kdc \
lib/apputils \
lib/crypto \
+ lib/gssapi \
lib/kadm5 \
lib/kdb \
lib/krb5 \
include/gssrpc \
lib/apputils/dummy.c \
lib/crypto/builtin/aes \
+ lib/gssapi/generic/gssapiP_generic.h \
+ lib/gssapi/generic/gssapi_ext.h \
+ lib/gssapi/krb5/gssapiP_krb5.h \
+ lib/gssapi/mechglue \
+ lib/gssapi/spnego \
lib/krb5/krb/deltat.c \
lib/krb5/unicode \
plugins/kdb/db2/libdb2 \
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
/* This code has knowledge of the min and max errors of each type
within the gssapi major status */
-#define GSS_ERROR_STR(value, array, select, min, max, num) \
- (((select(value) < (min)) || (select(value) > (max))) ? NULL : \
- (array)[num(value)])
+#define GSS_ERROR_STR(value, array, select, min, max, num) \
+ (((select(value) < (min)) || (select(value) > (max))) ? NULL : \
+ (array)[num(value)])
/**/
static const char * const calling_error = "calling error";
-#define GSS_CALLING_ERROR_STR(x) \
- GSS_ERROR_STR((x), calling_error_string, GSS_CALLING_ERROR, \
- GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \
- GSS_CALLING_ERROR_FIELD)
+#define GSS_CALLING_ERROR_STR(x) \
+ GSS_ERROR_STR((x), calling_error_string, GSS_CALLING_ERROR, \
+ GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \
+ GSS_CALLING_ERROR_FIELD)
/**/
static const char * const routine_error = "routine error";
-#define GSS_ROUTINE_ERROR_STR(x) \
- GSS_ERROR_STR((x), routine_error_string, GSS_ROUTINE_ERROR, \
- GSS_S_BAD_MECH, GSS_S_FAILURE, \
- GSS_ROUTINE_ERROR_FIELD)
+#define GSS_ROUTINE_ERROR_STR(x) \
+ GSS_ERROR_STR((x), routine_error_string, GSS_ROUTINE_ERROR, \
+ GSS_S_BAD_MECH, GSS_S_FAILURE, \
+ GSS_ROUTINE_ERROR_FIELD)
/**/
#define LSBGET(x) ((((x)^((x)-1))+1)>>1)
#define LSBMASK(n) ((1<<(n))^((1<<(n))-1))
-#define GSS_SINFO_STR(x) \
- ((((1<<(x)) < GSS_S_CONTINUE_NEEDED) || ((1<<(x)) > GSS_S_UNSEQ_TOKEN)) ? \
- /**/NULL:sinfo_string[(x)])
+#define GSS_SINFO_STR(x) \
+ ((((1<<(x)) < GSS_S_CONTINUE_NEEDED) || ((1<<(x)) > GSS_S_UNSEQ_TOKEN)) ? \
+ /**/NULL:sinfo_string[(x)])
/**/
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
#define GSSAPIGENERIC_END_DECLS
#endif
-#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\
- (buf)->value == NULL || (buf)->length == 0)
+#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL || \
+ (buf)->value == NULL || (buf)->length == 0)
GSSAPIGENERIC_BEGIN_DECLS
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
#include <stdio.h>
#include <stdarg.h>
#include <assert.h>
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* #ident "@(#)g_rel_buffer.c 1.2 96/02/06 SMI" */
/*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/* #ident "@(#)gss_release_oid_set.c 1.12 95/08/23 SMI" */
/*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2007, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
seqnum -= q->firstnum;
/* If we're only doing 32-bit values, adjust for that again.
- Note that this will probably be the wrong thing to if we get
- 2**32 messages sent with 32-bit sequence numbers. */
+ Note that this will probably be the wrong thing to if we get
+ 2**32 messages sent with 32-bit sequence numbers. */
seqnum &= q->mask;
/* rule 1: expected sequence number */
if ((seqnum < QELEM(q,q->start)) &&
/* Is top bit of whatever width we're using set?
- We used to check for greater than or equal to firstnum, but
- (1) we've since switched to compute values relative to
- firstnum, so the lowest we can have is 0, and (2) the effect
- of the original scheme was highly dependent on whether
- firstnum was close to either side of 0. (Consider
- firstnum==0xFFFFFFFE and we miss three packets; the next
- packet is *new* but would look old.)
+ We used to check for greater than or equal to firstnum, but
+ (1) we've since switched to compute values relative to
+ firstnum, so the lowest we can have is 0, and (2) the effect
+ of the original scheme was highly dependent on whether
+ firstnum was close to either side of 0. (Consider
+ firstnum==0xFFFFFFFE and we miss three packets; the next
+ packet is *new* but would look old.)
- This check should give us 2**31 or 2**63 messages "new", and
- just as many "old". That's not quite right either. */
+ This check should give us 2**31 or 2**63 messages "new", and
+ just as many "old". That's not quite right either. */
(seqnum & (1 + (q->mask >> 1)))
) {
if (q->do_replay && !q->do_sequence)
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1995 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1990,1994 by the Massachusetts Institute of Technology.
* All Rights Reserved.
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2000, 2004, 2007, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
input_token, input_chan_bindings, src_name, mech_type,
output_token, ret_flags, time_rec, delegated_cred_handle)
- OM_uint32 *minor_status;
- gss_ctx_id_t *context_handle;
- gss_cred_id_t verifier_cred_handle;
- gss_buffer_t input_token;
- gss_channel_bindings_t input_chan_bindings;
- gss_name_t *src_name;
- gss_OID *mech_type;
- gss_buffer_t output_token;
- OM_uint32 *ret_flags;
- OM_uint32 *time_rec;
- gss_cred_id_t *delegated_cred_handle;
+ OM_uint32 *minor_status;
+ gss_ctx_id_t *context_handle;
+ gss_cred_id_t verifier_cred_handle;
+ gss_buffer_t input_token;
+ gss_channel_bindings_t input_chan_bindings;
+ gss_name_t *src_name;
+ gss_OID *mech_type;
+ gss_buffer_t output_token;
+ OM_uint32 *ret_flags;
+ OM_uint32 *time_rec;
+ gss_cred_id_t *delegated_cred_handle;
{
- krb5_error_code code;
- krb5_gss_ctx_id_rec *ctx = 0;
- krb5_timestamp now;
- krb5_gss_name_t name = NULL;
- krb5_ui_4 nonce = 0;
- krb5_data ap_rep;
- OM_uint32 major_status = GSS_S_FAILURE;
-
- output_token->length = 0;
- output_token->value = NULL;
-
- if (mech_type)
- *mech_type = GSS_C_NULL_OID;
- /* return a bogus cred handle */
- if (delegated_cred_handle)
- *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-
- ctx = (krb5_gss_ctx_id_rec *)*context_handle;
-
- code = krb5_timeofday(ctx->k5_context, &now);
- if (code != 0) {
- major_status = GSS_S_FAILURE;
- goto fail;
- }
-
- if (ctx->krb_times.endtime < now) {
- code = 0;
- major_status = GSS_S_CREDENTIALS_EXPIRED;
- goto fail;
- }
-
- ap_rep.data = input_token->value;
- ap_rep.length = input_token->length;
-
- code = krb5_rd_rep_dce(ctx->k5_context,
- ctx->auth_context,
- &ap_rep,
- &nonce);
- if (code != 0) {
- major_status = GSS_S_FAILURE;
- goto fail;
- }
-
- ctx->established = 1;
-
- if (src_name) {
- if ((code = kg_duplicate_name(ctx->k5_context, ctx->there,
- KG_INIT_NAME_INTERN, &name))) {
- major_status = GSS_S_FAILURE;
- goto fail;
- }
- *src_name = (gss_name_t) name;
- }
-
- if (mech_type)
- *mech_type = ctx->mech_used;
-
- if (time_rec)
- *time_rec = ctx->krb_times.endtime - now;
-
- if (ret_flags)
- *ret_flags = ctx->gss_flags;
-
- /* XXX no support for delegated credentials yet */
-
- *minor_status = 0;
-
- return GSS_S_COMPLETE;
-
- fail:
- /* real failure code follows */
-
- (void) krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
- NULL);
- *context_handle = GSS_C_NO_CONTEXT;
- *minor_status = code;
-
- return major_status;
+ krb5_error_code code;
+ krb5_gss_ctx_id_rec *ctx = 0;
+ krb5_timestamp now;
+ krb5_gss_name_t name = NULL;
+ krb5_ui_4 nonce = 0;
+ krb5_data ap_rep;
+ OM_uint32 major_status = GSS_S_FAILURE;
+
+ output_token->length = 0;
+ output_token->value = NULL;
+
+ if (mech_type)
+ *mech_type = GSS_C_NULL_OID;
+ /* return a bogus cred handle */
+ if (delegated_cred_handle)
+ *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+ ctx = (krb5_gss_ctx_id_rec *)*context_handle;
+
+ code = krb5_timeofday(ctx->k5_context, &now);
+ if (code != 0) {
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
+
+ if (ctx->krb_times.endtime < now) {
+ code = 0;
+ major_status = GSS_S_CREDENTIALS_EXPIRED;
+ goto fail;
+ }
+
+ ap_rep.data = input_token->value;
+ ap_rep.length = input_token->length;
+
+ code = krb5_rd_rep_dce(ctx->k5_context,
+ ctx->auth_context,
+ &ap_rep,
+ &nonce);
+ if (code != 0) {
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
+
+ ctx->established = 1;
+
+ if (src_name) {
+ if ((code = kg_duplicate_name(ctx->k5_context, ctx->there,
+ KG_INIT_NAME_INTERN, &name))) {
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
+ *src_name = (gss_name_t) name;
+ }
+
+ if (mech_type)
+ *mech_type = ctx->mech_used;
+
+ if (time_rec)
+ *time_rec = ctx->krb_times.endtime - now;
+
+ if (ret_flags)
+ *ret_flags = ctx->gss_flags;
+
+ /* XXX no support for delegated credentials yet */
+
+ *minor_status = 0;
+
+ return GSS_S_COMPLETE;
+
+fail:
+ /* real failure code follows */
+
+ (void) krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
+ NULL);
+ *context_handle = GSS_C_NO_CONTEXT;
+ *minor_status = code;
+
+ return major_status;
}
static OM_uint32
kg_accept_krb5(minor_status, context_handle,
- verifier_cred_handle, input_token,
- input_chan_bindings, src_name, mech_type,
- output_token, ret_flags, time_rec,
- delegated_cred_handle)
+ verifier_cred_handle, input_token,
+ input_chan_bindings, src_name, mech_type,
+ output_token, ret_flags, time_rec,
+ delegated_cred_handle)
OM_uint32 *minor_status;
gss_ctx_id_t *context_handle;
gss_cred_id_t verifier_cred_handle;
}
#endif
- if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
- /* Samba does not send 0x8003 GSS-API checksums */
- krb5_boolean valid;
- krb5_key subkey;
- krb5_data zero;
-
- code = krb5_auth_con_getkey_k(context, auth_context, &subkey);
- if (code) {
- major_status = GSS_S_FAILURE;
- goto fail;
- }
-
- zero.length = 0;
- zero.data = "";
-
- code = krb5_k_verify_checksum(context,
- subkey,
- KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
- &zero,
- authdat->checksum,
- &valid);
- krb5_k_free_key(context, subkey);
- if (code || !valid) {
- major_status = GSS_S_BAD_SIG;
- goto fail;
- }
-
- gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
- bigend = 0;
- decode_req_message = 0;
- } else {
+ if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
+ /* Samba does not send 0x8003 GSS-API checksums */
+ krb5_boolean valid;
+ krb5_key subkey;
+ krb5_data zero;
+
+ code = krb5_auth_con_getkey_k(context, auth_context, &subkey);
+ if (code) {
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
+
+ zero.length = 0;
+ zero.data = "";
+
+ code = krb5_k_verify_checksum(context,
+ subkey,
+ KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
+ &zero,
+ authdat->checksum,
+ &valid);
+ krb5_k_free_key(context, subkey);
+ if (code || !valid) {
+ major_status = GSS_S_BAD_SIG;
+ goto fail;
+ }
+
+ gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+ bigend = 0;
+ decode_req_message = 0;
+ } else {
/* gss krb5 v1 */
/* stash this now, for later. */
/* XXX move this into gss_name_t */
if ( (code = krb5_merge_authdata(context,
- ticket->enc_part2->authorization_data,
+ ticket->enc_part2->authorization_data,
authdat->authorization_data,
- &ctx->authdata))) {
+ &ctx->authdata))) {
major_status = GSS_S_FAILURE;
goto fail;
}
*src_name = (gss_name_t) name;
if (delegated_cred_handle) {
- if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) {
+ if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) {
major_status = GSS_S_FAILURE;
code = G_VALIDATE_FAILED;
goto fail;
}
return kg_accept_krb5(minor_status, context_handle,
- verifier_cred_handle, input_token,
- input_chan_bindings, src_name, mech_type,
- output_token, ret_flags, time_rec,
- delegated_cred_handle);
+ verifier_cred_handle, input_token,
+ input_chan_bindings, src_name, mech_type,
+ output_token, ret_flags, time_rec,
+ delegated_cred_handle);
}
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
OM_uint32
gss_krb5int_set_cred_rcache(OM_uint32 *minor_status,
- gss_cred_id_t cred_handle,
- const gss_OID desired_oid,
- const gss_buffer_t value)
+ gss_cred_id_t cred_handle,
+ const gss_OID desired_oid,
+ const gss_buffer_t value)
{
- krb5_gss_cred_id_t cred;
- krb5_error_code code;
- krb5_context context;
- krb5_rcache rcache;
+ krb5_gss_cred_id_t cred;
+ krb5_error_code code;
+ krb5_context context;
+ krb5_rcache rcache;
- assert(value->length == sizeof(rcache));
+ assert(value->length == sizeof(rcache));
- if (value->length != sizeof(rcache))
- return GSS_S_FAILURE;
+ if (value->length != sizeof(rcache))
+ return GSS_S_FAILURE;
- rcache = (krb5_rcache)value->value;
+ rcache = (krb5_rcache)value->value;
- if (cred_handle == GSS_C_NO_CREDENTIAL)
- return GSS_S_NO_CRED;
+ if (cred_handle == GSS_C_NO_CREDENTIAL)
+ return GSS_S_NO_CRED;
- cred = (krb5_gss_cred_id_t)cred_handle;
+ cred = (krb5_gss_cred_id_t)cred_handle;
- code = krb5_gss_init_context(&context);
- if (code) {
- *minor_status = code;
- return GSS_S_FAILURE;
- }
- if (cred->rcache != NULL) {
- code = krb5_rc_close(context, cred->rcache);
- if (code) {
- *minor_status = code;
- krb5_free_context(context);
- return GSS_S_FAILURE;
- }
- }
+ code = krb5_gss_init_context(&context);
+ if (code) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
+ if (cred->rcache != NULL) {
+ code = krb5_rc_close(context, cred->rcache);
+ if (code) {
+ *minor_status = code;
+ krb5_free_context(context);
+ return GSS_S_FAILURE;
+ }
+ }
- cred->rcache = rcache;
+ cred->rcache = rcache;
- krb5_free_context(context);
+ krb5_free_context(context);
- *minor_status = 0;
- return GSS_S_COMPLETE;
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
}
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2000, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/canon_name.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
#include "gssapiP_krb5.h"
OM_uint32 KRB5_CALLCONV
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/duplicate_name.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/export_name.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/export_sec_context.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
return GSS_S_COMPLETE;
}
-#define g_OID_prefix_equal(o1, o2) \
- (((o1)->length >= (o2)->length) && \
- (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
+#define g_OID_prefix_equal(o1, o2) \
+ (((o1)->length >= (o2)->length) && \
+ (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
/*
* gss_inquire_sec_context_by_oid() methods
return GSS_S_NO_CONTEXT;
for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/
- sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
+ sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_sec_context_by_oid_ops[i].oid)) {
return (*krb5_gss_inquire_sec_context_by_oid_ops[i].func)(minor_status,
context_handle,
#if 0
for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/
- sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
+ sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_cred_by_oid_ops[i].oid)) {
return (*krb5_gss_inquire_cred_by_oid_ops[i].func)(minor_status,
cred_handle,
#if 0
for (i = 0; i < sizeof(krb5_gss_set_sec_context_option_ops)/
- sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
+ sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
if (g_OID_prefix_equal(desired_object, &krb5_gss_set_sec_context_option_ops[i].oid)) {
return (*krb5_gss_set_sec_context_option_ops[i].func)(minor_status,
context_handle,
return major_status;
for (i = 0; i < sizeof(krb5_gssspi_set_cred_option_ops)/
- sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) {
+ sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) {
if (g_OID_prefix_equal(desired_object, &krb5_gssspi_set_cred_option_ops[i].oid)) {
return (*krb5_gssspi_set_cred_option_ops[i].func)(minor_status,
cred_handle,
return GSS_S_CALL_INACCESSIBLE_READ;
for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/
- sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
+ sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
desired_mech,
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/import_sec_context.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2000, 2002, 2003, 2007, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
krb5_creds mcreds;
flags |= KRB5_GC_CANONICALIZE |
- KRB5_GC_NO_STORE |
- KRB5_GC_CONSTRAINED_DELEGATION;
+ KRB5_GC_NO_STORE |
+ KRB5_GC_CONSTRAINED_DELEGATION;
memset(&mcreds, 0, sizeof(mcreds));
ap_rep.length = input_token->length;
ap_rep.data = (char *)input_token->value;
} else if (g_verify_token_header(ctx->mech_used,
- &(ap_rep.length),
- &ptr, KG_TOK_CTX_AP_REP,
- input_token->length, 1)) {
+ &(ap_rep.length),
+ &ptr, KG_TOK_CTX_AP_REP,
+ input_token->length, 1)) {
if (g_verify_token_header((gss_OID) ctx->mech_used,
&(ap_rep.length),
&ptr, KG_TOK_CTX_ERROR,
/*SUPPRESS 29*/
if (*context_handle == GSS_C_NO_CONTEXT) {
major_status = kg_new_connection(minor_status, cred, context_handle,
- target_name, mech_type, req_flags,
- time_req, input_chan_bindings,
- input_token, actual_mech_type,
- output_token, ret_flags, time_rec,
- context, default_mech);
+ target_name, mech_type, req_flags,
+ time_req, input_chan_bindings,
+ input_token, actual_mech_type,
+ output_token, ret_flags, time_rec,
+ context, default_mech);
k5_mutex_unlock(&cred->lock);
if (*context_handle == GSS_C_NO_CONTEXT) {
save_error_info (*minor_status, context);
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
OM_uint32
gss_krb5int_extract_authz_data_from_sec_context(
- OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- const gss_OID desired_object,
- gss_buffer_set_t *data_set)
+ OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
{
OM_uint32 major_status;
krb5_gss_ctx_id_rec *ctx;
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2000, 2007 by the Massachusetts Institute of Technology.
* All Rights Reserved.
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/inq_names.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
/* Only default qop or matching established cryptosystem is allowed.
- There are NO EXTENSIONS to this set for AES and friends! The
- new spec says "just use 0". The old spec plus extensions would
- actually allow for certain non-zero values. Fix this to handle
- them later. */
+ There are NO EXTENSIONS to this set for AES and friends! The
+ new spec says "just use 0". The old spec plus extensions would
+ actually allow for certain non-zero values. Fix this to handle
+ them later. */
if (qop_req != 0) {
*minor_status = (OM_uint32) G_UNKNOWN_QOP;
return GSS_S_FAILURE;
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/k5sealiov.c
*
return (ctx->krb_times.endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
}
-#define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \
- (_iov)->buffer.length = 0; } \
- while (0)
+#define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \
+ (_iov)->buffer.length = 0; } \
+ while (0)
OM_uint32
kg_seal_iov_length(OM_uint32 *minor_status,
code = krb5_c_crypto_length(context, enctype,
conf_req_flag ?
- KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
+ KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
&k5_trailerlen);
if (code != 0) {
*minor_status = code;
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/k5sealv3.c
*
#ifdef CFX_EXERCISE
rrc = rand() & 0xffff;
if (gss_krb5int_rotate_left(outbuf+16, bufsize-16,
- (bufsize-16) - (rrc % (bufsize - 16))))
+ (bufsize-16) - (rrc % (bufsize - 16))))
store_16_be(rrc, outbuf+6);
/* If the rotate fails, don't worry about it. */
#endif
rrc = rand() & 0xffff;
/* If the rotate fails, don't worry about it. */
if (gss_krb5int_rotate_left(outbuf+16, bufsize-16,
- (bufsize-16) - (rrc % (bufsize - 16))))
+ (bufsize-16) - (rrc % (bufsize - 16))))
store_16_be(rrc, outbuf+6);
#endif
/* Fix up EC field. */
/* Two things to note here.
- First, we can't really enforce the use of the acceptor's subkey,
- if we're the acceptor; the initiator may have sent messages
- before getting the subkey. We could probably enforce it if
- we're the initiator.
-
- Second, if someone tweaks the code to not set the flag telling
- the krb5 library to generate a new subkey in the AP-REP
- message, the MIT library may include a subkey anyways --
- namely, a copy of the AP-REQ subkey, if it was provided. So
- the initiator may think we wanted a subkey, and set the flag,
- even though we weren't trying to set the subkey. The "other"
- key, the one not asserted by the acceptor, will have the same
- value in that case, though, so we can just ignore the flag. */
+ First, we can't really enforce the use of the acceptor's subkey,
+ if we're the acceptor; the initiator may have sent messages
+ before getting the subkey. We could probably enforce it if
+ we're the initiator.
+
+ Second, if someone tweaks the code to not set the flag telling
+ the krb5 library to generate a new subkey in the AP-REP
+ message, the MIT library may include a subkey anyways --
+ namely, a copy of the AP-REQ subkey, if it was provided. So
+ the initiator may think we wanted a subkey, and set the flag,
+ even though we weren't trying to set the subkey. The "other"
+ key, the one not asserted by the acceptor, will have the same
+ value in that case, though, so we can just ignore the flag. */
if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
key = ctx->acceptor_subkey;
cksumtype = ctx->acceptor_subkey_cksumtype;
*conf_state = 1;
/* Do we have no decrypt_size function?
- For all current cryptosystems, the ciphertext size will
- be larger than the plaintext size. */
+ For all current cryptosystems, the ciphertext size will
+ be larger than the plaintext size. */
cipher.enctype = key->keyblock.enctype;
cipher.ciphertext.length = bodysize - 16;
cipher.ciphertext.data = (char *)ptr + 16;
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/k5sealv3iov.c
*
code = krb5_c_crypto_length(context, key->keyblock.enctype,
conf_flag ? KRB5_CRYPTO_TYPE_TRAILER :
- KRB5_CRYPTO_TYPE_CHECKSUM,
+ KRB5_CRYPTO_TYPE_CHECKSUM,
&k5_trailerlen);
if (code != 0) {
*minor_status = code;
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2001, 2007 by the Massachusetts Institute of Technology.
* Copyright 1993 by OpenVision Technologies, Inc.
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/k5unsealiov.c
*
ttrailer->buffer.length = ec + (conf_req_flag ? 16 : 0 /* E(Header) */) + k5_trailerlen;
ttrailer->buffer.value = (unsigned char *)stream->buffer.value +
- stream->buffer.length - ttrailer->buffer.length;
+ stream->buffer.length - ttrailer->buffer.length;
break;
}
case KG_TOK_MIC_MSG:
/* validate lengths */
if (stream->buffer.length < theader->buffer.length +
- tpadding->buffer.length +
- ttrailer->buffer.length)
+ tpadding->buffer.length +
+ ttrailer->buffer.length)
{
code = (OM_uint32)KRB5_BAD_MSIZE;
major_status = GSS_S_DEFECTIVE_TOKEN;
/* setup data */
tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length -
- tpadding->buffer.length - theader->buffer.length;
+ tpadding->buffer.length - theader->buffer.length;
assert(data != NULL);
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/lucid_context.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/naming_exts.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/rel_oid.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2009 by the Massachusetts Institute of Technology.
* All Rights Reserved.
kg_is_initiator_cred(krb5_gss_cred_id_t cred)
{
return (cred->usage == GSS_C_INITIATE || cred->usage == GSS_C_BOTH) &&
- (cred->ccache != NULL);
+ (cred->ccache != NULL);
}
static OM_uint32
code = krb5_cc_initialize(context, cred->ccache,
cred->proxy_cred ? impersonator_cred->name->princ :
- subject_creds->client);
+ subject_creds->client);
if (code != 0)
goto cleanup;
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/ser_sctx.c
*
&required);
}
}
- *sizep += required;
+ *sizep += required;
}
return(kret);
}
/* Now get substructure data */
kret = krb5_internalize_opaque(kcontext,
KV5M_PRINCIPAL,
- (krb5_pointer *) &princ,
- &bp, &remain);
+ (krb5_pointer *) &princ,
+ &bp, &remain);
if (kret == 0) {
kret = kg_init_name(kcontext, princ, NULL,
KG_INIT_NAME_NO_COPY, &ctx->here);
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/set_allowable_enctypes.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* lib/gssapi/krb5/set_ccache.c
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2001, 2008 by the Massachusetts Institute of Technology.
* Copyright 1993 by OpenVision Technologies, Inc.
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2001, 2009 by the Massachusetts Institute of Technology.
* Copyright 1993 by OpenVision Technologies, Inc.
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1997, 2007 by Massachusetts Institute of Technology
* All Rights Reserved.
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 by OpenVision Technologies, Inc.
*
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2000 by the Massachusetts Institute of Technology.
* All Rights Reserved.
krb5_enctype enctype;
key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey
- : ctx->subkey;
+ : ctx->subkey;
enctype = key->keyblock.enctype;
while (sz > 0 && krb5_encrypt_size(sz, enctype) + 16 > req_output_size)
size_t cksumsize;
cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype
- : ctx->cksumtype;
+ : ctx->cksumtype;
err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize);
if (err) {