<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[14620] PyKerberos/trunk/src</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/14620">14620</a></dd>
<dt>Author</dt> <dd>wsanchez@apple.com</dd>
<dt>Date</dt> <dd>2015-03-26 14:54:26 -0700 (Thu, 26 Mar 2015)</dd>
</dl>

<h3>Log Message</h3>
<pre>cleanup</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#PyKerberostrunksrckerberosbasich">PyKerberos/trunk/src/kerberosbasic.h</a></li>
<li><a href="#PyKerberostrunksrckerberosgssc">PyKerberos/trunk/src/kerberosgss.c</a></li>
<li><a href="#PyKerberostrunksrckerberosgssh">PyKerberos/trunk/src/kerberosgss.h</a></li>
<li><a href="#PyKerberostrunksrckerberospwc">PyKerberos/trunk/src/kerberospw.c</a></li>
<li><a href="#PyKerberostrunksrckerberospwh">PyKerberos/trunk/src/kerberospw.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="PyKerberostrunksrckerberosbasich"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberosbasic.h (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberosbasic.h        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberosbasic.h        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -20,4 +20,7 @@
</span><span class="cx"> 
</span><span class="cx"> #define krb5_get_err_text(context,code) error_message(code)
</span><span class="cx"> 
</span><del>-int authenticate_user_krb5pwd(const char *user, const char *pswd, const char *service, const char *default_realm);
</del><ins>+int authenticate_user_krb5pwd(
+    const char *user, const char *pswd, const char *service,
+    const char *default_realm
+);
</ins></span></pre></div>
<a id="PyKerberostrunksrckerberosgssc"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberosgss.c (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberosgss.c        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberosgss.c        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -26,7 +26,10 @@
</span><span class="cx"> 
</span><span class="cx"> static void set_gss_error(OM_uint32 err_maj, OM_uint32 err_min);
</span><span class="cx"> 
</span><del>-int create_krb5_ccache(gss_server_state *state, krb5_context kcontext, krb5_principal princ, krb5_ccache *ccache);
</del><ins>+int create_krb5_ccache(
+    gss_server_state *state, krb5_context kcontext, krb5_principal princ,
+    krb5_ccache *ccache
+);
</ins><span class="cx"> 
</span><span class="cx"> extern PyObject *GssException_class;
</span><span class="cx"> extern PyObject *KrbException_class;
</span><span class="lines">@@ -49,38 +52,46 @@
</span><span class="cx">     match_len = strlen(match);
</span><span class="cx">     
</span><span class="cx">     code = krb5_init_context(&amp;kcontext);
</span><del>-    if (code)
-    {
-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;((s:i))&quot;,
-                                                          &quot;Cannot initialize Kerberos5 context&quot;, code));
</del><ins>+    if (code) {
+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(
+                &quot;((s:i))&quot;, &quot;Cannot initialize Kerberos5 context&quot;, code
+            )
+        );
</ins><span class="cx">         return NULL;
</span><span class="cx">     }
</span><span class="cx">     
</span><del>-    if ((code = krb5_kt_default(kcontext, &amp;kt)))
-    {
-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;((s:i))&quot;,
-                                                          &quot;Cannot get default keytab&quot;, code));
</del><ins>+    if ((code = krb5_kt_default(kcontext, &amp;kt))) {
+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(&quot;((s:i))&quot;, &quot;Cannot get default keytab&quot;, code)
+        );
</ins><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="cx">     
</span><del>-    if ((code = krb5_kt_start_seq_get(kcontext, kt, &amp;cursor)))
-    {
-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;((s:i))&quot;,
-                                                          &quot;Cannot get sequence cursor from keytab&quot;, code));
</del><ins>+    if ((code = krb5_kt_start_seq_get(kcontext, kt, &amp;cursor))) {
+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(
+                &quot;((s:i))&quot;, &quot;Cannot get sequence cursor from keytab&quot;, code
+            )
+        );
</ins><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="cx">     
</span><del>-    while ((code = krb5_kt_next_entry(kcontext, kt, &amp;entry, &amp;cursor)) == 0)
-    {
-        if ((code = krb5_unparse_name(kcontext, entry.principal, &amp;pname)))
-        {
-            PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;((s:i))&quot;,
-                                                              &quot;Cannot parse principal name from keytab&quot;, code));
</del><ins>+    while ((code = krb5_kt_next_entry(kcontext, kt, &amp;entry, &amp;cursor)) == 0) {
+        if ((code = krb5_unparse_name(kcontext, entry.principal, &amp;pname))) {
+            PyErr_SetObject(
+                KrbException_class,
+                Py_BuildValue(
+                    &quot;((s:i))&quot;, &quot;Cannot parse principal name from keytab&quot;, code
+                )
+            );
</ins><span class="cx">             goto end;
</span><span class="cx">         }
</span><span class="cx">         
</span><del>-        if (strncmp(pname, match, match_len) == 0)
-        {
</del><ins>+        if (strncmp(pname, match, match_len) == 0) {
</ins><span class="cx">             result = malloc(strlen(pname) + 1);
</span><span class="cx">             strcpy(result, pname);
</span><span class="cx">             krb5_free_unparsed_name(kcontext, pname);
</span><span class="lines">@@ -92,23 +103,29 @@
</span><span class="cx">         krb5_free_keytab_entry_contents(kcontext, &amp;entry);
</span><span class="cx">     }
</span><span class="cx">     
</span><del>-    if (result == NULL)
-    {
-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;((s:i))&quot;,
-                                                          &quot;Principal not found in keytab&quot;, -1));
</del><ins>+    if (result == NULL) {
+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(&quot;((s:i))&quot;, &quot;Principal not found in keytab&quot;, -1)
+        );
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx"> end:
</span><del>-    if (cursor)
</del><ins>+    if (cursor) {
</ins><span class="cx">         krb5_kt_end_seq_get(kcontext, kt, &amp;cursor);
</span><del>-    if (kt)
</del><ins>+    }
+    if (kt) {
</ins><span class="cx">         krb5_kt_close(kcontext, kt);
</span><ins>+    }
</ins><span class="cx">     krb5_free_context(kcontext);
</span><span class="cx">     
</span><span class="cx">     return result;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-int authenticate_gss_client_init(const char* service, const char* principal, long int gss_flags, gss_server_state* delegatestate, gss_client_state* state)
</del><ins>+int authenticate_gss_client_init(
+    const char* service, const char* principal, long int gss_flags,
+    gss_server_state* delegatestate, gss_client_state* state
+)
</ins><span class="cx"> {
</span><span class="cx">     OM_uint32 maj_stat;
</span><span class="cx">     OM_uint32 min_stat;
</span><span class="lines">@@ -127,54 +144,52 @@
</span><span class="cx">     name_token.length = strlen(service);
</span><span class="cx">     name_token.value = (char *)service;
</span><span class="cx">     
</span><del>-    maj_stat = gss_import_name(&amp;min_stat, &amp;name_token, gss_krb5_nt_service_name, &amp;state-&gt;server_name);
</del><ins>+    maj_stat = gss_import_name(
+        &amp;min_stat, &amp;name_token, gss_krb5_nt_service_name, &amp;state-&gt;server_name
+    );
</ins><span class="cx">     
</span><del>-    if (GSS_ERROR(maj_stat))
-    {
</del><ins>+    if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">         set_gss_error(maj_stat, min_stat);
</span><span class="cx">         ret = AUTH_GSS_ERROR;
</span><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="cx">     // Use the delegate credentials if they exist
</span><del>-    if (delegatestate &amp;&amp; delegatestate-&gt;client_creds != GSS_C_NO_CREDENTIAL)
-    {
</del><ins>+    if (delegatestate &amp;&amp; delegatestate-&gt;client_creds != GSS_C_NO_CREDENTIAL) {
</ins><span class="cx">         state-&gt;client_creds = delegatestate-&gt;client_creds;
</span><span class="cx">     }
</span><del>-
</del><span class="cx">     // If available use the principal to extract its associated credentials
</span><del>-    else if (principal &amp;&amp; *principal)
-    {
</del><ins>+    else if (principal &amp;&amp; *principal) {
</ins><span class="cx">         gss_name_t name;
</span><span class="cx">         principal_token.length = strlen(principal);
</span><span class="cx">         principal_token.value = (char *)principal;
</span><span class="cx"> 
</span><del>-        maj_stat = gss_import_name(&amp;min_stat, &amp;principal_token, GSS_C_NT_USER_NAME, &amp;name);
-        if (GSS_ERROR(maj_stat))
-        {
</del><ins>+        maj_stat = gss_import_name(
+            &amp;min_stat, &amp;principal_token, GSS_C_NT_USER_NAME, &amp;name
+        );
+        if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">             set_gss_error(maj_stat, min_stat);
</span><span class="cx">             ret = AUTH_GSS_ERROR;
</span><del>-            goto end;
</del><ins>+                goto end;
</ins><span class="cx">         }
</span><span class="cx"> 
</span><del>-        maj_stat = gss_acquire_cred(&amp;min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE, 
-                                    &amp;state-&gt;client_creds, NULL, NULL);
-        if (GSS_ERROR(maj_stat))
-        {
</del><ins>+        maj_stat = gss_acquire_cred(
+            &amp;min_stat, name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+            GSS_C_INITIATE, &amp;state-&gt;client_creds, NULL, NULL
+        );
+        if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">             set_gss_error(maj_stat, min_stat);
</span><span class="cx">             ret = AUTH_GSS_ERROR;
</span><del>-            goto end;
</del><ins>+            goto end;
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         maj_stat = gss_release_name(&amp;min_stat, &amp;name);
</span><del>-        if (GSS_ERROR(maj_stat))
-        {
-            set_gss_error(maj_stat, min_stat);
</del><ins>+        if (GSS_ERROR(maj_stat)) {
+            set_gss_error(maj_stat, min_stat);
</ins><span class="cx">             ret = AUTH_GSS_ERROR;
</span><span class="cx">             goto end;
</span><span class="cx">         }
</span><ins>+    }
</ins><span class="cx"> 
</span><del>-      }
-
</del><span class="cx"> end:
</span><span class="cx">     return ret;
</span><span class="cx"> }
</span><span class="lines">@@ -185,19 +200,25 @@
</span><span class="cx">     OM_uint32 min_stat;
</span><span class="cx">     int ret = AUTH_GSS_COMPLETE;
</span><span class="cx">     
</span><del>-    if (state-&gt;context != GSS_C_NO_CONTEXT)
-        maj_stat = gss_delete_sec_context(&amp;min_stat, &amp;state-&gt;context, GSS_C_NO_BUFFER);
-    if (state-&gt;server_name != GSS_C_NO_NAME)
</del><ins>+    if (state-&gt;context != GSS_C_NO_CONTEXT) {
+        maj_stat = gss_delete_sec_context(
+            &amp;min_stat, &amp;state-&gt;context, GSS_C_NO_BUFFER
+        );
+    }
+    if (state-&gt;server_name != GSS_C_NO_NAME) {
</ins><span class="cx">         maj_stat = gss_release_name(&amp;min_stat, &amp;state-&gt;server_name);
</span><del>-    if (state-&gt;client_creds != GSS_C_NO_CREDENTIAL &amp;&amp; !(state-&gt;gss_flags &amp; GSS_C_DELEG_FLAG))
</del><ins>+    }
+    if (
+        state-&gt;client_creds != GSS_C_NO_CREDENTIAL &amp;&amp;
+        ! (state-&gt;gss_flags &amp; GSS_C_DELEG_FLAG)
+    ) {
</ins><span class="cx">         maj_stat = gss_release_cred(&amp;min_stat, &amp;state-&gt;client_creds);
</span><del>-    if (state-&gt;username != NULL)
-    {
</del><ins>+    }
+    if (state-&gt;username != NULL) {
</ins><span class="cx">         free(state-&gt;username);
</span><span class="cx">         state-&gt;username = NULL;
</span><span class="cx">     }
</span><del>-    if (state-&gt;response != NULL)
-    {
</del><ins>+    if (state-&gt;response != NULL) {
</ins><span class="cx">         free(state-&gt;response);
</span><span class="cx">         state-&gt;response = NULL;
</span><span class="cx">     }
</span><span class="lines">@@ -205,8 +226,9 @@
</span><span class="cx">     return ret;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-int authenticate_gss_client_step(gss_client_state* state, const char* challenge)
-{
</del><ins>+int authenticate_gss_client_step(
+    gss_client_state* state, const char* challenge
+) {
</ins><span class="cx">     OM_uint32 maj_stat;
</span><span class="cx">     OM_uint32 min_stat;
</span><span class="cx">     gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
</span><span class="lines">@@ -214,15 +236,13 @@
</span><span class="cx">     int ret = AUTH_GSS_CONTINUE;
</span><span class="cx">     
</span><span class="cx">     // Always clear out the old response
</span><del>-    if (state-&gt;response != NULL)
-    {
</del><ins>+    if (state-&gt;response != NULL) {
</ins><span class="cx">         free(state-&gt;response);
</span><span class="cx">         state-&gt;response = NULL;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     // If there is a challenge (data from the server) we need to give it to GSS
</span><del>-    if (challenge &amp;&amp; *challenge)
-    {
</del><ins>+    if (challenge &amp;&amp; *challenge) {
</ins><span class="cx">         size_t len;
</span><span class="cx">         input_token.value = base64_decode(challenge, &amp;len);
</span><span class="cx">         input_token.length = len;
</span><span class="lines">@@ -230,23 +250,24 @@
</span><span class="cx">     
</span><span class="cx">     // Do GSSAPI step
</span><span class="cx">     Py_BEGIN_ALLOW_THREADS
</span><del>-    maj_stat = gss_init_sec_context(&amp;min_stat,
-                                    state-&gt;client_creds,
-                                    &amp;state-&gt;context,
-                                    state-&gt;server_name,
-                                    GSS_C_NO_OID,
-                                    (OM_uint32)state-&gt;gss_flags,
-                                    0,
-                                    GSS_C_NO_CHANNEL_BINDINGS,
-                                    &amp;input_token,
-                                    NULL,
-                                    &amp;output_token,
-                                    NULL,
-                                    NULL);
</del><ins>+    maj_stat = gss_init_sec_context(
+        &amp;min_stat,
+        state-&gt;client_creds,
+        &amp;state-&gt;context,
+        state-&gt;server_name,
+        GSS_C_NO_OID,
+        (OM_uint32)state-&gt;gss_flags,
+        0,
+        GSS_C_NO_CHANNEL_BINDINGS,
+        &amp;input_token,
+        NULL,
+        &amp;output_token,
+        NULL,
+        NULL
+    );
</ins><span class="cx">     Py_END_ALLOW_THREADS
</span><span class="cx">     
</span><del>-    if ((maj_stat != GSS_S_COMPLETE) &amp;&amp; (maj_stat != GSS_S_CONTINUE_NEEDED))
-    {
</del><ins>+    if ((maj_stat != GSS_S_COMPLETE) &amp;&amp; (maj_stat != GSS_S_CONTINUE_NEEDED)) {
</ins><span class="cx">         set_gss_error(maj_stat, min_stat);
</span><span class="cx">         ret = AUTH_GSS_ERROR;
</span><span class="cx">         goto end;
</span><span class="lines">@@ -254,19 +275,16 @@
</span><span class="cx">     
</span><span class="cx">     ret = (maj_stat == GSS_S_COMPLETE) ? AUTH_GSS_COMPLETE : AUTH_GSS_CONTINUE;
</span><span class="cx">     // Grab the client response to send back to the server
</span><del>-    if (output_token.length)
-    {
</del><ins>+    if (output_token.length) {
</ins><span class="cx">         state-&gt;response = base64_encode((const unsigned char *)output_token.value, output_token.length);;
</span><span class="cx">         maj_stat = gss_release_buffer(&amp;min_stat, &amp;output_token);
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     // Try to get the user name if we have completed all GSS operations
</span><del>-    if (ret == AUTH_GSS_COMPLETE)
-    {
</del><ins>+    if (ret == AUTH_GSS_COMPLETE) {
</ins><span class="cx">         gss_name_t gssuser = GSS_C_NO_NAME;
</span><span class="cx">         maj_stat = gss_inquire_context(&amp;min_stat, state-&gt;context, &amp;gssuser, NULL, NULL, NULL,  NULL, NULL, NULL);
</span><del>-        if (GSS_ERROR(maj_stat))
-        {
</del><ins>+        if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">             set_gss_error(maj_stat, min_stat);
</span><span class="cx">             ret = AUTH_GSS_ERROR;
</span><span class="cx">             goto end;
</span><span class="lines">@@ -275,8 +293,7 @@
</span><span class="cx">         gss_buffer_desc name_token;
</span><span class="cx">         name_token.length = 0;
</span><span class="cx">         maj_stat = gss_display_name(&amp;min_stat, gssuser, &amp;name_token, NULL);
</span><del>-        if (GSS_ERROR(maj_stat))
-        {
</del><ins>+        if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">             if (name_token.value)
</span><span class="cx">                 gss_release_buffer(&amp;min_stat, &amp;name_token);
</span><span class="cx">             gss_release_name(&amp;min_stat, &amp;gssuser);
</span><span class="lines">@@ -284,9 +301,7 @@
</span><span class="cx">             set_gss_error(maj_stat, min_stat);
</span><span class="cx">             ret = AUTH_GSS_ERROR;
</span><span class="cx">             goto end;
</span><del>-        }
-        else
-        {
</del><ins>+        } else {
</ins><span class="cx">             state-&gt;username = (char *)malloc(name_token.length + 1);
</span><span class="cx">             strncpy(state-&gt;username, (char*) name_token.value, name_token.length);
</span><span class="cx">             state-&gt;username[name_token.length] = 0;
</span><span class="lines">@@ -294,16 +309,20 @@
</span><span class="cx">             gss_release_name(&amp;min_stat, &amp;gssuser);
</span><span class="cx">         }
</span><span class="cx">     }
</span><ins>+
</ins><span class="cx"> end:
</span><del>-    if (output_token.value)
</del><ins>+    if (output_token.value) {
</ins><span class="cx">         gss_release_buffer(&amp;min_stat, &amp;output_token);
</span><del>-    if (input_token.value)
</del><ins>+    }
+    if (input_token.value) {
</ins><span class="cx">         free(input_token.value);
</span><ins>+    }
</ins><span class="cx">     return ret;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-int authenticate_gss_client_unwrap(gss_client_state *state, const char *challenge)
-{
</del><ins>+int authenticate_gss_client_unwrap(
+    gss_client_state *state, const char *challenge
+) {
</ins><span class="cx">         OM_uint32 maj_stat;
</span><span class="cx">         OM_uint32 min_stat;
</span><span class="cx">         gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
</span><span class="lines">@@ -312,55 +331,60 @@
</span><span class="cx">         int conf = 0;
</span><span class="cx">     
</span><span class="cx">         // Always clear out the old response
</span><del>-        if (state-&gt;response != NULL)
-        {
</del><ins>+        if (state-&gt;response != NULL) {
</ins><span class="cx">                 free(state-&gt;response);
</span><span class="cx">                 state-&gt;response = NULL;
</span><span class="cx">                 state-&gt;responseConf = 0;
</span><span class="cx">         }
</span><span class="cx">     
</span><span class="cx">         // If there is a challenge (data from the server) we need to give it to GSS
</span><del>-        if (challenge &amp;&amp; *challenge)
-        {
</del><ins>+        if (challenge &amp;&amp; *challenge) {
</ins><span class="cx">                 size_t len;
</span><span class="cx">                 input_token.value = base64_decode(challenge, &amp;len);
</span><span class="cx">                 input_token.length = len;
</span><span class="cx">         }
</span><span class="cx">     
</span><span class="cx">         // Do GSSAPI step
</span><del>-        maj_stat = gss_unwrap(&amp;min_stat,
-                          state-&gt;context,
-                          &amp;input_token,
-                          &amp;output_token,
-                          &amp;conf,
-                          NULL);
</del><ins>+        maj_stat = gss_unwrap(
+        &amp;min_stat,
+        state-&gt;context,
+        &amp;input_token,
+        &amp;output_token,
+        &amp;conf,
+        NULL
+    );
</ins><span class="cx">     
</span><del>-        if (maj_stat != GSS_S_COMPLETE)
-        {
</del><ins>+        if (maj_stat != GSS_S_COMPLETE)        {
</ins><span class="cx">                 set_gss_error(maj_stat, min_stat);
</span><span class="cx">                 ret = AUTH_GSS_ERROR;
</span><span class="cx">                 goto end;
</span><del>-        }
-        else
</del><ins>+        } else {
</ins><span class="cx">                 ret = AUTH_GSS_COMPLETE;
</span><ins>+    }
</ins><span class="cx">     
</span><span class="cx">         // Grab the client response
</span><del>-        if (output_token.length)
-        {
-                state-&gt;response = base64_encode((const unsigned char *)output_token.value, output_token.length);
</del><ins>+        if (output_token.length) {
+                state-&gt;response = base64_encode(
+            (const unsigned char *)output_token.value, output_token.length
+        );
</ins><span class="cx">                 state-&gt;responseConf = conf;
</span><span class="cx">                 maj_stat = gss_release_buffer(&amp;min_stat, &amp;output_token);
</span><span class="cx">         }
</span><ins>+
</ins><span class="cx"> end:
</span><del>-        if (output_token.value)
</del><ins>+        if (output_token.value) {
</ins><span class="cx">                 gss_release_buffer(&amp;min_stat, &amp;output_token);
</span><del>-        if (input_token.value)
</del><ins>+    }
+        if (input_token.value) {
</ins><span class="cx">                 free(input_token.value);
</span><ins>+    }
</ins><span class="cx">         return ret;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge, const char* user, int protect)
-{
</del><ins>+int authenticate_gss_client_wrap(
+    gss_client_state* state, const char* challenge, const char* user,
+    int protect
+) {
</ins><span class="cx">         OM_uint32 maj_stat;
</span><span class="cx">         OM_uint32 min_stat;
</span><span class="cx">         gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
</span><span class="lines">@@ -370,14 +394,12 @@
</span><span class="cx">         unsigned long buf_size;
</span><span class="cx">     
</span><span class="cx">         // Always clear out the old response
</span><del>-        if (state-&gt;response != NULL)
-        {
</del><ins>+        if (state-&gt;response != NULL) {
</ins><span class="cx">                 free(state-&gt;response);
</span><span class="cx">                 state-&gt;response = NULL;
</span><span class="cx">         }
</span><span class="cx">     
</span><del>-        if (challenge &amp;&amp; *challenge)
-        {
</del><ins>+        if (challenge &amp;&amp; *challenge) {
</ins><span class="cx">                 size_t len;
</span><span class="cx">                 input_token.value = base64_decode(challenge, &amp;len);
</span><span class="cx">                 input_token.length = len;
</span><span class="lines">@@ -390,10 +412,12 @@
</span><span class="cx">                 buf_size = ntohl(*((long *) input_token.value));
</span><span class="cx">                 free(input_token.value);
</span><span class="cx"> #ifdef PRINTFS
</span><del>-                printf(&quot;User: %s, %c%c%c\n&quot;, user,
-               server_conf_flags &amp; GSS_AUTH_P_NONE      ? 'N' : '-',
-               server_conf_flags &amp; GSS_AUTH_P_INTEGRITY ? 'I' : '-',
-               server_conf_flags &amp; GSS_AUTH_P_PRIVACY   ? 'P' : '-');
</del><ins>+                printf(
+            &quot;User: %s, %c%c%c\n&quot;, user,
+            server_conf_flags &amp; GSS_AUTH_P_NONE      ? 'N' : '-',
+            server_conf_flags &amp; GSS_AUTH_P_INTEGRITY ? 'I' : '-',
+            server_conf_flags &amp; GSS_AUTH_P_PRIVACY   ? 'P' : '-'
+        );
</ins><span class="cx">                 printf(&quot;Maximum GSS token size is %ld\n&quot;, buf_size);
</span><span class="cx"> #endif
</span><span class="cx">         
</span><span class="lines">@@ -408,31 +432,33 @@
</span><span class="cx">         }
</span><span class="cx">     
</span><span class="cx">         // Do GSSAPI wrap
</span><del>-        maj_stat = gss_wrap(&amp;min_stat,
-                                                state-&gt;context,
-                                                protect,
-                                                GSS_C_QOP_DEFAULT,
-                                                &amp;input_token,
-                                                NULL,
-                                                &amp;output_token);
</del><ins>+        maj_stat = gss_wrap(
+        &amp;min_stat,
+        state-&gt;context,
+        protect,
+        GSS_C_QOP_DEFAULT,
+        &amp;input_token,
+        NULL,
+        &amp;output_token
+    );
</ins><span class="cx">     
</span><del>-        if (maj_stat != GSS_S_COMPLETE)
-        {
</del><ins>+        if (maj_stat != GSS_S_COMPLETE)        {
</ins><span class="cx">                 set_gss_error(maj_stat, min_stat);
</span><span class="cx">                 ret = AUTH_GSS_ERROR;
</span><span class="cx">                 goto end;
</span><del>-        }
-        else
</del><ins>+        } else {
</ins><span class="cx">                 ret = AUTH_GSS_COMPLETE;
</span><ins>+    }
</ins><span class="cx">         // Grab the client response to send back to the server
</span><del>-        if (output_token.length)
-        {
</del><ins>+        if (output_token.length) {
</ins><span class="cx">                 state-&gt;response = base64_encode((const unsigned char *)output_token.value, output_token.length);;
</span><span class="cx">                 maj_stat = gss_release_buffer(&amp;min_stat, &amp;output_token);
</span><span class="cx">         }
</span><ins>+
</ins><span class="cx"> end:
</span><del>-        if (output_token.value)
</del><ins>+        if (output_token.value) {
</ins><span class="cx">                 gss_release_buffer(&amp;min_stat, &amp;output_token);
</span><ins>+    }
</ins><span class="cx">         return ret;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -455,27 +481,29 @@
</span><span class="cx">     
</span><span class="cx">     // Server name may be empty which means we aren't going to create our own creds
</span><span class="cx">     size_t service_len = strlen(service);
</span><del>-    if (service_len != 0)
-    {
</del><ins>+    if (service_len != 0) {
</ins><span class="cx">         // Import server name first
</span><span class="cx">         name_token.length = strlen(service);
</span><span class="cx">         name_token.value = (char *)service;
</span><span class="cx">         
</span><del>-        maj_stat = gss_import_name(&amp;min_stat, &amp;name_token, GSS_C_NT_HOSTBASED_SERVICE, &amp;state-&gt;server_name);
</del><ins>+        maj_stat = gss_import_name(
+            &amp;min_stat, &amp;name_token, GSS_C_NT_HOSTBASED_SERVICE,
+            &amp;state-&gt;server_name
+        );
</ins><span class="cx">         
</span><del>-        if (GSS_ERROR(maj_stat))
-        {
</del><ins>+        if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">             set_gss_error(maj_stat, min_stat);
</span><span class="cx">             ret = AUTH_GSS_ERROR;
</span><span class="cx">             goto end;
</span><span class="cx">         }
</span><del>-        
</del><ins>+
</ins><span class="cx">         // Get credentials
</span><del>-        maj_stat = gss_acquire_cred(&amp;min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE,
-                                    GSS_C_NO_OID_SET, GSS_C_BOTH, &amp;state-&gt;server_creds, NULL, NULL);
-        
-        if (GSS_ERROR(maj_stat))
-        {
</del><ins>+        maj_stat = gss_acquire_cred(
+            &amp;min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+            GSS_C_BOTH, &amp;state-&gt;server_creds, NULL, NULL
+        );
+
+        if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">             set_gss_error(maj_stat, min_stat);
</span><span class="cx">             ret = AUTH_GSS_ERROR;
</span><span class="cx">             goto end;
</span><span class="lines">@@ -492,34 +520,36 @@
</span><span class="cx">     OM_uint32 min_stat;
</span><span class="cx">     int ret = AUTH_GSS_COMPLETE;
</span><span class="cx">     
</span><del>-    if (state-&gt;context != GSS_C_NO_CONTEXT)
-        maj_stat = gss_delete_sec_context(&amp;min_stat, &amp;state-&gt;context, GSS_C_NO_BUFFER);
-    if (state-&gt;server_name != GSS_C_NO_NAME)
</del><ins>+    if (state-&gt;context != GSS_C_NO_CONTEXT) {
+        maj_stat = gss_delete_sec_context(
+            &amp;min_stat, &amp;state-&gt;context, GSS_C_NO_BUFFER
+        );
+    }
+    if (state-&gt;server_name != GSS_C_NO_NAME) {
</ins><span class="cx">         maj_stat = gss_release_name(&amp;min_stat, &amp;state-&gt;server_name);
</span><del>-    if (state-&gt;client_name != GSS_C_NO_NAME)
</del><ins>+    }
+    if (state-&gt;client_name != GSS_C_NO_NAME) {
</ins><span class="cx">         maj_stat = gss_release_name(&amp;min_stat, &amp;state-&gt;client_name);
</span><del>-    if (state-&gt;server_creds != GSS_C_NO_CREDENTIAL)
</del><ins>+    }
+    if (state-&gt;server_creds != GSS_C_NO_CREDENTIAL) {
</ins><span class="cx">         maj_stat = gss_release_cred(&amp;min_stat, &amp;state-&gt;server_creds);
</span><del>-    if (state-&gt;client_creds != GSS_C_NO_CREDENTIAL)
</del><ins>+    }
+    if (state-&gt;client_creds != GSS_C_NO_CREDENTIAL) {
</ins><span class="cx">         maj_stat = gss_release_cred(&amp;min_stat, &amp;state-&gt;client_creds);
</span><del>-    if (state-&gt;username != NULL)
-    {
</del><ins>+    }
+    if (state-&gt;username != NULL) {
</ins><span class="cx">         free(state-&gt;username);
</span><span class="cx">         state-&gt;username = NULL;
</span><span class="cx">     }
</span><del>-    if (state-&gt;targetname != NULL)
-    {
</del><ins>+    if (state-&gt;targetname != NULL) {
</ins><span class="cx">         free(state-&gt;targetname);
</span><span class="cx">         state-&gt;targetname = NULL;
</span><span class="cx">     }
</span><del>-    if (state-&gt;response != NULL)
-    {
</del><ins>+    if (state-&gt;response != NULL) {
</ins><span class="cx">         free(state-&gt;response);
</span><span class="cx">         state-&gt;response = NULL;
</span><span class="cx">     }
</span><del>-
-    if (state-&gt;ccname != NULL)
-    {
</del><ins>+    if (state-&gt;ccname != NULL) {
</ins><span class="cx">         free(state-&gt;ccname);
</span><span class="cx">         state-&gt;ccname = NULL;
</span><span class="cx">     }
</span><span class="lines">@@ -527,8 +557,9 @@
</span><span class="cx">     return ret;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-int authenticate_gss_server_step(gss_server_state *state, const char *challenge)
-{
</del><ins>+int authenticate_gss_server_step(
+    gss_server_state *state, const char *challenge
+) {
</ins><span class="cx">     OM_uint32 maj_stat;
</span><span class="cx">     OM_uint32 min_stat;
</span><span class="cx">     gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
</span><span class="lines">@@ -536,58 +567,59 @@
</span><span class="cx">     int ret = AUTH_GSS_CONTINUE;
</span><span class="cx">     
</span><span class="cx">     // Always clear out the old response
</span><del>-    if (state-&gt;response != NULL)
-    {
</del><ins>+    if (state-&gt;response != NULL) {
</ins><span class="cx">         free(state-&gt;response);
</span><span class="cx">         state-&gt;response = NULL;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     // If there is a challenge (data from the server) we need to give it to GSS
</span><del>-    if (challenge &amp;&amp; *challenge)
-    {
</del><ins>+    if (challenge &amp;&amp; *challenge) {
</ins><span class="cx">         size_t len;
</span><span class="cx">         input_token.value = base64_decode(challenge, &amp;len);
</span><span class="cx">         input_token.length = len;
</span><del>-    }
-    else
-    {
-        PyErr_SetString(KrbException_class, &quot;No challenge parameter in request from client&quot;);
</del><ins>+    } else {
+        PyErr_SetString(
+            KrbException_class, &quot;No challenge parameter in request from client&quot;
+        );
</ins><span class="cx">         ret = AUTH_GSS_ERROR;
</span><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     Py_BEGIN_ALLOW_THREADS
</span><del>-    maj_stat = gss_accept_sec_context(&amp;min_stat,
-                                      &amp;state-&gt;context,
-                                      state-&gt;server_creds,
-                                      &amp;input_token,
-                                      GSS_C_NO_CHANNEL_BINDINGS,
-                                      &amp;state-&gt;client_name,
-                                      NULL,
-                                      &amp;output_token,
-                                      NULL,
-                                      NULL,
-                                      &amp;state-&gt;client_creds);
</del><ins>+    maj_stat = gss_accept_sec_context(
+        &amp;min_stat,
+        &amp;state-&gt;context,
+        state-&gt;server_creds,
+        &amp;input_token,
+        GSS_C_NO_CHANNEL_BINDINGS,
+        &amp;state-&gt;client_name,
+        NULL,
+        &amp;output_token,
+        NULL,
+        NULL,
+        &amp;state-&gt;client_creds
+    );
</ins><span class="cx">     Py_END_ALLOW_THREADS
</span><span class="cx">     
</span><del>-    if (GSS_ERROR(maj_stat))
-    {
</del><ins>+    if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">         set_gss_error(maj_stat, min_stat);
</span><span class="cx">         ret = AUTH_GSS_ERROR;
</span><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     // Grab the server response to send back to the client
</span><del>-    if (output_token.length)
-    {
-        state-&gt;response = base64_encode((const unsigned char *)output_token.value, output_token.length);;
</del><ins>+    if (output_token.length) {
+        state-&gt;response = base64_encode(
+            (const unsigned char *)output_token.value, output_token.length
+        );;
</ins><span class="cx">         maj_stat = gss_release_buffer(&amp;min_stat, &amp;output_token);
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     // Get the user name
</span><del>-    maj_stat = gss_display_name(&amp;min_stat, state-&gt;client_name, &amp;output_token, NULL);
-    if (GSS_ERROR(maj_stat))
-    {
</del><ins>+    maj_stat = gss_display_name(
+        &amp;min_stat, state-&gt;client_name, &amp;output_token, NULL
+    );
+    if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">         set_gss_error(maj_stat, min_stat);
</span><span class="cx">         ret = AUTH_GSS_ERROR;
</span><span class="cx">         goto end;
</span><span class="lines">@@ -597,35 +629,41 @@
</span><span class="cx">     state-&gt;username[output_token.length] = 0;
</span><span class="cx">     
</span><span class="cx">     // Get the target name if no server creds were supplied
</span><del>-    if (state-&gt;server_creds == GSS_C_NO_CREDENTIAL)
-    {
</del><ins>+    if (state-&gt;server_creds == GSS_C_NO_CREDENTIAL) {
</ins><span class="cx">         gss_name_t target_name = GSS_C_NO_NAME;
</span><del>-        maj_stat = gss_inquire_context(&amp;min_stat, state-&gt;context, NULL, &amp;target_name, NULL, NULL, NULL, NULL, NULL);
-        if (GSS_ERROR(maj_stat))
-        {
</del><ins>+        maj_stat = gss_inquire_context(
+            &amp;min_stat, state-&gt;context, NULL, &amp;target_name, NULL, NULL, NULL,
+            NULL, NULL
+        );
+        if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">             set_gss_error(maj_stat, min_stat);
</span><span class="cx">             ret = AUTH_GSS_ERROR;
</span><span class="cx">             goto end;
</span><span class="cx">         }
</span><del>-        maj_stat = gss_display_name(&amp;min_stat, target_name, &amp;output_token, NULL);
-        if (GSS_ERROR(maj_stat))
-        {
</del><ins>+        maj_stat = gss_display_name(
+            &amp;min_stat, target_name, &amp;output_token, NULL
+        );
+        if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">             set_gss_error(maj_stat, min_stat);
</span><span class="cx">             ret = AUTH_GSS_ERROR;
</span><span class="cx">             goto end;
</span><span class="cx">         }
</span><span class="cx">         state-&gt;targetname = (char *)malloc(output_token.length + 1);
</span><del>-        strncpy(state-&gt;targetname, (char*) output_token.value, output_token.length);
</del><ins>+        strncpy(
+            state-&gt;targetname, (char*) output_token.value, output_token.length
+        );
</ins><span class="cx">         state-&gt;targetname[output_token.length] = 0;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     ret = AUTH_GSS_COMPLETE;
</span><span class="cx">     
</span><span class="cx"> end:
</span><del>-    if (output_token.length)
</del><ins>+    if (output_token.length) {
</ins><span class="cx">         gss_release_buffer(&amp;min_stat, &amp;output_token);
</span><del>-    if (input_token.value)
</del><ins>+    }
+    if (input_token.value) {
</ins><span class="cx">         free(input_token.value);
</span><ins>+    }
</ins><span class="cx">     return ret;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -642,33 +680,39 @@
</span><span class="cx">     char buf_maj[512];
</span><span class="cx">     char buf_min[512];
</span><span class="cx">     
</span><del>-    do
-    {
-        maj_stat = gss_display_status (&amp;min_stat,
-                                       err_maj,
-                                       GSS_C_GSS_CODE,
-                                       GSS_C_NO_OID,
-                                       &amp;msg_ctx,
-                                       &amp;status_string);
-        if (GSS_ERROR(maj_stat))
</del><ins>+    do {
+        maj_stat = gss_display_status(
+            &amp;min_stat,
+            err_maj,
+            GSS_C_GSS_CODE,
+            GSS_C_NO_OID,
+            &amp;msg_ctx,
+            &amp;status_string
+        );
+        if (GSS_ERROR(maj_stat)) {
</ins><span class="cx">             break;
</span><ins>+        }
</ins><span class="cx">         strncpy(buf_maj, (char*) status_string.value, sizeof(buf_maj));
</span><span class="cx">         gss_release_buffer(&amp;min_stat, &amp;status_string);
</span><span class="cx">         
</span><del>-        maj_stat = gss_display_status (&amp;min_stat,
-                                       err_min,
-                                       GSS_C_MECH_CODE,
-                                       GSS_C_NULL_OID,
-                                       &amp;msg_ctx,
-                                       &amp;status_string);
-        if (!GSS_ERROR(maj_stat))
-        {
</del><ins>+        maj_stat = gss_display_status(
+            &amp;min_stat,
+            err_min,
+            GSS_C_MECH_CODE,
+            GSS_C_NULL_OID,
+            &amp;msg_ctx,
+            &amp;status_string
+        );
+        if (! GSS_ERROR(maj_stat)) {
</ins><span class="cx">             strncpy(buf_min, (char*) status_string.value, sizeof(buf_min));
</span><span class="cx">             gss_release_buffer(&amp;min_stat, &amp;status_string);
</span><span class="cx">         }
</span><span class="cx">     } while (!GSS_ERROR(maj_stat) &amp;&amp; msg_ctx != 0);
</span><span class="cx">     
</span><del>-    PyErr_SetObject(GssException_class, Py_BuildValue(&quot;((s:i)(s:i))&quot;, buf_maj, err_maj, buf_min, err_min));
</del><ins>+    PyErr_SetObject(
+        GssException_class,
+        Py_BuildValue(&quot;((s:i)(s:i))&quot;, buf_maj, err_maj, buf_min, err_min)
+    );
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> int authenticate_gss_server_store_delegate(gss_server_state *state)
</span><span class="lines">@@ -683,26 +727,44 @@
</span><span class="cx">     int ret = 500;
</span><span class="cx"> 
</span><span class="cx">     if (delegated_cred == GSS_C_NO_CREDENTIAL){
</span><del>-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;(s)&quot;, &quot;Ticket is not delegatable&quot;));
</del><ins>+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(&quot;(s)&quot;, &quot;Ticket is not delegatable&quot;)
+        );
</ins><span class="cx">         return AUTH_GSS_ERROR;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     problem = krb5_init_context(&amp;context);
</span><span class="cx">     if (problem) {
</span><del>-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;(s)&quot;, &quot;Cannot initialize krb5 context&quot;));
</del><ins>+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(&quot;(s)&quot;, &quot;Cannot initialize krb5 context&quot;)
+        );
</ins><span class="cx">         return AUTH_GSS_ERROR;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     problem = krb5_parse_name(context, princ_name, &amp;princ);
</span><span class="cx">     if (problem) {
</span><del>-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;(s:s)&quot;, &quot;Cannot parse delegated username&quot;, krb5_get_err_text(context, problem)));
</del><ins>+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(
+                &quot;(s:s)&quot;, &quot;Cannot parse delegated username&quot;,
+                krb5_get_err_text(context, problem)
+            )
+        );
</ins><span class="cx">         ret = AUTH_GSS_ERROR;
</span><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     problem = create_krb5_ccache(state, context, princ, &amp;ccache);
</span><span class="cx">     if (problem) {
</span><del>-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;(s:s)&quot;, &quot;Error in creating krb5 cache&quot;, krb5_get_err_text(context, problem)));
</del><ins>+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(
+                &quot;(s:s)&quot;, &quot;Error in creating krb5 cache&quot;,
+                krb5_get_err_text(context, problem)
+            )
+        );
</ins><span class="cx">         ret = AUTH_GSS_ERROR;
</span><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="lines">@@ -718,20 +780,22 @@
</span><span class="cx">     ccache = NULL;
</span><span class="cx">     ret = 0;
</span><span class="cx"> 
</span><del>-    end:
-    if (princ)
</del><ins>+end:
+    if (princ) {
</ins><span class="cx">         krb5_free_principal(context, princ);
</span><del>-    if (ccache)
</del><ins>+    }
+    if (ccache) {
</ins><span class="cx">         krb5_cc_destroy(context, ccache);
</span><ins>+    }
</ins><span class="cx">     krb5_free_context(context);
</span><ins>+
</ins><span class="cx">     return ret;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-int create_krb5_ccache(gss_server_state *state,
-           krb5_context kcontext,
-           krb5_principal princ,
-           krb5_ccache *ccache)
-{
</del><ins>+int create_krb5_ccache(
+    gss_server_state *state, krb5_context kcontext, krb5_principal princ,
+    krb5_ccache *ccache
+) {
</ins><span class="cx">     int fd;
</span><span class="cx">     char ccname[32];
</span><span class="cx">     krb5_error_code problem;
</span><span class="lines">@@ -741,7 +805,10 @@
</span><span class="cx">     snprintf(ccname, sizeof(ccname), &quot;/tmp/krb5cc_pyserv_XXXXXX&quot;);
</span><span class="cx">     fd = mkstemp(ccname);
</span><span class="cx">     if (fd &lt; 0) {
</span><del>-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;(s:s)&quot;, &quot;Error in mkstemp&quot;, strerror(errno)));
</del><ins>+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(&quot;(s:s)&quot;, &quot;Error in mkstemp&quot;, strerror(errno))
+        );
</ins><span class="cx">         ret = 1;
</span><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="lines">@@ -749,7 +816,13 @@
</span><span class="cx"> 
</span><span class="cx">     problem = krb5_cc_resolve(kcontext, ccname, &amp;tmp_ccache);
</span><span class="cx">     if (problem) {
</span><del>-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;(s:s)&quot;, &quot;Error resolving the credential cache&quot;, krb5_get_err_text(kcontext, problem)));
</del><ins>+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(
+                &quot;(s:s)&quot;, &quot;Error resolving the credential cache&quot;,
+                krb5_get_err_text(kcontext, problem)
+            )
+        );
</ins><span class="cx">         ret = 1;
</span><span class="cx">         unlink(ccname);
</span><span class="cx">         goto end;
</span><span class="lines">@@ -757,7 +830,13 @@
</span><span class="cx"> 
</span><span class="cx">     problem = krb5_cc_initialize(kcontext, tmp_ccache, princ);
</span><span class="cx">     if (problem) {
</span><del>-        PyErr_SetObject(KrbException_class, Py_BuildValue(&quot;(s:s)&quot;, &quot;Error initialising the credential cache&quot;, krb5_get_err_text(kcontext, problem)));
</del><ins>+        PyErr_SetObject(
+            KrbException_class,
+            Py_BuildValue(
+                &quot;(s:s)&quot;, &quot;Error initialising the credential cache&quot;,
+                krb5_get_err_text(kcontext, problem)
+            )
+        );
</ins><span class="cx">         ret = 1;
</span><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="lines">@@ -767,9 +846,10 @@
</span><span class="cx"> 
</span><span class="cx">     ret = 0;
</span><span class="cx"> 
</span><del>-    end:
-    if (tmp_ccache)
</del><ins>+end:
+    if (tmp_ccache) {
</ins><span class="cx">         krb5_cc_destroy(kcontext, tmp_ccache);
</span><ins>+    }
</ins><span class="cx"> 
</span><span class="cx">     state-&gt;ccname = (char *)malloc(32*sizeof(char));
</span><span class="cx">     strcpy(state-&gt;ccname, ccname);
</span></span></pre></div>
<a id="PyKerberostrunksrckerberosgssh"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberosgss.h (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberosgss.h        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberosgss.h        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -52,14 +52,36 @@
</span><span class="cx"> 
</span><span class="cx"> char* server_principal_details(const char* service, const char* hostname);
</span><span class="cx"> 
</span><del>-int authenticate_gss_client_init(const char* service, const char* principal, long int gss_flags, gss_server_state* delegatestate, gss_client_state* state);
-int authenticate_gss_client_clean(gss_client_state *state);
-int authenticate_gss_client_step(gss_client_state *state, const char *challenge);
-int authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge);
-int authenticate_gss_client_wrap(gss_client_state* state, const char* challenge, const char* user, int protect);
</del><ins>+int authenticate_gss_client_init(
+    const char* service, const char* principal, long int gss_flags,
+    gss_server_state* delegatestate, gss_client_state* state
+);
+int authenticate_gss_client_clean(
+    gss_client_state *state
+);
+int authenticate_gss_client_step(
+    gss_client_state *state, const char *challenge
+);
+int authenticate_gss_client_unwrap(
+    gss_client_state* state, const char* challenge
+);
+int authenticate_gss_client_wrap(
+    gss_client_state* state, const char* challenge, const char* user,
+    int protect
+);
</ins><span class="cx"> 
</span><del>-int authenticate_gss_server_init(const char* service, gss_server_state* state);
-int authenticate_gss_server_clean(gss_server_state *state);
-int authenticate_gss_server_step(gss_server_state *state, const char *challenge);
-int authenticate_gss_server_store_delegate(gss_server_state *state);
-int authenticate_gss_server_has_delegated(gss_server_state *state);
</del><ins>+int authenticate_gss_server_init(
+    const char* service, gss_server_state* state
+);
+int authenticate_gss_server_clean(
+    gss_server_state *state
+);
+int authenticate_gss_server_step(
+    gss_server_state *state, const char *challenge
+);
+int authenticate_gss_server_store_delegate(
+    gss_server_state *state
+);
+int authenticate_gss_server_has_delegated(
+    gss_server_state *state
+);
</ins></span></pre></div>
<a id="PyKerberostrunksrckerberospwc"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberospw.c (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberospw.c        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberospw.c        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -27,17 +27,20 @@
</span><span class="cx"> 
</span><span class="cx"> static void set_pwchange_error(krb5_context context, krb5_error_code code)
</span><span class="cx"> {
</span><del>-    PyErr_SetObject(PwdChangeException_class, Py_BuildValue(&quot;(s:i)&quot;,
-                                                            krb5_get_err_text(context, code), code));
</del><ins>+    PyErr_SetObject(
+        PwdChangeException_class,
+        Py_BuildValue(&quot;(s:i)&quot;, krb5_get_err_text(context, code), code)
+    );
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /* Inspired by krb5_verify_user from Heimdal */
</span><del>-static krb5_error_code verify_krb5_user(krb5_context context,
-                                        krb5_principal principal,
-                                        const char *password,
-                                        const char *service,
-                                        krb5_creds* creds)
-{
</del><ins>+static krb5_error_code verify_krb5_user(
+    krb5_context context,
+    krb5_principal principal,
+    const char *password,
+    const char *service,
+    krb5_creds* creds
+) {
</ins><span class="cx">     krb5_get_init_creds_opt gic_options;
</span><span class="cx">     krb5_error_code code;
</span><span class="cx">     int ret = 0;
</span><span class="lines">@@ -46,11 +49,13 @@
</span><span class="cx">     {
</span><span class="cx">         char *name = NULL;
</span><span class="cx">         code = krb5_unparse_name(context, principal, &amp;name);
</span><del>-        if (!code)
</del><ins>+        if (!code) {
</ins><span class="cx">             printf(&quot;Trying to get TGT for user %s\n&quot;, name);
</span><ins>+        }
</ins><span class="cx">         free(name);
</span><span class="cx">     }
</span><span class="cx"> #endif
</span><ins>+
</ins><span class="cx">     krb5_get_init_creds_opt_init(&amp;gic_options);
</span><span class="cx">     krb5_get_init_creds_opt_set_forwardable(&amp;gic_options, 0);
</span><span class="cx">     krb5_get_init_creds_opt_set_proxiable(&amp;gic_options, 0);
</span><span class="lines">@@ -58,35 +63,43 @@
</span><span class="cx"> 
</span><span class="cx">     memset(creds, 0, sizeof(krb5_creds));
</span><span class="cx">     
</span><del>-    code = krb5_get_init_creds_password(context, creds, principal,
-                                        (char *)password, NULL, NULL, 0,
-                                        (char *)service, &amp;gic_options);
</del><ins>+    code = krb5_get_init_creds_password(
+        context, creds, principal,
+        (char *)password, NULL, NULL, 0,
+        (char *)service, &amp;gic_options
+    );
</ins><span class="cx">     if (code) {
</span><span class="cx">         set_pwchange_error(context, code);
</span><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="cx">     ret = 1; /* success */
</span><ins>+
</ins><span class="cx"> end:
</span><span class="cx">     return ret;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-int change_user_krb5pwd(const char *user, const char* oldpswd, const char *newpswd)
-{
</del><ins>+int change_user_krb5pwd(
+    const char *user, const char* oldpswd, const char *newpswd
+) {
</ins><span class="cx">     krb5_context    kcontext = NULL;
</span><span class="cx">     krb5_error_code code;
</span><span class="cx">     krb5_principal  client = NULL;
</span><del>-    krb5_creds    creds;
</del><ins>+    krb5_creds      creds;
</ins><span class="cx">     int             ret = 0;
</span><span class="cx">     char            *name = NULL;
</span><ins>+
</ins><span class="cx">     const char* service = &quot;kadmin/changepw&quot;;
</span><span class="cx">     int result_code;
</span><span class="cx">     krb5_data result_code_string, result_string;
</span><span class="cx"> 
</span><span class="cx">     code = krb5_init_context(&amp;kcontext);
</span><span class="cx">     if (code) {
</span><del>-        PyErr_SetObject(PwdChangeException_class, Py_BuildValue(&quot;((s:i))&quot;,
-                                                                &quot;Cannot initialize Kerberos5 context&quot;,
-                                                                code));
</del><ins>+        PyErr_SetObject(
+            PwdChangeException_class,
+            Py_BuildValue(
+                &quot;((s:i))&quot;, &quot;Cannot initialize Kerberos5 context&quot;, code
+            )
+        );
</ins><span class="cx">         return 0;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -100,8 +113,9 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     code = verify_krb5_user(kcontext, client, oldpswd, service, &amp;creds);
</span><del>-    if (!code) /* exception set by verify_krb5_user */
</del><ins>+    if (! code) {  /* exception set by verify_krb5_user */
</ins><span class="cx">         goto end;
</span><ins>+    }
</ins><span class="cx"> 
</span><span class="cx">     code = krb5_change_password(kcontext, &amp;creds, (char*)newpswd,
</span><span class="cx">                                 &amp;result_code, &amp;result_code_string, &amp;result_string);
</span><span class="lines">@@ -111,27 +125,35 @@
</span><span class="cx">     }
</span><span class="cx">     if (result_code) {
</span><span class="cx">         char *message = NULL;
</span><del>-        asprintf(&amp;message, &quot;%.*s: %.*s&quot;,
-                 (int) result_code_string.length,
-                 (char *) result_code_string.data,
-                 (int) result_string.length,
-                 (char *) result_string.data);
-        PyErr_SetObject(PwdChangeException_class, Py_BuildValue(&quot;((s:i))&quot;,
-                                                                message, result_code));
</del><ins>+        asprintf(
+            &amp;message, &quot;%.*s: %.*s&quot;,
+            (int) result_code_string.length,
+            (char *) result_code_string.data,
+            (int) result_string.length,
+            (char *) result_string.data
+        );
+        PyErr_SetObject(
+            PwdChangeException_class,
+            Py_BuildValue(&quot;((s:i))&quot;, message, result_code)
+        );
</ins><span class="cx">         free(message);
</span><span class="cx">         goto end;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     ret = 1; /* success */
</span><ins>+
</ins><span class="cx"> end:
</span><span class="cx"> #ifdef PRINTFS
</span><span class="cx">     printf(&quot;%s: ret=%d user=%s\n&quot;, __FUNCTION__, ret, name);
</span><span class="cx"> #endif
</span><del>-    if (name)
</del><ins>+
+    if (name) {
</ins><span class="cx">         free(name);
</span><del>-    if (client)
</del><ins>+    }
+    if (client) {
</ins><span class="cx">         krb5_free_principal(kcontext, client);
</span><ins>+    }
</ins><span class="cx">     krb5_free_context(kcontext);
</span><ins>+
</ins><span class="cx">     return ret;
</span><span class="cx"> }
</span><del>-
</del></span></pre></div>
<a id="PyKerberostrunksrckerberospwh"></a>
<div class="modfile"><h4>Modified: PyKerberos/trunk/src/kerberospw.h (14619 => 14620)</h4>
<pre class="diff"><span>
<span class="info">--- PyKerberos/trunk/src/kerberospw.h        2015-03-26 21:33:56 UTC (rev 14619)
+++ PyKerberos/trunk/src/kerberospw.h        2015-03-26 21:54:26 UTC (rev 14620)
</span><span class="lines">@@ -21,4 +21,6 @@
</span><span class="cx"> 
</span><span class="cx"> #define krb5_get_err_text(context,code) error_message(code)
</span><span class="cx"> 
</span><del>-int change_user_krb5pwd(const char *user, const char* oldpswd, const char *newpswd);
</del><ins>+int change_user_krb5pwd(
+    const char *user, const char* oldpswd, const char *newpswd
+);
</ins></span></pre>
</div>
</div>

</body>
</html>