static int verbose = 1;
static int spnego = 0;
static gss_OID_desc gss_spnego_mechanism_oid_desc =
- {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
+{6, (void *)"\x2b\x06\x01\x05\x05\x02"};
static void
usage()
#define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80 /* bad digest algorithm in SignedData */
#define KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED 81
#define KRB_AP_ERR_IAKERB_KDC_NOT_FOUND 85 /* The IAKERB proxy could
-not find a KDC */
+ not find a KDC */
#define KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE 86 /* The KDC did not respond
-to the IAKERB proxy */
+ to the IAKERB proxy */
/*
* This structure is returned in the e-data field of the KRB-ERROR
{
fprintf(stderr, _("usage: add_principal [options] principal\n"));
fprintf(stderr, _("\toptions are:\n"));
- fprintf(stderr, _("\t\t[-x db_princ_args]* [-expire expdate] "
- "[-pwexpire pwexpdate] [-maxlife maxtixlife]\n"
- "\t\t[-kvno kvno] [-policy policy] [-clearpolicy] [-randkey]\n"
- "\t\t[-pw password] [-maxrenewlife maxrenewlife]\n"
- "\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n")
- );
+ fprintf(stderr,
+ _("\t\t[-x db_princ_args]* [-expire expdate] "
+ "[-pwexpire pwexpdate] [-maxlife maxtixlife]\n"
+ "\t\t[-kvno kvno] [-policy policy] [-clearpolicy] [-randkey]\n"
+ "\t\t[-pw password] [-maxrenewlife maxrenewlife]\n"
+ "\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n")
+ );
fprintf(stderr, _("\tattributes are:\n"));
fprintf(stderr,
_("\t\tallow_postdated allow_forwardable allow_tgs_req "
_("%s: could not initialize loop, aborting"),
whoami);
fprintf(stderr, _("%s: could not initialize loop, aborting\n"),
- whoami);
+ whoami);
kadm5_destroy(global_server_handle);
krb5_klog_close(context);
exit(1);
if ((ret = loop_add_udp_port(server_handle->params.kpasswd_port))
|| (ret = loop_add_tcp_port(server_handle->params.kpasswd_port))
|| (ret = loop_add_rpc_service(server_handle->params.kadmind_port,
- KADM, KADMVERS, kadm_1))
+ KADM, KADMVERS, kadm_1))
#ifndef DISABLE_IPROP
|| (server_handle->params.iprop_enabled
? (ret = loop_add_rpc_service(server_handle->params.iprop_port,
- KRB5_IPROP_PROG, KRB5_IPROP_VERS,
- krb5_iprop_prog_1))
+ KRB5_IPROP_PROG, KRB5_IPROP_VERS,
+ krb5_iprop_prog_1))
: 0)
#endif
#undef server_handle
#endif
};
-#define NUM_STATIC_PREAUTH_SYSTEMS (sizeof(static_preauth_systems) / \
+#define NUM_STATIC_PREAUTH_SYSTEMS (sizeof(static_preauth_systems) / \
sizeof(*static_preauth_systems))
static preauth_system *preauth_systems;
krb5_data *out = NULL;
krb5_pa_data pa, *pa_in;
pa_in = krb5int_find_pa_data(kdc_context, request->padata,
- KRB5_ENCPADATA_REQ_ENC_PA_REP);
+ KRB5_ENCPADATA_REQ_ENC_PA_REP);
if (pa_in == NULL)
return 0;
pa.magic = KV5M_PA_DATA;
#if !defined(__cplusplus) && (__GNUC__ > 2)
__attribute__((__format__(__printf__, 3, 4)))
#endif
-;
+ ;
/* policy.c */
int
OM_uint32
generic_gss_display_mech_attr(
- OM_uint32 *minor_status,
- gss_const_OID mech_attr,
- gss_buffer_t name,
- gss_buffer_t short_desc,
- gss_buffer_t long_desc)
+ OM_uint32 *minor_status,
+ gss_const_OID mech_attr,
+ gss_buffer_t name,
+ gss_buffer_t short_desc,
+ gss_buffer_t long_desc)
{
size_t i;
delegated_cred_handle,
&exts);
}
-
k5_mutex_destroy(&name.lock);
return code;
}
-
*mech_type = (gss_OID)gss_mech_krb5;
return GSS_S_COMPLETE;
} else if (sasl_mech_name->length == GS2_IAKERB_SASL_NAME_LEN &&
- memcmp(sasl_mech_name->value,
- GS2_IAKERB_SASL_NAME, GS2_IAKERB_SASL_NAME_LEN) == 0) {
+ memcmp(sasl_mech_name->value,
+ GS2_IAKERB_SASL_NAME, GS2_IAKERB_SASL_NAME_LEN) == 0) {
if (mech_type != NULL)
*mech_type = (gss_OID)gss_mech_iakerb;
return GSS_S_COMPLETE;
if (!g_make_string_buffer(GS2_IAKERB_SASL_NAME, sasl_mech_name) ||
!g_make_string_buffer("iakerb", mech_name) ||
!g_make_string_buffer("Initial and Pass Through Authentication "
- "Kerberos Mechanism (IAKERB)", mech_description))
+ "Kerberos Mechanism (IAKERB)",
+ mech_description))
goto fail;
} else {
if (!g_make_string_buffer(GS2_KRB5_SASL_NAME, sasl_mech_name) ||
if (GSS_ERROR(major))
goto cleanup;
-#define MA_SUPPORTED(ma) do { \
- major = gss_add_oid_set_member(minor_status, (gss_OID)ma, mech_attrs); \
- if (GSS_ERROR(major)) \
- goto cleanup; \
+#define MA_SUPPORTED(ma) do { \
+ major = gss_add_oid_set_member(minor_status, (gss_OID)ma, \
+ mech_attrs); \
+ if (GSS_ERROR(major)) \
+ goto cleanup; \
} while (0)
MA_SUPPORTED(GSS_C_MA_MECH_CONCRETE);
goto do_getpwuid;
#endif
} else if (g_OID_equal(input_name_type, gss_nt_exported_name)) {
-#define BOUNDS_CHECK(cp, end, n) \
+#define BOUNDS_CHECK(cp, end, n) \
do { if ((end) - (cp) < (n)) goto fail_name; } while (0)
cp = (unsigned char *)tmp;
end = cp + input_name_buffer->length;
*minor_status = (OM_uint32)code;
return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
}
-
return GSS_S_COMPLETE;
}
-
/* for each requested mech attempt to obtain a credential */
for (i = 0; i < mechs->count; i++) {
major = gss_add_cred_with_password(minor_status, (gss_cred_id_t)creds,
- desired_name,
+ desired_name,
&mechs->elements[i],
password,
cred_usage, time_req, time_req, NULL,
OM_uint32 KRB5_CALLCONV
gss_indicate_mechs_by_attrs(
- OM_uint32 *minor,
- gss_const_OID_set desired_mech_attrs,
- gss_const_OID_set except_mech_attrs,
- gss_const_OID_set critical_mech_attrs,
- gss_OID_set *mechs)
+ OM_uint32 *minor,
+ gss_const_OID_set desired_mech_attrs,
+ gss_const_OID_set except_mech_attrs,
+ gss_const_OID_set critical_mech_attrs,
+ gss_OID_set *mechs)
{
OM_uint32 status, tmpMinor;
gss_OID_set allMechs = GSS_C_NO_OID_SET;
OM_uint32 KRB5_CALLCONV
gss_inquire_attrs_for_mech(
- OM_uint32 *minor,
- gss_const_OID mech_oid,
- gss_OID_set *mech_attrs,
- gss_OID_set *known_mech_attrs)
+ OM_uint32 *minor,
+ gss_const_OID mech_oid,
+ gss_OID_set *mech_attrs,
+ gss_OID_set *known_mech_attrs)
{
OM_uint32 status, tmpMinor;
gss_mechanism mech;
OM_uint32 KRB5_CALLCONV
gss_display_mech_attr(
- OM_uint32 *minor,
- gss_const_OID mech_attr,
- gss_buffer_t name,
- gss_buffer_t short_desc,
- gss_buffer_t long_desc)
+ OM_uint32 *minor,
+ gss_const_OID mech_attr,
+ gss_buffer_t name,
+ gss_buffer_t short_desc,
+ gss_buffer_t long_desc)
{
return generic_gss_display_mech_attr(minor, mech_attr,
name, short_desc, long_desc);
krb5_error_code
pwqual_princ_initvt(krb5_context context, int maj_ver, int min_ver,
- krb5_plugin_vtable vtable)
+ krb5_plugin_vtable vtable)
{
krb5_pwqual_vtable vt;
{
decode_ptr( krb5_fast_finished *, asn1_decode_fast_finished);
}
-
*/
#include "asn1_k_decode_macros.h"
-
+
asn1_error_code
asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val)
{
val->padata = NULL;
return retval;
}
-
+
asn1_error_code
asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val)
{
#define clean_return(val) { retval = val; goto error_out; }
/* Declare useful decoder variables. */
-#define setup() \
- asn1_error_code retval; \
- asn1_class asn1class; \
- asn1_construction construction KRB5_ATTR_UNUSED; \
- asn1_tagnum tagnum; \
+#define setup() \
+ asn1_error_code retval; \
+ asn1_class asn1class; \
+ asn1_construction construction KRB5_ATTR_UNUSED; \
+ asn1_tagnum tagnum; \
unsigned int length, taglen KRB5_ATTR_UNUSED
#define unused_var(x) if (0) { x = 0; x = x - x; }
krb5_free_predicted_sam_response_contents(NULL, val);
return retval;
}
-
}
DEFSEQTYPE(iakerb_finished, krb5_iakerb_finished, iakerb_finished_fields,
-iakerb_finished_optional);
+ iakerb_finished_optional);
/* Exported complete encoders -- these produce a krb5_data with
the encoding in the correct byte order. */
cleanup(free);
}
-
+
krb5_error_code
decode_krb5_fast_req(const krb5_data *code, krb5_fast_req **repptr)
{
cleanup(free);
}
#endif /* DISABLE_PKINIT */
-
retval = asn1buf_wrap_data(&buf,code); \
if (retval) return retval
-#define setup_no_tagnum(type) \
- asn1_class asn1class KRB5_ATTR_UNUSED; \
- asn1_construction construction KRB5_ATTR_UNUSED; \
+#define setup_no_tagnum(type) \
+ asn1_class asn1class KRB5_ATTR_UNUSED; \
+ asn1_construction construction KRB5_ATTR_UNUSED; \
setup_buf_only(type)
#define setup_no_length(type) \
krb5_error_code
krb5int_copy_authdatum(krb5_context context,
- const krb5_authdata *inad, krb5_authdata **outad)
+ const krb5_authdata *inad, krb5_authdata **outad)
{
krb5_authdata *tmpad;
}
fctx->out[fctx->length+1] = NULL;
retval = krb5int_copy_authdatum(context, elem,
- &fctx->out[fctx->length]);
+ &fctx->out[fctx->length]);
if (retval == 0)
fctx->length++;
return retval;
if (inauthdat1) {
for (nelems = 0; inauthdat1[nelems]; nelems++) {
retval = krb5int_copy_authdatum(context, inauthdat1[nelems],
- &tempauthdat[nelems]);
+ &tempauthdat[nelems]);
if (retval) {
krb5_free_authdata(context, tempauthdat);
return retval;
if (inauthdat2) {
for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) {
retval = krb5int_copy_authdatum(context, inauthdat2[nelems2],
- &tempauthdat[nelems++]);
+ &tempauthdat[nelems++]);
if (retval) {
krb5_free_authdata(context, tempauthdat);
return retval;
&ccache);
if (retval == 0) {
retval = krb5int_tgtname(context, target_realm, target_realm,
- &target_principal);
+ &target_principal);
}
if (retval == 0) {
krb5_data config_data;
static krb5_error_code
gic_opte_copy(krb5_context context,
- krb5_get_init_creds_opt *opt,
- krb5_gic_opt_ext **opte)
+ krb5_get_init_creds_opt *opt,
+ krb5_gic_opt_ext **opte)
{
krb5_gic_opt_ext *oe;
* The context being NULL is ok.
*/
krb5_win_ccdll_load(ctx);
-p
- /*
- * krb5_vercheck() is defined in win_glue.c, and this is
- * where we handle the timebomb and version server checks.
- */
- retval = krb5_vercheck();
+ p
+ /*
+ * krb5_vercheck() is defined in win_glue.c, and this is
+ * where we handle the timebomb and version server checks.
+ */
+ retval = krb5_vercheck();
if (retval)
return retval;
#endif
krb5_error_code
krb5int_tgtname(krb5_context context, const krb5_data *, const krb5_data *,
- krb5_principal *);
+ krb5_principal *);
krb5_error_code
krb5int_libdefault_boolean(krb5_context, const krb5_data *, const char *,
* If decrypting with the subsession key fails, perhaps the
* credentials are stored in the session key so try decrypting with that.
*/
- if (auth_context->recv_subkey == NULL ||
- (retval = krb5_rd_cred_basic(context, pcreddata,
- auth_context->recv_subkey,
- &replaydata, pppcreds))) {
- retval = krb5_rd_cred_basic(context, pcreddata,
- auth_context->key,
- &replaydata, pppcreds);
- if (retval)
- return retval;
+ if (auth_context->recv_subkey == NULL ||
+ (retval = krb5_rd_cred_basic(context, pcreddata,
+ auth_context->recv_subkey,
+ &replaydata, pppcreds))) {
+ retval = krb5_rd_cred_basic(context, pcreddata,
+ auth_context->key,
+ &replaydata, pppcreds);
+ if (retval)
+ return retval;
}
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
*out_authdata = authdata;
- return 0;
+ return 0;
}
static krb5_error_code
const krb5_data *attribute,
krb5_boolean *authenticated,
krb5_boolean *complete,
- krb5_data *value,
- krb5_data *display_value,
+ krb5_data *value,
+ krb5_data *display_value,
int *more)
{
struct s4u2proxy_context *s4uctx = (struct s4u2proxy_context *)request_context;
if (code != 0)
return code;
}
-
+
*sizep += sizeof(krb5_int32); /* authenticated flag */
return code;
if (code != 0)
return code;
}
-
+
krb5_ser_pack_int32(s4uctx->authenticated, &bp, &remain); /* authenticated */
*buffer = bp;
s4u2proxy_internalize,
s4u2proxy_copy
};
-
return krb5_copy_principal(context,
anonymous ? in_creds->server
- : in_creds->client,
+ : in_creds->client,
canon_user);
}
if (in_creds->client != NULL &&
in_creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
- /* Post-canonicalisation check for enterprise principals */
- krb5_creds mcreds = *in_creds;
- mcreds.client = realm;
- code = krb5_get_credentials(context, options | KRB5_GC_CACHED,
- ccache, &mcreds, out_creds);
- if ((code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE)
- || (options & KRB5_GC_CACHED))
- goto cleanup;
+ /* Post-canonicalisation check for enterprise principals */
+ krb5_creds mcreds = *in_creds;
+ mcreds.client = realm;
+ code = krb5_get_credentials(context, options | KRB5_GC_CACHED,
+ ccache, &mcreds, out_creds);
+ if ((code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE)
+ || (options & KRB5_GC_CACHED))
+ goto cleanup;
}
code = krb5_get_self_cred_from_kdc(context, options, ccache,
static krb5_error_code
prompter_cb(krb5_context ctx, void *data, const char *name,
- const char *banner, int num_prompts, krb5_prompt prompts[])
+ const char *banner, int num_prompts, krb5_prompt prompts[])
{
/* Not expecting any actual prompts, only banners. */
assert(num_prompts == 0);
static void
expire_cb(krb5_context ctx, void *data, krb5_timestamp password_expiration,
- krb5_timestamp account_expiration, krb5_boolean is_last_req)
+ krb5_timestamp account_expiration, krb5_boolean is_last_req)
{
printf("password_expiration = %ld\n", (long)password_expiration);
printf("account_expiration = %ld\n", (long)account_expiration);
krb5_creds creds;
if (argc < 4) {
- fprintf(stderr, "Usage: %s username password {1|0} [service]\n",
- argv[0]);
- return 1;
+ fprintf(stderr, "Usage: %s username password {1|0} [service]\n",
+ argv[0]);
+ return 1;
}
user = argv[1];
password = argv[2];
use_cb = atoi(argv[3]);
if (argc >= 5)
- service = argv[4];
+ service = argv[4];
assert(krb5_init_context(&ctx) == 0);
assert(krb5_get_init_creds_opt_alloc(ctx, &opt) == 0);
if (use_cb) {
- assert(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb,
- &exp_dummy) == 0);
+ assert(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb,
+ &exp_dummy) == 0);
}
assert(krb5_parse_name(ctx, user, &client) == 0);
assert(krb5_get_init_creds_password(ctx, &creds, client, password,
- prompter_cb, &prompt_dummy, 0, service,
- opt) == 0);
+ prompter_cb, &prompt_dummy, 0, service,
+ opt) == 0);
krb5_get_init_creds_opt_free(ctx, opt);
krb5_free_principal(ctx, client);
krb5_free_cred_contents(ctx, &creds);
assert(krb5_cc_close(context, ccache) == 0);
if (krb5_verify_init_creds(context, &creds, NULL, NULL, NULL, NULL) != 0)
- return 1;
+ return 1;
return 0;
}
*/
static krb5_error_code
get_new_creds(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds,
- krb5_flags kdcopt, krb5_creds **out_creds)
+ krb5_flags kdcopt, krb5_creds **out_creds)
{
krb5_error_code code;
krb5_creds old_creds, *new_creds = NULL;
/* Retrieve an existing cached credential matching in_creds. */
code = krb5_cc_retrieve_cred(context, ccache, KRB5_TC_SUPPORTED_KTYPES,
- in_creds, &old_creds);
+ in_creds, &old_creds);
if (code != 0)
- return code;
+ return code;
/* Use KDC options from old credential as well as requested options. */
kdcopt |= (old_creds.ticket_flags & KDC_TKT_COMMON_MASK);
/* Use the old credential to get a new credential from the KDC. */
code = krb5_get_cred_via_tkt(context, &old_creds, kdcopt,
- old_creds.addresses, in_creds, &new_creds);
+ old_creds.addresses, in_creds, &new_creds);
krb5_free_cred_contents(context, &old_creds);
if (code != 0)
- return code;
+ return code;
*out_creds = new_creds;
return code;
*/
static krb5_error_code
gc_valrenew(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds,
- krb5_flags kdcopt, krb5_creds **out_creds)
+ krb5_flags kdcopt, krb5_creds **out_creds)
{
krb5_error_code code;
krb5_creds *new_creds = NULL;
/* Get the validated or renewed credential. */
code = get_new_creds(context, ccache, in_creds, kdcopt, &new_creds);
if (code != 0)
- goto cleanup;
+ goto cleanup;
/* Reinitialize the cache without changing its default principal. */
code = krb5_cc_get_principal(context, ccache, &default_princ);
/* Store the validated or renewed cred in the now-empty cache. */
code = krb5_cc_store_cred(context, ccache, new_creds);
if (code != 0)
- goto cleanup;
+ goto cleanup;
*out_creds = new_creds;
new_creds = NULL;
*/
static krb5_error_code
get_valrenewed_creds(krb5_context context, krb5_creds *out_creds,
- krb5_principal client, krb5_ccache ccache,
- char *in_tkt_service, int kdcopt)
+ krb5_principal client, krb5_ccache ccache,
+ char *in_tkt_service, int kdcopt)
{
krb5_error_code code;
krb5_creds in_creds, *new_creds;
krb5_principal server = NULL;
if (in_tkt_service != NULL) {
- /* Parse in_tkt_service, but use the client's realm. */
- code = krb5_parse_name(context, in_tkt_service, &server);
- if (code != 0)
- goto cleanup;
- krb5_free_data_contents(context, &server->realm);
- code = krb5int_copy_data_contents(context, &client->realm,
- &server->realm);
- if (code != 0)
- goto cleanup;
+ /* Parse in_tkt_service, but use the client's realm. */
+ code = krb5_parse_name(context, in_tkt_service, &server);
+ if (code != 0)
+ goto cleanup;
+ krb5_free_data_contents(context, &server->realm);
+ code = krb5int_copy_data_contents(context, &client->realm,
+ &server->realm);
+ if (code != 0)
+ goto cleanup;
} else {
- /* Use the TGT name for the client's realm. */
- code = krb5int_tgtname(context, &client->realm, &client->realm,
- &server);
- if (code != 0)
- goto cleanup;
+ /* Use the TGT name for the client's realm. */
+ code = krb5int_tgtname(context, &client->realm, &client->realm,
+ &server);
+ if (code != 0)
+ goto cleanup;
}
memset(&in_creds, 0, sizeof(krb5_creds));
/* Get the validated or renewed credential from the KDC. */
code = get_new_creds(context, ccache, &in_creds, kdcopt, &new_creds);
if (code != 0)
- goto cleanup;
+ goto cleanup;
/* Fill in *out_creds and free the unwanted new_creds container. */
*out_creds = *new_creds;
krb5_error_code KRB5_CALLCONV
krb5_get_validated_creds(krb5_context context, krb5_creds *creds,
- krb5_principal client, krb5_ccache ccache,
- char *in_tkt_service)
+ krb5_principal client, krb5_ccache ccache,
+ char *in_tkt_service)
{
return get_valrenewed_creds(context, creds, client, ccache,
- in_tkt_service, KDC_OPT_VALIDATE);
+ in_tkt_service, KDC_OPT_VALIDATE);
}
krb5_error_code KRB5_CALLCONV
krb5_get_renewed_creds(krb5_context context, krb5_creds *creds,
- krb5_principal client, krb5_ccache ccache,
- char *in_tkt_service)
+ krb5_principal client, krb5_ccache ccache,
+ char *in_tkt_service)
{
return get_valrenewed_creds(context, creds, client, ccache,
- in_tkt_service, KDC_OPT_RENEW);
+ in_tkt_service, KDC_OPT_RENEW);
}
static krb5_error_code
locate_srv_conf_1(krb5_context context, const krb5_data *realm,
- const char * name, struct serverlist *serverlist,
- int socktype, int udpport, int sec_udpport)
+ const char * name, struct serverlist *serverlist,
+ int socktype, int udpport, int sec_udpport)
{
const char *realm_srv_names[4];
char **hostlist, *host, *port, *cp;
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
- *
+ *
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
return retval;
dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC,
- 0600);
+ 0600);
if (dbc->db_lf_file < 0) {
retval = errno;
goto cleanup;
if (mkey->enctype != ENCTYPE_UNKNOWN)
code = krb5_dbe_def_decrypt_key_data(context, mkey, key_data,
- kkey, keysalt);
+ kkey, keysalt);
else
code = kh_decrypt_key(context, kh, key_data, kkey, keysalt);
#define CMS_get1_crls(_p7) (_p7->d.sign->crl)
#define CMS_get1_certs(_p7) (_p7->d.sign->cert)
#define CMS_ContentInfo_free(_p7) PKCS7_free(_p7)
-#define pkinit_CMS_SignerInfo_get_cert(_p7,_si,_x509_pp) \
+#define pkinit_CMS_SignerInfo_get_cert(_p7,_si,_x509_pp) \
(*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
#endif
if ((sr2->sam_enc_nonce_or_sad.ciphertext.data == NULL) ||
(sr2->sam_enc_nonce_or_sad.ciphertext.length <= 0)) {
- retval = KRB5KDC_ERR_PREAUTH_FAILED;
- krb5_set_error_message(context, retval,
- "No preauth data supplied in "
- "verify_securid_data_2 (%s)", user);
- goto cleanup;
+ retval = KRB5KDC_ERR_PREAUTH_FAILED;
+ krb5_set_error_message(context, retval,
+ "No preauth data supplied in "
+ "verify_securid_data_2 (%s)", user);
+ goto cleanup;
}
retval = krb5_dbe_find_enctype(context, client,
com_err("krb5kdc", retval,
"while decrypting SecurID trackID in "
"verify_securid_data_2 (%s)", user);
- goto cleanup;
+ goto cleanup;
}
if (track_id_data.length < sizeof (struct securid_track_data)) {
retval = KRB5KDC_ERR_PREAUTH_FAILED;
retval = securid_encrypt_track_data_2(context, client, &tmp_data,
&sc2b.sam_track_id);
if (retval) {
- com_err("krb5kdc", retval,
- "while encrypting SecurID track "
- "data for SAM_CHALLENGE_2 (%s)",
- securid_user);
- goto cleanup;
+ com_err("krb5kdc", retval,
+ "while encrypting SecurID track "
+ "data for SAM_CHALLENGE_2 (%s)",
+ securid_user);
+ goto cleanup;
}
retval = securid_make_sam_challenge_2_and_cksum(context, sc2p,
&sc2b,
krb5_error_code retval;
if (db_entry)
- *db_entry = NULL;
+ *db_entry = NULL;
retval = krb5_copy_principal(context, client, &newp);
if (retval) {
com_err("krb5kdc", retval, "copying client name for preauth probe");
probeslot = krb5_princ_size(context, newp)++;
ptr = realloc(krb5_princ_name(context, newp),
krb5_princ_size(context, newp) * sizeof(krb5_data));
- if (ptr == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- krb5_princ_name(context, newp) = ptr;
+ if (ptr == NULL) {
+ retval = ENOMEM;
+ goto cleanup;
+ }
+ krb5_princ_name(context, newp) = ptr;
- for(sam_ptr = sam_inst_map; sam_ptr->name; sam_ptr++) {
- if (*sam_type && *sam_type != sam_ptr->sam_type)
- continue;
+ for(sam_ptr = sam_inst_map; sam_ptr->name; sam_ptr++) {
+ if (*sam_type && *sam_type != sam_ptr->sam_type)
+ continue;
- krb5_princ_component(context,newp,probeslot)->data = sam_ptr->name;
- krb5_princ_component(context,newp,probeslot)->length =
- strlen(sam_ptr->name);
- retval = krb5_db_get_principal(context, newp, 0, &assoc);
- if (!retval)
- break;
- }
+ krb5_princ_component(context,newp,probeslot)->data = sam_ptr->name;
+ krb5_princ_component(context,newp,probeslot)->length =
+ strlen(sam_ptr->name);
+ retval = krb5_db_get_principal(context, newp, 0, &assoc);
+ if (!retval)
+ break;
+ }
cleanup:
- if (ptr) {
- krb5_princ_component(context,newp,probeslot)->data = 0;
- krb5_princ_component(context,newp,probeslot)->length = 0;
- krb5_free_principal(context, newp);
- }
- if (probeslot)
- krb5_princ_size(context, newp)--;
- if (retval)
- return retval;
- if (sam_ptr->sam_type) {
- /* Found entry of type sam_ptr->sam_type */
- if (sam_type)
- *sam_type = sam_ptr->sam_type;
- if (db_entry)
- *db_entry = assoc;
- else
- krb5_db_free_principal(context, assoc);
- return 0;
- } else {
- return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
- }
+ if (ptr) {
+ krb5_princ_component(context,newp,probeslot)->data = 0;
+ krb5_princ_component(context,newp,probeslot)->length = 0;
+ krb5_free_principal(context, newp);
+ }
+ if (probeslot)
+ krb5_princ_size(context, newp)--;
+ if (retval)
+ return retval;
+ if (sam_ptr->sam_type) {
+ /* Found entry of type sam_ptr->sam_type */
+ if (sam_type)
+ *sam_type = sam_ptr->sam_type;
+ if (db_entry)
+ *db_entry = assoc;
+ else
+ krb5_db_free_principal(context, assoc);
+ return 0;
+ } else {
+ return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+ }
}
static krb5_error_code
break;
}
- /*
- * It is up to the method-specific verify routine to set the ticket flags to
- * indicate TKT_FLG_HW_AUTH and/or TKT_FLG_PRE_AUTH. Some methods may
- * require more than one round of dialog with the client and must return
- * successfully from their verify routine. If does not set the TGT flags,
- * the required_preauth conditions will not be met and it will try again to
- * get enough preauth data from the client. Do not set TGT flags here.
- */
+ /*
+ * It is up to the method-specific verify routine to set the
+ * ticket flags to indicate TKT_FLG_HW_AUTH and/or
+ * TKT_FLG_PRE_AUTH. Some methods may require more than one round
+ * of dialog with the client and must return successfully from
+ * their verify routine. If does not set the TGT flags, the
+ * required_preauth conditions will not be met and it will try
+ * again to get enough preauth data from the client. Do not set
+ * TGT flags here.
+ */
cleanup:
/*
* Note that e_data is an output even in error conditions. If we
*/
krb5_error_code
sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa,
- krb5_address **dest)
+ krb5_address **dest)
{
krb5_address addr;
addr.magic = KV5M_ADDRESS;
if (family == AF_INET) {
- struct sockaddr_in *sa4 = (struct sockaddr_in *) sa;
- addr.addrtype = ADDRTYPE_INET;
- addr.length = sizeof(sa4->sin_addr);
- addr.contents = (krb5_octet *) &sa4->sin_addr;
+ struct sockaddr_in *sa4 = (struct sockaddr_in *) sa;
+ addr.addrtype = ADDRTYPE_INET;
+ addr.length = sizeof(sa4->sin_addr);
+ addr.contents = (krb5_octet *) &sa4->sin_addr;
} else if (family == AF_INET6) {
- struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) sa;
+ struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) sa;
if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
addr.addrtype = ADDRTYPE_INET;
addr.contents = (krb5_octet *) &sa6->sin6_addr + 12;
addr.length = 4;
} else {
- addr.addrtype = ADDRTYPE_INET6;
- addr.length = sizeof(sa6->sin6_addr);
- addr.contents = (krb5_octet *) &sa6->sin6_addr;
- }
+ addr.addrtype = ADDRTYPE_INET6;
+ addr.length = sizeof(sa6->sin6_addr);
+ addr.contents = (krb5_octet *) &sa6->sin6_addr;
+ }
} else
- return KRB5_PROG_ATYPE_NOSUPP;
+ return KRB5_PROG_ATYPE_NOSUPP;
return krb5_copy_addr(context, &addr, dest);
}
/* Acquire the krb5 objects we need. */
ret = krb5_init_context(&context);
if (ret)
- exit_kerr(NULL, "krb5_init_context", ret);
+ exit_kerr(NULL, "krb5_init_context", ret);
ret = krb5_cc_default(context, &cc);
if (ret)
- exit_kerr(context, "krb5_cc_default", ret);
+ exit_kerr(context, "krb5_cc_default", ret);
ret = krb5_kt_default(context, &kt);
if (ret)
- exit_kerr(context, "krb5_kt_default", ret);
+ exit_kerr(context, "krb5_kt_default", ret);
if (argc >= 3) {
- ret = krb5_parse_name(context, argv[2], &princ);
- if (ret)
- exit_kerr(context, "krb5_parse_name", ret);
+ ret = krb5_parse_name(context, argv[2], &princ);
+ if (ret)
+ exit_kerr(context, "krb5_parse_name", ret);
}
/* Get initiator cred. */
static OM_uint32
initAcceptSecContext(OM_uint32 *minor,
- gss_name_t target_name,
+ gss_name_t target_name,
gss_cred_id_t verifier_cred_handle)
{
OM_uint32 major;
r->start_time = now ();
for (i = 0; i < iter_count; i++) {
- err = krb5_init_context(&ctx);
- if (err) {
- com_err(prog, err, "initializing krb5 context");
- exit(1);
- }
- krb5_free_context(ctx);
+ err = krb5_init_context(&ctx);
+ if (err) {
+ com_err(prog, err, "initializing krb5 context");
+ exit(1);
+ }
+ krb5_free_context(ctx);
}
r->end_time = now ();
}
err = krb5_init_context(&ctx);
if (err) {
- com_err(prog, err, "initializing krb5 context");
- exit(1);
+ com_err(prog, err, "initializing krb5 context");
+ exit(1);
}
err = krb5_get_profile(ctx, &prof);
if (err) {
- com_err(prog, err, "fetching profile from context");
- exit(1);
+ com_err(prog, err, "fetching profile from context");
+ exit(1);
}
r->start_time = now ();
for (i = 0; i < iter_count; i++) {
- int ival;
- err = profile_get_integer(prof, "one", "two", "three", 42, &ival);
- if (err) {
- com_err(prog, err, "fetching value from profile");
- exit(1);
- }
+ int ival;
+ err = profile_get_integer(prof, "one", "two", "three", 42, &ival);
+ if (err) {
+ com_err(prog, err, "fetching value from profile");
+ exit(1);
+ }
}
r->end_time = now ();
profile_release (prof);
if (!GSS_ERROR(major))
return;
fprintf(stderr, "t_kgss_kernel: %s: major %u, minor %u\n", fn, major,
- minor);
+ minor);
/* libkgss doesn't have gss_display_status. */
exit(1);
}
buf.value = "kernelwrap";
buf.length = 10;
major = krb5_gss_wrap(&minor, ctx, 1, GSS_C_QOP_DEFAULT, &buf, NULL,
- &wrapped);
+ &wrapped);
check(major, minor, "krb5_gss_wrap");
send_data(STDOUT_FILENO, wrapped.value, wrapped.length);
free(wrapped.value);
char **v;
for (v = values; *v; v++)
- free(*v);
+ free(*v);
free(values);
}
assert(cbdata == &full_cbdata);
*ret_values = calloc(2, sizeof(*ret_values));
if (names[0] == name_string)
- (*ret_values)[0] = strdup("string result");
+ (*ret_values)[0] = strdup("string result");
else if (names[0] == name_int)
- (*ret_values)[0] = strdup("23");
+ (*ret_values)[0] = strdup("23");
else if (names[0] == name_bool)
- (*ret_values)[0] = strdup("on");
+ (*ret_values)[0] = strdup("on");
else {
- free(*ret_values);
- return PROF_NO_RELATION;
+ free(*ret_values);
+ return PROF_NO_RELATION;
}
(*ret_values)[1] = NULL;
return 0;
static long
full_iterator_create(void *cbdata, const char *const *names, int flags,
- void **ret_iter)
+ void **ret_iter)
{
struct iterator *iter;
assert(cbdata == &full_cbdata);
assert(iter->count >= 0 && iter->count <= 2);
if (iter->count == 0) {
- *ret_name = strdup("name1");
- *ret_value = strdup("value1");
+ *ret_name = strdup("name1");
+ *ret_value = strdup("value1");
} else if (iter->count == 1) {
- *ret_name = strdup("name2");
- *ret_value = NULL;
+ *ret_name = strdup("name2");
+ *ret_value = NULL;
} else {
- *ret_name = NULL;
- *ret_value = NULL;
+ *ret_name = NULL;
+ *ret_value = NULL;
}
iter->count++;
return 0;
full_iterator_free(void *cbdata, void *iter_arg)
{
struct iterator *iter = iter_arg;
-
+
assert(cbdata == &full_cbdata);
assert(iter->count == 3);
free(iter);
static long
full_update_relation(void *cbdata, const char **names,
- const char *old_value, const char *new_value)
+ const char *old_value, const char *new_value)
{
assert(cbdata == &full_cbdata);
assert(names == empty_names);
assert(values[2] == NULL);
profile_free_list(values);
assert(profile_iterator_create(profile, NULL, 0, &iter) ==
- PROF_UNSUPPORTED);
+ PROF_UNSUPPORTED);
assert(profile_is_writable(profile, &intval) == 0);
assert(intval == 0);
assert(profile_is_modified(profile, &intval) == 0);
assert(intval == 0);
assert(profile_update_relation(profile, NULL, NULL, NULL) ==
- PROF_UNSUPPORTED);
+ PROF_UNSUPPORTED);
assert(profile_clear_relation(profile, NULL) == PROF_UNSUPPORTED);
assert(profile_rename_section(profile, NULL, NULL) == PROF_UNSUPPORTED);
assert(profile_add_relation(profile, NULL, NULL) == PROF_UNSUPPORTED);
assert(profile_init_vtable(&full_vtable, &full_cbdata, &profile) == 0);
assert(profile_get_string(profile, name_string, NULL, NULL, "wrong",
- &str) == 0);
+ &str) == 0);
assert(strcmp(str, "string result") == 0);
profile_release_string(str);
assert(profile_get_integer(profile, name_int, NULL, NULL, 24,
- &intval) == 0);
+ &intval) == 0);
assert(intval == 23);
assert(profile_get_boolean(profile, name_bool, NULL, NULL, 0,
- &intval) == 0);
+ &intval) == 0);
assert(intval == 1);
assert(profile_get_integer(profile, "xxx", NULL, NULL, 62, &intval) == 0);
assert(intval == 62);
assert(profile_is_modified(profile, &intval) == 0);
assert(intval == 6);
assert(profile_update_relation(profile, empty_names, name_string,
- NULL) == 0);
+ NULL) == 0);
assert(profile_clear_relation(profile, empty_names) == 0);
assert(profile_rename_section(profile, empty_names, name_int) == 0);
assert(profile_add_relation(profile, empty_names, name_bool) == 0);
char **v;
for (v = values; *v; v++)
- free(*v);
+ free(*v);
free(values);
}
long
profile_module_init(const char *residual, struct profile_vtable *vtable,
- void **cb_ret);
+ void **cb_ret);
long
profile_module_init(const char *residual, struct profile_vtable *vtable,
- void **cb_ret)
+ void **cb_ret)
{
struct data *d;
slash = strrchr(path, '/');
backslash = strrchr(path, '\\');
if (slash != NULL && backslash != NULL)
- return (slash > backslash) ? slash : backslash;
+ return (slash > backslash) ? slash : backslash;
else
- return (slash != NULL) ? slash : backslash;
+ return (slash != NULL) ? slash : backslash;
#else
return strrchr(path, '/');
#endif
char *parent = NULL, *basename = NULL;
if (parent_out != NULL)
- *parent_out = NULL;
+ *parent_out = NULL;
if (basename_out != NULL)
- *basename_out = NULL;
+ *basename_out = NULL;
pathstart = path;
#ifdef WINDOWS_PATHS
if (*path != '\0' && path[1] == ':')
- pathstart = path + 2;
+ pathstart = path + 2;
#endif
sep = find_sep(pathstart);
if (sep != NULL) {
- bstart = sep + 1;
- /* Strip off excess separators before the one we found. */
- pend = sep;
- while (pend > pathstart && IS_SEPARATOR(pend[-1]))
- pend--;
- /* But if we hit the start, keep the whole separator sequence. */
- if (pend == pathstart)
- pend = sep + 1;
+ bstart = sep + 1;
+ /* Strip off excess separators before the one we found. */
+ pend = sep;
+ while (pend > pathstart && IS_SEPARATOR(pend[-1]))
+ pend--;
+ /* But if we hit the start, keep the whole separator sequence. */
+ if (pend == pathstart)
+ pend = sep + 1;
} else {
- bstart = pathstart;
- pend = pathstart;
+ bstart = pathstart;
+ pend = pathstart;
}
if (parent_out) {
- parent = malloc(pend - path + 1);
- if (parent == NULL)
- return ENOMEM;
- memcpy(parent, path, pend - path);
- parent[pend - path] = '\0';
+ parent = malloc(pend - path + 1);
+ if (parent == NULL)
+ return ENOMEM;
+ memcpy(parent, path, pend - path);
+ parent[pend - path] = '\0';
}
if (basename_out) {
- basename = strdup(bstart);
- if (basename == NULL) {
- free(parent);
- return ENOMEM;
- }
+ basename = strdup(bstart);
+ if (basename == NULL) {
+ free(parent);
+ return ENOMEM;
+ }
}
if (parent_out)
- *parent_out = parent;
+ *parent_out = parent;
if (basename_out)
- *basename_out = basename;
+ *basename_out = basename;
return 0;
}
*path_out = NULL;
if (k5_path_isabs(path2) || *path1 == '\0') {
- /* Discard path1 and return a copy of path2. */
- path = strdup(path2);
- if (path == NULL)
- return ENOMEM;
+ /* Discard path1 and return a copy of path2. */
+ path = strdup(path2);
+ if (path == NULL)
+ return ENOMEM;
} else {
- /*
- * Compose path1 and path2, adding a separator if path1 is non-empty
- * there's no separator between them already. (*path2 can be a
- * separator in the weird case where it starts with /: or \: on
- * Windows, and Python doesn't insert a separator in this case.)
- */
- c = path1[strlen(path1) - 1];
- if (IS_SEPARATOR(c) || IS_SEPARATOR(*path2))
- ret = asprintf(&path, "%s%s", path1, path2);
- else
- ret = asprintf(&path, "%s%c%s", path1, SEP, path2);
- if (ret < 0)
- return ENOMEM;
+ /*
+ * Compose path1 and path2, adding a separator if path1 is non-empty
+ * there's no separator between them already. (*path2 can be a
+ * separator in the weird case where it starts with /: or \: on
+ * Windows, and Python doesn't insert a separator in this case.)
+ */
+ c = path1[strlen(path1) - 1];
+ if (IS_SEPARATOR(c) || IS_SEPARATOR(*path2))
+ ret = asprintf(&path, "%s%s", path1, path2);
+ else
+ ret = asprintf(&path, "%s%c%s", path1, SEP, path2);
+ if (ret < 0)
+ return ENOMEM;
}
*path_out = path;
return 0;
{
#ifdef WINDOWS_PATHS
if (*path != '\0' && path[1] == ':')
- path += 2;
+ path += 2;
return (*path == '/' || *path == '\\');
#else
return (*path == '/');
__progname, optopt);
return (BADCH);
}
- else /* white space */
+ else /* white space */
optarg = nargv[optind];
place = EMSG;
++optind;