svn rev #22785: trunk/src/ kadmin/cli/ tests/dejagnu/krb-standalone/

ghudson@MIT.EDU ghudson at MIT.EDU
Thu Sep 24 12:48:58 EDT 2009


http://src.mit.edu/fisheye/changelog/krb5/?cs=22785
Commit By: ghudson
Log Message:
Update the kadmin client code to most current coding practices.



Changed Files:
U   trunk/src/kadmin/cli/kadmin.c
U   trunk/src/kadmin/cli/keytab.c
U   trunk/src/kadmin/cli/ss_wrapper.c
U   trunk/src/tests/dejagnu/krb-standalone/kadmin.exp
Modified: trunk/src/kadmin/cli/kadmin.c
===================================================================
--- trunk/src/kadmin/cli/kadmin.c	2009-09-24 15:40:26 UTC (rev 22784)
+++ trunk/src/kadmin/cli/kadmin.c	2009-09-24 16:48:57 UTC (rev 22785)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -52,58 +53,57 @@
 /* special struct to convert flag names for principals
    to actual krb5_flags for a principal */
 struct pflag {
-    char *flagname;		/* name of flag as typed to CLI */
-    int flaglen;		/* length of string (not counting -,+) */
-    krb5_flags theflag;		/* actual principal flag to set/clear */
-    int set;			/* 0 means clear, 1 means set (on '-') */
+    char *flagname;             /* name of flag as typed to CLI */
+    size_t flaglen;             /* length of string (not counting -,+) */
+    krb5_flags theflag;         /* actual principal flag to set/clear */
+    int set;                    /* 0 means clear, 1 means set (on '-') */
 };
 
 static struct pflag flags[] = {
-{"allow_postdated",	15,	KRB5_KDB_DISALLOW_POSTDATED,	1},
-{"allow_forwardable",	17,	KRB5_KDB_DISALLOW_FORWARDABLE,	1},
-{"allow_tgs_req",	13,	KRB5_KDB_DISALLOW_TGT_BASED,	1},
-{"allow_renewable",	15,	KRB5_KDB_DISALLOW_RENEWABLE,	1},
-{"allow_proxiable",	15,	KRB5_KDB_DISALLOW_PROXIABLE,	1},
-{"allow_dup_skey",	14,	KRB5_KDB_DISALLOW_DUP_SKEY,	1},
-{"allow_tix", 9,	KRB5_KDB_DISALLOW_ALL_TIX,	1},
-{"requires_preauth",	16,	KRB5_KDB_REQUIRES_PRE_AUTH,	0},
-{"requires_hwauth",	15,	KRB5_KDB_REQUIRES_HW_AUTH,	0},
-{"needchange", 10,	KRB5_KDB_REQUIRES_PWCHANGE,	0},
-{"allow_svr", 9,	KRB5_KDB_DISALLOW_SVR, 1},
-{"password_changing_service",	25,	KRB5_KDB_PWCHANGE_SERVICE,	0 },
-{"support_desmd5",	14,	KRB5_KDB_SUPPORT_DESMD5,	0 },
-{"ok_as_delegate",	14,	KRB5_KDB_OK_AS_DELEGATE,	0 },
-{"ok_to_auth_as_delegate", 22,	KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0 },
-{"no_auth_data_required", 21,	KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0},
+{"allow_postdated",     15,     KRB5_KDB_DISALLOW_POSTDATED,    1 },
+{"allow_forwardable",   17,     KRB5_KDB_DISALLOW_FORWARDABLE,  1 },
+{"allow_tgs_req",       13,     KRB5_KDB_DISALLOW_TGT_BASED,    1 },
+{"allow_renewable",     15,     KRB5_KDB_DISALLOW_RENEWABLE,    1 },
+{"allow_proxiable",     15,     KRB5_KDB_DISALLOW_PROXIABLE,    1 },
+{"allow_dup_skey",      14,     KRB5_KDB_DISALLOW_DUP_SKEY,     1 },
+{"allow_tix",            9,     KRB5_KDB_DISALLOW_ALL_TIX,      1 },
+{"requires_preauth",    16,     KRB5_KDB_REQUIRES_PRE_AUTH,     0 },
+{"requires_hwauth",     15,     KRB5_KDB_REQUIRES_HW_AUTH,      0 },
+{"needchange",          10,     KRB5_KDB_REQUIRES_PWCHANGE,     0 },
+{"allow_svr",            9,     KRB5_KDB_DISALLOW_SVR,          1 },
+{"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE,    0 },
+{"support_desmd5",      14,     KRB5_KDB_SUPPORT_DESMD5,        0 },
+{"ok_as_delegate",      14,     KRB5_KDB_OK_AS_DELEGATE,        0 },
+{"ok_to_auth_as_delegate", 22,  KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0 },
+{"no_auth_data_required", 21,   KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0 },
 };
 
 static char *prflags[] = {
-    "DISALLOW_POSTDATED",	/* 0x00000001 */
-    "DISALLOW_FORWARDABLE",	/* 0x00000002 */
-    "DISALLOW_TGT_BASED",	/* 0x00000004 */
-    "DISALLOW_RENEWABLE",	/* 0x00000008 */
-    "DISALLOW_PROXIABLE",	/* 0x00000010 */
-    "DISALLOW_DUP_SKEY",	/* 0x00000020 */
-    "DISALLOW_ALL_TIX",		/* 0x00000040 */
-    "REQUIRES_PRE_AUTH",	/* 0x00000080 */
-    "REQUIRES_HW_AUTH",		/* 0x00000100 */
-    "REQUIRES_PWCHANGE",	/* 0x00000200 */
-    "UNKNOWN_0x00000400",	/* 0x00000400 */
-    "UNKNOWN_0x00000800",	/* 0x00000800 */
-    "DISALLOW_SVR",		/* 0x00001000 */
-    "PWCHANGE_SERVICE",		/* 0x00002000 */
-    "SUPPORT_DESMD5",		/* 0x00004000 */
-    "NEW_PRINC",		/* 0x00008000 */
-    "UNKNOWN_0x00010000",	/* 0x00010000 */
-    "UNKNOWN_0x00020000",	/* 0x00020000 */
-    "UNKNOWN_0x00040000",	/* 0x00040000 */
-    "UNKNOWN_0x00080000",	/* 0x00080000 */
-    "OK_AS_DELEGATE",		/* 0x00100000 */
-    "OK_TO_AUTH_AS_DELEGATE",	/* 0x00200000 */
-    "NO_AUTH_DATA_REQUIRED",	/* 0x00400000 */
+    "DISALLOW_POSTDATED",       /* 0x00000001 */
+    "DISALLOW_FORWARDABLE",     /* 0x00000002 */
+    "DISALLOW_TGT_BASED",       /* 0x00000004 */
+    "DISALLOW_RENEWABLE",       /* 0x00000008 */
+    "DISALLOW_PROXIABLE",       /* 0x00000010 */
+    "DISALLOW_DUP_SKEY",        /* 0x00000020 */
+    "DISALLOW_ALL_TIX",         /* 0x00000040 */
+    "REQUIRES_PRE_AUTH",        /* 0x00000080 */
+    "REQUIRES_HW_AUTH",         /* 0x00000100 */
+    "REQUIRES_PWCHANGE",        /* 0x00000200 */
+    "UNKNOWN_0x00000400",       /* 0x00000400 */
+    "UNKNOWN_0x00000800",       /* 0x00000800 */
+    "DISALLOW_SVR",             /* 0x00001000 */
+    "PWCHANGE_SERVICE",         /* 0x00002000 */
+    "SUPPORT_DESMD5",           /* 0x00004000 */
+    "NEW_PRINC",                /* 0x00008000 */
+    "UNKNOWN_0x00010000",       /* 0x00010000 */
+    "UNKNOWN_0x00020000",       /* 0x00020000 */
+    "UNKNOWN_0x00040000",       /* 0x00040000 */
+    "UNKNOWN_0x00080000",       /* 0x00080000 */
+    "OK_AS_DELEGATE",           /* 0x00100000 */
+    "OK_TO_AUTH_AS_DELEGATE",   /* 0x00200000 */
+    "NO_AUTH_DATA_REQUIRED",    /* 0x00400000 */
 };
 
-char *getenv();
 int exit_status = 0;
 char *def_realm = NULL;
 char *whoami = NULL;
@@ -114,29 +114,30 @@
 
 int locked = 0;
 
-static void usage()
+static void
+usage()
 {
     fprintf(stderr,
-	    "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
-	    "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n"
-	    "\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n"
-	    "where,\n\t[-x db_args]* - any number of database specific arguments.\n"
-	    "\t\t\tLook at each database documentation for supported arguments\n",
-	    whoami);
+            "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
+            "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n"
+            "\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n"
+            "where,\n\t[-x db_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n",
+            whoami);
     exit(1);
 }
 
-static char *strdur(duration)
-    time_t duration;
+static char *
+strdur(time_t duration)
 {
     static char out[50];
     int neg, days, hours, minutes, seconds;
 
     if (duration < 0) {
-	duration *= -1;
-	neg = 1;
+        duration *= -1;
+        neg = 1;
     } else
-	neg = 0;
+        neg = 0;
     days = duration / (24 * 3600);
     duration %= 24 * 3600;
     hours = duration / 3600;
@@ -145,13 +146,13 @@
     duration %= 60;
     seconds = duration;
     snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
-	     days, days == 1 ? "day" : "days",
-	     hours, minutes, seconds);
+             days, days == 1 ? "day" : "days",
+             hours, minutes, seconds);
     return out;
 }
 
-static char *strdate(when)
-    krb5_timestamp when;
+static char *
+strdate(krb5_timestamp when)
 {
     struct tm *tm;
     static char out[40];
@@ -165,9 +166,7 @@
 /* this is a wrapper to go around krb5_parse_principal so we can set
    the default realm up properly */
 static krb5_error_code
-kadmin_parse_name(name, principal)
-    char *name;
-    krb5_principal *principal;
+kadmin_parse_name(char *name, krb5_principal *principal)
 {
     char *cp, *fullname;
     krb5_error_code retval;
@@ -176,63 +175,64 @@
     /* assumes def_realm is initialized! */
     cp = strchr(name, '@');
     while (cp) {
-	if (cp - name && *(cp - 1) != '\\')
-	    break;
-	else
-	    cp = strchr(cp + 1, '@');
+        if (cp - name && *(cp - 1) != '\\')
+            break;
+        else
+            cp = strchr(cp + 1, '@');
     }
     if (cp == NULL)
-	result = asprintf(&fullname, "%s@%s", name, def_realm);
+        result = asprintf(&fullname, "%s@%s", name, def_realm);
     else
-	result = asprintf(&fullname, "%s", name);
+        result = asprintf(&fullname, "%s", name);
     if (result < 0)
-	return ENOMEM;
+        return ENOMEM;
     retval = krb5_parse_name(context, fullname, principal);
     free(fullname);
     return retval;
 }
 
-static void extended_com_err_fn (const char *myprog, errcode_t code,
-				 const char *fmt, va_list args)
+static void
+extended_com_err_fn(const char *myprog, errcode_t code,
+                    const char *fmt, va_list args)
 {
+    const char *emsg;
+
     if (code) {
-	const char *emsg;
-	emsg = krb5_get_error_message (context, code);
-	fprintf (stderr, "%s: %s ", myprog, emsg);
-	krb5_free_error_message (context, emsg);
+        emsg = krb5_get_error_message(context, code);
+        fprintf(stderr, "%s: %s ", myprog, emsg);
+        krb5_free_error_message(context, emsg);
     } else {
-	fprintf (stderr, "%s: ", myprog);
+        fprintf(stderr, "%s: ", myprog);
     }
-    vfprintf (stderr, fmt, args);
-    fprintf (stderr, "\n");
+    vfprintf(stderr, fmt, args);
+    fprintf(stderr, "\n");
 }
 
 /* Create a principal using the oldest appropriate kadm5 API. */
 static krb5_error_code
 create_princ(kadm5_principal_ent_rec *princ, long mask, int n_ks,
-	     krb5_key_salt_tuple *ks, char *pass)
+             krb5_key_salt_tuple *ks, char *pass)
 {
     if (ks)
-	return kadm5_create_principal_3(handle, princ, mask, n_ks, ks, pass);
+        return kadm5_create_principal_3(handle, princ, mask, n_ks, ks, pass);
     else
-	return kadm5_create_principal(handle, princ, mask, pass);
+        return kadm5_create_principal(handle, princ, mask, pass);
 }
 
 /* Randomize a principal's password using the oldest appropriate kadm5 API. */
 static krb5_error_code
 randkey_princ(krb5_principal princ, krb5_boolean keepold, int n_ks,
-	      krb5_key_salt_tuple *ks)
+              krb5_key_salt_tuple *ks)
 {
     if (keepold || ks) {
-	return kadm5_randkey_principal_3(handle, princ, keepold, n_ks, ks,
-					 NULL, NULL);
+        return kadm5_randkey_principal_3(handle, princ, keepold, n_ks, ks,
+                                         NULL, NULL);
     } else
-	return kadm5_randkey_principal(handle, princ, NULL, NULL);
+        return kadm5_randkey_principal(handle, princ, NULL, NULL);
 }
 
-char *kadmin_startup(argc, argv)
-    int argc;
-    char *argv[];
+char *
+kadmin_startup(int argc, char *argv[])
 {
     extern char *optarg;
     char *princstr = NULL, *keytab_name = NULL, *query = NULL;
@@ -247,155 +247,141 @@
     char **db_args = NULL;
     int db_args_size = 0;
     char *db_name = NULL;
-    char *svcname;
+    char *svcname, *realm;
 
     memset(&params, 0, sizeof(params));
 
 #if defined(USE_KIM)
     /* Turn off all password prompting from the KLL */
-    retval = kim_library_set_allow_automatic_prompting (0);
+    retval = kim_library_set_allow_automatic_prompting(0);
     if (retval) {
-	com_err(whoami, retval, 
+        com_err(whoami, retval,
                 "while calling kim_library_set_allow_automatic_prompting()");
-	exit(1);
+        exit(1);
     }
 #endif
 
-    if (strcmp (whoami, "kadmin.local") == 0)
-	set_com_err_hook(extended_com_err_fn);
+    if (strcmp(whoami, "kadmin.local") == 0)
+        set_com_err_hook(extended_com_err_fn);
 
     retval = kadm5_init_krb5_context(&context);
     if (retval) {
-	com_err(whoami, retval, "while initializing krb5 library");
-	exit(1);
+        com_err(whoami, retval, "while initializing krb5 library");
+        exit(1);
     }
 
     while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) {
-	switch (optchar) {
-	case 'x':
-	    db_args_size++;
-	    {
-		char **temp = realloc(db_args, sizeof(char*) * (db_args_size+1));
-		if (temp == NULL) {
-		    fprintf(stderr,"%s: Cannot initialize. Not enough memory\n",
-			    argv[0]);
-		    exit(1);
-		}
+        switch (optchar) {
+        case 'x':
+            db_args_size++;
+            db_args = realloc(db_args, sizeof(char*) * (db_args_size + 1));
+            if (db_args == NULL) {
+                fprintf(stderr, "%s: Cannot initialize. Not enough memory\n",
+                        argv[0]);
+                exit(1);
+            }
+            db_args[db_args_size - 1] = optarg;
+            db_args[db_args_size] = NULL;
+            break;
 
-		db_args = temp;
-	    }
-	    db_args[db_args_size-1] = optarg;
-	    db_args[db_args_size]   = NULL;
-	    break;
+        case 'r':
+            def_realm = optarg;
+            break;
+        case 'p':
+            princstr = optarg;
+            break;
+        case 'c':
+            ccache_name = optarg;
+            break;
+        case 'k':
+            use_keytab++;
+            break;
+        case 't':
+            keytab_name = optarg;
+            break;
+        case 'w':
+            password = optarg;
+            break;
+        case 'q':
+            query = optarg;
+            break;
+        case 'd':
+            /* db_name has to be passed as part of the db_args. */
+            free(db_name);
+            asprintf(&db_name, "dbname=%s", optarg);
 
-	case 'r':
-	    def_realm = optarg;
-	    break;
-	case 'p':
-	    princstr = optarg;
-	    break;
-	case 'c':
-	    ccache_name = optarg;
-	    break;
-	case 'k':
-	    use_keytab++;
-	    break;
-	case 't':
-	    keytab_name = optarg;
-	    break;
-	case 'w':
-	    password = optarg;
-	    break;
-	case 'q':
-	    query = optarg;
-	    break;
-	case 'd':
-	    /* now db_name is not a seperate argument. It has to be passed as part of the db_args */
-	    if (db_name)
-		free(db_name);
-	    asprintf(&db_name, "dbname=%s", optarg);
-
-	    db_args_size++;
-	    {
-		char **temp = realloc(db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
-		if (temp == NULL) {
-		    fprintf(stderr,
-			    "%s: Cannot initialize. Not enough memory\n",
-			    argv[0]);
-		    exit(1);
-		}
-
-		db_args = temp;
-	    }
-	    db_args[db_args_size-1] = db_name;
-	    db_args[db_args_size]   = NULL;
-	    break;
-	case 's':
-	    params.admin_server = optarg;
-	    params.mask |= KADM5_CONFIG_ADMIN_SERVER;
-	    break;
-	case 'm':
-	    params.mkey_from_kbd = 1;
-	    params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
-	    break;
-	case 'e':
-	    retval = krb5_string_to_keysalts(optarg,
-					     ", \t",
-					     ":.-",
-					     0,
-					     &params.keysalts,
-					     &params.num_keysalts);
-	    if (retval) {
-		com_err(whoami, retval, "while parsing keysalts %s", optarg);
-		exit(1);
-	    }
-	    params.mask |= KADM5_CONFIG_ENCTYPES;
-	    break;
-	case 'O':
-	    params.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
-	    break;
-	case 'N':
-	    params.mask |= KADM5_CONFIG_AUTH_NOFALLBACK;
-	    break;
-	default:
-	    usage();
-	}
+            db_args_size++;
+            db_args = realloc(db_args, sizeof(char*) * (db_args_size + 1));
+            if (db_args == NULL) {
+                fprintf(stderr, "%s: Cannot initialize. Not enough memory\n",
+                        argv[0]);
+                exit(1);
+            }
+            db_args[db_args_size - 1] = db_name;
+            db_args[db_args_size] = NULL;
+            break;
+        case 's':
+            params.admin_server = optarg;
+            params.mask |= KADM5_CONFIG_ADMIN_SERVER;
+            break;
+        case 'm':
+            params.mkey_from_kbd = 1;
+            params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+            break;
+        case 'e':
+            retval = krb5_string_to_keysalts(optarg, ", \t", ":.-", 0,
+                                             &params.keysalts,
+                                             &params.num_keysalts);
+            if (retval) {
+                com_err(whoami, retval, "while parsing keysalts %s", optarg);
+                exit(1);
+            }
+            params.mask |= KADM5_CONFIG_ENCTYPES;
+            break;
+        case 'O':
+            params.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
+            break;
+        case 'N':
+            params.mask |= KADM5_CONFIG_AUTH_NOFALLBACK;
+            break;
+        default:
+            usage();
+        }
     }
     if ((ccache_name && use_keytab) ||
-	(keytab_name && !use_keytab))
-	usage();
+        (keytab_name && !use_keytab))
+        usage();
 
     if (def_realm == NULL && krb5_get_default_realm(context, &def_realm)) {
-	if (freeprinc)
-	    free(princstr);
-	fprintf(stderr, "%s: unable to get default realm\n", whoami);
-	exit(1);
+        fprintf(stderr, "%s: unable to get default realm\n", whoami);
+        exit(1);
     }
 
     params.mask |= KADM5_CONFIG_REALM;
     params.realm = def_realm;
 
     if (params.mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)
-	svcname = KADM5_ADMIN_SERVICE;
+        svcname = KADM5_ADMIN_SERVICE;
     else
-	svcname = NULL;
+        svcname = NULL;
 
     /*
      * Set cc to an open credentials cache, either specified by the -c
      * argument or the default.
      */
     if (ccache_name == NULL) {
-	if ((retval = krb5_cc_default(context, &cc))) {
-	    com_err(whoami, retval,
-		    "while opening default credentials cache");
-	    exit(1);
-	}
+        retval = krb5_cc_default(context, &cc);
+        if (retval) {
+            com_err(whoami, retval, "while opening default credentials cache");
+            exit(1);
+        }
     } else {
-	if ((retval = krb5_cc_resolve(context, ccache_name, &cc))) {
-	    com_err(whoami, retval,
-		    "while opening credentials cache %s", ccache_name);
-	    exit(1);
-	}
+        retval = krb5_cc_resolve(context, ccache_name, &cc);
+        if (retval) {
+            com_err(whoami, retval, "while opening credentials cache %s",
+                    ccache_name);
+            exit(1);
+        }
     }
 
     /*
@@ -410,93 +396,85 @@
      */
 
     if (princstr == NULL) {
-	if (ccache_name != NULL &&
-	    !krb5_cc_get_principal(context, cc, &princ)) {
-	    if ((retval = krb5_unparse_name(context, princ, &princstr))) {
-		com_err(whoami, retval,
-			"while canonicalizing principal name");
-		krb5_free_principal(context, princ);
-		exit(1);
-	    }
-	    krb5_free_principal(context, princ);
-	    freeprinc++;
-	} else if (use_keytab != 0) {
-	    if ((retval = krb5_sname_to_principal(context, NULL,
-						  "host",
-						  KRB5_NT_SRV_HST,
-						  &princ))) {
-		com_err(whoami, retval,
-			"creating host service principal");
-		exit(1);
-	    }
-	    if ((retval = krb5_unparse_name(context, princ, &princstr))) {
-		com_err(whoami, retval,
-			"while canonicalizing principal name");
-		krb5_free_principal(context, princ);
-		exit(1);
-	    }
-	    krb5_free_principal(context, princ);
-	    freeprinc++;
-	} else if (!krb5_cc_get_principal(context, cc, &princ)) {
-	    char *realm = NULL;
-	    if (krb5_unparse_name(context, princ, &canon)) {
-		fprintf(stderr,
-			"%s: unable to canonicalize principal\n", whoami);
-		krb5_free_principal(context, princ);
-		exit(1);
-	    }
-	    /* strip out realm of principal if it's there */
-	    realm = strchr(canon, '@');
-	    while (realm) {
-		if (realm - canon && *(realm - 1) != '\\')
-		    break;
-		else
-		    realm = strchr(realm+1, '@');
-	    }
-	    if (realm)
-		*realm++ = '\0';
-	    cp = strchr(canon, '/');
-	    while (cp) {
-		if (cp - canon && *(cp - 1) != '\\')
-		    break;
-		else
-		    cp = strchr(cp+1, '/');
-	    }
-	    if (cp != NULL)
-		*cp = '\0';
-	    if (asprintf(&princstr, "%s/admin%s%s", canon,
-			 (realm) ? "@" : "",
-			 (realm) ? realm : "") < 0) {
-		fprintf(stderr, "%s: out of memory\n", whoami);
-		exit(1);
-	    }
-	    free(canon);
-	    krb5_free_principal(context, princ);
-	    freeprinc++;
-	} else if ((luser = getenv("USER"))) {
-	    if (asprintf(&princstr, "%s/admin@%s", luser, def_realm) < 0) {
-		fprintf(stderr, "%s: out of memory\n", whoami);
-		exit(1);
-	    }
-	    freeprinc++;
-	} else if ((pw = getpwuid(getuid()))) {
-	    if (asprintf(&princstr, "%s/admin@%s", pw->pw_name,
-			 def_realm) < 0) {
-		fprintf(stderr, "%s: out of memory\n", whoami);
-		exit(1);
-	    }
-	    freeprinc++;
-	} else {
-	    fprintf(stderr, "%s: unable to figure out a principal name\n",
-		    whoami);
-	    exit(1);
-	}
+        if (ccache_name != NULL &&
+            !krb5_cc_get_principal(context, cc, &princ)) {
+            retval = krb5_unparse_name(context, princ, &princstr);
+            if (retval) {
+                com_err(whoami, retval, "while canonicalizing principal name");
+                exit(1);
+            }
+            krb5_free_principal(context, princ);
+            freeprinc++;
+        } else if (use_keytab != 0) {
+            retval = krb5_sname_to_principal(context, NULL, "host",
+                                             KRB5_NT_SRV_HST, &princ);
+            if (retval) {
+                com_err(whoami, retval, "creating host service principal");
+                exit(1);
+            }
+            retval = krb5_unparse_name(context, princ, &princstr);
+            if (retval) {
+                com_err(whoami, retval, "while canonicalizing principal name");
+                exit(1);
+            }
+            krb5_free_principal(context, princ);
+            freeprinc++;
+        } else if (!krb5_cc_get_principal(context, cc, &princ)) {
+            if (krb5_unparse_name(context, princ, &canon)) {
+                fprintf(stderr, "%s: unable to canonicalize principal\n",
+                        whoami);
+                exit(1);
+            }
+            /* Strip out realm of principal if it's there. */
+            realm = strchr(canon, '@');
+            while (realm) {
+                if (realm > canon && *(realm - 1) != '\\')
+                    break;
+                realm = strchr(realm + 1, '@');
+            }
+            if (realm)
+                *realm++ = '\0';
+            cp = strchr(canon, '/');
+            while (cp) {
+                if (cp > canon && *(cp - 1) != '\\')
+                    break;
+                cp = strchr(cp + 1, '/');
+            }
+            if (cp != NULL)
+                *cp = '\0';
+            if (asprintf(&princstr, "%s/admin%s%s", canon,
+                         (realm) ? "@" : "",
+                         (realm) ? realm : "") < 0) {
+                fprintf(stderr, "%s: out of memory\n", whoami);
+                exit(1);
+            }
+            free(canon);
+            krb5_free_principal(context, princ);
+            freeprinc++;
+        } else if ((luser = getenv("USER"))) {
+            if (asprintf(&princstr, "%s/admin@%s", luser, def_realm) < 0) {
+                fprintf(stderr, "%s: out of memory\n", whoami);
+                exit(1);
+            }
+            freeprinc++;
+        } else if ((pw = getpwuid(getuid()))) {
+            if (asprintf(&princstr, "%s/admin@%s", pw->pw_name,
+                         def_realm) < 0) {
+                fprintf(stderr, "%s: out of memory\n", whoami);
+                exit(1);
+            }
+            freeprinc++;
+        } else {
+            fprintf(stderr, "%s: unable to figure out a principal name\n",
+                    whoami);
+            exit(1);
+        }
     }
 
     retval = krb5_klog_init(context, "admin_server", whoami, 0);
     if (retval) {
-	com_err(whoami, retval, "while setting up logging");
-	exit(1);
+        com_err(whoami, retval, "while setting up logging");
+        exit(1);
     }
 
     /*
@@ -504,97 +482,83 @@
      * use it.  Otherwise, use/prompt for the password.
      */
     if (ccache_name) {
-	printf("Authenticating as principal %s with existing credentials.\n",
-	       princstr);
-	retval = kadm5_init_with_creds(context, princstr, cc,
-				       svcname,
-				       &params,
-				       KADM5_STRUCT_VERSION,
-				       KADM5_API_VERSION_2,
-				       db_args,
-				       &handle);
+        printf("Authenticating as principal %s with existing credentials.\n",
+               princstr);
+        retval = kadm5_init_with_creds(context, princstr, cc, svcname, &params,
+                                       KADM5_STRUCT_VERSION,
+                                       KADM5_API_VERSION_2, db_args, &handle);
     } else if (use_keytab) {
-	if (keytab_name)
-	    printf("Authenticating as principal %s with keytab %s.\n",
-		   princstr, keytab_name);
-	else
-	    printf("Authenticating as principal %s with default keytab.\n",
-		   princstr);
-	retval = kadm5_init_with_skey(context, princstr, keytab_name,
-				      svcname,
-				      &params,
-				      KADM5_STRUCT_VERSION,
-				      KADM5_API_VERSION_2,
-				      db_args,
-				      &handle);
+        if (keytab_name)
+            printf("Authenticating as principal %s with keytab %s.\n",
+                   princstr, keytab_name);
+        else
+            printf("Authenticating as principal %s with default keytab.\n",
+                   princstr);
+        retval = kadm5_init_with_skey(context, princstr, keytab_name, svcname,
+                                      &params, KADM5_STRUCT_VERSION,
+                                      KADM5_API_VERSION_2, db_args, &handle);
     } else {
-	printf("Authenticating as principal %s with password.\n",
-	       princstr);
-	retval = kadm5_init_with_password(context, princstr, password,
-					  svcname,
-					  &params,
-					  KADM5_STRUCT_VERSION,
-					  KADM5_API_VERSION_2,
-					  db_args,
-					  &handle);
+        printf("Authenticating as principal %s with password.\n",
+               princstr);
+        retval = kadm5_init_with_password(context, princstr, password, svcname,
+                                          &params, KADM5_STRUCT_VERSION,
+                                          KADM5_API_VERSION_2, db_args,
+                                          &handle);
     }
     if (retval) {
-	com_err(whoami, retval, "while initializing %s interface", whoami);
-	if (retval == KADM5_BAD_CLIENT_PARAMS ||
-	    retval == KADM5_BAD_SERVER_PARAMS)
-	    usage();
-	exit(1);
+        com_err(whoami, retval, "while initializing %s interface", whoami);
+        if (retval == KADM5_BAD_CLIENT_PARAMS ||
+            retval == KADM5_BAD_SERVER_PARAMS)
+            usage();
+        exit(1);
     }
     if (freeprinc)
-	free(princstr);
+        free(princstr);
 
-    if (db_name)
-	free(db_name), db_name=NULL;
+    free(db_name);
+    free(db_args);
 
-    if (db_args)
-	free(db_args), db_args=NULL;
-
-    if ((retval = krb5_cc_close(context, cc))) {
-	com_err(whoami, retval, "while closing ccache %s",
-		ccache_name);
-	exit(1);
+    retval = krb5_cc_close(context, cc);
+    if (retval) {
+        com_err(whoami, retval, "while closing ccache %s", ccache_name);
+        exit(1);
     }
 
     /* register the WRFILE keytab type and set it as the default */
     {
 #define DEFAULT_KEYTAB "WRFILE:/etc/krb5.keytab"
-	/* XXX krb5_defkeyname is an internal library global and
-	   should go away */
-	extern char *krb5_defkeyname;
-	krb5_defkeyname = DEFAULT_KEYTAB;
+        /* XXX krb5_defkeyname is an internal library global and
+           should go away */
+        extern char *krb5_defkeyname;
+        krb5_defkeyname = DEFAULT_KEYTAB;
     }
 
-    if ((retval = kadm5_init_iprop(handle, 0)) != 0) {
-	com_err(whoami, retval, _("while mapping update log"));
-	exit(1);
+    retval = kadm5_init_iprop(handle, 0);
+    if (retval) {
+        com_err(whoami, retval, _("while mapping update log"));
+        exit(1);
     }
 
     return query;
 }
 
-int quit()
+int
+quit()
 {
     kadm5_ret_t retval;
 
     if (locked) {
-	retval = kadm5_unlock(handle);
-	if (retval) {
-	    com_err("quit", retval, "while unlocking locked database");
-	    return 1;
-	}
-	locked = 0;
+        retval = kadm5_unlock(handle);
+        if (retval) {
+            com_err("quit", retval, "while unlocking locked database");
+            return 1;
+        }
+        locked = 0;
     }
 
     kadm5_destroy(handle);
-    if (ccache_name != NULL) {
-	fprintf(stderr,
-		"\n\a\a\aAdministration credentials NOT DESTROYED.\n");
-    }
+    if (ccache_name != NULL)
+        fprintf(stderr, "\n\a\a\aAdministration credentials NOT DESTROYED.\n");
 
     /* insert more random cleanup here */
     krb5_klog_close(context);
@@ -602,321 +566,259 @@
     return 0;
 }
 
-void kadmin_lock(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_lock(int argc, char *argv[])
 {
     kadm5_ret_t retval;
 
     if (locked)
-	return;
+        return;
     retval = kadm5_lock(handle);
     if (retval) {
-	com_err("lock", retval, "");
-	return;
+        com_err("lock", retval, "");
+        return;
     }
     locked = 1;
 }
 
-void kadmin_unlock(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_unlock(int argc, char *argv[])
 {
     kadm5_ret_t retval;
 
     if (!locked)
-	return;
+        return;
     retval = kadm5_unlock(handle);
     if (retval) {
-	com_err("unlock", retval, "");
-	return;
+        com_err("unlock", retval, "");
+        return;
     }
     locked = 0;
 }
 
-void kadmin_delprinc(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_delprinc(int argc, char *argv[])
 {
     kadm5_ret_t retval;
-    krb5_principal princ;
-    char *canon;
+    krb5_principal princ = NULL;
+    char *canon = NULL;
     char reply[5];
 
     if (! (argc == 2 ||
-	   (argc == 3 && !strcmp("-force", argv[1])))) {
-	fprintf(stderr, "usage: delete_principal [-force] principal\n");
-	return;
+           (argc == 3 && !strcmp("-force", argv[1])))) {
+        fprintf(stderr, "usage: delete_principal [-force] principal\n");
+        return;
     }
     retval = kadmin_parse_name(argv[argc - 1], &princ);
     if (retval) {
-	com_err("delete_principal", retval, "while parsing principal name");
-	return;
+        com_err("delete_principal", retval, "while parsing principal name");
+        return;
     }
     retval = krb5_unparse_name(context, princ, &canon);
     if (retval) {
-	com_err("delete_principal", retval,
-		"while canonicalizing principal");
-	krb5_free_principal(context, princ);
-	return;
+        com_err("delete_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     if (argc == 2) {
-	printf("Are you sure you want to delete the principal \"%s\"? (yes/no): ", canon);
-	fgets(reply, sizeof (reply), stdin);
-	if (strcmp("yes\n", reply)) {
-	    fprintf(stderr, "Principal \"%s\" not deleted\n", canon);
-	    free(canon);
-	    krb5_free_principal(context, princ);
-	    return;
-	}
+        printf("Are you sure you want to delete the principal \"%s\"? "
+               "(yes/no): ", canon);
+        fgets(reply, sizeof (reply), stdin);
+        if (strcmp("yes\n", reply)) {
+            fprintf(stderr, "Principal \"%s\" not deleted\n", canon);
+            goto cleanup;
+        }
     }
     retval = kadm5_delete_principal(handle, princ);
-    krb5_free_principal(context, princ);
     if (retval) {
-	com_err("delete_principal", retval,
-		"while deleting principal \"%s\"", canon);
-	free(canon);
-	return;
+        com_err("delete_principal", retval,
+                "while deleting principal \"%s\"", canon);
+        goto cleanup;
     }
-    printf("Principal \"%s\" deleted.\nMake sure that you have removed this principal from all ACLs before reusing.\n", canon);
+    printf("Principal \"%s\" deleted.\nMake sure that you have removed this "
+           "principal from all ACLs before reusing.\n", canon);
+
+cleanup:
+    krb5_free_principal(context, princ);
     free(canon);
-    return;
 }
 
-void kadmin_cpw(argc, argv)
-    int argc;
-    char *argv[];
+static void
+cpw_usage(const char *str)
 {
+    if (str)
+        fprintf(stderr, "%s\n", str);
+    fprintf(stderr, "usage: change_password [-randkey] [-keepold] "
+            "[-e keysaltlist] [-pw password] principal\n");
+}
+
+void
+kadmin_cpw(int argc, char *argv[])
+{
     kadm5_ret_t retval;
     static char newpw[1024];
     static char prompt1[1024], prompt2[1024];
-    char *canon;
-    char *pwarg = NULL;
+    char *canon = NULL, *pwarg = NULL;
     int n_ks_tuple = 0, randkey = 0;
     krb5_boolean keepold = FALSE;
     krb5_key_salt_tuple *ks_tuple = NULL;
-    krb5_principal princ;
+    krb5_principal princ = NULL;
     char **db_args = NULL;
     int db_args_size = 0;
 
-
     if (argc < 2) {
-	goto usage;
+        cpw_usage(NULL);
+        return;
     }
     for (argv++, argc--; argc > 1; argc--, argv++) {
-	if (!strcmp("-x", *argv)) {
-	    argc--;
-	    if (argc < 1) {
-		fprintf(stderr, "change_password: missing db argument\n");
-		goto usage;
-	    }
-	    db_args_size++;
-	    {
-		char **temp = realloc(db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
-		if (temp == NULL) {
-		    fprintf(stderr,"change_password: Not enough memory\n");
-		    free(db_args), db_args = NULL;
-		    exit(1);
-		}
-
-		db_args = temp;
-	    }
-	    db_args[db_args_size-1] = *++argv;
-	    db_args[db_args_size]   = NULL;
-	    continue;
-	}
-	if (!strcmp("-pw", *argv)) {
-	    argc--;
-	    if (argc < 1) {
-		fprintf(stderr, "change_password: missing password arg\n");
-		goto usage;
-	    }
-	    pwarg = *++argv;
-	    continue;
-	}
-	if (!strcmp("-randkey", *argv)) {
-	    randkey++;
-	    continue;
-	}
-	if (!strcmp("-keepold", *argv)) {
-	    keepold = TRUE;
-	    continue;
-	}
-	if (!strcmp("-e", *argv)) {
-	    argc--;
-	    if (argc < 1) {
-		fprintf(stderr,
-			"change_password: missing keysaltlist arg\n");
-		goto usage;
-	    }
-	    retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
-					     &ks_tuple, &n_ks_tuple);
-	    if (retval) {
-		com_err("change_password", retval,
-			"while parsing keysalts %s", *argv);
-		return;
-	    }
-	    continue;
-	}
-	goto usage;
+        if (!strcmp("-x", *argv)) {
+            argc--;
+            if (argc < 1) {
+                cpw_usage("change_password: missing db argument");
+                goto cleanup;
+            }
+            db_args_size++;
+            db_args = realloc(db_args, sizeof(char*) * (db_args_size + 1));
+            if (db_args == NULL) {
+                fprintf(stderr, "change_password: Not enough memory\n");
+                exit(1);
+            }
+            db_args[db_args_size - 1] = *++argv;
+            db_args[db_args_size] = NULL;
+        } else if (!strcmp("-pw", *argv)) {
+            argc--;
+            if (argc < 1) {
+                cpw_usage("change_password: missing password arg");
+                goto cleanup;
+            }
+            pwarg = *++argv;
+        } else if (!strcmp("-randkey", *argv)) {
+            randkey++;
+        } else if (!strcmp("-keepold", *argv)) {
+            keepold = TRUE;
+        } else if (!strcmp("-e", *argv)) {
+            argc--;
+            if (argc < 1) {
+                cpw_usage("change_password: missing keysaltlist arg");
+                goto cleanup;
+            }
+            retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
+                                             &ks_tuple, &n_ks_tuple);
+            if (retval) {
+                com_err("change_password", retval,
+                        "while parsing keysalts %s", *argv);
+                goto cleanup;
+            }
+        } else {
+            cpw_usage(NULL);
+            goto cleanup;
+        }
     }
     if (*argv == NULL) {
-	com_err("change_password", 0, "missing principal name");
-	goto usage;
+        com_err("change_password", 0, "missing principal name");
+        cpw_usage(NULL);
+        goto cleanup;
     }
     retval = kadmin_parse_name(*argv, &princ);
     if (retval) {
-	com_err("change_password", retval, "while parsing principal name");
-	if (ks_tuple != NULL)
-	    free(ks_tuple);
-	if (db_args) free(db_args);
-	return;
+        com_err("change_password", retval, "while parsing principal name");
+        goto cleanup;
     }
     retval = krb5_unparse_name(context, princ, &canon);
     if (retval) {
-	com_err("change_password", retval, "while canonicalizing principal");
-	krb5_free_principal(context, princ);
-	if (ks_tuple != NULL)
-	    free(ks_tuple);
-	if (db_args) free(db_args);
-	return;
+        com_err("change_password", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     if (pwarg != NULL) {
-	if (keepold || ks_tuple != NULL) {
-	    retval = kadm5_chpass_principal_3(handle, princ, keepold,
-					      n_ks_tuple, ks_tuple, pwarg);
-	    if (ks_tuple != NULL)
-		free(ks_tuple);
-	} else {
-	    retval = kadm5_chpass_principal(handle, princ, pwarg);
-	}
-	krb5_free_principal(context, princ);
-	if (retval) {
-	    com_err("change_password", retval,
-		    "while changing password for \"%s\".", canon);
-	    free(canon);
-	    if (db_args) free(db_args);
-	    return;
-	}
-	printf("Password for \"%s\" changed.\n", canon);
-	free(canon);
-	if (db_args) free(db_args);
-	return;
+        if (keepold || ks_tuple != NULL) {
+            retval = kadm5_chpass_principal_3(handle, princ, keepold,
+                                              n_ks_tuple, ks_tuple, pwarg);
+        } else {
+            retval = kadm5_chpass_principal(handle, princ, pwarg);
+        }
+        if (retval) {
+            com_err("change_password", retval,
+                    "while changing password for \"%s\".", canon);
+            goto cleanup;
+        }
+        printf("Password for \"%s\" changed.\n", canon);
     } else if (randkey) {
-	retval = randkey_princ(princ, keepold, n_ks_tuple, ks_tuple);
-	if (ks_tuple != NULL)
-	    free(ks_tuple);
-	krb5_free_principal(context, princ);
-	if (retval) {
-	    com_err("change_password", retval,
-		    "while randomizing key for \"%s\".", canon);
-	    free(canon);
-	    if (db_args) free(db_args);
-	    return;
-	}
-	printf("Key for \"%s\" randomized.\n", canon);
-	free(canon);
-	if (db_args) free(db_args);
-	return;
-    } else if (argc == 1) {
-	unsigned int i = sizeof (newpw) - 1;
-
-	snprintf(prompt1, sizeof(prompt1),
-		 "Enter password for principal \"%.900s\"",
-		 *argv);
-	snprintf(prompt2, sizeof(prompt2),
-		 "Re-enter password for principal \"%.900s\"",
-		 *argv);
-	retval = krb5_read_password(context, prompt1, prompt2,
-				    newpw, &i);
-	if (retval) {
-	    com_err("change_password", retval,
-		    "while reading password for \"%s\".", canon);
-	    free(canon);
-	    if (ks_tuple != NULL)
-		free(ks_tuple);
-	    krb5_free_principal(context, princ);
-	    if (db_args) free(db_args);
-	    return;
-	}
-	if (keepold || ks_tuple != NULL) {
-	    retval = kadm5_chpass_principal_3(handle, princ, keepold,
-					      n_ks_tuple, ks_tuple,
-					      newpw);
-	    if (ks_tuple != NULL)
-		free(ks_tuple);
-	} else {
-	    retval = kadm5_chpass_principal(handle, princ, newpw);
-	}
-	krb5_free_principal(context, princ);
-	memset(newpw, 0, sizeof (newpw));
-	if (retval) {
-	    com_err("change_password", retval,
-		    "while changing password for \"%s\".", canon);
-	    free(canon);
-	    if (db_args) free(db_args);
-	    return;
-	}
-	printf("Password for \"%s\" changed.\n", canon);
-	free(canon);
-	if (db_args) free(db_args);
-	return;
+        retval = randkey_princ(princ, keepold, n_ks_tuple, ks_tuple);
+        if (retval) {
+            com_err("change_password", retval,
+                    "while randomizing key for \"%s\".", canon);
+            goto cleanup;
+        }
+        printf("Key for \"%s\" randomized.\n", canon);
     } else {
-	free(canon);
-	krb5_free_principal(context, princ);
-    usage:
-	if (db_args) free(db_args);
-	if (ks_tuple != NULL)
-	    free(ks_tuple);
-	fprintf(stderr,
-		"usage: change_password [-randkey] [-keepold] "
-		"[-e keysaltlist] [-pw password] "
-		"principal\n");
-	return;
+        unsigned int i = sizeof (newpw) - 1;
+
+        snprintf(prompt1, sizeof(prompt1),
+                 "Enter password for principal \"%s\"", canon);
+        snprintf(prompt2, sizeof(prompt2),
+                 "Re-enter password for principal \"%s\"", canon);
+        retval = krb5_read_password(context, prompt1, prompt2,
+                                    newpw, &i);
+        if (retval) {
+            com_err("change_password", retval,
+                    "while reading password for \"%s\".", canon);
+            goto cleanup;
+        }
+        if (keepold || ks_tuple != NULL) {
+            retval = kadm5_chpass_principal_3(handle, princ, keepold,
+                                              n_ks_tuple, ks_tuple,
+                                              newpw);
+        } else {
+            retval = kadm5_chpass_principal(handle, princ, newpw);
+        }
+        memset(newpw, 0, sizeof (newpw));
+        if (retval) {
+            com_err("change_password", retval,
+                    "while changing password for \"%s\".", canon);
+            goto cleanup;
+        }
+        printf("Password for \"%s\" changed.\n", canon);
     }
+cleanup:
+    free(canon);
+    free(db_args);
+    krb5_free_principal(context, princ);
+    free(ks_tuple);
 }
 
 static void
 kadmin_free_tl_data(kadm5_principal_ent_t princ)
 {
-    krb5_tl_data *tl_data = princ->tl_data;
-    int n_tl_data         = princ->n_tl_data;
+    krb5_tl_data *tl_data = princ->tl_data, *next;
+    int n_tl_data = princ->n_tl_data;
     int i;
 
     princ->n_tl_data = 0;
-    princ->tl_data   = NULL;
+    princ->tl_data = NULL;
 
     for (i = 0; tl_data && (i < n_tl_data); i++) {
-	krb5_tl_data *next = tl_data->tl_data_next;
-	if (tl_data->tl_data_contents)
-	    free(tl_data->tl_data_contents);
-	free(tl_data);
-	tl_data = next;
+        next = tl_data->tl_data_next;
+        free(tl_data->tl_data_contents);
+        free(tl_data);
+        tl_data = next;
     }
 }
 
+/*
+ * Parse addprinc or modprinc arguments.  Some output fields may be
+ * filled in on error.
+ */
 #define KRB5_TL_DB_ARGS 0x7fff
 static int
-kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
-			ks_tuple, n_ks_tuple, 
+kadmin_parse_princ_args(int argc, char *argv[], kadm5_principal_ent_t oprinc,
+                        long *mask, char **pass, krb5_boolean *randkey,
+                        krb5_key_salt_tuple **ks_tuple, int *n_ks_tuple,
 #if APPLE_PKINIT
-                        cert_hash, 
+                        char **cert_hash,
 #endif /* APPLE_PKINIT */
-                        caller)
-    int argc;
-    char *argv[];
-    kadm5_principal_ent_t oprinc;
-    long *mask;
-    char **pass;
-    krb5_boolean *randkey;
-    krb5_key_salt_tuple **ks_tuple;
-    int *n_ks_tuple;
-#if APPLE_PKINIT
-    char **cert_hash;
-#endif /* APPLE_PKINIT */
-    char *caller;
+                        char *caller)
 {
-    int i, j, attrib_set;
+    int i, attrib_set;
+    size_t j;
     time_t date;
     time_t now;
     krb5_error_code retval;
@@ -932,239 +834,229 @@
     time(&now);
     *randkey = FALSE;
     for (i = 1; i < argc - 1; i++) {
-	attrib_set = 0;
-	if (strlen(argv[i]) == 2 &&
-	    !strcmp("-x",argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
+        attrib_set = 0;
+        if (strlen(argv[i]) == 2 && !strcmp("-x",argv[i])) {
+            if (++i > argc - 2)
+                return -1;
 
-	    tl_data = malloc(sizeof(krb5_tl_data));
-	    if (tl_data == NULL) {
-		fprintf(stderr, "Not enough memory\n");
-		return ENOMEM;
-	    }
+            tl_data = malloc(sizeof(krb5_tl_data));
+            if (tl_data == NULL) {
+                fprintf(stderr, "Not enough memory\n");
+                exit(1);
+            }
 
-	    memset(tl_data, 0, sizeof(krb5_tl_data));
-	    tl_data->tl_data_type = KRB5_TL_DB_ARGS;
-	    tl_data->tl_data_length  = strlen(argv[i])+1;
-	    tl_data->tl_data_contents = strdup(argv[i]);
+            memset(tl_data, 0, sizeof(krb5_tl_data));
+            tl_data->tl_data_type = KRB5_TL_DB_ARGS;
+            tl_data->tl_data_length = strlen(argv[i])+1;
+            tl_data->tl_data_contents = (krb5_octet *) strdup(argv[i]);
 
-	    if (tail) {
-		tail->tl_data_next = tl_data;
-	    } else {
-		oprinc->tl_data = tl_data;
-	    }
-	    tail = tl_data;
-	    oprinc->n_tl_data++;
+            if (tail) {
+                tail->tl_data_next = tl_data;
+            } else {
+                oprinc->tl_data = tl_data;
+            }
+            tail = tl_data;
+            oprinc->n_tl_data++;
 
-	    if (tl_data->tl_data_contents == NULL) {
-		fprintf(stderr, "Not enough memory\n");
-		return ENOMEM;
-	    }
-	    *mask |= KADM5_TL_DATA;
-	    continue;
-	}
-	if (strlen(argv[i]) == 7 &&
-	    !strcmp("-expire", argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		date = get_date(argv[i]);
-		if (date == (time_t)-1) {
-		    fprintf(stderr, "Invalid date specification \"%s\".\n",
-			    argv[i]);
-		    return -1;
-		}
-		oprinc->princ_expire_time = date;
-		*mask |= KADM5_PRINC_EXPIRE_TIME;
-		continue;
-	    }
-	}
-	if (strlen(argv[i]) == 9 &&
-	    !strcmp("-pwexpire", argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		date = get_date(argv[i]);
-		if (date == (time_t)-1) {
-		    fprintf(stderr, "Invalid date specification \"%s\".\n",
-			    argv[i]);
-		    return -1;
-		}
-		oprinc->pw_expiration = date;
-		*mask |= KADM5_PW_EXPIRATION;
-		continue;
-	    }
-	}
-	if (strlen(argv[i]) == 8 &&
-	    !strcmp("-maxlife", argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		date = get_date(argv[i]);
-		if (date == (time_t)-1) {
-		    fprintf(stderr, "Invalid date specification \"%s\".\n",
-			    argv[i]);
-		    return -1;
-		}
-		oprinc->max_life = date - now;
-		*mask |= KADM5_MAX_LIFE;
-		continue;
-	    }
-	}
-	if (strlen(argv[i]) == 13 &&
-	    !strcmp("-maxrenewlife", argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		date = get_date(argv[i]);
-		if (date == (time_t)-1) {
-		    fprintf(stderr, "Invalid date specification \"%s\".\n",
-			    argv[i]);
-		    return -1;
-		}
-		oprinc->max_renewable_life = date - now;
-		*mask |= KADM5_MAX_RLIFE;
-		continue;
-	    }
-	}
-	if (strlen(argv[i]) == 5 &&
-	    !strcmp("-kvno", argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		oprinc->kvno = atoi(argv[i]);
-		*mask |= KADM5_KVNO;
-		continue;
-	    }
-	}
-	if (strlen(argv[i]) == 7 &&
-	    !strcmp("-policy", argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		oprinc->policy = argv[i];
-		*mask |= KADM5_POLICY;
-		continue;
-	    }
-	}
-	if (strlen(argv[i]) == 12 &&
-	    !strcmp("-clearpolicy", argv[i])) {
-	    oprinc->policy = NULL;
-	    *mask |= KADM5_POLICY_CLR;
-	    continue;
-	}
-	if (strlen(argv[i]) == 3 &&
-	    !strcmp("-pw", argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		*pass = argv[i];
-		continue;
-	    }
-	}
-	if (strlen(argv[i]) == 8 &&
-	    !strcmp("-randkey", argv[i])) {
-	    *randkey = TRUE;
-	    continue;
-	}
+            if (tl_data->tl_data_contents == NULL) {
+                fprintf(stderr, "Not enough memory\n");
+                exit(1);
+            }
+            *mask |= KADM5_TL_DATA;
+            continue;
+        }
+        if (strlen(argv[i]) == 7 && !strcmp("-expire", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                oprinc->princ_expire_time = date;
+                *mask |= KADM5_PRINC_EXPIRE_TIME;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 9 && !strcmp("-pwexpire", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                oprinc->pw_expiration = date;
+                *mask |= KADM5_PW_EXPIRATION;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 8 && !strcmp("-maxlife", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                oprinc->max_life = date - now;
+                *mask |= KADM5_MAX_LIFE;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 13 && !strcmp("-maxrenewlife", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                oprinc->max_renewable_life = date - now;
+                *mask |= KADM5_MAX_RLIFE;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 5 && !strcmp("-kvno", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                oprinc->kvno = atoi(argv[i]);
+                *mask |= KADM5_KVNO;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 7 && !strcmp("-policy", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                oprinc->policy = argv[i];
+                *mask |= KADM5_POLICY;
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 12 && !strcmp("-clearpolicy", argv[i])) {
+            oprinc->policy = NULL;
+            *mask |= KADM5_POLICY_CLR;
+            continue;
+        }
+        if (strlen(argv[i]) == 3 && !strcmp("-pw", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                *pass = argv[i];
+                continue;
+            }
+        }
+        if (strlen(argv[i]) == 8 && !strcmp("-randkey", argv[i])) {
+            *randkey = TRUE;
+            continue;
+        }
 #if APPLE_PKINIT
-	if (strlen(argv[i]) == 9 &&
-	    !strcmp("-certhash", argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		*cert_hash = argv[i];
-		continue;
-	    }
-	}
+        if (strlen(argv[i]) == 9 && !strcmp("-certhash", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                *cert_hash = argv[i];
+                continue;
+            }
+        }
 #endif /* APPLE_PKINIT */
-	if (!strcmp("-e", argv[i])) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		retval = krb5_string_to_keysalts(argv[i], ", \t", ":.-", 0,
-						 ks_tuple, n_ks_tuple);
-		if (retval) {
-		    com_err(caller, retval,
-			    "while parsing keysalts %s", argv[i]);
-		    return -1;
-		}
-	    }
-	    continue;
-	}
-	for (j = 0; j < sizeof (flags) / sizeof (struct pflag); j++) {
-	    if (strlen(argv[i]) == flags[j].flaglen + 1 &&
-		!strcmp(flags[j].flagname,
-			&argv[i][1] /* strip off leading + or - */)) {
-		if ((flags[j].set && argv[i][0] == '-') ||
-		    (!flags[j].set && argv[i][0] == '+')) {
-		    oprinc->attributes |= flags[j].theflag;
-		    *mask |= KADM5_ATTRIBUTES;
-		    attrib_set++;
-		    break;
-		} else if ((flags[j].set && argv[i][0] == '+') ||
-			   (!flags[j].set && argv[i][0] == '-')) {
-		    oprinc->attributes &= ~flags[j].theflag;
-		    *mask |= KADM5_ATTRIBUTES;
-		    attrib_set++;
-		    break;
-		} else {
-		    return -1;
-		}
-	    }
-	}
-	if (!attrib_set)
-	    return -1;		/* nothing was parsed */
+        if (!strcmp("-e", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                retval = krb5_string_to_keysalts(argv[i], ", \t", ":.-", 0,
+                                                 ks_tuple, n_ks_tuple);
+                if (retval) {
+                    com_err(caller, retval,
+                            "while parsing keysalts %s", argv[i]);
+                    return -1;
+                }
+            }
+            continue;
+        }
+        for (j = 0; j < sizeof(flags) / sizeof(struct pflag); j++) {
+            if (strlen(argv[i]) == flags[j].flaglen + 1 &&
+                !strcmp(flags[j].flagname,
+                        &argv[i][1] /* strip off leading + or - */)) {
+                if ((flags[j].set && argv[i][0] == '-') ||
+                    (!flags[j].set && argv[i][0] == '+')) {
+                    oprinc->attributes |= flags[j].theflag;
+                    *mask |= KADM5_ATTRIBUTES;
+                    attrib_set++;
+                    break;
+                } else if ((flags[j].set && argv[i][0] == '+') ||
+                           (!flags[j].set && argv[i][0] == '-')) {
+                    oprinc->attributes &= ~flags[j].theflag;
+                    *mask |= KADM5_ATTRIBUTES;
+                    attrib_set++;
+                    break;
+                } else {
+                    return -1;
+                }
+            }
+        }
+        if (!attrib_set)
+            return -1;          /* nothing was parsed */
     }
-    if (i != argc - 1) {
-	return -1;
-    }
+    if (i != argc - 1)
+        return -1;
     retval = kadmin_parse_name(argv[i], &oprinc->principal);
     if (retval) {
-	com_err(caller, retval, "while parsing principal");
-	return -1;
+        com_err(caller, retval, "while parsing principal");
+        return -1;
     }
     return 0;
 }
 
 static void
-kadmin_addprinc_usage(func)
-    char *func;
+kadmin_addprinc_usage()
 {
-    fprintf(stderr, "usage: %s [options] principal\n", func);
+    fprintf(stderr, "usage: add_principal [options] principal\n");
     fprintf(stderr, "\toptions are:\n");
-    fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy] [-randkey]\n\t\t[-pw password] [-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n"
+    fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] "
+            "[-pwexpire pwexpdate] [-maxlife maxtixlife]\n"
+            "\t\t[-kvno kvno] [-policy policy] [-clearpolicy] [-randkey]\n"
+            "\t\t[-pw password] [-maxrenewlife maxrenewlife]\n"
+            "\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n"
 #if APPLE_PKINIT
             "\t\t[-certhash hash_string]\n"
 #endif /* APPLE_PKINIT */
             );
     fprintf(stderr, "\tattributes are:\n");
     fprintf(stderr, "%s%s%s",
-	    "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
-	    "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
-	    "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
-	    "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
-	    "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
-	    "\t\t\tLook at each database documentation for supported arguments\n");
+            "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
+            "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
+            "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+            "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+            "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n");
 }
 
 static void
-kadmin_modprinc_usage(func)
-    char *func;
+kadmin_modprinc_usage()
 {
-    fprintf(stderr, "usage: %s [options] principal\n", func);
+    fprintf(stderr, "usage: modify_principal [options] principal\n");
     fprintf(stderr, "\toptions are:\n");
     fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n");
     fprintf(stderr, "\tattributes are:\n");
     fprintf(stderr, "%s%s%s",
-	    "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
-	    "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
-	    "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
-	    "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
-	    "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
-	    "\t\t\tLook at each database documentation for supported arguments\n"
-	);
+            "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
+            "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
+            "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+            "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+            "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n"
+        );
 }
 
 /* Create a dummy password for old-style (pre-1.8) randkey creation. */
@@ -1176,21 +1068,20 @@
     /* Must try to pass any password policy in place, and be valid UTF-8. */
     strlcpy(buf, "6F a[", sz);
     for (i = strlen(buf); i < sz - 1; i++)
- 	buf[i] = 'a' + (i % 26);
+        buf[i] = 'a' + (i % 26);
     buf[sz - 1] = '\0';
 }
 
-void kadmin_addprinc(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_addprinc(int argc, char *argv[])
 {
     kadm5_principal_ent_rec princ;
     kadm5_policy_ent_rec defpol;
     long mask;
     krb5_boolean randkey = FALSE, old_style_randkey = FALSE;
     int n_ks_tuple;
-    krb5_key_salt_tuple *ks_tuple;
-    char *pass, *canon;
+    krb5_key_salt_tuple *ks_tuple = NULL;
+    char *pass, *canon = NULL;
     krb5_error_code retval;
     char newpw[1024], dummybuf[256];
     static char prompt1[1024], prompt2[1024];
@@ -1202,35 +1093,28 @@
     memset(&princ, 0, sizeof(princ));
 
     princ.attributes = 0;
-    if (kadmin_parse_princ_args(argc, argv,
-				&princ, &mask, &pass, &randkey,
-				&ks_tuple, &n_ks_tuple,
+    if (kadmin_parse_princ_args(argc, argv, &princ, &mask, &pass, &randkey,
+                                &ks_tuple, &n_ks_tuple,
 #if APPLE_PKINIT
                                 &cert_hash,
 #endif /* APPLE_PKINIT */
-				"add_principal")) {
-	kadmin_addprinc_usage("add_principal");
-	kadmin_free_tl_data(&princ); /* need to free ks_tuple also??? */
-	return;
+                                "add_principal")) {
+        kadmin_addprinc_usage();
+        goto cleanup;
     }
 
 #if APPLE_PKINIT
     if(cert_hash != NULL) {
-	fprintf(stderr,
+        fprintf(stderr,
               "add_principal: -certhash not allowed; use modify_principal\n");
-	return;
+        goto cleanup;
     }
 #endif /* APPLE_PKINIT */
 
     retval = krb5_unparse_name(context, princ.principal, &canon);
     if (retval) {
-	com_err("add_principal",
-		retval, "while canonicalizing principal");
-	krb5_free_principal(context, princ.principal);
-	if (ks_tuple != NULL)
-	    free(ks_tuple);
-	kadmin_free_tl_data(&princ);
-	return;
+        com_err("add_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
 
     /*
@@ -1239,124 +1123,98 @@
      * -clearpolicy was specified, then KADM5_POLICY_CLR should be
      * unset, since it is never valid for kadm5_create_principal.
      */
-    if ((! (mask & KADM5_POLICY)) &&
-	(! (mask & KADM5_POLICY_CLR))) {
-	if (! kadm5_get_policy(handle, "default", &defpol)) {
-	    fprintf(stderr,
-		    "NOTICE: no policy specified for %s; assigning \"default\"\n",
-		    canon);
-	    princ.policy = "default";
-	    mask |= KADM5_POLICY;
-	    (void) kadm5_free_policy_ent(handle, &defpol);
-	} else
-	    fprintf(stderr,
-		    "WARNING: no policy specified for %s; defaulting to no policy\n",
-		    canon);
+    if (!(mask & KADM5_POLICY) && !(mask & KADM5_POLICY_CLR)) {
+        if (!kadm5_get_policy(handle, "default", &defpol)) {
+            fprintf(stderr, "NOTICE: no policy specified for %s; "
+                    "assigning \"default\"\n", canon);
+            princ.policy = "default";
+            mask |= KADM5_POLICY;
+            kadm5_free_policy_ent(handle, &defpol);
+        } else
+            fprintf(stderr, "WARNING: no policy specified for %s; "
+                    "defaulting to no policy\n", canon);
     }
     mask &= ~KADM5_POLICY_CLR;
 
     if (randkey) {
-	pass = NULL;
+        pass = NULL;
     } else if (pass == NULL) {
-	unsigned int sz = sizeof (newpw) - 1;
+        unsigned int sz = sizeof(newpw) - 1;
 
-	snprintf(prompt1, sizeof(prompt1),
-		 "Enter password for principal \"%.900s\"",
-		 canon);
-	snprintf(prompt2, sizeof(prompt2),
-		 "Re-enter password for principal \"%.900s\"",
-		 canon);
-	retval = krb5_read_password(context, prompt1, prompt2,
-				    newpw, &sz);
-	if (retval) {
-	    com_err("add_principal", retval,
-		    "while reading password for \"%s\".", canon);
-	    free(canon);
-	    krb5_free_principal(context, princ.principal);
-	    kadmin_free_tl_data(&princ);
-	    return;
-	}
-	pass = newpw;
+        snprintf(prompt1, sizeof(prompt1),
+                 "Enter password for principal \"%s\"", canon);
+        snprintf(prompt2, sizeof(prompt2),
+                 "Re-enter password for principal \"%s\"", canon);
+        retval = krb5_read_password(context, prompt1, prompt2, newpw, &sz);
+        if (retval) {
+            com_err("add_principal", retval,
+                    "while reading password for \"%s\".", canon);
+            goto cleanup;
+        }
+        pass = newpw;
     }
     mask |= KADM5_PRINCIPAL;
     retval = create_princ(&princ, mask, n_ks_tuple, ks_tuple, pass);
     if (retval == EINVAL && randkey) {
-	/*
-	 * The server doesn't support randkey creation.  Create the principal
-	 * with a dummy password and disallow tickets.
-	 */
-	prepare_dummy_password(dummybuf, sizeof(dummybuf));
-	princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-	mask |= KADM5_ATTRIBUTES;
-	pass = dummybuf;
-	retval = create_princ(&princ, mask, n_ks_tuple, ks_tuple, pass);
-	old_style_randkey = 1;
+        /*
+         * The server doesn't support randkey creation.  Create the principal
+         * with a dummy password and disallow tickets.
+         */
+        prepare_dummy_password(dummybuf, sizeof(dummybuf));
+        princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+        mask |= KADM5_ATTRIBUTES;
+        pass = dummybuf;
+        retval = create_princ(&princ, mask, n_ks_tuple, ks_tuple, pass);
+        old_style_randkey = 1;
     }
     if (retval) {
-	com_err("add_principal", retval, "while creating \"%s\".",
-		canon);
-	krb5_free_principal(context, princ.principal);
-	free(canon);
-	if (ks_tuple != NULL)
-	    free(ks_tuple);
-	kadmin_free_tl_data(&princ);
-	return;
+        com_err("add_principal", retval, "while creating \"%s\".", canon);
+        goto cleanup;
     }
     if (old_style_randkey) {
-	/* Randomize the password and re-enable tickets. */
-	retval = randkey_princ(princ.principal, FALSE, n_ks_tuple, ks_tuple);
-	if (retval) {
-	    com_err("add_principal", retval,
-		    "while randomizing key for \"%s\".", canon);
-	    krb5_free_principal(context, princ.principal);
-	    free(canon);
-	    if (ks_tuple != NULL)
-		free(ks_tuple);
-	    kadmin_free_tl_data(&princ);
-	    return;
-	}
-	princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX;	/* clear notix */
-	mask = KADM5_ATTRIBUTES;
-	retval = kadm5_modify_principal(handle, &princ, mask);
-	if (retval) {
-	    com_err("add_principal", retval,
-		    "while clearing DISALLOW_ALL_TIX for \"%s\".", canon);
-	    krb5_free_principal(context, princ.principal);
-	    free(canon);
-	    if (ks_tuple != NULL)
-		free(ks_tuple);
-	    kadmin_free_tl_data(&princ);
-	    return;
-	}
+        /* Randomize the password and re-enable tickets. */
+        retval = randkey_princ(princ.principal, FALSE, n_ks_tuple, ks_tuple);
+        if (retval) {
+            com_err("add_principal", retval,
+                    "while randomizing key for \"%s\".", canon);
+            goto cleanup;
+        }
+        princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */
+        mask = KADM5_ATTRIBUTES;
+        retval = kadm5_modify_principal(handle, &princ, mask);
+        if (retval) {
+            com_err("add_principal", retval,
+                    "while clearing DISALLOW_ALL_TIX for \"%s\".", canon);
+            goto cleanup;
+        }
     }
-    krb5_free_principal(context, princ.principal);
     printf("Principal \"%s\" created.\n", canon);
-    if (ks_tuple != NULL)
-	free(ks_tuple);
+
+cleanup:
+    krb5_free_principal(context, princ.principal);
+    free(ks_tuple);
     free(canon);
     kadmin_free_tl_data(&princ);
-
 }
 
-void kadmin_modprinc(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_modprinc(int argc, char *argv[])
 {
     kadm5_principal_ent_rec princ, oldprinc;
-    krb5_principal kprinc;
+    krb5_principal kprinc = NULL;
     long mask;
     krb5_error_code retval;
-    char *pass, *canon;
+    char *pass, *canon = NULL;
     krb5_boolean randkey = FALSE;
     int n_ks_tuple = 0;
-    krb5_key_salt_tuple *ks_tuple;
+    krb5_key_salt_tuple *ks_tuple = NULL;
 #if APPLE_PKINIT
     char *cert_hash = NULL;
 #endif /* APPLE_PKINIT */
 
     if (argc < 2) {
-	kadmin_modprinc_usage("modify_principal");
-	return;
+        kadmin_modprinc_usage();
+        return;
     }
 
     memset(&oldprinc, 0, sizeof(oldprinc));
@@ -1364,77 +1222,44 @@
 
     retval = kadmin_parse_name(argv[argc - 1], &kprinc);
     if (retval) {
-	com_err("modify_principal", retval, "while parsing principal");
-	return;
+        com_err("modify_principal", retval, "while parsing principal");
+        return;
     }
     retval = krb5_unparse_name(context, kprinc, &canon);
     if (retval) {
-	com_err("modify_principal", retval,
-		"while canonicalizing principal");
-	krb5_free_principal(context, kprinc);
-	return;
+        com_err("modify_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     retval = kadm5_get_principal(handle, kprinc, &oldprinc,
-				 KADM5_PRINCIPAL_NORMAL_MASK);
+                                 KADM5_PRINCIPAL_NORMAL_MASK);
     if (retval) {
-	com_err("modify_principal", retval, "while getting \"%s\".",
-		canon);
-	krb5_free_principal(context, kprinc);
-	free(canon);
-	return;
+        com_err("modify_principal", retval, "while getting \"%s\".", canon);
+        goto cleanup;
     }
     princ.attributes = oldprinc.attributes;
     kadm5_free_principal_ent(handle, &oldprinc);
     retval = kadmin_parse_princ_args(argc, argv,
-				     &princ, &mask,
-				     &pass, &randkey,
-				     &ks_tuple, &n_ks_tuple,
+                                     &princ, &mask,
+                                     &pass, &randkey,
+                                     &ks_tuple, &n_ks_tuple,
 #if APPLE_PKINIT
                                      &cert_hash,
 #endif /* APPLE_PKINIT */
-				     "modify_principal");
-    if (ks_tuple != NULL) {
-	free(ks_tuple);
-	kadmin_modprinc_usage("modify_principal");
-	free(canon);
-	krb5_free_principal(context, kprinc);
-	kadmin_free_tl_data(&princ); /* Apple had this commented out.  Why? */
-	return;
+                                     "modify_principal");
+    if (retval || ks_tuple != NULL || randkey || pass) {
+        kadmin_modprinc_usage();
+        goto cleanup;
     }
-    if (retval) {
-	kadmin_modprinc_usage("modify_principal");
-	free(canon);
-	krb5_free_principal(context, kprinc);
-	kadmin_free_tl_data(&princ); /* Apple had this commented out.  Why? */
-	return;
-    }
-    if (randkey) {
-	fprintf(stderr, "modify_principal: -randkey not allowed\n");
-	krb5_free_principal(context, princ.principal);
-	free(canon);
-	krb5_free_principal(context, kprinc);
-	kadmin_free_tl_data(&princ);
-	return;
-    }
-    if (pass) {
-	fprintf(stderr,
-		"modify_principal: -pw not allowed; use change_password\n");
-	krb5_free_principal(context, princ.principal);
-	free(canon);
-	krb5_free_principal(context, kprinc);
-	kadmin_free_tl_data(&princ);
-	return;
-    }
 #if APPLE_PKINIT
     if (cert_hash) {
-        /* 
+        /*
          * Use something other than the 1st preferred enctype here for fallback
          * to pwd authentication
          */
         krb5_key_salt_tuple key_salt = {ENCTYPE_ARCFOUR_HMAC, KRB5_KDB_SALTTYPE_CERTHASH};
         krb5_keyblock keyblock;
         kadm5_ret_t kadmin_rtn;
-        
+
         keyblock.magic = KV5M_KEYBLOCK;
         keyblock.enctype = ENCTYPE_ARCFOUR_HMAC;
         keyblock.length = strlen(cert_hash);
@@ -1447,275 +1272,250 @@
             com_err("modify_principal", kadmin_rtn,
                     "while adding certhash for \"%s\".", canon);
             printf("realm %s data %s\n", (char *)kprinc->realm.data, (char *)kprinc->data->data);
-            free(canon);
-            krb5_free_principal(context, princ.principal);
-            krb5_free_principal(context, kprinc);
-            return;
+            goto cleanup;
         }
         retval = 0;
     }
 #endif /* APPLE_PKINIT */
     if (mask) {
-	/* skip this if all we're doing is setting certhash */
-	retval = kadm5_modify_principal(handle, &princ, mask);
+        /* Skip this if all we're doing is setting certhash. */
+        retval = kadm5_modify_principal(handle, &princ, mask);
     }
-    krb5_free_principal(context, kprinc);
-    krb5_free_principal(context, princ.principal);
     if (retval) {
-	com_err("modify_principal", retval,
-		"while modifying \"%s\".", canon);
-	free(canon);
-	kadmin_free_tl_data(&princ);
-	return;
+        com_err("modify_principal", retval, "while modifying \"%s\".", canon);
+        goto cleanup;
     }
     printf("Principal \"%s\" modified.\n", canon);
+cleanup:
+    krb5_free_principal(context, kprinc);
+    krb5_free_principal(context, princ.principal);
     kadmin_free_tl_data(&princ);
     free(canon);
+    free(ks_tuple);
 }
 
-void kadmin_getprinc(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getprinc(int argc, char *argv[])
 {
     kadm5_principal_ent_rec dprinc;
-    krb5_principal princ;
+    krb5_principal princ = NULL;
     krb5_error_code retval;
-    char *canon, *modcanon;
+    char *canon = NULL, *modcanon = NULL;
     int i;
+    size_t j;
 
-    if (! (argc == 2 ||
-	   (argc == 3 && !strcmp("-terse", argv[1])))) {
-	fprintf(stderr, "usage: get_principal [-terse] principal\n");
-	return;
+    if (!(argc == 2 || (argc == 3 && !strcmp("-terse", argv[1])))) {
+        fprintf(stderr, "usage: get_principal [-terse] principal\n");
+        return;
     }
 
-
     memset(&dprinc, 0, sizeof(dprinc));
-    memset(&princ, 0, sizeof(princ));
 
     retval = kadmin_parse_name(argv[argc - 1], &princ);
     if (retval) {
-	com_err("get_principal", retval, "while parsing principal");
-	return;
+        com_err("get_principal", retval, "while parsing principal");
+        return;
     }
     retval = krb5_unparse_name(context, princ, &canon);
     if (retval) {
-	com_err("get_principal", retval, "while canonicalizing principal");
-	krb5_free_principal(context, princ);
-	return;
+        com_err("get_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     retval = kadm5_get_principal(handle, princ, &dprinc,
-				 KADM5_PRINCIPAL_NORMAL_MASK | KADM5_KEY_DATA);
-    krb5_free_principal(context, princ);
+                                 KADM5_PRINCIPAL_NORMAL_MASK | KADM5_KEY_DATA);
     if (retval) {
-	com_err("get_principal", retval, "while retrieving \"%s\".", canon);
-	free(canon);
-	return;
+        com_err("get_principal", retval, "while retrieving \"%s\".", canon);
+        goto cleanup;
     }
-    free(canon);
-    canon = NULL;
     retval = krb5_unparse_name(context, dprinc.principal, &canon);
     if (retval) {
-	com_err("get_principal", retval, "while canonicalizing principal");
-	kadm5_free_principal_ent(handle, &dprinc);
-	return;
+        com_err("get_principal", retval, "while canonicalizing principal");
+        goto cleanup;
     }
     retval = krb5_unparse_name(context, dprinc.mod_name, &modcanon);
     if (retval) {
-	com_err("get_principal", retval, "while unparsing modname");
-	kadm5_free_principal_ent(handle, &dprinc);
-	free(canon);
-	return;
+        com_err("get_principal", retval, "while unparsing modname");
+        goto cleanup;
     }
     if (argc == 2) {
-	printf("Principal: %s\n", canon);
-	printf("Expiration date: %s\n", dprinc.princ_expire_time ?
-	       strdate(dprinc.princ_expire_time) : "[never]");
-	printf("Last password change: %s\n", dprinc.last_pwd_change ?
-	       strdate(dprinc.last_pwd_change) : "[never]");
-	printf("Password expiration date: %s\n",
-	       dprinc.pw_expiration ?
-	       strdate(dprinc.pw_expiration) : "[none]");
-	printf("Maximum ticket life: %s\n", strdur(dprinc.max_life));
-	printf("Maximum renewable life: %s\n", strdur(dprinc.max_renewable_life));
-	printf("Last modified: %s (%s)\n", strdate(dprinc.mod_date), modcanon);
-	printf("Last successful authentication: %s\n",
-	       dprinc.last_success ? strdate(dprinc.last_success) :
-	       "[never]");
-	printf("Last failed authentication: %s\n",
-	       dprinc.last_failed ? strdate(dprinc.last_failed) :
-	       "[never]");
-	printf("Failed password attempts: %d\n",
-	       dprinc.fail_auth_count);
-	printf("Number of keys: %d\n", dprinc.n_key_data);
-	for (i = 0; i < dprinc.n_key_data; i++) {
-	    krb5_key_data *key_data = &dprinc.key_data[i];
-	    char enctype[BUFSIZ], salttype[BUFSIZ];
+        printf("Principal: %s\n", canon);
+        printf("Expiration date: %s\n", dprinc.princ_expire_time ?
+               strdate(dprinc.princ_expire_time) : "[never]");
+        printf("Last password change: %s\n", dprinc.last_pwd_change ?
+               strdate(dprinc.last_pwd_change) : "[never]");
+        printf("Password expiration date: %s\n",
+               dprinc.pw_expiration ?
+               strdate(dprinc.pw_expiration) : "[none]");
+        printf("Maximum ticket life: %s\n", strdur(dprinc.max_life));
+        printf("Maximum renewable life: %s\n",
+               strdur(dprinc.max_renewable_life));
+        printf("Last modified: %s (%s)\n", strdate(dprinc.mod_date), modcanon);
+        printf("Last successful authentication: %s\n",
+               dprinc.last_success ? strdate(dprinc.last_success) :
+               "[never]");
+        printf("Last failed authentication: %s\n",
+               dprinc.last_failed ? strdate(dprinc.last_failed) :
+               "[never]");
+        printf("Failed password attempts: %d\n",
+               dprinc.fail_auth_count);
+        printf("Number of keys: %d\n", dprinc.n_key_data);
+        for (i = 0; i < dprinc.n_key_data; i++) {
+            krb5_key_data *key_data = &dprinc.key_data[i];
+            char enctype[BUFSIZ], salttype[BUFSIZ];
 
-	    if (krb5_enctype_to_string(key_data->key_data_type[0],
-				       enctype, sizeof(enctype)))
-		snprintf(enctype, sizeof(enctype), "<Encryption type 0x%x>",
-			 key_data->key_data_type[0]);
-	    printf("Key: vno %d, %s, ", key_data->key_data_kvno, enctype);
-	    if (key_data->key_data_ver > 1) {
-		if (krb5_salttype_to_string(key_data->key_data_type[1],
-					    salttype, sizeof(salttype)))
-		    snprintf(salttype, sizeof(salttype), "<Salt type 0x%x>",
-			     key_data->key_data_type[1]);
-		printf("%s\n", salttype);
-	    } else
-		printf("no salt\n");
-	}
-	printf("MKey: vno %d\n",
-	       dprinc.mkvno);
+            if (krb5_enctype_to_string(key_data->key_data_type[0],
+                                       enctype, sizeof(enctype)))
+                snprintf(enctype, sizeof(enctype), "<Encryption type 0x%x>",
+                         key_data->key_data_type[0]);
+            printf("Key: vno %d, %s, ", key_data->key_data_kvno, enctype);
+            if (key_data->key_data_ver > 1) {
+                if (krb5_salttype_to_string(key_data->key_data_type[1],
+                                            salttype, sizeof(salttype)))
+                    snprintf(salttype, sizeof(salttype), "<Salt type 0x%x>",
+                             key_data->key_data_type[1]);
+                printf("%s\n", salttype);
+            } else
+                printf("no salt\n");
+        }
+        printf("MKey: vno %d\n",
+               dprinc.mkvno);
 
-	printf("Attributes:");
-	for (i = 0; i < sizeof (prflags) / sizeof (char *); i++) {
-	    if (dprinc.attributes & (krb5_flags) 1 << i)
-		printf(" %s", prflags[i]);
-	}
-	printf("\n");
-	printf("Policy: %s\n", dprinc.policy ? dprinc.policy : "[none]");
+        printf("Attributes:");
+        for (j = 0; j < sizeof(prflags) / sizeof(char *); j++) {
+            if (dprinc.attributes & (krb5_flags) 1 << j)
+                printf(" %s", prflags[j]);
+        }
+        printf("\n");
+        printf("Policy: %s\n", dprinc.policy ? dprinc.policy : "[none]");
     } else {
-	printf("\"%s\"\t%d\t%d\t%d\t%d\t\"%s\"\t%d\t%d\t%d\t%d\t\"%s\""
-	       "\t%d\t%d\t%d\t%d\t%d",
-	       canon, dprinc.princ_expire_time, dprinc.last_pwd_change,
-	       dprinc.pw_expiration, dprinc.max_life, modcanon,
-	       dprinc.mod_date, dprinc.attributes, dprinc.kvno,
-	       dprinc.mkvno, dprinc.policy ? dprinc.policy : "[none]",
-	       dprinc.max_renewable_life, dprinc.last_success,
-	       dprinc.last_failed, dprinc.fail_auth_count,
-	       dprinc.n_key_data);
-	for (i = 0; i < dprinc.n_key_data; i++)
-	    printf("\t%d\t%d\t%d\t%d",
-		   dprinc.key_data[i].key_data_ver,
-		   dprinc.key_data[i].key_data_kvno,
-		   dprinc.key_data[i].key_data_type[0],
-		   dprinc.key_data[i].key_data_type[1]);
-	printf("\n");
+        printf("\"%s\"\t%d\t%d\t%d\t%d\t\"%s\"\t%d\t%d\t%d\t%d\t\"%s\""
+               "\t%d\t%d\t%d\t%d\t%d",
+               canon, dprinc.princ_expire_time, dprinc.last_pwd_change,
+               dprinc.pw_expiration, dprinc.max_life, modcanon,
+               dprinc.mod_date, dprinc.attributes, dprinc.kvno,
+               dprinc.mkvno, dprinc.policy ? dprinc.policy : "[none]",
+               dprinc.max_renewable_life, dprinc.last_success,
+               dprinc.last_failed, dprinc.fail_auth_count,
+               dprinc.n_key_data);
+        for (i = 0; i < dprinc.n_key_data; i++)
+            printf("\t%d\t%d\t%d\t%d",
+                   dprinc.key_data[i].key_data_ver,
+                   dprinc.key_data[i].key_data_kvno,
+                   dprinc.key_data[i].key_data_type[0],
+                   dprinc.key_data[i].key_data_type[1]);
+        printf("\n");
     }
-    free(modcanon);
+cleanup:
+    krb5_free_principal(context, princ);
     kadm5_free_principal_ent(handle, &dprinc);
+    free(modcanon);
     free(canon);
 }
 
-void kadmin_getprincs(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getprincs(int argc, char *argv[])
 {
     krb5_error_code retval;
     char *expr, **names;
     int i, count;
 
     expr = NULL;
-    if (! (argc == 1 || (argc == 2 && (expr = argv[1])))) {
-	fprintf(stderr, "usage: get_principals [expression]\n");
-	return;
+    if (!(argc == 1 || (argc == 2 && (expr = argv[1])))) {
+        fprintf(stderr, "usage: get_principals [expression]\n");
+        return;
     }
     retval = kadm5_get_principals(handle, expr, &names, &count);
     if (retval) {
-	com_err("get_principals", retval, "while retrieving list.");
-	return;
+        com_err("get_principals", retval, "while retrieving list.");
+        return;
     }
     for (i = 0; i < count; i++)
-	printf("%s\n", names[i]);
+        printf("%s\n", names[i]);
     kadm5_free_name_list(handle, names, count);
 }
 
 static int
-kadmin_parse_policy_args(argc, argv, policy, mask, caller)
-    int argc;
-    char *argv[];
-    kadm5_policy_ent_t policy;
-    long *mask;
-    char *caller;
+kadmin_parse_policy_args(int argc, char *argv[], kadm5_policy_ent_t policy,
+                         long *mask, char *caller)
 {
     int i;
-    time_t now;
-    time_t date;
+    time_t now, date;
 
     time(&now);
     *mask = 0;
     for (i = 1; i < argc - 1; i++) {
-	if (strlen(argv[i]) == 8 &&
-	    !strcmp(argv[i], "-maxlife")) {
-	    if (++i > argc -2)
-		return -1;
-	    else {
-		date = get_date(argv[i]);
-		if (date == (time_t)-1) {
-		    fprintf(stderr, "Invalid date specification \"%s\".\n",
-			    argv[i]);
-		    return -1;
-		}
-		policy->pw_max_life = date - now;
-		*mask |= KADM5_PW_MAX_LIFE;
-		continue;
-	    }
-	} else if (strlen(argv[i]) == 8 &&
-		   !strcmp(argv[i], "-minlife")) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		date = get_date(argv[i]);
-		if (date == (time_t)-1) {
-		    fprintf(stderr, "Invalid date specification \"%s\".\n",
-			    argv[i]);
-		    return -1;
-		}
-		policy->pw_min_life = date - now;
-		*mask |= KADM5_PW_MIN_LIFE;
-		continue;
-	    }
-	} else if (strlen(argv[i]) == 10 &&
-		   !strcmp(argv[i], "-minlength")) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		policy->pw_min_length = atoi(argv[i]);
-		*mask |= KADM5_PW_MIN_LENGTH;
-		continue;
-	    }
-	} else if (strlen(argv[i]) == 11 &&
-		   !strcmp(argv[i], "-minclasses")) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		policy->pw_min_classes = atoi(argv[i]);
-		*mask |= KADM5_PW_MIN_CLASSES;
-		continue;
-	    }
-	} else if (strlen(argv[i]) == 8 &&
-		   !strcmp(argv[i], "-history")) {
-	    if (++i > argc - 2)
-		return -1;
-	    else {
-		policy->pw_history_num = atoi(argv[i]);
-		*mask |= KADM5_PW_HISTORY_NUM;
-		continue;
-	    }
-	} else
-	    return -1;
+        if (strlen(argv[i]) == 8 && !strcmp(argv[i], "-maxlife")) {
+            if (++i > argc -2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                policy->pw_max_life = date - now;
+                *mask |= KADM5_PW_MAX_LIFE;
+                continue;
+            }
+        } else if (strlen(argv[i]) == 8 && !strcmp(argv[i], "-minlife")) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                date = get_date(argv[i]);
+                if (date == (time_t)-1) {
+                    fprintf(stderr, "Invalid date specification \"%s\".\n",
+                            argv[i]);
+                    return -1;
+                }
+                policy->pw_min_life = date - now;
+                *mask |= KADM5_PW_MIN_LIFE;
+                continue;
+            }
+        } else if (strlen(argv[i]) == 10 && !strcmp(argv[i], "-minlength")) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                policy->pw_min_length = atoi(argv[i]);
+                *mask |= KADM5_PW_MIN_LENGTH;
+                continue;
+            }
+        } else if (strlen(argv[i]) == 11 && !strcmp(argv[i], "-minclasses")) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                policy->pw_min_classes = atoi(argv[i]);
+                *mask |= KADM5_PW_MIN_CLASSES;
+                continue;
+            }
+        } else if (strlen(argv[i]) == 8 && !strcmp(argv[i], "-history")) {
+            if (++i > argc - 2)
+                return -1;
+            else {
+                policy->pw_history_num = atoi(argv[i]);
+                *mask |= KADM5_PW_HISTORY_NUM;
+                continue;
+            }
+        } else
+            return -1;
     }
     if (i != argc -1) {
-	fprintf(stderr, "%s: parser lost count!\n", caller);
-	return -1;
+        fprintf(stderr, "%s: parser lost count!\n", caller);
+        return -1;
     } else
-	return 0;
+        return 0;
 }
 
 static void
-kadmin_addmodpol_usage(func)
-    char *func;
+kadmin_addmodpol_usage(char *func)
 {
     fprintf(stderr, "usage; %s [options] policy\n", func);
     fprintf(stderr, "\toptions are:\n");
     fprintf(stderr, "\t\t[-maxlife time] [-minlife time] [-minlength length]\n\t\t[-minclasses number] [-history number]\n");
 }
 
-void kadmin_addpol(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_addpol(int argc, char *argv[])
 {
     krb5_error_code retval;
     long mask;
@@ -1723,24 +1523,20 @@
 
     memset(&policy, 0, sizeof(policy));
     if (kadmin_parse_policy_args(argc, argv, &policy, &mask, "add_policy")) {
-	kadmin_addmodpol_usage("add_policy");
-	return;
-    } else {
-	policy.policy = argv[argc - 1];
-	mask |= KADM5_POLICY;
-	retval = kadm5_create_policy(handle, &policy, mask);
-	if (retval) {
-	    com_err("add_policy", retval, "while creating policy \"%s\".",
-		    policy.policy);
-	    return;
-	}
+        kadmin_addmodpol_usage("add_policy");
+        return;
     }
-    return;
+    policy.policy = argv[argc - 1];
+    mask |= KADM5_POLICY;
+    retval = kadm5_create_policy(handle, &policy, mask);
+    if (retval) {
+        com_err("add_policy", retval, "while creating policy \"%s\".",
+                policy.policy);
+    }
 }
 
-void kadmin_modpol(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_modpol(int argc, char *argv[])
 {
     krb5_error_code retval;
     long mask;
@@ -1748,133 +1544,121 @@
 
     memset(&policy, 0, sizeof(policy));
     if (kadmin_parse_policy_args(argc, argv, &policy, &mask,
-				 "modify_policy")) {
-	kadmin_addmodpol_usage("modify_policy");
-	return;
-    } else {
-	policy.policy = argv[argc - 1];
-	retval = kadm5_modify_policy(handle, &policy, mask);
-	if (retval) {
-	    com_err("modify_policy", retval, "while modifying policy \"%s\".",
-		    policy.policy);
-	    return;
-	}
+                                 "modify_policy")) {
+        kadmin_addmodpol_usage("modify_policy");
+        return;
     }
-    return;
+    policy.policy = argv[argc - 1];
+    retval = kadm5_modify_policy(handle, &policy, mask);
+    if (retval) {
+        com_err("modify_policy", retval, "while modifying policy \"%s\".",
+                policy.policy);
+    }
 }
 
-void kadmin_delpol(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_delpol(int argc, char *argv[])
 {
     krb5_error_code retval;
     char reply[5];
 
-    if (! (argc == 2 ||
-	   (argc == 3 && !strcmp("-force", argv[1])))) {
-	fprintf(stderr, "usage: delete_policy [-force] policy\n");
-	return;
+    if (!(argc == 2 || (argc == 3 && !strcmp("-force", argv[1])))) {
+        fprintf(stderr, "usage: delete_policy [-force] policy\n");
+        return;
     }
     if (argc == 2) {
-	printf("Are you sure you want to delete the policy \"%s\"? (yes/no): ", argv[1]);
-	fgets(reply, sizeof (reply), stdin);
-	if (strcmp("yes\n", reply)) {
-	    fprintf(stderr, "Policy \"%s\" not deleted.\n", argv[1]);
-	    return;
-	}
+        printf("Are you sure you want to delete the policy \"%s\"? (yes/no): ",
+               argv[1]);
+        fgets(reply, sizeof(reply), stdin);
+        if (strcmp("yes\n", reply)) {
+            fprintf(stderr, "Policy \"%s\" not deleted.\n", argv[1]);
+            return;
+        }
     }
     retval = kadm5_delete_policy(handle, argv[argc - 1]);
     if (retval) {
-	com_err("delete_policy:", retval, "while deleting policy \"%s\"",
-		argv[argc - 1]);
-	return;
+        com_err("delete_policy:", retval, "while deleting policy \"%s\"",
+                argv[argc - 1]);
     }
-    return;
 }
 
-void kadmin_getpol(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getpol(int argc, char *argv[])
 {
     krb5_error_code retval;
     kadm5_policy_ent_rec policy;
 
-    if (! (argc == 2 ||
-	   (argc == 3 && !strcmp("-terse", argv[1])))) {
-	fprintf(stderr, "usage: get_policy [-terse] policy\n");
-	return;
+    if (!(argc == 2 || (argc == 3 && !strcmp("-terse", argv[1])))) {
+        fprintf(stderr, "usage: get_policy [-terse] policy\n");
+        return;
     }
     retval = kadm5_get_policy(handle, argv[argc - 1], &policy);
     if (retval) {
-	com_err("get_policy", retval, "while retrieving policy \"%s\".",
-		argv[argc - 1]);
-	return;
+        com_err("get_policy", retval, "while retrieving policy \"%s\".",
+                argv[argc - 1]);
+        return;
     }
     if (argc == 2) {
-	printf("Policy: %s\n", policy.policy);
-	printf("Maximum password life: %ld\n", policy.pw_max_life);
-	printf("Minimum password life: %ld\n", policy.pw_min_life);
-	printf("Minimum password length: %ld\n", policy.pw_min_length);
-	printf("Minimum number of password character classes: %ld\n",
-	       policy.pw_min_classes);
-	printf("Number of old keys kept: %ld\n", policy.pw_history_num);
-	printf("Reference count: %ld\n", policy.policy_refcnt);
+        printf("Policy: %s\n", policy.policy);
+        printf("Maximum password life: %ld\n", policy.pw_max_life);
+        printf("Minimum password life: %ld\n", policy.pw_min_life);
+        printf("Minimum password length: %ld\n", policy.pw_min_length);
+        printf("Minimum number of password character classes: %ld\n",
+               policy.pw_min_classes);
+        printf("Number of old keys kept: %ld\n", policy.pw_history_num);
+        printf("Reference count: %ld\n", policy.policy_refcnt);
     } else {
-	printf("\"%s\"\t%ld\t%ld\t%ld\t%ld\t%ld\t%ld\n",
-	       policy.policy, policy.pw_max_life, policy.pw_min_life,
-	       policy.pw_min_length, policy.pw_min_classes,
-	       policy.pw_history_num, policy.policy_refcnt);
+        printf("\"%s\"\t%ld\t%ld\t%ld\t%ld\t%ld\t%ld\n",
+               policy.policy, policy.pw_max_life, policy.pw_min_life,
+               policy.pw_min_length, policy.pw_min_classes,
+               policy.pw_history_num, policy.policy_refcnt);
     }
     kadm5_free_policy_ent(handle, &policy);
-    return;
 }
 
-void kadmin_getpols(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getpols(int argc, char *argv[])
 {
     krb5_error_code retval;
     char *expr, **names;
     int i, count;
 
     expr = NULL;
-    if (! (argc == 1 || (argc == 2 && (expr = argv[1])))) {
-	fprintf(stderr, "usage: get_policies [expression]\n");
-	return;
+    if (!(argc == 1 || (argc == 2 && (expr = argv[1])))) {
+        fprintf(stderr, "usage: get_policies [expression]\n");
+        return;
     }
     retval = kadm5_get_policies(handle, expr, &names, &count);
     if (retval) {
-	com_err("get_policies", retval, "while retrieving list.");
-	return;
+        com_err("get_policies", retval, "while retrieving list.");
+        return;
     }
     for (i = 0; i < count; i++)
-	printf("%s\n", names[i]);
+        printf("%s\n", names[i]);
     kadm5_free_name_list(handle, names, count);
 }
 
-void kadmin_getprivs(argc, argv)
-    int argc;
-    char *argv[];
+void
+kadmin_getprivs(int argc, char *argv[])
 {
     static char *privs[] = {"GET", "ADD", "MODIFY", "DELETE"};
     krb5_error_code retval;
-    int i;
+    size_t i;
     long plist;
 
     if (argc != 1) {
-	fprintf(stderr, "usage: get_privs\n");
-	return;
+        fprintf(stderr, "usage: get_privs\n");
+        return;
     }
     retval = kadm5_get_privs(handle, &plist);
     if (retval) {
-	com_err("get_privs", retval, "while retrieving privileges");
-	return;
+        com_err("get_privs", retval, "while retrieving privileges");
+        return;
     }
     printf("current privileges:");
     for (i = 0; i < sizeof (privs) / sizeof (char *); i++) {
-	if (plist & 1 << i)
-	    printf(" %s", privs[i]);
+        if (plist & 1 << i)
+            printf(" %s", privs[i]);
     }
     printf("\n");
-    return;
 }

Modified: trunk/src/kadmin/cli/keytab.c
===================================================================
--- trunk/src/kadmin/cli/keytab.c	2009-09-24 15:40:26 UTC (rev 22784)
+++ trunk/src/kadmin/cli/keytab.c	2009-09-24 16:48:57 UTC (rev 22785)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
  *
@@ -7,14 +8,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -25,7 +26,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -45,12 +46,12 @@
 #include <adm_proto.h>
 #include "kadmin.h"
 
-static int add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
-			 krb5_boolean keepold,
-			 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
-			 char *princ_str);
-static int remove_principal(char *keytab_str, krb5_keytab keytab, char
-			    *princ_str, char *kvno_str);
+static void add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
+                          krb5_boolean keepold,
+                          int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                          char *princ_str);
+static void remove_principal(char *keytab_str, krb5_keytab keytab,
+                             char *princ_str, char *kvno_str);
 static char *etype_string(krb5_enctype enctype);
 
 static int quiet;
@@ -59,417 +60,411 @@
 static int norandkey;
 #endif
 
-static void add_usage()
+static void
+add_usage()
 {
 #ifdef KADMIN_LOCAL
-     fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal | -glob princ-exp] [...]\n");
+    fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] [principal | -glob princ-exp] [...]\n");
 #else
-     fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [principal | -glob princ-exp] [...]\n");
+    fprintf(stderr, "Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [principal | -glob princ-exp] [...]\n");
 #endif
 }
-     
-static void rem_usage()
+
+static void
+rem_usage()
 {
-     fprintf(stderr, "Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno|\"all\"|\"old\"]\n");
+    fprintf(stderr, "Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno|\"all\"|\"old\"]\n");
 }
 
-static int process_keytab(krb5_context my_context, char **keytab_str,
-		   krb5_keytab *keytab) 
+static int
+process_keytab(krb5_context my_context, char **keytab_str,
+               krb5_keytab *keytab)
 {
-     int code;
-     
-     if (*keytab_str == NULL) {
-	  /* XXX krb5_defkeyname is an internal library global and
-             should go away */
-	  if (! (*keytab_str = strdup(krb5_defkeyname))) {
-	       com_err(whoami, ENOMEM, "while creating keytab name");
-	       return 1;
-	  }
-	  code = krb5_kt_default(my_context, keytab);
-	  if (code != 0) {
-	       com_err(whoami, code, "while opening default keytab");
-	       free(*keytab_str);
-	       return 1;
-	  }
-     } else {
-	  if (strchr(*keytab_str, ':') != NULL) {
-	       *keytab_str = strdup(*keytab_str);
-	       if (*keytab_str == NULL) {
-		    com_err(whoami, ENOMEM, "while creating keytab name");
-		    return 1;
-	       }
-	  } else {
-	       if (asprintf(keytab_str, "WRFILE:%s", *keytab_str) < 0) {
-		   *keytab_str = NULL;
-		   com_err(whoami, ENOMEM, "while creating keytab name");
-		   return 1;
-	       }
-	  }
-	  
-	  code = krb5_kt_resolve(my_context, *keytab_str, keytab);
-	  if (code != 0) {
-	       com_err(whoami, code, "while resolving keytab %s", *keytab_str);
-	       free(keytab_str);
-	       return 1;
-	  }
-     }
-     
-     return 0;
+    int code;
+    char *name = *keytab_str;
+
+    if (name == NULL) {
+        /* XXX krb5_defkeyname is an internal library global and
+           should go away */
+        name = strdup(krb5_defkeyname);
+        if (!name) {
+            com_err(whoami, ENOMEM, "while creating keytab name");
+            return 1;
+        }
+        code = krb5_kt_default(my_context, keytab);
+        if (code != 0) {
+            com_err(whoami, code, "while opening default keytab");
+            free(name);
+            return 1;
+        }
+    } else {
+        if (strchr(name, ':') != NULL)
+            name = strdup(name);
+        else if (asprintf(keytab_str, "WRFILE:%s", name) < 0)
+            name = NULL;
+        if (name == NULL) {
+            com_err(whoami, ENOMEM, "while creating keytab name");
+            return 1;
+        }
+
+        code = krb5_kt_resolve(my_context, name, keytab);
+        if (code != 0) {
+            com_err(whoami, code, "while resolving keytab %s", name);
+            free(name);
+            return 1;
+        }
+    }
+
+    *keytab_str = name;
+    return 0;
 }
 
-     
-void kadmin_keytab_add(int argc, char **argv)
+void
+kadmin_keytab_add(int argc, char **argv)
 {
-     krb5_keytab keytab = 0;
-     char *keytab_str = NULL, **princs;
-     int code, num, i;
-     krb5_error_code retval;
-     int n_ks_tuple = 0;
-     krb5_boolean keepold = FALSE;
-     krb5_key_salt_tuple *ks_tuple = NULL;
+    krb5_keytab keytab = 0;
+    char *keytab_str = NULL, **princs;
+    int code, num, i;
+    krb5_error_code retval;
+    int n_ks_tuple = 0;
+    krb5_boolean keepold = FALSE;
+    krb5_key_salt_tuple *ks_tuple = NULL;
 
-     argc--; argv++;
-     quiet = 0;
+    argc--; argv++;
+    quiet = 0;
 #ifdef KADMIN_LOCAL
-     norandkey = 0;
+    norandkey = 0;
 #endif
-     while (argc) {
-	  if (strncmp(*argv, "-k", 2) == 0) {
-	       argc--; argv++;
-	       if (!argc || keytab_str) {
-		    add_usage();
-		    return;
-	       }
-	       keytab_str = *argv;
-	  } else if (strcmp(*argv, "-q") == 0) {
-	       quiet++;
+    while (argc) {
+        if (strncmp(*argv, "-k", 2) == 0) {
+            argc--; argv++;
+            if (!argc || keytab_str) {
+                add_usage();
+                return;
+            }
+            keytab_str = *argv;
+        } else if (strcmp(*argv, "-q") == 0) {
+            quiet++;
 #ifdef KADMIN_LOCAL
         } else if (strcmp(*argv, "-norandkey") == 0) {
-             norandkey++;
+            norandkey++;
 #endif
-	  } else if (strcmp(*argv, "-e") == 0) {
-	       argc--;
-	       if (argc < 1) {
-		    add_usage();
-		    return;
-	       }
-	       retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
-						&ks_tuple, &n_ks_tuple);
-	       if (retval) {
-		    com_err("ktadd", retval, "while parsing keysalts %s",
-			    *argv);
+        } else if (strcmp(*argv, "-e") == 0) {
+            argc--;
+            if (argc < 1) {
+                add_usage();
+                return;
+            }
+            retval = krb5_string_to_keysalts(*++argv, ", \t", ":.-", 0,
+                                             &ks_tuple, &n_ks_tuple);
+            if (retval) {
+                com_err("ktadd", retval, "while parsing keysalts %s",
+                        *argv);
 
-		    return;
-	       }
-	  } else
-	       break;
-	  argc--; argv++;
-     }
+                return;
+            }
+        } else
+            break;
+        argc--; argv++;
+    }
 
-     if (argc == 0) {
-	  add_usage();
-	  return;
-     }
+    if (argc == 0) {
+        add_usage();
+        return;
+    }
 
 #ifdef KADMIN_LOCAL
-     if (norandkey && ks_tuple) {
-       fprintf(stderr, "cannot specify keysaltlist when not changing key\n");
-       return;
-     }
+    if (norandkey && ks_tuple) {
+        fprintf(stderr, "cannot specify keysaltlist when not changing key\n");
+        return;
+    }
 #endif
 
-     if (process_keytab(context, &keytab_str, &keytab))
-	  return;
-     
-     while (*argv) {
-	  if (strcmp(*argv, "-glob") == 0) {
-	       if (*++argv == NULL) {
-		    add_usage();
-		    break;
-	       }
-	       
-	       code = kadm5_get_principals(handle, *argv, &princs, &num);
-	       if (code) {
-		    com_err(whoami, code, "while expanding expression \"%s\".",
-			    *argv);
-		    argv++;
-		    continue;
-	       }
-	       
-	       for (i = 0; i < num; i++) 
-		    (void) add_principal(handle, keytab_str, keytab,
-					 keepold, n_ks_tuple, ks_tuple,
-					 princs[i]); 
-	       kadm5_free_name_list(handle, princs, num);
-	  } else
-	       (void) add_principal(handle, keytab_str, keytab,
-				    keepold, n_ks_tuple, ks_tuple,
-				    *argv);
-	  argv++;
-     }
-	  
-     code = krb5_kt_close(context, keytab);
-     if (code != 0)
-	  com_err(whoami, code, "while closing keytab");
+    if (process_keytab(context, &keytab_str, &keytab))
+        return;
 
-     free(keytab_str);
+    while (*argv) {
+        if (strcmp(*argv, "-glob") == 0) {
+            if (*++argv == NULL) {
+                add_usage();
+                break;
+            }
+
+            code = kadm5_get_principals(handle, *argv, &princs, &num);
+            if (code) {
+                com_err(whoami, code, "while expanding expression \"%s\".",
+                        *argv);
+                argv++;
+                continue;
+            }
+
+            for (i = 0; i < num; i++)
+                add_principal(handle, keytab_str, keytab, keepold,
+                              n_ks_tuple, ks_tuple, princs[i]);
+            kadm5_free_name_list(handle, princs, num);
+        } else {
+            add_principal(handle, keytab_str, keytab, keepold,
+                          n_ks_tuple, ks_tuple, *argv);
+            argv++;
+        }
+    }
+
+    code = krb5_kt_close(context, keytab);
+    if (code != 0)
+        com_err(whoami, code, "while closing keytab");
+
+    free(keytab_str);
 }
 
-void kadmin_keytab_remove(int argc, char **argv)
+void
+kadmin_keytab_remove(int argc, char **argv)
 {
-     krb5_keytab keytab = 0;
-     char *keytab_str = NULL;
-     int code;
+    krb5_keytab keytab = 0;
+    char *keytab_str = NULL;
+    int code;
 
-     argc--; argv++;
-     quiet = 0;
-     while (argc) {
-	  if (strncmp(*argv, "-k", 2) == 0) {
-	       argc--; argv++;
-	       if (!argc || keytab_str) {
-		    rem_usage();
-		    return;
-	       }
-	       keytab_str = *argv;
-	  } else if (strcmp(*argv, "-q") == 0) {
-	       quiet++;
-	  } else
-	       break;
-	  argc--; argv++;
-     }
+    argc--; argv++;
+    quiet = 0;
+    while (argc) {
+        if (strncmp(*argv, "-k", 2) == 0) {
+            argc--; argv++;
+            if (!argc || keytab_str) {
+                rem_usage();
+                return;
+            }
+            keytab_str = *argv;
+        } else if (strcmp(*argv, "-q") == 0) {
+            quiet++;
+        } else
+            break;
+        argc--; argv++;
+    }
 
-     if (argc != 1 && argc != 2) {
-	  rem_usage();
-	  return;
-     }
-     if (process_keytab(context, &keytab_str, &keytab))
-	  return;
+    if (argc != 1 && argc != 2) {
+        rem_usage();
+        return;
+    }
+    if (process_keytab(context, &keytab_str, &keytab))
+        return;
 
-     (void) remove_principal(keytab_str, keytab, argv[0], argv[1]);
+    remove_principal(keytab_str, keytab, argv[0], argv[1]);
 
-     code = krb5_kt_close(context, keytab);
-     if (code != 0)
-	  com_err(whoami, code, "while closing keytab");
+    code = krb5_kt_close(context, keytab);
+    if (code != 0)
+        com_err(whoami, code, "while closing keytab");
 
-     free(keytab_str);
+    free(keytab_str);
 }
 
-static 
-int add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
-		  krb5_boolean keepold, int n_ks_tuple,
-		  krb5_key_salt_tuple *ks_tuple,
-		  char *princ_str) 
+static void
+add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
+              krb5_boolean keepold, int n_ks_tuple,
+              krb5_key_salt_tuple *ks_tuple, char *princ_str)
 {
-     kadm5_principal_ent_rec princ_rec;
-     krb5_principal princ;
-     krb5_keytab_entry new_entry;
-     krb5_keyblock *keys;
-     int code, nkeys, i;
+    kadm5_principal_ent_rec princ_rec;
+    krb5_principal princ = NULL;
+    krb5_keytab_entry new_entry;
+    krb5_keyblock *keys;
+    int code, nkeys, i;
 
-     (void) memset(&princ_rec, 0, sizeof(princ_rec));
+    memset(&princ_rec, 0, sizeof(princ_rec));
 
-     princ = NULL;
-     keys = NULL;
-     nkeys = 0;
+    princ = NULL;
+    keys = NULL;
+    nkeys = 0;
 
-     code = krb5_parse_name(context, princ_str, &princ);
-     if (code != 0) {
-	  com_err(whoami, code, "while parsing -add principal name %s",
-		  princ_str);
-	  goto cleanup;
-     }
+    code = krb5_parse_name(context, princ_str, &princ);
+    if (code != 0) {
+        com_err(whoami, code, "while parsing -add principal name %s",
+                princ_str);
+        goto cleanup;
+    }
 
 #ifdef KADMIN_LOCAL
-     if (norandkey)
-       code = kadm5_get_principal_keys(handle, princ, &keys, &nkeys);
-     else
+    if (norandkey)
+        code = kadm5_get_principal_keys(handle, princ, &keys, &nkeys);
+    else
 #endif
-     if (keepold || ks_tuple != NULL) {
-	 code = kadm5_randkey_principal_3(lhandle, princ,
-					  keepold, n_ks_tuple, ks_tuple,
-					  &keys, &nkeys);
-     } else {
-	 code = kadm5_randkey_principal(lhandle, princ, &keys, &nkeys);
-     }
-     if (code != 0) {
-	  if (code == KADM5_UNK_PRINC) {
-	       fprintf(stderr, "%s: Principal %s does not exist.\n",
-		       whoami, princ_str);
-	  } else
-	       com_err(whoami, code, "while changing %s's key",
-		       princ_str);
-	  goto cleanup;
-     }
+    if (keepold || ks_tuple != NULL) {
+        code = kadm5_randkey_principal_3(lhandle, princ, keepold,
+                                         n_ks_tuple, ks_tuple, &keys, &nkeys);
+    } else
+        code = kadm5_randkey_principal(lhandle, princ, &keys, &nkeys);
+    if (code != 0) {
+        if (code == KADM5_UNK_PRINC) {
+            fprintf(stderr, "%s: Principal %s does not exist.\n",
+                    whoami, princ_str);
+        } else
+            com_err(whoami, code, "while changing %s's key", princ_str);
+        goto cleanup;
+    }
 
-     code = kadm5_get_principal(lhandle, princ, &princ_rec,
-				KADM5_PRINCIPAL_NORMAL_MASK);
-     if (code != 0) {
-	  com_err(whoami, code, "while retrieving principal");
-	  goto cleanup;
-     }
+    code = kadm5_get_principal(lhandle, princ, &princ_rec,
+                               KADM5_PRINCIPAL_NORMAL_MASK);
+    if (code != 0) {
+        com_err(whoami, code, "while retrieving principal");
+        goto cleanup;
+    }
 
-     for (i = 0; i < nkeys; i++) {
-	  memset(&new_entry, 0, sizeof(new_entry));
-	  new_entry.principal = princ;
-	  new_entry.key = keys[i];
-	  new_entry.vno = princ_rec.kvno;
+    for (i = 0; i < nkeys; i++) {
+        memset(&new_entry, 0, sizeof(new_entry));
+        new_entry.principal = princ;
+        new_entry.key = keys[i];
+        new_entry.vno = princ_rec.kvno;
 
-	  code = krb5_kt_add_entry(context, keytab, &new_entry);
-	  if (code != 0) {
-	       com_err(whoami, code, "while adding key to keytab");
-	       (void) kadm5_free_principal_ent(lhandle, &princ_rec);
-	       goto cleanup;
-	  }
+        code = krb5_kt_add_entry(context, keytab, &new_entry);
+        if (code != 0) {
+            com_err(whoami, code, "while adding key to keytab");
+            kadm5_free_principal_ent(lhandle, &princ_rec);
+            goto cleanup;
+        }
 
-	  if (!quiet)
-	       printf("Entry for principal %s with kvno %d, "
-		      "encryption type %s added to keytab %s.\n",
-		      princ_str, princ_rec.kvno,
-		      etype_string(keys[i].enctype), keytab_str);
-     }
+        if (!quiet) {
+            printf("Entry for principal %s with kvno %d, "
+                   "encryption type %s added to keytab %s.\n",
+                   princ_str, princ_rec.kvno,
+                   etype_string(keys[i].enctype), keytab_str);
+        }
+    }
 
-     code = kadm5_free_principal_ent(lhandle, &princ_rec);
-     if (code != 0) {
-	  com_err(whoami, code, "while freeing principal entry");
-	  goto cleanup;
-     }
+    code = kadm5_free_principal_ent(lhandle, &princ_rec);
+    if (code != 0) {
+        com_err(whoami, code, "while freeing principal entry");
+        goto cleanup;
+    }
 
 cleanup:
-     if (nkeys) {
-	  for (i = 0; i < nkeys; i++)
-	       krb5_free_keyblock_contents(context, &keys[i]);
-	  free(keys);
-     }
-     if (princ)
-	  krb5_free_principal(context, princ);
-
-     return code;
+    if (nkeys) {
+        for (i = 0; i < nkeys; i++)
+            krb5_free_keyblock_contents(context, &keys[i]);
+        free(keys);
+    }
+    krb5_free_principal(context, princ);
 }
 
-int remove_principal(char *keytab_str, krb5_keytab keytab, char
-		     *princ_str, char *kvno_str) 
+void
+remove_principal(char *keytab_str, krb5_keytab keytab,
+                 char *princ_str, char *kvno_str)
 {
-     krb5_principal princ;
-     krb5_keytab_entry entry;
-     krb5_kt_cursor cursor;
-     enum { UNDEF, SPEC, HIGH, ALL, OLD } mode;
-     int code, did_something;
-     krb5_kvno kvno;
+    krb5_principal princ;
+    krb5_keytab_entry entry;
+    krb5_kt_cursor cursor;
+    enum { UNDEF, SPEC, HIGH, ALL, OLD } mode;
+    int code, did_something;
+    krb5_kvno kvno;
 
-     code = krb5_parse_name(context, princ_str, &princ);
-     if (code != 0) {
-	  com_err(whoami, code, "while parsing principal name %s",
-		  princ_str);
-	  return code;
-     }
+    code = krb5_parse_name(context, princ_str, &princ);
+    if (code != 0) {
+        com_err(whoami, code, "while parsing principal name %s", princ_str);
+        return code;
+    }
 
-     mode = UNDEF;
-     if (kvno_str == NULL) {
-	  mode = HIGH;
-	  kvno = 0;
-     } else if (strcmp(kvno_str, "all") == 0) {
-	  mode = ALL;
-	  kvno = 0;
-     } else if (strcmp(kvno_str, "old") == 0) {
-	  mode = OLD;
-	  kvno = 0;
-     } else {
-	  mode = SPEC;
-	  kvno = atoi(kvno_str);
-     }
+    mode = UNDEF;
+    if (kvno_str == NULL) {
+        mode = HIGH;
+        kvno = 0;
+    } else if (strcmp(kvno_str, "all") == 0) {
+        mode = ALL;
+        kvno = 0;
+    } else if (strcmp(kvno_str, "old") == 0) {
+        mode = OLD;
+        kvno = 0;
+    } else {
+        mode = SPEC;
+        kvno = atoi(kvno_str);
+    }
 
-     /* kvno is set to specified value for SPEC, 0 otherwise */
-     code = krb5_kt_get_entry(context, keytab, princ, kvno, 0, &entry);
-     if (code != 0) {
-	  if (code == ENOENT) {
-	       fprintf(stderr, "%s: Keytab %s does not exist.\n",
-		       whoami, keytab_str);
-	  } else if (code == KRB5_KT_NOTFOUND) {
-	       if (mode != SPEC)
-		    fprintf(stderr, "%s: No entry for principal "
-			    "%s exists in keytab %s\n",
-			    whoami, princ_str, keytab_str);
-	       else
-		    fprintf(stderr, "%s: No entry for principal "
-			    "%s with kvno %d exists in keytab "
-			    "%s.\n", whoami, princ_str, kvno,
-			    keytab_str);
-	  } else {
-	       com_err(whoami, code, "while retrieving highest kvno "
-		       "from keytab");
-	  }
-	  return code;
-     }
+    /* kvno is set to specified value for SPEC, 0 otherwise */
+    code = krb5_kt_get_entry(context, keytab, princ, kvno, 0, &entry);
+    if (code != 0) {
+        if (code == ENOENT) {
+            fprintf(stderr, "%s: Keytab %s does not exist.\n",
+                    whoami, keytab_str);
+        } else if (code == KRB5_KT_NOTFOUND) {
+            if (mode != SPEC) {
+                fprintf(stderr, "%s: No entry for principal "
+                        "%s exists in keytab %s\n",
+                        whoami, princ_str, keytab_str);
+            } else {
+                fprintf(stderr, "%s: No entry for principal "
+                        "%s with kvno %d exists in keytab "
+                        "%s.\n", whoami, princ_str, kvno, keytab_str);
+            }
+        } else
+            com_err(whoami, code, "while retrieving highest kvno from keytab");
+        return code;
+    }
 
-     /* set kvno to spec'ed value for SPEC, highest kvno otherwise */
-     kvno = entry.vno;
-     krb5_kt_free_entry(context, &entry);
+    /* set kvno to spec'ed value for SPEC, highest kvno otherwise */
+    kvno = entry.vno;
+    krb5_kt_free_entry(context, &entry);
 
-     code = krb5_kt_start_seq_get(context, keytab, &cursor);
-     if (code != 0) {
-	  com_err(whoami, code, "while starting keytab scan");
-	  return code;
-     }
+    code = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (code != 0) {
+        com_err(whoami, code, "while starting keytab scan");
+        return code;
+    }
 
-     did_something = 0;
-     while ((code = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
-	  if (krb5_principal_compare(context, princ, entry.principal) &&
-	      ((mode == ALL) ||
-	       (mode == SPEC && entry.vno == kvno) ||
-	       (mode == OLD && entry.vno != kvno) ||
-	       (mode == HIGH && entry.vno == kvno))) {
+    did_something = 0;
+    while ((code = krb5_kt_next_entry(context, keytab, &entry,
+                                      &cursor)) == 0) {
+        if (krb5_principal_compare(context, princ, entry.principal) &&
+            ((mode == ALL) ||
+             (mode == SPEC && entry.vno == kvno) ||
+             (mode == OLD && entry.vno != kvno) ||
+             (mode == HIGH && entry.vno == kvno))) {
 
-	       /*
-		* Ack!  What a kludge... the scanning functions lock
-		* the keytab so entries cannot be removed while they
-		* are operating.
-		*/
-	       code = krb5_kt_end_seq_get(context, keytab, &cursor);
-	       if (code != 0) {
-		    com_err(whoami, code, "while temporarily ending "
-			    "keytab scan");
-		    return code;
-	       }
-	       code = krb5_kt_remove_entry(context, keytab, &entry);
-	       if (code != 0) {
-		    com_err(whoami, code, "while deleting entry from keytab");
-		    return code;
-	       }
-	       code = krb5_kt_start_seq_get(context, keytab, &cursor);
-	       if (code != 0) {
-		    com_err(whoami, code, "while restarting keytab scan");
-		    return code;
-	       }
+            /*
+             * Ack!  What a kludge... the scanning functions lock
+             * the keytab so entries cannot be removed while they
+             * are operating.
+             */
+            code = krb5_kt_end_seq_get(context, keytab, &cursor);
+            if (code != 0) {
+                com_err(whoami, code, "while temporarily ending keytab scan");
+                return code;
+            }
+            code = krb5_kt_remove_entry(context, keytab, &entry);
+            if (code != 0) {
+                com_err(whoami, code, "while deleting entry from keytab");
+                return code;
+            }
+            code = krb5_kt_start_seq_get(context, keytab, &cursor);
+            if (code != 0) {
+                com_err(whoami, code, "while restarting keytab scan");
+                return code;
+            }
 
-	       did_something++;
-	       if (!quiet)
-		    printf("Entry for principal %s with kvno %d "
-			   "removed from keytab %s.\n", 
-			   princ_str, entry.vno, keytab_str);
-	  }
-	  krb5_kt_free_entry(context, &entry);
-     }
-     if (code && code != KRB5_KT_END) {
-	  com_err(whoami, code, "while scanning keytab");
-	  return code;
-     }
-     if ((code = krb5_kt_end_seq_get(context, keytab, &cursor))) {
-	  com_err(whoami, code, "while ending keytab scan");
-	  return code;
-     }
+            did_something++;
+            if (!quiet)
+                printf("Entry for principal %s with kvno %d "
+                       "removed from keytab %s.\n",
+                       princ_str, entry.vno, keytab_str);
+        }
+        krb5_kt_free_entry(context, &entry);
+    }
+    if (code && code != KRB5_KT_END) {
+        com_err(whoami, code, "while scanning keytab");
+        return code;
+    }
+    code = krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (code) {
+        com_err(whoami, code, "while ending keytab scan");
+        return code;
+    }
 
-     /*
-      * If !did_someting then mode must be OLD or we would have
-      * already returned with an error.  But check it anyway just to
-      * prevent unexpected error messages...
-      */
-     if (!did_something && mode == OLD) {
-	  fprintf(stderr, "%s: There is only one entry for principal "
-		  "%s in keytab %s\n", whoami, princ_str, keytab_str);
-	  return 1;
-     }
-     
-     return 0;
+    /*
+     * If !did_someting then mode must be OLD or we would have
+     * already returned with an error.  But check it anyway just to
+     * prevent unexpected error messages...
+     */
+    if (!did_something && mode == OLD) {
+        fprintf(stderr, "%s: There is only one entry for principal "
+                "%s in keytab %s\n", whoami, princ_str, keytab_str);
+        return 1;
+    }
+
+    return 0;
 }
 
 /*
@@ -477,14 +472,15 @@
  * encryption type.  XXX copied from klist.c; this should be a
  * library function, or perhaps just #defines
  */
-static char *etype_string(enctype)
-    krb5_enctype enctype;
+static char *
+etype_string(krb5_enctype enctype)
 {
     static char buf[100];
     krb5_error_code ret;
 
-    if ((ret = krb5_enctype_to_string(enctype, buf, sizeof(buf))))
-	snprintf(buf, sizeof(buf), "etype %d", enctype);
+    ret = krb5_enctype_to_string(enctype, buf, sizeof(buf));
+    if (ret)
+        snprintf(buf, sizeof(buf), "etype %d", enctype);
 
     return buf;
 }

Modified: trunk/src/kadmin/cli/ss_wrapper.c
===================================================================
--- trunk/src/kadmin/cli/ss_wrapper.c	2009-09-24 15:40:26 UTC (rev 22784)
+++ trunk/src/kadmin/cli/ss_wrapper.c	2009-09-24 16:48:57 UTC (rev 22785)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -35,9 +36,8 @@
 extern int exit_status;
 extern char *whoami;
 
-int main(argc, argv)
-    int argc;
-    char *argv[];
+int
+main(int argc, char *argv[])
 {
     char *request;
     krb5_error_code retval;
@@ -46,18 +46,17 @@
     whoami = ((whoami = strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
 
     request = kadmin_startup(argc, argv);
-    sci_idx = ss_create_invocation(whoami, "5.0", (char *) NULL,
-				   &kadmin_cmds, &retval);
+    sci_idx = ss_create_invocation(whoami, "5.0", NULL, &kadmin_cmds, &retval);
     if (retval) {
-	ss_perror(sci_idx, retval, "creating invocation");
-	exit(1);
+        ss_perror(sci_idx, retval, "creating invocation");
+        exit(1);
     }
     if (request) {
-	    code = ss_execute_line(sci_idx, request);
-	    if (code != 0) {
-		    ss_perror(sci_idx, code, request);
-		    exit_status++;
-	    }
+            code = ss_execute_line(sci_idx, request);
+            if (code != 0) {
+                    ss_perror(sci_idx, code, request);
+                    exit_status++;
+            }
     } else
             retval = ss_listen(sci_idx);
     return quit() ? 1 : exit_status;

Modified: trunk/src/tests/dejagnu/krb-standalone/kadmin.exp
===================================================================
--- trunk/src/tests/dejagnu/krb-standalone/kadmin.exp	2009-09-24 15:40:26 UTC (rev 22784)
+++ trunk/src/tests/dejagnu/krb-standalone/kadmin.exp	2009-09-24 16:48:57 UTC (rev 22785)
@@ -269,8 +269,8 @@
 	send "adminpass$KEY\r"
     }
 
-    expect "Enter password for principal \"$pname\":" { send "$password\r" }
-    expect "Re-enter password for principal \"$pname\":" { send "$password\r" }
+    expect "Enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+    expect "Re-enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
     # When in doubt, jam one of these in there.
     expect "\r"
     expect "Password for \"$pname@$REALMNAME\" changed."




More information about the cvs-krb5 mailing list