From 8c1b31f71322cc10a90e0255ddc503aca4990f10 Mon Sep 17 00:00:00 2001 From: Zhanna Tsitkov Date: Thu, 12 Nov 2009 20:17:34 +0000 Subject: [PATCH] Post-great-reindent check. Part II git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23153 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/kdc_util.h | 344 ++++++++++++++++++++++++--------------------- src/kdc/main.c | 40 ++++-- 2 files changed, 211 insertions(+), 173 deletions(-) diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 1950ec090..db4ec6f7a 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -43,52 +43,58 @@ krb5_error_code check_hot_list (krb5_ticket *); krb5_boolean realm_compare (krb5_const_principal, krb5_const_principal); krb5_boolean is_local_principal(krb5_const_principal princ1); krb5_boolean krb5_is_tgs_principal (krb5_const_principal); -krb5_error_code add_to_transited (krb5_data *, +krb5_error_code +add_to_transited (krb5_data *, krb5_data *, krb5_principal, krb5_principal, krb5_principal); -krb5_error_code compress_transited (krb5_data *, +krb5_error_code +compress_transited (krb5_data *, krb5_principal, krb5_data *); -krb5_error_code concat_authorization_data (krb5_authdata **, - krb5_authdata **, - krb5_authdata ***); -krb5_error_code fetch_last_req_info (krb5_db_entry *, - krb5_last_req_entry ***); - -krb5_error_code kdc_convert_key (krb5_keyblock *, - krb5_keyblock *, - int); -krb5_error_code kdc_process_tgs_req -(krb5_kdc_req *, - const krb5_fulladdr *, - krb5_data *, - krb5_ticket **, - krb5_db_entry *krbtgt, - int *nprincs, - krb5_keyblock **, krb5_keyblock **, - krb5_pa_data **pa_tgs_req); - -krb5_error_code kdc_get_server_key (krb5_ticket *, unsigned int, - krb5_boolean match_enctype, - krb5_db_entry *, int *, - krb5_keyblock **, krb5_kvno *); - -int validate_as_request (krb5_kdc_req *, krb5_db_entry, - krb5_db_entry, krb5_timestamp, - const char **, krb5_data *); - -int validate_forwardable(krb5_kdc_req *, krb5_db_entry, - krb5_db_entry, krb5_timestamp, - const char **); - -int validate_tgs_request (krb5_kdc_req *, krb5_db_entry, - krb5_ticket *, krb5_timestamp, - const char **, krb5_data *); - -int fetch_asn1_field (unsigned char *, unsigned int, unsigned int, - krb5_data *); +krb5_error_code +concat_authorization_data (krb5_authdata **, + krb5_authdata **, + krb5_authdata ***); +krb5_error_code +fetch_last_req_info (krb5_db_entry *, krb5_last_req_entry ***); + +krb5_error_code +kdc_convert_key (krb5_keyblock *, krb5_keyblock *, int); +krb5_error_codex +kdc_process_tgs_req (krb5_kdc_req *, + const krb5_fulladdr *, + krb5_data *, + krb5_ticket **, + krb5_db_entry *krbtgt, + int *nprincs, + krb5_keyblock **, krb5_keyblock **, + krb5_pa_data **pa_tgs_req); + +krb5_error_code +kdc_get_server_key (krb5_ticket *, unsigned int, + krb5_boolean match_enctype, + krb5_db_entry *, int *, + krb5_keyblock **, krb5_kvno *); + +int +validate_as_request (krb5_kdc_req *, krb5_db_entry, + krb5_db_entry, krb5_timestamp, + const char **, krb5_data *); + +int +validate_forwardable(krb5_kdc_req *, krb5_db_entry, + krb5_db_entry, krb5_timestamp, + const char **); + +int +validate_tgs_request (krb5_kdc_req *, krb5_db_entry, + krb5_ticket *, krb5_timestamp, + const char **, krb5_data *); + +int +fetch_asn1_field (unsigned char *, unsigned int, unsigned int, krb5_data *); int dbentry_has_key_for_enctype (krb5_context context, @@ -119,24 +125,29 @@ void rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep); /* do_as_req.c */ -krb5_error_code process_as_req (krb5_kdc_req *, krb5_data *, +krb5_error_code +process_as_req (krb5_kdc_req *, krb5_data *, const krb5_fulladdr *, krb5_data ** ); /* do_tgs_req.c */ -krb5_error_code process_tgs_req (krb5_data *, +krb5_error_code +process_tgs_req (krb5_data *, const krb5_fulladdr *, krb5_data ** ); /* dispatch.c */ -krb5_error_code dispatch (krb5_data *, +krb5_error_code +dispatch (krb5_data *, const krb5_fulladdr *, krb5_data **); /* main.c */ krb5_error_code kdc_initialize_rcache (krb5_context, char *); -krb5_error_code setup_server_realm (krb5_principal); -void kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...); +krb5_error_code +setup_server_realm (krb5_principal); +void +kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...); /* network.c */ krb5_error_code listen_and_process (void); @@ -144,53 +155,65 @@ krb5_error_code setup_network (void); krb5_error_code closedown_network (void); /* policy.c */ -int against_local_policy_as (krb5_kdc_req *, krb5_db_entry, +int +against_local_policy_as (krb5_kdc_req *, krb5_db_entry, krb5_db_entry, krb5_timestamp, const char **, krb5_data *); -int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry, +int +against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry, krb5_ticket *, const char **, krb5_data *); /* kdc_preauth.c */ -krb5_boolean enctype_requires_etype_info_2(krb5_enctype enctype); +krb5_boolean +enctype_requires_etype_info_2(krb5_enctype enctype); -const char * missing_required_preauth -(krb5_db_entry *client, krb5_db_entry *server, - krb5_enc_tkt_part *enc_tkt_reply); -void get_preauth_hint_list (krb5_kdc_req * request, +const char * +missing_required_preauth (krb5_db_entry *client, + krb5_db_entry *server, + krb5_enc_tkt_part *enc_tkt_reply); +void +get_preauth_hint_list (krb5_kdc_req * request, krb5_db_entry *client, krb5_db_entry *server, krb5_data *e_data); -krb5_error_code load_preauth_plugins(krb5_context context); -krb5_error_code unload_preauth_plugins(krb5_context context); +krb5_error_code +load_preauth_plugins(krb5_context context); +krb5_error_code +unload_preauth_plugins(krb5_context context); -krb5_error_code check_padata -(krb5_context context, krb5_db_entry *client, krb5_data *req_pkt, - krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply, - void **padata_context, krb5_data *e_data); +krb5_error_code +check_padata (krb5_context context, + krb5_db_entry *client, krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_enc_tkt_part *enc_tkt_reply, + void **padata_context, krb5_data *e_data); -krb5_error_code return_padata -(krb5_context context, krb5_db_entry *client, - krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply, - krb5_key_data *client_key, krb5_keyblock *encrypting_key, - void **padata_context); +krb5_error_code +return_padata (krb5_context context, krb5_db_entry *client, + krb5_data *req_pkt, krb5_kdc_req *request, + krb5_kdc_rep *reply, + krb5_key_data *client_key, krb5_keyblock *encrypting_key, + void **padata_context); -krb5_error_code free_padata_context -(krb5_context context, void **padata_context); +krb5_error_code +free_padata_context (krb5_context context, void **padata_context); -krb5_pa_data *find_pa_data -(krb5_pa_data **padata, krb5_preauthtype pa_type); +krb5_pa_data * +find_pa_data (krb5_pa_data **padata, krb5_preauthtype pa_type); -krb5_error_code add_pa_data_element -(krb5_context context, - krb5_pa_data *padata, - krb5_pa_data ***out_padata, - krb5_boolean copy); +krb5_error_code +add_pa_data_element (krb5_context context, + krb5_pa_data *padata, + krb5_pa_data ***out_padata, + krb5_boolean copy); /* kdc_authdata.c */ -krb5_error_code load_authdata_plugins(krb5_context context); -krb5_error_code unload_authdata_plugins(krb5_context context); +krb5_error_code +load_authdata_plugins(krb5_context context); +krb5_error_code +unload_authdata_plugins(krb5_context context); krb5_error_code handle_authdata (krb5_context context, @@ -226,75 +249,75 @@ get_principal (krb5_context kcontext, krb5_boolean include_pac_p(krb5_context context, krb5_kdc_req *request); -krb5_error_code return_svr_referral_data -(krb5_context context, - krb5_db_entry *server, - krb5_enc_kdc_rep_part *reply_encpart); - -krb5_error_code sign_db_authdata -(krb5_context context, - unsigned int flags, - krb5_const_principal client_princ, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_db_entry *krbtgt, - krb5_keyblock *client_key, - krb5_keyblock *server_key, - krb5_keyblock *krbtgt_key, - krb5_timestamp authtime, - krb5_authdata **tgs_authdata, - krb5_keyblock *session_key, - krb5_authdata ***ret_authdata); - -krb5_error_code kdc_process_s4u2self_req -(krb5_context context, - krb5_kdc_req *request, - krb5_const_principal client_princ, - const krb5_db_entry *server, - krb5_keyblock *tgs_subkey, - krb5_keyblock *tgs_session, - krb5_timestamp kdc_time, - krb5_pa_s4u_x509_user **s4u2self_req, - krb5_db_entry *princ, - int *nprincs, - const char **status); - -krb5_error_code kdc_make_s4u2self_rep -(krb5_context context, - krb5_keyblock *tgs_subkey, - krb5_keyblock *tgs_session, - krb5_pa_s4u_x509_user *req_s4u_user, - krb5_kdc_rep *reply, - krb5_enc_kdc_rep_part *reply_encpart); - -krb5_error_code kdc_process_s4u2proxy_req -(krb5_context context, - krb5_kdc_req *request, - const krb5_enc_tkt_part *t2enc, - const krb5_db_entry *server, - krb5_const_principal server_princ, - krb5_const_principal proxy_princ, - const char **status); - -krb5_error_code kdc_check_transited_list -(krb5_context context, - const krb5_data *trans, - const krb5_data *realm1, - const krb5_data *realm2); - -krb5_error_code audit_as_request -(krb5_kdc_req *request, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_timestamp authtime, - krb5_error_code errcode); - -krb5_error_code audit_tgs_request -(krb5_kdc_req *request, - krb5_const_principal client, - krb5_db_entry *server, - krb5_timestamp authtime, - krb5_error_code errcode); +krb5_error_code +return_svr_referral_data (krb5_context context, + krb5_db_entry *server, + krb5_enc_kdc_rep_part *reply_encpart); + +krb5_error_code +sign_db_authdata (krb5_context context, + unsigned int flags, + krb5_const_principal client_princ, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_timestamp authtime, + krb5_authdata **tgs_authdata, + krb5_keyblock *session_key, + krb5_authdata ***ret_authdata); + +krb5_error_code +kdc_process_s4u2self_req (krb5_context context, + krb5_kdc_req *request, + krb5_const_principal client_princ, + const krb5_db_entry *server, + krb5_keyblock *tgs_subkey, + krb5_keyblock *tgs_session, + krb5_timestamp kdc_time, + krb5_pa_s4u_x509_user **s4u2self_req, + krb5_db_entry *princ, + int *nprincs, + const char **status); + +krb5_error_code +kdc_make_s4u2self_rep (krb5_context context, + krb5_keyblock *tgs_subkey, + krb5_keyblock *tgs_session, + krb5_pa_s4u_x509_user *req_s4u_user, + krb5_kdc_rep *reply, + krb5_enc_kdc_rep_part *reply_encpart); + +krb5_error_code +kdc_process_s4u2proxy_req (krb5_context context, + krb5_kdc_req *request, + const krb5_enc_tkt_part *t2enc, + const krb5_db_entry *server, + krb5_const_principal server_princ, + krb5_const_principal proxy_princ, + const char **status); + +krb5_error_code +kdc_check_transited_list (krb5_context context, + const krb5_data *trans, + const krb5_data *realm1, + const krb5_data *realm2); + +krb5_error_code +audit_as_request (krb5_kdc_req *request, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode); + +krb5_error_code +audit_tgs_request (krb5_kdc_req *request, + krb5_const_principal client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode); krb5_error_code validate_transit_path(krb5_context context, @@ -324,7 +347,8 @@ log_tgs_req(const krb5_fulladdr *from, krb5_timestamp authtime, unsigned int c_flags, const char *s4u_name, const char *status, krb5_error_code errcode, const char *emsg); -void log_tgs_alt_tgt(krb5_principal p); +void +log_tgs_alt_tgt(krb5_principal p); /*Request state*/ @@ -337,8 +361,7 @@ struct kdc_request_state { }; krb5_error_code kdc_make_rstate(struct kdc_request_state **out); -void kdc_free_rstate -(struct kdc_request_state *s); +void kdc_free_rstate (struct kdc_request_state *s); /* FAST*/ enum krb5_fast_kdc_flags { @@ -346,20 +369,21 @@ enum krb5_fast_kdc_flags { KRB5_FAST_REPLY_KEY_REPLACED = 0x02, }; -krb5_error_code kdc_find_fast -(krb5_kdc_req **requestptr, krb5_data *checksummed_data, - krb5_keyblock *tgs_subkey, krb5_keyblock *tgs_session, - struct kdc_request_state *state); - -krb5_error_code kdc_fast_response_handle_padata -(struct kdc_request_state *state, - krb5_kdc_req *request, - krb5_kdc_rep *rep, - krb5_enctype enctype); -krb5_error_code kdc_fast_handle_error -(krb5_context context, struct kdc_request_state *state, - krb5_kdc_req *request, - krb5_pa_data **in_padata, krb5_error *err); +krb5_error_code +kdc_find_fast (krb5_kdc_req **requestptr, krb5_data *checksummed_data, + krb5_keyblock *tgs_subkey, krb5_keyblock *tgs_session, + struct kdc_request_state *state); + +krb5_error_code +kdc_fast_response_handle_padata (struct kdc_request_state *state, + krb5_kdc_req *request, + krb5_kdc_rep *rep, + krb5_enctype enctype); +krb5_error_code +kdc_fast_handle_error (krb5_context context, + struct kdc_request_state *state, + krb5_kdc_req *request, + krb5_pa_data **in_padata, krb5_error *err); krb5_error_code kdc_fast_handle_reply_key(struct kdc_request_state *state, krb5_keyblock *existing_key, diff --git a/src/kdc/main.c b/src/kdc/main.c index 511db2125..a12a7738b 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -207,47 +207,56 @@ handle_referral_params(krb5_realm_params *rparams, retval = ENOMEM; } else { if (rparams && rparams->realm_no_host_referral) { - if (krb5_match_config_pattern(rparams->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) { + if (krb5_match_config_pattern(rparams->realm_no_host_referral, + KRB5_CONF_ASTERISK) == TRUE) { rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_no_host_referral) retval = ENOMEM; - } else if (no_refrls && (asprintf(&(rdp->realm_no_host_referral), "%s%s%s%s%s", - " ", no_refrls," ",rparams->realm_no_host_referral, " ") < 0)) + } else if (no_refrls && (asprintf(&(rdp->realm_no_host_referral), + "%s%s%s%s%s", " ", no_refrls," ", + rparams->realm_no_host_referral, " ") < 0)) retval = ENOMEM; else if (asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", rparams->realm_no_host_referral, " ") < 0) retval = ENOMEM; } else if( no_refrls != NULL) { - if ( asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", no_refrls, " ") < 0) + if ( asprintf(&(rdp->realm_no_host_referral), + "%s%s%s", " ", no_refrls, " ") < 0) retval = ENOMEM; } else rdp->realm_no_host_referral = NULL; } - if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) { + if (rdp->realm_no_host_referral && + krb5_match_config_pattern(rdp->realm_no_host_referral, + KRB5_CONF_ASTERISK) == TRUE) { rdp->realm_host_based_services = NULL; return 0; } - if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) { + if (host_based_srvcs && + (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) { rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; } else { if (rparams && rparams->realm_host_based_services) { - if (krb5_match_config_pattern(rparams->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE) { + if (krb5_match_config_pattern(rparams->realm_host_based_services, + KRB5_CONF_ASTERISK) == TRUE) { rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; } else if (host_based_srvcs) { if (asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s", - " ", host_based_srvcs," ",rparams->realm_host_based_services, " ") < 0) + " ", host_based_srvcs," ", + rparams->realm_host_based_services, " ") < 0) retval = ENOMEM; } else if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", rparams->realm_host_based_services, " ") < 0) retval = ENOMEM; } else if (host_based_srvcs) { - if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", host_based_srvcs, " ") < 0) + if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", + host_based_srvcs, " ") < 0) retval = ENOMEM; } else rdp->realm_host_based_services = NULL; @@ -255,6 +264,7 @@ handle_referral_params(krb5_realm_params *rparams, return retval; } + /* * Initialize a realm control structure from the alternate profile or from * the specified defaults. @@ -548,7 +558,7 @@ setup_sam(void) void usage(char *name) { - fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n\t\t[-R replaycachename] [-m] [-k masterenctype] [-M masterkeyname]\n\t\t[-p port] [-n]\n" + fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n\t\t[-R replaycachename] [-m] [-k masterenctype] [-M masterkeyname]\n\t\t[-p port] [/]\n" "\nwhere,\n\t[-x db_args]* - Any number of database specific arguments. Look at\n" "\t\t\teach database module documentation for supported\n\t\t\targuments\n", name); @@ -593,7 +603,8 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) hierarchy[1] = KRB5_CONF_NO_HOST_REFERRAL; if (krb5_aprof_get_string_all(aprof, hierarchy, &no_refrls)) no_refrls = 0; - if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { + if (!no_refrls || + krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { hierarchy[1] = KRB5_CONF_HOST_BASED_SERVICES; if (krb5_aprof_get_string_all(aprof, hierarchy, &host_based_srvcs)) host_based_srvcs = 0; @@ -649,7 +660,8 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) menctype, default_udp_ports, default_tcp_ports, manual, db_args, no_refrls, host_based_srvcs))) { - fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n", + fprintf(stderr, + "%s: cannot initialize realm %s - see log file for details\n", argv[0], optarg); exit(1); } @@ -666,7 +678,9 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) } break; case 'd': /* pathname for db */ - /* now db_name is not a seperate argument. It has to be passed as part of the db_args */ + /* now db_name is not a seperate argument. + * It has to be passed as part of the db_args + */ if( db_name == NULL ) { if (asprintf(&db_name, "dbname=%s", optarg) < 0) { fprintf(stderr, -- 2.26.2