 @@ -1,14 +1,14 @@
-/* $NetBSD: krb5_passwd.c,v 1.18 2009/04/18 09:04:34 mlelstv Exp $ */
+/* $NetBSD: krb5_passwd.c,v 1.19 2011/04/24 21:16:43 elric Exp $ */
 /*
  * Copyright (c) 2000, 2005 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Johan Danielsson; and by Jason R. Thorpe.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
 @@ -58,33 +58,34 @@ pwkrb5_usage(const char *prefix)
 void
 pwkrb5_argv0_usage(const char *prefix)
+{
 	(void) fprintf(stderr, "%s %s [principal]\n",
 	    prefix, getprogname());
+}
 void
 pwkrb5_process(const char *username, int argc, char **argv)
+{
 	krb5_context context;
 	krb5_error_code ret;
-	krb5_get_init_creds_opt opt;
+	krb5_get_init_creds_opt *opt;
 	krb5_principal principal;
 	krb5_creds cred;
 	int result_code;
 	krb5_data result_code_string, result_string;
 	char pwbuf[BUFSIZ];
 	int ch;
 	const char *errtxt;
 	while ((ch = getopt(argc, argv, "5ku:")) != -1) {
 		switch (ch) {
 		case '5':
 			/*
 			 * Compatibility option that historically
 			 * specified to use Kerberos 5.  Silently
 			 * ignore it.
 			 */
 			break;
 		case 'k':
 			/*
 @@ -115,89 +116,112 @@ pwkrb5_process(const char *username, int
 	case 1:
 		/* overrides -u <principal> */
 		username = argv[0];
 		break;
 	default:
 		usage();
 		/* NOTREACHED */
+	}
 	ret = krb5_init_context(&context);
 	if (ret != 0) {
 		if (ret == ENXIO)
 			errx(1, "Kerberos 5 not in use.");
-		warnx("Unable to initialize Kerberos 5: %s",
+		errx(1, "Unable to initialize Kerberos 5: %s", strerror(ret));
 		    krb5_get_err_text(context, ret));
 		goto bad;
+	}
-	krb5_get_init_creds_opt_init(&opt);
+	ret = krb5_get_init_creds_opt_alloc(context, &opt);
 	if (ret) {
 		errtxt = krb5_get_error_message(context, ret);
 		if (errtxt != NULL) {
 			warnx("failed to allocate opts: %s", errtxt);
 			krb5_free_error_message(context, errtxt);
 		} else {
 			warnx("failed to allocate opts: %d", ret);
+		}
 		goto bad;
+	}
-	krb5_get_init_creds_opt_set_tkt_life(&opt, 300L);
+	krb5_get_init_creds_opt_set_tkt_life(opt, 300L);
-	krb5_get_init_creds_opt_set_forwardable(&opt, FALSE);
+	krb5_get_init_creds_opt_set_forwardable(opt, FALSE);
-	krb5_get_init_creds_opt_set_proxiable(&opt, FALSE);
+	krb5_get_init_creds_opt_set_proxiable(opt, FALSE);
 	ret = krb5_parse_name(context, username, &principal);
 	if (ret) {
-		warnx("failed to parse principal: %s",
+		errtxt = krb5_get_error_message(context, ret);
-		    krb5_get_err_text(context, ret));
+		if (errtxt != NULL) {
 			warnx("failed to parse principal: %s", errtxt);
 			krb5_free_error_message(context, errtxt);
 		} else {
 			warnx("failed to parse principal: %d", ret);
+		}
 		goto bad;
+	}
 	ret = krb5_get_init_creds_password(context,
 					   &cred,
 					   principal,
 					   NULL,
 					   krb5_prompter_posix,
 					   NULL,
 L,
 					   "kadmin/changepw",
-					   &opt);
+					   opt);
 	switch (ret) {
 	case 0:
 		break;
 	case KRB5_LIBOS_PWDINTR :
 		/* XXX */
 		goto bad;
 	case KRB5KRB_AP_ERR_BAD_INTEGRITY :
 	case KRB5KRB_AP_ERR_MODIFIED :
 		fprintf(stderr, "Password incorrect\n");
 		goto bad;
 	default:
-		warnx("failed to get credentials: %s",
+		errtxt = krb5_get_error_message(context, ret);
-		    krb5_get_err_text(context, ret));
+		if (errtxt != NULL) {
 			warnx("failed to get credentials: %s", errtxt);
 			krb5_free_error_message(context, errtxt);
 		} else {
 			warnx("failed to get credentials: %d", ret);
+		}
 		goto bad;
+ 	}
 	krb5_data_zero(&result_code_string);
 	krb5_data_zero(&result_string);
 	/* XXX use getpass? It has a broken interface. */
 	if (UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf),
 				   "New password: ", 1) != 0)
 		goto bad;
 	ret = krb5_set_password(context, &cred, pwbuf, NULL,
 				&result_code,
 				&result_code_string,
 				&result_string);
 	if (ret) {
-		warnx("unable to set password: %s",
+		errtxt = krb5_get_error_message(context, ret);
-		    krb5_get_err_text(context, ret));
+		if (errtxt != NULL) {
 			warnx("unable to set password: %s", errtxt);
 			krb5_free_error_message(context, errtxt);
 		} else {
 			warnx("unable to set password: %d", ret);
+		}
 		goto bad;
+	}
 	printf("%s%s%.*s\n",
 	    krb5_passwd_result_to_string(context, result_code),
 	    result_string.length > 0 ? " : " : "",
 	    (int)result_string.length,
 	    result_string.length > 0 ? (char *)result_string.data : "");
 	krb5_data_free(&result_code_string);
 	krb5_data_free(&result_string);
 	krb5_free_cred_contents(context, &cred);
 @@ -261,45 +285,56 @@ krb5_end(void)
 int
 krb5_chpw(const char *username)
+{
     krb5_error_code ret;
     krb5_context context;
     krb5_principal principal;
     krb5_get_init_creds_opt opt;
     krb5_creds cred;
     int result_code;
     krb5_data result_code_string, result_string;
     char pwbuf[BUFSIZ];
     const char *errtxt;
     ret = krb5_init_context (&context);
     if (ret) {
-	warnx("failed kerberos initialisation: %s",
+	errtxt = krb5_get_error_message(context, ret);
-	      krb5_get_err_text(context, ret));
+	if (errtxt != NULL) {
 	    warnx("failed kerberos initialisation: %s", errtxt);
 	    krb5_free_error_message(context, errtxt);
 	} else {
 	    warnx("failed kerberos initialisation: %d", ret);
+	}
 	return 1;
+    }
     krb5_get_init_creds_opt_init (&opt);
     krb5_get_init_creds_opt_set_tkt_life (&opt, 300);
     krb5_get_init_creds_opt_set_forwardable (&opt, FALSE);
     krb5_get_init_creds_opt_set_proxiable (&opt, FALSE);
     if(username != NULL) {
         ret = krb5_parse_name (context, username, &principal);
         if (ret) {
-	    warnx("failed to parse principal: %s",
+	    errtxt = krb5_get_error_message(context, ret);
-		  krb5_get_err_text(context, ret));
+	    if (errtxt != NULL) {
 		warnx("failed to parse principal: %s", errtxt);
 		krb5_free_error_message(context, errtxt);
 	    } else {
 		warnx("failed to parse principal: %d", ret);
+	    }
 	    return 1;
+	}
     } else
         principal = defprinc;
     ret = krb5_get_init_creds_password (context,
                                         &cred,
                                         principal,
                                         NULL,
                                         krb5_prompter_posix,
                                         NULL,
 ,
                                         "kadmin/changepw",
 @@ -307,28 +342,33 @@ krb5_chpw(const char *username)
     switch (ret) {
     case 0:
         break;
     case KRB5_LIBOS_PWDINTR :
 	/* XXX */
         return 1;
     case KRB5KRB_AP_ERR_BAD_INTEGRITY :
     case KRB5KRB_AP_ERR_MODIFIED :
 	fprintf(stderr, "Password incorrect\n");
 	return 1;
         break;
     default:
-	warnx("failed to get credentials: %s",
+	errtxt = krb5_get_error_message(context, ret);
-	      krb5_get_err_text(context, ret));
+	if (errtxt != NULL) {
 	    warnx("failed to get credentials: %s", errtxt);
 	    krb5_free_error_message(context, errtxt);
 	} else {
 	    warnx("failed to get credentials: %d", ret);
+	}
 	return 1;
+    }
     krb5_data_zero (&result_code_string);
     krb5_data_zero (&result_string);
     /* XXX use getpass? It has a broken interface. */
     if(UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), "New password: ", 1) != 0)
         return 1;
     ret = krb5_set_password (context, &cred, pwbuf, NULL,
 			     &result_code,
 			     &result_code_string,
 			     &result_string);