Untabify. Normalize whitespace. Reindent. Fix some of the most
authorTom Yu <tlyu@mit.edu>
Wed, 15 Oct 2008 21:58:43 +0000 (21:58 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 15 Oct 2008 21:58:43 +0000 (21:58 +0000)
egregious formatting quirks.  Add emacs mode settings to flag
untabified source files.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970

66 files changed:
src/lib/gssapi/generic/disp_com_err_status.c
src/lib/gssapi/generic/disp_major_status.c
src/lib/gssapi/generic/gssapi.hin
src/lib/gssapi/generic/gssapiP_generic.h
src/lib/gssapi/generic/gssapi_generic.c
src/lib/gssapi/generic/gssapi_generic.h
src/lib/gssapi/generic/maptest.c
src/lib/gssapi/generic/rel_buffer.c
src/lib/gssapi/generic/rel_oid_set.c
src/lib/gssapi/generic/util_buffer.c
src/lib/gssapi/generic/util_canonhost.c
src/lib/gssapi/generic/util_errmap.c
src/lib/gssapi/generic/util_localhost.c
src/lib/gssapi/generic/util_ordering.c
src/lib/gssapi/generic/util_set.c
src/lib/gssapi/generic/util_token.c
src/lib/gssapi/generic/util_validate.c
src/lib/gssapi/generic/utl_nohash_validate.c
src/lib/gssapi/gss_libinit.c
src/lib/gssapi/gss_libinit.h
src/lib/gssapi/krb5/accept_sec_context.c
src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/add_cred.c
src/lib/gssapi/krb5/canon_name.c
src/lib/gssapi/krb5/compare_name.c
src/lib/gssapi/krb5/context_time.c
src/lib/gssapi/krb5/copy_ccache.c
src/lib/gssapi/krb5/delete_sec_context.c
src/lib/gssapi/krb5/disp_name.c
src/lib/gssapi/krb5/disp_status.c
src/lib/gssapi/krb5/duplicate_name.c
src/lib/gssapi/krb5/export_name.c
src/lib/gssapi/krb5/export_sec_context.c
src/lib/gssapi/krb5/get_tkt_flags.c
src/lib/gssapi/krb5/gssapiP_krb5.h
src/lib/gssapi/krb5/gssapi_krb5.c
src/lib/gssapi/krb5/gssapi_krb5.hin
src/lib/gssapi/krb5/import_name.c
src/lib/gssapi/krb5/import_sec_context.c
src/lib/gssapi/krb5/indicate_mechs.c
src/lib/gssapi/krb5/init_sec_context.c
src/lib/gssapi/krb5/inq_context.c
src/lib/gssapi/krb5/inq_cred.c
src/lib/gssapi/krb5/inq_names.c
src/lib/gssapi/krb5/k5seal.c
src/lib/gssapi/krb5/k5sealv3.c
src/lib/gssapi/krb5/k5unseal.c
src/lib/gssapi/krb5/krb5_gss_glue.c
src/lib/gssapi/krb5/lucid_context.c
src/lib/gssapi/krb5/process_context_token.c
src/lib/gssapi/krb5/rel_cred.c
src/lib/gssapi/krb5/rel_name.c
src/lib/gssapi/krb5/rel_oid.c
src/lib/gssapi/krb5/seal.c
src/lib/gssapi/krb5/ser_sctx.c
src/lib/gssapi/krb5/set_allowable_enctypes.c
src/lib/gssapi/krb5/set_ccache.c
src/lib/gssapi/krb5/sign.c
src/lib/gssapi/krb5/unseal.c
src/lib/gssapi/krb5/util_cksum.c
src/lib/gssapi/krb5/util_crypt.c
src/lib/gssapi/krb5/util_seed.c
src/lib/gssapi/krb5/util_seqnum.c
src/lib/gssapi/krb5/val_cred.c
src/lib/gssapi/krb5/verify.c
src/lib/gssapi/krb5/wrap_size_limit.c

index c04b67265e242b7ce1a3b9b6453d4e131eb2d376..baf7e703799c91a5f029cdc0958003307d7f3704 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -37,30 +38,30 @@ static const char * const no_error = "No error";
 /**/
 
 /* if status_type == GSS_C_GSS_CODE, return up to three error messages,
-     for routine errors, call error, and status, in that order.
-     message_context == 0 : print the routine error
-     message_context == 1 : print the calling error
-     message_context > 2  : print supplementary info bit (message_context-2)
+   for routine errors, call error, and status, in that order.
+   message_context == 0 : print the routine error
+   message_context == 1 : print the calling error
+   message_context > 2  : print supplementary info bit (message_context-2)
    if status_type == GSS_C_MECH_CODE, return the output from error_message()
-   */
+*/
 
 OM_uint32
 g_display_com_err_status(minor_status, status_value, status_string)
-     OM_uint32 *minor_status;
-     OM_uint32 status_value;
-     gss_buffer_t status_string;
+    OM_uint32 *minor_status;
+    OM_uint32 status_value;
+    gss_buffer_t status_string;
 {
-   status_string->length = 0;
-   status_string->value = NULL;
+    status_string->length = 0;
+    status_string->value = NULL;
 
-   (void) gssint_initialize_library();
+    (void) gssint_initialize_library();
 
-   if (! g_make_string_buffer(((status_value == 0)?no_error:
-                              error_message(status_value)),
-                             status_string)) {
-      *minor_status = ENOMEM;
-      return(GSS_S_FAILURE);
-   }
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
+    if (! g_make_string_buffer(((status_value == 0)?no_error:
+                                error_message(status_value)),
+                               status_string)) {
+        *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
 }
index 0648192a19d35c4e2fc2bc25da1939ae40e324a3..f9ff2814772a7adcb0cb1f5ecbee7c6ac6e743d0 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 /**/
 
 static const char * const calling_error_string[] = {
-   NULL,
-   "A required input parameter could not be read",
-   "A required input parameter could not be written",
-   "A parameter was malformed",
+    NULL,
+    "A required input parameter could not be read",
+    "A required input parameter could not be written",
+    "A parameter was malformed",
 };
+
 static const char * const calling_error = "calling error";
 
 #define GSS_CALLING_ERROR_STR(x) \
    GSS_ERROR_STR((x), calling_error_string, GSS_CALLING_ERROR, \
-                GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \
-                GSS_CALLING_ERROR_FIELD)
+                 GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \
+                 GSS_CALLING_ERROR_FIELD)
 
 /**/
 
 static const char * const routine_error_string[] = {
-   NULL,
-   "An unsupported mechanism was requested",
-   "An invalid name was supplied",
-   "A supplied name was of an unsupported type",
-   "Incorrect channel bindings were supplied",
-   "An invalid status code was supplied",
-   "A token had an invalid signature",
-   "No credentials were supplied",
-   "No context has been established",
-   "A token was invalid",
-   "A credential was invalid",
-   "The referenced credentials have expired",
-   "The context has expired",
-   "Miscellaneous failure",
-   "The quality-of-protection requested could not be provided",
-   "The operation is forbidden by the local security policy",
-   "The operation or option is not available",
-};   
+    NULL,
+    "An unsupported mechanism was requested",
+    "An invalid name was supplied",
+    "A supplied name was of an unsupported type",
+    "Incorrect channel bindings were supplied",
+    "An invalid status code was supplied",
+    "A token had an invalid signature",
+    "No credentials were supplied",
+    "No context has been established",
+    "A token was invalid",
+    "A credential was invalid",
+    "The referenced credentials have expired",
+    "The context has expired",
+    "Miscellaneous failure",
+    "The quality-of-protection requested could not be provided",
+    "The operation is forbidden by the local security policy",
+    "The operation or option is not available",
+};
 
 static const char * const routine_error = "routine error";
 
 #define GSS_ROUTINE_ERROR_STR(x) \
    GSS_ERROR_STR((x), routine_error_string, GSS_ROUTINE_ERROR, \
-                GSS_S_BAD_MECH, GSS_S_FAILURE, \
-                GSS_ROUTINE_ERROR_FIELD)
+                 GSS_S_BAD_MECH, GSS_S_FAILURE, \
+                 GSS_ROUTINE_ERROR_FIELD)
 
 /**/
 
 /* this becomes overly gross after about 4 strings */
 
 static const char * const sinfo_string[] = {
-   "The routine must be called again to complete its function",
-   "The token was a duplicate of an earlier token",
-   "The token's validity period has expired",
-   "A later token has already been processed",
+    "The routine must be called again to complete its function",
+    "The token was a duplicate of an earlier token",
+    "The token's validity period has expired",
+    "A later token has already been processed",
 };
 
 static const char * const sinfo_code = "supplementary info code";
@@ -107,203 +108,203 @@ static const char * const unknown_error = "Unknown %s (field = %d)";
 
 /**/
 
-static int 
+static int
 display_unknown(kind, value, buffer)
-     const char *kind;
-     OM_uint32 value;
-     gss_buffer_t buffer;
+    const char *kind;
+    OM_uint32 value;
+    gss_buffer_t buffer;
 {
-   char *str;
+    char *str;
 
-   if (asprintf(&str, unknown_error, kind, value) < 0)
-       return(0);
+    if (asprintf(&str, unknown_error, kind, value) < 0)
+        return(0);
 
-   buffer->length = strlen(str);
-   buffer->value = str;
+    buffer->length = strlen(str);
+    buffer->value = str;
 
-   return(1);
+    return(1);
 }
 
 /* code should be set to the calling error field */
 
 static OM_uint32 display_calling(minor_status, code, status_string)
-     OM_uint32 *minor_status;
-     OM_uint32 code;
-     gss_buffer_t status_string;
+    OM_uint32 *minor_status;
+    OM_uint32 code;
+    gss_buffer_t status_string;
 {
-   const char *str;
-
-   if ((str = GSS_CALLING_ERROR_STR(code))) {
-      if (! g_make_string_buffer(str, status_string)) {
-        *minor_status = ENOMEM;
-        return(GSS_S_FAILURE);
-      }
-   } else {
-      if (! display_unknown(calling_error, GSS_CALLING_ERROR_FIELD(code),
-                           status_string)) {
-        *minor_status = ENOMEM;
-        return(GSS_S_FAILURE);
-      }
-   }
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
+    const char *str;
+
+    if ((str = GSS_CALLING_ERROR_STR(code))) {
+        if (! g_make_string_buffer(str, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    } else {
+        if (! display_unknown(calling_error, GSS_CALLING_ERROR_FIELD(code),
+                              status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
 }
 
 /* code should be set to the routine error field */
 
 static OM_uint32 display_routine(minor_status, code, status_string)
-     OM_uint32 *minor_status;
-     OM_uint32 code;
-     gss_buffer_t status_string;
+    OM_uint32 *minor_status;
+    OM_uint32 code;
+    gss_buffer_t status_string;
 {
-   const char *str;
-
-   if ((str = GSS_ROUTINE_ERROR_STR(code))) {
-      if (! g_make_string_buffer(str, status_string)) {
-        *minor_status = ENOMEM;
-        return(GSS_S_FAILURE);
-      }
-   } else {
-      if (! display_unknown(routine_error, GSS_ROUTINE_ERROR_FIELD(code),
-                           status_string)) {
-        *minor_status = ENOMEM;
-        return(GSS_S_FAILURE);
-      }
-   }
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
+    const char *str;
+
+    if ((str = GSS_ROUTINE_ERROR_STR(code))) {
+        if (! g_make_string_buffer(str, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    } else {
+        if (! display_unknown(routine_error, GSS_ROUTINE_ERROR_FIELD(code),
+                              status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
 }
 
 /* code should be set to the bit offset (log_2) of a supplementary info bit */
 
 static OM_uint32 display_bit(minor_status, code, status_string)
-     OM_uint32 *minor_status;
-     OM_uint32 code;
-     gss_buffer_t status_string;
+    OM_uint32 *minor_status;
+    OM_uint32 code;
+    gss_buffer_t status_string;
 {
-   const char *str;
-
-   if ((str = GSS_SINFO_STR(code))) {
-      if (! g_make_string_buffer(str, status_string)) {
-        *minor_status = ENOMEM;
-        return(GSS_S_FAILURE);
-      }
-   } else {
-      if (! display_unknown(sinfo_code, 1<<code, status_string)) {
-        *minor_status = ENOMEM;
-        return(GSS_S_FAILURE);
-      }
-   }
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
+    const char *str;
+
+    if ((str = GSS_SINFO_STR(code))) {
+        if (! g_make_string_buffer(str, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    } else {
+        if (! display_unknown(sinfo_code, 1<<code, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
 }
 
 /**/
 
 /* return error messages, for routine errors, call error, and status,
    in that order.
-     message_context == 0 : print the routine error
-     message_context == 1 : print the calling error
-     message_context > 2  : print supplementary info bit (message_context-2)
-     */
-
-OM_uint32 g_display_major_status(minor_status, status_value, 
-                                message_context, status_string)
-     OM_uint32 *minor_status;
-     OM_uint32 status_value;
-     OM_uint32 *message_context;
-     gss_buffer_t status_string;
+   message_context == 0 : print the routine error
+   message_context == 1 : print the calling error
+   message_context > 2  : print supplementary info bit (message_context-2)
+*/
+
+OM_uint32 g_display_major_status(minor_status, status_value,
+                                 message_context, status_string)
+    OM_uint32 *minor_status;
+    OM_uint32 status_value;
+    OM_uint32 *message_context;
+    gss_buffer_t status_string;
 {
-   OM_uint32 ret, tmp;
-   int bit;
-
-   /*** deal with no error at all specially */
-
-   if (status_value == 0) {
-      if (! g_make_string_buffer(no_error, status_string)) {
-        *minor_status = ENOMEM;
-        return(GSS_S_FAILURE);
-      }
-      *message_context = 0;
-      *minor_status = 0;
-      return(GSS_S_COMPLETE);
-   }
-
-   /*** do routine error */
-
-   if (*message_context == 0) {
-      if ((tmp = GSS_ROUTINE_ERROR(status_value))) {
-        status_value -= tmp;
-        if ((ret = display_routine(minor_status, tmp, status_string)))
-           return(ret);
-        *minor_status = 0;
-        if (status_value) {
-           (*message_context)++;
-           return(GSS_S_COMPLETE);
-        } else {
-           *message_context = 0;
-           return(GSS_S_COMPLETE);
-        }
-      } else {
-        (*message_context)++;
-      }
-   } else {
-      status_value -= GSS_ROUTINE_ERROR(status_value);
-   }
-
-   /*** do calling error */
-
-   if (*message_context == 1) {
-      if ((tmp = GSS_CALLING_ERROR(status_value))) {
-        status_value -= tmp;
-        if ((ret = display_calling(minor_status, tmp, status_string)))
-           return(ret);
-        *minor_status = 0;
-        if (status_value) {
-           (*message_context)++;
-           return(GSS_S_COMPLETE);
-        } else {
-           *message_context = 0;
-           return(GSS_S_COMPLETE);
-        }
-      } else {
-        (*message_context)++;
-      }
-   } else {
-      status_value -= GSS_CALLING_ERROR(status_value);
-   }
-
-   /*** do sinfo bits (*message_context == 2 + number of bits done) */
-
-   tmp = GSS_SUPPLEMENTARY_INFO_FIELD(status_value);
-   /* mask off the bits which have been done */
-   if (*message_context > 2) {
-      tmp &= ~LSBMASK(*message_context-3);
-      status_value &= ~LSBMASK(*message_context-3);
-   }
-
-   if (!tmp) {
-      /* bogon input - there should be something left */
-      *minor_status = (OM_uint32) G_BAD_MSG_CTX;
-      return(GSS_S_FAILURE);
-   }
-
-   /* compute the bit offset */
-   /*SUPPRESS 570*/
-   for (bit=0; (((OM_uint32) 1)<<bit) != LSBGET(tmp); bit++) ;
-
-   /* print it */
-   if ((ret = display_bit(minor_status, bit, status_string)))
-      return(ret);
-
-   /* compute the new status_value/message_context */
-   status_value -= ((OM_uint32) 1)<<bit;
-
-   if (status_value) {
-      *message_context = bit+3;
-      return(GSS_S_COMPLETE);
-   } else {
-      *message_context = 0;
-      return(GSS_S_COMPLETE);
-   }
+    OM_uint32 ret, tmp;
+    int bit;
+
+    /*** deal with no error at all specially */
+
+    if (status_value == 0) {
+        if (! g_make_string_buffer(no_error, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+        *message_context = 0;
+        *minor_status = 0;
+        return(GSS_S_COMPLETE);
+    }
+
+    /*** do routine error */
+
+    if (*message_context == 0) {
+        if ((tmp = GSS_ROUTINE_ERROR(status_value))) {
+            status_value -= tmp;
+            if ((ret = display_routine(minor_status, tmp, status_string)))
+                return(ret);
+            *minor_status = 0;
+            if (status_value) {
+                (*message_context)++;
+                return(GSS_S_COMPLETE);
+            } else {
+                *message_context = 0;
+                return(GSS_S_COMPLETE);
+            }
+        } else {
+            (*message_context)++;
+        }
+    } else {
+        status_value -= GSS_ROUTINE_ERROR(status_value);
+    }
+
+    /*** do calling error */
+
+    if (*message_context == 1) {
+        if ((tmp = GSS_CALLING_ERROR(status_value))) {
+            status_value -= tmp;
+            if ((ret = display_calling(minor_status, tmp, status_string)))
+                return(ret);
+            *minor_status = 0;
+            if (status_value) {
+                (*message_context)++;
+                return(GSS_S_COMPLETE);
+            } else {
+                *message_context = 0;
+                return(GSS_S_COMPLETE);
+            }
+        } else {
+            (*message_context)++;
+        }
+    } else {
+        status_value -= GSS_CALLING_ERROR(status_value);
+    }
+
+    /*** do sinfo bits (*message_context == 2 + number of bits done) */
+
+    tmp = GSS_SUPPLEMENTARY_INFO_FIELD(status_value);
+    /* mask off the bits which have been done */
+    if (*message_context > 2) {
+        tmp &= ~LSBMASK(*message_context-3);
+        status_value &= ~LSBMASK(*message_context-3);
+    }
+
+    if (!tmp) {
+        /* bogon input - there should be something left */
+        *minor_status = (OM_uint32) G_BAD_MSG_CTX;
+        return(GSS_S_FAILURE);
+    }
+
+    /* compute the bit offset */
+    /*SUPPRESS 570*/
+    for (bit=0; (((OM_uint32) 1)<<bit) != LSBGET(tmp); bit++) ;
+
+    /* print it */
+    if ((ret = display_bit(minor_status, bit, status_string)))
+        return(ret);
+
+    /* compute the new status_value/message_context */
+    status_value -= ((OM_uint32) 1)<<bit;
+
+    if (status_value) {
+        *message_context = bit+3;
+        return(GSS_S_COMPLETE);
+    } else {
+        *message_context = 0;
+        return(GSS_S_COMPLETE);
+    }
 }
index ef55febcfc80c9c7a7cae14d7cbd0ceb132edfaf..4dc33133b6ab1cb11ec6bd4e96794f87c1ab6b61 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
  */
 
 #if defined(__MACH__) && defined(__APPLE__)
-#      include <TargetConditionals.h>
-#      if TARGET_RT_MAC_CFM
-#              error "Use KfM 4.0 SDK headers for CFM compilation."
-#      endif
+#       include <TargetConditionals.h>
+#       if TARGET_RT_MAC_CFM
+#               error "Use KfM 4.0 SDK headers for CFM compilation."
+#       endif
 #endif
 
 #ifdef __cplusplus
@@ -85,73 +86,73 @@ typedef struct gss_ctx_id_struct * gss_ctx_id_t;
 typedef uint32_t gss_uint32;
 typedef int32_t gss_int32;
 
-#ifdef OM_STRING
+#ifdef  OM_STRING
 /*
  * We have included the xom.h header file.  Use the definition for
  * OM_object identifier.
  */
-typedef OM_object_identifier   gss_OID_desc, *gss_OID;
-#else  /* OM_STRING */
+typedef OM_object_identifier    gss_OID_desc, *gss_OID;
+#else   /* OM_STRING */
 /*
  * We can't use X/Open definitions, so roll our own.
  */
-typedef gss_uint32     OM_uint32;
+typedef gss_uint32      OM_uint32;
 
 typedef struct gss_OID_desc_struct {
-      OM_uint32 length;
-      void *elements;
+    OM_uint32 length;
+    void *elements;
 } gss_OID_desc, *gss_OID;
-#endif /* OM_STRING */
+#endif  /* OM_STRING */
 
 typedef struct gss_OID_set_desc_struct  {
-      size_t  count;
-      gss_OID elements;
+    size_t  count;
+    gss_OID elements;
 } gss_OID_set_desc, *gss_OID_set;
 
 typedef struct gss_buffer_desc_struct {
-      size_t length;
-      void *value;
+    size_t length;
+    void *value;
 } gss_buffer_desc, *gss_buffer_t;
 
 typedef struct gss_channel_bindings_struct {
-      OM_uint32 initiator_addrtype;
-      gss_buffer_desc initiator_address;
-      OM_uint32 acceptor_addrtype;
-      gss_buffer_desc acceptor_address;
-      gss_buffer_desc application_data;
+    OM_uint32 initiator_addrtype;
+    gss_buffer_desc initiator_address;
+    OM_uint32 acceptor_addrtype;
+    gss_buffer_desc acceptor_address;
+    gss_buffer_desc application_data;
 } *gss_channel_bindings_t;
 
 /*
  * For now, define a QOP-type as an OM_uint32 (pending resolution of ongoing
  * discussions).
  */
-typedef        OM_uint32       gss_qop_t;
-typedef        int             gss_cred_usage_t;
+typedef OM_uint32       gss_qop_t;
+typedef int             gss_cred_usage_t;
 
 /*
  * Flag bits for context-level services.
  */
-#define GSS_C_DELEG_FLAG 1
-#define GSS_C_MUTUAL_FLAG 2
-#define GSS_C_REPLAY_FLAG 4
-#define GSS_C_SEQUENCE_FLAG 8
-#define GSS_C_CONF_FLAG 16
-#define GSS_C_INTEG_FLAG 32
-#define        GSS_C_ANON_FLAG 64
-#define GSS_C_PROT_READY_FLAG 128
-#define GSS_C_TRANS_FLAG 256
+#define GSS_C_DELEG_FLAG        1
+#define GSS_C_MUTUAL_FLAG       2
+#define GSS_C_REPLAY_FLAG       4
+#define GSS_C_SEQUENCE_FLAG     8
+#define GSS_C_CONF_FLAG         16
+#define GSS_C_INTEG_FLAG        32
+#define GSS_C_ANON_FLAG         64
+#define GSS_C_PROT_READY_FLAG   128
+#define GSS_C_TRANS_FLAG        256
 
 /*
  * Credential usage options
  */
-#define GSS_C_BOTH 0
-#define GSS_C_INITIATE 1
-#define GSS_C_ACCEPT 2
+#define GSS_C_BOTH      0
+#define GSS_C_INITIATE  1
+#define GSS_C_ACCEPT    2
 
 /*
  * Status code types for gss_display_status
  */
-#define GSS_C_GSS_CODE 1
+#define GSS_C_GSS_CODE  1
 #define GSS_C_MECH_CODE 2
 
 /*
@@ -197,8 +198,8 @@ typedef     int             gss_cred_usage_t;
  * Some alternate names for a couple of the above values.  These are defined
  * for V1 compatibility.
  */
-#define        GSS_C_NULL_OID          GSS_C_NO_OID
-#define        GSS_C_NULL_OID_SET      GSS_C_NO_OID_SET
+#define GSS_C_NULL_OID          GSS_C_NO_OID
+#define GSS_C_NULL_OID_SET      GSS_C_NO_OID_SET
 
 /*
  * Define the default Quality of Protection for per-message services.  Note
@@ -244,7 +245,7 @@ typedef     int             gss_cred_usage_t;
   ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
 #define GSS_ERROR(x) \
   ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
-         (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
+          (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
 
 /*
  * Now the actual status code definitions
@@ -407,301 +408,311 @@ GSS_DLLIMP extern gss_OID GSS_C_NT_EXPORT_NAME;
 
 /* Function Prototypes */
 
-OM_uint32 KRB5_CALLCONV gss_acquire_cred
-(OM_uint32 *,          /* minor_status */
-            gss_name_t,                        /* desired_name */
-            OM_uint32,                 /* time_req */
-            gss_OID_set,               /* desired_mechs */
-            gss_cred_usage_t,          /* cred_usage */
-            gss_cred_id_t *,   /* output_cred_handle */
-            gss_OID_set *,             /* actual_mechs */
-            OM_uint32 *                /* time_rec */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_release_cred
-(OM_uint32 *,          /* minor_status */
-            gss_cred_id_t *            /* cred_handle */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_init_sec_context
-(OM_uint32 *,          /* minor_status */
-            gss_cred_id_t,             /* claimant_cred_handle */
-            gss_ctx_id_t *,            /* context_handle */
-            gss_name_t,                        /* target_name */
-            gss_OID,                   /* mech_type (used to be const) */
-            OM_uint32,                 /* req_flags */
-            OM_uint32,                 /* time_req */
-            gss_channel_bindings_t,    /* input_chan_bindings */
-            gss_buffer_t,              /* input_token */
-            gss_OID *,         /* actual_mech_type */
-            gss_buffer_t,              /* output_token */
-            OM_uint32 *,               /* ret_flags */
-            OM_uint32 *                /* time_rec */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_accept_sec_context
-(OM_uint32 *,          /* minor_status */
-            gss_ctx_id_t *,            /* context_handle */
-            gss_cred_id_t,             /* acceptor_cred_handle */
-            gss_buffer_t,              /* input_token_buffer */
-            gss_channel_bindings_t,    /* input_chan_bindings */
-            gss_name_t *,              /* src_name */
-            gss_OID *,         /* mech_type */
-            gss_buffer_t,              /* output_token */
-            OM_uint32 *,               /* ret_flags */
-            OM_uint32 *,               /* time_rec */
-            gss_cred_id_t *            /* delegated_cred_handle */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_process_context_token
-(OM_uint32 *,          /* minor_status */
-            gss_ctx_id_t,              /* context_handle */
-            gss_buffer_t               /* token_buffer */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_delete_sec_context
-(OM_uint32 *,          /* minor_status */
-            gss_ctx_id_t *,            /* context_handle */
-            gss_buffer_t               /* output_token */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_context_time
-(OM_uint32 *,          /* minor_status */
-            gss_ctx_id_t,              /* context_handle */
-            OM_uint32 *                /* time_rec */
-           );
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* desired_name */
+    OM_uint32,          /* time_req */
+    gss_OID_set,        /* desired_mechs */
+    gss_cred_usage_t,   /* cred_usage */
+    gss_cred_id_t *,    /* output_cred_handle */
+    gss_OID_set *,      /* actual_mechs */
+    OM_uint32 *);       /* time_rec */
+
+OM_uint32 KRB5_CALLCONV
+gss_release_cred(
+    OM_uint32 *,        /* minor_status */
+    gss_cred_id_t *);   /* cred_handle */
+
+OM_uint32 KRB5_CALLCONV
+gss_init_sec_context(
+    OM_uint32 *,        /* minor_status */
+    gss_cred_id_t,      /* claimant_cred_handle */
+    gss_ctx_id_t *,     /* context_handle */
+    gss_name_t,         /* target_name */
+    gss_OID,            /* mech_type (used to be const) */
+    OM_uint32,          /* req_flags */
+    OM_uint32,          /* time_req */
+    gss_channel_bindings_t,     /* input_chan_bindings */
+    gss_buffer_t,       /* input_token */
+    gss_OID *,          /* actual_mech_type */
+    gss_buffer_t,       /* output_token */
+    OM_uint32 *,        /* ret_flags */
+    OM_uint32 *);       /* time_rec */
+
+OM_uint32 KRB5_CALLCONV
+gss_accept_sec_context(
+    OM_uint32 *,                /* minor_status */
+    gss_ctx_id_t *,             /* context_handle */
+    gss_cred_id_t,              /* acceptor_cred_handle */
+    gss_buffer_t,               /* input_token_buffer */
+    gss_channel_bindings_t,     /* input_chan_bindings */
+    gss_name_t *,               /* src_name */
+    gss_OID *,                  /* mech_type */
+    gss_buffer_t,               /* output_token */
+    OM_uint32 *,                /* ret_flags */
+    OM_uint32 *,                /* time_rec */
+    gss_cred_id_t *);           /* delegated_cred_handle */
+
+OM_uint32 KRB5_CALLCONV
+gss_process_context_token(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_buffer_t);      /* token_buffer */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_delete_sec_context(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t *,     /* context_handle */
+    gss_buffer_t);      /* output_token */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_context_time(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    OM_uint32 *);       /* time_rec */
+
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_get_mic
-(OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           gss_qop_t,                  /* qop_req */
-           gss_buffer_t,               /* message_buffer */
-           gss_buffer_t                /* message_token */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_get_mic(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_qop_t,          /* qop_req */
+    gss_buffer_t,       /* message_buffer */
+    gss_buffer_t);      /* message_token */
+
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_verify_mic
-(OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           gss_buffer_t,               /* message_buffer */
-           gss_buffer_t,               /* message_token */
-           gss_qop_t *                 /* qop_state */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_verify_mic(OM_uint32 *,     /* minor_status */
+               gss_ctx_id_t,    /* context_handle */
+               gss_buffer_t,    /* message_buffer */
+               gss_buffer_t,    /* message_token */
+               gss_qop_t *      /* qop_state */
+);
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_wrap
-(OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           int,                        /* conf_req_flag */
-           gss_qop_t,                  /* qop_req */
-           gss_buffer_t,               /* input_message_buffer */
-           int *,                      /* conf_state */
-           gss_buffer_t                /* output_message_buffer */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_wrap(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int,                /* conf_req_flag */
+    gss_qop_t,          /* qop_req */
+    gss_buffer_t,       /* input_message_buffer */
+    int *,              /* conf_state */
+    gss_buffer_t);      /* output_message_buffer */
+
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_unwrap
-(OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           gss_buffer_t,               /* input_message_buffer */
-           gss_buffer_t,               /* output_message_buffer */
-           int *,                      /* conf_state */
-           gss_qop_t *         /* qop_state */
-          );
-
-OM_uint32 KRB5_CALLCONV gss_display_status
-(OM_uint32 *,          /* minor_status */
-            OM_uint32,                 /* status_value */
-            int,                       /* status_type */
-            gss_OID,                   /* mech_type (used to be const) */
-            OM_uint32 *,               /* message_context */
-            gss_buffer_t               /* status_string */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_indicate_mechs
-(OM_uint32 *,          /* minor_status */
-            gss_OID_set *              /* mech_set */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_compare_name
-(OM_uint32 *,          /* minor_status */
-            gss_name_t,                        /* name1 */
-            gss_name_t,                        /* name2 */
-            int *                      /* name_equal */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_display_name
-(OM_uint32 *,          /* minor_status */
-            gss_name_t,                        /* input_name */
-            gss_buffer_t,              /* output_name_buffer */
-            gss_OID *          /* output_name_type */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_import_name
-(OM_uint32 *,          /* minor_status */
-            gss_buffer_t,              /* input_name_buffer */
-            gss_OID,                   /* input_name_type(used to be const) */
-            gss_name_t *               /* output_name */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_release_name
-(OM_uint32 *,          /* minor_status */
-            gss_name_t *               /* input_name */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_release_buffer
-(OM_uint32 *,          /* minor_status */
-            gss_buffer_t               /* buffer */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_release_oid_set
-(OM_uint32 *,          /* minor_status */
-            gss_OID_set *              /* set */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_inquire_cred
-(OM_uint32 *,          /* minor_status */
-            gss_cred_id_t,             /* cred_handle */
-            gss_name_t *,              /* name */
-            OM_uint32 *,               /* lifetime */
-            gss_cred_usage_t *,        /* cred_usage */
-            gss_OID_set *              /* mechanisms */
-           );
+OM_uint32 KRB5_CALLCONV
+gss_unwrap(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_buffer_t,       /* input_message_buffer */
+    gss_buffer_t,       /* output_message_buffer */
+    int *,              /* conf_state */
+    gss_qop_t *);       /* qop_state */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_display_status(
+    OM_uint32 *,        /* minor_status */
+    OM_uint32,          /* status_value */
+    int,                /* status_type */
+    gss_OID,            /* mech_type (used to be const) */
+    OM_uint32 *,        /* message_context */
+    gss_buffer_t);      /* status_string */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_indicate_mechs(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* mech_set */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_compare_name(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* name1 */
+    gss_name_t,         /* name2 */
+    int *);             /* name_equal */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_display_name(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* input_name */
+    gss_buffer_t,       /* output_name_buffer */
+    gss_OID *);         /* output_name_type */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_import_name(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t,       /* input_name_buffer */
+    gss_OID,            /* input_name_type(used to be const) */
+    gss_name_t *);      /* output_name */
+
+OM_uint32 KRB5_CALLCONV
+gss_release_name(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t *);      /* input_name */
+
+OM_uint32 KRB5_CALLCONV
+gss_release_buffer(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t);      /* buffer */
+
+OM_uint32 KRB5_CALLCONV
+gss_release_oid_set(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* set */
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_cred(
+    OM_uint32 *,        /* minor_status */
+    gss_cred_id_t,      /* cred_handle */
+    gss_name_t *,       /* name */
+    OM_uint32 *,        /* lifetime */
+    gss_cred_usage_t *, /* cred_usage */
+    gss_OID_set *);     /* mechanisms */
 
 /* Last argument new for V2 */
-OM_uint32 KRB5_CALLCONV gss_inquire_context
-(OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           gss_name_t *,               /* src_name */
-           gss_name_t *,               /* targ_name */
-           OM_uint32 *,                /* lifetime_rec */
-           gss_OID *,          /* mech_type */
-           OM_uint32 *,                /* ctx_flags */
-           int *,              /* locally_initiated */
-           int *                       /* open */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_inquire_context(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_name_t *,       /* src_name */
+    gss_name_t *,       /* targ_name */
+    OM_uint32 *,        /* lifetime_rec */
+    gss_OID *,          /* mech_type */
+    OM_uint32 *,        /* ctx_flags */
+    int *,              /* locally_initiated */
+    int *);             /* open */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_wrap_size_limit
-(OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           int,                        /* conf_req_flag */
-           gss_qop_t,                  /* qop_req */
-           OM_uint32,                  /* req_output_size */
-           OM_uint32 *                 /* max_input_size */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_wrap_size_limit(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int,                /* conf_req_flag */
+    gss_qop_t,          /* qop_req */
+    OM_uint32,          /* req_output_size */
+    OM_uint32 *);       /* max_input_size */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_import_name_object
-(OM_uint32 *,          /* minor_status */
-           void *,                     /* input_name */
-           gss_OID,                    /* input_name_type */
-           gss_name_t *                /* output_name */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_import_name_object(
+    OM_uint32 *,        /* minor_status */
+    void *,             /* input_name */
+    gss_OID,            /* input_name_type */
+    gss_name_t *);      /* output_name */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_export_name_object
-(OM_uint32 *,          /* minor_status */
-           gss_name_t,                 /* input_name */
-           gss_OID,                    /* desired_name_type */
-           void **             /* output_name */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_export_name_object(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* input_name */
+    gss_OID,            /* desired_name_type */
+    void **);           /* output_name */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_add_cred
-(OM_uint32 *,          /* minor_status */
-           gss_cred_id_t,              /* input_cred_handle */
-           gss_name_t,                 /* desired_name */
-           gss_OID,                    /* desired_mech */
-           gss_cred_usage_t,           /* cred_usage */
-           OM_uint32,                  /* initiator_time_req */
-           OM_uint32,                  /* acceptor_time_req */
-           gss_cred_id_t *,    /* output_cred_handle */
-           gss_OID_set *,              /* actual_mechs */
-           OM_uint32 *,                /* initiator_time_rec */
-           OM_uint32 *         /* acceptor_time_rec */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_add_cred(
+    OM_uint32 *,        /* minor_status */
+    gss_cred_id_t,      /* input_cred_handle */
+    gss_name_t,         /* desired_name */
+    gss_OID,            /* desired_mech */
+    gss_cred_usage_t,   /* cred_usage */
+    OM_uint32,          /* initiator_time_req */
+    OM_uint32,          /* acceptor_time_req */
+    gss_cred_id_t *,    /* output_cred_handle */
+    gss_OID_set *,      /* actual_mechs */
+    OM_uint32 *,        /* initiator_time_rec */
+    OM_uint32 *);       /* acceptor_time_rec */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_mech
-(OM_uint32 *,          /* minor_status */
-           gss_cred_id_t,              /* cred_handle */
-           gss_OID,                    /* mech_type */
-           gss_name_t *,               /* name */
-           OM_uint32 *,                /* initiator_lifetime */
-           OM_uint32 *,                /* acceptor_lifetime */
-           gss_cred_usage_t *  /* cred_usage */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_inquire_cred_by_mech(
+    OM_uint32 *,                /* minor_status */
+    gss_cred_id_t,              /* cred_handle */
+    gss_OID,                    /* mech_type */
+    gss_name_t *,               /* name */
+    OM_uint32 *,                /* initiator_lifetime */
+    OM_uint32 *,                /* acceptor_lifetime */
+    gss_cred_usage_t *);        /* cred_usage */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_export_sec_context
-(OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t *,             /* context_handle */
-           gss_buffer_t                /* interprocess_token */
-           );
+OM_uint32 KRB5_CALLCONV
+gss_export_sec_context(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t *,     /* context_handle */
+    gss_buffer_t);      /* interprocess_token */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_import_sec_context
-(OM_uint32 *,          /* minor_status */
-           gss_buffer_t,               /* interprocess_token */
-           gss_ctx_id_t *              /* context_handle */
-           );
+OM_uint32 KRB5_CALLCONV
+gss_import_sec_context(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t,       /* interprocess_token */
+    gss_ctx_id_t *);    /* context_handle */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_release_oid
-(OM_uint32 *,          /* minor_status */
-           gss_OID *           /* oid */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_release_oid(
+    OM_uint32 *,        /* minor_status */
+    gss_OID *);         /* oid */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_create_empty_oid_set
-(OM_uint32 *,          /* minor_status */
-           gss_OID_set *               /* oid_set */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_create_empty_oid_set(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* oid_set */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_add_oid_set_member
-(OM_uint32 *,          /* minor_status */
-           gss_OID,                    /* member_oid */
-           gss_OID_set *               /* oid_set */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_add_oid_set_member(
+    OM_uint32 *,        /* minor_status */
+    gss_OID,            /* member_oid */
+    gss_OID_set *);     /* oid_set */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_test_oid_set_member
-(OM_uint32 *,          /* minor_status */
-           gss_OID,                    /* member */
-           gss_OID_set,                /* set */
-           int *                       /* present */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_test_oid_set_member(
+    OM_uint32 *,        /* minor_status */
+    gss_OID,            /* member */
+    gss_OID_set,        /* set */
+    int *);             /* present */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_str_to_oid
-(OM_uint32 *,          /* minor_status */
-           gss_buffer_t,               /* oid_str */
-           gss_OID *           /* oid */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_str_to_oid(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t,       /* oid_str */
+    gss_OID *);         /* oid */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_oid_to_str
-(OM_uint32 *,          /* minor_status */
-           gss_OID,                    /* oid */
-           gss_buffer_t                /* oid_str */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_oid_to_str(
+    OM_uint32 *,        /* minor_status */
+    gss_OID,            /* oid */
+    gss_buffer_t);      /* oid_str */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_inquire_names_for_mech
-(OM_uint32 *,          /* minor_status */
-           gss_OID,                    /* mechanism */
-           gss_OID_set *               /* name_types */
-          );
+OM_uint32 KRB5_CALLCONV
+gss_inquire_names_for_mech(
+    OM_uint32 *,        /* minor_status */
+    gss_OID,            /* mechanism */
+    gss_OID_set *);     /* name_types */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_inquire_mechs_for_name(
-    OM_uint32 *,               /* minor_status */
-    const gss_name_t,          /* input_name */
-    gss_OID_set *              /* mech_types */
-);
+OM_uint32 KRB5_CALLCONV
+gss_inquire_mechs_for_name(
+    OM_uint32 *,        /* minor_status */
+    const gss_name_t,   /* input_name */
+    gss_OID_set *);     /* mech_types */
 
 /*
  * The following routines are obsolete variants of gss_get_mic, gss_wrap,
@@ -710,62 +721,62 @@ OM_uint32 KRB5_CALLCONV gss_inquire_mechs_for_name(
  * entrypoints (as opposed to #defines) should be provided, to allow GSSAPI
  * V1 applications to link against GSSAPI V2 implementations.
  */
-OM_uint32 KRB5_CALLCONV gss_sign
-(OM_uint32 *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            int,               /* qop_req */
-            gss_buffer_t,      /* message_buffer */
-            gss_buffer_t       /* message_token */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_verify
-(OM_uint32 *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            gss_buffer_t,      /* message_buffer */
-            gss_buffer_t,      /* token_buffer */
-            int *           /* qop_state */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_seal
-(OM_uint32 *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            int,               /* conf_req_flag */
-            int,               /* qop_req */
-            gss_buffer_t,      /* input_message_buffer */
-            int *,          /* conf_state */
-            gss_buffer_t       /* output_message_buffer */
-           );
-
-OM_uint32 KRB5_CALLCONV gss_unseal
-(OM_uint32 *,    /* minor_status */
-            gss_ctx_id_t,      /* context_handle */
-            gss_buffer_t,      /* input_message_buffer */
-            gss_buffer_t,      /* output_message_buffer */
-            int *,          /* conf_state */
-            int *           /* qop_state */
-           );
+OM_uint32 KRB5_CALLCONV
+gss_sign(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int,                /* qop_req */
+    gss_buffer_t,       /* message_buffer */
+    gss_buffer_t);      /* message_token */
+
+OM_uint32 KRB5_CALLCONV
+gss_verify(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_buffer_t,       /* message_buffer */
+    gss_buffer_t,       /* token_buffer */
+    int *);             /* qop_state */
+
+OM_uint32 KRB5_CALLCONV
+gss_seal(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int,                /* conf_req_flag */
+    int,                /* qop_req */
+    gss_buffer_t,       /* input_message_buffer */
+    int *,              /* conf_state */
+    gss_buffer_t);      /* output_message_buffer */
+
+OM_uint32 KRB5_CALLCONV
+gss_unseal(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_buffer_t,       /* input_message_buffer */
+    gss_buffer_t,       /* output_message_buffer */
+    int *,              /* conf_state */
+    int *);             /* qop_state */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_export_name
-(OM_uint32  *,         /* minor_status */
-                const gss_name_t,      /* input_name */
-                gss_buffer_t           /* exported_name */
-       );
+OM_uint32 KRB5_CALLCONV
+gss_export_name(
+    OM_uint32  *,       /* minor_status */
+    const gss_name_t,   /* input_name */
+    gss_buffer_t);      /* exported_name */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_duplicate_name
-(OM_uint32  *,         /* minor_status */
-                const gss_name_t,      /* input_name */
-                gss_name_t *           /* dest_name */
-       );
+OM_uint32 KRB5_CALLCONV
+gss_duplicate_name(
+    OM_uint32  *,       /* minor_status */
+    const gss_name_t,   /* input_name */
+    gss_name_t *);      /* dest_name */
 
 /* New for V2 */
-OM_uint32 KRB5_CALLCONV gss_canonicalize_name
-(OM_uint32  *,         /* minor_status */
-                const gss_name_t,      /* input_name */
-                const gss_OID,         /* mech_type */
-                gss_name_t *           /* output_name */
-       );
+OM_uint32 KRB5_CALLCONV
+gss_canonicalize_name(
+    OM_uint32  *,       /* minor_status */
+    const gss_name_t,   /* input_name */
+    const gss_OID,      /* mech_type */
+    gss_name_t *);      /* output_name */
 
 #if TARGET_OS_MAC
 #    pragma pack(pop)
index c4a030d186df310a52f758b4947e7a50b72dca1a..747c6fe6c5603c45169cb47fbac66a98184909b3 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -48,48 +49,48 @@ typedef UINT64_TYPE gssint_uint64;
 
 /** helper macros **/
 
-#define        g_OID_equal(o1, o2) \
-       (((o1)->length == (o2)->length) && \
-       (memcmp((o1)->elements, (o2)->elements, (o1)->length) == 0))
+#define g_OID_equal(o1, o2)                                             \
+        (((o1)->length == (o2)->length) &&                              \
+        (memcmp((o1)->elements, (o2)->elements, (o1)->length) == 0))
 
 /* this code knows that an int on the wire is 32 bits.  The type of
    num should be at least this big, or the extra shifts may do weird
    things */
 
-#define TWRITE_INT(ptr, num, bigend) \
-   (ptr)[0] = (char) ((bigend)?((num)>>24):((num)&0xff)); \
-   (ptr)[1] = (char) ((bigend)?(((num)>>16)&0xff):(((num)>>8)&0xff)); \
-   (ptr)[2] = (char) ((bigend)?(((num)>>8)&0xff):(((num)>>16)&0xff)); \
-   (ptr)[3] = (char) ((bigend)?((num)&0xff):((num)>>24)); \
+#define TWRITE_INT(ptr, num, bigend)                                    \
+   (ptr)[0] = (char) ((bigend)?((num)>>24):((num)&0xff));               \
+   (ptr)[1] = (char) ((bigend)?(((num)>>16)&0xff):(((num)>>8)&0xff));   \
+   (ptr)[2] = (char) ((bigend)?(((num)>>8)&0xff):(((num)>>16)&0xff));   \
+   (ptr)[3] = (char) ((bigend)?((num)&0xff):((num)>>24));               \
    (ptr) += 4;
 
-#define TWRITE_INT16(ptr, num, bigend) \
-   (ptr)[0] = (char) ((bigend)?((num)>>24):((num)&0xff)); \
-   (ptr)[1] = (char) ((bigend)?(((num)>>16)&0xff):(((num)>>8)&0xff)); \
+#define TWRITE_INT16(ptr, num, bigend)                                  \
+   (ptr)[0] = (char) ((bigend)?((num)>>24):((num)&0xff));               \
+   (ptr)[1] = (char) ((bigend)?(((num)>>16)&0xff):(((num)>>8)&0xff));   \
    (ptr) += 2;
 
-#define TREAD_INT(ptr, num, bigend) \
-   (num) = (((ptr)[0]<<((bigend)?24: 0)) | \
-            ((ptr)[1]<<((bigend)?16: 8)) | \
-            ((ptr)[2]<<((bigend)? 8:16)) | \
-            ((ptr)[3]<<((bigend)? 0:24))); \
+#define TREAD_INT(ptr, num, bigend)             \
+   (num) = (((ptr)[0]<<((bigend)?24: 0)) |      \
+            ((ptr)[1]<<((bigend)?16: 8)) |      \
+            ((ptr)[2]<<((bigend)? 8:16)) |      \
+            ((ptr)[3]<<((bigend)? 0:24)));      \
    (ptr) += 4;
 
-#define TREAD_INT16(ptr, num, bigend) \
-   (num) = (((ptr)[0]<<((bigend)?24: 0)) | \
-            ((ptr)[1]<<((bigend)?16: 8))); \
+#define TREAD_INT16(ptr, num, bigend)           \
+   (num) = (((ptr)[0]<<((bigend)?24: 0)) |      \
+            ((ptr)[1]<<((bigend)?16: 8)));      \
    (ptr) += 2;
 
-#define TWRITE_STR(ptr, str, len) \
-   memcpy((ptr), (char *) (str), (len)); \
+#define TWRITE_STR(ptr, str, len)               \
+   memcpy((ptr), (char *) (str), (len));        \
    (ptr) += (len);
 
-#define TREAD_STR(ptr, str, len) \
-   (str) = (ptr); \
+#define TREAD_STR(ptr, str, len)                \
+   (str) = (ptr);                               \
    (ptr) += (len);
 
-#define TWRITE_BUF(ptr, buf, bigend) \
-   TWRITE_INT((ptr), (buf).length, (bigend)); \
+#define TWRITE_BUF(ptr, buf, bigend)                    \
+   TWRITE_INT((ptr), (buf).length, (bigend));           \
    TWRITE_STR((ptr), (buf).value, (buf).length);
 
 /** malloc wrappers; these may actually do something later */
@@ -104,38 +105,38 @@ typedef UINT64_TYPE gssint_uint64;
 /** helper functions **/
 
 /* hide names from applications, especially glib applications */
-#define        g_set_init              gssint_g_set_init
-#define        g_set_destroy           gssint_g_set_destroy
-#define        g_set_entry_add         gssint_g_set_entry_add
-#define        g_set_entry_delete      gssint_g_set_entry_delete
-#define        g_set_entry_get         gssint_g_set_entry_get
-#define        g_save_name             gssint_g_save_name
-#define        g_save_cred_id          gssint_g_save_cred_id
-#define        g_save_ctx_id           gssint_g_save_ctx_id
-#define        g_save_lucidctx_id      gssint_g_save_lucidctx_id
-#define        g_validate_name         gssint_g_validate_name
-#define        g_validate_cred_id      gssint_g_validate_cred_id
-#define        g_validate_ctx_id       gssint_g_validate_ctx_id
-#define        g_validate_lucidctx_id  gssint_g_validate_lucidctx_id
-#define        g_delete_name           gssint_g_delete_name
-#define        g_delete_cred_id        gssint_g_delete_cred_id
-#define        g_delete_ctx_id         gssint_g_delete_ctx_id
-#define        g_delete_lucidctx_id    gssint_g_delete_lucidctx_id
-#define        g_make_string_buffer    gssint_g_make_string_buffer
-#define        g_token_size            gssint_g_token_size
-#define        g_make_token_header     gssint_g_make_token_header
-#define        g_verify_token_header   gssint_g_verify_token_header
-#define        g_display_major_status  gssint_g_display_major_status
-#define        g_display_com_err_status gssint_g_display_com_err_status
-#define        g_order_init            gssint_g_order_init
-#define        g_order_check           gssint_g_order_check
-#define        g_order_free            gssint_g_order_free
-#define        g_queue_size            gssint_g_queue_size
-#define        g_queue_externalize     gssint_g_queue_externalize
-#define        g_queue_internalize     gssint_g_queue_internalize
-#define        g_canonicalize_host     gssint_g_canonicalize_host
-#define        g_local_host_name       gssint_g_local_host_name
-#define        g_strdup                gssint_g_strdup
+#define g_set_init              gssint_g_set_init
+#define g_set_destroy           gssint_g_set_destroy
+#define g_set_entry_add         gssint_g_set_entry_add
+#define g_set_entry_delete      gssint_g_set_entry_delete
+#define g_set_entry_get         gssint_g_set_entry_get
+#define g_save_name             gssint_g_save_name
+#define g_save_cred_id          gssint_g_save_cred_id
+#define g_save_ctx_id           gssint_g_save_ctx_id
+#define g_save_lucidctx_id      gssint_g_save_lucidctx_id
+#define g_validate_name         gssint_g_validate_name
+#define g_validate_cred_id      gssint_g_validate_cred_id
+#define g_validate_ctx_id       gssint_g_validate_ctx_id
+#define g_validate_lucidctx_id  gssint_g_validate_lucidctx_id
+#define g_delete_name           gssint_g_delete_name
+#define g_delete_cred_id        gssint_g_delete_cred_id
+#define g_delete_ctx_id         gssint_g_delete_ctx_id
+#define g_delete_lucidctx_id    gssint_g_delete_lucidctx_id
+#define g_make_string_buffer    gssint_g_make_string_buffer
+#define g_token_size            gssint_g_token_size
+#define g_make_token_header     gssint_g_make_token_header
+#define g_verify_token_header   gssint_g_verify_token_header
+#define g_display_major_status  gssint_g_display_major_status
+#define g_display_com_err_status gssint_g_display_com_err_status
+#define g_order_init            gssint_g_order_init
+#define g_order_check           gssint_g_order_check
+#define g_order_free            gssint_g_order_free
+#define g_queue_size            gssint_g_queue_size
+#define g_queue_externalize     gssint_g_queue_externalize
+#define g_queue_internalize     gssint_g_queue_internalize
+#define g_canonicalize_host     gssint_g_canonicalize_host
+#define g_local_host_name       gssint_g_local_host_name
+#define g_strdup                gssint_g_strdup
 
 typedef struct _g_set_elt *g_set_elt;
 typedef struct {
@@ -170,25 +171,25 @@ int g_make_string_buffer (const char *str, gss_buffer_t buffer);
 unsigned int g_token_size (const gss_OID_desc * mech, unsigned int body_size);
 
 void g_make_token_header (const gss_OID_desc * mech, unsigned int body_size,
-                         unsigned char **buf, int tok_type);
+                          unsigned char **buf, int tok_type);
 
-gss_int32 g_verify_token_header (const gss_OID_desc * mech, 
-                                unsigned int *body_size,
-                                unsigned char **buf, int tok_type, 
-                                unsigned int toksize_in,
-                                int wrapper_required);
+gss_int32 g_verify_token_header (const gss_OID_desc * mech,
+                                 unsigned int *body_size,
+                                 unsigned char **buf, int tok_type,
+                                 unsigned int toksize_in,
+                                 int wrapper_required);
 
 OM_uint32 g_display_major_status (OM_uint32 *minor_status,
-                                OM_uint32 status_value,
-                                OM_uint32 *message_context,
-                                gss_buffer_t status_string);
+                                  OM_uint32 status_value,
+                                  OM_uint32 *message_context,
+                                  gss_buffer_t status_string);
 
 OM_uint32 g_display_com_err_status (OM_uint32 *minor_status,
-                                  OM_uint32 status_value,
-                                  gss_buffer_t status_string);
+                                    OM_uint32 status_value,
+                                    gss_buffer_t status_string);
 
 gss_int32 g_order_init (void **queue, gssint_uint64 seqnum,
-                                 int do_replay, int do_sequence, int wide);
+                        int do_replay, int do_sequence, int wide);
 
 gss_int32 g_order_check (void **queue, gssint_uint64 seqnum);
 
@@ -196,70 +197,70 @@ void g_order_free (void **queue);
 
 gss_uint32 g_queue_size(void *vqueue, size_t *sizep);
 gss_uint32 g_queue_externalize(void *vqueue, unsigned char **buf,
-                              size_t *lenremain);
+                               size_t *lenremain);
 gss_uint32 g_queue_internalize(void **vqueue, unsigned char **buf,
-                              size_t *lenremain);
+                               size_t *lenremain);
 
 char *g_strdup (char *str);
 
 /** declarations of internal name mechanism functions **/
 
-OM_uint32 generic_gss_release_buffer
-(OM_uint32*,       /* minor_status */
-            gss_buffer_t      /* buffer */
-           );
-
-OM_uint32 generic_gss_release_oid_set
-(OM_uint32*,       /* minor_status */
-            gss_OID_set*      /* set */
-           );
-
-OM_uint32 generic_gss_release_oid
-(OM_uint32*,       /* minor_status */
-            gss_OID*         /* set */
-           );
-
-OM_uint32 generic_gss_copy_oid
-(OM_uint32 *,  /* minor_status */
-           const gss_OID_desc * const,         /* oid */
-           gss_OID *           /* new_oid */
-           );
-
-OM_uint32 generic_gss_create_empty_oid_set
-(OM_uint32 *,  /* minor_status */
-           gss_OID_set *       /* oid_set */
-          );
-
-OM_uint32 generic_gss_add_oid_set_member
-(OM_uint32 *,  /* minor_status */
-           const gss_OID_desc * const,         /* member_oid */
-           gss_OID_set *       /* oid_set */
-          );
-
-OM_uint32 generic_gss_test_oid_set_member
-(OM_uint32 *,  /* minor_status */
-           const gss_OID_desc * const,         /* member */
-           gss_OID_set,        /* set */
-           int *               /* present */
-          );
-
-OM_uint32 generic_gss_oid_to_str
-(OM_uint32 *,  /* minor_status */
-           const gss_OID_desc * const,         /* oid */
-           gss_buffer_t        /* oid_str */
-          );
-
-OM_uint32 generic_gss_str_to_oid
-(OM_uint32 *,  /* minor_status */
-           gss_buffer_t,       /* oid_str */
-           gss_OID *           /* oid */
-          );
+OM_uint32
+generic_gss_release_buffer(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t);      /* buffer */
+
+OM_uint32
+generic_gss_release_oid_set(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* set */
+
+OM_uint32
+generic_gss_release_oid(
+    OM_uint32 *,        /* minor_status */
+    gss_OID *);         /* set */
+
+OM_uint32
+generic_gss_copy_oid(
+    OM_uint32 *,                /* minor_status */
+    const gss_OID_desc * const, /* oid */
+    gss_OID *);                 /* new_oid */
+
+OM_uint32
+generic_gss_create_empty_oid_set(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* oid_set */
+
+OM_uint32
+generic_gss_add_oid_set_member(
+    OM_uint32 *,                /* minor_status */
+    const gss_OID_desc * const, /* member_oid */
+    gss_OID_set *);             /* oid_set */
+
+OM_uint32
+generic_gss_test_oid_set_member(
+    OM_uint32 *,                /* minor_status */
+    const gss_OID_desc * const, /* member */
+    gss_OID_set,                /* set */
+    int *);                     /* present */
+
+OM_uint32
+generic_gss_oid_to_str(
+    OM_uint32 *,                /* minor_status */
+    const gss_OID_desc * const, /* oid */
+    gss_buffer_t);              /* oid_str */
+
+OM_uint32
+generic_gss_str_to_oid(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t,       /* oid_str */
+    gss_OID *);         /* oid */
 
 int gssint_mecherrmap_init(void);
 void gssint_mecherrmap_destroy(void);
 OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc *oid);
 int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid,
-                         OM_uint32 *mech_minor);
+                          OM_uint32 *mech_minor);
 OM_uint32 gssint_mecherrmap_map_errcode(OM_uint32 errcode);
 
 #endif /* _GSSAPIP_GENERIC_H_ */
index db92abb96bfafe85ca8454462cec9aef8e90bc8c..b5314ed7b6b059d5214ed236fa3520441c4885ed 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 static const gss_OID_desc const_oids[] = {
     /*
      * The implementation must reserve static storage for a
-        * gss_OID_desc object containing the value */
+     * gss_OID_desc object containing the value */
     {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"},
     /* corresponding to an object-identifier value of
-        * {iso(1) member-body(2) United States(840) mit(113554)
-        * infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
-        * GSS_C_NT_USER_NAME should be initialized to point
-        * to that gss_OID_desc.
-        */                                
-    
+     * {iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
+     * GSS_C_NT_USER_NAME should be initialized to point
+     * to that gss_OID_desc.
+     */
+
     /*
-        * The implementation must reserve static storage for a
-        * gss_OID_desc object containing the value */
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
     {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"},
     /* corresponding to an object-identifier value of
-        * {iso(1) member-body(2) United States(840) mit(113554)
-        * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
-        * The constant GSS_C_NT_MACHINE_UID_NAME should be
-        * initialized to point to that gss_OID_desc.
-        */
-     
+     * {iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
+     * The constant GSS_C_NT_MACHINE_UID_NAME should be
+     * initialized to point to that gss_OID_desc.
+     */
+
     /*
-    * The implementation must reserve static storage for a
-    * gss_OID_desc object containing the value */
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
     {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"},
     /* corresponding to an object-identifier value of
-    * {iso(1) member-body(2) United States(840) mit(113554)
-    * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
-    * The constant GSS_C_NT_STRING_UID_NAME should be
-    * initialized to point to that gss_OID_desc.
-    */
-    
+     * {iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
+     * The constant GSS_C_NT_STRING_UID_NAME should be
+     * initialized to point to that gss_OID_desc.
+     */
+
     /*
      * The implementation must reserve static storage for a
      * gss_OID_desc object containing the value */
@@ -85,15 +86,15 @@ static const gss_OID_desc const_oids[] = {
      * parameter, but should not be emitted by GSS-API
      * implementations
      */
-    
+
     /*
      * The implementation must reserve static storage for a
      * gss_OID_desc object containing the value */
-    {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"}, 
-    /* corresponding to an object-identifier value of 
-     * {iso(1) member-body(2) Unites States(840) mit(113554) 
-     * infosys(1) gssapi(2) generic(1) service_name(4)}.  
-     * The constant GSS_C_NT_HOSTBASED_SERVICE should be 
+    {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) member-body(2) Unites States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) service_name(4)}.
+     * The constant GSS_C_NT_HOSTBASED_SERVICE should be
      * initialized to point to that gss_OID_desc.
      */
 
@@ -107,7 +108,7 @@ static const gss_OID_desc const_oids[] = {
      * and GSS_C_NT_ANONYMOUS should be initialized to point
      * to that gss_OID_desc.
      */
-    
+
     /*
      * The implementation must reserve static storage for a
      * gss_OID_desc object containing the value */
@@ -124,8 +125,8 @@ static const gss_OID_desc const_oids[] = {
  *
  * Constants of the form GSS_C_NT_* are specified by rfc 2744.
  *
- * Constants of the form gss_nt_* are the original MIT krb5 names 
- * found in gssapi_generic.h.  They are provided for compatibility. */ 
+ * Constants of the form gss_nt_* are the original MIT krb5 names
+ * found in gssapi_generic.h.  They are provided for compatibility. */
 
 GSS_DLLIMP gss_OID GSS_C_NT_USER_NAME           = oids+0;
 GSS_DLLIMP gss_OID gss_nt_user_name             = oids+0;
@@ -137,7 +138,7 @@ GSS_DLLIMP gss_OID GSS_C_NT_STRING_UID_NAME     = oids+2;
 GSS_DLLIMP gss_OID gss_nt_string_uid_name       = oids+2;
 
 GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3;
-gss_OID gss_nt_service_name_v2       = oids+3;
+gss_OID gss_nt_service_name_v2                  = oids+3;
 
 GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE   = oids+4;
 GSS_DLLIMP gss_OID gss_nt_service_name          = oids+4;
@@ -145,4 +146,4 @@ GSS_DLLIMP gss_OID gss_nt_service_name          = oids+4;
 GSS_DLLIMP gss_OID GSS_C_NT_ANONYMOUS           = oids+5;
 
 GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME         = oids+6;
-gss_OID gss_nt_exported_name         = oids+6;
+gss_OID gss_nt_exported_name                    = oids+6;
index bf3c2af59c87b1f5ed00849dfd388821d6b11178..eee79655e63dc1d2aaca6c67b9cda9640c516ded 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -30,8 +31,8 @@
 #include <gssapi/gssapi.h>
 
 #if defined(__cplusplus) && !defined(GSSAPIGENERIC_BEGIN_DECLS)
-#define GSSAPIGENERIC_BEGIN_DECLS      extern "C" {
-#define GSSAPIGENERIC_END_DECLS        }
+#define GSSAPIGENERIC_BEGIN_DECLS       extern "C" {
+#define GSSAPIGENERIC_END_DECLS }
 #else
 #define GSSAPIGENERIC_BEGIN_DECLS
 #define GSSAPIGENERIC_END_DECLS
@@ -40,7 +41,7 @@
 GSSAPIGENERIC_BEGIN_DECLS
 
 /* Deprecated MIT krb5 oid names provided for compatibility.
- * The correct oids (GSS_C_NT_USER_NAME, etc) from rfc 2744 
+ * The correct oids (GSS_C_NT_USER_NAME, etc) from rfc 2744
  * are defined in gssapi.h. */
 
 GSS_DLLIMP extern gss_OID gss_nt_user_name;
index 28b4b06337b52a4896f5313a9ce19cc11606265e..ce594218d2cc2cc34f6e7ac667dd0e63b895da20 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <stdarg.h>
 #include <assert.h>
@@ -11,13 +12,13 @@ static int eltcp(elt *dest, elt src)
 static int eltcmp(elt left, elt right)
 {
     if (left.a < right.a)
-       return -1;
+        return -1;
     if (left.a > right.a)
-       return 1;
+        return 1;
     if (left.b < right.b)
-       return -1;
+        return -1;
     if (left.b > right.b)
-       return 1;
+        return 1;
     return 0;
 }
 static void eltprt(elt v, FILE *f)
@@ -27,9 +28,9 @@ static void eltprt(elt v, FILE *f)
 static int intcmp(int left, int right)
 {
     if (left < right)
-       return -1;
+        return -1;
     if (left > right)
-       return 1;
+        return 1;
     return 0;
 }
 static void intprt(int v, FILE *f)
index 555888184590b6819d67c9a3b9157d012395ee4d..8b35e803711d73c91b8e44844743c680f001836c 100644 (file)
@@ -1,8 +1,9 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /* #ident  "@(#)g_rel_buffer.c 1.2     96/02/06 SMI" */
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +13,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 #endif
 
 OM_uint32
-generic_gss_release_buffer (minor_status,
-                           buffer)
-     OM_uint32 *               minor_status;
-     gss_buffer_t              buffer;
+generic_gss_release_buffer(
+    OM_uint32 *minor_status,
+    gss_buffer_t buffer)
 {
     if (minor_status)
-       *minor_status = 0;
+        *minor_status = 0;
 
     /* if buffer is NULL, return */
 
     if (buffer == GSS_C_NO_BUFFER)
-       return(GSS_S_COMPLETE);
+        return(GSS_S_COMPLETE);
 
     if (buffer->value) {
-       free(buffer->value);
-       buffer->length = 0;
-       buffer->value = NULL;
+        free(buffer->value);
+        buffer->length = 0;
+        buffer->value = NULL;
     }
 
     return (GSS_S_COMPLETE);
index bd7f3cb2cfee1984fab98d75d78566e3d3460ba8..137a513a0f6a29fd519de5e48eace08c304933c9 100644 (file)
@@ -1,8 +1,9 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /* #ident  "@(#)gss_release_oid_set.c 1.12     95/08/23 SMI" */
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +13,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 #endif
 
 OM_uint32
-generic_gss_release_oid_set (minor_status,
-                            set)
-     OM_uint32 *               minor_status;
-     gss_OID_set *             set;
+generic_gss_release_oid_set(
+    OM_uint32 *minor_status,
+    gss_OID_set *set)
 {
     size_t i;
     if (minor_status)
-       *minor_status = 0;
+        *minor_status = 0;
 
     if (set == NULL)
-       return(GSS_S_COMPLETE);
+        return(GSS_S_COMPLETE);
 
     if (*set == GSS_C_NULL_OID_SET)
-       return(GSS_S_COMPLETE);
+        return(GSS_S_COMPLETE);
 
     for (i=0; i<(*set)->count; i++)
-       free((*set)->elements[i].elements);
+        free((*set)->elements[i].elements);
 
     free((*set)->elements);
     free(*set);
 
     *set = GSS_C_NULL_OID_SET;
-    
+
     return(GSS_S_COMPLETE);
 }
index 1ce9f89471ff21922e6826abf673b0a3cc4f1912..b707d15fbeb24d3a861f67e8b4bda6be52999434 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 int g_make_string_buffer(const char *str, gss_buffer_t buffer)
 {
-   buffer->length = strlen(str);
+    buffer->length = strlen(str);
 
-   if ((buffer->value = strdup(str)) == NULL) {
-      buffer->length = 0;
-      return(0);
-   }
+    if ((buffer->value = strdup(str)) == NULL) {
+        buffer->length = 0;
+        return(0);
+    }
 
-   return(1);
+    return(1);
 }
index 829311db9d61bfbbb1f00483459e0c9569a9d7a5..f1bd93f2b42db0573fc0992b84ec7a8a5bf14e0c 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 #include <string.h>
 
 char *
-g_canonicalize_host(hostname)
-     char *hostname;
+g_canonicalize_host(char *hostname)
 {
-   struct hostent *hent;
-   char *haddr;
-   char *canon, *str;
+    struct hostent *hent;
+    char *haddr;
+    char *canon, *str;
 
-   if ((hent = gethostbyname(hostname)) == NULL)
-      return(NULL);
+    if ((hent = gethostbyname(hostname)) == NULL)
+       return(NULL);
 
-   if (! (haddr = (char *) xmalloc(hent->h_length))) {
+    if (! (haddr = (char *) xmalloc(hent->h_length))) {
        return(NULL);
-   }
+    }
 
-   memcpy(haddr, hent->h_addr_list[0], hent->h_length);
+    memcpy(haddr, hent->h_addr_list[0], hent->h_length);
 
-   if (! (hent = gethostbyaddr(haddr, hent->h_length, hent->h_addrtype))) {
+    if (! (hent = gethostbyaddr(haddr, hent->h_length, hent->h_addrtype))) {
        return(NULL);
-   }
+    }
 
-   xfree(haddr);
+    xfree(haddr);
 
-   if ((canon = (char *) xmalloc(strlen(hent->h_name)+1)) == NULL)
-      return(NULL);
+    if ((canon = (char *) xmalloc(strlen(hent->h_name)+1)) == NULL)
+       return(NULL);
 
-   strcpy(canon, hent->h_name);
+    strcpy(canon, hent->h_name);
 
-   for (str = canon; *str; str++)
-      if (isupper(*str)) *str = tolower(*str);
+    for (str = canon; *str; str++)
+       if (isupper(*str)) *str = tolower(*str);
 
-   return(canon);
+    return(canon);
 }
index 9e2f7e9b3dfe8264c9948e4b49cc3cd9f8b0e58a..2634e667b5965e4b2f59d76050eb122642a7610a 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2007, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -20,7 +21,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #include "gssapiP_generic.h"
@@ -45,26 +46,26 @@ static inline int
 cmp_OM_uint32(OM_uint32 m1, OM_uint32 m2)
 {
     if (m1 < m2)
-       return -1;
+        return -1;
     else if (m1 > m2)
-       return 1;
+        return 1;
     else
-       return 0;
+        return 0;
 }
 
 static inline int
 mecherror_cmp(struct mecherror m1, struct mecherror m2)
 {
     if (m1.code < m2.code)
-       return -1;
+        return -1;
     if (m1.code > m2.code)
-       return 1;
+        return 1;
     if (m1.mech.length < m2.mech.length)
-       return -1;
+        return -1;
     if (m1.mech.length > m2.mech.length)
-       return 1;
+        return 1;
     if (m1.mech.length == 0)
-       return 0;
+        return 0;
     return memcmp(m1.mech.elements, m2.mech.elements, m1.mech.length);
 }
 
@@ -80,10 +81,10 @@ mecherror_copy(struct mecherror *dest, struct mecherror src)
     *dest = src;
     dest->mech.elements = malloc(src.mech.length);
     if (dest->mech.elements == NULL) {
-       if (src.mech.length)
-           return ENOMEM;
-       else
-           return 0;
+        if (src.mech.length)
+            return ENOMEM;
+        else
+            return 0;
     }
     memcpy(dest->mech.elements, src.mech.elements, src.mech.length);
     return 0;
@@ -95,40 +96,40 @@ mecherror_print(struct mecherror value, FILE *f)
     OM_uint32 minor;
     gss_buffer_desc str;
     static const struct {
-       const char *oidstr, *name;
+        const char *oidstr, *name;
     } mechnames[] = {
-       { "{ 1 2 840 113554 1 2 2 }", "krb5-new" },
-       { "{ 1 3 5 1 5 2 }", "krb5-old" },
-       { "{ 1 2 840 48018 1 2 2 }", "krb5-microsoft" },
-       { "{ 1 3 6 1 5 5 2 }", "spnego" },
+        { "{ 1 2 840 113554 1 2 2 }", "krb5-new" },
+        { "{ 1 3 5 1 5 2 }", "krb5-old" },
+        { "{ 1 2 840 48018 1 2 2 }", "krb5-microsoft" },
+        { "{ 1 3 6 1 5 5 2 }", "spnego" },
     };
     unsigned int i;
 
     fprintf(f, "%lu@", (unsigned long) value.code);
 
     if (value.mech.length == 0) {
-       fprintf(f, "(com_err)");
-       return;
+        fprintf(f, "(com_err)");
+        return;
     }
     fprintf(f, "%p=", value.mech.elements);
     if (generic_gss_oid_to_str(&minor, &value.mech, &str)) {
-       fprintf(f, "(error in conversion)");
-       return;
+        fprintf(f, "(error in conversion)");
+        return;
     }
     /* Note: generic_gss_oid_to_str returns a null-terminated string.  */
     for (i = 0; i < sizeof(mechnames)/sizeof(mechnames[0]); i++) {
-       if (!strcmp(str.value, mechnames[i].oidstr) && mechnames[i].name != 0) {
-           fprintf(f, "%s", mechnames[i].name);
-           break;
-       }
+        if (!strcmp(str.value, mechnames[i].oidstr) && mechnames[i].name != 0) {
+            fprintf(f, "%s", mechnames[i].name);
+            break;
+        }
     }
     if (i == sizeof(mechnames)/sizeof(mechnames[0]))
-       fprintf(f, "%s", (char *) str.value);
+        fprintf(f, "%s", (char *) str.value);
     generic_gss_release_buffer(&minor, &str);
 }
 
 #include "errmap.h"
-#include "krb5.h"              /* for KRB5KRB_AP_WRONG_PRINC */
+#include "krb5.h"               /* for KRB5KRB_AP_WRONG_PRINC */
 
 static mecherrmap m;
 static k5_mutex_t mutex = K5_MUTEX_PARTIAL_INITIALIZER;
@@ -140,11 +141,11 @@ int gssint_mecherrmap_init(void)
 
     err = mecherrmap_init(&m);
     if (err)
-       return err;
+        return err;
     err = k5_mutex_finish_init(&mutex);
     if (err) {
-       mecherrmap_destroy(&m);
-       return err;
+        mecherrmap_destroy(&m);
+        return err;
     }
 
     return 0;
@@ -155,7 +156,7 @@ int gssint_mecherrmap_init(void)
 static int free_one(OM_uint32 i, struct mecherror value, void *p)
 {
     if (value.mech.length && value.mech.elements)
-       free(value.mech.elements);
+        free(value.mech.elements);
     return 0;
 }
 
@@ -178,7 +179,7 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
     FILE *f;
     f = fopen("/dev/pts/9", "w+");
     if (f == NULL)
-       f = stderr;
+        f = stderr;
 #endif
 
     me.code = minor;
@@ -186,51 +187,51 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
     err = k5_mutex_lock(&mutex);
     if (err) {
 #ifdef DEBUG
-       if (f != stderr) fclose(f);
+        if (f != stderr) fclose(f);
 #endif
-       return 0;
+        return 0;
     }
 
     /* Is this status+oid already mapped?  */
     p = mecherrmap_findright(&m, me);
     if (p != NULL) {
-       k5_mutex_unlock(&mutex);
+        k5_mutex_unlock(&mutex);
 #ifdef DEBUG
-       fprintf(f, "%s: found ", __func__);
-       mecherror_print(me, f);
-       fprintf(f, " in map as %lu\n", (unsigned long) *p);
-       if (f != stderr) fclose(f);
+        fprintf(f, "%s: found ", __func__);
+        mecherror_print(me, f);
+        fprintf(f, " in map as %lu\n", (unsigned long) *p);
+        if (f != stderr) fclose(f);
 #endif
-       return *p;
+        return *p;
     }
     /* Is this status code already mapped to something else
        mech-specific?  */
     mep = mecherrmap_findleft(&m, minor);
     if (mep == NULL) {
-       /* Map it to itself plus this mech-oid.  */
-       new_status = minor;
+        /* Map it to itself plus this mech-oid.  */
+        new_status = minor;
     } else {
-       /* Already assigned.  Pick a fake new value and map it.  */
-       /* There's a theoretical infinite loop risk here, if we fill
-          in 2**32 values.  Also, returning 0 has a special
-          meaning.  */
-       do {
-           next_fake++;
-           new_status = next_fake;
-           if (new_status == 0)
-               /* ??? */;
-       } while (mecherrmap_findleft(&m, new_status) != NULL);
+        /* Already assigned.  Pick a fake new value and map it.  */
+        /* There's a theoretical infinite loop risk here, if we fill
+           in 2**32 values.  Also, returning 0 has a special
+           meaning.  */
+        do {
+            next_fake++;
+            new_status = next_fake;
+            if (new_status == 0)
+                /* ??? */;
+        } while (mecherrmap_findleft(&m, new_status) != NULL);
     }
     err = mecherror_copy(&me_copy, me);
     if (err) {
-       k5_mutex_unlock(&mutex);
-       return err;
+        k5_mutex_unlock(&mutex);
+        return err;
     }
     err = mecherrmap_add(&m, new_status, me_copy);
     k5_mutex_unlock(&mutex);
     if (err) {
-       if (me_copy.mech.length)
-           free(me_copy.mech.elements);
+        if (me_copy.mech.length)
+            free(me_copy.mech.elements);
     }
 #ifdef DEBUG
     fprintf(f, "%s: mapping ", __func__);
@@ -241,9 +242,9 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
     if (f != stderr) fclose(f);
 #endif
     if (err)
-       return 0;
+        return 0;
     else
-       return new_status;
+        return new_status;
 }
 
 static gss_OID_desc no_oid = { 0, 0 };
@@ -253,21 +254,21 @@ OM_uint32 gssint_mecherrmap_map_errcode(OM_uint32 errcode)
 }
 
 int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid,
-                         OM_uint32 *mech_minor)
+                          OM_uint32 *mech_minor)
 {
     const struct mecherror *p;
     int err;
 
     if (minor == 0) {
-       return EINVAL;
+        return EINVAL;
     }
     err = k5_mutex_lock(&mutex);
     if (err)
-       return err;
+        return err;
     p = mecherrmap_findleft(&m, minor);
     k5_mutex_unlock(&mutex);
     if (!p) {
-       return EINVAL;
+        return EINVAL;
     }
     *mech_oid = p->mech;
     *mech_minor = p->code;
index 13856e320604eceae45c0a2fe687855392ae6dc4..2d3c27cb2483e88ee5feb468bb217db92eb0c8d9 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 #define MAXHOSTNAMELEN 64
 #endif
 
-char *g_local_host_name()
+char *
+g_local_host_name(void)
 {
-     char buf[MAXHOSTNAMELEN+1], *ptr;
+    char buf[MAXHOSTNAMELEN+1], *ptr;
 
-     if (gethostname(buf, sizeof(buf)) < 0)
-         return 0;
+    if (gethostname(buf, sizeof(buf)) < 0)
+       return 0;
 
-     buf[sizeof(buf)-1] = '\0';
+    buf[sizeof(buf)-1] = '\0';
 
-     if (! (ptr = xmalloc(strlen(buf) + 1)))
-         return 0;
+    if (! (ptr = xmalloc(strlen(buf) + 1)))
+       return 0;
 
-     return strcpy(ptr, buf);
+    return strcpy(ptr, buf);
 }
index 218462bb0ce32abf8db936e5ceb5c23dc299cb09..274790e4e01796b55eded35c458604df679c5c22 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 #define QUEUE_LENGTH 20
 
 typedef struct _queue {
-   int do_replay;
-   int do_sequence;
-   int start;
-   int length;
-   gssint_uint64 firstnum;
-   /* Stored as deltas from firstnum.  This way, the high bit won't
-      overflow unless we've actually gone through 2**n messages, or
-      gotten something *way* out of sequence.  */
-   gssint_uint64 elem[QUEUE_LENGTH];
-   /* All ones for 64-bit sequence numbers; 32 ones for 32-bit
-      sequence numbers.  */
-   gssint_uint64 mask;
+    int do_replay;
+    int do_sequence;
+    int start;
+    int length;
+    gssint_uint64 firstnum;
+    /* Stored as deltas from firstnum.  This way, the high bit won't
+       overflow unless we've actually gone through 2**n messages, or
+       gotten something *way* out of sequence.  */
+    gssint_uint64 elem[QUEUE_LENGTH];
+    /* All ones for 64-bit sequence numbers; 32 ones for 32-bit
+       sequence numbers.  */
+    gssint_uint64 mask;
 } queue;
 
 /* rep invariant:
@@ -59,157 +60,157 @@ typedef struct _queue {
 static void
 queue_insert(queue *q, int after, gssint_uint64 seqnum)
 {
-   /* insert.  this is not the fastest way, but it's easy, and it's
-      optimized for insert at end, which is the common case */
-   int i;
+    /* insert.  this is not the fastest way, but it's easy, and it's
+       optimized for insert at end, which is the common case */
+    int i;
 
-   /* common case: at end, after == q->start+q->length-1 */
+    /* common case: at end, after == q->start+q->length-1 */
 
-   /* move all the elements (after,last] up one slot */
+    /* move all the elements (after,last] up one slot */
 
-   for (i=q->start+q->length-1; i>after; i--)
-      QELEM(q,i+1) = QELEM(q,i);
+    for (i=q->start+q->length-1; i>after; i--)
+        QELEM(q,i+1) = QELEM(q,i);
 
-   /* fill in slot after+1 */
+    /* fill in slot after+1 */
 
-   QELEM(q,after+1) = seqnum;
+    QELEM(q,after+1) = seqnum;
 
-   /* Either increase the length by one, or move the starting point up
-      one (deleting the first element, which got bashed above), as
-      appropriate. */
+    /* Either increase the length by one, or move the starting point up
+       one (deleting the first element, which got bashed above), as
+       appropriate. */
 
-   if (q->length == QSIZE(q)) {
-      q->start++;
-      if (q->start == QSIZE(q))
-        q->start = 0;
-   } else {
-      q->length++;
-   }
+    if (q->length == QSIZE(q)) {
+        q->start++;
+        if (q->start == QSIZE(q))
+            q->start = 0;
+    } else {
+        q->length++;
+    }
 }
 
 gss_int32
 g_order_init(void **vqueue, gssint_uint64 seqnum,
-            int do_replay, int do_sequence, int wide_nums)
+             int do_replay, int do_sequence, int wide_nums)
 {
-   queue *q;
+    queue *q;
 
-   if ((q = (queue *) malloc(sizeof(queue))) == NULL)
-      return(ENOMEM);
+    if ((q = (queue *) malloc(sizeof(queue))) == NULL)
+        return(ENOMEM);
 
-   /* This stops valgrind from complaining about writing uninitialized
-      data if the caller exports the context and writes it to a file.
-      We don't actually use those bytes at all, but valgrind still
-      complains.  */
-   memset(q, 0xfe, sizeof(*q));
+    /* This stops valgrind from complaining about writing uninitialized
+       data if the caller exports the context and writes it to a file.
+       We don't actually use those bytes at all, but valgrind still
+       complains.  */
+    memset(q, 0xfe, sizeof(*q));
 
-   q->do_replay = do_replay;
-   q->do_sequence = do_sequence;
-   q->mask = wide_nums ? ~(gssint_uint64)0 : 0xffffffffUL;
+    q->do_replay = do_replay;
+    q->do_sequence = do_sequence;
+    q->mask = wide_nums ? ~(gssint_uint64)0 : 0xffffffffUL;
 
-   q->start = 0;
-   q->length = 1;
-   q->firstnum = seqnum;
-   q->elem[q->start] = ((gssint_uint64)0 - 1) & q->mask;
+    q->start = 0;
+    q->length = 1;
+    q->firstnum = seqnum;
+    q->elem[q->start] = ((gssint_uint64)0 - 1) & q->mask;
 
-   *vqueue = (void *) q;
-   return(0);
+    *vqueue = (void *) q;
+    return(0);
 }
 
 gss_int32
 g_order_check(void **vqueue, gssint_uint64 seqnum)
 {
-   queue *q;
-   int i;
-   gssint_uint64 expected;
-
-   q = (queue *) (*vqueue);
-
-   if (!q->do_replay && !q->do_sequence)
-      return(GSS_S_COMPLETE);
-
-   /* All checks are done relative to the initial sequence number, to
-      avoid (or at least put off) the pain of wrapping.  */
-   seqnum -= q->firstnum;
-   /* If we're only doing 32-bit values, adjust for that again.
-
-      Note that this will probably be the wrong thing to if we get
-      2**32 messages sent with 32-bit sequence numbers.  */
-   seqnum &= q->mask;
-
-   /* rule 1: expected sequence number */
-
-   expected = (QELEM(q,q->start+q->length-1)+1) & q->mask;
-   if (seqnum == expected) { 
-      queue_insert(q, q->start+q->length-1, seqnum);
-      return(GSS_S_COMPLETE);
-   }
-
-   /* rule 2: > expected sequence number */
-
-   if ((seqnum > expected)) {
-      queue_insert(q, q->start+q->length-1, seqnum);
-      if (q->do_replay && !q->do_sequence)
-        return(GSS_S_COMPLETE);
-      else
-        return(GSS_S_GAP_TOKEN);
-   }
-
-   /* rule 3: seqnum < seqnum(first) */
-
-   if ((seqnum < QELEM(q,q->start)) &&
-       /* Is top bit of whatever width we're using set?
-
-         We used to check for greater than or equal to firstnum, but
-         (1) we've since switched to compute values relative to
-         firstnum, so the lowest we can have is 0, and (2) the effect
-         of the original scheme was highly dependent on whether
-         firstnum was close to either side of 0.  (Consider
-         firstnum==0xFFFFFFFE and we miss three packets; the next
-         packet is *new* but would look old.)
-
-          This check should give us 2**31 or 2**63 messages "new", and
-          just as many "old".  That's not quite right either.  */
-       (seqnum & (1 + (q->mask >> 1)))
-       ) {
-      if (q->do_replay && !q->do_sequence)
-        return(GSS_S_OLD_TOKEN);
-      else
-        return(GSS_S_UNSEQ_TOKEN);
-   }
-
-   /* rule 4+5: seqnum in [seqnum(first),seqnum(last)]  */
-
-   else {
-      if (seqnum == QELEM(q,q->start+q->length-1))
-        return(GSS_S_DUPLICATE_TOKEN);
-
-      for (i=q->start; i<q->start+q->length-1; i++) {
-        if (seqnum == QELEM(q,i))
-           return(GSS_S_DUPLICATE_TOKEN);
-        if ((seqnum > QELEM(q,i)) && (seqnum < QELEM(q,i+1))) {
-           queue_insert(q, i, seqnum);
-           if (q->do_replay && !q->do_sequence)
-              return(GSS_S_COMPLETE);
-           else
-              return(GSS_S_UNSEQ_TOKEN);
-        }
-      }
-   }
-
-   /* this should never happen */
-   return(GSS_S_FAILURE);
+    queue *q;
+    int i;
+    gssint_uint64 expected;
+
+    q = (queue *) (*vqueue);
+
+    if (!q->do_replay && !q->do_sequence)
+        return(GSS_S_COMPLETE);
+
+    /* All checks are done relative to the initial sequence number, to
+       avoid (or at least put off) the pain of wrapping.  */
+    seqnum -= q->firstnum;
+    /* If we're only doing 32-bit values, adjust for that again.
+
+    Note that this will probably be the wrong thing to if we get
+    2**32 messages sent with 32-bit sequence numbers.  */
+    seqnum &= q->mask;
+
+    /* rule 1: expected sequence number */
+
+    expected = (QELEM(q,q->start+q->length-1)+1) & q->mask;
+    if (seqnum == expected) {
+        queue_insert(q, q->start+q->length-1, seqnum);
+        return(GSS_S_COMPLETE);
+    }
+
+    /* rule 2: > expected sequence number */
+
+    if ((seqnum > expected)) {
+        queue_insert(q, q->start+q->length-1, seqnum);
+        if (q->do_replay && !q->do_sequence)
+            return(GSS_S_COMPLETE);
+        else
+            return(GSS_S_GAP_TOKEN);
+    }
+
+    /* rule 3: seqnum < seqnum(first) */
+
+    if ((seqnum < QELEM(q,q->start)) &&
+        /* Is top bit of whatever width we're using set?
+
+        We used to check for greater than or equal to firstnum, but
+        (1) we've since switched to compute values relative to
+        firstnum, so the lowest we can have is 0, and (2) the effect
+        of the original scheme was highly dependent on whether
+        firstnum was close to either side of 0.  (Consider
+        firstnum==0xFFFFFFFE and we miss three packets; the next
+        packet is *new* but would look old.)
+
+        This check should give us 2**31 or 2**63 messages "new", and
+        just as many "old".  That's not quite right either.  */
+        (seqnum & (1 + (q->mask >> 1)))
+    ) {
+        if (q->do_replay && !q->do_sequence)
+            return(GSS_S_OLD_TOKEN);
+        else
+            return(GSS_S_UNSEQ_TOKEN);
+    }
+
+    /* rule 4+5: seqnum in [seqnum(first),seqnum(last)]  */
+
+    else {
+        if (seqnum == QELEM(q,q->start+q->length-1))
+            return(GSS_S_DUPLICATE_TOKEN);
+
+        for (i=q->start; i<q->start+q->length-1; i++) {
+            if (seqnum == QELEM(q,i))
+                return(GSS_S_DUPLICATE_TOKEN);
+            if ((seqnum > QELEM(q,i)) && (seqnum < QELEM(q,i+1))) {
+                queue_insert(q, i, seqnum);
+                if (q->do_replay && !q->do_sequence)
+                    return(GSS_S_COMPLETE);
+                else
+                    return(GSS_S_UNSEQ_TOKEN);
+            }
+        }
+    }
+
+    /* this should never happen */
+    return(GSS_S_FAILURE);
 }
 
 void
 g_order_free(void **vqueue)
 {
-   queue *q;
-   
-   q = (queue *) (*vqueue);
+    queue *q;
 
-   free(q);
+    q = (queue *) (*vqueue);
 
-   *vqueue = NULL;
+    free(q);
+
+    *vqueue = NULL;
 }
 
 /*
@@ -226,11 +227,11 @@ gss_uint32
 g_queue_externalize(void *vqueue, unsigned char **buf, size_t *lenremain)
 {
     if (*lenremain < sizeof(queue))
-       return ENOMEM;
+        return ENOMEM;
     memcpy(*buf, vqueue, sizeof(queue));
     *buf += sizeof(queue);
     *lenremain -= sizeof(queue);
-    
+
     return 0;
 }
 
@@ -240,9 +241,9 @@ g_queue_internalize(void **vqueue, unsigned char **buf, size_t *lenremain)
     void *q;
 
     if (*lenremain < sizeof(queue))
-       return EINVAL;
+        return EINVAL;
     if ((q = malloc(sizeof(queue))) == 0)
-       return ENOMEM;
+        return ENOMEM;
     memcpy(q, *buf, sizeof(queue));
     *buf += sizeof(queue);
     *lenremain -= sizeof(queue);
index fea810852ccf1f1d9ab6bd88e0c6732a2021dbc1..d437f1ea78fcdb26fd39189c8fb4a2dbe41bcb27 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1995 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 #include "gssapiP_generic.h"
 
 struct _g_set_elt {
-   void *key;
-   void *value;
-   struct _g_set_elt *next;
+    void *key;
+    void *value;
+    struct _g_set_elt *next;
 };
 
 int g_set_init(g_set_elt *s)
 {
-   *s = NULL;
+    *s = NULL;
 
-   return(0);
+    return(0);
 }
 
 #if 0
 int g_set_destroy(g_set_elt *s)
 {
-   g_set next;
+    g_set next;
 
-   while (*s) {
-      next = (*s)->next;
-      free(*s);
-      *s = next;
-   }
+    while (*s) {
+        next = (*s)->next;
+        free(*s);
+        *s = next;
+    }
 
-   return(0);
+    return(0);
 }
 #endif
 
 int g_set_entry_add(g_set_elt *s, void *key, void *value)
 {
-   g_set_elt first;
+    g_set_elt first;
 
-   if ((first = (struct _g_set_elt *) malloc(sizeof(struct _g_set_elt))) == NULL)
-      return(ENOMEM);
+    if ((first = (struct _g_set_elt *) malloc(sizeof(struct _g_set_elt))) == NULL)
+        return(ENOMEM);
 
-   first->key = key;
-   first->value = value;
-   first->next = *s;
+    first->key = key;
+    first->value = value;
+    first->next = *s;
 
-   *s = first;
+    *s = first;
 
-   return(0);
+    return(0);
 }
 
 int g_set_entry_delete(g_set_elt *s, void *key)
 {
-   g_set_elt *p;
+    g_set_elt *p;
 
-   for (p=s; *p; p = &((*p)->next)) {
-      if ((*p)->key == key) {
-        g_set_elt next = (*p)->next;
-        free(*p);
-        *p = next;
+    for (p=s; *p; p = &((*p)->next)) {
+        if ((*p)->key == key) {
+            g_set_elt next = (*p)->next;
+            free(*p);
+            *p = next;
 
-        return(0);
-      }
-   }
+            return(0);
+        }
+    }
 
-   return(-1);
+    return(-1);
 }
 
 int g_set_entry_get(g_set_elt *s, void *key, void **value)
 {
-   g_set_elt p;
+    g_set_elt p;
 
-   for (p = *s; p; p = p->next) {
-      if (p->key == key) {
-        *value = p->value;
+    for (p = *s; p; p = p->next) {
+        if (p->key == key) {
+            *value = p->value;
 
-        return(0);
-      }
-   }
+            return(0);
+        }
+    }
 
-   *value = NULL;
+    *value = NULL;
 
-   return(-1);
+    return(-1);
 }
index 7b8dfed223894bde50ddad36ccd5de0530c437df..b37d9065dd69945f073b97837dac2b12e66caec1 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
    the interfaces, so the code can be fixed if the OSI namespace
    balloons unexpectedly. */
 
-/* Each token looks like this:
-
-0x60                           tag for APPLICATION 0, SEQUENCE
-                                       (constructed, definite-length)
-       <length>                possible multiple bytes, need to parse/generate
-       0x06                    tag for OBJECT IDENTIFIER
-               <moid_length>   compile-time constant string (assume 1 byte)
-               <moid_bytes>    compile-time constant string
-       <inner_bytes>           the ANY containing the application token
-                                       bytes 0,1 are the token type
-                                       bytes 2,n are the token data
-
-Note that the token type field is a feature of RFC 1964 mechanisms and
-is not used by other GSSAPI mechanisms.  As such, a token type of -1
-is interpreted to mean that no token type should be expected or
-generated. 
-
-For the purposes of this abstraction, the token "header" consists of
-the sequence tag and length octets, the mech OID DER encoding, and the
-first two inner bytes, which indicate the token type.  The token
-"body" consists of everything else.
-
-*/
-
-static unsigned int der_length_size(length)
-     int length;
+/*
+ * Each token looks like this:
+ * 0x60                 tag for APPLICATION 0, SEQUENCE
+ *                              (constructed, definite-length)
+ * <length>             possible multiple bytes, need to parse/generate
+ * 0x06                 tag for OBJECT IDENTIFIER
+ * <moid_length>        compile-time constant string (assume 1 byte)
+ * <moid_bytes>         compile-time constant string
+ * <inner_bytes>        the ANY containing the application token
+ * bytes 0,1 are the token type
+ * bytes 2,n are the token data
+ *
+ * Note that the token type field is a feature of RFC 1964 mechanisms and
+ * is not used by other GSSAPI mechanisms.  As such, a token type of -1
+ * is interpreted to mean that no token type should be expected or
+ * generated.
+ *
+ * For the purposes of this abstraction, the token "header" consists of
+ * the sequence tag and length octets, the mech OID DER encoding, and the
+ * first two inner bytes, which indicate the token type.  The token
+ * "body" consists of everything else.
+ */
+static unsigned int
+der_length_size(int length)
 {
-   if (length < (1<<7))
-      return(1);
-   else if (length < (1<<8))
-      return(2);
+    if (length < (1<<7))
+        return(1);
+    else if (length < (1<<8))
+        return(2);
 #if INT_MAX == 0x7fff
-   else
-       return(3);
+    else
+        return(3);
 #else
-   else if (length < (1<<16))
-      return(3);
-   else if (length < (1<<24))
-      return(4);
-   else
-      return(5);
+    else if (length < (1<<16))
+        return(3);
+    else if (length < (1<<24))
+        return(4);
+    else
+        return(5);
 #endif
 }
 
-static void der_write_length(buf, length)
-     unsigned char **buf;
-     int length;
+static void
+der_write_length(unsigned char **buf, int length)
 {
-   if (length < (1<<7)) {
-      *(*buf)++ = (unsigned char) length;
-   } else {
-      *(*buf)++ = (unsigned char) (der_length_size(length)+127);
+    if (length < (1<<7)) {
+        *(*buf)++ = (unsigned char) length;
+    } else {
+        *(*buf)++ = (unsigned char) (der_length_size(length)+127);
 #if INT_MAX > 0x7fff
-      if (length >= (1<<24))
-        *(*buf)++ = (unsigned char) (length>>24);
-      if (length >= (1<<16))
-        *(*buf)++ = (unsigned char) ((length>>16)&0xff);
+        if (length >= (1<<24))
+            *(*buf)++ = (unsigned char) (length>>24);
+        if (length >= (1<<16))
+            *(*buf)++ = (unsigned char) ((length>>16)&0xff);
 #endif
-      if (length >= (1<<8))
-        *(*buf)++ = (unsigned char) ((length>>8)&0xff);
-      *(*buf)++ = (unsigned char) (length&0xff);
-   }
+        if (length >= (1<<8))
+            *(*buf)++ = (unsigned char) ((length>>8)&0xff);
+        *(*buf)++ = (unsigned char) (length&0xff);
+    }
 }
 
 /* returns decoded length, or < 0 on failure.  Advances buf and
    decrements bufsize */
 
-static int der_read_length(buf, bufsize)
-     unsigned char **buf;
-     int *bufsize;
+static int
+der_read_length(unsigned char **buf, int *bufsize)
 {
-   unsigned char sf;
-   int ret;
-
-   if (*bufsize < 1)
-      return(-1);
-   sf = *(*buf)++;
-   (*bufsize)--;
-   if (sf & 0x80) {
-      if ((sf &= 0x7f) > ((*bufsize)-1))
-        return(-1);
-      if (sf > sizeof(int))
-         return (-1);
-      ret = 0;
-      for (; sf; sf--) {
-        ret = (ret<<8) + (*(*buf)++);
-        (*bufsize)--;
-      }
-   } else {
-      ret = sf;
-   }
-
-   return(ret);
+    unsigned char sf;
+    int ret;
+
+    if (*bufsize < 1)
+        return(-1);
+    sf = *(*buf)++;
+    (*bufsize)--;
+    if (sf & 0x80) {
+        if ((sf &= 0x7f) > ((*bufsize)-1))
+            return(-1);
+        if (sf > sizeof(int))
+            return (-1);
+        ret = 0;
+        for (; sf; sf--) {
+            ret = (ret<<8) + (*(*buf)++);
+            (*bufsize)--;
+        }
+    } else {
+        ret = sf;
+    }
+
+    return(ret);
 }
 
 /* returns the length of a token, given the mech oid and the body size */
 
-unsigned int g_token_size(mech, body_size)
-     const gss_OID_desc * mech;
-     unsigned int body_size;
+unsigned int
+g_token_size(const gss_OID_desc * mech, unsigned int body_size)
 {
-   /* set body_size to sequence contents size */
-   body_size += 4 + (int) mech->length;         /* NEED overflow check */
-   return(1 + der_length_size(body_size) + body_size);
+    /* set body_size to sequence contents size */
+    body_size += 4 + (int) mech->length;         /* NEED overflow check */
+    return(1 + der_length_size(body_size) + body_size);
 }
 
 /* fills in a buffer with the token header.  The buffer is assumed to
    be the right size.  buf is advanced past the token header */
 
-void g_make_token_header(mech, body_size, buf, tok_type)
-     const gss_OID_desc * mech;
-     unsigned int body_size;
-     unsigned char **buf;
-     int tok_type;
+void
+g_make_token_header(
+    const gss_OID_desc * mech,
+    unsigned int body_size,
+    unsigned char **buf,
+    int tok_type)
 {
-   *(*buf)++ = 0x60;
-   der_write_length(buf, (tok_type == -1) ?2:4 + mech->length + body_size);
-   *(*buf)++ = 0x06;
-   *(*buf)++ = (unsigned char) mech->length;
-   TWRITE_STR(*buf, mech->elements, mech->length);
-   if (tok_type != -1) {
-       *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
-       *(*buf)++ = (unsigned char) (tok_type&0xff);
-   }
+    *(*buf)++ = 0x60;
+    der_write_length(buf, (tok_type == -1) ?2:4 + mech->length + body_size);
+    *(*buf)++ = 0x06;
+    *(*buf)++ = (unsigned char) mech->length;
+    TWRITE_STR(*buf, mech->elements, mech->length);
+    if (tok_type != -1) {
+        *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
+        *(*buf)++ = (unsigned char) (tok_type&0xff);
+    }
 }
 
 /*
@@ -170,63 +167,63 @@ void g_make_token_header(mech, body_size, buf, tok_type)
  * *body_size are left unmodified on error.
  */
 
-gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in,
-                               wrapper_required)
-     const gss_OID_desc * mech;
-     unsigned int *body_size;
-     unsigned char **buf_in;
-     int tok_type;
-     unsigned int toksize_in;
-     int wrapper_required;
+gss_int32
+g_verify_token_header(
+    const gss_OID_desc * mech,
+    unsigned int *body_size,
+    unsigned char **buf_in,
+    int tok_type,
+    unsigned int toksize_in,
+    int wrapper_required)
 {
-   unsigned char *buf = *buf_in;
-   int seqsize;
-   gss_OID_desc toid;
-   int toksize = toksize_in;
-
-   if ((toksize-=1) < 0)
-      return(G_BAD_TOK_HEADER);
-   if (*buf++ != 0x60) {
-       if (wrapper_required)
-          return(G_BAD_TOK_HEADER);
-       buf--;
-       toksize++;
-       goto skip_wrapper;
-   }
-
-   if ((seqsize = der_read_length(&buf, &toksize)) < 0)
-      return(G_BAD_TOK_HEADER);
-
-   if (seqsize != toksize)
-      return(G_BAD_TOK_HEADER);
-
-   if ((toksize-=1) < 0)
-      return(G_BAD_TOK_HEADER);
-   if (*buf++ != 0x06)
-      return(G_BAD_TOK_HEADER);
-   if ((toksize-=1) < 0)
-      return(G_BAD_TOK_HEADER);
-   toid.length = *buf++;
-
-   if ((toksize-=toid.length) < 0)
-      return(G_BAD_TOK_HEADER);
-   toid.elements = buf;
-   buf+=toid.length;
-
-   if (! g_OID_equal(&toid, mech)) 
-       return  G_WRONG_MECH;
+    unsigned char *buf = *buf_in;
+    int seqsize;
+    gss_OID_desc toid;
+    int toksize = toksize_in;
+
+    if ((toksize-=1) < 0)
+        return(G_BAD_TOK_HEADER);
+    if (*buf++ != 0x60) {
+        if (wrapper_required)
+            return(G_BAD_TOK_HEADER);
+        buf--;
+        toksize++;
+        goto skip_wrapper;
+    }
+
+    if ((seqsize = der_read_length(&buf, &toksize)) < 0)
+        return(G_BAD_TOK_HEADER);
+
+    if (seqsize != toksize)
+        return(G_BAD_TOK_HEADER);
+
+    if ((toksize-=1) < 0)
+        return(G_BAD_TOK_HEADER);
+    if (*buf++ != 0x06)
+        return(G_BAD_TOK_HEADER);
+
+    if ((toksize-=1) < 0)
+        return(G_BAD_TOK_HEADER);
+    toid.length = *buf++;
+
+    if ((toksize-=toid.length) < 0)
+        return(G_BAD_TOK_HEADER);
+    toid.elements = buf;
+    buf+=toid.length;
+
+    if (! g_OID_equal(&toid, mech))
+        return  G_WRONG_MECH;
 skip_wrapper:
-   if (tok_type != -1) {
-       if ((toksize-=2) < 0)
-          return(G_BAD_TOK_HEADER);
-
-       if ((*buf++ != ((tok_type>>8)&0xff)) ||
-          (*buf++ != (tok_type&0xff)))
-          return(G_WRONG_TOKID);
-   }
-   *buf_in = buf;
-   *body_size = toksize;
-
-   return 0;
+    if (tok_type != -1) {
+        if ((toksize-=2) < 0)
+            return(G_BAD_TOK_HEADER);
+
+        if ((*buf++ != ((tok_type>>8)&0xff)) ||
+            (*buf++ != (tok_type&0xff)))
+            return(G_WRONG_TOKID);
+    }
+    *buf_in = buf;
+    *body_size = toksize;
+
+    return 0;
 }
index bb9d0d2ecff358eaeff83ad2d67f9125344b286f..24a1bc5189e2f2abddeb04e31607299395153857 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -45,193 +46,193 @@ static const int one = 1;
 static const DBT dbtone = { (void *) &one, sizeof(one) };
 
 typedef struct _vkey {
-   int type;
-   void *ptr;
+    int type;
+    void *ptr;
 } vkey;
 #endif
 
-#define V_NAME         1
-#define V_CRED_ID      2
-#define V_CTX_ID       3
-#define V_LCTX_ID      4
+#define V_NAME          1
+#define V_CRED_ID       2
+#define V_CTX_ID        3
+#define V_LCTX_ID       4
 
 /* All these functions return 0 on failure, and non-zero on success */
 
 static int g_save(db, type, ptr)
-     g_set *db;
+    g_set *db;
 #ifdef HAVE_BSD_DB
-     int type;
+    int type;
 #else
-     void *type;
+    void *type;
 #endif
-     void *ptr;
+    void *ptr;
 {
-   int ret;
+    int ret;
 #ifdef HAVE_BSD_DB
-   DB **vdb;
-   vkey vk;
-   DBT key;
+    DB **vdb;
+    vkey vk;
+    DBT key;
 
-   ret = gssint_initialize_library();
-   if (ret)
-       return 0;
-   ret = k5_mutex_lock(&db->mutex);
-   if (ret)
-       return 0;
+    ret = gssint_initialize_library();
+    if (ret)
+        return 0;
+    ret = k5_mutex_lock(&db->mutex);
+    if (ret)
+        return 0;
 
-   vdb = (DB **) &db->data;
+    vdb = (DB **) &db->data;
 
-   if (!*vdb)
-      *vdb = dbopen(NULL, O_CREAT|O_RDWR, O_CREAT|O_RDWR, DB_HASH, NULL);
+    if (!*vdb)
+        *vdb = dbopen(NULL, O_CREAT|O_RDWR, O_CREAT|O_RDWR, DB_HASH, NULL);
 
-   vk.type = type;
-   vk.ptr = ptr;
+    vk.type = type;
+    vk.ptr = ptr;
 
-   key.data = &vk;
-   key.size = sizeof(vk);
+    key.data = &vk;
+    key.size = sizeof(vk);
 
-   ret = ((*((*vdb)->put))(*vdb, &key, &dbtone, 0) == 0);
-   k5_mutex_unlock(&db->mutex);
-   return ret;
+    ret = ((*((*vdb)->put))(*vdb, &key, &dbtone, 0) == 0);
+    k5_mutex_unlock(&db->mutex);
+    return ret;
 #else
-   g_set_elt *gs;
-
-   ret = gssint_initialize_library();
-   if (ret)
-       return 0;
-   ret = k5_mutex_lock(&db->mutex);
-   if (ret)
-       return 0;
-
-   gs = (g_set_elt *) &db->data;
-
-   if (!*gs)
-      if (g_set_init(gs)) {
-        k5_mutex_unlock(&db->mutex);
-        return(0);
-      }
-
-   ret = (g_set_entry_add(gs, ptr, type) == 0);
-   k5_mutex_unlock(&db->mutex);
-   return ret;
+    g_set_elt *gs;
+
+    ret = gssint_initialize_library();
+    if (ret)
+        return 0;
+    ret = k5_mutex_lock(&db->mutex);
+    if (ret)
+        return 0;
+
+    gs = (g_set_elt *) &db->data;
+
+    if (!*gs)
+        if (g_set_init(gs)) {
+            k5_mutex_unlock(&db->mutex);
+            return(0);
+        }
+
+    ret = (g_set_entry_add(gs, ptr, type) == 0);
+    k5_mutex_unlock(&db->mutex);
+    return ret;
 #endif
 }
 
 static int g_validate(db, type, ptr)
-     g_set *db;
+    g_set *db;
 #ifdef HAVE_BSD_DB
-     int type;
+    int type;
 #else
-     void *type;
+    void *type;
 #endif
-     void *ptr;
+    void *ptr;
 {
-   int ret;
+    int ret;
 #ifdef HAVE_BSD_DB
-   DB **vdb;
-   vkey vk;
-   DBT key, value;
-
-   ret = k5_mutex_lock(&db->mutex);
-   if (ret)
-       return 0;
-
-   vdb = (DB **) &db->data;
-   if (!*vdb) {
-      k5_mutex_unlock(&db->mutex);
-      return(0);
-   }
-
-   vk.type = type;
-   vk.ptr = ptr;
-
-   key.data = &vk;
-   key.size = sizeof(vk);
-
-   if ((*((*vdb)->get))(*vdb, &key, &value, 0)) {
-      k5_mutex_unlock(&db->mutex);
-      return(0);
-   }
-
-   k5_mutex_unlock(&db->mutex);
-   return((value.size == sizeof(one)) &&
-         (*((int *) value.data) == one));
+    DB **vdb;
+    vkey vk;
+    DBT key, value;
+
+    ret = k5_mutex_lock(&db->mutex);
+    if (ret)
+        return 0;
+
+    vdb = (DB **) &db->data;
+    if (!*vdb) {
+        k5_mutex_unlock(&db->mutex);
+        return(0);
+    }
+
+    vk.type = type;
+    vk.ptr = ptr;
+
+    key.data = &vk;
+    key.size = sizeof(vk);
+
+    if ((*((*vdb)->get))(*vdb, &key, &value, 0)) {
+        k5_mutex_unlock(&db->mutex);
+        return(0);
+    }
+
+    k5_mutex_unlock(&db->mutex);
+    return((value.size == sizeof(one)) &&
+           (*((int *) value.data) == one));
 #else
-   g_set_elt *gs;
-   void *value;
-
-   ret = k5_mutex_lock(&db->mutex);
-   if (ret)
-       return 0;
-
-   gs = (g_set_elt *) &db->data;
-   if (!*gs) {
-      k5_mutex_unlock(&db->mutex);
-      return(0);
-   }
-
-   if (g_set_entry_get(gs, ptr, (void **) &value)) {
-      k5_mutex_unlock(&db->mutex);
-      return(0);
-   }
-   k5_mutex_unlock(&db->mutex);
-   return(value == type);
+    g_set_elt *gs;
+    void *value;
+
+    ret = k5_mutex_lock(&db->mutex);
+    if (ret)
+        return 0;
+
+    gs = (g_set_elt *) &db->data;
+    if (!*gs) {
+        k5_mutex_unlock(&db->mutex);
+        return(0);
+    }
+
+    if (g_set_entry_get(gs, ptr, (void **) &value)) {
+        k5_mutex_unlock(&db->mutex);
+        return(0);
+    }
+    k5_mutex_unlock(&db->mutex);
+    return(value == type);
 #endif
 }
 
 static int g_delete(db, type, ptr)
-     g_set *db;
+    g_set *db;
 #ifdef HAVE_BSD_DB
-     int type;
+    int type;
 #else
-     void *type;
+    void *type;
 #endif
-     void *ptr;
+    void *ptr;
 {
-   int ret;
+    int ret;
 #ifdef HAVE_BSD_DB
-   DB **vdb;
-   vkey vk;
-   DBT key;
+    DB **vdb;
+    vkey vk;
+    DBT key;
 
-   ret = k5_mutex_lock(&db->mutex);
-   if (ret)
-       return 0;
+    ret = k5_mutex_lock(&db->mutex);
+    if (ret)
+        return 0;
 
-   vdb = (DB **) &db->data;
-   if (!*vdb) {
-      k5_mutex_unlock(&db->mutex);
-      return(0);
-   }
+    vdb = (DB **) &db->data;
+    if (!*vdb) {
+        k5_mutex_unlock(&db->mutex);
+        return(0);
+    }
 
-   vk.type = type;
-   vk.ptr = ptr;
+    vk.type = type;
+    vk.ptr = ptr;
 
-   key.data = &vk;
-   key.size = sizeof(vk);
+    key.data = &vk;
+    key.size = sizeof(vk);
 
-   ret = ((*((*vdb)->del))(*vdb, &key, 0) == 0);
-   k5_mutex_unlock(&db->mutex);
-   return ret;
+    ret = ((*((*vdb)->del))(*vdb, &key, 0) == 0);
+    k5_mutex_unlock(&db->mutex);
+    return ret;
 #else
-   g_set_elt *gs;
-
-   ret = k5_mutex_lock(&db->mutex);
-   if (ret)
-       return 0;
-
-   gs = (g_set_elt *) &db->data;
-   if (!*gs) {
-      k5_mutex_unlock(&db->mutex);
-      return(0);
-   }
-
-   if (g_set_entry_delete(gs, ptr)) {
-      k5_mutex_unlock(&db->mutex);
-      return(0);
-   }
-   k5_mutex_unlock(&db->mutex);
-   return(1);
+    g_set_elt *gs;
+
+    ret = k5_mutex_lock(&db->mutex);
+    if (ret)
+        return 0;
+
+    gs = (g_set_elt *) &db->data;
+    if (!*gs) {
+        k5_mutex_unlock(&db->mutex);
+        return(0);
+    }
+
+    if (g_set_entry_delete(gs, ptr)) {
+        k5_mutex_unlock(&db->mutex);
+        return(0);
+    }
+    k5_mutex_unlock(&db->mutex);
+    return(1);
 #endif
 }
 
@@ -240,82 +241,81 @@ static int g_delete(db, type, ptr)
 /* save */
 
 int g_save_name(vdb, name)
-     g_set *vdb;
-     gss_name_t name;
+    g_set *vdb;
+    gss_name_t name;
 {
-   return(g_save(vdb, V_NAME, (void *) name));
+    return(g_save(vdb, V_NAME, (void *) name));
 }
 int g_save_cred_id(vdb, cred)
-     g_set *vdb;
-     gss_cred_id_t cred;
+    g_set *vdb;
+    gss_cred_id_t cred;
 {
-   return(g_save(vdb, V_CRED_ID, (void *) cred));
+    return(g_save(vdb, V_CRED_ID, (void *) cred));
 }
 int g_save_ctx_id(vdb, ctx)
-     g_set *vdb;
-     gss_ctx_id_t ctx;
+    g_set *vdb;
+    gss_ctx_id_t ctx;
 {
-   return(g_save(vdb, V_CTX_ID, (void *) ctx));
+    return(g_save(vdb, V_CTX_ID, (void *) ctx));
 }
 int g_save_lucidctx_id(vdb, lctx)
-     g_set *vdb;
-     void *lctx;
+    g_set *vdb;
+    void *lctx;
 {
-   return(g_save(vdb, V_LCTX_ID, (void *) lctx));
+    return(g_save(vdb, V_LCTX_ID, (void *) lctx));
 }
 
 
 /* validate */
 
 int g_validate_name(vdb, name)
-     g_set *vdb;
-     gss_name_t name;
+    g_set *vdb;
+    gss_name_t name;
 {
-   return(g_validate(vdb, V_NAME, (void *) name));
+    return(g_validate(vdb, V_NAME, (void *) name));
 }
 int g_validate_cred_id(vdb, cred)
-     g_set *vdb;
-     gss_cred_id_t cred;
+    g_set *vdb;
+    gss_cred_id_t cred;
 {
-   return(g_validate(vdb, V_CRED_ID, (void *) cred));
+    return(g_validate(vdb, V_CRED_ID, (void *) cred));
 }
 int g_validate_ctx_id(vdb, ctx)
-     g_set *vdb;
-     gss_ctx_id_t ctx;
+    g_set *vdb;
+    gss_ctx_id_t ctx;
 {
-   return(g_validate(vdb, V_CTX_ID, (void *) ctx));
+    return(g_validate(vdb, V_CTX_ID, (void *) ctx));
 }
 int g_validate_lucidctx_id(vdb, lctx)
-     g_set *vdb;
-     void *lctx;
+    g_set *vdb;
+    void *lctx;
 {
-   return(g_validate(vdb, V_LCTX_ID, (void *) lctx));
+    return(g_validate(vdb, V_LCTX_ID, (void *) lctx));
 }
 
 /* delete */
 
 int g_delete_name(vdb, name)
-     g_set *vdb;
-     gss_name_t name;
+    g_set *vdb;
+    gss_name_t name;
 {
-   return(g_delete(vdb, V_NAME, (void *) name));
+    return(g_delete(vdb, V_NAME, (void *) name));
 }
 int g_delete_cred_id(vdb, cred)
-     g_set *vdb;
-     gss_cred_id_t cred;
+    g_set *vdb;
+    gss_cred_id_t cred;
 {
-   return(g_delete(vdb, V_CRED_ID, (void *) cred));
+    return(g_delete(vdb, V_CRED_ID, (void *) cred));
 }
 int g_delete_ctx_id(vdb, ctx)
-     g_set *vdb;
-     gss_ctx_id_t ctx;
+    g_set *vdb;
+    gss_ctx_id_t ctx;
 {
-   return(g_delete(vdb, V_CTX_ID, (void *) ctx));
+    return(g_delete(vdb, V_CTX_ID, (void *) ctx));
 }
 int g_delete_lucidctx_id(vdb, lctx)
-     g_set *vdb;
-     void *lctx;
+    g_set *vdb;
+    void *lctx;
 {
-   return(g_delete(vdb, V_LCTX_ID, (void *) lctx));
+    return(g_delete(vdb, V_LCTX_ID, (void *) lctx));
 }
-
index da20b71d6f04d24534bec4dfa5f6a0244b3fdb76..d221b3722efb10a344f4173ebd345a8796f035df 100644 (file)
@@ -1,7 +1,8 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  *  Copyright 1990,1994 by the Massachusetts Institute of Technology.
  *  All Rights Reserved.
- * 
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
@@ -20,7 +21,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 /*
 /* save */
 
 int g_save_name(vdb, name)
-     void **vdb;
-     gss_name_t *name;
+    void **vdb;
+    gss_name_t *name;
 {
-       return 1;
+    return 1;
 }
 int g_save_cred_id(vdb, cred)
-     void **vdb;
-     gss_cred_id_t *cred;
+    void **vdb;
+    gss_cred_id_t *cred;
 {
-       return 1;
+    return 1;
 }
 int g_save_ctx_id(vdb, ctx)
-     void **vdb;
-     gss_ctx_id_t *ctx;
+    void **vdb;
+    gss_ctx_id_t *ctx;
 {
-       return 1;
+    return 1;
 }
 int g_save_lucidctx_id(vdb, lctx)
-     void **vdb;
-     void *lctx;
+    void **vdb;
+    void *lctx;
 {
-       return 1;
+    return 1;
 }
 
 /* validate */
 
 int g_validate_name(vdb, name)
-     void **vdb;
-     gss_name_t *name;
+    void **vdb;
+    gss_name_t *name;
 {
-       return 1;
+    return 1;
 }
 int g_validate_cred_id(vdb, cred)
-     void **vdb;
-     gss_cred_id_t *cred;
+    void **vdb;
+    gss_cred_id_t *cred;
 {
-       return 1;
+    return 1;
 }
 int g_validate_ctx_id(vdb, ctx)
-     void **vdb;
-     gss_ctx_id_t *ctx;
+    void **vdb;
+    gss_ctx_id_t *ctx;
 {
-       return 1;
+    return 1;
 }
 int g_validate_lucidctx_id(vdb, lctx)
-     void **vdb;
-     void *lctx;
+    void **vdb;
+    void *lctx;
 {
-       return 1;
+    return 1;
 }
 
 /* delete */
 
 int g_delete_name(vdb, name)
-     void **vdb;
-     gss_name_t *name;
+    void **vdb;
+    gss_name_t *name;
 {
-       return 1;
+    return 1;
 }
 int g_delete_cred_id(vdb, cred)
-     void **vdb;
-     gss_cred_id_t *cred;
+    void **vdb;
+    gss_cred_id_t *cred;
 {
-       return 1;
+    return 1;
 }
 int g_delete_ctx_id(vdb, ctx)
-     void **vdb;
-     gss_ctx_id_t *ctx;
+    void **vdb;
+    gss_ctx_id_t *ctx;
 {
-       return 1;
+    return 1;
 }
 int g_delete_lucidctx_id(vdb, lctx)
-     void **vdb;
-     void *lctx;
+    void **vdb;
+    void *lctx;
 {
-       return 1;
+    return 1;
 }
-
index cdffb77290b4db8116970a06db8ea593f5bf7b32..82e620d2db25b918b87d4862bafadd6dc660f444 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 #include <assert.h>
 
 #include "gssapi_err_generic.h"
@@ -30,29 +31,29 @@ int gssint_lib_init(void)
 
     err = gssint_mechglue_init();
     if (err)
-       return err;
+        return err;
 #ifndef LEAN_CLIENT
     err = k5_mutex_finish_init(&gssint_krb5_keytab_lock);
     if (err)
-       return err;
+        return err;
 #endif /* LEAN_CLIENT */
     err = k5_key_register(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, free);
     if (err)
-       return err;
+        return err;
     err = k5_key_register(K5_KEY_GSS_KRB5_CCACHE_NAME, free);
     if (err)
-       return err;
+        return err;
     err = k5_key_register(K5_KEY_GSS_KRB5_ERROR_MESSAGE,
-                         krb5_gss_delete_error_info);
+                          krb5_gss_delete_error_info);
     if (err)
-       return err;
+        return err;
     err = gssint_mecherrmap_init();
     if (err)
-       return err;
+        return err;
 #ifndef _WIN32
     err = k5_mutex_finish_init(&kg_kdc_flag_mutex);
     if (err)
-       return err;
+        return err;
 #endif
     return k5_mutex_finish_init(&kg_vdb.mutex);
 }
@@ -61,9 +62,9 @@ void gssint_lib_fini(void)
 {
     if (!INITIALIZER_RAN(gssint_lib_init) || PROGRAM_EXITING()) {
 #ifdef SHOW_INITFINI_FUNCS
-       printf("gssint_lib_fini: skipping\n");
+        printf("gssint_lib_fini: skipping\n");
 #endif
-       return;
+        return;
     }
 #ifdef SHOW_INITFINI_FUNCS
     printf("gssint_lib_fini\n");
index 5a366042635ac58957eeef13e1b0b6dc405e302d..11849923c63b9eeaac59662a8204d6af7eca42f6 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 #ifndef GSSAPI_LIBINIT_H
 #define GSSAPI_LIBINIT_H
 
index 3ae460e1fbd789d5232a54bbc6b77f751d576930..8d01f5e674bcdb8af1a57f5506c2a4b14ab840fb 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2004, 2007, 2008  by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -34,7 +35,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -64,7 +65,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -84,7 +85,7 @@
 #define CFX_ACCEPTOR_SUBKEY 1
 #endif
 
-#ifndef LEAN_CLIENT 
+#ifndef LEAN_CLIENT
 
 /* Decode, decrypt and store the forwarded creds in the local ccache. */
 static krb5_error_code
@@ -99,91 +100,91 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
     krb5_ccache ccache = NULL;
     krb5_gss_cred_id_t cred = NULL;
     krb5_auth_context new_auth_ctx = NULL;
-       krb5_int32 flags_org;
-
-       if ((retval = krb5_auth_con_getflags(context, auth_context, &flags_org)))
-               return retval;
-       krb5_auth_con_setflags(context, auth_context,
-                              0);
-
-       /*
-        * By the time krb5_rd_cred is called here (after krb5_rd_req has been
-        * called in krb5_gss_accept_sec_context), the "keyblock" field of
-        * auth_context contains a pointer to the session key, and the
-        * "recv_subkey" field might contain a session subkey.  Either of
-        * these (the "recv_subkey" if it isn't NULL, otherwise the
-        * "keyblock") might have been used to encrypt the encrypted part of
-        * the KRB_CRED message that contains the forwarded credentials.  (The
-        * Java Crypto and Security Implementation from the DSTC in Australia
-        * always uses the session key.  But apparently it never negotiates a
-        * subkey, so this code works fine against a JCSI client.)  Up to the
-        * present, though, GSSAPI clients linked against the MIT code (which
-        * is almost all GSSAPI clients) don't encrypt the KRB_CRED message at
-        * all -- at this level.  So if the first call to krb5_rd_cred fails,
-        * we should call it a second time with another auth context freshly
-        * created by krb5_auth_con_init.  All of its keyblock fields will be
-        * NULL, so krb5_rd_cred will assume that the KRB_CRED message is
-        * unencrypted.  (The MIT code doesn't actually send the KRB_CRED
-        * message in the clear -- the "authenticator" whose "checksum" ends up
-        * containing the KRB_CRED message does get encrypted.)
-        */
-       if (krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)) {
-               if ((retval = krb5_auth_con_init(context, &new_auth_ctx)))
-                       goto cleanup;
-               krb5_auth_con_setflags(context, new_auth_ctx, 0);
-               if ((retval = krb5_rd_cred(context, new_auth_ctx, inbuf,
-                                          &creds, NULL)))
-                       goto cleanup;
-               }
+    krb5_int32 flags_org;
+
+    if ((retval = krb5_auth_con_getflags(context, auth_context, &flags_org)))
+        return retval;
+    krb5_auth_con_setflags(context, auth_context,
+                           0);
+
+    /*
+     * By the time krb5_rd_cred is called here (after krb5_rd_req has been
+     * called in krb5_gss_accept_sec_context), the "keyblock" field of
+     * auth_context contains a pointer to the session key, and the
+     * "recv_subkey" field might contain a session subkey.  Either of
+     * these (the "recv_subkey" if it isn't NULL, otherwise the
+     * "keyblock") might have been used to encrypt the encrypted part of
+     * the KRB_CRED message that contains the forwarded credentials.  (The
+     * Java Crypto and Security Implementation from the DSTC in Australia
+     * always uses the session key.  But apparently it never negotiates a
+     * subkey, so this code works fine against a JCSI client.)  Up to the
+     * present, though, GSSAPI clients linked against the MIT code (which
+     * is almost all GSSAPI clients) don't encrypt the KRB_CRED message at
+     * all -- at this level.  So if the first call to krb5_rd_cred fails,
+     * we should call it a second time with another auth context freshly
+     * created by krb5_auth_con_init.  All of its keyblock fields will be
+     * NULL, so krb5_rd_cred will assume that the KRB_CRED message is
+     * unencrypted.  (The MIT code doesn't actually send the KRB_CRED
+     * message in the clear -- the "authenticator" whose "checksum" ends up
+     * containing the KRB_CRED message does get encrypted.)
+     */
+    if (krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)) {
+        if ((retval = krb5_auth_con_init(context, &new_auth_ctx)))
+            goto cleanup;
+        krb5_auth_con_setflags(context, new_auth_ctx, 0);
+        if ((retval = krb5_rd_cred(context, new_auth_ctx, inbuf,
+                                   &creds, NULL)))
+            goto cleanup;
+    }
 
     if ((retval = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache))) {
-       ccache = NULL;
+        ccache = NULL;
         goto cleanup;
     }
 
     if ((retval = krb5_cc_initialize(context, ccache, creds[0]->client)))
-       goto cleanup;
+        goto cleanup;
 
     if ((retval = krb5_cc_store_cred(context, ccache, creds[0])))
-       goto cleanup;
+        goto cleanup;
 
     /* generate a delegated credential handle */
     if (out_cred) {
-       /* allocate memory for a cred_t... */
-       if (!(cred =
-             (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec)))) {
-           retval = ENOMEM; /* out of memory? */
-           goto cleanup;
-       }
-
-       /* zero it out... */
-       memset(cred, 0, sizeof(krb5_gss_cred_id_rec));
-
-       retval = k5_mutex_init(&cred->lock);
-       if (retval) {
-           xfree(cred);
-           cred = NULL;
-           goto cleanup;
-       }
-
-       /* copy the client principle into it... */
-       if ((retval =
-            krb5_copy_principal(context, creds[0]->client, &(cred->princ)))) {
-           k5_mutex_destroy(&cred->lock);
-           retval = ENOMEM; /* out of memory? */
-           xfree(cred); /* clean up memory on failure */
-           cred = NULL;
-           goto cleanup;
-       }
-
-       cred->usage = GSS_C_INITIATE; /* we can't accept with this */
-       /* cred->princ already set */
-       cred->prerfc_mech = 1; /* this cred will work with all three mechs */
-       cred->rfc_mech = 1;
-       cred->keytab = NULL; /* no keytab associated with this... */
-       cred->tgt_expire = creds[0]->times.endtime; /* store the end time */
-       cred->ccache = ccache; /* the ccache containing the credential */
-       ccache = NULL; /* cred takes ownership so don't destroy */
+        /* allocate memory for a cred_t... */
+        if (!(cred =
+              (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec)))) {
+            retval = ENOMEM; /* out of memory? */
+            goto cleanup;
+        }
+
+        /* zero it out... */
+        memset(cred, 0, sizeof(krb5_gss_cred_id_rec));
+
+        retval = k5_mutex_init(&cred->lock);
+        if (retval) {
+            xfree(cred);
+            cred = NULL;
+            goto cleanup;
+        }
+
+        /* copy the client principle into it... */
+        if ((retval =
+             krb5_copy_principal(context, creds[0]->client, &(cred->princ)))) {
+            k5_mutex_destroy(&cred->lock);
+            retval = ENOMEM; /* out of memory? */
+            xfree(cred); /* clean up memory on failure */
+            cred = NULL;
+            goto cleanup;
+        }
+
+        cred->usage = GSS_C_INITIATE; /* we can't accept with this */
+        /* cred->princ already set */
+        cred->prerfc_mech = 1; /* this cred will work with all three mechs */
+        cred->rfc_mech = 1;
+        cred->keytab = NULL; /* no keytab associated with this... */
+        cred->tgt_expire = creds[0]->times.endtime; /* store the end time */
+        cred->ccache = ccache; /* the ccache containing the credential */
+        ccache = NULL; /* cred takes ownership so don't destroy */
     }
 
     /* If there were errors, there might have been a memory leak
@@ -193,16 +194,16 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
     */
 cleanup:
     if (creds)
-       krb5_free_tgt_creds(context, creds);
+        krb5_free_tgt_creds(context, creds);
 
     if (ccache)
-       (void)krb5_cc_destroy(context, ccache);
+        (void)krb5_cc_destroy(context, ccache);
 
     if (out_cred)
-       *out_cred = cred; /* return credential */
+        *out_cred = cred; /* return credential */
 
     if (new_auth_ctx)
-       krb5_auth_con_free(context, new_auth_ctx);
+        krb5_auth_con_free(context, new_auth_ctx);
 
     krb5_auth_con_setflags(context, auth_context, flags_org);
 
@@ -211,286 +212,286 @@ cleanup:
 
 
 OM_uint32
-krb5_gss_accept_sec_context(minor_status, context_handle, 
-                           verifier_cred_handle, input_token,
-                           input_chan_bindings, src_name, mech_type,
-                           output_token, ret_flags, time_rec,
-                           delegated_cred_handle)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t *context_handle;
-     gss_cred_id_t verifier_cred_handle;
-     gss_buffer_t input_token;
-     gss_channel_bindings_t input_chan_bindings;
-     gss_name_t *src_name;
-     gss_OID *mech_type;
-     gss_buffer_t output_token;
-     OM_uint32 *ret_flags;
-     OM_uint32 *time_rec;
-     gss_cred_id_t *delegated_cred_handle;
+krb5_gss_accept_sec_context(minor_status, context_handle,
+                            verifier_cred_handle, input_token,
+                            input_chan_bindings, src_name, mech_type,
+                            output_token, ret_flags, time_rec,
+                            delegated_cred_handle)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t *context_handle;
+    gss_cred_id_t verifier_cred_handle;
+    gss_buffer_t input_token;
+    gss_channel_bindings_t input_chan_bindings;
+    gss_name_t *src_name;
+    gss_OID *mech_type;
+    gss_buffer_t output_token;
+    OM_uint32 *ret_flags;
+    OM_uint32 *time_rec;
+    gss_cred_id_t *delegated_cred_handle;
 {
-   krb5_context context;
-   unsigned char *ptr, *ptr2;
-   char *sptr;
-   long tmp;
-   size_t md5len;
-   int bigend;
-   krb5_gss_cred_id_t cred = 0;
-   krb5_data ap_rep, ap_req;
-   unsigned int i;
-   krb5_error_code code;
-   krb5_address addr, *paddr;
-   krb5_authenticator *authdat = 0;
-   krb5_checksum reqcksum;
-   krb5_principal name = NULL;
-   krb5_ui_4 gss_flags = 0;
-   int decode_req_message = 0;
-   krb5_gss_ctx_id_rec *ctx = 0;
-   krb5_timestamp now;
-   gss_buffer_desc token;
-   krb5_auth_context auth_context = NULL;
-   krb5_ticket * ticket = NULL;
-   int option_id;
-   krb5_data option;
-   const gss_OID_desc *mech_used = NULL;
-   OM_uint32 major_status = GSS_S_FAILURE;
-   OM_uint32 tmp_minor_status;
-   krb5_error krb_error_data;
-   krb5_data scratch;
-   gss_cred_id_t cred_handle = NULL;
-   krb5_gss_cred_id_t deleg_cred = NULL;
-   krb5int_access kaccess;
-   int cred_rcache = 0;
-
-   code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
-   if (code) {
-       *minor_status = code;
-       return(GSS_S_FAILURE);
-   }
-
-   code = krb5_gss_init_context(&context);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
-
-   /* set up returns to be freeable */
-
-   if (src_name)
-      *src_name = (gss_name_t) NULL;
-   output_token->length = 0;
-   output_token->value = NULL;
-   token.value = 0;
-   reqcksum.contents = 0;
-   ap_req.data = 0;
-   ap_rep.data = 0;
-   
-   if (mech_type)
-      *mech_type = GSS_C_NULL_OID;
-   /* return a bogus cred handle */
-   if (delegated_cred_handle)
-      *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-
-   /*
-    * Context handle must be unspecified.  Actually, it must be
-    * non-established, but currently, accept_sec_context never returns
-    * a non-established context handle.
-    */
-   /*SUPPRESS 29*/
-   if (*context_handle != GSS_C_NO_CONTEXT) {
-      *minor_status = EINVAL;
-      save_error_string(EINVAL, "accept_sec_context called with existing context handle");
-      krb5_free_context(context);
-      return(GSS_S_FAILURE);
-   }
-
-   /* handle default cred handle */
-   if (verifier_cred_handle == GSS_C_NO_CREDENTIAL) {
-       major_status = krb5_gss_acquire_cred(minor_status, GSS_C_NO_NAME,
-                                           GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
-                                           GSS_C_ACCEPT, &cred_handle,
-                                           NULL, NULL);
-       if (major_status != GSS_S_COMPLETE) {
-          code = *minor_status;
-          goto fail;
-       }
-   } else {
-       major_status = krb5_gss_validate_cred(minor_status,
-                                            verifier_cred_handle);
-       if (GSS_ERROR(major_status)) {
-          code = *minor_status;
-          goto fail;
-       }
-       cred_handle = verifier_cred_handle;
-   }
-
-   cred = (krb5_gss_cred_id_t) cred_handle;
-
-   /* make sure the supplied credentials are valid for accept */
-
-   if ((cred->usage != GSS_C_ACCEPT) &&
-       (cred->usage != GSS_C_BOTH)) {
-       code = 0;
-       major_status = GSS_S_NO_CRED;
-       goto fail;
-   }
-
-   /* verify the token's integrity, and leave the token in ap_req.
-      figure out which mech oid was used, and save it */
-
-   ptr = (unsigned char *) input_token->value;
-
-   if (!(code = g_verify_token_header(gss_mech_krb5,
-                                     &(ap_req.length),
-                                     &ptr, KG_TOK_CTX_AP_REQ,
-                                     input_token->length, 1))) {
-       mech_used = gss_mech_krb5;
-   } else if ((code == G_WRONG_MECH)
-             &&!(code = g_verify_token_header((gss_OID) gss_mech_krb5_wrong,
-                                            &(ap_req.length), 
-                                            &ptr, KG_TOK_CTX_AP_REQ,
-                                            input_token->length, 1))) {
-       mech_used = gss_mech_krb5_wrong;
-   } else if ((code == G_WRONG_MECH) &&
-             !(code = g_verify_token_header(gss_mech_krb5_old,
-                                            &(ap_req.length), 
-                                            &ptr, KG_TOK_CTX_AP_REQ,
-                                            input_token->length, 1))) {
-       /*
-       * Previous versions of this library used the old mech_id
-       * and some broken behavior (wrong IV on checksum
-       * encryption).  We support the old mech_id for
-       * compatibility, and use it to decide when to use the
-       * old behavior.
-       */
-       mech_used = gss_mech_krb5_old;
-   } else if (code == G_WRONG_TOKID) {
-       major_status = GSS_S_CONTINUE_NEEDED;
-       code = KRB5KRB_AP_ERR_MSG_TYPE;
-       mech_used = gss_mech_krb5;
-       goto fail;
-   } else {
-       major_status = GSS_S_DEFECTIVE_TOKEN;
-       goto fail;
-   }
-
-   sptr = (char *) ptr;
-   TREAD_STR(sptr, ap_req.data, ap_req.length);
-   decode_req_message = 1;
-
-   /* construct the sender_addr */
-
-   if ((input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) &&
-       (input_chan_bindings->initiator_addrtype == GSS_C_AF_INET)) {
-       /* XXX is this right? */
-       addr.addrtype = ADDRTYPE_INET;
-       addr.length = input_chan_bindings->initiator_address.length;
-       addr.contents = input_chan_bindings->initiator_address.value;
-
-       paddr = &addr;
-   } else {
-       paddr = NULL;
-   }
-
-   /* decode the AP_REQ message */
-
-   /* decode the message */
-
-   if ((code = krb5_auth_con_init(context, &auth_context))) {
-       major_status = GSS_S_FAILURE;
-       save_error_info(code, context);
-       goto fail;
-   }
-   if (cred->rcache) {
-       cred_rcache = 1;
-       if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
-   }
-   if ((code = krb5_auth_con_setaddrs(context, auth_context, NULL, paddr))) {
-       major_status = GSS_S_FAILURE;
-       goto fail;
-   }
-
-   if ((code = krb5_rd_req(context, &auth_context, &ap_req, cred->princ,
-                          cred->keytab, NULL, &ticket))) {
-       major_status = GSS_S_FAILURE;
-       goto fail;
-   }
-   krb5_auth_con_setflags(context, auth_context,
-                         KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-
-   krb5_auth_con_getauthenticator(context, auth_context, &authdat);
+    krb5_context context;
+    unsigned char *ptr, *ptr2;
+    char *sptr;
+    long tmp;
+    size_t md5len;
+    int bigend;
+    krb5_gss_cred_id_t cred = 0;
+    krb5_data ap_rep, ap_req;
+    unsigned int i;
+    krb5_error_code code;
+    krb5_address addr, *paddr;
+    krb5_authenticator *authdat = 0;
+    krb5_checksum reqcksum;
+    krb5_principal name = NULL;
+    krb5_ui_4 gss_flags = 0;
+    int decode_req_message = 0;
+    krb5_gss_ctx_id_rec *ctx = 0;
+    krb5_timestamp now;
+    gss_buffer_desc token;
+    krb5_auth_context auth_context = NULL;
+    krb5_ticket * ticket = NULL;
+    int option_id;
+    krb5_data option;
+    const gss_OID_desc *mech_used = NULL;
+    OM_uint32 major_status = GSS_S_FAILURE;
+    OM_uint32 tmp_minor_status;
+    krb5_error krb_error_data;
+    krb5_data scratch;
+    gss_cred_id_t cred_handle = NULL;
+    krb5_gss_cred_id_t deleg_cred = NULL;
+    krb5int_access kaccess;
+    int cred_rcache = 0;
+
+    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (code) {
+        *minor_status = code;
+        return(GSS_S_FAILURE);
+    }
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    /* set up returns to be freeable */
+
+    if (src_name)
+        *src_name = (gss_name_t) NULL;
+    output_token->length = 0;
+    output_token->value = NULL;
+    token.value = 0;
+    reqcksum.contents = 0;
+    ap_req.data = 0;
+    ap_rep.data = 0;
+
+    if (mech_type)
+        *mech_type = GSS_C_NULL_OID;
+    /* return a bogus cred handle */
+    if (delegated_cred_handle)
+        *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    /*
+     * Context handle must be unspecified.  Actually, it must be
+     * non-established, but currently, accept_sec_context never returns
+     * a non-established context handle.
+     */
+    /*SUPPRESS 29*/
+    if (*context_handle != GSS_C_NO_CONTEXT) {
+        *minor_status = EINVAL;
+        save_error_string(EINVAL, "accept_sec_context called with existing context handle");
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
+
+    /* handle default cred handle */
+    if (verifier_cred_handle == GSS_C_NO_CREDENTIAL) {
+        major_status = krb5_gss_acquire_cred(minor_status, GSS_C_NO_NAME,
+                                             GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+                                             GSS_C_ACCEPT, &cred_handle,
+                                             NULL, NULL);
+        if (major_status != GSS_S_COMPLETE) {
+            code = *minor_status;
+            goto fail;
+        }
+    } else {
+        major_status = krb5_gss_validate_cred(minor_status,
+                                              verifier_cred_handle);
+        if (GSS_ERROR(major_status)) {
+            code = *minor_status;
+            goto fail;
+        }
+        cred_handle = verifier_cred_handle;
+    }
+
+    cred = (krb5_gss_cred_id_t) cred_handle;
+
+    /* make sure the supplied credentials are valid for accept */
+
+    if ((cred->usage != GSS_C_ACCEPT) &&
+        (cred->usage != GSS_C_BOTH)) {
+        code = 0;
+        major_status = GSS_S_NO_CRED;
+        goto fail;
+    }
+
+    /* verify the token's integrity, and leave the token in ap_req.
+       figure out which mech oid was used, and save it */
+
+    ptr = (unsigned char *) input_token->value;
+
+    if (!(code = g_verify_token_header(gss_mech_krb5,
+                                       &(ap_req.length),
+                                       &ptr, KG_TOK_CTX_AP_REQ,
+                                       input_token->length, 1))) {
+        mech_used = gss_mech_krb5;
+    } else if ((code == G_WRONG_MECH)
+               &&!(code = g_verify_token_header((gss_OID) gss_mech_krb5_wrong,
+                                                &(ap_req.length),
+                                                &ptr, KG_TOK_CTX_AP_REQ,
+                                                input_token->length, 1))) {
+        mech_used = gss_mech_krb5_wrong;
+    } else if ((code == G_WRONG_MECH) &&
+               !(code = g_verify_token_header(gss_mech_krb5_old,
+                                              &(ap_req.length),
+                                              &ptr, KG_TOK_CTX_AP_REQ,
+                                              input_token->length, 1))) {
+        /*
+         * Previous versions of this library used the old mech_id
+         * and some broken behavior (wrong IV on checksum
+         * encryption).  We support the old mech_id for
+         * compatibility, and use it to decide when to use the
+         * old behavior.
+         */
+        mech_used = gss_mech_krb5_old;
+    } else if (code == G_WRONG_TOKID) {
+        major_status = GSS_S_CONTINUE_NEEDED;
+        code = KRB5KRB_AP_ERR_MSG_TYPE;
+        mech_used = gss_mech_krb5;
+        goto fail;
+    } else {
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto fail;
+    }
+
+    sptr = (char *) ptr;
+    TREAD_STR(sptr, ap_req.data, ap_req.length);
+    decode_req_message = 1;
+
+    /* construct the sender_addr */
+
+    if ((input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) &&
+        (input_chan_bindings->initiator_addrtype == GSS_C_AF_INET)) {
+        /* XXX is this right? */
+        addr.addrtype = ADDRTYPE_INET;
+        addr.length = input_chan_bindings->initiator_address.length;
+        addr.contents = input_chan_bindings->initiator_address.value;
+
+        paddr = &addr;
+    } else {
+        paddr = NULL;
+    }
+
+    /* decode the AP_REQ message */
+
+    /* decode the message */
+
+    if ((code = krb5_auth_con_init(context, &auth_context))) {
+        major_status = GSS_S_FAILURE;
+        save_error_info(code, context);
+        goto fail;
+    }
+    if (cred->rcache) {
+        cred_rcache = 1;
+        if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+    }
+    if ((code = krb5_auth_con_setaddrs(context, auth_context, NULL, paddr))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    if ((code = krb5_rd_req(context, &auth_context, &ap_req, cred->princ,
+                            cred->keytab, NULL, &ticket))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+    krb5_auth_con_setflags(context, auth_context,
+                           KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+    krb5_auth_con_getauthenticator(context, auth_context, &authdat);
 
 #if 0
-   /* make sure the necessary parts of the authdat are present */
-
-   if ((authdat->authenticator->subkey == NULL) ||
-       (authdat->ticket->enc_part2 == NULL)) {
-          code = KG_NO_SUBKEY;
-          major_status = GSS_S_FAILURE;
-          goto fail;
-   }
+    /* make sure the necessary parts of the authdat are present */
+
+    if ((authdat->authenticator->subkey == NULL) ||
+        (authdat->ticket->enc_part2 == NULL)) {
+        code = KG_NO_SUBKEY;
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
 #endif
 
-   {
-       /* gss krb5 v1 */
+    {
+        /* gss krb5 v1 */
 
-       /* stash this now, for later. */
-       code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &md5len);
-       if (code) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
+        /* stash this now, for later. */
+        code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &md5len);
+        if (code) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
 
-       /* verify that the checksum is correct */
+        /* verify that the checksum is correct */
 
-       /*
-        The checksum may be either exactly 24 bytes, in which case
-        no options are specified, or greater than 24 bytes, in which case
-        one or more options are specified. Currently, the only valid
-        option is KRB5_GSS_FOR_CREDS_OPTION ( = 1 ).
-       */
+        /*
+          The checksum may be either exactly 24 bytes, in which case
+          no options are specified, or greater than 24 bytes, in which case
+          one or more options are specified. Currently, the only valid
+          option is KRB5_GSS_FOR_CREDS_OPTION ( = 1 ).
+        */
 
-       if ((authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) ||
-          (authdat->checksum->length < 24)) {
-          code = 0;
-          major_status = GSS_S_BAD_BINDINGS;
-          goto fail;
-       }
+        if ((authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) ||
+            (authdat->checksum->length < 24)) {
+            code = 0;
+            major_status = GSS_S_BAD_BINDINGS;
+            goto fail;
+        }
 
-       /*
-        "Be liberal in what you accept, and
-        conservative in what you send"
-        -- rfc1123
+        /*
+          "Be liberal in what you accept, and
+          conservative in what you send"
+          -- rfc1123
 
-        This code will let this acceptor interoperate with an initiator
-        using little-endian or big-endian integer encoding.
-       */
+          This code will let this acceptor interoperate with an initiator
+          using little-endian or big-endian integer encoding.
+        */
 
-       ptr = (unsigned char *) authdat->checksum->contents;
-       bigend = 0;
+        ptr = (unsigned char *) authdat->checksum->contents;
+        bigend = 0;
 
-       TREAD_INT(ptr, tmp, bigend);
+        TREAD_INT(ptr, tmp, bigend);
 
-       if (tmp != md5len) {
-          ptr = (unsigned char *) authdat->checksum->contents;
-          bigend = 1;
+        if (tmp != md5len) {
+            ptr = (unsigned char *) authdat->checksum->contents;
+            bigend = 1;
 
-          TREAD_INT(ptr, tmp, bigend);
+            TREAD_INT(ptr, tmp, bigend);
 
-          if (tmp != md5len) {
-              code = KG_BAD_LENGTH;
-              major_status = GSS_S_FAILURE;
-              goto fail;
-          }
-       }
+            if (tmp != md5len) {
+                code = KG_BAD_LENGTH;
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+        }
 
-       /* at this point, bigend is set according to the initiator's
-         byte order */
+        /* at this point, bigend is set according to the initiator's
+           byte order */
 
 
-       /* 
+        /*
           The following section of code attempts to implement the
           optional channel binding facility as described in RFC2743.
 
@@ -503,507 +504,506 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
           a checksum and compare against those provided by the
           client.         */
 
-       if ((code = kg_checksum_channel_bindings(context, 
-                                               input_chan_bindings,
-                                               &reqcksum, bigend))) {
-        major_status = GSS_S_BAD_BINDINGS;
-        goto fail;
-       }
-
-       /* Always read the clients bindings - eventhough we might ignore them */
-       TREAD_STR(ptr, ptr2, reqcksum.length);
-
-       if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS ) {
-           if (memcmp(ptr2, reqcksum.contents, reqcksum.length) != 0) {
-               xfree(reqcksum.contents);
-               reqcksum.contents = 0;
-              code = 0;
-              major_status = GSS_S_BAD_BINDINGS;
-                   goto fail;
-           }
-           
-       }
-
-       xfree(reqcksum.contents);
-       reqcksum.contents = 0;
-
-       TREAD_INT(ptr, gss_flags, bigend);
+        if ((code = kg_checksum_channel_bindings(context,
+                                                 input_chan_bindings,
+                                                 &reqcksum, bigend))) {
+            major_status = GSS_S_BAD_BINDINGS;
+            goto fail;
+        }
+
+        /* Always read the clients bindings - eventhough we might ignore them */
+        TREAD_STR(ptr, ptr2, reqcksum.length);
+
+        if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS ) {
+            if (memcmp(ptr2, reqcksum.contents, reqcksum.length) != 0) {
+                xfree(reqcksum.contents);
+                reqcksum.contents = 0;
+                code = 0;
+                major_status = GSS_S_BAD_BINDINGS;
+                goto fail;
+            }
+
+        }
+
+        xfree(reqcksum.contents);
+        reqcksum.contents = 0;
+
+        TREAD_INT(ptr, gss_flags, bigend);
 #if 0
-       gss_flags &= ~GSS_C_DELEG_FLAG; /* mask out the delegation flag; if
-                                         there's a delegation, we'll set
-                                         it below */
+        gss_flags &= ~GSS_C_DELEG_FLAG; /* mask out the delegation flag; if
+                                           there's a delegation, we'll set
+                                           it below */
 #endif
-       decode_req_message = 0;
+        decode_req_message = 0;
 
-       /* if the checksum length > 24, there are options to process */
+        /* if the checksum length > 24, there are options to process */
 
-       if(authdat->checksum->length > 24 && (gss_flags & GSS_C_DELEG_FLAG)) {
+        if(authdat->checksum->length > 24 && (gss_flags & GSS_C_DELEG_FLAG)) {
 
-          i = authdat->checksum->length - 24;
+            i = authdat->checksum->length - 24;
 
-          if (i >= 4) {
+            if (i >= 4) {
 
-              TREAD_INT16(ptr, option_id, bigend);
+                TREAD_INT16(ptr, option_id, bigend);
 
-              TREAD_INT16(ptr, option.length, bigend);
+                TREAD_INT16(ptr, option.length, bigend);
 
-              i -= 4;
+                i -= 4;
 
-              if (i < option.length || option.length < 0) {
-                  code = KG_BAD_LENGTH;
-                  major_status = GSS_S_FAILURE;
-                  goto fail;
-              }
+                if (i < option.length || option.length < 0) {
+                    code = KG_BAD_LENGTH;
+                    major_status = GSS_S_FAILURE;
+                    goto fail;
+                }
 
-              /* have to use ptr2, since option.data is wrong type and
-                 macro uses ptr as both lvalue and rvalue */
+                /* have to use ptr2, since option.data is wrong type and
+                   macro uses ptr as both lvalue and rvalue */
 
-              TREAD_STR(ptr, ptr2, option.length);
-              option.data = (char *) ptr2;
+                TREAD_STR(ptr, ptr2, option.length);
+                option.data = (char *) ptr2;
 
-              i -= option.length;
+                i -= option.length;
 
-              if (option_id != KRB5_GSS_FOR_CREDS_OPTION) {
-                  major_status = GSS_S_FAILURE;
-                  goto fail;
-              }
+                if (option_id != KRB5_GSS_FOR_CREDS_OPTION) {
+                    major_status = GSS_S_FAILURE;
+                    goto fail;
+                }
 
-                  /* store the delegated credential */
+                /* store the delegated credential */
 
-                  code = rd_and_store_for_creds(context, auth_context, &option,
-                                                (delegated_cred_handle) ?
-                                                &deleg_cred : NULL);
-                  if (code) {
-                      major_status = GSS_S_FAILURE;
-                      goto fail;
-                  }
+                code = rd_and_store_for_creds(context, auth_context, &option,
+                                              (delegated_cred_handle) ?
+                                              &deleg_cred : NULL);
+                if (code) {
+                    major_status = GSS_S_FAILURE;
+                    goto fail;
+                }
 
-          } /* if i >= 4 */
-          /* ignore any additional trailing data, for now */
+            } /* if i >= 4 */
+            /* ignore any additional trailing data, for now */
 #ifdef CFX_EXERCISE
-          {
-              FILE *f = fopen("/tmp/gsslog", "a");
-              if (f) {
-                  fprintf(f,
-                          "initial context token with delegation, %d extra bytes\n",
-                          i);
-                  fclose(f);
-              }
-          }
+            {
+                FILE *f = fopen("/tmp/gsslog", "a");
+                if (f) {
+                    fprintf(f,
+                            "initial context token with delegation, %d extra bytes\n",
+                            i);
+                    fclose(f);
+                }
+            }
 #endif
-       } else {
+        } else {
 #ifdef CFX_EXERCISE
-          {
-              FILE *f = fopen("/tmp/gsslog", "a");
-              if (f) {
-                  if (gss_flags & GSS_C_DELEG_FLAG)
-                      fprintf(f,
-                              "initial context token, delegation flag but too small\n");
-                  else
-                      /* no deleg flag, length might still be too big */
-                      fprintf(f,
-                              "initial context token, %d extra bytes\n",
-                              authdat->checksum->length - 24);
-                  fclose(f);
-              }
-          }
+            {
+                FILE *f = fopen("/tmp/gsslog", "a");
+                if (f) {
+                    if (gss_flags & GSS_C_DELEG_FLAG)
+                        fprintf(f,
+                                "initial context token, delegation flag but too small\n");
+                    else
+                        /* no deleg flag, length might still be too big */
+                        fprintf(f,
+                                "initial context token, %d extra bytes\n",
+                                authdat->checksum->length - 24);
+                    fclose(f);
+                }
+            }
 #endif
-       }
-   }
-
-   /* create the ctx struct and start filling it in */
-
-   if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec)))
-       == NULL) {
-       code = ENOMEM;
-       major_status = GSS_S_FAILURE;
-       goto fail;
-   }
-
-   memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
-   ctx->mech_used = (gss_OID) mech_used;
-   ctx->auth_context = auth_context;
-   ctx->initiate = 0;
-   ctx->gss_flags = (GSS_C_TRANS_FLAG |
-                    ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
-                            GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
-                            GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)));
-   ctx->seed_init = 0;
-   ctx->big_endian = bigend;
-   ctx->cred_rcache = cred_rcache;
-
-   /* Intern the ctx pointer so that delete_sec_context works */
-   if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
-       xfree(ctx);
-       ctx = 0;
-
-       code = G_VALIDATE_FAILED;
-       major_status = GSS_S_FAILURE;
-       goto fail;
-   }
-
-   if ((code = krb5_copy_principal(context, ticket->server, &ctx->here))) {
-       major_status = GSS_S_FAILURE;
-       goto fail;
-   }
-
-   if ((code = krb5_copy_principal(context, authdat->client, &ctx->there))) {
-       major_status = GSS_S_FAILURE;
-       goto fail;
-   }
-
-   if ((code = krb5_auth_con_getrecvsubkey(context, auth_context,
-                                          &ctx->subkey))) { 
-       major_status = GSS_S_FAILURE;      
-       goto fail;
-   }
-
-   /* use the session key if the subkey isn't present */
-
-   if (ctx->subkey == NULL) {
-       if ((code = krb5_auth_con_getkey(context, auth_context,
-                                       &ctx->subkey))) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
-   }
-
-   if (ctx->subkey == NULL) {
-       /* this isn't a very good error, but it's not clear to me this
-         can actually happen */
-       major_status = GSS_S_FAILURE;
-       code = KRB5KDC_ERR_NULL_KEY;
-       goto fail;
-   }
-
-   ctx->proto = 0;
-   switch(ctx->subkey->enctype) {
-   case ENCTYPE_DES_CBC_MD5:
-   case ENCTYPE_DES_CBC_CRC:
-       ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
-       ctx->signalg = SGN_ALG_DES_MAC_MD5;
-       ctx->cksum_size = 8;
-       ctx->sealalg = SEAL_ALG_DES;
-
-       /* fill in the encryption descriptors */
-
-       if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
-
-       for (i=0; i<ctx->enc->length; i++)
-          /*SUPPRESS 113*/
-          ctx->enc->contents[i] ^= 0xf0;
-
-       goto copy_subkey_to_seq;
-
-   case ENCTYPE_DES3_CBC_SHA1:
-       ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
-       ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
-       ctx->cksum_size = 20;
-       ctx->sealalg = SEAL_ALG_DES3KD;
-
-       /* fill in the encryption descriptors */
-   copy_subkey:
-       if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
-   copy_subkey_to_seq:
-       if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq))) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
-       break;
-
-   case ENCTYPE_ARCFOUR_HMAC:
-       ctx->signalg = SGN_ALG_HMAC_MD5 ;
-       ctx->cksum_size = 8;
-       ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ;
-       goto copy_subkey;
-
-   default:
-       ctx->signalg = -1;
-       ctx->sealalg = -1;
-       ctx->proto = 1;
-       code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype,
-                                           &ctx->cksumtype);
-       if (code)
-          goto fail;
-       code = krb5_c_checksum_length(context, ctx->cksumtype,
-                                    &ctx->cksum_size);
-       if (code)
-          goto fail;
-       ctx->have_acceptor_subkey = 0;
-       goto copy_subkey;
-   }
-
-   ctx->endtime = ticket->enc_part2->times.endtime;
-   ctx->krb_flags = ticket->enc_part2->flags;
-
-   krb5_free_ticket(context, ticket); /* Done with ticket */
-
-   {
-       krb5_ui_4 seq_temp;
-       krb5_auth_con_getremoteseqnumber(context, auth_context, &seq_temp);
-       ctx->seq_recv = seq_temp;
-   }
-
-   if ((code = krb5_timeofday(context, &now))) {
-       major_status = GSS_S_FAILURE;
-       goto fail;
-   }
-
-   if (ctx->endtime < now) {
-       code = 0;
-       major_status = GSS_S_CREDENTIALS_EXPIRED;
-       goto fail;
-   }
-
-   g_order_init(&(ctx->seqstate), ctx->seq_recv,
-               (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
-               (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
-
-   /* at this point, the entire context structure is filled in, 
-      so it can be released.  */
-
-   /* generate an AP_REP if necessary */
-
-   if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
-       unsigned char * ptr3;
-       krb5_ui_4 seq_temp;
-       int cfx_generate_subkey;
-
-       if (ctx->proto == 1)
-          cfx_generate_subkey = CFX_ACCEPTOR_SUBKEY;
-       else
-          cfx_generate_subkey = 0;
-
-       if (cfx_generate_subkey) {
-          krb5_int32 acflags;
-          code = krb5_auth_con_getflags(context, auth_context, &acflags);
-          if (code == 0) {
-              acflags |= KRB5_AUTH_CONTEXT_USE_SUBKEY;
-              code = krb5_auth_con_setflags(context, auth_context, acflags);
-          }
-          if (code) {
-              major_status = GSS_S_FAILURE;
-              goto fail;
-          }
-       }
-
-       if ((code = krb5_mk_rep(context, auth_context, &ap_rep))) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
-
-       krb5_auth_con_getlocalseqnumber(context, auth_context, &seq_temp);
-       ctx->seq_send = seq_temp & 0xffffffffL;
-
-       if (cfx_generate_subkey) {
-          /* Get the new acceptor subkey.  With the code above, there
-             should always be one if we make it to this point.  */
-          code = krb5_auth_con_getsendsubkey(context, auth_context,
-                                             &ctx->acceptor_subkey);
-          if (code != 0) {
-              major_status = GSS_S_FAILURE;
-              goto fail;
-          }
-          code = (*kaccess.krb5int_c_mandatory_cksumtype)(context,
-                                               ctx->acceptor_subkey->enctype,
-                                               &ctx->acceptor_subkey_cksumtype);
-          if (code) {
-              major_status = GSS_S_FAILURE;
-              goto fail;
-          }
-          ctx->have_acceptor_subkey = 1;
-       }
-
-       /* the reply token hasn't been sent yet, but that's ok. */
-       ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
-       ctx->established = 1;
-
-       token.length = g_token_size(mech_used, ap_rep.length);
-
-       if ((token.value = (unsigned char *) xmalloc(token.length))
-          == NULL) {
-          major_status = GSS_S_FAILURE;
-          code = ENOMEM;
-          goto fail;
-       }
-       ptr3 = token.value;
-       g_make_token_header(mech_used, ap_rep.length,
-                          &ptr3, KG_TOK_CTX_AP_REP);
-
-       TWRITE_STR(ptr3, ap_rep.data, ap_rep.length);
-
-       ctx->established = 1;
-
-   } else {
-       token.length = 0;
-       token.value = NULL;
-       ctx->seq_send = ctx->seq_recv;
-
-       ctx->established = 1;
-   }
-
-   /* set the return arguments */
-
-   if (src_name) {
-       if ((code = krb5_copy_principal(context, ctx->there, &name))) {
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
-       /* intern the src_name */
-       if (! kg_save_name((gss_name_t) name)) {
-          code = G_VALIDATE_FAILED;
-          major_status = GSS_S_FAILURE;
-          goto fail;
-       }
-   }
-
-   if (mech_type)
-      *mech_type = (gss_OID) mech_used;
-
-   if (time_rec)
-      *time_rec = ctx->endtime - now;
-
-   if (ret_flags)
-      *ret_flags = ctx->gss_flags;
-
-   *context_handle = (gss_ctx_id_t)ctx;
-   *output_token = token;
-
-   if (src_name)
-      *src_name = (gss_name_t) name;
-
-   if (delegated_cred_handle && deleg_cred) {
-       if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) {
-          major_status = GSS_S_FAILURE;
-          code = G_VALIDATE_FAILED;
-          goto fail;
-       }
-
-       *delegated_cred_handle = (gss_cred_id_t) deleg_cred;
-   }
-
-   /* finally! */
-
-   *minor_status = 0;
-   major_status = GSS_S_COMPLETE;
-
- fail:
-   if (authdat)
-       krb5_free_authenticator(context, authdat);
-   /* The ctx structure has the handle of the auth_context */
-   if (auth_context && !ctx) {
-       if (cred_rcache)
-          (void)krb5_auth_con_setrcache(context, auth_context, NULL);
-
-       krb5_auth_con_free(context, auth_context);
-   }
-   if (reqcksum.contents)
-       xfree(reqcksum.contents);
-   if (ap_rep.data)
-       krb5_free_data_contents(context, &ap_rep);
-
-   if (!GSS_ERROR(major_status) && major_status != GSS_S_CONTINUE_NEEDED) {
-       ctx->k5_context = context;
-       context = NULL;
-       goto done;
-   }
-
-   /* from here on is the real "fail" code */
-
-   if (ctx)
-       (void) krb5_gss_delete_sec_context(&tmp_minor_status, 
-                                         (gss_ctx_id_t *) &ctx, NULL);
-   if (deleg_cred) { /* free memory associated with the deleg credential */
-       if (deleg_cred->ccache)
-          (void)krb5_cc_close(context, deleg_cred->ccache);
-       if (deleg_cred->princ)
-          krb5_free_principal(context, deleg_cred->princ);
-       xfree(deleg_cred);
-   }
-   if (token.value)
-       xfree(token.value);
-   if (name) {
-       (void) kg_delete_name((gss_name_t) name);
-       krb5_free_principal(context, name);
-   }
-
-   *minor_status = code;
-
-   /*
-    * If decode_req_message is set, then we need to decode the ap_req
-    * message to determine whether or not to send a response token.
-    * We need to do this because for some errors we won't be able to
-    * decode the authenticator to read out the gss_flags field.
-    */
-   if (decode_req_message) {
-       krb5_ap_req     * request;
-          
-       if (decode_krb5_ap_req(&ap_req, &request))
-          goto done;
-
-       if (request->ap_options & AP_OPTS_MUTUAL_REQUIRED)
-          gss_flags |= GSS_C_MUTUAL_FLAG;
-       krb5_free_ap_req(context, request);
-   }
-
-   if (cred
-       && ((gss_flags & GSS_C_MUTUAL_FLAG)
-          || (major_status == GSS_S_CONTINUE_NEEDED))) {
-       unsigned int tmsglen;
-       int toktype;
-
-       /*
-       * The client is expecting a response, so we can send an
-       * error token back
-       */
-       memset(&krb_error_data, 0, sizeof(krb_error_data));
-
-       code -= ERROR_TABLE_BASE_krb5;
-       if (code < 0 || code > 128)
-          code = 60 /* KRB_ERR_GENERIC */;
-
-       krb_error_data.error = code;
-       (void) krb5_us_timeofday(context, &krb_error_data.stime,
-                               &krb_error_data.susec);
-       krb_error_data.server = cred->princ;
-
-       code = krb5_mk_error(context, &krb_error_data, &scratch);
-       if (code)
-           goto done;
-
-       tmsglen = scratch.length;
-       toktype = KG_TOK_CTX_ERROR;
-
-       token.length = g_token_size(mech_used, tmsglen);
-       token.value = (unsigned char *) xmalloc(token.length);
-       if (!token.value) 
-           goto done;
-
-       ptr = token.value;
-       g_make_token_header(mech_used, tmsglen, &ptr, toktype);
-
-       TWRITE_STR(ptr, scratch.data, scratch.length);
-       krb5_free_data_contents(context, &scratch);
-
-       *output_token = token;
-   }
-
-  done:
-   if (!verifier_cred_handle && cred_handle) {
-       krb5_gss_release_cred(&tmp_minor_status, &cred_handle);
-   }
-   if (context) {
-       if (major_status && *minor_status)
-           save_error_info(*minor_status, context);
-       krb5_free_context(context);
-   }
-   return (major_status);
+        }
+    }
+
+    /* create the ctx struct and start filling it in */
+
+    if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec)))
+        == NULL) {
+        code = ENOMEM;
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
+    ctx->mech_used = (gss_OID) mech_used;
+    ctx->auth_context = auth_context;
+    ctx->initiate = 0;
+    ctx->gss_flags = (GSS_C_TRANS_FLAG |
+                      ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
+                                      GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+                                      GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)));
+    ctx->seed_init = 0;
+    ctx->big_endian = bigend;
+    ctx->cred_rcache = cred_rcache;
+
+    /* Intern the ctx pointer so that delete_sec_context works */
+    if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
+        xfree(ctx);
+        ctx = 0;
+
+        code = G_VALIDATE_FAILED;
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    if ((code = krb5_copy_principal(context, ticket->server, &ctx->here))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    if ((code = krb5_copy_principal(context, authdat->client, &ctx->there))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    if ((code = krb5_auth_con_getrecvsubkey(context, auth_context,
+                                            &ctx->subkey))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    /* use the session key if the subkey isn't present */
+
+    if (ctx->subkey == NULL) {
+        if ((code = krb5_auth_con_getkey(context, auth_context,
+                                         &ctx->subkey))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+    }
+
+    if (ctx->subkey == NULL) {
+        /* this isn't a very good error, but it's not clear to me this
+           can actually happen */
+        major_status = GSS_S_FAILURE;
+        code = KRB5KDC_ERR_NULL_KEY;
+        goto fail;
+    }
+
+    ctx->proto = 0;
+    switch(ctx->subkey->enctype) {
+    case ENCTYPE_DES_CBC_MD5:
+    case ENCTYPE_DES_CBC_CRC:
+        ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
+        ctx->signalg = SGN_ALG_DES_MAC_MD5;
+        ctx->cksum_size = 8;
+        ctx->sealalg = SEAL_ALG_DES;
+
+        /* fill in the encryption descriptors */
+
+        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+
+        for (i=0; i<ctx->enc->length; i++)
+            /*SUPPRESS 113*/
+            ctx->enc->contents[i] ^= 0xf0;
+
+        goto copy_subkey_to_seq;
+
+    case ENCTYPE_DES3_CBC_SHA1:
+        ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
+        ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
+        ctx->cksum_size = 20;
+        ctx->sealalg = SEAL_ALG_DES3KD;
+
+        /* fill in the encryption descriptors */
+    copy_subkey:
+        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+    copy_subkey_to_seq:
+        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+        break;
+
+    case ENCTYPE_ARCFOUR_HMAC:
+        ctx->signalg = SGN_ALG_HMAC_MD5 ;
+        ctx->cksum_size = 8;
+        ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ;
+        goto copy_subkey;
+
+    default:
+        ctx->signalg = -1;
+        ctx->sealalg = -1;
+        ctx->proto = 1;
+        code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype,
+                                                        &ctx->cksumtype);
+        if (code)
+            goto fail;
+        code = krb5_c_checksum_length(context, ctx->cksumtype,
+                                      &ctx->cksum_size);
+        if (code)
+            goto fail;
+        ctx->have_acceptor_subkey = 0;
+        goto copy_subkey;
+    }
+
+    ctx->endtime = ticket->enc_part2->times.endtime;
+    ctx->krb_flags = ticket->enc_part2->flags;
+
+    krb5_free_ticket(context, ticket); /* Done with ticket */
+
+    {
+        krb5_ui_4 seq_temp;
+        krb5_auth_con_getremoteseqnumber(context, auth_context, &seq_temp);
+        ctx->seq_recv = seq_temp;
+    }
+
+    if ((code = krb5_timeofday(context, &now))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    if (ctx->endtime < now) {
+        code = 0;
+        major_status = GSS_S_CREDENTIALS_EXPIRED;
+        goto fail;
+    }
+
+    g_order_init(&(ctx->seqstate), ctx->seq_recv,
+                 (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+                 (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
+
+    /* at this point, the entire context structure is filled in,
+       so it can be released.  */
+
+    /* generate an AP_REP if necessary */
+
+    if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
+        unsigned char * ptr3;
+        krb5_ui_4 seq_temp;
+        int cfx_generate_subkey;
+
+        if (ctx->proto == 1)
+            cfx_generate_subkey = CFX_ACCEPTOR_SUBKEY;
+        else
+            cfx_generate_subkey = 0;
+
+        if (cfx_generate_subkey) {
+            krb5_int32 acflags;
+            code = krb5_auth_con_getflags(context, auth_context, &acflags);
+            if (code == 0) {
+                acflags |= KRB5_AUTH_CONTEXT_USE_SUBKEY;
+                code = krb5_auth_con_setflags(context, auth_context, acflags);
+            }
+            if (code) {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+        }
+
+        if ((code = krb5_mk_rep(context, auth_context, &ap_rep))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+
+        krb5_auth_con_getlocalseqnumber(context, auth_context, &seq_temp);
+        ctx->seq_send = seq_temp & 0xffffffffL;
+
+        if (cfx_generate_subkey) {
+            /* Get the new acceptor subkey.  With the code above, there
+               should always be one if we make it to this point.  */
+            code = krb5_auth_con_getsendsubkey(context, auth_context,
+                                               &ctx->acceptor_subkey);
+            if (code != 0) {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+            code = (*kaccess.krb5int_c_mandatory_cksumtype)(context,
+                                                            ctx->acceptor_subkey->enctype,
+                                                            &ctx->acceptor_subkey_cksumtype);
+            if (code) {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+            ctx->have_acceptor_subkey = 1;
+        }
+
+        /* the reply token hasn't been sent yet, but that's ok. */
+        ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
+        ctx->established = 1;
+
+        token.length = g_token_size(mech_used, ap_rep.length);
+
+        if ((token.value = (unsigned char *) xmalloc(token.length))
+            == NULL) {
+            major_status = GSS_S_FAILURE;
+            code = ENOMEM;
+            goto fail;
+        }
+        ptr3 = token.value;
+        g_make_token_header(mech_used, ap_rep.length,
+                            &ptr3, KG_TOK_CTX_AP_REP);
+
+        TWRITE_STR(ptr3, ap_rep.data, ap_rep.length);
+
+        ctx->established = 1;
+
+    } else {
+        token.length = 0;
+        token.value = NULL;
+        ctx->seq_send = ctx->seq_recv;
+
+        ctx->established = 1;
+    }
+
+    /* set the return arguments */
+
+    if (src_name) {
+        if ((code = krb5_copy_principal(context, ctx->there, &name))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+        /* intern the src_name */
+        if (! kg_save_name((gss_name_t) name)) {
+            code = G_VALIDATE_FAILED;
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+    }
+
+    if (mech_type)
+        *mech_type = (gss_OID) mech_used;
+
+    if (time_rec)
+        *time_rec = ctx->endtime - now;
+
+    if (ret_flags)
+        *ret_flags = ctx->gss_flags;
+
+    *context_handle = (gss_ctx_id_t)ctx;
+    *output_token = token;
+
+    if (src_name)
+        *src_name = (gss_name_t) name;
+
+    if (delegated_cred_handle && deleg_cred) {
+        if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) {
+            major_status = GSS_S_FAILURE;
+            code = G_VALIDATE_FAILED;
+            goto fail;
+        }
+
+        *delegated_cred_handle = (gss_cred_id_t) deleg_cred;
+    }
+
+    /* finally! */
+
+    *minor_status = 0;
+    major_status = GSS_S_COMPLETE;
+
+fail:
+    if (authdat)
+        krb5_free_authenticator(context, authdat);
+    /* The ctx structure has the handle of the auth_context */
+    if (auth_context && !ctx) {
+        if (cred_rcache)
+            (void)krb5_auth_con_setrcache(context, auth_context, NULL);
+
+        krb5_auth_con_free(context, auth_context);
+    }
+    if (reqcksum.contents)
+        xfree(reqcksum.contents);
+    if (ap_rep.data)
+        krb5_free_data_contents(context, &ap_rep);
+
+    if (!GSS_ERROR(major_status) && major_status != GSS_S_CONTINUE_NEEDED) {
+        ctx->k5_context = context;
+        context = NULL;
+        goto done;
+    }
+
+    /* from here on is the real "fail" code */
+
+    if (ctx)
+        (void) krb5_gss_delete_sec_context(&tmp_minor_status,
+                                           (gss_ctx_id_t *) &ctx, NULL);
+    if (deleg_cred) { /* free memory associated with the deleg credential */
+        if (deleg_cred->ccache)
+            (void)krb5_cc_close(context, deleg_cred->ccache);
+        if (deleg_cred->princ)
+            krb5_free_principal(context, deleg_cred->princ);
+        xfree(deleg_cred);
+    }
+    if (token.value)
+        xfree(token.value);
+    if (name) {
+        (void) kg_delete_name((gss_name_t) name);
+        krb5_free_principal(context, name);
+    }
+
+    *minor_status = code;
+
+    /*
+     * If decode_req_message is set, then we need to decode the ap_req
+     * message to determine whether or not to send a response token.
+     * We need to do this because for some errors we won't be able to
+     * decode the authenticator to read out the gss_flags field.
+     */
+    if (decode_req_message) {
+        krb5_ap_req      * request;
+
+        if (decode_krb5_ap_req(&ap_req, &request))
+            goto done;
+
+        if (request->ap_options & AP_OPTS_MUTUAL_REQUIRED)
+            gss_flags |= GSS_C_MUTUAL_FLAG;
+        krb5_free_ap_req(context, request);
+    }
+
+    if (cred
+        && ((gss_flags & GSS_C_MUTUAL_FLAG)
+            || (major_status == GSS_S_CONTINUE_NEEDED))) {
+        unsigned int tmsglen;
+        int toktype;
+
+        /*
+         * The client is expecting a response, so we can send an
+         * error token back
+         */
+        memset(&krb_error_data, 0, sizeof(krb_error_data));
+
+        code -= ERROR_TABLE_BASE_krb5;
+        if (code < 0 || code > 128)
+            code = 60 /* KRB_ERR_GENERIC */;
+
+        krb_error_data.error = code;
+        (void) krb5_us_timeofday(context, &krb_error_data.stime,
+                                 &krb_error_data.susec);
+        krb_error_data.server = cred->princ;
+
+        code = krb5_mk_error(context, &krb_error_data, &scratch);
+        if (code)
+            goto done;
+
+        tmsglen = scratch.length;
+        toktype = KG_TOK_CTX_ERROR;
+
+        token.length = g_token_size(mech_used, tmsglen);
+        token.value = (unsigned char *) xmalloc(token.length);
+        if (!token.value)
+            goto done;
+
+        ptr = token.value;
+        g_make_token_header(mech_used, tmsglen, &ptr, toktype);
+
+        TWRITE_STR(ptr, scratch.data, scratch.length);
+        krb5_free_data_contents(context, &scratch);
+
+        *output_token = token;
+    }
+
+done:
+    if (!verifier_cred_handle && cred_handle) {
+        krb5_gss_release_cred(&tmp_minor_status, &cred_handle);
+    }
+    if (context) {
+        if (major_status && *minor_status)
+            save_error_info(*minor_status, context);
+        krb5_free_context(context);
+    }
+    return (major_status);
 }
 #endif /* LEAN_CLIENT */
-
index a36dfe060fb6ad8e7dda3cd28ad0f8f175d826fc..daf899223aa7f7d5eba3cce83b0dfaeef5c2efd0 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -34,7 +35,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -64,7 +65,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -104,590 +105,590 @@ krb5_gss_register_acceptor_identity(const char *keytab)
 
     err = gssint_initialize_library();
     if (err != 0)
-       return GSS_S_FAILURE;
+        return GSS_S_FAILURE;
 
     if (keytab == NULL)
-       return GSS_S_FAILURE;
+        return GSS_S_FAILURE;
 
     new = strdup(keytab);
     if (new == NULL)
-       return GSS_S_FAILURE;
+        return GSS_S_FAILURE;
 
     err = k5_mutex_lock(&gssint_krb5_keytab_lock);
     if (err) {
-       free(new);
-       return GSS_S_FAILURE;
+        free(new);
+        return GSS_S_FAILURE;
     }
     old = krb5_gss_keytab;
     krb5_gss_keytab = new;
     k5_mutex_unlock(&gssint_krb5_keytab_lock);
     if (old != NULL)
-       free(old);
+        free(old);
     return GSS_S_COMPLETE;
 }
 
 /* get credentials corresponding to a key in the krb5 keytab.
    If the default name is requested, return the name in output_princ.
-     If output_princ is non-NULL, the caller will use or free it, regardless
-     of the return value.
+   If output_princ is non-NULL, the caller will use or free it, regardless
+   of the return value.
    If successful, set the keytab-specific fields in cred
-   */
+*/
 
-static OM_uint32 
+static OM_uint32
 acquire_accept_cred(context, minor_status, desired_name, output_princ, cred)
-     krb5_context context;
-     OM_uint32 *minor_status;
-     gss_name_t desired_name;
-     krb5_principal *output_princ;
-     krb5_gss_cred_id_rec *cred;
+    krb5_context context;
+    OM_uint32 *minor_status;
+    gss_name_t desired_name;
+    krb5_principal *output_princ;
+    krb5_gss_cred_id_rec *cred;
 {
-   krb5_error_code code;
-   krb5_principal princ;
-   krb5_keytab kt;
-   krb5_keytab_entry entry;
-
-   *output_princ = NULL;
-   cred->keytab = NULL;
-
-   /* open the default keytab */
-
-   code = gssint_initialize_library();
-   if (code != 0) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
-   code = k5_mutex_lock(&gssint_krb5_keytab_lock);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
-   if (krb5_gss_keytab != NULL) {
-      code = krb5_kt_resolve(context, krb5_gss_keytab, &kt);
-      k5_mutex_unlock(&gssint_krb5_keytab_lock);
-   } else {
-      k5_mutex_unlock(&gssint_krb5_keytab_lock);
-      code = krb5_kt_default(context, &kt);
-   }
-
-   if (code) {
-      *minor_status = code;
-      return(GSS_S_CRED_UNAVAIL);
-   }
-
-   if (desired_name != GSS_C_NO_NAME) {
-      princ = (krb5_principal) desired_name;
-      if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) {
-        (void) krb5_kt_close(context, kt);
-        if (code == KRB5_KT_NOTFOUND) {
-            char *errstr = krb5_get_error_message(context, code);
-            krb5_set_error_message(context, KG_KEYTAB_NOMATCH, "%s", errstr);
-            krb5_free_error_message(context, errstr);
-            *minor_status = KG_KEYTAB_NOMATCH;
-        } else
-           *minor_status = code;
-        return(GSS_S_CRED_UNAVAIL);
-      }
-      krb5_kt_free_entry(context, &entry);
-
-      /* Open the replay cache for this principal. */
-      if ((code = krb5_get_server_rcache(context,
-                                        krb5_princ_component(context, princ, 0),
-                                        &cred->rcache))) {
-        *minor_status = code;
-        return(GSS_S_FAILURE);
-      }
-
-   }
+    krb5_error_code code;
+    krb5_principal princ;
+    krb5_keytab kt;
+    krb5_keytab_entry entry;
+
+    *output_princ = NULL;
+    cred->keytab = NULL;
+
+    /* open the default keytab */
+
+    code = gssint_initialize_library();
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+    code = k5_mutex_lock(&gssint_krb5_keytab_lock);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+    if (krb5_gss_keytab != NULL) {
+        code = krb5_kt_resolve(context, krb5_gss_keytab, &kt);
+        k5_mutex_unlock(&gssint_krb5_keytab_lock);
+    } else {
+        k5_mutex_unlock(&gssint_krb5_keytab_lock);
+        code = krb5_kt_default(context, &kt);
+    }
+
+    if (code) {
+        *minor_status = code;
+        return(GSS_S_CRED_UNAVAIL);
+    }
+
+    if (desired_name != GSS_C_NO_NAME) {
+        princ = (krb5_principal) desired_name;
+        if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) {
+            (void) krb5_kt_close(context, kt);
+            if (code == KRB5_KT_NOTFOUND) {
+                char *errstr = krb5_get_error_message(context, code);
+                krb5_set_error_message(context, KG_KEYTAB_NOMATCH, "%s", errstr);
+                krb5_free_error_message(context, errstr);
+                *minor_status = KG_KEYTAB_NOMATCH;
+            } else
+                *minor_status = code;
+            return(GSS_S_CRED_UNAVAIL);
+        }
+        krb5_kt_free_entry(context, &entry);
+
+        /* Open the replay cache for this principal. */
+        if ((code = krb5_get_server_rcache(context,
+                                           krb5_princ_component(context, princ, 0),
+                                           &cred->rcache))) {
+            *minor_status = code;
+            return(GSS_S_FAILURE);
+        }
+
+    }
 
 /* hooray.  we made it */
 
-   cred->keytab = kt;
+    cred->keytab = kt;
 
-   return(GSS_S_COMPLETE);
+    return(GSS_S_COMPLETE);
 }
 #endif /* LEAN_CLIENT */
 
 /* get credentials corresponding to the default credential cache.
    If the default name is requested, return the name in output_princ.
-     If output_princ is non-NULL, the caller will use or free it, regardless
-     of the return value.
+   If output_princ is non-NULL, the caller will use or free it, regardless
+   of the return value.
    If successful, set the ccache-specific fields in cred.
-   */
+*/
 
-static OM_uint32 
+static OM_uint32
 acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
-     krb5_context context;
-     OM_uint32 *minor_status;
-     gss_name_t desired_name;
-     krb5_principal *output_princ;
-     krb5_gss_cred_id_rec *cred;
+    krb5_context context;
+    OM_uint32 *minor_status;
+    gss_name_t desired_name;
+    krb5_principal *output_princ;
+    krb5_gss_cred_id_rec *cred;
 {
-   krb5_error_code code;
-   krb5_ccache ccache;
-   krb5_principal princ, tmp_princ;
-   krb5_flags flags;
-   krb5_cc_cursor cur;
-   krb5_creds creds;
-   int got_endtime;
-   int caller_provided_ccache_name = 0;
-
-   cred->ccache = NULL;
-
-   /* load the GSS ccache name into the kg_context */
-   
-   if (GSS_ERROR(kg_sync_ccache_name(context, minor_status)))
-       return(GSS_S_FAILURE);
-
-   /* check to see if the caller provided a ccache name if so 
-    * we will just use that and not search the cache collection */
-   if (GSS_ERROR(kg_caller_provided_ccache_name (minor_status, &caller_provided_ccache_name))) {
-       return(GSS_S_FAILURE);
-   }
+    krb5_error_code code;
+    krb5_ccache ccache;
+    krb5_principal princ, tmp_princ;
+    krb5_flags flags;
+    krb5_cc_cursor cur;
+    krb5_creds creds;
+    int got_endtime;
+    int caller_provided_ccache_name = 0;
+
+    cred->ccache = NULL;
+
+    /* load the GSS ccache name into the kg_context */
+
+    if (GSS_ERROR(kg_sync_ccache_name(context, minor_status)))
+        return(GSS_S_FAILURE);
+
+    /* check to see if the caller provided a ccache name if so
+     * we will just use that and not search the cache collection */
+    if (GSS_ERROR(kg_caller_provided_ccache_name (minor_status, &caller_provided_ccache_name))) {
+        return(GSS_S_FAILURE);
+    }
 
 #if defined(USE_KIM) || defined(USE_LEASH)
-   if (desired_name && !caller_provided_ccache_name) {
+    if (desired_name && !caller_provided_ccache_name) {
 #if defined(USE_KIM)
-       kim_error err = KIM_NO_ERROR;
-       kim_ccache kimccache = NULL;
-       kim_identity identity = NULL;
-
-       err = kim_identity_create_from_krb5_principal (&identity,
-                                                      context, 
-                                                      (krb5_principal) desired_name);
-       
-       if (!err) {
-           err = kim_ccache_create_new_if_needed (&kimccache, 
-                                                  identity, 
-                                                  KIM_OPTIONS_DEFAULT);
-       }
-       
-       if (!err) {
-           err = kim_ccache_get_krb5_ccache (kimccache, context, &ccache);
-       }
-       
-       kim_ccache_free (&kimccache);
-       kim_identity_free (&identity);
-       
-       if (err) {
-           *minor_status = err;
-           return(GSS_S_CRED_UNAVAIL);
-       }
-       
+        kim_error err = KIM_NO_ERROR;
+        kim_ccache kimccache = NULL;
+        kim_identity identity = NULL;
+
+        err = kim_identity_create_from_krb5_principal (&identity,
+                                                       context,
+                                                       (krb5_principal) desired_name);
+
+        if (!err) {
+            err = kim_ccache_create_new_if_needed (&kimccache,
+                                                   identity,
+                                                   KIM_OPTIONS_DEFAULT);
+        }
+
+        if (!err) {
+            err = kim_ccache_get_krb5_ccache (kimccache, context, &ccache);
+        }
+
+        kim_ccache_free (&kimccache);
+        kim_identity_free (&identity);
+
+        if (err) {
+            *minor_status = err;
+            return(GSS_S_CRED_UNAVAIL);
+        }
+
 #elif defined(USE_LEASH)
-       if ( hLeashDLL == INVALID_HANDLE_VALUE ) {
-          hLeashDLL = LoadLibrary(LEASH_DLL);
-          if ( hLeashDLL != INVALID_HANDLE_VALUE ) {
-              (FARPROC) pLeash_AcquireInitialTicketsIfNeeded =
-                  GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded");
-          }
-       }
-    
-       if ( pLeash_AcquireInitialTicketsIfNeeded ) {
-          char ccname[256]="";
-          pLeash_AcquireInitialTicketsIfNeeded(context, (krb5_principal) desired_name, ccname, sizeof(ccname));
-          if (!ccname[0]) {
-              *minor_status = KRB5_CC_NOTFOUND;
-              return(GSS_S_CRED_UNAVAIL);
-          }
-
-          if ((code = krb5_cc_resolve (context, ccname, &ccache))) {
-              *minor_status = code;
-              return(GSS_S_CRED_UNAVAIL);
-          }
-       } else {
-          /* leash dll not available, open the default credential cache */
-   
-          if ((code = krb5int_cc_default(context, &ccache))) {
-              *minor_status = code;
-              return(GSS_S_CRED_UNAVAIL);
-          }
-       }
+        if ( hLeashDLL == INVALID_HANDLE_VALUE ) {
+            hLeashDLL = LoadLibrary(LEASH_DLL);
+            if ( hLeashDLL != INVALID_HANDLE_VALUE ) {
+                (FARPROC) pLeash_AcquireInitialTicketsIfNeeded =
+                    GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded");
+            }
+        }
+
+        if ( pLeash_AcquireInitialTicketsIfNeeded ) {
+            char ccname[256]="";
+            pLeash_AcquireInitialTicketsIfNeeded(context, (krb5_principal) desired_name, ccname, sizeof(ccname));
+            if (!ccname[0]) {
+                *minor_status = KRB5_CC_NOTFOUND;
+                return(GSS_S_CRED_UNAVAIL);
+            }
+
+            if ((code = krb5_cc_resolve (context, ccname, &ccache))) {
+                *minor_status = code;
+                return(GSS_S_CRED_UNAVAIL);
+            }
+        } else {
+            /* leash dll not available, open the default credential cache */
+
+            if ((code = krb5int_cc_default(context, &ccache))) {
+                *minor_status = code;
+                return(GSS_S_CRED_UNAVAIL);
+            }
+        }
 #endif /* USE_LEASH */
-   } else
+    } else
 #endif /* USE_KIM || USE_LEASH */
-   {
-       /* open the default credential cache */
-   
-       if ((code = krb5int_cc_default(context, &ccache))) {
-          *minor_status = code;
-          return(GSS_S_CRED_UNAVAIL);
-       }
-   }
-
-   /* turn off OPENCLOSE mode while extensive frobbing is going on */
-
-   flags = 0;          /* turns off OPENCLOSE mode */
-   if ((code = krb5_cc_set_flags(context, ccache, flags))) {
-      (void)krb5_cc_close(context, ccache);
-      *minor_status = code;
-      return(GSS_S_CRED_UNAVAIL);
-   }
-
-   /* get out the principal name and see if it matches */
-
-   if ((code = krb5_cc_get_principal(context, ccache, &princ))) {
-      (void)krb5_cc_close(context, ccache);
-      *minor_status = code;
-      return(GSS_S_FAILURE);
-   }
-
-   if (desired_name != (gss_name_t) NULL) {
-      if (! krb5_principal_compare(context, princ, (krb5_principal) desired_name)) {
-        (void)krb5_free_principal(context, princ);
-        (void)krb5_cc_close(context, ccache);
-        *minor_status = KG_CCACHE_NOMATCH;
-        return(GSS_S_CRED_UNAVAIL);
-      }
-      (void)krb5_free_principal(context, princ);
-      princ = (krb5_principal) desired_name;
-   } else {
-      *output_princ = princ;
-   }
-
-   /* iterate over the ccache, find the tgt */
-
-   if ((code = krb5_cc_start_seq_get(context, ccache, &cur))) {
-      (void)krb5_cc_close(context, ccache);
-      *minor_status = code;
-      return(GSS_S_FAILURE);
-   }
-
-   /* this is hairy.  If there's a tgt for the principal's local realm
-      in here, that's what we want for the expire time.  But if
-      there's not, then we want to use the first key.  */
-
-   got_endtime = 0;
-
-   code = krb5_build_principal_ext(context, &tmp_princ,
-                                  krb5_princ_realm(context, princ)->length,
-                                  krb5_princ_realm(context, princ)->data,
-                                  6, "krbtgt",
-                                  krb5_princ_realm(context, princ)->length,
-                                  krb5_princ_realm(context, princ)->data,
-                                  0);
-   if (code) {
-      (void)krb5_cc_close(context, ccache);
-      *minor_status = code;
-      return(GSS_S_FAILURE);
-   }
-   while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) {
-      if (krb5_principal_compare(context, tmp_princ, creds.server)) {
-        cred->tgt_expire = creds.times.endtime;
-        got_endtime = 1;
-        *minor_status = 0;
-        code = 0;
-        krb5_free_cred_contents(context, &creds);
-        break;
-      }
-      if (got_endtime == 0) {
-        cred->tgt_expire = creds.times.endtime;
-        got_endtime = 1;
-      }
-      krb5_free_cred_contents(context, &creds);
-   }
-   krb5_free_principal(context, tmp_princ);
-
-   if (code && code != KRB5_CC_END) {
-      /* this means some error occurred reading the ccache */
-      (void)krb5_cc_end_seq_get(context, ccache, &cur);
-      (void)krb5_cc_close(context, ccache);
-      *minor_status = code;
-      return(GSS_S_FAILURE);
-   } else if (! got_endtime) {
-      /* this means the ccache was entirely empty */
-      (void)krb5_cc_end_seq_get(context, ccache, &cur);
-      (void)krb5_cc_close(context, ccache);
-      *minor_status = KG_EMPTY_CCACHE;
-      return(GSS_S_FAILURE);
-   } else {
-      /* this means that we found an endtime to use. */
-      if ((code = krb5_cc_end_seq_get(context, ccache, &cur))) {
-        (void)krb5_cc_close(context, ccache);
-        *minor_status = code;
-        return(GSS_S_FAILURE);
-      }
-      flags = KRB5_TC_OPENCLOSE;       /* turns on OPENCLOSE mode */
-      if ((code = krb5_cc_set_flags(context, ccache, flags))) {
-        (void)krb5_cc_close(context, ccache);
-        *minor_status = code;
-        return(GSS_S_FAILURE);
-      }
-   }
-
-   /* the credentials match and are valid */
-
-   cred->ccache = ccache;
-   /* minor_status is set while we are iterating over the ccache */
-   return(GSS_S_COMPLETE);
+    {
+        /* open the default credential cache */
+
+        if ((code = krb5int_cc_default(context, &ccache))) {
+            *minor_status = code;
+            return(GSS_S_CRED_UNAVAIL);
+        }
+    }
+
+    /* turn off OPENCLOSE mode while extensive frobbing is going on */
+
+    flags = 0;           /* turns off OPENCLOSE mode */
+    if ((code = krb5_cc_set_flags(context, ccache, flags))) {
+        (void)krb5_cc_close(context, ccache);
+        *minor_status = code;
+        return(GSS_S_CRED_UNAVAIL);
+    }
+
+    /* get out the principal name and see if it matches */
+
+    if ((code = krb5_cc_get_principal(context, ccache, &princ))) {
+        (void)krb5_cc_close(context, ccache);
+        *minor_status = code;
+        return(GSS_S_FAILURE);
+    }
+
+    if (desired_name != (gss_name_t) NULL) {
+        if (! krb5_principal_compare(context, princ, (krb5_principal) desired_name)) {
+            (void)krb5_free_principal(context, princ);
+            (void)krb5_cc_close(context, ccache);
+            *minor_status = KG_CCACHE_NOMATCH;
+            return(GSS_S_CRED_UNAVAIL);
+        }
+        (void)krb5_free_principal(context, princ);
+        princ = (krb5_principal) desired_name;
+    } else {
+        *output_princ = princ;
+    }
+
+    /* iterate over the ccache, find the tgt */
+
+    if ((code = krb5_cc_start_seq_get(context, ccache, &cur))) {
+        (void)krb5_cc_close(context, ccache);
+        *minor_status = code;
+        return(GSS_S_FAILURE);
+    }
+
+    /* this is hairy.  If there's a tgt for the principal's local realm
+       in here, that's what we want for the expire time.  But if
+       there's not, then we want to use the first key.  */
+
+    got_endtime = 0;
+
+    code = krb5_build_principal_ext(context, &tmp_princ,
+                                    krb5_princ_realm(context, princ)->length,
+                                    krb5_princ_realm(context, princ)->data,
+                                    6, "krbtgt",
+                                    krb5_princ_realm(context, princ)->length,
+                                    krb5_princ_realm(context, princ)->data,
+                                    0);
+    if (code) {
+        (void)krb5_cc_close(context, ccache);
+        *minor_status = code;
+        return(GSS_S_FAILURE);
+    }
+    while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) {
+        if (krb5_principal_compare(context, tmp_princ, creds.server)) {
+            cred->tgt_expire = creds.times.endtime;
+            got_endtime = 1;
+            *minor_status = 0;
+            code = 0;
+            krb5_free_cred_contents(context, &creds);
+            break;
+        }
+        if (got_endtime == 0) {
+            cred->tgt_expire = creds.times.endtime;
+            got_endtime = 1;
+        }
+        krb5_free_cred_contents(context, &creds);
+    }
+    krb5_free_principal(context, tmp_princ);
+
+    if (code && code != KRB5_CC_END) {
+        /* this means some error occurred reading the ccache */
+        (void)krb5_cc_end_seq_get(context, ccache, &cur);
+        (void)krb5_cc_close(context, ccache);
+        *minor_status = code;
+        return(GSS_S_FAILURE);
+    } else if (! got_endtime) {
+        /* this means the ccache was entirely empty */
+        (void)krb5_cc_end_seq_get(context, ccache, &cur);
+        (void)krb5_cc_close(context, ccache);
+        *minor_status = KG_EMPTY_CCACHE;
+        return(GSS_S_FAILURE);
+    } else {
+        /* this means that we found an endtime to use. */
+        if ((code = krb5_cc_end_seq_get(context, ccache, &cur))) {
+            (void)krb5_cc_close(context, ccache);
+            *minor_status = code;
+            return(GSS_S_FAILURE);
+        }
+        flags = KRB5_TC_OPENCLOSE;        /* turns on OPENCLOSE mode */
+        if ((code = krb5_cc_set_flags(context, ccache, flags))) {
+            (void)krb5_cc_close(context, ccache);
+            *minor_status = code;
+            return(GSS_S_FAILURE);
+        }
+    }
+
+    /* the credentials match and are valid */
+
+    cred->ccache = ccache;
+    /* minor_status is set while we are iterating over the ccache */
+    return(GSS_S_COMPLETE);
 }
-   
+
 /*ARGSUSED*/
 OM_uint32
 krb5_gss_acquire_cred(minor_status, desired_name, time_req,
-                     desired_mechs, cred_usage, output_cred_handle,
-                     actual_mechs, time_rec)
-     OM_uint32 *minor_status;
-     gss_name_t desired_name;
-     OM_uint32 time_req;
-     gss_OID_set desired_mechs;
-     gss_cred_usage_t cred_usage;
-     gss_cred_id_t *output_cred_handle;
-     gss_OID_set *actual_mechs;
-     OM_uint32 *time_rec;
+                      desired_mechs, cred_usage, output_cred_handle,
+                      actual_mechs, time_rec)
+    OM_uint32 *minor_status;
+    gss_name_t desired_name;
+    OM_uint32 time_req;
+    gss_OID_set desired_mechs;
+    gss_cred_usage_t cred_usage;
+    gss_cred_id_t *output_cred_handle;
+    gss_OID_set *actual_mechs;
+    OM_uint32 *time_rec;
 {
-   krb5_context context;
-   size_t i;
-   krb5_gss_cred_id_t cred;
-   gss_OID_set ret_mechs;
-   int req_old, req_new;
-   OM_uint32 ret;
-   krb5_error_code code;
-
-   code = gssint_initialize_library();
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
-
-   code = krb5_gss_init_context(&context);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
-
-   /* make sure all outputs are valid */
-
-   *output_cred_handle = NULL;
-   if (actual_mechs)
-      *actual_mechs = NULL;
-   if (time_rec)
-      *time_rec = 0;
-
-   /* validate the name */
-
-   /*SUPPRESS 29*/
-   if ((desired_name != (gss_name_t) NULL) &&
-       (! kg_validate_name(desired_name))) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      krb5_free_context(context);
-      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-   }
-
-   /* verify that the requested mechanism set is the default, or
-      contains krb5 */
-
-   if (desired_mechs == GSS_C_NULL_OID_SET) {
-      req_old = 1;
-      req_new = 1;
-   } else {
-      req_old = 0;
-      req_new = 0;
-
-      for (i=0; i<desired_mechs->count; i++) {
-        if (g_OID_equal(gss_mech_krb5_old, &(desired_mechs->elements[i])))
-           req_old++;
-        if (g_OID_equal(gss_mech_krb5, &(desired_mechs->elements[i])))
-           req_new++;
-      }
-
-      if (!req_old && !req_new) {
-        *minor_status = 0;
-        krb5_free_context(context);
-        return(GSS_S_BAD_MECH);
-      }
-   }
-
-   /* create the gss cred structure */
-
-   if ((cred =
-       (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec))) == NULL) {
-      *minor_status = ENOMEM;
-      krb5_free_context(context);
-      return(GSS_S_FAILURE);
-   }
-   memset(cred, 0, sizeof(krb5_gss_cred_id_rec));
-
-   cred->usage = cred_usage;
-   cred->princ = NULL;
-   cred->prerfc_mech = req_old;
-   cred->rfc_mech = req_new;
+    krb5_context context;
+    size_t i;
+    krb5_gss_cred_id_t cred;
+    gss_OID_set ret_mechs;
+    int req_old, req_new;
+    OM_uint32 ret;
+    krb5_error_code code;
+
+    code = gssint_initialize_library();
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    /* make sure all outputs are valid */
+
+    *output_cred_handle = NULL;
+    if (actual_mechs)
+        *actual_mechs = NULL;
+    if (time_rec)
+        *time_rec = 0;
+
+    /* validate the name */
+
+    /*SUPPRESS 29*/
+    if ((desired_name != (gss_name_t) NULL) &&
+        (! kg_validate_name(desired_name))) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+    }
+
+    /* verify that the requested mechanism set is the default, or
+       contains krb5 */
+
+    if (desired_mechs == GSS_C_NULL_OID_SET) {
+        req_old = 1;
+        req_new = 1;
+    } else {
+        req_old = 0;
+        req_new = 0;
+
+        for (i=0; i<desired_mechs->count; i++) {
+            if (g_OID_equal(gss_mech_krb5_old, &(desired_mechs->elements[i])))
+                req_old++;
+            if (g_OID_equal(gss_mech_krb5, &(desired_mechs->elements[i])))
+                req_new++;
+        }
+
+        if (!req_old && !req_new) {
+            *minor_status = 0;
+            krb5_free_context(context);
+            return(GSS_S_BAD_MECH);
+        }
+    }
+
+    /* create the gss cred structure */
+
+    if ((cred =
+         (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec))) == NULL) {
+        *minor_status = ENOMEM;
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
+    memset(cred, 0, sizeof(krb5_gss_cred_id_rec));
+
+    cred->usage = cred_usage;
+    cred->princ = NULL;
+    cred->prerfc_mech = req_old;
+    cred->rfc_mech = req_new;
 
 #ifndef LEAN_CLIENT
-   cred->keytab = NULL;
+    cred->keytab = NULL;
 #endif /* LEAN_CLIENT */
-   cred->ccache = NULL;
-
-   code = k5_mutex_init(&cred->lock);
-   if (code) {
-       *minor_status = code;
-       krb5_free_context(context);
-       return GSS_S_FAILURE;
-   }
-   /* Note that we don't need to lock this GSSAPI credential record
-      here, because no other thread can gain access to it until we
-      return it.  */
-
-   if ((cred_usage != GSS_C_INITIATE) &&
-       (cred_usage != GSS_C_ACCEPT) &&
-       (cred_usage != GSS_C_BOTH)) {
-      k5_mutex_destroy(&cred->lock);
-      xfree(cred);
-      *minor_status = (OM_uint32) G_BAD_USAGE;
-      krb5_free_context(context);
-      return(GSS_S_FAILURE);
-   }
-
-   /* if requested, acquire credentials for accepting */
-   /* this will fill in cred->princ if the desired_name is not specified */
+    cred->ccache = NULL;
+
+    code = k5_mutex_init(&cred->lock);
+    if (code) {
+        *minor_status = code;
+        krb5_free_context(context);
+        return GSS_S_FAILURE;
+    }
+    /* Note that we don't need to lock this GSSAPI credential record
+       here, because no other thread can gain access to it until we
+       return it.  */
+
+    if ((cred_usage != GSS_C_INITIATE) &&
+        (cred_usage != GSS_C_ACCEPT) &&
+        (cred_usage != GSS_C_BOTH)) {
+        k5_mutex_destroy(&cred->lock);
+        xfree(cred);
+        *minor_status = (OM_uint32) G_BAD_USAGE;
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
+
+    /* if requested, acquire credentials for accepting */
+    /* this will fill in cred->princ if the desired_name is not specified */
 #ifndef LEAN_CLIENT
-   if ((cred_usage == GSS_C_ACCEPT) ||
-       (cred_usage == GSS_C_BOTH))
-      if ((ret = acquire_accept_cred(context, minor_status, desired_name,
-                                    &(cred->princ), cred))
-         != GSS_S_COMPLETE) {
-        if (cred->princ)
-           krb5_free_principal(context, cred->princ);
-         k5_mutex_destroy(&cred->lock);
-         xfree(cred);
-        /* minor_status set by acquire_accept_cred() */
-        save_error_info(*minor_status, context);
-        krb5_free_context(context);
-        return(ret);
-      }
+    if ((cred_usage == GSS_C_ACCEPT) ||
+        (cred_usage == GSS_C_BOTH))
+        if ((ret = acquire_accept_cred(context, minor_status, desired_name,
+                                       &(cred->princ), cred))
+            != GSS_S_COMPLETE) {
+            if (cred->princ)
+                krb5_free_principal(context, cred->princ);
+            k5_mutex_destroy(&cred->lock);
+            xfree(cred);
+            /* minor_status set by acquire_accept_cred() */
+            save_error_info(*minor_status, context);
+            krb5_free_context(context);
+            return(ret);
+        }
 #endif /* LEAN_CLIENT */
 
-   /* if requested, acquire credentials for initiation */
-   /* this will fill in cred->princ if it wasn't set above, and
-      the desired_name is not specified */
-
-   if ((cred_usage == GSS_C_INITIATE) ||
-       (cred_usage == GSS_C_BOTH))
-      if ((ret =
-          acquire_init_cred(context, minor_status,
-                            cred->princ?(gss_name_t)cred->princ:desired_name,
-                            &(cred->princ), cred))
-         != GSS_S_COMPLETE) {
+    /* if requested, acquire credentials for initiation */
+    /* this will fill in cred->princ if it wasn't set above, and
+       the desired_name is not specified */
+
+    if ((cred_usage == GSS_C_INITIATE) ||
+        (cred_usage == GSS_C_BOTH))
+        if ((ret =
+             acquire_init_cred(context, minor_status,
+                               cred->princ?(gss_name_t)cred->princ:desired_name,
+                               &(cred->princ), cred))
+            != GSS_S_COMPLETE) {
 #ifndef LEAN_CLIENT
-        if (cred->keytab)
-           krb5_kt_close(context, cred->keytab);
+            if (cred->keytab)
+                krb5_kt_close(context, cred->keytab);
 #endif /* LEAN_CLIENT */
-        if (cred->princ)
-           krb5_free_principal(context, cred->princ);
-         k5_mutex_destroy(&cred->lock);
-         xfree(cred);
-        /* minor_status set by acquire_init_cred() */
-        save_error_info(*minor_status, context);
-        krb5_free_context(context);
-        return(ret);
-      }
-
-   /* if the princ wasn't filled in already, fill it in now */
-
-   if (!cred->princ && (desired_name != GSS_C_NO_NAME))
-      if ((code = krb5_copy_principal(context, (krb5_principal) desired_name,
-                                     &(cred->princ)))) {
-        if (cred->ccache)
-           (void)krb5_cc_close(context, cred->ccache);
+            if (cred->princ)
+                krb5_free_principal(context, cred->princ);
+            k5_mutex_destroy(&cred->lock);
+            xfree(cred);
+            /* minor_status set by acquire_init_cred() */
+            save_error_info(*minor_status, context);
+            krb5_free_context(context);
+            return(ret);
+        }
+
+    /* if the princ wasn't filled in already, fill it in now */
+
+    if (!cred->princ && (desired_name != GSS_C_NO_NAME))
+        if ((code = krb5_copy_principal(context, (krb5_principal) desired_name,
+                                        &(cred->princ)))) {
+            if (cred->ccache)
+                (void)krb5_cc_close(context, cred->ccache);
 #ifndef LEAN_CLIENT
-        if (cred->keytab)
-           (void)krb5_kt_close(context, cred->keytab);
+            if (cred->keytab)
+                (void)krb5_kt_close(context, cred->keytab);
 #endif /* LEAN_CLIENT */
-         k5_mutex_destroy(&cred->lock);
-         xfree(cred);
-        *minor_status = code;
-        save_error_info(*minor_status, context);
-        krb5_free_context(context);
-        return(GSS_S_FAILURE);
-      }
-
-   /*** at this point, the cred structure has been completely created */
-
-   /* compute time_rec */
-
-   if (cred_usage == GSS_C_ACCEPT) {
-      if (time_rec)
-        *time_rec = GSS_C_INDEFINITE;
-   } else {
-      krb5_timestamp now;
-
-      if ((code = krb5_timeofday(context, &now))) {
-        if (cred->ccache)
-           (void)krb5_cc_close(context, cred->ccache);
+            k5_mutex_destroy(&cred->lock);
+            xfree(cred);
+            *minor_status = code;
+            save_error_info(*minor_status, context);
+            krb5_free_context(context);
+            return(GSS_S_FAILURE);
+        }
+
+    /*** at this point, the cred structure has been completely created */
+
+    /* compute time_rec */
+
+    if (cred_usage == GSS_C_ACCEPT) {
+        if (time_rec)
+            *time_rec = GSS_C_INDEFINITE;
+    } else {
+        krb5_timestamp now;
+
+        if ((code = krb5_timeofday(context, &now))) {
+            if (cred->ccache)
+                (void)krb5_cc_close(context, cred->ccache);
 #ifndef LEAN_CLIENT
-        if (cred->keytab)
-           (void)krb5_kt_close(context, cred->keytab);
+            if (cred->keytab)
+                (void)krb5_kt_close(context, cred->keytab);
 #endif /* LEAN_CLIENT */
-        if (cred->princ)
-           krb5_free_principal(context, cred->princ);
-         k5_mutex_destroy(&cred->lock);
-         xfree(cred);
-        *minor_status = code;
-        save_error_info(*minor_status, context);
-        krb5_free_context(context);
-        return(GSS_S_FAILURE);
-      }
-
-      if (time_rec)
-        *time_rec = (cred->tgt_expire > now) ? (cred->tgt_expire - now) : 0;
-   }
-
-   /* create mechs */
-
-   if (actual_mechs) {
-       if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status,
-                                                           &ret_mechs)) ||
-          (cred->prerfc_mech &&
-           GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5_old,
-                                                          &ret_mechs))) ||
-          (cred->rfc_mech &&
-           GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5,
-                                                          &ret_mechs)))) {
-          if (cred->ccache)
-              (void)krb5_cc_close(context, cred->ccache);
+            if (cred->princ)
+                krb5_free_principal(context, cred->princ);
+            k5_mutex_destroy(&cred->lock);
+            xfree(cred);
+            *minor_status = code;
+            save_error_info(*minor_status, context);
+            krb5_free_context(context);
+            return(GSS_S_FAILURE);
+        }
+
+        if (time_rec)
+            *time_rec = (cred->tgt_expire > now) ? (cred->tgt_expire - now) : 0;
+    }
+
+    /* create mechs */
+
+    if (actual_mechs) {
+        if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status,
+                                                             &ret_mechs)) ||
+            (cred->prerfc_mech &&
+             GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
+                                                            gss_mech_krb5_old,
+                                                            &ret_mechs))) ||
+            (cred->rfc_mech &&
+             GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
+                                                            gss_mech_krb5,
+                                                            &ret_mechs)))) {
+            if (cred->ccache)
+                (void)krb5_cc_close(context, cred->ccache);
 #ifndef LEAN_CLIENT
-          if (cred->keytab)
-              (void)krb5_kt_close(context, cred->keytab);
+            if (cred->keytab)
+                (void)krb5_kt_close(context, cred->keytab);
 #endif /* LEAN_CLIENT */
-          if (cred->princ)
-              krb5_free_principal(context, cred->princ);
-           k5_mutex_destroy(&cred->lock);
-          xfree(cred);
-          /* *minor_status set above */
-          krb5_free_context(context);
-          return(ret);
-       }
-   }
-
-   /* intern the credential handle */
-
-   if (! kg_save_cred_id((gss_cred_id_t) cred)) {
-      free(ret_mechs->elements);
-      free(ret_mechs);
-      if (cred->ccache)
-        (void)krb5_cc_close(context, cred->ccache);
+            if (cred->princ)
+                krb5_free_principal(context, cred->princ);
+            k5_mutex_destroy(&cred->lock);
+            xfree(cred);
+            /* *minor_status set above */
+            krb5_free_context(context);
+            return(ret);
+        }
+    }
+
+    /* intern the credential handle */
+
+    if (! kg_save_cred_id((gss_cred_id_t) cred)) {
+        free(ret_mechs->elements);
+        free(ret_mechs);
+        if (cred->ccache)
+            (void)krb5_cc_close(context, cred->ccache);
 #ifndef LEAN_CLIENT
-      if (cred->keytab)
-        (void)krb5_kt_close(context, cred->keytab);
+        if (cred->keytab)
+            (void)krb5_kt_close(context, cred->keytab);
 #endif /* LEAN_CLIENT */
-      if (cred->princ)
-        krb5_free_principal(context, cred->princ);
-      k5_mutex_destroy(&cred->lock);
-      xfree(cred);
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      save_error_string(*minor_status, "error saving credentials");
-      krb5_free_context(context);
-      return(GSS_S_FAILURE);
-   }
-
-   /* return success */
-
-   *minor_status = 0;
-   *output_cred_handle = (gss_cred_id_t) cred;
-   if (actual_mechs)
-      *actual_mechs = ret_mechs;
-
-   krb5_free_context(context);
-   return(GSS_S_COMPLETE);
+        if (cred->princ)
+            krb5_free_principal(context, cred->princ);
+        k5_mutex_destroy(&cred->lock);
+        xfree(cred);
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        save_error_string(*minor_status, "error saving credentials");
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
+
+    /* return success */
+
+    *minor_status = 0;
+    *output_cred_handle = (gss_cred_id_t) cred;
+    if (actual_mechs)
+        *actual_mechs = ret_mechs;
+
+    krb5_free_context(context);
+    return(GSS_S_COMPLETE);
 }
index fdcd9c0d33af0e695ab800d151c8f56dd8692e61..3652f918b773d6062ca37f4198a78bbaffe944ba 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -42,7 +43,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 /* V2 interface */
 OM_uint32
 krb5_gss_add_cred(minor_status, input_cred_handle,
-                 desired_name, desired_mech, cred_usage,
-                 initiator_time_req, acceptor_time_req,
-                 output_cred_handle, actual_mechs, 
-                 initiator_time_rec, acceptor_time_rec)
-    OM_uint32          *minor_status;
-    gss_cred_id_t      input_cred_handle;
-    gss_name_t         desired_name;
-    gss_OID            desired_mech;
-    gss_cred_usage_t   cred_usage;
-    OM_uint32          initiator_time_req;
-    OM_uint32          acceptor_time_req;
-    gss_cred_id_t      *output_cred_handle;
-    gss_OID_set                *actual_mechs;
-    OM_uint32          *initiator_time_rec;
-    OM_uint32          *acceptor_time_rec;
+                  desired_name, desired_mech, cred_usage,
+                  initiator_time_req, acceptor_time_req,
+                  output_cred_handle, actual_mechs,
+                  initiator_time_rec, acceptor_time_rec)
+    OM_uint32           *minor_status;
+    gss_cred_id_t       input_cred_handle;
+    gss_name_t          desired_name;
+    gss_OID             desired_mech;
+    gss_cred_usage_t    cred_usage;
+    OM_uint32           initiator_time_req;
+    OM_uint32           acceptor_time_req;
+    gss_cred_id_t       *output_cred_handle;
+    gss_OID_set         *actual_mechs;
+    OM_uint32           *initiator_time_rec;
+    OM_uint32           *acceptor_time_rec;
 {
-    krb5_context       context;
-    OM_uint32          major_status, lifetime;
-    krb5_gss_cred_id_t cred;
-    krb5_error_code    code;
+    krb5_context        context;
+    OM_uint32           major_status, lifetime;
+    krb5_gss_cred_id_t  cred;
+    krb5_error_code     code;
 
     /* this is pretty simple, since there's not really any difference
        between the underlying mechanisms.  The main hair is in copying
@@ -90,18 +91,18 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
     /* check if the desired_mech is bogus */
 
     if (!g_OID_equal(desired_mech, gss_mech_krb5) &&
-       !g_OID_equal(desired_mech, gss_mech_krb5_old)) {
-       *minor_status = 0;
-       return(GSS_S_BAD_MECH);
+        !g_OID_equal(desired_mech, gss_mech_krb5_old)) {
+        *minor_status = 0;
+        return(GSS_S_BAD_MECH);
     }
 
     /* check if the desired_mech is bogus */
 
     if ((cred_usage != GSS_C_INITIATE) &&
-       (cred_usage != GSS_C_ACCEPT) &&
-       (cred_usage != GSS_C_BOTH)) {
-       *minor_status = (OM_uint32) G_BAD_USAGE;
-       return(GSS_S_FAILURE);
+        (cred_usage != GSS_C_ACCEPT) &&
+        (cred_usage != GSS_C_BOTH)) {
+        *minor_status = (OM_uint32) G_BAD_USAGE;
+        return(GSS_S_FAILURE);
     }
 
     /* since the default credential includes all the mechanisms,
@@ -109,22 +110,22 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
 
     /*SUPPRESS 29*/
     if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
-       *minor_status = 0;
-       return(GSS_S_DUPLICATE_ELEMENT);
+        *minor_status = 0;
+        return(GSS_S_DUPLICATE_ELEMENT);
     }
 
     code = krb5_gss_init_context(&context);
     if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
+        *minor_status = code;
+        return GSS_S_FAILURE;
     }
 
     major_status = krb5_gss_validate_cred_1(minor_status, input_cred_handle,
-                                           context);
+                                            context);
     if (GSS_ERROR(major_status)) {
-       save_error_info(*minor_status, context);
-       krb5_free_context(context);
-       return major_status;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return major_status;
     }
 
     cred = (krb5_gss_cred_id_t) input_cred_handle;
@@ -134,252 +135,252 @@ krb5_gss_add_cred(minor_status, input_cred_handle,
        if copying */
 
     if (!((cred->usage == cred_usage) ||
-         ((cred->usage == GSS_C_BOTH) &&
-          (output_cred_handle != NULL)))) {
-      *minor_status = (OM_uint32) G_BAD_USAGE;
-      krb5_free_context(context);
-      return(GSS_S_FAILURE);
+          ((cred->usage == GSS_C_BOTH) &&
+           (output_cred_handle != NULL)))) {
+        *minor_status = (OM_uint32) G_BAD_USAGE;
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
     }
 
     /* check that desired_mech isn't already in the credential */
 
     if ((g_OID_equal(desired_mech, gss_mech_krb5_old) && cred->prerfc_mech) ||
-       (g_OID_equal(desired_mech, gss_mech_krb5) && cred->rfc_mech)) {
-       *minor_status = 0;
-       krb5_free_context(context);
-       return(GSS_S_DUPLICATE_ELEMENT);
+        (g_OID_equal(desired_mech, gss_mech_krb5) && cred->rfc_mech)) {
+        *minor_status = 0;
+        krb5_free_context(context);
+        return(GSS_S_DUPLICATE_ELEMENT);
     }
 
     if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) {
-       save_error_info(*minor_status, context);
-       krb5_free_context(context);
-       return GSS_S_FAILURE;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return GSS_S_FAILURE;
     }
 
     /* verify the desired_name */
 
     /*SUPPRESS 29*/
     if ((desired_name != (gss_name_t) NULL) &&
-       (! kg_validate_name(desired_name))) {
-       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-       krb5_free_context(context);
-       return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+        (! kg_validate_name(desired_name))) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
     }
 
     /* make sure the desired_name is the same as the existing one */
 
     if (desired_name &&
-       !krb5_principal_compare(context, (krb5_principal) desired_name,
-                               cred->princ)) {
-       *minor_status = 0;
-       krb5_free_context(context);
-       return(GSS_S_BAD_NAME);
+        !krb5_principal_compare(context, (krb5_principal) desired_name,
+                                cred->princ)) {
+        *minor_status = 0;
+        krb5_free_context(context);
+        return(GSS_S_BAD_NAME);
     }
 
     /* copy the cred if necessary */
 
     if (output_cred_handle) {
-       /* make a copy */
-       krb5_gss_cred_id_t new_cred;
-       char ktboth[1024];
-       const char *kttype, *cctype, *ccname;
-       char ccboth[1024];
-
-       if ((new_cred =
-            (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec)))
-           == NULL) {
-           *minor_status = ENOMEM;
-           krb5_free_context(context);
-           return(GSS_S_FAILURE);
-       }
-       memset(new_cred, 0, sizeof(krb5_gss_cred_id_rec));
-       
-       new_cred->usage = cred_usage;
-       new_cred->prerfc_mech = cred->prerfc_mech;
-       new_cred->rfc_mech = cred->rfc_mech;
-       new_cred->tgt_expire = cred->tgt_expire;
-
-       if (cred->princ)
-           code = krb5_copy_principal(context, cred->princ, &new_cred->princ);
-       if (code) {
-           xfree(new_cred);
-
-           *minor_status = code;
-           save_error_info(*minor_status, context);
-           krb5_free_context(context);
-           return(GSS_S_FAILURE);
-       }
-#ifndef LEAN_CLIENT 
-       if (cred->keytab) {
-           kttype = krb5_kt_get_type(context, cred->keytab);
-           if ((strlen(kttype)+2) > sizeof(ktboth)) {
-               if (new_cred->princ)
-                   krb5_free_principal(context, new_cred->princ);
-               xfree(new_cred);
-
-               *minor_status = ENOMEM;
-               krb5_free_context(context);
-               return(GSS_S_FAILURE);
-           }
-
-           strncpy(ktboth, kttype, sizeof(ktboth) - 1);
-           ktboth[sizeof(ktboth) - 1] = '\0';
-           strncat(ktboth, ":", sizeof(ktboth) - 1 - strlen(ktboth));
-
-           code = krb5_kt_get_name(context, cred->keytab, 
-                                   ktboth+strlen(ktboth),
-                                   sizeof(ktboth)-strlen(ktboth));
-           if (code) {
-               if(new_cred->princ)
-                   krb5_free_principal(context, new_cred->princ);
-               xfree(new_cred);
-
-               *minor_status = code;
-               save_error_info(*minor_status, context);
-               krb5_free_context(context);
-               return(GSS_S_FAILURE);
-           }
-
-           code = krb5_kt_resolve(context, ktboth, &new_cred->keytab);
-           if (code) {
-               if (new_cred->princ)
-               krb5_free_principal(context, new_cred->princ);
-               xfree(new_cred);
-
-               *minor_status = code;
-               save_error_info(*minor_status, context);
-               krb5_free_context(context);
-               return(GSS_S_FAILURE);
-           }
-       } else {
+        /* make a copy */
+        krb5_gss_cred_id_t new_cred;
+        char ktboth[1024];
+        const char *kttype, *cctype, *ccname;
+        char ccboth[1024];
+
+        if ((new_cred =
+             (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec)))
+            == NULL) {
+            *minor_status = ENOMEM;
+            krb5_free_context(context);
+            return(GSS_S_FAILURE);
+        }
+        memset(new_cred, 0, sizeof(krb5_gss_cred_id_rec));
+
+        new_cred->usage = cred_usage;
+        new_cred->prerfc_mech = cred->prerfc_mech;
+        new_cred->rfc_mech = cred->rfc_mech;
+        new_cred->tgt_expire = cred->tgt_expire;
+
+        if (cred->princ)
+            code = krb5_copy_principal(context, cred->princ, &new_cred->princ);
+        if (code) {
+            xfree(new_cred);
+
+            *minor_status = code;
+            save_error_info(*minor_status, context);
+            krb5_free_context(context);
+            return(GSS_S_FAILURE);
+        }
+#ifndef LEAN_CLIENT
+        if (cred->keytab) {
+            kttype = krb5_kt_get_type(context, cred->keytab);
+            if ((strlen(kttype)+2) > sizeof(ktboth)) {
+                if (new_cred->princ)
+                    krb5_free_principal(context, new_cred->princ);
+                xfree(new_cred);
+
+                *minor_status = ENOMEM;
+                krb5_free_context(context);
+                return(GSS_S_FAILURE);
+            }
+
+            strncpy(ktboth, kttype, sizeof(ktboth) - 1);
+            ktboth[sizeof(ktboth) - 1] = '\0';
+            strncat(ktboth, ":", sizeof(ktboth) - 1 - strlen(ktboth));
+
+            code = krb5_kt_get_name(context, cred->keytab,
+                                    ktboth+strlen(ktboth),
+                                    sizeof(ktboth)-strlen(ktboth));
+            if (code) {
+                if(new_cred->princ)
+                    krb5_free_principal(context, new_cred->princ);
+                xfree(new_cred);
+
+                *minor_status = code;
+                save_error_info(*minor_status, context);
+                krb5_free_context(context);
+                return(GSS_S_FAILURE);
+            }
+
+            code = krb5_kt_resolve(context, ktboth, &new_cred->keytab);
+            if (code) {
+                if (new_cred->princ)
+                    krb5_free_principal(context, new_cred->princ);
+                xfree(new_cred);
+
+                *minor_status = code;
+                save_error_info(*minor_status, context);
+                krb5_free_context(context);
+                return(GSS_S_FAILURE);
+            }
+        } else {
 #endif /* LEAN_CLIENT */
-           new_cred->keytab = NULL;
-#ifndef LEAN_CLIENT 
-       }
+            new_cred->keytab = NULL;
+#ifndef LEAN_CLIENT
+        }
 #endif /* LEAN_CLIENT */
-               
-       if (cred->rcache) {
-           /* Open the replay cache for this principal. */
-           if ((code = krb5_get_server_rcache(context,
-                                              krb5_princ_component(context, cred->princ, 0),
-                                              &new_cred->rcache))) {
-#ifndef LEAN_CLIENT 
-               if (new_cred->keytab)
-                   krb5_kt_close(context, new_cred->keytab);
+
+        if (cred->rcache) {
+            /* Open the replay cache for this principal. */
+            if ((code = krb5_get_server_rcache(context,
+                                               krb5_princ_component(context, cred->princ, 0),
+                                               &new_cred->rcache))) {
+#ifndef LEAN_CLIENT
+                if (new_cred->keytab)
+                    krb5_kt_close(context, new_cred->keytab);
 #endif /* LEAN_CLIENT */
-               if (new_cred->princ)
-                   krb5_free_principal(context, new_cred->princ);
-               xfree(new_cred);
-
-               *minor_status = code;
-               save_error_info(*minor_status, context);
-               krb5_free_context(context);
-               return(GSS_S_FAILURE);
-           }
-       } else {
-           new_cred->rcache = NULL;
-       }
-
-       if (cred->ccache) {
-           cctype = krb5_cc_get_type(context, cred->ccache);
-           ccname = krb5_cc_get_name(context, cred->ccache);
-
-           if ((strlen(cctype)+strlen(ccname)+2) > sizeof(ccboth)) {
-               if (new_cred->rcache)
-                   krb5_rc_close(context, new_cred->rcache);
-#ifndef LEAN_CLIENT 
-               if (new_cred->keytab)
-                   krb5_kt_close(context, new_cred->keytab);
+                if (new_cred->princ)
+                    krb5_free_principal(context, new_cred->princ);
+                xfree(new_cred);
+
+                *minor_status = code;
+                save_error_info(*minor_status, context);
+                krb5_free_context(context);
+                return(GSS_S_FAILURE);
+            }
+        } else {
+            new_cred->rcache = NULL;
+        }
+
+        if (cred->ccache) {
+            cctype = krb5_cc_get_type(context, cred->ccache);
+            ccname = krb5_cc_get_name(context, cred->ccache);
+
+            if ((strlen(cctype)+strlen(ccname)+2) > sizeof(ccboth)) {
+                if (new_cred->rcache)
+                    krb5_rc_close(context, new_cred->rcache);
+#ifndef LEAN_CLIENT
+                if (new_cred->keytab)
+                    krb5_kt_close(context, new_cred->keytab);
 #endif /* LEAN_CLIENT */
-               if (new_cred->princ)
-               krb5_free_principal(context, new_cred->princ);
-               xfree(new_cred);
-
-               krb5_free_context(context);
-               *minor_status = ENOMEM;
-               return(GSS_S_FAILURE);
-           }
-
-           strncpy(ccboth, cctype, sizeof(ccboth) - 1);
-           ccboth[sizeof(ccboth) - 1] = '\0';
-           strncat(ccboth, ":", sizeof(ccboth) - 1 - strlen(ccboth));
-           strncat(ccboth, ccname, sizeof(ccboth) - 1 - strlen(ccboth));
-
-           code = krb5_cc_resolve(context, ccboth, &new_cred->ccache);
-           if (code) {
-               if (new_cred->rcache)
-                   krb5_rc_close(context, new_cred->rcache);
-#ifndef LEAN_CLIENT 
-               if (new_cred->keytab)
-                   krb5_kt_close(context, new_cred->keytab);
+                if (new_cred->princ)
+                    krb5_free_principal(context, new_cred->princ);
+                xfree(new_cred);
+
+                krb5_free_context(context);
+                *minor_status = ENOMEM;
+                return(GSS_S_FAILURE);
+            }
+
+            strncpy(ccboth, cctype, sizeof(ccboth) - 1);
+            ccboth[sizeof(ccboth) - 1] = '\0';
+            strncat(ccboth, ":", sizeof(ccboth) - 1 - strlen(ccboth));
+            strncat(ccboth, ccname, sizeof(ccboth) - 1 - strlen(ccboth));
+
+            code = krb5_cc_resolve(context, ccboth, &new_cred->ccache);
+            if (code) {
+                if (new_cred->rcache)
+                    krb5_rc_close(context, new_cred->rcache);
+#ifndef LEAN_CLIENT
+                if (new_cred->keytab)
+                    krb5_kt_close(context, new_cred->keytab);
 #endif /* LEAN_CLIENT */
-               if (new_cred->princ)
-                   krb5_free_principal(context, new_cred->princ);
-               xfree(new_cred);
-
-               *minor_status = code;
-               save_error_info(*minor_status, context);
-               krb5_free_context(context);
-               return(GSS_S_FAILURE);
-           }
-       } else {
-           new_cred->ccache = NULL;
-       }
-
-       /* intern the credential handle */
-
-       if (! kg_save_cred_id((gss_cred_id_t) new_cred)) {
-           if (new_cred->ccache)
-               krb5_cc_close(context, new_cred->ccache);
-           if (new_cred->rcache)
-               krb5_rc_close(context, new_cred->rcache);
-#ifndef LEAN_CLIENT 
-           if (new_cred->keytab)
-               krb5_kt_close(context, new_cred->keytab);
+                if (new_cred->princ)
+                    krb5_free_principal(context, new_cred->princ);
+                xfree(new_cred);
+
+                *minor_status = code;
+                save_error_info(*minor_status, context);
+                krb5_free_context(context);
+                return(GSS_S_FAILURE);
+            }
+        } else {
+            new_cred->ccache = NULL;
+        }
+
+        /* intern the credential handle */
+
+        if (! kg_save_cred_id((gss_cred_id_t) new_cred)) {
+            if (new_cred->ccache)
+                krb5_cc_close(context, new_cred->ccache);
+            if (new_cred->rcache)
+                krb5_rc_close(context, new_cred->rcache);
+#ifndef LEAN_CLIENT
+            if (new_cred->keytab)
+                krb5_kt_close(context, new_cred->keytab);
 #endif /* LEAN_CLIENT */
-           if (new_cred->princ)
-           krb5_free_principal(context, new_cred->princ);
-           xfree(new_cred);
-           krb5_free_context(context);
+            if (new_cred->princ)
+                krb5_free_principal(context, new_cred->princ);
+            xfree(new_cred);
+            krb5_free_context(context);
 
-           *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-           return(GSS_S_FAILURE);
-       }
+            *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+            return(GSS_S_FAILURE);
+        }
 
-       /* modify new_cred */
+        /* modify new_cred */
 
-       cred = new_cred;
+        cred = new_cred;
     }
-               
+
     /* set the flag for the new mechanism */
 
     if (g_OID_equal(desired_mech, gss_mech_krb5_old))
-       cred->prerfc_mech = 1;
+        cred->prerfc_mech = 1;
     else if (g_OID_equal(desired_mech, gss_mech_krb5))
-       cred->rfc_mech = 1;
+        cred->rfc_mech = 1;
 
     /* set the outputs */
 
-    if (GSS_ERROR(major_status = krb5_gss_inquire_cred(minor_status, 
-                                                      (gss_cred_id_t)cred,
-                                                      NULL, &lifetime,
-                                                      NULL, actual_mechs))) {
-       OM_uint32 dummy;
-       
-       if (output_cred_handle)
-           (void) krb5_gss_release_cred(&dummy, (gss_cred_id_t *) &cred);
-       krb5_free_context(context);
-
-       return(major_status);
+    if (GSS_ERROR(major_status = krb5_gss_inquire_cred(minor_status,
+                                                       (gss_cred_id_t)cred,
+                                                       NULL, &lifetime,
+                                                       NULL, actual_mechs))) {
+        OM_uint32 dummy;
+
+        if (output_cred_handle)
+            (void) krb5_gss_release_cred(&dummy, (gss_cred_id_t *) &cred);
+        krb5_free_context(context);
+
+        return(major_status);
     }
 
     if (initiator_time_rec)
-       *initiator_time_rec = lifetime;
+        *initiator_time_rec = lifetime;
     if (acceptor_time_rec)
-       *acceptor_time_rec = lifetime;
+        *acceptor_time_rec = lifetime;
 
     if (output_cred_handle)
-       *output_cred_handle = (gss_cred_id_t)cred;
+        *output_cred_handle = (gss_cred_id_t)cred;
 
     krb5_free_context(context);
     *minor_status = 0;
index 0f7c9cd9c0a2bb86a537ac6e2fb1e3ea6d8aad97..b113a343e68249f595e4e7fb208c4a9f51be46c1 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/canon_name.c
  *
 /* This is trivial since we're a single mechanism implementation */
 
 OM_uint32 krb5_gss_canonicalize_name(OM_uint32  *minor_status,
-                                    const gss_name_t input_name,
-                                    const gss_OID mech_type,
-                                    gss_name_t *output_name)
+                                     const gss_name_t input_name,
+                                     const gss_OID mech_type,
+                                     gss_name_t *output_name)
 {
     if ((mech_type != GSS_C_NULL_OID) &&
-       !g_OID_equal(gss_mech_krb5, mech_type) &&
-       !g_OID_equal(gss_mech_krb5_old, mech_type)) {
-       *minor_status = 0;
-       return(GSS_S_BAD_MECH);
+        !g_OID_equal(gss_mech_krb5, mech_type) &&
+        !g_OID_equal(gss_mech_krb5_old, mech_type)) {
+        *minor_status = 0;
+        return(GSS_S_BAD_MECH);
     }
 
     return(gss_duplicate_name(minor_status, input_name, output_name));
index 805f9f1d70d52ba0aa5666b9afa132dbf224cdda..e456ed50a191b844d9ea7a6d75e1d0bb246a3e97 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 OM_uint32
 krb5_gss_compare_name(minor_status, name1, name2, name_equal)
-     OM_uint32 *minor_status;
-     gss_name_t name1;
-     gss_name_t name2;
-     int *name_equal;
-{ 
-   krb5_context context;
-   krb5_error_code code;
+    OM_uint32 *minor_status;
+    gss_name_t name1;
+    gss_name_t name2;
+    int *name_equal;
+{
+    krb5_context context;
+    krb5_error_code code;
 
-   if (! kg_validate_name(name1)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-   }
+    if (! kg_validate_name(name1)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+    }
 
-   if (! kg_validate_name(name2)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-   }
+    if (! kg_validate_name(name2)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+    }
 
-   code = krb5_gss_init_context(&context);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
 
-   *minor_status = 0;
-   *name_equal = krb5_principal_compare(context, (krb5_principal) name1,
-                                       (krb5_principal) name2);
-   krb5_free_context(context);
-   return(GSS_S_COMPLETE);
+    *minor_status = 0;
+    *name_equal = krb5_principal_compare(context, (krb5_principal) name1,
+                                         (krb5_principal) name2);
+    krb5_free_context(context);
+    return(GSS_S_COMPLETE);
 }
index adaa6250693a98c4d774e679876358555a9be9b3..ec16239c4aca9617606113a43d90af2b79b7b680 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 OM_uint32
 krb5_gss_context_time(minor_status, context_handle, time_rec)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     OM_uint32 *time_rec;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    OM_uint32 *time_rec;
 {
-   krb5_error_code code;
-   krb5_gss_ctx_id_rec *ctx;
-   krb5_timestamp now;
-   krb5_deltat lifetime;
+    krb5_error_code code;
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_timestamp now;
+    krb5_deltat lifetime;
 
-   /* validate the context handle */
-   if (! kg_validate_ctx_id(context_handle)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_NO_CONTEXT);
-   }
+    /* validate the context handle */
+    if (! kg_validate_ctx_id(context_handle)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_NO_CONTEXT);
+    }
 
-   ctx = (krb5_gss_ctx_id_rec *) context_handle;
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   if (! ctx->established) {
-      *minor_status = KG_CTX_INCOMPLETE;
-      return(GSS_S_NO_CONTEXT);
-   }
+    if (! ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
+    }
 
-   if ((code = krb5_timeofday(ctx->k5_context, &now))) {
-      *minor_status = code;
-      save_error_info(*minor_status, ctx->k5_context);
-      return(GSS_S_FAILURE);
-   }
+    if ((code = krb5_timeofday(ctx->k5_context, &now))) {
+        *minor_status = code;
+        save_error_info(*minor_status, ctx->k5_context);
+        return(GSS_S_FAILURE);
+    }
 
-   if ((lifetime = ctx->endtime - now) <= 0) {
-      *time_rec = 0;
-      *minor_status = 0;
-      return(GSS_S_CONTEXT_EXPIRED);
-   } else {
-      *time_rec = lifetime;
-      *minor_status = 0;
-      return(GSS_S_COMPLETE);
-   }
+    if ((lifetime = ctx->endtime - now) <= 0) {
+        *time_rec = 0;
+        *minor_status = 0;
+        return(GSS_S_CONTEXT_EXPIRED);
+    } else {
+        *time_rec = lifetime;
+        *minor_status = 0;
+        return(GSS_S_COMPLETE);
+    }
 }
index 8553d92dba891340c4bb98ad609cd100fecfb02e..2071df44a18b0780e1160f96941ceed60bb1f121 100644 (file)
@@ -1,57 +1,58 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 #include "gssapiP_krb5.h"
 
-OM_uint32 KRB5_CALLCONV 
+OM_uint32 KRB5_CALLCONV
 gss_krb5int_copy_ccache(minor_status, cred_handle, out_ccache)
-     OM_uint32 *minor_status;
-     gss_cred_id_t cred_handle;
-     krb5_ccache out_ccache;
+    OM_uint32 *minor_status;
+    gss_cred_id_t cred_handle;
+    krb5_ccache out_ccache;
 {
-   OM_uint32 major_status;
-   krb5_gss_cred_id_t k5creds;
-   krb5_cc_cursor cursor;
-   krb5_creds creds;
-   krb5_error_code code;
-   krb5_context context;
+    OM_uint32 major_status;
+    krb5_gss_cred_id_t k5creds;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    krb5_error_code code;
+    krb5_context context;
 
-   /* validate the cred handle */
-   major_status = krb5_gss_validate_cred(minor_status, cred_handle);
-   if (major_status)
-       return(major_status);
-   
-   k5creds = (krb5_gss_cred_id_t) cred_handle;
-   code = k5_mutex_lock(&k5creds->lock);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
-   if (k5creds->usage == GSS_C_ACCEPT) {
-       k5_mutex_unlock(&k5creds->lock);
-       *minor_status = (OM_uint32) G_BAD_USAGE;
-       return(GSS_S_FAILURE);
-   }
+    /* validate the cred handle */
+    major_status = krb5_gss_validate_cred(minor_status, cred_handle);
+    if (major_status)
+        return(major_status);
 
-   code = krb5_gss_init_context(&context);
-   if (code) {
-       k5_mutex_unlock(&k5creds->lock);
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
+    k5creds = (krb5_gss_cred_id_t) cred_handle;
+    code = k5_mutex_lock(&k5creds->lock);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+    if (k5creds->usage == GSS_C_ACCEPT) {
+        k5_mutex_unlock(&k5creds->lock);
+        *minor_status = (OM_uint32) G_BAD_USAGE;
+        return(GSS_S_FAILURE);
+    }
 
-   code = krb5_cc_start_seq_get(context, k5creds->ccache, &cursor);
-   if (code) {
-       k5_mutex_unlock(&k5creds->lock);
-       *minor_status = code;
-       save_error_info(*minor_status, context);
-       krb5_free_context(context);
-       return(GSS_S_FAILURE);
-   }
-   while (!code && !krb5_cc_next_cred(context, k5creds->ccache, &cursor, &creds)) 
-       code = krb5_cc_store_cred(context, out_ccache, &creds);
-   krb5_cc_end_seq_get(context, k5creds->ccache, &cursor);
-   k5_mutex_unlock(&k5creds->lock);
-   *minor_status = code;
-   if (code)
-       save_error_info(*minor_status, context);
-   krb5_free_context(context);
-   return code ? GSS_S_FAILURE : GSS_S_COMPLETE;
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        k5_mutex_unlock(&k5creds->lock);
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    code = krb5_cc_start_seq_get(context, k5creds->ccache, &cursor);
+    if (code) {
+        k5_mutex_unlock(&k5creds->lock);
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
+    while (!code && !krb5_cc_next_cred(context, k5creds->ccache, &cursor, &creds))
+        code = krb5_cc_store_cred(context, out_ccache, &creds);
+    krb5_cc_end_seq_get(context, k5creds->ccache, &cursor);
+    k5_mutex_unlock(&k5creds->lock);
+    *minor_status = code;
+    if (code)
+        save_error_info(*minor_status, context);
+    krb5_free_context(context);
+    return code ? GSS_S_FAILURE : GSS_S_COMPLETE;
 }
index 60755d2519d90fa0c6204c525908ea4bcbd1b5c4..b2ace922c37438585fa53f9d847842e080974e2d 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 OM_uint32
 krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t *context_handle;
-     gss_buffer_t output_token;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t *context_handle;
+    gss_buffer_t output_token;
 {
-   krb5_context context;
-   krb5_gss_ctx_id_rec *ctx;
+    krb5_context context;
+    krb5_gss_ctx_id_rec *ctx;
 
-   if (output_token) {
-      output_token->length = 0;
-      output_token->value = NULL;
-   }
+    if (output_token) {
+        output_token->length = 0;
+        output_token->value = NULL;
+    }
 
-   /*SUPPRESS 29*/
-   if (*context_handle == GSS_C_NO_CONTEXT) {
-      *minor_status = 0;
-      return(GSS_S_COMPLETE);
-   }
+    /*SUPPRESS 29*/
+    if (*context_handle == GSS_C_NO_CONTEXT) {
+        *minor_status = 0;
+        return(GSS_S_COMPLETE);
+    }
 
-   /*SUPPRESS 29*/
-   /* validate the context handle */
-   if (! kg_validate_ctx_id(*context_handle)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_NO_CONTEXT);
-   }
+    /*SUPPRESS 29*/
+    /* validate the context handle */
+    if (! kg_validate_ctx_id(*context_handle)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_NO_CONTEXT);
+    }
 
-   ctx = (krb5_gss_ctx_id_t) *context_handle;
-   context = ctx->k5_context;
+    ctx = (krb5_gss_ctx_id_t) *context_handle;
+    context = ctx->k5_context;
 
-   /* construct a delete context token if necessary */
+    /* construct a delete context token if necessary */
 
-   if (output_token) {
-      OM_uint32 major;
-      gss_buffer_desc empty;
-      empty.length = 0; empty.value = NULL;
+    if (output_token) {
+        OM_uint32 major;
+        gss_buffer_desc empty;
+        empty.length = 0; empty.value = NULL;
 
-      if ((major = kg_seal(minor_status, *context_handle, 0,
-                          GSS_C_QOP_DEFAULT,
-                          &empty, NULL, output_token, KG_TOK_DEL_CTX))) {
-         save_error_info(*minor_status, context);
-         return(major);
-      }
-   }
+        if ((major = kg_seal(minor_status, *context_handle, 0,
+                             GSS_C_QOP_DEFAULT,
+                             &empty, NULL, output_token, KG_TOK_DEL_CTX))) {
+            save_error_info(*minor_status, context);
+            return(major);
+        }
+    }
 
-   /* invalidate the context handle */
+    /* invalidate the context handle */
 
-   (void)kg_delete_ctx_id(*context_handle);
+    (void)kg_delete_ctx_id(*context_handle);
 
-   /* free all the context state */
+    /* free all the context state */
 
-   if (ctx->seqstate)
-      g_order_free(&(ctx->seqstate));
+    if (ctx->seqstate)
+        g_order_free(&(ctx->seqstate));
 
-   if (ctx->enc)
-      krb5_free_keyblock(context, ctx->enc);
+    if (ctx->enc)
+        krb5_free_keyblock(context, ctx->enc);
 
-   if (ctx->seq)
-      krb5_free_keyblock(context, ctx->seq);
+    if (ctx->seq)
+        krb5_free_keyblock(context, ctx->seq);
 
-   if (ctx->here)
-      krb5_free_principal(context, ctx->here);
-   if (ctx->there)
-      krb5_free_principal(context, ctx->there);
-   if (ctx->subkey)
-      krb5_free_keyblock(context, ctx->subkey);
-   if (ctx->acceptor_subkey)
-       krb5_free_keyblock(context, ctx->acceptor_subkey);
+    if (ctx->here)
+        krb5_free_principal(context, ctx->here);
+    if (ctx->there)
+        krb5_free_principal(context, ctx->there);
+    if (ctx->subkey)
+        krb5_free_keyblock(context, ctx->subkey);
+    if (ctx->acceptor_subkey)
+        krb5_free_keyblock(context, ctx->acceptor_subkey);
 
-   if (ctx->auth_context) {
-       if (ctx->cred_rcache)
-          (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL);
+    if (ctx->auth_context) {
+        if (ctx->cred_rcache)
+            (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL);
 
-       krb5_auth_con_free(context, ctx->auth_context);
-   }
+        krb5_auth_con_free(context, ctx->auth_context);
+    }
 
-   if (ctx->mech_used)
-       gss_release_oid(minor_status, &ctx->mech_used);
-   
-   if (ctx->k5_context)
-       krb5_free_context(ctx->k5_context);
+    if (ctx->mech_used)
+        gss_release_oid(minor_status, &ctx->mech_used);
 
-   /* Zero out context */
-   memset(ctx, 0, sizeof(*ctx));
-   xfree(ctx);
+    if (ctx->k5_context)
+        krb5_free_context(ctx->k5_context);
 
-   /* zero the handle itself */
+    /* Zero out context */
+    memset(ctx, 0, sizeof(*ctx));
+    xfree(ctx);
 
-   *context_handle = GSS_C_NO_CONTEXT;
+    /* zero the handle itself */
 
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
+    *context_handle = GSS_C_NO_CONTEXT;
+
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
 }
index 1f67d512993e021ad0c9413df44caa8cfd95178b..d6bf0f7bac9ebea73a7eddfccd3e7ca7e1477187 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 #include "gssapiP_krb5.h"
 
 OM_uint32
-krb5_gss_display_name(minor_status, input_name, output_name_buffer, 
-                     output_name_type)
-     OM_uint32 *minor_status;
-     gss_name_t input_name;
-     gss_buffer_t output_name_buffer;
-     gss_OID *output_name_type;
+krb5_gss_display_name(minor_status, input_name, output_name_buffer,
+                      output_name_type)
+    OM_uint32 *minor_status;
+    gss_name_t input_name;
+    gss_buffer_t output_name_buffer;
+    gss_OID *output_name_type;
 {
-   krb5_context context;
-   krb5_error_code code;
-   char *str;
+    krb5_context context;
+    krb5_error_code code;
+    char *str;
 
-   code = krb5_gss_init_context(&context);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
 
-   output_name_buffer->length = 0;
-   output_name_buffer->value = NULL;
+    output_name_buffer->length = 0;
+    output_name_buffer->value = NULL;
 
-   if (! kg_validate_name(input_name)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      krb5_free_context(context);
-      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-   }
+    if (! kg_validate_name(input_name)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+    }
 
-   if ((code = krb5_unparse_name(context,
-                                (krb5_principal) input_name, &str))) {
-      *minor_status = code;
-      save_error_info(*minor_status, context);
-      krb5_free_context(context);
-      return(GSS_S_FAILURE);
-   }
+    if ((code = krb5_unparse_name(context,
+                                  (krb5_principal) input_name, &str))) {
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
 
-   if (! g_make_string_buffer(str, output_name_buffer)) {
-      krb5_free_unparsed_name(context, str);
-      krb5_free_context(context);
+    if (! g_make_string_buffer(str, output_name_buffer)) {
+        krb5_free_unparsed_name(context, str);
+        krb5_free_context(context);
 
-      *minor_status = (OM_uint32) G_BUFFER_ALLOC;
-      return(GSS_S_FAILURE);
-   }
+        *minor_status = (OM_uint32) G_BUFFER_ALLOC;
+        return(GSS_S_FAILURE);
+    }
 
-   krb5_free_unparsed_name(context, str);
-   krb5_free_context(context);
+    krb5_free_unparsed_name(context, str);
+    krb5_free_context(context);
 
-   *minor_status = 0;
-   if (output_name_type)
-      *output_name_type = (gss_OID) gss_nt_krb5_name;
-   return(GSS_S_COMPLETE);
+    *minor_status = 0;
+    if (output_name_type)
+        *output_name_type = (gss_OID) gss_nt_krb5_name;
+    return(GSS_S_COMPLETE);
 }
index 9a0399d78beb542245878ed388e09c7aef1876a6..2ee6aceec41ec40fc86e1854385654732d8d25e0 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -30,11 +31,11 @@ static inline int
 compare_OM_uint32 (OM_uint32 a, OM_uint32 b)
 {
     if (a < b)
-       return -1;
+        return -1;
     else if (a == b)
-       return 0;
+        return 0;
     else
-       return 1;
+        return 1;
 }
 static inline void
 free_string (char *s)
@@ -49,19 +50,19 @@ char *get_error_message(OM_uint32 minor_code)
     char *msg = 0;
 #ifdef DEBUG
     fprintf(stderr, "%s(%lu, p=%p)", __func__, (unsigned long) minor_code,
-           (void *) p);
+            (void *) p);
 #endif
     if (p) {
-       char **v = gsserrmap_find(p, minor_code);
-       if (v) {
-           msg = *v;
+        char **v = gsserrmap_find(p, minor_code);
+        if (v) {
+            msg = *v;
 #ifdef DEBUG
-           fprintf(stderr, " FOUND!");
+            fprintf(stderr, " FOUND!");
 #endif
-       }
+        }
     }
     if (msg == 0)
-       msg = error_message(minor_code);
+        msg = error_message(minor_code);
 #ifdef DEBUG
     fprintf(stderr, " -> %p/%s\n", (void *) msg, msg);
 #endif
@@ -78,24 +79,24 @@ static int save_error_string_nocopy(OM_uint32 minor_code, char *msg)
 #endif
     p = k5_getspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE);
     if (!p) {
-       p = malloc(sizeof(*p));
-       if (p == NULL) {
-           ret = 1;
-           goto fail;
-       }
-       if (gsserrmap_init(p) != 0) {
-           free(p);
-           p = NULL;
-           ret = 1;
-           goto fail;
-       }
-       if (k5_setspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE, p) != 0) {
-           gsserrmap_destroy(p);
-           free(p);
-           p = NULL;
-           ret = 1;
-           goto fail;
-       }
+        p = malloc(sizeof(*p));
+        if (p == NULL) {
+            ret = 1;
+            goto fail;
+        }
+        if (gsserrmap_init(p) != 0) {
+            free(p);
+            p = NULL;
+            ret = 1;
+            goto fail;
+        }
+        if (k5_setspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE, p) != 0) {
+            gsserrmap_destroy(p);
+            free(p);
+            p = NULL;
+            ret = 1;
+            goto fail;
+        }
     }
     ret = gsserrmap_replace_or_insert(p, minor_code, msg);
 fail:
@@ -108,8 +109,8 @@ void save_error_string(OM_uint32 minor_code, char *msg)
 {
     char *s = strdup(msg);
     if (s) {
-       if (save_error_string_nocopy(minor_code, s) != 0)
-           free(s);
+        if (save_error_string_nocopy(minor_code, s) != 0)
+            free(s);
     }
 }
 void save_error_message(OM_uint32 minor_code, const char *format, ...)
@@ -122,8 +123,8 @@ void save_error_message(OM_uint32 minor_code, const char *format, ...)
     n = vasprintf(&s, format, ap);
     va_end(ap);
     if (n >= 0) {
-       if (save_error_string_nocopy(minor_code, s) != 0)
-           free(s);
+        if (save_error_string_nocopy(minor_code, s) != 0)
+            free(s);
     }
 }
 void krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx)
@@ -132,12 +133,12 @@ void krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx)
 
 #ifdef DEBUG
     fprintf(stderr, "%s(%lu, ctx=%p)\n", __func__,
-           (unsigned long) minor_code, (void *)ctx);
+            (unsigned long) minor_code, (void *)ctx);
 #endif
     s = krb5_get_error_message(ctx, minor_code);
 #ifdef DEBUG
     fprintf(stderr, "%s(%lu, ctx=%p) saving: %s\n", __func__,
-           (unsigned long) minor_code, (void *)ctx, s);
+            (unsigned long) minor_code, (void *)ctx, s);
 #endif
     save_error_string(minor_code, s);
     /* The get_error_message call above resets the error message in
@@ -154,44 +155,44 @@ void krb5_gss_delete_error_info(void *p)
 
 OM_uint32
 krb5_gss_display_status(minor_status, status_value, status_type,
-                       mech_type, message_context, status_string)
-     OM_uint32 *minor_status;
-     OM_uint32 status_value;
-     int status_type;
-     gss_OID mech_type;
-     OM_uint32 *message_context;
-     gss_buffer_t status_string;
+                        mech_type, message_context, status_string)
+    OM_uint32 *minor_status;
+    OM_uint32 status_value;
+    int status_type;
+    gss_OID mech_type;
+    OM_uint32 *message_context;
+    gss_buffer_t status_string;
 {
-   status_string->length = 0;
-   status_string->value = NULL;
+    status_string->length = 0;
+    status_string->value = NULL;
 
-   if ((mech_type != GSS_C_NULL_OID) &&
-       !g_OID_equal(gss_mech_krb5, mech_type) &&
-       !g_OID_equal(gss_mech_krb5_old, mech_type)) {
-       *minor_status = 0;
-       return(GSS_S_BAD_MECH);
+    if ((mech_type != GSS_C_NULL_OID) &&
+        !g_OID_equal(gss_mech_krb5, mech_type) &&
+        !g_OID_equal(gss_mech_krb5_old, mech_type)) {
+        *minor_status = 0;
+        return(GSS_S_BAD_MECH);
     }
 
-   if (status_type == GSS_C_GSS_CODE) {
-      return(g_display_major_status(minor_status, status_value,
-                                   message_context, status_string));
-   } else if (status_type == GSS_C_MECH_CODE) {
-      (void) gssint_initialize_library();
+    if (status_type == GSS_C_GSS_CODE) {
+        return(g_display_major_status(minor_status, status_value,
+                                      message_context, status_string));
+    } else if (status_type == GSS_C_MECH_CODE) {
+        (void) gssint_initialize_library();
 
-      if (*message_context) {
-        *minor_status = (OM_uint32) G_BAD_MSG_CTX;
-        return(GSS_S_FAILURE);
-      }
+        if (*message_context) {
+            *minor_status = (OM_uint32) G_BAD_MSG_CTX;
+            return(GSS_S_FAILURE);
+        }
 
-      /* If this fails, there's not much we can do...  */
-      if (g_make_string_buffer(krb5_gss_get_error_message(status_value),
-                              status_string) != 0)
-         *minor_status = ENOMEM;
-      else
-         *minor_status = 0;
-      return 0;
-   } else {
-      *minor_status = 0;
-      return(GSS_S_BAD_STATUS);
-   }
+        /* If this fails, there's not much we can do...  */
+        if (g_make_string_buffer(krb5_gss_get_error_message(status_value),
+                                 status_string) != 0)
+            *minor_status = ENOMEM;
+        else
+            *minor_status = 0;
+        return 0;
+    } else {
+        *minor_status = 0;
+        return(GSS_S_BAD_STATUS);
+    }
 }
index 5d352bdf364a70af9dc793efc43395a47e08ddaf..add3a2ed0325abf18883e62d4effeefc6924bd86 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/duplicate_name.c
  *
 #include "gssapiP_krb5.h"
 
 OM_uint32 krb5_gss_duplicate_name(OM_uint32  *minor_status,
-                                 const gss_name_t input_name,
-                                 gss_name_t *dest_name)
+                                  const gss_name_t input_name,
+                                  gss_name_t *dest_name)
 {
-       krb5_context context;
-       krb5_error_code code;
-       krb5_principal princ, outprinc;
+    krb5_context context;
+    krb5_error_code code;
+    krb5_principal princ, outprinc;
 
-       if (minor_status)
-           *minor_status = 0;
-
-       code = krb5_gss_init_context(&context);
-       if (code) {
-           if (minor_status)
-               *minor_status = code;
-           return GSS_S_FAILURE;
-       }
-
-       if (! kg_validate_name(input_name)) {
-               if (minor_status)
-                       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-               krb5_free_context(context);
-               return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-       }
-
-       princ = (krb5_principal)input_name;
-       if ((code = krb5_copy_principal(context, princ, &outprinc))) {
-               *minor_status = code;
-               save_error_info(*minor_status, context);
-               krb5_free_context(context);
-               return(GSS_S_FAILURE);
-       }
-
-       if (! kg_save_name((gss_name_t) outprinc)) {
-               krb5_free_principal(context, outprinc);
-               krb5_free_context(context);
-               *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-               return(GSS_S_FAILURE);
-       }
-       
-       krb5_free_context(context);
-       *dest_name = (gss_name_t) outprinc;
-       return(GSS_S_COMPLETE);
-       
-}
+    if (minor_status)
+        *minor_status = 0;
 
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        if (minor_status)
+            *minor_status = code;
+        return GSS_S_FAILURE;
+    }
 
+    if (! kg_validate_name(input_name)) {
+        if (minor_status)
+            *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+    }
 
+    princ = (krb5_principal)input_name;
+    if ((code = krb5_copy_principal(context, princ, &outprinc))) {
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
 
+    if (! kg_save_name((gss_name_t) outprinc)) {
+        krb5_free_principal(context, outprinc);
+        krb5_free_context(context);
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_FAILURE);
+    }
 
+    krb5_free_context(context);
+    *dest_name = (gss_name_t) outprinc;
+    return(GSS_S_COMPLETE);
 
+}
index 9a54032b1d736bfbabb2135ae9ddad35bfc51016..d55a174e01c6a7aca1c3e05e003bf9cdb65d7624 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/export_name.c
  *
 #include "gssapiP_krb5.h"
 
 OM_uint32 krb5_gss_export_name(OM_uint32  *minor_status,
-                              const gss_name_t input_name,
-                              gss_buffer_t exported_name)
+                               const gss_name_t input_name,
+                               gss_buffer_t exported_name)
 {
-       krb5_context context;
-       krb5_error_code code;
-       size_t length;
-       char *str, *cp;
+    krb5_context context;
+    krb5_error_code code;
+    size_t length;
+    char *str, *cp;
 
-       if (minor_status)
-               *minor_status = 0;
+    if (minor_status)
+        *minor_status = 0;
 
-       code = krb5_gss_init_context(&context);
-       if (code) {
-           if (minor_status)
-               *minor_status = code;
-           return GSS_S_FAILURE;
-       }
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        if (minor_status)
+            *minor_status = code;
+        return GSS_S_FAILURE;
+    }
 
-       exported_name->length = 0;
-       exported_name->value = NULL;
-       
-       if (! kg_validate_name(input_name)) {
-               if (minor_status)
-                       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-               krb5_free_context(context);
-               return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-       }
+    exported_name->length = 0;
+    exported_name->value = NULL;
 
-       if ((code = krb5_unparse_name(context, (krb5_principal) input_name, 
-                                     &str))) {
-               if (minor_status)
-                       *minor_status = code;
-               save_error_info(code, context);
-               krb5_free_context(context);
-               return(GSS_S_FAILURE);
-       }
+    if (! kg_validate_name(input_name)) {
+        if (minor_status)
+            *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+    }
 
-       krb5_free_context(context);
-       length = strlen(str);
-       exported_name->length = 10 + length + gss_mech_krb5->length;
-       exported_name->value = malloc(exported_name->length);
-       if (!exported_name->value) {
-               free(str);
-               if (minor_status)
-                       *minor_status = ENOMEM;
-               return(GSS_S_FAILURE);
-       }
-       cp = exported_name->value;
+    if ((code = krb5_unparse_name(context, (krb5_principal) input_name,
+                                  &str))) {
+        if (minor_status)
+            *minor_status = code;
+        save_error_info(code, context);
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
 
-       /* Note: we assume the OID will be less than 128 bytes... */
-       *cp++ = 0x04; *cp++ = 0x01;
-       store_16_be(gss_mech_krb5->length+2, cp);
-       cp += 2;
-       *cp++ = 0x06;
-       *cp++ = (gss_mech_krb5->length) & 0xFF;
-       memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length);
-       cp += gss_mech_krb5->length;
-       store_32_be(length, cp);
-       cp += 4;
-       memcpy(cp, str, length);
+    krb5_free_context(context);
+    length = strlen(str);
+    exported_name->length = 10 + length + gss_mech_krb5->length;
+    exported_name->value = malloc(exported_name->length);
+    if (!exported_name->value) {
+        free(str);
+        if (minor_status)
+            *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
+    }
+    cp = exported_name->value;
 
-       free(str);
+    /* Note: we assume the OID will be less than 128 bytes... */
+    *cp++ = 0x04; *cp++ = 0x01;
+    store_16_be(gss_mech_krb5->length+2, cp);
+    cp += 2;
+    *cp++ = 0x06;
+    *cp++ = (gss_mech_krb5->length) & 0xFF;
+    memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length);
+    cp += gss_mech_krb5->length;
+    store_32_be(length, cp);
+    cp += 4;
+    memcpy(cp, str, length);
 
-       return(GSS_S_COMPLETE);
+    free(str);
+
+    return(GSS_S_COMPLETE);
 }
index f20d853d05e7d15891d0f392cc616a5f66d981ac..6b618d79563d05476da46bbd6d38126c89809bbb 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/export_sec_context.c
  *
  */
 
 /*
- * export_sec_context.c        - Externalize the security context.
+ * export_sec_context.c - Externalize the security context.
  */
 #include "gssapiP_krb5.h"
 #ifndef LEAN_CLIENT
 OM_uint32
 krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token)
-    OM_uint32          *minor_status;
-    gss_ctx_id_t       *context_handle;
-    gss_buffer_t       interprocess_token;
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        *context_handle;
+    gss_buffer_t        interprocess_token;
 {
-    krb5_context       context = NULL;
-    krb5_error_code    kret;
-    OM_uint32          retval;
-    size_t             bufsize, blen;
-    krb5_gss_ctx_id_t  ctx;
-    krb5_octet         *obuffer, *obp;
+    krb5_context        context = NULL;
+    krb5_error_code     kret;
+    OM_uint32           retval;
+    size_t              bufsize, blen;
+    krb5_gss_ctx_id_t   ctx;
+    krb5_octet          *obuffer, *obp;
 
     /* Assume a tragic failure */
     obuffer = (krb5_octet *) NULL;
@@ -49,35 +50,35 @@ krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token)
     *minor_status = 0;
 
     if (!kg_validate_ctx_id(*context_handle)) {
-           kret = (OM_uint32) G_VALIDATE_FAILED;
-           retval = GSS_S_NO_CONTEXT;
-           goto error_out;
+        kret = (OM_uint32) G_VALIDATE_FAILED;
+        retval = GSS_S_NO_CONTEXT;
+        goto error_out;
     }
 
     ctx = (krb5_gss_ctx_id_t) *context_handle;
     context = ctx->k5_context;
     kret = krb5_gss_ser_init(context);
     if (kret)
-       goto error_out;
+        goto error_out;
 
     /* Determine size needed for externalization of context */
     bufsize = 0;
     if ((kret = kg_ctx_size(context, (krb5_pointer) ctx,
-                           &bufsize)))
-           goto error_out;
+                            &bufsize)))
+        goto error_out;
 
     /* Allocate the buffer */
     if ((obuffer = (krb5_octet *) xmalloc(bufsize)) == NULL) {
-           kret = ENOMEM;
-           goto error_out;
+        kret = ENOMEM;
+        goto error_out;
     }
 
     obp = obuffer;
     blen = bufsize;
     /* Externalize the context */
     if ((kret = kg_ctx_externalize(context,
-                                  (krb5_pointer) ctx, &obp, &blen)))
-           goto error_out;
+                                   (krb5_pointer) ctx, &obp, &blen)))
+        goto error_out;
 
     /* Success!  Return the buffer */
     interprocess_token->length = bufsize - blen;
@@ -93,14 +94,14 @@ krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token)
 
 error_out:
     if (retval != GSS_S_COMPLETE)
-       if (kret != 0 && context != 0)
-           save_error_info(kret, context);
+        if (kret != 0 && context != 0)
+            save_error_info(kret, context);
     if (obuffer && bufsize) {
-           memset(obuffer, 0, bufsize);
-           xfree(obuffer);
+        memset(obuffer, 0, bufsize);
+        xfree(obuffer);
     }
-    if (*minor_status == 0) 
-           *minor_status = (OM_uint32) kret;
+    if (*minor_status == 0)
+        *minor_status = (OM_uint32) kret;
     return(retval);
 }
 #endif /* LEAN_CLIENT */
index 19841a086d6710c9adfb6ae97136f1246b82bec8..f4d9b92d2dc173ffffe4d0e06e1bf1e7cda248d1 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
  * $Id$
  */
 
-OM_uint32 KRB5_CALLCONV 
+OM_uint32 KRB5_CALLCONV
 gss_krb5int_get_tkt_flags(minor_status, context_handle, ticket_flags)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     krb5_flags *ticket_flags;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    krb5_flags *ticket_flags;
 {
-   krb5_gss_ctx_id_rec *ctx;
+    krb5_gss_ctx_id_rec *ctx;
 
-   /* validate the context handle */
-   if (! kg_validate_ctx_id(context_handle)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_NO_CONTEXT);
-   }
+    /* validate the context handle */
+    if (! kg_validate_ctx_id(context_handle)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_NO_CONTEXT);
+    }
 
-   ctx = (krb5_gss_ctx_id_rec *) context_handle;
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
-   if (! ctx->established) {
-      *minor_status = KG_CTX_INCOMPLETE;
-      return(GSS_S_NO_CONTEXT);
-   }
+    if (! ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
+    }
 
-   if (ticket_flags)
-      *ticket_flags = ctx->krb_flags;
+    if (ticket_flags)
+        *ticket_flags = ctx->krb_flags;
 
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
 }
index 33036fc534ab39ffb3660e5f4076b75ab722d448..617024b7c348b0960199bb45ee22c6f92e96ccde 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -34,7 +35,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 #define GSS_MECH_KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002"
 
 
-#define CKSUMTYPE_KG_CB                0x8003
+#define CKSUMTYPE_KG_CB         0x8003
 
-#define KG_TOK_CTX_AP_REQ      0x0100
-#define KG_TOK_CTX_AP_REP      0x0200
-#define KG_TOK_CTX_ERROR       0x0300
-#define KG_TOK_SIGN_MSG                0x0101
-#define KG_TOK_SEAL_MSG                0x0201
-#define        KG_TOK_MIC_MSG          0x0101
-#define        KG_TOK_WRAP_MSG         0x0201
-#define KG_TOK_DEL_CTX         0x0102
+#define KG_TOK_CTX_AP_REQ       0x0100
+#define KG_TOK_CTX_AP_REP       0x0200
+#define KG_TOK_CTX_ERROR        0x0300
+#define KG_TOK_SIGN_MSG         0x0101
+#define KG_TOK_SEAL_MSG         0x0201
+#define KG_TOK_MIC_MSG          0x0101
+#define KG_TOK_WRAP_MSG         0x0201
+#define KG_TOK_DEL_CTX          0x0102
 
-#define KG2_TOK_INITIAL                0x0101
-#define KG2_TOK_RESPONSE       0x0202
-#define KG2_TOK_MIC            0x0303
-#define KG2_TOK_WRAP_INTEG     0x0404
-#define KG2_TOK_WRAP_PRIV      0x0505
+#define KG2_TOK_INITIAL         0x0101
+#define KG2_TOK_RESPONSE        0x0202
+#define KG2_TOK_MIC             0x0303
+#define KG2_TOK_WRAP_INTEG      0x0404
+#define KG2_TOK_WRAP_PRIV       0x0505
 
 #define KRB5_GSS_FOR_CREDS_OPTION 1
 
-#define KG2_RESP_FLAG_ERROR            0x0001
-#define KG2_RESP_FLAG_DELEG_OK         0x0002
+#define KG2_RESP_FLAG_ERROR             0x0001
+#define KG2_RESP_FLAG_DELEG_OK          0x0002
 
 /* These are to be stored in little-endian order, i.e., des-mac is
    stored as 02 00.  */
 enum sgn_alg {
-  SGN_ALG_DES_MAC_MD5           = 0x0000,
-  SGN_ALG_MD2_5                 = 0x0001,
-  SGN_ALG_DES_MAC               = 0x0002,
-  SGN_ALG_3                    = 0x0003, /* not published */
-  SGN_ALG_HMAC_MD5              = 0x0011, /* microsoft w2k;  */
-  SGN_ALG_HMAC_SHA1_DES3_KD     = 0x0004
+    SGN_ALG_DES_MAC_MD5           = 0x0000,
+    SGN_ALG_MD2_5                 = 0x0001,
+    SGN_ALG_DES_MAC               = 0x0002,
+    SGN_ALG_3                     = 0x0003, /* not published */
+    SGN_ALG_HMAC_MD5              = 0x0011, /* microsoft w2k;  */
+    SGN_ALG_HMAC_SHA1_DES3_KD     = 0x0004
 };
 enum seal_alg {
-  SEAL_ALG_NONE            = 0xffff,
-  SEAL_ALG_DES             = 0x0000,
-  SEAL_ALG_1              = 0x0001, /* not published */
-  SEAL_ALG_MICROSOFT_RC4   = 0x0010, /* microsoft w2k;  */
-  SEAL_ALG_DES3KD          = 0x0002
+    SEAL_ALG_NONE            = 0xffff,
+    SEAL_ALG_DES             = 0x0000,
+    SEAL_ALG_1               = 0x0001, /* not published */
+    SEAL_ALG_MICROSOFT_RC4   = 0x0010, /* microsoft w2k;  */
+    SEAL_ALG_DES3KD          = 0x0002
 };
 
 /* for 3DES */
@@ -131,20 +132,20 @@ enum seal_alg {
 #define KG_USAGE_SEQ  24
 
 /* for draft-ietf-krb-wg-gssapi-cfx-01 */
-#define KG_USAGE_ACCEPTOR_SEAL 22
-#define KG_USAGE_ACCEPTOR_SIGN 23
-#define KG_USAGE_INITIATOR_SEAL        24
-#define KG_USAGE_INITIATOR_SIGN        25
+#define KG_USAGE_ACCEPTOR_SEAL  22
+#define KG_USAGE_ACCEPTOR_SIGN  23
+#define KG_USAGE_INITIATOR_SEAL 24
+#define KG_USAGE_INITIATOR_SIGN 25
 
 enum qop {
-  GSS_KRB5_INTEG_C_QOP_MD5       = 0x0001, /* *partial* MD5 = "MD2.5" */
-  GSS_KRB5_INTEG_C_QOP_DES_MD5   = 0x0002,
-  GSS_KRB5_INTEG_C_QOP_DES_MAC   = 0x0003,
-  GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004,
-  GSS_KRB5_INTEG_C_QOP_MASK      = 0x00ff,
-  GSS_KRB5_CONF_C_QOP_DES        = 0x0100,
-  GSS_KRB5_CONF_C_QOP_DES3_KD    = 0x0200,
-  GSS_KRB5_CONF_C_QOP_MASK       = 0xff00
+    GSS_KRB5_INTEG_C_QOP_MD5       = 0x0001, /* *partial* MD5 = "MD2.5" */
+    GSS_KRB5_INTEG_C_QOP_DES_MD5   = 0x0002,
+    GSS_KRB5_INTEG_C_QOP_DES_MAC   = 0x0003,
+    GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004,
+    GSS_KRB5_INTEG_C_QOP_MASK      = 0x00ff,
+    GSS_KRB5_CONF_C_QOP_DES        = 0x0100,
+    GSS_KRB5_CONF_C_QOP_DES3_KD    = 0x0200,
+    GSS_KRB5_CONF_C_QOP_MASK       = 0xff00
 };
 
 /** internal types **/
@@ -152,61 +153,61 @@ enum qop {
 typedef krb5_principal krb5_gss_name_t;
 
 typedef struct _krb5_gss_cred_id_rec {
-   /* protect against simultaneous accesses */
-   k5_mutex_t lock;
+    /* protect against simultaneous accesses */
+    k5_mutex_t lock;
 
-   /* name/type of credential */
-   gss_cred_usage_t usage;
-   krb5_principal princ;       /* this is not interned as a gss_name_t */
-   int prerfc_mech;
-   int rfc_mech;
+    /* name/type of credential */
+    gss_cred_usage_t usage;
+    krb5_principal princ;        /* this is not interned as a gss_name_t */
+    int prerfc_mech;
+    int rfc_mech;
 
-   /* keytab (accept) data */
-   krb5_keytab keytab;
-   krb5_rcache rcache;
+    /* keytab (accept) data */
+    krb5_keytab keytab;
+    krb5_rcache rcache;
 
-   /* ccache (init) data */
-   krb5_ccache ccache;
-   krb5_timestamp tgt_expire;
-   krb5_enctype *req_enctypes; /* limit negotiated enctypes to this list */
-} krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; 
+    /* ccache (init) data */
+    krb5_ccache ccache;
+    krb5_timestamp tgt_expire;
+    krb5_enctype *req_enctypes;  /* limit negotiated enctypes to this list */
+} krb5_gss_cred_id_rec, *krb5_gss_cred_id_t;
 
 typedef struct _krb5_gss_ctx_id_rec {
-   unsigned int initiate : 1;  /* nonzero if initiating, zero if accepting */
-   unsigned int established : 1;
-   unsigned int big_endian : 1;
-   unsigned int have_acceptor_subkey : 1;
-   unsigned int seed_init : 1; /* XXX tested but never actually set */
-   OM_uint32 gss_flags;
-   unsigned char seed[16];
-   krb5_principal here;
-   krb5_principal there;
-   krb5_keyblock *subkey;
-   int signalg;
-   size_t cksum_size;
-   int sealalg;
-   krb5_keyblock *enc;
-   krb5_keyblock *seq;
-   krb5_timestamp endtime;
-   krb5_flags krb_flags;
-   /* XXX these used to be signed.  the old spec is inspecific, and
-      the new spec specifies unsigned.  I don't believe that the change
-      affects the wire encoding. */
-   gssint_uint64 seq_send;
-   gssint_uint64 seq_recv;
-   void *seqstate;
-   krb5_context k5_context;
-   krb5_auth_context auth_context;
-   gss_OID_desc *mech_used;
+    unsigned int initiate : 1;   /* nonzero if initiating, zero if accepting */
+    unsigned int established : 1;
+    unsigned int big_endian : 1;
+    unsigned int have_acceptor_subkey : 1;
+    unsigned int seed_init : 1;  /* XXX tested but never actually set */
+    OM_uint32 gss_flags;
+    unsigned char seed[16];
+    krb5_principal here;
+    krb5_principal there;
+    krb5_keyblock *subkey;
+    int signalg;
+    size_t cksum_size;
+    int sealalg;
+    krb5_keyblock *enc;
+    krb5_keyblock *seq;
+    krb5_timestamp endtime;
+    krb5_flags krb_flags;
+    /* XXX these used to be signed.  the old spec is inspecific, and
+       the new spec specifies unsigned.  I don't believe that the change
+       affects the wire encoding. */
+    gssint_uint64 seq_send;
+    gssint_uint64 seq_recv;
+    void *seqstate;
+    krb5_context k5_context;
+    krb5_auth_context auth_context;
+    gss_OID_desc *mech_used;
     /* Protocol spec revision
        0 => RFC 1964 with 3DES and RC4 enhancements
        1 => draft-ietf-krb-wg-gssapi-cfx-01
        No others defined so far.  */
-   int proto;
-   krb5_cksumtype cksumtype;   /* for "main" subkey */
-   krb5_keyblock *acceptor_subkey; /* CFX only */
-   krb5_cksumtype acceptor_subkey_cksumtype;
-   int cred_rcache;            /* did we get rcache from creds? */
+    int proto;
+    krb5_cksumtype cksumtype;    /* for "main" subkey */
+    krb5_keyblock *acceptor_subkey; /* CFX only */
+    krb5_cksumtype acceptor_subkey_cksumtype;
+    int cred_rcache;             /* did we get rcache from creds? */
 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
 
 extern g_set kg_vdb;
@@ -217,471 +218,471 @@ extern k5_mutex_t gssint_krb5_keytab_lock;
 
 /* helper macros */
 
-#define kg_save_name(name)             g_save_name(&kg_vdb,name)
-#define kg_save_cred_id(cred)          g_save_cred_id(&kg_vdb,cred)
-#define kg_save_ctx_id(ctx)            g_save_ctx_id(&kg_vdb,ctx)
-#define kg_save_lucidctx_id(lctx)      g_save_lucidctx_id(&kg_vdb,lctx)
+#define kg_save_name(name)              g_save_name(&kg_vdb,name)
+#define kg_save_cred_id(cred)           g_save_cred_id(&kg_vdb,cred)
+#define kg_save_ctx_id(ctx)             g_save_ctx_id(&kg_vdb,ctx)
+#define kg_save_lucidctx_id(lctx)       g_save_lucidctx_id(&kg_vdb,lctx)
 
-#define kg_validate_name(name)         g_validate_name(&kg_vdb,name)
-#define kg_validate_cred_id(cred)      g_validate_cred_id(&kg_vdb,cred)
-#define kg_validate_ctx_id(ctx)                g_validate_ctx_id(&kg_vdb,ctx)
-#define kg_validate_lucidctx_id(lctx)  g_validate_lucidctx_id(&kg_vdb,lctx)
+#define kg_validate_name(name)          g_validate_name(&kg_vdb,name)
+#define kg_validate_cred_id(cred)       g_validate_cred_id(&kg_vdb,cred)
+#define kg_validate_ctx_id(ctx)         g_validate_ctx_id(&kg_vdb,ctx)
+#define kg_validate_lucidctx_id(lctx)   g_validate_lucidctx_id(&kg_vdb,lctx)
 
-#define kg_delete_name(name)           g_delete_name(&kg_vdb,name)
-#define kg_delete_cred_id(cred)                g_delete_cred_id(&kg_vdb,cred)
-#define kg_delete_ctx_id(ctx)          g_delete_ctx_id(&kg_vdb,ctx)
-#define kg_delete_lucidctx_id(lctx)    g_delete_lucidctx_id(&kg_vdb,lctx)
+#define kg_delete_name(name)            g_delete_name(&kg_vdb,name)
+#define kg_delete_cred_id(cred)         g_delete_cred_id(&kg_vdb,cred)
+#define kg_delete_ctx_id(ctx)           g_delete_ctx_id(&kg_vdb,ctx)
+#define kg_delete_lucidctx_id(lctx)     g_delete_lucidctx_id(&kg_vdb,lctx)
 
 /** helper functions **/
 
-OM_uint32 kg_get_defcred 
-       (OM_uint32 *minor_status, 
                 gss_cred_id_t *cred);
+OM_uint32 kg_get_defcred
+(OM_uint32 *minor_status,
+ gss_cred_id_t *cred);
 
 krb5_error_code kg_checksum_channel_bindings
-         (krb5_context context, gss_channel_bindings_t cb,
                                           krb5_checksum *cksum,
                                           int bigend);
+(krb5_context context, gss_channel_bindings_t cb,
+ krb5_checksum *cksum,
+ int bigend);
 
 krb5_error_code kg_make_seq_num (krb5_context context,
-                                          krb5_keyblock *key,
-            int direction, krb5_ui_4 seqnum, unsigned char *cksum,
-                               unsigned char *buf);
+                                 krb5_keyblock *key,
+                                 int direction, krb5_ui_4 seqnum, unsigned char *cksum,
+                                 unsigned char *buf);
 
 krb5_error_code kg_get_seq_num (krb5_context context,
-                                         krb5_keyblock *key,
-            unsigned char *cksum, unsigned char *buf, int *direction,
-                                         krb5_ui_4 *seqnum);
+                                krb5_keyblock *key,
+                                unsigned char *cksum, unsigned char *buf, int *direction,
+                                krb5_ui_4 *seqnum);
 
 krb5_error_code kg_make_seed (krb5_context context,
-                                       krb5_keyblock *key,
-                                       unsigned char *seed);
+                              krb5_keyblock *key,
+                              unsigned char *seed);
 
 int kg_confounder_size (krb5_context context, krb5_keyblock *key);
 
-krb5_error_code kg_make_confounder (krb5_context context, 
-           krb5_keyblock *key, unsigned char *buf);
+krb5_error_code kg_make_confounder (krb5_context context,
+                                    krb5_keyblock *key, unsigned char *buf);
 
-krb5_error_code kg_encrypt (krb5_context context, 
-                                     krb5_keyblock *key, int usage,
-                                     krb5_pointer iv,
-                                     krb5_const_pointer in,
-                                     krb5_pointer out,
-                                     unsigned int length);
+krb5_error_code kg_encrypt (krb5_context context,
+                            krb5_keyblock *key, int usage,
+                            krb5_pointer iv,
+                            krb5_const_pointer in,
+                            krb5_pointer out,
+                            unsigned int length);
 krb5_error_code
 kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage,
-                   const unsigned char *kd_data, size_t kd_data_len,
-                   const unsigned char *input_buf, size_t input_len,
-                   unsigned char *output_buf);
+                    const unsigned char *kd_data, size_t kd_data_len,
+                    const unsigned char *input_buf, size_t input_len,
+                    unsigned char *output_buf);
 
 krb5_error_code kg_decrypt (krb5_context context,
-                                     krb5_keyblock *key,  int usage,
-                                     krb5_pointer iv,
-                                     krb5_const_pointer in,
-                                     krb5_pointer out,
-                                     unsigned int length);
+                            krb5_keyblock *key,  int usage,
+                            krb5_pointer iv,
+                            krb5_const_pointer in,
+                            krb5_pointer out,
+                            unsigned int length);
 
 OM_uint32 kg_seal (OM_uint32 *minor_status,
-                 gss_ctx_id_t context_handle,
-                 int conf_req_flag,
-                 int qop_req,
-                 gss_buffer_t input_message_buffer,
-                 int *conf_state,
-                 gss_buffer_t output_message_buffer,
-                 int toktype);
+                   gss_ctx_id_t context_handle,
+                   int conf_req_flag,
+                   int qop_req,
+                   gss_buffer_t input_message_buffer,
+                   int *conf_state,
+                   gss_buffer_t output_message_buffer,
+                   int toktype);
 
 OM_uint32 kg_unseal (OM_uint32 *minor_status,
-                   gss_ctx_id_t context_handle,
-                   gss_buffer_t input_token_buffer,
-                   gss_buffer_t message_buffer,
-                   int *conf_state,
-                   int *qop_state,
-                   int toktype);
+                     gss_ctx_id_t context_handle,
+                     gss_buffer_t input_token_buffer,
+                     gss_buffer_t message_buffer,
+                     int *conf_state,
+                     int *qop_state,
+                     int toktype);
 
 OM_uint32 kg_seal_size (OM_uint32 *minor_status,
-                                 gss_ctx_id_t context_handle,
-                                 int conf_req_flag,
-                                 gss_qop_t qop_req,
-                                 OM_uint32 output_size,
-                                 OM_uint32 *input_size);
+                        gss_ctx_id_t context_handle,
+                        int conf_req_flag,
+                        gss_qop_t qop_req,
+                        OM_uint32 output_size,
+                        OM_uint32 *input_size);
 
 krb5_error_code kg_ctx_size (krb5_context kcontext,
-                                      krb5_pointer arg,
-                                      size_t *sizep);
+                             krb5_pointer arg,
+                             size_t *sizep);
 
 krb5_error_code kg_ctx_externalize (krb5_context kcontext,
-                                             krb5_pointer arg,
-                                             krb5_octet **buffer,
-                                             size_t *lenremain);
+                                    krb5_pointer arg,
+                                    krb5_octet **buffer,
+                                    size_t *lenremain);
 
 krb5_error_code kg_ctx_internalize (krb5_context kcontext,
-                                             krb5_pointer *argp,
-                                             krb5_octet **buffer,
-                                             size_t *lenremain);
+                                    krb5_pointer *argp,
+                                    krb5_octet **buffer,
+                                    size_t *lenremain);
 
 OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status);
 
-OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status, 
+OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status,
                                           int *out_caller_provided_name);
 
-OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, 
+OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status,
                               const char **out_name);
 
-OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status, 
+OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status,
                               const char *name);
 
 /** declarations of internal name mechanism functions **/
 
 OM_uint32 krb5_gss_acquire_cred
 (OM_uint32*,       /* minor_status */
           gss_name_t,       /* desired_name */
           OM_uint32,        /* time_req */
           gss_OID_set,      /* desired_mechs */
           gss_cred_usage_t, /* cred_usage */
           gss_cred_id_t*,   /* output_cred_handle */
           gss_OID_set*,     /* actual_mechs */
           OM_uint32*        /* time_rec */
-           );
+ gss_name_t,       /* desired_name */
+ OM_uint32,        /* time_req */
+ gss_OID_set,      /* desired_mechs */
+ gss_cred_usage_t, /* cred_usage */
+ gss_cred_id_t*,   /* output_cred_handle */
+ gss_OID_set*,     /* actual_mechs */
+ OM_uint32*        /* time_rec */
+);
 
 OM_uint32 krb5_gss_release_cred
 (OM_uint32*,       /* minor_status */
           gss_cred_id_t*    /* cred_handle */
-           );
+ gss_cred_id_t*    /* cred_handle */
+);
 
 OM_uint32 krb5_gss_init_sec_context
 (OM_uint32*,       /* minor_status */
           gss_cred_id_t,    /* claimant_cred_handle */
           gss_ctx_id_t*,    /* context_handle */
           gss_name_t,       /* target_name */
           gss_OID,          /* mech_type */
           OM_uint32,        /* req_flags */
           OM_uint32,        /* time_req */
           gss_channel_bindings_t,
                             /* input_chan_bindings */
           gss_buffer_t,     /* input_token */
           gss_OID*,         /* actual_mech_type */
           gss_buffer_t,     /* output_token */
           OM_uint32*,       /* ret_flags */
           OM_uint32*        /* time_rec */
-           );
+ gss_cred_id_t,    /* claimant_cred_handle */
+ gss_ctx_id_t*,    /* context_handle */
+ gss_name_t,       /* target_name */
+ gss_OID,          /* mech_type */
+ OM_uint32,        /* req_flags */
+ OM_uint32,        /* time_req */
+ gss_channel_bindings_t,
+ /* input_chan_bindings */
+ gss_buffer_t,     /* input_token */
+ gss_OID*,         /* actual_mech_type */
+ gss_buffer_t,     /* output_token */
+ OM_uint32*,       /* ret_flags */
+ OM_uint32*        /* time_rec */
+);
 
 #ifndef LEAN_CLIENT
 OM_uint32 krb5_gss_accept_sec_context
 (OM_uint32*,       /* minor_status */
           gss_ctx_id_t*,    /* context_handle */
           gss_cred_id_t,    /* verifier_cred_handle */
           gss_buffer_t,     /* input_token_buffer */
           gss_channel_bindings_t,
                             /* input_chan_bindings */
           gss_name_t*,      /* src_name */
           gss_OID*,         /* mech_type */
           gss_buffer_t,     /* output_token */
           OM_uint32*,       /* ret_flags */
           OM_uint32*,       /* time_rec */
           gss_cred_id_t*    /* delegated_cred_handle */
-           );
+ gss_ctx_id_t*,    /* context_handle */
+ gss_cred_id_t,    /* verifier_cred_handle */
+ gss_buffer_t,     /* input_token_buffer */
+ gss_channel_bindings_t,
+ /* input_chan_bindings */
+ gss_name_t*,      /* src_name */
+ gss_OID*,         /* mech_type */
+ gss_buffer_t,     /* output_token */
+ OM_uint32*,       /* ret_flags */
+ OM_uint32*,       /* time_rec */
+ gss_cred_id_t*    /* delegated_cred_handle */
+);
 #endif /* LEAN_CLIENT */
 
 OM_uint32 krb5_gss_process_context_token
 (OM_uint32*,       /* minor_status */
           gss_ctx_id_t,     /* context_handle */
           gss_buffer_t      /* token_buffer */
-           );
+ gss_ctx_id_t,     /* context_handle */
+ gss_buffer_t      /* token_buffer */
+);
 
 OM_uint32 krb5_gss_delete_sec_context
 (OM_uint32*,       /* minor_status */
           gss_ctx_id_t*,    /* context_handle */
           gss_buffer_t      /* output_token */
-           );
+ gss_ctx_id_t*,    /* context_handle */
+ gss_buffer_t      /* output_token */
+);
 
 OM_uint32 krb5_gss_context_time
 (OM_uint32*,       /* minor_status */
           gss_ctx_id_t,     /* context_handle */
           OM_uint32*        /* time_rec */
-           );
+ gss_ctx_id_t,     /* context_handle */
+ OM_uint32*        /* time_rec */
+);
 
 OM_uint32 krb5_gss_sign
 (OM_uint32*,       /* minor_status */
           gss_ctx_id_t,     /* context_handle */
           int,              /* qop_req */
           gss_buffer_t,     /* message_buffer */
           gss_buffer_t      /* message_token */
-           );
+ gss_ctx_id_t,     /* context_handle */
+ int,              /* qop_req */
+ gss_buffer_t,     /* message_buffer */
+ gss_buffer_t      /* message_token */
+);
 
 OM_uint32 krb5_gss_verify
 (OM_uint32*,       /* minor_status */
           gss_ctx_id_t,     /* context_handle */
           gss_buffer_t,     /* message_buffer */
           gss_buffer_t,     /* token_buffer */
           int*              /* qop_state */
-           );
+ gss_ctx_id_t,     /* context_handle */
+ gss_buffer_t,     /* message_buffer */
+ gss_buffer_t,     /* token_buffer */
+ int*              /* qop_state */
+);
 
 OM_uint32 krb5_gss_seal
 (OM_uint32*,       /* minor_status */
           gss_ctx_id_t,     /* context_handle */
           int,              /* conf_req_flag */
           int,              /* qop_req */
           gss_buffer_t,     /* input_message_buffer */
           int*,             /* conf_state */
           gss_buffer_t      /* output_message_buffer */
-           );
+ gss_ctx_id_t,     /* context_handle */
+ int,              /* conf_req_flag */
+ int,              /* qop_req */
+ gss_buffer_t,     /* input_message_buffer */
+ int*,             /* conf_state */
+ gss_buffer_t      /* output_message_buffer */
+);
 
 OM_uint32 krb5_gss_unseal
 (OM_uint32*,       /* minor_status */
           gss_ctx_id_t,     /* context_handle */
           gss_buffer_t,     /* input_message_buffer */
           gss_buffer_t,     /* output_message_buffer */
           int*,             /* conf_state */
           int*              /* qop_state */
-           );
+ gss_ctx_id_t,     /* context_handle */
+ gss_buffer_t,     /* input_message_buffer */
+ gss_buffer_t,     /* output_message_buffer */
+ int*,             /* conf_state */
+ int*              /* qop_state */
+);
 
 OM_uint32 krb5_gss_display_status
 (OM_uint32*,       /* minor_status */
           OM_uint32,        /* status_value */
           int,              /* status_type */
           gss_OID,          /* mech_type */
           OM_uint32*,       /* message_context */
           gss_buffer_t      /* status_string */
-           );
+ OM_uint32,        /* status_value */
+ int,              /* status_type */
+ gss_OID,          /* mech_type */
+ OM_uint32*,       /* message_context */
+ gss_buffer_t      /* status_string */
+);
 
 OM_uint32 krb5_gss_indicate_mechs
 (OM_uint32*,       /* minor_status */
           gss_OID_set*      /* mech_set */
-           );
+ gss_OID_set*      /* mech_set */
+);
 
 OM_uint32 krb5_gss_compare_name
 (OM_uint32*,       /* minor_status */
           gss_name_t,       /* name1 */
           gss_name_t,       /* name2 */
           int*              /* name_equal */
-           );
+ gss_name_t,       /* name1 */
+ gss_name_t,       /* name2 */
+ int*              /* name_equal */
+);
 
 OM_uint32 krb5_gss_display_name
 (OM_uint32*,      /* minor_status */
           gss_name_t,      /* input_name */
           gss_buffer_t,    /* output_name_buffer */
           gss_OID*         /* output_name_type */
-           );
+ gss_name_t,      /* input_name */
+ gss_buffer_t,    /* output_name_buffer */
+ gss_OID*         /* output_name_type */
+);
 
 
 OM_uint32 krb5_gss_import_name
 (OM_uint32*,       /* minor_status */
           gss_buffer_t,     /* input_name_buffer */
           gss_OID,          /* input_name_type */
           gss_name_t*       /* output_name */
-           );
+ gss_buffer_t,     /* input_name_buffer */
+ gss_OID,          /* input_name_type */
+ gss_name_t*       /* output_name */
+);
 
 OM_uint32 krb5_gss_release_name
 (OM_uint32*,       /* minor_status */
           gss_name_t*       /* input_name */
-           );
+ gss_name_t*       /* input_name */
+);
 
 OM_uint32 krb5_gss_inquire_cred
 (OM_uint32 *,      /* minor_status */
           gss_cred_id_t,    /* cred_handle */
           gss_name_t *,     /* name */
           OM_uint32 *,      /* lifetime */
           gss_cred_usage_t*,/* cred_usage */
           gss_OID_set *     /* mechanisms */
-           );
+ gss_cred_id_t,    /* cred_handle */
+ gss_name_t *,     /* name */
+ OM_uint32 *,      /* lifetime */
+ gss_cred_usage_t*,/* cred_usage */
+ gss_OID_set *     /* mechanisms */
+);
 
 OM_uint32 krb5_gss_inquire_context
 (OM_uint32*,       /* minor_status */
          gss_ctx_id_t,     /* context_handle */
          gss_name_t*,      /* initiator_name */
          gss_name_t*,      /* acceptor_name */
          OM_uint32*,       /* lifetime_rec */
          gss_OID*,         /* mech_type */
          OM_uint32*,       /* ret_flags */
          int*,             /* locally_initiated */
          int*              /* open */
-          );
+ gss_ctx_id_t,     /* context_handle */
+ gss_name_t*,      /* initiator_name */
+ gss_name_t*,      /* acceptor_name */
+ OM_uint32*,       /* lifetime_rec */
+ gss_OID*,         /* mech_type */
+ OM_uint32*,       /* ret_flags */
+ int*,             /* locally_initiated */
+ int*              /* open */
+);
 
 /* New V2 entry points */
 OM_uint32 krb5_gss_get_mic
-(OM_uint32 *,          /* minor_status */
          gss_ctx_id_t,               /* context_handle */
          gss_qop_t,                  /* qop_req */
          gss_buffer_t,               /* message_buffer */
          gss_buffer_t                /* message_token */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ gss_qop_t,                  /* qop_req */
+ gss_buffer_t,               /* message_buffer */
+ gss_buffer_t                /* message_token */
+);
 
 OM_uint32 krb5_gss_verify_mic
-(OM_uint32 *,          /* minor_status */
          gss_ctx_id_t,               /* context_handle */
          gss_buffer_t,               /* message_buffer */
          gss_buffer_t,               /* message_token */
          gss_qop_t *                 /* qop_state */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ gss_buffer_t,               /* message_buffer */
+ gss_buffer_t,               /* message_token */
+ gss_qop_t *                 /* qop_state */
+);
 
 OM_uint32 krb5_gss_wrap
-(OM_uint32 *,          /* minor_status */
          gss_ctx_id_t,               /* context_handle */
          int,                        /* conf_req_flag */
          gss_qop_t,                  /* qop_req */
          gss_buffer_t,               /* input_message_buffer */
          int *,                      /* conf_state */
          gss_buffer_t                /* output_message_buffer */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ int,                        /* conf_req_flag */
+ gss_qop_t,                  /* qop_req */
+ gss_buffer_t,               /* input_message_buffer */
+ int *,                      /* conf_state */
+ gss_buffer_t                /* output_message_buffer */
+);
 
 OM_uint32 krb5_gss_unwrap
-(OM_uint32 *,          /* minor_status */
          gss_ctx_id_t,               /* context_handle */
          gss_buffer_t,               /* input_message_buffer */
          gss_buffer_t,               /* output_message_buffer */
          int *,                      /* conf_state */
          gss_qop_t *                 /* qop_state */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ gss_buffer_t,               /* input_message_buffer */
+ gss_buffer_t,               /* output_message_buffer */
+ int *,                      /* conf_state */
+ gss_qop_t *                 /* qop_state */
+);
 
 OM_uint32 krb5_gss_wrap_size_limit
-(OM_uint32 *,          /* minor_status */
          gss_ctx_id_t,               /* context_handle */
          int,                        /* conf_req_flag */
          gss_qop_t,                  /* qop_req */
          OM_uint32,                  /* req_output_size */
          OM_uint32 *                 /* max_input_size */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ int,                        /* conf_req_flag */
+ gss_qop_t,                  /* qop_req */
+ OM_uint32,                  /* req_output_size */
+ OM_uint32 *                 /* max_input_size */
+);
 
 OM_uint32 krb5_gss_import_name_object
-(OM_uint32 *,          /* minor_status */
          void *,                     /* input_name */
          gss_OID,                    /* input_name_type */
          gss_name_t *                /* output_name */
-          );
+(OM_uint32 *,           /* minor_status */
+ void *,                     /* input_name */
+ gss_OID,                    /* input_name_type */
+ gss_name_t *                /* output_name */
+);
 
 OM_uint32 krb5_gss_export_name_object
-(OM_uint32 *,          /* minor_status */
          gss_name_t,                 /* input_name */
          gss_OID,                    /* desired_name_type */
          void * *                    /* output_name */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_name_t,                 /* input_name */
+ gss_OID,                    /* desired_name_type */
+ void * *                    /* output_name */
+);
 
 OM_uint32 krb5_gss_add_cred
-(OM_uint32 *,          /* minor_status */
          gss_cred_id_t,              /* input_cred_handle */
          gss_name_t,                 /* desired_name */
          gss_OID,                    /* desired_mech */
          gss_cred_usage_t,           /* cred_usage */
          OM_uint32,                  /* initiator_time_req */
          OM_uint32,                  /* acceptor_time_req */
          gss_cred_id_t *,            /* output_cred_handle */
          gss_OID_set *,              /* actual_mechs */
          OM_uint32 *,                /* initiator_time_rec */
          OM_uint32 *                 /* acceptor_time_rec */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_cred_id_t,              /* input_cred_handle */
+ gss_name_t,                 /* desired_name */
+ gss_OID,                    /* desired_mech */
+ gss_cred_usage_t,           /* cred_usage */
+ OM_uint32,                  /* initiator_time_req */
+ OM_uint32,                  /* acceptor_time_req */
+ gss_cred_id_t *,            /* output_cred_handle */
+ gss_OID_set *,              /* actual_mechs */
+ OM_uint32 *,                /* initiator_time_rec */
+ OM_uint32 *                 /* acceptor_time_rec */
+);
 
 OM_uint32 krb5_gss_inquire_cred_by_mech
-(OM_uint32  *,         /* minor_status */
          gss_cred_id_t,              /* cred_handle */
          gss_OID,                    /* mech_type */
          gss_name_t *,               /* name */
          OM_uint32 *,                /* initiator_lifetime */
          OM_uint32 *,                /* acceptor_lifetime */
          gss_cred_usage_t *          /* cred_usage */
-          );
+(OM_uint32  *,          /* minor_status */
+ gss_cred_id_t,              /* cred_handle */
+ gss_OID,                    /* mech_type */
+ gss_name_t *,               /* name */
+ OM_uint32 *,                /* initiator_lifetime */
+ OM_uint32 *,                /* acceptor_lifetime */
+ gss_cred_usage_t *          /* cred_usage */
+);
 #ifndef LEAN_CLIENT
 OM_uint32 krb5_gss_export_sec_context
-(OM_uint32 *,          /* minor_status */
          gss_ctx_id_t *,             /* context_handle */
          gss_buffer_t                /* interprocess_token */
-           );
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t *,             /* context_handle */
+ gss_buffer_t                /* interprocess_token */
+);
 
 OM_uint32 krb5_gss_import_sec_context
-(OM_uint32 *,          /* minor_status */
          gss_buffer_t,               /* interprocess_token */
          gss_ctx_id_t *              /* context_handle */
-           );
+(OM_uint32 *,           /* minor_status */
+ gss_buffer_t,               /* interprocess_token */
+ gss_ctx_id_t *              /* context_handle */
+);
 #endif /* LEAN_CLIENT */
 
 krb5_error_code krb5_gss_ser_init(krb5_context);
 
 OM_uint32 krb5_gss_release_oid
-(OM_uint32 *,          /* minor_status */
          gss_OID *                   /* oid */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_OID *                   /* oid */
+);
 
 OM_uint32 krb5_gss_internal_release_oid
-(OM_uint32 *,          /* minor_status */
          gss_OID *                   /* oid */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_OID *                   /* oid */
+);
 
 OM_uint32 krb5_gss_inquire_names_for_mech
-(OM_uint32 *,          /* minor_status */
          gss_OID,                    /* mechanism */
          gss_OID_set *               /* name_types */
-          );
+(OM_uint32 *,           /* minor_status */
+ gss_OID,                    /* mechanism */
+ gss_OID_set *               /* name_types */
+);
 
 OM_uint32 krb5_gss_canonicalize_name
-(OM_uint32  *,         /* minor_status */
          const gss_name_t,           /* input_name */
          const gss_OID,              /* mech_type */
          gss_name_t *                /* output_name */
-        );
-       
+(OM_uint32  *,          /* minor_status */
+ const gss_name_t,           /* input_name */
+ const gss_OID,              /* mech_type */
+ gss_name_t *                /* output_name */
+);
+
 OM_uint32 krb5_gss_export_name
-(OM_uint32  *,         /* minor_status */
          const gss_name_t,           /* input_name */
          gss_buffer_t                /* exported_name */
-        );
+(OM_uint32  *,          /* minor_status */
+ const gss_name_t,           /* input_name */
+ gss_buffer_t                /* exported_name */
+);
 
 OM_uint32 krb5_gss_duplicate_name
-(OM_uint32  *,         /* minor_status */
          const gss_name_t,           /* input_name */
          gss_name_t *                /* dest_name */
-        );
+(OM_uint32  *,          /* minor_status */
+ const gss_name_t,           /* input_name */
+ gss_name_t *                /* dest_name */
+);
 
 OM_uint32 krb5_gss_validate_cred
-(OM_uint32 *,          /* minor_status */
          gss_cred_id_t               /* cred */
-         );
+(OM_uint32 *,           /* minor_status */
+ gss_cred_id_t               /* cred */
+);
 
 OM_uint32
 krb5_gss_validate_cred_1(OM_uint32 * /* minor_status */,
-                        gss_cred_id_t /* cred_handle */,
-                        krb5_context /* context */);
+                         gss_cred_id_t /* cred_handle */,
+                         krb5_context /* context */);
 
 gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid);
-       
+
 krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context,
-                                              krb5_gss_ctx_id_rec *,
-                                              const gss_buffer_desc *,
-                                              gss_buffer_t,
-                                              int, int);
+                                               krb5_gss_ctx_id_rec *,
+                                               const gss_buffer_desc *,
+                                               gss_buffer_t,
+                                               int, int);
 
 OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr,
-                                     OM_uint32 *minor_status,
-                                     krb5_gss_ctx_id_rec *ctx,
-                                     unsigned char *ptr,
-                                     unsigned int bodysize,
-                                     gss_buffer_t message_buffer,
-                                     int *conf_state, int *qop_state, 
-                                     int toktype);
+                                      OM_uint32 *minor_status,
+                                      krb5_gss_ctx_id_rec *ctx,
+                                      unsigned char *ptr,
+                                      unsigned int bodysize,
+                                      gss_buffer_t message_buffer,
+                                      int *conf_state, int *qop_state,
+                                      int toktype);
 
 /*
  * These take unglued krb5-mech-specific contexts.
  */
 
-OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags 
-       (OM_uint32 *minor_status,
                 gss_ctx_id_t context_handle,
                 krb5_flags *ticket_flags);
+OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags
+(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ krb5_flags *ticket_flags);
 
 OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache
-       (OM_uint32 *minor_status,
                 gss_cred_id_t cred_handle,
                 krb5_ccache out_ccache);
+(OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ krb5_ccache out_ccache);
 
 OM_uint32 KRB5_CALLCONV
-gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, 
-                                  gss_cred_id_t cred,
-                                  OM_uint32 num_ktypes,
-                                  krb5_enctype *ktypes);
+gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
+                                   gss_cred_id_t cred,
+                                   OM_uint32 num_ktypes,
+                                   krb5_enctype *ktypes);
 
 OM_uint32 KRB5_CALLCONV
 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
-                                    gss_ctx_id_t *context_handle,
-                                    OM_uint32 version,
-                                    void **kctx);
+                                     gss_ctx_id_t *context_handle,
+                                     OM_uint32 version,
+                                     void **kctx);
 
 
 extern k5_mutex_t kg_kdc_flag_mutex;
@@ -701,8 +702,8 @@ krb5_gss_save_error_message(OM_uint32 minor_code, const char *format, ...)
     __attribute__((__format__(__printf__, 2, 3)))
 #endif
     ;
-extern void
-krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx);
+    extern void
+    krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx);
 #define get_error_message krb5_gss_get_error_message
 #define save_error_string krb5_gss_save_error_string
 #define save_error_message krb5_gss_save_error_message
index 95a876371126af7578e3146a4281dbc25e09a6bc..64812a78b1a224030f2f6f3feca2e2d1623ecf09 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -40,7 +41,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 
 /*
  * The OID of the draft krb5 mechanism, assigned by IETF, is:
- *     iso(1) org(3) dod(5) internet(1) security(5)
- *     kerberosv5(2) = 1.3.5.1.5.2
+ *      iso(1) org(3) dod(5) internet(1) security(5)
+ *      kerberosv5(2) = 1.3.5.1.5.2
  * The OID of the krb5_name type is:
- *     iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
- *     krb5(2) krb5_name(1) = 1.2.840.113554.1.2.2.1
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5(2) krb5_name(1) = 1.2.840.113554.1.2.2.1
  * The OID of the krb5_principal type is:
- *     iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
- *     krb5(2) krb5_principal(2) = 1.2.840.113554.1.2.2.2
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5(2) krb5_principal(2) = 1.2.840.113554.1.2.2.2
  * The OID of the proposed standard krb5 mechanism is:
- *     iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
- *     krb5(2) = 1.2.840.113554.1.2.2
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5(2) = 1.2.840.113554.1.2.2
  * The OID of the proposed standard krb5 v2 mechanism is:
- *     iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
- *     krb5v2(3) = 1.2.840.113554.1.2.3
- *     
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5v2(3) = 1.2.840.113554.1.2.3
+ *
  */
 
 /*
  */
 
 const gss_OID_desc krb5_gss_oid_array[] = {
-   /* this is the official, rfc-specified OID */
-   {GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID},
-   /* this pre-RFC mech OID */
-   {GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID},
-   /* this is the unofficial, incorrect mech OID emitted by MS */
-   {GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID},
-   /* this is the v2 assigned OID */
-   {9, "\052\206\110\206\367\022\001\002\003"},
-   /* these two are name type OID's */
+    /* this is the official, rfc-specified OID */
+    {GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID},
+    /* this pre-RFC mech OID */
+    {GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID},
+    /* this is the unofficial, incorrect mech OID emitted by MS */
+    {GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID},
+    /* this is the v2 assigned OID */
+    {9, "\052\206\110\206\367\022\001\002\003"},
+    /* these two are name type OID's */
 
     /* 2.1.1. Kerberos Principal Name Form:  (rfc 1964)
      * This name form shall be represented by the Object Identifier {iso(1)
      * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
      * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
      * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-   {10, "\052\206\110\206\367\022\001\002\002\001"},
+    {10, "\052\206\110\206\367\022\001\002\002\001"},
 
-   /* gss_nt_krb5_principal.  Object identifier for a krb5_principal. Do not use. */
-   {10, "\052\206\110\206\367\022\001\002\002\002"},
-   { 0, 0 }
+    /* gss_nt_krb5_principal.  Object identifier for a krb5_principal. Do not use. */
+    {10, "\052\206\110\206\367\022\001\002\002\002"},
+    { 0, 0 }
 };
 
 const gss_OID_desc * const gss_mech_krb5              = krb5_gss_oid_array+0;
@@ -116,11 +117,11 @@ const gss_OID_desc * const gss_nt_krb5_principal      = krb5_gss_oid_array+5;
 const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME = krb5_gss_oid_array+4;
 
 static const gss_OID_set_desc oidsets[] = {
-   {1, (gss_OID) krb5_gss_oid_array+0},
-   {1, (gss_OID) krb5_gss_oid_array+1},
-   {3, (gss_OID) krb5_gss_oid_array+0},
-   {1, (gss_OID) krb5_gss_oid_array+2},
-   {3, (gss_OID) krb5_gss_oid_array+0},
+    {1, (gss_OID) krb5_gss_oid_array+0},
+    {1, (gss_OID) krb5_gss_oid_array+1},
+    {3, (gss_OID) krb5_gss_oid_array+0},
+    {1, (gss_OID) krb5_gss_oid_array+2},
+    {3, (gss_OID) krb5_gss_oid_array+0},
 };
 
 const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0;
@@ -137,54 +138,54 @@ g_set kg_vdb = G_SET_INIT;
  */
 OM_uint32
 kg_get_defcred(minor_status, cred)
-     OM_uint32 *minor_status;
-     gss_cred_id_t *cred;
+    OM_uint32 *minor_status;
+    gss_cred_id_t *cred;
 {
     OM_uint32 major;
-    
-    if ((major = krb5_gss_acquire_cred(minor_status, 
-                                     (gss_name_t) NULL, GSS_C_INDEFINITE, 
-                                     GSS_C_NULL_OID_SET, GSS_C_INITIATE, 
-                                     cred, NULL, NULL)) && GSS_ERROR(major)) {
-      return(major);
-   }
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
+
+    if ((major = krb5_gss_acquire_cred(minor_status,
+                                       (gss_name_t) NULL, GSS_C_INDEFINITE,
+                                       GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+                                       cred, NULL, NULL)) && GSS_ERROR(major)) {
+        return(major);
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
 }
 
 OM_uint32
 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status)
 {
     OM_uint32 err = 0;
-    
-    /* 
+
+    /*
      * Sync up the context ccache name with the GSSAPI ccache name.
-     * If kg_ccache_name is NULL -- normal unless someone has called 
-     * gss_krb5_ccache_name() -- then the system default ccache will 
+     * If kg_ccache_name is NULL -- normal unless someone has called
+     * gss_krb5_ccache_name() -- then the system default ccache will
      * be picked up and used by resetting the context default ccache.
      * This is needed for platforms which support multiple ccaches.
      */
-    
+
     if (!err) {
         /* if NULL, resets the context default ccache */
         err = krb5_cc_set_default_name(context,
-                                      (char *) k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME));
+                                       (char *) k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME));
     }
-    
+
     *minor_status = err;
     return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
 }
 
 /* This function returns whether or not the caller set a cccache name.  Used by
- * gss_acquire_cred to figure out if the caller wants to only look at this 
+ * gss_acquire_cred to figure out if the caller wants to only look at this
  * ccache or search the cache collection for the desired name */
 OM_uint32
-kg_caller_provided_ccache_name (OM_uint32 *minor_status, 
-int *out_caller_provided_name)
+kg_caller_provided_ccache_name (OM_uint32 *minor_status,
+                                int *out_caller_provided_name)
 {
     if (out_caller_provided_name) {
-        *out_caller_provided_name = 
-         (k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME) != NULL);
+        *out_caller_provided_name =
+            (k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME) != NULL);
     }
 
     *minor_status = 0;
@@ -199,31 +200,31 @@ kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name)
     char *kg_ccache_name;
 
     kg_ccache_name = k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME);
-    
+
     if (kg_ccache_name != NULL) {
-       name = strdup(kg_ccache_name);
-       if (name == NULL)
-           err = ENOMEM;
+        name = strdup(kg_ccache_name);
+        if (name == NULL)
+            err = ENOMEM;
     } else {
-       krb5_context context = NULL;
-
-       /* Reset the context default ccache (see text above), and then
-          retrieve it.  */
-       err = krb5_gss_init_context(&context);
-       if (!err)
-           err = krb5_cc_set_default_name (context, NULL);
-       if (!err) {
-           name = krb5_cc_default_name(context);
-           if (name) {
-               name = strdup(name);
-               if (name == NULL)
-                   err = ENOMEM;
-           }
-       }
-       if (err && context)
-           save_error_info(err, context);
-       if (context)
-           krb5_free_context(context);
+        krb5_context context = NULL;
+
+        /* Reset the context default ccache (see text above), and then
+           retrieve it.  */
+        err = krb5_gss_init_context(&context);
+        if (!err)
+            err = krb5_cc_set_default_name (context, NULL);
+        if (!err) {
+            name = krb5_cc_default_name(context);
+            if (name) {
+                name = strdup(name);
+                if (name == NULL)
+                    err = ENOMEM;
+            }
+        }
+        if (err && context)
+            save_error_info(err, context);
+        if (context)
+            krb5_free_context(context);
     }
 
     if (!err) {
@@ -231,7 +232,7 @@ kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name)
             *out_name = name;
         }
     }
-    
+
     *minor_status = err;
     return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
 }
@@ -245,12 +246,12 @@ kg_set_ccache_name (OM_uint32 *minor_status, const char *name)
     krb5_error_code kerr;
 
     if (name) {
-       new_name = malloc(strlen(name) + 1);
-       if (new_name == NULL) {
-           *minor_status = ENOMEM;
-           return GSS_S_FAILURE;
-       }
-       strcpy(new_name, name);
+        new_name = malloc(strlen(name) + 1);
+        if (new_name == NULL) {
+            *minor_status = ENOMEM;
+            return GSS_S_FAILURE;
+        }
+        strcpy(new_name, name);
     }
 
     kg_ccache_name = k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME);
@@ -259,11 +260,11 @@ kg_set_ccache_name (OM_uint32 *minor_status, const char *name)
     new_name = swap;
     kerr = k5_setspecific(K5_KEY_GSS_KRB5_CCACHE_NAME, kg_ccache_name);
     if (kerr != 0) {
-       /* Can't store, so free up the storage.  */
-       free(kg_ccache_name);
-       /* ??? free(new_name); */
-       *minor_status = kerr;
-       return GSS_S_FAILURE;
+        /* Can't store, so free up the storage.  */
+        free(kg_ccache_name);
+        /* ??? free(new_name); */
+        *minor_status = kerr;
+        return GSS_S_FAILURE;
     }
 
     free (new_name);
index b9660e5b3543a19cf8d129aab9e9bbcfb81b6263..67791a5802c2615a82a3eaeea5107c7a4ea61aad 100644 (file)
@@ -1,6 +1,7 @@
-/* -*- c -*-
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -50,7 +51,7 @@ GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME;
  * "GSS_C_NT_HOSTBASED_SERVICE". */
 
 /* 2.2.1. User Name Form */
-#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME    
+#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME
 /* This name form shall be represented by the Object Identifier {iso(1)
  * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
  * generic(1) user_name(1)}.  The recommended symbolic name for this
@@ -68,7 +69,7 @@ GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME;
 /* This name form shall be represented by the Object Identifier {iso(1)
  * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
  * generic(1) string_uid_name(3)}.  The recommended symbolic name for
- * this type is "GSS_KRB5_NT_STRING_UID_NAME". */ 
+ * this type is "GSS_KRB5_NT_STRING_UID_NAME". */
 
 GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5;
 GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5_old;
@@ -82,12 +83,12 @@ GSS_DLLIMP extern const gss_OID_desc * const gss_nt_krb5_principal;
 
 GSS_DLLIMP extern const gss_OID_desc krb5_gss_oid_array[];
 
-#define gss_krb5_nt_general_name       gss_nt_krb5_name
-#define gss_krb5_nt_principal          gss_nt_krb5_principal
-#define gss_krb5_nt_service_name       gss_nt_service_name
-#define gss_krb5_nt_user_name          gss_nt_user_name
-#define gss_krb5_nt_machine_uid_name   gss_nt_machine_uid_name
-#define gss_krb5_nt_string_uid_name    gss_nt_string_uid_name
+#define gss_krb5_nt_general_name        gss_nt_krb5_name
+#define gss_krb5_nt_principal           gss_nt_krb5_principal
+#define gss_krb5_nt_service_name        gss_nt_service_name
+#define gss_krb5_nt_user_name           gss_nt_user_name
+#define gss_krb5_nt_machine_uid_name    gss_nt_machine_uid_name
+#define gss_krb5_nt_string_uid_name     gss_nt_string_uid_name
 
 
 #if defined(_WIN32)
@@ -99,48 +100,48 @@ typedef  uint64_t gss_uint64;
 
 
 typedef struct gss_krb5_lucid_key {
-       OM_uint32       type;           /* key encryption type */
-       OM_uint32       length;         /* length of key data */
-       void *          data;           /* actual key data */
+    OM_uint32       type;           /* key encryption type */
+    OM_uint32       length;         /* length of key data */
+    void *          data;           /* actual key data */
 } gss_krb5_lucid_key_t;
 
 typedef struct gss_krb5_rfc1964_keydata {
-       OM_uint32       sign_alg;       /* signing algorthm */
-       OM_uint32       seal_alg;       /* seal/encrypt algorthm */
-       gss_krb5_lucid_key_t    ctx_key;
-                                       /* Context key
-                                          (Kerberos session key or subkey) */
+    OM_uint32       sign_alg;       /* signing algorthm */
+    OM_uint32       seal_alg;       /* seal/encrypt algorthm */
+    gss_krb5_lucid_key_t    ctx_key;
+    /* Context key
+       (Kerberos session key or subkey) */
 } gss_krb5_rfc1964_keydata_t;
 
 typedef struct gss_krb5_cfx_keydata {
-       OM_uint32               have_acceptor_subkey;
-                                       /* 1 if there is an acceptor_subkey
-                                          present, 0 otherwise */
-       gss_krb5_lucid_key_t    ctx_key;
-                                       /* Context key
-                                          (Kerberos session key or subkey) */
-       gss_krb5_lucid_key_t    acceptor_subkey;
-                                       /* acceptor-asserted subkey or
-                                          0's if no acceptor subkey */
+    OM_uint32               have_acceptor_subkey;
+    /* 1 if there is an acceptor_subkey
+       present, 0 otherwise */
+    gss_krb5_lucid_key_t    ctx_key;
+    /* Context key
+       (Kerberos session key or subkey) */
+    gss_krb5_lucid_key_t    acceptor_subkey;
+    /* acceptor-asserted subkey or
+       0's if no acceptor subkey */
 } gss_krb5_cfx_keydata_t;
 
 typedef struct gss_krb5_lucid_context_v1 {
-       OM_uint32       version;        /* Structure version number (1)
-                                          MUST be at beginning of struct! */
-       OM_uint32       initiate;       /* Are we the initiator? */
-       OM_uint32       endtime;        /* expiration time of context */
-       gss_uint64      send_seq;       /* sender sequence number */
-       gss_uint64      recv_seq;       /* receive sequence number */
-       OM_uint32       protocol;       /* 0: rfc1964,
-                                          1: draft-ietf-krb-wg-gssapi-cfx-07 */
-       /*
-        * if (protocol == 0) rfc1964_kd should be used
-        * and cfx_kd contents are invalid and should be zero
-        * if (protocol == 1) cfx_kd should be used
-        * and rfc1964_kd contents are invalid and should be zero
-        */
-       gss_krb5_rfc1964_keydata_t rfc1964_kd;
-       gss_krb5_cfx_keydata_t     cfx_kd;
+    OM_uint32       version;        /* Structure version number (1)
+                                       MUST be at beginning of struct! */
+    OM_uint32       initiate;       /* Are we the initiator? */
+    OM_uint32       endtime;        /* expiration time of context */
+    gss_uint64      send_seq;       /* sender sequence number */
+    gss_uint64      recv_seq;       /* receive sequence number */
+    OM_uint32       protocol;       /* 0: rfc1964,
+                                       1: draft-ietf-krb-wg-gssapi-cfx-07 */
+    /*
+     * if (protocol == 0) rfc1964_kd should be used
+     * and cfx_kd contents are invalid and should be zero
+     * if (protocol == 1) cfx_kd should be used
+     * and rfc1964_kd contents are invalid and should be zero
+     */
+    gss_krb5_rfc1964_keydata_t rfc1964_kd;
+    gss_krb5_cfx_keydata_t     cfx_kd;
 } gss_krb5_lucid_context_v1_t;
 
 /*
@@ -148,7 +149,7 @@ typedef struct gss_krb5_lucid_context_v1 {
  * See example below for usage.
  */
 typedef struct gss_krb5_lucid_context_version {
-       OM_uint32       version;        /* Structure version number */
+    OM_uint32       version;        /* Structure version number */
 } gss_krb5_lucid_context_version_t;
 
 
@@ -159,19 +160,19 @@ typedef struct gss_krb5_lucid_context_version {
 
 OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *);
 
-OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags 
-       (OM_uint32 *minor_status,
-                  gss_ctx_id_t context_handle,
-                  krb5_flags *ticket_flags);
+OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t context_handle,
+    krb5_flags *ticket_flags);
 
-OM_uint32 KRB5_CALLCONV gss_krb5_copy_ccache
-       (OM_uint32 *minor_status,
-                  gss_cred_id_t cred_handle,
-                  krb5_ccache out_ccache);
+OM_uint32 KRB5_CALLCONV gss_krb5_copy_ccache(
+    OM_uint32 *minor_status,
+    gss_cred_id_t cred_handle,
+    krb5_ccache out_ccache);
 
-OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name
-       (OM_uint32 *minor_status, const char *name,
-                  const char **out_name);
+OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name(
+    OM_uint32 *minor_status, const char *name,
+    const char **out_name);
 
 /*
  * gss_krb5_set_allowable_enctypes
@@ -197,14 +198,14 @@ OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name
  *
  */
 OM_uint32 KRB5_CALLCONV
-gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, 
-                               gss_cred_id_t cred,
-                               OM_uint32 num_ktypes,
-                               krb5_enctype *ktypes);
+gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
+                                gss_cred_id_t cred,
+                                OM_uint32 num_ktypes,
+                                krb5_enctype *ktypes);
 
 /*
  * Returns a non-opaque (lucid) version of the internal context
- * information.  
+ * information.
  *
  * Note that context_handle must not be used again by the caller
  * after this call.  The GSS implementation is free to release any
@@ -212,7 +213,7 @@ gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
  * GSS implementation whether it returns pointers to existing data,
  * or copies of the data.  The caller should treat the returned
  * lucid context as read-only.
- * 
+ *
  * The caller must call gss_krb5_free_lucid_context() to free
  * the context and allocated resources when it is finished with it.
  *
@@ -228,33 +229,33 @@ gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
  * (XXX Need error definition(s))
  *
  * For example:
- *     void *return_ctx;
- *     gss_krb5_lucid_context_v1_t *ctx;
- *     OM_uint32 min_stat, maj_stat;
- *     OM_uint32 vers;
- *     gss_ctx_id_t *ctx_handle;
+ *      void *return_ctx;
+ *      gss_krb5_lucid_context_v1_t *ctx;
+ *      OM_uint32 min_stat, maj_stat;
+ *      OM_uint32 vers;
+ *      gss_ctx_id_t *ctx_handle;
  *
- *     maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
- *                     ctx_handle, 1, &return_ctx);
- *     // Verify success 
+ *      maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
+ *                      ctx_handle, 1, &return_ctx);
+ *      // Verify success
  *
- *     vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version;
- *     switch (vers) {
- *     case 1:
- *             ctx = (gss_krb5_lucid_context_v1_t *) return_ctx;
- *             break;
- *     default:
- *             // Error, unknown version returned
- *             break;
- *     }
+ *      vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version;
+ *      switch (vers) {
+ *      case 1:
+ *              ctx = (gss_krb5_lucid_context_v1_t *) return_ctx;
+ *              break;
+ *      default:
+ *              // Error, unknown version returned
+ *              break;
+ *      }
  *
  */
 
 OM_uint32 KRB5_CALLCONV
 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
-                                 gss_ctx_id_t *context_handle,
-                                 OM_uint32 version,
-                                 void **kctx);
+                                  gss_ctx_id_t *context_handle,
+                                  OM_uint32 version,
+                                  void **kctx);
 
 /*
  * Frees the allocated storage associated with an
@@ -262,7 +263,7 @@ gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
  */
 OM_uint32 KRB5_CALLCONV
 gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
-                               void *kctx);
+                                void *kctx);
 
 
 #ifdef __cplusplus
index 58bc19f91879eb0bbc261c5a1b8420303e64a77e..6879c766faa000e13ea4739eff7ae3531ec014f5 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * errors:
- * GSS_S_BAD_NAMETYPE  if the type is bogus
- * GSS_S_BAD_NAME      if the type is good but the name is bogus
- * GSS_S_FAILURE       if memory allocation fails
+ * GSS_S_BAD_NAMETYPE   if the type is bogus
+ * GSS_S_BAD_NAME       if the type is good but the name is bogus
+ * GSS_S_FAILURE        if memory allocation fails
  */
 
 OM_uint32
-krb5_gss_import_name(minor_status, input_name_buffer, 
-                    input_name_type, output_name)
-     OM_uint32 *minor_status;
-     gss_buffer_t input_name_buffer;
-     gss_OID input_name_type;
-     gss_name_t *output_name;
+krb5_gss_import_name(minor_status, input_name_buffer,
+                     input_name_type, output_name)
+    OM_uint32 *minor_status;
+    gss_buffer_t input_name_buffer;
+    gss_OID input_name_type;
+    gss_name_t *output_name;
 {
-   krb5_context context;
-   krb5_principal princ;
-   krb5_error_code code;
-   char *stringrep, *tmp, *tmp2, *cp;
-   OM_uint32   length;
+    krb5_context context;
+    krb5_principal princ;
+    krb5_error_code code;
+    char *stringrep, *tmp, *tmp2, *cp;
+    OM_uint32    length;
 #ifndef NO_PASSWORD
-   struct passwd *pw;
+    struct passwd *pw;
 #endif
 
-   code = krb5_gss_init_context(&context);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
-
-   /* set up default returns */
-
-   *output_name = NULL;
-   *minor_status = 0;
-
-   /* Go find the appropriate string rep to pass into parse_name */
-
-   if ((input_name_type != GSS_C_NULL_OID) &&
-       (g_OID_equal(input_name_type, gss_nt_service_name) ||
-       g_OID_equal(input_name_type, gss_nt_service_name_v2))) {
-      char *service, *host;
-
-      if ((tmp =
-          (char *) xmalloc(input_name_buffer->length + 1)) == NULL) {
-        *minor_status = ENOMEM;
-        krb5_free_context(context);
-        return(GSS_S_FAILURE);
-      }
-
-      memcpy(tmp, input_name_buffer->value, input_name_buffer->length);
-      tmp[input_name_buffer->length] = 0;
-
-      service = tmp;
-      if ((host = strchr(tmp, '@'))) {
-        *host = '\0';
-        host++;
-      }
-
-      code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST,
-                                    &princ);
-
-      xfree(tmp);
-   } else if ((input_name_type != GSS_C_NULL_OID) &&
-             (g_OID_equal(input_name_type, gss_nt_krb5_principal))) {
-      krb5_principal input;
-
-      if (input_name_buffer->length != sizeof(krb5_principal)) {
-        *minor_status = (OM_uint32) G_WRONG_SIZE;
-        krb5_free_context(context);
-        return(GSS_S_BAD_NAME);
-      }
-
-      input = *((krb5_principal *) input_name_buffer->value);
-
-      if ((code = krb5_copy_principal(context, input, &princ))) {
-        *minor_status = code;
-        save_error_info(*minor_status, context);
-        krb5_free_context(context);
-        return(GSS_S_FAILURE);
-      }
-   } else {
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    /* set up default returns */
+
+    *output_name = NULL;
+    *minor_status = 0;
+
+    /* Go find the appropriate string rep to pass into parse_name */
+
+    if ((input_name_type != GSS_C_NULL_OID) &&
+        (g_OID_equal(input_name_type, gss_nt_service_name) ||
+         g_OID_equal(input_name_type, gss_nt_service_name_v2))) {
+        char *service, *host;
+
+        if ((tmp =
+             (char *) xmalloc(input_name_buffer->length + 1)) == NULL) {
+            *minor_status = ENOMEM;
+            krb5_free_context(context);
+            return(GSS_S_FAILURE);
+        }
+
+        memcpy(tmp, input_name_buffer->value, input_name_buffer->length);
+        tmp[input_name_buffer->length] = 0;
+
+        service = tmp;
+        if ((host = strchr(tmp, '@'))) {
+            *host = '\0';
+            host++;
+        }
+
+        code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST,
+                                       &princ);
+
+        xfree(tmp);
+    } else if ((input_name_type != GSS_C_NULL_OID) &&
+               (g_OID_equal(input_name_type, gss_nt_krb5_principal))) {
+        krb5_principal input;
+
+        if (input_name_buffer->length != sizeof(krb5_principal)) {
+            *minor_status = (OM_uint32) G_WRONG_SIZE;
+            krb5_free_context(context);
+            return(GSS_S_BAD_NAME);
+        }
+
+        input = *((krb5_principal *) input_name_buffer->value);
+
+        if ((code = krb5_copy_principal(context, input, &princ))) {
+            *minor_status = code;
+            save_error_info(*minor_status, context);
+            krb5_free_context(context);
+            return(GSS_S_FAILURE);
+        }
+    } else {
 #ifndef NO_PASSWORD
-      uid_t uid;
-      struct passwd pwx;
-      char pwbuf[BUFSIZ];
+        uid_t uid;
+        struct passwd pwx;
+        char pwbuf[BUFSIZ];
 #endif
 
-      stringrep = NULL;
+        stringrep = NULL;
 
-      if ((tmp =
-          (char *) xmalloc(input_name_buffer->length + 1)) == NULL) {
-        *minor_status = ENOMEM;
-        krb5_free_context(context);
-        return(GSS_S_FAILURE);
-      }
-      tmp2 = 0;
+        if ((tmp =
+             (char *) xmalloc(input_name_buffer->length + 1)) == NULL) {
+            *minor_status = ENOMEM;
+            krb5_free_context(context);
+            return(GSS_S_FAILURE);
+        }
+        tmp2 = 0;
 
-      memcpy(tmp, input_name_buffer->value, input_name_buffer->length);
-      tmp[input_name_buffer->length] = 0;
+        memcpy(tmp, input_name_buffer->value, input_name_buffer->length);
+        tmp[input_name_buffer->length] = 0;
 
-      if ((input_name_type == GSS_C_NULL_OID) ||
-         g_OID_equal(input_name_type, gss_nt_krb5_name) ||
-         g_OID_equal(input_name_type, gss_nt_user_name)) {
-        stringrep = (char *) tmp;
+        if ((input_name_type == GSS_C_NULL_OID) ||
+            g_OID_equal(input_name_type, gss_nt_krb5_name) ||
+            g_OID_equal(input_name_type, gss_nt_user_name)) {
+            stringrep = (char *) tmp;
 #ifndef NO_PASSWORD
-      } else if (g_OID_equal(input_name_type, gss_nt_machine_uid_name)) {
-        uid = *(uid_t *) input_name_buffer->value;
-      do_getpwuid:
-        if (k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw) == 0)
-            stringrep = pw->pw_name;
-        else
-           *minor_status = (OM_uint32) G_NOUSER;
-      } else if (g_OID_equal(input_name_type, gss_nt_string_uid_name)) {
-        uid = atoi(tmp);
-        goto do_getpwuid;
+        } else if (g_OID_equal(input_name_type, gss_nt_machine_uid_name)) {
+            uid = *(uid_t *) input_name_buffer->value;
+        do_getpwuid:
+            if (k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw) == 0)
+                stringrep = pw->pw_name;
+            else
+                *minor_status = (OM_uint32) G_NOUSER;
+        } else if (g_OID_equal(input_name_type, gss_nt_string_uid_name)) {
+            uid = atoi(tmp);
+            goto do_getpwuid;
 #endif
-      } else if (g_OID_equal(input_name_type, gss_nt_exported_name)) {
-        cp = tmp;
-        if (*cp++ != 0x04)
-                goto fail_name;
-        if (*cp++ != 0x01)
-                goto fail_name;
-        if (*cp++ != 0x00)
-                goto fail_name;
-        length = *cp++;
-        if (length != gss_mech_krb5->length+2)
-                goto fail_name;
-        if (*cp++ != 0x06)
-                goto fail_name;
-        length = *cp++;
-        if (length != gss_mech_krb5->length)
-                goto fail_name;
-        if (memcmp(cp, gss_mech_krb5->elements, length) != 0)
-                goto fail_name;
-        cp += length;
-        length = *cp++;
-        length = (length << 8) | *cp++;
-        length = (length << 8) | *cp++;
-        length = (length << 8) | *cp++;
-        tmp2 = malloc(length+1);
-        if (tmp2 == NULL) {
-                xfree(tmp);
-                *minor_status = ENOMEM;
-                krb5_free_context(context);
-                return GSS_S_FAILURE;
-        }
-        strncpy(tmp2, cp, length);
-        tmp2[length] = 0;
-        
-        stringrep = tmp2;
-     } else {
-        xfree(tmp);
-        krb5_free_context(context);
-        return(GSS_S_BAD_NAMETYPE);
-      }
-
-      /* at this point, stringrep is set, or if not, *minor_status is. */
-
-      if (stringrep)
-        code = krb5_parse_name(context, (char *) stringrep, &princ);
-      else {
-      fail_name:
-        xfree(tmp);
-        if (tmp2)
-                xfree(tmp2);
-        krb5_free_context(context);
-        return(GSS_S_BAD_NAME);
-      }
-      
-      if (tmp2)
-             xfree(tmp2);
-      xfree(tmp);
-   }
-
-   /* at this point, a krb5 function has been called to set princ.  code
-      contains the return status */
-
-   if (code) {
-      *minor_status = (OM_uint32) code;
-      save_error_info(*minor_status, context);
-      krb5_free_context(context);
-      return(GSS_S_BAD_NAME);
-   }
-
-   /* save the name in the validation database */
-
-   if (! kg_save_name((gss_name_t) princ)) {
-      krb5_free_principal(context, princ);
-      krb5_free_context(context);
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_FAILURE);
-   }
-
-   krb5_free_context(context);
-
-   /* return it */
-
-   *output_name = (gss_name_t) princ;
-   return(GSS_S_COMPLETE);
+        } else if (g_OID_equal(input_name_type, gss_nt_exported_name)) {
+            cp = tmp;
+            if (*cp++ != 0x04)
+                goto fail_name;
+            if (*cp++ != 0x01)
+                goto fail_name;
+            if (*cp++ != 0x00)
+                goto fail_name;
+            length = *cp++;
+            if (length != gss_mech_krb5->length+2)
+                goto fail_name;
+            if (*cp++ != 0x06)
+                goto fail_name;
+            length = *cp++;
+            if (length != gss_mech_krb5->length)
+                goto fail_name;
+            if (memcmp(cp, gss_mech_krb5->elements, length) != 0)
+                goto fail_name;
+            cp += length;
+            length = *cp++;
+            length = (length << 8) | *cp++;
+            length = (length << 8) | *cp++;
+            length = (length << 8) | *cp++;
+            tmp2 = malloc(length+1);
+            if (tmp2 == NULL) {
+                xfree(tmp);
+                *minor_status = ENOMEM;
+                krb5_free_context(context);
+                return GSS_S_FAILURE;
+            }
+            strncpy(tmp2, cp, length);
+            tmp2[length] = 0;
+
+            stringrep = tmp2;
+        } else {
+            xfree(tmp);
+            krb5_free_context(context);
+            return(GSS_S_BAD_NAMETYPE);
+        }
+
+        /* at this point, stringrep is set, or if not, *minor_status is. */
+
+        if (stringrep)
+            code = krb5_parse_name(context, (char *) stringrep, &princ);
+        else {
+        fail_name:
+            xfree(tmp);
+            if (tmp2)
+                xfree(tmp2);
+            krb5_free_context(context);
+            return(GSS_S_BAD_NAME);
+        }
+
+        if (tmp2)
+            xfree(tmp2);
+        xfree(tmp);
+    }
+
+    /* at this point, a krb5 function has been called to set princ.  code
+       contains the return status */
+
+    if (code) {
+        *minor_status = (OM_uint32) code;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return(GSS_S_BAD_NAME);
+    }
+
+    /* save the name in the validation database */
+
+    if (! kg_save_name((gss_name_t) princ)) {
+        krb5_free_principal(context, princ);
+        krb5_free_context(context);
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_FAILURE);
+    }
+
+    krb5_free_context(context);
+
+    /* return it */
+
+    *output_name = (gss_name_t) princ;
+    return(GSS_S_COMPLETE);
 }
index b0d71c883ff958e9eec378549972fdcd1c29f6ce..fc6b6aff28f9aeb95601eb7fbd36f4b4dce10699 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/import_sec_context.c
  *
@@ -26,7 +27,7 @@
  */
 
 /*
- * import_sec_context.c        - Internalize the security context.
+ * import_sec_context.c - Internalize the security context.
  */
 #include "gssapiP_krb5.h"
 /* for serialization initialization functions */
  * the OID if possible.
  */
 gss_OID krb5_gss_convert_static_mech_oid(oid)
-     gss_OID   oid;
+    gss_OID    oid;
 {
-       const gss_OID_desc      *p;
-       OM_uint32               minor_status;
-       
-       for (p = krb5_gss_oid_array; p->length; p++) {
-               if ((oid->length == p->length) &&
-                   (memcmp(oid->elements, p->elements, p->length) == 0)) {
-                       gss_release_oid(&minor_status, &oid);
-                       return (gss_OID) p;
-               }
-       }
-       return oid;
+    const gss_OID_desc      *p;
+    OM_uint32               minor_status;
+
+    for (p = krb5_gss_oid_array; p->length; p++) {
+        if ((oid->length == p->length) &&
+            (memcmp(oid->elements, p->elements, p->length) == 0)) {
+            gss_release_oid(&minor_status, &oid);
+            return (gss_OID) p;
+        }
+    }
+    return oid;
 }
 
 krb5_error_code
@@ -57,28 +58,28 @@ krb5_gss_ser_init (krb5_context context)
 {
     krb5_error_code code;
     static krb5_error_code (KRB5_CALLCONV *const fns[])(krb5_context) = {
-       krb5_ser_context_init, krb5_ser_auth_context_init,
-       krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init,
+        krb5_ser_context_init, krb5_ser_auth_context_init,
+        krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init,
     };
     unsigned int i;
 
     for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++)
-       if ((code = (fns[i])(context)) != 0)
-           return code;
+        if ((code = (fns[i])(context)) != 0)
+            return code;
     return 0;
 }
 
 OM_uint32
 krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
-    OM_uint32          *minor_status;
-    gss_buffer_t       interprocess_token;
-    gss_ctx_id_t       *context_handle;
+    OM_uint32           *minor_status;
+    gss_buffer_t        interprocess_token;
+    gss_ctx_id_t        *context_handle;
 {
-    krb5_context       context;
-    krb5_error_code    kret = 0;
-    size_t             blen;
-    krb5_gss_ctx_id_t  ctx;
-    krb5_octet         *ibp;
+    krb5_context        context;
+    krb5_error_code     kret = 0;
+    size_t              blen;
+    krb5_gss_ctx_id_t   ctx;
+    krb5_octet          *ibp;
 
     /* This is a bit screwy.  We create a krb5 context because we need
        one when calling the serialization code.  However, one of the
@@ -86,15 +87,15 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
        we can throw this one away.  */
     kret = krb5_gss_init_context(&context);
     if (kret) {
-       *minor_status = kret;
-       return GSS_S_FAILURE;
+        *minor_status = kret;
+        return GSS_S_FAILURE;
     }
     kret = krb5_gss_ser_init(context);
     if (kret) {
-       *minor_status = kret;
-       save_error_info(*minor_status, context);
-       krb5_free_context(context);
-       return GSS_S_FAILURE;
+        *minor_status = kret;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return GSS_S_FAILURE;
     }
 
     /* Assume a tragic failure */
@@ -107,20 +108,20 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
     kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp, &blen);
     krb5_free_context(context);
     if (kret) {
-       *minor_status = (OM_uint32) kret;
-       save_error_info(*minor_status, context);
-       return(GSS_S_FAILURE);
+        *minor_status = (OM_uint32) kret;
+        save_error_info(*minor_status, context);
+        return(GSS_S_FAILURE);
     }
 
     /* intern the context handle */
     if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
-       (void)krb5_gss_delete_sec_context(minor_status, 
-                                        (gss_ctx_id_t *) &ctx, NULL);
-       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-       return(GSS_S_FAILURE);
+        (void)krb5_gss_delete_sec_context(minor_status,
+                                          (gss_ctx_id_t *) &ctx, NULL);
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_FAILURE);
     }
     ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
-    
+
     *context_handle = (gss_ctx_id_t) ctx;
 
     *minor_status = 0;
index c7ee4746fd304c289af08cb7dd1ae13add15ed3c..53b8be3e0d6c4bf76ee109ebc4e09e8cb00dbc11 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 OM_uint32
 krb5_gss_indicate_mechs(minor_status, mech_set)
-     OM_uint32 *minor_status;
-     gss_OID_set *mech_set;
+    OM_uint32 *minor_status;
+    gss_OID_set *mech_set;
 {
-   *minor_status = 0;
+    *minor_status = 0;
 
-   if (gssint_copy_oid_set(minor_status, gss_mech_set_krb5_both, mech_set)) {
-         *mech_set     = GSS_C_NO_OID_SET;
-         *minor_status = ENOMEM;
-         return(GSS_S_FAILURE);
-   }
+    if (gssint_copy_oid_set(minor_status, gss_mech_set_krb5_both, mech_set)) {
+        *mech_set     = GSS_C_NO_OID_SET;
+        *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
+    }
 
-   return(GSS_S_COMPLETE);
+    return(GSS_S_COMPLETE);
 }
index 3e3f0192abdfb6e5db14d116eeb465d02bb17093..40bc0bcbd43435b86ec8fd013ee9377ad4d7f371 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000,2002, 2003, 2007 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -34,7 +35,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -64,7 +65,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -92,7 +93,7 @@ int krb5_gss_dbg_client_expcreds = 0;
  * ccache.
  */
 static krb5_error_code get_credentials(context, cred, server, now,
-                                      endtime, out_creds)
+                                       endtime, out_creds)
     krb5_context context;
     krb5_gss_cred_id_t cred;
     krb5_principal server;
@@ -100,24 +101,24 @@ static krb5_error_code get_credentials(context, cred, server, now,
     krb5_timestamp endtime;
     krb5_creds **out_creds;
 {
-    krb5_error_code    code;
-    krb5_creds                 in_creds;
+    krb5_error_code     code;
+    krb5_creds          in_creds;
 
     k5_mutex_assert_locked(&cred->lock);
     memset((char *) &in_creds, 0, sizeof(krb5_creds));
 
     if ((code = krb5_copy_principal(context, cred->princ, &in_creds.client)))
-       goto cleanup;
+        goto cleanup;
     if ((code = krb5_copy_principal(context, server, &in_creds.server)))
-       goto cleanup;
+        goto cleanup;
     in_creds.times.endtime = endtime;
 
     in_creds.keyblock.enctype = 0;
 
     code = krb5_get_credentials(context, 0, cred->ccache,
-                               &in_creds, out_creds);
+                                &in_creds, out_creds);
     if (code)
-       goto cleanup;
+        goto cleanup;
 
     /*
      * Enforce a stricter limit (without timeskew forgiveness at the
@@ -125,16 +126,16 @@ static krb5_error_code get_credentials(context, cred, server, now,
      * non-forgiving.
      */
     if (!krb5_gss_dbg_client_expcreds && *out_creds != NULL &&
-       (*out_creds)->times.endtime < now) {
-       code = KRB5KRB_AP_ERR_TKT_EXPIRED;
-       goto cleanup;
+        (*out_creds)->times.endtime < now) {
+        code = KRB5KRB_AP_ERR_TKT_EXPIRED;
+        goto cleanup;
     }
-    
+
 cleanup:
     if (in_creds.client)
-           krb5_free_principal(context, in_creds.client);
+        krb5_free_principal(context, in_creds.client);
     if (in_creds.server)
-           krb5_free_principal(context, in_creds.server);
+        krb5_free_principal(context, in_creds.server);
     return code;
 }
 struct gss_checksum_data {
@@ -149,7 +150,7 @@ struct gss_checksum_data {
 #endif
 static krb5_error_code KRB5_CALLCONV
 make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
-                  void *cksum_data, krb5_data **out)
+                   void *cksum_data, krb5_data **out)
 {
     krb5_error_code code;
     krb5_int32 con_flags;
@@ -163,48 +164,48 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
     /* build the checksum field */
 
     if (data->ctx->gss_flags & GSS_C_DELEG_FLAG) {
-       /* first get KRB_CRED message, so we know its length */
+        /* first get KRB_CRED message, so we know its length */
 
-       /* clear the time check flag that was set in krb5_auth_con_init() */
-       krb5_auth_con_getflags(context, auth_context, &con_flags);
-       krb5_auth_con_setflags(context, auth_context,
-                              con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
+        /* clear the time check flag that was set in krb5_auth_con_init() */
+        krb5_auth_con_getflags(context, auth_context, &con_flags);
+        krb5_auth_con_setflags(context, auth_context,
+                               con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
 
-       code = krb5_fwd_tgt_creds(context, auth_context, 0,
-                                 data->cred->princ, data->ctx->there,
-                                 data->cred->ccache, 1,
-                                 &credmsg);
+        code = krb5_fwd_tgt_creds(context, auth_context, 0,
+                                  data->cred->princ, data->ctx->there,
+                                  data->cred->ccache, 1,
+                                  &credmsg);
 
-       /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */
-       krb5_auth_con_setflags(context, auth_context, con_flags);
+        /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */
+        krb5_auth_con_setflags(context, auth_context, con_flags);
 
-       if (code) {
-           /* don't fail here; just don't accept/do the delegation
+        if (code) {
+            /* don't fail here; just don't accept/do the delegation
                request */
-           data->ctx->gss_flags &= ~GSS_C_DELEG_FLAG;
+            data->ctx->gss_flags &= ~GSS_C_DELEG_FLAG;
 
-           data->checksum_data.length = 24;
-       } else {
-           if (credmsg.length+28 > KRB5_INT16_MAX) {
-               krb5_free_data_contents(context, &credmsg);
-               return(KRB5KRB_ERR_FIELD_TOOLONG);
-           }
+            data->checksum_data.length = 24;
+        } else {
+            if (credmsg.length+28 > KRB5_INT16_MAX) {
+                krb5_free_data_contents(context, &credmsg);
+                return(KRB5KRB_ERR_FIELD_TOOLONG);
+            }
 
-           data->checksum_data.length = 28+credmsg.length;
-       }
+            data->checksum_data.length = 28+credmsg.length;
+        }
     } else {
-       data->checksum_data.length = 24;
+        data->checksum_data.length = 24;
     }
 #ifdef CFX_EXERCISE
     if (data->ctx->auth_context->keyblock != NULL
-       && data->ctx->auth_context->keyblock->enctype == 18) {
-       srand(time(0) ^ getpid());
-       /* Our ftp client code stupidly assumes a base64-encoded
-          version of the token will fit in 10K, so don't make this
-          too big.  */
-       junk = rand() & 0xff;
+        && data->ctx->auth_context->keyblock->enctype == 18) {
+        srand(time(0) ^ getpid());
+        /* Our ftp client code stupidly assumes a base64-encoded
+           version of the token will fit in 10K, so don't make this
+           too big.  */
+        junk = rand() & 0xff;
     } else
-       junk = 0;
+        junk = 0;
 #else
     junk = 0;
 #endif
@@ -215,10 +216,10 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
        (maybe) KRB_CRED msg */
 
     if ((data->checksum_data.data =
-        (char *) xmalloc(data->checksum_data.length)) == NULL) {
-       if (credmsg.data)
-           krb5_free_data_contents(context, &credmsg);
-       return(ENOMEM);
+         (char *) xmalloc(data->checksum_data.length)) == NULL) {
+        if (credmsg.data)
+            krb5_free_data_contents(context, &credmsg);
+        return(ENOMEM);
     }
 
     ptr = data->checksum_data.data;
@@ -231,19 +232,19 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
     xfree(data->md5.contents);
 
     if (credmsg.data) {
-       TWRITE_INT16(ptr, KRB5_GSS_FOR_CREDS_OPTION, 0);
-       TWRITE_INT16(ptr, credmsg.length, 0);
-       TWRITE_STR(ptr, (unsigned char *) credmsg.data, credmsg.length);
+        TWRITE_INT16(ptr, KRB5_GSS_FOR_CREDS_OPTION, 0);
+        TWRITE_INT16(ptr, credmsg.length, 0);
+        TWRITE_STR(ptr, (unsigned char *) credmsg.data, credmsg.length);
 
-       /* free credmsg data */
-       krb5_free_data_contents(context, &credmsg);
+        /* free credmsg data */
+        krb5_free_data_contents(context, &credmsg);
     }
     if (junk)
-       memset(ptr, 'i', junk);
+        memset(ptr, 'i', junk);
     *out = &data->checksum_data;
     return 0;
 }
-    
+
 static krb5_error_code
 make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token)
     krb5_context context;
@@ -273,7 +274,7 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token)
         return(code);
 
     krb5_auth_con_set_req_cksumtype(context, ctx->auth_context,
-                                   CKSUMTYPE_KG_CB);
+                                    CKSUMTYPE_KG_CB);
     cksum_struct.md5 = md5;
     cksum_struct.ctx = ctx;
     cksum_struct.cred = cred;
@@ -283,15 +284,15 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token)
     case ENCTYPE_DES_CBC_MD4:
     case ENCTYPE_DES_CBC_MD5:
     case ENCTYPE_DES3_CBC_SHA1:
-      code = make_gss_checksum(context, ctx->auth_context, &cksum_struct,
-                                &checksum_data);
-           if (code)
-               goto cleanup;
-       break;
+        code = make_gss_checksum(context, ctx->auth_context, &cksum_struct,
+                                 &checksum_data);
+        if (code)
+            goto cleanup;
+        break;
     default:
-       krb5_auth_con_set_checksum_func(context, ctx->auth_context,
-                                       make_gss_checksum, &cksum_struct);
-           break;
+        krb5_auth_con_set_checksum_func(context, ctx->auth_context,
+                                        make_gss_checksum, &cksum_struct);
+        break;
     }
 
 
@@ -300,51 +301,51 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token)
     mk_req_flags = AP_OPTS_USE_SUBKEY;
 
     if (ctx->gss_flags & GSS_C_MUTUAL_FLAG)
-       mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED;
+        mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED;
 
     code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags,
-                               checksum_data, k_cred, &ap_req);
+                                checksum_data, k_cred, &ap_req);
     krb5_free_data_contents(context, &cksum_struct.checksum_data);
     if (code)
-       goto cleanup;
+        goto cleanup;
+
+    /* store the interesting stuff from creds and authent */
+    ctx->endtime = k_cred->times.endtime;
+    ctx->krb_flags = k_cred->ticket_flags;
 
-   /* store the interesting stuff from creds and authent */
-   ctx->endtime = k_cred->times.endtime;
-   ctx->krb_flags = k_cred->ticket_flags;
+    /* build up the token */
 
-   /* build up the token */
+    /* allocate space for the token */
+    tlen = g_token_size((gss_OID) mech_type, ap_req.length);
 
-   /* allocate space for the token */
-   tlen = g_token_size((gss_OID) mech_type, ap_req.length);
+    if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
 
-   if ((t = (unsigned char *) xmalloc(tlen)) == NULL) {
-      code = ENOMEM;
-      goto cleanup;
-   }
+    /* fill in the buffer */
 
-   /* fill in the buffer */
+    ptr = t;
 
-   ptr = t;
+    g_make_token_header(mech_type, ap_req.length,
+                        &ptr, KG_TOK_CTX_AP_REQ);
 
-   g_make_token_header(mech_type, ap_req.length,
-                      &ptr, KG_TOK_CTX_AP_REQ);
+    TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length);
 
-   TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length);
+    /* pass it back */
 
-   /* pass it back */
+    token->length = tlen;
+    token->value = (void *) t;
 
-   token->length = tlen;
-   token->value = (void *) t;
+    code = 0;
 
-   code = 0;
-    
- cleanup:
-   if (checksum_data && checksum_data->data)
-       krb5_free_data_contents(context, checksum_data);
-   if (ap_req.data)
-       krb5_free_data_contents(context, &ap_req);
+cleanup:
+    if (checksum_data && checksum_data->data)
+        krb5_free_data_contents(context, checksum_data);
+    if (ap_req.data)
+        krb5_free_data_contents(context, &ap_req);
 
-   return (code);
+    return (code);
 }
 
 /*
@@ -354,87 +355,87 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token)
  */
 static OM_uint32
 setup_enc(
-   OM_uint32 *minor_status,
-   krb5_gss_ctx_id_rec *ctx,
-   krb5_context context)
+    OM_uint32 *minor_status,
+    krb5_gss_ctx_id_rec *ctx,
+    krb5_context context)
 {
-   krb5_error_code code;
-   unsigned int i;
-   krb5int_access kaccess;
-
-   code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
-   if (code)
-       goto fail;
-
-   ctx->have_acceptor_subkey = 0;
-   ctx->proto = 0;
-   ctx->cksumtype = 0;
-   switch(ctx->subkey->enctype) {
-   case ENCTYPE_DES_CBC_MD5:
-   case ENCTYPE_DES_CBC_MD4:
-   case ENCTYPE_DES_CBC_CRC:
-      ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
-      ctx->signalg = SGN_ALG_DES_MAC_MD5;
-      ctx->cksum_size = 8;
-      ctx->sealalg = SEAL_ALG_DES;
-
-      /* The encryption key is the session key XOR
-        0xf0f0f0f0f0f0f0f0.  */
-      if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc)))
-        goto fail;
-
-      for (i=0; i<ctx->enc->length; i++)
-        ctx->enc->contents[i] ^= 0xf0;
-
-      goto copy_subkey_to_seq;
-
-   case ENCTYPE_DES3_CBC_SHA1:
-       /* MIT extension */
-      ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
-      ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
-      ctx->cksum_size = 20;
-      ctx->sealalg = SEAL_ALG_DES3KD;
-
-   copy_subkey:
-      code = krb5_copy_keyblock (context, ctx->subkey, &ctx->enc);
-      if (code)
-        goto fail;
-   copy_subkey_to_seq:
-      code = krb5_copy_keyblock (context, ctx->subkey, &ctx->seq);
-      if (code) {
-        krb5_free_keyblock (context, ctx->enc);
-        goto fail;
-      }
-      break;
-
-   case ENCTYPE_ARCFOUR_HMAC:
-       /* Microsoft extension */
-      ctx->signalg = SGN_ALG_HMAC_MD5 ;
-      ctx->cksum_size = 8;
-      ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ;
-
-      goto copy_subkey;
-
-   default:
-       /* Fill some fields we shouldn't be using on this path
-         with garbage.  */
-       ctx->signalg = -10;
-       ctx->sealalg = -10;
-
-       ctx->proto = 1;
-       code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype,
-                                           &ctx->cksumtype);
-       if (code)
-          goto fail;
-       code = krb5_c_checksum_length(context, ctx->cksumtype,
-                                    &ctx->cksum_size);
-       if (code)
-          goto fail;
-       goto copy_subkey;
-   }
+    krb5_error_code code;
+    unsigned int i;
+    krb5int_access kaccess;
+
+    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (code)
+        goto fail;
+
+    ctx->have_acceptor_subkey = 0;
+    ctx->proto = 0;
+    ctx->cksumtype = 0;
+    switch(ctx->subkey->enctype) {
+    case ENCTYPE_DES_CBC_MD5:
+    case ENCTYPE_DES_CBC_MD4:
+    case ENCTYPE_DES_CBC_CRC:
+        ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW;
+        ctx->signalg = SGN_ALG_DES_MAC_MD5;
+        ctx->cksum_size = 8;
+        ctx->sealalg = SEAL_ALG_DES;
+
+        /* The encryption key is the session key XOR
+           0xf0f0f0f0f0f0f0f0.  */
+        if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc)))
+            goto fail;
+
+        for (i=0; i<ctx->enc->length; i++)
+            ctx->enc->contents[i] ^= 0xf0;
+
+        goto copy_subkey_to_seq;
+
+    case ENCTYPE_DES3_CBC_SHA1:
+        /* MIT extension */
+        ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW;
+        ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
+        ctx->cksum_size = 20;
+        ctx->sealalg = SEAL_ALG_DES3KD;
+
+    copy_subkey:
+        code = krb5_copy_keyblock (context, ctx->subkey, &ctx->enc);
+        if (code)
+            goto fail;
+    copy_subkey_to_seq:
+        code = krb5_copy_keyblock (context, ctx->subkey, &ctx->seq);
+        if (code) {
+            krb5_free_keyblock (context, ctx->enc);
+            goto fail;
+        }
+        break;
+
+    case ENCTYPE_ARCFOUR_HMAC:
+        /* Microsoft extension */
+        ctx->signalg = SGN_ALG_HMAC_MD5 ;
+        ctx->cksum_size = 8;
+        ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ;
+
+        goto copy_subkey;
+
+    default:
+        /* Fill some fields we shouldn't be using on this path
+           with garbage.  */
+        ctx->signalg = -10;
+        ctx->sealalg = -10;
+
+        ctx->proto = 1;
+        code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype,
+                                                        &ctx->cksumtype);
+        if (code)
+            goto fail;
+        code = krb5_c_checksum_length(context, ctx->cksumtype,
+                                      &ctx->cksum_size);
+        if (code)
+            goto fail;
+        goto copy_subkey;
+    }
 fail:
-   *minor_status = code;
-   return GSS_S_FAILURE;
+    *minor_status = code;
+    return GSS_S_FAILURE;
 }
 
 /*
@@ -444,204 +445,204 @@ fail:
  */
 static OM_uint32
 new_connection(
-   OM_uint32 *minor_status,
-   krb5_gss_cred_id_t cred,
-   gss_ctx_id_t *context_handle,
-   gss_name_t target_name,
-   gss_OID mech_type,
-   OM_uint32 req_flags,
-   OM_uint32 time_req,
-   gss_channel_bindings_t input_chan_bindings,
-   gss_buffer_t input_token,
-   gss_OID *actual_mech_type,
-   gss_buffer_t output_token,
-   OM_uint32 *ret_flags,
-   OM_uint32 *time_rec,
-   krb5_context context,
-   int default_mech)
+    OM_uint32 *minor_status,
+    krb5_gss_cred_id_t cred,
+    gss_ctx_id_t *context_handle,
+    gss_name_t target_name,
+    gss_OID mech_type,
+    OM_uint32 req_flags,
+    OM_uint32 time_req,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_OID *actual_mech_type,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags,
+    OM_uint32 *time_rec,
+    krb5_context context,
+    int default_mech)
 {
-   OM_uint32 major_status;
-   krb5_error_code code;
-   krb5_creds *k_cred;
-   krb5_gss_ctx_id_rec *ctx, *ctx_free;
-   krb5_timestamp now;
-   gss_buffer_desc token;
-
-   k5_mutex_assert_locked(&cred->lock);
-   major_status = GSS_S_FAILURE;
-   token.length = 0;
-   token.value = NULL;
-
-   /* make sure the cred is usable for init */
-
-   if ((cred->usage != GSS_C_INITIATE) &&
-       (cred->usage != GSS_C_BOTH)) {
-      *minor_status = 0;
-      return(GSS_S_NO_CRED);
-   }
-
-   /* complain if the input token is non-null */
-
-   if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
-       *minor_status = 0;
-       return(GSS_S_DEFECTIVE_TOKEN);
-   }
-
-   /* create the ctx */
-
-   if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec)))
-       == NULL) {
-      *minor_status = ENOMEM;
-      return(GSS_S_FAILURE);
-   }
-
-   /* fill in the ctx */
-   memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
-   ctx_free = ctx;
-   if ((code = krb5_auth_con_init(context, &ctx->auth_context)))
-      goto fail;
-   krb5_auth_con_setflags(context, ctx->auth_context,
-                         KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-
-   /* limit the encryption types negotiated (if requested) */
-   if (cred->req_enctypes) {
-       if ((code = krb5_set_default_tgs_enctypes(context,
-                                                 cred->req_enctypes))) {
-           goto fail;
-       }
-   }
-
-   ctx->initiate = 1;
-   ctx->gss_flags = (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
-                     GSS_C_TRANS_FLAG | 
-                     ((req_flags) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
-                                     GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)));
-   ctx->seed_init = 0;
-   ctx->big_endian = 0;  /* all initiators do little-endian, as per spec */
-   ctx->seqstate = 0;
-
-   if ((code = krb5_timeofday(context, &now)))
-      goto fail;
-
-   if (time_req == 0 || time_req == GSS_C_INDEFINITE) {
-      ctx->endtime = 0;
-   } else {
-      ctx->endtime = now + time_req;
-   }
-
-   if ((code = krb5_copy_principal(context, cred->princ, &ctx->here)))
-      goto fail;
-      
-   if ((code = krb5_copy_principal(context, (krb5_principal) target_name,
-                                  &ctx->there)))
-      goto fail;
-
-   code = get_credentials(context, cred, ctx->there, now,
-                         ctx->endtime, &k_cred);
-   if (code)
-      goto fail;
-
-   if (default_mech) {
-      mech_type = (gss_OID) gss_mech_krb5;
-   }
-
-   if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used)
-       != GSS_S_COMPLETE) {
-      code = *minor_status;
-      goto fail;
-   }
-   /*
-    * Now try to make it static if at all possible....
-    */
-   ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
-
-   {
-      /* gsskrb5 v1 */
-      krb5_ui_4 seq_temp;
-      if ((code = make_ap_req_v1(context, ctx,
-                                cred, k_cred, input_chan_bindings, 
-                                mech_type, &token))) {
-        if ((code == KRB5_FCC_NOFILE) || (code == KRB5_CC_NOTFOUND) ||
-            (code == KG_EMPTY_CCACHE))
-           major_status = GSS_S_NO_CRED;
-        if (code == KRB5KRB_AP_ERR_TKT_EXPIRED)
-           major_status = GSS_S_CREDENTIALS_EXPIRED;
-        goto fail;
-      }
-
-      krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &seq_temp);
-      ctx->seq_send = seq_temp;
-      krb5_auth_con_getsendsubkey(context, ctx->auth_context,
-                                 &ctx->subkey);
-   }
-
-   major_status = setup_enc(minor_status, ctx, context);
-
-   if (k_cred) {
-      krb5_free_creds(context, k_cred);
-      k_cred = 0;
-   }
-      
-   /* at this point, the context is constructed and valid,
-      hence, releaseable */
-
-   /* intern the context handle */
-
-   if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
-      code = G_VALIDATE_FAILED;
-      goto fail;
-   }
-   *context_handle = (gss_ctx_id_t) ctx;
-   ctx_free = 0;
-
-   /* compute time_rec */
-   if (time_rec) {
-      if ((code = krb5_timeofday(context, &now)))
-        goto fail;
-      *time_rec = ctx->endtime - now;
-   }
-
-   /* set the other returns */
-   *output_token = token;
-
-   if (ret_flags)
-      *ret_flags = ctx->gss_flags;
-
-   if (actual_mech_type)
-      *actual_mech_type = mech_type;
-
-   /* return successfully */
-
-   *minor_status = 0;
-   if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
-      ctx->established = 0;
-      return(GSS_S_CONTINUE_NEEDED);
-   } else {
-      ctx->seq_recv = ctx->seq_send;
-      g_order_init(&(ctx->seqstate), ctx->seq_recv,
-                  (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, 
-                  (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
-      ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
-      ctx->established = 1;
-      return(GSS_S_COMPLETE);
-   }
+    OM_uint32 major_status;
+    krb5_error_code code;
+    krb5_creds *k_cred;
+    krb5_gss_ctx_id_rec *ctx, *ctx_free;
+    krb5_timestamp now;
+    gss_buffer_desc token;
+
+    k5_mutex_assert_locked(&cred->lock);
+    major_status = GSS_S_FAILURE;
+    token.length = 0;
+    token.value = NULL;
+
+    /* make sure the cred is usable for init */
+
+    if ((cred->usage != GSS_C_INITIATE) &&
+        (cred->usage != GSS_C_BOTH)) {
+        *minor_status = 0;
+        return(GSS_S_NO_CRED);
+    }
+
+    /* complain if the input token is non-null */
+
+    if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
+        *minor_status = 0;
+        return(GSS_S_DEFECTIVE_TOKEN);
+    }
+
+    /* create the ctx */
+
+    if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec)))
+        == NULL) {
+        *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
+    }
+
+    /* fill in the ctx */
+    memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
+    ctx_free = ctx;
+    if ((code = krb5_auth_con_init(context, &ctx->auth_context)))
+        goto fail;
+    krb5_auth_con_setflags(context, ctx->auth_context,
+                           KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+    /* limit the encryption types negotiated (if requested) */
+    if (cred->req_enctypes) {
+        if ((code = krb5_set_default_tgs_enctypes(context,
+                                                  cred->req_enctypes))) {
+            goto fail;
+        }
+    }
+
+    ctx->initiate = 1;
+    ctx->gss_flags = (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |
+                      GSS_C_TRANS_FLAG |
+                      ((req_flags) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+                                      GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG)));
+    ctx->seed_init = 0;
+    ctx->big_endian = 0;  /* all initiators do little-endian, as per spec */
+    ctx->seqstate = 0;
+
+    if ((code = krb5_timeofday(context, &now)))
+        goto fail;
+
+    if (time_req == 0 || time_req == GSS_C_INDEFINITE) {
+        ctx->endtime = 0;
+    } else {
+        ctx->endtime = now + time_req;
+    }
+
+    if ((code = krb5_copy_principal(context, cred->princ, &ctx->here)))
+        goto fail;
+
+    if ((code = krb5_copy_principal(context, (krb5_principal) target_name,
+                                    &ctx->there)))
+        goto fail;
+
+    code = get_credentials(context, cred, ctx->there, now,
+                           ctx->endtime, &k_cred);
+    if (code)
+        goto fail;
+
+    if (default_mech) {
+        mech_type = (gss_OID) gss_mech_krb5;
+    }
+
+    if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used)
+        != GSS_S_COMPLETE) {
+        code = *minor_status;
+        goto fail;
+    }
+    /*
+     * Now try to make it static if at all possible....
+     */
+    ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
+
+    {
+        /* gsskrb5 v1 */
+        krb5_ui_4 seq_temp;
+        if ((code = make_ap_req_v1(context, ctx,
+                                   cred, k_cred, input_chan_bindings,
+                                   mech_type, &token))) {
+            if ((code == KRB5_FCC_NOFILE) || (code == KRB5_CC_NOTFOUND) ||
+                (code == KG_EMPTY_CCACHE))
+                major_status = GSS_S_NO_CRED;
+            if (code == KRB5KRB_AP_ERR_TKT_EXPIRED)
+                major_status = GSS_S_CREDENTIALS_EXPIRED;
+            goto fail;
+        }
+
+        krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &seq_temp);
+        ctx->seq_send = seq_temp;
+        krb5_auth_con_getsendsubkey(context, ctx->auth_context,
+                                    &ctx->subkey);
+    }
+
+    major_status = setup_enc(minor_status, ctx, context);
+
+    if (k_cred) {
+        krb5_free_creds(context, k_cred);
+        k_cred = 0;
+    }
+
+    /* at this point, the context is constructed and valid,
+       hence, releaseable */
+
+    /* intern the context handle */
+
+    if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
+        code = G_VALIDATE_FAILED;
+        goto fail;
+    }
+    *context_handle = (gss_ctx_id_t) ctx;
+    ctx_free = 0;
+
+    /* compute time_rec */
+    if (time_rec) {
+        if ((code = krb5_timeofday(context, &now)))
+            goto fail;
+        *time_rec = ctx->endtime - now;
+    }
+
+    /* set the other returns */
+    *output_token = token;
+
+    if (ret_flags)
+        *ret_flags = ctx->gss_flags;
+
+    if (actual_mech_type)
+        *actual_mech_type = mech_type;
+
+    /* return successfully */
+
+    *minor_status = 0;
+    if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
+        ctx->established = 0;
+        return(GSS_S_CONTINUE_NEEDED);
+    } else {
+        ctx->seq_recv = ctx->seq_send;
+        g_order_init(&(ctx->seqstate), ctx->seq_recv,
+                     (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+                     (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto);
+        ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
+        ctx->established = 1;
+        return(GSS_S_COMPLETE);
+    }
 
 fail:
-   if (ctx_free) {
-       if (ctx_free->auth_context)
-          krb5_auth_con_free(context, ctx_free->auth_context);
-       if (ctx_free->here)
-          krb5_free_principal(context, ctx_free->here);
-       if (ctx_free->there)
-          krb5_free_principal(context, ctx_free->there);
-       if (ctx_free->subkey)
-          krb5_free_keyblock(context, ctx_free->subkey);
-       xfree(ctx_free);
-   } else
-       (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
-
-   *minor_status = code;
-   return (major_status);
+    if (ctx_free) {
+        if (ctx_free->auth_context)
+            krb5_auth_con_free(context, ctx_free->auth_context);
+        if (ctx_free->here)
+            krb5_free_principal(context, ctx_free->here);
+        if (ctx_free->there)
+            krb5_free_principal(context, ctx_free->there);
+        if (ctx_free->subkey)
+            krb5_free_keyblock(context, ctx_free->subkey);
+        xfree(ctx_free);
+    } else
+        (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+
+    *minor_status = code;
+    return (major_status);
 }
 
 /*
@@ -651,180 +652,180 @@ fail:
  */
 static OM_uint32
 mutual_auth(
-   OM_uint32 *minor_status,
-   gss_ctx_id_t *context_handle,
-   gss_name_t target_name,
-   gss_OID mech_type,
-   OM_uint32 req_flags,
-   OM_uint32 time_req,
-   gss_channel_bindings_t input_chan_bindings,
-   gss_buffer_t input_token,
-   gss_OID *actual_mech_type,
-   gss_buffer_t output_token,
-   OM_uint32 *ret_flags,
-   OM_uint32 *time_rec,
-   krb5_context context)
+    OM_uint32 *minor_status,
+    gss_ctx_id_t *context_handle,
+    gss_name_t target_name,
+    gss_OID mech_type,
+    OM_uint32 req_flags,
+    OM_uint32 time_req,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_OID *actual_mech_type,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags,
+    OM_uint32 *time_rec,
+    krb5_context context)
 {
-   OM_uint32 major_status;
-   unsigned char *ptr;
-   char *sptr;
-   krb5_data ap_rep;
-   krb5_ap_rep_enc_part *ap_rep_data;
-   krb5_timestamp now;
-   krb5_gss_ctx_id_rec *ctx;
-   krb5_error *krb_error;
-   krb5_error_code code;
-   krb5int_access kaccess;
-
-   major_status = GSS_S_FAILURE;
-
-   code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
-   if (code)
-       goto fail;
-
-   /* validate the context handle */
-   /*SUPPRESS 29*/
-   if (! kg_validate_ctx_id(*context_handle)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_NO_CONTEXT);
-   }
-
-   ctx = (krb5_gss_ctx_id_t) *context_handle;
-
-   /* make sure the context is non-established, and that certain
-      arguments are unchanged */
-
-   if ((ctx->established) ||
-       ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) {
-      code = KG_CONTEXT_ESTABLISHED;
-      goto fail;
-   }
-
-   if (! krb5_principal_compare(context, ctx->there, 
-                               (krb5_principal) target_name)) {
-      (void)krb5_gss_delete_sec_context(minor_status, 
-                                       context_handle, NULL);
-      code = 0;
-      major_status = GSS_S_BAD_NAME;
-      goto fail;
-   }
-
-   /* verify the token and leave the AP_REP message in ap_rep */
-
-   if (input_token == GSS_C_NO_BUFFER) {
-      (void)krb5_gss_delete_sec_context(minor_status, 
-                                       context_handle, NULL);
-      code = 0;
-      major_status = GSS_S_DEFECTIVE_TOKEN;
-      goto fail;
-   }
-
-   ptr = (unsigned char *) input_token->value;
-
-   if (g_verify_token_header(ctx->mech_used,
-                            &(ap_rep.length),
-                            &ptr, KG_TOK_CTX_AP_REP,
-                            input_token->length, 1)) {
-      if (g_verify_token_header((gss_OID) ctx->mech_used,
-                               &(ap_rep.length),
-                               &ptr, KG_TOK_CTX_ERROR,
-                               input_token->length, 1) == 0) {
-
-        /* Handle a KRB_ERROR message from the server */
-
-        sptr = (char *) ptr;           /* PC compiler bug */
-        TREAD_STR(sptr, ap_rep.data, ap_rep.length);
-                     
-        code = krb5_rd_error(context, &ap_rep, &krb_error);
-        if (code)
-           goto fail;
-        if (krb_error->error)
-           code = krb_error->error + ERROR_TABLE_BASE_krb5;
-        else
-           code = 0;
-        krb5_free_error(context, krb_error);
-        goto fail;
-      } else {
-        *minor_status = 0;
-        return(GSS_S_DEFECTIVE_TOKEN);
-      }
-   }
-
-   sptr = (char *) ptr;                      /* PC compiler bug */
-   TREAD_STR(sptr, ap_rep.data, ap_rep.length);
-
-   /* decode the ap_rep */
-   if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
-                          &ap_rep_data))) {
-      /*
-       * XXX A hack for backwards compatiblity.
-       * To be removed in 1999 -- proven 
-       */
-      krb5_auth_con_setuseruserkey(context, ctx->auth_context,
-                                  ctx->subkey);
-      if ((krb5_rd_rep(context, ctx->auth_context, &ap_rep,
-                      &ap_rep_data)))
-        goto fail;
-   }
-
-   /* store away the sequence number */
-   ctx->seq_recv = ap_rep_data->seq_number;
-   g_order_init(&(ctx->seqstate), ctx->seq_recv,
-               (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
-               (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0, ctx->proto);
-
-   if (ctx->proto == 1 && ap_rep_data->subkey) {
-       /* Keep acceptor's subkey.  */
-       ctx->have_acceptor_subkey = 1;
-       code = krb5_copy_keyblock(context, ap_rep_data->subkey,
-                                &ctx->acceptor_subkey);
-       if (code)
-          goto fail;
-       code = (*kaccess.krb5int_c_mandatory_cksumtype)(context,
-                                           ctx->acceptor_subkey->enctype,
-                                           &ctx->acceptor_subkey_cksumtype);
-       if (code)
-          goto fail;
-   }
-
-   /* free the ap_rep_data */
-   krb5_free_ap_rep_enc_part(context, ap_rep_data);
-
-   /* set established */
-   ctx->established = 1;
-
-   /* set returns */
-
-   if (time_rec) {
-      if ((code = krb5_timeofday(context, &now)))
-        goto fail;
-      *time_rec = ctx->endtime - now;
-   }
-
-   if (ret_flags)
-      *ret_flags = ctx->gss_flags;
-
-   if (actual_mech_type)
-      *actual_mech_type = mech_type;
-
-   /* success */
-
-   *minor_status = 0;
-   return GSS_S_COMPLETE;
+    OM_uint32 major_status;
+    unsigned char *ptr;
+    char *sptr;
+    krb5_data ap_rep;
+    krb5_ap_rep_enc_part *ap_rep_data;
+    krb5_timestamp now;
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_error *krb_error;
+    krb5_error_code code;
+    krb5int_access kaccess;
+
+    major_status = GSS_S_FAILURE;
+
+    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (code)
+        goto fail;
+
+    /* validate the context handle */
+    /*SUPPRESS 29*/
+    if (! kg_validate_ctx_id(*context_handle)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_NO_CONTEXT);
+    }
+
+    ctx = (krb5_gss_ctx_id_t) *context_handle;
+
+    /* make sure the context is non-established, and that certain
+       arguments are unchanged */
+
+    if ((ctx->established) ||
+        ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) {
+        code = KG_CONTEXT_ESTABLISHED;
+        goto fail;
+    }
+
+    if (! krb5_principal_compare(context, ctx->there,
+                                 (krb5_principal) target_name)) {
+        (void)krb5_gss_delete_sec_context(minor_status,
+                                          context_handle, NULL);
+        code = 0;
+        major_status = GSS_S_BAD_NAME;
+        goto fail;
+    }
+
+    /* verify the token and leave the AP_REP message in ap_rep */
+
+    if (input_token == GSS_C_NO_BUFFER) {
+        (void)krb5_gss_delete_sec_context(minor_status,
+                                          context_handle, NULL);
+        code = 0;
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto fail;
+    }
+
+    ptr = (unsigned char *) input_token->value;
+
+    if (g_verify_token_header(ctx->mech_used,
+                              &(ap_rep.length),
+                              &ptr, KG_TOK_CTX_AP_REP,
+                              input_token->length, 1)) {
+        if (g_verify_token_header((gss_OID) ctx->mech_used,
+                                  &(ap_rep.length),
+                                  &ptr, KG_TOK_CTX_ERROR,
+                                  input_token->length, 1) == 0) {
+
+            /* Handle a KRB_ERROR message from the server */
+
+            sptr = (char *) ptr;           /* PC compiler bug */
+            TREAD_STR(sptr, ap_rep.data, ap_rep.length);
+
+            code = krb5_rd_error(context, &ap_rep, &krb_error);
+            if (code)
+                goto fail;
+            if (krb_error->error)
+                code = krb_error->error + ERROR_TABLE_BASE_krb5;
+            else
+                code = 0;
+            krb5_free_error(context, krb_error);
+            goto fail;
+        } else {
+            *minor_status = 0;
+            return(GSS_S_DEFECTIVE_TOKEN);
+        }
+    }
+
+    sptr = (char *) ptr;                      /* PC compiler bug */
+    TREAD_STR(sptr, ap_rep.data, ap_rep.length);
+
+    /* decode the ap_rep */
+    if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
+                            &ap_rep_data))) {
+        /*
+         * XXX A hack for backwards compatiblity.
+         * To be removed in 1999 -- proven
+         */
+        krb5_auth_con_setuseruserkey(context, ctx->auth_context,
+                                     ctx->subkey);
+        if ((krb5_rd_rep(context, ctx->auth_context, &ap_rep,
+                         &ap_rep_data)))
+            goto fail;
+    }
+
+    /* store away the sequence number */
+    ctx->seq_recv = ap_rep_data->seq_number;
+    g_order_init(&(ctx->seqstate), ctx->seq_recv,
+                 (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+                 (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0, ctx->proto);
+
+    if (ctx->proto == 1 && ap_rep_data->subkey) {
+        /* Keep acceptor's subkey.  */
+        ctx->have_acceptor_subkey = 1;
+        code = krb5_copy_keyblock(context, ap_rep_data->subkey,
+                                  &ctx->acceptor_subkey);
+        if (code)
+            goto fail;
+        code = (*kaccess.krb5int_c_mandatory_cksumtype)(context,
+                                                        ctx->acceptor_subkey->enctype,
+                                                        &ctx->acceptor_subkey_cksumtype);
+        if (code)
+            goto fail;
+    }
+
+    /* free the ap_rep_data */
+    krb5_free_ap_rep_enc_part(context, ap_rep_data);
+
+    /* set established */
+    ctx->established = 1;
+
+    /* set returns */
+
+    if (time_rec) {
+        if ((code = krb5_timeofday(context, &now)))
+            goto fail;
+        *time_rec = ctx->endtime - now;
+    }
+
+    if (ret_flags)
+        *ret_flags = ctx->gss_flags;
+
+    if (actual_mech_type)
+        *actual_mech_type = mech_type;
+
+    /* success */
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
 
 fail:
-   (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+    (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
 
-   *minor_status = code;
-   return (major_status);
+    *minor_status = code;
+    return (major_status);
 }
 
 OM_uint32
 krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
-                         context_handle, target_name, mech_type,
-                         req_flags, time_req, input_chan_bindings,
-                         input_token, actual_mech_type, output_token,
-                         ret_flags, time_rec)
+                          context_handle, target_name, mech_type,
+                          req_flags, time_req, input_chan_bindings,
+                          input_token, actual_mech_type, output_token,
+                          ret_flags, time_rec)
     OM_uint32 *minor_status;
     gss_cred_id_t claimant_cred_handle;
     gss_ctx_id_t *context_handle;
@@ -839,142 +840,142 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
     OM_uint32 *ret_flags;
     OM_uint32 *time_rec;
 {
-   krb5_context context;
-   krb5_gss_cred_id_t cred;
-   int err;
-   krb5_error_code kerr;
-   int default_mech = 0;
-   OM_uint32 major_status;
-   OM_uint32 tmp_min_stat;
-
-   if (*context_handle == GSS_C_NO_CONTEXT) {
-       kerr = krb5_gss_init_context(&context);
-       if (kerr) {
-          *minor_status = kerr;
-          return GSS_S_FAILURE;
-       }
-       if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) {
-          save_error_info(*minor_status, context);
-          krb5_free_context(context);
-          return GSS_S_FAILURE;
-       }
-   } else {
-       context = ((krb5_gss_ctx_id_rec *)*context_handle)->k5_context;
-   }
-
-   /* set up return values so they can be "freed" successfully */
-
-   major_status = GSS_S_FAILURE; /* Default major code */
-   output_token->length = 0;
-   output_token->value = NULL;
-   if (actual_mech_type)
-      *actual_mech_type = NULL;
-
-   /* verify that the target_name is valid and usable */
-
-   if (! kg_validate_name(target_name)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      save_error_info(*minor_status, context);
-      if (*context_handle == GSS_C_NO_CONTEXT)
-         krb5_free_context(context);
-      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-   }
-
-   /* verify the credential, or use the default */
-   /*SUPPRESS 29*/
-   if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
-      major_status = kg_get_defcred(minor_status, (gss_cred_id_t *)&cred);
-      if (major_status && GSS_ERROR(major_status)) {
-        if (*context_handle == GSS_C_NO_CONTEXT)
-           krb5_free_context(context);
-        return(major_status);
-      }
-   } else {
-      major_status = krb5_gss_validate_cred(minor_status, claimant_cred_handle);
-      if (GSS_ERROR(major_status)) {
-         save_error_info(*minor_status, context);
-         if (*context_handle == GSS_C_NO_CONTEXT)
-             krb5_free_context(context);
-         return(major_status);
-      }
-      cred = (krb5_gss_cred_id_t) claimant_cred_handle;
-   }
-   kerr = k5_mutex_lock(&cred->lock);
-   if (kerr) {
-       krb5_free_context(context);
-       *minor_status = kerr;
-       return GSS_S_FAILURE;
-   }
-
-   /* verify the mech_type */
-
-   err = 0;
-   if (mech_type == GSS_C_NULL_OID) {
-       default_mech = 1;
-       if (cred->rfc_mech) {
-          mech_type = (gss_OID) gss_mech_krb5;
-       } else if (cred->prerfc_mech) {
-          mech_type = (gss_OID) gss_mech_krb5_old;
-       } else {
-          err = 1;
-       }
-   } else if (g_OID_equal(mech_type, gss_mech_krb5)) {
-       if (!cred->rfc_mech)
-          err = 1;
-   } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) {
-       if (!cred->prerfc_mech)
-          err = 1;
-   } else if (g_OID_equal(mech_type, gss_mech_krb5_wrong)) {
-       if (!cred->rfc_mech)
-          err = 1;
-   } else {
-       err = 1;
-   }
-   
-   if (err) {
-      k5_mutex_unlock(&cred->lock);
-      if (claimant_cred_handle == GSS_C_NO_CREDENTIAL)
-        krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
-      *minor_status = 0;
-      if (*context_handle == GSS_C_NO_CONTEXT)
-        krb5_free_context(context);
-      return(GSS_S_BAD_MECH);
-   }
-
-   /* is this a new connection or not? */
-
-   /*SUPPRESS 29*/
-   if (*context_handle == GSS_C_NO_CONTEXT) {
-      major_status = new_connection(minor_status, cred, context_handle,
-                                   target_name, mech_type, req_flags,
-                                   time_req, input_chan_bindings,
-                                   input_token, actual_mech_type,
-                                   output_token, ret_flags, time_rec,
-                                   context, default_mech);
-      k5_mutex_unlock(&cred->lock);
-      if (*context_handle == GSS_C_NO_CONTEXT) {
-         save_error_info (*minor_status, context);
-         krb5_free_context(context);
-      } else
-         ((krb5_gss_ctx_id_rec *) *context_handle)->k5_context = context;
-   } else {
-      /* mutual_auth doesn't care about the credentials */
-      k5_mutex_unlock(&cred->lock);
-      major_status = mutual_auth(minor_status, context_handle,
-                                target_name, mech_type, req_flags,
-                                time_req, input_chan_bindings,
-                                input_token, actual_mech_type,
-                                output_token, ret_flags, time_rec,
-                                context);
-      /* If context_handle is now NO_CONTEXT, mutual_auth called
-        delete_sec_context, which would've zapped the krb5 context
-        too.  */
-   }
-
-   if (claimant_cred_handle == GSS_C_NO_CREDENTIAL)
-      krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred);
-
-   return(major_status);
+    krb5_context context;
+    krb5_gss_cred_id_t cred;
+    int err;
+    krb5_error_code kerr;
+    int default_mech = 0;
+    OM_uint32 major_status;
+    OM_uint32 tmp_min_stat;
+
+    if (*context_handle == GSS_C_NO_CONTEXT) {
+        kerr = krb5_gss_init_context(&context);
+        if (kerr) {
+            *minor_status = kerr;
+            return GSS_S_FAILURE;
+        }
+        if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) {
+            save_error_info(*minor_status, context);
+            krb5_free_context(context);
+            return GSS_S_FAILURE;
+        }
+    } else {
+        context = ((krb5_gss_ctx_id_rec *)*context_handle)->k5_context;
+    }
+
+    /* set up return values so they can be "freed" successfully */
+
+    major_status = GSS_S_FAILURE; /* Default major code */
+    output_token->length = 0;
+    output_token->value = NULL;
+    if (actual_mech_type)
+        *actual_mech_type = NULL;
+
+    /* verify that the target_name is valid and usable */
+
+    if (! kg_validate_name(target_name)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        save_error_info(*minor_status, context);
+        if (*context_handle == GSS_C_NO_CONTEXT)
+            krb5_free_context(context);
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+    }
+
+    /* verify the credential, or use the default */
+    /*SUPPRESS 29*/
+    if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
+        major_status = kg_get_defcred(minor_status, (gss_cred_id_t *)&cred);
+        if (major_status && GSS_ERROR(major_status)) {
+            if (*context_handle == GSS_C_NO_CONTEXT)
+                krb5_free_context(context);
+            return(major_status);
+        }
+    } else {
+        major_status = krb5_gss_validate_cred(minor_status, claimant_cred_handle);
+        if (GSS_ERROR(major_status)) {
+            save_error_info(*minor_status, context);
+            if (*context_handle == GSS_C_NO_CONTEXT)
+                krb5_free_context(context);
+            return(major_status);
+        }
+        cred = (krb5_gss_cred_id_t) claimant_cred_handle;
+    }
+    kerr = k5_mutex_lock(&cred->lock);
+    if (kerr) {
+        krb5_free_context(context);
+        *minor_status = kerr;
+        return GSS_S_FAILURE;
+    }
+
+    /* verify the mech_type */
+
+    err = 0;
+    if (mech_type == GSS_C_NULL_OID) {
+        default_mech = 1;
+        if (cred->rfc_mech) {
+            mech_type = (gss_OID) gss_mech_krb5;
+        } else if (cred->prerfc_mech) {
+            mech_type = (gss_OID) gss_mech_krb5_old;
+        } else {
+            err = 1;
+        }
+    } else if (g_OID_equal(mech_type, gss_mech_krb5)) {
+        if (!cred->rfc_mech)
+            err = 1;
+    } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) {
+        if (!cred->prerfc_mech)
+            err = 1;
+    } else if (g_OID_equal(mech_type, gss_mech_krb5_wrong)) {
+        if (!cred->rfc_mech)
+            err = 1;
+    } else {
+        err = 1;
+    }
+
+    if (err) {
+        k5_mutex_unlock(&cred->lock);
+        if (claimant_cred_handle == GSS_C_NO_CREDENTIAL)
+            krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
+        *minor_status = 0;
+        if (*context_handle == GSS_C_NO_CONTEXT)
+            krb5_free_context(context);
+        return(GSS_S_BAD_MECH);
+    }
+
+    /* is this a new connection or not? */
+
+    /*SUPPRESS 29*/
+    if (*context_handle == GSS_C_NO_CONTEXT) {
+        major_status = new_connection(minor_status, cred, context_handle,
+                                      target_name, mech_type, req_flags,
+                                      time_req, input_chan_bindings,
+                                      input_token, actual_mech_type,
+                                      output_token, ret_flags, time_rec,
+                                      context, default_mech);
+        k5_mutex_unlock(&cred->lock);
+        if (*context_handle == GSS_C_NO_CONTEXT) {
+            save_error_info (*minor_status, context);
+            krb5_free_context(context);
+        } else
+            ((krb5_gss_ctx_id_rec *) *context_handle)->k5_context = context;
+    } else {
+        /* mutual_auth doesn't care about the credentials */
+        k5_mutex_unlock(&cred->lock);
+        major_status = mutual_auth(minor_status, context_handle,
+                                   target_name, mech_type, req_flags,
+                                   time_req, input_chan_bindings,
+                                   input_token, actual_mech_type,
+                                   output_token, ret_flags, time_rec,
+                                   context);
+        /* If context_handle is now NO_CONTEXT, mutual_auth called
+           delete_sec_context, which would've zapped the krb5 context
+           too.  */
+    }
+
+    if (claimant_cred_handle == GSS_C_NO_CREDENTIAL)
+        krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred);
+
+    return(major_status);
 }
 
 #ifndef _WIN32
@@ -992,16 +993,16 @@ krb5_gss_init_context (krb5_context *ctxp)
 
     err = gssint_initialize_library();
     if (err)
-       return err;
+        return err;
 #ifndef _WIN32
     err = k5_mutex_lock(&kg_kdc_flag_mutex);
     if (err)
-       return err;
+        return err;
     is_kdc = kdc_flag;
     k5_mutex_unlock(&kg_kdc_flag_mutex);
 
     if (is_kdc)
-       return krb5int_init_context_kdc(ctxp);
+        return krb5int_init_context_kdc(ctxp);
 #endif
 
     return krb5_init_context(ctxp);
@@ -1015,13 +1016,12 @@ krb5_gss_use_kdc_context()
 
     err = gssint_initialize_library();
     if (err)
-       return err;
+        return err;
     err = k5_mutex_lock(&kg_kdc_flag_mutex);
     if (err)
-       return err;
+        return err;
     kdc_flag = 1;
     k5_mutex_unlock(&kg_kdc_flag_mutex);
     return 0;
 }
 #endif
-
index ab9d81a4fc013e3a3e63b0808f1836874cb9f6f8..74ae178d81e718f1698c4126fec84ad4a6433703 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 #include "gssapiP_krb5.h"
 
 OM_uint32
-krb5_gss_inquire_context(minor_status, context_handle, initiator_name, 
-                        acceptor_name, lifetime_rec, mech_type, ret_flags,
-                        locally_initiated, opened)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     gss_name_t *initiator_name;
-     gss_name_t *acceptor_name;
-     OM_uint32 *lifetime_rec;
-     gss_OID *mech_type;
-     OM_uint32 *ret_flags;
-     int *locally_initiated;
-     int *opened;
+krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
+                         acceptor_name, lifetime_rec, mech_type, ret_flags,
+                         locally_initiated, opened)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_name_t *initiator_name;
+    gss_name_t *acceptor_name;
+    OM_uint32 *lifetime_rec;
+    gss_OID *mech_type;
+    OM_uint32 *ret_flags;
+    int *locally_initiated;
+    int *opened;
 {
-   krb5_context context;
-   krb5_error_code code;
-   krb5_gss_ctx_id_rec *ctx;
-   krb5_principal initiator, acceptor;
-   krb5_timestamp now;
-   krb5_deltat lifetime;
-
-   if (initiator_name)
-      *initiator_name = (gss_name_t) NULL;
-   if (acceptor_name)
-      *acceptor_name = (gss_name_t) NULL;
-
-   /* validate the context handle */
-   if (! kg_validate_ctx_id(context_handle)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_NO_CONTEXT);
-   }
-
-   ctx = (krb5_gss_ctx_id_rec *) context_handle;
-
-   if (! ctx->established) {
-      *minor_status = KG_CTX_INCOMPLETE;
-      return(GSS_S_NO_CONTEXT);
-   }
-
-   initiator = NULL;
-   acceptor = NULL;
-   context = ctx->k5_context;
-
-   if ((code = krb5_timeofday(context, &now))) {
-      *minor_status = code;
-      save_error_info(*minor_status, context);
-      return(GSS_S_FAILURE);
-   }
-
-   if ((lifetime = ctx->endtime - now) < 0)
-      lifetime = 0;
-
-   if (initiator_name) {
-      if ((code = krb5_copy_principal(context, 
-                                     ctx->initiate?ctx->here:ctx->there,
-                                     &initiator))) {
-        *minor_status = code;
-        save_error_info(*minor_status, context);
-        return(GSS_S_FAILURE);
-      }
-      if (! kg_save_name((gss_name_t) initiator)) {
-        krb5_free_principal(context, initiator);
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_FAILURE);
-      }
-   }
-
-   if (acceptor_name) {
-      if ((code = krb5_copy_principal(context, 
-                                     ctx->initiate?ctx->there:ctx->here,
-                                     &acceptor))) {
-        if (initiator) krb5_free_principal(context, initiator);
-        *minor_status = code;
-        save_error_info(*minor_status, context);
-        return(GSS_S_FAILURE);
-      }
-      if (! kg_save_name((gss_name_t) acceptor)) {
-        krb5_free_principal(context, acceptor);
-        if (initiator) {
-           kg_delete_name((gss_name_t) initiator);
-           krb5_free_principal(context, initiator);
-        }
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        return(GSS_S_FAILURE);
-      }
-   }
-
-   if (initiator_name)
-      *initiator_name = (gss_name_t) initiator;
-
-   if (acceptor_name)
-      *acceptor_name = (gss_name_t) acceptor;
-
-   if (lifetime_rec)
-      *lifetime_rec = lifetime;
-
-   if (mech_type)
-      *mech_type = (gss_OID) ctx->mech_used;
-
-   if (ret_flags)
-      *ret_flags = ctx->gss_flags;
-
-   if (locally_initiated)
-      *locally_initiated = ctx->initiate;
-
-   if (opened)
-      *opened = ctx->established;
-
-   *minor_status = 0;
-   return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_principal initiator, acceptor;
+    krb5_timestamp now;
+    krb5_deltat lifetime;
+
+    if (initiator_name)
+        *initiator_name = (gss_name_t) NULL;
+    if (acceptor_name)
+        *acceptor_name = (gss_name_t) NULL;
+
+    /* validate the context handle */
+    if (! kg_validate_ctx_id(context_handle)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_NO_CONTEXT);
+    }
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+    if (! ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
+    }
+
+    initiator = NULL;
+    acceptor = NULL;
+    context = ctx->k5_context;
+
+    if ((code = krb5_timeofday(context, &now))) {
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        return(GSS_S_FAILURE);
+    }
+
+    if ((lifetime = ctx->endtime - now) < 0)
+        lifetime = 0;
+
+    if (initiator_name) {
+        if ((code = krb5_copy_principal(context,
+                                        ctx->initiate?ctx->here:ctx->there,
+                                        &initiator))) {
+            *minor_status = code;
+            save_error_info(*minor_status, context);
+            return(GSS_S_FAILURE);
+        }
+        if (! kg_save_name((gss_name_t) initiator)) {
+            krb5_free_principal(context, initiator);
+            *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+            return(GSS_S_FAILURE);
+        }
+    }
+
+    if (acceptor_name) {
+        if ((code = krb5_copy_principal(context,
+                                        ctx->initiate?ctx->there:ctx->here,
+                                        &acceptor))) {
+            if (initiator) krb5_free_principal(context, initiator);
+            *minor_status = code;
+            save_error_info(*minor_status, context);
+            return(GSS_S_FAILURE);
+        }
+        if (! kg_save_name((gss_name_t) acceptor)) {
+            krb5_free_principal(context, acceptor);
+            if (initiator) {
+                kg_delete_name((gss_name_t) initiator);
+                krb5_free_principal(context, initiator);
+            }
+            *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+            return(GSS_S_FAILURE);
+        }
+    }
+
+    if (initiator_name)
+        *initiator_name = (gss_name_t) initiator;
+
+    if (acceptor_name)
+        *acceptor_name = (gss_name_t) acceptor;
+
+    if (lifetime_rec)
+        *lifetime_rec = lifetime;
+
+    if (mech_type)
+        *mech_type = (gss_OID) ctx->mech_used;
+
+    if (ret_flags)
+        *ret_flags = ctx->gss_flags;
+
+    if (locally_initiated)
+        *locally_initiated = ctx->initiate;
+
+    if (opened)
+        *opened = ctx->established;
+
+    *minor_status = 0;
+    return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
 }
index aa50d12313996ae9111816400628bea314ca9a68..d23d7f9510f976e526d3a9c08bfcd87a1daa7fd2 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -34,7 +35,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -64,7 +65,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 
 OM_uint32
 krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
-                     cred_usage, mechanisms)
-     OM_uint32 *minor_status;
-     gss_cred_id_t cred_handle;
-     gss_name_t *name;
-     OM_uint32 *lifetime_ret;
-     gss_cred_usage_t *cred_usage;
-     gss_OID_set *mechanisms;
+                      cred_usage, mechanisms)
+    OM_uint32 *minor_status;
+    gss_cred_id_t cred_handle;
+    gss_name_t *name;
+    OM_uint32 *lifetime_ret;
+    gss_cred_usage_t *cred_usage;
+    gss_OID_set *mechanisms;
 {
-   krb5_context context;
-   krb5_gss_cred_id_t cred;
-   krb5_error_code code;
-   krb5_timestamp now;
-   krb5_deltat lifetime;
-   krb5_principal ret_name;
-   gss_OID_set mechs;
-   OM_uint32 ret;
+    krb5_context context;
+    krb5_gss_cred_id_t cred;
+    krb5_error_code code;
+    krb5_timestamp now;
+    krb5_deltat lifetime;
+    krb5_principal ret_name;
+    gss_OID_set mechs;
+    OM_uint32 ret;
+
+    ret = GSS_S_FAILURE;
+    ret_name = NULL;
 
-   ret = GSS_S_FAILURE;
-   ret_name = NULL;
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
 
-   code = krb5_gss_init_context(&context);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
+    if (name) *name = NULL;
+    if (mechanisms) *mechanisms = NULL;
 
-   if (name) *name = NULL;
-   if (mechanisms) *mechanisms = NULL;
+    /* check for default credential */
+    /*SUPPRESS 29*/
+    if (cred_handle == GSS_C_NO_CREDENTIAL) {
+        OM_uint32 major;
 
-   /* check for default credential */
-   /*SUPPRESS 29*/
-   if (cred_handle == GSS_C_NO_CREDENTIAL) {
-      OM_uint32 major;
+        if ((major = kg_get_defcred(minor_status, (gss_cred_id_t *)&cred)) &&
+            GSS_ERROR(major)) {
+            krb5_free_context(context);
+            return(major);
+        }
+    } else {
+        OM_uint32 major;
 
-      if ((major = kg_get_defcred(minor_status, (gss_cred_id_t *)&cred)) &&
-         GSS_ERROR(major)) {
-        krb5_free_context(context);
-        return(major);
-      }
-   } else {
-      OM_uint32 major;
-          
-      major = krb5_gss_validate_cred(minor_status, cred_handle);
-      if (GSS_ERROR(major)) {
-         krb5_free_context(context);
-         return(major);
-      }
-      cred = (krb5_gss_cred_id_t) cred_handle;
-   }
+        major = krb5_gss_validate_cred(minor_status, cred_handle);
+        if (GSS_ERROR(major)) {
+            krb5_free_context(context);
+            return(major);
+        }
+        cred = (krb5_gss_cred_id_t) cred_handle;
+    }
 
-   if ((code = krb5_timeofday(context, &now))) {
-      *minor_status = code;
-      ret = GSS_S_FAILURE;
-      goto fail;
-   }
+    if ((code = krb5_timeofday(context, &now))) {
+        *minor_status = code;
+        ret = GSS_S_FAILURE;
+        goto fail;
+    }
 
-   code = k5_mutex_lock(&cred->lock);
-   if (code != 0) {
-       *minor_status = code;
-       ret = GSS_S_FAILURE;
-       goto fail;
-   }
-   if (cred->tgt_expire > 0) {
-       if ((lifetime = cred->tgt_expire - now) < 0)
-          lifetime = 0;
-   }
-   else
-       lifetime = GSS_C_INDEFINITE;
+    code = k5_mutex_lock(&cred->lock);
+    if (code != 0) {
+        *minor_status = code;
+        ret = GSS_S_FAILURE;
+        goto fail;
+    }
+    if (cred->tgt_expire > 0) {
+        if ((lifetime = cred->tgt_expire - now) < 0)
+            lifetime = 0;
+    }
+    else
+        lifetime = GSS_C_INDEFINITE;
 
-   if (name) {
-      if (cred->princ &&
-         (code = krb5_copy_principal(context, cred->princ, &ret_name))) {
-        k5_mutex_unlock(&cred->lock);
-        *minor_status = code;
-        save_error_info(*minor_status, context);
-        ret = GSS_S_FAILURE;
-        goto fail;
-      }
-   }
+    if (name) {
+        if (cred->princ &&
+            (code = krb5_copy_principal(context, cred->princ, &ret_name))) {
+            k5_mutex_unlock(&cred->lock);
+            *minor_status = code;
+            save_error_info(*minor_status, context);
+            ret = GSS_S_FAILURE;
+            goto fail;
+        }
+    }
 
-   if (mechanisms) {
-       if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status,
-                                                           &mechs)) ||
-          (cred->prerfc_mech &&
-           GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5_old,
-                                                          &mechs))) ||
-          (cred->rfc_mech &&
-           GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
-                                                          gss_mech_krb5,
-                                                          &mechs)))) {
-          k5_mutex_unlock(&cred->lock);
-          if (ret_name)
-              krb5_free_principal(context, ret_name);
-          /* *minor_status set above */
-          goto fail;
-       }
-   }
+    if (mechanisms) {
+        if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status,
+                                                             &mechs)) ||
+            (cred->prerfc_mech &&
+             GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
+                                                            gss_mech_krb5_old,
+                                                            &mechs))) ||
+            (cred->rfc_mech &&
+             GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
+                                                            gss_mech_krb5,
+                                                            &mechs)))) {
+            k5_mutex_unlock(&cred->lock);
+            if (ret_name)
+                krb5_free_principal(context, ret_name);
+            /* *minor_status set above */
+            goto fail;
+        }
+    }
 
-   if (name) {
-      if (ret_name != NULL && ! kg_save_name((gss_name_t) ret_name)) {
-        k5_mutex_unlock(&cred->lock);
-        if (cred_handle == GSS_C_NO_CREDENTIAL)
-            krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
+    if (name) {
+        if (ret_name != NULL && ! kg_save_name((gss_name_t) ret_name)) {
+            k5_mutex_unlock(&cred->lock);
+            if (cred_handle == GSS_C_NO_CREDENTIAL)
+                krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
 
-        (void) gss_release_oid_set(minor_status, &mechs);
-        krb5_free_principal(context, ret_name);
-        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-        krb5_free_context(context);
-        return(GSS_S_FAILURE);
-      }
-      if (ret_name != NULL)
-         *name = (gss_name_t) ret_name;
-      else
-         *name = GSS_C_NO_NAME;
-   }
+            (void) gss_release_oid_set(minor_status, &mechs);
+            krb5_free_principal(context, ret_name);
+            *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+            krb5_free_context(context);
+            return(GSS_S_FAILURE);
+        }
+        if (ret_name != NULL)
+            *name = (gss_name_t) ret_name;
+        else
+            *name = GSS_C_NO_NAME;
+    }
 
-   if (lifetime_ret)
-      *lifetime_ret = lifetime;
+    if (lifetime_ret)
+        *lifetime_ret = lifetime;
 
-   if (cred_usage)
-      *cred_usage = cred->usage;
-   k5_mutex_unlock(&cred->lock);
+    if (cred_usage)
+        *cred_usage = cred->usage;
+    k5_mutex_unlock(&cred->lock);
 
-   if (mechanisms)
-      *mechanisms = mechs;
+    if (mechanisms)
+        *mechanisms = mechs;
 
-   if (cred_handle == GSS_C_NO_CREDENTIAL)
-       krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
+    if (cred_handle == GSS_C_NO_CREDENTIAL)
+        krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred);
 
-   krb5_free_context(context);
-   *minor_status = 0;
-   return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);
+    krb5_free_context(context);
+    *minor_status = 0;
+    return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE);
 fail:
-   if (cred_handle == GSS_C_NO_CREDENTIAL) {
-       OM_uint32 tmp_min_stat;
+    if (cred_handle == GSS_C_NO_CREDENTIAL) {
+        OM_uint32 tmp_min_stat;
 
-       krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred);
-   }
-   krb5_free_context(context);
-   return ret;
+        krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred);
+    }
+    krb5_free_context(context);
+    return ret;
 }
 
 /* V2 interface */
 OM_uint32
 krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
-                             mech_type, name, initiator_lifetime,
-                             acceptor_lifetime, cred_usage)
-    OM_uint32          *minor_status;
-    gss_cred_id_t      cred_handle;
-    gss_OID            mech_type;
-    gss_name_t         *name;
-    OM_uint32          *initiator_lifetime;
-    OM_uint32          *acceptor_lifetime;
+                              mech_type, name, initiator_lifetime,
+                              acceptor_lifetime, cred_usage)
+    OM_uint32           *minor_status;
+    gss_cred_id_t       cred_handle;
+    gss_OID             mech_type;
+    gss_name_t          *name;
+    OM_uint32           *initiator_lifetime;
+    OM_uint32           *acceptor_lifetime;
     gss_cred_usage_t *cred_usage;
 {
-    krb5_gss_cred_id_t cred;
-    OM_uint32          lifetime;
-    OM_uint32          mstat;
+    krb5_gss_cred_id_t  cred;
+    OM_uint32           lifetime;
+    OM_uint32           mstat;
 
     /*
      * We only know how to handle our own creds.
      */
     if ((mech_type != GSS_C_NULL_OID) &&
-       !g_OID_equal(gss_mech_krb5_old, mech_type) &&
-       !g_OID_equal(gss_mech_krb5, mech_type)) {
-       *minor_status = 0;
-       return(GSS_S_NO_CRED);
+        !g_OID_equal(gss_mech_krb5_old, mech_type) &&
+        !g_OID_equal(gss_mech_krb5, mech_type)) {
+        *minor_status = 0;
+        return(GSS_S_NO_CRED);
     }
 
     cred = (krb5_gss_cred_id_t) cred_handle;
     mstat = krb5_gss_inquire_cred(minor_status,
-                                 cred_handle,
-                                 name,
-                                 &lifetime,
-                                 cred_usage,
-                                 (gss_OID_set *) NULL);
+                                  cred_handle,
+                                  name,
+                                  &lifetime,
+                                  cred_usage,
+                                  (gss_OID_set *) NULL);
     if (mstat == GSS_S_COMPLETE) {
-       if (cred &&
-           ((cred->usage == GSS_C_INITIATE) ||
-            (cred->usage == GSS_C_BOTH)) &&
-           initiator_lifetime)
-           *initiator_lifetime = lifetime;
-       if (cred &&
-           ((cred->usage == GSS_C_ACCEPT) ||
-            (cred->usage == GSS_C_BOTH)) &&
-           acceptor_lifetime)
-           *acceptor_lifetime = lifetime;
+        if (cred &&
+            ((cred->usage == GSS_C_INITIATE) ||
+             (cred->usage == GSS_C_BOTH)) &&
+            initiator_lifetime)
+            *initiator_lifetime = lifetime;
+        if (cred &&
+            ((cred->usage == GSS_C_ACCEPT) ||
+             (cred->usage == GSS_C_BOTH)) &&
+            acceptor_lifetime)
+            *acceptor_lifetime = lifetime;
     }
     return(mstat);
 }
-
index c9e3dc9ad0339087d49b5dc304f8257c8899d061..2301b1ff4a6893bfda88e1df3de66ebc5bb1e9de 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/inq_names.c
  *
 
 OM_uint32
 krb5_gss_inquire_names_for_mech(minor_status, mechanism, name_types)
-    OM_uint32  *minor_status;
-    gss_OID    mechanism;
-    gss_OID_set        *name_types;
+    OM_uint32   *minor_status;
+    gss_OID     mechanism;
+    gss_OID_set *name_types;
 {
-    OM_uint32  major, minor;
+    OM_uint32   major, minor;
 
     /*
      * We only know how to handle our own mechanism.
      */
     if ((mechanism != GSS_C_NULL_OID) &&
-       !g_OID_equal(gss_mech_krb5, mechanism) &&
-       !g_OID_equal(gss_mech_krb5_old, mechanism)) {
-       *minor_status = 0;
-       return(GSS_S_BAD_MECH);
+        !g_OID_equal(gss_mech_krb5, mechanism) &&
+        !g_OID_equal(gss_mech_krb5_old, mechanism)) {
+        *minor_status = 0;
+        return(GSS_S_BAD_MECH);
     }
 
     /* We're okay.  Create an empty OID set */
     major = gss_create_empty_oid_set(minor_status, name_types);
     if (major == GSS_S_COMPLETE) {
-       /* Now add our members. */
-       if (
-           ((major = generic_gss_add_oid_set_member(minor_status,
-                                                    gss_nt_user_name,
-                                                    name_types)
-             ) == GSS_S_COMPLETE) &&
-           ((major = generic_gss_add_oid_set_member(minor_status,
-                                                    gss_nt_machine_uid_name,
-                                                    name_types)
-             ) == GSS_S_COMPLETE) &&
-           ((major = generic_gss_add_oid_set_member(minor_status,
-                                                    gss_nt_string_uid_name,
-                                                    name_types)
-             ) == GSS_S_COMPLETE) &&
-           ((major = generic_gss_add_oid_set_member(minor_status,
-                                                    gss_nt_service_name,
-                                                    name_types)
-             ) == GSS_S_COMPLETE) &&
-           ((major = generic_gss_add_oid_set_member(minor_status,
-                                                    gss_nt_service_name_v2,
-                                                    name_types)
-             ) == GSS_S_COMPLETE) &&
-           ((major = generic_gss_add_oid_set_member(minor_status,
-                                                    gss_nt_exported_name,
-                                                    name_types)
-             ) == GSS_S_COMPLETE) &&
-           ((major = generic_gss_add_oid_set_member(minor_status,
-                                                    gss_nt_krb5_name,
-                                                    name_types)
-             ) == GSS_S_COMPLETE)
-           ) {
-           major = generic_gss_add_oid_set_member(minor_status,
-                                                  gss_nt_krb5_principal,
-                                                  name_types);
-       }
+        /* Now add our members. */
+        if (
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_user_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_machine_uid_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_string_uid_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_service_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_service_name_v2,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_exported_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_krb5_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE)
+        ) {
+            major = generic_gss_add_oid_set_member(minor_status,
+                                                   gss_nt_krb5_principal,
+                                                   name_types);
+        }
 
-       /*
-        * If we choked, then release the set, but don't overwrite the minor
-        * status with the release call.
-        */
-       if (major != GSS_S_COMPLETE)
-           (void) gss_release_oid_set(&minor,
-                                      name_types);
+        /*
+         * If we choked, then release the set, but don't overwrite the minor
+         * status with the release call.
+         */
+        if (major != GSS_S_COMPLETE)
+            (void) gss_release_oid_set(&minor,
+                                       name_types);
     }
     return(major);
 }
index e019e1b13f57d6453a123c5dd02178589e9b7cd6..d51fb7344f72a156de53d19d46bde9fec5ece35e 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
 
 static krb5_error_code
 make_seal_token_v1 (krb5_context context,
-                   krb5_keyblock *enc,
-                   krb5_keyblock *seq,
-                   gssint_uint64 *seqnum,
-                   int direction,
-                   gss_buffer_t text,
-                   gss_buffer_t token,
-                   int signalg,
-                   size_t cksum_size,
-                   int sealalg,
-                   int do_encrypt,
-                   int toktype,
-                   int bigend,
-                   gss_OID oid)
+                    krb5_keyblock *enc,
+                    krb5_keyblock *seq,
+                    gssint_uint64 *seqnum,
+                    int direction,
+                    gss_buffer_t text,
+                    gss_buffer_t token,
+                    int signalg,
+                    size_t cksum_size,
+                    int sealalg,
+                    int do_encrypt,
+                    int toktype,
+                    int bigend,
+                    gss_OID oid)
 {
     krb5_error_code code;
     size_t sumlen;
@@ -72,12 +73,12 @@ make_seal_token_v1 (krb5_context context,
     krb5_data plaind;
     krb5_checksum md5cksum;
     krb5_checksum cksum;
-                               /* msglen contains the message length
-                                * we are signing/encrypting.  tmsglen
-                                * contains the length of the message
-                                * we plan to write out to the token.
-                                * tlen is the length of the token
-                                * including header. */
+    /* msglen contains the message length
+     * we are signing/encrypting.  tmsglen
+     * contains the length of the message
+     * we plan to write out to the token.
+     * tlen is the length of the token
+     * including header. */
     unsigned  conflen=0, tmsglen, tlen, msglen;
     unsigned char *t, *ptr;
     unsigned char *plain;
@@ -89,30 +90,30 @@ make_seal_token_v1 (krb5_context context,
     /* create the token buffer */
     /* Do we need confounder? */
     if (do_encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
-      conflen = kg_confounder_size(context, enc);
+        conflen = kg_confounder_size(context, enc);
     else conflen = 0;
 
     if (toktype == KG_TOK_SEAL_MSG) {
-      switch (sealalg) {
-      case SEAL_ALG_MICROSOFT_RC4:
-       msglen = conflen + text->length+1;
-       pad = 1;
-       break;
-      default:
-       /* XXX knows that des block size is 8 */
-       msglen = (conflen+text->length+8)&(~7);
-             pad = 8-(text->length%8);
-      }
-      tmsglen = msglen;
+        switch (sealalg) {
+        case SEAL_ALG_MICROSOFT_RC4:
+            msglen = conflen + text->length+1;
+            pad = 1;
+            break;
+        default:
+            /* XXX knows that des block size is 8 */
+            msglen = (conflen+text->length+8)&(~7);
+            pad = 8-(text->length%8);
+        }
+        tmsglen = msglen;
     } else {
-      tmsglen = 0;
-      msglen = text->length;
-      pad = 0;
+        tmsglen = 0;
+        msglen = text->length;
+        pad = 0;
     }
     tlen = g_token_size((gss_OID) oid, 14+cksum_size+tmsglen);
 
     if ((t = (unsigned char *) xmalloc(tlen)) == NULL)
-      return(ENOMEM);
+        return(ENOMEM);
 
     /*** fill in the token */
 
@@ -125,12 +126,12 @@ make_seal_token_v1 (krb5_context context,
 
     /* 2..3 SEAL_ALG or Filler */
     if ((toktype == KG_TOK_SEAL_MSG) && do_encrypt) {
-      ptr[2] = sealalg & 0xff;
-      ptr[3] = (sealalg >> 8) & 0xff;
+        ptr[2] = sealalg & 0xff;
+        ptr[3] = (sealalg >> 8) & 0xff;
     } else {
-      /* No seal */
-      ptr[2] = 0xff;
-      ptr[3] = 0xff;
+        /* No seal */
+        ptr[2] = 0xff;
+        ptr[3] = 0xff;
     }
 
     /* 4..5 Filler */
@@ -143,40 +144,40 @@ make_seal_token_v1 (krb5_context context,
     switch (signalg) {
     case SGN_ALG_DES_MAC_MD5:
     case SGN_ALG_MD2_5:
-      md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
-      break;
+        md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
+        break;
     case SGN_ALG_HMAC_SHA1_DES3_KD:
-      md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
-      break;
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+        break;
     case SGN_ALG_HMAC_MD5:
-      md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
-      if (toktype != KG_TOK_SEAL_MSG)
-       sign_usage = 15;
-      break;
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+        if (toktype != KG_TOK_SEAL_MSG)
+            sign_usage = 15;
+        break;
     default:
     case SGN_ALG_DES_MAC:
-      abort ();
+        abort ();
     }
 
     code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
     if (code) {
-      xfree(t);
-      return(code);
+        xfree(t);
+        return(code);
     }
     md5cksum.length = sumlen;
 
 
     if ((plain = (unsigned char *) xmalloc(msglen ? msglen : 1)) == NULL) {
-      xfree(t);
-      return(ENOMEM);
+        xfree(t);
+        return(ENOMEM);
     }
 
     if (conflen) {
-      if ((code = kg_make_confounder(context, enc, plain))) {
-       xfree(plain);
-       xfree(t);
-       return(code);
-      }
+        if ((code = kg_make_confounder(context, enc, plain))) {
+            xfree(plain);
+            xfree(t);
+            return(code);
+        }
     }
 
     memcpy(plain+conflen, text->value, text->length);
@@ -186,59 +187,59 @@ make_seal_token_v1 (krb5_context context,
 
     /* 8 = head of token body as specified by mech spec */
     if (! (data_ptr =
-          (char *) xmalloc(8 + (bigend ? text->length : msglen)))) {
-      xfree(plain);
-      xfree(t);
-      return(ENOMEM);
+           (char *) xmalloc(8 + (bigend ? text->length : msglen)))) {
+        xfree(plain);
+        xfree(t);
+        return(ENOMEM);
     }
     (void) memcpy(data_ptr, ptr-2, 8);
     if (bigend)
-      (void) memcpy(data_ptr+8, text->value, text->length);
+        (void) memcpy(data_ptr+8, text->value, text->length);
     else
-      (void) memcpy(data_ptr+8, plain, msglen);
+        (void) memcpy(data_ptr+8, plain, msglen);
     plaind.length = 8 + (bigend ? text->length : msglen);
     plaind.data = data_ptr;
     code = krb5_c_make_checksum(context, md5cksum.checksum_type, seq,
-                               sign_usage, &plaind, &md5cksum);
+                                sign_usage, &plaind, &md5cksum);
     xfree(data_ptr);
 
     if (code) {
-      xfree(plain);
-      xfree(t);
-      return(code);
+        xfree(plain);
+        xfree(t);
+        return(code);
     }
     switch(signalg) {
     case SGN_ALG_DES_MAC_MD5:
     case 3:
 
-      if ((code = kg_encrypt(context, seq, KG_USAGE_SEAL,
-                            (g_OID_equal(oid, gss_mech_krb5_old) ?
-                             seq->contents : NULL),
-                            md5cksum.contents, md5cksum.contents, 16))) {
-       krb5_free_checksum_contents(context, &md5cksum);
-       xfree (plain);
-       xfree(t);
-       return code;
-      }
+        if ((code = kg_encrypt(context, seq, KG_USAGE_SEAL,
+                               (g_OID_equal(oid, gss_mech_krb5_old) ?
+                                seq->contents : NULL),
+                               md5cksum.contents, md5cksum.contents, 16))) {
+            krb5_free_checksum_contents(context, &md5cksum);
+            xfree (plain);
+            xfree(t);
+            return code;
+        }
 
-      cksum.length = cksum_size;
-      cksum.contents = md5cksum.contents + 16 - cksum.length;
+        cksum.length = cksum_size;
+        cksum.contents = md5cksum.contents + 16 - cksum.length;
 
-      memcpy(ptr+14, cksum.contents, cksum.length);
-      break;
+        memcpy(ptr+14, cksum.contents, cksum.length);
+        break;
 
     case SGN_ALG_HMAC_SHA1_DES3_KD:
-      /*
-       * Using key derivation, the call to krb5_c_make_checksum
-       * already dealt with encrypting.
-       */
-      if (md5cksum.length != cksum_size)
-       abort ();
-      memcpy (ptr+14, md5cksum.contents, md5cksum.length);
-      break;
+        /*
+         * Using key derivation, the call to krb5_c_make_checksum
+         * already dealt with encrypting.
+         */
+        if (md5cksum.length != cksum_size)
+            abort ();
+        memcpy (ptr+14, md5cksum.contents, md5cksum.length);
+        break;
     case SGN_ALG_HMAC_MD5:
-      memcpy (ptr+14, md5cksum.contents, cksum_size);
-      break;
+        memcpy (ptr+14, md5cksum.contents, cksum_size);
+        break;
     }
 
     krb5_free_checksum_contents(context, &md5cksum);
@@ -246,61 +247,61 @@ make_seal_token_v1 (krb5_context context,
     /* create the seq_num */
 
     if ((code = kg_make_seq_num(context, seq, direction?0:0xff, *seqnum,
-                               ptr+14, ptr+6))) {
-      xfree (plain);
-      xfree(t);
-      return(code);
+                                ptr+14, ptr+6))) {
+        xfree (plain);
+        xfree(t);
+        return(code);
     }
 
     if (do_encrypt) {
-      switch(sealalg) {
-      case SEAL_ALG_MICROSOFT_RC4:
-       {
-         unsigned char bigend_seqnum[4];
-         krb5_keyblock *enc_key;
-         int i;
-         bigend_seqnum[0] = (*seqnum>>24) & 0xff;
-         bigend_seqnum[1] = (*seqnum>>16) & 0xff;
-         bigend_seqnum[2] = (*seqnum>>8) & 0xff;
-         bigend_seqnum[3] = *seqnum & 0xff;
-         code = krb5_copy_keyblock (context, enc, &enc_key);
-         if (code)
-           {
-             xfree(plain);
-             xfree(t);
-             return(code);
-           }         
-         assert (enc_key->length == 16);
-         for (i = 0; i <= 15; i++)
-           ((char *) enc_key->contents)[i] ^=0xf0;
-         code = kg_arcfour_docrypt (enc_key, 0,
-                                    bigend_seqnum, 4, 
-                                    plain, tmsglen,
-                                    ptr+14+cksum_size);
-         krb5_free_keyblock (context, enc_key);
-         if (code)
-           {
-             xfree(plain);
-             xfree(t);
-             return(code);
-           }
-       }
-       break;
-      default:
-           if ((code = kg_encrypt(context, enc, KG_USAGE_SEAL, NULL,
-                                  (krb5_pointer) plain,
-                                  (krb5_pointer) (ptr+cksum_size+14),
-                                  tmsglen))) {
-             xfree(plain);
-             xfree(t);
-             return(code);
-           }
-      }
+        switch(sealalg) {
+        case SEAL_ALG_MICROSOFT_RC4:
+        {
+            unsigned char bigend_seqnum[4];
+            krb5_keyblock *enc_key;
+            int i;
+            bigend_seqnum[0] = (*seqnum>>24) & 0xff;
+            bigend_seqnum[1] = (*seqnum>>16) & 0xff;
+            bigend_seqnum[2] = (*seqnum>>8) & 0xff;
+            bigend_seqnum[3] = *seqnum & 0xff;
+            code = krb5_copy_keyblock (context, enc, &enc_key);
+            if (code)
+            {
+                xfree(plain);
+                xfree(t);
+                return(code);
+            }
+            assert (enc_key->length == 16);
+            for (i = 0; i <= 15; i++)
+                ((char *) enc_key->contents)[i] ^=0xf0;
+            code = kg_arcfour_docrypt (enc_key, 0,
+                                       bigend_seqnum, 4,
+                                       plain, tmsglen,
+                                       ptr+14+cksum_size);
+            krb5_free_keyblock (context, enc_key);
+            if (code)
+            {
+                xfree(plain);
+                xfree(t);
+                return(code);
+            }
+        }
+        break;
+        default:
+            if ((code = kg_encrypt(context, enc, KG_USAGE_SEAL, NULL,
+                                   (krb5_pointer) plain,
+                                   (krb5_pointer) (ptr+cksum_size+14),
+                                   tmsglen))) {
+                xfree(plain);
+                xfree(t);
+                return(code);
+            }
+        }
     }else {
-      if (tmsglen)
-       memcpy(ptr+14+cksum_size, plain, tmsglen);
+        if (tmsglen)
+            memcpy(ptr+14+cksum_size, plain, tmsglen);
     }
-           xfree(plain);
+    xfree(plain);
 
 
     /* that's it.  return the token */
@@ -319,7 +320,7 @@ make_seal_token_v1 (krb5_context context,
 
 OM_uint32
 kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
-       input_message_buffer, conf_state, output_message_buffer, toktype)
+        input_message_buffer, conf_state, output_message_buffer, toktype)
     OM_uint32 *minor_status;
     gss_ctx_id_t context_handle;
     int conf_req_flag;
@@ -339,64 +340,64 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
 
     /* Only default qop or matching established cryptosystem is allowed.
 
-       There are NO EXTENSIONS to this set for AES and friends!  The
-       new spec says "just use 0".  The old spec plus extensions would
-       actually allow for certain non-zero values.  Fix this to handle
-       them later.  */
+    There are NO EXTENSIONS to this set for AES and friends!  The
+    new spec says "just use 0".  The old spec plus extensions would
+    actually allow for certain non-zero values.  Fix this to handle
+    them later.  */
     if (qop_req != 0) {
-       *minor_status = (OM_uint32) G_UNKNOWN_QOP;
-       return GSS_S_FAILURE;
+        *minor_status = (OM_uint32) G_UNKNOWN_QOP;
+        return GSS_S_FAILURE;
     }
 
     /* validate the context handle */
     if (! kg_validate_ctx_id(context_handle)) {
-       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-       return(GSS_S_NO_CONTEXT);
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_NO_CONTEXT);
     }
 
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
     if (! ctx->established) {
-       *minor_status = KG_CTX_INCOMPLETE;
-       return(GSS_S_NO_CONTEXT);
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
     }
 
     context = ctx->k5_context;
     if ((code = krb5_timeofday(context, &now))) {
-       *minor_status = code;
-       save_error_info(*minor_status, context);
-       return(GSS_S_FAILURE);
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        return(GSS_S_FAILURE);
     }
 
     switch (ctx->proto)
     {
     case 0:
-       code = make_seal_token_v1(context, ctx->enc, ctx->seq,
-                                 &ctx->seq_send, ctx->initiate,
-                                 input_message_buffer, output_message_buffer,
-                                 ctx->signalg, ctx->cksum_size, ctx->sealalg,
-                                 conf_req_flag, toktype, ctx->big_endian,
-                                 ctx->mech_used);
-       break;
+        code = make_seal_token_v1(context, ctx->enc, ctx->seq,
+                                  &ctx->seq_send, ctx->initiate,
+                                  input_message_buffer, output_message_buffer,
+                                  ctx->signalg, ctx->cksum_size, ctx->sealalg,
+                                  conf_req_flag, toktype, ctx->big_endian,
+                                  ctx->mech_used);
+        break;
     case 1:
-       code = gss_krb5int_make_seal_token_v3(context, ctx,
-                                             input_message_buffer,
-                                             output_message_buffer,
-                                             conf_req_flag, toktype);
-       break;
+        code = gss_krb5int_make_seal_token_v3(context, ctx,
+                                              input_message_buffer,
+                                              output_message_buffer,
+                                              conf_req_flag, toktype);
+        break;
     default:
-       code = G_UNKNOWN_QOP;   /* XXX */
-       break;
+        code = G_UNKNOWN_QOP;   /* XXX */
+        break;
     }
 
     if (code) {
-       *minor_status = code;
-       save_error_info(*minor_status, context);
-       return(GSS_S_FAILURE);
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        return(GSS_S_FAILURE);
     }
 
     if (conf_state)
-       *conf_state = conf_req_flag;
+        *conf_state = conf_req_flag;
 
     *minor_status = 0;
     return((ctx->endtime < now)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
index c8a168a17ae7e12eb8cefb6b5ae0f2651d915d46..53da04d8d732ec1de798f6c75c1e1c1eb01682e3 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/k5sealv3.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  */
 /* draft-ietf-krb-wg-gssapi-cfx-05 */
 
 #include <assert.h>
-#include "k5-platform.h"       /* for 64-bit support */
-#include "k5-int.h"            /* for zap() */
+#include "k5-platform.h"        /* for 64-bit support */
+#include "k5-int.h"             /* for zap() */
 #include "gssapiP_krb5.h"
 #include <stdarg.h>
 
@@ -44,14 +45,14 @@ rotate_left (void *ptr, size_t bufsiz, size_t rc)
     void *tbuf;
 
     if (bufsiz == 0)
-       return 1;
+        return 1;
     rc = rc % bufsiz;
     if (rc == 0)
-       return 1;
+        return 1;
 
     tbuf = malloc(rc);
     if (tbuf == 0)
-       return 0;
+        return 0;
     memcpy(tbuf, ptr, rc);
     memmove(ptr, (char *)ptr + rc, bufsiz - rc);
     memcpy((char *)ptr + bufsiz - rc, tbuf, rc);
@@ -61,16 +62,16 @@ rotate_left (void *ptr, size_t bufsiz, size_t rc)
 
 static const gss_buffer_desc empty_message = { 0, 0 };
 
-#define FLAG_SENDER_IS_ACCEPTOR        0x01
-#define FLAG_WRAP_CONFIDENTIAL 0x02
-#define FLAG_ACCEPTOR_SUBKEY   0x04
+#define FLAG_SENDER_IS_ACCEPTOR 0x01
+#define FLAG_WRAP_CONFIDENTIAL  0x02
+#define FLAG_ACCEPTOR_SUBKEY    0x04
 
 krb5_error_code
 gss_krb5int_make_seal_token_v3 (krb5_context context,
-                               krb5_gss_ctx_id_rec *ctx,
-                               const gss_buffer_desc * message,
-                               gss_buffer_t token,
-                               int conf_req_flag, int toktype)
+                                krb5_gss_ctx_id_rec *ctx,
+                                const gss_buffer_desc * message,
+                                gss_buffer_t token,
+                                int conf_req_flag, int toktype)
 {
     size_t bufsize = 16;
     unsigned char *outbuf = 0;
@@ -91,196 +92,196 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
 
     acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR;
     key_usage = (toktype == KG_TOK_WRAP_MSG
-                ? (ctx->initiate
-                   ? KG_USAGE_INITIATOR_SEAL
-                   : KG_USAGE_ACCEPTOR_SEAL)
-                : (ctx->initiate
-                   ? KG_USAGE_INITIATOR_SIGN
-                   : KG_USAGE_ACCEPTOR_SIGN));
+                 ? (ctx->initiate
+                    ? KG_USAGE_INITIATOR_SEAL
+                    : KG_USAGE_ACCEPTOR_SEAL)
+                 : (ctx->initiate
+                    ? KG_USAGE_INITIATOR_SIGN
+                    : KG_USAGE_ACCEPTOR_SIGN));
     if (ctx->have_acceptor_subkey) {
-       key = ctx->acceptor_subkey;
+        key = ctx->acceptor_subkey;
     } else {
-       key = ctx->enc;
+        key = ctx->enc;
     }
 
 #ifdef CFX_EXERCISE
     {
-       static int initialized = 0;
-       if (!initialized) {
-           srand(time(0));
-           initialized = 1;
-       }
+        static int initialized = 0;
+        if (!initialized) {
+            srand(time(0));
+            initialized = 1;
+        }
     }
 #endif
 
     if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) {
-       krb5_data plain;
-       krb5_enc_data cipher;
-       size_t ec_max;
-
-       /* 300: Adds some slop.  */
-       if (SIZE_MAX - 300 < message->length)
-           return ENOMEM;
-       ec_max = SIZE_MAX - message->length - 300;
-       if (ec_max > 0xffff)
-           ec_max = 0xffff;
+        krb5_data plain;
+        krb5_enc_data cipher;
+        size_t ec_max;
+
+        /* 300: Adds some slop.  */
+        if (SIZE_MAX - 300 < message->length)
+            return ENOMEM;
+        ec_max = SIZE_MAX - message->length - 300;
+        if (ec_max > 0xffff)
+            ec_max = 0xffff;
 #ifdef CFX_EXERCISE
-       /* For testing only.  For performance, always set ec = 0.  */
-       ec = ec_max & rand();
+        /* For testing only.  For performance, always set ec = 0.  */
+        ec = ec_max & rand();
 #else
-       ec = 0;
+        ec = 0;
 #endif
-       plain.length = message->length + 16 + ec;
-       plain.data = malloc(message->length + 16 + ec);
-       if (plain.data == NULL)
-           return ENOMEM;
-
-       /* Get size of ciphertext.  */
-       bufsize = 16 + krb5_encrypt_size (plain.length, ctx->enc->enctype);
-       /* Allocate space for header plus encrypted data.  */
-       outbuf = malloc(bufsize);
-       if (outbuf == NULL) {
-           free(plain.data);
-           return ENOMEM;
-       }
-
-       /* TOK_ID */
-       store_16_be(0x0504, outbuf);
-       /* flags */
-       outbuf[2] = (acceptor_flag
-                    | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0)
-                    | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
-       /* filler */
-       outbuf[3] = 0xff;
-       /* EC */
-       store_16_be(ec, outbuf+4);
-       /* RRC */
-       store_16_be(0, outbuf+6);
-       store_64_be(ctx->seq_send, outbuf+8);
-
-       memcpy(plain.data, message->value, message->length);
-       memset(plain.data + message->length, 'x', ec);
-       memcpy(plain.data + message->length + ec, outbuf, 16);
-
-       cipher.ciphertext.data = outbuf + 16;
-       cipher.ciphertext.length = bufsize - 16;
-       cipher.enctype = key->enctype;
-       err = krb5_c_encrypt(context, key, key_usage, 0, &plain, &cipher);
-       zap(plain.data, plain.length);
-       free(plain.data);
-       plain.data = 0;
-       if (err)
-           goto error;
-
-       /* Now that we know we're returning a valid token....  */
-       ctx->seq_send++;
+        plain.length = message->length + 16 + ec;
+        plain.data = malloc(message->length + 16 + ec);
+        if (plain.data == NULL)
+            return ENOMEM;
+
+        /* Get size of ciphertext.  */
+        bufsize = 16 + krb5_encrypt_size (plain.length, ctx->enc->enctype);
+        /* Allocate space for header plus encrypted data.  */
+        outbuf = malloc(bufsize);
+        if (outbuf == NULL) {
+            free(plain.data);
+            return ENOMEM;
+        }
+
+        /* TOK_ID */
+        store_16_be(0x0504, outbuf);
+        /* flags */
+        outbuf[2] = (acceptor_flag
+                     | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0)
+                     | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+        /* filler */
+        outbuf[3] = 0xff;
+        /* EC */
+        store_16_be(ec, outbuf+4);
+        /* RRC */
+        store_16_be(0, outbuf+6);
+        store_64_be(ctx->seq_send, outbuf+8);
+
+        memcpy(plain.data, message->value, message->length);
+        memset(plain.data + message->length, 'x', ec);
+        memcpy(plain.data + message->length + ec, outbuf, 16);
+
+        cipher.ciphertext.data = outbuf + 16;
+        cipher.ciphertext.length = bufsize - 16;
+        cipher.enctype = key->enctype;
+        err = krb5_c_encrypt(context, key, key_usage, 0, &plain, &cipher);
+        zap(plain.data, plain.length);
+        free(plain.data);
+        plain.data = 0;
+        if (err)
+            goto error;
+
+        /* Now that we know we're returning a valid token....  */
+        ctx->seq_send++;
 
 #ifdef CFX_EXERCISE
-       rrc = rand() & 0xffff;
-       if (rotate_left(outbuf+16, bufsize-16,
-                       (bufsize-16) - (rrc % (bufsize - 16))))
-           store_16_be(rrc, outbuf+6);
-       /* If the rotate fails, don't worry about it.  */
+        rrc = rand() & 0xffff;
+        if (rotate_left(outbuf+16, bufsize-16,
+                        (bufsize-16) - (rrc % (bufsize - 16))))
+            store_16_be(rrc, outbuf+6);
+        /* If the rotate fails, don't worry about it.  */
 #endif
     } else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) {
-       krb5_data plain;
+        krb5_data plain;
 
-       /* Here, message is the application-supplied data; message2 is
-          what goes into the output token.  They may be the same, or
-          message2 may be empty (for MIC).  */
+        /* Here, message is the application-supplied data; message2 is
+           what goes into the output token.  They may be the same, or
+           message2 may be empty (for MIC).  */
 
-       tok_id = 0x0504;
+        tok_id = 0x0504;
 
     wrap_with_checksum:
-       plain.length = message->length + 16;
-       plain.data = malloc(message->length + 16);
-       if (plain.data == NULL)
-           return ENOMEM;
-
-       if (ctx->cksum_size > 0xffff)
-           abort();
-
-       bufsize = 16 + message2->length + ctx->cksum_size;
-       outbuf = malloc(bufsize);
-       if (outbuf == NULL) {
-           free(plain.data);
-           plain.data = 0;
-           err = ENOMEM;
-           goto error;
-       }
-
-       /* TOK_ID */
-       store_16_be(tok_id, outbuf);
-       /* flags */
-       outbuf[2] = (acceptor_flag
-                    | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
-       /* filler */
-       outbuf[3] = 0xff;
-       if (toktype == KG_TOK_WRAP_MSG) {
-           /* Use 0 for checksum calculation, substitute
-              checksum length later.  */
-           /* EC */
-           store_16_be(0, outbuf+4);
-           /* RRC */
-           store_16_be(0, outbuf+6);
-       } else {
-           /* MIC and DEL store 0xFF in EC and RRC.  */
-           store_16_be(0xffff, outbuf+4);
-           store_16_be(0xffff, outbuf+6);
-       }
-       store_64_be(ctx->seq_send, outbuf+8);
-
-       memcpy(plain.data, message->value, message->length);
-       memcpy(plain.data + message->length, outbuf, 16);
-
-       /* Fill in the output token -- data contents, if any, and
-          space for the checksum.  */
-       if (message2->length)
-           memcpy(outbuf + 16, message2->value, message2->length);
-
-       sum.contents = outbuf + 16 + message2->length;
-       sum.length = ctx->cksum_size;
-
-       err = krb5_c_make_checksum(context, ctx->cksumtype, key,
-                                  key_usage, &plain, &sum);
-       zap(plain.data, plain.length);
-       free(plain.data);
-       plain.data = 0;
-       if (err) {
-           zap(outbuf,bufsize);
-           goto error;
-       }
-       if (sum.length != ctx->cksum_size)
-           abort();
-       memcpy(outbuf + 16 + message2->length, sum.contents, ctx->cksum_size);
-       krb5_free_checksum_contents(context, &sum);
-       sum.contents = 0;
-       /* Now that we know we're actually generating the token...  */
-       ctx->seq_send++;
-
-       if (toktype == KG_TOK_WRAP_MSG) {
+        plain.length = message->length + 16;
+        plain.data = malloc(message->length + 16);
+        if (plain.data == NULL)
+            return ENOMEM;
+
+        if (ctx->cksum_size > 0xffff)
+            abort();
+
+        bufsize = 16 + message2->length + ctx->cksum_size;
+        outbuf = malloc(bufsize);
+        if (outbuf == NULL) {
+            free(plain.data);
+            plain.data = 0;
+            err = ENOMEM;
+            goto error;
+        }
+
+        /* TOK_ID */
+        store_16_be(tok_id, outbuf);
+        /* flags */
+        outbuf[2] = (acceptor_flag
+                     | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+        /* filler */
+        outbuf[3] = 0xff;
+        if (toktype == KG_TOK_WRAP_MSG) {
+            /* Use 0 for checksum calculation, substitute
+               checksum length later.  */
+            /* EC */
+            store_16_be(0, outbuf+4);
+            /* RRC */
+            store_16_be(0, outbuf+6);
+        } else {
+            /* MIC and DEL store 0xFF in EC and RRC.  */
+            store_16_be(0xffff, outbuf+4);
+            store_16_be(0xffff, outbuf+6);
+        }
+        store_64_be(ctx->seq_send, outbuf+8);
+
+        memcpy(plain.data, message->value, message->length);
+        memcpy(plain.data + message->length, outbuf, 16);
+
+        /* Fill in the output token -- data contents, if any, and
+           space for the checksum.  */
+        if (message2->length)
+            memcpy(outbuf + 16, message2->value, message2->length);
+
+        sum.contents = outbuf + 16 + message2->length;
+        sum.length = ctx->cksum_size;
+
+        err = krb5_c_make_checksum(context, ctx->cksumtype, key,
+                                   key_usage, &plain, &sum);
+        zap(plain.data, plain.length);
+        free(plain.data);
+        plain.data = 0;
+        if (err) {
+            zap(outbuf,bufsize);
+            goto error;
+        }
+        if (sum.length != ctx->cksum_size)
+            abort();
+        memcpy(outbuf + 16 + message2->length, sum.contents, ctx->cksum_size);
+        krb5_free_checksum_contents(context, &sum);
+        sum.contents = 0;
+        /* Now that we know we're actually generating the token...  */
+        ctx->seq_send++;
+
+        if (toktype == KG_TOK_WRAP_MSG) {
 #ifdef CFX_EXERCISE
-           rrc = rand() & 0xffff;
-           /* If the rotate fails, don't worry about it.  */
-           if (rotate_left(outbuf+16, bufsize-16,
-                           (bufsize-16) - (rrc % (bufsize - 16))))
-               store_16_be(rrc, outbuf+6);
+            rrc = rand() & 0xffff;
+            /* If the rotate fails, don't worry about it.  */
+            if (rotate_left(outbuf+16, bufsize-16,
+                            (bufsize-16) - (rrc % (bufsize - 16))))
+                store_16_be(rrc, outbuf+6);
 #endif
-           /* Fix up EC field.  */
-           store_16_be(ctx->cksum_size, outbuf+4);
-       } else {
-           store_16_be(0xffff, outbuf+6);
-       }
+            /* Fix up EC field.  */
+            store_16_be(ctx->cksum_size, outbuf+4);
+        } else {
+            store_16_be(0xffff, outbuf+6);
+        }
     } else if (toktype == KG_TOK_MIC_MSG) {
-       tok_id = 0x0404;
-       message2 = &empty_message;
-       goto wrap_with_checksum;
+        tok_id = 0x0404;
+        message2 = &empty_message;
+        goto wrap_with_checksum;
     } else if (toktype == KG_TOK_DEL_CTX) {
-       tok_id = 0x0405;
-       message = message2 = &empty_message;
-       goto wrap_with_checksum;
+        tok_id = 0x0405;
+        message = message2 = &empty_message;
+        goto wrap_with_checksum;
     } else
-       abort();
+        abort();
 
     token->value = outbuf;
     token->length = bufsize;
@@ -298,11 +299,11 @@ error:
 
 OM_uint32
 gss_krb5int_unseal_token_v3(krb5_context *contextptr,
-                           OM_uint32 *minor_status,
-                           krb5_gss_ctx_id_rec *ctx,
-                           unsigned char *ptr, unsigned int bodysize,
-                           gss_buffer_t message_buffer,
-                           int *conf_state, int *qop_state, int toktype)
+                            OM_uint32 *minor_status,
+                            krb5_gss_ctx_id_rec *ctx,
+                            unsigned char *ptr, unsigned int bodysize,
+                            gss_buffer_t message_buffer,
+                            int *conf_state, int *qop_state, int toktype)
 {
     krb5_context context = *contextptr;
     krb5_data plain;
@@ -320,16 +321,16 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
     assert(ctx->proto == 1);
 
     if (qop_state)
-       *qop_state = GSS_C_QOP_DEFAULT;
+        *qop_state = GSS_C_QOP_DEFAULT;
 
     acceptor_flag = ctx->initiate ? FLAG_SENDER_IS_ACCEPTOR : 0;
     key_usage = (toktype == KG_TOK_WRAP_MSG
-                ? (!ctx->initiate
-                   ? KG_USAGE_INITIATOR_SEAL
-                   : KG_USAGE_ACCEPTOR_SEAL)
-                : (!ctx->initiate
-                   ? KG_USAGE_INITIATOR_SIGN
-                   : KG_USAGE_ACCEPTOR_SIGN));
+                 ? (!ctx->initiate
+                    ? KG_USAGE_INITIATOR_SEAL
+                    : KG_USAGE_ACCEPTOR_SEAL)
+                 : (!ctx->initiate
+                    ? KG_USAGE_INITIATOR_SIGN
+                    : KG_USAGE_ACCEPTOR_SIGN));
 
     /* Oops.  I wrote this code assuming ptr would be at the start of
        the token header.  */
@@ -338,174 +339,174 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
 
     if (bodysize < 16) {
     defective:
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
     }
     if ((ptr[2] & FLAG_SENDER_IS_ACCEPTOR) != acceptor_flag) {
-       *minor_status = G_BAD_DIRECTION;
-       return GSS_S_BAD_SIG;
+        *minor_status = G_BAD_DIRECTION;
+        return GSS_S_BAD_SIG;
     }
 
     /* Two things to note here.
 
-       First, we can't really enforce the use of the acceptor's subkey,
-       if we're the acceptor; the initiator may have sent messages
-       before getting the subkey.  We could probably enforce it if
-       we're the initiator.
-
-       Second, if someone tweaks the code to not set the flag telling
-       the krb5 library to generate a new subkey in the AP-REP
-       message, the MIT library may include a subkey anyways --
-       namely, a copy of the AP-REQ subkey, if it was provided.  So
-       the initiator may think we wanted a subkey, and set the flag,
-       even though we weren't trying to set the subkey.  The "other"
-       key, the one not asserted by the acceptor, will have the same
-       value in that case, though, so we can just ignore the flag.  */
+    First, we can't really enforce the use of the acceptor's subkey,
+    if we're the acceptor; the initiator may have sent messages
+    before getting the subkey.  We could probably enforce it if
+    we're the initiator.
+
+    Second, if someone tweaks the code to not set the flag telling
+    the krb5 library to generate a new subkey in the AP-REP
+    message, the MIT library may include a subkey anyways --
+    namely, a copy of the AP-REQ subkey, if it was provided.  So
+    the initiator may think we wanted a subkey, and set the flag,
+    even though we weren't trying to set the subkey.  The "other"
+    key, the one not asserted by the acceptor, will have the same
+    value in that case, though, so we can just ignore the flag.  */
     if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
-       key = ctx->acceptor_subkey;
+        key = ctx->acceptor_subkey;
     } else {
-       key = ctx->enc;
+        key = ctx->enc;
     }
 
     if (toktype == KG_TOK_WRAP_MSG) {
-       if (load_16_be(ptr) != 0x0504)
-           goto defective;
-       if (ptr[3] != 0xff)
-           goto defective;
-       ec = load_16_be(ptr+4);
-       rrc = load_16_be(ptr+6);
-       seqnum = load_64_be(ptr+8);
-       if (!rotate_left(ptr+16, bodysize-16, rrc)) {
-       no_mem:
-           *minor_status = ENOMEM;
-           return GSS_S_FAILURE;
-       }
-       if (ptr[2] & FLAG_WRAP_CONFIDENTIAL) {
-           /* confidentiality */
-           krb5_enc_data cipher;
-           unsigned char *althdr;
-
-           if (conf_state)
-               *conf_state = 1;
-           /* Do we have no decrypt_size function?
-
-              For all current cryptosystems, the ciphertext size will
-              be larger than the plaintext size.  */
-           cipher.enctype = key->enctype;
-           cipher.ciphertext.length = bodysize - 16;
-           cipher.ciphertext.data = ptr + 16;
-           plain.length = bodysize - 16;
-           plain.data = malloc(plain.length);
-           if (plain.data == NULL)
-               goto no_mem;
-           err = krb5_c_decrypt(context, key, key_usage, 0,
-                                &cipher, &plain);
-           if (err) {
-               free(plain.data);
-               goto error;
-           }
-           /* Don't use bodysize here!  Use the fact that
-              cipher.ciphertext.length has been adjusted to the
-              correct length.  */
-           althdr = plain.data + plain.length - 16;
-           if (load_16_be(althdr) != 0x0504
-               || althdr[2] != ptr[2]
-               || althdr[3] != ptr[3]
-               || memcmp(althdr+8, ptr+8, 8)) {
-               free(plain.data);
-               goto defective;
-           }
-           message_buffer->value = plain.data;
-           message_buffer->length = plain.length - ec - 16;
-           if(message_buffer->length == 0) {
-             free(message_buffer->value);
-             message_buffer->value = NULL;
-           }
-       } else {
-           /* no confidentiality */
-           if (conf_state)
-               *conf_state = 0;
-           if (ec + 16 < ec)
-               /* overflow check */
-               goto defective;
-           if (ec + 16 > bodysize)
-               goto defective;
-           /* We have: header | msg | cksum.
-              We need cksum(msg | header).
-              Rotate the first two.  */
-           store_16_be(0, ptr+4);
-           store_16_be(0, ptr+6);
-           plain.length = bodysize-ec;
-           plain.data = ptr;
-           if (!rotate_left(ptr, bodysize-ec, 16))
-               goto no_mem;
-           sum.length = ec;
-           if (sum.length != ctx->cksum_size) {
-               *minor_status = 0;
-               return GSS_S_BAD_SIG;
-           }
-           sum.contents = ptr+bodysize-ec;
-           sum.checksum_type = ctx->cksumtype;
-           err = krb5_c_verify_checksum(context, key, key_usage,
-                                        &plain, &sum, &valid);
-           if (err)
-               goto error;
-           if (!valid) {
-               *minor_status = 0;
-               return GSS_S_BAD_SIG;
-           }
-           message_buffer->length = plain.length - 16;
-           message_buffer->value = malloc(message_buffer->length);
-           if (message_buffer->value == NULL)
-               goto no_mem;
-           memcpy(message_buffer->value, plain.data, message_buffer->length);
-       }
-       err = g_order_check(&ctx->seqstate, seqnum);
-       *minor_status = 0;
-       return err;
+        if (load_16_be(ptr) != 0x0504)
+            goto defective;
+        if (ptr[3] != 0xff)
+            goto defective;
+        ec = load_16_be(ptr+4);
+        rrc = load_16_be(ptr+6);
+        seqnum = load_64_be(ptr+8);
+        if (!rotate_left(ptr+16, bodysize-16, rrc)) {
+        no_mem:
+            *minor_status = ENOMEM;
+            return GSS_S_FAILURE;
+        }
+        if (ptr[2] & FLAG_WRAP_CONFIDENTIAL) {
+            /* confidentiality */
+            krb5_enc_data cipher;
+            unsigned char *althdr;
+
+            if (conf_state)
+                *conf_state = 1;
+            /* Do we have no decrypt_size function?
+
+            For all current cryptosystems, the ciphertext size will
+            be larger than the plaintext size.  */
+            cipher.enctype = key->enctype;
+            cipher.ciphertext.length = bodysize - 16;
+            cipher.ciphertext.data = ptr + 16;
+            plain.length = bodysize - 16;
+            plain.data = malloc(plain.length);
+            if (plain.data == NULL)
+                goto no_mem;
+            err = krb5_c_decrypt(context, key, key_usage, 0,
+                                 &cipher, &plain);
+            if (err) {
+                free(plain.data);
+                goto error;
+            }
+            /* Don't use bodysize here!  Use the fact that
+               cipher.ciphertext.length has been adjusted to the
+               correct length.  */
+            althdr = plain.data + plain.length - 16;
+            if (load_16_be(althdr) != 0x0504
+                || althdr[2] != ptr[2]
+                || althdr[3] != ptr[3]
+                || memcmp(althdr+8, ptr+8, 8)) {
+                free(plain.data);
+                goto defective;
+            }
+            message_buffer->value = plain.data;
+            message_buffer->length = plain.length - ec - 16;
+            if(message_buffer->length == 0) {
+                free(message_buffer->value);
+                message_buffer->value = NULL;
+            }
+        } else {
+            /* no confidentiality */
+            if (conf_state)
+                *conf_state = 0;
+            if (ec + 16 < ec)
+                /* overflow check */
+                goto defective;
+            if (ec + 16 > bodysize)
+                goto defective;
+            /* We have: header | msg | cksum.
+               We need cksum(msg | header).
+               Rotate the first two.  */
+            store_16_be(0, ptr+4);
+            store_16_be(0, ptr+6);
+            plain.length = bodysize-ec;
+            plain.data = ptr;
+            if (!rotate_left(ptr, bodysize-ec, 16))
+                goto no_mem;
+            sum.length = ec;
+            if (sum.length != ctx->cksum_size) {
+                *minor_status = 0;
+                return GSS_S_BAD_SIG;
+            }
+            sum.contents = ptr+bodysize-ec;
+            sum.checksum_type = ctx->cksumtype;
+            err = krb5_c_verify_checksum(context, key, key_usage,
+                                         &plain, &sum, &valid);
+            if (err)
+                goto error;
+            if (!valid) {
+                *minor_status = 0;
+                return GSS_S_BAD_SIG;
+            }
+            message_buffer->length = plain.length - 16;
+            message_buffer->value = malloc(message_buffer->length);
+            if (message_buffer->value == NULL)
+                goto no_mem;
+            memcpy(message_buffer->value, plain.data, message_buffer->length);
+        }
+        err = g_order_check(&ctx->seqstate, seqnum);
+        *minor_status = 0;
+        return err;
     } else if (toktype == KG_TOK_MIC_MSG) {
-       /* wrap token, no confidentiality */
-       if (load_16_be(ptr) != 0x0404)
-           goto defective;
+        /* wrap token, no confidentiality */
+        if (load_16_be(ptr) != 0x0404)
+            goto defective;
     verify_mic_1:
-       if (ptr[3] != 0xff)
-           goto defective;
-       if (load_32_be(ptr+4) != 0xffffffffL)
-           goto defective;
-       seqnum = load_64_be(ptr+8);
-       plain.length = message_buffer->length + 16;
-       plain.data = malloc(plain.length);
-       if (plain.data == NULL)
-           goto no_mem;
-       if (message_buffer->length)
-           memcpy(plain.data, message_buffer->value, message_buffer->length);
-       memcpy(plain.data + message_buffer->length, ptr, 16);
-       sum.length = bodysize - 16;
-       sum.contents = ptr + 16;
-       sum.checksum_type = ctx->cksumtype;
-       err = krb5_c_verify_checksum(context, key, key_usage,
-                                    &plain, &sum, &valid);
-       free(plain.data);
-       plain.data = NULL;
-       if (err) {
-       error:
-           *minor_status = err;
-           save_error_info(*minor_status, context);
-           return GSS_S_BAD_SIG; /* XXX */
-       }
-       if (!valid) {
-           *minor_status = 0;
-           return GSS_S_BAD_SIG;
-       }
-       err = g_order_check(&ctx->seqstate, seqnum);
-       *minor_status = 0;
-       return err;
+        if (ptr[3] != 0xff)
+            goto defective;
+        if (load_32_be(ptr+4) != 0xffffffffL)
+            goto defective;
+        seqnum = load_64_be(ptr+8);
+        plain.length = message_buffer->length + 16;
+        plain.data = malloc(plain.length);
+        if (plain.data == NULL)
+            goto no_mem;
+        if (message_buffer->length)
+            memcpy(plain.data, message_buffer->value, message_buffer->length);
+        memcpy(plain.data + message_buffer->length, ptr, 16);
+        sum.length = bodysize - 16;
+        sum.contents = ptr + 16;
+        sum.checksum_type = ctx->cksumtype;
+        err = krb5_c_verify_checksum(context, key, key_usage,
+                                     &plain, &sum, &valid);
+        free(plain.data);
+        plain.data = NULL;
+        if (err) {
+        error:
+            *minor_status = err;
+            save_error_info(*minor_status, context);
+            return GSS_S_BAD_SIG; /* XXX */
+        }
+        if (!valid) {
+            *minor_status = 0;
+            return GSS_S_BAD_SIG;
+        }
+        err = g_order_check(&ctx->seqstate, seqnum);
+        *minor_status = 0;
+        return err;
     } else if (toktype == KG_TOK_DEL_CTX) {
-       if (load_16_be(ptr) != 0x0405)
-           goto defective;
-       message_buffer = &empty_message;
-       goto verify_mic_1;
+        if (load_16_be(ptr) != 0x0405)
+            goto defective;
+        message_buffer = &empty_message;
+        goto verify_mic_1;
     } else {
-       goto defective;
+        goto defective;
     }
 }
index 72afb457633b80f582adcee1749a6656cfffa04f..f80be3fa27740b30e07b5ea368a086d072f7125c 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2001, 2007 by the Massachusetts Institute of Technology.
  * Copyright 1993 by OpenVision Technologies, Inc.
@@ -58,7 +59,7 @@
 
 static OM_uint32
 kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
-            conf_state, qop_state, toktype)
+             conf_state, qop_state, toktype)
     krb5_context context;
     OM_uint32 *minor_status;
     krb5_gss_ctx_id_rec *ctx;
@@ -89,8 +90,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
     krb5_keyusage sign_usage = KG_USAGE_SIGN;
 
     if (toktype == KG_TOK_SEAL_MSG) {
-       message_buffer->length = 0;
-       message_buffer->value = NULL;
+        message_buffer->length = 0;
+        message_buffer->value = NULL;
     }
 
     /* get the sign and seal algorithms */
@@ -101,141 +102,141 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
     /* Sanity checks */
 
     if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
     }
 
     if ((toktype != KG_TOK_SEAL_MSG) &&
-       (sealalg != 0xffff)) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        (sealalg != 0xffff)) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
     }
 
     /* in the current spec, there is only one valid seal algorithm per
        key type, so a simple comparison is ok */
 
     if ((toktype == KG_TOK_SEAL_MSG) &&
-       !((sealalg == 0xffff) ||
-         (sealalg == ctx->sealalg))) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        !((sealalg == 0xffff) ||
+          (sealalg == ctx->sealalg))) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
     }
 
     /* there are several mappings of seal algorithms to sign algorithms,
        but few enough that we can try them all. */
 
     if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
-       (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
-       (ctx->sealalg == SEAL_ALG_DES3KD &&
-        signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
-       (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
-       signalg != SGN_ALG_HMAC_MD5)) {
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) ||
+        (ctx->sealalg == SEAL_ALG_DES3KD &&
+         signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
+        (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
+         signalg != SGN_ALG_HMAC_MD5)) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
     }
 
     switch (signalg) {
     case SGN_ALG_DES_MAC_MD5:
     case SGN_ALG_MD2_5:
     case SGN_ALG_HMAC_MD5:
-       cksum_len = 8;
-       if (toktype != KG_TOK_SEAL_MSG)
-         sign_usage = 15;
-           break;
+        cksum_len = 8;
+        if (toktype != KG_TOK_SEAL_MSG)
+            sign_usage = 15;
+        break;
     case SGN_ALG_3:
-       cksum_len = 16;
-       break;
+        cksum_len = 16;
+        break;
     case SGN_ALG_HMAC_SHA1_DES3_KD:
-       cksum_len = 20;
-       break;
+        cksum_len = 20;
+        break;
     default:
-       *minor_status = 0;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
     }
 
     /* get the token parameters */
 
     if ((code = kg_get_seq_num(context, ctx->seq, ptr+14, ptr+6, &direction,
-                              &seqnum))) {
-       *minor_status = code;
-       return(GSS_S_BAD_SIG);
+                               &seqnum))) {
+        *minor_status = code;
+        return(GSS_S_BAD_SIG);
     }
 
     /* decode the message, if SEAL */
 
     if (toktype == KG_TOK_SEAL_MSG) {
-       int tmsglen = bodysize-(14+cksum_len);
-       if (sealalg != 0xffff) {
-           if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
-               *minor_status = ENOMEM;
-               return(GSS_S_FAILURE);
-           }
-           if (ctx->enc->enctype == ENCTYPE_ARCFOUR_HMAC) {
-             unsigned char bigend_seqnum[4];
-             krb5_keyblock *enc_key;
-             int i;
-             bigend_seqnum[0] = (seqnum>>24) & 0xff;
-             bigend_seqnum[1] = (seqnum>>16) & 0xff;
-             bigend_seqnum[2] = (seqnum>>8) & 0xff;
-             bigend_seqnum[3] = seqnum & 0xff;
-             code = krb5_copy_keyblock (context, ctx->enc, &enc_key);
-             if (code)
-               {
-                 xfree(plain);
-                 *minor_status = code;
-                 return(GSS_S_FAILURE);
-               }
-
-             assert (enc_key->length == 16);
-             for (i = 0; i <= 15; i++)
-               ((char *) enc_key->contents)[i] ^=0xf0;
-             code = kg_arcfour_docrypt (enc_key, 0,
-                                        &bigend_seqnum[0], 4, 
-                                        ptr+14+cksum_len, tmsglen,
-                                        plain);
-             krb5_free_keyblock (context, enc_key);
-           } else {
-             code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL,
-                               ptr+14+cksum_len, plain, tmsglen);
-               }
-           if (code) {
-                       xfree(plain);
-               *minor_status = code;
-               return(GSS_S_FAILURE);
-           }
-       } else {
-           plain = ptr+14+cksum_len;
-       }
-
-       plainlen = tmsglen;
-
-       if ((sealalg == 0xffff) && ctx->big_endian) {
-           token.length = tmsglen;
-       } else {
-           conflen = kg_confounder_size(context, ctx->enc);
-           token.length = tmsglen - conflen - plain[tmsglen-1];
-       }
-
-       if (token.length) {
-           if ((token.value = (void *) xmalloc(token.length)) == NULL) {
-               if (sealalg != 0xffff)
-                   xfree(plain);
-               *minor_status = ENOMEM;
-               return(GSS_S_FAILURE);
-           }
-           memcpy(token.value, plain+conflen, token.length);
-       } else {
-           token.value = NULL;
-       }
+        int tmsglen = bodysize-(14+cksum_len);
+        if (sealalg != 0xffff) {
+            if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
+                *minor_status = ENOMEM;
+                return(GSS_S_FAILURE);
+            }
+            if (ctx->enc->enctype == ENCTYPE_ARCFOUR_HMAC) {
+                unsigned char bigend_seqnum[4];
+                krb5_keyblock *enc_key;
+                int i;
+                bigend_seqnum[0] = (seqnum>>24) & 0xff;
+                bigend_seqnum[1] = (seqnum>>16) & 0xff;
+                bigend_seqnum[2] = (seqnum>>8) & 0xff;
+                bigend_seqnum[3] = seqnum & 0xff;
+                code = krb5_copy_keyblock (context, ctx->enc, &enc_key);
+                if (code)
+                {
+                    xfree(plain);
+                    *minor_status = code;
+                    return(GSS_S_FAILURE);
+                }
+
+                assert (enc_key->length == 16);
+                for (i = 0; i <= 15; i++)
+                    ((char *) enc_key->contents)[i] ^=0xf0;
+                code = kg_arcfour_docrypt (enc_key, 0,
+                                           &bigend_seqnum[0], 4,
+                                           ptr+14+cksum_len, tmsglen,
+                                           plain);
+                krb5_free_keyblock (context, enc_key);
+            } else {
+                code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL,
+                                  ptr+14+cksum_len, plain, tmsglen);
+            }
+            if (code) {
+                xfree(plain);
+                *minor_status = code;
+                return(GSS_S_FAILURE);
+            }
+        } else {
+            plain = ptr+14+cksum_len;
+        }
+
+        plainlen = tmsglen;
+
+        if ((sealalg == 0xffff) && ctx->big_endian) {
+            token.length = tmsglen;
+        } else {
+            conflen = kg_confounder_size(context, ctx->enc);
+            token.length = tmsglen - conflen - plain[tmsglen-1];
+        }
+
+        if (token.length) {
+            if ((token.value = (void *) xmalloc(token.length)) == NULL) {
+                if (sealalg != 0xffff)
+                    xfree(plain);
+                *minor_status = ENOMEM;
+                return(GSS_S_FAILURE);
+            }
+            memcpy(token.value, plain+conflen, token.length);
+        } else {
+            token.value = NULL;
+        }
     } else if (toktype == KG_TOK_SIGN_MSG) {
-       token = *message_buffer;
-       plain = token.value;
-       plainlen = token.length;
+        token = *message_buffer;
+        plain = token.value;
+        plainlen = token.length;
     } else {
-       token.length = 0;
-       token.value = NULL;
-       plain = token.value;
-       plainlen = token.length;
+        token.length = 0;
+        token.value = NULL;
+        plain = token.value;
+        plainlen = token.length;
     }
 
     /* compute the checksum of the message */
@@ -246,224 +247,224 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
     case SGN_ALG_MD2_5:
     case SGN_ALG_DES_MAC:
     case SGN_ALG_3:
-       md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
-       break;
+        md5cksum.checksum_type = CKSUMTYPE_RSA_MD5;
+        break;
     case SGN_ALG_HMAC_MD5:
-      md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
-      break;
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+        break;
     case SGN_ALG_HMAC_SHA1_DES3_KD:
-       md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
-       break;
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+        break;
     default:
-       abort ();
+        abort ();
     }
 
     code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
     if (code)
-       return(code);
+        return(code);
     md5cksum.length = sumlen;
 
     switch (signalg) {
     case SGN_ALG_DES_MAC_MD5:
     case SGN_ALG_3:
-       /* compute the checksum of the message */
-
-       /* 8 = bytes of token body to be checksummed according to spec */
-
-       if (! (data_ptr = (void *)
-              xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
-           if (sealalg != 0xffff)
-               xfree(plain);
-           if (toktype == KG_TOK_SEAL_MSG)
-               xfree(token.value);
-           *minor_status = ENOMEM;
-           return(GSS_S_FAILURE);
-       }
-
-       (void) memcpy(data_ptr, ptr-2, 8);
-
-       if (ctx->big_endian)
-           (void) memcpy(data_ptr+8, token.value, token.length);
-       else
-           (void) memcpy(data_ptr+8, plain, plainlen);
-
-       plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
-       plaind.data = data_ptr;
-       code = krb5_c_make_checksum(context, md5cksum.checksum_type,
-                                   ctx->seq, sign_usage,
-                                   &plaind, &md5cksum);
-       xfree(data_ptr);
-
-       if (code) {
-           if (toktype == KG_TOK_SEAL_MSG)
-               xfree(token.value);
-           *minor_status = code;
-           return(GSS_S_FAILURE);
-       }
-
-       if ((code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
-                              (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
-                               ctx->seq->contents : NULL),
-                              md5cksum.contents, md5cksum.contents, 16))) {
-           krb5_free_checksum_contents(context, &md5cksum);
-           if (toktype == KG_TOK_SEAL_MSG)
-               xfree(token.value);
-           *minor_status = code;
-           return GSS_S_FAILURE;
-       }
-
-       if (signalg == 0)
-           cksum.length = 8;
-       else
-           cksum.length = 16;
-       cksum.contents = md5cksum.contents + 16 - cksum.length;
-
-       code = memcmp(cksum.contents, ptr+14, cksum.length);
-       break;
+        /* compute the checksum of the message */
+
+        /* 8 = bytes of token body to be checksummed according to spec */
+
+        if (! (data_ptr = (void *)
+               xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
+            if (sealalg != 0xffff)
+                xfree(plain);
+            if (toktype == KG_TOK_SEAL_MSG)
+                xfree(token.value);
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+
+        (void) memcpy(data_ptr, ptr-2, 8);
+
+        if (ctx->big_endian)
+            (void) memcpy(data_ptr+8, token.value, token.length);
+        else
+            (void) memcpy(data_ptr+8, plain, plainlen);
+
+        plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
+        plaind.data = data_ptr;
+        code = krb5_c_make_checksum(context, md5cksum.checksum_type,
+                                    ctx->seq, sign_usage,
+                                    &plaind, &md5cksum);
+        xfree(data_ptr);
+
+        if (code) {
+            if (toktype == KG_TOK_SEAL_MSG)
+                xfree(token.value);
+            *minor_status = code;
+            return(GSS_S_FAILURE);
+        }
+
+        if ((code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL,
+                               (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ?
+                                ctx->seq->contents : NULL),
+                               md5cksum.contents, md5cksum.contents, 16))) {
+            krb5_free_checksum_contents(context, &md5cksum);
+            if (toktype == KG_TOK_SEAL_MSG)
+                xfree(token.value);
+            *minor_status = code;
+            return GSS_S_FAILURE;
+        }
+
+        if (signalg == 0)
+            cksum.length = 8;
+        else
+            cksum.length = 16;
+        cksum.contents = md5cksum.contents + 16 - cksum.length;
+
+        code = memcmp(cksum.contents, ptr+14, cksum.length);
+        break;
 
     case SGN_ALG_MD2_5:
-       if (!ctx->seed_init &&
-           (code = kg_make_seed(context, ctx->subkey, ctx->seed))) {
-           krb5_free_checksum_contents(context, &md5cksum);
-           if (sealalg != 0xffff)
-               xfree(plain);
-           if (toktype == KG_TOK_SEAL_MSG)
-               xfree(token.value);
-           *minor_status = code;
-           return GSS_S_FAILURE;
-       }
-
-       if (! (data_ptr = (void *)
-              xmalloc(sizeof(ctx->seed) + 8 +
-                      (ctx->big_endian ? token.length : plainlen)))) {
-           krb5_free_checksum_contents(context, &md5cksum);
-           if (sealalg == 0)
-               xfree(plain);
-           if (toktype == KG_TOK_SEAL_MSG)
-               xfree(token.value);
-           *minor_status = ENOMEM;
-           return(GSS_S_FAILURE);
-       }
-       (void) memcpy(data_ptr, ptr-2, 8);
-       (void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed));
-       if (ctx->big_endian)
-           (void) memcpy(data_ptr+8+sizeof(ctx->seed),
-                         token.value, token.length);
-       else
-           (void) memcpy(data_ptr+8+sizeof(ctx->seed),
-                         plain, plainlen);
-       plaind.length = 8 + sizeof(ctx->seed) +
-           (ctx->big_endian ? token.length : plainlen);
-       plaind.data = data_ptr;
-       krb5_free_checksum_contents(context, &md5cksum);
-       code = krb5_c_make_checksum(context, md5cksum.checksum_type,
-                                   ctx->seq, sign_usage,
-                                   &plaind, &md5cksum);
-       xfree(data_ptr);
-
-       if (code) {
-           if (sealalg == 0)
-               xfree(plain);
-           if (toktype == KG_TOK_SEAL_MSG)
-               xfree(token.value);
-           *minor_status = code;
-           return(GSS_S_FAILURE);
-       }
-
-       code = memcmp(md5cksum.contents, ptr+14, 8);
-       /* Falls through to defective-token??  */
+        if (!ctx->seed_init &&
+            (code = kg_make_seed(context, ctx->subkey, ctx->seed))) {
+            krb5_free_checksum_contents(context, &md5cksum);
+            if (sealalg != 0xffff)
+                xfree(plain);
+            if (toktype == KG_TOK_SEAL_MSG)
+                xfree(token.value);
+            *minor_status = code;
+            return GSS_S_FAILURE;
+        }
+
+        if (! (data_ptr = (void *)
+               xmalloc(sizeof(ctx->seed) + 8 +
+                       (ctx->big_endian ? token.length : plainlen)))) {
+            krb5_free_checksum_contents(context, &md5cksum);
+            if (sealalg == 0)
+                xfree(plain);
+            if (toktype == KG_TOK_SEAL_MSG)
+                xfree(token.value);
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+        (void) memcpy(data_ptr, ptr-2, 8);
+        (void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed));
+        if (ctx->big_endian)
+            (void) memcpy(data_ptr+8+sizeof(ctx->seed),
+                          token.value, token.length);
+        else
+            (void) memcpy(data_ptr+8+sizeof(ctx->seed),
+                          plain, plainlen);
+        plaind.length = 8 + sizeof(ctx->seed) +
+            (ctx->big_endian ? token.length : plainlen);
+        plaind.data = data_ptr;
+        krb5_free_checksum_contents(context, &md5cksum);
+        code = krb5_c_make_checksum(context, md5cksum.checksum_type,
+                                    ctx->seq, sign_usage,
+                                    &plaind, &md5cksum);
+        xfree(data_ptr);
+
+        if (code) {
+            if (sealalg == 0)
+                xfree(plain);
+            if (toktype == KG_TOK_SEAL_MSG)
+                xfree(token.value);
+            *minor_status = code;
+            return(GSS_S_FAILURE);
+        }
+
+        code = memcmp(md5cksum.contents, ptr+14, 8);
+        /* Falls through to defective-token??  */
 
     default:
-       *minor_status = 0;
-       return(GSS_S_DEFECTIVE_TOKEN);
+        *minor_status = 0;
+        return(GSS_S_DEFECTIVE_TOKEN);
 
     case SGN_ALG_HMAC_SHA1_DES3_KD:
     case SGN_ALG_HMAC_MD5:
-       /* compute the checksum of the message */
-
-       /* 8 = bytes of token body to be checksummed according to spec */
-
-       if (! (data_ptr = (void *)
-              xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
-           if (sealalg != 0xffff)
-               xfree(plain);
-           if (toktype == KG_TOK_SEAL_MSG)
-               xfree(token.value);
-           *minor_status = ENOMEM;
-           return(GSS_S_FAILURE);
-       }
-
-       (void) memcpy(data_ptr, ptr-2, 8);
-
-       if (ctx->big_endian)
-           (void) memcpy(data_ptr+8, token.value, token.length);
-       else
-           (void) memcpy(data_ptr+8, plain, plainlen);
-
-       plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
-       plaind.data = data_ptr;
-       code = krb5_c_make_checksum(context, md5cksum.checksum_type,
-                                   ctx->seq, sign_usage,
-                                   &plaind, &md5cksum);
-       xfree(data_ptr);
-
-       if (code) {
-           if (toktype == KG_TOK_SEAL_MSG)
-               xfree(token.value);
-           *minor_status = code;
-           return(GSS_S_FAILURE);
-       }
-
-       code = memcmp(md5cksum.contents, ptr+14, cksum_len);
-       break;
+        /* compute the checksum of the message */
+
+        /* 8 = bytes of token body to be checksummed according to spec */
+
+        if (! (data_ptr = (void *)
+               xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) {
+            if (sealalg != 0xffff)
+                xfree(plain);
+            if (toktype == KG_TOK_SEAL_MSG)
+                xfree(token.value);
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+
+        (void) memcpy(data_ptr, ptr-2, 8);
+
+        if (ctx->big_endian)
+            (void) memcpy(data_ptr+8, token.value, token.length);
+        else
+            (void) memcpy(data_ptr+8, plain, plainlen);
+
+        plaind.length = 8 + (ctx->big_endian ? token.length : plainlen);
+        plaind.data = data_ptr;
+        code = krb5_c_make_checksum(context, md5cksum.checksum_type,
+                                    ctx->seq, sign_usage,
+                                    &plaind, &md5cksum);
+        xfree(data_ptr);
+
+        if (code) {
+            if (toktype == KG_TOK_SEAL_MSG)
+                xfree(token.value);
+            *minor_status = code;
+            return(GSS_S_FAILURE);
+        }
+
+        code = memcmp(md5cksum.contents, ptr+14, cksum_len);
+        break;
     }
 
     krb5_free_checksum_contents(context, &md5cksum);
     if (sealalg != 0xffff)
-       xfree(plain);
+        xfree(plain);
 
     /* compare the computed checksum against the transmitted checksum */
 
     if (code) {
-       if (toktype == KG_TOK_SEAL_MSG)
-           xfree(token.value);
-       *minor_status = 0;
-       return(GSS_S_BAD_SIG);
+        if (toktype == KG_TOK_SEAL_MSG)
+            xfree(token.value);
+        *minor_status = 0;
+        return(GSS_S_BAD_SIG);
     }
 
 
     /* it got through unscathed.  Make sure the context is unexpired */
 
     if (toktype == KG_TOK_SEAL_MSG)
-       *message_buffer = token;
+        *message_buffer = token;
 
     if (conf_state)
-       *conf_state = (sealalg != 0xffff);
+        *conf_state = (sealalg != 0xffff);
 
     if (qop_state)
-       *qop_state = GSS_C_QOP_DEFAULT;
+        *qop_state = GSS_C_QOP_DEFAULT;
 
     if ((code = krb5_timeofday(context, &now))) {
-       *minor_status = code;
-       return(GSS_S_FAILURE);
+        *minor_status = code;
+        return(GSS_S_FAILURE);
     }
 
     if (now > ctx->endtime) {
-       *minor_status = 0;
-       return(GSS_S_CONTEXT_EXPIRED);
+        *minor_status = 0;
+        return(GSS_S_CONTEXT_EXPIRED);
     }
 
     /* do sequencing checks */
 
     if ((ctx->initiate && direction != 0xff) ||
-       (!ctx->initiate && direction != 0)) {
-       if (toktype == KG_TOK_SEAL_MSG) {
-           xfree(token.value);
-           message_buffer->value = NULL;
-           message_buffer->length = 0;
-       }
-       *minor_status = G_BAD_DIRECTION;
-       return(GSS_S_BAD_SIG);
+        (!ctx->initiate && direction != 0)) {
+        if (toktype == KG_TOK_SEAL_MSG) {
+            xfree(token.value);
+            message_buffer->value = NULL;
+            message_buffer->length = 0;
+        }
+        *minor_status = G_BAD_DIRECTION;
+        return(GSS_S_BAD_SIG);
     }
 
     retval = g_order_check(&(ctx->seqstate), seqnum);
@@ -479,7 +480,7 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
 
 OM_uint32
 kg_unseal(minor_status, context_handle, input_token_buffer,
-         message_buffer, conf_state, qop_state, toktype)
+          message_buffer, conf_state, qop_state, toktype)
     OM_uint32 *minor_status;
     gss_ctx_id_t context_handle;
     gss_buffer_t input_token_buffer;
@@ -497,15 +498,15 @@ kg_unseal(minor_status, context_handle, input_token_buffer,
 
     /* validate the context handle */
     if (! kg_validate_ctx_id(context_handle)) {
-       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-       return(GSS_S_NO_CONTEXT);
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_NO_CONTEXT);
     }
 
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
 
     if (! ctx->established) {
-       *minor_status = KG_CTX_INCOMPLETE;
-       return(GSS_S_NO_CONTEXT);
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
     }
 
     /* parse the token, leave the data in message_buffer, setting conf_state */
@@ -515,40 +516,40 @@ kg_unseal(minor_status, context_handle, input_token_buffer,
     ptr = (unsigned char *) input_token_buffer->value;
 
     if (ctx->proto)
-       switch (toktype) {
-       case KG_TOK_SIGN_MSG:
-           toktype2 = 0x0404;
-           break;
-       case KG_TOK_SEAL_MSG:
-           toktype2 = 0x0504;
-           break;
-       case KG_TOK_DEL_CTX:
-           toktype2 = 0x0405;
-           break;
-       default:
-           toktype2 = toktype;
-           break;
-       }
+        switch (toktype) {
+        case KG_TOK_SIGN_MSG:
+            toktype2 = 0x0404;
+            break;
+        case KG_TOK_SEAL_MSG:
+            toktype2 = 0x0504;
+            break;
+        case KG_TOK_DEL_CTX:
+            toktype2 = 0x0405;
+            break;
+        default:
+            toktype2 = toktype;
+            break;
+        }
     else
-       toktype2 = toktype;
+        toktype2 = toktype;
     err = g_verify_token_header(ctx->mech_used,
-                               &bodysize, &ptr, toktype2,
-                               input_token_buffer->length,
-                               !ctx->proto);
+                                &bodysize, &ptr, toktype2,
+                                input_token_buffer->length,
+                                !ctx->proto);
     if (err) {
-       *minor_status = err;
-       return GSS_S_DEFECTIVE_TOKEN;
+        *minor_status = err;
+        return GSS_S_DEFECTIVE_TOKEN;
     }
 
     if (ctx->proto == 0)
-       ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize,
-                          message_buffer, conf_state, qop_state,
-                          toktype);
+        ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize,
+                           message_buffer, conf_state, qop_state,
+                           toktype);
     else
-       ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx,
-                                         ptr, bodysize, message_buffer,
-                                         conf_state, qop_state, toktype);
+        ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx,
+                                          ptr, bodysize, message_buffer,
+                                          conf_state, qop_state, toktype);
     if (ret != 0)
-       save_error_info (*minor_status, ctx->k5_context);
+        save_error_info (*minor_status, ctx->k5_context);
     return ret;
 }
index 2bdac009f4f921eb052a27904c42bd7030510163..62905e421c5c46aecba24bccdf27ed9edb2e2140 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /** mechglue wrappers **/
 
-static OM_uint32 k5glue_acquire_cred
-(void *, OM_uint32*,       /* minor_status */
-            gss_name_t,       /* desired_name */
-            OM_uint32,        /* time_req */
-            gss_OID_set,      /* desired_mechs */
-            gss_cred_usage_t, /* cred_usage */
-            gss_cred_id_t*,   /* output_cred_handle */
-            gss_OID_set*,     /* actual_mechs */
-            OM_uint32*        /* time_rec */
-           );
-
-static OM_uint32 k5glue_release_cred
-(void *, OM_uint32*,       /* minor_status */
-            gss_cred_id_t*    /* cred_handle */
-           );
-
-static OM_uint32 k5glue_init_sec_context
-(void *, OM_uint32*,       /* minor_status */
-            gss_cred_id_t,    /* claimant_cred_handle */
-            gss_ctx_id_t*,    /* context_handle */
-            gss_name_t,       /* target_name */
-            gss_OID,          /* mech_type */
-            OM_uint32,        /* req_flags */
-            OM_uint32,        /* time_req */
-            gss_channel_bindings_t,
-                              /* input_chan_bindings */
-            gss_buffer_t,     /* input_token */
-            gss_OID*,         /* actual_mech_type */
-            gss_buffer_t,     /* output_token */
-            OM_uint32*,       /* ret_flags */
-            OM_uint32*        /* time_rec */
-           );
-                  
+static OM_uint32 k5glue_acquire_cred(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_name_t,       /* desired_name */
+    OM_uint32,        /* time_req */
+    gss_OID_set,      /* desired_mechs */
+    gss_cred_usage_t, /* cred_usage */
+    gss_cred_id_t*,   /* output_cred_handle */
+    gss_OID_set*,     /* actual_mechs */
+    OM_uint32*        /* time_rec */
+);
+
+static OM_uint32 k5glue_release_cred(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_cred_id_t*    /* cred_handle */
+);
+
+static OM_uint32 k5glue_init_sec_context(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_cred_id_t,    /* claimant_cred_handle */
+    gss_ctx_id_t*,    /* context_handle */
+    gss_name_t,       /* target_name */
+    gss_OID,          /* mech_type */
+    OM_uint32,        /* req_flags */
+    OM_uint32,        /* time_req */
+    gss_channel_bindings_t,
+    /* input_chan_bindings */
+    gss_buffer_t,     /* input_token */
+    gss_OID*,         /* actual_mech_type */
+    gss_buffer_t,     /* output_token */
+    OM_uint32*,       /* ret_flags */
+    OM_uint32*        /* time_rec */
+);
+
 #ifndef LEAN_CLIENT
-static OM_uint32 k5glue_accept_sec_context
-(void *, OM_uint32*,       /* minor_status */
-            gss_ctx_id_t*,    /* context_handle */
-            gss_cred_id_t,    /* verifier_cred_handle */
-            gss_buffer_t,     /* input_token_buffer */
-            gss_channel_bindings_t,
-                              /* input_chan_bindings */
-            gss_name_t*,      /* src_name */
-            gss_OID*,         /* mech_type */
-            gss_buffer_t,     /* output_token */
-            OM_uint32*,       /* ret_flags */
-            OM_uint32*,       /* time_rec */
-            gss_cred_id_t*    /* delegated_cred_handle */
-           );
+static OM_uint32 k5glue_accept_sec_context(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_ctx_id_t*,    /* context_handle */
+    gss_cred_id_t,    /* verifier_cred_handle */
+    gss_buffer_t,     /* input_token_buffer */
+    gss_channel_bindings_t,
+    /* input_chan_bindings */
+    gss_name_t*,      /* src_name */
+    gss_OID*,         /* mech_type */
+    gss_buffer_t,     /* output_token */
+    OM_uint32*,       /* ret_flags */
+    OM_uint32*,       /* time_rec */
+    gss_cred_id_t*    /* delegated_cred_handle */
+);
 #endif   /* LEAN_CLIENT */
 
-static OM_uint32 k5glue_process_context_token
-(void *, OM_uint32*,       /* minor_status */
-            gss_ctx_id_t,     /* context_handle */
-            gss_buffer_t      /* token_buffer */
-           );
-
-static OM_uint32 k5glue_delete_sec_context
-(void *, OM_uint32*,       /* minor_status */
-            gss_ctx_id_t*,    /* context_handle */
-            gss_buffer_t      /* output_token */
-           );
-
-static OM_uint32 k5glue_context_time
-(void *, OM_uint32*,       /* minor_status */
-            gss_ctx_id_t,     /* context_handle */
-            OM_uint32*        /* time_rec */
-           );
-                  
-static OM_uint32 k5glue_sign
-(void *, OM_uint32*,       /* minor_status */
-            gss_ctx_id_t,     /* context_handle */
-            int,              /* qop_req */
-            gss_buffer_t,     /* message_buffer */
-            gss_buffer_t      /* message_token */
-           );
-
-static OM_uint32 k5glue_verify
-(void *, OM_uint32*,       /* minor_status */
-            gss_ctx_id_t,     /* context_handle */
-            gss_buffer_t,     /* message_buffer */
-            gss_buffer_t,     /* token_buffer */
-            int*              /* qop_state */
-           );
-
-static OM_uint32 k5glue_seal
-(void *, OM_uint32*,       /* minor_status */
-            gss_ctx_id_t,     /* context_handle */
-            int,              /* conf_req_flag */
-            int,              /* qop_req */
-            gss_buffer_t,     /* input_message_buffer */
-            int*,             /* conf_state */
-            gss_buffer_t      /* output_message_buffer */
-           );
-
-static OM_uint32 k5glue_unseal
-(void *, OM_uint32*,       /* minor_status */
-            gss_ctx_id_t,     /* context_handle */
-            gss_buffer_t,     /* input_message_buffer */
-            gss_buffer_t,     /* output_message_buffer */
-            int*,             /* conf_state */
-            int*              /* qop_state */
-           );
-
-static OM_uint32 k5glue_display_status
-(void *, OM_uint32*,       /* minor_status */
-            OM_uint32,        /* status_value */
-            int,              /* status_type */
-            gss_OID,          /* mech_type */
-            OM_uint32*,       /* message_context */
-            gss_buffer_t      /* status_string */
-           );
-
-static OM_uint32 k5glue_indicate_mechs
-(void *, OM_uint32*,       /* minor_status */
-            gss_OID_set*      /* mech_set */
-           );
-
-static OM_uint32 k5glue_compare_name
-(void *, OM_uint32*,       /* minor_status */
-            gss_name_t,       /* name1 */
-            gss_name_t,       /* name2 */
-            int*              /* name_equal */
-           );
-
-static OM_uint32 k5glue_display_name
-(void *, OM_uint32*,      /* minor_status */
-            gss_name_t,      /* input_name */
-            gss_buffer_t,    /* output_name_buffer */
-            gss_OID*         /* output_name_type */
-          );
-
-static OM_uint32 k5glue_import_name
-(void *, OM_uint32*,       /* minor_status */
-            gss_buffer_t,     /* input_name_buffer */
-            gss_OID,          /* input_name_type */
-            gss_name_t*       /* output_name */
-           );
-
-static OM_uint32 k5glue_release_name
-(void *, OM_uint32*,       /* minor_status */
-            gss_name_t*       /* input_name */
-           );
-
-static OM_uint32 k5glue_inquire_cred
-(void *, OM_uint32 *,      /* minor_status */
-            gss_cred_id_t,    /* cred_handle */
-            gss_name_t *,     /* name */
-            OM_uint32 *,      /* lifetime */
-            gss_cred_usage_t*,/* cred_usage */
-            gss_OID_set *     /* mechanisms */
-           );
-
-static OM_uint32 k5glue_inquire_context
-(void *, OM_uint32*,       /* minor_status */
-           gss_ctx_id_t,     /* context_handle */
-           gss_name_t*,      /* initiator_name */
-           gss_name_t*,      /* acceptor_name */
-           OM_uint32*,       /* lifetime_rec */
-           gss_OID*,         /* mech_type */
-           OM_uint32*,       /* ret_flags */
-           int*,             /* locally_initiated */
-           int*              /* open */
-          );
+static OM_uint32 k5glue_process_context_token(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_ctx_id_t,     /* context_handle */
+    gss_buffer_t      /* token_buffer */
+);
+
+static OM_uint32 k5glue_delete_sec_context(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_ctx_id_t*,    /* context_handle */
+    gss_buffer_t      /* output_token */
+);
+
+static OM_uint32 k5glue_context_time(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_ctx_id_t,     /* context_handle */
+    OM_uint32*        /* time_rec */
+);
+
+static OM_uint32 k5glue_sign(
+    void *, OM_uint32*,       /* minor_status */
+    gss_ctx_id_t,     /* context_handle */
+    int,              /* qop_req */
+    gss_buffer_t,     /* message_buffer */
+    gss_buffer_t      /* message_token */
+);
+
+static OM_uint32 k5glue_verify(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_ctx_id_t,     /* context_handle */
+    gss_buffer_t,     /* message_buffer */
+    gss_buffer_t,     /* token_buffer */
+    int*              /* qop_state */
+);
+
+static OM_uint32 k5glue_seal(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_ctx_id_t,     /* context_handle */
+    int,              /* conf_req_flag */
+    int,              /* qop_req */
+    gss_buffer_t,     /* input_message_buffer */
+    int*,             /* conf_state */
+    gss_buffer_t      /* output_message_buffer */
+);
+
+static OM_uint32 k5glue_unseal(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_ctx_id_t,     /* context_handle */
+    gss_buffer_t,     /* input_message_buffer */
+    gss_buffer_t,     /* output_message_buffer */
+    int*,             /* conf_state */
+    int*              /* qop_state */
+);
+
+static OM_uint32 k5glue_display_status(
+    void *,
+    OM_uint32*,       /* minor_status */
+    OM_uint32,        /* status_value */
+    int,              /* status_type */
+    gss_OID,          /* mech_type */
+    OM_uint32*,       /* message_context */
+    gss_buffer_t      /* status_string */
+);
+
+static OM_uint32 k5glue_indicate_mechs(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_OID_set*      /* mech_set */
+);
+
+static OM_uint32 k5glue_compare_name(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_name_t,       /* name1 */
+    gss_name_t,       /* name2 */
+    int*              /* name_equal */
+);
+
+static OM_uint32 k5glue_display_name(
+    void *,
+    OM_uint32*,      /* minor_status */
+    gss_name_t,      /* input_name */
+    gss_buffer_t,    /* output_name_buffer */
+    gss_OID*         /* output_name_type */
+);
+
+static OM_uint32 k5glue_import_name(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_buffer_t,     /* input_name_buffer */
+    gss_OID,          /* input_name_type */
+    gss_name_t*       /* output_name */
+);
+
+static OM_uint32 k5glue_release_name(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_name_t*       /* input_name */
+);
+
+static OM_uint32 k5glue_inquire_cred(
+    void *,
+    OM_uint32 *,      /* minor_status */
+    gss_cred_id_t,    /* cred_handle */
+    gss_name_t *,     /* name */
+    OM_uint32 *,      /* lifetime */
+    gss_cred_usage_t*,/* cred_usage */
+    gss_OID_set *     /* mechanisms */
+);
+
+static OM_uint32 k5glue_inquire_context(
+    void *,
+    OM_uint32*,       /* minor_status */
+    gss_ctx_id_t,     /* context_handle */
+    gss_name_t*,      /* initiator_name */
+    gss_name_t*,      /* acceptor_name */
+    OM_uint32*,       /* lifetime_rec */
+    gss_OID*,         /* mech_type */
+    OM_uint32*,       /* ret_flags */
+    int*,             /* locally_initiated */
+    int*              /* open */
+);
 
 #if 0
 /* New V2 entry points */
-static OM_uint32 k5glue_get_mic
-(void *, OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           gss_qop_t,                  /* qop_req */
-           gss_buffer_t,               /* message_buffer */
-           gss_buffer_t                /* message_token */
-          );
-
-static OM_uint32 k5glue_verify_mic
-(void *, OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           gss_buffer_t,               /* message_buffer */
-           gss_buffer_t,               /* message_token */
-           gss_qop_t *                 /* qop_state */
-          );
-
-static OM_uint32 k5glue_wrap
-(void *, OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           int,                        /* conf_req_flag */
-           gss_qop_t,                  /* qop_req */
-           gss_buffer_t,               /* input_message_buffer */
-           int *,                      /* conf_state */
-           gss_buffer_t                /* output_message_buffer */
-          );
-
-static OM_uint32 k5glue_unwrap
-(void *, OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           gss_buffer_t,               /* input_message_buffer */
-           gss_buffer_t,               /* output_message_buffer */
-           int *,                      /* conf_state */
-           gss_qop_t *                 /* qop_state */
-          );
+static OM_uint32 k5glue_get_mic(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_ctx_id_t,               /* context_handle */
+    gss_qop_t,                  /* qop_req */
+    gss_buffer_t,               /* message_buffer */
+    gss_buffer_t                /* message_token */
+);
+
+static OM_uint32 k5glue_verify_mic(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_ctx_id_t,               /* context_handle */
+    gss_buffer_t,               /* message_buffer */
+    gss_buffer_t,               /* message_token */
+    gss_qop_t *                 /* qop_state */
+);
+
+static OM_uint32 k5glue_wrap(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_ctx_id_t,               /* context_handle */
+    int,                        /* conf_req_flag */
+    gss_qop_t,                  /* qop_req */
+    gss_buffer_t,               /* input_message_buffer */
+    int *,                      /* conf_state */
+    gss_buffer_t                /* output_message_buffer */
+);
+
+static OM_uint32 k5glue_unwrap(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_ctx_id_t,               /* context_handle */
+    gss_buffer_t,               /* input_message_buffer */
+    gss_buffer_t,               /* output_message_buffer */
+    int *,                      /* conf_state */
+    gss_qop_t *                 /* qop_state */
+);
 #endif
 
-static OM_uint32 k5glue_wrap_size_limit
-(void *, OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t,               /* context_handle */
-           int,                        /* conf_req_flag */
-           gss_qop_t,                  /* qop_req */
-           OM_uint32,                  /* req_output_size */
-           OM_uint32 *                 /* max_input_size */
-          );
+static OM_uint32 k5glue_wrap_size_limit(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_ctx_id_t,               /* context_handle */
+    int,                        /* conf_req_flag */
+    gss_qop_t,                  /* qop_req */
+    OM_uint32,                  /* req_output_size */
+    OM_uint32 *                 /* max_input_size */
+);
 
 #if 0
-static OM_uint32 k5glue_import_name_object
-(void *, OM_uint32 *,          /* minor_status */
-           void *,                     /* input_name */
-           gss_OID,                    /* input_name_type */
-           gss_name_t *                /* output_name */
-          );
-
-static OM_uint32 k5glue_export_name_object
-(void *, OM_uint32 *,          /* minor_status */
-           gss_name_t,                 /* input_name */
-           gss_OID,                    /* desired_name_type */
-           void * *                    /* output_name */
-          );
+static OM_uint32 k5glue_import_name_object(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    void *,                     /* input_name */
+    gss_OID,                    /* input_name_type */
+    gss_name_t *                /* output_name */
+);
+
+static OM_uint32 k5glue_export_name_object(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_name_t,                 /* input_name */
+    gss_OID,                    /* desired_name_type */
+    void * *                    /* output_name */
+);
 #endif
 
-static OM_uint32 k5glue_add_cred
-(void *, OM_uint32 *,          /* minor_status */
-           gss_cred_id_t,              /* input_cred_handle */
-           gss_name_t,                 /* desired_name */
-           gss_OID,                    /* desired_mech */
-           gss_cred_usage_t,           /* cred_usage */
-           OM_uint32,                  /* initiator_time_req */
-           OM_uint32,                  /* acceptor_time_req */
-           gss_cred_id_t *,            /* output_cred_handle */
-           gss_OID_set *,              /* actual_mechs */
-           OM_uint32 *,                /* initiator_time_rec */
-           OM_uint32 *                 /* acceptor_time_rec */
-          );
-
-static OM_uint32 k5glue_inquire_cred_by_mech
-(void *, OM_uint32  *,         /* minor_status */
-           gss_cred_id_t,              /* cred_handle */
-           gss_OID,                    /* mech_type */
-           gss_name_t *,               /* name */
-           OM_uint32 *,                /* initiator_lifetime */
-           OM_uint32 *,                /* acceptor_lifetime */
-           gss_cred_usage_t *          /* cred_usage */
-          );
+static OM_uint32 k5glue_add_cred(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_cred_id_t,              /* input_cred_handle */
+    gss_name_t,                 /* desired_name */
+    gss_OID,                    /* desired_mech */
+    gss_cred_usage_t,           /* cred_usage */
+    OM_uint32,                  /* initiator_time_req */
+    OM_uint32,                  /* acceptor_time_req */
+    gss_cred_id_t *,            /* output_cred_handle */
+    gss_OID_set *,              /* actual_mechs */
+    OM_uint32 *,                /* initiator_time_rec */
+    OM_uint32 *                 /* acceptor_time_rec */
+);
+
+static OM_uint32 k5glue_inquire_cred_by_mech(
+    void *,
+    OM_uint32  *,               /* minor_status */
+    gss_cred_id_t,              /* cred_handle */
+    gss_OID,                    /* mech_type */
+    gss_name_t *,               /* name */
+    OM_uint32 *,                /* initiator_lifetime */
+    OM_uint32 *,                /* acceptor_lifetime */
+    gss_cred_usage_t *          /* cred_usage */
+);
 
 #ifndef LEAN_CLIENT
-static OM_uint32 k5glue_export_sec_context
-(void *, OM_uint32 *,          /* minor_status */
-           gss_ctx_id_t *,             /* context_handle */
-           gss_buffer_t                /* interprocess_token */
-           );
-
-static OM_uint32 k5glue_import_sec_context
-(void *, OM_uint32 *,          /* minor_status */
-           gss_buffer_t,               /* interprocess_token */
-           gss_ctx_id_t *              /* context_handle */
-           );
+static OM_uint32 k5glue_export_sec_context(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_ctx_id_t *,             /* context_handle */
+    gss_buffer_t                /* interprocess_token */
+);
+
+static OM_uint32 k5glue_import_sec_context(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_buffer_t,               /* interprocess_token */
+    gss_ctx_id_t *              /* context_handle */
+);
 #endif /* LEAN_CLIENT */
 
 krb5_error_code k5glue_ser_init(krb5_context);
 
-static OM_uint32 k5glue_internal_release_oid
-(void *, OM_uint32 *,          /* minor_status */
-           gss_OID *                   /* oid */
-          );
+static OM_uint32 k5glue_internal_release_oid(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_OID *                   /* oid */
+);
 
-static OM_uint32 k5glue_inquire_names_for_mech
-(void *, OM_uint32 *,          /* minor_status */
-           gss_OID,                    /* mechanism */
-           gss_OID_set *               /* name_types */
-          );
+static OM_uint32 k5glue_inquire_names_for_mech(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_OID,                    /* mechanism */
+    gss_OID_set *               /* name_types */
+);
 
 #if 0
-static OM_uint32 k5glue_canonicalize_name
-(void *, OM_uint32  *,         /* minor_status */
-           const gss_name_t,           /* input_name */
-           const gss_OID,              /* mech_type */
-           gss_name_t *                /* output_name */
-        );
+static OM_uint32 k5glue_canonicalize_name(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    const gss_name_t,           /* input_name */
+    const gss_OID,              /* mech_type */
+    gss_name_t *                /* output_name */
+);
 #endif
 
-static OM_uint32 k5glue_export_name
-(void *, OM_uint32  *,         /* minor_status */
-           const gss_name_t,           /* input_name */
-           gss_buffer_t                /* exported_name */
-        );
+static OM_uint32 k5glue_export_name(
+    void *,
+    OM_uint32  *,               /* minor_status */
+    const gss_name_t,           /* input_name */
+    gss_buffer_t                /* exported_name */
+);
 
 #if 0
-static OM_uint32 k5glue_duplicate_name
-(void *, OM_uint32  *,         /* minor_status */
-           const gss_name_t,           /* input_name */
-           gss_name_t *                /* dest_name */
-        );
+static OM_uint32 k5glue_duplicate_name(
+    void *,
+    OM_uint32  *,               /* minor_status */
+    const gss_name_t,           /* input_name */
+    gss_name_t *                /* dest_name */
+);
 #endif
 
 #if 0
-static OM_uint32 k5glue_validate_cred
-(void *, OM_uint32 *,          /* minor_status */
-           gss_cred_id_t               /* cred */
-         );
+static OM_uint32 k5glue_validate_cred(
+    void *,
+    OM_uint32 *,                /* minor_status */
+    gss_cred_id_t               /* cred */
+);
 #endif
 
 /*
@@ -343,72 +379,72 @@ static OM_uint32 k5glue_validate_cred
  * ensure that both dispatch tables contain identical function
  * pointers.
  */
-#ifndef LEAN_CLIENT    
-#define KRB5_GSS_CONFIG_INIT                           \
-    NULL,                                              \
-    k5glue_acquire_cred,                               \
-    k5glue_release_cred,                               \
-    k5glue_init_sec_context,                           \
-    k5glue_accept_sec_context,                         \
-       k5glue_process_context_token,                   \
-    k5glue_delete_sec_context,                         \
-    k5glue_context_time,                               \
-    k5glue_sign,                                       \
-    k5glue_verify,                                     \
-    k5glue_seal,                                       \
-    k5glue_unseal,                                     \
-    k5glue_display_status,                             \
-    k5glue_indicate_mechs,                             \
-    k5glue_compare_name,                               \
-    k5glue_display_name,                               \
-    k5glue_import_name,                                        \
-    k5glue_release_name,                               \
-    k5glue_inquire_cred,                               \
-    k5glue_add_cred,                                   \
-    k5glue_export_sec_context,                         \
-    k5glue_import_sec_context,                         \
-    k5glue_inquire_cred_by_mech,                       \
-    k5glue_inquire_names_for_mech,                     \
-    k5glue_inquire_context,                            \
-    k5glue_internal_release_oid,                       \
-    k5glue_wrap_size_limit,                            \
-    k5glue_export_name,                                        \
-    NULL                       /* store_cred */
-
-#else  /* LEAN_CLIENT */
-
-#define KRB5_GSS_CONFIG_INIT                           \
-    NULL,                                              \
-    k5glue_acquire_cred,                               \
-    k5glue_release_cred,                               \
-    k5glue_init_sec_context,                           \
-    NULL,                                              \
-       k5glue_process_context_token,                   \
-    k5glue_delete_sec_context,                         \
-    k5glue_context_time,                               \
-    k5glue_sign,                                       \
-    k5glue_verify,                                     \
-    k5glue_seal,                                       \
-    k5glue_unseal,                                     \
-    k5glue_display_status,                             \
-    k5glue_indicate_mechs,                             \
-    k5glue_compare_name,                               \
-    k5glue_display_name,                               \
-    k5glue_import_name,                                        \
-    k5glue_release_name,                               \
-    k5glue_inquire_cred,                               \
-    k5glue_add_cred,                                   \
-    NULL,                                              \
-    NULL,                                              \
-    k5glue_inquire_cred_by_mech,                       \
-    k5glue_inquire_names_for_mech,                     \
-    k5glue_inquire_context,                            \
-    k5glue_internal_release_oid,                       \
-    k5glue_wrap_size_limit,                            \
-    k5glue_export_name,                                        \
-    NULL                       /* store_cred */
-
-#endif /* LEAN_CLIENT */       
+#ifndef LEAN_CLIENT
+#define KRB5_GSS_CONFIG_INIT                            \
+    NULL,                                               \
+    k5glue_acquire_cred,                                \
+    k5glue_release_cred,                                \
+    k5glue_init_sec_context,                            \
+    k5glue_accept_sec_context,                          \
+    k5glue_process_context_token,                       \
+    k5glue_delete_sec_context,                          \
+    k5glue_context_time,                                \
+    k5glue_sign,                                        \
+    k5glue_verify,                                      \
+    k5glue_seal,                                        \
+    k5glue_unseal,                                      \
+    k5glue_display_status,                              \
+    k5glue_indicate_mechs,                              \
+    k5glue_compare_name,                                \
+    k5glue_display_name,                                \
+    k5glue_import_name,                                 \
+    k5glue_release_name,                                \
+    k5glue_inquire_cred,                                \
+    k5glue_add_cred,                                    \
+    k5glue_export_sec_context,                          \
+    k5glue_import_sec_context,                          \
+    k5glue_inquire_cred_by_mech,                        \
+    k5glue_inquire_names_for_mech,                      \
+    k5glue_inquire_context,                             \
+    k5glue_internal_release_oid,                        \
+    k5glue_wrap_size_limit,                             \
+    k5glue_export_name,                                 \
+    NULL                        /* store_cred */
+
+#else   /* LEAN_CLIENT */
+
+#define KRB5_GSS_CONFIG_INIT                            \
+    NULL,                                               \
+    k5glue_acquire_cred,                                \
+    k5glue_release_cred,                                \
+    k5glue_init_sec_context,                            \
+    NULL,                                               \
+    k5glue_process_context_token,                       \
+    k5glue_delete_sec_context,                          \
+    k5glue_context_time,                                \
+    k5glue_sign,                                        \
+    k5glue_verify,                                      \
+    k5glue_seal,                                        \
+    k5glue_unseal,                                      \
+    k5glue_display_status,                              \
+    k5glue_indicate_mechs,                              \
+    k5glue_compare_name,                                \
+    k5glue_display_name,                                \
+    k5glue_import_name,                                 \
+    k5glue_release_name,                                \
+    k5glue_inquire_cred,                                \
+    k5glue_add_cred,                                    \
+    NULL,                                               \
+    NULL,                                               \
+    k5glue_inquire_cred_by_mech,                        \
+    k5glue_inquire_names_for_mech,                      \
+    k5glue_inquire_context,                             \
+    k5glue_internal_release_oid,                        \
+    k5glue_wrap_size_limit,                             \
+    k5glue_export_name,                                 \
+    NULL                        /* store_cred */
+
+#endif /* LEAN_CLIENT */
 
 
 static struct gss_config krb5_mechanism = {
@@ -448,7 +484,7 @@ gssint_get_mech_configs(void)
     char *envstr = getenv("MS_FORCE_NO_MSOID");
 
     if (envstr != NULL && strcmp(envstr, "1") == 0) {
-       return krb5_mech_configs_hack;
+        return krb5_mech_configs_hack;
     }
 #endif
     return krb5_mech_configs;
@@ -457,82 +493,82 @@ gssint_get_mech_configs(void)
 #ifndef LEAN_CLIENT
 static OM_uint32
 k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle,
-                      input_token, input_chan_bindings, src_name, mech_type, 
-                      output_token, ret_flags, time_rec, delegated_cred_handle)
+                          input_token, input_chan_bindings, src_name, mech_type,
+                          output_token, ret_flags, time_rec, delegated_cred_handle)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t *context_handle;
-     gss_cred_id_t verifier_cred_handle;
-     gss_buffer_t input_token;
-     gss_channel_bindings_t input_chan_bindings;
-     gss_name_t *src_name;
-     gss_OID *mech_type;
-     gss_buffer_t output_token;
-     OM_uint32 *ret_flags;
-     OM_uint32 *time_rec;
-     gss_cred_id_t *delegated_cred_handle;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t *context_handle;
+    gss_cred_id_t verifier_cred_handle;
+    gss_buffer_t input_token;
+    gss_channel_bindings_t input_chan_bindings;
+    gss_name_t *src_name;
+    gss_OID *mech_type;
+    gss_buffer_t output_token;
+    OM_uint32 *ret_flags;
+    OM_uint32 *time_rec;
+    gss_cred_id_t *delegated_cred_handle;
 {
-   return(krb5_gss_accept_sec_context(minor_status,
-                                     context_handle,
-                                     verifier_cred_handle,
-                                     input_token,
-                                     input_chan_bindings,
-                                     src_name,
-                                     mech_type,
-                                     output_token,
-                                     ret_flags,
-                                     time_rec,
-                                     delegated_cred_handle));
+    return(krb5_gss_accept_sec_context(minor_status,
+                                       context_handle,
+                                       verifier_cred_handle,
+                                       input_token,
+                                       input_chan_bindings,
+                                       src_name,
+                                       mech_type,
+                                       output_token,
+                                       ret_flags,
+                                       time_rec,
+                                       delegated_cred_handle));
 }
 #endif /* LEAN_CLIENT */
 
 static OM_uint32
 k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
-                cred_usage, output_cred_handle, actual_mechs, time_rec)
+                    cred_usage, output_cred_handle, actual_mechs, time_rec)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_name_t desired_name;
-     OM_uint32 time_req;
-     gss_OID_set desired_mechs;
-     gss_cred_usage_t cred_usage;
-     gss_cred_id_t *output_cred_handle;
-     gss_OID_set *actual_mechs;
-     OM_uint32 *time_rec;
+    OM_uint32 *minor_status;
+    gss_name_t desired_name;
+    OM_uint32 time_req;
+    gss_OID_set desired_mechs;
+    gss_cred_usage_t cred_usage;
+    gss_cred_id_t *output_cred_handle;
+    gss_OID_set *actual_mechs;
+    OM_uint32 *time_rec;
 {
-   return(krb5_gss_acquire_cred(minor_status,
-                               desired_name,
-                               time_req,
-                               desired_mechs,
-                               cred_usage,
-                               output_cred_handle,
-                               actual_mechs,
-                               time_rec));
+    return(krb5_gss_acquire_cred(minor_status,
+                                 desired_name,
+                                 time_req,
+                                 desired_mechs,
+                                 cred_usage,
+                                 output_cred_handle,
+                                 actual_mechs,
+                                 time_rec));
 }
 
 /* V2 */
 static OM_uint32
 k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech,
-            cred_usage, initiator_time_req, acceptor_time_req,
-            output_cred_handle, actual_mechs, initiator_time_rec,
-            acceptor_time_rec)
+                cred_usage, initiator_time_req, acceptor_time_req,
+                output_cred_handle, actual_mechs, initiator_time_rec,
+                acceptor_time_rec)
     void *ctx;
-    OM_uint32           *minor_status;
-    gss_cred_id_t      input_cred_handle;
-    gss_name_t         desired_name;
-    gss_OID            desired_mech;
-    gss_cred_usage_t   cred_usage;
-    OM_uint32          initiator_time_req;
-    OM_uint32          acceptor_time_req;
-    gss_cred_id_t       *output_cred_handle;
-    gss_OID_set                 *actual_mechs;
-    OM_uint32           *initiator_time_rec;
-    OM_uint32           *acceptor_time_rec;
+    OM_uint32            *minor_status;
+    gss_cred_id_t       input_cred_handle;
+    gss_name_t          desired_name;
+    gss_OID             desired_mech;
+    gss_cred_usage_t    cred_usage;
+    OM_uint32           initiator_time_req;
+    OM_uint32           acceptor_time_req;
+    gss_cred_id_t        *output_cred_handle;
+    gss_OID_set          *actual_mechs;
+    OM_uint32            *initiator_time_rec;
+    OM_uint32            *acceptor_time_rec;
 {
     return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name,
-                            desired_mech, cred_usage, initiator_time_req,
-                            acceptor_time_req, output_cred_handle,
-                            actual_mechs, initiator_time_rec,
-                            acceptor_time_rec));
+                             desired_mech, cred_usage, initiator_time_req,
+                             acceptor_time_req, output_cred_handle,
+                             actual_mechs, initiator_time_rec,
+                             acceptor_time_rec));
 }
 
 #if 0
@@ -540,9 +576,9 @@ k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech
 static OM_uint32
 k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set)
     void *ctx;
-    OM_uint32   *minor_status;
-    gss_OID    member_oid;
-    gss_OID_set         *oid_set;
+    OM_uint32    *minor_status;
+    gss_OID     member_oid;
+    gss_OID_set  *oid_set;
 {
     return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set));
 }
@@ -551,24 +587,24 @@ k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set)
 static OM_uint32
 k5glue_compare_name(ctx, minor_status, name1, name2, name_equal)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_name_t name1;
-     gss_name_t name2;
-     int *name_equal;
+    OM_uint32 *minor_status;
+    gss_name_t name1;
+    gss_name_t name2;
+    int *name_equal;
 {
-   return(krb5_gss_compare_name(minor_status, name1,
-                               name2, name_equal));
+    return(krb5_gss_compare_name(minor_status, name1,
+                                 name2, name_equal));
 }
 
 static OM_uint32
 k5glue_context_time(ctx, minor_status, context_handle, time_rec)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     OM_uint32 *time_rec;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    OM_uint32 *time_rec;
 {
-   return(krb5_gss_context_time(minor_status, context_handle,
-                               time_rec));
+    return(krb5_gss_context_time(minor_status, context_handle,
+                                 time_rec));
 }
 
 #if 0
@@ -576,8 +612,8 @@ k5glue_context_time(ctx, minor_status, context_handle, time_rec)
 static OM_uint32
 k5glue_create_empty_oid_set(ctx, minor_status, oid_set)
     void *ctx;
-    OM_uint32   *minor_status;
-    gss_OID_set         *oid_set;
+    OM_uint32    *minor_status;
+    gss_OID_set  *oid_set;
 {
     return(generic_gss_create_empty_oid_set(minor_status, oid_set));
 }
@@ -586,90 +622,90 @@ k5glue_create_empty_oid_set(ctx, minor_status, oid_set)
 static OM_uint32
 k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t *context_handle;
-     gss_buffer_t output_token;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t *context_handle;
+    gss_buffer_t output_token;
 {
-   return(krb5_gss_delete_sec_context(minor_status,
-                                     context_handle, output_token));
+    return(krb5_gss_delete_sec_context(minor_status,
+                                       context_handle, output_token));
 }
 
 static OM_uint32
 k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_name_t input_name;
-     gss_buffer_t output_name_buffer;
-     gss_OID *output_name_type;
+    OM_uint32 *minor_status;
+    gss_name_t input_name;
+    gss_buffer_t output_name_buffer;
+    gss_OID *output_name_type;
 {
-   return(krb5_gss_display_name(minor_status, input_name,
-                               output_name_buffer, output_name_type));
+    return(krb5_gss_display_name(minor_status, input_name,
+                                 output_name_buffer, output_name_type));
 }
 
 static OM_uint32
 k5glue_display_status(ctx, minor_status, status_value, status_type,
-                  mech_type, message_context, status_string)
+                      mech_type, message_context, status_string)
     void *ctx;
-     OM_uint32 *minor_status;
-     OM_uint32 status_value;
-     int status_type;
-     gss_OID mech_type;
-     OM_uint32 *message_context;
-     gss_buffer_t status_string;
+    OM_uint32 *minor_status;
+    OM_uint32 status_value;
+    int status_type;
+    gss_OID mech_type;
+    OM_uint32 *message_context;
+    gss_buffer_t status_string;
 {
-   return(krb5_gss_display_status(minor_status, status_value,
-                                 status_type, mech_type, message_context,
-                                 status_string));
+    return(krb5_gss_display_status(minor_status, status_value,
+                                   status_type, mech_type, message_context,
+                                   status_string));
 }
 #ifndef LEAN_CLIENT
 /* V2 */
 static OM_uint32
 k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token)
     void *ctx;
-     OM_uint32          *minor_status;
-     gss_ctx_id_t       *context_handle;
-     gss_buffer_t      interprocess_token;
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        *context_handle;
+    gss_buffer_t       interprocess_token;
 {
-   return(krb5_gss_export_sec_context(minor_status,
-                                     context_handle,
-                                     interprocess_token));
+    return(krb5_gss_export_sec_context(minor_status,
+                                       context_handle,
+                                       interprocess_token));
 }
 #endif /* LEAN_CLIENT */
 #if 0
 /* V2 */
 static OM_uint32
 k5glue_get_mic(ctx, minor_status, context_handle, qop_req,
-           message_buffer, message_token)
+               message_buffer, message_token)
     void *ctx;
-     OM_uint32          *minor_status;
-     gss_ctx_id_t      context_handle;
-     gss_qop_t         qop_req;
-     gss_buffer_t      message_buffer;
-     gss_buffer_t      message_token;
+    OM_uint32           *minor_status;
+    gss_ctx_id_t       context_handle;
+    gss_qop_t          qop_req;
+    gss_buffer_t       message_buffer;
+    gss_buffer_t       message_token;
 {
     return(krb5_gss_get_mic(minor_status, context_handle,
-                           qop_req, message_buffer, message_token));
+                            qop_req, message_buffer, message_token));
 }
 #endif
 
 static OM_uint32
 k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_buffer_t input_name_buffer;
-     gss_OID input_name_type;
-     gss_name_t *output_name;
+    OM_uint32 *minor_status;
+    gss_buffer_t input_name_buffer;
+    gss_OID input_name_type;
+    gss_name_t *output_name;
 {
 #if 0
     OM_uint32 err;
     err = gssint_initialize_library();
     if (err) {
-       *minor_status = err;
-       return GSS_S_FAILURE;
+        *minor_status = err;
+        return GSS_S_FAILURE;
     }
 #endif
     return(krb5_gss_import_name(minor_status, input_name_buffer,
-                               input_name_type, output_name));
+                                input_name_type, output_name));
 }
 
 #ifndef LEAN_CLIENT
@@ -677,118 +713,118 @@ k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output
 static OM_uint32
 k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle)
     void *ctx;
-     OM_uint32          *minor_status;
-     gss_buffer_t      interprocess_token;
-     gss_ctx_id_t       *context_handle;
+    OM_uint32           *minor_status;
+    gss_buffer_t       interprocess_token;
+    gss_ctx_id_t        *context_handle;
 {
-   return(krb5_gss_import_sec_context(minor_status,
-                                     interprocess_token,
-                                     context_handle));
+    return(krb5_gss_import_sec_context(minor_status,
+                                       interprocess_token,
+                                       context_handle));
 }
 #endif /* LEAN_CLIENT */
 
 static OM_uint32
 k5glue_indicate_mechs(ctx, minor_status, mech_set)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_OID_set *mech_set;
+    OM_uint32 *minor_status;
+    gss_OID_set *mech_set;
 {
-   return(krb5_gss_indicate_mechs(minor_status, mech_set));
+    return(krb5_gss_indicate_mechs(minor_status, mech_set));
 }
 
 static OM_uint32
 k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle,
-                    target_name, mech_type, req_flags, time_req,
-                    input_chan_bindings, input_token, actual_mech_type,
-                    output_token, ret_flags, time_rec)
+                        target_name, mech_type, req_flags, time_req,
+                        input_chan_bindings, input_token, actual_mech_type,
+                        output_token, ret_flags, time_rec)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_cred_id_t claimant_cred_handle;
-     gss_ctx_id_t *context_handle;
-     gss_name_t target_name;
-     gss_OID mech_type;
-     OM_uint32 req_flags;
-     OM_uint32 time_req;
-     gss_channel_bindings_t input_chan_bindings;
-     gss_buffer_t input_token;
-     gss_OID *actual_mech_type;
-     gss_buffer_t output_token;
-     OM_uint32 *ret_flags;
-     OM_uint32 *time_rec;
+    OM_uint32 *minor_status;
+    gss_cred_id_t claimant_cred_handle;
+    gss_ctx_id_t *context_handle;
+    gss_name_t target_name;
+    gss_OID mech_type;
+    OM_uint32 req_flags;
+    OM_uint32 time_req;
+    gss_channel_bindings_t input_chan_bindings;
+    gss_buffer_t input_token;
+    gss_OID *actual_mech_type;
+    gss_buffer_t output_token;
+    OM_uint32 *ret_flags;
+    OM_uint32 *time_rec;
 {
-   return(krb5_gss_init_sec_context(minor_status,
-                                   claimant_cred_handle, context_handle,
-                                   target_name, mech_type, req_flags,
-                                   time_req, input_chan_bindings, input_token,
-                                   actual_mech_type, output_token, ret_flags,
-                                   time_rec));
+    return(krb5_gss_init_sec_context(minor_status,
+                                     claimant_cred_handle, context_handle,
+                                     target_name, mech_type, req_flags,
+                                     time_req, input_chan_bindings, input_token,
+                                     actual_mech_type, output_token, ret_flags,
+                                     time_rec));
 }
 
 static OM_uint32
 k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
-                   lifetime_rec, mech_type, ret_flags,
-                   locally_initiated, opened)
+                       lifetime_rec, mech_type, ret_flags,
+                       locally_initiated, opened)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     gss_name_t *initiator_name;
-     gss_name_t *acceptor_name;
-     OM_uint32 *lifetime_rec;
-     gss_OID *mech_type;
-     OM_uint32 *ret_flags;
-     int *locally_initiated;
-     int *opened;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_name_t *initiator_name;
+    gss_name_t *acceptor_name;
+    OM_uint32 *lifetime_rec;
+    gss_OID *mech_type;
+    OM_uint32 *ret_flags;
+    int *locally_initiated;
+    int *opened;
 {
-   return(krb5_gss_inquire_context(minor_status, context_handle,
-                                  initiator_name, acceptor_name, lifetime_rec,
-                                  mech_type, ret_flags, locally_initiated,
-                                  opened));
+    return(krb5_gss_inquire_context(minor_status, context_handle,
+                                    initiator_name, acceptor_name, lifetime_rec,
+                                    mech_type, ret_flags, locally_initiated,
+                                    opened));
 }
 
 static OM_uint32
 k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
-                cred_usage, mechanisms)
+                    cred_usage, mechanisms)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_cred_id_t cred_handle;
-     gss_name_t *name;
-     OM_uint32 *lifetime_ret;
-     gss_cred_usage_t *cred_usage;
-     gss_OID_set *mechanisms;
+    OM_uint32 *minor_status;
+    gss_cred_id_t cred_handle;
+    gss_name_t *name;
+    OM_uint32 *lifetime_ret;
+    gss_cred_usage_t *cred_usage;
+    gss_OID_set *mechanisms;
 {
-   return(krb5_gss_inquire_cred(minor_status, cred_handle,
-                               name, lifetime_ret, cred_usage, mechanisms));
+    return(krb5_gss_inquire_cred(minor_status, cred_handle,
+                                 name, lifetime_ret, cred_usage, mechanisms));
 }
 
 /* V2 */
 static OM_uint32
 k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name,
-                        initiator_lifetime, acceptor_lifetime, cred_usage)
+                            initiator_lifetime, acceptor_lifetime, cred_usage)
     void *ctx;
-     OM_uint32          *minor_status;
-     gss_cred_id_t     cred_handle;
-     gss_OID           mech_type;
-     gss_name_t                 *name;
-     OM_uint32          *initiator_lifetime;
-     OM_uint32          *acceptor_lifetime;
-     gss_cred_usage_t   *cred_usage;
+    OM_uint32           *minor_status;
+    gss_cred_id_t      cred_handle;
+    gss_OID            mech_type;
+    gss_name_t          *name;
+    OM_uint32           *initiator_lifetime;
+    OM_uint32           *acceptor_lifetime;
+    gss_cred_usage_t    *cred_usage;
 {
-   return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
-                                       mech_type, name, initiator_lifetime,
-                                       acceptor_lifetime, cred_usage));
+    return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
+                                         mech_type, name, initiator_lifetime,
+                                         acceptor_lifetime, cred_usage));
 }
 
 /* V2 */
 static OM_uint32
 k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
     void *ctx;
-    OM_uint32   *minor_status;
-    gss_OID    mechanism;
-    gss_OID_set         *name_types;
+    OM_uint32    *minor_status;
+    gss_OID     mechanism;
+    gss_OID_set  *name_types;
 {
     return(krb5_gss_inquire_names_for_mech(minor_status,
-                                          mechanism,
-                                          name_types));
+                                           mechanism,
+                                           name_types));
 }
 
 #if 0
@@ -796,9 +832,9 @@ k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
 static OM_uint32
 k5glue_oid_to_str(ctx, minor_status, oid, oid_str)
     void *ctx;
-    OM_uint32           *minor_status;
-    gss_OID            oid;
-    gss_buffer_t       oid_str;
+    OM_uint32            *minor_status;
+    gss_OID             oid;
+    gss_buffer_t        oid_str;
 {
     return(generic_gss_oid_to_str(minor_status, oid, oid_str));
 }
@@ -807,41 +843,41 @@ k5glue_oid_to_str(ctx, minor_status, oid, oid_str)
 static OM_uint32
 k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     gss_buffer_t token_buffer;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_buffer_t token_buffer;
 {
-   return(krb5_gss_process_context_token(minor_status,
-                                        context_handle, token_buffer));
+    return(krb5_gss_process_context_token(minor_status,
+                                          context_handle, token_buffer));
 }
 
 static OM_uint32
 k5glue_release_cred(ctx, minor_status, cred_handle)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_cred_id_t *cred_handle;
+    OM_uint32 *minor_status;
+    gss_cred_id_t *cred_handle;
 {
-   return(krb5_gss_release_cred(minor_status, cred_handle));
+    return(krb5_gss_release_cred(minor_status, cred_handle));
 }
 
 static OM_uint32
 k5glue_release_name(ctx, minor_status, input_name)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_name_t *input_name;
+    OM_uint32 *minor_status;
+    gss_name_t *input_name;
 {
-   return(krb5_gss_release_name(minor_status, input_name));
+    return(krb5_gss_release_name(minor_status, input_name));
 }
 
 #if 0
 static OM_uint32
 k5glue_release_buffer(ctx, minor_status, buffer)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_buffer_t buffer;
+    OM_uint32 *minor_status;
+    gss_buffer_t buffer;
 {
-   return(generic_gss_release_buffer(minor_status,
-                                    buffer));
+    return(generic_gss_release_buffer(minor_status,
+                                      buffer));
 }
 #endif
 
@@ -849,8 +885,8 @@ k5glue_release_buffer(ctx, minor_status, buffer)
 static OM_uint32
 k5glue_internal_release_oid(ctx, minor_status, oid)
     void *ctx;
-     OM_uint32  *minor_status;
-     gss_OID    *oid;
+    OM_uint32   *minor_status;
+    gss_OID     *oid;
 {
     return(krb5_gss_internal_release_oid(minor_status, oid));
 }
@@ -859,87 +895,87 @@ k5glue_internal_release_oid(ctx, minor_status, oid)
 static OM_uint32
 k5glue_release_oid_set(ctx, minor_status, set)
     void *ctx;
-     OM_uint32 * minor_status;
-     gss_OID_set *set;
+    OM_uint32 * minor_status;
+    gss_OID_set *set;
 {
-   return(generic_gss_release_oid_set(minor_status, set));
+    return(generic_gss_release_oid_set(minor_status, set));
 }
 #endif
 
 /* V1 only */
 static OM_uint32
 k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req,
-        input_message_buffer, conf_state, output_message_buffer)
+            input_message_buffer, conf_state, output_message_buffer)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     int conf_req_flag;
-     int qop_req;
-     gss_buffer_t input_message_buffer;
-     int *conf_state;
-     gss_buffer_t output_message_buffer;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    int conf_req_flag;
+    int qop_req;
+    gss_buffer_t input_message_buffer;
+    int *conf_state;
+    gss_buffer_t output_message_buffer;
 {
-   return(krb5_gss_seal(minor_status, context_handle,
-                       conf_req_flag, qop_req, input_message_buffer,
-                       conf_state, output_message_buffer));
+    return(krb5_gss_seal(minor_status, context_handle,
+                         conf_req_flag, qop_req, input_message_buffer,
+                         conf_state, output_message_buffer));
 }
 
 static OM_uint32
 k5glue_sign(ctx, minor_status, context_handle,
-             qop_req, message_buffer, 
-             message_token)
+            qop_req, message_buffer,
+            message_token)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     int qop_req;
-     gss_buffer_t message_buffer;
-     gss_buffer_t message_token;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    int qop_req;
+    gss_buffer_t message_buffer;
+    gss_buffer_t message_token;
 {
-   return(krb5_gss_sign(minor_status, context_handle,
-                       qop_req, message_buffer, message_token));
+    return(krb5_gss_sign(minor_status, context_handle,
+                         qop_req, message_buffer, message_token));
 }
 
 #if 0
 /* V2 */
 static OM_uint32
 k5glue_verify_mic(ctx, minor_status, context_handle,
-              message_buffer, token_buffer, qop_state)
+                  message_buffer, token_buffer, qop_state)
     void *ctx;
-     OM_uint32          *minor_status;
-     gss_ctx_id_t      context_handle;
-     gss_buffer_t      message_buffer;
-     gss_buffer_t      token_buffer;
-     gss_qop_t          *qop_state;
+    OM_uint32           *minor_status;
+    gss_ctx_id_t       context_handle;
+    gss_buffer_t       message_buffer;
+    gss_buffer_t       token_buffer;
+    gss_qop_t           *qop_state;
 {
     return(krb5_gss_verify_mic(minor_status, context_handle,
-                              message_buffer, token_buffer, qop_state));
+                               message_buffer, token_buffer, qop_state));
 }
 
 /* V2 */
 static OM_uint32
 k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req,
-        input_message_buffer, conf_state, output_message_buffer)
+            input_message_buffer, conf_state, output_message_buffer)
     void *ctx;
-    OM_uint32           *minor_status;
-    gss_ctx_id_t       context_handle;
-    int                        conf_req_flag;
-    gss_qop_t          qop_req;
-    gss_buffer_t       input_message_buffer;
-    int                         *conf_state;
-    gss_buffer_t       output_message_buffer;
+    OM_uint32            *minor_status;
+    gss_ctx_id_t        context_handle;
+    int                 conf_req_flag;
+    gss_qop_t           qop_req;
+    gss_buffer_t        input_message_buffer;
+    int                  *conf_state;
+    gss_buffer_t        output_message_buffer;
 {
     return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req,
-                        input_message_buffer, conf_state,
-                        output_message_buffer));
+                         input_message_buffer, conf_state,
+                         output_message_buffer));
 }
 
 /* V2 */
 static OM_uint32
 k5glue_str_to_oid(ctx, minor_status, oid_str, oid)
     void *ctx;
-    OM_uint32           *minor_status;
-    gss_buffer_t       oid_str;
-    gss_OID             *oid;
+    OM_uint32            *minor_status;
+    gss_buffer_t        oid_str;
+    gss_OID              *oid;
 {
     return(generic_gss_str_to_oid(minor_status, oid_str, oid));
 }
@@ -948,84 +984,84 @@ k5glue_str_to_oid(ctx, minor_status, oid_str, oid)
 static OM_uint32
 k5glue_test_oid_set_member(ctx, minor_status, member, set, present)
     void *ctx;
-    OM_uint32   *minor_status;
-    gss_OID    member;
-    gss_OID_set        set;
-    int                 *present;
+    OM_uint32    *minor_status;
+    gss_OID     member;
+    gss_OID_set set;
+    int          *present;
 {
     return(generic_gss_test_oid_set_member(minor_status, member, set,
-                                          present));
+                                           present));
 }
 #endif
 
 /* V1 only */
 static OM_uint32
 k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer,
-          output_message_buffer, conf_state, qop_state)
+              output_message_buffer, conf_state, qop_state)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     gss_buffer_t input_message_buffer;
-     gss_buffer_t output_message_buffer;
-     int *conf_state;
-     int *qop_state;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_buffer_t input_message_buffer;
+    gss_buffer_t output_message_buffer;
+    int *conf_state;
+    int *qop_state;
 {
-   return(krb5_gss_unseal(minor_status, context_handle,
-                         input_message_buffer, output_message_buffer,
-                         conf_state, qop_state));
+    return(krb5_gss_unseal(minor_status, context_handle,
+                           input_message_buffer, output_message_buffer,
+                           conf_state, qop_state));
 }
 
 #if 0
 /* V2 */
 static OM_uint32
-k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer, 
-          output_message_buffer, conf_state, qop_state)
+k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer,
+              output_message_buffer, conf_state, qop_state)
     void *ctx;
-    OM_uint32           *minor_status;
-    gss_ctx_id_t       context_handle;
-    gss_buffer_t       input_message_buffer;
-    gss_buffer_t       output_message_buffer;
-    int                         *conf_state;
-    gss_qop_t           *qop_state;
+    OM_uint32            *minor_status;
+    gss_ctx_id_t        context_handle;
+    gss_buffer_t        input_message_buffer;
+    gss_buffer_t        output_message_buffer;
+    int                  *conf_state;
+    gss_qop_t            *qop_state;
 {
     return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer,
-                          output_message_buffer, conf_state, qop_state));
+                           output_message_buffer, conf_state, qop_state));
 }
 #endif
 
 /* V1 only */
 static OM_uint32
 k5glue_verify(ctx, minor_status, context_handle, message_buffer,
-          token_buffer, qop_state)
+              token_buffer, qop_state)
     void *ctx;
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     gss_buffer_t message_buffer;
-     gss_buffer_t token_buffer;
-     int *qop_state;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_buffer_t message_buffer;
+    gss_buffer_t token_buffer;
+    int *qop_state;
 {
-   return(krb5_gss_verify(minor_status,
-                         context_handle,
-                         message_buffer,
-                         token_buffer,
-                         qop_state));
+    return(krb5_gss_verify(minor_status,
+                           context_handle,
+                           message_buffer,
+                           token_buffer,
+                           qop_state));
 }
 
 /* V2 interface */
 static OM_uint32
 k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag,
-                   qop_req, req_output_size, max_input_size)
+                       qop_req, req_output_size, max_input_size)
     void *ctx;
-    OM_uint32           *minor_status;
-    gss_ctx_id_t       context_handle;
-    int                        conf_req_flag;
-    gss_qop_t          qop_req;
-    OM_uint32          req_output_size;
-    OM_uint32           *max_input_size;
+    OM_uint32            *minor_status;
+    gss_ctx_id_t        context_handle;
+    int                 conf_req_flag;
+    gss_qop_t           qop_req;
+    OM_uint32           req_output_size;
+    OM_uint32            *max_input_size;
 {
-   return(krb5_gss_wrap_size_limit(minor_status, context_handle,
-                                  conf_req_flag, qop_req,
-                                  req_output_size, max_input_size));
+    return(krb5_gss_wrap_size_limit(minor_status, context_handle,
+                                    conf_req_flag, qop_req,
+                                    req_output_size, max_input_size));
 }
 
 #if 0
@@ -1033,13 +1069,13 @@ k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag,
 static OM_uint32
 k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name)
     void *ctx;
-       OM_uint32  *minor_status;
-       const gss_name_t input_name;
-       const gss_OID mech_type;
-       gss_name_t *output_name;
+    OM_uint32  *minor_status;
+    const gss_name_t input_name;
+    const gss_OID mech_type;
+    gss_name_t *output_name;
 {
-       return krb5_gss_canonicalize_name(minor_status, input_name,
-                                         mech_type, output_name);
+    return krb5_gss_canonicalize_name(minor_status, input_name,
+                                      mech_type, output_name);
 }
 #endif
 
@@ -1047,11 +1083,11 @@ k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name)
 static OM_uint32
 k5glue_export_name(ctx, minor_status, input_name, exported_name)
     void *ctx;
-       OM_uint32  *minor_status;
-       const gss_name_t input_name;
-       gss_buffer_t exported_name;
+    OM_uint32  *minor_status;
+    const gss_name_t input_name;
+    gss_buffer_t exported_name;
 {
-       return krb5_gss_export_name(minor_status, input_name, exported_name);
+    return krb5_gss_export_name(minor_status, input_name, exported_name);
 }
 
 #if 0
@@ -1059,11 +1095,11 @@ k5glue_export_name(ctx, minor_status, input_name, exported_name)
 static OM_uint32
 k5glue_duplicate_name(ctx, minor_status, input_name, dest_name)
     void *ctx;
-       OM_uint32  *minor_status;
-       const gss_name_t input_name;
-       gss_name_t *dest_name;
+    OM_uint32  *minor_status;
+    const gss_name_t input_name;
+    gss_name_t *dest_name;
 {
-       return krb5_gss_duplicate_name(minor_status, input_name, dest_name);
+    return krb5_gss_duplicate_name(minor_status, input_name, dest_name);
 }
 #endif
 
@@ -1077,13 +1113,13 @@ gss_krb5_get_tkt_flags(
 
     uctx = (gss_union_ctx_id_t)context_handle;
     if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) &&
-       !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type))
-       return GSS_S_BAD_MECH;
+        !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type))
+        return GSS_S_BAD_MECH;
     return gss_krb5int_get_tkt_flags(minor_status, uctx->internal_ctx_id,
-                                    ticket_flags);
+                                     ticket_flags);
 }
 
-OM_uint32 KRB5_CALLCONV 
+OM_uint32 KRB5_CALLCONV
 gss_krb5_copy_ccache(
     OM_uint32 *minor_status,
     gss_cred_id_t cred_handle,
@@ -1096,11 +1132,11 @@ gss_krb5_copy_ccache(
 
     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
     if (mcred != GSS_C_NO_CREDENTIAL)
-       return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
+        return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
 
     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
     if (mcred != GSS_C_NO_CREDENTIAL)
-       return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
+        return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache);
 
     return GSS_S_DEFECTIVE_CREDENTIAL;
 }
@@ -1117,16 +1153,16 @@ gss_krb5_export_lucid_sec_context(
 
     uctx = (gss_union_ctx_id_t)*context_handle;
     if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) &&
-       !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type))
-       return GSS_S_BAD_MECH;
+        !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type))
+        return GSS_S_BAD_MECH;
     return gss_krb5int_export_lucid_sec_context(minor_status,
-                                               &uctx->internal_ctx_id,
-                                               version, kctx);
+                                                &uctx->internal_ctx_id,
+                                                version, kctx);
 }
 
 OM_uint32 KRB5_CALLCONV
 gss_krb5_set_allowable_enctypes(
-    OM_uint32 *minor_status, 
+    OM_uint32 *minor_status,
     gss_cred_id_t cred,
     OM_uint32 num_ktypes,
     krb5_enctype *ktypes)
@@ -1137,13 +1173,13 @@ gss_krb5_set_allowable_enctypes(
     ucred = (gss_union_cred_t)cred;
     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type);
     if (mcred != GSS_C_NO_CREDENTIAL)
-       return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
-                                                 num_ktypes, ktypes);
+        return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
+                                                  num_ktypes, ktypes);
 
     mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type);
     if (mcred != GSS_C_NO_CREDENTIAL)
-       return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
-                                                 num_ktypes, ktypes);
+        return gss_krb5int_set_allowable_enctypes(minor_status, mcred,
+                                                  num_ktypes, ktypes);
 
     return GSS_S_DEFECTIVE_CREDENTIAL;
 }
index 086bea427705c1eb95ed4eb97cfec22dfbe85929..338c38b8c03e9799a84c05f1f28d2c183f54ebb2 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/lucid_context.c
  *
@@ -61,31 +62,31 @@ make_external_lucid_ctx_v1(
 
 OM_uint32 KRB5_CALLCONV
 gss_krb5int_export_lucid_sec_context(
-    OM_uint32          *minor_status,
-    gss_ctx_id_t       *context_handle,
-    OM_uint32          version,
-    void               **kctx)
+    OM_uint32           *minor_status,
+    gss_ctx_id_t        *context_handle,
+    OM_uint32           version,
+    void                **kctx)
 {
-    krb5_error_code    kret = 0;
-    OM_uint32          retval;
-    krb5_gss_ctx_id_t  ctx;
-    void               *lctx = NULL;
+    krb5_error_code     kret = 0;
+    OM_uint32           retval;
+    krb5_gss_ctx_id_t   ctx;
+    void                *lctx = NULL;
 
     /* Assume failure */
     retval = GSS_S_FAILURE;
     *minor_status = 0;
 
     if (kctx)
-       *kctx = NULL;
+        *kctx = NULL;
     else {
-       kret = EINVAL;
-       goto error_out;
+        kret = EINVAL;
+        goto error_out;
     }
 
     if (!kg_validate_ctx_id(*context_handle)) {
-           kret = (OM_uint32) G_VALIDATE_FAILED;
-           retval = GSS_S_NO_CONTEXT;
-           goto error_out;
+        kret = (OM_uint32) G_VALIDATE_FAILED;
+        retval = GSS_S_NO_CONTEXT;
+        goto error_out;
     }
 
     ctx = (krb5_gss_ctx_id_t) *context_handle;
@@ -93,21 +94,21 @@ gss_krb5int_export_lucid_sec_context(
     /* Externalize a structure of the right version */
     switch (version) {
     case 1:
-       kret = make_external_lucid_ctx_v1((krb5_pointer)ctx,
-                                             version, &lctx);
+        kret = make_external_lucid_ctx_v1((krb5_pointer)ctx,
+                                          version, &lctx);
         break;
     default:
-       kret = (OM_uint32) KG_LUCID_VERSION;
-       break;
+        kret = (OM_uint32) KG_LUCID_VERSION;
+        break;
     }
 
     if (kret)
-       goto error_out;
+        goto error_out;
 
     /* Success!  Record the context and return the buffer */
     if (! kg_save_lucidctx_id((void *)lctx)) {
-       kret = G_VALIDATE_FAILED;
-       goto error_out;
+        kret = G_VALIDATE_FAILED;
+        goto error_out;
     }
 
     *kctx = lctx;
@@ -123,8 +124,8 @@ gss_krb5int_export_lucid_sec_context(
     return (retval);
 
 error_out:
-    if (*minor_status == 0) 
-           *minor_status = (OM_uint32) kret;
+    if (*minor_status == 0)
+        *minor_status = (OM_uint32) kret;
     return(retval);
 }
 
@@ -137,39 +138,39 @@ gss_krb5_free_lucid_sec_context(
     OM_uint32 *minor_status,
     void *kctx)
 {
-    OM_uint32          retval;
-    krb5_error_code    kret = 0;
-    int                        version;
+    OM_uint32           retval;
+    krb5_error_code     kret = 0;
+    int                 version;
 
     /* Assume failure */
     retval = GSS_S_FAILURE;
     *minor_status = 0;
 
     if (!kctx) {
-       kret = EINVAL;
-       goto error_out;
+        kret = EINVAL;
+        goto error_out;
     }
 
     /* Verify pointer is valid lucid context */
     if (! kg_validate_lucidctx_id(kctx)) {
-       kret = G_VALIDATE_FAILED;
-       goto error_out;
+        kret = G_VALIDATE_FAILED;
+        goto error_out;
     }
 
     /* Determine version and call correct free routine */
     version = ((gss_krb5_lucid_context_version_t *)kctx)->version;
     switch (version) {
     case 1:
-       (void)kg_delete_lucidctx_id(kctx);
-       free_external_lucid_ctx_v1((gss_krb5_lucid_context_v1_t*) kctx);
-       break;
+        (void)kg_delete_lucidctx_id(kctx);
+        free_external_lucid_ctx_v1((gss_krb5_lucid_context_v1_t*) kctx);
+        break;
     default:
-       kret = EINVAL;
-       break;
+        kret = EINVAL;
+        break;
     }
 
     if (kret)
-       goto error_out;
+        goto error_out;
 
     /* Success! */
     *minor_status = 0;
@@ -178,8 +179,8 @@ gss_krb5_free_lucid_sec_context(
     return (retval);
 
 error_out:
-    if (*minor_status == 0) 
-           *minor_status = (OM_uint32) kret;
+    if (*minor_status == 0)
+        *minor_status = (OM_uint32) kret;
     return(retval);
 }
 
@@ -199,8 +200,8 @@ make_external_lucid_ctx_v1(
 
     /* Allocate the structure */
     if ((lctx = xmalloc(bufsize)) == NULL) {
-       retval = ENOMEM;
-       goto error_out;
+        retval = ENOMEM;
+        goto error_out;
     }
 
     memset(lctx, 0, bufsize);
@@ -214,29 +215,29 @@ make_external_lucid_ctx_v1(
     /* gctx->proto == 0 ==> rfc1964-style key information
        gctx->proto == 1 ==> cfx-style (draft-ietf-krb-wg-gssapi-cfx-07) keys */
     if (gctx->proto == 0) {
-       lctx->rfc1964_kd.sign_alg = gctx->signalg;
-       lctx->rfc1964_kd.seal_alg = gctx->sealalg;
-       /* Copy key */
-       if ((retval = copy_keyblock_to_lucid_key(gctx->subkey,
-                                       &lctx->rfc1964_kd.ctx_key)))
-           goto error_out;
+        lctx->rfc1964_kd.sign_alg = gctx->signalg;
+        lctx->rfc1964_kd.seal_alg = gctx->sealalg;
+        /* Copy key */
+        if ((retval = copy_keyblock_to_lucid_key(gctx->subkey,
+                                                 &lctx->rfc1964_kd.ctx_key)))
+            goto error_out;
     }
     else if (gctx->proto == 1) {
-       /* Copy keys */
-       /* (subkey is always present, either a copy of the kerberos
-          session key or a subkey) */
-       if ((retval = copy_keyblock_to_lucid_key(gctx->subkey,
-                                       &lctx->cfx_kd.ctx_key)))
-           goto error_out;
-       if (gctx->have_acceptor_subkey) {
-           if ((retval = copy_keyblock_to_lucid_key(gctx->acceptor_subkey,
-                                       &lctx->cfx_kd.acceptor_subkey)))
-               goto error_out;
-           lctx->cfx_kd.have_acceptor_subkey = 1;
-       }
+        /* Copy keys */
+        /* (subkey is always present, either a copy of the kerberos
+           session key or a subkey) */
+        if ((retval = copy_keyblock_to_lucid_key(gctx->subkey,
+                                                 &lctx->cfx_kd.ctx_key)))
+            goto error_out;
+        if (gctx->have_acceptor_subkey) {
+            if ((retval = copy_keyblock_to_lucid_key(gctx->acceptor_subkey,
+                                                     &lctx->cfx_kd.acceptor_subkey)))
+                goto error_out;
+            lctx->cfx_kd.have_acceptor_subkey = 1;
+        }
     }
     else {
-       return EINVAL;  /* XXX better error code? */
+        return EINVAL;  /* XXX better error code? */
     }
 
     /* Success! */
@@ -245,7 +246,7 @@ make_external_lucid_ctx_v1(
 
 error_out:
     if (lctx) {
-       free_external_lucid_ctx_v1(lctx);
+        free_external_lucid_ctx_v1(lctx);
     }
     return retval;
 
@@ -258,13 +259,13 @@ copy_keyblock_to_lucid_key(
     gss_krb5_lucid_key_t *lkey)
 {
     if (!k5key || !k5key->contents || k5key->length == 0)
-       return EINVAL;
+        return EINVAL;
 
     memset(lkey, 0, sizeof(gss_krb5_lucid_key_t));
 
     /* Allocate storage for the key data */
     if ((lkey->data = xmalloc(k5key->length)) == NULL) {
-       return ENOMEM;
+        return ENOMEM;
     }
     memcpy(lkey->data, k5key->contents, k5key->length);
     lkey->length = k5key->length;
@@ -280,11 +281,11 @@ free_lucid_key_data(
     gss_krb5_lucid_key_t *key)
 {
     if (key) {
-       if (key->data && key->length) {
-           memset(key->data, 0, key->length);
-           xfree(key->data);
-           memset(key, 0, sizeof(gss_krb5_lucid_key_t));
-       }
+        if (key->data && key->length) {
+            memset(key->data, 0, key->length);
+            xfree(key->data);
+            memset(key, 0, sizeof(gss_krb5_lucid_key_t));
+        }
     }
 }
 /* Free any storage associated with a gss_krb5_lucid_context_v1 structure */
@@ -293,15 +294,15 @@ free_external_lucid_ctx_v1(
     gss_krb5_lucid_context_v1_t *ctx)
 {
     if (ctx) {
-       if (ctx->protocol == 0) {
-           free_lucid_key_data(&ctx->rfc1964_kd.ctx_key);
-       }
-       if (ctx->protocol == 1) {
-           free_lucid_key_data(&ctx->cfx_kd.ctx_key);
-           if (ctx->cfx_kd.have_acceptor_subkey)
-               free_lucid_key_data(&ctx->cfx_kd.acceptor_subkey);
-       }
-       xfree(ctx);
-       ctx = NULL;
+        if (ctx->protocol == 0) {
+            free_lucid_key_data(&ctx->rfc1964_kd.ctx_key);
+        }
+        if (ctx->protocol == 1) {
+            free_lucid_key_data(&ctx->cfx_kd.ctx_key);
+            if (ctx->cfx_kd.have_acceptor_subkey)
+                free_lucid_key_data(&ctx->cfx_kd.acceptor_subkey);
+        }
+        xfree(ctx);
+        ctx = NULL;
     }
 }
index 49d8ec3f9fdb31a656d023f5a48ae9e844b7cf47..9a4d282ac8fb102a2d4f57b6f85b9365d3afdff6 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
  */
 
 OM_uint32
-krb5_gss_process_context_token(minor_status, context_handle, 
-                              token_buffer)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     gss_buffer_t token_buffer;
+krb5_gss_process_context_token(minor_status, context_handle,
+                               token_buffer)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_buffer_t token_buffer;
 {
-   krb5_gss_ctx_id_rec *ctx;
-   OM_uint32 majerr;
+    krb5_gss_ctx_id_rec *ctx;
+    OM_uint32 majerr;
 
-   /* validate the context handle */
-   if (! kg_validate_ctx_id(context_handle)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      return(GSS_S_NO_CONTEXT);
-   }
+    /* validate the context handle */
+    if (! kg_validate_ctx_id(context_handle)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_NO_CONTEXT);
+    }
 
-   ctx = (krb5_gss_ctx_id_t) context_handle;
+    ctx = (krb5_gss_ctx_id_t) context_handle;
 
-   if (! ctx->established) {
-      *minor_status = KG_CTX_INCOMPLETE;
-      return(GSS_S_NO_CONTEXT);
-   }
+    if (! ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
+    }
 
-   /* "unseal" the token */
+    /* "unseal" the token */
 
-   if (GSS_ERROR(majerr = kg_unseal(minor_status, context_handle, 
-                                    token_buffer,
-                                   GSS_C_NO_BUFFER, NULL, NULL,
-                                   KG_TOK_DEL_CTX)))
-      return(majerr);
+    if (GSS_ERROR(majerr = kg_unseal(minor_status, context_handle,
+                                     token_buffer,
+                                     GSS_C_NO_BUFFER, NULL, NULL,
+                                     KG_TOK_DEL_CTX)))
+        return(majerr);
 
-   /* that's it.  delete the context */
+    /* that's it.  delete the context */
 
-   return(krb5_gss_delete_sec_context(minor_status, &context_handle,
-                                     GSS_C_NO_BUFFER));
+    return(krb5_gss_delete_sec_context(minor_status, &context_handle,
+                                       GSS_C_NO_BUFFER));
 }
index 1b4a6ce55c8c8fcf1429bce956c4552ff41f5e45..83305432681111a755f76627f549ad739dc66faa 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 #include "gssapiP_krb5.h"
 
-OM_uint32 
+OM_uint32
 krb5_gss_release_cred(minor_status, cred_handle)
-     OM_uint32 *minor_status;
-     gss_cred_id_t *cred_handle;
+    OM_uint32 *minor_status;
+    gss_cred_id_t *cred_handle;
 {
-   krb5_context context;
-   krb5_gss_cred_id_t cred;
-   krb5_error_code code1, code2, code3;
+    krb5_context context;
+    krb5_gss_cred_id_t cred;
+    krb5_error_code code1, code2, code3;
 
-   code1 = krb5_gss_init_context(&context);
-   if (code1) {
-       *minor_status = code1;
-       return GSS_S_FAILURE;
-   }
+    code1 = krb5_gss_init_context(&context);
+    if (code1) {
+        *minor_status = code1;
+        return GSS_S_FAILURE;
+    }
 
-   if (*cred_handle == GSS_C_NO_CREDENTIAL) {
-      *minor_status = 0;
-      krb5_free_context(context);
-      return(GSS_S_COMPLETE);
-   }
+    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+        *minor_status = 0;
+        krb5_free_context(context);
+        return(GSS_S_COMPLETE);
+    }
 
-   if (! kg_delete_cred_id(*cred_handle)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      krb5_free_context(context);
-      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
-   }
+    if (! kg_delete_cred_id(*cred_handle)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED);
+    }
 
-   cred = (krb5_gss_cred_id_t)*cred_handle;
+    cred = (krb5_gss_cred_id_t)*cred_handle;
 
-   k5_mutex_destroy(&cred->lock);
-   /* ignore error destroying mutex */
+    k5_mutex_destroy(&cred->lock);
+    /* ignore error destroying mutex */
 
-   if (cred->ccache)
-      code1 = krb5_cc_close(context, cred->ccache);
-   else
-      code1 = 0;
+    if (cred->ccache)
+        code1 = krb5_cc_close(context, cred->ccache);
+    else
+        code1 = 0;
 
-#ifndef LEAN_CLIENT 
-   if (cred->keytab)
-      code2 = krb5_kt_close(context, cred->keytab);
-   else
+#ifndef LEAN_CLIENT
+    if (cred->keytab)
+        code2 = krb5_kt_close(context, cred->keytab);
+    else
 #endif /* LEAN_CLIENT */
-      code2 = 0;
+        code2 = 0;
 
-   if (cred->rcache)
-      code3 = krb5_rc_close(context, cred->rcache);
-   else
-      code3 = 0;
-   if (cred->princ)
-      krb5_free_principal(context, cred->princ);
+    if (cred->rcache)
+        code3 = krb5_rc_close(context, cred->rcache);
+    else
+        code3 = 0;
+    if (cred->princ)
+        krb5_free_principal(context, cred->princ);
 
-   if (cred->req_enctypes)
-       free(cred->req_enctypes);
+    if (cred->req_enctypes)
+        free(cred->req_enctypes);
 
-   xfree(cred);
+    xfree(cred);
 
-   *cred_handle = NULL;
+    *cred_handle = NULL;
 
-   *minor_status = 0;
-   if (code1)
-      *minor_status = code1;
-   if (code2)
-      *minor_status = code2;
-   if (code3)
-      *minor_status = code3;
+    *minor_status = 0;
+    if (code1)
+        *minor_status = code1;
+    if (code2)
+        *minor_status = code2;
+    if (code3)
+        *minor_status = code3;
 
-   if (*minor_status)
-       save_error_info(*minor_status, context);
-   krb5_free_context(context);
-   return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
+    if (*minor_status)
+        save_error_info(*minor_status, context);
+    krb5_free_context(context);
+    return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
 }
index d906a70c0ca0043a40e9a73c029bc22833993364..49d19444808e23cd81555c1b09619ec9456d4945 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 OM_uint32
 krb5_gss_release_name(minor_status, input_name)
-     OM_uint32 *minor_status;
-     gss_name_t *input_name;
+    OM_uint32 *minor_status;
+    gss_name_t *input_name;
 {
-   krb5_context context;
-   krb5_error_code code;
+    krb5_context context;
+    krb5_error_code code;
 
-   code = krb5_gss_init_context(&context);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
 
-   if (! kg_validate_name(*input_name)) {
-      *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-      krb5_free_context(context);
-      return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
-   }
+    if (! kg_validate_name(*input_name)) {
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        krb5_free_context(context);
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
+    }
 
-   (void)kg_delete_name(*input_name);
+    (void)kg_delete_name(*input_name);
 
-   krb5_free_principal(context, (krb5_principal) *input_name);
-   krb5_free_context(context);
+    krb5_free_principal(context, (krb5_principal) *input_name);
+    krb5_free_context(context);
 
-   *input_name = (gss_name_t) NULL;
+    *input_name = (gss_name_t) NULL;
 
-   *minor_status = 0;
-   return(GSS_S_COMPLETE);
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
 }
index 7e45781efb9e0ddcd54a01fe6468420619e176ab..7a08da2beaa4629dbc4a7e95812db3069fccfcb0 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/rel_oid.c
  *
 #include "gssapiP_krb5.h"
 
 OM_uint32 krb5_gss_internal_release_oid (OM_uint32 *, /* minor_status */
-                                        gss_OID * /* oid */
-    );
+                                         gss_OID * /* oid */
+);
 
 OM_uint32
 krb5_gss_release_oid(minor_status, oid)
-    OM_uint32  *minor_status;
-    gss_OID    *oid;
+    OM_uint32   *minor_status;
+    gss_OID     *oid;
 {
     /*
      * The V2 API says the following!
@@ -49,38 +50,37 @@ krb5_gss_release_oid(minor_status, oid)
      * allocated OID values with OIDs returned by GSS-API.
      */
     if (krb5_gss_internal_release_oid(minor_status, oid) != GSS_S_COMPLETE) {
-       /* Pawn it off on the generic routine */
-       return(generic_gss_release_oid(minor_status, oid));
+        /* Pawn it off on the generic routine */
+        return(generic_gss_release_oid(minor_status, oid));
     }
     else {
-       *oid = GSS_C_NO_OID;
-       *minor_status = 0;
-       return(GSS_S_COMPLETE);
+        *oid = GSS_C_NO_OID;
+        *minor_status = 0;
+        return(GSS_S_COMPLETE);
     }
 }
 
 OM_uint32
 krb5_gss_internal_release_oid(minor_status, oid)
-    OM_uint32  *minor_status;
-    gss_OID    *oid;
+    OM_uint32   *minor_status;
+    gss_OID     *oid;
 {
     /*
      * This function only knows how to release internal OIDs. It will
      * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize.
      */
-   
+
     *minor_status = 0;
     if ((*oid != gss_mech_krb5) &&
-       (*oid != gss_mech_krb5_old) &&
-       (*oid != gss_mech_krb5_wrong) &&
-       (*oid != gss_nt_krb5_name) &&
-       (*oid != gss_nt_krb5_principal)) {
-       /* We don't know about this OID */
-       return(GSS_S_CONTINUE_NEEDED);
+        (*oid != gss_mech_krb5_old) &&
+        (*oid != gss_mech_krb5_wrong) &&
+        (*oid != gss_nt_krb5_name) &&
+        (*oid != gss_nt_krb5_principal)) {
+        /* We don't know about this OID */
+        return(GSS_S_CONTINUE_NEEDED);
     }
     else {
-       *oid = GSS_C_NO_OID;
-       return(GSS_S_COMPLETE);
+        *oid = GSS_C_NO_OID;
+        return(GSS_S_COMPLETE);
     }
 }
-
index 63d3dabe0673423e5dcc44211d871e66ee9fb4e5..9598de7d9670c746af96ea80fae7cb6c59e92cd6 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 OM_uint32
 krb5_gss_seal(minor_status, context_handle, conf_req_flag,
-             qop_req, input_message_buffer, conf_state,
-             output_message_buffer)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     int conf_req_flag;
-     int qop_req;
-     gss_buffer_t input_message_buffer;
-     int *conf_state;
-     gss_buffer_t output_message_buffer;
+              qop_req, input_message_buffer, conf_state,
+              output_message_buffer)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    int conf_req_flag;
+    int qop_req;
+    gss_buffer_t input_message_buffer;
+    int *conf_state;
+    gss_buffer_t output_message_buffer;
 {
-   return(kg_seal(minor_status, context_handle, conf_req_flag,
-                 qop_req, input_message_buffer, conf_state,
-                 output_message_buffer, KG_TOK_SEAL_MSG));
+    return(kg_seal(minor_status, context_handle, conf_req_flag,
+                   qop_req, input_message_buffer, conf_state,
+                   output_message_buffer, KG_TOK_SEAL_MSG));
 }
 
 /* V2 interface */
 OM_uint32
 krb5_gss_wrap(minor_status, context_handle, conf_req_flag,
-             qop_req, input_message_buffer, conf_state,
-             output_message_buffer)
-    OM_uint32          *minor_status;
-    gss_ctx_id_t       context_handle;
-    int                        conf_req_flag;
-    gss_qop_t          qop_req;
-    gss_buffer_t       input_message_buffer;
-    int                        *conf_state;
-    gss_buffer_t       output_message_buffer;
+              qop_req, input_message_buffer, conf_state,
+              output_message_buffer)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    int                 conf_req_flag;
+    gss_qop_t           qop_req;
+    gss_buffer_t        input_message_buffer;
+    int                 *conf_state;
+    gss_buffer_t        output_message_buffer;
 {
     return(kg_seal(minor_status, context_handle, conf_req_flag,
-                  (int) qop_req, input_message_buffer, conf_state,
-                  output_message_buffer, KG_TOK_WRAP_MSG));
+                   (int) qop_req, input_message_buffer, conf_state,
+                   output_message_buffer, KG_TOK_WRAP_MSG));
 }
-
index 92bb302f01c7bbd84d04e4ffa0f6bcdcbe8b8ab0..5babd7668220e70c7035097d3d5e72e95d8fe364 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/ser_sctx.c
  *
@@ -32,8 +33,8 @@
 #include "gssapiP_krb5.h"
 
 /*
- * This module contains routines to [de]serialize 
- *     krb5_gss_enc_desc and krb5_gss_ctx_id_t.
+ * This module contains routines to [de]serialize
+ *      krb5_gss_enc_desc and krb5_gss_ctx_id_t.
  * XXX This whole serialization abstraction is unnecessary in a
  * non-messaging environment, which krb5 is.  Someday, this should
  * all get redone without the extra level of indirection. I've done
 
 static krb5_error_code
 kg_oid_externalize(kcontext, arg, buffer, lenremain)
-    krb5_context       kcontext;
-    krb5_pointer       arg;
-    krb5_octet         **buffer;
-    size_t             *lenremain;
+    krb5_context        kcontext;
+    krb5_pointer        arg;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
 {
-     gss_OID oid = (gss_OID) arg;
-     krb5_error_code err;
-     
-     err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
-     if (err)
-        return err;
-     err = krb5_ser_pack_int32((krb5_int32) oid->length,
-                              buffer, lenremain);
-     if (err)
-        return err;
-     err = krb5_ser_pack_bytes((krb5_octet *) oid->elements,
-                              oid->length, buffer, lenremain);
-     if (err)
-        return err;
-     err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
-     return err;
+    gss_OID oid = (gss_OID) arg;
+    krb5_error_code err;
+
+    err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
+    if (err)
+        return err;
+    err = krb5_ser_pack_int32((krb5_int32) oid->length,
+                              buffer, lenremain);
+    if (err)
+        return err;
+    err = krb5_ser_pack_bytes((krb5_octet *) oid->elements,
+                              oid->length, buffer, lenremain);
+    if (err)
+        return err;
+    err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
+    return err;
 }
 
 static krb5_error_code
 kg_oid_internalize(kcontext, argp, buffer, lenremain)
-    krb5_context       kcontext;
-    krb5_pointer       *argp;
-    krb5_octet         **buffer;
-    size_t             *lenremain;
+    krb5_context        kcontext;
+    krb5_pointer        *argp;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
 {
-     gss_OID oid;
-     krb5_int32 ibuf;
-     krb5_octet                *bp;
-     size_t            remain;
-
-     bp = *buffer;
-     remain = *lenremain;
-
-     /* Read in and check our magic number */
-     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-       return (EINVAL);
-
-     if (ibuf != KV5M_GSS_OID)
-        return (EINVAL);
-
-     oid = (gss_OID) malloc(sizeof(gss_OID_desc));
-     if (oid == NULL)
-         return ENOMEM;
-     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
-        free(oid);
-        return EINVAL;
-     }
-     oid->length = ibuf;
-     oid->elements = malloc(ibuf);
-     if (oid->elements == 0) {
-            free(oid);
-            return ENOMEM;
-     }
-     if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
-                              oid->length, &bp, &remain)) {
-        free(oid->elements);
-        free(oid);
-        return EINVAL;
-     }
-     
-     /* Read in and check our trailing magic number */
-     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
-        free(oid->elements);
-        free(oid);
-        return (EINVAL);
-     }
-
-     if (ibuf != KV5M_GSS_OID) {
-        free(oid->elements);
-        free(oid);
-        return (EINVAL);
-     }
-
-     *buffer = bp;
-     *lenremain = remain;
-     *argp = (krb5_pointer) oid;
-     return 0;
+    gss_OID oid;
+    krb5_int32 ibuf;
+    krb5_octet         *bp;
+    size_t             remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* Read in and check our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        return (EINVAL);
+
+    if (ibuf != KV5M_GSS_OID)
+        return (EINVAL);
+
+    oid = (gss_OID) malloc(sizeof(gss_OID_desc));
+    if (oid == NULL)
+        return ENOMEM;
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
+        free(oid);
+        return EINVAL;
+    }
+    oid->length = ibuf;
+    oid->elements = malloc(ibuf);
+    if (oid->elements == 0) {
+        free(oid);
+        return ENOMEM;
+    }
+    if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
+                              oid->length, &bp, &remain)) {
+        free(oid->elements);
+        free(oid);
+        return EINVAL;
+    }
+
+    /* Read in and check our trailing magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
+        free(oid->elements);
+        free(oid);
+        return (EINVAL);
+    }
+
+    if (ibuf != KV5M_GSS_OID) {
+        free(oid->elements);
+        free(oid);
+        return (EINVAL);
+    }
+
+    *buffer = bp;
+    *lenremain = remain;
+    *argp = (krb5_pointer) oid;
+    return 0;
 }
 
 static krb5_error_code
 kg_oid_size(kcontext, arg, sizep)
-    krb5_context       kcontext;
-    krb5_pointer       arg;
-    size_t             *sizep;
+    krb5_context        kcontext;
+    krb5_pointer        arg;
+    size_t              *sizep;
 {
-   krb5_error_code kret;
-   gss_OID oid;
-   size_t required;
+    krb5_error_code kret;
+    gss_OID oid;
+    size_t required;
 
-   kret = EINVAL;
-   if ((oid = (gss_OID) arg)) {
-      required = 2*sizeof(krb5_int32); /* For the header and trailer */
-      required += sizeof(krb5_int32);
-      required += oid->length;
+    kret = EINVAL;
+    if ((oid = (gss_OID) arg)) {
+        required = 2*sizeof(krb5_int32); /* For the header and trailer */
+        required += sizeof(krb5_int32);
+        required += oid->length;
 
-      kret = 0;
+        kret = 0;
 
-      *sizep += required;
-   }
+        *sizep += required;
+    }
 
-   return(kret);
+    return(kret);
 }
 
 static krb5_error_code
 kg_queue_externalize(kcontext, arg, buffer, lenremain)
-    krb5_context       kcontext;
-    krb5_pointer       arg;
-    krb5_octet         **buffer;
-    size_t             *lenremain;
+    krb5_context        kcontext;
+    krb5_pointer        arg;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
 {
     krb5_error_code err;
     err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
     if (err == 0)
-       err = g_queue_externalize(arg, buffer, lenremain);
+        err = g_queue_externalize(arg, buffer, lenremain);
     if (err == 0)
-       err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
+        err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
     return err;
 }
 
 static krb5_error_code
 kg_queue_internalize(kcontext, argp, buffer, lenremain)
-    krb5_context       kcontext;
-    krb5_pointer       *argp;
-    krb5_octet         **buffer;
-    size_t             *lenremain;
+    krb5_context        kcontext;
+    krb5_pointer        *argp;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
 {
-     krb5_int32 ibuf;
-     krb5_octet                *bp;
-     size_t            remain;
-     krb5_error_code   err;
-
-     bp = *buffer;
-     remain = *lenremain;
-
-     /* Read in and check our magic number */
-     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-       return (EINVAL);
-
-     if (ibuf != KV5M_GSS_QUEUE)
-        return (EINVAL);
-
-     err = g_queue_internalize(argp, &bp, &remain);
-     if (err)
-         return err;
-
-     /* Read in and check our trailing magic number */
-     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
-        g_order_free(argp);
-        return (EINVAL);
-     }
-
-     if (ibuf != KV5M_GSS_QUEUE) {
-        g_order_free(argp);
-        return (EINVAL);
-     }
-
-     *buffer = bp;
-     *lenremain = remain;
-     return 0;
+    krb5_int32 ibuf;
+    krb5_octet         *bp;
+    size_t             remain;
+    krb5_error_code    err;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* Read in and check our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        return (EINVAL);
+
+    if (ibuf != KV5M_GSS_QUEUE)
+        return (EINVAL);
+
+    err = g_queue_internalize(argp, &bp, &remain);
+    if (err)
+        return err;
+
+    /* Read in and check our trailing magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
+        g_order_free(argp);
+        return (EINVAL);
+    }
+
+    if (ibuf != KV5M_GSS_QUEUE) {
+        g_order_free(argp);
+        return (EINVAL);
+    }
+
+    *buffer = bp;
+    *lenremain = remain;
+    return 0;
 }
 
 static krb5_error_code
 kg_queue_size(kcontext, arg, sizep)
-    krb5_context       kcontext;
-    krb5_pointer       arg;
-    size_t             *sizep;
+    krb5_context        kcontext;
+    krb5_pointer        arg;
+    size_t              *sizep;
 {
-   krb5_error_code kret;
-   size_t required;
-
-   kret = EINVAL;
-   if (arg) {
-      required = 2*sizeof(krb5_int32); /* For the header and trailer */
-      g_queue_size(arg, &required);
-
-      kret = 0;
-      *sizep += required;
-   }
-   return(kret);
+    krb5_error_code kret;
+    size_t required;
+
+    kret = EINVAL;
+    if (arg) {
+        required = 2*sizeof(krb5_int32); /* For the header and trailer */
+        g_queue_size(arg, &required);
+
+        kret = 0;
+        *sizep += required;
+    }
+    return(kret);
 }
 
 /*
@@ -236,108 +237,108 @@ kg_queue_size(kcontext, arg, sizep)
  */
 krb5_error_code
 kg_ctx_size(kcontext, arg, sizep)
-    krb5_context       kcontext;
-    krb5_pointer       arg;
-    size_t             *sizep;
+    krb5_context        kcontext;
+    krb5_pointer        arg;
+    size_t              *sizep;
 {
-    krb5_error_code    kret;
-    krb5_gss_ctx_id_rec        *ctx;
-    size_t             required;
+    krb5_error_code     kret;
+    krb5_gss_ctx_id_rec *ctx;
+    size_t              required;
 
     /*
      * krb5_gss_ctx_id_rec requires:
-     * krb5_int32      for KG_CONTEXT
-     * krb5_int32      for initiate.
-     * krb5_int32      for established.
-     * krb5_int32      for big_endian.
-     * krb5_int32      for have_acceptor_subkey.
-     * krb5_int32      for seed_init.
-     * krb5_int32      for gss_flags.
-     * sizeof(seed)    for seed
-     * ...             for here
-     * ...             for there
-     * ...             for subkey
-     *  krb5_int32     for signalg.
-     *  krb5_int32     for cksum_size.
-     *  krb5_int32     for sealalg.
-     * ...             for enc
-     * ...             for seq
-     * krb5_int32      for endtime.
-     * krb5_int32      for flags.
-     * krb5_int64      for seq_send.
-     * krb5_int64      for seq_recv.
-     * ...             for seqstate
-     * ...             for auth_context
-     * ...             for mech_used
-     * krb5_int32      for proto
-     * krb5_int32      for cksumtype
-     * ...             for acceptor_subkey
-     * krb5_int32      for acceptor_key_cksumtype
-     * krb5_int32      for cred_rcache
-     * krb5_int32      for trailer.
+     *  krb5_int32      for KG_CONTEXT
+     *  krb5_int32      for initiate.
+     *  krb5_int32      for established.
+     *  krb5_int32      for big_endian.
+     *  krb5_int32      for have_acceptor_subkey.
+     *  krb5_int32      for seed_init.
+     *  krb5_int32      for gss_flags.
+     *  sizeof(seed)    for seed
+     *  ...             for here
+     *  ...             for there
+     *  ...             for subkey
+     *  krb5_int32      for signalg.
+     *  krb5_int32      for cksum_size.
+     *  krb5_int32      for sealalg.
+     *  ...             for enc
+     *  ...             for seq
+     *  krb5_int32      for endtime.
+     *  krb5_int32      for flags.
+     *  krb5_int64      for seq_send.
+     *  krb5_int64      for seq_recv.
+     *  ...             for seqstate
+     *  ...             for auth_context
+     *  ...             for mech_used
+     *  krb5_int32      for proto
+     *  krb5_int32      for cksumtype
+     *  ...             for acceptor_subkey
+     *  krb5_int32      for acceptor_key_cksumtype
+     *  krb5_int32      for cred_rcache
+     *  krb5_int32      for trailer.
      */
     kret = EINVAL;
     if ((ctx = (krb5_gss_ctx_id_rec *) arg)) {
-       required = 17*sizeof(krb5_int32);
-       required += 2*sizeof(krb5_int64);
-       required += sizeof(ctx->seed);
-
-       kret = 0;
-       if (!kret && ctx->here)
-           kret = krb5_size_opaque(kcontext,
-                                   KV5M_PRINCIPAL,
-                                   (krb5_pointer) ctx->here,
-                                   &required);
-
-       if (!kret && ctx->there)
-           kret = krb5_size_opaque(kcontext,
-                                   KV5M_PRINCIPAL,
-                                   (krb5_pointer) ctx->there,
-                                   &required);
-
-       if (!kret && ctx->subkey)
-           kret = krb5_size_opaque(kcontext,
-                                   KV5M_KEYBLOCK,
-                                   (krb5_pointer) ctx->subkey,
-                                   &required);
-
-       if (!kret && ctx->enc)
-           kret = krb5_size_opaque(kcontext,
-                                   KV5M_KEYBLOCK,
-                                   (krb5_pointer) ctx->enc,
-                                   &required);
-
-       if (!kret && ctx->seq)
-           kret = krb5_size_opaque(kcontext,
-                                   KV5M_KEYBLOCK,
-                                   (krb5_pointer) ctx->seq,
-                                   &required);
-
-       if (!kret)
-           kret = kg_oid_size(kcontext,
-                              (krb5_pointer) ctx->mech_used,
-                              &required);
-
-       if (!kret && ctx->seqstate)
-           kret = kg_queue_size(kcontext, ctx->seqstate, &required);
-
-       if (!kret)
-           kret = krb5_size_opaque(kcontext,
-                                   KV5M_CONTEXT,
-                                   (krb5_pointer) ctx->k5_context,
-                                   &required);
-       if (!kret)
-           kret = krb5_size_opaque(kcontext,
-                                   KV5M_AUTH_CONTEXT,
-                                   (krb5_pointer) ctx->auth_context,
-                                   &required);
-       if (!kret && ctx->acceptor_subkey)
-           kret = krb5_size_opaque(kcontext,
-                                   KV5M_KEYBLOCK,
-                                   (krb5_pointer) ctx->acceptor_subkey,
-                                   &required);
-       if (!kret)
-           *sizep += required;
+        required = 17*sizeof(krb5_int32);
+        required += 2*sizeof(krb5_int64);
+        required += sizeof(ctx->seed);
+
+        kret = 0;
+        if (!kret && ctx->here)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_PRINCIPAL,
+                                    (krb5_pointer) ctx->here,
+                                    &required);
+
+        if (!kret && ctx->there)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_PRINCIPAL,
+                                    (krb5_pointer) ctx->there,
+                                    &required);
+
+        if (!kret && ctx->subkey)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_KEYBLOCK,
+                                    (krb5_pointer) ctx->subkey,
+                                    &required);
+
+        if (!kret && ctx->enc)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_KEYBLOCK,
+                                    (krb5_pointer) ctx->enc,
+                                    &required);
+
+        if (!kret && ctx->seq)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_KEYBLOCK,
+                                    (krb5_pointer) ctx->seq,
+                                    &required);
+
+        if (!kret)
+            kret = kg_oid_size(kcontext,
+                               (krb5_pointer) ctx->mech_used,
+                               &required);
+
+        if (!kret && ctx->seqstate)
+            kret = kg_queue_size(kcontext, ctx->seqstate, &required);
+
+        if (!kret)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_CONTEXT,
+                                    (krb5_pointer) ctx->k5_context,
+                                    &required);
+        if (!kret)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_AUTH_CONTEXT,
+                                    (krb5_pointer) ctx->auth_context,
+                                    &required);
+        if (!kret && ctx->acceptor_subkey)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_KEYBLOCK,
+                                    (krb5_pointer) ctx->acceptor_subkey,
+                                    &required);
+        if (!kret)
+            *sizep += required;
     }
     return(kret);
 }
@@ -347,20 +348,20 @@ kg_ctx_size(kcontext, arg, sizep)
  */
 krb5_error_code
 kg_ctx_externalize(kcontext, arg, buffer, lenremain)
-    krb5_context       kcontext;
-    krb5_pointer       arg;
-    krb5_octet         **buffer;
-    size_t             *lenremain;
+    krb5_context        kcontext;
+    krb5_pointer        arg;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
 {
-    krb5_error_code    kret;
-    krb5_gss_ctx_id_rec        *ctx;
-    size_t             required;
-    krb5_octet         *bp;
-    size_t             remain;
+    krb5_error_code     kret;
+    krb5_gss_ctx_id_rec *ctx;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
     krb5int_access kaccess;
 
     kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
-    if (kret) 
+    if (kret)
         return(kret);
 
     required = 0;
@@ -368,122 +369,122 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
     remain = *lenremain;
     kret = EINVAL;
     if ((ctx = (krb5_gss_ctx_id_rec *) arg)) {
-       kret = ENOMEM;
-       if (!kg_ctx_size(kcontext, arg, &required) &&
-           (required <= remain)) {
-           /* Our identifier */
-           (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
-
-           /* Now static data */
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->initiate,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->established,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->have_acceptor_subkey,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->seed_init,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->gss_flags,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_bytes((krb5_octet *) ctx->seed,
-                                      sizeof(ctx->seed),
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->signalg,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->cksum_size,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->sealalg,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->endtime,
-                                      &bp, &remain);
-           (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags,
-                                      &bp, &remain);
-           (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_send,
-                                      &bp, &remain);
-           (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_recv,
-                                      &bp, &remain);
-
-           /* Now dynamic data */
-           kret = 0;
-
-           if (!kret && ctx->mech_used)
-                kret = kg_oid_externalize(kcontext, ctx->mech_used,
-                                          &bp, &remain); 
-           
-           if (!kret && ctx->here)
-               kret = krb5_externalize_opaque(kcontext,
-                                              KV5M_PRINCIPAL,
-                                              (krb5_pointer) ctx->here,
-                                              &bp, &remain);
-
-           if (!kret && ctx->there)
-               kret = krb5_externalize_opaque(kcontext,
-                                              KV5M_PRINCIPAL,
-                                              (krb5_pointer) ctx->there,
-                                              &bp, &remain);
-
-           if (!kret && ctx->subkey)
-               kret = krb5_externalize_opaque(kcontext,
-                                              KV5M_KEYBLOCK,
-                                              (krb5_pointer) ctx->subkey,
-                                              &bp, &remain);
-
-           if (!kret && ctx->enc)
-               kret = krb5_externalize_opaque(kcontext,
-                                              KV5M_KEYBLOCK,
-                                              (krb5_pointer) ctx->enc,
-                                              &bp, &remain);
-
-           if (!kret && ctx->seq)
-               kret = krb5_externalize_opaque(kcontext,
-                                              KV5M_KEYBLOCK,
-                                              (krb5_pointer) ctx->seq,
-                                              &bp, &remain);
-
-           if (!kret && ctx->seqstate)
-               kret = kg_queue_externalize(kcontext,
-                                           ctx->seqstate, &bp, &remain);
-
-           if (!kret)
-               kret = krb5_externalize_opaque(kcontext,
-                                              KV5M_CONTEXT,
-                                              (krb5_pointer) ctx->k5_context,
-                                              &bp, &remain);
-
-           if (!kret)
-               kret = krb5_externalize_opaque(kcontext,
-                                              KV5M_AUTH_CONTEXT,
-                                              (krb5_pointer) ctx->auth_context,
-                                              &bp, &remain);
-
-           if (!kret)
-               kret = krb5_ser_pack_int32((krb5_int32) ctx->proto,
-                                          &bp, &remain);
-           if (!kret)
-               kret = krb5_ser_pack_int32((krb5_int32) ctx->cksumtype,
-                                          &bp, &remain);
-           if (!kret && ctx->acceptor_subkey)
-               kret = krb5_externalize_opaque(kcontext,
-                                              KV5M_KEYBLOCK,
-                                              (krb5_pointer) ctx->acceptor_subkey,
-                                              &bp, &remain);
-           if (!kret)
-               kret = krb5_ser_pack_int32((krb5_int32) ctx->acceptor_subkey_cksumtype,
-                                          &bp, &remain);
-
-           if (!kret)
-               kret = krb5_ser_pack_int32((krb5_int32) ctx->cred_rcache,
-                                          &bp, &remain);
-           /* trailer */
-           if (!kret)
-               kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
-           if (!kret) {
-               *buffer = bp;
-               *lenremain = remain;
-           }
-       }
+        kret = ENOMEM;
+        if (!kg_ctx_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
+
+            /* Now static data */
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->initiate,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->established,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->have_acceptor_subkey,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->seed_init,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->gss_flags,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_bytes((krb5_octet *) ctx->seed,
+                                       sizeof(ctx->seed),
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->signalg,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->cksum_size,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->sealalg,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->endtime,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags,
+                                       &bp, &remain);
+            (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_send,
+                                                  &bp, &remain);
+            (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_recv,
+                                                  &bp, &remain);
+
+            /* Now dynamic data */
+            kret = 0;
+
+            if (!kret && ctx->mech_used)
+                kret = kg_oid_externalize(kcontext, ctx->mech_used,
+                                          &bp, &remain);
+
+            if (!kret && ctx->here)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_PRINCIPAL,
+                                               (krb5_pointer) ctx->here,
+                                               &bp, &remain);
+
+            if (!kret && ctx->there)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_PRINCIPAL,
+                                               (krb5_pointer) ctx->there,
+                                               &bp, &remain);
+
+            if (!kret && ctx->subkey)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer) ctx->subkey,
+                                               &bp, &remain);
+
+            if (!kret && ctx->enc)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer) ctx->enc,
+                                               &bp, &remain);
+
+            if (!kret && ctx->seq)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer) ctx->seq,
+                                               &bp, &remain);
+
+            if (!kret && ctx->seqstate)
+                kret = kg_queue_externalize(kcontext,
+                                            ctx->seqstate, &bp, &remain);
+
+            if (!kret)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_CONTEXT,
+                                               (krb5_pointer) ctx->k5_context,
+                                               &bp, &remain);
+
+            if (!kret)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_AUTH_CONTEXT,
+                                               (krb5_pointer) ctx->auth_context,
+                                               &bp, &remain);
+
+            if (!kret)
+                kret = krb5_ser_pack_int32((krb5_int32) ctx->proto,
+                                           &bp, &remain);
+            if (!kret)
+                kret = krb5_ser_pack_int32((krb5_int32) ctx->cksumtype,
+                                           &bp, &remain);
+            if (!kret && ctx->acceptor_subkey)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer) ctx->acceptor_subkey,
+                                               &bp, &remain);
+            if (!kret)
+                kret = krb5_ser_pack_int32((krb5_int32) ctx->acceptor_subkey_cksumtype,
+                                           &bp, &remain);
+
+            if (!kret)
+                kret = krb5_ser_pack_int32((krb5_int32) ctx->cred_rcache,
+                                           &bp, &remain);
+            /* trailer */
+            if (!kret)
+                kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
+            if (!kret) {
+                *buffer = bp;
+                *lenremain = remain;
+            }
+        }
     }
     return(kret);
 }
@@ -493,16 +494,16 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain)
  */
 krb5_error_code
 kg_ctx_internalize(kcontext, argp, buffer, lenremain)
-    krb5_context       kcontext;
-    krb5_pointer       *argp;
-    krb5_octet         **buffer;
-    size_t             *lenremain;
+    krb5_context        kcontext;
+    krb5_pointer        *argp;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
 {
-    krb5_error_code    kret;
-    krb5_gss_ctx_id_rec        *ctx;
-    krb5_int32         ibuf;
-    krb5_octet         *bp;
-    size_t             remain;
+    krb5_error_code     kret;
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
     krb5int_access kaccess;
 
     kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
@@ -514,167 +515,167 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
     kret = EINVAL;
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-       ibuf = 0;
+        ibuf = 0;
     if (ibuf == KG_CONTEXT) {
-       kret = ENOMEM;
-
-       /* Get a context */
-       if ((remain >= (17*sizeof(krb5_int32)
-                       + 2*sizeof(krb5_int64)
-                       + sizeof(ctx->seed))) &&
-           (ctx = (krb5_gss_ctx_id_rec *)
-            xmalloc(sizeof(krb5_gss_ctx_id_rec)))) {
-           memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
-
-           ctx->k5_context = kcontext;
-
-           /* Get static data */
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->initiate = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->established = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->big_endian = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->have_acceptor_subkey = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->seed_init = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->gss_flags = (int) ibuf;
-           (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed,
-                                        sizeof(ctx->seed),
-                                        &bp, &remain);
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->signalg = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->cksum_size = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->sealalg = (int) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->endtime = (krb5_timestamp) ibuf;
-           (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->krb_flags = (krb5_flags) ibuf;
-           (void) (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_send, &bp, &remain);
-           kret = (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_recv, &bp, &remain);
-           if (kret) {
-               free(ctx);
-               return kret;
-           }
-
-           {
-               krb5_pointer tmp;
-               kret = kg_oid_internalize(kcontext, &tmp, &bp,
-                                         &remain);
-               if (kret == 0)
-                   ctx->mech_used = tmp;
-               else if (kret == EINVAL)
-                   kret = 0;
-           }
-           /* Now get substructure data */
-           if ((kret = krb5_internalize_opaque(kcontext,
-                                               KV5M_PRINCIPAL,
-                                               (krb5_pointer *) &ctx->here,
-                                               &bp, &remain))) {
-               if (kret == EINVAL)
-                   kret = 0;
-           }
-           if (!kret &&
-               (kret = krb5_internalize_opaque(kcontext,
-                                               KV5M_PRINCIPAL,
-                                               (krb5_pointer *) &ctx->there,
-                                               &bp, &remain))) {
-               if (kret == EINVAL)
-                   kret = 0;
-           }
-           if (!kret &&
-               (kret = krb5_internalize_opaque(kcontext,
-                                               KV5M_KEYBLOCK,
-                                               (krb5_pointer *) &ctx->subkey,
-                                               &bp, &remain))) {
-               if (kret == EINVAL)
-                   kret = 0;
-           }
-           if (!kret &&
-               (kret = krb5_internalize_opaque(kcontext,
-                                               KV5M_KEYBLOCK,
-                                               (krb5_pointer *) &ctx->enc,
-                                               &bp, &remain))) {
-               if (kret == EINVAL)
-                   kret = 0;
-           }
-           if (!kret &&
-               (kret = krb5_internalize_opaque(kcontext,
-                                               KV5M_KEYBLOCK,
-                                               (krb5_pointer *) &ctx->seq,
-                                               &bp, &remain))) {
-               if (kret == EINVAL)
-                   kret = 0;
-           }
-
-           if (!kret) {
-               kret = kg_queue_internalize(kcontext, &ctx->seqstate,
-                                           &bp, &remain);
-               if (kret == EINVAL)
-                   kret = 0;
-           }
-               
-           if (!kret)
-               kret = krb5_internalize_opaque(kcontext,
-                                              KV5M_CONTEXT,
-                                              (krb5_pointer *) &ctx->k5_context,
-                                              &bp, &remain);
-
-           if (!kret)
-               kret = krb5_internalize_opaque(kcontext,
-                                              KV5M_AUTH_CONTEXT,
-                                      (krb5_pointer *) &ctx->auth_context,
-                                              &bp, &remain);
-
-           if (!kret)
-               kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->proto = ibuf;
-           if (!kret)
-               kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->cksumtype = ibuf;
-           if (!kret &&
-               (kret = krb5_internalize_opaque(kcontext,
-                                               KV5M_KEYBLOCK,
-                                               (krb5_pointer *) &ctx->acceptor_subkey,
-                                               &bp, &remain))) {
-               if (kret == EINVAL)
-                   kret = 0;
-           }
-           if (!kret)
-               kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->cred_rcache = ibuf;
-           if (!kret)
-               kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           ctx->acceptor_subkey_cksumtype = ibuf;
-
-           /* Get trailer */
-           if (!kret)
-               kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-           if (!kret && ibuf != KG_CONTEXT)
-               kret = EINVAL;
-
-           if (!kret) {
-               *buffer = bp;
-               *lenremain = remain;
-               *argp = (krb5_pointer) ctx;
-           } else {
-               if (ctx->seq)
-                   krb5_free_keyblock(kcontext, ctx->seq);
-               if (ctx->enc)
-                   krb5_free_keyblock(kcontext, ctx->enc);
-               if (ctx->subkey)
-                   krb5_free_keyblock(kcontext, ctx->subkey);
-               if (ctx->there)
-                   krb5_free_principal(kcontext, ctx->there);
-               if (ctx->here)
-                   krb5_free_principal(kcontext, ctx->here);
-               xfree(ctx);
-           }
-       }
+        kret = ENOMEM;
+
+        /* Get a context */
+        if ((remain >= (17*sizeof(krb5_int32)
+                        + 2*sizeof(krb5_int64)
+                        + sizeof(ctx->seed))) &&
+            (ctx = (krb5_gss_ctx_id_rec *)
+             xmalloc(sizeof(krb5_gss_ctx_id_rec)))) {
+            memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
+
+            ctx->k5_context = kcontext;
+
+            /* Get static data */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->initiate = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->established = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->big_endian = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->have_acceptor_subkey = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->seed_init = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->gss_flags = (int) ibuf;
+            (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed,
+                                         sizeof(ctx->seed),
+                                         &bp, &remain);
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->signalg = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->cksum_size = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->sealalg = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->endtime = (krb5_timestamp) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->krb_flags = (krb5_flags) ibuf;
+            (void) (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_send, &bp, &remain);
+            kret = (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_recv, &bp, &remain);
+            if (kret) {
+                free(ctx);
+                return kret;
+            }
+
+            {
+                krb5_pointer tmp;
+                kret = kg_oid_internalize(kcontext, &tmp, &bp,
+                                          &remain);
+                if (kret == 0)
+                    ctx->mech_used = tmp;
+                else if (kret == EINVAL)
+                    kret = 0;
+            }
+            /* Now get substructure data */
+            if ((kret = krb5_internalize_opaque(kcontext,
+                                                KV5M_PRINCIPAL,
+                                                (krb5_pointer *) &ctx->here,
+                                                &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+            if (!kret &&
+                (kret = krb5_internalize_opaque(kcontext,
+                                                KV5M_PRINCIPAL,
+                                                (krb5_pointer *) &ctx->there,
+                                                &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+            if (!kret &&
+                (kret = krb5_internalize_opaque(kcontext,
+                                                KV5M_KEYBLOCK,
+                                                (krb5_pointer *) &ctx->subkey,
+                                                &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+            if (!kret &&
+                (kret = krb5_internalize_opaque(kcontext,
+                                                KV5M_KEYBLOCK,
+                                                (krb5_pointer *) &ctx->enc,
+                                                &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+            if (!kret &&
+                (kret = krb5_internalize_opaque(kcontext,
+                                                KV5M_KEYBLOCK,
+                                                (krb5_pointer *) &ctx->seq,
+                                                &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+
+            if (!kret) {
+                kret = kg_queue_internalize(kcontext, &ctx->seqstate,
+                                            &bp, &remain);
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+
+            if (!kret)
+                kret = krb5_internalize_opaque(kcontext,
+                                               KV5M_CONTEXT,
+                                               (krb5_pointer *) &ctx->k5_context,
+                                               &bp, &remain);
+
+            if (!kret)
+                kret = krb5_internalize_opaque(kcontext,
+                                               KV5M_AUTH_CONTEXT,
+                                               (krb5_pointer *) &ctx->auth_context,
+                                               &bp, &remain);
+
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->proto = ibuf;
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->cksumtype = ibuf;
+            if (!kret &&
+                (kret = krb5_internalize_opaque(kcontext,
+                                                KV5M_KEYBLOCK,
+                                                (krb5_pointer *) &ctx->acceptor_subkey,
+                                                &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->cred_rcache = ibuf;
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->acceptor_subkey_cksumtype = ibuf;
+
+            /* Get trailer */
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            if (!kret && ibuf != KG_CONTEXT)
+                kret = EINVAL;
+
+            if (!kret) {
+                *buffer = bp;
+                *lenremain = remain;
+                *argp = (krb5_pointer) ctx;
+            } else {
+                if (ctx->seq)
+                    krb5_free_keyblock(kcontext, ctx->seq);
+                if (ctx->enc)
+                    krb5_free_keyblock(kcontext, ctx->enc);
+                if (ctx->subkey)
+                    krb5_free_keyblock(kcontext, ctx->subkey);
+                if (ctx->there)
+                    krb5_free_principal(kcontext, ctx->there);
+                if (ctx->here)
+                    krb5_free_principal(kcontext, ctx->here);
+                xfree(ctx);
+            }
+        }
     }
     return(kret);
 }
index 396a6f645880dff8fff9f2f8173b4966aaa41fff..e35a153c42a1df272598e55b4813f0da085713aa 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/set_allowable_enctypes.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
 #include "gssapi_krb5.h"
 
 OM_uint32 KRB5_CALLCONV
-gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, 
-                                  gss_cred_id_t cred_handle,
-                                  OM_uint32 num_ktypes,
-                                  krb5_enctype *ktypes)
+gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
+                                   gss_cred_id_t cred_handle,
+                                   OM_uint32 num_ktypes,
+                                   krb5_enctype *ktypes)
 {
     unsigned int i;
     krb5_enctype * new_ktypes;
@@ -77,50 +78,50 @@ gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
 
     /* verify and valildate cred handle */
     if (cred_handle == GSS_C_NO_CREDENTIAL) {
-       kerr = KRB5_NOCREDS_SUPPLIED;
-       goto error_out;
+        kerr = KRB5_NOCREDS_SUPPLIED;
+        goto error_out;
     }
     major_status = krb5_gss_validate_cred(&temp_status, cred_handle);
     if (GSS_ERROR(major_status)) {
-       kerr = temp_status;
-       goto error_out;
+        kerr = temp_status;
+        goto error_out;
     }
     cred = (krb5_gss_cred_id_t) cred_handle;
 
     if (ktypes) {
-       for (i = 0; i < num_ktypes && ktypes[i]; i++) {
-           if (!krb5_c_valid_enctype(ktypes[i])) {
-               kerr = KRB5_PROG_ETYPE_NOSUPP;
-               goto error_out;
-           }
-       }
+        for (i = 0; i < num_ktypes && ktypes[i]; i++) {
+            if (!krb5_c_valid_enctype(ktypes[i])) {
+                kerr = KRB5_PROG_ETYPE_NOSUPP;
+                goto error_out;
+            }
+        }
     } else {
-       kerr = k5_mutex_lock(&cred->lock);
-       if (kerr)
-           goto error_out;
-       if (cred->req_enctypes)
-           free(cred->req_enctypes);
-       cred->req_enctypes = NULL;
-       k5_mutex_unlock(&cred->lock);
-       return GSS_S_COMPLETE;
+        kerr = k5_mutex_lock(&cred->lock);
+        if (kerr)
+            goto error_out;
+        if (cred->req_enctypes)
+            free(cred->req_enctypes);
+        cred->req_enctypes = NULL;
+        k5_mutex_unlock(&cred->lock);
+        return GSS_S_COMPLETE;
     }
 
     /* Copy the requested ktypes into the cred structure */
     if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * (i + 1)))) {
-       memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i);
-       new_ktypes[i] = 0;      /* "null-terminate" the list */
+        memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i);
+        new_ktypes[i] = 0;      /* "null-terminate" the list */
     }
     else {
-       kerr = ENOMEM;
-       goto error_out;
+        kerr = ENOMEM;
+        goto error_out;
     }
     kerr = k5_mutex_lock(&cred->lock);
     if (kerr) {
-       free(new_ktypes);
-       goto error_out;
+        free(new_ktypes);
+        goto error_out;
     }
     if (cred->req_enctypes)
-       free(cred->req_enctypes);
+        free(cred->req_enctypes);
     cred->req_enctypes = new_ktypes;
     k5_mutex_unlock(&cred->lock);
 
index 931058290bc7ab4b2830478ca7be1b4eb53dfbe7..2c82cfdfc348f4ce22c7cdcad7ec06e8d3b8b51f 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/set_ccache.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
 #include "gssapiP_krb5.h"
 #include "gss_libinit.h"
 
-OM_uint32 KRB5_CALLCONV 
+OM_uint32 KRB5_CALLCONV
 gss_krb5_ccache_name(minor_status, name, out_name)
-       OM_uint32 *minor_status;
-       const char *name;
-       const char **out_name;
+    OM_uint32 *minor_status;
+    const char *name;
+    const char **out_name;
 {
     char *old_name = NULL;
     OM_uint32 err = 0;
@@ -44,8 +45,8 @@ gss_krb5_ccache_name(minor_status, name, out_name)
 
     err = gssint_initialize_library();
     if (err) {
-       *minor_status = err;
-       return GSS_S_FAILURE;
+        *minor_status = err;
+        return GSS_S_FAILURE;
     }
 
     gss_out_name = k5_getspecific(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME);
@@ -59,7 +60,7 @@ gss_krb5_ccache_name(minor_status, name, out_name)
         if (!err) {
             old_name = gss_out_name;
             gss_out_name = tmp_name;
-        }            
+        }
     }
     /* If out_name was NULL, we keep the same gss_out_name value, and
        don't free up any storage (leave old_name NULL).  */
@@ -69,12 +70,12 @@ gss_krb5_ccache_name(minor_status, name, out_name)
 
     minor = k5_setspecific(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, gss_out_name);
     if (minor) {
-       /* Um.  Now what?  */
-       if (err == 0) {
-           err = minor;
-       }
-       free(gss_out_name);
-       gss_out_name = NULL;
+        /* Um.  Now what?  */
+        if (err == 0) {
+            err = minor;
+        }
+        free(gss_out_name);
+        gss_out_name = NULL;
     }
 
     if (!err) {
@@ -82,11 +83,11 @@ gss_krb5_ccache_name(minor_status, name, out_name)
             *out_name = gss_out_name;
         }
     }
-    
+
     if (old_name != NULL) {
         free (old_name);
     }
-    
+
     *minor_status = err;
     return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
 }
index 2d192c9bb178b08af12824c7c13b1c0ee284168d..cc09f32281c6d1a00e0d421748c7b480b4253ff4 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 OM_uint32
 krb5_gss_sign(minor_status, context_handle,
-             qop_req, message_buffer, 
-             message_token)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     int qop_req;
-     gss_buffer_t message_buffer;
-     gss_buffer_t message_token;
+              qop_req, message_buffer,
+              message_token)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    int qop_req;
+    gss_buffer_t message_buffer;
+    gss_buffer_t message_token;
 {
-   return(kg_seal(minor_status, context_handle, 0,
-                 qop_req, message_buffer, NULL,
-                 message_token, KG_TOK_SIGN_MSG));
+    return(kg_seal(minor_status, context_handle, 0,
+                   qop_req, message_buffer, NULL,
+                   message_token, KG_TOK_SIGN_MSG));
 }
 
 /* V2 interface */
 OM_uint32
 krb5_gss_get_mic(minor_status, context_handle, qop_req,
-                message_buffer, message_token)
-    OM_uint32          *minor_status;
-    gss_ctx_id_t       context_handle;
-    gss_qop_t          qop_req;
-    gss_buffer_t       message_buffer;
-    gss_buffer_t       message_token;
+                 message_buffer, message_token)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    gss_qop_t           qop_req;
+    gss_buffer_t        message_buffer;
+    gss_buffer_t        message_token;
 {
     return(kg_seal(minor_status, context_handle, 0,
-                  (int) qop_req, message_buffer, NULL,
-                  message_token, KG_TOK_MIC_MSG));
+                   (int) qop_req, message_buffer, NULL,
+                   message_token, KG_TOK_MIC_MSG));
 }
index 71dc110486b819932fe112262f891f2d6bb199da..381df936424f0044dead6ae99e1017ab1edb3dab 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 OM_uint32
 krb5_gss_unseal(minor_status, context_handle,
-               input_message_buffer, output_message_buffer,
-               conf_state, qop_state)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     gss_buffer_t input_message_buffer;
-     gss_buffer_t output_message_buffer;
-     int *conf_state;
-     int *qop_state;
+                input_message_buffer, output_message_buffer,
+                conf_state, qop_state)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_buffer_t input_message_buffer;
+    gss_buffer_t output_message_buffer;
+    int *conf_state;
+    int *qop_state;
 {
-   return(kg_unseal(minor_status, context_handle,
-                   input_message_buffer, output_message_buffer,
-                   conf_state, qop_state, KG_TOK_SEAL_MSG));
+    return(kg_unseal(minor_status, context_handle,
+                     input_message_buffer, output_message_buffer,
+                     conf_state, qop_state, KG_TOK_SEAL_MSG));
 }
 
 /* V2 interface */
 OM_uint32
 krb5_gss_unwrap(minor_status, context_handle,
-               input_message_buffer, output_message_buffer,
-               conf_state, qop_state)
-    OM_uint32          *minor_status;
-    gss_ctx_id_t       context_handle;
-    gss_buffer_t       input_message_buffer;
-    gss_buffer_t       output_message_buffer;
-    int                        *conf_state;
-    gss_qop_t          *qop_state;
+                input_message_buffer, output_message_buffer,
+                conf_state, qop_state)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    gss_buffer_t        input_message_buffer;
+    gss_buffer_t        output_message_buffer;
+    int                 *conf_state;
+    gss_qop_t           *qop_state;
 {
-    OM_uint32          rstat;
-    int                        qstate;
+    OM_uint32           rstat;
+    int                 qstate;
 
     rstat = kg_unseal(minor_status, context_handle,
-                     input_message_buffer, output_message_buffer,
-                     conf_state, &qstate, KG_TOK_WRAP_MSG);
+                      input_message_buffer, output_message_buffer,
+                      conf_state, &qstate, KG_TOK_WRAP_MSG);
     if (!rstat && qop_state)
-       *qop_state = (gss_qop_t) qstate;
+        *qop_state = (gss_qop_t) qstate;
     return(rstat);
 }
index 235d7494736685ba66846f783a63adcb20b55ff7..b863572a783d52191c67408e22f5d469ff769042 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 /* Checksumming the channel bindings always uses plain MD5.  */
 krb5_error_code
 kg_checksum_channel_bindings(context, cb, cksum, bigend)
-     krb5_context context;
-     gss_channel_bindings_t cb;
-     krb5_checksum *cksum;
-     int bigend;
+    krb5_context context;
+    gss_channel_bindings_t cb;
+    krb5_checksum *cksum;
+    int bigend;
 {
-   size_t len;
-   char *buf = 0;
-   char *ptr;
-   size_t sumlen;
-   krb5_data plaind;
-   krb5_error_code code;
-   void *temp;
-
-   /* initialize the the cksum */
-   code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &sumlen);
-   if (code)
-       return(code);
-
-   cksum->checksum_type = CKSUMTYPE_RSA_MD5;
-   cksum->length = sumlen;
-   /* generate a buffer full of zeros if no cb specified */
-
-   if (cb == GSS_C_NO_CHANNEL_BINDINGS) {
-       if ((cksum->contents = (krb5_octet *) xmalloc(cksum->length)) == NULL) {
-          return(ENOMEM);
-       }
-       memset(cksum->contents, '\0', cksum->length);
-       return(0);
-   }
-
-   /* create the buffer to checksum into */
-
-   len = (sizeof(krb5_int32)*5+
-         cb->initiator_address.length+
-         cb->acceptor_address.length+
-         cb->application_data.length);
-
-   if ((buf = (char *) xmalloc(len)) == NULL)
-      return(ENOMEM);
-
-   /* helper macros.  This code currently depends on a long being 32
-      bits, and htonl dtrt. */
-
-   ptr = buf;
-
-   TWRITE_INT(ptr, cb->initiator_addrtype, bigend);
-   TWRITE_BUF(ptr, cb->initiator_address, bigend);
-   TWRITE_INT(ptr, cb->acceptor_addrtype, bigend);
-   TWRITE_BUF(ptr, cb->acceptor_address, bigend);
-   TWRITE_BUF(ptr, cb->application_data, bigend);
-
-   /* checksum the data */
-
-   plaind.length = len;
-   plaind.data = buf;
-
-   code = krb5_c_make_checksum(context, CKSUMTYPE_RSA_MD5, 0, 0,
-                              &plaind, cksum);
-   if (code)
-       goto cleanup;
-
-   if ((temp = xmalloc(cksum->length)) == NULL) {
-       krb5_free_checksum_contents(context, cksum);
-       code = ENOMEM;
-       goto cleanup;
-   }
-
-   memcpy(temp, cksum->contents, cksum->length);
-   krb5_free_checksum_contents(context, cksum);
-   cksum->contents = (krb5_octet *)temp;
-
-   /* success */
- cleanup:
-   if (buf)
-       xfree(buf);
-   return code;
+    size_t len;
+    char *buf = 0;
+    char *ptr;
+    size_t sumlen;
+    krb5_data plaind;
+    krb5_error_code code;
+    void *temp;
+
+    /* initialize the the cksum */
+    code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &sumlen);
+    if (code)
+        return(code);
+
+    cksum->checksum_type = CKSUMTYPE_RSA_MD5;
+    cksum->length = sumlen;
+
+    /* generate a buffer full of zeros if no cb specified */
+
+    if (cb == GSS_C_NO_CHANNEL_BINDINGS) {
+        if ((cksum->contents = (krb5_octet *) xmalloc(cksum->length)) == NULL) {
+            return(ENOMEM);
+        }
+        memset(cksum->contents, '\0', cksum->length);
+        return(0);
+    }
+
+    /* create the buffer to checksum into */
+
+    len = (sizeof(krb5_int32)*5+
+           cb->initiator_address.length+
+           cb->acceptor_address.length+
+           cb->application_data.length);
+
+    if ((buf = (char *) xmalloc(len)) == NULL)
+        return(ENOMEM);
+
+    /* helper macros.  This code currently depends on a long being 32
+       bits, and htonl dtrt. */
+
+    ptr = buf;
+
+    TWRITE_INT(ptr, cb->initiator_addrtype, bigend);
+    TWRITE_BUF(ptr, cb->initiator_address, bigend);
+    TWRITE_INT(ptr, cb->acceptor_addrtype, bigend);
+    TWRITE_BUF(ptr, cb->acceptor_address, bigend);
+    TWRITE_BUF(ptr, cb->application_data, bigend);
+
+    /* checksum the data */
+
+    plaind.length = len;
+    plaind.data = buf;
+
+    code = krb5_c_make_checksum(context, CKSUMTYPE_RSA_MD5, 0, 0,
+                                &plaind, cksum);
+    if (code)
+        goto cleanup;
+
+    if ((temp = xmalloc(cksum->length)) == NULL) {
+        krb5_free_checksum_contents(context, cksum);
+        code = ENOMEM;
+        goto cleanup;
+    }
+
+    memcpy(temp, cksum->contents, cksum->length);
+    krb5_free_checksum_contents(context, cksum);
+    cksum->contents = (krb5_octet *)temp;
+
+    /* success */
+cleanup:
+    if (buf)
+        xfree(buf);
+    return code;
 }
index dad4b023d22b443785b2d579f651226becd8491f..a0d0747e6b4307a6c0c4b76bb5d66566046139d5 100644 (file)
@@ -1,7 +1,8 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
 * Copyright2001 by the Massachusetts Institute of Technology.
+ * Copyright2001 by the Massachusetts Institute of Technology.
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -11,7 +12,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -41,7 +42,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 
 int
 kg_confounder_size(context, key)
-     krb5_context context;
-     krb5_keyblock *key;
+    krb5_context context;
+    krb5_keyblock *key;
 {
-   krb5_error_code code;
-   size_t blocksize;
-   /* We special case rc4*/
-   if (key->enctype == ENCTYPE_ARCFOUR_HMAC)
-     return 8;
-   code = krb5_c_block_size(context, key->enctype, &blocksize);
-   if (code)
-      return(-1); /* XXX */
-
-   return(blocksize);
+    krb5_error_code code;
+    size_t blocksize;
+    /* We special case rc4*/
+    if (key->enctype == ENCTYPE_ARCFOUR_HMAC)
+        return 8;
+    code = krb5_c_block_size(context, key->enctype, &blocksize);
+    if (code)
+        return(-1); /* XXX */
+
+    return(blocksize);
 }
 
 krb5_error_code
 kg_make_confounder(context, key, buf)
-     krb5_context context;
-     krb5_keyblock *key;
-     unsigned char *buf;
+    krb5_context context;
+    krb5_keyblock *key;
+    unsigned char *buf;
 {
-   krb5_error_code code;
-   size_t blocksize;
-   krb5_data lrandom;
+    krb5_error_code code;
+    size_t blocksize;
+    krb5_data lrandom;
 
-   code = krb5_c_block_size(context, key->enctype, &blocksize);
-   if (code)
-       return(code);
+    code = krb5_c_block_size(context, key->enctype, &blocksize);
+    if (code)
+        return(code);
 
-   lrandom.length = blocksize;
-   lrandom.data = buf;
+    lrandom.length = blocksize;
+    lrandom.data = buf;
 
-   return(krb5_c_random_make_octets(context, &lrandom));
+    return(krb5_c_random_make_octets(context, &lrandom));
 }
 
 krb5_error_code
 kg_encrypt(context, key, usage, iv, in, out, length)
-     krb5_context context;
-     krb5_keyblock *key;
-     int usage;
-     krb5_pointer iv;
-     krb5_const_pointer in;
-     krb5_pointer out;
-     unsigned int length;
+    krb5_context context;
+    krb5_keyblock *key;
+    int usage;
+    krb5_pointer iv;
+    krb5_const_pointer in;
+    krb5_pointer out;
+    unsigned int length;
 {
-   krb5_error_code code;
-   size_t blocksize;
-   krb5_data ivd, *pivd, inputd;
-   krb5_enc_data outputd;
-
-   if (iv) {
-       code = krb5_c_block_size(context, key->enctype, &blocksize);
-       if (code)
-          return(code);
-
-       ivd.length = blocksize;
-       ivd.data = malloc(ivd.length);
-       if (ivd.data == NULL)
-          return ENOMEM;
-       memcpy(ivd.data, iv, ivd.length);
-       pivd = &ivd;
-   } else {
-       pivd = NULL;
-   }
-
-   inputd.length = length;
-   inputd.data = in;
-
-   outputd.ciphertext.length = length;
-   outputd.ciphertext.data = out;
-
-   code = krb5_c_encrypt(context, key, usage, pivd, &inputd, &outputd);
-   if (pivd != NULL)
-       free(pivd->data);
-   return code;
+    krb5_error_code code;
+    size_t blocksize;
+    krb5_data ivd, *pivd, inputd;
+    krb5_enc_data outputd;
+
+    if (iv) {
+        code = krb5_c_block_size(context, key->enctype, &blocksize);
+        if (code)
+            return(code);
+
+        ivd.length = blocksize;
+        ivd.data = malloc(ivd.length);
+        if (ivd.data == NULL)
+            return ENOMEM;
+        memcpy(ivd.data, iv, ivd.length);
+        pivd = &ivd;
+    } else {
+        pivd = NULL;
+    }
+
+    inputd.length = length;
+    inputd.data = in;
+
+    outputd.ciphertext.length = length;
+    outputd.ciphertext.data = out;
+
+    code = krb5_c_encrypt(context, key, usage, pivd, &inputd, &outputd);
+    if (pivd != NULL)
+        free(pivd->data);
+    return code;
 }
 
 /* length is the length of the cleartext. */
 
 krb5_error_code
 kg_decrypt(context, key, usage, iv, in, out, length)
-     krb5_context context;
-     krb5_keyblock *key;
-     int usage;
-     krb5_pointer iv;
-     krb5_const_pointer in;
-     krb5_pointer out;
-     unsigned int length;
+    krb5_context context;
+    krb5_keyblock *key;
+    int usage;
+    krb5_pointer iv;
+    krb5_const_pointer in;
+    krb5_pointer out;
+    unsigned int length;
 {
-   krb5_error_code code;
-   size_t blocksize;
-   krb5_data ivd, *pivd, outputd;
-   krb5_enc_data inputd;
-
-   if (iv) {
-       code = krb5_c_block_size(context, key->enctype, &blocksize);
-       if (code)
-          return(code);
-
-       ivd.length = blocksize;
-       ivd.data = malloc(ivd.length);
-       if (ivd.data == NULL)
-          return ENOMEM;
-       memcpy(ivd.data, iv, ivd.length);
-       pivd = &ivd;
-   } else {
-       pivd = NULL;
-   }
-
-   inputd.enctype = ENCTYPE_UNKNOWN;
-   inputd.ciphertext.length = length;
-   inputd.ciphertext.data = in;
-
-   outputd.length = length;
-   outputd.data = out;
-
-   code = krb5_c_decrypt(context, key, usage, pivd, &inputd, &outputd);
-   if (pivd != NULL)
-       free(pivd->data);
-   return code;
+    krb5_error_code code;
+    size_t blocksize;
+    krb5_data ivd, *pivd, outputd;
+    krb5_enc_data inputd;
+
+    if (iv) {
+        code = krb5_c_block_size(context, key->enctype, &blocksize);
+        if (code)
+            return(code);
+
+        ivd.length = blocksize;
+        ivd.data = malloc(ivd.length);
+        if (ivd.data == NULL)
+            return ENOMEM;
+        memcpy(ivd.data, iv, ivd.length);
+        pivd = &ivd;
+    } else {
+        pivd = NULL;
+    }
+
+    inputd.enctype = ENCTYPE_UNKNOWN;
+    inputd.ciphertext.length = length;
+    inputd.ciphertext.data = in;
+
+    outputd.length = length;
+    outputd.data = out;
+
+    code = krb5_c_decrypt(context, key, usage, pivd, &inputd, &outputd);
+    if (pivd != NULL)
+        free(pivd->data);
+    return code;
 }
 
 krb5_error_code
 kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage,
-                   const unsigned char *kd_data, size_t kd_data_len,
-                   const unsigned char *input_buf, size_t input_len,
-                   unsigned char *output_buf)
+                    const unsigned char *kd_data, size_t kd_data_len,
+                    const unsigned char *input_buf, size_t input_len,
+                    unsigned char *output_buf)
 {
-  krb5_error_code code;
-  krb5_data input, output;
-  krb5int_access kaccess;
-  krb5_keyblock seq_enc_key, usage_key;
-  unsigned char t[4];
-
-  usage_key.length = longterm_key->length;
-  usage_key.contents = malloc(usage_key.length);
-  if (usage_key.contents == NULL)
-    return (ENOMEM);
-  seq_enc_key.length = longterm_key->length;
-  seq_enc_key.contents = malloc(seq_enc_key.length);
-  if (seq_enc_key.contents == NULL) {
+    krb5_error_code code;
+    krb5_data input, output;
+    krb5int_access kaccess;
+    krb5_keyblock seq_enc_key, usage_key;
+    unsigned char t[4];
+
+    usage_key.length = longterm_key->length;
+    usage_key.contents = malloc(usage_key.length);
+    if (usage_key.contents == NULL)
+        return (ENOMEM);
+    seq_enc_key.length = longterm_key->length;
+    seq_enc_key.contents = malloc(seq_enc_key.length);
+    if (seq_enc_key.contents == NULL) {
+        free ((void *) usage_key.contents);
+        return (ENOMEM);
+    }
+    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (code)
+        goto cleanup_arcfour;
+
+    t[0] = ms_usage &0xff;
+    t[1] = (ms_usage>>8) & 0xff;
+    t[2] = (ms_usage>>16) & 0xff;
+    t[3] = (ms_usage>>24) & 0xff;
+    input.data = (void *) &t;
+    input.length = 4;
+    output.data = (void *) usage_key.contents;
+    output.length = usage_key.length;
+    code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
+                                 longterm_key, 1, &input, &output);
+    if (code)
+        goto cleanup_arcfour;
+
+    input.data = ( void *) kd_data;
+    input.length = kd_data_len;
+    output.data = (void *) seq_enc_key.contents;
+    code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
+                                 &usage_key, 1, &input, &output);
+    if (code)
+        goto cleanup_arcfour;
+    input.data = ( void * ) input_buf;
+    input.length = input_len;
+    output.data = (void * ) output_buf;
+    output.length = input_len;
+    code =  ((*kaccess.arcfour_enc_provider->encrypt)(
+                 &seq_enc_key, 0,
+                 &input, &output));
+cleanup_arcfour:
+    memset ((void *) seq_enc_key.contents, 0, seq_enc_key.length);
+    memset ((void *) usage_key.contents, 0, usage_key.length);
     free ((void *) usage_key.contents);
-    return (ENOMEM);
-  }
-  code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
-  if (code)
-    goto cleanup_arcfour;
-
-  t[0] = ms_usage &0xff;
-  t[1] = (ms_usage>>8) & 0xff;
-  t[2] = (ms_usage>>16) & 0xff;
-  t[3] = (ms_usage>>24) & 0xff;
-  input.data = (void *) &t;
-  input.length = 4;
-  output.data = (void *) usage_key.contents;
-  output.length = usage_key.length;
-  code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
-                              longterm_key, 1, &input, &output);
-  if (code)
-    goto cleanup_arcfour;
-         
-  input.data = ( void *) kd_data;
-  input.length = kd_data_len;
-  output.data = (void *) seq_enc_key.contents;
-  code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
-                              &usage_key, 1, &input, &output);
-  if (code)
-    goto cleanup_arcfour;
-  input.data = ( void * ) input_buf;
-  input.length = input_len;
-  output.data = (void * ) output_buf;
-  output.length = input_len;
-  code =  ((*kaccess.arcfour_enc_provider->encrypt)(
-                                                   &seq_enc_key, 0, 
-                                                   &input, &output));
- cleanup_arcfour:
-  memset ((void *) seq_enc_key.contents, 0, seq_enc_key.length);
-  memset ((void *) usage_key.contents, 0, usage_key.length);
-  free ((void *) usage_key.contents);
-  free ((void *) seq_enc_key.contents);
-  return (code);
+    free ((void *) seq_enc_key.contents);
+    return (code);
 }
-                   
index 06a5c2aa9b2284deb2363ecc2c20146d4c947213..17d49a587241a4db6948c45d81d1f935f8899824 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -29,26 +30,26 @@ static const unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0};
 
 krb5_error_code
 kg_make_seed(context, key, seed)
-     krb5_context context;
-     krb5_keyblock *key;
-     unsigned char *seed;
+    krb5_context context;
+    krb5_keyblock *key;
+    unsigned char *seed;
 {
-   krb5_error_code code;
-   krb5_keyblock *tmpkey;
-   unsigned int i;
+    krb5_error_code code;
+    krb5_keyblock *tmpkey;
+    unsigned int i;
 
-   code = krb5_copy_keyblock(context, key, &tmpkey);
-   if (code)
-      return(code);
+    code = krb5_copy_keyblock(context, key, &tmpkey);
+    if (code)
+       return(code);
 
-   /* reverse the key bytes, as per spec */
+    /* reverse the key bytes, as per spec */
 
-   for (i=0; i<tmpkey->length; i++)
-      tmpkey->contents[i] = key->contents[key->length - 1 - i];
+    for (i=0; i<tmpkey->length; i++)
+       tmpkey->contents[i] = key->contents[key->length - 1 - i];
 
-   code = kg_encrypt(context, tmpkey, KG_USAGE_SEAL, NULL, zeros, seed, 16);
+    code = kg_encrypt(context, tmpkey, KG_USAGE_SEAL, NULL, zeros, seed, 16);
 
-   krb5_free_keyblock(context, tmpkey);
+    krb5_free_keyblock(context, tmpkey);
 
-   return(code);
+    return(code);
 }
index ec7da556729eefbfefcc006aecb44099966dc74a..3469e63edd5a8ae0b60573620aa37412ea0b84a3 100644 (file)
@@ -1,7 +1,8 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
 * Copyright2001 by the Massachusetts Institute of Technology.
+ * Copyright2001 by the Massachusetts Institute of Technology.
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -11,7 +12,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 krb5_error_code
 kg_make_seq_num(context, key, direction, seqnum, cksum, buf)
-     krb5_context context;
-     krb5_keyblock *key;
-     int direction;
-     krb5_ui_4 seqnum;
-     unsigned char *cksum;
-     unsigned char *buf;
+    krb5_context context;
+    krb5_keyblock *key;
+    int direction;
+    krb5_ui_4 seqnum;
+    unsigned char *cksum;
+    unsigned char *buf;
 {
-   unsigned char plain[8];
+    unsigned char plain[8];
 
-   plain[4] = direction;
-   plain[5] = direction;
-   plain[6] = direction;
-   plain[7] = direction;
-   if (key->enctype == ENCTYPE_ARCFOUR_HMAC ) {
-     /* Yes, Microsoft used big-endian sequence number.*/
-     plain[0] = (seqnum>>24) & 0xff;
-     plain[1] = (seqnum>>16) & 0xff;
-     plain[2] = (seqnum>>8) & 0xff;
-     plain[3] = seqnum & 0xff;
-     return kg_arcfour_docrypt (key, 0, 
-                               cksum, 8,
-                               &plain[0], 8,
-                               buf);
-     
-   }
-     
-   plain[0] = (unsigned char) (seqnum&0xff);
-   plain[1] = (unsigned char) ((seqnum>>8)&0xff);
-   plain[2] = (unsigned char) ((seqnum>>16)&0xff);
-   plain[3] = (unsigned char) ((seqnum>>24)&0xff);
+    plain[4] = direction;
+    plain[5] = direction;
+    plain[6] = direction;
+    plain[7] = direction;
+    if (key->enctype == ENCTYPE_ARCFOUR_HMAC ) {
+        /* Yes, Microsoft used big-endian sequence number.*/
+        plain[0] = (seqnum>>24) & 0xff;
+        plain[1] = (seqnum>>16) & 0xff;
+        plain[2] = (seqnum>>8) & 0xff;
+        plain[3] = seqnum & 0xff;
+        return kg_arcfour_docrypt (key, 0,
+                                   cksum, 8,
+                                   &plain[0], 8,
+                                   buf);
 
-   return(kg_encrypt(context, key, KG_USAGE_SEQ, cksum, plain, buf, 8));
+    }
+
+    plain[0] = (unsigned char) (seqnum&0xff);
+    plain[1] = (unsigned char) ((seqnum>>8)&0xff);
+    plain[2] = (unsigned char) ((seqnum>>16)&0xff);
+    plain[3] = (unsigned char) ((seqnum>>24)&0xff);
+
+    return(kg_encrypt(context, key, KG_USAGE_SEQ, cksum, plain, buf, 8));
 }
 
 krb5_error_code kg_get_seq_num(context, key, cksum, buf, direction, seqnum)
-     krb5_context context;
-     krb5_keyblock *key;
-     unsigned char *cksum;
-     unsigned char *buf;
-     int *direction;
-     krb5_ui_4 *seqnum;
+    krb5_context context;
+    krb5_keyblock *key;
+    unsigned char *cksum;
+    unsigned char *buf;
+    int *direction;
+    krb5_ui_4 *seqnum;
 {
-   krb5_error_code code;
-   unsigned char plain[8];
+    krb5_error_code code;
+    unsigned char plain[8];
 
-   if (key->enctype == ENCTYPE_ARCFOUR_HMAC) {
-     code = kg_arcfour_docrypt (key, 0,
-                               cksum, 8,
-                               buf, 8,
-                               plain);
-   } else {
-     code = kg_decrypt(context, key, KG_USAGE_SEQ, cksum, buf, plain, 8);
-   }
-   if (code)
-      return(code);
+    if (key->enctype == ENCTYPE_ARCFOUR_HMAC) {
+        code = kg_arcfour_docrypt (key, 0,
+                                   cksum, 8,
+                                   buf, 8,
+                                   plain);
+    } else {
+        code = kg_decrypt(context, key, KG_USAGE_SEQ, cksum, buf, plain, 8);
+    }
+    if (code)
+        return(code);
 
-   if ((plain[4] != plain[5]) ||
-       (plain[4] != plain[6]) ||
-       (plain[4] != plain[7]))
-      return((krb5_error_code) KG_BAD_SEQ);
+    if ((plain[4] != plain[5]) ||
+        (plain[4] != plain[6]) ||
+        (plain[4] != plain[7]))
+        return((krb5_error_code) KG_BAD_SEQ);
 
-   *direction = plain[4];
-   if (key->enctype == ENCTYPE_ARCFOUR_HMAC) {
-     *seqnum = (plain[3]|(plain[2]<<8) | (plain[1]<<16)| (plain[0]<<24));
-   } else {
-     *seqnum = ((plain[0]) |
-             (plain[1]<<8) |
-             (plain[2]<<16) |
-             (plain[3]<<24));
-   }
+    *direction = plain[4];
+    if (key->enctype == ENCTYPE_ARCFOUR_HMAC) {
+        *seqnum = (plain[3]|(plain[2]<<8) | (plain[1]<<16)| (plain[0]<<24));
+    } else {
+        *seqnum = ((plain[0]) |
+                   (plain[1]<<8) |
+                   (plain[2]<<16) |
+                   (plain[3]<<24));
+    }
 
-   return(0);
+    return(0);
 }
index fb0f15c9d3e4b8f59894cbe41aff509e3f192e39..dd82d5341c50821061b9c8a2e7fc15758f2bdf8e 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1997, 2007 by Massachusetts Institute of Technology
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -20,7 +21,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #include "gssapiP_krb5.h"
 
 OM_uint32
 krb5_gss_validate_cred_1(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
-                        krb5_context context)
+                         krb5_context context)
 {
     krb5_gss_cred_id_t cred;
     krb5_error_code code;
     krb5_principal princ;
 
     if (!kg_validate_cred_id(cred_handle)) {
-       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-       return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_DEFECTIVE_CREDENTIAL);
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_DEFECTIVE_CREDENTIAL);
     }
 
     cred = (krb5_gss_cred_id_t) cred_handle;
 
     code = k5_mutex_lock(&cred->lock);
     if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
+        *minor_status = code;
+        return GSS_S_FAILURE;
     }
 
     if (cred->ccache) {
-       if ((code = krb5_cc_get_principal(context, cred->ccache, &princ))) {
-           k5_mutex_unlock(&cred->lock);
-           *minor_status = code;
-           return(GSS_S_DEFECTIVE_CREDENTIAL);
-       }
-       if (!krb5_principal_compare(context, princ, cred->princ)) {
-           k5_mutex_unlock(&cred->lock);
-           *minor_status = KG_CCACHE_NOMATCH;
-           return(GSS_S_DEFECTIVE_CREDENTIAL);
-       }
-       (void)krb5_free_principal(context, princ);
+        if ((code = krb5_cc_get_principal(context, cred->ccache, &princ))) {
+            k5_mutex_unlock(&cred->lock);
+            *minor_status = code;
+            return(GSS_S_DEFECTIVE_CREDENTIAL);
+        }
+        if (!krb5_principal_compare(context, princ, cred->princ)) {
+            k5_mutex_unlock(&cred->lock);
+            *minor_status = KG_CCACHE_NOMATCH;
+            return(GSS_S_DEFECTIVE_CREDENTIAL);
+        }
+        (void)krb5_free_principal(context, princ);
     }
     *minor_status = 0;
     return GSS_S_COMPLETE;
@@ -70,8 +71,8 @@ krb5_gss_validate_cred_1(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
 
 OM_uint32
 krb5_gss_validate_cred(minor_status, cred_handle)
-     OM_uint32 *minor_status;
-     gss_cred_id_t cred_handle;
+    OM_uint32 *minor_status;
+    gss_cred_id_t cred_handle;
 {
     krb5_context context;
     krb5_error_code code;
@@ -79,21 +80,17 @@ krb5_gss_validate_cred(minor_status, cred_handle)
 
     code = krb5_gss_init_context(&context);
     if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
+        *minor_status = code;
+        return GSS_S_FAILURE;
     }
 
     maj = krb5_gss_validate_cred_1(minor_status, cred_handle, context);
     if (maj == 0) {
-       krb5_gss_cred_id_t cred = (krb5_gss_cred_id_t) cred_handle;
-       k5_mutex_assert_locked(&cred->lock);
-       k5_mutex_unlock(&cred->lock);
+        krb5_gss_cred_id_t cred = (krb5_gss_cred_id_t) cred_handle;
+        k5_mutex_assert_locked(&cred->lock);
+        k5_mutex_unlock(&cred->lock);
     }
     save_error_info(*minor_status, context);
     krb5_free_context(context);
     return maj;
 }
-
-               
-
-
index 833697b19e913370c9bc593036662112e15eb80a..4906ef38a1a5f0b0fad7ee21f43b751fc3b518d0 100644 (file)
@@ -1,6 +1,7 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 OM_uint32
 krb5_gss_verify(minor_status, context_handle,
-               message_buffer, token_buffer,
-               qop_state)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t context_handle;
-     gss_buffer_t message_buffer;
-     gss_buffer_t token_buffer;
-     int *qop_state;
+                message_buffer, token_buffer,
+                qop_state)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_buffer_t message_buffer;
+    gss_buffer_t token_buffer;
+    int *qop_state;
 {
-     return(kg_unseal(minor_status, context_handle,
-                     token_buffer, message_buffer,
-                     NULL, qop_state, KG_TOK_SIGN_MSG));
+    return(kg_unseal(minor_status, context_handle,
+                     token_buffer, message_buffer,
+                     NULL, qop_state, KG_TOK_SIGN_MSG));
 }
 
 /* V2 interface */
 OM_uint32
 krb5_gss_verify_mic(minor_status, context_handle,
-                   message_buffer, token_buffer,
-                   qop_state)
-    OM_uint32          *minor_status;
-    gss_ctx_id_t       context_handle;
-    gss_buffer_t       message_buffer;
-    gss_buffer_t       token_buffer;
-    gss_qop_t          *qop_state;
+                    message_buffer, token_buffer,
+                    qop_state)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    gss_buffer_t        message_buffer;
+    gss_buffer_t        token_buffer;
+    gss_qop_t           *qop_state;
 {
-    OM_uint32          rstat;
-    int                        qstate;
+    OM_uint32           rstat;
+    int                 qstate;
 
     rstat = kg_unseal(minor_status, context_handle,
-                     token_buffer, message_buffer,
-                     NULL, &qstate, KG_TOK_MIC_MSG);
+                      token_buffer, message_buffer,
+                      NULL, &qstate, KG_TOK_MIC_MSG);
     if (!rstat && qop_state)
-       *qop_state = (gss_qop_t) qstate;
+        *qop_state = (gss_qop_t) qstate;
     return(rstat);
 }
index b875a965a099c8880f51242684d60319c10c240f..f2400471038d99ec2c0f2937888159e86a652b79 100644 (file)
@@ -1,3 +1,4 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -34,7 +35,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -64,7 +65,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 /* V2 interface */
 OM_uint32
 krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
-                        qop_req, req_output_size, max_input_size)
-    OM_uint32          *minor_status;
-    gss_ctx_id_t       context_handle;
-    int                        conf_req_flag;
-    gss_qop_t          qop_req;
-    OM_uint32          req_output_size;
-    OM_uint32          *max_input_size;
+                         qop_req, req_output_size, max_input_size)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    int                 conf_req_flag;
+    gss_qop_t           qop_req;
+    OM_uint32           req_output_size;
+    OM_uint32           *max_input_size;
 {
-    krb5_gss_ctx_id_rec        *ctx;
-    OM_uint32          data_size, conflen;
-    OM_uint32          ohlen;
-    int                        overhead;
+    krb5_gss_ctx_id_rec *ctx;
+    OM_uint32           data_size, conflen;
+    OM_uint32           ohlen;
+    int                 overhead;
 
     /* only default qop is allowed */
     if (qop_req != GSS_C_QOP_DEFAULT) {
-       *minor_status = (OM_uint32) G_UNKNOWN_QOP;
-       return(GSS_S_FAILURE);
+        *minor_status = (OM_uint32) G_UNKNOWN_QOP;
+        return(GSS_S_FAILURE);
     }
-    
+
     /* validate the context handle */
     if (! kg_validate_ctx_id(context_handle)) {
-       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
-       return(GSS_S_NO_CONTEXT);
+        *minor_status = (OM_uint32) G_VALIDATE_FAILED;
+        return(GSS_S_NO_CONTEXT);
     }
-    
+
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
     if (! ctx->established) {
-       *minor_status = KG_CTX_INCOMPLETE;
-       return(GSS_S_NO_CONTEXT);
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
     }
 
     if (ctx->proto == 1) {
-       /* No pseudo-ASN.1 wrapper overhead, so no sequence length and
-          OID.  */
-       OM_uint32 sz = req_output_size;
-       /* Token header: 16 octets.  */
-       if (conf_req_flag) {
-           while (sz > 0 && krb5_encrypt_size(sz, ctx->enc->enctype) + 16 > req_output_size)
-               sz--;
-           /* Allow for encrypted copy of header.  */
-           if (sz > 16)
-               sz -= 16;
-           else
-               sz = 0;
+        /* No pseudo-ASN.1 wrapper overhead, so no sequence length and
+           OID.  */
+        OM_uint32 sz = req_output_size;
+        /* Token header: 16 octets.  */
+        if (conf_req_flag) {
+            while (sz > 0 && krb5_encrypt_size(sz, ctx->enc->enctype) + 16 > req_output_size)
+                sz--;
+            /* Allow for encrypted copy of header.  */
+            if (sz > 16)
+                sz -= 16;
+            else
+                sz = 0;
 #ifdef CFX_EXERCISE
-           /* Allow for EC padding.  In the MIT implementation, only
-              added while testing.  */
-           if (sz > 65535)
-               sz -= 65535;
-           else
-               sz = 0;
+            /* Allow for EC padding.  In the MIT implementation, only
+               added while testing.  */
+            if (sz > 65535)
+                sz -= 65535;
+            else
+                sz = 0;
 #endif
-       } else {
-           /* Allow for token header and checksum.  */
-           if (sz < 16 + ctx->cksum_size)
-               sz = 0;
-           else
-               sz -= (16 + ctx->cksum_size);
-       }
+        } else {
+            /* Allow for token header and checksum.  */
+            if (sz < 16 + ctx->cksum_size)
+                sz = 0;
+            else
+                sz -= (16 + ctx->cksum_size);
+        }
 
-       *max_input_size = sz;
-       *minor_status = 0;
-       return GSS_S_COMPLETE;
+        *max_input_size = sz;
+        *minor_status = 0;
+        return GSS_S_COMPLETE;
     }
 
     /* Calculate the token size and subtract that from the output size */
@@ -146,17 +147,17 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
     conflen = kg_confounder_size(ctx->k5_context, ctx->enc);
     data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
     ohlen = g_token_size(ctx->mech_used,
-                        (unsigned int) (data_size + ctx->cksum_size + 14))
-      - req_output_size;
+                         (unsigned int) (data_size + ctx->cksum_size + 14))
+        - req_output_size;
 
     if (ohlen+overhead < req_output_size)
-      /*
-       * Cannot have trailer length that will cause us to pad over our
-       * length.
-       */
-      *max_input_size = (req_output_size - ohlen - overhead) & (~(OM_uint32)7);
+        /*
+         * Cannot have trailer length that will cause us to pad over our
+         * length.
+         */
+        *max_input_size = (req_output_size - ohlen - overhead) & (~(OM_uint32)7);
     else
-      *max_input_size = 0;
+        *max_input_size = 0;
 
     *minor_status = 0;
     return(GSS_S_COMPLETE);