krb5_error_code
krb5int_decode_tgs_rep(krb5_context context,
struct krb5int_fast_request_state *fast_state,
-krb5_data *enc_rep, const krb5_keyblock *key,
+ krb5_data *enc_rep, const krb5_keyblock *key,
krb5_keyusage usage, krb5_kdc_rep **dec_rep)
{
krb5_error_code retval;
krb5_kdc_rep *local_dec_rep;
krb5_keyblock *strengthen_key = NULL, tgs_key;
- tgs_key.contents = NULL;
+ tgs_key.contents = NULL;
if (krb5_is_as_rep(enc_rep)) {
retval = decode_krb5_as_rep(enc_rep, &local_dec_rep);
} else if (krb5_is_tgs_rep(enc_rep)) {
if (retval)
return retval;
- retval = krb5int_fast_process_response(context, fast_state,
- local_dec_rep, &strengthen_key);
- if (retval == KRB5_ERR_FAST_REQUIRED)
- retval = 0;
- else if (retval)
- goto cleanup;
- retval = krb5int_fast_reply_key(context, strengthen_key, key, &tgs_key);
+ retval = krb5int_fast_process_response(context, fast_state,
+ local_dec_rep, &strengthen_key);
+ if (retval == KRB5_ERR_FAST_REQUIRED)
+ retval = 0;
+ else if (retval)
+ goto cleanup;
+ retval = krb5int_fast_reply_key(context, strengthen_key, key, &tgs_key);
if (retval)
goto cleanup;
krb5_free_keyblock(context, strengthen_key);
krb5_free_keyblock_contents(context, &tgs_key);
return (retval);
- }
+}
return retval;
}
-krb5_error_code krb5int_fast_tgs_armor(krb5_context context, struct krb5int_fast_request_state *state,
- krb5_keyblock *subkey,krb5_keyblock *session_key,
- krb5_ccache ccache,
- krb5_data *target_realm)
+krb5_error_code
+krb5int_fast_tgs_armor(krb5_context context,
+ struct krb5int_fast_request_state *state,
+ krb5_keyblock *subkey, krb5_keyblock *session_key,
+ krb5_ccache ccache, krb5_data *target_realm)
{
krb5_principal target_principal = NULL;
krb5_keyblock *existing_armor = NULL;
retval = krb5int_tgtname(context, target_realm, target_realm,
&target_principal);
if (retval == 0)
- retval = fast_armor_ap_request(context, state, ccache, target_principal);
+ retval = fast_armor_ap_request(context, state, ccache,
+ target_principal);
if (retval == 0) {
existing_armor = state->armor_key;
state->armor_key = NULL;
retval = krb5_c_fx_cf2_simple(context, existing_armor,
- "explicitarmor", subkey,
+ "explicitarmor", subkey,
"tgsarmor", &state->armor_key);
}
- } else retval = krb5_c_fx_cf2_simple(context,
- subkey, "subkeyarmor",
- session_key, "ticketarmor", &state->armor_key);
+ } else {
+ retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor",
+ session_key, "ticketarmor",
+ &state->armor_key);
+ }
if (target_principal)
krb5_free_principal(context, target_principal);
krb5_free_keyblock(context, existing_armor);
- return retval;
+ return retval;
}
-
krb5_error_code
krb5int_fast_prep_req_body(krb5_context context,
struct krb5int_fast_request_state *state,
krb5_pa_data pa[2];
krb5_fast_req fast_req;
krb5_pa_data *tgs = NULL;
- krb5_fast_armored_req *armored_req = NULL;
+ krb5_fast_armored_req *armored_req = NULL;
krb5_data *encoded_fast_req = NULL;
krb5_data *encoded_armored_req = NULL;
krb5_data *local_encoded_result = NULL;
- int i,j;
+ int i, j;
assert(state != NULL);
assert(state->fast_outer_request.padata == NULL);
- memset(pa_array, 0, sizeof pa_array);
+ memset(pa_array, 0, sizeof(pa_array));
if (state->armor_key == NULL) {
return encoder(request, encoded_request);
}
TRACE_FAST_ENCODE(context);
state->nonce = request->nonce;
- fast_req.req_body = request;
+ fast_req.req_body = request;
if (fast_req.req_body->padata == NULL) {
fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *));
if (fast_req.req_body->padata == NULL)
}
fast_req.fast_options = state->fast_options;
if (retval == 0
- && (tgs = krb5int_find_pa_data(context,fast_req.req_body->padata,
- KRB5_PADATA_AP_REQ))) {
+ && (tgs = krb5int_find_pa_data(context, fast_req.req_body->padata,
+ KRB5_PADATA_AP_REQ)) != NULL) {
krb5_pa_data **paptr = &fast_req.req_body->padata[0];
- for (i=0,j=0;paptr[j]; j++)
+ for (i = 0, j = 0; paptr[j] != NULL; j++) {
if (paptr[j]->pa_type == KRB5_PADATA_AP_REQ)
paptr[j] = NULL;
- else paptr[i++] = paptr[j];
- paptr[i++] = NULL;
+ else
+ paptr[i++] = paptr[j];
+ }
+ paptr[i] = NULL;
}
if (retval == 0)
retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req);
if (retval == 0)
retval = encode_krb5_pa_fx_fast_request(armored_req,
&encoded_armored_req);
- if (retval==0) {
+ if (retval == 0) {
pa[0].pa_type = KRB5_PADATA_FX_FAST;
pa[0].contents = (unsigned char *) encoded_armored_req->data;
pa[0].length = encoded_armored_req->length;
if (tgs) {
pa_array[0] = tgs;
pa_array[1] = &pa[0];
- } else pa_array[0] = &pa[0];
+ } else
+ pa_array[0] = &pa[0];
}
state->fast_outer_request.padata = pa_array;
- if(retval == 0)
+ if (retval == 0)
retval = encoder(&state->fast_outer_request, &local_encoded_result);
if (retval == 0) {
*encoded_request = local_encoded_result;
{
krb5_error_code retval = 0;
krb5_error *err_reply = *err_replyptr;
- krb5_pa_data *fx_error_pa;
- krb5_pa_data **result = NULL;
- krb5_data scratch;
- krb5_error *fx_error = NULL;
- krb5_fast_response *fast_response = NULL;
- scratch.data = NULL;
+ krb5_pa_data *fx_error_pa;
+ krb5_pa_data **result = NULL;
+ krb5_data scratch = empty_data();
+ krb5_error *fx_error = NULL;
+ krb5_fast_response *fast_response = NULL;
if (out_padata)
*out_padata = NULL;
if (retry)
*retry = 0;
-
if (state->armor_key) {
retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
if (retval == 0)
* KDC seems reasonable.
*/
if (retry != NULL)
- *retry = 0;
+ *retry = 0;
krb5_free_pa_data(context, result);
- result = NULL;
return 0;
}
if (retval == 0) {
}
}
if (retval == 0) {
- scratch.data = (char *) fx_error_pa->contents;
- scratch.length = fx_error_pa->length;
+ scratch = make_data(fx_error_pa->contents, fx_error_pa->length);
retval = decode_krb5_error(&scratch, &fx_error);
}
if (retval == 0) {
*err_replyptr = fx_error;
fx_error = NULL;
if (out_padata) {
- *out_padata = fast_response->padata;
- fast_response->padata = NULL;
+ *out_padata = fast_response->padata;
+ fast_response->padata = NULL;
}
/*
* If there is more than the fx_error padata, then we want
} else { /*not FAST*/
/* Possibly retry if there's any e_data to process. */
if (retry)
- *retry = (err_reply->e_data.length > 0);
+ *retry = (err_reply->e_data.length > 0);
/* Try to decode e_data as pa-data or typed-data for out_padata. */
- if (out_padata)
- retval = decode_krb5_padata_sequence(&err_reply->e_data, out_padata);
- if ((out_padata != NULL) && (retval != 0)) {
- krb5_typed_data **tdata;
- /* krb5_typed data and krb5_pa_data are compatible structures. */
- if (decode_krb5_typed_data(&err_reply->e_data, &tdata) == 0)
- *out_padata = (krb5_pa_data **)tdata;
- retval = 0;
+ if (out_padata) {
+ retval = decode_krb5_padata_sequence(&err_reply->e_data,
+ out_padata);
+ if (retval != 0) {
+ krb5_typed_data **tdata;
+ /* krb5_typed data and krb5_pa_data are compatible. */
+ if (decode_krb5_typed_data(&err_reply->e_data, &tdata) == 0)
+ *out_padata = (krb5_pa_data **)tdata;
+ retval = 0;
+ }
}
}
- krb5_free_pa_data(context, result);
- krb5_free_fast_response(context, fast_response);
-if (fx_error)
- krb5_free_error(context, fx_error);
+ krb5_free_pa_data(context, result);
+ krb5_free_fast_response(context, fast_response);
+ if (fx_error)
+ krb5_free_error(context, fx_error);
return retval;
}
krb5_error_code retval = 0;
krb5_free_keyblock_contents(context, out_key);
if (strengthen_key) {
- retval = krb5_c_fx_cf2_simple(context, (krb5_keyblock *) strengthen_key,
- "strengthenkey", (krb5_keyblock *) existing_key,
+ retval = krb5_c_fx_cf2_simple(context, (krb5_keyblock *)strengthen_key,
+ "strengthenkey",
+ (krb5_keyblock *)existing_key,
"replykey", &key);
if (retval == 0) {
TRACE_FAST_REPLY_KEY(context, key);