1 files changed, 40 insertions, 19 deletions

diff --git a/lib/kadm5/create_c.c b/lib/kadm5/create_c.c
index f6706b027ec6..c239beb22b26 100644
--- a/lib/kadm5/create_c.c
+++ b/lib/kadm5/create_c.c
@@ -54,40 +54,61 @@ kadm5_c_create_principal(void *server_handle,
      * We should get around to implementing this...  At the moment, the
      * the server side API is implemented but the wire protocol has not
      * been updated.
+     *
+     * Well, we have the etypes extension, which the kadmin ank command now
+     * adds, but that doesn't include salt types.  We could, perhaps, make it
+     * so if the password is "" or NULL, we send the etypes but not the salt
+     * type, and then have the server side create random keys of just the
+     * etypes.
      */
     if (n_ks_tuple > 0)
 	return KADM5_KS_TUPLE_NOSUPP;
 
-    ret = _kadm5_connect(server_handle);
-    if(ret)
+    ret = _kadm5_connect(server_handle, 1 /* want_write */);
+    if (ret)
 	return ret;
 
+    krb5_data_zero(&reply);
+
     sp = krb5_storage_from_mem(buf, sizeof(buf));
     if (sp == NULL) {
-	krb5_clear_error_message(context->context);
-	return ENOMEM;
+	ret = krb5_enomem(context->context);
+	goto out;
     }
-    krb5_store_int32(sp, kadm_create);
-    kadm5_store_principal_ent(sp, princ);
-    krb5_store_int32(sp, mask);
-    krb5_store_string(sp, password);
+    ret = krb5_store_int32(sp, kadm_create);
+    if (ret)
+	goto out;
+    ret = kadm5_store_principal_ent(sp, princ);
+    if (ret)
+	goto out;
+    ret = krb5_store_int32(sp, mask);
+    if (ret)
+	goto out;
+    ret = krb5_store_string(sp, password);
+    if (ret)
+	goto out;
     ret = _kadm5_client_send(context, sp);
-    krb5_storage_free(sp);
     if (ret)
-	return ret;
+	goto out_keep_error;
     ret = _kadm5_client_recv(context, &reply);
-    if(ret)
-	return ret;
-    sp = krb5_storage_from_data (&reply);
+    if (ret)
+	goto out_keep_error;
+    krb5_storage_free(sp);
+    sp = krb5_storage_from_data(&reply);
     if (sp == NULL) {
-	krb5_clear_error_message(context->context);
-	krb5_data_free (&reply);
-	return ENOMEM;
+	ret = krb5_enomem(context->context);
+	goto out_keep_error;
     }
-    krb5_ret_int32(sp, &tmp);
+    ret = krb5_ret_int32(sp, &tmp);
+    if (ret == 0)
+	ret = tmp;
+
+  out:
     krb5_clear_error_message(context->context);
+
+  out_keep_error:
     krb5_storage_free(sp);
-    krb5_data_free (&reply);
-    return tmp;
+    krb5_data_free(&reply);
+    return ret;
 }