less leaks

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3833 ec53bebd-3082-4978-b11e-865c3cabbd6b

kadmin/ank.c

@@ -64,7 +64,7 @@ add_new_key(int argc, char **argv)
     int optind = 0;
     int mask = 0;
     krb5_error_code ret;
-    krb5_principal princ_ent;
+    krb5_principal princ_ent = NULL;
 
     args[0].value = &rkey;
     args[1].value = &password;
@@ -105,6 +105,8 @@ add_new_key(int argc, char **argv)
 	kadm5_free_principal_ent(kadm_handle, &princ);
     }
 out:
+    if(princ_ent)
+	krb5_free_principal(context, princ_ent);
     if(password)
 	memset(password, 0, strlen(password));
     return 0;

kadmin/kadmin.c

@@ -166,5 +166,8 @@ main(int argc, char **argv)
     if (argc != 0)
 	exit(sl_command(commands, argc, argv));
 
-    return sl_loop(commands, "kadmin> ") != 0;
+    ret = sl_loop(commands, "kadmin> ") != 0;
+    kadm5_destroy(kadm_handle);
+    krb5_free_context(context);
+    return ret;
 }

kadmin/server.c

@@ -80,9 +80,11 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
 	ret = kadm5_get_principal(kadm_handle, princ, &ent, mask);
 	sp->seek(sp, 0, SEEK_SET);
 	krb5_store_int32(sp, ret);
-	if(ret == 0)
+	if(ret == 0){
 	    kadm5_store_principal_ent(sp, &ent);
-	kadm5_free_principal_ent(kadm_handle, &ent);
+	    kadm5_free_principal_ent(kadm_handle, &ent);
+	}
+	krb5_free_principal(context->context, princ);
 	break;
     }
     case kadm_delete:{

lib/kadm5/acl.c

@@ -41,6 +41,7 @@
 RCSID("$Id$");
 
 static struct units acl_units[] = {
+    { "all",	KADM5_ACL_ALL },
     { "list",	KADM5_ACL_LIST },
     { "delete",	KADM5_ACL_DELETE },
     { "chpass",	KADM5_ACL_CHPASS },
@@ -60,8 +61,9 @@ _kadm5_acl_init(kadm5_server_context *context)
     krb5_error_code ret;
     
     krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ);
-    if(krb5_principal_compare(context->context, context->caller, princ)){
+    ret = krb5_principal_compare(context->context, context->caller, princ);
-	krb5_free_principal(context->context, princ);
+    krb5_free_principal(context->context, princ);
+    if(ret != 0){
 	context->acl_flags = ~0;
 	return 0;
     }

lib/kadm5/get_c.c

@@ -62,5 +62,6 @@ kadm5_c_get_principal(void *server_handle,
     ret = tmp;
     if(ret == 0)
 	kadm5_ret_principal_ent(sp, out);
+    krb5_storage_free(sp);
     return ret;
 }

lib/kadm5/init_c.c

@@ -114,6 +114,8 @@ kadm5_c_init_with_password_ctx(krb5_context context,
     ret = krb5_sendauth(context, &ctx->ac, &s, KADMIN_APPL_VERSION, NULL, 
 			server, AP_OPTS_MUTUAL_REQUIRED, 
 			NULL, NULL, cc, NULL, NULL, NULL);
+    krb5_free_principal(context, server);
+    krb5_cc_close(context, cc);
     if(ret){
 	close(s);
 	return KADM5_FAILURE;

lib/kadm5/server.c

@@ -80,9 +80,11 @@ kadmind_dispatch(void *kadm_handle, krb5_storage *sp)
 	ret = kadm5_get_principal(kadm_handle, princ, &ent, mask);
 	sp->seek(sp, 0, SEEK_SET);
 	krb5_store_int32(sp, ret);
-	if(ret == 0)
+	if(ret == 0){
 	    kadm5_store_principal_ent(sp, &ent);
-	kadm5_free_principal_ent(kadm_handle, &ent);
+	    kadm5_free_principal_ent(kadm_handle, &ent);
+	}
+	krb5_free_principal(context->context, princ);
 	break;
     }
     case kadm_delete:{

lib/krb5/keytab.c

@@ -149,25 +149,26 @@ krb5_kt_get_entry(krb5_context context,
 		  krb5_keytype keytype,
 		  krb5_keytab_entry *entry)
 {
-  krb5_error_code r;
+    krb5_error_code r;
-  krb5_kt_cursor cursor;
+    krb5_kt_cursor cursor;
 
-  r = krb5_kt_start_seq_get (context, id, &cursor);
+    r = krb5_kt_start_seq_get (context, id, &cursor);
-  if (r)
+    if (r)
-    return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */
+	return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */
-  while (krb5_kt_next_entry(context, id, entry, &cursor) == 0) {
+    while (krb5_kt_next_entry(context, id, entry, &cursor) == 0) {
-    if ((principal == NULL
+	if ((principal == NULL
-	 || (krb5_principal_compare(context,
+	     || (krb5_principal_compare(context,
-				    principal,
+					principal,
-				    entry->principal)))
+					entry->principal)))
-	&& (kvno == 0 || kvno == entry->vno)
+	    && (kvno == 0 || kvno == entry->vno)
-	&& (keytype == 0 || keytype == entry->keyblock.keytype)) {
+	    && (keytype == 0 || keytype == entry->keyblock.keytype)) {
-      krb5_kt_end_seq_get (context, id, &cursor);
+	    krb5_kt_end_seq_get (context, id, &cursor);
-      return 0;
+	    return 0;
+	}
+	krb5_kt_free_entry(context, entry);
     }
-  }
+    krb5_kt_end_seq_get (context, id, &cursor);
-  krb5_kt_end_seq_get (context, id, &cursor);
+    return KRB5_KT_NOTFOUND;
-  return KRB5_KT_NOTFOUND;
 }
 
 krb5_error_code

lib/krb5/sendauth.c

@@ -82,107 +82,114 @@ krb5_sendauth(krb5_context context,
 	      krb5_ap_rep_enc_part **rep_result,
 	      krb5_creds **out_creds)
 {
-  krb5_error_code ret;
+    krb5_error_code ret;
-  int fd = *((int *)p_fd);
+    int fd = *((int *)p_fd);
-  u_int32_t len, net_len;
+    u_int32_t len, net_len;
-  const char *version = KRB5_SENDAUTH_VERSION;
+    const char *version = KRB5_SENDAUTH_VERSION;
-  u_char repl;
+    u_char repl;
-  krb5_data ap_req, error_data;
+    krb5_data ap_req, error_data;
-  krb5_creds this_cred;
+    krb5_creds this_cred;
-  krb5_creds *creds;
+    krb5_principal this_client = NULL;
+    krb5_creds *creds;
 
-  len = strlen(version) + 1;
+    len = strlen(version) + 1;
-  net_len = htonl(len);
+    net_len = htonl(len);
-  if (krb5_net_write (context, fd, &net_len, 4) != 4
+    if (krb5_net_write (context, fd, &net_len, 4) != 4
-      || krb5_net_write (context, fd, version, len) != len)
+	|| krb5_net_write (context, fd, version, len) != len)
-    return errno;
+	return errno;
 
-  len = strlen(appl_version) + 1;
+    len = strlen(appl_version) + 1;
-  net_len = htonl(len);
+    net_len = htonl(len);
-  if (krb5_net_write (context, fd, &net_len, 4) != 4
+    if (krb5_net_write (context, fd, &net_len, 4) != 4
-      || krb5_net_write (context, fd, appl_version, len) != len)
+	|| krb5_net_write (context, fd, appl_version, len) != len)
-    return errno;
+	return errno;
 
-  if (krb5_net_read (context, fd, &repl, sizeof(repl)) != sizeof(repl))
+    if (krb5_net_read (context, fd, &repl, sizeof(repl)) != sizeof(repl))
-    return errno;
+	return errno;
 
-  if (repl != 0)
+    if (repl != 0)
-    return KRB5_SENDAUTH_BADRESPONSE; /* XXX */
+	return KRB5_SENDAUTH_BADRESPONSE; /* XXX */
 
-  if (in_creds == NULL) {
+    if (in_creds == NULL) {
-    if (client == NULL) {
+	if (client == NULL) {
-      ret = krb5_cc_get_principal (context, ccache, &client);
+	    ret = krb5_cc_get_principal (context, ccache, &this_client);
-      if (ret)
+	    if (ret)
-	return ret;
+		return ret;
+	    client = this_client;
+	}
+	memset(&this_cred, 0, sizeof(this_cred));
+	this_cred.client = client;
+	this_cred.server = server;
+	this_cred.times.endtime = 0;
+	this_cred.ticket.length = 0;
+	in_creds = &this_cred;
     }
-    memset(&this_cred, 0, sizeof(this_cred));
+    if (in_creds->ticket.length == 0) {
-    this_cred.client = client;
+	ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
-    this_cred.server = server;
+	if (ret)
-    this_cred.times.endtime = 0;
+	    return ret;
-    this_cred.ticket.length = 0;
+    } else {
-    in_creds = &this_cred;
+	creds = in_creds;
-  }
+    }
-  if (in_creds->ticket.length == 0) {
+    ret = krb5_mk_req_extended (context,
-    ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
+				auth_context,
-    if (ret)
+				ap_req_options,
-      return ret;
+				in_data,
-  } else {
+				creds,
-    creds = in_creds;
+				&ap_req);
-  }
-  if (out_creds)
-    *out_creds = creds;
 
-  ret = krb5_mk_req_extended (context,
+    if (out_creds)
-			      auth_context,
+	*out_creds = creds;
-			      ap_req_options,
+    else
-			      in_data,
+	krb5_free_creds(context, creds);
-			      creds,
+    if(this_client)
-			      &ap_req);
+	krb5_free_principal(context, this_client);
-  if (ret)
-    return ret;
 
-  ret = krb5_write_message (context,
-			    p_fd,
-			    &ap_req);
-  if (ret)
-      return ret;
-
-  krb5_data_free (&ap_req);
-
-  ret = krb5_read_message (context, p_fd, &error_data);
-  if (ret)
-      return ret;
-
-  if (error_data.length != 0) {
-      KRB_ERROR error;
-
-      ret = krb5_rd_error (context, &error_data, &error);
-      krb5_data_free (&error_data);
-      if (ret == 0) {
-	  free_KRB_ERROR(&error);
-	  return error.error_code;
-      } else
-	  return ret;
-  }
-
-  if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
-    krb5_data ap_rep;
-    krb5_ap_rep_enc_part *ignore;
-
-    krb5_data_zero (&ap_rep);
-    ret = krb5_read_message (context,
-			     p_fd,
-			     &ap_rep);
     if (ret)
 	return ret;
 
-    ret = krb5_rd_rep (context, *auth_context, &ap_rep,
+    ret = krb5_write_message (context,
-		       rep_result ? rep_result : &ignore);
+			      p_fd,
+			      &ap_req);
     if (ret)
-      return ret;
+	return ret;
-    if (rep_result == NULL)
+
-      krb5_free_ap_rep_enc_part (context, ignore);
+    krb5_data_free (&ap_req);
-    krb5_data_free (&ap_rep);
+
-  }
+    ret = krb5_read_message (context, p_fd, &error_data);
-  return 0;
+    if (ret)
+	return ret;
+
+    if (error_data.length != 0) {
+	KRB_ERROR error;
+
+	ret = krb5_rd_error (context, &error_data, &error);
+	krb5_data_free (&error_data);
+	if (ret == 0) {
+	    free_KRB_ERROR(&error);
+	    return error.error_code;
+	} else
+	    return ret;
+    }
+
+    if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) {
+	krb5_data ap_rep;
+	krb5_ap_rep_enc_part *ignore;
+
+	krb5_data_zero (&ap_rep);
+	ret = krb5_read_message (context,
+				 p_fd,
+				 &ap_rep);
+	if (ret)
+	    return ret;
+
+	ret = krb5_rd_rep (context, *auth_context, &ap_rep,
+			   rep_result ? rep_result : &ignore);
+	if (ret)
+	    return ret;
+	if (rep_result == NULL)
+	    krb5_free_ap_rep_enc_part (context, ignore);
+	krb5_data_free (&ap_rep);
+    }
+    return 0;
 }

lib/krb5/set_default_realm.c

@@ -73,6 +73,7 @@ krb5_set_default_realm(krb5_context context,
 	
     if (tmp == NULL)
 	return ENOMEM;
+    free(context->default_realm);
     context->default_realm = tmp;
     return 0;
 }