+2000-06-29 Ezra Peisach <epeisach@engrailed.mit.edu>
+
+ * t_walk_rtree.c (main): Declare as returning int.
+
+ * get_in_tkt.c (_krb5_conf_boolean): Declare as taking a const char *
+
+ * str_conv.c (krb5_timestamp_to_string): Work around gcc's warning
+ that %c format in strftime might return only two digits for the
+ year.
+
+ * mk_safe.c, rd_rep.c, send_tgs.c: Remove unused goto label.
+
+ * kdc_rep_dc.c (krb5_kdc_rep_decrypt_proc): Remove code with no
+ effect.
+
+ * init_ctx.c: Make krb5_brand[] look used.
+
+ * chpw.c, decode_kdc.c, decrypt_tk.c, enc_helper.c, get_creds.c,
+ get_in_tkt.c, gic_keytab.c, gic_pwd.c, preauth2.c, vfy_increds.c:
+ Add parentheses around assignment used as truth value
+
2000-06-28 Ezra Peisach <epeisach@mit.edu>
* conv_princ.c, get_creds.c, get_in_tkt.c, mk_rep.c, parse.c,
cipherpw.data = NULL;
- if (ret = krb5_auth_con_setflags(context, auth_context,
- KRB5_AUTH_CONTEXT_DO_SEQUENCE))
+ if ((ret = krb5_auth_con_setflags(context, auth_context,
+ KRB5_AUTH_CONTEXT_DO_SEQUENCE)))
goto cleanup;
clearpw.length = strlen(passwd);
clearpw.data = passwd;
- if (ret = krb5_mk_priv(context, auth_context,
- &clearpw, &cipherpw, &replay))
+ if ((ret = krb5_mk_priv(context, auth_context,
+ &clearpw, &cipherpw, &replay)))
goto cleanup;
packet->length = 6 + ap_req->length + cipherpw.length;
ap_rep.data = ptr;
ptr += ap_rep.length;
- if (ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc))
+ if ((ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc)))
return(ret);
krb5_free_ap_rep_enc_part(context, ap_rep_enc);
cipherresult.data = ptr;
cipherresult.length = (packet->data + packet->length) - ptr;
- if (ret = krb5_rd_error(context, &cipherresult, &krberror))
+ if ((ret = krb5_rd_error(context, &cipherresult, &krberror)))
return(ret);
clearresult = krberror->e_data;
if (retval)
return retval;
- if (retval = krb5_kdc_rep_decrypt_proc(context, key, &usage,
- local_dec_rep))
+ if ((retval = krb5_kdc_rep_decrypt_proc(context, key, &usage,
+ local_dec_rep)))
krb5_free_kdc_rep(context, local_dec_rep);
else
*dec_rep = local_dec_rep;
return(ENOMEM);
/* call the encryption routine */
- if (retval = krb5_c_decrypt(context, srv_key,
+ if ((retval = krb5_c_decrypt(context, srv_key,
KRB5_KEYUSAGE_KDC_REP_TICKET, 0,
- &ticket->enc_part, &scratch)) {
+ &ticket->enc_part, &scratch))) {
free(scratch.data);
return retval;
}
krb5_error_code ret;
size_t enclen;
- if (ret = krb5_c_encrypt_length(context, key->enctype, plain->length,
- &enclen))
+ if ((ret = krb5_c_encrypt_length(context, key->enctype, plain->length,
+ &enclen)))
return(ret);
cipher->ciphertext.length = enclen;
in the library, so I'm going to manipulate the data structures
directly, otherwise, it will be worse. */
- if (ret = krb5_parse_name(context, in_tkt_service, &in_creds.server))
+ if ((ret = krb5_parse_name(context, in_tkt_service, &in_creds.server)))
goto cleanup;
/* stuff the client realm into the server principal.
memcpy(in_creds.server->realm.data, in_creds.client->realm.data,
in_creds.client->realm.length);
} else {
- if (ret = krb5_build_principal_ext(context, &in_creds.server,
+ if ((ret = krb5_build_principal_ext(context, &in_creds.server,
in_creds.client->realm.length,
in_creds.client->realm.data,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
in_creds.client->realm.length,
in_creds.client->realm.data,
- 0))
+ 0)))
goto cleanup;
}
server = NULL;
if (!creds->client)
- if (retval = krb5_copy_principal(context, as_reply->client, &client))
+ if ((retval = krb5_copy_principal(context, as_reply->client, &client)))
goto cleanup;
if (!creds->server)
- if (retval = krb5_copy_principal(context, as_reply->enc_part2->server,
- &server))
+ if ((retval = krb5_copy_principal(context, as_reply->enc_part2->server,
+ &server)))
goto cleanup;
/* fill in the credentials */
int
_krb5_conf_boolean(s)
- char *s;
+ const char *s;
{
char **p;
} else if ((ret = krb5_libdefault_string(context, &client->realm,
"renew_lifetime", &tempstr))
== 0) {
- if (ret = krb5_string_to_deltat(tempstr, &renew_life)) {
+ if ((ret = krb5_string_to_deltat(tempstr, &renew_life))) {
free(tempstr);
goto cleanup;
}
in the library, so I'm going to manipulate the data structures
directly, otherwise, it will be worse. */
- if (ret = krb5_parse_name(context, in_tkt_service, &request.server))
+ if ((ret = krb5_parse_name(context, in_tkt_service, &request.server)))
goto cleanup;
/* stuff the client realm into the server principal.
memcpy(request.server->realm.data, request.client->realm.data,
request.client->realm.length);
} else {
- if (ret = krb5_build_principal_ext(context, &request.server,
+ if ((ret = krb5_build_principal_ext(context, &request.server,
request.client->realm.length,
request.client->realm.data,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
request.client->realm.length,
request.client->realm.data,
- 0))
+ 0)))
goto cleanup;
}
- if (ret = krb5_timeofday(context, &request.from))
+ if ((ret = krb5_timeofday(context, &request.from)))
goto cleanup;
request.from += start_time;
/* set up the other state. */
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)) {
- if (ret = make_preauth_list(context, options->preauth_list,
+ if ((ret = make_preauth_list(context, options->preauth_list,
options->preauth_list_length,
- &padata))
+ &padata)))
goto cleanup;
}
request.padata = NULL;
}
- if (ret = krb5_do_preauth(context, &request,
+ if ((ret = krb5_do_preauth(context, &request,
padata, &request.padata,
&salt, &etype, &as_key, prompter,
- prompter_data, gak_fct, gak_data))
+ prompter_data, gak_fct, gak_data)))
goto cleanup;
if (padata) {
/* process any preauth data in the as_reply */
- if (ret = krb5_do_preauth(context, &request,
- local_as_reply->padata, &padata,
- &salt, &etype, &as_key, prompter,
- prompter_data, gak_fct, gak_data))
+ if ((ret = krb5_do_preauth(context, &request,
+ local_as_reply->padata, &padata,
+ &salt, &etype, &as_key, prompter,
+ prompter_data, gak_fct, gak_data)))
goto cleanup;
/* XXX if there's padata on output, something is wrong, but it's
if (ret) {
/* if we haven't get gotten a key, get it now */
- if (ret = ((*gak_fct)(context, request.client,
- local_as_reply->enc_part.enctype,
- prompter, prompter_data, &salt,
- &as_key, gak_data)))
+ if ((ret = ((*gak_fct)(context, request.client,
+ local_as_reply->enc_part.enctype,
+ prompter, prompter_data, &salt,
+ &as_key, gak_data))))
goto cleanup;
- if (ret = decrypt_as_reply(context, NULL, local_as_reply, NULL,
- NULL, &as_key, krb5_kdc_rep_decrypt_proc,
- NULL))
+ if ((ret = decrypt_as_reply(context, NULL, local_as_reply, NULL,
+ NULL, &as_key, krb5_kdc_rep_decrypt_proc,
+ NULL)))
goto cleanup;
}
- if (ret = verify_as_reply(context, time_now, &request, local_as_reply))
+ if ((ret = verify_as_reply(context, time_now, &request, local_as_reply)))
goto cleanup;
/* XXX this should be inside stash_as_reply, but as long as
do that */
memset(creds, 0, sizeof(*creds));
- if (ret = stash_as_reply(context, time_now, &request, local_as_reply,
- creds, NULL))
+ if ((ret = stash_as_reply(context, time_now, &request, local_as_reply,
+ creds, NULL)))
goto cleanup;
/* success */
krb5_keytab keytab;
if (arg_keytab == NULL) {
- if (ret = krb5_kt_default(context, &keytab))
- return ret;
+ if ((ret = krb5_kt_default(context, &keytab)))
+ return ret;
} else {
keytab = arg_keytab;
}
/* PROMPTER_INVOCATION */
krb5int_set_prompt_types(context, &prompt_type);
- if (ret = (((*prompter)(context, prompter_data, NULL, NULL,
- 1, &prompt)))) {
+ if ((ret = (((*prompter)(context, prompter_data, NULL, NULL,
+ 1, &prompt))))) {
krb5int_set_prompt_types(context, 0);
return(ret);
}
/* PROMPTER_INVOCATION */
krb5int_set_prompt_types(context, prompt_types);
- if (ret = ((*prompter)(context, data, 0, banner,
- sizeof(prompt)/sizeof(prompt[0]), prompt)))
+ if ((ret = ((*prompter)(context, data, 0, banner,
+ sizeof(prompt)/sizeof(prompt[0]), prompt))))
goto cleanup;
krb5int_set_prompt_types(context, 0);
krb5_init_context(context)
krb5_context *context;
{
+
return init_common (context, FALSE);
}
krb5_init_secure_context(context)
krb5_context *context;
{
+
+ /* This is to make gcc -Wall happy */
+ if(0) krb5_brand[0] = krb5_brand[0];
return init_common (context, TRUE);
}
return(ENOMEM);
}
- dec_rep->enc_part.enctype;
+ /*dec_rep->enc_part.enctype;*/
if ((retval = krb5_c_decrypt(context, key, usage, 0, &dec_rep->enc_part,
&scratch))) {
cleanup_checksum:
krb5_xfree(safe_checksum.contents);
-cleanup_scratch:
memset((char *)scratch1->data, 0, scratch1->length);
krb5_free_data(context, scratch1);
return retval;
fprintf (stderr, "; *etype=%d request->ktype[0]=%d\n",
*etype, request->ktype[0]);
#endif
- if (ret = ((*gak_fct)(context, request->client,
- *etype ? *etype : request->ktype[0],
- prompter, prompter_data,
- salt, as_key, gak_data)))
+ if ((ret = ((*gak_fct)(context, request->client,
+ *etype ? *etype : request->ktype[0],
+ prompter, prompter_data,
+ salt, as_key, gak_data))))
return(ret);
}
/* now get the time of day, and encrypt it accordingly */
- if (ret = krb5_us_timeofday(context, &pa_enc.patimestamp, &pa_enc.pausec))
+ if ((ret = krb5_us_timeofday(context, &pa_enc.patimestamp, &pa_enc.pausec)))
return(ret);
- if (ret = encode_krb5_pa_enc_ts(&pa_enc, &tmp))
+ if ((ret = encode_krb5_pa_enc_ts(&pa_enc, &tmp)))
return(ret);
#ifdef DEBUG
tmpsam.length = in_padata->length;
tmpsam.data = (char *) in_padata->contents;
- if (ret = decode_krb5_sam_challenge(&tmpsam, &sam_challenge))
+ if ((ret = decode_krb5_sam_challenge(&tmpsam, &sam_challenge)))
return(ret);
if (sam_challenge->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) {
/* PROMPTER_INVOCATION */
krb5int_set_prompt_types(context, &prompt_type);
- if (ret = ((*prompter)(context, prompter_data, name,
- banner, 1, &kprompt))) {
+ if ((ret = ((*prompter)(context, prompter_data, name,
+ banner, 1, &kprompt)))) {
krb5_xfree(sam_challenge);
krb5int_set_prompt_types(context, 0);
return(ret);
enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce;
if (sam_challenge->sam_nonce == 0) {
- if (ret = krb5_us_timeofday(context,
+ if ((ret = krb5_us_timeofday(context,
&enc_sam_response_enc.sam_timestamp,
- &enc_sam_response_enc.sam_usec)) {
+ &enc_sam_response_enc.sam_usec))) {
krb5_xfree(sam_challenge);
return(ret);
}
/* generate a salt using the requested principal */
if ((salt->length == -1) && (salt->data == NULL)) {
- if (ret = krb5_principal2salt(context, request->client,
- &defsalt)) {
+ if ((ret = krb5_principal2salt(context, request->client,
+ &defsalt))) {
krb5_xfree(sam_challenge);
return(ret);
}
krb5_xfree(sam_challenge);
/* encode the encoded part of the response */
- if (ret = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc,
- &scratch))
+ if ((ret = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc,
+ &scratch)))
return(ret);
ret = krb5_encrypt_data(context, as_key, 0, scratch,
if ((pa = malloc(sizeof(krb5_pa_data))) == NULL)
return(ENOMEM);
- if (ret = encode_krb5_sam_response(&sam_response, &scratch)) {
+ if ((ret = encode_krb5_sam_response(&sam_response, &scratch))) {
free(pa);
return(ret);
}
(pa_types[j].flags & paorder[h])) {
out_pa = NULL;
- if (ret = ((*pa_types[j].fct)(context, request,
- in_padata[i], &out_pa,
- salt, etype, as_key,
- prompter, prompter_data,
- gak_fct, gak_data))) {
+ if ((ret = ((*pa_types[j].fct)(context, request,
+ in_padata[i], &out_pa,
+ salt, etype, as_key,
+ prompter, prompter_data,
+ gak_fct, gak_data)))) {
if (out_pa_list) {
out_pa_list[out_pa_list_size++] = NULL;
krb5_free_pa_data(context, out_pa_list);
clean_scratch:
memset(scratch.data, 0, scratch.length);
-errout:
+
krb5_free_ap_rep(context, reply);
free(scratch.data);
return retval;
*outbuf = *toutbuf;
krb5_xfree(toutbuf);
-cleanup:
+
memset(request.authenticator.ciphertext.data, 0,
request.authenticator.ciphertext.length);
free(request.authenticator.ciphertext.data);
memset(scratch->data, 0, scratch->length);
free(scratch->data);
-cleanup_scratch:
free(scratch);
return retval;
/* now send request & get response from KDC */
retval = krb5_sendto_kdc(context, scratch,
krb5_princ_realm(context, sname),
- &rep->response, NULL);
+ &rep->response, 0);
krb5_free_data(context, scratch);
if (retval == 0) {
{
int ret;
time_t timestamp2 = timestamp;
+ const char *fmt = "%c"; /* This is to get around gcc -Wall warning that
+ the year returned might be two digits */
- ret = strftime(buffer, buflen, "%c", localtime(×tamp2));
+ ret = strftime(buffer, buflen, fmt, localtime(×tamp2));
if (ret == 0 || ret == buflen)
return(ENOMEM);
return(0);
#include <stdio.h>
#include "com_err.h"
+int
main(argc, argv)
int argc;
char **argv;
retval = krb5_walk_realm_tree(context, &client, &server, &tree,
realm_branch_char);
if (retval) {
- com_err("krb5_walk_realm_tree", retval, "");
+ com_err("krb5_walk_realm_tree", retval, " ");
exit(1);
}
for (p = tree; *p; p++) {
retval = krb5_unparse_name(context, *p, &name);
if (retval) {
- com_err("krb5_unprase_name", retval, "");
+ com_err("krb5_unprase_name", retval, " ");
exit(2);
}
printf("%s\n", name);
if (server_arg) {
server = server_arg;
} else {
- if (ret = krb5_sname_to_principal(context, NULL, NULL,
- KRB5_NT_SRV_HST, &server))
+ if ((ret = krb5_sname_to_principal(context, NULL, NULL,
+ KRB5_NT_SRV_HST, &server)))
goto cleanup;
}
if (keytab_arg) {
keytab = keytab_arg;
} else {
- if (ret = krb5_kt_default(context, &keytab))
+ if ((ret = krb5_kt_default(context, &keytab)))
goto cleanup;
}
- if (ret = krb5_kt_get_entry(context, keytab, server, 0, 0, &kte)) {
+ if ((ret = krb5_kt_get_entry(context, keytab, server, 0, 0, &kte))) {
/* this means there is no keying material. This is ok, as long as
it is not prohibited by the configuration */
if (krb5_principal_compare(context, server, creds->server)) {
/* make an ap_req */
- if (ret = krb5_mk_req_extended(context, &authcon, 0, NULL, creds,
- &ap_req))
+ if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, creds,
+ &ap_req)))
goto cleanup;
} else {
/* this is unclean, but it's the easiest way without ripping the
/* insert the initial cred into the ccache */
- if (ret = krb5_cc_resolve(context, "MEMORY:rd_req", &ccache))
+ if ((ret = krb5_cc_resolve(context, "MEMORY:rd_req", &ccache)))
goto cleanup;
- if (ret = krb5_cc_initialize(context, ccache, creds->client))
+ if ((ret = krb5_cc_initialize(context, ccache, creds->client)))
goto cleanup;
- if (ret = krb5_cc_store_cred(context, ccache, creds))
+ if ((ret = krb5_cc_store_cred(context, ccache, creds)))
goto cleanup;
/* set up for get_creds */
memset(&in_creds, 0, sizeof(in_creds));
in_creds.client = creds->client;
in_creds.server = server;
- if (ret = krb5_timeofday(context, &in_creds.times.endtime))
+ if ((ret = krb5_timeofday(context, &in_creds.times.endtime)))
goto cleanup;
in_creds.times.endtime += 5*60;
- if (ret = krb5_get_credentials(context, 0, ccache, &in_creds,
- &out_creds))
+ if ((ret = krb5_get_credentials(context, 0, ccache, &in_creds,
+ &out_creds)))
goto cleanup;
/* make an ap_req */
- if (ret = krb5_mk_req_extended(context, &authcon, 0, NULL, out_creds,
- &ap_req))
+ if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, out_creds,
+ &ap_req)))
goto cleanup;
}
/* verify the ap_req */
- if (ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab,
- NULL, NULL))
+ if ((ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab,
+ NULL, NULL)))
goto cleanup;
/* if we get this far, then the verification succeeded. We can
projects / krb5.git / commitdiff