realm = def_realm;
 
     if (params.mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)
-       svcname = KADM5_ADMIN_SERVICE;
+        svcname = KADM5_ADMIN_SERVICE;
     else
-       svcname = NULL;
+        svcname = NULL;
 
     /*
      * Set cc to an open credentials cache, either specified by the -c
      * argument or the default.
      */
     if (ccache_name == NULL) {
-       if ((retval = krb5_cc_default(context, &cc))) {
-           com_err(whoami, retval,
-                   "while opening default credentials cache");
-           exit(1);
-       }
+        retval = krb5_cc_default(context, &cc);
+        if (retval) {
+            com_err(whoami, retval, "while opening default credentials cache");
+            exit(1);
+        }
     } else {
-       if ((retval = krb5_cc_resolve(context, ccache_name, &cc))) {
-           com_err(whoami, retval,
-                   "while opening credentials cache %s", ccache_name);
-           exit(1);
-       }
+        retval = krb5_cc_resolve(context, ccache_name, &cc);
+        if (retval) {
+            com_err(whoami, retval, "while opening credentials cache %s",
+                    ccache_name);
+            exit(1);
+        }
     }
 
     /*
@@ -410,93 +396,85 @@ char *kadmin_startup(argc, argv)
      */
 
     if (princstr == NULL) {
-       if (ccache_name != NULL &&
-           !krb5_cc_get_principal(context, cc, &princ)) {
-           if ((retval = krb5_unparse_name(context, princ, &princstr))) {
-               com_err(whoami, retval,
-                       "while canonicalizing principal name");
-               krb5_free_principal(context, princ);
-               exit(1);
-           }
-           krb5_free_principal(context, princ);
-           freeprinc++;
-       } else if (use_keytab != 0) {
-           if ((retval = krb5_sname_to_principal(context, NULL,
-                                                 "host",
-                                                 KRB5_NT_SRV_HST,
-                                                 &princ))) {
-               com_err(whoami, retval,
-                       "creating host service principal");
-               exit(1);
-           }
-           if ((retval = krb5_unparse_name(context, princ, &princstr))) {
-               com_err(whoami, retval,
-                       "while canonicalizing principal name");
-               krb5_free_principal(context, princ);
-               exit(1);
-           }
-           krb5_free_principal(context, princ);
-           freeprinc++;
-       } else if (!krb5_cc_get_principal(context, cc, &princ)) {
-           char *realm = NULL;
-           if (krb5_unparse_name(context, princ, &canon)) {
-               fprintf(stderr,
-                       "%s: unable to canonicalize principal\n", whoami);
-               krb5_free_principal(context, princ);
-               exit(1);
-           }
-           /* strip out realm of principal if it's there */
-           realm = strchr(canon, '@');
-           while (realm) {
-               if (realm - canon && *(realm - 1) != '\\')
-                   break;
-               else
-                   realm = strchr(realm+1, '@');
-           }
-           if (realm)
-               *realm++ = '\0';
-           cp = strchr(canon, '/');
-           while (cp) {
-               if (cp - canon && *(cp - 1) != '\\')
-                   break;
-               else
-                   cp = strchr(cp+1, '/');
-           }
-           if (cp != NULL)
-               *cp = '\0';
-           if (asprintf(&princstr, "%s/admin%s%s", canon,
-                        (realm) ? "@" : "",
-                        (realm) ? realm : "") < 0) {
-               fprintf(stderr, "%s: out of memory\n", whoami);
-               exit(1);
-           }
-           free(canon);
-           krb5_free_principal(context, princ);
-           freeprinc++;
-       } else if ((luser = getenv("USER"))) {
-           if (asprintf(&princstr, "%s/admin@%s", luser, def_realm) < 0) {
-               fprintf(stderr, "%s: out of memory\n", whoami);
-               exit(1);
-           }
-           freeprinc++;
-       } else if ((pw = getpwuid(getuid()))) {
-           if (asprintf(&princstr, "%s/admin@%s", pw->pw_name,
-                        def_realm) < 0) {
-               fprintf(stderr, "%s: out of memory\n", whoami);
-               exit(1);
-           }
-           freeprinc++;
-       } else {
-           fprintf(stderr, "%s: unable to figure out a principal name\n",
-                   whoami);
-           exit(1);
-       }
+        if (ccache_name != NULL &&
+            !krb5_cc_get_principal(context, cc, &princ)) {
+            retval = krb5_unparse_name(context, princ, &princstr);
+            if (retval) {
+                com_err(whoami, retval, "while canonicalizing principal name");
+                exit(1);
+            }
+            krb5_free_principal(context, princ);
+            freeprinc++;
+        } else if (use_keytab != 0) {
+            retval = krb5_sname_to_principal(context, NULL, "host",
+                                             KRB5_NT_SRV_HST, &princ);
+            if (retval) {
+                com_err(whoami, retval, "creating host service principal");
+                exit(1);
+            }
+            retval = krb5_unparse_name(context, princ, &princstr);
+            if (retval) {
+                com_err(whoami, retval, "while canonicalizing principal name");
+                exit(1);
+            }
+            krb5_free_principal(context, princ);
+            freeprinc++;
+        } else if (!krb5_cc_get_principal(context, cc, &princ)) {
+            if (krb5_unparse_name(context, princ, &canon)) {
+                fprintf(stderr, "%s: unable to canonicalize principal\n",
+                        whoami);
+                exit(1);
+            }
+            /* Strip out realm of principal if it's there. */
+            realm = strchr(canon, '@');
+            while (realm) {
+                if (realm > canon && *(realm - 1) != '\\')
+                    break;
+                realm = strchr(realm + 1, '@');
+            }
+            if (realm)
+                *realm++ = '\0';
+            cp = strchr(canon, '/');
+            while (cp) {
+                if (cp > canon && *(cp - 1) != '\\')
+                    break;
+                cp = strchr(cp + 1, '/');
+            }
+            if (cp != NULL)
+                *cp = '\0';
+            if (asprintf(&princstr, "%s/admin%s%s", canon,
+                         (realm) ? "@" : "",
+                         (realm) ? realm : "") < 0) {
+                fprintf(stderr, "%s: out of memory\n", whoami);
+                exit(1);
+            }
+            free(canon);
+            krb5_free_principal(context, princ);
+            freeprinc++;
+        } else if ((luser = getenv("USER"))) {
+            if (asprintf(&princstr, "%s/admin@%s", luser, def_realm) < 0) {
+                fprintf(stderr, "%s: out of memory\n", whoami);
+                exit(1);
+            }
+            freeprinc++;
+        } else if ((pw = getpwuid(getuid()))) {
+            if (asprintf(&princstr, "%s/admin@%s", pw->pw_name,
+                         def_realm) < 0) {
+                fprintf(stderr, "%s: out of memory\n", whoami);
+                exit(1);
+            }
+            freeprinc++;
+        } else {
+            fprintf(stderr, "%s: unable to figure out a principal name\n",
+                    whoami);
+            exit(1);
+        }
     }
 
     retval = krb5_klog_init(context, "admin_server", whoami, 0);
     if (retval) {
-       com_err(whoami, retval, "while setting up logging");
-       exit(1);
+        com_err(whoami, retval, "while setting up logging");
+        exit(1);
     }
 
     /*
@@ -504,97 +482,83 @@ char *kadmin_startup(argc, argv)
      * use it.  Otherwise, use/prompt for the password.
      */
     if (ccache_name) {
-       printf("Authenticating as principal %s with existing credentials.\n",
-              princstr);
-       retval = kadm5_init_with_creds(context, princstr, cc,
-                                      svcname,
-                                      &params,
-                                      KADM5_STRUCT_VERSION,
-                                      KADM5_API_VERSION_2,
-                                      db_args,
-                                      &handle);
+        printf("Authenticating as principal %s with existing credentials.\n",
+               princstr);
+        retval = kadm5_init_with_creds(context, princstr, cc, svcname, &params,
+                                       KADM5_STRUCT_VERSION,
+                                       KADM5_API_VERSION_2, db_args, &handle);
     } else if (use_keytab) {
-       if (keytab_name)
-           printf("Authenticating as principal %s with keytab %s.\n",
-                  princstr, keytab_name);
-       else
-           printf("Authenticating as principal %s with default keytab.\n",
-                  princstr);
-       retval = kadm5_init_with_skey(context, princstr, keytab_name,
-                                     svcname,
-                                     &params,
-                                     KADM5_STRUCT_VERSION,
-                                     KADM5_API_VERSION_2,
-                                     db_args,
-                                     &handle);
+        if (keytab_name)
+            printf("Authenticating as principal %s with keytab %s.\n",
+                   princstr, keytab_name);
+        else
+            printf("Authenticating as principal %s with default keytab.\n",
+                   princstr);
+        retval = kadm5_init_with_skey(context, princstr, keytab_name, svcname,
+                                      &params, KADM5_STRUCT_VERSION,
+                                      KADM5_API_VERSION_2, db_args, &handle);
     } else {
-       printf("Authenticating as principal %s with password.\n",
-              princstr);
-       retval = kadm5_init_with_password(context, princstr, password,
-                                         svcname,
-                                         &params,
-                                         KADM5_STRUCT_VERSION,
-                                         KADM5_API_VERSION_2,
-                                         db_args,
-                                         &handle);
+        printf("Authenticating as principal %s with password.\n",
+               princstr);
+        retval = kadm5_init_with_password(context, princstr, password, svcname,
+                                          &params, KADM5_STRUCT_VERSION,
+                                          KADM5_API_VERSION_2, db_args,
+                                          &handle);
     }
     if (retval) {
-       com_err(whoami, retval, "while initializing %s interface", whoami);
-       if (retval == KADM5_BAD_CLIENT_PARAMS ||
-           retval == KADM5_BAD_SERVER_PARAMS)
-           usage();
-       exit(1);
+        com_err(whoami, retval, "while initializing %s interface", whoami);
+        if (retval == KADM5_BAD_CLIENT_PARAMS ||
+            retval == KADM5_BAD_SERVER_PARAMS)
+            usage();
+        exit(1);
     }
     if (freeprinc)
-       free(princstr);
-
-    if (db_name)
-       free(db_name), db_name=NULL;
+        free(princstr);
 
-    if (db_args)
-       free(db_args), db_args=NULL;
+    free(db_name);
+    free(db_args);
 
-    if ((retval = krb5_cc_close(context, cc))) {
-       com_err(whoami, retval, "while closing ccache %s",
-               ccache_name);
-       exit(1);
+    retval = krb5_cc_close(context, cc);
+    if (retval) {
+        com_err(whoami, retval, "while closing ccache %s", ccache_name);
+        exit(1);
     }
 
     /* register the WRFILE keytab type and set it as the default */
     {
 #define DEFAULT_KEYTAB "WRFILE:/etc/krb5.keytab"
-       /* XXX krb5_defkeyname is an internal library global and
-          should go away */
-       extern char *krb5_defkeyname;
-       krb5_defkeyname = DEFAULT_KEYTAB;
+        /* XXX krb5_defkeyname is an internal library global and
+           should go away */
+        extern char *krb5_defkeyname;
+        krb5_defkeyname = DEFAULT_KEYTAB;
     }
 
-    if ((retval = kadm5_init_iprop(handle, 0)) != 0) {
-       com_err(whoami, retval, _("while mapping update log"));
-       exit(1);
+    retval = kadm5_init_iprop(handle, 0);
+    if (retval) {
+        com_err(whoami, retval, _("while mapping update log"));
+        exit(1);
     }
 
     return query;
 }
 
-int quit()
+int
+quit()
 {
     kadm5_ret_t retval;
 
     if (locked) {
-       retval = kadm5_unlock(handle);
-       if (retval) {
-           com_err("quit", retval, "while unlocking locked database");
-           return 1;
-       }
-       locked = 0;
+        retval = kadm5_unlock(handle);
+        if (retval) {
+            com_err("quit", retval, "while unlocking locked database");
+            return 1;
+        }
+        locked = 0;
     }
 
     kadm5_destroy(handle);
-    if (ccache_name != NULL) {
-       fprintf(stderr,
-               "\n\a\a\aAdministration credentials NOT DESTROYED.\n");
-    }
+    if (ccache_name != NULL)
+        fprintf(stderr, "\n\a\a\aAdministration credentials NOT DESTROYED.\n");
 
     /* insert more random cleanup here */
     krb5_klog_close(context);
@@ -602,321 +566,259 @@ int quit()
     return 0;
 }
 
-void kadmin_lock(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_lock(int argc, char *argv[])
 {
     kadm5_ret_t retval;
 
     if (locked)
-       return;
+        return;
     retval = kadm5_lock(handle);
     if (retval) {
-       com_err("lock", retval, "");
-       return;
+        com_err("lock", retval, "");
+        return;
     }
     locked = 1;
 }
 
-void kadmin_unlock(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_unlock(int argc, char *argv[])
 {
     kadm5_ret_t retval;
 
     if (!locked)
-       return;
+        return;
     retval = kadm5_unlock(handle);
     if (retval) {
-       com_err("unlock", retval, "");
-       return;
+        com_err("unlock", retval, "");
+        return;
     }
     locked = 0;
 }
 
-void kadmin_delprinc(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_delprinc(int argc, char *argv[])
 {
     kadm5_ret_t retval;
-    krb5_principal princ;
-    char *canon;
+    krb5_principal princ = NULL;
+    char *canon = NULL;
     char reply[5];
 
     if (! (argc == 2 ||
-          (argc == 3 && !strcmp("-force", argv[1])))) {
-       fprintf(stderr, "usage: delete_principal [-force] principal\n");
-       return;
+           (argc == 3 && !strcmp("-force", argv[1])))) {
+        fprintf(stderr, "usage: delete_principal [-force] principal\n");
+        return;
     }
     retval = kadmin_parse_name(argv[argc - 1], &princ);
     if (retval) {
-       com_err("delete_principal", retval, "while parsing principal name");
-       return;
+        com_err("delete_principal", retval, "while parsing principal name");
+        return;
     }
     retval = krb5_unparse_name(context, princ, &canon);
     if (retval) {
-       com_err("delete_principal", retval,
-               "while canonicalizing principal");
-       krb5_free_principal(context, princ);
-       return;
+        com_err("delete_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     if (argc == 2) {
-       printf("Are you sure you want to delete the principal \"%s\"? (yes/no): ", canon);
-       fgets(reply, sizeof (reply), stdin);
-       if (strcmp("yes\n", reply)) {
-           fprintf(stderr, "Principal \"%s\" not deleted\n", canon);
-           free(canon);
-           krb5_free_principal(context, princ);
-           return;
-       }
+        printf("Are you sure you want to delete the principal \"%s\"? "
+               "(yes/no): ", canon);
+        fgets(reply, sizeof (reply), stdin);
+        if (strcmp("yes\n", reply)) {
+            fprintf(stderr, "Principal \"%s\" not deleted\n", canon);
+            goto cleanup;
+        }
     }
     retval = kadm5_delete_principal(handle, princ);
-    krb5_free_principal(context, princ);
     if (retval) {
-       com_err("delete_principal", retval,
-               "while deleting principal \"%s\"", canon);
-       free(canon);
-       return;
+        com_err("delete_principal", retval,
+                "while deleting principal \"%s\"", canon);
+        goto cleanup;
     }
-    printf("Principal \"%s\" deleted.\nMake sure that you have removed this principal from all ACLs before reusing.\n", canon);
+    printf("Principal \"%s\" deleted.\nMake sure that you have removed this "
+           "principal from all ACLs before reusing.\n", canon);
+
+cleanup:
+    krb5_free_principal(context, princ);
     free(canon);
-    return;
 }
 
-void kadmin_cpw(argc, argv)
-    int argc;
-    char *argv[];
+static void
+cpw_usage(const char *str)
+{
+    if (str)
+        fprintf(stderr, "%s\n", str);
+    fprintf(stderr, "usage: change_password [-randkey] [-keepold] "
+            "[-e keysaltlist] [-pw password] principal\n");
+}
+
+void
+kadmin_cpw(int argc, char *argv[])
 {
     kadm5_ret_t retval;
     static char newpw[1024];
     static char prompt1[1024], prompt2[1024];
-    char *canon;
-    char *pwarg = NULL;
+    char *canon = NULL, *pwarg = NULL;
     int n_ks_tuple = 0, randkey = 0;
     krb5_boolean keepold = FALSE;
     krb5_key_salt_tuple *ks_tuple = NULL;
-    krb5_principal princ;
+    krb5_principal princ = NULL;
     char **db_args = NULL;
     int db_args_size = 0;
 
-
     if (argc < 2) {
-       goto usage;
+        cpw_usage(NULL);
+        return;
     }
     for (argv++, argc--; argc > 1; argc--, argv++) {
-       if (!strcmp("-x", *argv)) {
-           argc--;
-           if (argc < 1) {
-               fprintf(stderr, "change_password: missing db argument\n");
-               goto usage;
-           }
-           db_args_size++;
-           {
-               char **temp = realloc(db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
-               if (temp == NULL) {
-                   fprintf(stderr,"change_password: Not enough memory\n");
-                   free(db_args), db_args = NULL;
-                   exit(1);
-               }
-
-               db_args = temp;
-           }
-           db_args[db_args_size-1] = *++argv;
-           db_args[db_args_size]   = NULL;
-           continue;
-       }
-       if (!strcmp("-pw", *argv)) {
-           argc--;
-           if (argc < 1) {
-               fprintf(stderr, "change_password: missing password arg\n");
-               goto usage;
-           }
-           pwarg = *++argv;
-           continue;
-       }
-       if (!strcmp("-randkey", *argv)) {
-           randkey++;
-           continue;
-       }
-       if (!strcmp("-keepold", *argv)) {
-           keepold = TRUE;
-           continue;
-       }
-       if (!strcmp("-e", *argv)) {
-           argc--;
-           if (argc < 1) {
-               fprintf(stderr,
-                       "change_password: missing keysaltlist arg\n");
-               goto usage;
-           }
-           retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
-                                            &ks_tuple, &n_ks_tuple);
-           if (retval) {
-               com_err("change_password", retval,
-                       "while parsing keysalts %s", *argv);
-               return;
-           }
-           continue;
-       }
-       goto usage;
+        if (!strcmp("-x", *argv)) {
+            argc--;
+            if (argc < 1) {
+                cpw_usage("change_password: missing db argument");
+                goto cleanup;
+            }
+            db_args_size++;
+            db_args = realloc(db_args, sizeof(char*) * (db_args_size + 1));
+            if (db_args == NULL) {
+                fprintf(stderr, "change_password: Not enough memory\n");
+                exit(1);
+            }
+            db_args[db_args_size - 1] = *++argv;
+            db_args[db_args_size] = NULL;
+        } else if (!strcmp("-pw", *argv)) {
+            argc--;
+            if (argc < 1) {
+                cpw_usage("change_password: missing password arg");
+                goto cleanup;
+            }
+            pwarg = *++argv;
+        } else if (!strcmp("-randkey", *argv)) {
+            randkey++;
+        } else if (!strcmp("-keepold", *argv)) {
+            keepold = TRUE;
+        } else if (!strcmp("-e", *argv)) {
+            argc--;
+            if (argc < 1) {
+                cpw_usage("change_password: missing keysaltlist arg");
+                goto cleanup;
+            }
+            retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
+                                             &ks_tuple, &n_ks_tuple);
+            if (retval) {
+                com_err("change_password", retval,
+                        "while parsing keysalts %s", *argv);
+                goto cleanup;
+            }
+        } else {
+            cpw_usage(NULL);
+            goto cleanup;
+        }
     }
     if (*argv == NULL) {
-       com_err("change_password", 0, "missing principal name");
-       goto usage;
+        com_err("change_password", 0, "missing principal name");
+        cpw_usage(NULL);
+        goto cleanup;
     }
     retval = kadmin_parse_name(*argv, &princ);
     if (retval) {
-       com_err("change_password", retval, "while parsing principal name");
-       if (ks_tuple != NULL)
-           free(ks_tuple);
-       if (db_args) free(db_args);
-       return;
+        com_err("change_password", retval, "while parsing principal name");
+        goto cleanup;
     }
     retval = krb5_unparse_name(context, princ, &canon);
     if (retval) {
-       com_err("change_password", retval, "while canonicalizing principal");
-       krb5_free_principal(context, princ);
-       if (ks_tuple != NULL)
-           free(ks_tuple);
-       if (db_args) free(db_args);
-       return;
+        com_err("change_password", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     if (pwarg != NULL) {
-       if (keepold || ks_tuple != NULL) {
-           retval = kadm5_chpass_principal_3(handle, princ, keepold,
-                                             n_ks_tuple, ks_tuple, pwarg);
-           if (ks_tuple != NULL)
-               free(ks_tuple);
-       } else {
-           retval = kadm5_chpass_principal(handle, princ, pwarg);
-       }
-       krb5_free_principal(context, princ);
-       if (retval) {
-           com_err("change_password", retval,
-                   "while changing password for \"%s\".", canon);
-           free(canon);
-           if (db_args) free(db_args);
-           return;
-       }
-       printf("Password for \"%s\" changed.\n", canon);
-       free(canon);
-       if (db_args) free(db_args);
-       return;
+        if (keepold || ks_tuple != NULL) {
+            retval = kadm5_chpass_principal_3(handle, princ, keepold,
+                                              n_ks_tuple, ks_tuple, pwarg);
+        } else {
+            retval = kadm5_chpass_principal(handle, princ, pwarg);
+        }
+        if (retval) {
+            com_err("change_password", retval,
+                    "while changing password for \"%s\".", canon);
+            goto cleanup;
+        }
+        printf("Password for \"%s\" changed.\n", canon);
     } else if (randkey) {
-       retval = randkey_princ(princ, keepold, n_ks_tuple, ks_tuple);
-       if (ks_tuple != NULL)
-           free(ks_tuple);
-       krb5_free_principal(context, princ);
-       if (retval) {
-           com_err("change_password", retval,
-                   "while randomizing key for \"%s\".", canon);
-           free(canon);
-           if (db_args) free(db_args);
-           return;
-       }
-       printf("Key for \"%s\" randomized.\n", canon);
-       free(canon);
-       if (db_args) free(db_args);
-       return;
-    } else if (argc == 1) {
-       unsigned int i = sizeof (newpw) - 1;
-
-       snprintf(prompt1, sizeof(prompt1),
-                "Enter password for principal \"%.900s\"",
-                *argv);
-       snprintf(prompt2, sizeof(prompt2),
-                "Re-enter password for principal \"%.900s\"",
-                *argv);
-       retval = krb5_read_password(context, prompt1, prompt2,
-                                   newpw, &i);
-       if (retval) {
-           com_err("change_password", retval,
-                   "while reading password for \"%s\".", canon);
-           free(canon);
-           if (ks_tuple != NULL)
-               free(ks_tuple);
-           krb5_free_principal(context, princ);
-           if (db_args) free(db_args);
-           return;
-       }
-       if (keepold || ks_tuple != NULL) {
-           retval = kadm5_chpass_principal_3(handle, princ, keepold,
-                                             n_ks_tuple, ks_tuple,
-                                             newpw);
-           if (ks_tuple != NULL)
-               free(ks_tuple);
-       } else {
-           retval = kadm5_chpass_principal(handle, princ, newpw);
-       }
-       krb5_free_principal(context, princ);
-       memset(newpw, 0, sizeof (newpw));
-       if (retval) {
-           com_err("change_password", retval,
-                   "while changing password for \"%s\".", canon);
-           free(canon);
-           if (db_args) free(db_args);
-           return;
-       }
-       printf("Password for \"%s\" changed.\n", canon);
-       free(canon);
-       if (db_args) free(db_args);
-       return;
+        retval = randkey_princ(princ, keepold, n_ks_tuple, ks_tuple);
+        if (retval) {
+            com_err("change_password", retval,
+                    "while randomizing key for \"%s\".", canon);
+            goto cleanup;
+        }
+        printf("Key for \"%s\" randomized.\n", canon);
     } else {
-       free(canon);
-       krb5_free_principal(context, princ);
-    usage:
-       if (db_args) free(db_args);
-       if (ks_tuple != NULL)
-           free(ks_tuple);
-       fprintf(stderr,
-               "usage: change_password [-randkey] [-keepold] "
-               "[-e keysaltlist] [-pw password] "
-               "principal\n");
-       return;
+        unsigned int i = sizeof (newpw) - 1;
+
+        snprintf(prompt1, sizeof(prompt1),
+                 "Enter password for principal \"%s\"", canon);
+        snprintf(prompt2, sizeof(prompt2),
+                 "Re-enter password for principal \"%s\"", canon);
+        retval = krb5_read_password(context, prompt1, prompt2,
+                                    newpw, &i);
+        if (retval) {
+            com_err("change_password", retval,
+                    "while reading password for \"%s\".", canon);
+            goto cleanup;
+        }
+        if (keepold || ks_tuple != NULL) {
+            retval = kadm5_chpass_principal_3(handle, princ, keepold,
+                                              n_ks_tuple, ks_tuple,
+                                              newpw);
+        } else {
+            retval = kadm5_chpass_principal(handle, princ, newpw);
+        }
+        memset(newpw, 0, sizeof (newpw));
+        if (retval) {
+            com_err("change_password", retval,
+                    "while changing password for \"%s\".", canon);
+            goto cleanup;
+        }
+        printf("Password for \"%s\" changed.\n", canon);
     }
+cleanup:
+    free(canon);
+    free(db_args);
+    krb5_free_principal(context, princ);
+    free(ks_tuple);
 }
 
 static void
 kadmin_free_tl_data(kadm5_principal_ent_t princ)
 {
-    krb5_tl_data *tl_data = princ->tl_data;
-    int n_tl_data         = princ->n_tl_data;
+    krb5_tl_data *tl_data = princ->tl_data, *next;
+    int n_tl_data = princ->n_tl_data;
     int i;
 
     princ->n_tl_data = 0;
-    princ->tl_data   = NULL;
+    princ->tl_data = NULL;
 
     for (i = 0; tl_data && (i < n_tl_data); i++) {
-       krb5_tl_data *next = tl_data->tl_data_next;
-       if (tl_data->tl_data_contents)
-           free(tl_data->tl_data_contents);
-       free(tl_data);
-       tl_data = next;
+        next = tl_data->tl_data_next;
+        free(tl_data->tl_data_contents);
+        free(tl_data);
+        tl_data = next;
     }
 }
 
+/*
+ * Parse addprinc or modprinc arguments.  Some output fields may be
+ * filled in on error.
+ */
 #define KRB5_TL_DB_ARGS 0x7fff
 static int
-kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
-                       ks_tuple, n_ks_tuple, 
+kadmin_parse_princ_args(int argc, char *argv[], kadm5_principal_ent_t oprinc,
+                        long *mask, char **pass, krb5_boolean *randkey,
+                        krb5_key_salt_tuple **ks_tuple, int *n_ks_tuple,
 #if APPLE_PKINIT
-                        cert_hash, 
+                        char **cert_hash,
 #endif /* APPLE_PKINIT */
-                        caller)
-    int argc;
-    char *argv[];
-    kadm5_principal_ent_t oprinc;
-    long *mask;
-    char **pass;
-    krb5_boolean *randkey;
-    krb5_key_salt_tuple **ks_tuple;
-    int *n_ks_tuple;
-#if APPLE_PKINIT
-    char **cert_hash;
-#endif /* APPLE_PKINIT */
-    char *caller;
+                        char *caller)
 {
-    int i, j, attrib_set;
+    int i, attrib_set;
+    size_t j;
     time_t date;
     time_t now;
     krb5_error_code retval;
@@ -932,239 +834,229 @@ kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
     time(&now);
     *randkey = FALSE;
     for (i = 1; i < argc - 1; i++) {
-       attrib_set = 0;
-       if (strlen(argv[i]) == 2 &&
-           !strcmp("-x",argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-
-           tl_data = malloc(sizeof(krb5_tl_data));
-           if (tl_data == NULL) {
-               fprintf(stderr, "Not enough memory\n");
-               return ENOMEM;
-           }
-
-           memset(tl_data, 0, sizeof(krb5_tl_data));
-           tl_data->tl_data_type = KRB5_TL_DB_ARGS;
-           tl_data->tl_data_length  = strlen(argv[i])+1;
-           tl_data->tl_data_contents = strdup(argv[i]);
-
-           if (tail) {
-               tail->tl_data_next = tl_data;
-           } else {
-               oprinc->tl_data = tl_data;
-           }
-           tail = tl_data;
-           oprinc->n_tl_data++;
-
-           if (tl_data->tl_data_contents == NULL) {
-               fprintf(stderr, "Not enough memory\n");
-               return ENOMEM;
-           }
-           *mask |= KADM5_TL_DATA;
-           continue;
-       }
-       if (strlen(argv[i]) == 7 &&
-           !strcmp("-expire", argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               date = get_date(argv[i]);
-               if (date == (time_t)-1) {
-                   fprintf(stderr, "Invalid date specification \"%s\".\n",
-                           argv[i]);
-                   return -1;
-               }
-               oprinc->princ_expire_time = date;
-               *mask |= KADM5_PRINC_EXPIRE_TIME;
-               continue;
-           }
-       }
-       if (strlen(argv[i]) == 9 &&
-           !strcmp("-pwexpire", argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               date = get_date(argv[i]);
-               if (date == (time_t)-1) {
-                   fprintf(stderr, "Invalid date specification \"%s\".\n",
-                           argv[i]);
-                   return -1;
-               }
-               oprinc->pw_expiration = date;
-               *mask |= KADM5_PW_EXPIRATION;
-               continue;
-           }
-       }
-       if (strlen(argv[i]) == 8 &&
-           !strcmp("-maxlife", argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               date = get_date(argv[i]);
-               if (date == (time_t)-1) {
-                   fprintf(stderr, "Invalid date specification \"%s\".\n",
-                           argv[i]);
-                   return -1;
-               }
-               oprinc->max_life = date - now;
-               *mask |= KADM5_MAX_LIFE;
-               continue;
-           }
-       }
-       if (strlen(argv[i]) == 13 &&
-           !strcmp("-maxrenewlife", argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               date = get_date(argv[i]);
-               if (date == (time_t)-1) {
-                   fprintf(stderr, "Invalid date specification \"%s\".\n",
-                           argv[i]);
-                   return -1;
-               }
-               oprinc->max_renewable_life = date - now;
-               *mask |= KADM5_MAX_RLIFE;
-               continue;
-           }
-       }
-       if (strlen(argv[i]) == 5 &&
-           !strcmp("-kvno", argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               oprinc->kvno = atoi(argv[i]);
-               *mask |= KADM5_KVNO;
-               continue;
-           }
-       }
-       if (strlen(argv[i]) == 7 &&
-           !strcmp("-policy", argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               oprinc->policy = argv[i];
-               *mask |= KADM5_POLICY;
-               continue;
-           }
-       }
-       if (strlen(argv[i]) == 12 &&
-           !strcmp("-clearpolicy", argv[i])) {
-           oprinc->policy = NULL;
-           *mask |= KADM5_POLICY_CLR;
-           continue;
-       }
-       if (strlen(argv[i]) == 3 &&
-           !strcmp("-pw", argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               *pass = argv[i];
-               continue;
-           }
-       }
-       if (strlen(argv[i]) == 8 &&
-           !strcmp("-randkey", argv[i])) {
-           *randkey = TRUE;
-           continue;
-       }
+        attrib_set = 0;
+        if (strlen(argv[i]) == 2 && !strcmp("-x",argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+
+            tl_data = malloc(sizeof(krb5_tl_data));
+            if (tl_data == NULL) {
+                fprintf(stderr, "Not enough memory\n");
+                exit(1);
+            }
+
+            memset(tl_data, 0, sizeof(krb5_tl_data));
+            tl_data->tl_data_type = KRB5_TL_DB_ARGS;
+            tl_data->tl_data_length = strlen(argv[i])+1;
+            tl_data->tl_data_contents = (krb5_octet *) strdup(argv[i]);
+
+            if (tail) {
+                tail->tl_data_next = tl_data;
+            } else {
+                oprinc->tl_data = tl_data;
+            }
+            tail = tl_data;
+            oprinc->n_tl_data++;
+
+            if (tl_data->tl_data_contents == NULL) {
+                fprintf(stderr, "Not enough memory\n");
+                exit(1);
+            }
+            *mask |= KADM5_TL_DATA;
+            continue;
+        }
+        if (strlen(argv[i]) == 7 && !strcmp("-expire", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                oprinc->princ_expire_time = date;
+                *mask |= KADM5_PRINC_EXPIRE_TIME;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 9 && !strcmp("-pwexpire", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                oprinc->pw_expiration = date;
+                *mask |= KADM5_PW_EXPIRATION;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 8 && !strcmp("-maxlife", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                oprinc->max_life = date - now;
+                *mask |= KADM5_MAX_LIFE;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 13 && !strcmp("-maxrenewlife", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                oprinc->max_renewable_life = date - now;
+                *mask |= KADM5_MAX_RLIFE;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 5 && !strcmp("-kvno", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                oprinc->kvno = atoi(argv[i]);
+                *mask |= KADM5_KVNO;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 7 && !strcmp("-policy", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                oprinc->policy = argv[i];
+                *mask |= KADM5_POLICY;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 12 && !strcmp("-clearpolicy", argv[i])) {
+            oprinc->policy = NULL;
+            *mask |= KADM5_POLICY_CLR;
+            continue;
+        }
+        if (strlen(argv[i]) == 3 && !strcmp("-pw", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                *pass = argv[i];
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 8 && !strcmp("-randkey", argv[i])) {
+            *randkey = TRUE;
+            continue;
+        }
 #if APPLE_PKINIT
-       if (strlen(argv[i]) == 9 &&
-           !strcmp("-certhash", argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               *cert_hash = argv[i];
-               continue;
-           }
-       }
+        if (strlen(argv[i]) == 9 && !strcmp("-certhash", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                *cert_hash = argv[i];
+                continue;
+            }
+        }
 #endif /* APPLE_PKINIT */
-       if (!strcmp("-e", argv[i])) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               retval = krb5_string_to_keysalts(argv[i], ", \t", ":.-", 0,
-                                                ks_tuple, n_ks_tuple);
-               if (retval) {
-                   com_err(caller, retval,
-                           "while parsing keysalts %s", argv[i]);
-                   return -1;
-               }
-           }
-           continue;
-       }
-       for (j = 0; j < sizeof (flags) / sizeof (struct pflag); j++) {
-           if (strlen(argv[i]) == flags[j].flaglen + 1 &&
-               !strcmp(flags[j].flagname,
-                       &argv[i][1] /* strip off leading + or - */)) {
-               if ((flags[j].set && argv[i][0] == '-') ||
-                   (!flags[j].set && argv[i][0] == '+')) {
-                   oprinc->attributes |= flags[j].theflag;
-                   *mask |= KADM5_ATTRIBUTES;
-                   attrib_set++;
-                   break;
-               } else if ((flags[j].set && argv[i][0] == '+') ||
-                          (!flags[j].set && argv[i][0] == '-')) {
-                   oprinc->attributes &= ~flags[j].theflag;
-                   *mask |= KADM5_ATTRIBUTES;
-                   attrib_set++;
-                   break;
-               } else {
-                   return -1;
-               }
-           }
-       }
-       if (!attrib_set)
-           return -1;          /* nothing was parsed */
-    }
-    if (i != argc - 1) {
-       return -1;
+        if (!strcmp("-e", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                retval = krb5_string_to_keysalts(argv[i], ", \t", ":.-", 0,
+                                                 ks_tuple, n_ks_tuple);
+                if (retval) {
+                    com_err(caller, retval,
+                            "while parsing keysalts %s", argv[i]);
+                    return -1;
+                }
+            }
+            continue;
+        }
+        for (j = 0; j < sizeof(flags) / sizeof(struct pflag); j++) {
+            if (strlen(argv[i]) == flags[j].flaglen + 1 &&
+                !strcmp(flags[j].flagname,
+                        &argv[i][1] /* strip off leading + or - */)) {
+                if ((flags[j].set && argv[i][0] == '-') ||
+                    (!flags[j].set && argv[i][0] == '+')) {
+                    oprinc->attributes |= flags[j].theflag;
+                    *mask |= KADM5_ATTRIBUTES;
+                    attrib_set++;
+                    break;
+                } else if ((flags[j].set && argv[i][0] == '+') ||
+                           (!flags[j].set && argv[i][0] == '-')) {
+                    oprinc->attributes &= ~flags[j].theflag;
+                    *mask |= KADM5_ATTRIBUTES;
+                    attrib_set++;
+                    break;
+                } else {
+                    return -1;
+                }
+            }
+        }
+        if (!attrib_set)
+            return -1;          /* nothing was parsed */
     }
+    if (i != argc - 1)
+        return -1;
     retval = kadmin_parse_name(argv[i], &oprinc->principal);
     if (retval) {
-       com_err(caller, retval, "while parsing principal");
-       return -1;
+        com_err(caller, retval, "while parsing principal");
+        return -1;
     }
     return 0;
 }
 
 static void
-kadmin_addprinc_usage(func)
-    char *func;
+kadmin_addprinc_usage()
 {
-    fprintf(stderr, "usage: %s [options] principal\n", func);
+    fprintf(stderr, "usage: add_principal [options] principal\n");
     fprintf(stderr, "\toptions are:\n");
-    fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy] [-randkey]\n\t\t[-pw password] [-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n"
+    fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] "
+            "[-pwexpire pwexpdate] [-maxlife maxtixlife]\n"
+            "\t\t[-kvno kvno] [-policy policy] [-clearpolicy] [-randkey]\n"
+            "\t\t[-pw password] [-maxrenewlife maxrenewlife]\n"
+            "\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n"
 #if APPLE_PKINIT
             "\t\t[-certhash hash_string]\n"
 #endif /* APPLE_PKINIT */
             );
     fprintf(stderr, "\tattributes are:\n");
     fprintf(stderr, "%s%s%s",
-           "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
-           "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
-           "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
-           "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
-           "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
-           "\t\t\tLook at each database documentation for supported arguments\n");
+            "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
+            "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
+            "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+            "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+            "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n");
 }
 
 static void
-kadmin_modprinc_usage(func)
-    char *func;
+kadmin_modprinc_usage()
 {
-    fprintf(stderr, "usage: %s [options] principal\n", func);
+    fprintf(stderr, "usage: modify_principal [options] principal\n");
     fprintf(stderr, "\toptions are:\n");
     fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n");
     fprintf(stderr, "\tattributes are:\n");
     fprintf(stderr, "%s%s%s",
-           "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
-           "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
-           "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
-           "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
-           "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
-           "\t\t\tLook at each database documentation for supported arguments\n"
-       );
+            "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
+            "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
+            "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+            "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+            "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n"
+        );
 }
 
 /* Create a dummy password for old-style (pre-1.8) randkey creation. */
@@ -1176,21 +1068,20 @@ prepare_dummy_password(char *buf, size_t sz)
     /* Must try to pass any password policy in place, and be valid UTF-8. */
     strlcpy(buf, "6F a[", sz);
     for (i = strlen(buf); i < sz - 1; i++)
-       buf[i] = 'a' + (i % 26);
+        buf[i] = 'a' + (i % 26);
     buf[sz - 1] = '\0';
 }
 
-void kadmin_addprinc(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_addprinc(int argc, char *argv[])
 {
     kadm5_principal_ent_rec princ;
     kadm5_policy_ent_rec defpol;
     long mask;
     krb5_boolean randkey = FALSE, old_style_randkey = FALSE;
     int n_ks_tuple;
-    krb5_key_salt_tuple *ks_tuple;
-    char *pass, *canon;
+    krb5_key_salt_tuple *ks_tuple = NULL;
+    char *pass, *canon = NULL;
     krb5_error_code retval;
     char newpw[1024], dummybuf[256];
     static char prompt1[1024], prompt2[1024];
@@ -1202,35 +1093,28 @@ void kadmin_addprinc(argc, argv)
     memset(&princ, 0, sizeof(princ));
 
     princ.attributes = 0;
-    if (kadmin_parse_princ_args(argc, argv,
-                               &princ, &mask, &pass, &randkey,
-                               &ks_tuple, &n_ks_tuple,
+    if (kadmin_parse_princ_args(argc, argv, &princ, &mask, &pass, &randkey,
+                                &ks_tuple, &n_ks_tuple,
 #if APPLE_PKINIT
                                 &cert_hash,
 #endif /* APPLE_PKINIT */
-                               "add_principal")) {
-       kadmin_addprinc_usage("add_principal");
-       kadmin_free_tl_data(&princ); /* need to free ks_tuple also??? */
-       return;
+                                "add_principal")) {
+        kadmin_addprinc_usage();
+        goto cleanup;
     }
 
 #if APPLE_PKINIT
     if(cert_hash != NULL) {
-       fprintf(stderr,
+        fprintf(stderr,
               "add_principal: -certhash not allowed; use modify_principal\n");
-       return;
+        goto cleanup;
     }
 #endif /* APPLE_PKINIT */
 
     retval = krb5_unparse_name(context, princ.principal, &canon);
     if (retval) {
-       com_err("add_principal",
-               retval, "while canonicalizing principal");
-       krb5_free_principal(context, princ.principal);
-       if (ks_tuple != NULL)
-           free(ks_tuple);
-       kadmin_free_tl_data(&princ);
-       return;
+        com_err("add_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
 
     /*
@@ -1239,124 +1123,98 @@ void kadmin_addprinc(argc, argv)
      * -clearpolicy was specified, then KADM5_POLICY_CLR should be
      * unset, since it is never valid for kadm5_create_principal.
      */
-    if ((! (mask & KADM5_POLICY)) &&
-       (! (mask & KADM5_POLICY_CLR))) {
-       if (! kadm5_get_policy(handle, "default", &defpol)) {
-           fprintf(stderr,
-                   "NOTICE: no policy specified for %s; assigning \"default\"\n",
-                   canon);
-           princ.policy = "default";
-           mask |= KADM5_POLICY;
-           (void) kadm5_free_policy_ent(handle, &defpol);
-       } else
-           fprintf(stderr,
-                   "WARNING: no policy specified for %s; defaulting to no policy\n",
-                   canon);
+    if (!(mask & KADM5_POLICY) && !(mask & KADM5_POLICY_CLR)) {
+        if (!kadm5_get_policy(handle, "default", &defpol)) {
+            fprintf(stderr, "NOTICE: no policy specified for %s; "
+                    "assigning \"default\"\n", canon);
+            princ.policy = "default";
+            mask |= KADM5_POLICY;
+            kadm5_free_policy_ent(handle, &defpol);
+        } else
+            fprintf(stderr, "WARNING: no policy specified for %s; "
+                    "defaulting to no policy\n", canon);
     }
     mask &= ~KADM5_POLICY_CLR;
 
     if (randkey) {
-       pass = NULL;
+        pass = NULL;
     } else if (pass == NULL) {
-       unsigned int sz = sizeof (newpw) - 1;
-
-       snprintf(prompt1, sizeof(prompt1),
-                "Enter password for principal \"%.900s\"",
-                canon);
-       snprintf(prompt2, sizeof(prompt2),
-                "Re-enter password for principal \"%.900s\"",
-                canon);
-       retval = krb5_read_password(context, prompt1, prompt2,
-                                   newpw, &sz);
-       if (retval) {
-           com_err("add_principal", retval,
-                   "while reading password for \"%s\".", canon);
-           free(canon);
-           krb5_free_principal(context, princ.principal);
-           kadmin_free_tl_data(&princ);
-           return;
-       }
-       pass = newpw;
+        unsigned int sz = sizeof(newpw) - 1;
+
+        snprintf(prompt1, sizeof(prompt1),
+                 "Enter password for principal \"%s\"", canon);
+        snprintf(prompt2, sizeof(prompt2),
+                 "Re-enter password for principal \"%s\"", canon);
+        retval = krb5_read_password(context, prompt1, prompt2, newpw, &sz);
+        if (retval) {
+            com_err("add_principal", retval,
+                    "while reading password for \"%s\".", canon);
+            goto cleanup;
+        }
+        pass = newpw;
     }
     mask |= KADM5_PRINCIPAL;
     retval = create_princ(&princ, mask, n_ks_tuple, ks_tuple, pass);
     if (retval == EINVAL && randkey) {
-       /*
-        * The server doesn't support randkey creation.  Create the principal
-        * with a dummy password and disallow tickets.
-        */
-       prepare_dummy_password(dummybuf, sizeof(dummybuf));
-       princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-       mask |= KADM5_ATTRIBUTES;
-       pass = dummybuf;
-       retval = create_princ(&princ, mask, n_ks_tuple, ks_tuple, pass);
-       old_style_randkey = 1;
+        /*
+         * The server doesn't support randkey creation.  Create the principal
+         * with a dummy password and disallow tickets.
+         */
+        prepare_dummy_password(dummybuf, sizeof(dummybuf));
+        princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+        mask |= KADM5_ATTRIBUTES;
+        pass = dummybuf;
+        retval = create_princ(&princ, mask, n_ks_tuple, ks_tuple, pass);
+        old_style_randkey = 1;
     }
     if (retval) {
-       com_err("add_principal", retval, "while creating \"%s\".",
-               canon);
-       krb5_free_principal(context, princ.principal);
-       free(canon);
-       if (ks_tuple != NULL)
-           free(ks_tuple);
-       kadmin_free_tl_data(&princ);
-       return;
+        com_err("add_principal", retval, "while creating \"%s\".", canon);
+        goto cleanup;
     }
     if (old_style_randkey) {
-       /* Randomize the password and re-enable tickets. */
-       retval = randkey_princ(princ.principal, FALSE, n_ks_tuple, ks_tuple);
-       if (retval) {
-           com_err("add_principal", retval,
-                   "while randomizing key for \"%s\".", canon);
-           krb5_free_principal(context, princ.principal);
-           free(canon);
-           if (ks_tuple != NULL)
-               free(ks_tuple);
-           kadmin_free_tl_data(&princ);
-           return;
-       }
-       princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */
-       mask = KADM5_ATTRIBUTES;
-       retval = kadm5_modify_principal(handle, &princ, mask);
-       if (retval) {
-           com_err("add_principal", retval,
-                   "while clearing DISALLOW_ALL_TIX for \"%s\".", canon);
-           krb5_free_principal(context, princ.principal);
-           free(canon);
-           if (ks_tuple != NULL)
-               free(ks_tuple);
-           kadmin_free_tl_data(&princ);
-           return;
-       }
+        /* Randomize the password and re-enable tickets. */
+        retval = randkey_princ(princ.principal, FALSE, n_ks_tuple, ks_tuple);
+        if (retval) {
+            com_err("add_principal", retval,
+                    "while randomizing key for \"%s\".", canon);
+            goto cleanup;
+        }
+        princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */
+        mask = KADM5_ATTRIBUTES;
+        retval = kadm5_modify_principal(handle, &princ, mask);
+        if (retval) {
+            com_err("add_principal", retval,
+                    "while clearing DISALLOW_ALL_TIX for \"%s\".", canon);
+            goto cleanup;
+        }
     }
-    krb5_free_principal(context, princ.principal);
     printf("Principal \"%s\" created.\n", canon);
-    if (ks_tuple != NULL)
-       free(ks_tuple);
+
+cleanup:
+    krb5_free_principal(context, princ.principal);
+    free(ks_tuple);
     free(canon);
     kadmin_free_tl_data(&princ);
-
 }
 
-void kadmin_modprinc(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_modprinc(int argc, char *argv[])
 {
     kadm5_principal_ent_rec princ, oldprinc;
-    krb5_principal kprinc;
+    krb5_principal kprinc = NULL;
     long mask;
     krb5_error_code retval;
-    char *pass, *canon;
+    char *pass, *canon = NULL;
     krb5_boolean randkey = FALSE;
     int n_ks_tuple = 0;
-    krb5_key_salt_tuple *ks_tuple;
+    krb5_key_salt_tuple *ks_tuple = NULL;
 #if APPLE_PKINIT
     char *cert_hash = NULL;
 #endif /* APPLE_PKINIT */
 
     if (argc < 2) {
-       kadmin_modprinc_usage("modify_principal");
-       return;
+        kadmin_modprinc_usage();
+        return;
     }
 
     memset(&oldprinc, 0, sizeof(oldprinc));
@@ -1364,77 +1222,44 @@ void kadmin_modprinc(argc, argv)
 
     retval = kadmin_parse_name(argv[argc - 1], &kprinc);
     if (retval) {
-       com_err("modify_principal", retval, "while parsing principal");
-       return;
+        com_err("modify_principal", retval, "while parsing principal");
+        return;
     }
     retval = krb5_unparse_name(context, kprinc, &canon);
     if (retval) {
-       com_err("modify_principal", retval,
-               "while canonicalizing principal");
-       krb5_free_principal(context, kprinc);
-       return;
+        com_err("modify_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     retval = kadm5_get_principal(handle, kprinc, &oldprinc,
-                                KADM5_PRINCIPAL_NORMAL_MASK);
+                                 KADM5_PRINCIPAL_NORMAL_MASK);
     if (retval) {
-       com_err("modify_principal", retval, "while getting \"%s\".",
-               canon);
-       krb5_free_principal(context, kprinc);
-       free(canon);
-       return;
+        com_err("modify_principal", retval, "while getting \"%s\".", canon);
+        goto cleanup;
     }
     princ.attributes = oldprinc.attributes;
     kadm5_free_principal_ent(handle, &oldprinc);
     retval = kadmin_parse_princ_args(argc, argv,
-                                    &princ, &mask,
-                                    &pass, &randkey,
-                                    &ks_tuple, &n_ks_tuple,
+                                     &princ, &mask,
+                                     &pass, &randkey,
+                                     &ks_tuple, &n_ks_tuple,
 #if APPLE_PKINIT
                                      &cert_hash,
 #endif /* APPLE_PKINIT */
-                                    "modify_principal");
-    if (ks_tuple != NULL) {
-       free(ks_tuple);
-       kadmin_modprinc_usage("modify_principal");
-       free(canon);
-       krb5_free_principal(context, kprinc);
-       kadmin_free_tl_data(&princ); /* Apple had this commented out.  Why? */
-       return;
-    }
-    if (retval) {
-       kadmin_modprinc_usage("modify_principal");
-       free(canon);
-       krb5_free_principal(context, kprinc);
-       kadmin_free_tl_data(&princ); /* Apple had this commented out.  Why? */
-       return;
-    }
-    if (randkey) {
-       fprintf(stderr, "modify_principal: -randkey not allowed\n");
-       krb5_free_principal(context, princ.principal);
-       free(canon);
-       krb5_free_principal(context, kprinc);
-       kadmin_free_tl_data(&princ);
-       return;
-    }
-    if (pass) {
-       fprintf(stderr,
-               "modify_principal: -pw not allowed; use change_password\n");
-       krb5_free_principal(context, princ.principal);
-       free(canon);
-       krb5_free_principal(context, kprinc);
-       kadmin_free_tl_data(&princ);
-       return;
+                                     "modify_principal");
+    if (retval || ks_tuple != NULL || randkey || pass) {
+        kadmin_modprinc_usage();
+        goto cleanup;
     }
 #if APPLE_PKINIT
     if (cert_hash) {
-        /* 
+        /*
          * Use something other than the 1st preferred enctype here for fallback
          * to pwd authentication
          */
         krb5_key_salt_tuple key_salt = {ENCTYPE_ARCFOUR_HMAC, KRB5_KDB_SALTTYPE_CERTHASH};
         krb5_keyblock keyblock;
         kadm5_ret_t kadmin_rtn;
-        
+
         keyblock.magic = KV5M_KEYBLOCK;
         keyblock.enctype = ENCTYPE_ARCFOUR_HMAC;
         keyblock.length = strlen(cert_hash);
@@ -1447,275 +1272,250 @@ void kadmin_modprinc(argc, argv)
             com_err("modify_principal", kadmin_rtn,
                     "while adding certhash for \"%s\".", canon);
             printf("realm %s data %s\n", (char *)kprinc->realm.data, (char *)kprinc->data->data);
-            free(canon);
-            krb5_free_principal(context, princ.principal);
-            krb5_free_principal(context, kprinc);
-            return;
+            goto cleanup;
         }
         retval = 0;
     }
 #endif /* APPLE_PKINIT */
     if (mask) {
-       /* skip this if all we're doing is setting certhash */
-       retval = kadm5_modify_principal(handle, &princ, mask);
+        /* Skip this if all we're doing is setting certhash. */
+        retval = kadm5_modify_principal(handle, &princ, mask);
     }
-    krb5_free_principal(context, kprinc);
-    krb5_free_principal(context, princ.principal);
     if (retval) {
-       com_err("modify_principal", retval,
-               "while modifying \"%s\".", canon);
-       free(canon);
-       kadmin_free_tl_data(&princ);
-       return;
+        com_err("modify_principal", retval, "while modifying \"%s\".", canon);
+        goto cleanup;
     }
     printf("Principal \"%s\" modified.\n", canon);
+cleanup:
+    krb5_free_principal(context, kprinc);
+    krb5_free_principal(context, princ.principal);
     kadmin_free_tl_data(&princ);
     free(canon);
+    free(ks_tuple);
 }
 
-void kadmin_getprinc(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getprinc(int argc, char *argv[])
 {
     kadm5_principal_ent_rec dprinc;
-    krb5_principal princ;
+    krb5_principal princ = NULL;
     krb5_error_code retval;
-    char *canon, *modcanon;
+    char *canon = NULL, *modcanon = NULL;
     int i;
+    size_t j;
 
-    if (! (argc == 2 ||
-          (argc == 3 && !strcmp("-terse", argv[1])))) {
-       fprintf(stderr, "usage: get_principal [-terse] principal\n");
-       return;
+    if (!(argc == 2 || (argc == 3 && !strcmp("-terse", argv[1])))) {
+        fprintf(stderr, "usage: get_principal [-terse] principal\n");
+        return;
     }
 
-
     memset(&dprinc, 0, sizeof(dprinc));
-    memset(&princ, 0, sizeof(princ));
 
     retval = kadmin_parse_name(argv[argc - 1], &princ);
     if (retval) {
-       com_err("get_principal", retval, "while parsing principal");
-       return;
+        com_err("get_principal", retval, "while parsing principal");
+        return;
     }
     retval = krb5_unparse_name(context, princ, &canon);
     if (retval) {
-       com_err("get_principal", retval, "while canonicalizing principal");
-       krb5_free_principal(context, princ);
-       return;
+        com_err("get_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     retval = kadm5_get_principal(handle, princ, &dprinc,
-                                KADM5_PRINCIPAL_NORMAL_MASK | KADM5_KEY_DATA);
-    krb5_free_principal(context, princ);
+                                 KADM5_PRINCIPAL_NORMAL_MASK | KADM5_KEY_DATA);
     if (retval) {
-       com_err("get_principal", retval, "while retrieving \"%s\".", canon);
-       free(canon);
-       return;
+        com_err("get_principal", retval, "while retrieving \"%s\".", canon);
+        goto cleanup;
     }
-    free(canon);
-    canon = NULL;
     retval = krb5_unparse_name(context, dprinc.principal, &canon);
     if (retval) {
-       com_err("get_principal", retval, "while canonicalizing principal");
-       kadm5_free_principal_ent(handle, &dprinc);
-       return;
+        com_err("get_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     retval = krb5_unparse_name(context, dprinc.mod_name, &modcanon);
     if (retval) {
-       com_err("get_principal", retval, "while unparsing modname");
-       kadm5_free_principal_ent(handle, &dprinc);
-       free(canon);
-       return;
+        com_err("get_principal", retval, "while unparsing modname");
+        goto cleanup;
     }
     if (argc == 2) {
-       printf("Principal: %s\n", canon);
-       printf("Expiration date: %s\n", dprinc.princ_expire_time ?
-              strdate(dprinc.princ_expire_time) : "[never]");
-       printf("Last password change: %s\n", dprinc.last_pwd_change ?
-              strdate(dprinc.last_pwd_change) : "[never]");
-       printf("Password expiration date: %s\n",
-              dprinc.pw_expiration ?
-              strdate(dprinc.pw_expiration) : "[none]");
-       printf("Maximum ticket life: %s\n", strdur(dprinc.max_life));
-       printf("Maximum renewable life: %s\n", strdur(dprinc.max_renewable_life));
-       printf("Last modified: %s (%s)\n", strdate(dprinc.mod_date), modcanon);
-       printf("Last successful authentication: %s\n",
-              dprinc.last_success ? strdate(dprinc.last_success) :
-              "[never]");
-       printf("Last failed authentication: %s\n",
-              dprinc.last_failed ? strdate(dprinc.last_failed) :
-              "[never]");
-       printf("Failed password attempts: %d\n",
-              dprinc.fail_auth_count);
-       printf("Number of keys: %d\n", dprinc.n_key_data);
-       for (i = 0; i < dprinc.n_key_data; i++) {
-           krb5_key_data *key_data = &dprinc.key_data[i];
-           char enctype[BUFSIZ], salttype[BUFSIZ];
-
-           if (krb5_enctype_to_string(key_data->key_data_type[0],
-                                      enctype, sizeof(enctype)))
-               snprintf(enctype, sizeof(enctype), "<Encryption type 0x%x>",
-                        key_data->key_data_type[0]);
-           printf("Key: vno %d, %s, ", key_data->key_data_kvno, enctype);
-           if (key_data->key_data_ver > 1) {
-               if (krb5_salttype_to_string(key_data->key_data_type[1],
-                                           salttype, sizeof(salttype)))
-                   snprintf(salttype, sizeof(salttype), "<Salt type 0x%x>",
-                            key_data->key_data_type[1]);
-               printf("%s\n", salttype);
-           } else
-               printf("no salt\n");
-       }
-       printf("MKey: vno %d\n",
-              dprinc.mkvno);
-
-       printf("Attributes:");
-       for (i = 0; i < sizeof (prflags) / sizeof (char *); i++) {
-           if (dprinc.attributes & (krb5_flags) 1 << i)
-               printf(" %s", prflags[i]);
-       }
-       printf("\n");
-       printf("Policy: %s\n", dprinc.policy ? dprinc.policy : "[none]");
+        printf("Principal: %s\n", canon);
+        printf("Expiration date: %s\n", dprinc.princ_expire_time ?
+               strdate(dprinc.princ_expire_time) : "[never]");
+        printf("Last password change: %s\n", dprinc.last_pwd_change ?
+               strdate(dprinc.last_pwd_change) : "[never]");
+        printf("Password expiration date: %s\n",
+               dprinc.pw_expiration ?
+               strdate(dprinc.pw_expiration) : "[none]");
+        printf("Maximum ticket life: %s\n", strdur(dprinc.max_life));
+        printf("Maximum renewable life: %s\n",
+               strdur(dprinc.max_renewable_life));
+        printf("Last modified: %s (%s)\n", strdate(dprinc.mod_date), modcanon);
+        printf("Last successful authentication: %s\n",
+               dprinc.last_success ? strdate(dprinc.last_success) :
+               "[never]");
+        printf("Last failed authentication: %s\n",
+               dprinc.last_failed ? strdate(dprinc.last_failed) :
+               "[never]");
+        printf("Failed password attempts: %d\n",
+               dprinc.fail_auth_count);
+        printf("Number of keys: %d\n", dprinc.n_key_data);
+        for (i = 0; i < dprinc.n_key_data; i++) {
+            krb5_key_data *key_data = &dprinc.key_data[i];
+            char enctype[BUFSIZ], salttype[BUFSIZ];
+
+            if (krb5_enctype_to_string(key_data->key_data_type[0],
+                                       enctype, sizeof(enctype)))
+                snprintf(enctype, sizeof(enctype), "<Encryption type 0x%x>",
+                         key_data->key_data_type[0]);
+            printf("Key: vno %d, %s, ", key_data->key_data_kvno, enctype);
+            if (key_data->key_data_ver > 1) {
+                if (krb5_salttype_to_string(key_data->key_data_type[1],
+                                            salttype, sizeof(salttype)))
+                    snprintf(salttype, sizeof(salttype), "<Salt type 0x%x>",
+                             key_data->key_data_type[1]);
+                printf("%s\n", salttype);
+            } else
+                printf("no salt\n");
+        }
+        printf("MKey: vno %d\n",
+               dprinc.mkvno);
+
+        printf("Attributes:");
+        for (j = 0; j < sizeof(prflags) / sizeof(char *); j++) {
+            if (dprinc.attributes & (krb5_flags) 1 << j)
+                printf(" %s", prflags[j]);
+        }
+        printf("\n");
+        printf("Policy: %s\n", dprinc.policy ? dprinc.policy : "[none]");
     } else {
-       printf("\"%s\"\t%d\t%d\t%d\t%d\t\"%s\"\t%d\t%d\t%d\t%d\t\"%s\""
-              "\t%d\t%d\t%d\t%d\t%d",
-              canon, dprinc.princ_expire_time, dprinc.last_pwd_change,
-              dprinc.pw_expiration, dprinc.max_life, modcanon,
-              dprinc.mod_date, dprinc.attributes, dprinc.kvno,
-              dprinc.mkvno, dprinc.policy ? dprinc.policy : "[none]",
-              dprinc.max_renewable_life, dprinc.last_success,
-              dprinc.last_failed, dprinc.fail_auth_count,
-              dprinc.n_key_data);
-       for (i = 0; i < dprinc.n_key_data; i++)
-           printf("\t%d\t%d\t%d\t%d",
-                  dprinc.key_data[i].key_data_ver,
-                  dprinc.key_data[i].key_data_kvno,
-                  dprinc.key_data[i].key_data_type[0],
-                  dprinc.key_data[i].key_data_type[1]);
-       printf("\n");
-    }
-    free(modcanon);
+        printf("\"%s\"\t%d\t%d\t%d\t%d\t\"%s\"\t%d\t%d\t%d\t%d\t\"%s\""
+               "\t%d\t%d\t%d\t%d\t%d",
+               canon, dprinc.princ_expire_time, dprinc.last_pwd_change,
+               dprinc.pw_expiration, dprinc.max_life, modcanon,
+               dprinc.mod_date, dprinc.attributes, dprinc.kvno,
+               dprinc.mkvno, dprinc.policy ? dprinc.policy : "[none]",
+               dprinc.max_renewable_life, dprinc.last_success,
+               dprinc.last_failed, dprinc.fail_auth_count,
+               dprinc.n_key_data);
+        for (i = 0; i < dprinc.n_key_data; i++)
+            printf("\t%d\t%d\t%d\t%d",
+                   dprinc.key_data[i].key_data_ver,
+                   dprinc.key_data[i].key_data_kvno,
+                   dprinc.key_data[i].key_data_type[0],
+                   dprinc.key_data[i].key_data_type[1]);
+        printf("\n");
+    }
+cleanup:
+    krb5_free_principal(context, princ);
     kadm5_free_principal_ent(handle, &dprinc);
+    free(modcanon);
     free(canon);
 }
 
-void kadmin_getprincs(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getprincs(int argc, char *argv[])
 {
     krb5_error_code retval;
     char *expr, **names;
     int i, count;
 
     expr = NULL;
-    if (! (argc == 1 || (argc == 2 && (expr = argv[1])))) {
-       fprintf(stderr, "usage: get_principals [expression]\n");
-       return;
+    if (!(argc == 1 || (argc == 2 && (expr = argv[1])))) {
+        fprintf(stderr, "usage: get_principals [expression]\n");
+        return;
     }
     retval = kadm5_get_principals(handle, expr, &names, &count);
     if (retval) {
-       com_err("get_principals", retval, "while retrieving list.");
-       return;
+        com_err("get_principals", retval, "while retrieving list.");
+        return;
     }
     for (i = 0; i < count; i++)
-       printf("%s\n", names[i]);
+        printf("%s\n", names[i]);
     kadm5_free_name_list(handle, names, count);
 }
 
 static int
-kadmin_parse_policy_args(argc, argv, policy, mask, caller)
-    int argc;
-    char *argv[];
-    kadm5_policy_ent_t policy;
-    long *mask;
-    char *caller;
+kadmin_parse_policy_args(int argc, char *argv[], kadm5_policy_ent_t policy,
+                         long *mask, char *caller)
 {
     int i;
-    time_t now;
-    time_t date;
+    time_t now, date;
 
     time(&now);
     *mask = 0;
     for (i = 1; i < argc - 1; i++) {
-       if (strlen(argv[i]) == 8 &&
-           !strcmp(argv[i], "-maxlife")) {
-           if (++i > argc -2)
-               return -1;
-           else {
-               date = get_date(argv[i]);
-               if (date == (time_t)-1) {
-                   fprintf(stderr, "Invalid date specification \"%s\".\n",
-                           argv[i]);
-                   return -1;
-               }
-               policy->pw_max_life = date - now;
-               *mask |= KADM5_PW_MAX_LIFE;
-               continue;
-           }
-       } else if (strlen(argv[i]) == 8 &&
-                  !strcmp(argv[i], "-minlife")) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               date = get_date(argv[i]);
-               if (date == (time_t)-1) {
-                   fprintf(stderr, "Invalid date specification \"%s\".\n",
-                           argv[i]);
-                   return -1;
-               }
-               policy->pw_min_life = date - now;
-               *mask |= KADM5_PW_MIN_LIFE;
-               continue;
-           }
-       } else if (strlen(argv[i]) == 10 &&
-                  !strcmp(argv[i], "-minlength")) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               policy->pw_min_length = atoi(argv[i]);
-               *mask |= KADM5_PW_MIN_LENGTH;
-               continue;
-           }
-       } else if (strlen(argv[i]) == 11 &&
-                  !strcmp(argv[i], "-minclasses")) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               policy->pw_min_classes = atoi(argv[i]);
-               *mask |= KADM5_PW_MIN_CLASSES;
-               continue;
-           }
-       } else if (strlen(argv[i]) == 8 &&
-                  !strcmp(argv[i], "-history")) {
-           if (++i > argc - 2)
-               return -1;
-           else {
-               policy->pw_history_num = atoi(argv[i]);
-               *mask |= KADM5_PW_HISTORY_NUM;
-               continue;
-           }
-       } else
-           return -1;
+        if (strlen(argv[i]) == 8 && !strcmp(argv[i], "-maxlife")) {
+            if (++i > argc -2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                policy->pw_max_life = date - now;
+                *mask |= KADM5_PW_MAX_LIFE;
+                continue;
+            }
+        } else if (strlen(argv[i]) == 8 && !strcmp(argv[i], "-minlife")) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                policy->pw_min_life = date - now;
+                *mask |= KADM5_PW_MIN_LIFE;
+                continue;
+            }
+        } else if (strlen(argv[i]) == 10 && !strcmp(argv[i], "-minlength")) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                policy->pw_min_length = atoi(argv[i]);
+                *mask |= KADM5_PW_MIN_LENGTH;
+                continue;
+            }
+        } else if (strlen(argv[i]) == 11 && !strcmp(argv[i], "-minclasses")) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                policy->pw_min_classes = atoi(argv[i]);
+                *mask |= KADM5_PW_MIN_CLASSES;
+                continue;
+            }
+        } else if (strlen(argv[i]) == 8 && !strcmp(argv[i], "-history")) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                policy->pw_history_num = atoi(argv[i]);
+                *mask |= KADM5_PW_HISTORY_NUM;
+                continue;
+            }
+        } else
+            return -1;
     }
     if (i != argc -1) {
-       fprintf(stderr, "%s: parser lost count!\n", caller);
-       return -1;
+        fprintf(stderr, "%s: parser lost count!\n", caller);
+        return -1;
     } else
-       return 0;
+        return 0;
 }
 
 static void
-kadmin_addmodpol_usage(func)
-    char *func;
+kadmin_addmodpol_usage(char *func)
 {
     fprintf(stderr, "usage; %s [options] policy\n", func);
     fprintf(stderr, "\toptions are:\n");
     fprintf(stderr, "\t\t[-maxlife time] [-minlife time] [-minlength length]\n\t\t[-minclasses number] [-history number]\n");
 }
 
-void kadmin_addpol(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_addpol(int argc, char *argv[])
 {
     krb5_error_code retval;
     long mask;
@@ -1723,24 +1523,20 @@ void kadmin_addpol(argc, argv)
 
     memset(&policy, 0, sizeof(policy));
     if (kadmin_parse_policy_args(argc, argv, &policy, &mask, "add_policy")) {
-       kadmin_addmodpol_usage("add_policy");
-       return;
-    } else {
-       policy.policy = argv[argc - 1];
-       mask |= KADM5_POLICY;
-       retval = kadm5_create_policy(handle, &policy, mask);
-       if (retval) {
-           com_err("add_policy", retval, "while creating policy \"%s\".",
-                   policy.policy);
-           return;
-       }
-    }
-    return;
+        kadmin_addmodpol_usage("add_policy");
+        return;
+    }
+    policy.policy = argv[argc - 1];
+    mask |= KADM5_POLICY;
+    retval = kadm5_create_policy(handle, &policy, mask);
+    if (retval) {
+        com_err("add_policy", retval, "while creating policy \"%s\".",
+                policy.policy);
+    }
 }
 
-void kadmin_modpol(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_modpol(int argc, char *argv[])
 {
     krb5_error_code retval;
     long mask;
@@ -1748,133 +1544,121 @@ void kadmin_modpol(argc, argv)
 
     memset(&policy, 0, sizeof(policy));
     if (kadmin_parse_policy_args(argc, argv, &policy, &mask,
-                                "modify_policy")) {
-       kadmin_addmodpol_usage("modify_policy");
-       return;
-    } else {
-       policy.policy = argv[argc - 1];
-       retval = kadm5_modify_policy(handle, &policy, mask);
-       if (retval) {
-           com_err("modify_policy", retval, "while modifying policy \"%s\".",
-                   policy.policy);
-           return;
-       }
-    }
-    return;
+                                 "modify_policy")) {
+        kadmin_addmodpol_usage("modify_policy");
+        return;
+    }
+    policy.policy = argv[argc - 1];
+    retval = kadm5_modify_policy(handle, &policy, mask);
+    if (retval) {
+        com_err("modify_policy", retval, "while modifying policy \"%s\".",
+                policy.policy);
+    }
 }
 
-void kadmin_delpol(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_delpol(int argc, char *argv[])
 {
     krb5_error_code retval;
     char reply[5];
 
-    if (! (argc == 2 ||
-          (argc == 3 && !strcmp("-force", argv[1])))) {
-       fprintf(stderr, "usage: delete_policy [-force] policy\n");
-       return;
+    if (!(argc == 2 || (argc == 3 && !strcmp("-force", argv[1])))) {
+        fprintf(stderr, "usage: delete_policy [-force] policy\n");
+        return;
     }
     if (argc == 2) {
-       printf("Are you sure you want to delete the policy \"%s\"? (yes/no): ", argv[1]);
-       fgets(reply, sizeof (reply), stdin);
-       if (strcmp("yes\n", reply)) {
-           fprintf(stderr, "Policy \"%s\" not deleted.\n", argv[1]);
-           return;
-       }
+        printf("Are you sure you want to delete the policy \"%s\"? (yes/no): ",
+               argv[1]);
+        fgets(reply, sizeof(reply), stdin);
+        if (strcmp("yes\n", reply)) {
+            fprintf(stderr, "Policy \"%s\" not deleted.\n", argv[1]);
+            return;
+        }
     }
     retval = kadm5_delete_policy(handle, argv[argc - 1]);
     if (retval) {
-       com_err("delete_policy:", retval, "while deleting policy \"%s\"",
-               argv[argc - 1]);
-       return;
+        com_err("delete_policy:", retval, "while deleting policy \"%s\"",
+                argv[argc - 1]);
     }
-    return;
 }
 
-void kadmin_getpol(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getpol(int argc, char *argv[])
 {
     krb5_error_code retval;
     kadm5_policy_ent_rec policy;
 
-    if (! (argc == 2 ||
-          (argc == 3 && !strcmp("-terse", argv[1])))) {
-       fprintf(stderr, "usage: get_policy [-terse] policy\n");
-       return;
+    if (!(argc == 2 || (argc == 3 && !strcmp("-terse", argv[1])))) {
+        fprintf(stderr, "usage: get_policy [-terse] policy\n");
+        return;
     }
     retval = kadm5_get_policy(handle, argv[argc - 1], &policy);
     if (retval) {
-       com_err("get_policy", retval, "while retrieving policy \"%s\".",
-               argv[argc - 1]);
-       return;
+        com_err("get_policy", retval, "while retrieving policy \"%s\".",
+                argv[argc - 1]);
+        return;
     }
     if (argc == 2) {
-       printf("Policy: %s\n", policy.policy);
-       printf("Maximum password life: %ld\n", policy.pw_max_life);
-       printf("Minimum password life: %ld\n", policy.pw_min_life);
-       printf("Minimum password length: %ld\n", policy.pw_min_length);
-       printf("Minimum number of password character classes: %ld\n",
-              policy.pw_min_classes);
-       printf("Number of old keys kept: %ld\n", policy.pw_history_num);
-       printf("Reference count: %ld\n", policy.policy_refcnt);
+        printf("Policy: %s\n", policy.policy);
+        printf("Maximum password life: %ld\n", policy.pw_max_life);
+        printf("Minimum password life: %ld\n", policy.pw_min_life);
+        printf("Minimum password length: %ld\n", policy.pw_min_length);
+        printf("Minimum number of password character classes: %ld\n",
+               policy.pw_min_classes);
+        printf("Number of old keys kept: %ld\n", policy.pw_history_num);
+        printf("Reference count: %ld\n", policy.policy_refcnt);
     } else {
-       printf("\"%s\"\t%ld\t%ld\t%ld\t%ld\t%ld\t%ld\n",
-              policy.policy, policy.pw_max_life, policy.pw_min_life,
-              policy.pw_min_length, policy.pw_min_classes,
-              policy.pw_history_num, policy.policy_refcnt);
+        printf("\"%s\"\t%ld\t%ld\t%ld\t%ld\t%ld\t%ld\n",
+               policy.policy, policy.pw_max_life, policy.pw_min_life,
+               policy.pw_min_length, policy.pw_min_classes,
+               policy.pw_history_num, policy.policy_refcnt);
     }
     kadm5_free_policy_ent(handle, &policy);
-    return;
 }
 
-void kadmin_getpols(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getpols(int argc, char *argv[])
 {
     krb5_error_code retval;
     char *expr, **names;
     int i, count;
 
     expr = NULL;
-    if (! (argc == 1 || (argc == 2 && (expr = argv[1])))) {
-       fprintf(stderr, "usage: get_policies [expression]\n");
-       return;
+    if (!(argc == 1 || (argc == 2 && (expr = argv[1])))) {
+        fprintf(stderr, "usage: get_policies [expression]\n");
+        return;
     }
     retval = kadm5_get_policies(handle, expr, &names, &count);
     if (retval) {
-       com_err("get_policies", retval, "while retrieving list.");
-       return;
+        com_err("get_policies", retval, "while retrieving list.");
+        return;
     }
     for (i = 0; i < count; i++)
-       printf("%s\n", names[i]);
+        printf("%s\n", names[i]);
     kadm5_free_name_list(handle, names, count);
 }
 
-void kadmin_getprivs(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getprivs(int argc, char *argv[])
 {
     static char *privs[] = {"GET", "ADD", "MODIFY", "DELETE"};
     krb5_error_code retval;
-    int i;
+    size_t i;
     long plist;
 
     if (argc != 1) {
-       fprintf(stderr, "usage: get_privs\n");
-       return;
+        fprintf(stderr, "usage: get_privs\n");
+        return;
     }
     retval = kadm5_get_privs(handle, &plist);
     if (retval) {
-       com_err("get_privs", retval, "while retrieving privileges");
-       return;
+        com_err("get_privs", retval, "while retrieving privileges");
+        return;
     }
     printf("current privileges:");
     for (i = 0; i < sizeof (privs) / sizeof (char *); i++) {
-       if (plist & 1 << i)
-           printf(" %s", privs[i]);
+        if (plist & 1 << i)
+            printf(" %s", privs[i]);
     }
     printf("\n");
-    return;
 }
index 5fb5613f2fef154a1e25ebd6c3692b061f9216b9..643e91de42af3051db644600fc40228377e6c7c4 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
  *
@@ -7,14 +8,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -25,7 +26,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -45,12 +46,12 @@ static char *rcsid = "$Header$";
 #include <adm_proto.h>
 #include "kadmin.h"
 
-static int add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
-                        krb5_boolean keepold,
-                        int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
-                        char *princ_str);
-static int remove_principal(char *keytab_str, krb5_keytab keytab, char
-                           *princ_str, char *kvno_str);
+static void add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
+                          krb5_boolean keepold,
+                          int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                          char *princ_str);
+static void remove_principal(char *keytab_str, krb5_keytab keytab,
+                             char *princ_str, char *kvno_str);
 static char *etype_string(krb5_enctype enctype);
 
 static int quiet;
@@ -59,417 +60,411 @@ static int quiet;
 static int norandkey;
 #endif
 
-static void add_usage()
+static void
+add_usage()
 {
 #ifdef KADMIN_LOCAL
-     fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal | -glob princ-exp] [...]\n");
+    fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal | -glob princ-exp] [...]\n");
 #else
-     fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [principal | -glob princ-exp] [...]\n");
+    fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [principal | -glob princ-exp] [...]\n");
 #endif
 }
-     
-static void rem_usage()
+
+static void
+rem_usage()
 {
-     fprintf(stderr, "Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno|\"all\"|\"old\"]\n");
+    fprintf(stderr, "Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno|\"all\"|\"old\"]\n");
 }
 
-static int process_keytab(krb5_context my_context, char **keytab_str,
-                  krb5_keytab *keytab) 
+static int
+process_keytab(krb5_context my_context, char **keytab_str,
+               krb5_keytab *keytab)
 {
-     int code;
-     
-     if (*keytab_str == NULL) {
-         /* XXX krb5_defkeyname is an internal library global and
-             should go away */
-         if (! (*keytab_str = strdup(krb5_defkeyname))) {
-              com_err(whoami, ENOMEM, "while creating keytab name");
-              return 1;
-         }
-         code = krb5_kt_default(my_context, keytab);
-         if (code != 0) {
-              com_err(whoami, code, "while opening default keytab");
-              free(*keytab_str);
-              return 1;
-         }
-     } else {
-         if (strchr(*keytab_str, ':') != NULL) {
-              *keytab_str = strdup(*keytab_str);
-              if (*keytab_str == NULL) {
-                   com_err(whoami, ENOMEM, "while creating keytab name");
-                   return 1;
-              }
-         } else {
-              if (asprintf(keytab_str, "WRFILE:%s", *keytab_str) < 0) {
-                  *keytab_str = NULL;
-                  com_err(whoami, ENOMEM, "while creating keytab name");
-                  return 1;
-              }
-         }
-         
-         code = krb5_kt_resolve(my_context, *keytab_str, keytab);
-         if (code != 0) {
-              com_err(whoami, code, "while resolving keytab %s", *keytab_str);
-              free(keytab_str);
-              return 1;
-         }
-     }
-     
-     return 0;
+    int code;
+    char *name = *keytab_str;
+
+    if (name == NULL) {
+        /* XXX krb5_defkeyname is an internal library global and
+           should go away */
+        name = strdup(krb5_defkeyname);
+        if (!name) {
+            com_err(whoami, ENOMEM, "while creating keytab name");
+            return 1;
+        }
+        code = krb5_kt_default(my_context, keytab);
+        if (code != 0) {
+            com_err(whoami, code, "while opening default keytab");
+            free(name);
+            return 1;
+        }
+    } else {
+        if (strchr(name, ':') != NULL)
+            name = strdup(name);
+        else if (asprintf(keytab_str, "WRFILE:%s", name) < 0)
+            name = NULL;
+        if (name == NULL) {
+            com_err(whoami, ENOMEM, "while creating keytab name");
+            return 1;
+        }
+
+        code = krb5_kt_resolve(my_context, name, keytab);
+        if (code != 0) {
+            com_err(whoami, code, "while resolving keytab %s", name);
+            free(name);
+            return 1;
+        }
+    }
+
+    *keytab_str = name;
+    return 0;
 }
 
-     
-void kadmin_keytab_add(int argc, char **argv)
+void
+kadmin_keytab_add(int argc, char **argv)
 {
-     krb5_keytab keytab = 0;
-     char *keytab_str = NULL, **princs;
-     int code, num, i;
-     krb5_error_code retval;
-     int n_ks_tuple = 0;
-     krb5_boolean keepold = FALSE;
-     krb5_key_salt_tuple *ks_tuple = NULL;
-
-     argc--; argv++;
-     quiet = 0;
+    krb5_keytab keytab = 0;
+    char *keytab_str = NULL, **princs;
+    int code, num, i;
+    krb5_error_code retval;
+    int n_ks_tuple = 0;
+    krb5_boolean keepold = FALSE;
+    krb5_key_salt_tuple *ks_tuple = NULL;
+
+    argc--; argv++;
+    quiet = 0;
 #ifdef KADMIN_LOCAL
-     norandkey = 0;
+    norandkey = 0;
 #endif
-     while (argc) {
-         if (strncmp(*argv, "-k", 2) == 0) {
-              argc--; argv++;
-              if (!argc || keytab_str) {
-                   add_usage();
-                   return;
-              }
-              keytab_str = *argv;
-         } else if (strcmp(*argv, "-q") == 0) {
-              quiet++;
+    while (argc) {
+        if (strncmp(*argv, "-k", 2) == 0) {
+            argc--; argv++;
+            if (!argc || keytab_str) {
+                add_usage();
+                return;
+            }
+            keytab_str = *argv;
+        } else if (strcmp(*argv, "-q") == 0) {
+            quiet++;
 #ifdef KADMIN_LOCAL
         } else if (strcmp(*argv, "-norandkey") == 0) {
-             norandkey++;
+            norandkey++;
 #endif
-         } else if (strcmp(*argv, "-e") == 0) {
-              argc--;
-              if (argc < 1) {
-                   add_usage();
-                   return;
-              }
-              retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
-                                               &ks_tuple, &n_ks_tuple);
-              if (retval) {
-                   com_err("ktadd", retval, "while parsing keysalts %s",
-                           *argv);
-
-                   return;
-              }
-         } else
-              break;
-         argc--; argv++;
-     }
-
-     if (argc == 0) {
-         add_usage();
-         return;
-     }
+        } else if (strcmp(*argv, "-e") == 0) {
+            argc--;
+            if (argc < 1) {
+                add_usage();
+                return;
+            }
+            retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
+                                             &ks_tuple, &n_ks_tuple);
+            if (retval) {
+                com_err("ktadd", retval, "while parsing keysalts %s",
+                        *argv);
+
+                return;
+            }
+        } else
+            break;
+        argc--; argv++;
+    }
+
+    if (argc == 0) {
+        add_usage();
+        return;
+    }
 
 #ifdef KADMIN_LOCAL
-     if (norandkey && ks_tuple) {
-       fprintf(stderr, "cannot specify keysaltlist when not changing key\n");
-       return;
-     }
+    if (norandkey && ks_tuple) {
+        fprintf(stderr, "cannot specify keysaltlist when not changing key\n");
+        return;
+    }
 #endif
 
-     if (process_keytab(context, &keytab_str, &keytab))
-         return;
-     
-     while (*argv) {
-         if (strcmp(*argv, "-glob") == 0) {
-              if (*++argv == NULL) {
-                   add_usage();
-                   break;
-              }
-              
-              code = kadm5_get_principals(handle, *argv, &princs, &num);
-              if (code) {
-                   com_err(whoami, code, "while expanding expression \"%s\".",
-                           *argv);
-                   argv++;
-                   continue;
-              }
-              
-              for (i = 0; i < num; i++) 
-                   (void) add_principal(handle, keytab_str, keytab,
-                                        keepold, n_ks_tuple, ks_tuple,
-                                        princs[i]); 
-              kadm5_free_name_list(handle, princs, num);
-         } else
-              (void) add_principal(handle, keytab_str, keytab,
-                                   keepold, n_ks_tuple, ks_tuple,
-                                   *argv);
-         argv++;
-     }
-         
-     code = krb5_kt_close(context, keytab);
-     if (code != 0)
-         com_err(whoami, code, "while closing keytab");
-
-     free(keytab_str);
+    if (process_keytab(context, &keytab_str, &keytab))
+        return;
+
+    while (*argv) {
+        if (strcmp(*argv, "-glob") == 0) {
+            if (*++argv == NULL) {
+                add_usage();
+                break;
+            }
+
+            code = kadm5_get_principals(handle, *argv, &princs, &num);
+            if (code) {
+                com_err(whoami, code, "while expanding expression \"%s\".",
+                        *argv);
+                argv++;
+                continue;
+            }
+
+            for (i = 0; i < num; i++)
+                add_principal(handle, keytab_str, keytab, keepold,
+                              n_ks_tuple, ks_tuple, princs[i]);
+            kadm5_free_name_list(handle, princs, num);
+        } else {
+            add_principal(handle, keytab_str, keytab, keepold,
+                          n_ks_tuple, ks_tuple, *argv);
+            argv++;
+        }
+    }
+
+    code = krb5_kt_close(context, keytab);
+    if (code != 0)
+        com_err(whoami, code, "while closing keytab");
+
+    free(keytab_str);
 }
 
-void kadmin_keytab_remove(int argc, char **argv)
+void
+kadmin_keytab_remove(int argc, char **argv)
 {
-     krb5_keytab keytab = 0;
-     char *keytab_str = NULL;
-     int code;
-
-     argc--; argv++;
-     quiet = 0;
-     while (argc) {
-         if (strncmp(*argv, "-k", 2) == 0) {
-              argc--; argv++;
-              if (!argc || keytab_str) {
-                   rem_usage();
-                   return;
-              }
-              keytab_str = *argv;
-         } else if (strcmp(*argv, "-q") == 0) {
-              quiet++;
-         } else
-              break;
-         argc--; argv++;
-     }
-
-     if (argc != 1 && argc != 2) {
-         rem_usage();
-         return;
-     }
-     if (process_keytab(context, &keytab_str, &keytab))
-         return;
-
-     (void) remove_principal(keytab_str, keytab, argv[0], argv[1]);
-
-     code = krb5_kt_close(context, keytab);
-     if (code != 0)
-         com_err(whoami, code, "while closing keytab");
-
-     free(keytab_str);
+    krb5_keytab keytab = 0;
+    char *keytab_str = NULL;
+    int code;
+
+    argc--; argv++;
+    quiet = 0;
+    while (argc) {
+        if (strncmp(*argv, "-k", 2) == 0) {
+            argc--; argv++;
+            if (!argc || keytab_str) {
+                rem_usage();
+                return;
+            }
+            keytab_str = *argv;
+        } else if (strcmp(*argv, "-q") == 0) {
+            quiet++;
+        } else
+            break;
+        argc--; argv++;
+    }
+
+    if (argc != 1 && argc != 2) {
+        rem_usage();
+        return;
+    }
+    if (process_keytab(context, &keytab_str, &keytab))
+        return;
+
+    remove_principal(keytab_str, keytab, argv[0], argv[1]);
+
+    code = krb5_kt_close(context, keytab);
+    if (code != 0)
+        com_err(whoami, code, "while closing keytab");
+
+    free(keytab_str);
 }
 
-static 
-int add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
-                 krb5_boolean keepold, int n_ks_tuple,
-                 krb5_key_salt_tuple *ks_tuple,
-                 char *princ_str) 
+static void
+add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
+              krb5_boolean keepold, int n_ks_tuple,
+              krb5_key_salt_tuple *ks_tuple, char *princ_str)
 {
-     kadm5_principal_ent_rec princ_rec;
-     krb5_principal princ;
-     krb5_keytab_entry new_entry;
-     krb5_keyblock *keys;
-     int code, nkeys, i;
+    kadm5_principal_ent_rec princ_rec;
+    krb5_principal princ = NULL;
+    krb5_keytab_entry new_entry;
+    krb5_keyblock *keys;
+    int code, nkeys, i;
 
-     (void) memset(&princ_rec, 0, sizeof(princ_rec));
+    memset(&princ_rec, 0, sizeof(princ_rec));
 
-     princ = NULL;
-     keys = NULL;
-     nkeys = 0;
+    princ = NULL;
+    keys = NULL;
+    nkeys = 0;
 
-     code = krb5_parse_name(context, princ_str, &princ);
-     if (code != 0) {
-         com_err(whoami, code, "while parsing -add principal name %s",
-                 princ_str);
-         goto cleanup;
-     }
+    code = krb5_parse_name(context, princ_str, &princ);
+    if (code != 0) {
+        com_err(whoami, code, "while parsing -add principal name %s",
+                princ_str);
+        goto cleanup;
+    }
 
 #ifdef KADMIN_LOCAL
-     if (norandkey)
-       code = kadm5_get_principal_keys(handle, princ, &keys, &nkeys);
-     else
+    if (norandkey)
+        code = kadm5_get_principal_keys(handle, princ, &keys, &nkeys);
+    else
 #endif
-     if (keepold || ks_tuple != NULL) {
-        code = kadm5_randkey_principal_3(lhandle, princ,
-                                         keepold, n_ks_tuple, ks_tuple,
-                                         &keys, &nkeys);
-     } else {
-        code = kadm5_randkey_principal(lhandle, princ, &keys, &nkeys);
-     }
-     if (code != 0) {
-         if (code == KADM5_UNK_PRINC) {
-              fprintf(stderr, "%s: Principal %s does not exist.\n",
-                      whoami, princ_str);
-         } else
-              com_err(whoami, code, "while changing %s's key",
-                      princ_str);
-         goto cleanup;
-     }
-
-     code = kadm5_get_principal(lhandle, princ, &princ_rec,
-                               KADM5_PRINCIPAL_NORMAL_MASK);
-     if (code != 0) {
-         com_err(whoami, code, "while retrieving principal");
-         goto cleanup;
-     }
-
-     for (i = 0; i < nkeys; i++) {
-         memset(&new_entry, 0, sizeof(new_entry));
-         new_entry.principal = princ;
-         new_entry.key = keys[i];
-         new_entry.vno = princ_rec.kvno;
-
-         code = krb5_kt_add_entry(context, keytab, &new_entry);
-         if (code != 0) {
-              com_err(whoami, code, "while adding key to keytab");
-              (void) kadm5_free_principal_ent(lhandle, &princ_rec);
-              goto cleanup;
-         }
-
-         if (!quiet)
-              printf("Entry for principal %s with kvno %d, "
-                     "encryption type %s added to keytab %s.\n",
-                     princ_str, princ_rec.kvno,
-                     etype_string(keys[i].enctype), keytab_str);
-     }
-
-     code = kadm5_free_principal_ent(lhandle, &princ_rec);
-     if (code != 0) {
-         com_err(whoami, code, "while freeing principal entry");
-         goto cleanup;
-     }
+    if (keepold || ks_tuple != NULL) {
+        code = kadm5_randkey_principal_3(lhandle, princ, keepold,
+                                         n_ks_tuple, ks_tuple, &keys, &nkeys);
+    } else
+        code = kadm5_randkey_principal(lhandle, princ, &keys, &nkeys);
+    if (code != 0) {
+        if (code == KADM5_UNK_PRINC) {
+            fprintf(stderr, "%s: Principal %s does not exist.\n",
+                    whoami, princ_str);
+        } else
+            com_err(whoami, code, "while changing %s's key", princ_str);
+        goto cleanup;
+    }
+
+    code = kadm5_get_principal(lhandle, princ, &princ_rec,
+                               KADM5_PRINCIPAL_NORMAL_MASK);
+    if (code != 0) {
+        com_err(whoami, code, "while retrieving principal");
+        goto cleanup;
+    }
+
+    for (i = 0; i < nkeys; i++) {
+        memset(&new_entry, 0, sizeof(new_entry));
+        new_entry.principal = princ;
+        new_entry.key = keys[i];
+        new_entry.vno = princ_rec.kvno;
+
+        code = krb5_kt_add_entry(context, keytab, &new_entry);
+        if (code != 0) {
+            com_err(whoami, code, "while adding key to keytab");
+            kadm5_free_principal_ent(lhandle, &princ_rec);
+            goto cleanup;
+        }
+
+        if (!quiet) {
+            printf("Entry for principal %s with kvno %d, "
+                   "encryption type %s added to keytab %s.\n",
+                   princ_str, princ_rec.kvno,
+                   etype_string(keys[i].enctype), keytab_str);
+        }
+    }
+
+    code = kadm5_free_principal_ent(lhandle, &princ_rec);
+    if (code != 0) {
+        com_err(whoami, code, "while freeing principal entry");
+        goto cleanup;
+    }
 
 cleanup:
-     if (nkeys) {
-         for (i = 0; i < nkeys; i++)
-              krb5_free_keyblock_contents(context, &keys[i]);
-         free(keys);
-     }
-     if (princ)
-         krb5_free_principal(context, princ);
-
-     return code;
+    if (nkeys) {
+        for (i = 0; i < nkeys; i++)
+            krb5_free_keyblock_contents(context, &keys[i]);
+        free(keys);
+    }
+    krb5_free_principal(context, princ);
 }
 
-int remove_principal(char *keytab_str, krb5_keytab keytab, char
-                    *princ_str, char *kvno_str) 
+void
+remove_principal(char *keytab_str, krb5_keytab keytab,
+                 char *princ_str, char *kvno_str)
 {
-     krb5_principal princ;
-     krb5_keytab_entry entry;
-     krb5_kt_cursor cursor;
-     enum { UNDEF, SPEC, HIGH, ALL, OLD } mode;
-     int code, did_something;
-     krb5_kvno kvno;
-
-     code = krb5_parse_name(context, princ_str, &princ);
-     if (code != 0) {
-         com_err(whoami, code, "while parsing principal name %s",
-                 princ_str);
-         return code;
-     }
-
-     mode = UNDEF;
-     if (kvno_str == NULL) {
-         mode = HIGH;
-         kvno = 0;
-     } else if (strcmp(kvno_str, "all") == 0) {
-         mode = ALL;
-         kvno = 0;
-     } else if (strcmp(kvno_str, "old") == 0) {
-         mode = OLD;
-         kvno = 0;
-     } else {
-         mode = SPEC;
-         kvno = atoi(kvno_str);
-     }
-
-     /* kvno is set to specified value for SPEC, 0 otherwise */
-     code = krb5_kt_get_entry(context, keytab, princ, kvno, 0, &entry);
-     if (code != 0) {
-         if (code == ENOENT) {
-              fprintf(stderr, "%s: Keytab %s does not exist.\n",
-                      whoami, keytab_str);
-         } else if (code == KRB5_KT_NOTFOUND) {
-              if (mode != SPEC)
-                   fprintf(stderr, "%s: No entry for principal "
-                           "%s exists in keytab %s\n",
-                           whoami, princ_str, keytab_str);
-              else
-                   fprintf(stderr, "%s: No entry for principal "
-                           "%s with kvno %d exists in keytab "
-                           "%s.\n", whoami, princ_str, kvno,
-                           keytab_str);
-         } else {
-              com_err(whoami, code, "while retrieving highest kvno "
-                      "from keytab");
-         }
-         return code;
-     }
-
-     /* set kvno to spec'ed value for SPEC, highest kvno otherwise */
-     kvno = entry.vno;
-     krb5_kt_free_entry(context, &entry);
-
-     code = krb5_kt_start_seq_get(context, keytab, &cursor);
-     if (code != 0) {
-         com_err(whoami, code, "while starting keytab scan");
-         return code;
-     }
-
-     did_something = 0;
-     while ((code = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
-         if (krb5_principal_compare(context, princ, entry.principal) &&
-             ((mode == ALL) ||
-              (mode == SPEC && entry.vno == kvno) ||
-              (mode == OLD && entry.vno != kvno) ||
-              (mode == HIGH && entry.vno == kvno))) {
-
-              /*
-               * Ack!  What a kludge... the scanning functions lock
-               * the keytab so entries cannot be removed while they
-               * are operating.
-               */
-              code = krb5_kt_end_seq_get(context, keytab, &cursor);
-              if (code != 0) {
-                   com_err(whoami, code, "while temporarily ending "
-                           "keytab scan");
-                   return code;
-              }
-              code = krb5_kt_remove_entry(context, keytab, &entry);
-              if (code != 0) {
-                   com_err(whoami, code, "while deleting entry from keytab");
-                   return code;
-              }
-              code = krb5_kt_start_seq_get(context, keytab, &cursor);
-              if (code != 0) {
-                   com_err(whoami, code, "while restarting keytab scan");
-                   return code;
-              }
-
-              did_something++;
-              if (!quiet)
-                   printf("Entry for principal %s with kvno %d "
-                          "removed from keytab %s.\n", 
-                          princ_str, entry.vno, keytab_str);
-         }
-         krb5_kt_free_entry(context, &entry);
-     }
-     if (code && code != KRB5_KT_END) {
-         com_err(whoami, code, "while scanning keytab");
-         return code;
-     }
-     if ((code = krb5_kt_end_seq_get(context, keytab, &cursor))) {
-         com_err(whoami, code, "while ending keytab scan");
-         return code;
-     }
-
-     /*
-      * If !did_someting then mode must be OLD or we would have
-      * already returned with an error.  But check it anyway just to
-      * prevent unexpected error messages...
-      */
-     if (!did_something && mode == OLD) {
-         fprintf(stderr, "%s: There is only one entry for principal "
-                 "%s in keytab %s\n", whoami, princ_str, keytab_str);
-         return 1;
-     }
-     
-     return 0;
+    krb5_principal princ;
+    krb5_keytab_entry entry;
+    krb5_kt_cursor cursor;
+    enum { UNDEF, SPEC, HIGH, ALL, OLD } mode;
+    int code, did_something;
+    krb5_kvno kvno;
+
+    code = krb5_parse_name(context, princ_str, &princ);
+    if (code != 0) {
+        com_err(whoami, code, "while parsing principal name %s", princ_str);
+        return code;
+    }
+
+    mode = UNDEF;
+    if (kvno_str == NULL) {
+        mode = HIGH;
+        kvno = 0;
+    } else if (strcmp(kvno_str, "all") == 0) {
+        mode = ALL;
+        kvno = 0;
+    } else if (strcmp(kvno_str, "old") == 0) {
+        mode = OLD;
+        kvno = 0;
+    } else {
+        mode = SPEC;
+        kvno = atoi(kvno_str);
+    }
+
+    /* kvno is set to specified value for SPEC, 0 otherwise */
+    code = krb5_kt_get_entry(context, keytab, princ, kvno, 0, &entry);
+    if (code != 0) {
+        if (code == ENOENT) {
+            fprintf(stderr, "%s: Keytab %s does not exist.\n",
+                    whoami, keytab_str);
+        } else if (code == KRB5_KT_NOTFOUND) {
+            if (mode != SPEC) {
+                fprintf(stderr, "%s: No entry for principal "
+                        "%s exists in keytab %s\n",
+                        whoami, princ_str, keytab_str);
+            } else {
+                fprintf(stderr, "%s: No entry for principal "
+                        "%s with kvno %d exists in keytab "
+                        "%s.\n", whoami, princ_str, kvno, keytab_str);
+            }
+        } else
+            com_err(whoami, code, "while retrieving highest kvno from keytab");
+        return code;
+    }
+
+    /* set kvno to spec'ed value for SPEC, highest kvno otherwise */
+    kvno = entry.vno;
+    krb5_kt_free_entry(context, &entry);
+
+    code = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (code != 0) {
+        com_err(whoami, code, "while starting keytab scan");
+        return code;
+    }
+
+    did_something = 0;
+    while ((code = krb5_kt_next_entry(context, keytab, &entry,
+                                      &cursor)) == 0) {
+        if (krb5_principal_compare(context, princ, entry.principal) &&
+            ((mode == ALL) ||
+             (mode == SPEC && entry.vno == kvno) ||
+             (mode == OLD && entry.vno != kvno) ||
+             (mode == HIGH && entry.vno == kvno))) {
+
+            /*
+             * Ack!  What a kludge... the scanning functions lock
+             * the keytab so entries cannot be removed while they
+             * are operating.
+             */
+            code = krb5_kt_end_seq_get(context, keytab, &cursor);
+            if (code != 0) {
+                com_err(whoami, code, "while temporarily ending keytab scan");
+                return code;
+            }
+            code = krb5_kt_remove_entry(context, keytab, &entry);
+            if (code != 0) {
+                com_err(whoami, code, "while deleting entry from keytab");
+                return code;
+            }
+            code = krb5_kt_start_seq_get(context, keytab, &cursor);
+            if (code != 0) {
+                com_err(whoami, code, "while restarting keytab scan");
+                return code;
+            }
+
+            did_something++;
+            if (!quiet)
+                printf("Entry for principal %s with kvno %d "
+                       "removed from keytab %s.\n",
+                       princ_str, entry.vno, keytab_str);
+        }
+        krb5_kt_free_entry(context, &entry);
+    }
+    if (code && code != KRB5_KT_END) {
+        com_err(whoami, code, "while scanning keytab");
+        return code;
+    }
+    code = krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (code) {
+        com_err(whoami, code, "while ending keytab scan");
+        return code;
+    }
+
+    /*
+     * If !did_someting then mode must be OLD or we would have
+     * already returned with an error.  But check it anyway just to
+     * prevent unexpected error messages...
+     */
+    if (!did_something && mode == OLD) {
+        fprintf(stderr, "%s: There is only one entry for principal "
+                "%s in keytab %s\n", whoami, princ_str, keytab_str);
+        return 1;
+    }
+
+    return 0;
 }
 
 /*
@@ -477,14 +472,15 @@ int remove_principal(char *keytab_str, krb5_keytab keytab, char
  * encryption type.  XXX copied from klist.c; this should be a
  * library function, or perhaps just #defines
  */
-static char *etype_string(enctype)
-    krb5_enctype enctype;
+static char *
+etype_string(krb5_enctype enctype)
 {
     static char buf[100];
     krb5_error_code ret;
 
-    if ((ret = krb5_enctype_to_string(enctype, buf, sizeof(buf))))
-       snprintf(buf, sizeof(buf), "etype %d", enctype);
+    ret = krb5_enctype_to_string(enctype, buf, sizeof(buf));
+    if (ret)
+        snprintf(buf, sizeof(buf), "etype %d", enctype);
 
     return buf;
 }
index f73ba8238743ff1298e045b6ea2a7211cb82ea7b..93cf1dc7d07d1fc88a6e67922dcae6f297e8f82d 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -35,9 +36,8 @@ extern ss_request_table kadmin_cmds;
 extern int exit_status;
 extern char *whoami;
 
-int main(argc, argv)
-    int argc;
-    char *argv[];
+int
+main(int argc, char *argv[])
 {
     char *request;
     krb5_error_code retval;
@@ -46,18 +46,17 @@ int main(argc, argv)
     whoami = ((whoami = strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
 
     request = kadmin_startup(argc, argv);
-    sci_idx = ss_create_invocation(whoami, "5.0", (char *) NULL,
-                                  &kadmin_cmds, &retval);
+    sci_idx = ss_create_invocation(whoami, "5.0", NULL, &kadmin_cmds, &retval);
     if (retval) {
-       ss_perror(sci_idx, retval, "creating invocation");
-       exit(1);
+        ss_perror(sci_idx, retval, "creating invocation");
+        exit(1);
     }
     if (request) {
-           code = ss_execute_line(sci_idx, request);
-           if (code != 0) {
-                   ss_perror(sci_idx, code, request);
-                   exit_status++;
-           }
+            code = ss_execute_line(sci_idx, request);
+            if (code != 0) {
+                    ss_perror(sci_idx, code, request);
+                    exit_status++;
+            }
     } else
             retval = ss_listen(sci_idx);
     return quit() ? 1 : exit_status;
index 3ec5103dbbabfa2f7fb09b94ed1ab08df5c38d64..1eac9e339c0345019bbcda1ada5cf287f43c18d7 100644 (file)
@@ -269,8 +269,8 @@ proc kadmin_cpw { pname password } {
        send "adminpass$KEY\r"
     }
 
-    expect "Enter password for principal \"$pname\":" { send "$password\r" }
-    expect "Re-enter password for principal \"$pname\":" { send "$password\r" }
+    expect "Enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+    expect "Re-enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
     # When in doubt, jam one of these in there.
     expect "\r"
     expect "Password for \"$pname@$REALMNAME\" changed."