git: 9c2823bae92c - main - pam_krb5: Rename a variable.

From: Dag-Erling Smørgrav <des_at_FreeBSD.org>
Date: Fri, 04 Aug 2023 16:08:54 UTC
The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=9c2823bae92c09e5356623118da2777bc3ed521d

commit 9c2823bae92c09e5356623118da2777bc3ed521d
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2023-08-04 16:08:28 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2023-08-04 16:08:38 +0000

    pam_krb5: Rename a variable.
    
    Reviewed by:    cy
    Differential Revision:  https://reviews.freebsd.org/D41300
---
 lib/libpam/modules/pam_krb5/pam_krb5.c | 180 ++++++++++++++++-----------------
 1 file changed, 90 insertions(+), 90 deletions(-)

diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c
index 378de46d769f..ef39fe8acb22 100644
--- a/lib/libpam/modules/pam_krb5/pam_krb5.c
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.c
@@ -114,7 +114,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
 	krb5_error_code krbret;
-	krb5_context pam_context;
+	krb5_context krbctx;
 	int debug;
 	const char *auth_service;
 	krb5_principal auth_princ;
@@ -154,7 +154,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 		goto cleanup6;
 	}
 
-	krbret = krb5_init_context(&pam_context);
+	krbret = krb5_init_context(&krbctx);
 	if (krbret != 0) {
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		retval = PAM_SERVICE_ERR;
@@ -164,7 +164,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	PAM_LOG("Context initialised");
 
 	debug = openpam_get_option(pamh, PAM_OPT_DEBUG) ? 1 : 0;
-	krbret = verify_krb_v5_tgt_begin(pam_context, srvdup, debug,
+	krbret = verify_krb_v5_tgt_begin(krbctx, srvdup, debug,
 	    &auth_service, &auth_princ, auth_phost);
 	if (krbret != 0) {      /* failed to find key */
 		/* Keytab or service key does not exist */
@@ -180,7 +180,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 		}
 	}
 
-	krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE);
+	krbret = krb5_cc_register(krbctx, &krb5_mcc_ops, FALSE);
 	if (krbret != 0 && krbret != KRB5_CC_TYPE_EXISTS) {
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		retval = PAM_SERVICE_ERR;
@@ -197,10 +197,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 
 	PAM_LOG("Created principal: %s", principal);
 
-	krbret = krb5_parse_name(pam_context, principal, &princ);
+	krbret = krb5_parse_name(krbctx, principal, &princ);
 	free(principal);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret, "Error krb5_parse_name()");
+		PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_parse_name()");
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		retval = PAM_SERVICE_ERR;
 		goto cleanup3;
@@ -210,9 +210,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 
 	/* Now convert the principal name into something human readable */
 	princ_name = NULL;
-	krbret = krb5_unparse_name(pam_context, princ, &princ_name);
+	krbret = krb5_unparse_name(krbctx, princ, &princ_name);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_unparse_name()");
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		retval = PAM_SERVICE_ERR;
@@ -235,11 +235,11 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 		/* Verify the local user exists (AFTER getting the password) */
 		if (strchr(user, '@')) {
 			/* get a local account name for this principal */
-			krbret = krb5_aname_to_localname(pam_context, princ,
+			krbret = krb5_aname_to_localname(krbctx, princ,
 			    sizeof(luser), luser);
 			if (krbret != 0) {
 				PAM_VERBOSE_ERROR("Kerberos 5 error");
-				PAM_LOG_KRB5_ERR(pam_context, krbret,
+				PAM_LOG_KRB5_ERR(krbctx, krbret,
 				    "Error krb5_aname_to_localname()");
 				retval = PAM_USER_UNKNOWN;
 				goto cleanup2;
@@ -264,15 +264,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	}
 
 	/* Initialize credentials request options. */
-	krbret = krb5_get_init_creds_opt_alloc(pam_context, &opts);
+	krbret = krb5_get_init_creds_opt_alloc(krbctx, &opts);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_get_init_creds_opt_alloc()");
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		retval = PAM_SERVICE_ERR;
 		goto cleanup2;
 	}
-	krb5_get_init_creds_opt_set_default_flags(pam_context,
+	krb5_get_init_creds_opt_set_default_flags(krbctx,
 	    service, NULL, opts);
 
 	if (openpam_get_option(pamh, PAM_OPT_FORWARDABLE))
@@ -282,12 +282,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 
 	/* Get a TGT */
 	memset(&creds, 0, sizeof(krb5_creds));
-	krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
+	krbret = krb5_get_init_creds_password(krbctx, &creds, princ,
 	    pass, NULL, pamh, 0, NULL, opts);
-	krb5_get_init_creds_opt_free(pam_context, opts);
+	krb5_get_init_creds_opt_free(krbctx, opts);
 	if (krbret != 0) {
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_get_init_creds_password()");
 		retval = PAM_AUTH_ERR;
 		goto cleanup2;
@@ -296,28 +296,28 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	PAM_LOG("Got TGT");
 
 	/* Generate a temporary cache */
-	krbret = krb5_cc_new_unique(pam_context, krb5_cc_type_memory, NULL, &ccache);
+	krbret = krb5_cc_new_unique(krbctx, krb5_cc_type_memory, NULL, &ccache);
 	if (krbret != 0) {
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_cc_new_unique()");
 		retval = PAM_SERVICE_ERR;
 		goto cleanup;
 	}
-	krbret = krb5_cc_initialize(pam_context, ccache, princ);
+	krbret = krb5_cc_initialize(krbctx, ccache, princ);
 	if (krbret != 0) {
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_cc_initialize()");
 		retval = PAM_SERVICE_ERR;
 		goto cleanup;
 	}
-	krbret = krb5_cc_store_cred(pam_context, ccache, &creds);
+	krbret = krb5_cc_store_cred(krbctx, ccache, &creds);
 	if (krbret != 0) {
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_cc_store_cred()");
-		krb5_cc_destroy(pam_context, ccache);
+		krb5_cc_destroy(krbctx, ccache);
 		retval = PAM_SERVICE_ERR;
 		goto cleanup;
 	}
@@ -325,14 +325,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	PAM_LOG("Credentials stashed");
 
 	/* Verify them */
-	krbret = verify_krb_v5_tgt(pam_context, ccache, srvdup,
+	krbret = verify_krb_v5_tgt(krbctx, ccache, srvdup,
 	    debug,
 	    auth_service, auth_princ, auth_phost);
 	free(srvdup);
 	srvdup = NULL;
 	if (krbret == -1) {
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
-		krb5_cc_destroy(pam_context, ccache);
+		krb5_cc_destroy(krbctx, ccache);
 		retval = PAM_AUTH_ERR;
 		goto cleanup;
 	}
@@ -341,7 +341,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 
 	retval = pam_get_data(pamh, "ccache", &ccache_data);
 	if (retval == PAM_SUCCESS) {
-		krb5_cc_destroy(pam_context, ccache);
+		krb5_cc_destroy(krbctx, ccache);
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		retval = PAM_AUTH_ERR;
 		goto cleanup;
@@ -349,8 +349,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 
 	PAM_LOG("Credentials stash not pre-existing");
 
-	asprintf(&ccache_name, "%s:%s", krb5_cc_get_type(pam_context,
-		ccache), krb5_cc_get_name(pam_context, ccache));
+	asprintf(&ccache_name, "%s:%s", krb5_cc_get_type(krbctx,
+		ccache), krb5_cc_get_name(krbctx, ccache));
 	if (ccache_name == NULL) {
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		retval = PAM_BUF_ERR;
@@ -358,7 +358,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	}
 	retval = pam_set_data(pamh, "ccache", ccache_name, cleanup_cache);
 	if (retval != 0) {
-		krb5_cc_destroy(pam_context, ccache);
+		krb5_cc_destroy(krbctx, ccache);
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		retval = PAM_SERVICE_ERR;
 		goto cleanup;
@@ -367,21 +367,21 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	PAM_LOG("Credentials stash saved");
 
 cleanup:
-	krb5_free_cred_contents(pam_context, &creds);
+	krb5_free_cred_contents(krbctx, &creds);
 	PAM_LOG("Done cleanup");
 cleanup2:
-	krb5_free_principal(pam_context, princ);
+	krb5_free_principal(krbctx, princ);
 	if (princ_name)
 		free(princ_name);
 	PAM_LOG("Done cleanup2");
 
 cleanup3:
-	krb5_free_context(pam_context);
+	krb5_free_context(krbctx);
 
 	PAM_LOG("Done cleanup3");
 
 cleanup4:
-	verify_krb_v5_tgt_cleanup(pam_context, debug,
+	verify_krb_v5_tgt_cleanup(krbctx, debug,
 	    auth_service, auth_princ, auth_phost);
 	PAM_LOG("Done cleanup4");
 
@@ -407,7 +407,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 #else
 
 	krb5_error_code krbret;
-	krb5_context pam_context;
+	krb5_context krbctx;
 	krb5_principal princ;
 	krb5_creds creds;
 	krb5_ccache ccache_temp, ccache_perm;
@@ -448,7 +448,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 
 	PAM_LOG("Got user: %s", (const char *)user);
 
-	krbret = krb5_init_context(&pam_context);
+	krbret = krb5_init_context(&krbctx);
 	if (krbret != 0) {
 		PAM_LOG("Error krb5_init_context() failed");
 		return (PAM_SERVICE_ERR);
@@ -467,9 +467,9 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 		retval = PAM_CRED_UNAVAIL;
 		goto cleanup3;
 	}
-	krbret = krb5_cc_resolve(pam_context, cache_data, &ccache_temp);
+	krbret = krb5_cc_resolve(krbctx, cache_data, &ccache_temp);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_cc_resolve(\"%s\")", (const char *)cache_data);
 		retval = PAM_SERVICE_ERR;
 		goto cleanup3;
@@ -540,22 +540,22 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 	PAM_LOG("Got cache_name: %s", cache_name);
 
 	/* Initialize the new ccache */
-	krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ);
+	krbret = krb5_cc_get_principal(krbctx, ccache_temp, &princ);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_cc_get_principal()");
 		retval = PAM_SERVICE_ERR;
 		goto cleanup3;
 	}
-	krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm);
+	krbret = krb5_cc_resolve(krbctx, cache_name, &ccache_perm);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret, "Error krb5_cc_resolve()");
+		PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_resolve()");
 		retval = PAM_SERVICE_ERR;
 		goto cleanup2;
 	}
-	krbret = krb5_cc_initialize(pam_context, ccache_perm, princ);
+	krbret = krb5_cc_initialize(krbctx, ccache_perm, princ);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_cc_initialize()");
 		retval = PAM_SERVICE_ERR;
 		goto cleanup2;
@@ -564,11 +564,11 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 	PAM_LOG("Cache initialised");
 
 	/* Prepare for iteration over creds */
-	krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor);
+	krbret = krb5_cc_start_seq_get(krbctx, ccache_temp, &cursor);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_cc_start_seq_get()");
-		krb5_cc_destroy(pam_context, ccache_perm);
+		krb5_cc_destroy(krbctx, ccache_perm);
 		retval = PAM_SERVICE_ERR;
 		goto cleanup2;
 	}
@@ -576,27 +576,27 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 	PAM_LOG("Prepared for iteration");
 
 	/* Copy the creds (should be two of them) */
-	while (krb5_cc_next_cred(pam_context, ccache_temp, &cursor, &creds) == 0) {
-		krbret = krb5_cc_store_cred(pam_context, ccache_perm, &creds);
+	while (krb5_cc_next_cred(krbctx, ccache_temp, &cursor, &creds) == 0) {
+		krbret = krb5_cc_store_cred(krbctx, ccache_perm, &creds);
 		if (krbret != 0) {
-			PAM_LOG_KRB5_ERR(pam_context, krbret,
+			PAM_LOG_KRB5_ERR(krbctx, krbret,
 			    "Error krb5_cc_store_cred()");
-			krb5_cc_destroy(pam_context, ccache_perm);
-			krb5_free_cred_contents(pam_context, &creds);
+			krb5_cc_destroy(krbctx, ccache_perm);
+			krb5_free_cred_contents(krbctx, &creds);
 			retval = PAM_SERVICE_ERR;
 			goto cleanup2;
 		}
-		krb5_free_cred_contents(pam_context, &creds);
+		krb5_free_cred_contents(krbctx, &creds);
 		PAM_LOG("Iteration");
 	}
-	krb5_cc_end_seq_get(pam_context, ccache_temp, &cursor);
+	krb5_cc_end_seq_get(krbctx, ccache_temp, &cursor);
 
 	PAM_LOG("Done iterating");
 
 	if (strstr(cache_name, "FILE:") == cache_name) {
 		if (chown(&cache_name[5], pwd->pw_uid, pwd->pw_gid) == -1) {
 			PAM_LOG("Error chown(): %s", strerror(errno));
-			krb5_cc_destroy(pam_context, ccache_perm);
+			krb5_cc_destroy(krbctx, ccache_perm);
 			retval = PAM_SERVICE_ERR;
 			goto cleanup2;
 		}
@@ -604,21 +604,21 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 
 		if (chmod(&cache_name[5], (S_IRUSR | S_IWUSR)) == -1) {
 			PAM_LOG("Error chmod(): %s", strerror(errno));
-			krb5_cc_destroy(pam_context, ccache_perm);
+			krb5_cc_destroy(krbctx, ccache_perm);
 			retval = PAM_SERVICE_ERR;
 			goto cleanup2;
 		}
 		PAM_LOG("Done chmod()");
 	}
 
-	krb5_cc_close(pam_context, ccache_perm);
+	krb5_cc_close(krbctx, ccache_perm);
 
 	PAM_LOG("Cache closed");
 
 	retval = pam_setenv(pamh, "KRB5CCNAME", cache_name, 1);
 	if (retval != PAM_SUCCESS) {
 		PAM_LOG("Error pam_setenv(): %s", pam_strerror(pamh, retval));
-		krb5_cc_destroy(pam_context, ccache_perm);
+		krb5_cc_destroy(krbctx, ccache_perm);
 		retval = PAM_SERVICE_ERR;
 		goto cleanup2;
 	}
@@ -626,10 +626,10 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 	PAM_LOG("Environment done: KRB5CCNAME=%s", cache_name);
 
 cleanup2:
-	krb5_free_principal(pam_context, princ);
+	krb5_free_principal(krbctx, princ);
 	PAM_LOG("Done cleanup2");
 cleanup3:
-	krb5_free_context(pam_context);
+	krb5_free_context(krbctx);
 	PAM_LOG("Done cleanup3");
 
 	seteuid(euid);
@@ -652,7 +652,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
     int argc __unused, const char *argv[] __unused)
 {
 	krb5_error_code krbret;
-	krb5_context pam_context;
+	krb5_context krbctx;
 	krb5_ccache ccache;
 	krb5_principal princ;
 	int retval;
@@ -671,7 +671,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
 
 	PAM_LOG("Got credentials");
 
-	krbret = krb5_init_context(&pam_context);
+	krbret = krb5_init_context(&krbctx);
 	if (krbret != 0) {
 		PAM_LOG("Error krb5_init_context() failed");
 		return (PAM_PERM_DENIED);
@@ -679,20 +679,20 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
 
 	PAM_LOG("Context initialised");
 
-	krbret = krb5_cc_resolve(pam_context, (const char *)ccache_name, &ccache);
+	krbret = krb5_cc_resolve(krbctx, (const char *)ccache_name, &ccache);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_cc_resolve(\"%s\")", (const char *)ccache_name);
-		krb5_free_context(pam_context);
+		krb5_free_context(krbctx);
 		return (PAM_PERM_DENIED);
 	}
 
 	PAM_LOG("Got ccache %s", (const char *)ccache_name);
 
 
-	krbret = krb5_cc_get_principal(pam_context, ccache, &princ);
+	krbret = krb5_cc_get_principal(krbctx, ccache, &princ);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_cc_get_principal()");
 		retval = PAM_PERM_DENIED;
 		goto cleanup;
@@ -700,16 +700,16 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
 
 	PAM_LOG("Got principal");
 
-	if (krb5_kuserok(pam_context, princ, (const char *)user))
+	if (krb5_kuserok(krbctx, princ, (const char *)user))
 		retval = PAM_SUCCESS;
 	else
 		retval = PAM_PERM_DENIED;
-	krb5_free_principal(pam_context, princ);
+	krb5_free_principal(krbctx, princ);
 
 	PAM_LOG("Done kuserok()");
 
 cleanup:
-	krb5_free_context(pam_context);
+	krb5_free_context(krbctx);
 	PAM_LOG("Done cleanup");
 
 	return (retval);
@@ -724,7 +724,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
     int argc __unused, const char *argv[] __unused)
 {
 	krb5_error_code krbret;
-	krb5_context pam_context;
+	krb5_context krbctx;
 	krb5_creds creds;
 	krb5_principal princ;
 	krb5_get_init_creds_opt *opts;
@@ -743,7 +743,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 
 	PAM_LOG("Got user: %s", (const char *)user);
 
-	krbret = krb5_init_context(&pam_context);
+	krbret = krb5_init_context(&krbctx);
 	if (krbret != 0) {
 		PAM_LOG("Error krb5_init_context() failed");
 		return (PAM_SERVICE_ERR);
@@ -752,9 +752,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	PAM_LOG("Context initialised");
 
 	/* Get principal name */
-	krbret = krb5_parse_name(pam_context, (const char *)user, &princ);
+	krbret = krb5_parse_name(krbctx, (const char *)user, &princ);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_parse_name()");
 		retval = PAM_USER_UNKNOWN;
 		goto cleanup3;
@@ -762,9 +762,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 
 	/* Now convert the principal name into something human readable */
 	princ_name = NULL;
-	krbret = krb5_unparse_name(pam_context, princ, &princ_name);
+	krbret = krb5_unparse_name(krbctx, princ, &princ_name);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_unparse_name()");
 		retval = PAM_SERVICE_ERR;
 		goto cleanup2;
@@ -780,9 +780,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	PAM_LOG("Got password");
 
 	/* Initialize credentials request options. */
-	krbret = krb5_get_init_creds_opt_alloc(pam_context, &opts);
+	krbret = krb5_get_init_creds_opt_alloc(krbctx, &opts);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_get_init_creds_opt_alloc()");
 		PAM_VERBOSE_ERROR("Kerberos 5 error");
 		retval = PAM_SERVICE_ERR;
@@ -792,11 +792,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	PAM_LOG("Credentials options initialised");
 
 	memset(&creds, 0, sizeof(krb5_creds));
-	krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
+	krbret = krb5_get_init_creds_password(krbctx, &creds, princ,
 	    pass, NULL, pamh, 0, "kadmin/changepw", opts);
-	krb5_get_init_creds_opt_free(pam_context, opts);
+	krb5_get_init_creds_opt_free(krbctx, opts);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_get_init_creds_password()");
 		retval = PAM_AUTH_ERR;
 		goto cleanup2;
@@ -822,11 +822,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		retval = PAM_BUF_ERR;
 		goto cleanup;
 	}
-	krbret = krb5_set_password(pam_context, &creds, passdup, NULL,
+	krbret = krb5_set_password(krbctx, &creds, passdup, NULL,
 	    &result_code, &result_code_string, &result_string);
 	free(passdup);
 	if (krbret != 0) {
-		PAM_LOG_KRB5_ERR(pam_context, krbret,
+		PAM_LOG_KRB5_ERR(krbctx, krbret,
 		    "Error krb5_change_password()");
 		retval = PAM_AUTHTOK_ERR;
 		goto cleanup;
@@ -845,16 +845,16 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		free(result_code_string.data);
 
 cleanup:
-	krb5_free_cred_contents(pam_context, &creds);
+	krb5_free_cred_contents(krbctx, &creds);
 	PAM_LOG("Done cleanup");
 cleanup2:
-	krb5_free_principal(pam_context, princ);
+	krb5_free_principal(krbctx, princ);
 	if (princ_name)
 		free(princ_name);
 	PAM_LOG("Done cleanup2");
 
 cleanup3:
-	krb5_free_context(pam_context);
+	krb5_free_context(krbctx);
 
 	PAM_LOG("Done cleanup3");
 
@@ -1018,17 +1018,17 @@ verify_krb_v5_tgt_cleanup(krb5_context context, int debug,
 static void
 cleanup_cache(pam_handle_t *pamh __unused, void *data, int pam_end_status __unused)
 {
-	krb5_context pam_context;
+	krb5_context krbctx;
 	krb5_ccache ccache;
 	krb5_error_code krbret;
 
-	if (krb5_init_context(&pam_context))
+	if (krb5_init_context(&krbctx))
 		return;
 
-	krbret = krb5_cc_resolve(pam_context, data, &ccache);
+	krbret = krb5_cc_resolve(krbctx, data, &ccache);
 	if (krbret == 0)
-		krb5_cc_destroy(pam_context, ccache);
-	krb5_free_context(pam_context);
+		krb5_cc_destroy(krbctx, ccache);
+	krb5_free_context(krbctx);
 	free(data);
 }