Updated confvar doc.

[doldaconnect.git] / daemon / auth-krb5.c

diff --git a/daemon/auth-krb5.c b/daemon/auth-krb5.c
index 6dc0368..4a05e66 100644 (file)
--- a/daemon/auth-krb5.c
+++ b/daemon/auth-krb5.c
@@ -305,6 +305,7 @@ static int krbauth(struct authhandle *auth, char *passdata)
                if(auth->text != NULL)
                    free(auth->text);
                auth->text = icmbstowcs((char *)error_message(ret), NULL);
+               free(msg);
                return(AUTH_DENIED);
            }
            free(msg);
@@ -369,8 +370,10 @@ static int krbauth(struct authhandle *auth, char *passdata)
            if((ret = krb5_rd_cred(k5context, data->context, &k5d, &fwdcreds, NULL)) != 0)
            {
                flog(LOG_ERR, "krb5_rd_cred returned an error: %s", error_message(ret));
+               free(msg);
                return(AUTH_ERR);
            }
+           free(msg);
            if(*fwdcreds == NULL)
            {
                flog(LOG_ERR, "forwarded credentials array was empty (from %s)", data->username);
@@ -591,9 +594,19 @@ static void terminate(void)
 
 static struct configvar myvars[] =
 {
+    /** The name of the service principal to use for Kerberos V
+     * authentication. */
     {CONF_VAR_STRING, "service", {.str = L"doldacond"}},
+    /** The path to an alternative keytab file. If unspecified, the
+     * system default keytab will be used. */
     {CONF_VAR_STRING, "keytab", {.str = L""}},
+    /** Whether to renew renewable credentials automatically before
+     * they expire. */
     {CONF_VAR_BOOL, "renewcreds", {.num = 1}},
+    /** If true, the default credentials cache will be used, which is
+     * useful for e.g. Linux kernel key handling. If false, a file
+     * credentials cache will be created using mkstemp(3), using the
+     * pattern /tmp/krb5cc_dc_$UID_XXXXXX. */
     {CONF_VAR_BOOL, "usedefcc", {.num = 0}},
     {CONF_VAR_END}
 };