Index: libsmb/clikrb5.c =================================================================== --- libsmb/clikrb5.c (revision 19761) +++ libsmb/clikrb5.c (working copy) @@ -1369,6 +1369,32 @@ done: return ret; } +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC + krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opt) +{ + krb5_get_init_creds_opt *my_opt; + + *opt = NULL; + + if ((my_opt = SMB_MALLOC(sizeof(krb5_get_init_creds_opt))) == NULL) { + return ENOMEM; + } + + krb5_get_init_creds_opt_init(my_opt); + + *opt = my_opt; + return 0; +} +#endif + +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE + void krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt) +{ + SAFE_FREE(opt); + opt = NULL; +} +#endif + #else /* HAVE_KRB5 */ /* this saves a few linking headaches */ int cli_krb5_get_ticket(const char *principal, time_t time_offset, Index: libads/kerberos.c =================================================================== --- libads/kerberos.c (revision 19761) +++ libads/kerberos.c (working copy) @@ -74,7 +74,7 @@ int kerberos_kinit_password_ext(const ch krb5_ccache cc = NULL; krb5_principal me; krb5_creds my_creds; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt = NULL; smb_krb5_addresses *addr = NULL; initialize_krb5_error_table(); @@ -94,18 +94,26 @@ int kerberos_kinit_password_ext(const ch } if ((code = smb_krb5_parse_name(ctx, principal, &me))) { + krb5_cc_close(ctx, cc); krb5_free_context(ctx); return code; } - krb5_get_init_creds_opt_init(&opt); - krb5_get_init_creds_opt_set_renew_life(&opt, renewable_time); - krb5_get_init_creds_opt_set_forwardable(&opt, 1); - + krb5_get_init_creds_opt_alloc(ctx, &opt); + if (code) { + krb5_cc_close(ctx, cc); + krb5_free_context(ctx); + return code; + } + + krb5_get_init_creds_opt_set_renew_life(opt, renewable_time); + krb5_get_init_creds_opt_set_forwardable(opt, True); + if (request_pac) { #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST - code = krb5_get_init_creds_opt_set_pac_request(ctx, &opt, True); + code = krb5_get_init_creds_opt_set_pac_request(ctx, opt, (krb5_boolean)request_pac); if (code) { + krb5_cc_close(ctx, cc); krb5_free_principal(ctx, me); krb5_free_context(ctx); return code; @@ -116,25 +124,31 @@ int kerberos_kinit_password_ext(const ch if (add_netbios_addr) { code = smb_krb5_gen_netbios_krb5_address(&addr); if (code) { + krb5_cc_close(ctx, cc); krb5_free_principal(ctx, me); krb5_free_context(ctx); return code; } - krb5_get_init_creds_opt_set_address_list(&opt, addr->addrs); + krb5_get_init_creds_opt_set_address_list(opt, addr->addrs); } if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), - kerb_prompter, NULL, 0, NULL, &opt))) + kerb_prompter, NULL, 0, NULL, opt))) { + krb5_get_init_creds_opt_free(opt); smb_krb5_free_addresses(ctx, addr); + krb5_cc_close(ctx, cc); krb5_free_principal(ctx, me); - krb5_free_context(ctx); + krb5_free_context(ctx); return code; } - + + krb5_get_init_creds_opt_free(opt); + if ((code = krb5_cc_initialize(ctx, cc, me))) { smb_krb5_free_addresses(ctx, addr); krb5_free_cred_contents(ctx, &my_creds); + krb5_cc_close(ctx, cc); krb5_free_principal(ctx, me); krb5_free_context(ctx); return code; Index: configure.in =================================================================== --- configure.in (revision 19761) +++ configure.in (working copy) @@ -3475,6 +3475,8 @@ if test x"$with_ads_support" != x"no"; t AC_CHECK_FUNC_EXT(krb5_get_renewed_creds, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_kdc_cred, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_free_error_contents, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_alloc, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_free, $KRB5_LIBS) LIBS="$KRB5_LIBS $LIBS"