diff options
| author | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2009-10-31 00:48:38 +0000 |
| commit | 02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b (patch) | |
| tree | 61b9147863cd8be3eff63903dc36cae168254bd5 /src/lib | |
| parent | 162ab371748cba0cc6f172419bd6e71fa04bb878 (diff) | |
| download | krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.zip krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.gz krb5-02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b.tar.bz2 | |
make mark-cstyle
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
555 files changed, 33795 insertions, 33738 deletions
diff --git a/src/lib/apputils/daemon.c b/src/lib/apputils/daemon.c index 00dde48..42b2bbc 100644 --- a/src/lib/apputils/daemon.c +++ b/src/lib/apputils/daemon.c @@ -62,7 +62,7 @@ daemon(nochdir, noclose) #else { int n; - + /* * The open below may hang on pseudo ttys if the person * who starts named logs out before this point. Thus, diff --git a/src/lib/crypto/builtin/aes/aes.h b/src/lib/crypto/builtin/aes/aes.h index ac1c1b8..6009b98 100644 --- a/src/lib/crypto/builtin/aes/aes.h +++ b/src/lib/crypto/builtin/aes/aes.h @@ -5,23 +5,23 @@ LICENSE TERMS - The free distribution and use of this software in both source and binary + The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: - 1. distributions of this source code include the above copyright + 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness + in respect of any properties, including, but not limited to, correctness and fitness for purpose. ------------------------------------------------------------------------- Issue Date: 21/01/2002 @@ -34,9 +34,9 @@ #include "uitypes.h" -/* BLOCK_SIZE is in BYTES: 16, 24, 32 or undefined for aes.c and 16, 20, - 24, 28, 32 or undefined for aespp.c. When left undefined a slower - version that provides variable block length is compiled. +/* BLOCK_SIZE is in BYTES: 16, 24, 32 or undefined for aes.c and 16, 20, + 24, 28, 32 or undefined for aespp.c. When left undefined a slower + version that provides variable block length is compiled. */ #define BLOCK_SIZE 16 diff --git a/src/lib/crypto/builtin/aes/aes_s2k.c b/src/lib/crypto/builtin/aes/aes_s2k.c index 14c7726..0eccdd9 100644 --- a/src/lib/crypto/builtin/aes/aes_s2k.c +++ b/src/lib/crypto/builtin/aes/aes_s2k.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5int_aes_string_to_key */ diff --git a/src/lib/crypto/builtin/aes/aescpp.h b/src/lib/crypto/builtin/aes/aescpp.h index e685485..c81dfa6 100644 --- a/src/lib/crypto/builtin/aes/aescpp.h +++ b/src/lib/crypto/builtin/aes/aescpp.h @@ -1,4 +1,3 @@ - /* ------------------------------------------------------------------------- Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK. @@ -6,21 +5,21 @@ TERMS - Redistribution and use in source and binary forms, with or without + Redistribution and use in source and binary forms, with or without modification, are permitted subject to the following conditions: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 3. The copyright holder's name must not be used to endorse or promote - any products derived from this software without his specific prior - written permission. + 3. The copyright holder's name must not be used to endorse or promote + any products derived from this software without his specific prior + written permission. - This software is provided 'as is' with no express or implied warranties + This software is provided 'as is' with no express or implied warranties of correctness or fitness for purpose. ------------------------------------------------------------------------- Issue Date: 21/01/2002 diff --git a/src/lib/crypto/builtin/aes/aescrypp.c b/src/lib/crypto/builtin/aes/aescrypp.c index 87b6341..c1608df 100644 --- a/src/lib/crypto/builtin/aes/aescrypp.c +++ b/src/lib/crypto/builtin/aes/aescrypp.c @@ -5,23 +5,23 @@ LICENSE TERMS - The free distribution and use of this software in both source and binary + The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: - 1. distributions of this source code include the above copyright + 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness + in respect of any properties, including, but not limited to, correctness and fitness for purpose. ------------------------------------------------------------------------- Issue Date: 21/01/2002 @@ -44,7 +44,7 @@ #define locals(y,x) x[4],y[4] #else #define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3 - /* + /* the following defines prevent the compiler requiring the declaration of generated but unused variables in the fwd_var and inv_var macros */ @@ -77,7 +77,7 @@ #define b17 unused #endif #define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ - s(y,2) = s(x,2); s(y,3) = s(x,3); s(y,4) = s(x,4); + s(y,2) = s(x,2); s(y,3) = s(x,3); s(y,4) = s(x,4); #define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3); si(y,x,k,4) #define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3); so(y,x,4) #define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3); rm(y,x,k,4) @@ -212,15 +212,15 @@ switch(nc) \ #if defined(ENCRYPTION) /* I am grateful to Frank Yellin for the following construction - (and that for decryption) which, given the column (c) of the - output state variable, gives the input state variables which + (and that for decryption) which, given the column (c) of the + output state variable, gives the input state variables which are needed for each row (r) of the state. - For the fixed block size options, compilers should reduce these - two expressions to fixed variable references. But for variable + For the fixed block size options, compilers should reduce these + two expressions to fixed variable references. But for variable block size code conditional clauses will sometimes be returned. - y = output word, x = input word, r = row, c = column for r = 0, + y = output word, x = input word, r = row, c = column for r = 0, 1, 2 and 3 = column accessed for row r. */ @@ -291,7 +291,7 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons #if (ENC_UNROLL == FULL) - state_in((cx->n_rnd & 1 ? b1 : b0), in_blk, kp); + state_in((cx->n_rnd & 1 ? b1 : b0), in_blk, kp); kp += (cx->n_rnd - 9) * nc; switch(cx->n_rnd) @@ -300,13 +300,13 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons case 13: round(fwd_rnd, b0, b1, kp - 3 * nc); case 12: round(fwd_rnd, b1, b0, kp - 2 * nc); case 11: round(fwd_rnd, b0, b1, kp - nc); - case 10: round(fwd_rnd, b1, b0, kp ); + case 10: round(fwd_rnd, b1, b0, kp ); round(fwd_rnd, b0, b1, kp + nc); - round(fwd_rnd, b1, b0, kp + 2 * nc); + round(fwd_rnd, b1, b0, kp + 2 * nc); round(fwd_rnd, b0, b1, kp + 3 * nc); - round(fwd_rnd, b1, b0, kp + 4 * nc); + round(fwd_rnd, b1, b0, kp + 4 * nc); round(fwd_rnd, b0, b1, kp + 5 * nc); - round(fwd_rnd, b1, b0, kp + 6 * nc); + round(fwd_rnd, b1, b0, kp + 6 * nc); round(fwd_rnd, b0, b1, kp + 7 * nc); round(fwd_rnd, b1, b0, kp + 8 * nc); round(fwd_lrnd, b0, b1, kp + 9 * nc); @@ -314,33 +314,33 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons #else { uint32_t rnd; - state_in(b0, in_blk, kp); + state_in(b0, in_blk, kp); #if (ENC_UNROLL == PARTIAL) for(rnd = 0; rnd < (cx->n_rnd - 1) >> 1; ++rnd) { kp += nc; - round(fwd_rnd, b1, b0, kp); + round(fwd_rnd, b1, b0, kp); kp += nc; - round(fwd_rnd, b0, b1, kp); + round(fwd_rnd, b0, b1, kp); } - if(cx->n_rnd & 1) + if(cx->n_rnd & 1) { l_copy(b1, b0); } else { kp += nc; - round(fwd_rnd, b1, b0, kp); + round(fwd_rnd, b1, b0, kp); } #else for(rnd = 0; rnd < cx->n_rnd - 1; ++rnd) { kp += nc; - round(fwd_rnd, b1, b0, kp); - l_copy(b0, b1); + round(fwd_rnd, b1, b0, kp); + l_copy(b0, b1); } #endif kp += nc; @@ -423,7 +423,7 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons #if (DEC_UNROLL == FULL) - state_in((cx->n_rnd & 1 ? b1 : b0), in_blk, kp); + state_in((cx->n_rnd & 1 ? b1 : b0), in_blk, kp); kp = cx->k_sch + 9 * nc; switch(cx->n_rnd) @@ -432,13 +432,13 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons case 13: round(inv_rnd, b0, b1, kp + 3 * nc); case 12: round(inv_rnd, b1, b0, kp + 2 * nc); case 11: round(inv_rnd, b0, b1, kp + nc); - case 10: round(inv_rnd, b1, b0, kp ); + case 10: round(inv_rnd, b1, b0, kp ); round(inv_rnd, b0, b1, kp - nc); - round(inv_rnd, b1, b0, kp - 2 * nc); + round(inv_rnd, b1, b0, kp - 2 * nc); round(inv_rnd, b0, b1, kp - 3 * nc); - round(inv_rnd, b1, b0, kp - 4 * nc); + round(inv_rnd, b1, b0, kp - 4 * nc); round(inv_rnd, b0, b1, kp - 5 * nc); - round(inv_rnd, b1, b0, kp - 6 * nc); + round(inv_rnd, b1, b0, kp - 6 * nc); round(inv_rnd, b0, b1, kp - 7 * nc); round(inv_rnd, b1, b0, kp - 8 * nc); round(inv_lrnd, b0, b1, kp - 9 * nc); @@ -446,33 +446,33 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons #else { uint32_t rnd; - state_in(b0, in_blk, kp); + state_in(b0, in_blk, kp); #if (DEC_UNROLL == PARTIAL) for(rnd = 0; rnd < (cx->n_rnd - 1) >> 1; ++rnd) { kp -= nc; - round(inv_rnd, b1, b0, kp); + round(inv_rnd, b1, b0, kp); kp -= nc; - round(inv_rnd, b0, b1, kp); + round(inv_rnd, b0, b1, kp); } - if(cx->n_rnd & 1) + if(cx->n_rnd & 1) { l_copy(b1, b0); } else - { + { kp -= nc; - round(inv_rnd, b1, b0, kp); + round(inv_rnd, b1, b0, kp); } #else for(rnd = 0; rnd < cx->n_rnd - 1; ++rnd) { kp -= nc; - round(inv_rnd, b1, b0, kp); - l_copy(b0, b1); + round(inv_rnd, b1, b0, kp); + l_copy(b0, b1); } #endif kp -= nc; diff --git a/src/lib/crypto/builtin/aes/aescrypt.c b/src/lib/crypto/builtin/aes/aescrypt.c index 9db66e2..2704b89 100644 --- a/src/lib/crypto/builtin/aes/aescrypt.c +++ b/src/lib/crypto/builtin/aes/aescrypt.c @@ -5,29 +5,29 @@ LICENSE TERMS - The free distribution and use of this software in both source and binary + The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: - 1. distributions of this source code include the above copyright + 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness + in respect of any properties, including, but not limited to, correctness and fitness for purpose. ------------------------------------------------------------------------- Issue Date: 21/01/2002 This file contains the code for implementing encryption and decryption - for AES (Rijndael) for block and key sizes of 16, 24 and 32 bytes. It + for AES (Rijndael) for block and key sizes of 16, 24 and 32 bytes. It can optionally be replaced by code written in assembler using NASM. */ @@ -35,7 +35,7 @@ #if defined(BLOCK_SIZE) && (BLOCK_SIZE & 7) #error An illegal block size has been specified. -#endif +#endif #define unused 77 /* Sunset Strip */ @@ -48,7 +48,7 @@ #define locals(y,x) x[4],y[4] #else #define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3 - /* + /* the following defines prevent the compiler requiring the declaration of generated but unused variables in the fwd_var and inv_var macros */ @@ -162,18 +162,18 @@ switch(nc) \ #if defined(ENCRYPTION) /* I am grateful to Frank Yellin for the following construction - (and that for decryption) which, given the column (c) of the - output state variable, gives the input state variables which + (and that for decryption) which, given the column (c) of the + output state variable, gives the input state variables which are needed in its computation for each row (r) of the state. - For the fixed block size options, compilers should be able to - reduce this complex expression (and the equivalent one for - decryption) to a static variable reference at compile time. + For the fixed block size options, compilers should be able to + reduce this complex expression (and the equivalent one for + decryption) to a static variable reference at compile time. But for variable block size code, there will be some limbs on which conditional clauses will be returned. */ -/* y = output word, x = input word, r = row, c = column for r = 0, +/* y = output word, x = input word, r = row, c = column for r = 0, 1, 2 and 3 = column accessed for row r. */ @@ -242,7 +242,7 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons if(!(cx->n_blk & 1)) return aes_bad; - state_in(b0, in_blk, kp); + state_in(b0, in_blk, kp); #if (ENC_UNROLL == FULL) @@ -250,31 +250,31 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons switch(cx->n_rnd) { - case 14: round(fwd_rnd, b1, b0, kp - 4 * nc); + case 14: round(fwd_rnd, b1, b0, kp - 4 * nc); round(fwd_rnd, b0, b1, kp - 3 * nc); - case 12: round(fwd_rnd, b1, b0, kp - 2 * nc); + case 12: round(fwd_rnd, b1, b0, kp - 2 * nc); round(fwd_rnd, b0, b1, kp - nc); - case 10: round(fwd_rnd, b1, b0, kp ); + case 10: round(fwd_rnd, b1, b0, kp ); round(fwd_rnd, b0, b1, kp + nc); - round(fwd_rnd, b1, b0, kp + 2 * nc); + round(fwd_rnd, b1, b0, kp + 2 * nc); round(fwd_rnd, b0, b1, kp + 3 * nc); - round(fwd_rnd, b1, b0, kp + 4 * nc); + round(fwd_rnd, b1, b0, kp + 4 * nc); round(fwd_rnd, b0, b1, kp + 5 * nc); - round(fwd_rnd, b1, b0, kp + 6 * nc); + round(fwd_rnd, b1, b0, kp + 6 * nc); round(fwd_rnd, b0, b1, kp + 7 * nc); round(fwd_rnd, b1, b0, kp + 8 * nc); round(fwd_lrnd, b0, b1, kp + 9 * nc); } #else - + #if (ENC_UNROLL == PARTIAL) { uint32_t rnd; for(rnd = 0; rnd < (cx->n_rnd >> 1) - 1; ++rnd) { kp += nc; - round(fwd_rnd, b1, b0, kp); + round(fwd_rnd, b1, b0, kp); kp += nc; - round(fwd_rnd, b0, b1, kp); + round(fwd_rnd, b0, b1, kp); } kp += nc; round(fwd_rnd, b1, b0, kp); @@ -283,7 +283,7 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons for(rnd = 0; rnd < cx->n_rnd - 1; ++rnd) { kp += nc; - round(fwd_rnd, p1, p0, kp); + round(fwd_rnd, p1, p0, kp); pt = p0, p0 = p1, p1 = pt; } #endif @@ -376,27 +376,27 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons round(inv_rnd, b0, b1, kp + 3 * nc); case 12: round(inv_rnd, b1, b0, kp + 2 * nc); round(inv_rnd, b0, b1, kp + nc ); - case 10: round(inv_rnd, b1, b0, kp ); + case 10: round(inv_rnd, b1, b0, kp ); round(inv_rnd, b0, b1, kp - nc); - round(inv_rnd, b1, b0, kp - 2 * nc); + round(inv_rnd, b1, b0, kp - 2 * nc); round(inv_rnd, b0, b1, kp - 3 * nc); - round(inv_rnd, b1, b0, kp - 4 * nc); + round(inv_rnd, b1, b0, kp - 4 * nc); round(inv_rnd, b0, b1, kp - 5 * nc); - round(inv_rnd, b1, b0, kp - 6 * nc); + round(inv_rnd, b1, b0, kp - 6 * nc); round(inv_rnd, b0, b1, kp - 7 * nc); round(inv_rnd, b1, b0, kp - 8 * nc); round(inv_lrnd, b0, b1, kp - 9 * nc); } #else - + #if (DEC_UNROLL == PARTIAL) { uint32_t rnd; for(rnd = 0; rnd < (cx->n_rnd >> 1) - 1; ++rnd) { - kp -= nc; - round(inv_rnd, b1, b0, kp); - kp -= nc; - round(inv_rnd, b0, b1, kp); + kp -= nc; + round(inv_rnd, b1, b0, kp); + kp -= nc; + round(inv_rnd, b0, b1, kp); } kp -= nc; round(inv_rnd, b1, b0, kp); @@ -405,7 +405,7 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons for(rnd = 0; rnd < cx->n_rnd - 1; ++rnd) { kp -= nc; - round(inv_rnd, p1, p0, kp); + round(inv_rnd, p1, p0, kp); pt = p0, p0 = p1, p1 = pt; } #endif diff --git a/src/lib/crypto/builtin/aes/aeskey.c b/src/lib/crypto/builtin/aes/aeskey.c index 60f766b..36b6404 100644 --- a/src/lib/crypto/builtin/aes/aeskey.c +++ b/src/lib/crypto/builtin/aes/aeskey.c @@ -5,28 +5,28 @@ LICENSE TERMS - The free distribution and use of this software in both source and binary + The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: - 1. distributions of this source code include the above copyright + 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness + in respect of any properties, including, but not limited to, correctness and fitness for purpose. ------------------------------------------------------------------------- Issue Date: 21/01/2002 - This file contains the code for implementing the key schedule for AES + This file contains the code for implementing the key schedule for AES (Rijndael) for block and key sizes of 16, 24, and 32 bytes. */ @@ -34,10 +34,10 @@ #if defined(BLOCK_SIZE) && (BLOCK_SIZE & 7) #error An illegal block size has been specified. -#endif +#endif /* Subroutine to set the block size (if variable) in bytes, legal - values being 16, 24 and 32. + values being 16, 24 and 32. */ #if !defined(BLOCK_SIZE) && defined(SET_BLOCK_LENGTH) @@ -48,8 +48,8 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]) if(!tab_init) gen_tabs(); #endif - if((blen & 7) || blen < 16 || blen > 32) - { + if((blen & 7) || blen < 16 || blen > 32) + { cx->n_blk = 0; return aes_bad; } @@ -64,10 +64,10 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]) This corresponds to bit lengths of 128, 192 and 256 bits, and to Nk values of 4, 6 and 8 respectively. - The following macros implement a single cycle in the key - schedule generation process. The number of cycles needed + The following macros implement a single cycle in the key + schedule generation process. The number of cycles needed for each cx->n_col and nk value is: - + nk = 4 5 6 7 8 ------------------------------ cx->n_col = 4 10 9 8 7 7 @@ -110,7 +110,7 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]) } aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]) -{ uint32_t ss[8]; +{ uint32_t ss[8]; #if !defined(FIXED_TABLES) if(!tab_init) gen_tabs(); @@ -121,7 +121,7 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx #else cx->n_blk = BLOCK_SIZE; #endif - + cx->n_blk = (cx->n_blk & ~3U) | 1; cx->k_sch[0] = ss[0] = word_in(in_key ); @@ -133,29 +133,29 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx switch(klen) { - case 16: ke4(cx->k_sch, 0); ke4(cx->k_sch, 1); + case 16: ke4(cx->k_sch, 0); ke4(cx->k_sch, 1); ke4(cx->k_sch, 2); ke4(cx->k_sch, 3); - ke4(cx->k_sch, 4); ke4(cx->k_sch, 5); + ke4(cx->k_sch, 4); ke4(cx->k_sch, 5); ke4(cx->k_sch, 6); ke4(cx->k_sch, 7); - ke4(cx->k_sch, 8); kel4(cx->k_sch, 9); + ke4(cx->k_sch, 8); kel4(cx->k_sch, 9); cx->n_rnd = 10; break; case 24: cx->k_sch[4] = ss[4] = word_in(in_key + 16); cx->k_sch[5] = ss[5] = word_in(in_key + 20); - ke6(cx->k_sch, 0); ke6(cx->k_sch, 1); + ke6(cx->k_sch, 0); ke6(cx->k_sch, 1); ke6(cx->k_sch, 2); ke6(cx->k_sch, 3); - ke6(cx->k_sch, 4); ke6(cx->k_sch, 5); - ke6(cx->k_sch, 6); kel6(cx->k_sch, 7); + ke6(cx->k_sch, 4); ke6(cx->k_sch, 5); + ke6(cx->k_sch, 6); kel6(cx->k_sch, 7); cx->n_rnd = 12; break; case 32: cx->k_sch[4] = ss[4] = word_in(in_key + 16); cx->k_sch[5] = ss[5] = word_in(in_key + 20); cx->k_sch[6] = ss[6] = word_in(in_key + 24); cx->k_sch[7] = ss[7] = word_in(in_key + 28); - ke8(cx->k_sch, 0); ke8(cx->k_sch, 1); + ke8(cx->k_sch, 0); ke8(cx->k_sch, 1); ke8(cx->k_sch, 2); ke8(cx->k_sch, 3); - ke8(cx->k_sch, 4); ke8(cx->k_sch, 5); - kel8(cx->k_sch, 6); + ke8(cx->k_sch, 4); ke8(cx->k_sch, 5); + kel8(cx->k_sch, 6); cx->n_rnd = 14; break; - default: cx->n_rnd = 0; return aes_bad; + default: cx->n_rnd = 0; return aes_bad; } #else { uint32_t i, l; @@ -179,7 +179,7 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx for(i = 0; i < l; ++i) ke8(cx->k_sch, i); break; - default: cx->n_rnd = 0; return aes_bad; + default: cx->n_rnd = 0; return aes_bad; } } #endif @@ -277,7 +277,7 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx } aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]) -{ uint32_t ss[8]; +{ uint32_t ss[8]; d_vars #if !defined(FIXED_TABLES) @@ -301,20 +301,20 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx switch(klen) { - case 16: kdf4(cx->k_sch, 0); kd4(cx->k_sch, 1); + case 16: kdf4(cx->k_sch, 0); kd4(cx->k_sch, 1); kd4(cx->k_sch, 2); kd4(cx->k_sch, 3); - kd4(cx->k_sch, 4); kd4(cx->k_sch, 5); + kd4(cx->k_sch, 4); kd4(cx->k_sch, 5); kd4(cx->k_sch, 6); kd4(cx->k_sch, 7); - kd4(cx->k_sch, 8); kdl4(cx->k_sch, 9); + kd4(cx->k_sch, 8); kdl4(cx->k_sch, 9); cx->n_rnd = 10; break; case 24: ss[4] = word_in(in_key + 16); cx->k_sch[4] = ff(ss[4]); ss[5] = word_in(in_key + 20); cx->k_sch[5] = ff(ss[5]); - kdf6(cx->k_sch, 0); kd6(cx->k_sch, 1); + kdf6(cx->k_sch, 0); kd6(cx->k_sch, 1); kd6(cx->k_sch, 2); kd6(cx->k_sch, 3); - kd6(cx->k_sch, 4); kd6(cx->k_sch, 5); - kd6(cx->k_sch, 6); kdl6(cx->k_sch, 7); + kd6(cx->k_sch, 4); kd6(cx->k_sch, 5); + kd6(cx->k_sch, 6); kdl6(cx->k_sch, 7); cx->n_rnd = 12; break; case 32: ss[4] = word_in(in_key + 16); cx->k_sch[4] = ff(ss[4]); @@ -324,12 +324,12 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx cx->k_sch[6] = ff(ss[6]); ss[7] = word_in(in_key + 28); cx->k_sch[7] = ff(ss[7]); - kdf8(cx->k_sch, 0); kd8(cx->k_sch, 1); + kdf8(cx->k_sch, 0); kd8(cx->k_sch, 1); kd8(cx->k_sch, 2); kd8(cx->k_sch, 3); - kd8(cx->k_sch, 4); kd8(cx->k_sch, 5); - kdl8(cx->k_sch, 6); + kd8(cx->k_sch, 4); kd8(cx->k_sch, 5); + kdl8(cx->k_sch, 6); cx->n_rnd = 14; break; - default: cx->n_rnd = 0; return aes_bad; + default: cx->n_rnd = 0; return aes_bad; } #else { uint32_t i, l; @@ -338,7 +338,7 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx switch(klen) { - case 16: + case 16: for(i = 0; i < l; ++i) ke4(cx->k_sch, i); break; @@ -354,7 +354,7 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx for(i = 0; i < l; ++i) ke8(cx->k_sch, i); break; - default: cx->n_rnd = 0; return aes_bad; + default: cx->n_rnd = 0; return aes_bad; } #if (DEC_ROUND != NO_TABLES) for(i = nc; i < nc * cx->n_rnd; ++i) diff --git a/src/lib/crypto/builtin/aes/aeskeypp.c b/src/lib/crypto/builtin/aes/aeskeypp.c index 89fd900..589d7a3 100644 --- a/src/lib/crypto/builtin/aes/aeskeypp.c +++ b/src/lib/crypto/builtin/aes/aeskeypp.c @@ -5,41 +5,41 @@ LICENSE TERMS - The free distribution and use of this software in both source and binary + The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: - 1. distributions of this source code include the above copyright + 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness + in respect of any properties, including, but not limited to, correctness and fitness for purpose. ------------------------------------------------------------------------- Issue Date: 21/01/2002 - This file contains the code for implementing the key schedule for AES + This file contains the code for implementing the key schedule for AES (Rijndael) for block and key sizes of 16, 20, 24, 28 and 32 bytes. */ #include "aesopt.h" /* Subroutine to set the block size (if variable) in bytes, legal - values being 16, 24 and 32. + values being 16, 24 and 32. */ #if !defined(BLOCK_SIZE) && defined(SET_BLOCK_LENGTH) /* Subroutine to set the block size (if variable) in bytes, legal - values being 16, 24 and 32. + values being 16, 24 and 32. */ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]) @@ -48,8 +48,8 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]) if(!tab_init) gen_tabs(); #endif - if((blen & 3) || blen < 16 || blen > 32) - { + if((blen & 3) || blen < 16 || blen > 32) + { cx->n_blk = 0; return aes_bad; } @@ -64,10 +64,10 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]) This corresponds to bit lengths of 128, 192 and 256 bits, and to Nk values of 4, 6 and 8 respectively. - The following macros implement a single cycle in the key - schedule generation process. The number of cycles needed + The following macros implement a single cycle in the key + schedule generation process. The number of cycles needed for each cx->n_blk and nk value is: - + nk = 4 5 6 7 8 ------------------------------ cx->n_blk = 4 10 9 8 7 7 @@ -78,7 +78,7 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]) */ /* Initialise the key schedule from the user supplied key. The key - length is now specified in bytes - 16, 20, 24, 28 or 32 as + length is now specified in bytes - 16, 20, 24, 28 or 32 as appropriate. This corresponds to bit lengths of 128, 160, 192, 224 and 256 bits, and to Nk values of 4, 5, 6, 7 & 8 respectively. */ @@ -133,10 +133,10 @@ switch(nc) \ #endif -/* The following macros implement a single cycle in the key - schedule generation process. The number of cycles needed +/* The following macros implement a single cycle in the key + schedule generation process. The number of cycles needed for each cx->n_blk and nk value is: - + nk = 4 5 6 7 8 ----------------------- cx->n_blk = 4 10 9 8 7 7 @@ -229,30 +229,30 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx { case 4: ks4(0); ks4(1); ks4(2); ks4(3); ks4(4); ks4(5); ks4(6); ks4(7); - ks4(8); ks4(9); + ks4(8); ks4(9); cx->n_rnd = 10; break; case 5: cx->k_sch[4] = t = word_in(in_key + 16); ks5(0); ks5(1); ks5(2); ks5(3); - ks5(4); ks5(5); ks5(6); ks5(7); - ks5(8); + ks5(4); ks5(5); ks5(6); ks5(7); + ks5(8); cx->n_rnd = 11; break; case 6: cx->k_sch[4] = t = word_in(in_key + 16); cx->k_sch[5] = u = word_in(in_key + 20); ks6(0); ks6(1); ks6(2); ks6(3); - ks6(4); ks6(5); ks6(6); ks6(7); + ks6(4); ks6(5); ks6(6); ks6(7); cx->n_rnd = 12; break; case 7: cx->k_sch[4] = t = word_in(in_key + 16); cx->k_sch[5] = u = word_in(in_key + 20); cx->k_sch[6] = v = word_in(in_key + 24); ks7(0); ks7(1); ks7(2); ks7(3); - ks7(4); ks7(5); ks7(6); + ks7(4); ks7(5); ks7(6); cx->n_rnd = 13; break; case 8: cx->k_sch[4] = t = word_in(in_key + 16); cx->k_sch[5] = u = word_in(in_key + 20); cx->k_sch[6] = v = word_in(in_key + 24); cx->k_sch[7] = w = word_in(in_key + 28); ks8(0); ks8(1); ks8(2); ks8(3); - ks8(4); ks8(5); ks8(6); + ks8(4); ks8(5); ks8(6); cx->n_rnd = 14; break; default:cx->n_rnd = 0; return aes_bad; } @@ -326,30 +326,30 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx { case 4: ks4(0); ks4(1); ks4(2); ks4(3); ks4(4); ks4(5); ks4(6); ks4(7); - ks4(8); ks4(9); + ks4(8); ks4(9); cx->n_rnd = 10; break; case 5: cx->k_sch[4] = t = word_in(in_key + 16); ks5(0); ks5(1); ks5(2); ks5(3); - ks5(4); ks5(5); ks5(6); ks5(7); - ks5(8); + ks5(4); ks5(5); ks5(6); ks5(7); + ks5(8); cx->n_rnd = 11; break; case 6: cx->k_sch[4] = t = word_in(in_key + 16); cx->k_sch[5] = u = word_in(in_key + 20); ks6(0); ks6(1); ks6(2); ks6(3); - ks6(4); ks6(5); ks6(6); ks6(7); + ks6(4); ks6(5); ks6(6); ks6(7); cx->n_rnd = 12; break; case 7: cx->k_sch[4] = t = word_in(in_key + 16); cx->k_sch[5] = u = word_in(in_key + 20); cx->k_sch[6] = v = word_in(in_key + 24); ks7(0); ks7(1); ks7(2); ks7(3); - ks7(4); ks7(5); ks7(6); + ks7(4); ks7(5); ks7(6); cx->n_rnd = 13; break; case 8: cx->k_sch[4] = t = word_in(in_key + 16); cx->k_sch[5] = u = word_in(in_key + 20); cx->k_sch[6] = v = word_in(in_key + 24); cx->k_sch[7] = w = word_in(in_key + 28); ks8(0); ks8(1); ks8(2); ks8(3); - ks8(4); ks8(5); ks8(6); + ks8(4); ks8(5); ks8(6); cx->n_rnd = 14; break; default:cx->n_rnd = 0; return aes_bad; } diff --git a/src/lib/crypto/builtin/aes/aesopt.h b/src/lib/crypto/builtin/aes/aesopt.h index 006fbb3..ede89f6 100644 --- a/src/lib/crypto/builtin/aes/aesopt.h +++ b/src/lib/crypto/builtin/aes/aesopt.h @@ -5,48 +5,48 @@ LICENSE TERMS - The free distribution and use of this software in both source and binary + The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: - 1. distributions of this source code include the above copyright + 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness + in respect of any properties, including, but not limited to, correctness and fitness for purpose. ------------------------------------------------------------------------- Issue Date: 07/02/2002 - This file contains the compilation options for AES (Rijndael) and code + This file contains the compilation options for AES (Rijndael) and code that is common across encryption, key scheduling and table generation. OPERATION - + These source code files implement the AES algorithm Rijndael designed by - Joan Daemen and Vincent Rijmen. The version in aes.c is designed for - block and key sizes of 128, 192 and 256 bits (16, 24 and 32 bytes) while - that in aespp.c provides for block and keys sizes of 128, 160, 192, 224 - and 256 bits (16, 20, 24, 28 and 32 bytes). This file is a common header - file for these two implementations and for aesref.c, which is a reference + Joan Daemen and Vincent Rijmen. The version in aes.c is designed for + block and key sizes of 128, 192 and 256 bits (16, 24 and 32 bytes) while + that in aespp.c provides for block and keys sizes of 128, 160, 192, 224 + and 256 bits (16, 20, 24, 28 and 32 bytes). This file is a common header + file for these two implementations and for aesref.c, which is a reference implementation. - + This version is designed for flexibility and speed using operations on - 32-bit words rather than operations on bytes. It provides aes_both fixed - and dynamic block and key lengths and can also run with either big or - little endian internal byte order (see aes.h). It inputs block and key - lengths in bytes with the legal values being 16, 24 and 32 for aes.c and + 32-bit words rather than operations on bytes. It provides aes_both fixed + and dynamic block and key lengths and can also run with either big or + little endian internal byte order (see aes.h). It inputs block and key + lengths in bytes with the legal values being 16, 24 and 32 for aes.c and 16, 20, 24, 28 and 32 for aespp.c - + THE CIPHER INTERFACE uint8_t (an unsigned 8-bit type) @@ -68,8 +68,8 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]); aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]); - IMPORTANT NOTE: If you are using this C interface and your compiler does - not set the memory used for objects to zero before use, you will need to + IMPORTANT NOTE: If you are using this C interface and your compiler does + not set the memory used for objects to zero before use, you will need to ensure that cx.s_flg is set to zero before using these subroutine calls. C++ aes class subroutines: @@ -86,21 +86,21 @@ aes_rval blk(const unsigned char in_blk[], unsigned char out_blk[]); The block length inputs to set_block and set_key are in numbers of - BYTES, not bits. The calls to subroutines must be made in the above + BYTES, not bits. The calls to subroutines must be made in the above order but multiple calls can be made without repeating earlier calls if their parameters have not changed. If the cipher block length is variable but set_blk has not been called before cipher operations a - value of 16 is assumed (that is, the AES block size). In contrast to + value of 16 is assumed (that is, the AES block size). In contrast to earlier versions the block and key length parameters are now checked - for correctness and the encryption and decryption routines check to + for correctness and the encryption and decryption routines check to ensure that an appropriate key has been set before they are called. - COMPILATION + COMPILATION The files used to provide AES (Rijndael) are a. aes.h for the definitions needed for use in C. - b. aescpp.h for the definitions needed for use in C++. + b. aescpp.h for the definitions needed for use in C++. c. aesopt.h for setting compilation options (also includes common code). d. aescrypt.c for encryption and decrytpion, or @@ -113,7 +113,7 @@ block and key lengths of 16, 24 and 32 bytes (128, 192 and 256 bits). If aescrypp.c and aeskeypp.c are used instead of aescrypt.c and aeskey.c respectively, the block and key lengths can then be 16, 20, - 24, 28 or 32 bytes. However this code has not been optimised to the + 24, 28 or 32 bytes. However this code has not been optimised to the same extent and is hence slower (esepcially for the AES block size of 16 bytes). @@ -124,23 +124,23 @@ exclude the AES_DLL define in aes.h To compile AES (Rijndael) in C as a Dynamic Link Library DLL) use - aes.h, include the AES_DLL define and compile the DLL. If using + aes.h, include the AES_DLL define and compile the DLL. If using the test files to test the DLL, exclude aes.c from the test build - project and compile it with the same defines as used for the DLL + project and compile it with the same defines as used for the DLL (ensure that the DLL path is correct) CONFIGURATION OPTIONS (here and in aes.h) - a. define BLOCK_SIZE in aes.h to set the cipher block size (16, 24 - or 32 for the standard code, or 16, 20, 24, 28 or 32 for the - extended code) or leave this undefined for dynamically variable + a. define BLOCK_SIZE in aes.h to set the cipher block size (16, 24 + or 32 for the standard code, or 16, 20, 24, 28 or 32 for the + extended code) or leave this undefined for dynamically variable block size (this will result in much slower code). b. set AES_DLL in aes.h if AES (Rijndael) is to be compiled as a DLL - c. You may need to set PLATFORM_BYTE_ORDER to define the byte order. + c. You may need to set PLATFORM_BYTE_ORDER to define the byte order. d. If you want the code to run in a specific internal byte order, then INTERNAL_BYTE_ORDER must be set accordingly. e. set other configuration options decribed below. -*/ +*/ #ifndef _AESOPT_H #define _AESOPT_H @@ -148,7 +148,7 @@ /* START OF CONFIGURATION OPTIONS USE OF DEFINES - + Later in this section there are a number of defines that control the operation of the code. In each section, the purpose of each define is explained so that the relevant form can be included or @@ -199,11 +199,11 @@ /* 2. BYTE ORDER IN 32-BIT WORDS - To obtain the highest speed on processors with 32-bit words, this code + To obtain the highest speed on processors with 32-bit words, this code needs to determine the order in which bytes are packed into such words. - The following block of code is an attempt to capture the most obvious - ways in which various environemnts specify heir endian definitions. It - may well fail, in which case the definitions will need to be set by + The following block of code is an attempt to capture the most obvious + ways in which various environemnts specify heir endian definitions. It + may well fail, in which case the definitions will need to be set by editing at the points marked **** EDIT HERE IF NECESSARY **** below. */ #define AES_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */ @@ -219,7 +219,7 @@ # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN # endif # endif -# elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) +# elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) # define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN # elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN) # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN @@ -233,7 +233,7 @@ # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN # endif # endif -# elif defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN) +# elif defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN) # define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN # elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN) # define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN @@ -249,8 +249,8 @@ #endif /* 3. ASSEMBLER SUPPORT - - If the assembler code is used for encryption and decryption this file only + + If the assembler code is used for encryption and decryption this file only provides key scheduling so the following defines are used */ #ifdef AES_ASM @@ -298,27 +298,27 @@ /* 5. BYTE ORDER WITHIN 32 BIT WORDS - The fundamental data processing units in Rijndael are 8-bit bytes. The - input, output and key input are all enumerated arrays of bytes in which - bytes are numbered starting at zero and increasing to one less than the - number of bytes in the array in question. This enumeration is only used - for naming bytes and does not imply any adjacency or order relationship - from one byte to another. When these inputs and outputs are considered - as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to - byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte. - In this implementation bits are numbered from 0 to 7 starting at the + The fundamental data processing units in Rijndael are 8-bit bytes. The + input, output and key input are all enumerated arrays of bytes in which + bytes are numbered starting at zero and increasing to one less than the + number of bytes in the array in question. This enumeration is only used + for naming bytes and does not imply any adjacency or order relationship + from one byte to another. When these inputs and outputs are considered + as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to + byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte. + In this implementation bits are numbered from 0 to 7 starting at the numerically least significant end of each byte (bit n represents 2^n). - However, Rijndael can be implemented more efficiently using 32-bit + However, Rijndael can be implemented more efficiently using 32-bit words by packing bytes into words so that bytes 4*n to 4*n+3 are placed - into word[n]. While in principle these bytes can be assembled into words - in any positions, this implementation only supports the two formats in + into word[n]. While in principle these bytes can be assembled into words + in any positions, this implementation only supports the two formats in which bytes in adjacent positions within words also have adjacent byte - numbers. This order is called big-endian if the lowest numbered bytes - in words have the highest numeric significance and little-endian if the - opposite applies. - - This code can work in either order irrespective of the order used by the + numbers. This order is called big-endian if the lowest numbered bytes + in words have the highest numeric significance and little-endian if the + opposite applies. + + This code can work in either order irrespective of the order used by the machine on which it runs. Normally the internal byte order will be set to the order of the processor on which the code is to be run but this define can be used to reverse this in special situations @@ -331,20 +331,20 @@ #define INTERNAL_BYTE_ORDER AES_BIG_ENDIAN #endif -/* 6. FAST INPUT/OUTPUT OPERATIONS. +/* 6. FAST INPUT/OUTPUT OPERATIONS. - On some machines it is possible to improve speed by transferring the - bytes in the input and output arrays to and from the internal 32-bit - variables by addressing these arrays as if they are arrays of 32-bit - words. On some machines this will always be possible but there may - be a large performance penalty if the byte arrays are not aligned on - the normal word boundaries. On other machines this technique will + On some machines it is possible to improve speed by transferring the + bytes in the input and output arrays to and from the internal 32-bit + variables by addressing these arrays as if they are arrays of 32-bit + words. On some machines this will always be possible but there may + be a large performance penalty if the byte arrays are not aligned on + the normal word boundaries. On other machines this technique will lead to memory access errors when such 32-bit word accesses are not - properly aligned. The option SAFE_IO avoids such problems but will - often be slower on those machines that support misaligned access - (especially so if care is taken to align the input and output byte - arrays on 32-bit word boundaries). If SAFE_IO is not defined it is - assumed that access to byte arrays as if they are arrays of 32-bit + properly aligned. The option SAFE_IO avoids such problems but will + often be slower on those machines that support misaligned access + (especially so if care is taken to align the input and output byte + arrays on 32-bit word boundaries). If SAFE_IO is not defined it is + assumed that access to byte arrays as if they are arrays of 32-bit words will not cause problems when such accesses are misaligned. */ #if 1 @@ -363,12 +363,12 @@ /* 7. LOOP UNROLLING The code for encryption and decrytpion cycles through a number of rounds - that can be implemented either in a loop or by expanding the code into a + that can be implemented either in a loop or by expanding the code into a long sequence of instructions, the latter producing a larger program but one that will often be much faster. The latter is called loop unrolling. There are also potential speed advantages in expanding two iterations in a loop with half the number of iterations, which is called partial loop - unrolling. The following options allow partial or full loop unrolling + unrolling. The following options allow partial or full loop unrolling to be set independently for encryption and decryption */ #if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO) @@ -389,8 +389,8 @@ /* 8. FIXED OR DYNAMIC TABLES - When this section is included the tables used by the code are compiled - statically into the binary file. Otherwise they are computed once when + When this section is included the tables used by the code are compiled + statically into the binary file. Otherwise they are computed once when the code is first used. */ #if 1 @@ -399,7 +399,7 @@ /* 9. FAST FINITE FIELD OPERATIONS - If this section is included, tables are used to provide faster finite + If this section is included, tables are used to provide faster finite field arithmetic (this has no effect if FIXED_TABLES is defined). */ #if 1 @@ -408,8 +408,8 @@ /* 10. INTERNAL STATE VARIABLE FORMAT - The internal state of Rijndael is stored in a number of local 32-bit - word varaibles which can be defined either as an array or as individual + The internal state of Rijndael is stored in a number of local 32-bit + word varaibles which can be defined either as an array or as individual names variables. Include this section if you want to store these local varaibles in arrays. Otherwise individual local variables will be used. */ @@ -419,10 +419,10 @@ /* In this implementation the columns of the state array are each held in 32-bit words. The state array can be held in various ways: in an array - of words, in a number of individual word variables or in a number of + of words, in a number of individual word variables or in a number of processor registers. The following define maps a variable name x and a column number c to the way the state array variable is to be held. - The first define below maps the state into an array x[c] whereas the + The first define below maps the state into an array x[c] whereas the second form maps the state into a number of individual variables x0, x1, etc. Another form could map individual state colums to machine register names. @@ -448,16 +448,16 @@ This cipher proceeds by repeating in a number of cycles known as 'rounds' which are implemented by a round function which can optionally be speeded - up using tables. The basic tables are each 256 32-bit words, with either + up using tables. The basic tables are each 256 32-bit words, with either one or four tables being required for each round function depending on how much speed is required. The encryption and decryption round functions are different and the last encryption and decrytpion round functions are different again making four different round functions in all. This means that: - 1. Normal encryption and decryption rounds can each use either 0, 1 + 1. Normal encryption and decryption rounds can each use either 0, 1 or 4 tables and table spaces of 0, 1024 or 4096 bytes each. - 2. The last encryption and decryption rounds can also use either 0, 1 + 2. The last encryption and decryption rounds can also use either 0, 1 or 4 tables and table spaces of 0, 1024 or 4096 bytes each. Include or exclude the appropriate definitions below to set the number @@ -497,7 +497,7 @@ #endif /* The decryption key schedule can be speeded up with tables in the same - way that the round functions can. Include or exclude the following + way that the round functions can. Include or exclude the following defines to set this requirement. */ #if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO) @@ -519,7 +519,7 @@ #if defined(BLOCK_SIZE) && ((BLOCK_SIZE & 3) || BLOCK_SIZE < 16 || BLOCK_SIZE > 32) #error An illegal block size has been specified. -#endif +#endif #if !defined(BLOCK_SIZE) #define RC_LENGTH 29 @@ -534,7 +534,7 @@ #define LAST_ENC_ROUND NO_TABLES #elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES #undef LAST_ENC_ROUND -#define LAST_ENC_ROUND ONE_TABLE +#define LAST_ENC_ROUND ONE_TABLE #endif #if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE @@ -547,7 +547,7 @@ #define LAST_DEC_ROUND NO_TABLES #elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES #undef LAST_DEC_ROUND -#define LAST_DEC_ROUND ONE_TABLE +#define LAST_DEC_ROUND ONE_TABLE #endif #if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE @@ -560,7 +560,7 @@ /* upr(x,n): rotates bytes within words by n positions, moving bytes to higher index positions with wrap around into low positions - ups(x,n): moves bytes by n positions to higher index positions in + ups(x,n): moves bytes by n positions to higher index positions in words but without wrap around bval(x,n): extracts a byte from a word */ @@ -602,7 +602,7 @@ #if !defined(_MSC_VER) #define _lrotl(x,n) (((x) << n) | ((x) >> (32 - n))) #endif -#define bswap_32(x) ((_lrotl((x),8) & 0x00ff00ff) | (_lrotl((x),24) & 0xff00ff00)) +#define bswap_32(x) ((_lrotl((x),8) & 0x00ff00ff) | (_lrotl((x),24) & 0xff00ff00)) #endif #define word_in(x) bswap_32(*(uint32_t*)(x)) @@ -625,9 +625,9 @@ give improved performance if a fast 32-bit multiply is not available. Note that a temporary variable u needs to be defined where FFmulX is used. -#define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) +#define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) #define m4 (0x01010101 * BPOLY) -#define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) +#define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) */ /* Work out which tables are needed for the different options */ diff --git a/src/lib/crypto/builtin/aes/aestab.c b/src/lib/crypto/builtin/aes/aestab.c index 7a5d69f..7902887 100644 --- a/src/lib/crypto/builtin/aes/aestab.c +++ b/src/lib/crypto/builtin/aes/aestab.c @@ -5,23 +5,23 @@ LICENSE TERMS - The free distribution and use of this software in both source and binary + The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: - 1. distributions of this source code include the above copyright + 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness + in respect of any properties, including, but not limited to, correctness and fitness for purpose. ------------------------------------------------------------------------- Issue Date: 07/02/2002 @@ -29,7 +29,7 @@ #include "aesopt.h" -#if defined(FIXED_TABLES) || !defined(FF_TABLES) +#if defined(FIXED_TABLES) || !defined(FF_TABLES) /* finite field arithmetic operations */ @@ -151,7 +151,7 @@ #define h0(x) (x) -/* These defines are used to ensure tables are generated in the +/* These defines are used to ensure tables are generated in the right format depending on the internal byte order required */ @@ -209,7 +209,7 @@ const uint8_t inv_s_box[256] = { isb_data(h0) }; const uint32_t ft_tab[256] = { sb_data(u0) }; #endif #ifdef FT4_SET -const uint32_t ft_tab[4][256] = +const uint32_t ft_tab[4][256] = { { sb_data(u0) }, { sb_data(u1) }, { sb_data(u2) }, { sb_data(u3) } }; #endif @@ -217,7 +217,7 @@ const uint32_t ft_tab[4][256] = const uint32_t fl_tab[256] = { sb_data(w0) }; #endif #ifdef FL4_SET -const uint32_t fl_tab[4][256] = +const uint32_t fl_tab[4][256] = { { sb_data(w0) }, { sb_data(w1) }, { sb_data(w2) }, { sb_data(w3) } }; #endif @@ -233,7 +233,7 @@ const uint32_t it_tab[4][256] = const uint32_t il_tab[256] = { isb_data(w0) }; #endif #ifdef IL4_SET -const uint32_t il_tab[4][256] = +const uint32_t il_tab[4][256] = { { isb_data(w0) }, { isb_data(w1) }, { isb_data(w2) }, { isb_data(w3) } }; #endif @@ -249,7 +249,7 @@ const uint32_t ls_tab[4][256] = const uint32_t im_tab[256] = { mm_data(v0) }; #endif #ifdef IM4_SET -const uint32_t im_tab[4][256] = +const uint32_t im_tab[4][256] = { { mm_data(v0) }, { mm_data(v1) }, { mm_data(v2) }, { mm_data(v3) } }; #endif @@ -314,8 +314,8 @@ uint32_t im_tab[4][256]; /* Generate the tables for the dynamic table option - It will generally be sensible to use tables to compute finite - field multiplies and inverses but where memory is scarse this + It will generally be sensible to use tables to compute finite + field multiplies and inverses but where memory is scarse this code might sometimes be better. But it only has effect during initialisation so its pretty unimportant in overall terms. */ @@ -327,7 +327,7 @@ uint32_t im_tab[4][256]; static uint8_t hibit(const uint32_t x) { uint8_t r = (uint8_t)((x >> 1) | (x >> 2)); - + r |= (r >> 2); r |= (r >> 4); return (r + 1) >> 1; @@ -345,14 +345,14 @@ static uint8_t fi(const uint8_t x) if(!n1) return v1; while(n2 >= n1) - { + { n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2); } - + if(!n2) return v2; while(n1 >= n2) - { + { n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1); } } @@ -392,9 +392,9 @@ void gen_tabs(void) root is 0x03, used here to generate the tables */ - i = 0; w = 1; + i = 0; w = 1; do - { + { pow[i] = (uint8_t)w; pow[i + 255] = (uint8_t)w; log[w] = (uint8_t)i++; diff --git a/src/lib/crypto/builtin/aes/uitypes.h b/src/lib/crypto/builtin/aes/uitypes.h index 3a72921..fe8f9ba 100644 --- a/src/lib/crypto/builtin/aes/uitypes.h +++ b/src/lib/crypto/builtin/aes/uitypes.h @@ -5,28 +5,28 @@ LICENSE TERMS - The free distribution and use of this software in both source and binary + The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that: - 1. distributions of this source code include the above copyright + 1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer; 2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials; - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. + 3. the copyright holder's name is not used to endorse products + built using this software without specific written permission. DISCLAIMER This software is provided 'as is' with no explcit or implied warranties - in respect of any properties, including, but not limited to, correctness + in respect of any properties, including, but not limited to, correctness and fitness for purpose. ------------------------------------------------------------------------- Issue Date: 01/02/2002 - This file contains code to obtain or set the definitions for fixed length + This file contains code to obtain or set the definitions for fixed length unsigned integer types. */ diff --git a/src/lib/crypto/builtin/arcfour/arcfour.c b/src/lib/crypto/builtin/arcfour/arcfour.c index ff2f437..1f49812 100644 --- a/src/lib/crypto/builtin/arcfour/arcfour.c +++ b/src/lib/crypto/builtin/arcfour/arcfour.c @@ -337,4 +337,3 @@ krb5int_arcfour_decrypt(const struct krb5_enc_provider *enc, free(plaintext.data); return (ret); } - diff --git a/src/lib/crypto/builtin/arcfour/arcfour_aead.c b/src/lib/crypto/builtin/arcfour/arcfour_aead.c index c01fc00..7ede21d 100644 --- a/src/lib/crypto/builtin/arcfour/arcfour_aead.c +++ b/src/lib/crypto/builtin/arcfour/arcfour_aead.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -106,7 +106,7 @@ krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead, * Caller must have provided space for the header, padding * and trailer; per RFC 4757 we will arrange it as: * - * Checksum | E(Confounder | Plaintext) + * Checksum | E(Confounder | Plaintext) */ header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER); @@ -246,7 +246,7 @@ krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead, trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); if (trailer != NULL && trailer->data.length != 0) return KRB5_BAD_MSIZE; - + ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock); if (ret != 0) goto cleanup; @@ -334,4 +334,3 @@ const struct krb5_aead_provider krb5int_aead_arcfour = { krb5int_arcfour_encrypt_iov, krb5int_arcfour_decrypt_iov }; - diff --git a/src/lib/crypto/builtin/arcfour/arcfour_s2k.c b/src/lib/crypto/builtin/arcfour/arcfour_s2k.c index 09c9b76..1aaaa1c 100644 --- a/src/lib/crypto/builtin/arcfour/arcfour_s2k.c +++ b/src/lib/crypto/builtin/arcfour/arcfour_s2k.c @@ -19,7 +19,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, if (params != NULL) return KRB5_ERR_BAD_S2K_PARAMS; - + if (key->length != 16) return (KRB5_BAD_MSIZE); @@ -40,7 +40,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, krb5int_MD4Final(&md4_context); memcpy(key->contents, md4_context.digest, 16); -#if 0 +#if 0 /* test the string_to_key function */ printf("Hash="); { diff --git a/src/lib/crypto/builtin/des/afsstring2key.c b/src/lib/crypto/builtin/des/afsstring2key.c index eb6c37f..4b61a2f 100644 --- a/src/lib/crypto/builtin/des/afsstring2key.c +++ b/src/lib/crypto/builtin/des/afsstring2key.c @@ -1,7 +1,7 @@ /* * lib/crypto/des/string2key.c * - * based on lib/crypto/des/string2key.c from MIT V5 + * based on lib/crypto/des/string2key.c from MIT V5 * and on lib/des/afs_string_to_key.c from UMD. * constructed by Mark Eichin, Cygnus Support, 1995. * made thread-safe by Ken Raeburn, MIT, 2001. @@ -15,7 +15,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -33,14 +33,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -51,7 +51,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -72,10 +72,10 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data, const krb5_data *salt) { /* totally different approach from MIT string2key. */ - /* much of the work has already been done by the only caller - which is mit_des_string_to_key; in particular, *keyblock is already + /* much of the work has already been done by the only caller + which is mit_des_string_to_key; in particular, *keyblock is already set up. */ - + char *realm = salt->data; unsigned int i, j; krb5_octet *key = keyblock->contents; @@ -129,7 +129,7 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data, if (isupper(password[i])) password[i] = tolower(password[i]); } - + memcpy (ikey, "kerberos", sizeof(ikey)); memcpy (tkey, ikey, sizeof(tkey)); mit_des_fixup_key_parity (tkey); @@ -140,13 +140,13 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data, mit_des_fixup_key_parity (tkey); (void) mit_des_key_sched (tkey, key_sked); (void) mit_des_cbc_cksum (password, key, i, key_sked, ikey); - + /* erase key_sked */ memset(key_sked, 0,sizeof(key_sked)); /* now fix up key parity again */ mit_des_fixup_key_parity(key); - + /* clean & free the input string */ memset(password, 0, (size_t) pw_len); free(password); @@ -162,7 +162,7 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data, /* Portions of this code: Copyright 1989 by the Massachusetts Institute of Technology */ - + /* * Copyright (c) 1990 Regents of The University of Michigan. * All Rights Reserved. @@ -201,7 +201,7 @@ static const char IP[] = { 61,53,45,37,29,21,13, 5, 63,55,47,39,31,23,15, 7, }; - + /* * Final permutation, FP = IP^(-1) */ @@ -215,7 +215,7 @@ static const char FP[] = { 34, 2,42,10,50,18,58,26, 33, 1,41, 9,49,17,57,25, }; - + /* * Permuted-choice 1 from the key bits to yield C and D. * Note that bits 8,16... are left out: They are intended for a parity check. @@ -226,21 +226,21 @@ static const char PC1_C[] = { 10, 2,59,51,43,35,27, 19,11, 3,60,52,44,36, }; - + static const char PC1_D[] = { 63,55,47,39,31,23,15, 7,62,54,46,38,30,22, 14, 6,61,53,45,37,29, 21,13, 5,28,20,12, 4, }; - + /* * Sequence of shifts used for the key schedule. */ static const char shifts[] = { 1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1, }; - + /* * Permuted-choice 2, to pick out the bits from * the CD array that generate the key schedule. @@ -251,14 +251,14 @@ static const char PC2_C[] = { 23,19,12, 4,26, 8, 16, 7,27,20,13, 2, }; - + static const char PC2_D[] = { 41,52,31,37,47,55, 30,40,51,45,33,48, 44,49,39,56,34,53, 46,42,50,36,29,32, }; - + /* * The E bit-selection table. */ @@ -272,7 +272,7 @@ static const char e[] = { 24,25,26,27,28,29, 28,29,30,31,32, 1, }; - + /* * P is a permutation on the selected combination * of the current L and key. @@ -287,7 +287,7 @@ static const char P[] = { 19,13,30, 6, 22,11, 4,25, }; - + /* * The 8 selection functions. * For some reason, they give a 0-origin @@ -298,44 +298,44 @@ static const char S[8][64] = { 0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8, 4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0, 15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13}, - + {15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10, 3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5, 0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15, 13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9}, - + {10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8, 13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1, 13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7, 1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12}, - + { 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15, 13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9, 10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4, 3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14}, - + { 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9, 14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6, 4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14, 11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3}, - + {12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11, 10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8, 9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6, 4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13}, - + { 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1, 13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6, 1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2, 6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12}, - + {13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7, 1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2, 7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8, 2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11}, }; - - + + char *afs_crypt(const char *pw, const char *salt, /* must be at least 16 bytes */ char *iobuf) @@ -349,7 +349,7 @@ char *afs_crypt(const char *pw, const char *salt, * Generated from the key. */ char KS[16][48]; - + for(i=0; i<66; i++) block[i] = 0; for(i=0; (c= *pw) && i<64; pw++){ @@ -357,7 +357,7 @@ char *afs_crypt(const char *pw, const char *salt, block[i] = (c>>(6-j)) & 01; i++; } - + krb5_afs_crypt_setkey(block, E, KS); for(i=0; i<66; i++) @@ -377,10 +377,10 @@ char *afs_crypt(const char *pw, const char *salt, } } } - + for(i=0; i<25; i++) krb5_afs_encrypt(block,E,KS); - + for(i=0; i<11; i++){ c = 0; for(j=0; j<6; j++){ @@ -401,7 +401,7 @@ char *afs_crypt(const char *pw, const char *salt, /* * Set up the key schedule from the key. */ - + static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48]) { register int i, j, k; @@ -410,7 +410,7 @@ static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48]) * The C and D arrays used to calculate the key schedule. */ char C[28], D[28]; - + /* * First, generate C and D by permuting * the key. The low order bit of each @@ -448,7 +448,7 @@ static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48]) KS[i][j+24] = D[PC2_D[j]-28-1]; } } - + #if 0 for(i=0;i<48;i++) { E[i] = e[i]; @@ -457,11 +457,11 @@ static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48]) memcpy(E, e, 48); #endif } - + /* * The payoff: encrypt a block. */ - + static void krb5_afs_encrypt(char *block, char *E, char (*KS)[48]) { const long edflag = 0; diff --git a/src/lib/crypto/builtin/des/d3_aead.c b/src/lib/crypto/builtin/des/d3_aead.c index 2245283..3eb9422 100644 --- a/src/lib/crypto/builtin/des/d3_aead.c +++ b/src/lib/crypto/builtin/des/d3_aead.c @@ -7,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/builtin/des/d3_cbc.c b/src/lib/crypto/builtin/des/d3_cbc.c index 077e78d..f90d8e5 100644 --- a/src/lib/crypto/builtin/des/d3_cbc.c +++ b/src/lib/crypto/builtin/des/d3_cbc.c @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/builtin/des/d3_kysched.c b/src/lib/crypto/builtin/des/d3_kysched.c index f18cc24..2a9cc5a 100644 --- a/src/lib/crypto/builtin/des/d3_kysched.c +++ b/src/lib/crypto/builtin/des/d3_kysched.c @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h index fd2024a..d6fa04a 100644 --- a/src/lib/crypto/builtin/des/des_int.h +++ b/src/lib/crypto/builtin/des/des_int.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +22,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Private include file for the Data Encryption Standard library. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +47,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -112,7 +112,7 @@ KRB5INT_DES_DEPRECATED; * have an exact 32-bit int, and nothing should be looking inside a * des_key_schedule anyway. */ -typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] +typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] KRB5INT_DES_DEPRECATED; typedef des_cblock mit_des_cblock; @@ -176,7 +176,7 @@ extern int mit_des_cbc_encrypt (const mit_des_cblock *in, unsigned long length, const mit_des_key_schedule schedule, const mit_des_cblock ivec, int enc); - + #define mit_des_zeroblock krb5int_c_mit_des_zeroblock extern const mit_des_cblock mit_des_zeroblock; @@ -214,7 +214,7 @@ extern krb5_error_code mit_des_random_key /* string2key.c */ extern krb5_error_code mit_des_string_to_key - ( const krb5_encrypt_block *, + ( const krb5_encrypt_block *, krb5_keyblock *, const krb5_data *, const krb5_data *); extern krb5_error_code mit_des_string_to_key_int (krb5_keyblock *, const krb5_data *, const krb5_data *); diff --git a/src/lib/crypto/builtin/des/destest.c b/src/lib/crypto/builtin/des/destest.c index ef87858..287a4e9 100644 --- a/src/lib/crypto/builtin/des/destest.c +++ b/src/lib/crypto/builtin/des/destest.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Test a DES implementation against known inputs & outputs */ @@ -30,14 +30,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -48,7 +48,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -101,7 +101,7 @@ main(argc, argv) sched, zeroblock, 1); if (memcmp((char *)output2, (char *)output, 8)) { - fprintf(stderr, + fprintf(stderr, "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n", block1, block2, block3, output2[0],output2[1],output2[2],output2[3], @@ -116,7 +116,7 @@ main(argc, argv) sched, zeroblock, 0); if (memcmp((char *)output2, (char *)input, 8)) { - fprintf(stderr, + fprintf(stderr, "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n", block1, block2, block3, output2[0],output2[1],output2[2],output2[3], @@ -127,7 +127,7 @@ main(argc, argv) num++; } - if (error) + if (error) printf("destest: failed to pass the test\n"); else printf("destest: %d tests passed successfully\n", num); @@ -217,13 +217,13 @@ mit_des_check_key_parity(key) register mit_des_cblock key; { int i; - + for (i=0; i<sizeof(mit_des_cblock); i++) { if ((key[i] & 1) == parity_char(0xfe&key[i])) { printf("warning: bad parity key:"); - des_cblock_print_file(key, stdout); + des_cblock_print_file(key, stdout); putchar('\n'); - + return 1; } } @@ -236,11 +236,11 @@ mit_des_fixup_key_parity(key) register mit_des_cblock key; { int i; - for (i=0; i<sizeof(mit_des_cblock); i++) + for (i=0; i<sizeof(mit_des_cblock); i++) { key[i] &= 0xfe; key[i] |= 1^parity_char(key[i]); } - + return; } diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c index 170482c..328d20a 100644 --- a/src/lib/crypto/builtin/des/f_aead.c +++ b/src/lib/crypto/builtin/des/f_aead.c @@ -7,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/builtin/des/f_parity.c b/src/lib/crypto/builtin/des/f_parity.c index 4263863..846c821 100644 --- a/src/lib/crypto/builtin/des/f_parity.c +++ b/src/lib/crypto/builtin/des/f_parity.c @@ -24,12 +24,12 @@ void mit_des_fixup_key_parity(mit_des_cblock key) { unsigned int i; - for (i=0; i<sizeof(mit_des_cblock); i++) + for (i=0; i<sizeof(mit_des_cblock); i++) { key[i] &= 0xfe; key[i] |= 1^parity_char(key[i]); } - + return; } @@ -42,10 +42,10 @@ int mit_des_check_key_parity(mit_des_cblock key) { unsigned int i; - - for (i=0; i<sizeof(mit_des_cblock); i++) + + for (i=0; i<sizeof(mit_des_cblock); i++) { - if((key[i] & 1) == parity_char(0xfe&key[i])) + if((key[i] & 1) == parity_char(0xfe&key[i])) { return 0; } @@ -53,4 +53,3 @@ mit_des_check_key_parity(mit_des_cblock key) return(1); } - diff --git a/src/lib/crypto/builtin/des/f_sched.c b/src/lib/crypto/builtin/des/f_sched.c index ece48ef..cb0a6bb 100644 --- a/src/lib/crypto/builtin/des/f_sched.c +++ b/src/lib/crypto/builtin/des/f_sched.c @@ -343,7 +343,7 @@ mit_des_make_key_sched(mit_des_cblock key, mit_des_key_schedule schedule) | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)] | PC2_D[2][((d >> 7) & 0x3f)] | PC2_D[3][((d ) & 0x3) | ((d >> 1) & 0x3c)]; - + /* * Make up two words of the key schedule, with a * byte order which is convenient for the DES diff --git a/src/lib/crypto/builtin/des/key_sched.c b/src/lib/crypto/builtin/des/key_sched.c index 26449a9..dc6f349 100644 --- a/src/lib/crypto/builtin/des/key_sched.c +++ b/src/lib/crypto/builtin/des/key_sched.c @@ -9,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -23,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * This routine computes the DES key schedule given a key. The * permutations and shifts have been done at compile time, resulting diff --git a/src/lib/crypto/builtin/des/string2key.c b/src/lib/crypto/builtin/des/string2key.c index 0ce4136..c817806 100644 --- a/src/lib/crypto/builtin/des/string2key.c +++ b/src/lib/crypto/builtin/des/string2key.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Compute encryption key from salt and pass phrase. */ diff --git a/src/lib/crypto/builtin/des/t_verify.c b/src/lib/crypto/builtin/des/t_verify.c index a6ad07c..6c1f17b 100644 --- a/src/lib/crypto/builtin/des/t_verify.c +++ b/src/lib/crypto/builtin/des/t_verify.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Program to test the correctness of the DES library * implementation. @@ -33,14 +33,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -51,7 +51,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -118,7 +118,7 @@ unsigned char mresult[8] = { 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96 }; - + /* * Can also add : * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) @@ -237,7 +237,7 @@ main(argc,argv) printf("verify: error in ECB encryption\n"); exit(-1); } - else + else printf("verify: ECB encryption is correct\n\n"); } @@ -261,7 +261,7 @@ main(argc,argv) printf("verify: error in ECB encryption\n"); exit(-1); } - else + else printf("verify: ECB encryption is correct\n\n"); } @@ -277,7 +277,7 @@ main(argc,argv) in_length = strlen((char *)input); if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) input, (mit_des_cblock *) cipher_text, - (size_t) in_length, + (size_t) in_length, sched, ivec, MIT_DES_ENCRYPT))) { @@ -294,7 +294,7 @@ main(argc,argv) } if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) cipher_text, (mit_des_cblock *) clear_text, - (size_t) in_length, + (size_t) in_length, sched, ivec, MIT_DES_DECRYPT))) { @@ -307,7 +307,7 @@ main(argc,argv) printf("verify: error in CBC encryption\n"); exit(-1); } - else + else printf("verify: CBC encryption is correct\n\n"); printf("EXAMPLE CBC checksum"); @@ -327,7 +327,7 @@ main(argc,argv) printf("verify: error in CBC cheksum\n"); exit(-1); } - else + else printf("verify: CBC checksum is correct\n\n"); exit(0); diff --git a/src/lib/crypto/builtin/des/weak_key.c b/src/lib/crypto/builtin/des/weak_key.c index 2eab9f5..7086789 100644 --- a/src/lib/crypto/builtin/des/weak_key.c +++ b/src/lib/crypto/builtin/des/weak_key.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Under U.S. law, this software may not be exported outside the US * without license from the U.S. Commerce department. diff --git a/src/lib/crypto/builtin/enc_provider/aes.c b/src/lib/crypto/builtin/enc_provider/aes.c index 52fb225..b735cc9 100644 --- a/src/lib/crypto/builtin/enc_provider/aes.c +++ b/src/lib/crypto/builtin/enc_provider/aes.c @@ -403,4 +403,3 @@ const struct krb5_enc_provider krb5int_enc_aes256 = { krb5int_aes_encrypt_iov, krb5int_aes_decrypt_iov }; - diff --git a/src/lib/crypto/builtin/enc_provider/des.c b/src/lib/crypto/builtin/enc_provider/des.c index d73a1d2..f531c06 100644 --- a/src/lib/crypto/builtin/enc_provider/des.c +++ b/src/lib/crypto/builtin/enc_provider/des.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/builtin/enc_provider/des3.c b/src/lib/crypto/builtin/enc_provider/des3.c index eae504b..c731639 100644 --- a/src/lib/crypto/builtin/enc_provider/des3.c +++ b/src/lib/crypto/builtin/enc_provider/des3.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -187,4 +187,3 @@ const struct krb5_enc_provider krb5int_enc_des3 = { k5_des3_encrypt_iov, k5_des3_decrypt_iov }; - diff --git a/src/lib/crypto/builtin/enc_provider/enc_provider.h b/src/lib/crypto/builtin/enc_provider/enc_provider.h index 92022b3..49ffaaf 100644 --- a/src/lib/crypto/builtin/enc_provider/enc_provider.h +++ b/src/lib/crypto/builtin/enc_provider/enc_provider.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -33,4 +33,3 @@ extern const struct krb5_enc_provider krb5int_enc_aes128; extern const struct krb5_enc_provider krb5int_enc_aes256; extern const struct krb5_enc_provider krb5int_enc_aes128_ctr; extern const struct krb5_enc_provider krb5int_enc_aes256_ctr; - diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c index 47c131d..3c3e0f1 100644 --- a/src/lib/crypto/builtin/enc_provider/rc4.c +++ b/src/lib/crypto/builtin/enc_provider/rc4.c @@ -1,4 +1,4 @@ -/* arcfour.c +/* arcfour.c * * Copyright (c) 2000 by Computer Science Laboratory, * Rensselaer Polytechnic Institute @@ -20,11 +20,11 @@ static unsigned int k5_arcfour_byte(ArcfourContext *); #endif /* gcc inlines*/ /* Initializes the context and sets the key. */ -static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, +static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, unsigned int keylen); /* Encrypts/decrypts data. */ -static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, +static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, const unsigned char *src, unsigned int len); /* Interface layer to kerb5 crypto layer */ @@ -61,7 +61,7 @@ static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx) return state[(sx + sy) & 0xff]; } -static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, +static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, const unsigned char *src, unsigned int len) { unsigned int i; @@ -71,7 +71,7 @@ static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, static krb5_error_code -k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, +k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, unsigned int key_len) { unsigned int t, u; @@ -153,7 +153,7 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, memset(arcfour_ctx, 0, sizeof (ArcfourContext)); free(arcfour_ctx); } - + return 0; } @@ -234,7 +234,7 @@ k5_arcfour_init_state (const krb5_keyblock *key, return 0; } -/* Since the arcfour cipher is identical going forwards and backwards, +/* Since the arcfour cipher is identical going forwards and backwards, we just call "docrypt" directly */ const struct krb5_enc_provider krb5int_enc_arcfour = { @@ -254,4 +254,3 @@ const struct krb5_enc_provider krb5int_enc_arcfour = { k5_arcfour_docrypt_iov, k5_arcfour_docrypt_iov }; - diff --git a/src/lib/crypto/builtin/hash_provider/hash_crc32.c b/src/lib/crypto/builtin/hash_provider/hash_crc32.c index 780e158..771a7d6 100644 --- a/src/lib/crypto/builtin/hash_provider/hash_crc32.c +++ b/src/lib/crypto/builtin/hash_provider/hash_crc32.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -34,7 +34,7 @@ k5_crc32_hash(unsigned int icount, const krb5_data *input, { unsigned long c, cn; unsigned int i; - + if (output->length != CRC32_CKSUM_LENGTH) return(KRB5_CRYPTO_INTERNAL); diff --git a/src/lib/crypto/builtin/hash_provider/hash_md4.c b/src/lib/crypto/builtin/hash_provider/hash_md4.c index 3a4a4d5..916da0f 100644 --- a/src/lib/crypto/builtin/hash_provider/hash_md4.c +++ b/src/lib/crypto/builtin/hash_provider/hash_md4.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/builtin/hash_provider/hash_md5.c b/src/lib/crypto/builtin/hash_provider/hash_md5.c index 10840d0..e1e29f0 100644 --- a/src/lib/crypto/builtin/hash_provider/hash_md5.c +++ b/src/lib/crypto/builtin/hash_provider/hash_md5.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/builtin/hash_provider/hash_provider.h b/src/lib/crypto/builtin/hash_provider/hash_provider.h index 4fa4609..1023d1a 100644 --- a/src/lib/crypto/builtin/hash_provider/hash_provider.h +++ b/src/lib/crypto/builtin/hash_provider/hash_provider.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/builtin/hash_provider/hash_sha1.c b/src/lib/crypto/builtin/hash_provider/hash_sha1.c index 00ab72b..1f1fc62 100644 --- a/src/lib/crypto/builtin/hash_provider/hash_sha1.c +++ b/src/lib/crypto/builtin/hash_provider/hash_sha1.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/builtin/hmac.c b/src/lib/crypto/builtin/hmac.c index d1be17e..3e58a59 100644 --- a/src/lib/crypto/builtin/hmac.c +++ b/src/lib/crypto/builtin/hmac.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -98,7 +98,7 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash, hashin[0].length = blocksize; hashin[0].data = (char *) xorkey; - for (i=0; i<icount; i++) + for (i=0; i<icount; i++) hashin[i+1] = input[i]; hashout.length = hashsize; diff --git a/src/lib/crypto/builtin/md4/rsa-md4.h b/src/lib/crypto/builtin/md4/rsa-md4.h index f4272d5..2f59220 100644 --- a/src/lib/crypto/builtin/md4/rsa-md4.h +++ b/src/lib/crypto/builtin/md4/rsa-md4.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * RSA MD4 header file, with Kerberos/STDC additions. */ diff --git a/src/lib/crypto/builtin/md5/md5.c b/src/lib/crypto/builtin/md5/md5.c index 8f04be4..76f8fa2 100644 --- a/src/lib/crypto/builtin/md5/md5.c +++ b/src/lib/crypto/builtin/md5/md5.c @@ -106,7 +106,7 @@ static const unsigned char PADDING[64] = { /* The routine krb5int_MD5Init initializes the message-digest context mdContext. All fields are set to zero. */ -void +void krb5int_MD5Init (krb5_MD5_CTX *mdContext) { mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0; diff --git a/src/lib/crypto/builtin/pbkdf2.c b/src/lib/crypto/builtin/pbkdf2.c index 96409ba..7b45fe8 100644 --- a/src/lib/crypto/builtin/pbkdf2.c +++ b/src/lib/crypto/builtin/pbkdf2.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Implementation of PBKDF2 from RFC 2898. */ diff --git a/src/lib/crypto/builtin/sha1/t_shs3.c b/src/lib/crypto/builtin/sha1/t_shs3.c index 96b36a7..cf9787e 100644 --- a/src/lib/crypto/builtin/sha1/t_shs3.c +++ b/src/lib/crypto/builtin/sha1/t_shs3.c @@ -43,7 +43,7 @@ static void longReverse( SHS_LONG *buffer, int byteCount ) byteCount /= sizeof( SHS_LONG ); while( byteCount-- ) { value = *buffer; - value = ( ( value & 0xFF00FF00L ) >> 8 ) | + value = ( ( value & 0xFF00FF00L ) >> 8 ) | ( ( value & 0x00FF00FFL ) << 8 ); *buffer++ = ( value << 16 ) | ( value >> 16 ); } diff --git a/src/lib/crypto/builtin/t_cf2.c b/src/lib/crypto/builtin/t_cf2.c index 2e171c2..0c968ea 100644 --- a/src/lib/crypto/builtin/t_cf2.c +++ b/src/lib/crypto/builtin/t_cf2.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * This file contains tests for theKRB-FX-CF2 code in Kerberos, based *on the PRF regression tests. It reads an input file, and writes an *output file. It is assumed that the output file will be diffed @@ -77,7 +77,7 @@ int main () { krb5_free_keyblock(0,out); out = NULL; - + krb5_free_keyblock(0, k1); k1 = NULL; krb5_free_keyblock(0, k2); diff --git a/src/lib/crypto/crypto_tests/aes-test.c b/src/lib/crypto/crypto_tests/aes-test.c index 8999bd7..3ccacd8 100644 --- a/src/lib/crypto/crypto_tests/aes-test.c +++ b/src/lib/crypto/crypto_tests/aes-test.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Subset of NIST tests for AES; specifically, the variable-key and * variable-text tests for 128- and 256-bit keys. diff --git a/src/lib/crypto/crypto_tests/t_crc.c b/src/lib/crypto/crypto_tests/t_crc.c index e8a353a..cf837f8 100644 --- a/src/lib/crypto/crypto_tests/t_crc.c +++ b/src/lib/crypto/crypto_tests/t_crc.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/crypto_tests/t_cts.c b/src/lib/crypto/crypto_tests/t_cts.c index 596ca3b..d948532 100644 --- a/src/lib/crypto/crypto_tests/t_cts.c +++ b/src/lib/crypto/crypto_tests/t_cts.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Test vectors for crypto code, matching data submitted for inclusion * with RFC1510bis. diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c index aac31fb..5615bc8 100644 --- a/src/lib/crypto/crypto_tests/t_encrypt.c +++ b/src/lib/crypto/crypto_tests/t_encrypt.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,11 +22,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * <<< Description >>> */ -/* +/* * Some black-box tests of crypto systems. Make sure that we can decrypt things we encrypt, etc. */ @@ -125,7 +125,7 @@ main () enc_out.ciphertext = out; enc_out2.ciphertext = out2; - /* We use an intermediate `len' because size_t may be different size + /* We use an intermediate `len' because size_t may be different size than `int' */ krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len); enc_out.ciphertext.length = len; @@ -200,7 +200,7 @@ main () krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5)); test("Comparing results", compare_results(&in, &iov[1].data)); - + /* Try again with opaque-key-using variants. */ test("iov encrypting (k)", krb5_k_encrypt_iov(context, key, 7, 0, iov, 5)); @@ -261,5 +261,3 @@ main () free(check2.data); return 0; } - - diff --git a/src/lib/crypto/crypto_tests/t_hmac.c b/src/lib/crypto/crypto_tests/t_hmac.c index d09adb0..55b47b8 100644 --- a/src/lib/crypto/crypto_tests/t_hmac.c +++ b/src/lib/crypto/crypto_tests/t_hmac.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Test vectors for HMAC-MD5 and HMAC-SHA1 (placeholder only). * Tests taken from RFC 2202. @@ -91,7 +91,7 @@ struct hmac_test { const char *hexdigest; }; -static krb5_error_code hmac1(const struct krb5_hash_provider *h, +static krb5_error_code hmac1(const struct krb5_hash_provider *h, krb5_keyblock *key, krb5_data *in, krb5_data *out) { @@ -223,7 +223,7 @@ static void test_hmac() 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, }, - 73, + 73, "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", "0x6f630fad67cda0ee1fb1f562db3aa53e" }, diff --git a/src/lib/crypto/crypto_tests/t_kperf.c b/src/lib/crypto/crypto_tests/t_kperf.c index f56aa3c..4c99d72 100644 --- a/src/lib/crypto/crypto_tests/t_kperf.c +++ b/src/lib/crypto/crypto_tests/t_kperf.c @@ -9,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/crypto_tests/t_mddriver.c b/src/lib/crypto/crypto_tests/t_mddriver.c index 2c0210c..3fab847 100644 --- a/src/lib/crypto/crypto_tests/t_mddriver.c +++ b/src/lib/crypto/crypto_tests/t_mddriver.c @@ -117,7 +117,7 @@ struct md_test_entry md_test_suite[] = { { "abcdefghijklmnopqrstuvwxyz", {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b }}, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f }}, { "12345678901234567890123456789012345678901234567890123456789012345678901234567890", @@ -125,7 +125,7 @@ struct md_test_entry md_test_suite[] = { 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a }}, { 0, {0} } }; - + #endif /* Main driver. @@ -185,7 +185,7 @@ static void MDTimeTrial () time_t endTime, startTime; unsigned char block[TEST_BLOCK_LEN]; unsigned int i; - + printf("MD%d time trial. Digesting %d %d-byte blocks ...", MD, TEST_BLOCK_LEN, TEST_BLOCK_COUNT); @@ -222,7 +222,7 @@ static void MDTestSuite () MD_CTX context; struct md_test_entry *entry; int i, num_tests = 0, num_failed = 0; - + printf ("MD%d test suite:\n\n", MD); for (entry = md_test_suite; entry->string; entry++) { unsigned int len = strlen (entry->string); @@ -254,7 +254,7 @@ static void MDTestSuite () exit(0); } #else - + printf ("MD%d test suite:\n", MD); MDString (""); MDString ("a"); diff --git a/src/lib/crypto/crypto_tests/t_nfold.c b/src/lib/crypto/crypto_tests/t_nfold.c index 2b5b0e3..27a5760 100644 --- a/src/lib/crypto/crypto_tests/t_nfold.c +++ b/src/lib/crypto/crypto_tests/t_nfold.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Program to test the correctness of nfold implementation. * @@ -139,7 +139,7 @@ main(argc, argv) printf("N-fold\n"); for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) { - printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]), + printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]), nfold_in[i]); printf("\t192-Fold:\t"); krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8, diff --git a/src/lib/crypto/crypto_tests/t_pkcs5.c b/src/lib/crypto/crypto_tests/t_pkcs5.c index fa1f43d..2d58b50 100644 --- a/src/lib/crypto/crypto_tests/t_pkcs5.c +++ b/src/lib/crypto/crypto_tests/t_pkcs5.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Test vectors for PBKDF2 (from PKCS #5v2), based on RFC 3211. */ diff --git a/src/lib/crypto/crypto_tests/t_prf.c b/src/lib/crypto/crypto_tests/t_prf.c index ac244eb..c8825d0 100644 --- a/src/lib/crypto/crypto_tests/t_prf.c +++ b/src/lib/crypto/crypto_tests/t_prf.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * This file contains tests for the PRF code in Kerberos. IT reads an * input file, and writes an output file. It is assumed that the * output file will be diffed against expected output to see whether @@ -55,7 +55,7 @@ int main () { input.data = &s[0]; input.length = strlen(s); assert(krb5_c_string_to_key (0, enctype, &input, &input, key) == 0); - + if (scanf("%u", &in_length) == EOF) break; @@ -71,7 +71,7 @@ int main () { assert (output.data = malloc(prfsz)); output.length = prfsz; assert (krb5_c_prf(0, key, &input, &output) == 0); - + free (input.data); input.data = NULL; } diff --git a/src/lib/crypto/crypto_tests/t_prng.c b/src/lib/crypto/crypto_tests/t_prng.c index 7df743b..2555e89 100644 --- a/src/lib/crypto/crypto_tests/t_prng.c +++ b/src/lib/crypto/crypto_tests/t_prng.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * This file contains tests for the PRNG code in Kerberos. It reads * an input file, and writes an output file. It is assumed that the * output file will be diffed against expected output to see whether diff --git a/src/lib/crypto/crypto_tests/vectors.c b/src/lib/crypto/crypto_tests/vectors.c index 6723544..a6301ed 100644 --- a/src/lib/crypto/crypto_tests/vectors.c +++ b/src/lib/crypto/crypto_tests/vectors.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Test vectors for crypto code, matching data submitted for inclusion * with RFC1510bis. diff --git a/src/lib/crypto/crypto_tests/ytest.c b/src/lib/crypto/crypto_tests/ytest.c index 93fb5f2..82e2eba 100644 --- a/src/lib/crypto/crypto_tests/ytest.c +++ b/src/lib/crypto/crypto_tests/ytest.c @@ -28,8 +28,8 @@ static void print_yarrow_status( Yarrow_CTX *y ) for ( sid = 0; sid < y->num_sources; sid++ ) { source = &y->source[ sid ]; - printf( "#%d=%d/%d, ", sid, source->entropy[pool], - pool == YARROW_SLOW_POOL ? + printf( "#%d=%d/%d, ", sid, source->entropy[pool], + pool == YARROW_SLOW_POOL ? y->slow_thresh : y->fast_thresh ); } } @@ -44,8 +44,8 @@ int Instrumented_krb5int_yarrow_input( Yarrow_CTX* y, int sid, void* sample, { int ret; - VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy, - y->source[sid].pool == + VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy, + y->source[sid].pool == YARROW_SLOW_POOL ? "slow" : "fast" ); ); ret = krb5int_yarrow_input( y, sid, sample, size, entropy ); @@ -95,15 +95,15 @@ int main( int argc, char* argv[] ) int done_some_tests = 0; int i; int ret; - + for ( argvp = argv+1, i = 1; i < argc; i++, argvp++ ) { arg = *argvp; - if ( arg[0] == '-' ) + if ( arg[0] == '-' ) { switch ( arg[1] ) { - case 'v': yarrow_verbose = 1; continue; + case 'v': yarrow_verbose = 1; continue; default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" ); THROW( YARROW_FAIL ); } @@ -193,7 +193,7 @@ int test_3( void ) VERBOSE( printf( "\nkrb5int_yarrow_stretch\n\n" ); ); THROW( YARROW_NOT_IMPL ); - + CATCH: EXCEP_RET; } @@ -232,18 +232,18 @@ int test_4( void ) VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", krb5int_yarrow_str_error( ret ) ); ); if ( ret != YARROW_OK ) { THROW( ret ); } - + VERBOSE( printf( "Yarrow_Poll( #%d ) = [", user ); ); ret = Yarrow_Poll( &yarrow, user ); VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); ret = krb5int_yarrow_new_source( &yarrow, &mouse ); - VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", + VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", krb5int_yarrow_str_error( ret ) ); ); if ( ret != YARROW_OK ) { THROW( ret ); } ret = krb5int_yarrow_new_source( &yarrow, &keyboard ); - VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", + VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", krb5int_yarrow_str_error( ret ) ); ); if ( ret != YARROW_OK ) { THROW( ret ); } @@ -255,22 +255,22 @@ int test_4( void ) ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) ); VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); -/* do it twice so that we some slow samples +/* do it twice so that we some slow samples * (first sample goes to fast pool, and then samples alternate) */ for ( i = 0; i < 2; i++ ) { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, + TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, sizeof( mouse_sample ), 2 ) ); - - TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample, + + TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample, sizeof( keyboard_sample ), 2 ) ); - TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, + TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, sizeof( user_sample ), 2 ) ); } - + #if defined( YARROW_DEBUG ) dump_yarrow_state( stdout, &yarrow ); #endif @@ -282,8 +282,8 @@ int test_4( void ) for ( i = 0; i < 7; i++ ) { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, - sizeof( user_sample ), + TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, + sizeof( user_sample ), sizeof( user_sample ) * 3 ) ); } @@ -295,8 +295,8 @@ int test_4( void ) for ( i = 0; i < 40; i++ ) { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, - sizeof( mouse_sample ), + TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, + sizeof( mouse_sample ), sizeof( mouse_sample )*2 ) ); } @@ -320,20 +320,20 @@ int test_4( void ) if ( i % 16 == 0 ) { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk, - sizeof( junk ), + TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk, + sizeof( junk ), sizeof( junk ) * 3 ) ); } else { - TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk, - sizeof( junk ), + TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk, + sizeof( junk ), sizeof( junk ) * 3 ) ); } } VERBOSE( printf( "\nPrint some random output\n\n" ); ); - + VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); ); ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) ); VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); ); @@ -365,7 +365,7 @@ void hex_print( FILE* f, const char* var, void* data, size_t size ) size_t i; char* p = (char*) data; char c, d; - + fprintf( f, var ); fprintf( f, " = " ); for ( i = 0; i < size; i++ ) diff --git a/src/lib/crypto/krb/aead.c b/src/lib/crypto/krb/aead.c index fd9a50e..f3ca11b 100644 --- a/src/lib/crypto/krb/aead.c +++ b/src/lib/crypto/krb/aead.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -91,7 +91,7 @@ make_unkeyed_checksum_iov(const struct krb5_hash_provider *hash_provider, return ret; } -krb5_error_code +krb5_error_code krb5int_c_make_checksum_iov(const struct krb5_cksumtypes *cksum_type, krb5_key key, krb5_keyusage usage, @@ -382,7 +382,7 @@ krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead, iov[i].data.data = stream->data.data; iov[i].data.length = header_len; i++; - + for (j = 0; j < num_data; j++) { if (data[j].flags == KRB5_CRYPTO_TYPE_DATA) { if (got_data) { @@ -570,4 +570,3 @@ krb5int_c_encrypt_length_aead_compat(const struct krb5_aead_provider *aead, *length = header_len + inputlen + padding_len + trailer_len; } - diff --git a/src/lib/crypto/krb/aead.h b/src/lib/crypto/krb/aead.h index cc43875..f9e92bd 100644 --- a/src/lib/crypto/krb/aead.h +++ b/src/lib/crypto/krb/aead.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/krb/block_size.c b/src/lib/crypto/krb/block_size.c index 336dbc2..6f88945 100644 --- a/src/lib/crypto/krb/block_size.c +++ b/src/lib/crypto/krb/block_size.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/cf2.c b/src/lib/crypto/krb/cf2.c index 1c6896c..b5724a3 100644 --- a/src/lib/crypto/krb/cf2.c +++ b/src/lib/crypto/krb/cf2.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +22,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * * Implement KRB_FX_CF2 function per *draft-ietf-krb-wg-preauth-framework-09. Take two keys and two @@ -37,7 +37,7 @@ /* * Call the PRF function multiple times with the pepper prefixed with - * a count byte to get enough bits of output. + * a count byte to get enough bits of output. */ static krb5_error_code prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper, @@ -90,7 +90,7 @@ cleanup: return retval; } - + krb5_error_code KRB5_CALLCONV krb5_c_fx_cf2_simple(krb5_context context, krb5_keyblock *k1, const char *pepper1, diff --git a/src/lib/crypto/krb/checksum_length.c b/src/lib/crypto/krb/checksum_length.c index aeb057c..bc1c9d3 100644 --- a/src/lib/crypto/krb/checksum_length.c +++ b/src/lib/crypto/krb/checksum_length.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -50,4 +50,3 @@ krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype, return 0; } - diff --git a/src/lib/crypto/krb/cksumtype_to_string.c b/src/lib/crypto/krb/cksumtype_to_string.c index d974766..d5bb702 100644 --- a/src/lib/crypto/krb/cksumtype_to_string.c +++ b/src/lib/crypto/krb/cksumtype_to_string.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c index e03c0ad..2c1924d 100644 --- a/src/lib/crypto/krb/cksumtypes.c +++ b/src/lib/crypto/krb/cksumtypes.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -69,21 +69,21 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = { &krb5int_hash_sha1 }, { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0, "hmac-md5-rc4", { "hmac-md5-enc", "hmac-md5-earcfour" }, - "Microsoft HMAC MD5 (RC4 key)", + "Microsoft HMAC MD5 (RC4 key)", ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5, NULL }, { CKSUMTYPE_HMAC_SHA1_96_AES128, KRB5_CKSUMFLAG_DERIVE, "hmac-sha1-96-aes128", { 0 }, "HMAC-SHA1 AES128 key", - 0, NULL, + 0, NULL, &krb5int_hash_sha1, 12 }, { CKSUMTYPE_HMAC_SHA1_96_AES256, KRB5_CKSUMFLAG_DERIVE, "hmac-sha1-96-aes256", { 0 }, "HMAC-SHA1 AES256 key", - 0, NULL, + 0, NULL, &krb5int_hash_sha1, 12 }, { CKSUMTYPE_MD5_HMAC_ARCFOUR, 0, "md5-hmac-rc4", { 0 }, "Microsoft MD5 HMAC (RC4 key)", - ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_md5_hmac, + ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_md5_hmac, NULL } }; diff --git a/src/lib/crypto/krb/cksumtypes.h b/src/lib/crypto/krb/cksumtypes.h index 10d8ccd..f3e1f57 100644 --- a/src/lib/crypto/krb/cksumtypes.h +++ b/src/lib/crypto/krb/cksumtypes.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/coll_proof_cksum.c b/src/lib/crypto/krb/coll_proof_cksum.c index 08b4ccb..e5d7ed1 100644 --- a/src/lib/crypto/krb/coll_proof_cksum.c +++ b/src/lib/crypto/krb/coll_proof_cksum.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/combine_keys.c b/src/lib/crypto/krb/combine_keys.c index 4f2692a..3aa24da 100644 --- a/src/lib/crypto/krb/combine_keys.c +++ b/src/lib/crypto/krb/combine_keys.c @@ -5,7 +5,7 @@ * documentation is hereby granted, provided that both the copyright * notice and this permission notice appear in all copies of the software, * derivative works or modified versions, and any portions thereof. - * + * * NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND * DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER * RESULTING FROM THE USE OF THIS SOFTWARE. @@ -276,4 +276,3 @@ cleanup: krb5_k_free_key(NULL, key); return ret; } - diff --git a/src/lib/crypto/krb/crc32/crc-32.h b/src/lib/crypto/krb/crc32/crc-32.h index 0efc006..5c8c5bc 100644 --- a/src/lib/crypto/krb/crc32/crc-32.h +++ b/src/lib/crypto/krb/crc32/crc-32.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +22,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Definitions for the CRC-32 checksum */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +47,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/crc32/crc32.c b/src/lib/crypto/krb/crc32/crc32.c index ef65476..ee7e53f 100644 --- a/src/lib/crypto/krb/crc32/crc32.c +++ b/src/lib/crypto/krb/crc32/crc32.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * CRC-32/AUTODIN-II routines */ diff --git a/src/lib/crypto/krb/crypto_length.c b/src/lib/crypto/krb/crypto_length.c index 23e8c1c..00de30c 100644 --- a/src/lib/crypto/krb/crypto_length.c +++ b/src/lib/crypto/krb/crypto_length.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -142,4 +142,3 @@ krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype, return 0; } - diff --git a/src/lib/crypto/krb/decrypt.c b/src/lib/crypto/krb/decrypt.c index 36c3bf0..9ad68ad 100644 --- a/src/lib/crypto/krb/decrypt.c +++ b/src/lib/crypto/krb/decrypt.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/decrypt_iov.c b/src/lib/crypto/krb/decrypt_iov.c index fcc9973..1813af9 100644 --- a/src/lib/crypto/krb/decrypt_iov.c +++ b/src/lib/crypto/krb/decrypt_iov.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/krb/default_state.c b/src/lib/crypto/krb/default_state.c index 33a189f..9995b27 100644 --- a/src/lib/crypto/krb/default_state.c +++ b/src/lib/crypto/krb/default_state.c @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,7 +20,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * Section 6 (Encryption) of the Kerberos revisions document defines * cipher states to be used to chain encryptions and decryptions * together. Examples of cipher states include initialization vectors @@ -58,6 +58,3 @@ krb5_error_code krb5int_default_free_state } return 0; } - - - diff --git a/src/lib/crypto/krb/dk/checksum.c b/src/lib/crypto/krb/dk/checksum.c index e5087e7..538060d 100644 --- a/src/lib/crypto/krb/dk/checksum.c +++ b/src/lib/crypto/krb/dk/checksum.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -54,7 +54,7 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash, */ /* Derive the key. */ - + datain.data = (char *) constantdata; datain.length = K5CLENGTH; @@ -102,7 +102,7 @@ krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash, */ /* Derive the key. */ - + datain.data = (char *) constantdata; datain.length = K5CLENGTH; diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c index bcd1114..5019975 100644 --- a/src/lib/crypto/krb/dk/derive.c +++ b/src/lib/crypto/krb/dk/derive.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/dk/dk.h b/src/lib/crypto/krb/dk/dk.h index 288072a..76937da 100644 --- a/src/lib/crypto/krb/dk/dk.h +++ b/src/lib/crypto/krb/dk/dk.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/dk/dk_decrypt.c b/src/lib/crypto/krb/dk/dk_decrypt.c index 9535a75..b080d5f 100644 --- a/src/lib/crypto/krb/dk/dk_decrypt.c +++ b/src/lib/crypto/krb/dk/dk_decrypt.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/dk/dk_encrypt.c b/src/lib/crypto/krb/dk/dk_encrypt.c index b44671a..e84a092 100644 --- a/src/lib/crypto/krb/dk/dk_encrypt.c +++ b/src/lib/crypto/krb/dk/dk_encrypt.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -305,4 +305,3 @@ cleanup: zapfree(plaintext, plainlen); return ret; } - diff --git a/src/lib/crypto/krb/dk/stringtokey.c b/src/lib/crypto/krb/dk/stringtokey.c index 7589b4b..59404e4 100644 --- a/src/lib/crypto/krb/dk/stringtokey.c +++ b/src/lib/crypto/krb/dk/stringtokey.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/enc_provider/aes.c b/src/lib/crypto/krb/enc_provider/aes.c index 060d119..fac85b3 100644 --- a/src/lib/crypto/krb/enc_provider/aes.c +++ b/src/lib/crypto/krb/enc_provider/aes.c @@ -412,4 +412,3 @@ const struct krb5_enc_provider krb5int_enc_aes256 = { krb5int_aes_encrypt_iov, krb5int_aes_decrypt_iov }; - diff --git a/src/lib/crypto/krb/enc_provider/des.c b/src/lib/crypto/krb/enc_provider/des.c index 547f6b9..cd41471 100644 --- a/src/lib/crypto/krb/enc_provider/des.c +++ b/src/lib/crypto/krb/enc_provider/des.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/enc_provider/des3.c b/src/lib/crypto/krb/enc_provider/des3.c index 412c994..b0325fb 100644 --- a/src/lib/crypto/krb/enc_provider/des3.c +++ b/src/lib/crypto/krb/enc_provider/des3.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -218,4 +218,3 @@ const struct krb5_enc_provider krb5int_enc_des3 = { k5_des3_encrypt_iov, k5_des3_decrypt_iov }; - diff --git a/src/lib/crypto/krb/enc_provider/enc_provider.h b/src/lib/crypto/krb/enc_provider/enc_provider.h index 92022b3..49ffaaf 100644 --- a/src/lib/crypto/krb/enc_provider/enc_provider.h +++ b/src/lib/crypto/krb/enc_provider/enc_provider.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -33,4 +33,3 @@ extern const struct krb5_enc_provider krb5int_enc_aes128; extern const struct krb5_enc_provider krb5int_enc_aes256; extern const struct krb5_enc_provider krb5int_enc_aes128_ctr; extern const struct krb5_enc_provider krb5int_enc_aes256_ctr; - diff --git a/src/lib/crypto/krb/enc_provider/rc4.c b/src/lib/crypto/krb/enc_provider/rc4.c index b950a60..c718871 100644 --- a/src/lib/crypto/krb/enc_provider/rc4.c +++ b/src/lib/crypto/krb/enc_provider/rc4.c @@ -1,4 +1,4 @@ -/* arcfour.c +/* arcfour.c * * Copyright (c) 2000 by Computer Science Laboratory, * Rensselaer Polytechnic Institute @@ -18,11 +18,11 @@ static unsigned int k5_arcfour_byte(ArcfourContext *); #endif /* gcc inlines*/ /* Initializes the context and sets the key. */ -static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, +static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, unsigned int keylen); /* Encrypts/decrypts data. */ -static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, +static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, const unsigned char *src, unsigned int len); /* Interface layer to kerb5 crypto layer */ @@ -63,7 +63,7 @@ static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx) return state[(sx + sy) & 0xff]; } -static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, +static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, const unsigned char *src, unsigned int len) { unsigned int i; @@ -73,7 +73,7 @@ static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, static krb5_error_code -k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, +k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, unsigned int key_len) { unsigned int t, u; @@ -153,7 +153,7 @@ k5_arcfour_docrypt(const krb5_keyblock *key, const krb5_data *state, memset(arcfour_ctx, 0, sizeof (ArcfourContext)); free(arcfour_ctx); } - + return 0; } @@ -248,7 +248,7 @@ k5_arcfour_init_state (const krb5_keyblock *key, return 0; } -/* Since the arcfour cipher is identical going forwards and backwards, +/* Since the arcfour cipher is identical going forwards and backwards, we just call "docrypt" directly */ const struct krb5_enc_provider krb5int_enc_arcfour = { @@ -268,4 +268,3 @@ const struct krb5_enc_provider krb5int_enc_arcfour = { k5_arcfour_docrypt_iov, k5_arcfour_docrypt_iov }; - diff --git a/src/lib/crypto/krb/encrypt.c b/src/lib/crypto/krb/encrypt.c index 3c39838..ee9e0e2 100644 --- a/src/lib/crypto/krb/encrypt.c +++ b/src/lib/crypto/krb/encrypt.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/encrypt_iov.c b/src/lib/crypto/krb/encrypt_iov.c index b7b2f58..64cb126 100644 --- a/src/lib/crypto/krb/encrypt_iov.c +++ b/src/lib/crypto/krb/encrypt_iov.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/krb/encrypt_length.c b/src/lib/crypto/krb/encrypt_length.c index bb9a102..f2aad02 100644 --- a/src/lib/crypto/krb/encrypt_length.c +++ b/src/lib/crypto/krb/encrypt_length.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/enctype_compare.c b/src/lib/crypto/krb/enctype_compare.c index b724c3d..6d47f9d 100644 --- a/src/lib/crypto/krb/enctype_compare.c +++ b/src/lib/crypto/krb/enctype_compare.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/enctype_to_string.c b/src/lib/crypto/krb/enctype_to_string.c index 427a30d..c408782 100644 --- a/src/lib/crypto/krb/enctype_to_string.c +++ b/src/lib/crypto/krb/enctype_to_string.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c index 8552c0f..a1acdc0 100644 --- a/src/lib/crypto/krb/etypes.c +++ b/src/lib/crypto/krb/etypes.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -116,7 +116,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { 0, NULL, ETYPE_WEAK }, - { ENCTYPE_ARCFOUR_HMAC, + { ENCTYPE_ARCFOUR_HMAC, "arcfour-hmac", { "rc4-hmac", "arcfour-hmac-md5" }, "ArcFour with HMAC/md5", &krb5int_enc_arcfour, @@ -128,7 +128,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { CKSUMTYPE_HMAC_MD5_ARCFOUR, &krb5int_aead_arcfour, 0 /*flags*/ }, - { ENCTYPE_ARCFOUR_HMAC_EXP, + { ENCTYPE_ARCFOUR_HMAC_EXP, "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" }, "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, diff --git a/src/lib/crypto/krb/etypes.h b/src/lib/crypto/krb/etypes.h index 16dbae9..68dcdd4 100644 --- a/src/lib/crypto/krb/etypes.h +++ b/src/lib/crypto/krb/etypes.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/key.c b/src/lib/crypto/krb/key.c index d6adcba..43d9ce6 100644 --- a/src/lib/crypto/krb/key.c +++ b/src/lib/crypto/krb/key.c @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,7 +20,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * Functions for manipulating krb5_key structures */ diff --git a/src/lib/crypto/krb/keyblocks.c b/src/lib/crypto/krb/keyblocks.c index 51e31d3..d9db694 100644 --- a/src/lib/crypto/krb/keyblocks.c +++ b/src/lib/crypto/krb/keyblocks.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,10 +22,10 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * * - * krb5_init_keyblock- a function to set up + * + * + * krb5_init_keyblock- a function to set up * an empty keyblock */ @@ -62,14 +62,14 @@ krb5int_c_init_keyblock(krb5_context context, krb5_enctype enctype, return 0; } -void +void krb5int_c_free_keyblock(krb5_context context, register krb5_keyblock *val) { krb5int_c_free_keyblock_contents(context, val); free(val); } -void +void krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key) { if (key && key->contents) { diff --git a/src/lib/crypto/krb/keyed_checksum_types.c b/src/lib/crypto/krb/keyed_checksum_types.c index 4874372..4da6e25 100644 --- a/src/lib/crypto/krb/keyed_checksum_types.c +++ b/src/lib/crypto/krb/keyed_checksum_types.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/keyed_cksum.c b/src/lib/crypto/krb/keyed_cksum.c index dcf72b5..9729276 100644 --- a/src/lib/crypto/krb/keyed_cksum.c +++ b/src/lib/crypto/krb/keyed_cksum.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/keyhash_provider/descbc.c b/src/lib/crypto/krb/keyhash_provider/descbc.c index b08e30b..c54e27f 100644 --- a/src/lib/crypto/krb/keyhash_provider/descbc.c +++ b/src/lib/crypto/krb/keyhash_provider/descbc.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -52,10 +52,10 @@ k5_descbc_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec, /* this has a return value, but it's useless to us */ - mit_des_cbc_cksum((unsigned char *) input->data, + mit_des_cbc_cksum((unsigned char *) input->data, (unsigned char *) output->data, input->length, - schedule, - ivec? (const unsigned char *)ivec->data: + schedule, + ivec? (const unsigned char *)ivec->data: (const unsigned char *)mit_des_zeroblock); memset(schedule, 0, sizeof(schedule)); diff --git a/src/lib/crypto/krb/keyhash_provider/hmac_md5.c b/src/lib/crypto/krb/keyhash_provider/hmac_md5.c index 8318dc0..1aa7e3c 100644 --- a/src/lib/crypto/krb/keyhash_provider/hmac_md5.c +++ b/src/lib/crypto/krb/keyhash_provider/hmac_md5.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Implementation of the Microsoft hmac-md5 checksum type. * Implemented based on draft-brezak-win2k-krb-rc4-hmac-03 @@ -47,7 +47,7 @@ k5_hmac_md5_hash (krb5_key key, krb5_keyusage usage, krb5_data ds, ks_constant, md5tmp; krb5_MD5_CTX ctx; char t[4]; - + ds.length = key->keyblock.length; ds.data = malloc(ds.length); diff --git a/src/lib/crypto/krb/keyhash_provider/k5_md4des.c b/src/lib/crypto/krb/keyhash_provider/k5_md4des.c index f3c6d62..ef10a68 100644 --- a/src/lib/crypto/krb/keyhash_provider/k5_md4des.c +++ b/src/lib/crypto/krb/keyhash_provider/k5_md4des.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/keyhash_provider/k5_md5des.c b/src/lib/crypto/krb/keyhash_provider/k5_md5des.c index 1a2089a..eb189c2 100644 --- a/src/lib/crypto/krb/keyhash_provider/k5_md5des.c +++ b/src/lib/crypto/krb/keyhash_provider/k5_md5des.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -147,7 +147,7 @@ k5_md5des_verify(krb5_key key, krb5_keyusage usage, const krb5_data *ivec, (memcmp(plaintext+CONFLENGTH, ctx.digest, RSA_MD5_CKSUM_LENGTH) == 0); } else { - *valid = + *valid = (memcmp(plaintext, ctx.digest, RSA_MD5_CKSUM_LENGTH) == 0); } memset(plaintext, 0, sizeof(plaintext)); diff --git a/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h b/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h index 8ac91e1..94424bd 100644 --- a/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h +++ b/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/keyhash_provider/md5_hmac.c b/src/lib/crypto/krb/keyhash_provider/md5_hmac.c index 50eb2ec..b384574 100644 --- a/src/lib/crypto/krb/keyhash_provider/md5_hmac.c +++ b/src/lib/crypto/krb/keyhash_provider/md5_hmac.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * Implementation of Microsoft KERB_CHECKSUM_MD5_HMAC */ @@ -62,4 +62,3 @@ const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac = { k5_md5_hmac_hash, NULL /*checksum again*/ }; - diff --git a/src/lib/crypto/krb/keylengths.c b/src/lib/crypto/krb/keylengths.c index d28d595..f38a28c 100644 --- a/src/lib/crypto/krb/keylengths.c +++ b/src/lib/crypto/krb/keylengths.c @@ -2,7 +2,7 @@ * COPYRIGHT (c) 2006 * The Regents of the University of Michigan * ALL RIGHTS RESERVED - * + * * Permission is granted to use, copy, create derivative works * and redistribute this software and such derivative works * for any purpose, so long as the name of The University of @@ -13,7 +13,7 @@ * University of Michigan is included in any copy of any * portion of this software, then the disclaimer below must * also be included. - * + * * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF diff --git a/src/lib/crypto/krb/make_checksum.c b/src/lib/crypto/krb/make_checksum.c index def88a1..06a5247 100644 --- a/src/lib/crypto/krb/make_checksum.c +++ b/src/lib/crypto/krb/make_checksum.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/make_checksum_iov.c b/src/lib/crypto/krb/make_checksum_iov.c index e4e2c2d..192f910 100644 --- a/src/lib/crypto/krb/make_checksum_iov.c +++ b/src/lib/crypto/krb/make_checksum_iov.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/krb/make_random_key.c b/src/lib/crypto/krb/make_random_key.c index 0c3a262..de2e6bb 100644 --- a/src/lib/crypto/krb/make_random_key.c +++ b/src/lib/crypto/krb/make_random_key.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/mandatory_sumtype.c b/src/lib/crypto/krb/mandatory_sumtype.c index 45ea0b8..e3e3707 100644 --- a/src/lib/crypto/krb/mandatory_sumtype.c +++ b/src/lib/crypto/krb/mandatory_sumtype.c @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/krb/nfold.c b/src/lib/crypto/krb/nfold.c index 01e8972..976e131 100644 --- a/src/lib/crypto/krb/nfold.c +++ b/src/lib/crypto/krb/nfold.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -127,4 +127,3 @@ krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits } } } - diff --git a/src/lib/crypto/krb/old/des_stringtokey.c b/src/lib/crypto/krb/old/des_stringtokey.c index 2bacb4e..6a5c669 100644 --- a/src/lib/crypto/krb/old/des_stringtokey.c +++ b/src/lib/crypto/krb/old/des_stringtokey.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/old/old.h b/src/lib/crypto/krb/old/old.h index a5f3f78..953e61e 100644 --- a/src/lib/crypto/krb/old/old.h +++ b/src/lib/crypto/krb/old/old.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/old/old_decrypt.c b/src/lib/crypto/krb/old/old_decrypt.c index 42a755a..97fbe6d 100644 --- a/src/lib/crypto/krb/old/old_decrypt.c +++ b/src/lib/crypto/krb/old/old_decrypt.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/old/old_encrypt.c b/src/lib/crypto/krb/old/old_encrypt.c index b3a1c5b..137d6ed 100644 --- a/src/lib/crypto/krb/old/old_encrypt.c +++ b/src/lib/crypto/krb/old/old_encrypt.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/old_api_glue.c b/src/lib/crypto/krb/old_api_glue.c index 0688d7f..73f4fd7 100644 --- a/src/lib/crypto/krb/old_api_glue.c +++ b/src/lib/crypto/krb/old_api_glue.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -235,7 +235,7 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype, outcksum->length = cksum.length; free(cksum.contents); - + return(0); } diff --git a/src/lib/crypto/krb/prf.c b/src/lib/crypto/krb/prf.c index 12ec22b..141390f 100644 --- a/src/lib/crypto/krb/prf.c +++ b/src/lib/crypto/krb/prf.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +22,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * * This contains the implementation of krb5_c_prf, which will find *the enctype-specific PRF and then generate pseudo-random data. This diff --git a/src/lib/crypto/krb/prf/des_prf.c b/src/lib/crypto/krb/prf/des_prf.c index dd9907b..4713086 100644 --- a/src/lib/crypto/krb/prf/des_prf.c +++ b/src/lib/crypto/krb/prf/des_prf.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +22,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * * This file contains an implementation of the RFC 3961 PRF for * des-cbc-crc, des-cbc-md4, and des-cbc-md5 enctypes. diff --git a/src/lib/crypto/krb/prf/dk_prf.c b/src/lib/crypto/krb/prf/dk_prf.c index 379cc1c..80f9d50 100644 --- a/src/lib/crypto/krb/prf/dk_prf.c +++ b/src/lib/crypto/krb/prf/dk_prf.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +22,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * * This file contains an implementation of the RFC 3961 PRF for *simplified profile enctypes. @@ -41,7 +41,7 @@ krb5int_dk_prf (const struct krb5_enc_provider *enc, krb5_data prfconst; krb5_key kp = NULL; krb5_error_code ret = 0; - + prfconst.data = (char *) "prf"; prfconst.length = 3; tmp.length = hash->hashsize; diff --git a/src/lib/crypto/krb/prf/prf_int.h b/src/lib/crypto/krb/prf/prf_int.h index 97bbf04..e21035f 100644 --- a/src/lib/crypto/krb/prf/prf_int.h +++ b/src/lib/crypto/krb/prf/prf_int.h @@ -29,7 +29,7 @@ #include "k5-int.h" -krb5_error_code +krb5_error_code krb5int_arcfour_prf(const struct krb5_enc_provider *enc, const struct krb5_hash_provider *hash, krb5_key key, const krb5_data *in, krb5_data *out); @@ -45,5 +45,3 @@ krb5int_dk_prf(const struct krb5_enc_provider *enc, krb5_key key, const krb5_data *in, krb5_data *out); #endif /*PRF_INTERNAL_DEFS*/ - - diff --git a/src/lib/crypto/krb/prf/rc4_prf.c b/src/lib/crypto/krb/prf/rc4_prf.c index 8a79b55..caeaa44 100644 --- a/src/lib/crypto/krb/prf/rc4_prf.c +++ b/src/lib/crypto/krb/prf/rc4_prf.c @@ -29,7 +29,7 @@ #include "k5-int.h" #include <hash_provider/hash_provider.h> -krb5_error_code +krb5_error_code krb5int_arcfour_prf(const struct krb5_enc_provider *enc, const struct krb5_hash_provider *hash, krb5_key key, const krb5_data *in, krb5_data *out) @@ -37,5 +37,3 @@ krb5int_arcfour_prf(const struct krb5_enc_provider *enc, assert(out->length == 20); return krb5int_hmac(&krb5int_hash_sha1, key, 1, in, out); } - - diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c index b52dabc..00534ca 100644 --- a/src/lib/crypto/krb/prng.c +++ b/src/lib/crypto/krb/prng.c @@ -2,12 +2,12 @@ * Copyright (C) 2001, 2002, 2004, 2007, 2008 by the Massachusetts Institute of Technology. * All rights reserved. * - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -190,7 +190,7 @@ read_entropy_from_device(krb5_context context, const char *device) return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND, &data) == 0); } - + krb5_error_code KRB5_CALLCONV krb5_c_random_os_entropy(krb5_context context, int strong, int *success) { diff --git a/src/lib/crypto/krb/rand2key/aes_rand2key.c b/src/lib/crypto/krb/rand2key/aes_rand2key.c index 25c72cf..c5028e5 100644 --- a/src/lib/crypto/krb/rand2key/aes_rand2key.c +++ b/src/lib/crypto/krb/rand2key/aes_rand2key.c @@ -41,4 +41,3 @@ krb5int_aes_make_key(const krb5_data *randombits, krb5_keyblock *key) return(0); } - diff --git a/src/lib/crypto/krb/rand2key/des3_rand2key.c b/src/lib/crypto/krb/rand2key/des3_rand2key.c index b505f1a..fe84c3a 100644 --- a/src/lib/crypto/krb/rand2key/des3_rand2key.c +++ b/src/lib/crypto/krb/rand2key/des3_rand2key.c @@ -57,4 +57,3 @@ krb5int_des3_make_key(const krb5_data *randombits, krb5_keyblock *key) } return(0); } - diff --git a/src/lib/crypto/krb/rand2key/des_rand2key.c b/src/lib/crypto/krb/rand2key/des_rand2key.c index 9af2477..1485965 100644 --- a/src/lib/crypto/krb/rand2key/des_rand2key.c +++ b/src/lib/crypto/krb/rand2key/des_rand2key.c @@ -51,5 +51,3 @@ krb5int_des_make_key(const krb5_data *randombits, krb5_keyblock *key) return(0); } - - diff --git a/src/lib/crypto/krb/rand2key/rand2key.h b/src/lib/crypto/krb/rand2key/rand2key.h index d452940..01208f6 100644 --- a/src/lib/crypto/krb/rand2key/rand2key.h +++ b/src/lib/crypto/krb/rand2key/rand2key.h @@ -13,6 +13,3 @@ krb5int_des3_make_key(const krb5_data *randombits, krb5_keyblock *key); krb5_error_code krb5int_aes_make_key(const krb5_data *randombits, krb5_keyblock *key); - - - diff --git a/src/lib/crypto/krb/rand2key/rc4_rand2key.c b/src/lib/crypto/krb/rand2key/rc4_rand2key.c index 0e66d88..d498f05 100644 --- a/src/lib/crypto/krb/rand2key/rc4_rand2key.c +++ b/src/lib/crypto/krb/rand2key/rc4_rand2key.c @@ -42,4 +42,3 @@ krb5int_arcfour_make_key(const krb5_data *randombits, krb5_keyblock *key) return(0); } - diff --git a/src/lib/crypto/krb/random_to_key.c b/src/lib/crypto/krb/random_to_key.c index 18e4c69..f94229a 100644 --- a/src/lib/crypto/krb/random_to_key.c +++ b/src/lib/crypto/krb/random_to_key.c @@ -2,7 +2,7 @@ * COPYRIGHT (c) 2006 * The Regents of the University of Michigan * ALL RIGHTS RESERVED - * + * * Permission is granted to use, copy, create derivative works * and redistribute this software and such derivative works * for any purpose, so long as the name of The University of @@ -13,7 +13,7 @@ * University of Michigan is included in any copy of any * portion of this software, then the disclaimer below must * also be included. - * + * * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF diff --git a/src/lib/crypto/krb/raw/raw.h b/src/lib/crypto/krb/raw/raw.h index 3c26188..d5575e1 100644 --- a/src/lib/crypto/krb/raw/raw.h +++ b/src/lib/crypto/krb/raw/raw.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -46,4 +46,3 @@ krb5_error_code krb5int_raw_decrypt krb5_data *arg_output); extern const struct krb5_aead_provider krb5int_aead_raw; - diff --git a/src/lib/crypto/krb/raw/raw_aead.c b/src/lib/crypto/krb/raw/raw_aead.c index 68070d1..f15e486 100644 --- a/src/lib/crypto/krb/raw/raw_aead.c +++ b/src/lib/crypto/krb/raw/raw_aead.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/krb/raw/raw_decrypt.c b/src/lib/crypto/krb/raw/raw_decrypt.c index 58ee6f8..34598bb 100644 --- a/src/lib/crypto/krb/raw/raw_decrypt.c +++ b/src/lib/crypto/krb/raw/raw_decrypt.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/raw/raw_encrypt.c b/src/lib/crypto/krb/raw/raw_encrypt.c index b02258d..6e8516c 100644 --- a/src/lib/crypto/krb/raw/raw_encrypt.c +++ b/src/lib/crypto/krb/raw/raw_encrypt.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/state.c b/src/lib/crypto/krb/state.c index 152ebec..12638a4 100644 --- a/src/lib/crypto/krb/state.c +++ b/src/lib/crypto/krb/state.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +22,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express - * - * + * + * * * * Section 6 (Encryption) of the Kerberos revisions document defines * cipher states to be used to chain encryptions and decryptions diff --git a/src/lib/crypto/krb/string_to_cksumtype.c b/src/lib/crypto/krb/string_to_cksumtype.c index 796cc2a..ae5da6d 100644 --- a/src/lib/crypto/krb/string_to_cksumtype.c +++ b/src/lib/crypto/krb/string_to_cksumtype.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/string_to_enctype.c b/src/lib/crypto/krb/string_to_enctype.c index 4978ac7..159c36b 100644 --- a/src/lib/crypto/krb/string_to_enctype.c +++ b/src/lib/crypto/krb/string_to_enctype.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/string_to_key.c b/src/lib/crypto/krb/string_to_key.c index bf8f8ce..e81568b 100644 --- a/src/lib/crypto/krb/string_to_key.c +++ b/src/lib/crypto/krb/string_to_key.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/valid_cksumtype.c b/src/lib/crypto/krb/valid_cksumtype.c index d32e8f5..69cc186 100644 --- a/src/lib/crypto/krb/valid_cksumtype.c +++ b/src/lib/crypto/krb/valid_cksumtype.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/valid_enctype.c b/src/lib/crypto/krb/valid_enctype.c index 2657fd0..a644511 100644 --- a/src/lib/crypto/krb/valid_enctype.c +++ b/src/lib/crypto/krb/valid_enctype.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/verify_checksum.c b/src/lib/crypto/krb/verify_checksum.c index d8a9cc8..a4869eb 100644 --- a/src/lib/crypto/krb/verify_checksum.c +++ b/src/lib/crypto/krb/verify_checksum.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c index f72ca65..cbac1db 100644 --- a/src/lib/crypto/krb/verify_checksum_iov.c +++ b/src/lib/crypto/krb/verify_checksum_iov.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/crypto/krb/yarrow/yarrow.c b/src/lib/crypto/krb/yarrow/yarrow.c index b1533da..4b1fcf1 100644 --- a/src/lib/crypto/krb/yarrow/yarrow.c +++ b/src/lib/crypto/krb/yarrow/yarrow.c @@ -14,7 +14,7 @@ * permission. Zero-Knowledge Systems, Inc. makes no representations * about the suitability of this software for any purpose. It is * provided "as is" without express or implied warranty. - * + * * See the accompanying LICENSE file for more information. */ @@ -47,7 +47,7 @@ extern int yarrow_verbose; #define TRACE( x ) do { if (yarrow_verbose) { x } } while (0) #else -#define TRACE( x ) +#define TRACE( x ) #endif #if defined(macintosh) @@ -246,8 +246,8 @@ int krb5int_yarrow_init(Yarrow_CTX* y, const char *filename) } static -int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, - const void* sample, +int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, + const void* sample, size_t size, size_t entropy_bits, int do_lock ) { @@ -257,7 +257,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, Source* source; size_t new_entropy; size_t estimate; - + if (do_lock) { TRY( LOCK() ); locked = 1; @@ -267,7 +267,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, if (!y) { THROW( YARROW_BAD_ARG ); } if (source_id >= y->num_sources) { THROW( YARROW_BAD_SOURCE ); } - + source = &y->source[source_id]; if(source->pool != YARROW_FAST_POOL && source->pool != YARROW_SLOW_POOL) @@ -278,10 +278,10 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, /* hash in the sample */ HASH_Update(&y->pool[source->pool], (const void*)sample, size); - + /* only update entropy estimate if pool is not full */ - if ( (source->pool == YARROW_FAST_POOL && + if ( (source->pool == YARROW_FAST_POOL && source->entropy[source->pool] < y->fast_thresh) || (source->pool == YARROW_SLOW_POOL && source->entropy[source->pool] < y->slow_thresh) ) @@ -311,7 +311,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, } else { - if (!source->reached_slow_thresh && + if (!source->reached_slow_thresh && source->entropy[YARROW_SLOW_POOL] >= y->slow_thresh) { source->reached_slow_thresh = 1; @@ -328,19 +328,19 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, } } } - + /* put samples in alternate pools */ source->pool = (source->pool + 1) % 2; - + CATCH: if ( locked ) { TRY( UNLOCK() ); } EXCEP_RET; } YARROW_DLL -int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, - const void* sample, +int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, + const void* sample, size_t size, size_t entropy_bits ) { return yarrow_input_maybe_locking(y, source_id, sample, size, @@ -389,7 +389,7 @@ CATCH: EXCEP_RET; } -int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id, +int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id, estimator_fn* fptr) { EXCEP_DECL; @@ -401,7 +401,7 @@ int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id, source = &y->source[source_id]; source->estimator = fptr; - + CATCH: EXCEP_RET; } @@ -428,15 +428,15 @@ static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out ) if ( y->gate_count >= y->gates_limit ) { y->gate_count = 0; - - /* not defined whether to do slow or fast reseed */ - + + /* not defined whether to do slow or fast reseed */ + TRACE( printf( "OUTPUT LIMIT REACHED," ); ); TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) ); } } - + /* C <- (C + 1) mod 2^n */ block_increment( y->C, CIPHER_BLOCK_SIZE ); @@ -541,7 +541,7 @@ int yarrow_output_locked( Yarrow_CTX* y, void* out, size_t size ) outp += use; } - for ( ; + for ( ; left >= CIPHER_BLOCK_SIZE; left -= CIPHER_BLOCK_SIZE, outp += CIPHER_BLOCK_SIZE) { @@ -565,7 +565,7 @@ static int yarrow_gate_locked(Yarrow_CTX* y) byte new_K[CIPHER_KEY_SIZE]; if (!y) { THROW( YARROW_BAD_ARG ); } - + TRACE( printf( "GATE[" ); ); /* K <- Next k bits of PRNG output */ @@ -589,7 +589,7 @@ int krb5int_yarrow_gate(Yarrow_CTX* y) byte new_K[CIPHER_KEY_SIZE]; if (!y) { THROW( YARROW_BAD_ARG ); } - + TRACE( printf( "GATE[" ); ); /* K <- Next k bits of PRNG output */ @@ -612,7 +612,7 @@ static int Yarrow_Load_State( Yarrow_CTX *y ) { EXCEP_DECL; Yarrow_STATE state; - + if ( !y ) { THROW( YARROW_BAD_ARG ); } if ( y->entropyfile ) @@ -623,11 +623,11 @@ static int Yarrow_Load_State( Yarrow_CTX *y ) #if defined( YARROW_DEBUG ) hex_print( stderr, "state.load", state.seed, sizeof(state.seed)); #endif - + /* what to do here is not defined by the Yarrow paper */ /* this is a place holder until we get some clarification */ - - HASH_Update( &y->pool[YARROW_FAST_POOL], + + HASH_Update( &y->pool[YARROW_FAST_POOL], state.seed, sizeof(state.seed) ); Yarrow_Make_Seeded( y ); @@ -643,10 +643,10 @@ static int Yarrow_Save_State( Yarrow_CTX *y ) { EXCEP_DECL; Yarrow_STATE state; - + if ( !y ) { THROW( YARROW_BAD_ARG ); } - if ( y->entropyfile && y->seeded ) + if ( y->entropyfile && y->seeded ) { TRACE( printf( "SAVE STATE[" ); ); TRY( krb5int_yarrow_output( y, state.seed, sizeof(state.seed) ) ); @@ -685,8 +685,8 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool) { THROW( YARROW_BAD_ARG ); } - - TRACE( printf( "%s RESEED,", + + TRACE( printf( "%s RESEED,", pool == YARROW_SLOW_POOL ? "SLOW" : "FAST" ); ); if (pool == YARROW_SLOW_POOL) @@ -715,7 +715,7 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool) /* step 1. v_0 <- hash of all inputs into fast pool */ HASH_Final(fast_pool, &v_0); - HASH_Init(fast_pool); /* reinitialize fast pool */ + HASH_Init(fast_pool); /* reinitialize fast pool */ /* v_i <- v_0 */ @@ -772,7 +772,7 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool) #endif /* discard part output from previous key */ - + y->out_left = 0; /* step 5. Reset all entropy estimate accumulators of the entropy @@ -833,13 +833,13 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz unsigned int use; HASH_CTX hash, save; byte digest[HASH_DIGEST_SIZE]; - + if (m == NULL || size == 0 || out == NULL || out_size == 0) { THROW( YARROW_BAD_ARG ); } - - /* + + /* * s_0 = m * s_1 = h(s_0 | ... | s_{i-1}) * @@ -849,7 +849,7 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz outp = out; left = out_size; - + use = min(out_size, size); mem_copy(outp, m, use); /* get k bits or as many as available */ @@ -863,7 +863,7 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz left -= HASH_DIGEST_SIZE) { HASH_Update(&hash, s_i, use); - + /* have to save hash state to one side as HASH_final changes state */ mem_copy(&save, &hash, sizeof(hash)); @@ -879,7 +879,7 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz s_i = outp; /* retain pointer to s_i */ outp += use; } - + CATCH: mem_zero(&hash, sizeof(hash)); mem_zero(digest, sizeof(digest)); @@ -891,7 +891,7 @@ static void block_increment(void* block, const int sz) { byte* b = block; int i; - + for (i = sz-1; (++b[i]) == 0 && i > 0; i--) { ; /* nothing */ @@ -916,7 +916,7 @@ int krb5int_yarrow_final(Yarrow_CTX* y) #endif CATCH: - if ( y ) + if ( y ) { krb5int_yarrow_cipher_final(&y->cipher); mem_zero( y, sizeof(Yarrow_CTX) ); @@ -932,7 +932,7 @@ const char* krb5int_yarrow_str_error( int err ) if ( err < 0 || err >= sizeof( yarrow_str_error ) / sizeof( char* ) ) { err = 1-YARROW_FAIL; - } + } return yarrow_str_error[ err ]; } diff --git a/src/lib/crypto/krb/yarrow/yarrow.h b/src/lib/crypto/krb/yarrow/yarrow.h index bb8c63a..081a06b 100644 --- a/src/lib/crypto/krb/yarrow/yarrow.h +++ b/src/lib/crypto/krb/yarrow/yarrow.h @@ -135,7 +135,7 @@ int krb5int_yarrow_init( Yarrow_CTX* y, const char *filename ); YARROW_DLL int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, - const void* sample, + const void* sample, size_t size, size_t entropy_bits ); YARROW_DLL @@ -149,7 +149,7 @@ YARROW_DLL int krb5int_yarrow_new_source( Yarrow_CTX* y, unsigned* source_id ); YARROW_DLL -int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id, +int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id, estimator_fn* fptr ); YARROW_DLL diff --git a/src/lib/crypto/krb/yarrow/ycipher.c b/src/lib/crypto/krb/yarrow/ycipher.c index 84cadd1..8da7b71 100644 --- a/src/lib/crypto/krb/yarrow/ycipher.c +++ b/src/lib/crypto/krb/yarrow/ycipher.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +22,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * * Routines to implement krb5 cipher operations. */ diff --git a/src/lib/crypto/krb/yarrow/ycipher.h b/src/lib/crypto/krb/yarrow/ycipher.h index ad0d307..554cf9a 100644 --- a/src/lib/crypto/krb/yarrow/ycipher.h +++ b/src/lib/crypto/krb/yarrow/ycipher.h @@ -5,7 +5,7 @@ /* block cipher interface */ -typedef struct +typedef struct { krb5_key key; } CIPHER_CTX; diff --git a/src/lib/crypto/krb/yarrow/yexcep.h b/src/lib/crypto/krb/yarrow/yexcep.h index d27de2d..b066c91 100644 --- a/src/lib/crypto/krb/yarrow/yexcep.h +++ b/src/lib/crypto/krb/yarrow/yexcep.h @@ -17,18 +17,18 @@ * * EXCEP_OK - success return value (=1) * - * EXCEP_FAIL - failure return value (=0), other user exceptions are + * EXCEP_FAIL - failure return value (=0), other user exceptions are * given negative values (<0) * - * TRY( x ) - if code returns value <= 0 TRY sets return value to - * that value and goes to function cleanup section + * TRY( x ) - if code returns value <= 0 TRY sets return value to + * that value and goes to function cleanup section * (CATCH: block). In the catch block, TRY does not goto * the catch label to avoid loops, and instead * falls through to the next statement. The * return value is set to the first non success value * returned by a TRY, unless this is overridden by a THROW. * - * CATCH: - start of catch block, also switches behavior of + * CATCH: - start of catch block, also switches behavior of * TRY and THROW to not goto CATCH: inside the catch * block to avoid loops * @@ -45,40 +45,40 @@ /* example usage */ /* - * + * * #define EXCEP_OK_COMMENT 2 * #define EXCEP_NULL_PTR -1 * #define EXCEP_OUT_OF_MEM -2 - * + * * int bar( char *c ) * { * EXCEP_DECL; - * + * * if ( !c ) { THROW( EXCEP_NULL_PTR ); } * if ( *c == '\0' ) { THROW( EXCEP_FAIL ); ); * if ( *c == '#' ) { SET( EXCEP_COMMENT ); } * CATCH: * EXCEP_RET; * } - * + * * int foo( char *c ) * { * EXCEP_DECL; * int *p = NULL; - * + * * if ( !c ) { THROW( EXCEP_NULL_PTR ); } * TRY( bar( c ) ); * if ( RETURN == EXCEP_COMMENT ) { print( "comment\n" ); } * p = strdup( c ); * if ( !p ) { THROW( EXCEP_OUT_OF_MEM ); } - * + * * CATCH: * if ( p ) { TRY( bar( p ) ); free( p ); } * THROW( EXCEP_BOOL ); * if ( EXCEPTION == EXCEP_OK ) { printf( "success\n" ); } * EXCEP_RET; * } - * + * */ #define EXCEP_FAIL 0 diff --git a/src/lib/crypto/krb/yarrow/ytypes.h b/src/lib/crypto/krb/yarrow/ytypes.h index 9265e5a..23c1bdf 100644 --- a/src/lib/crypto/krb/yarrow/ytypes.h +++ b/src/lib/crypto/krb/yarrow/ytypes.h @@ -10,7 +10,7 @@ #include <sys/types.h> #endif -#define byte unsigned char +#define byte unsigned char #define uint8 unsigned char #define int8 signed char diff --git a/src/lib/crypto/openssl/aes/aes_s2k.c b/src/lib/crypto/openssl/aes/aes_s2k.c index 348acad..9dd1402 100644 --- a/src/lib/crypto/openssl/aes/aes_s2k.c +++ b/src/lib/crypto/openssl/aes/aes_s2k.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5int_aes_string_to_key */ diff --git a/src/lib/crypto/openssl/arcfour/arcfour-int.h b/src/lib/crypto/openssl/arcfour/arcfour-int.h index d9db0be..bb4cf42 100644 --- a/src/lib/crypto/openssl/arcfour/arcfour-int.h +++ b/src/lib/crypto/openssl/arcfour/arcfour-int.h @@ -19,8 +19,8 @@ typedef struct EVP_CIPHER_CTX evp_ctx; unsigned int x; unsigned int y; - unsigned char state[256]; - + unsigned char state[256]; + } ArcfourContext; typedef struct { diff --git a/src/lib/crypto/openssl/arcfour/arcfour.c b/src/lib/crypto/openssl/arcfour/arcfour.c index 68feb49..ac96c86 100644 --- a/src/lib/crypto/openssl/arcfour/arcfour.c +++ b/src/lib/crypto/openssl/arcfour/arcfour.c @@ -61,7 +61,7 @@ case 7: /* tgs-req authenticator */ } } -/* RFC 4757 */ +/* RFC 4757 */ krb5_error_code krb5int_arcfour_encrypt(const struct krb5_enc_provider *enc, const struct krb5_hash_provider *hash, @@ -338,4 +338,3 @@ krb5int_arcfour_decrypt(const struct krb5_enc_provider *enc, free(plaintext.data); return (ret); } - diff --git a/src/lib/crypto/openssl/arcfour/arcfour_aead.c b/src/lib/crypto/openssl/arcfour/arcfour_aead.c index da8261f..66eb357 100644 --- a/src/lib/crypto/openssl/arcfour/arcfour_aead.c +++ b/src/lib/crypto/openssl/arcfour/arcfour_aead.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -106,7 +106,7 @@ krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead, * Caller must have provided space for the header, padding * and trailer; per RFC 4757 we will arrange it as: * - * Checksum | E(Confounder | Plaintext) + * Checksum | E(Confounder | Plaintext) */ header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER); @@ -246,7 +246,7 @@ krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead, trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); if (trailer != NULL && trailer->data.length != 0) return KRB5_BAD_MSIZE; - + ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock); if (ret != 0) goto cleanup; @@ -334,4 +334,3 @@ const struct krb5_aead_provider krb5int_aead_arcfour = { krb5int_arcfour_encrypt_iov, krb5int_arcfour_decrypt_iov }; - diff --git a/src/lib/crypto/openssl/arcfour/arcfour_s2k.c b/src/lib/crypto/openssl/arcfour/arcfour_s2k.c index 09c9b76..1aaaa1c 100644 --- a/src/lib/crypto/openssl/arcfour/arcfour_s2k.c +++ b/src/lib/crypto/openssl/arcfour/arcfour_s2k.c @@ -19,7 +19,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, if (params != NULL) return KRB5_ERR_BAD_S2K_PARAMS; - + if (key->length != 16) return (KRB5_BAD_MSIZE); @@ -40,7 +40,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, krb5int_MD4Final(&md4_context); memcpy(key->contents, md4_context.digest, 16); -#if 0 +#if 0 /* test the string_to_key function */ printf("Hash="); { diff --git a/src/lib/crypto/openssl/des/des_int.h b/src/lib/crypto/openssl/des/des_int.h index 67d7760..84d678c 100644 --- a/src/lib/crypto/openssl/des/des_int.h +++ b/src/lib/crypto/openssl/des/des_int.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +22,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Private include file for the Data Encryption Standard library. */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +47,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -112,7 +112,7 @@ KRB5INT_DES_DEPRECATED; * have an exact 32-bit int, and nothing should be looking inside a * des_key_schedule anyway. */ -typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] +typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] KRB5INT_DES_DEPRECATED; typedef des_cblock mit_des_cblock; @@ -162,7 +162,7 @@ extern int mit_des_check_key_parity (mit_des_cblock ); /* string2key.c */ extern krb5_error_code mit_des_string_to_key - ( const krb5_encrypt_block *, + ( const krb5_encrypt_block *, krb5_keyblock *, const krb5_data *, const krb5_data *); extern krb5_error_code mit_des_string_to_key_int (krb5_keyblock *, const krb5_data *, const krb5_data *); diff --git a/src/lib/crypto/openssl/des/des_oldapis.c b/src/lib/crypto/openssl/des/des_oldapis.c index b08a6d0..c931efc 100644 --- a/src/lib/crypto/openssl/des/des_oldapis.c +++ b/src/lib/crypto/openssl/des/des_oldapis.c @@ -37,7 +37,7 @@ mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out, const krb5_octet *ivec) { /* Unsupported operation */ - return KRB5_CRYPTO_INTERNAL; + return KRB5_CRYPTO_INTERNAL; } krb5_error_code @@ -53,4 +53,3 @@ mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule) /* Unsupported operation */ return KRB5_CRYPTO_INTERNAL; } - diff --git a/src/lib/crypto/openssl/des/f_parity.c b/src/lib/crypto/openssl/des/f_parity.c index ceb6a37..bc33eb8 100644 --- a/src/lib/crypto/openssl/des/f_parity.c +++ b/src/lib/crypto/openssl/des/f_parity.c @@ -45,4 +45,3 @@ mit_des_check_key_parity(mit_des_cblock key) return(0); return (1); } - diff --git a/src/lib/crypto/openssl/des/string2key.c b/src/lib/crypto/openssl/des/string2key.c index 008449a..6034e86 100644 --- a/src/lib/crypto/openssl/des/string2key.c +++ b/src/lib/crypto/openssl/des/string2key.c @@ -37,7 +37,6 @@ mit_des_string_to_key_int (krb5_keyblock *key, if ( key->length < sizeof(outkey)) return KRB5_CRYPTO_INTERNAL; key->length = sizeof(outkey); - memcpy(key->contents, outkey, key->length); + memcpy(key->contents, outkey, key->length); return 0; } - diff --git a/src/lib/crypto/openssl/des/weak_key.c b/src/lib/crypto/openssl/des/weak_key.c index 7f97083..4d7e99b 100644 --- a/src/lib/crypto/openssl/des/weak_key.c +++ b/src/lib/crypto/openssl/des/weak_key.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Under U.S. law, this software may not be exported outside the US * without license from the U.S. Commerce department. @@ -76,7 +76,7 @@ mit_des_is_weak_key(mit_des_cblock key) const mit_des_cblock *weak_p = weak; for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) { - if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) + if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) return 1; } if ( DES_is_weak_key(key) == 1) /* Also OpenSSL's check */ @@ -84,4 +84,3 @@ mit_des_is_weak_key(mit_des_cblock key) return 0; } - diff --git a/src/lib/crypto/openssl/enc_provider/aes.c b/src/lib/crypto/openssl/enc_provider/aes.c index 21d71f8..51ba8af 100644 --- a/src/lib/crypto/openssl/enc_provider/aes.c +++ b/src/lib/crypto/openssl/enc_provider/aes.c @@ -88,7 +88,7 @@ cbc_enc(krb5_key key, const krb5_data *ivec, NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (ret == 1){ - EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); + EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len, (unsigned char *)input->data, input->length); output->length = tmp_len; @@ -130,7 +130,7 @@ cbc_decr(krb5_key key, const krb5_data *ivec, ret = EVP_DecryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length), NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL); if (ret == 1) { - EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); + EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len, (unsigned char *)input->data, input->length); output->length = tmp_len; @@ -515,4 +515,3 @@ const struct krb5_enc_provider krb5int_enc_aes256 = { krb5int_aes_encrypt_iov, krb5int_aes_decrypt_iov }; - diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c index 208a0d1..9c30ef1 100644 --- a/src/lib/crypto/openssl/enc_provider/des.c +++ b/src/lib/crypto/openssl/enc_provider/des.c @@ -354,4 +354,3 @@ const struct krb5_enc_provider krb5int_enc_des = { k5_des_encrypt_iov, k5_des_decrypt_iov }; - diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c index 4d08bc4..7228a46 100644 --- a/src/lib/crypto/openssl/enc_provider/des3.c +++ b/src/lib/crypto/openssl/enc_provider/des3.c @@ -365,4 +365,3 @@ const struct krb5_enc_provider krb5int_enc_des3 = { k5_des3_encrypt_iov, k5_des3_decrypt_iov }; - diff --git a/src/lib/crypto/openssl/enc_provider/enc_provider.h b/src/lib/crypto/openssl/enc_provider/enc_provider.h index d46e1b4..49ffaaf 100644 --- a/src/lib/crypto/openssl/enc_provider/enc_provider.h +++ b/src/lib/crypto/openssl/enc_provider/enc_provider.h @@ -33,4 +33,3 @@ extern const struct krb5_enc_provider krb5int_enc_aes128; extern const struct krb5_enc_provider krb5int_enc_aes256; extern const struct krb5_enc_provider krb5int_enc_aes128_ctr; extern const struct krb5_enc_provider krb5int_enc_aes256_ctr; - diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c index 42a3aea..a7c3020 100644 --- a/src/lib/crypto/openssl/enc_provider/rc4.c +++ b/src/lib/crypto/openssl/enc_provider/rc4.c @@ -40,7 +40,7 @@ #include <openssl/evp.h> #define RC4_KEY_SIZE 16 -#define RC4_BLOCK_SIZE 1 +#define RC4_BLOCK_SIZE 1 /* Interface layer to kerb5 crypto layer */ @@ -48,7 +48,7 @@ static krb5_error_code k5_arcfour_docrypt(krb5_key, const krb5_data *, const krb5_data *, krb5_data *); -static krb5_error_code +static krb5_error_code k5_arcfour_free_state ( krb5_data *state); static krb5_error_code k5_arcfour_init_state (const krb5_keyblock *key, @@ -160,7 +160,7 @@ k5_arcfour_init_state (const krb5_keyblock *key, } -/* Since the arcfour cipher is identical going forwards and backwards, +/* Since the arcfour cipher is identical going forwards and backwards, we just call "docrypt" directly */ const struct krb5_enc_provider krb5int_enc_arcfour = { @@ -171,7 +171,7 @@ const struct krb5_enc_provider krb5int_enc_arcfour = { system, and to attempt to work with the MSFT system forces us to 16byte/128bit. Since there is no parity in the key, the byte and length are the same. */ - RC4_KEY_SIZE, RC4_KEY_SIZE, + RC4_KEY_SIZE, RC4_KEY_SIZE, k5_arcfour_docrypt, k5_arcfour_docrypt, krb5int_arcfour_make_key, @@ -180,4 +180,3 @@ const struct krb5_enc_provider krb5int_enc_arcfour = { k5_arcfour_docrypt_iov, k5_arcfour_docrypt_iov }; - diff --git a/src/lib/crypto/openssl/hash_provider/hash_crc32.c b/src/lib/crypto/openssl/hash_provider/hash_crc32.c index a3d3028..771a7d6 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_crc32.c +++ b/src/lib/crypto/openssl/hash_provider/hash_crc32.c @@ -34,7 +34,7 @@ k5_crc32_hash(unsigned int icount, const krb5_data *input, { unsigned long c, cn; unsigned int i; - + if (output->length != CRC32_CKSUM_LENGTH) return(KRB5_CRYPTO_INTERNAL); diff --git a/src/lib/crypto/openssl/hash_provider/hash_md4.c b/src/lib/crypto/openssl/hash_provider/hash_md4.c index 3a4a4d5..916da0f 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_md4.c +++ b/src/lib/crypto/openssl/hash_provider/hash_md4.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/openssl/hash_provider/hash_md5.c b/src/lib/crypto/openssl/hash_provider/hash_md5.c index 10840d0..e1e29f0 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_md5.c +++ b/src/lib/crypto/openssl/hash_provider/hash_md5.c @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/openssl/hash_provider/hash_provider.h b/src/lib/crypto/openssl/hash_provider/hash_provider.h index 4fa4609..1023d1a 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_provider.h +++ b/src/lib/crypto/openssl/hash_provider/hash_provider.h @@ -1,13 +1,13 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +18,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. diff --git a/src/lib/crypto/openssl/hash_provider/hash_sha1.c b/src/lib/crypto/openssl/hash_provider/hash_sha1.c index d217086..18ee830 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_sha1.c +++ b/src/lib/crypto/openssl/hash_provider/hash_sha1.c @@ -1,14 +1,14 @@ /* lib/crypto/openssl/hash/yhash.h * * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -19,7 +19,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -58,4 +58,3 @@ const struct krb5_hash_provider krb5int_hash_sha1 = { SHS_DATASIZE, k5_sha1_hash }; - diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c index 0f374d8..b1768e0 100644 --- a/src/lib/crypto/openssl/hmac.c +++ b/src/lib/crypto/openssl/hmac.c @@ -85,7 +85,7 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash, const krb5_keyblock *key, unsigned int icount, const krb5_data *input, krb5_data *output) { - unsigned int i = 0, md_len = 0; + unsigned int i = 0, md_len = 0; unsigned char md[EVP_MAX_MD_SIZE]; HMAC_CTX c; size_t hashsize, blocksize; diff --git a/src/lib/crypto/openssl/md4/md4.c b/src/lib/crypto/openssl/md4/md4.c index f38900f..cd7684d 100644 --- a/src/lib/crypto/openssl/md4/md4.c +++ b/src/lib/crypto/openssl/md4/md4.c @@ -48,4 +48,3 @@ krb5int_MD4Final (krb5_MD4_CTX *mdContext) EVP_DigestFinal_ex(&mdContext->ossl_md4_ctx, mdContext->digest , NULL); EVP_MD_CTX_cleanup(&mdContext->ossl_md4_ctx ); } - diff --git a/src/lib/crypto/openssl/md4/rsa-md4.h b/src/lib/crypto/openssl/md4/rsa-md4.h index ec4e045..93737e6 100644 --- a/src/lib/crypto/openssl/md4/rsa-md4.h +++ b/src/lib/crypto/openssl/md4/rsa-md4.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * RSA MD4 header file, with Kerberos/STDC additions. */ diff --git a/src/lib/crypto/openssl/md5/md5.c b/src/lib/crypto/openssl/md5/md5.c index 472acc3..84c6d49 100644 --- a/src/lib/crypto/openssl/md5/md5.c +++ b/src/lib/crypto/openssl/md5/md5.c @@ -31,7 +31,7 @@ /* The routine krb5int_MD5Init initializes the message-digest context mdContext. All fields are set to zero. */ -void +void krb5int_MD5Init (krb5_MD5_CTX *mdContext) { EVP_MD_CTX_init(&mdContext->ossl_md5_ctx); @@ -57,4 +57,3 @@ krb5int_MD5Final (krb5_MD5_CTX *mdContext) EVP_DigestFinal_ex(&mdContext->ossl_md5_ctx, mdContext->digest, NULL); EVP_MD_CTX_cleanup(&mdContext->ossl_md5_ctx); } - diff --git a/src/lib/crypto/openssl/pbkdf2.c b/src/lib/crypto/openssl/pbkdf2.c index b80f501..2681739 100644 --- a/src/lib/crypto/openssl/pbkdf2.c +++ b/src/lib/crypto/openssl/pbkdf2.c @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Implementation of PBKDF2 from RFC 2898. * Not currently used; likely to be used when we get around to AES support. @@ -42,12 +42,11 @@ krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count, const krb5_data *pass, const krb5_data *salt) { /* - * This is an implementation of PKCS#5 v2.0 + * This is an implementation of PKCS#5 v2.0 * Does not return an error */ PKCS5_PBKDF2_HMAC_SHA1(pass->data, pass->length, (unsigned char *)salt->data, salt->length, count, out->length, (unsigned char *)out->data); - return 0; + return 0; } - diff --git a/src/lib/crypto/openssl/sha1/shs.c b/src/lib/crypto/openssl/sha1/shs.c index 5dcf4b9..98eeef3 100644 --- a/src/lib/crypto/openssl/sha1/shs.c +++ b/src/lib/crypto/openssl/sha1/shs.c @@ -57,5 +57,3 @@ void shsFinal(SHS_INFO *shsInfo) EVP_DigestFinal_ex(&shsInfo->ossl_sha1_ctx ,(unsigned char *)shsInfo->digestBuf , &shsInfo->digestLen); EVP_MD_CTX_cleanup(&shsInfo->ossl_sha1_ctx ); } - - diff --git a/src/lib/crypto/openssl/yhash.h b/src/lib/crypto/openssl/yhash.h index 94c557c..95fee18 100644 --- a/src/lib/crypto/openssl/yhash.h +++ b/src/lib/crypto/openssl/yhash.h @@ -22,9 +22,8 @@ HASH_CTX *ctx = (x); \ shsFinal(ctx); \ memcpy(out2, ctx->digestBuf, ctx->digestLen); \ - } while(0) + } while(0) #define HASH_DIGEST_SIZE SHS_DIGESTSIZE #endif /* YHASH_H */ - diff --git a/src/lib/glue4.c b/src/lib/glue4.c index bf9bbd8..7b80953 100644 --- a/src/lib/glue4.c +++ b/src/lib/glue4.c @@ -14,6 +14,6 @@ krb5_data string_list2[3] = { }; krb5_data *princ2[] = {&string_list2[0], &string_list2[1], &string_list2[2], 0}; - + krb5_last_req_entry lrentries[] = { {32000, 1}, {0, 3}, {10, 2} }; krb5_last_req_entry *lrfoo1[] = {&lrentries[0], &lrentries[1], &lrentries[2], 0}; diff --git a/src/lib/gssapi/generic/gssapi_generic.c b/src/lib/gssapi/generic/gssapi_generic.c index 1472461..8b1e4de 100644 --- a/src/lib/gssapi/generic/gssapi_generic.c +++ b/src/lib/gssapi/generic/gssapi_generic.c @@ -152,4 +152,3 @@ GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME = oids+6; gss_OID gss_nt_exported_name = oids+6; GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY = oids+7; - diff --git a/src/lib/gssapi/generic/oid_ops.c b/src/lib/gssapi/generic/oid_ops.c index 8390e7b..bda3a5a 100644 --- a/src/lib/gssapi/generic/oid_ops.c +++ b/src/lib/gssapi/generic/oid_ops.c @@ -444,7 +444,7 @@ generic_gss_oid_compose( i = -1; while (suffix) { op[i] = (unsigned char)suffix & 0x7f; - if (i != -1) + if (i != -1) op[i] |= 0x80; i--; suffix >>= 7; @@ -566,4 +566,3 @@ done: return (major); } - diff --git a/src/lib/gssapi/generic/util_buffer_set.c b/src/lib/gssapi/generic/util_buffer_set.c index edb61b8..41875c9 100644 --- a/src/lib/gssapi/generic/util_buffer_set.c +++ b/src/lib/gssapi/generic/util_buffer_set.c @@ -123,4 +123,3 @@ OM_uint32 generic_gss_release_buffer_set return GSS_S_COMPLETE; } - diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index ef80116..2c5ca9a 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -766,4 +766,3 @@ gss_krb5int_set_cred_rcache(OM_uint32 *minor_status, *minor_status = 0; return GSS_S_COMPLETE; } - diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c index eaf1c4d..5cec4b9 100644 --- a/src/lib/gssapi/krb5/inq_context.c +++ b/src/lib/gssapi/krb5/inq_context.c @@ -300,4 +300,3 @@ gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *minor_status, return generic_gss_add_buffer_set_member(minor_status, &rep, data_set); } - diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index 0345501..f9bf030 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -416,4 +416,3 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, return GSS_S_COMPLETE; } - diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c index 14b9b00..4e7247e 100644 --- a/src/lib/gssapi/krb5/naming_exts.c +++ b/src/lib/gssapi/krb5/naming_exts.c @@ -719,4 +719,3 @@ krb5_gss_display_name_ext(OM_uint32 *minor_status, { } #endif - diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c index cae4503..866159f 100644 --- a/src/lib/gssapi/krb5/s4u_gss_glue.c +++ b/src/lib/gssapi/krb5/s4u_gss_glue.c @@ -365,4 +365,3 @@ cleanup: return major_status; } - diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c index d84e2ee..7bdcb34 100644 --- a/src/lib/gssapi/krb5/seal.c +++ b/src/lib/gssapi/krb5/seal.c @@ -79,4 +79,3 @@ krb5_gss_wrap_iov_length(OM_uint32 *minor_status, qop_req, conf_state, iov, iov_count); return major_status; } - diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c index 5366eff..4b612a2 100644 --- a/src/lib/gssapi/krb5/unseal.c +++ b/src/lib/gssapi/krb5/unseal.c @@ -64,4 +64,3 @@ krb5_gss_unwrap_iov(OM_uint32 *minor_status, return major_status; } - diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c index dc43915..b4b1525 100644 --- a/src/lib/gssapi/mechglue/g_accept_sec_context.c +++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -144,9 +144,9 @@ gss_cred_id_t * d_cred; * underlying mechanism context handle. Otherwise, cast the * value of *context_handle to the union context variable. */ - + if(*context_handle == GSS_C_NO_CONTEXT) { - + if (input_token_buffer == GSS_C_NO_BUFFER) return (GSS_S_CALL_INACCESSIBLE_READ); @@ -177,20 +177,20 @@ gss_cred_id_t * d_cred; union_ctx_id = (gss_union_ctx_id_t)*context_handle; token_mech_type = union_ctx_id->mech_type; } - - /* + + /* * get the appropriate cred handle from the union cred struct. * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will * use the default credential. */ union_cred = (gss_union_cred_t) verifier_cred_handle; input_cred_handle = gssint_get_mechanism_cred(union_cred, token_mech_type); - + /* * now select the approprate underlying mechanism routine and * call it. */ - + mech = gssint_get_mechanism (token_mech_type); if (mech && mech->gss_accept_sec_context) { @@ -209,7 +209,7 @@ gss_cred_id_t * d_cred; /* If there's more work to do, keep going... */ if (status == GSS_S_CONTINUE_NEEDED) return GSS_S_CONTINUE_NEEDED; - + /* if the call failed, return with failure */ if (status != GSS_S_COMPLETE) { map_error(minor_status, mech); @@ -344,7 +344,7 @@ gss_cred_id_t * d_cred; status = GSS_S_BAD_MECH; } - + error_out: if (union_ctx_id) { if (union_ctx_id->mech_type) { @@ -369,4 +369,3 @@ error_out: return (status); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/gssapi/mechglue/g_buffer_set.c b/src/lib/gssapi/mechglue/g_buffer_set.c index 1b2621c..38d744d 100644 --- a/src/lib/gssapi/mechglue/g_buffer_set.c +++ b/src/lib/gssapi/mechglue/g_buffer_set.c @@ -54,4 +54,3 @@ OM_uint32 KRB5_CALLCONV gss_release_buffer_set { return generic_gss_release_buffer_set(minor_status, buffer_set); } - diff --git a/src/lib/gssapi/mechglue/g_compare_name.c b/src/lib/gssapi/mechglue/g_compare_name.c index 153e9b6..af2e76b 100644 --- a/src/lib/gssapi/mechglue/g_compare_name.c +++ b/src/lib/gssapi/mechglue/g_compare_name.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -74,7 +74,7 @@ int * name_equal; gss_union_name_t union_name1, union_name2; gss_mechanism mech = NULL; gss_name_t internal_name; - + major_status = val_comp_name_args(minor_status, name1, name2, name_equal); if (major_status != GSS_S_COMPLETE) @@ -102,7 +102,7 @@ int * name_equal; if (!mech->gss_compare_name) return (GSS_S_UNAVAILABLE); } - + *name_equal = 0; /* Default to *not* equal.... */ /* @@ -129,7 +129,7 @@ int * name_equal; /* * Second case... both names are NOT mechanism specific. - * + * * All we do here is make sure the two name_types are equal and then * that the external_names are equal. Note the we do not take care * of the case where two different external names map to the same @@ -176,7 +176,7 @@ int * name_equal; /* * Final case... one name is mechanism specific, the other isn't. - * + * * We attempt to convert the general name to the mechanism type of * the mechanism-specific name, and then do the compare. If we * can't import the general name, then we return that the name is @@ -206,5 +206,5 @@ int * name_equal; gssint_release_internal_name(&temp_minor, union_name1->mech_type, &internal_name); return (major_status); - + } diff --git a/src/lib/gssapi/mechglue/g_context_time.c b/src/lib/gssapi/mechglue/g_context_time.c index 4293b07..2ff8d09 100644 --- a/src/lib/gssapi/mechglue/g_context_time.c +++ b/src/lib/gssapi/mechglue/g_context_time.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -56,10 +56,10 @@ OM_uint32 * time_rec; * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); - + if (mech) { if (mech->gss_context_time) { @@ -74,6 +74,6 @@ OM_uint32 * time_rec; return(status); } - + return (GSS_S_BAD_MECH); } diff --git a/src/lib/gssapi/mechglue/g_del_name_attr.c b/src/lib/gssapi/mechglue/g_del_name_attr.c index 4c50642..b72ee3b 100644 --- a/src/lib/gssapi/mechglue/g_del_name_attr.c +++ b/src/lib/gssapi/mechglue/g_del_name_attr.c @@ -67,4 +67,3 @@ gss_delete_name_attribute(OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_delete_sec_context.c b/src/lib/gssapi/mechglue/g_delete_sec_context.c index 2fcd3c2..4bf0dec 100644 --- a/src/lib/gssapi/mechglue/g_delete_sec_context.c +++ b/src/lib/gssapi/mechglue/g_delete_sec_context.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -61,7 +61,7 @@ val_del_sec_ctx_args( } -OM_uint32 KRB5_CALLCONV +OM_uint32 KRB5_CALLCONV gss_delete_sec_context (minor_status, context_handle, output_token) @@ -82,11 +82,11 @@ gss_buffer_t output_token; * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) *context_handle; if (GSSINT_CHK_LOOP(ctx)) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); - + status = gssint_delete_internal_sec_context(minor_status, ctx->mech_type, &ctx->internal_ctx_id, diff --git a/src/lib/gssapi/mechglue/g_dsp_status.c b/src/lib/gssapi/mechglue/g_dsp_status.c index 49b79e1..4357266 100644 --- a/src/lib/gssapi/mechglue/g_dsp_status.c +++ b/src/lib/gssapi/mechglue/g_dsp_status.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c index f2ee5a5..03a6f2b 100644 --- a/src/lib/gssapi/mechglue/g_exp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -93,14 +93,14 @@ gss_buffer_t interprocess_token; * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) *context_handle; mech = gssint_get_mechanism (ctx->mech_type); if (!mech) return GSS_S_BAD_MECH; if (!mech->gss_export_sec_context) return (GSS_S_UNAVAILABLE); - + status = mech->gss_export_sec_context(minor_status, &ctx->internal_ctx_id, &token); if (status != GSS_S_COMPLETE) { @@ -133,7 +133,7 @@ gss_buffer_t interprocess_token; free(ctx->mech_type); free(ctx); *context_handle = 0; - + return(GSS_S_COMPLETE); } #endif /*LEAN_CLIENT */ diff --git a/src/lib/gssapi/mechglue/g_export_name.c b/src/lib/gssapi/mechglue/g_export_name.c index d9545b7..c845f8c 100644 --- a/src/lib/gssapi/mechglue/g_export_name.c +++ b/src/lib/gssapi/mechglue/g_export_name.c @@ -56,4 +56,3 @@ gss_buffer_t exported_name; return gssint_export_internal_name(minor_status, union_name->mech_type, union_name->mech_name, exported_name); } - diff --git a/src/lib/gssapi/mechglue/g_export_name_comp.c b/src/lib/gssapi/mechglue/g_export_name_comp.c index 24eaf24..ab538a0 100644 --- a/src/lib/gssapi/mechglue/g_export_name_comp.c +++ b/src/lib/gssapi/mechglue/g_export_name_comp.c @@ -70,4 +70,3 @@ gss_export_name_composite(OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_get_name_attr.c b/src/lib/gssapi/mechglue/g_get_name_attr.c index 66238f0..fcd9558 100644 --- a/src/lib/gssapi/mechglue/g_get_name_attr.c +++ b/src/lib/gssapi/mechglue/g_get_name_attr.c @@ -86,4 +86,3 @@ gss_get_name_attribute(OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c index 711c58f..3de298c 100644 --- a/src/lib/gssapi/mechglue/g_glue.c +++ b/src/lib/gssapi/mechglue/g_glue.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -190,7 +190,7 @@ OM_uint32 gssint_get_mech_type_oid(OID, token) { unsigned char * buffer_ptr; int length; - + /* * This routine reads the prefix of "token" in order to determine * its mechanism type. It assumes the encoding suggested in @@ -213,15 +213,15 @@ OM_uint32 gssint_get_mech_type_oid(OID, token) * * The routine fills in the OID value and returns an error as necessary. */ - + if (OID == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); if ((token == NULL) || (token->value == NULL)) return (GSS_S_DEFECTIVE_TOKEN); - + /* Skip past the APP/Sequnce byte and the token length */ - + buffer_ptr = (unsigned char *) token->value; if (*(buffer_ptr++) != 0x60) @@ -237,10 +237,10 @@ OM_uint32 gssint_get_mech_type_oid(OID, token) return (GSS_S_DEFECTIVE_TOKEN); buffer_ptr += length & 0x7f; } - + if (*(buffer_ptr++) != 0x06) return (GSS_S_DEFECTIVE_TOKEN); - + OID->length = (OM_uint32) *(buffer_ptr++); OID->elements = (void *) buffer_ptr; return (GSS_S_COMPLETE); @@ -329,7 +329,7 @@ import_internal_name_composite(OM_uint32 *minor_status, } #endif -OM_uint32 gssint_import_internal_name (minor_status, mech_type, union_name, +OM_uint32 gssint_import_internal_name (minor_status, mech_type, union_name, internal_name) OM_uint32 *minor_status; gss_OID mech_type; @@ -487,7 +487,7 @@ OM_uint32 gssint_export_internal_name(minor_status, mech_type, return (GSS_S_COMPLETE); } /* gssint_export_internal_name */ -OM_uint32 gssint_display_internal_name (minor_status, mech_type, internal_name, +OM_uint32 gssint_display_internal_name (minor_status, mech_type, internal_name, external_name, name_type) OM_uint32 *minor_status; gss_OID mech_type; @@ -609,7 +609,7 @@ OM_uint32 gssint_convert_name_to_union_name(minor_status, mech, major_status = GSS_S_FAILURE; goto allocation_failure; } - + major_status = mech->gss_display_name(minor_status, internal_name, union_name->external_name, @@ -710,4 +710,3 @@ gssint_create_copy_buffer(srcBuf, destBuf, addNullChar) return (GSS_S_COMPLETE); } /* ****** gssint_create_copy_buffer ****** */ - diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c index 6137b98..e5179e7 100644 --- a/src/lib/gssapi/mechglue/g_imp_name.c +++ b/src/lib/gssapi/mechglue/g_imp_name.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -364,4 +364,3 @@ importExportName(minor, unionName) } return major; } /* importExportName */ - diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c index 7aa1165..7679c92 100644 --- a/src/lib/gssapi/mechglue/g_imp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -132,7 +132,7 @@ gss_ctx_id_t * context_handle; * select the approprate underlying mechanism routine and * call it. */ - + mech = gssint_get_mechanism (ctx->mech_type); if (!mech) { status = GSS_S_BAD_MECH; @@ -142,7 +142,7 @@ gss_ctx_id_t * context_handle; status = GSS_S_UNAVAILABLE; goto error_out; } - + status = mech->gss_import_sec_context(minor_status, &token, &ctx->internal_ctx_id); @@ -152,7 +152,7 @@ gss_ctx_id_t * context_handle; return (GSS_S_COMPLETE); } map_error(minor_status, mech); - + error_out: if (ctx) { if (ctx->mech_type) { diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c index 10c8bf9..21bc345 100644 --- a/src/lib/gssapi/mechglue/g_init_sec_context.c +++ b/src/lib/gssapi/mechglue/g_init_sec_context.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -140,7 +140,7 @@ OM_uint32 * time_rec; mech_type = (gss_OID)req_mech_type; union_name = (gss_union_name_t)target_name; - + /* * obtain the gss mechanism information for the requested * mechanism. If mech_type is NULL, set it to the resultant @@ -177,7 +177,7 @@ OM_uint32 * time_rec; * underlying mechanism context handle. Otherwise, cast the * value of *context_handle to the union context variable. */ - + if(*context_handle == GSS_C_NO_CONTEXT) { status = GSS_S_FAILURE; union_ctx_id = (gss_union_ctx_id_t) @@ -195,19 +195,19 @@ OM_uint32 * time_rec; union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT; } else union_ctx_id = *context_handle; - - /* + + /* * get the appropriate cred handle from the union cred struct. * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will * use the default credential. */ union_cred = (gss_union_cred_t) claimant_cred_handle; input_cred_handle = gssint_get_mechanism_cred(union_cred, mech_type); - + /* - * now call the approprate underlying mechanism routine + * now call the approprate underlying mechanism routine */ - + status = mech->gss_init_sec_context( minor_status, input_cred_handle, diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c index 41aa682..3929f76 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -567,9 +567,9 @@ updateMechList(void) { char *fileName; struct stat fileInfo; - + fileName = MECH_CONF; - + /* check if mechList needs updating */ if (stat(fileName, &fileInfo) == 0 && (fileInfo.st_mtime > g_confFileModTime)) { diff --git a/src/lib/gssapi/mechglue/g_inq_context.c b/src/lib/gssapi/mechglue/g_inq_context.c index 013b176..fbb4127 100644 --- a/src/lib/gssapi/mechglue/g_inq_context.c +++ b/src/lib/gssapi/mechglue/g_inq_context.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -101,10 +101,10 @@ gss_inquire_context( * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); - + if (!mech || !mech->gss_inquire_context || !mech->gss_display_name || !mech->gss_release_name) { return (GSS_S_UNAVAILABLE); @@ -157,4 +157,3 @@ gss_inquire_context( *mech_type = &mech->mech_type; return(GSS_S_COMPLETE); } - diff --git a/src/lib/gssapi/mechglue/g_inq_context_oid.c b/src/lib/gssapi/mechglue/g_inq_context_oid.c index 379ec41..469aa70 100644 --- a/src/lib/gssapi/mechglue/g_inq_context_oid.c +++ b/src/lib/gssapi/mechglue/g_inq_context_oid.c @@ -69,4 +69,3 @@ gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, return GSS_S_BAD_MECH; } - diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c index a144243..bce6e5b 100644 --- a/src/lib/gssapi/mechglue/g_inq_cred.c +++ b/src/lib/gssapi/mechglue/g_inq_cred.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -85,7 +85,7 @@ gss_OID_set * mechanisms; if (!mech->gss_inquire_cred) return (GSS_S_UNAVAILABLE); - + status = mech->gss_inquire_cred(minor_status, GSS_C_NO_CREDENTIAL, name ? &internal_name : NULL, @@ -115,33 +115,33 @@ gss_OID_set * mechanisms; } } return(GSS_S_COMPLETE); - } - + } + /* get the cred_handle cast as a union_credentials structure */ - + union_cred = (gss_union_cred_t) cred_handle; - + /* * get the information out of the union_cred structure that was * placed there during gss_acquire_cred. */ - + if(cred_usage != NULL) *cred_usage = union_cred->auxinfo.cred_usage; - + if(lifetime != NULL) { elapsed_time = time(0) - union_cred->auxinfo.creation_time; *lifetime = union_cred->auxinfo.time_rec < elapsed_time ? 0 : union_cred->auxinfo.time_rec - elapsed_time; } - + /* * if name is non_null, * call gss_import_name(), giving it the printable name held within * union_cred in order to get an internal name to pass back to the * caller. If this call fails, return failure to our caller. */ - + if(name != NULL) { if (union_cred->auxinfo.name.length == 0) { *name = GSS_C_NO_NAME; @@ -161,7 +161,7 @@ gss_OID_set * mechanisms; * copy the mechanism set in union_cred into an OID set and return in * the mechanisms parameter. */ - + if(mechanisms != NULL) { status = GSS_S_FAILURE; *mechanisms = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); @@ -189,7 +189,7 @@ gss_OID_set * mechanisms; (*mechanisms)->count++; } } - + return(GSS_S_COMPLETE); error: @@ -239,7 +239,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, return (GSS_S_BAD_MECH); if (!mech->gss_inquire_cred_by_mech) return (GSS_S_BAD_BINDINGS); - + union_cred = (gss_union_cred_t) cred_handle; mech_cred = gssint_get_mechanism_cred(union_cred, mech_type); @@ -253,7 +253,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, name ? &internal_name : NULL, initiator_lifetime, acceptor_lifetime, cred_usage); - + if (status != GSS_S_COMPLETE) { map_error(minor_status, mech); return (status); @@ -275,4 +275,3 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, return (GSS_S_COMPLETE); } - diff --git a/src/lib/gssapi/mechglue/g_inq_cred_oid.c b/src/lib/gssapi/mechglue/g_inq_cred_oid.c index c2cc27d..288c080 100644 --- a/src/lib/gssapi/mechglue/g_inq_cred_oid.c +++ b/src/lib/gssapi/mechglue/g_inq_cred_oid.c @@ -53,7 +53,7 @@ static OM_uint32 append_to_buffer_set(OM_uint32 *minor_status, status = GSS_S_COMPLETE; - for (i = 0; i < src->count; i++) { + for (i = 0; i < src->count; i++) { status = gss_add_buffer_set_member(minor_status, &src->elements[i], dst); @@ -61,7 +61,7 @@ static OM_uint32 append_to_buffer_set(OM_uint32 *minor_status, break; } - return status; + return status; } OM_uint32 KRB5_CALLCONV @@ -121,7 +121,7 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status, break; } - status = append_to_buffer_set(minor_status, &union_set, ret_set); + status = append_to_buffer_set(minor_status, &union_set, ret_set); gss_release_buffer_set(&minor, &ret_set); if (status != GSS_S_COMPLETE) break; @@ -134,4 +134,3 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_inq_name.c b/src/lib/gssapi/mechglue/g_inq_name.c index 260ef20..b2681ea 100644 --- a/src/lib/gssapi/mechglue/g_inq_name.c +++ b/src/lib/gssapi/mechglue/g_inq_name.c @@ -98,4 +98,3 @@ gss_inquire_name(OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_inq_names.c b/src/lib/gssapi/mechglue/g_inq_names.c index 597ab99..d70dc40 100644 --- a/src/lib/gssapi/mechglue/g_inq_names.c +++ b/src/lib/gssapi/mechglue/g_inq_names.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -62,9 +62,9 @@ gss_OID_set * name_types; * select the approprate underlying mechanism routine and * call it. */ - + mech = gssint_get_mechanism (mechanism); - + if (mech) { if (mech->gss_inquire_names_for_mech) { @@ -79,7 +79,7 @@ gss_OID_set * name_types; return(status); } - + return (GSS_S_BAD_MECH); } diff --git a/src/lib/gssapi/mechglue/g_map_name_to_any.c b/src/lib/gssapi/mechglue/g_map_name_to_any.c index b0fa2be..3ed19e3 100644 --- a/src/lib/gssapi/mechglue/g_map_name_to_any.c +++ b/src/lib/gssapi/mechglue/g_map_name_to_any.c @@ -77,4 +77,3 @@ gss_map_name_to_any(OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_mech_invoke.c b/src/lib/gssapi/mechglue/g_mech_invoke.c index d753347..0b8019f 100644 --- a/src/lib/gssapi/mechglue/g_mech_invoke.c +++ b/src/lib/gssapi/mechglue/g_mech_invoke.c @@ -67,4 +67,3 @@ gssspi_mech_invoke (OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_mechname.c b/src/lib/gssapi/mechglue/g_mechname.c index 9ade234..cfb0a0d 100644 --- a/src/lib/gssapi/mechglue/g_mechname.c +++ b/src/lib/gssapi/mechglue/g_mechname.c @@ -84,7 +84,7 @@ gss_add_mech_name_type(minor_status, name_type, mech) } p->name_type = 0; p->mech = 0; - + major_status = generic_gss_copy_oid(minor_status, name_type, &p->name_type); if (major_status) { @@ -103,7 +103,7 @@ gss_add_mech_name_type(minor_status, name_type, mech) name_list = p; return GSS_S_COMPLETE; - + allocation_failure: if (p) { if (p->mech) @@ -114,4 +114,3 @@ allocation_failure: } return GSS_S_FAILURE; } - diff --git a/src/lib/gssapi/mechglue/g_oid_ops.c b/src/lib/gssapi/mechglue/g_oid_ops.c index bd19523..a68aca9 100644 --- a/src/lib/gssapi/mechglue/g_oid_ops.c +++ b/src/lib/gssapi/mechglue/g_oid_ops.c @@ -108,4 +108,3 @@ gssint_copy_oid_set( { return generic_gss_copy_oid_set(minor_status, oidset, new_oidset); } - diff --git a/src/lib/gssapi/mechglue/g_process_context.c b/src/lib/gssapi/mechglue/g_process_context.c index 9ed350c..bc260ae 100644 --- a/src/lib/gssapi/mechglue/g_process_context.c +++ b/src/lib/gssapi/mechglue/g_process_context.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -41,7 +41,7 @@ gss_buffer_t token_buffer; OM_uint32 status; gss_union_ctx_id_t ctx; gss_mechanism mech; - + if (minor_status == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); *minor_status = 0; @@ -59,7 +59,7 @@ gss_buffer_t token_buffer; * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); @@ -77,6 +77,6 @@ gss_buffer_t token_buffer; return(status); } - + return (GSS_S_BAD_MECH); } diff --git a/src/lib/gssapi/mechglue/g_rel_buffer.c b/src/lib/gssapi/mechglue/g_rel_buffer.c index 6f8367a..c1104fd 100644 --- a/src/lib/gssapi/mechglue/g_rel_buffer.c +++ b/src/lib/gssapi/mechglue/g_rel_buffer.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR diff --git a/src/lib/gssapi/mechglue/g_rel_cred.c b/src/lib/gssapi/mechglue/g_rel_cred.c index df208a0..2e9a0c7 100644 --- a/src/lib/gssapi/mechglue/g_rel_cred.c +++ b/src/lib/gssapi/mechglue/g_rel_cred.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -44,7 +44,7 @@ gss_cred_id_t * cred_handle; int j; gss_union_cred_t union_cred; gss_mechanism mech; - + if (minor_status == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); @@ -52,13 +52,13 @@ gss_cred_id_t * cred_handle; if (cred_handle == NULL) return (GSS_S_NO_CRED | GSS_S_CALL_INACCESSIBLE_READ); - + /* - * Loop through the union_cred struct, selecting the approprate + * Loop through the union_cred struct, selecting the approprate * underlying mechanism routine and calling it. At the end, * release all of the storage taken by the union_cred struct. */ - + union_cred = (gss_union_cred_t) *cred_handle; if (union_cred == (gss_union_cred_t)GSS_C_NO_CREDENTIAL) return (GSS_S_COMPLETE); @@ -68,7 +68,7 @@ gss_cred_id_t * cred_handle; *cred_handle = NULL; status = GSS_S_COMPLETE; - + for(j=0; j < union_cred->count; j++) { mech = gssint_get_mechanism (&union_cred->mechs_array[j]); @@ -97,6 +97,6 @@ gss_cred_id_t * cred_handle; free(union_cred->cred_array); free(union_cred->mechs_array); free(union_cred); - + return(status); } diff --git a/src/lib/gssapi/mechglue/g_rel_name.c b/src/lib/gssapi/mechglue/g_rel_name.c index 84d1af8..e8ac6c3 100644 --- a/src/lib/gssapi/mechglue/g_rel_name.c +++ b/src/lib/gssapi/mechglue/g_rel_name.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -42,11 +42,11 @@ gss_name_t * input_name; { gss_union_name_t union_name; - + if (minor_status == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); *minor_status = 0; - + /* if input_name is NULL, return error */ if (input_name == NULL) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME); @@ -58,7 +58,7 @@ gss_name_t * input_name; * free up the space for the external_name and then * free the union_name descriptor */ - + union_name = (gss_union_name_t) *input_name; if (GSSINT_CHK_LOOP(union_name)) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME); diff --git a/src/lib/gssapi/mechglue/g_rel_name_mapping.c b/src/lib/gssapi/mechglue/g_rel_name_mapping.c index b9159a1..9420ae8 100644 --- a/src/lib/gssapi/mechglue/g_rel_name_mapping.c +++ b/src/lib/gssapi/mechglue/g_rel_name_mapping.c @@ -75,4 +75,3 @@ gss_release_any_name_mapping(OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_rel_oid_set.c b/src/lib/gssapi/mechglue/g_rel_oid_set.c index 84c6ce6..fa008d6 100644 --- a/src/lib/gssapi/mechglue/g_rel_oid_set.c +++ b/src/lib/gssapi/mechglue/g_rel_oid_set.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR diff --git a/src/lib/gssapi/mechglue/g_seal.c b/src/lib/gssapi/mechglue/g_seal.c index 9faa5dd..acb4c36 100644 --- a/src/lib/gssapi/mechglue/g_seal.c +++ b/src/lib/gssapi/mechglue/g_seal.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -100,10 +100,10 @@ gss_buffer_t output_message_buffer; * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); - + if (mech) { if (mech->gss_wrap) { status = mech->gss_wrap( @@ -133,7 +133,7 @@ gss_buffer_t output_message_buffer; return(status); } /* EXPORT DELETE END */ - + return (GSS_S_BAD_MECH); } @@ -236,7 +236,7 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, if (minor_status == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); *minor_status = 0; - + if (context_handle == GSS_C_NO_CONTEXT) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); @@ -247,7 +247,7 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); diff --git a/src/lib/gssapi/mechglue/g_set_context_option.c b/src/lib/gssapi/mechglue/g_set_context_option.c index 2f4ba36..6a666dc 100644 --- a/src/lib/gssapi/mechglue/g_set_context_option.c +++ b/src/lib/gssapi/mechglue/g_set_context_option.c @@ -108,4 +108,3 @@ gss_set_sec_context_option (OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_set_cred_option.c b/src/lib/gssapi/mechglue/g_set_cred_option.c index bac8c5b..fc8ed4c 100644 --- a/src/lib/gssapi/mechglue/g_set_cred_option.c +++ b/src/lib/gssapi/mechglue/g_set_cred_option.c @@ -82,4 +82,3 @@ gssspi_set_cred_option(OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_set_name_attr.c b/src/lib/gssapi/mechglue/g_set_name_attr.c index 14df231..1ec72fc 100644 --- a/src/lib/gssapi/mechglue/g_set_name_attr.c +++ b/src/lib/gssapi/mechglue/g_set_name_attr.c @@ -71,4 +71,3 @@ gss_set_name_attribute(OM_uint32 *minor_status, return status; } - diff --git a/src/lib/gssapi/mechglue/g_sign.c b/src/lib/gssapi/mechglue/g_sign.c index eec0f49..86d641a 100644 --- a/src/lib/gssapi/mechglue/g_sign.c +++ b/src/lib/gssapi/mechglue/g_sign.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -132,4 +132,3 @@ gss_buffer_t msg_token; return (gss_get_mic(minor_status, context_handle, (gss_qop_t) qop_req, message_buffer, msg_token)); } - diff --git a/src/lib/gssapi/mechglue/g_unseal.c b/src/lib/gssapi/mechglue/g_unseal.c index c6b3350..3e8053c 100644 --- a/src/lib/gssapi/mechglue/g_unseal.c +++ b/src/lib/gssapi/mechglue/g_unseal.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR diff --git a/src/lib/gssapi/mechglue/g_unwrap_aead.c b/src/lib/gssapi/mechglue/g_unwrap_aead.c index 7dcc277..8be6d6a 100644 --- a/src/lib/gssapi/mechglue/g_unwrap_aead.c +++ b/src/lib/gssapi/mechglue/g_unwrap_aead.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -149,7 +149,7 @@ gssint_unwrap_aead (gss_mechanism mech, } else status = GSS_S_UNAVAILABLE; /* EXPORT DELETE END */ - + return (status); } @@ -187,7 +187,7 @@ gss_qop_t *qop_state; */ ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); - + if (!mech) return (GSS_S_BAD_MECH); @@ -195,4 +195,3 @@ gss_qop_t *qop_state; input_message_buffer, input_assoc_buffer, output_payload_buffer, conf_state, qop_state); } - diff --git a/src/lib/gssapi/mechglue/g_unwrap_iov.c b/src/lib/gssapi/mechglue/g_unwrap_iov.c index ebef1a7..aad9c76 100644 --- a/src/lib/gssapi/mechglue/g_unwrap_iov.c +++ b/src/lib/gssapi/mechglue/g_unwrap_iov.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -87,10 +87,10 @@ int iov_count; * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); - + if (mech) { if (mech->gss_unwrap_iov) { status = mech->gss_unwrap_iov( @@ -104,11 +104,10 @@ int iov_count; map_error(minor_status, mech); } else status = GSS_S_UNAVAILABLE; - + return(status); } /* EXPORT DELETE END */ - + return (GSS_S_BAD_MECH); } - diff --git a/src/lib/gssapi/mechglue/g_userok.c b/src/lib/gssapi/mechglue/g_userok.c index 90fa903..dbb0f02 100644 --- a/src/lib/gssapi/mechglue/g_userok.c +++ b/src/lib/gssapi/mechglue/g_userok.c @@ -111,4 +111,3 @@ gssint_userok(OM_uint32 *minor, return (major); } /* gss_userok */ - diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c index da3279c..1578ae1 100644 --- a/src/lib/gssapi/mechglue/g_verify.c +++ b/src/lib/gssapi/mechglue/g_verify.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c index ff170e2..7c059b4 100644 --- a/src/lib/gssapi/mechglue/g_wrap_aead.c +++ b/src/lib/gssapi/mechglue/g_wrap_aead.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -219,7 +219,7 @@ gssint_wrap_aead (gss_mechanism mech, /* EXPORT DELETE END */ - return status; + return status; } OM_uint32 KRB5_CALLCONV @@ -264,4 +264,4 @@ gss_buffer_t output_message_buffer; conf_req_flag, qop_req, input_assoc_buffer, input_payload_buffer, conf_state, output_message_buffer); -} +} diff --git a/src/lib/gssapi/mechglue/g_wrap_iov.c b/src/lib/gssapi/mechglue/g_wrap_iov.c index 8d054b2..9586c58 100644 --- a/src/lib/gssapi/mechglue/g_wrap_iov.c +++ b/src/lib/gssapi/mechglue/g_wrap_iov.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -91,10 +91,10 @@ int iov_count; * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); - + if (mech) { if (mech->gss_wrap_iov) { status = mech->gss_wrap_iov( @@ -109,11 +109,11 @@ int iov_count; map_error(minor_status, mech); } else status = GSS_S_UNAVAILABLE; - + return(status); } /* EXPORT DELETE END */ - + return (GSS_S_BAD_MECH); } @@ -149,10 +149,10 @@ int iov_count; * select the approprate underlying mechanism routine and * call it. */ - + ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); - + if (mech) { if (mech->gss_wrap_iov_length) { status = mech->gss_wrap_iov_length( @@ -167,11 +167,11 @@ int iov_count; map_error(minor_status, mech); } else status = GSS_S_UNAVAILABLE; - + return(status); } /* EXPORT DELETE END */ - + return (GSS_S_BAD_MECH); } @@ -204,4 +204,3 @@ int iov_count; return status; } - diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c index c310f16..8b8277f 100644 --- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c +++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -26,7 +26,7 @@ * glue routines that test the mech id either passed in to * gss_init_sec_contex() or gss_accept_sec_context() or within the glue * routine supported version of the security context and then call - * the appropriate underlying mechanism library procedure. + * the appropriate underlying mechanism library procedure. * */ @@ -64,4 +64,3 @@ uid_t * uid; return(status); } - diff --git a/src/lib/gssapi/mechglue/mechglue.h b/src/lib/gssapi/mechglue/mechglue.h index 7f3334a..8598369 100644 --- a/src/lib/gssapi/mechglue/mechglue.h +++ b/src/lib/gssapi/mechglue/mechglue.h @@ -2,7 +2,7 @@ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +12,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index 177db62..f35ac14 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -114,9 +114,9 @@ OM_uint32 gssint_get_mech_type_oid(gss_OID OID, gss_buffer_t token); * * This contants all of the functions defined in gssapi.h except for * gss_release_buffer() and gss_release_oid_set(), which I am - * assuming, for now, to be equal across mechanisms. + * assuming, for now, to be equal across mechanisms. */ - + typedef struct gss_config { gss_OID_desc mech_type; void * context; diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 999a5e3..2aa8ad5 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -6,7 +6,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -216,7 +216,7 @@ static struct gss_config spnego_mechanism = #ifndef LEAN_CLIENT spnego_gss_accept_sec_context, #else - NULL, + NULL, #endif /* LEAN_CLIENT */ NULL, /* gss_process_context_token */ spnego_gss_delete_sec_context, /* gss_delete_sec_context */ @@ -2571,7 +2571,7 @@ get_available_mechs(OM_uint32 *minor_status, */ if (found > 0 && major_status == GSS_S_COMPLETE && creds != NULL) { major_status = gss_acquire_cred(minor_status, - name, GSS_C_INDEFINITE, + name, GSS_C_INDEFINITE, *rmechs, usage, creds, &goodmechs, NULL); @@ -3704,9 +3704,9 @@ is_kerb_mech(gss_OID oid) int answer = 0; OM_uint32 minor; extern const gss_OID_set_desc * const gss_mech_set_krb5_both; - + (void) gss_test_oid_set_member(&minor, oid, (gss_OID_set)gss_mech_set_krb5_both, &answer); - + return (answer); } diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 5105c5e..4196a19 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kadm5/admin.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved @@ -42,18 +43,18 @@ #ifndef __KADM5_ADMIN_H__ #define __KADM5_ADMIN_H__ -#include <sys/types.h> -#include <gssrpc/rpc.h> -#include <krb5.h> -#include <kdb.h> -#include <com_err.h> -#include <kadm5/kadm_err.h> -#include <kadm5/chpass_util_strings.h> +#include <sys/types.h> +#include <gssrpc/rpc.h> +#include <krb5.h> +#include <kdb.h> +#include <com_err.h> +#include <kadm5/kadm_err.h> +#include <kadm5/chpass_util_strings.h> #ifndef KADM5INT_BEGIN_DECLS #if defined(__cplusplus) -#define KADM5INT_BEGIN_DECLS extern "C" { -#define KADM5INT_END_DECLS } +#define KADM5INT_BEGIN_DECLS extern "C" { +#define KADM5INT_END_DECLS } #else #define KADM5INT_BEGIN_DECLS #define KADM5INT_END_DECLS @@ -62,210 +63,210 @@ KADM5INT_BEGIN_DECLS -#define KADM5_ADMIN_SERVICE "kadmin/admin" -#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" -#define KADM5_HIST_PRINCIPAL "kadmin/history" +#define KADM5_ADMIN_SERVICE "kadmin/admin" +#define KADM5_CHANGEPW_SERVICE "kadmin/changepw" +#define KADM5_HIST_PRINCIPAL "kadmin/history" #define KADM5_KIPROP_HOST_SERVICE "kiprop" -typedef krb5_principal kadm5_princ_t; -typedef char *kadm5_policy_t; -typedef long kadm5_ret_t; +typedef krb5_principal kadm5_princ_t; +typedef char *kadm5_policy_t; +typedef long kadm5_ret_t; -#define KADM5_PW_FIRST_PROMPT \ - (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) -#define KADM5_PW_SECOND_PROMPT \ - (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) +#define KADM5_PW_FIRST_PROMPT \ + (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT)) +#define KADM5_PW_SECOND_PROMPT \ + (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT)) /* * Successful return code */ -#define KADM5_OK 0 +#define KADM5_OK 0 /* * Field masks */ /* kadm5_principal_ent_t */ -#define KADM5_PRINCIPAL 0x000001 -#define KADM5_PRINC_EXPIRE_TIME 0x000002 -#define KADM5_PW_EXPIRATION 0x000004 -#define KADM5_LAST_PWD_CHANGE 0x000008 -#define KADM5_ATTRIBUTES 0x000010 -#define KADM5_MAX_LIFE 0x000020 -#define KADM5_MOD_TIME 0x000040 -#define KADM5_MOD_NAME 0x000080 -#define KADM5_KVNO 0x000100 -#define KADM5_MKVNO 0x000200 -#define KADM5_AUX_ATTRIBUTES 0x000400 -#define KADM5_POLICY 0x000800 -#define KADM5_POLICY_CLR 0x001000 +#define KADM5_PRINCIPAL 0x000001 +#define KADM5_PRINC_EXPIRE_TIME 0x000002 +#define KADM5_PW_EXPIRATION 0x000004 +#define KADM5_LAST_PWD_CHANGE 0x000008 +#define KADM5_ATTRIBUTES 0x000010 +#define KADM5_MAX_LIFE 0x000020 +#define KADM5_MOD_TIME 0x000040 +#define KADM5_MOD_NAME 0x000080 +#define KADM5_KVNO 0x000100 +#define KADM5_MKVNO 0x000200 +#define KADM5_AUX_ATTRIBUTES 0x000400 +#define KADM5_POLICY 0x000800 +#define KADM5_POLICY_CLR 0x001000 /* version 2 masks */ -#define KADM5_MAX_RLIFE 0x002000 -#define KADM5_LAST_SUCCESS 0x004000 -#define KADM5_LAST_FAILED 0x008000 -#define KADM5_FAIL_AUTH_COUNT 0x010000 -#define KADM5_KEY_DATA 0x020000 -#define KADM5_TL_DATA 0x040000 +#define KADM5_MAX_RLIFE 0x002000 +#define KADM5_LAST_SUCCESS 0x004000 +#define KADM5_LAST_FAILED 0x008000 +#define KADM5_FAIL_AUTH_COUNT 0x010000 +#define KADM5_KEY_DATA 0x020000 +#define KADM5_TL_DATA 0x040000 #ifdef notyet /* Novell */ #define KADM5_CPW_FUNCTION 0x080000 #define KADM5_RANDKEY_USED 0x100000 #endif -#define KADM5_LOAD 0x200000 +#define KADM5_LOAD 0x200000 /* all but KEY_DATA, TL_DATA, LOAD */ #define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff /* kadm5_policy_ent_t */ -#define KADM5_PW_MAX_LIFE 0x004000 -#define KADM5_PW_MIN_LIFE 0x008000 -#define KADM5_PW_MIN_LENGTH 0x010000 -#define KADM5_PW_MIN_CLASSES 0x020000 -#define KADM5_PW_HISTORY_NUM 0x040000 -#define KADM5_REF_COUNT 0x080000 -#define KADM5_PW_MAX_FAILURE 0x100000 -#define KADM5_PW_FAILURE_COUNT_INTERVAL 0x200000 -#define KADM5_PW_LOCKOUT_DURATION 0x400000 +#define KADM5_PW_MAX_LIFE 0x004000 +#define KADM5_PW_MIN_LIFE 0x008000 +#define KADM5_PW_MIN_LENGTH 0x010000 +#define KADM5_PW_MIN_CLASSES 0x020000 +#define KADM5_PW_HISTORY_NUM 0x040000 +#define KADM5_REF_COUNT 0x080000 +#define KADM5_PW_MAX_FAILURE 0x100000 +#define KADM5_PW_FAILURE_COUNT_INTERVAL 0x200000 +#define KADM5_PW_LOCKOUT_DURATION 0x400000 /* kadm5_config_params */ -#define KADM5_CONFIG_REALM 0x00000001 -#define KADM5_CONFIG_DBNAME 0x00000002 -#define KADM5_CONFIG_MKEY_NAME 0x00000004 -#define KADM5_CONFIG_MAX_LIFE 0x00000008 -#define KADM5_CONFIG_MAX_RLIFE 0x00000010 -#define KADM5_CONFIG_EXPIRATION 0x00000020 -#define KADM5_CONFIG_FLAGS 0x00000040 -#define KADM5_CONFIG_ADMIN_KEYTAB 0x00000080 -#define KADM5_CONFIG_STASH_FILE 0x00000100 -#define KADM5_CONFIG_ENCTYPE 0x00000200 -#define KADM5_CONFIG_ADBNAME 0x00000400 -#define KADM5_CONFIG_ADB_LOCKFILE 0x00000800 -/*#define KADM5_CONFIG_PROFILE 0x00001000*/ -#define KADM5_CONFIG_ACL_FILE 0x00002000 -#define KADM5_CONFIG_KADMIND_PORT 0x00004000 -#define KADM5_CONFIG_ENCTYPES 0x00008000 -#define KADM5_CONFIG_ADMIN_SERVER 0x00010000 -#define KADM5_CONFIG_DICT_FILE 0x00020000 -#define KADM5_CONFIG_MKEY_FROM_KBD 0x00040000 -#define KADM5_CONFIG_KPASSWD_PORT 0x00080000 -#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x00100000 -#define KADM5_CONFIG_NO_AUTH 0x00200000 -#define KADM5_CONFIG_AUTH_NOFALLBACK 0x00400000 +#define KADM5_CONFIG_REALM 0x00000001 +#define KADM5_CONFIG_DBNAME 0x00000002 +#define KADM5_CONFIG_MKEY_NAME 0x00000004 +#define KADM5_CONFIG_MAX_LIFE 0x00000008 +#define KADM5_CONFIG_MAX_RLIFE 0x00000010 +#define KADM5_CONFIG_EXPIRATION 0x00000020 +#define KADM5_CONFIG_FLAGS 0x00000040 +#define KADM5_CONFIG_ADMIN_KEYTAB 0x00000080 +#define KADM5_CONFIG_STASH_FILE 0x00000100 +#define KADM5_CONFIG_ENCTYPE 0x00000200 +#define KADM5_CONFIG_ADBNAME 0x00000400 +#define KADM5_CONFIG_ADB_LOCKFILE 0x00000800 +/*#define KADM5_CONFIG_PROFILE 0x00001000*/ +#define KADM5_CONFIG_ACL_FILE 0x00002000 +#define KADM5_CONFIG_KADMIND_PORT 0x00004000 +#define KADM5_CONFIG_ENCTYPES 0x00008000 +#define KADM5_CONFIG_ADMIN_SERVER 0x00010000 +#define KADM5_CONFIG_DICT_FILE 0x00020000 +#define KADM5_CONFIG_MKEY_FROM_KBD 0x00040000 +#define KADM5_CONFIG_KPASSWD_PORT 0x00080000 +#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x00100000 +#define KADM5_CONFIG_NO_AUTH 0x00200000 +#define KADM5_CONFIG_AUTH_NOFALLBACK 0x00400000 #ifdef notyet /* Novell */ #define KADM5_CONFIG_KPASSWD_SERVER 0x00800000 #endif -#define KADM5_CONFIG_IPROP_ENABLED 0x01000000 -#define KADM5_CONFIG_ULOG_SIZE 0x02000000 -#define KADM5_CONFIG_POLL_TIME 0x04000000 -#define KADM5_CONFIG_IPROP_LOGFILE 0x08000000 -#define KADM5_CONFIG_IPROP_PORT 0x10000000 -#define KADM5_CONFIG_KVNO 0x20000000 +#define KADM5_CONFIG_IPROP_ENABLED 0x01000000 +#define KADM5_CONFIG_ULOG_SIZE 0x02000000 +#define KADM5_CONFIG_POLL_TIME 0x04000000 +#define KADM5_CONFIG_IPROP_LOGFILE 0x08000000 +#define KADM5_CONFIG_IPROP_PORT 0x10000000 +#define KADM5_CONFIG_KVNO 0x20000000 /* * permission bits */ -#define KADM5_PRIV_GET 0x01 -#define KADM5_PRIV_ADD 0x02 -#define KADM5_PRIV_MODIFY 0x04 -#define KADM5_PRIV_DELETE 0x08 +#define KADM5_PRIV_GET 0x01 +#define KADM5_PRIV_ADD 0x02 +#define KADM5_PRIV_MODIFY 0x04 +#define KADM5_PRIV_DELETE 0x08 /* * API versioning constants */ -#define KADM5_MASK_BITS 0xffffff00 +#define KADM5_MASK_BITS 0xffffff00 -#define KADM5_STRUCT_VERSION_MASK 0x12345600 -#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01) -#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1 +#define KADM5_STRUCT_VERSION_MASK 0x12345600 +#define KADM5_STRUCT_VERSION_1 (KADM5_STRUCT_VERSION_MASK|0x01) +#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1 -#define KADM5_API_VERSION_MASK 0x12345700 -#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) -#define KADM5_API_VERSION_3 (KADM5_API_VERSION_MASK|0x03) +#define KADM5_API_VERSION_MASK 0x12345700 +#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) +#define KADM5_API_VERSION_3 (KADM5_API_VERSION_MASK|0x03) typedef struct _kadm5_principal_ent_t { - krb5_principal principal; - krb5_timestamp princ_expire_time; - krb5_timestamp last_pwd_change; - krb5_timestamp pw_expiration; - krb5_deltat max_life; - krb5_principal mod_name; - krb5_timestamp mod_date; - krb5_flags attributes; - krb5_kvno kvno; - krb5_kvno mkvno; - char *policy; - long aux_attributes; - - /* version 2 fields */ - krb5_deltat max_renewable_life; - krb5_timestamp last_success; - krb5_timestamp last_failed; - krb5_kvno fail_auth_count; - krb5_int16 n_key_data; - krb5_int16 n_tl_data; - krb5_tl_data *tl_data; - krb5_key_data *key_data; + krb5_principal principal; + krb5_timestamp princ_expire_time; + krb5_timestamp last_pwd_change; + krb5_timestamp pw_expiration; + krb5_deltat max_life; + krb5_principal mod_name; + krb5_timestamp mod_date; + krb5_flags attributes; + krb5_kvno kvno; + krb5_kvno mkvno; + char *policy; + long aux_attributes; + + /* version 2 fields */ + krb5_deltat max_renewable_life; + krb5_timestamp last_success; + krb5_timestamp last_failed; + krb5_kvno fail_auth_count; + krb5_int16 n_key_data; + krb5_int16 n_tl_data; + krb5_tl_data *tl_data; + krb5_key_data *key_data; } kadm5_principal_ent_rec, *kadm5_principal_ent_t; typedef struct _kadm5_policy_ent_t { - char *policy; - long pw_min_life; - long pw_max_life; - long pw_min_length; - long pw_min_classes; - long pw_history_num; - long policy_refcnt; - - /* version 3 fields */ - krb5_kvno pw_max_fail; - krb5_deltat pw_failcnt_interval; - krb5_deltat pw_lockout_duration; + char *policy; + long pw_min_life; + long pw_max_life; + long pw_min_length; + long pw_min_classes; + long pw_history_num; + long policy_refcnt; + + /* version 3 fields */ + krb5_kvno pw_max_fail; + krb5_deltat pw_failcnt_interval; + krb5_deltat pw_lockout_duration; } kadm5_policy_ent_rec, *kadm5_policy_ent_t; /* * Data structure returned by kadm5_get_config_params() */ typedef struct _kadm5_config_params { - long mask; - char * realm; - int kadmind_port; - int kpasswd_port; + long mask; + char * realm; + int kadmind_port; + int kpasswd_port; - char * admin_server; + char * admin_server; #ifdef notyet /* Novell */ /* ABI change? */ - char * kpasswd_server; + char * kpasswd_server; #endif - /* Deprecated except for db2 backwards compatibility. Don't add - new uses except as fallbacks for parameters that should be - specified in the database module section of the config - file. */ - char * dbname; - - /* dummy fields to preserve abi for now */ - char * admin_dbname_was_here; - char * admin_lockfile_was_here; - - char * admin_keytab; - char * acl_file; - char * dict_file; - - int mkey_from_kbd; - char * stash_file; - char * mkey_name; - krb5_enctype enctype; - krb5_deltat max_life; - krb5_deltat max_rlife; - krb5_timestamp expiration; - krb5_flags flags; - krb5_key_salt_tuple *keysalts; - krb5_int32 num_keysalts; - krb5_kvno kvno; - bool_t iprop_enabled; - uint32_t iprop_ulogsize; - krb5_deltat iprop_poll_time; - char * iprop_logfile; -/* char * iprop_server;*/ - int iprop_port; + /* Deprecated except for db2 backwards compatibility. Don't add + new uses except as fallbacks for parameters that should be + specified in the database module section of the config + file. */ + char * dbname; + + /* dummy fields to preserve abi for now */ + char * admin_dbname_was_here; + char * admin_lockfile_was_here; + + char * admin_keytab; + char * acl_file; + char * dict_file; + + int mkey_from_kbd; + char * stash_file; + char * mkey_name; + krb5_enctype enctype; + krb5_deltat max_life; + krb5_deltat max_rlife; + krb5_timestamp expiration; + krb5_flags flags; + krb5_key_salt_tuple *keysalts; + krb5_int32 num_keysalts; + krb5_kvno kvno; + bool_t iprop_enabled; + uint32_t iprop_ulogsize; + krb5_deltat iprop_poll_time; + char * iprop_logfile; +/* char * iprop_server;*/ + int iprop_port; } kadm5_config_params; /*********************************************************************** @@ -278,31 +279,31 @@ typedef struct _kadm5_config_params { * Data structure returned by krb5_read_realm_params() */ typedef struct __krb5_realm_params { - char * realm_profile; - char * realm_dbname; - char * realm_mkey_name; - char * realm_stash_file; - char * realm_kdc_ports; - char * realm_kdc_tcp_ports; - char * realm_acl_file; + char * realm_profile; + char * realm_dbname; + char * realm_mkey_name; + char * realm_stash_file; + char * realm_kdc_ports; + char * realm_kdc_tcp_ports; + char * realm_acl_file; char * realm_host_based_services; char * realm_no_host_referral; - krb5_int32 realm_kadmind_port; - krb5_enctype realm_enctype; - krb5_deltat realm_max_life; - krb5_deltat realm_max_rlife; - krb5_timestamp realm_expiration; - krb5_flags realm_flags; - krb5_key_salt_tuple *realm_keysalts; - unsigned int realm_reject_bad_transit:1; - unsigned int realm_kadmind_port_valid:1; - unsigned int realm_enctype_valid:1; - unsigned int realm_max_life_valid:1; - unsigned int realm_max_rlife_valid:1; - unsigned int realm_expiration_valid:1; - unsigned int realm_flags_valid:1; - unsigned int realm_reject_bad_transit_valid:1; - krb5_int32 realm_num_keysalts; + krb5_int32 realm_kadmind_port; + krb5_enctype realm_enctype; + krb5_deltat realm_max_life; + krb5_deltat realm_max_rlife; + krb5_timestamp realm_expiration; + krb5_flags realm_flags; + krb5_key_salt_tuple *realm_keysalts; + unsigned int realm_reject_bad_transit:1; + unsigned int realm_kadmind_port_valid:1; + unsigned int realm_enctype_valid:1; + unsigned int realm_max_life_valid:1; + unsigned int realm_max_rlife_valid:1; + unsigned int realm_expiration_valid:1; + unsigned int realm_flags_valid:1; + unsigned int realm_reject_bad_transit_valid:1; + krb5_int32 realm_num_keysalts; } krb5_realm_params; /* @@ -310,18 +311,18 @@ typedef struct __krb5_realm_params { */ krb5_error_code kadm5_get_config_params(krb5_context context, - int use_kdc_config, - kadm5_config_params *params_in, - kadm5_config_params *params_out); + int use_kdc_config, + kadm5_config_params *params_in, + kadm5_config_params *params_out); -krb5_error_code kadm5_free_config_params(krb5_context context, - kadm5_config_params *params); +krb5_error_code kadm5_free_config_params(krb5_context context, + kadm5_config_params *params); krb5_error_code kadm5_free_realm_params(krb5_context kcontext, - kadm5_config_params *params); + kadm5_config_params *params); krb5_error_code kadm5_get_admin_service_name(krb5_context, char *, - char *, size_t); + char *, size_t); /* * For all initialization functions, the caller must first initialize @@ -331,109 +332,109 @@ krb5_error_code kadm5_get_admin_service_name(krb5_context, char *, */ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, - char *pass, char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle); + char *pass, char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle); kadm5_ret_t kadm5_init_with_password(krb5_context context, - char *client_name, - char *pass, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle); + char *client_name, + char *pass, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle); kadm5_ret_t kadm5_init_with_skey(krb5_context context, - char *client_name, - char *keytab, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle); + char *client_name, + char *keytab, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle); kadm5_ret_t kadm5_init_with_creds(krb5_context context, - char *client_name, - krb5_ccache cc, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle); + char *client_name, + krb5_ccache cc, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle); kadm5_ret_t kadm5_lock(void *server_handle); kadm5_ret_t kadm5_unlock(void *server_handle); kadm5_ret_t kadm5_flush(void *server_handle); kadm5_ret_t kadm5_destroy(void *server_handle); kadm5_ret_t kadm5_create_principal(void *server_handle, - kadm5_principal_ent_t ent, - long mask, char *pass); + kadm5_principal_ent_t ent, + long mask, char *pass); kadm5_ret_t kadm5_create_principal_3(void *server_handle, - kadm5_principal_ent_t ent, - long mask, - int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - char *pass); + kadm5_principal_ent_t ent, + long mask, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + char *pass); kadm5_ret_t kadm5_delete_principal(void *server_handle, - krb5_principal principal); + krb5_principal principal); kadm5_ret_t kadm5_modify_principal(void *server_handle, - kadm5_principal_ent_t ent, - long mask); + kadm5_principal_ent_t ent, + long mask); kadm5_ret_t kadm5_rename_principal(void *server_handle, - krb5_principal,krb5_principal); + krb5_principal,krb5_principal); kadm5_ret_t kadm5_get_principal(void *server_handle, - krb5_principal principal, - kadm5_principal_ent_t ent, - long mask); + krb5_principal principal, + kadm5_principal_ent_t ent, + long mask); kadm5_ret_t kadm5_chpass_principal(void *server_handle, - krb5_principal principal, - char *pass); + krb5_principal principal, + char *pass); kadm5_ret_t kadm5_chpass_principal_3(void *server_handle, - krb5_principal principal, - krb5_boolean keepold, - int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - char *pass); + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + char *pass); kadm5_ret_t kadm5_randkey_principal(void *server_handle, - krb5_principal principal, - krb5_keyblock **keyblocks, - int *n_keys); + krb5_principal principal, + krb5_keyblock **keyblocks, + int *n_keys); kadm5_ret_t kadm5_randkey_principal_3(void *server_handle, - krb5_principal principal, - krb5_boolean keepold, - int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - krb5_keyblock **keyblocks, - int *n_keys); + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock **keyblocks, + int *n_keys); kadm5_ret_t kadm5_setv4key_principal(void *server_handle, - krb5_principal principal, - krb5_keyblock *keyblock); + krb5_principal principal, + krb5_keyblock *keyblock); kadm5_ret_t kadm5_setkey_principal(void *server_handle, - krb5_principal principal, - krb5_keyblock *keyblocks, - int n_keys); + krb5_principal principal, + krb5_keyblock *keyblocks, + int n_keys); kadm5_ret_t kadm5_setkey_principal_3(void *server_handle, - krb5_principal principal, - krb5_boolean keepold, - int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - krb5_keyblock *keyblocks, - int n_keys); + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock *keyblocks, + int n_keys); kadm5_ret_t kadm5_decrypt_key(void *server_handle, - kadm5_principal_ent_t entry, krb5_int32 - ktype, krb5_int32 stype, krb5_int32 - kvno, krb5_keyblock *keyblock, - krb5_keysalt *keysalt, int *kvnop); + kadm5_principal_ent_t entry, krb5_int32 + ktype, krb5_int32 stype, krb5_int32 + kvno, krb5_keyblock *keyblock, + krb5_keysalt *keysalt, int *kvnop); kadm5_ret_t kadm5_create_policy(void *server_handle, - kadm5_policy_ent_t ent, - long mask); + kadm5_policy_ent_t ent, + long mask); /* * kadm5_create_policy_internal is not part of the supported, * exposed API. It is available only in the server library, and you @@ -441,13 +442,13 @@ kadm5_ret_t kadm5_create_policy(void *server_handle, * different from kadm5_create_policy. */ kadm5_ret_t kadm5_create_policy_internal(void *server_handle, - kadm5_policy_ent_t - entry, long mask); + kadm5_policy_ent_t + entry, long mask); kadm5_ret_t kadm5_delete_policy(void *server_handle, - kadm5_policy_t policy); + kadm5_policy_t policy); kadm5_ret_t kadm5_modify_policy(void *server_handle, - kadm5_policy_ent_t ent, - long mask); + kadm5_policy_ent_t ent, + long mask); /* * kadm5_modify_policy_internal is not part of the supported, * exposed API. It is available only in the server library, and you @@ -455,41 +456,41 @@ kadm5_ret_t kadm5_modify_policy(void *server_handle, * different from kadm5_modify_policy. */ kadm5_ret_t kadm5_modify_policy_internal(void *server_handle, - kadm5_policy_ent_t - entry, long mask); + kadm5_policy_ent_t + entry, long mask); kadm5_ret_t kadm5_get_policy(void *server_handle, - kadm5_policy_t policy, - kadm5_policy_ent_t ent); + kadm5_policy_t policy, + kadm5_policy_ent_t ent); kadm5_ret_t kadm5_get_privs(void *server_handle, - long *privs); + long *privs); kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, - krb5_principal princ, - char *new_pw, - char **ret_pw, - char *msg_ret, - unsigned int msg_len); + krb5_principal princ, + char *new_pw, + char **ret_pw, + char *msg_ret, + unsigned int msg_len); kadm5_ret_t kadm5_free_principal_ent(void *server_handle, - kadm5_principal_ent_t - ent); + kadm5_principal_ent_t + ent); kadm5_ret_t kadm5_free_policy_ent(void *server_handle, - kadm5_policy_ent_t ent); + kadm5_policy_ent_t ent); kadm5_ret_t kadm5_get_principals(void *server_handle, - char *exp, char ***princs, - int *count); + char *exp, char ***princs, + int *count); kadm5_ret_t kadm5_get_policies(void *server_handle, - char *exp, char ***pols, - int *count); + char *exp, char ***pols, + int *count); kadm5_ret_t kadm5_free_key_data(void *server_handle, - krb5_int16 *n_key_data, - krb5_key_data *key_data); + krb5_int16 *n_key_data, + krb5_key_data *key_data); -kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, - int count); +kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, + int count); krb5_error_code kadm5_init_krb5_context (krb5_context *); @@ -501,9 +502,9 @@ krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args); * to the network protocol. */ kadm5_ret_t kadm5_get_principal_keys(void *server_handle, - krb5_principal principal, - krb5_keyblock **keyblocks, - int *n_keys); + krb5_principal principal, + krb5_keyblock **keyblocks, + int *n_keys); KADM5INT_END_DECLS diff --git a/src/lib/kadm5/admin_internal.h b/src/lib/kadm5/admin_internal.h index f08325c..dc21a65 100644 --- a/src/lib/kadm5/admin_internal.h +++ b/src/lib/kadm5/admin_internal.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -8,32 +9,32 @@ #include <kadm5/admin.h> -#define KADM5_SERVER_HANDLE_MAGIC 0x12345800 +#define KADM5_SERVER_HANDLE_MAGIC 0x12345800 -#define GENERIC_CHECK_HANDLE(handle, old_api_version, new_api_version) \ -{ \ - kadm5_server_handle_t srvr = \ - (kadm5_server_handle_t) handle; \ - \ - if (! srvr) \ - return KADM5_BAD_SERVER_HANDLE; \ - if (srvr->magic_number != KADM5_SERVER_HANDLE_MAGIC) \ - return KADM5_BAD_SERVER_HANDLE; \ - if ((srvr->struct_version & KADM5_MASK_BITS) != \ - KADM5_STRUCT_VERSION_MASK) \ - return KADM5_BAD_STRUCT_VERSION; \ - if (srvr->struct_version < KADM5_STRUCT_VERSION_1) \ - return KADM5_OLD_STRUCT_VERSION; \ - if (srvr->struct_version > KADM5_STRUCT_VERSION_1) \ - return KADM5_NEW_STRUCT_VERSION; \ - if ((srvr->api_version & KADM5_MASK_BITS) != \ - KADM5_API_VERSION_MASK) \ - return KADM5_BAD_API_VERSION; \ - if (srvr->api_version < KADM5_API_VERSION_2) \ - return old_api_version; \ - if (srvr->api_version > KADM5_API_VERSION_3) \ - return new_api_version; \ -} +#define GENERIC_CHECK_HANDLE(handle, old_api_version, new_api_version) \ + { \ + kadm5_server_handle_t srvr = \ + (kadm5_server_handle_t) handle; \ + \ + if (! srvr) \ + return KADM5_BAD_SERVER_HANDLE; \ + if (srvr->magic_number != KADM5_SERVER_HANDLE_MAGIC) \ + return KADM5_BAD_SERVER_HANDLE; \ + if ((srvr->struct_version & KADM5_MASK_BITS) != \ + KADM5_STRUCT_VERSION_MASK) \ + return KADM5_BAD_STRUCT_VERSION; \ + if (srvr->struct_version < KADM5_STRUCT_VERSION_1) \ + return KADM5_OLD_STRUCT_VERSION; \ + if (srvr->struct_version > KADM5_STRUCT_VERSION_1) \ + return KADM5_NEW_STRUCT_VERSION; \ + if ((srvr->api_version & KADM5_MASK_BITS) != \ + KADM5_API_VERSION_MASK) \ + return KADM5_BAD_API_VERSION; \ + if (srvr->api_version < KADM5_API_VERSION_2) \ + return old_api_version; \ + if (srvr->api_version > KADM5_API_VERSION_3) \ + return new_api_version; \ + } /* * _KADM5_CHECK_HANDLE calls the function _kadm5_check_handle and @@ -53,28 +54,28 @@ * * Got that? */ -#define _KADM5_CHECK_HANDLE(handle) \ -{ int ecode; if ((ecode = _kadm5_check_handle((void *)handle))) return ecode;} +#define _KADM5_CHECK_HANDLE(handle) \ + { int ecode; if ((ecode = _kadm5_check_handle((void *)handle))) return ecode;} int _kadm5_check_handle(void *handle); kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, - void *lhandle, - krb5_principal princ, - char *new_pw, - char **ret_pw, - char *msg_ret, - unsigned int msg_len); + void *lhandle, + krb5_principal princ, + char *new_pw, + char **ret_pw, + char *msg_ret, + unsigned int msg_len); /* this is needed by the alt_prof code I stole. The functions maybe shouldn't be named krb5_*, but they are. */ krb5_error_code krb5_string_to_keysalts(char *string, const char *tupleseps, - const char *ksaltseps, krb5_boolean dups, - krb5_key_salt_tuple **ksaltp, krb5_int32 *nksaltp); + const char *ksaltseps, krb5_boolean dups, + krb5_key_salt_tuple **ksaltp, krb5_int32 *nksaltp); krb5_error_code krb5_string_to_flags(char* string, const char* positive, const char* negative, - krb5_flags *flagsp); + krb5_flags *flagsp); #endif /* __KADM5_ADMIN_INTERNAL_H__ */ diff --git a/src/lib/kadm5/admin_xdr.h b/src/lib/kadm5/admin_xdr.h index 05d1a7e..cff22e7 100644 --- a/src/lib/kadm5/admin_xdr.h +++ b/src/lib/kadm5/admin_xdr.h @@ -2,7 +2,7 @@ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * * $Header$ - * + * */ #include <kadm5/admin.h> diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index 55a850d..5b967a0 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kadm/alt_prof.c * @@ -41,15 +42,15 @@ krb5_boolean krb5_match_config_pattern(const char *, const char*); static krb5_key_salt_tuple *copy_key_salt_tuple(ksalt, len) -krb5_key_salt_tuple *ksalt; -krb5_int32 len; + krb5_key_salt_tuple *ksalt; + krb5_int32 len; { - krb5_key_salt_tuple *knew; + krb5_key_salt_tuple *knew; if((knew = (krb5_key_salt_tuple *) - malloc((len ) * sizeof(krb5_key_salt_tuple)))) { - memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple)); - return knew; + malloc((len ) * sizeof(krb5_key_salt_tuple)))) { + memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple)); + return knew; } return 0; } @@ -275,8 +276,8 @@ krb5_aprof_get_string(acontext, hierarchy, uselast, stringp) } /* - * krb5_aprof_get_string_all() - When the attr identified by "hierarchy" is specified multiple times, - * collect all its string values from the alternate profile. + * krb5_aprof_get_string_all() - When the attr identified by "hierarchy" is specified multiple times, + * collect all its string values from the alternate profile. * * Parameters: * acontext - opaque context for alternate profile. @@ -297,16 +298,16 @@ krb5_aprof_get_string_all(acontext, hierarchy, stringp) char **values; int lastidx = 0; char *tmp = NULL ; - size_t buf_size = 0; + size_t buf_size = 0; kret = krb5_aprof_getvals(acontext, hierarchy, &values); if (!kret) { for (lastidx=0; values[lastidx]; lastidx++); lastidx--; - + buf_size = strlen(values[0])+3; for (lastidx=1; values[lastidx]; lastidx++){ buf_size += strlen(values[lastidx]) + 3; - } + } } if (buf_size > 0) { *stringp = calloc(1,buf_size); @@ -319,12 +320,12 @@ krb5_aprof_get_string_all(acontext, hierarchy, stringp) for (lastidx=1; values[lastidx]; lastidx++){ tmp = strcat(tmp, " "); tmp = strcat(tmp, values[lastidx]); - } + } /* Free the string storage */ profile_free_list(values); } return(kret); -} +} /* @@ -510,9 +511,9 @@ get_deltat_param(krb5_deltat *param_out, krb5_deltat param_in, */ krb5_error_code kadm5_get_config_params(context, use_kdc_config, params_in, params_out) - krb5_context context; - int use_kdc_config; - kadm5_config_params *params_in, *params_out; + krb5_context context; + int use_kdc_config; + kadm5_config_params *params_in, *params_out; { char *filename; char *envname; @@ -531,15 +532,15 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config, if (params_in == NULL) params_in = &empty_params; if (params_in->mask & KADM5_CONFIG_REALM) { - lrealm = params.realm = strdup(params_in->realm); - if (params.realm) - params.mask |= KADM5_CONFIG_REALM; + lrealm = params.realm = strdup(params_in->realm); + if (params.realm) + params.mask |= KADM5_CONFIG_REALM; } else { - kret = krb5_get_default_realm(context, &lrealm); - if (kret) - goto cleanup; - params.realm = lrealm; - params.mask |= KADM5_CONFIG_REALM; + kret = krb5_get_default_realm(context, &lrealm); + if (kret) + goto cleanup; + params.realm = lrealm; + params.mask |= KADM5_CONFIG_REALM; } if (params_in->mask & KADM5_CONFIG_KVNO) { @@ -563,16 +564,16 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config, kret = krb5_aprof_init(filename, envname, &aprofile); if (kret) - goto cleanup; - + goto cleanup; + /* Initialize realm parameters */ hierarchy[0] = KRB5_CONF_REALMS; hierarchy[1] = lrealm; hierarchy[3] = (char *) NULL; -#define GET_STRING_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ - get_string_param(¶ms.FIELD, params_in->FIELD, \ - ¶ms.mask, params_in->mask, BIT, \ +#define GET_STRING_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ + get_string_param(¶ms.FIELD, params_in->FIELD, \ + ¶ms.mask, params_in->mask, BIT, \ aprofile, hierarchy, CONFTAG, DEFAULT) /* Get the value for the admin server */ @@ -580,13 +581,13 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config, NULL); if (params.mask & KADM5_CONFIG_ADMIN_SERVER) { - char *p; - p = strchr(params.admin_server, ':'); - if (p) { - params.kadmind_port = atoi(p+1); - params.mask |= KADM5_CONFIG_KADMIND_PORT; - *p = '\0'; - } + char *p; + p = strchr(params.admin_server, ':'); + if (p) { + params.kadmind_port = atoi(p+1); + params.mask |= KADM5_CONFIG_KADMIND_PORT; + *p = '\0'; + } } /* Get the value for the database */ @@ -607,7 +608,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config, if (params.admin_keytab) params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; } - + /* Get the name of the acl file */ GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, KRB5_CONF_ACL_FILE, DEFAULT_KADM5_ACL_FILE); @@ -615,9 +616,9 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config, /* Get the name of the dict file */ GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, KRB5_CONF_DICT_FILE, NULL); -#define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ - get_port_param(¶ms.FIELD, params_in->FIELD, \ - ¶ms.mask, params_in->mask, BIT, \ +#define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ + get_port_param(¶ms.FIELD, params_in->FIELD, \ + ¶ms.mask, params_in->mask, BIT, \ aprofile, hierarchy, CONFTAG, DEFAULT) /* Get the value for the kadmind port */ GET_PORT_PARAM(kadmind_port, KADM5_CONFIG_KADMIND_PORT, @@ -634,33 +635,33 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config, /* Get the value for the master key type */ hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE; if (params_in->mask & KADM5_CONFIG_ENCTYPE) { - params.mask |= KADM5_CONFIG_ENCTYPE; - params.enctype = params_in->enctype; + params.mask |= KADM5_CONFIG_ENCTYPE; + params.enctype = params_in->enctype; } else if (aprofile && !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - if (!krb5_string_to_enctype(svalue, ¶ms.enctype)) { - params.mask |= KADM5_CONFIG_ENCTYPE; - free(svalue); - } + if (!krb5_string_to_enctype(svalue, ¶ms.enctype)) { + params.mask |= KADM5_CONFIG_ENCTYPE; + free(svalue); + } } else { - params.mask |= KADM5_CONFIG_ENCTYPE; - params.enctype = DEFAULT_KDC_ENCTYPE; + params.mask |= KADM5_CONFIG_ENCTYPE; + params.enctype = DEFAULT_KDC_ENCTYPE; } - + /* Get the value for mkey_from_kbd */ if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) { - params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; - params.mkey_from_kbd = params_in->mkey_from_kbd; + params.mask |= KADM5_CONFIG_MKEY_FROM_KBD; + params.mkey_from_kbd = params_in->mkey_from_kbd; } - + /* Get the value for the stashfile */ GET_STRING_PARAM(stash_file, KADM5_CONFIG_STASH_FILE, KRB5_CONF_KEY_STASH_FILE, NULL); /* Get the value for maximum ticket lifetime. */ -#define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ - get_deltat_param(¶ms.FIELD, params_in->FIELD, \ - ¶ms.mask, params_in->mask, BIT, \ +#define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ + get_deltat_param(¶ms.FIELD, params_in->FIELD, \ + ¶ms.mask, params_in->mask, BIT, \ aprofile, hierarchy, CONFTAG, DEFAULT) GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, KRB5_CONF_MAX_LIFE, @@ -673,159 +674,159 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config, /* Get the value for the default principal expiration */ hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION; if (params_in->mask & KADM5_CONFIG_EXPIRATION) { - params.mask |= KADM5_CONFIG_EXPIRATION; - params.expiration = params_in->expiration; + params.mask |= KADM5_CONFIG_EXPIRATION; + params.expiration = params_in->expiration; } else if (aprofile && !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - if (!krb5_string_to_timestamp(svalue, ¶ms.expiration)) { - params.mask |= KADM5_CONFIG_EXPIRATION; - free(svalue); - } + if (!krb5_string_to_timestamp(svalue, ¶ms.expiration)) { + params.mask |= KADM5_CONFIG_EXPIRATION; + free(svalue); + } } else { - params.mask |= KADM5_CONFIG_EXPIRATION; - params.expiration = 0; + params.mask |= KADM5_CONFIG_EXPIRATION; + params.expiration = 0; } - + /* Get the value for the default principal flags */ hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS; if (params_in->mask & KADM5_CONFIG_FLAGS) { - params.mask |= KADM5_CONFIG_FLAGS; - params.flags = params_in->flags; + params.mask |= KADM5_CONFIG_FLAGS; + params.flags = params_in->flags; } else if (aprofile && !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { - char *sp, *ep, *tp; - - sp = svalue; - params.flags = 0; - while (sp) { - if ((ep = strchr(sp, (int) ',')) || - (ep = strchr(sp, (int) ' ')) || - (ep = strchr(sp, (int) '\t'))) { - /* Fill in trailing whitespace of sp */ - tp = ep - 1; - while (isspace((int) *tp) && (tp > sp)) { - *tp = '\0'; - tp--; - } - *ep = '\0'; - ep++; - /* Skip over trailing whitespace of ep */ - while (isspace((int) *ep) && (*ep)) ep++; - } - /* Convert this flag */ - if (krb5_string_to_flags(sp, - "+", - "-", - ¶ms.flags)) - break; - sp = ep; - } - if (!sp) - params.mask |= KADM5_CONFIG_FLAGS; - free(svalue); + char *sp, *ep, *tp; + + sp = svalue; + params.flags = 0; + while (sp) { + if ((ep = strchr(sp, (int) ',')) || + (ep = strchr(sp, (int) ' ')) || + (ep = strchr(sp, (int) '\t'))) { + /* Fill in trailing whitespace of sp */ + tp = ep - 1; + while (isspace((int) *tp) && (tp > sp)) { + *tp = '\0'; + tp--; + } + *ep = '\0'; + ep++; + /* Skip over trailing whitespace of ep */ + while (isspace((int) *ep) && (*ep)) ep++; + } + /* Convert this flag */ + if (krb5_string_to_flags(sp, + "+", + "-", + ¶ms.flags)) + break; + sp = ep; + } + if (!sp) + params.mask |= KADM5_CONFIG_FLAGS; + free(svalue); } else { - params.mask |= KADM5_CONFIG_FLAGS; - params.flags = KRB5_KDB_DEF_FLAGS; + params.mask |= KADM5_CONFIG_FLAGS; + params.flags = KRB5_KDB_DEF_FLAGS; } /* Get the value for the supported enctype/salttype matrix */ hierarchy[2] = KRB5_CONF_SUPPORTED_ENCTYPES; if (params_in->mask & KADM5_CONFIG_ENCTYPES) { - /* The following scenario is when the input keysalts are !NULL */ - if(params_in->keysalts) { - params.keysalts = copy_key_salt_tuple(params_in->keysalts, - params_in->num_keysalts); - if(params.keysalts) { - params.mask |= KADM5_CONFIG_ENCTYPES; - params.num_keysalts = params_in->num_keysalts; - } - } else { - params.mask |= KADM5_CONFIG_ENCTYPES; - params.keysalts = 0; - params.num_keysalts = params_in->num_keysalts; - } + /* The following scenario is when the input keysalts are !NULL */ + if(params_in->keysalts) { + params.keysalts = copy_key_salt_tuple(params_in->keysalts, + params_in->num_keysalts); + if(params.keysalts) { + params.mask |= KADM5_CONFIG_ENCTYPES; + params.num_keysalts = params_in->num_keysalts; + } + } else { + params.mask |= KADM5_CONFIG_ENCTYPES; + params.keysalts = 0; + params.num_keysalts = params_in->num_keysalts; + } } else { - svalue = NULL; - if (aprofile) - krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue); - if (svalue == NULL) - svalue = strdup(KRB5_DEFAULT_SUPPORTED_ENCTYPES); - - params.keysalts = NULL; - params.num_keysalts = 0; - krb5_string_to_keysalts(svalue, - ", \t",/* Tuple separators */ - ":.-", /* Key/salt separators */ - 0, /* No duplicates */ - ¶ms.keysalts, - ¶ms.num_keysalts); - if (params.num_keysalts) - params.mask |= KADM5_CONFIG_ENCTYPES; - - free(svalue); + svalue = NULL; + if (aprofile) + krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue); + if (svalue == NULL) + svalue = strdup(KRB5_DEFAULT_SUPPORTED_ENCTYPES); + + params.keysalts = NULL; + params.num_keysalts = 0; + krb5_string_to_keysalts(svalue, + ", \t",/* Tuple separators */ + ":.-", /* Key/salt separators */ + 0, /* No duplicates */ + ¶ms.keysalts, + ¶ms.num_keysalts); + if (params.num_keysalts) + params.mask |= KADM5_CONFIG_ENCTYPES; + + free(svalue); } - - hierarchy[2] = KRB5_CONF_IPROP_ENABLE; - params.iprop_enabled = FALSE; - params.mask |= KADM5_CONFIG_IPROP_ENABLED; + hierarchy[2] = KRB5_CONF_IPROP_ENABLE; - if (params_in->mask & KADM5_CONFIG_IPROP_ENABLED) { - params.mask |= KADM5_CONFIG_IPROP_ENABLED; - params.iprop_enabled = params_in->iprop_enabled; - } else { - krb5_boolean bvalue; - if (aprofile && - !krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { - params.iprop_enabled = bvalue; - params.mask |= KADM5_CONFIG_IPROP_ENABLED; - } + params.iprop_enabled = FALSE; + params.mask |= KADM5_CONFIG_IPROP_ENABLED; + + if (params_in->mask & KADM5_CONFIG_IPROP_ENABLED) { + params.mask |= KADM5_CONFIG_IPROP_ENABLED; + params.iprop_enabled = params_in->iprop_enabled; + } else { + krb5_boolean bvalue; + if (aprofile && + !krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { + params.iprop_enabled = bvalue; + params.mask |= KADM5_CONFIG_IPROP_ENABLED; } + } - if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE, - KRB5_CONF_IPROP_LOGFILE, NULL)) { - if (params.mask & KADM5_CONFIG_DBNAME) { - if (asprintf(¶ms.iprop_logfile, "%s.ulog", params.dbname) >= 0) { - params.mask |= KADM5_CONFIG_IPROP_LOGFILE; - } + if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE, + KRB5_CONF_IPROP_LOGFILE, NULL)) { + if (params.mask & KADM5_CONFIG_DBNAME) { + if (asprintf(¶ms.iprop_logfile, "%s.ulog", params.dbname) >= 0) { + params.mask |= KADM5_CONFIG_IPROP_LOGFILE; } } + } - GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT, - KRB5_CONF_IPROP_PORT, 0); + GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT, + KRB5_CONF_IPROP_PORT, 0); - hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE; + hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE; - params.iprop_ulogsize = DEF_ULOGENTRIES; - params.mask |= KADM5_CONFIG_ULOG_SIZE; + params.iprop_ulogsize = DEF_ULOGENTRIES; + params.mask |= KADM5_CONFIG_ULOG_SIZE; - if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) { - params.mask |= KADM5_CONFIG_ULOG_SIZE; - params.iprop_ulogsize = params_in->iprop_ulogsize; - } else { - if (aprofile && !krb5_aprof_get_int32(aprofile, hierarchy, - TRUE, &ivalue)) { - if (ivalue > MAX_ULOGENTRIES) - params.iprop_ulogsize = MAX_ULOGENTRIES; - else if (ivalue <= 0) - params.iprop_ulogsize = DEF_ULOGENTRIES; - else - params.iprop_ulogsize = ivalue; - params.mask |= KADM5_CONFIG_ULOG_SIZE; - } + if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) { + params.mask |= KADM5_CONFIG_ULOG_SIZE; + params.iprop_ulogsize = params_in->iprop_ulogsize; + } else { + if (aprofile && !krb5_aprof_get_int32(aprofile, hierarchy, + TRUE, &ivalue)) { + if (ivalue > MAX_ULOGENTRIES) + params.iprop_ulogsize = MAX_ULOGENTRIES; + else if (ivalue <= 0) + params.iprop_ulogsize = DEF_ULOGENTRIES; + else + params.iprop_ulogsize = ivalue; + params.mask |= KADM5_CONFIG_ULOG_SIZE; } + } - GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME, - KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */ + GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME, + KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */ *params_out = params; - + cleanup: if (aprofile) krb5_aprof_finish(aprofile); if (kret) { - kadm5_free_config_params(context, ¶ms); - params_out->mask = 0; + kadm5_free_config_params(context, ¶ms); + params_out->mask = 0; } return(kret); } @@ -922,7 +923,7 @@ krb5_read_realm_params(kcontext, realm, rparamp) char *kdcenv = 0; char *no_refrls = 0; char *host_based_srvcs = 0; - + krb5_error_code kret; @@ -944,7 +945,7 @@ krb5_read_realm_params(kcontext, realm, rparamp) kret = krb5_aprof_init(filename, envname, &aprofile); if (kret) goto cleanup; - + rparams = (krb5_realm_params *) malloc(sizeof(krb5_realm_params)); if (rparams == 0) { kret = ENOMEM; @@ -961,7 +962,7 @@ krb5_read_realm_params(kcontext, realm, rparamp) hierarchy[3] = (char *) NULL; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_dbname = svalue; - + /* Get the value for the KDC port list */ hierarchy[2] = KRB5_CONF_KDC_PORTS; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) @@ -974,19 +975,19 @@ krb5_read_realm_params(kcontext, realm, rparamp) hierarchy[2] = KRB5_CONF_ACL_FILE; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_acl_file = svalue; - + /* Get the value for the kadmind port */ hierarchy[2] = KRB5_CONF_KADMIND_PORT; if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) { rparams->realm_kadmind_port = ivalue; rparams->realm_kadmind_port_valid = 1; } - + /* Get the value for the master key name */ hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_mkey_name = svalue; - + /* Get the value for the master key type */ hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { @@ -994,26 +995,26 @@ krb5_read_realm_params(kcontext, realm, rparamp) rparams->realm_enctype_valid = 1; free(svalue); } - + /* Get the value for the stashfile */ hierarchy[2] = KRB5_CONF_KEY_STASH_FILE; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_stash_file = svalue; - + /* Get the value for maximum ticket lifetime. */ hierarchy[2] = KRB5_CONF_MAX_LIFE; if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { rparams->realm_max_life = dtvalue; rparams->realm_max_life_valid = 1; } - + /* Get the value for maximum renewable ticket lifetime. */ hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE; if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { rparams->realm_max_rlife = dtvalue; rparams->realm_max_rlife_valid = 1; } - + /* Get the value for the default principal expiration */ hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { @@ -1030,10 +1031,10 @@ krb5_read_realm_params(kcontext, realm, rparamp) } hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL; - if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls)) - rparams->realm_no_host_referral = no_refrls; - else - no_refrls = 0; + if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls)) + rparams->realm_no_host_referral = no_refrls; + else + no_refrls = 0; if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES; @@ -1117,8 +1118,8 @@ krb5_free_realm_params(kcontext, rparams) } return(0); } -/* - * match_config_pattern - +/* + * match_config_pattern - * returns TRUE is the pattern is found in the attr's list of values. * Otherwise - FALSE. * In conf file the values are separates by commas or whitespaces. @@ -1129,17 +1130,14 @@ krb5_match_config_pattern(const char *string, const char *pattern) const char *ptr; char next = '\0'; int len = strlen(pattern); - + for (ptr = strstr(string,pattern); ptr != 0; ptr = strstr(ptr+len,pattern)) { - if (ptr == string || isspace(*(ptr-1)) || *(ptr-1) ==',') { - next = *(ptr + len); - if (next == '\0' || isspace(next) || next ==',') { - return TRUE; - } - } + if (ptr == string || isspace(*(ptr-1)) || *(ptr-1) ==',') { + next = *(ptr + len); + if (next == '\0' || isspace(next) || next ==',') { + return TRUE; + } + } } return FALSE; } - - - diff --git a/src/lib/kadm5/chpass_util.c b/src/lib/kadm5/chpass_util.c index e1fbb58..9e8111b 100644 --- a/src/lib/kadm5/chpass_util.c +++ b/src/lib/kadm5/chpass_util.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. */ @@ -25,234 +26,234 @@ * * Arguments: * - * princ (input) a krb5b_principal structure for the + * princ (input) a krb5b_principal structure for the * principal whose password we should change. * - * new_password (input) NULL or a null terminated string with the + * new_password (input) NULL or a null terminated string with the * the principal's desired new password. If new_password * is NULL then this routine will read a new password. - * - * pw_ret (output) if non-NULL, points to a static buffer - * containing the new password (if password is prompted - * internally), or to the new_password argument (if - * that is non-NULL). If the former, then the buffer - * is only valid until the next call to the function, - * and the caller should be sure to zero it when - * it is no longer needed. + * + * pw_ret (output) if non-NULL, points to a static buffer + * containing the new password (if password is prompted + * internally), or to the new_password argument (if + * that is non-NULL). If the former, then the buffer + * is only valid until the next call to the function, + * and the caller should be sure to zero it when + * it is no longer needed. * * msg_ret (output) a useful message is copied here. * - * <return value> exit status of 0 for success, else the com err code + * <return value> exit status of 0 for success, else the com err code * for the last significant routine called. - * + * * Requires: - * + * * A msg_ret should point to a buffer large enough for the messasge. * * Effects: - * + * * Modifies: * * */ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, - void *lhandle, - krb5_principal princ, - char *new_pw, - char **ret_pw, - char *msg_ret, - unsigned int msg_len) + void *lhandle, + krb5_principal princ, + char *new_pw, + char **ret_pw, + char *msg_ret, + unsigned int msg_len) { - int code, code2; - unsigned int pwsize; - static char buffer[255]; - char *new_password; - kadm5_principal_ent_rec princ_ent; - kadm5_policy_ent_rec policy_ent; - - _KADM5_CHECK_HANDLE(server_handle); - - if (ret_pw) - *ret_pw = NULL; - - if (new_pw != NULL) { - new_password = new_pw; - } else { /* read the password */ - krb5_context context; - - if ((code = (int) kadm5_init_krb5_context(&context)) == 0) { - pwsize = sizeof(buffer); - code = krb5_read_password(context, KADM5_PW_FIRST_PROMPT, - KADM5_PW_SECOND_PROMPT, - buffer, &pwsize); - krb5_free_context(context); + int code, code2; + unsigned int pwsize; + static char buffer[255]; + char *new_password; + kadm5_principal_ent_rec princ_ent; + kadm5_policy_ent_rec policy_ent; + + _KADM5_CHECK_HANDLE(server_handle); + + if (ret_pw) + *ret_pw = NULL; + + if (new_pw != NULL) { + new_password = new_pw; + } else { /* read the password */ + krb5_context context; + + if ((code = (int) kadm5_init_krb5_context(&context)) == 0) { + pwsize = sizeof(buffer); + code = krb5_read_password(context, KADM5_PW_FIRST_PROMPT, + KADM5_PW_SECOND_PROMPT, + buffer, &pwsize); + krb5_free_context(context); + } + + if (code == 0) + new_password = buffer; + else { +#ifdef ZEROPASSWD + memset(buffer, 0, sizeof(buffer)); +#endif + if (code == KRB5_LIBOS_BADPWDMATCH) { + strncpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH), + msg_len - 1); + msg_ret[msg_len - 1] = '\0'; + return(code); + } else { + strncpy(msg_ret, error_message(code), msg_len - 1); + strncat(msg_ret, " ", msg_len - 1); + strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_READING_PASSWORD), + msg_len - 1); + strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), + msg_len - 1); + msg_ret[msg_len - 1] = '\0'; + return(code); + } + } + if (pwsize == 0) { +#ifdef ZEROPASSWD + memset(buffer, 0, sizeof(buffer)); +#endif + strncpy(msg_ret, string_text(CHPASS_UTIL_NO_PASSWORD_READ), msg_len - 1); + msg_ret[msg_len - 1] = '\0'; + return(KRB5_LIBOS_CANTREADPWD); /* could do better */ + } } - if (code == 0) - new_password = buffer; - else { -#ifdef ZEROPASSWD - memset(buffer, 0, sizeof(buffer)); -#endif - if (code == KRB5_LIBOS_BADPWDMATCH) { - strncpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH), - msg_len - 1); - msg_ret[msg_len - 1] = '\0'; - return(code); - } else { - strncpy(msg_ret, error_message(code), msg_len - 1); - strncat(msg_ret, " ", msg_len - 1); - strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_READING_PASSWORD), - msg_len - 1); - strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - msg_len - 1); - msg_ret[msg_len - 1] = '\0'; - return(code); - } + if (ret_pw) + *ret_pw = new_password; + + code = kadm5_chpass_principal(server_handle, princ, new_password); + +#ifdef ZEROPASSWD + if (!ret_pw) + memset(buffer, 0, sizeof(buffer)); /* in case we read a new password */ +#endif + + if (code == KADM5_OK) { + strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_CHANGED), msg_len - 1); + msg_ret[msg_len - 1] = '\0'; + return(0); + } + + if ((code != KADM5_PASS_Q_TOOSHORT) && + (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) && + (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) { + /* Can't get more info for other errors */ + snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), + string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); + snprintf(msg_ret, msg_len, "%s\n%s\n", + string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), + buffer); + return(code); } - if (pwsize == 0) { -#ifdef ZEROPASSWD - memset(buffer, 0, sizeof(buffer)); -#endif - strncpy(msg_ret, string_text(CHPASS_UTIL_NO_PASSWORD_READ), msg_len - 1); - msg_ret[msg_len - 1] = '\0'; - return(KRB5_LIBOS_CANTREADPWD); /* could do better */ + + /* Ok, we have a password quality error. Return a good message */ + + if (code == KADM5_PASS_REUSE) { + strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_REUSE), msg_len - 1); + msg_ret[msg_len - 1] = '\0'; + return(code); } - } - if (ret_pw) - *ret_pw = new_password; + if (code == KADM5_PASS_Q_DICT) { + strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_IN_DICTIONARY), + msg_len - 1); + msg_ret[msg_len - 1] = '\0'; + return(code); + } - code = kadm5_chpass_principal(server_handle, princ, new_password); + /* Look up policy for the remaining messages */ -#ifdef ZEROPASSWD - if (!ret_pw) - memset(buffer, 0, sizeof(buffer)); /* in case we read a new password */ -#endif - - if (code == KADM5_OK) { - strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_CHANGED), msg_len - 1); - msg_ret[msg_len - 1] = '\0'; - return(0); - } - - if ((code != KADM5_PASS_Q_TOOSHORT) && - (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) && - (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) { - /* Can't get more info for other errors */ - snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), - string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); - snprintf(msg_ret, msg_len, "%s\n%s\n", - string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - buffer); - return(code); - } - - /* Ok, we have a password quality error. Return a good message */ - - if (code == KADM5_PASS_REUSE) { - strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_REUSE), msg_len - 1); - msg_ret[msg_len - 1] = '\0'; - return(code); - } + code2 = kadm5_get_principal (lhandle, princ, &princ_ent, + KADM5_PRINCIPAL_NORMAL_MASK); + if (code2 != 0) { + strncpy(msg_ret, error_message(code2), msg_len - 1); + strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, string_text(CHPASS_UTIL_GET_PRINC_INFO), msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE), + msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), + msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret)); + msg_ret[msg_len - 1] = '\0'; + return(code); + } - if (code == KADM5_PASS_Q_DICT) { - strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_IN_DICTIONARY), - msg_len - 1); - msg_ret[msg_len - 1] = '\0'; - return(code); - } - - /* Look up policy for the remaining messages */ - - code2 = kadm5_get_principal (lhandle, princ, &princ_ent, - KADM5_PRINCIPAL_NORMAL_MASK); - if (code2 != 0) { - strncpy(msg_ret, error_message(code2), msg_len - 1); - strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, string_text(CHPASS_UTIL_GET_PRINC_INFO), msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE), - msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret)); - msg_ret[msg_len - 1] = '\0'; - return(code); - } - - if ((princ_ent.aux_attributes & KADM5_POLICY) == 0) { - strncpy(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret)); - strncpy(msg_ret, string_text(CHPASS_UTIL_NO_POLICY_YET_Q_ERROR), - msg_len - 1 - strlen(msg_ret)); - strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret)); - strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - msg_len - 1 - strlen(msg_ret)); - msg_ret[msg_len - 1] = '\0'; + if ((princ_ent.aux_attributes & KADM5_POLICY) == 0) { + strncpy(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret)); + strncpy(msg_ret, string_text(CHPASS_UTIL_NO_POLICY_YET_Q_ERROR), + msg_len - 1 - strlen(msg_ret)); + strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret)); + strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), + msg_len - 1 - strlen(msg_ret)); + msg_ret[msg_len - 1] = '\0'; - (void) kadm5_free_principal_ent(lhandle, &princ_ent); - return(code); - } - - code2 = kadm5_get_policy(lhandle, princ_ent.policy, - &policy_ent); - if (code2 != 0) { - snprintf(msg_ret, msg_len, "%s %s\n%s %s\n\n%s\n ", error_message(code2), - string_text(CHPASS_UTIL_GET_POLICY_INFO), - error_message(code), - string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE), - string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED)); - (void) kadm5_free_principal_ent(lhandle, &princ_ent); - return(code); - } - - if (code == KADM5_PASS_Q_TOOSHORT) { - snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT), - policy_ent.pw_min_length); - (void) kadm5_free_principal_ent(lhandle, &princ_ent); - (void) kadm5_free_policy_ent(lhandle, &policy_ent); - return(code); - } + (void) kadm5_free_principal_ent(lhandle, &princ_ent); + return(code); + } + + code2 = kadm5_get_policy(lhandle, princ_ent.policy, + &policy_ent); + if (code2 != 0) { + snprintf(msg_ret, msg_len, "%s %s\n%s %s\n\n%s\n ", error_message(code2), + string_text(CHPASS_UTIL_GET_POLICY_INFO), + error_message(code), + string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE), + string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED)); + (void) kadm5_free_principal_ent(lhandle, &princ_ent); + return(code); + } + + if (code == KADM5_PASS_Q_TOOSHORT) { + snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT), + policy_ent.pw_min_length); + (void) kadm5_free_principal_ent(lhandle, &princ_ent); + (void) kadm5_free_policy_ent(lhandle, &policy_ent); + return(code); + } /* Can't get more info for other errors */ - if (code == KADM5_PASS_Q_CLASS) { - snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_TOO_FEW_CLASSES), - policy_ent.pw_min_classes); - (void) kadm5_free_principal_ent(lhandle, &princ_ent); - (void) kadm5_free_policy_ent(lhandle, &policy_ent); - return(code); - } + if (code == KADM5_PASS_Q_CLASS) { + snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_TOO_FEW_CLASSES), + policy_ent.pw_min_classes); + (void) kadm5_free_principal_ent(lhandle, &princ_ent); + (void) kadm5_free_policy_ent(lhandle, &policy_ent); + return(code); + } - if (code == KADM5_PASS_TOOSOON) { - time_t until; - char *time_string, *ptr; + if (code == KADM5_PASS_TOOSOON) { + time_t until; + char *time_string, *ptr; - until = princ_ent.last_pwd_change + policy_ent.pw_min_life; + until = princ_ent.last_pwd_change + policy_ent.pw_min_life; - time_string = ctime(&until); - if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') - *ptr = '\0'; + time_string = ctime(&until); + if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') + *ptr = '\0'; + + snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON), + time_string); + (void) kadm5_free_principal_ent(lhandle, &princ_ent); + (void) kadm5_free_policy_ent(lhandle, &policy_ent); + return(code); + } - snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON), - time_string); + /* We should never get here, but just in case ... */ + snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), + string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); + snprintf(msg_ret, msg_len, "%s\n%s\n", + string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), + buffer); (void) kadm5_free_principal_ent(lhandle, &princ_ent); (void) kadm5_free_policy_ent(lhandle, &policy_ent); return(code); - } - - /* We should never get here, but just in case ... */ - snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), - string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); - snprintf(msg_ret, msg_len, "%s\n%s\n", - string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - buffer); - (void) kadm5_free_principal_ent(lhandle, &princ_ent); - (void) kadm5_free_policy_ent(lhandle, &policy_ent); - return(code); } diff --git a/src/lib/kadm5/clnt/client_handle.c b/src/lib/kadm5/clnt/client_handle.c index 895777a..48b7670 100644 --- a/src/lib/kadm5/clnt/client_handle.c +++ b/src/lib/kadm5/clnt/client_handle.c @@ -1,9 +1,10 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <krb5.h> #include <kadm5/admin.h> #include "client_internal.h" int _kadm5_check_handle(void *handle) { - CHECK_HANDLE(handle); - return 0; + CHECK_HANDLE(handle); + return 0; } diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index 0b817b8..99e8e15 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -1,17 +1,18 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -56,349 +57,349 @@ #include <gssapi/gssapi_krb5.h> #include <gssrpc/auth_gssapi.h> -#define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX" +#define ADM_CCACHE "/tmp/ovsec_adm.XXXXXX" enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS }; static kadm5_ret_t _kadm5_init_any(krb5_context context, - char *client_name, - enum init_type init_type, - char *pass, - krb5_ccache ccache_in, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle); + char *client_name, + enum init_type init_type, + char *pass, + krb5_ccache ccache_in, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle); static kadm5_ret_t kadm5_get_init_creds(kadm5_server_handle_t handle, - char *client_name, enum init_type init_type, - char *pass, krb5_ccache ccache_in, - char *svcname_in, char *realm, - char *full_svcname, unsigned int full_svcname_len); + char *client_name, enum init_type init_type, + char *pass, krb5_ccache ccache_in, + char *svcname_in, char *realm, + char *full_svcname, unsigned int full_svcname_len); static kadm5_ret_t kadm5_gic_iter(kadm5_server_handle_t handle, - enum init_type init_type, - krb5_ccache ccache, - krb5_principal client, char *pass, - char *svcname, char *realm, - char *full_svcname, unsigned int full_svcname_len); + enum init_type init_type, + krb5_ccache ccache, + krb5_principal client, char *pass, + char *svcname, char *realm, + char *full_svcname, unsigned int full_svcname_len); static kadm5_ret_t kadm5_setup_gss(kadm5_server_handle_t handle, - kadm5_config_params *params_in, - char *client_name, char *full_svcname); + kadm5_config_params *params_in, + char *client_name, char *full_svcname); static void kadm5_rpc_auth(kadm5_server_handle_t handle, - kadm5_config_params *params_in, - gss_cred_id_t gss_client_creds, - gss_name_t gss_target); + kadm5_config_params *params_in, + gss_cred_id_t gss_client_creds, + gss_name_t gss_target); kadm5_ret_t kadm5_init_with_creds(krb5_context context, - char *client_name, - krb5_ccache ccache, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *client_name, + krb5_ccache ccache, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { - return _kadm5_init_any(context, client_name, INIT_CREDS, NULL, ccache, - service_name, params, - struct_version, api_version, db_args, - server_handle); + return _kadm5_init_any(context, client_name, INIT_CREDS, NULL, ccache, + service_name, params, + struct_version, api_version, db_args, + server_handle); } kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, - char *pass, char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *pass, char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { - return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL, - service_name, params, struct_version, - api_version, db_args, server_handle); + return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL, + service_name, params, struct_version, + api_version, db_args, server_handle); } kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { - return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL, - service_name, params, struct_version, - api_version, db_args, server_handle); + return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL, + service_name, params, struct_version, + api_version, db_args, server_handle); } kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name, - char *keytab, char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *keytab, char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { - return _kadm5_init_any(context, client_name, INIT_SKEY, keytab, NULL, - service_name, params, struct_version, - api_version, db_args, server_handle); + return _kadm5_init_any(context, client_name, INIT_SKEY, keytab, NULL, + service_name, params, struct_version, + api_version, db_args, server_handle); } static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name, - enum init_type init_type, - char *pass, - krb5_ccache ccache_in, - char *service_name, - kadm5_config_params *params_in, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + enum init_type init_type, + char *pass, + krb5_ccache ccache_in, + char *service_name, + kadm5_config_params *params_in, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { - struct sockaddr_in addr; - struct hostent *hp; - int fd; - - char *iprop_svc; - int iprop_enable = 0; - char full_svcname[BUFSIZ]; - char *realm; - - kadm5_server_handle_t handle; - kadm5_config_params params_local; - - int code = 0; - generic_ret *r; - - initialize_ovk_error_table(); + struct sockaddr_in addr; + struct hostent *hp; + int fd; + + char *iprop_svc; + int iprop_enable = 0; + char full_svcname[BUFSIZ]; + char *realm; + + kadm5_server_handle_t handle; + kadm5_config_params params_local; + + int code = 0; + generic_ret *r; + + initialize_ovk_error_table(); /* initialize_adb_error_table(); */ - initialize_ovku_error_table(); - - if (! server_handle) { - return EINVAL; - } - - if (! (handle = malloc(sizeof(*handle)))) { - return ENOMEM; - } - memset(handle, 0, sizeof(*handle)); - if (! (handle->lhandle = malloc(sizeof(*handle)))) { - free(handle); - return ENOMEM; - } - - handle->magic_number = KADM5_SERVER_HANDLE_MAGIC; - handle->struct_version = struct_version; - handle->api_version = api_version; - handle->clnt = 0; - handle->cache_name = 0; - handle->destroy_cache = 0; - handle->context = 0; - *handle->lhandle = *handle; - handle->lhandle->api_version = KADM5_API_VERSION_3; - handle->lhandle->struct_version = KADM5_STRUCT_VERSION; - handle->lhandle->lhandle = handle->lhandle; - - handle->context = context; - - if(client_name == NULL) { - free(handle); - return EINVAL; - } - - /* - * Verify the version numbers before proceeding; we can't use - * CHECK_HANDLE because not all fields are set yet. - */ - GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, - KADM5_NEW_LIB_API_VERSION); - - /* - * Acquire relevant profile entries. In version 2, merge values - * in params_in with values from profile, based on - * params_in->mask. - * - * In version 1, we've given a realm (which may be NULL) instead - * of params_in. So use that realm, make params_in contain an - * empty mask, and behave like version 2. - */ - memset(¶ms_local, 0, sizeof(params_local)); - if (params_in && (params_in->mask & KADM5_CONFIG_REALM)) - realm = params_in->realm; - else - realm = NULL; + initialize_ovku_error_table(); + + if (! server_handle) { + return EINVAL; + } + + if (! (handle = malloc(sizeof(*handle)))) { + return ENOMEM; + } + memset(handle, 0, sizeof(*handle)); + if (! (handle->lhandle = malloc(sizeof(*handle)))) { + free(handle); + return ENOMEM; + } + + handle->magic_number = KADM5_SERVER_HANDLE_MAGIC; + handle->struct_version = struct_version; + handle->api_version = api_version; + handle->clnt = 0; + handle->cache_name = 0; + handle->destroy_cache = 0; + handle->context = 0; + *handle->lhandle = *handle; + handle->lhandle->api_version = KADM5_API_VERSION_3; + handle->lhandle->struct_version = KADM5_STRUCT_VERSION; + handle->lhandle->lhandle = handle->lhandle; + + handle->context = context; + + if(client_name == NULL) { + free(handle); + return EINVAL; + } + + /* + * Verify the version numbers before proceeding; we can't use + * CHECK_HANDLE because not all fields are set yet. + */ + GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, + KADM5_NEW_LIB_API_VERSION); + + /* + * Acquire relevant profile entries. In version 2, merge values + * in params_in with values from profile, based on + * params_in->mask. + * + * In version 1, we've given a realm (which may be NULL) instead + * of params_in. So use that realm, make params_in contain an + * empty mask, and behave like version 2. + */ + memset(¶ms_local, 0, sizeof(params_local)); + if (params_in && (params_in->mask & KADM5_CONFIG_REALM)) + realm = params_in->realm; + else + realm = NULL; #if 0 /* Since KDC config params can now be put in krb5.conf, these - could show up even when you're just using the remote kadmin - client. */ -#define ILLEGAL_PARAMS (KADM5_CONFIG_DBNAME | KADM5_CONFIG_ADBNAME | \ - KADM5_CONFIG_ADB_LOCKFILE | \ - KADM5_CONFIG_ACL_FILE | KADM5_CONFIG_DICT_FILE \ - | KADM5_CONFIG_ADMIN_KEYTAB | \ - KADM5_CONFIG_STASH_FILE | \ - KADM5_CONFIG_MKEY_NAME | KADM5_CONFIG_ENCTYPE \ - | KADM5_CONFIG_MAX_LIFE | \ - KADM5_CONFIG_MAX_RLIFE | \ - KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_FLAGS | \ - KADM5_CONFIG_ENCTYPES | KADM5_CONFIG_MKEY_FROM_KBD) - - if (params_in && params_in->mask & ILLEGAL_PARAMS) { - free(handle); - return KADM5_BAD_CLIENT_PARAMS; - } + could show up even when you're just using the remote kadmin + client. */ +#define ILLEGAL_PARAMS (KADM5_CONFIG_DBNAME | KADM5_CONFIG_ADBNAME | \ + KADM5_CONFIG_ADB_LOCKFILE | \ + KADM5_CONFIG_ACL_FILE | KADM5_CONFIG_DICT_FILE \ + | KADM5_CONFIG_ADMIN_KEYTAB | \ + KADM5_CONFIG_STASH_FILE | \ + KADM5_CONFIG_MKEY_NAME | KADM5_CONFIG_ENCTYPE \ + | KADM5_CONFIG_MAX_LIFE | \ + KADM5_CONFIG_MAX_RLIFE | \ + KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_FLAGS | \ + KADM5_CONFIG_ENCTYPES | KADM5_CONFIG_MKEY_FROM_KBD) + + if (params_in && params_in->mask & ILLEGAL_PARAMS) { + free(handle); + return KADM5_BAD_CLIENT_PARAMS; + } #endif - if ((code = kadm5_get_config_params(handle->context, 0, - params_in, &handle->params))) { - free(handle); - return(code); - } - -#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | \ - KADM5_CONFIG_ADMIN_SERVER | \ - KADM5_CONFIG_KADMIND_PORT) - - if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { - free(handle); - return KADM5_MISSING_KRB5_CONF_PARAMS; - } - - /* - * Get credentials. Also does some fallbacks in case kadmin/fqdn - * principal doesn't exist. - */ - code = kadm5_get_init_creds(handle, client_name, init_type, pass, - ccache_in, service_name, realm, - full_svcname, sizeof(full_svcname)); - if (code) - goto error; - /* - * We have ticket; open the RPC connection. - */ - - hp = gethostbyname(handle->params.admin_server); - if (hp == (struct hostent *) NULL) { - code = KADM5_BAD_SERVER_NAME; - goto cleanup; - } - - /* - * If the service_name and client_name are iprop-centric, - * we need to clnttcp_create to the appropriate RPC prog. - */ - iprop_svc = strdup(KIPROP_SVC_NAME); - if (iprop_svc == NULL) - return ENOMEM; - - if (service_name != NULL && - (strstr(service_name, iprop_svc) != NULL) && - (strstr(client_name, iprop_svc) != NULL)) - iprop_enable = 1; - else - iprop_enable = 0; - - memset(&addr, 0, sizeof(addr)); - addr.sin_family = hp->h_addrtype; - (void) memcpy(&addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr)); - if (iprop_enable) - addr.sin_port = htons((u_short) handle->params.iprop_port); - else - addr.sin_port = htons((u_short) handle->params.kadmind_port); - - fd = RPC_ANYSOCK; - - if (iprop_enable) { - handle->clnt = clnttcp_create(&addr, KRB5_IPROP_PROG, KRB5_IPROP_VERS, - &fd, 0, 0); - } else - handle->clnt = clnttcp_create(&addr, KADM, KADMVERS, &fd, 0, 0); - if (handle->clnt == NULL) { - code = KADM5_RPC_ERROR; + if ((code = kadm5_get_config_params(handle->context, 0, + params_in, &handle->params))) { + free(handle); + return(code); + } + +#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | \ + KADM5_CONFIG_ADMIN_SERVER | \ + KADM5_CONFIG_KADMIND_PORT) + + if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { + free(handle); + return KADM5_MISSING_KRB5_CONF_PARAMS; + } + + /* + * Get credentials. Also does some fallbacks in case kadmin/fqdn + * principal doesn't exist. + */ + code = kadm5_get_init_creds(handle, client_name, init_type, pass, + ccache_in, service_name, realm, + full_svcname, sizeof(full_svcname)); + if (code) + goto error; + /* + * We have ticket; open the RPC connection. + */ + + hp = gethostbyname(handle->params.admin_server); + if (hp == (struct hostent *) NULL) { + code = KADM5_BAD_SERVER_NAME; + goto cleanup; + } + + /* + * If the service_name and client_name are iprop-centric, + * we need to clnttcp_create to the appropriate RPC prog. + */ + iprop_svc = strdup(KIPROP_SVC_NAME); + if (iprop_svc == NULL) + return ENOMEM; + + if (service_name != NULL && + (strstr(service_name, iprop_svc) != NULL) && + (strstr(client_name, iprop_svc) != NULL)) + iprop_enable = 1; + else + iprop_enable = 0; + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = hp->h_addrtype; + (void) memcpy(&addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr)); + if (iprop_enable) + addr.sin_port = htons((u_short) handle->params.iprop_port); + else + addr.sin_port = htons((u_short) handle->params.kadmind_port); + + fd = RPC_ANYSOCK; + + if (iprop_enable) { + handle->clnt = clnttcp_create(&addr, KRB5_IPROP_PROG, KRB5_IPROP_VERS, + &fd, 0, 0); + } else + handle->clnt = clnttcp_create(&addr, KADM, KADMVERS, &fd, 0, 0); + if (handle->clnt == NULL) { + code = KADM5_RPC_ERROR; #ifdef DEBUG - clnt_pcreateerror("clnttcp_create"); + clnt_pcreateerror("clnttcp_create"); #endif - goto error; - } - handle->lhandle->clnt = handle->clnt; - - /* now that handle->clnt is set, we can check the handle */ - if ((code = _kadm5_check_handle((void *) handle))) - goto error; - - /* - * The RPC connection is open; establish the GSS-API - * authentication context. - */ - code = kadm5_setup_gss(handle, params_in, client_name, full_svcname); - if (code) - goto error; - - /* - * Bypass the remainder of the code and return straightaway - * if the gss service requested is kiprop - */ - if (iprop_enable == 1) { - code = 0; - *server_handle = (void *) handle; - goto cleanup; - } - - r = init_2(&handle->api_version, handle->clnt); - if (r == NULL) { - code = KADM5_RPC_ERROR; + goto error; + } + handle->lhandle->clnt = handle->clnt; + + /* now that handle->clnt is set, we can check the handle */ + if ((code = _kadm5_check_handle((void *) handle))) + goto error; + + /* + * The RPC connection is open; establish the GSS-API + * authentication context. + */ + code = kadm5_setup_gss(handle, params_in, client_name, full_svcname); + if (code) + goto error; + + /* + * Bypass the remainder of the code and return straightaway + * if the gss service requested is kiprop + */ + if (iprop_enable == 1) { + code = 0; + *server_handle = (void *) handle; + goto cleanup; + } + + r = init_2(&handle->api_version, handle->clnt); + if (r == NULL) { + code = KADM5_RPC_ERROR; #ifdef DEBUG - clnt_perror(handle->clnt, "init_2 null resp"); + clnt_perror(handle->clnt, "init_2 null resp"); #endif - goto error; - } - /* Drop down to v2 wire protocol if server does not support v3 */ - if (r->code == KADM5_NEW_SERVER_API_VERSION && - handle->api_version == KADM5_API_VERSION_3) { - handle->api_version = KADM5_API_VERSION_2; - r = init_2(&handle->api_version, handle->clnt); - if (r == NULL) { - code = KADM5_RPC_ERROR; - goto error; - } - } - if (r->code) { - code = r->code; - goto error; - } - - *server_handle = (void *) handle; - - goto cleanup; + goto error; + } + /* Drop down to v2 wire protocol if server does not support v3 */ + if (r->code == KADM5_NEW_SERVER_API_VERSION && + handle->api_version == KADM5_API_VERSION_3) { + handle->api_version = KADM5_API_VERSION_2; + r = init_2(&handle->api_version, handle->clnt); + if (r == NULL) { + code = KADM5_RPC_ERROR; + goto error; + } + } + if (r->code) { + code = r->code; + goto error; + } + + *server_handle = (void *) handle; + + goto cleanup; error: - /* - * Note that it is illegal for this code to execute if "handle" - * has not been allocated and initialized. I.e., don't use "goto - * error" before the block of code at the top of the function - * that allocates and initializes "handle". - */ - if (handle->cache_name) - free(handle->cache_name); - if(handle->clnt && handle->clnt->cl_auth) - AUTH_DESTROY(handle->clnt->cl_auth); - if(handle->clnt) - clnt_destroy(handle->clnt); + /* + * Note that it is illegal for this code to execute if "handle" + * has not been allocated and initialized. I.e., don't use "goto + * error" before the block of code at the top of the function + * that allocates and initializes "handle". + */ + if (handle->cache_name) + free(handle->cache_name); + if(handle->clnt && handle->clnt->cl_auth) + AUTH_DESTROY(handle->clnt->cl_auth); + if(handle->clnt) + clnt_destroy(handle->clnt); cleanup: - if (code) - free(handle); + if (code) + free(handle); - return code; + return code; } /* @@ -409,91 +410,91 @@ cleanup: */ static kadm5_ret_t kadm5_get_init_creds(kadm5_server_handle_t handle, - char *client_name, enum init_type init_type, - char *pass, krb5_ccache ccache_in, - char *svcname_in, char *realm, - char *full_svcname, unsigned int full_svcname_len) + char *client_name, enum init_type init_type, + char *pass, krb5_ccache ccache_in, + char *svcname_in, char *realm, + char *full_svcname, unsigned int full_svcname_len) { - kadm5_ret_t code; - krb5_principal client; - krb5_ccache ccache; - char svcname[BUFSIZ]; - - client = NULL; - ccache = NULL; - /* NULL svcname means use host-based. */ - if (svcname_in == NULL) { - code = kadm5_get_admin_service_name(handle->context, - handle->params.realm, - svcname, sizeof(svcname)); - if (code) { - code = KADM5_MISSING_KRB5_CONF_PARAMS; - goto error; - } - } else { - strncpy(svcname, svcname_in, sizeof(svcname)); - svcname[sizeof(svcname)-1] = '\0'; - } - /* - * Acquire a service ticket for svcname@realm in the name of - * client_name, using password pass (which could be NULL), and - * create a ccache to store them in. If INIT_CREDS, use the - * ccache we were provided instead. - */ - code = krb5_parse_name(handle->context, client_name, &client); - if (code) - goto error; - - if (init_type == INIT_CREDS) { - ccache = ccache_in; - if (asprintf(&handle->cache_name, "%s:%s", - krb5_cc_get_type(handle->context, ccache), - krb5_cc_get_name(handle->context, ccache)) < 0) { - handle->cache_name = NULL; - code = ENOMEM; - goto error; - } - } else { - static int counter = 0; - - if (asprintf(&handle->cache_name, "MEMORY:kadm5_%u", counter++) < 0) { - handle->cache_name = NULL; - code = ENOMEM; - goto error; - } - code = krb5_cc_resolve(handle->context, handle->cache_name, - &ccache); - if (code) - goto error; - - code = krb5_cc_initialize (handle->context, ccache, client); - if (code) - goto error; - - handle->destroy_cache = 1; - } - handle->lhandle->cache_name = handle->cache_name; - - code = kadm5_gic_iter(handle, init_type, ccache, - client, pass, svcname, realm, - full_svcname, full_svcname_len); - if ((code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN - || code == KRB5_CC_NOTFOUND) && svcname_in == NULL) { - /* Retry with old host-independent service princpal. */ - code = kadm5_gic_iter(handle, init_type, ccache, - client, pass, - KADM5_ADMIN_SERVICE, realm, - full_svcname, full_svcname_len); - } - /* Improved error messages */ - if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD; - if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) - code = KADM5_SECURE_PRINC_MISSING; + kadm5_ret_t code; + krb5_principal client; + krb5_ccache ccache; + char svcname[BUFSIZ]; + + client = NULL; + ccache = NULL; + /* NULL svcname means use host-based. */ + if (svcname_in == NULL) { + code = kadm5_get_admin_service_name(handle->context, + handle->params.realm, + svcname, sizeof(svcname)); + if (code) { + code = KADM5_MISSING_KRB5_CONF_PARAMS; + goto error; + } + } else { + strncpy(svcname, svcname_in, sizeof(svcname)); + svcname[sizeof(svcname)-1] = '\0'; + } + /* + * Acquire a service ticket for svcname@realm in the name of + * client_name, using password pass (which could be NULL), and + * create a ccache to store them in. If INIT_CREDS, use the + * ccache we were provided instead. + */ + code = krb5_parse_name(handle->context, client_name, &client); + if (code) + goto error; + + if (init_type == INIT_CREDS) { + ccache = ccache_in; + if (asprintf(&handle->cache_name, "%s:%s", + krb5_cc_get_type(handle->context, ccache), + krb5_cc_get_name(handle->context, ccache)) < 0) { + handle->cache_name = NULL; + code = ENOMEM; + goto error; + } + } else { + static int counter = 0; + + if (asprintf(&handle->cache_name, "MEMORY:kadm5_%u", counter++) < 0) { + handle->cache_name = NULL; + code = ENOMEM; + goto error; + } + code = krb5_cc_resolve(handle->context, handle->cache_name, + &ccache); + if (code) + goto error; + + code = krb5_cc_initialize (handle->context, ccache, client); + if (code) + goto error; + + handle->destroy_cache = 1; + } + handle->lhandle->cache_name = handle->cache_name; + + code = kadm5_gic_iter(handle, init_type, ccache, + client, pass, svcname, realm, + full_svcname, full_svcname_len); + if ((code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN + || code == KRB5_CC_NOTFOUND) && svcname_in == NULL) { + /* Retry with old host-independent service princpal. */ + code = kadm5_gic_iter(handle, init_type, ccache, + client, pass, + KADM5_ADMIN_SERVICE, realm, + full_svcname, full_svcname_len); + } + /* Improved error messages */ + if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD; + if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) + code = KADM5_SECURE_PRINC_MISSING; error: - if (ccache != NULL && init_type != INIT_CREDS) - krb5_cc_close(handle->context, ccache); - return code; + if (ccache != NULL && init_type != INIT_CREDS) + krb5_cc_close(handle->context, ccache); + return code; } /* @@ -505,87 +506,87 @@ error: */ static kadm5_ret_t kadm5_gic_iter(kadm5_server_handle_t handle, - enum init_type init_type, - krb5_ccache ccache, - krb5_principal client, char *pass, - char *svcname, char *realm, - char *full_svcname, unsigned int full_svcname_len) + enum init_type init_type, + krb5_ccache ccache, + krb5_principal client, char *pass, + char *svcname, char *realm, + char *full_svcname, unsigned int full_svcname_len) { - kadm5_ret_t code; - krb5_context ctx; - krb5_keytab kt; - krb5_get_init_creds_opt opt; - krb5_creds mcreds, outcreds; - int n; - - ctx = handle->context; - kt = NULL; - memset(full_svcname, 0, full_svcname_len); - memset(&opt, 0, sizeof(opt)); - memset(&mcreds, 0, sizeof(mcreds)); - memset(&outcreds, 0, sizeof(outcreds)); - - code = ENOMEM; - if (realm) { - n = snprintf(full_svcname, full_svcname_len, "%s@%s", - svcname, realm); - if (n < 0 || n >= full_svcname_len) - goto error; - } else { - /* krb5_princ_realm(client) is not null terminated */ - n = snprintf(full_svcname, full_svcname_len, "%s@%.*s", - svcname, krb5_princ_realm(ctx, client)->length, - krb5_princ_realm(ctx, client)->data); - if (n < 0 || n >= full_svcname_len) - goto error; - } - - /* Credentials for kadmin don't need to be forwardable or proxiable. */ - if (init_type != INIT_CREDS) { - krb5_get_init_creds_opt_init(&opt); - krb5_get_init_creds_opt_set_forwardable(&opt, 0); - krb5_get_init_creds_opt_set_proxiable(&opt, 0); - } - - if (init_type == INIT_PASS) { - code = krb5_get_init_creds_password(ctx, &outcreds, client, pass, - krb5_prompter_posix, - NULL, 0, - full_svcname, &opt); - if (code) - goto error; - } else if (init_type == INIT_SKEY) { - if (pass) { - code = krb5_kt_resolve(ctx, pass, &kt); - if (code) - goto error; - } - code = krb5_get_init_creds_keytab(ctx, &outcreds, client, kt, - 0, full_svcname, &opt); - if (pass) - krb5_kt_close(ctx, kt); - if (code) - goto error; - } else if (init_type == INIT_CREDS) { - mcreds.client = client; - code = krb5_parse_name(ctx, full_svcname, &mcreds.server); - if (code) - goto error; - code = krb5_cc_retrieve_cred(ctx, ccache, 0, - &mcreds, &outcreds); - krb5_free_principal(ctx, mcreds.server); - if (code) - goto error; - } - if (init_type != INIT_CREDS) { - /* Caller has initialized ccache. */ - code = krb5_cc_store_cred(ctx, ccache, &outcreds); - if (code) - goto error; - } + kadm5_ret_t code; + krb5_context ctx; + krb5_keytab kt; + krb5_get_init_creds_opt opt; + krb5_creds mcreds, outcreds; + int n; + + ctx = handle->context; + kt = NULL; + memset(full_svcname, 0, full_svcname_len); + memset(&opt, 0, sizeof(opt)); + memset(&mcreds, 0, sizeof(mcreds)); + memset(&outcreds, 0, sizeof(outcreds)); + + code = ENOMEM; + if (realm) { + n = snprintf(full_svcname, full_svcname_len, "%s@%s", + svcname, realm); + if (n < 0 || n >= full_svcname_len) + goto error; + } else { + /* krb5_princ_realm(client) is not null terminated */ + n = snprintf(full_svcname, full_svcname_len, "%s@%.*s", + svcname, krb5_princ_realm(ctx, client)->length, + krb5_princ_realm(ctx, client)->data); + if (n < 0 || n >= full_svcname_len) + goto error; + } + + /* Credentials for kadmin don't need to be forwardable or proxiable. */ + if (init_type != INIT_CREDS) { + krb5_get_init_creds_opt_init(&opt); + krb5_get_init_creds_opt_set_forwardable(&opt, 0); + krb5_get_init_creds_opt_set_proxiable(&opt, 0); + } + + if (init_type == INIT_PASS) { + code = krb5_get_init_creds_password(ctx, &outcreds, client, pass, + krb5_prompter_posix, + NULL, 0, + full_svcname, &opt); + if (code) + goto error; + } else if (init_type == INIT_SKEY) { + if (pass) { + code = krb5_kt_resolve(ctx, pass, &kt); + if (code) + goto error; + } + code = krb5_get_init_creds_keytab(ctx, &outcreds, client, kt, + 0, full_svcname, &opt); + if (pass) + krb5_kt_close(ctx, kt); + if (code) + goto error; + } else if (init_type == INIT_CREDS) { + mcreds.client = client; + code = krb5_parse_name(ctx, full_svcname, &mcreds.server); + if (code) + goto error; + code = krb5_cc_retrieve_cred(ctx, ccache, 0, + &mcreds, &outcreds); + krb5_free_principal(ctx, mcreds.server); + if (code) + goto error; + } + if (init_type != INIT_CREDS) { + /* Caller has initialized ccache. */ + code = krb5_cc_store_cred(ctx, ccache, &outcreds); + if (code) + goto error; + } error: - krb5_free_cred_contents(ctx, &outcreds); - return code; + krb5_free_cred_contents(ctx, &outcreds); + return code; } /* @@ -595,138 +596,138 @@ error: */ static kadm5_ret_t kadm5_setup_gss(kadm5_server_handle_t handle, - kadm5_config_params *params_in, - char *client_name, char *full_svcname) + kadm5_config_params *params_in, + char *client_name, char *full_svcname) { - kadm5_ret_t code; - OM_uint32 gssstat, minor_stat; - gss_buffer_desc buf; - gss_name_t gss_client; - gss_name_t gss_target; - gss_cred_id_t gss_client_creds; - const char *c_ccname_orig; - char *ccname_orig; - - code = KADM5_GSS_ERROR; - gss_client_creds = GSS_C_NO_CREDENTIAL; - ccname_orig = NULL; - gss_client = gss_target = GSS_C_NO_NAME; - - /* Temporarily use the kadm5 cache. */ - gssstat = gss_krb5_ccache_name(&minor_stat, handle->cache_name, - &c_ccname_orig); - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; - goto error; - } - if (c_ccname_orig) - ccname_orig = strdup(c_ccname_orig); - else - ccname_orig = 0; - - buf.value = full_svcname; - buf.length = strlen((char *)buf.value) + 1; - gssstat = gss_import_name(&minor_stat, &buf, - (gss_OID) gss_nt_krb5_name, &gss_target); - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; - goto error; - } - - buf.value = client_name; - buf.length = strlen((char *)buf.value) + 1; - gssstat = gss_import_name(&minor_stat, &buf, - (gss_OID) gss_nt_krb5_name, &gss_client); - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; - goto error; - } - - gssstat = gss_acquire_cred(&minor_stat, gss_client, 0, - GSS_C_NULL_OID_SET, GSS_C_INITIATE, - &gss_client_creds, NULL, NULL); - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; + kadm5_ret_t code; + OM_uint32 gssstat, minor_stat; + gss_buffer_desc buf; + gss_name_t gss_client; + gss_name_t gss_target; + gss_cred_id_t gss_client_creds; + const char *c_ccname_orig; + char *ccname_orig; + + code = KADM5_GSS_ERROR; + gss_client_creds = GSS_C_NO_CREDENTIAL; + ccname_orig = NULL; + gss_client = gss_target = GSS_C_NO_NAME; + + /* Temporarily use the kadm5 cache. */ + gssstat = gss_krb5_ccache_name(&minor_stat, handle->cache_name, + &c_ccname_orig); + if (gssstat != GSS_S_COMPLETE) { + code = KADM5_GSS_ERROR; + goto error; + } + if (c_ccname_orig) + ccname_orig = strdup(c_ccname_orig); + else + ccname_orig = 0; + + buf.value = full_svcname; + buf.length = strlen((char *)buf.value) + 1; + gssstat = gss_import_name(&minor_stat, &buf, + (gss_OID) gss_nt_krb5_name, &gss_target); + if (gssstat != GSS_S_COMPLETE) { + code = KADM5_GSS_ERROR; + goto error; + } + + buf.value = client_name; + buf.length = strlen((char *)buf.value) + 1; + gssstat = gss_import_name(&minor_stat, &buf, + (gss_OID) gss_nt_krb5_name, &gss_client); + if (gssstat != GSS_S_COMPLETE) { + code = KADM5_GSS_ERROR; + goto error; + } + + gssstat = gss_acquire_cred(&minor_stat, gss_client, 0, + GSS_C_NULL_OID_SET, GSS_C_INITIATE, + &gss_client_creds, NULL, NULL); + if (gssstat != GSS_S_COMPLETE) { + code = KADM5_GSS_ERROR; #if 0 /* for debugging only */ - { - OM_uint32 maj_status, min_status, message_context = 0; - gss_buffer_desc status_string; - do { - maj_status = gss_display_status(&min_status, - gssstat, - GSS_C_GSS_CODE, - GSS_C_NO_OID, - &message_context, - &status_string); - if (maj_status == GSS_S_COMPLETE) { - fprintf(stderr, "MAJ: %.*s\n", - (int) status_string.length, - (char *)status_string.value); - gss_release_buffer(&min_status, &status_string); - } else { - fprintf(stderr, - "MAJ? gss_display_status returns 0x%lx?!\n", - (unsigned long) maj_status); - message_context = 0; - } - } while (message_context != 0); - do { - maj_status = gss_display_status(&min_status, - minor_stat, - GSS_C_MECH_CODE, - GSS_C_NO_OID, - &message_context, - &status_string); - if (maj_status == GSS_S_COMPLETE) { - fprintf(stderr, "MIN: %.*s\n", - (int) status_string.length, - (char *)status_string.value); - gss_release_buffer(&min_status, &status_string); - } else { - fprintf(stderr, - "MIN? gss_display_status returns 0x%lx?!\n", - (unsigned long) maj_status); - message_context = 0; - } - } while (message_context != 0); - } + { + OM_uint32 maj_status, min_status, message_context = 0; + gss_buffer_desc status_string; + do { + maj_status = gss_display_status(&min_status, + gssstat, + GSS_C_GSS_CODE, + GSS_C_NO_OID, + &message_context, + &status_string); + if (maj_status == GSS_S_COMPLETE) { + fprintf(stderr, "MAJ: %.*s\n", + (int) status_string.length, + (char *)status_string.value); + gss_release_buffer(&min_status, &status_string); + } else { + fprintf(stderr, + "MAJ? gss_display_status returns 0x%lx?!\n", + (unsigned long) maj_status); + message_context = 0; + } + } while (message_context != 0); + do { + maj_status = gss_display_status(&min_status, + minor_stat, + GSS_C_MECH_CODE, + GSS_C_NO_OID, + &message_context, + &status_string); + if (maj_status == GSS_S_COMPLETE) { + fprintf(stderr, "MIN: %.*s\n", + (int) status_string.length, + (char *)status_string.value); + gss_release_buffer(&min_status, &status_string); + } else { + fprintf(stderr, + "MIN? gss_display_status returns 0x%lx?!\n", + (unsigned long) maj_status); + message_context = 0; + } + } while (message_context != 0); + } #endif - goto error; - } + goto error; + } - /* - * Do actual creation of RPC auth handle. Implements auth flavor - * fallback. - */ - kadm5_rpc_auth(handle, params_in, gss_client_creds, gss_target); + /* + * Do actual creation of RPC auth handle. Implements auth flavor + * fallback. + */ + kadm5_rpc_auth(handle, params_in, gss_client_creds, gss_target); error: - if (gss_client_creds != GSS_C_NO_CREDENTIAL) - (void) gss_release_cred(&minor_stat, &gss_client_creds); - - if (gss_client) - gss_release_name(&minor_stat, &gss_client); - if (gss_target) - gss_release_name(&minor_stat, &gss_target); - - /* Revert to prior gss_krb5 ccache. */ - if (ccname_orig) { - gssstat = gss_krb5_ccache_name(&minor_stat, ccname_orig, NULL); - if (gssstat) { - return KADM5_GSS_ERROR; - } - free(ccname_orig); - } else { - gssstat = gss_krb5_ccache_name(&minor_stat, NULL, NULL); - if (gssstat) { - return KADM5_GSS_ERROR; - } - } - - if (handle->clnt->cl_auth == NULL) { - return KADM5_GSS_ERROR; - } - return 0; + if (gss_client_creds != GSS_C_NO_CREDENTIAL) + (void) gss_release_cred(&minor_stat, &gss_client_creds); + + if (gss_client) + gss_release_name(&minor_stat, &gss_client); + if (gss_target) + gss_release_name(&minor_stat, &gss_target); + + /* Revert to prior gss_krb5 ccache. */ + if (ccname_orig) { + gssstat = gss_krb5_ccache_name(&minor_stat, ccname_orig, NULL); + if (gssstat) { + return KADM5_GSS_ERROR; + } + free(ccname_orig); + } else { + gssstat = gss_krb5_ccache_name(&minor_stat, NULL, NULL); + if (gssstat) { + return KADM5_GSS_ERROR; + } + } + + if (handle->clnt->cl_auth == NULL) { + return KADM5_GSS_ERROR; + } + return 0; } /* @@ -736,77 +737,77 @@ error: */ static void kadm5_rpc_auth(kadm5_server_handle_t handle, - kadm5_config_params *params_in, - gss_cred_id_t gss_client_creds, - gss_name_t gss_target) + kadm5_config_params *params_in, + gss_cred_id_t gss_client_creds, + gss_name_t gss_target) { - OM_uint32 gssstat, minor_stat; - struct rpc_gss_sec sec; - - /* Allow unauthenticated option for testing. */ - if (params_in != NULL && (params_in->mask & KADM5_CONFIG_NO_AUTH)) - return; - - /* Use RPCSEC_GSS by default. */ - if (params_in == NULL || - !(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) { - sec.mech = gss_mech_krb5; - sec.qop = GSS_C_QOP_DEFAULT; - sec.svc = RPCSEC_GSS_SVC_PRIVACY; - sec.cred = gss_client_creds; - sec.req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG; - - handle->clnt->cl_auth = authgss_create(handle->clnt, - gss_target, &sec); - if (handle->clnt->cl_auth != NULL) - return; - } - - if (params_in != NULL && (params_in->mask & KADM5_CONFIG_AUTH_NOFALLBACK)) - return; - - /* Fall back to old AUTH_GSSAPI. */ - handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, - &gssstat, - &minor_stat, - gss_client_creds, - gss_target, - (gss_OID) gss_mech_krb5, - GSS_C_MUTUAL_FLAG - | GSS_C_REPLAY_FLAG, - 0, NULL, NULL, NULL); + OM_uint32 gssstat, minor_stat; + struct rpc_gss_sec sec; + + /* Allow unauthenticated option for testing. */ + if (params_in != NULL && (params_in->mask & KADM5_CONFIG_NO_AUTH)) + return; + + /* Use RPCSEC_GSS by default. */ + if (params_in == NULL || + !(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) { + sec.mech = gss_mech_krb5; + sec.qop = GSS_C_QOP_DEFAULT; + sec.svc = RPCSEC_GSS_SVC_PRIVACY; + sec.cred = gss_client_creds; + sec.req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG; + + handle->clnt->cl_auth = authgss_create(handle->clnt, + gss_target, &sec); + if (handle->clnt->cl_auth != NULL) + return; + } + + if (params_in != NULL && (params_in->mask & KADM5_CONFIG_AUTH_NOFALLBACK)) + return; + + /* Fall back to old AUTH_GSSAPI. */ + handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, + &gssstat, + &minor_stat, + gss_client_creds, + gss_target, + (gss_OID) gss_mech_krb5, + GSS_C_MUTUAL_FLAG + | GSS_C_REPLAY_FLAG, + 0, NULL, NULL, NULL); } kadm5_ret_t kadm5_destroy(void *server_handle) { - krb5_ccache ccache = NULL; - int code = KADM5_OK; - kadm5_server_handle_t handle = - (kadm5_server_handle_t) server_handle; - - CHECK_HANDLE(server_handle); - - if (handle->destroy_cache && handle->cache_name) { - if ((code = krb5_cc_resolve(handle->context, - handle->cache_name, &ccache)) == 0) - code = krb5_cc_destroy (handle->context, ccache); - } - if (handle->cache_name) - free(handle->cache_name); - if (handle->clnt && handle->clnt->cl_auth) - AUTH_DESTROY(handle->clnt->cl_auth); - if (handle->clnt) - clnt_destroy(handle->clnt); - if (handle->lhandle) - free (handle->lhandle); - - kadm5_free_config_params(handle->context, &handle->params); - - handle->magic_number = 0; - free(handle); - - return code; + krb5_ccache ccache = NULL; + int code = KADM5_OK; + kadm5_server_handle_t handle = + (kadm5_server_handle_t) server_handle; + + CHECK_HANDLE(server_handle); + + if (handle->destroy_cache && handle->cache_name) { + if ((code = krb5_cc_resolve(handle->context, + handle->cache_name, &ccache)) == 0) + code = krb5_cc_destroy (handle->context, ccache); + } + if (handle->cache_name) + free(handle->cache_name); + if (handle->clnt && handle->clnt->cl_auth) + AUTH_DESTROY(handle->clnt->cl_auth); + if (handle->clnt) + clnt_destroy(handle->clnt); + if (handle->lhandle) + free (handle->lhandle); + + kadm5_free_config_params(handle->context, &handle->params); + + handle->magic_number = 0; + free(handle); + + return code; } /* not supported on client */ kadm5_ret_t kadm5_lock(void *server_handle) @@ -822,13 +823,13 @@ kadm5_ret_t kadm5_unlock(void *server_handle) kadm5_ret_t kadm5_flush(void *server_handle) { - return KADM5_OK; + return KADM5_OK; } int _kadm5_check_handle(void *handle) { - CHECK_HANDLE(handle); - return 0; + CHECK_HANDLE(handle); + return 0; } krb5_error_code kadm5_init_krb5_context (krb5_context *ctx) @@ -843,5 +844,5 @@ krb5_error_code kadm5_init_krb5_context (krb5_context *ctx) krb5_error_code kadm5_init_iprop(void *handle, char **db_args) { - return (0); + return (0); } diff --git a/src/lib/kadm5/clnt/client_internal.h b/src/lib/kadm5/clnt/client_internal.h index c5ebfec..c3f8999 100644 --- a/src/lib/kadm5/clnt/client_internal.h +++ b/src/lib/kadm5/clnt/client_internal.h @@ -1,12 +1,13 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * * $Header$ - * + * * $Log$ * Revision 1.1 1996/07/24 22:22:43 tlyu - * * Makefile.in, configure.in: break out client lib into a - * subdirectory + * * Makefile.in, configure.in: break out client lib into a + * subdirectory * * Revision 1.11 1996/07/22 20:35:46 marc * this commit includes all the changes on the OV_9510_INTEGRATION and @@ -65,33 +66,33 @@ #include "admin_internal.h" typedef struct _kadm5_server_handle_t { - krb5_ui_4 magic_number; - krb5_ui_4 struct_version; - krb5_ui_4 api_version; - char * cache_name; - int destroy_cache; - CLIENT * clnt; - krb5_context context; - kadm5_config_params params; - struct _kadm5_server_handle_t *lhandle; + krb5_ui_4 magic_number; + krb5_ui_4 struct_version; + krb5_ui_4 api_version; + char * cache_name; + int destroy_cache; + CLIENT * clnt; + krb5_context context; + kadm5_config_params params; + struct _kadm5_server_handle_t *lhandle; } kadm5_server_handle_rec, *kadm5_server_handle_t; -#define CLIENT_CHECK_HANDLE(handle) \ -{ \ - kadm5_server_handle_t srvr = \ - (kadm5_server_handle_t) handle; \ - \ - if (! srvr->clnt) \ - return KADM5_BAD_SERVER_HANDLE; \ - if (! srvr->cache_name) \ - return KADM5_BAD_SERVER_HANDLE; \ - if (! srvr->lhandle) \ - return KADM5_BAD_SERVER_HANDLE; \ -} +#define CLIENT_CHECK_HANDLE(handle) \ + { \ + kadm5_server_handle_t srvr = \ + (kadm5_server_handle_t) handle; \ + \ + if (! srvr->clnt) \ + return KADM5_BAD_SERVER_HANDLE; \ + if (! srvr->cache_name) \ + return KADM5_BAD_SERVER_HANDLE; \ + if (! srvr->lhandle) \ + return KADM5_BAD_SERVER_HANDLE; \ + } -#define CHECK_HANDLE(handle) \ - GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, \ - KADM5_NEW_LIB_API_VERSION) \ - CLIENT_CHECK_HANDLE(handle) +#define CHECK_HANDLE(handle) \ + GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, \ + KADM5_NEW_LIB_API_VERSION) \ + CLIENT_CHECK_HANDLE(handle) #endif /* __KADM5_CLIENT_INTERNAL_H__ */ diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c index 56ad512..95d5c2d 100644 --- a/src/lib/kadm5/clnt/client_principal.c +++ b/src/lib/kadm5/clnt/client_principal.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -26,11 +27,11 @@ static char *rcsid = "$Header$"; kadm5_ret_t kadm5_create_principal(void *server_handle, - kadm5_principal_ent_t princ, long mask, - char *pw) + kadm5_principal_ent_t princ, long mask, + char *pw) { - generic_ret *r; - cprinc_arg arg; + generic_ret *r; + cprinc_arg arg; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -41,38 +42,38 @@ kadm5_create_principal(void *server_handle, arg.api_version = handle->api_version; if(princ == NULL) - return EINVAL; + return EINVAL; memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec)); arg.rec.mod_name = NULL; - + if(!(mask & KADM5_POLICY)) - arg.rec.policy = NULL; + arg.rec.policy = NULL; if (! (mask & KADM5_KEY_DATA)) { - arg.rec.n_key_data = 0; - arg.rec.key_data = NULL; + arg.rec.n_key_data = 0; + arg.rec.key_data = NULL; } if (! (mask & KADM5_TL_DATA)) { - arg.rec.n_tl_data = 0; - arg.rec.tl_data = NULL; + arg.rec.n_tl_data = 0; + arg.rec.tl_data = NULL; } - + r = create_principal_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_create_principal_3(void *server_handle, - kadm5_principal_ent_t princ, long mask, - int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - char *pw) + kadm5_principal_ent_t princ, long mask, + int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + char *pw) { - generic_ret *r; - cprinc3_arg arg; + generic_ret *r; + cprinc3_arg arg; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -85,54 +86,54 @@ kadm5_create_principal_3(void *server_handle, arg.ks_tuple = ks_tuple; if(princ == NULL) - return EINVAL; + return EINVAL; memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec)); arg.rec.mod_name = NULL; - + if(!(mask & KADM5_POLICY)) - arg.rec.policy = NULL; + arg.rec.policy = NULL; if (! (mask & KADM5_KEY_DATA)) { - arg.rec.n_key_data = 0; - arg.rec.key_data = NULL; + arg.rec.n_key_data = 0; + arg.rec.key_data = NULL; } if (! (mask & KADM5_TL_DATA)) { - arg.rec.n_tl_data = 0; - arg.rec.tl_data = NULL; + arg.rec.n_tl_data = 0; + arg.rec.tl_data = NULL; } - + r = create_principal3_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_delete_principal(void *server_handle, krb5_principal principal) { - dprinc_arg arg; - generic_ret *r; + dprinc_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); if(principal == NULL) - return EINVAL; + return EINVAL; arg.princ = principal; arg.api_version = handle->api_version; r = delete_principal_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_modify_principal(void *server_handle, - kadm5_principal_ent_t princ, long mask) + kadm5_principal_ent_t princ, long mask) { - mprinc_arg arg; - generic_ret *r; + mprinc_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -141,87 +142,87 @@ kadm5_modify_principal(void *server_handle, arg.mask = mask; arg.api_version = handle->api_version; if(princ == NULL) - return EINVAL; + return EINVAL; memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec)); if(!(mask & KADM5_POLICY)) - arg.rec.policy = NULL; + arg.rec.policy = NULL; if (! (mask & KADM5_KEY_DATA)) { - arg.rec.n_key_data = 0; - arg.rec.key_data = NULL; + arg.rec.n_key_data = 0; + arg.rec.key_data = NULL; } if (! (mask & KADM5_TL_DATA)) { - arg.rec.n_tl_data = 0; - arg.rec.tl_data = NULL; + arg.rec.n_tl_data = 0; + arg.rec.tl_data = NULL; } arg.rec.mod_name = NULL; - + r = modify_principal_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_get_principal(void *server_handle, - krb5_principal princ, kadm5_principal_ent_t ent, - long mask) + krb5_principal princ, kadm5_principal_ent_t ent, + long mask) { - gprinc_arg arg; - gprinc_ret *r; + gprinc_arg arg; + gprinc_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); if(princ == NULL) - return EINVAL; + return EINVAL; arg.princ = princ; arg.mask = mask; arg.api_version = handle->api_version; r = get_principal_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); if (r->code == 0) - memcpy(ent, &r->rec, sizeof(r->rec)); - + memcpy(ent, &r->rec, sizeof(r->rec)); + return r->code; } kadm5_ret_t kadm5_get_principals(void *server_handle, - char *exp, char ***princs, int *count) + char *exp, char ***princs, int *count) { - gprincs_arg arg; - gprincs_ret *r; + gprincs_arg arg; + gprincs_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); if(princs == NULL || count == NULL) - return EINVAL; + return EINVAL; arg.exp = exp; arg.api_version = handle->api_version; r = get_princs_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); if(r->code == 0) { - *count = r->count; - *princs = r->princs; + *count = r->count; + *princs = r->princs; } else { - *count = 0; - *princs = NULL; + *count = 0; + *princs = NULL; } - + return r->code; } kadm5_ret_t kadm5_rename_principal(void *server_handle, - krb5_principal source, krb5_principal dest) + krb5_principal source, krb5_principal dest) { - rprinc_arg arg; - generic_ret *r; + rprinc_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -230,19 +231,19 @@ kadm5_rename_principal(void *server_handle, arg.dest = dest; arg.api_version = handle->api_version; if (source == NULL || dest == NULL) - return EINVAL; + return EINVAL; r = rename_principal_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_chpass_principal(void *server_handle, - krb5_principal princ, char *password) + krb5_principal princ, char *password) { - chpass_arg arg; - generic_ret *r; + chpass_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -252,21 +253,21 @@ kadm5_chpass_principal(void *server_handle, arg.api_version = handle->api_version; if(princ == NULL) - return EINVAL; + return EINVAL; r = chpass_principal_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_chpass_principal_3(void *server_handle, - krb5_principal princ, krb5_boolean keepold, - int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, - char *password) + krb5_principal princ, krb5_boolean keepold, + int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, + char *password) { - chpass3_arg arg; - generic_ret *r; + chpass3_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -279,20 +280,20 @@ kadm5_chpass_principal_3(void *server_handle, arg.ks_tuple = ks_tuple; if(princ == NULL) - return EINVAL; + return EINVAL; r = chpass_principal3_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_setv4key_principal(void *server_handle, - krb5_principal princ, - krb5_keyblock *keyblock) + krb5_principal princ, + krb5_keyblock *keyblock) { - setv4key_arg arg; - generic_ret *r; + setv4key_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -302,21 +303,21 @@ kadm5_setv4key_principal(void *server_handle, arg.api_version = handle->api_version; if(princ == NULL || keyblock == NULL) - return EINVAL; + return EINVAL; r = setv4key_principal_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_setkey_principal(void *server_handle, - krb5_principal princ, - krb5_keyblock *keyblocks, - int n_keys) + krb5_principal princ, + krb5_keyblock *keyblocks, + int n_keys) { - setkey_arg arg; - generic_ret *r; + setkey_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -327,23 +328,23 @@ kadm5_setkey_principal(void *server_handle, arg.api_version = handle->api_version; if(princ == NULL || keyblocks == NULL) - return EINVAL; + return EINVAL; r = setkey_principal_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_setkey_principal_3(void *server_handle, - krb5_principal princ, - krb5_boolean keepold, int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - krb5_keyblock *keyblocks, - int n_keys) + krb5_principal princ, + krb5_boolean keepold, int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock *keyblocks, + int n_keys) { - setkey3_arg arg; - generic_ret *r; + setkey3_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -357,24 +358,24 @@ kadm5_setkey_principal_3(void *server_handle, arg.ks_tuple = ks_tuple; if(princ == NULL || keyblocks == NULL) - return EINVAL; + return EINVAL; r = setkey_principal3_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); return r->code; } kadm5_ret_t kadm5_randkey_principal_3(void *server_handle, - krb5_principal princ, - krb5_boolean keepold, int n_ks_tuple, - krb5_key_salt_tuple *ks_tuple, - krb5_keyblock **key, int *n_keys) + krb5_principal princ, + krb5_boolean keepold, int n_ks_tuple, + krb5_key_salt_tuple *ks_tuple, + krb5_keyblock **key, int *n_keys) { - chrand3_arg arg; - chrand_ret *r; + chrand3_arg arg; + chrand_ret *r; kadm5_server_handle_t handle = server_handle; - int i, ret; + int i, ret; CHECK_HANDLE(server_handle); @@ -385,27 +386,27 @@ kadm5_randkey_principal_3(void *server_handle, arg.ks_tuple = ks_tuple; if(princ == NULL) - return EINVAL; + return EINVAL; r = chrand_principal3_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); if (n_keys) - *n_keys = r->n_keys; + *n_keys = r->n_keys; if (key) { - if(r->n_keys) { - *key = malloc(r->n_keys * sizeof(krb5_keyblock)); - if (*key == NULL) - return ENOMEM; - for (i = 0; i < r->n_keys; i++) { - ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i], - &(*key)[i]); - if (ret) { - free(*key); - return ENOMEM; - } - } - } else - *key = NULL; + if(r->n_keys) { + *key = malloc(r->n_keys * sizeof(krb5_keyblock)); + if (*key == NULL) + return ENOMEM; + for (i = 0; i < r->n_keys; i++) { + ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i], + &(*key)[i]); + if (ret) { + free(*key); + return ENOMEM; + } + } + } else + *key = NULL; } return r->code; @@ -413,13 +414,13 @@ kadm5_randkey_principal_3(void *server_handle, kadm5_ret_t kadm5_randkey_principal(void *server_handle, - krb5_principal princ, - krb5_keyblock **key, int *n_keys) + krb5_principal princ, + krb5_keyblock **key, int *n_keys) { - chrand_arg arg; - chrand_ret *r; + chrand_arg arg; + chrand_ret *r; kadm5_server_handle_t handle = server_handle; - int i, ret; + int i, ret; CHECK_HANDLE(server_handle); @@ -427,27 +428,27 @@ kadm5_randkey_principal(void *server_handle, arg.api_version = handle->api_version; if(princ == NULL) - return EINVAL; + return EINVAL; r = chrand_principal_2(&arg, handle->clnt); if(r == NULL) - eret(); + eret(); if (n_keys) - *n_keys = r->n_keys; + *n_keys = r->n_keys; if (key) { - if(r->n_keys) { - *key = malloc(r->n_keys * sizeof(krb5_keyblock)); - if (*key == NULL) - return ENOMEM; - for (i = 0; i < r->n_keys; i++) { - ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i], - &(*key)[i]); - if (ret) { - free(*key); - return ENOMEM; - } - } - } else - *key = NULL; + if(r->n_keys) { + *key = malloc(r->n_keys * sizeof(krb5_keyblock)); + if (*key == NULL) + return ENOMEM; + for (i = 0; i < r->n_keys; i++) { + ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i], + &(*key)[i]); + if (ret) { + free(*key); + return ENOMEM; + } + } + } else + *key = NULL; } return r->code; @@ -455,10 +456,10 @@ kadm5_randkey_principal(void *server_handle, /* not supported on client side */ kadm5_ret_t kadm5_decrypt_key(void *server_handle, - kadm5_principal_ent_t entry, krb5_int32 - ktype, krb5_int32 stype, krb5_int32 - kvno, krb5_keyblock *keyblock, - krb5_keysalt *keysalt, int *kvnop) + kadm5_principal_ent_t entry, krb5_int32 + ktype, krb5_int32 stype, krb5_int32 + kvno, krb5_keyblock *keyblock, + krb5_keysalt *keysalt, int *kvnop) { - return EINVAL; + return EINVAL; } diff --git a/src/lib/kadm5/clnt/client_rpc.c b/src/lib/kadm5/clnt/client_rpc.c index 19c8b47..752206b 100644 --- a/src/lib/kadm5/clnt/client_rpc.c +++ b/src/lib/kadm5/clnt/client_rpc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <gssrpc/rpc.h> #include <kadm5/kadm_rpc.h> #include <krb5.h> @@ -14,314 +15,314 @@ static struct timeval TIMEOUT = { 120, 0 }; generic_ret * create_principal_2(cprinc_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CREATE_PRINCIPAL, - (xdrproc_t) xdr_cprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CREATE_PRINCIPAL, + (xdrproc_t) xdr_cprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * create_principal3_2(cprinc3_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CREATE_PRINCIPAL3, - (xdrproc_t) xdr_cprinc3_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CREATE_PRINCIPAL3, + (xdrproc_t) xdr_cprinc3_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * delete_principal_2(dprinc_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, DELETE_PRINCIPAL, - (xdrproc_t) xdr_dprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, DELETE_PRINCIPAL, + (xdrproc_t) xdr_dprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * modify_principal_2(mprinc_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, MODIFY_PRINCIPAL, - (xdrproc_t) xdr_mprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, MODIFY_PRINCIPAL, + (xdrproc_t) xdr_mprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * rename_principal_2(rprinc_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, RENAME_PRINCIPAL, - (xdrproc_t) xdr_rprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, RENAME_PRINCIPAL, + (xdrproc_t) xdr_rprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } gprinc_ret * get_principal_2(gprinc_arg *argp, CLIENT *clnt) { - static gprinc_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_PRINCIPAL, - (xdrproc_t) xdr_gprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_gprinc_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static gprinc_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_PRINCIPAL, + (xdrproc_t) xdr_gprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_gprinc_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } gprincs_ret * get_princs_2(gprincs_arg *argp, CLIENT *clnt) { - static gprincs_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_PRINCS, - (xdrproc_t) xdr_gprincs_arg, (caddr_t) argp, - (xdrproc_t) xdr_gprincs_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static gprincs_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_PRINCS, + (xdrproc_t) xdr_gprincs_arg, (caddr_t) argp, + (xdrproc_t) xdr_gprincs_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * chpass_principal_2(chpass_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CHPASS_PRINCIPAL, - (xdrproc_t) xdr_chpass_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CHPASS_PRINCIPAL, + (xdrproc_t) xdr_chpass_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * chpass_principal3_2(chpass3_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CHPASS_PRINCIPAL3, - (xdrproc_t) xdr_chpass3_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CHPASS_PRINCIPAL3, + (xdrproc_t) xdr_chpass3_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * setv4key_principal_2(setv4key_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, SETV4KEY_PRINCIPAL, - (xdrproc_t) xdr_setv4key_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, SETV4KEY_PRINCIPAL, + (xdrproc_t) xdr_setv4key_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * setkey_principal_2(setkey_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, SETKEY_PRINCIPAL, - (xdrproc_t) xdr_setkey_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, SETKEY_PRINCIPAL, + (xdrproc_t) xdr_setkey_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * setkey_principal3_2(setkey3_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, SETKEY_PRINCIPAL3, - (xdrproc_t) xdr_setkey3_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, SETKEY_PRINCIPAL3, + (xdrproc_t) xdr_setkey3_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } chrand_ret * chrand_principal_2(chrand_arg *argp, CLIENT *clnt) { - static chrand_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CHRAND_PRINCIPAL, - (xdrproc_t) xdr_chrand_arg, (caddr_t) argp, - (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static chrand_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CHRAND_PRINCIPAL, + (xdrproc_t) xdr_chrand_arg, (caddr_t) argp, + (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } chrand_ret * chrand_principal3_2(chrand3_arg *argp, CLIENT *clnt) { - static chrand_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CHRAND_PRINCIPAL3, - (xdrproc_t) xdr_chrand3_arg, (caddr_t) argp, - (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static chrand_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CHRAND_PRINCIPAL3, + (xdrproc_t) xdr_chrand3_arg, (caddr_t) argp, + (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * create_policy_2(cpol_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CREATE_POLICY, - (xdrproc_t) xdr_cpol_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CREATE_POLICY, + (xdrproc_t) xdr_cpol_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * delete_policy_2(dpol_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, DELETE_POLICY, - (xdrproc_t) xdr_dpol_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, DELETE_POLICY, + (xdrproc_t) xdr_dpol_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * modify_policy_2(mpol_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, MODIFY_POLICY, - (xdrproc_t) xdr_mpol_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, MODIFY_POLICY, + (xdrproc_t) xdr_mpol_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } gpol_ret * get_policy_2(gpol_arg *argp, CLIENT *clnt) { - static gpol_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_POLICY, - (xdrproc_t) xdr_gpol_arg, (caddr_t) argp, - (xdrproc_t) xdr_gpol_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static gpol_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_POLICY, + (xdrproc_t) xdr_gpol_arg, (caddr_t) argp, + (xdrproc_t) xdr_gpol_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } gpols_ret * get_pols_2(gpols_arg *argp, CLIENT *clnt) { - static gpols_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_POLS, - (xdrproc_t) xdr_gpols_arg, (caddr_t) argp, - (xdrproc_t) xdr_gpols_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static gpols_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_POLS, + (xdrproc_t) xdr_gpols_arg, (caddr_t) argp, + (xdrproc_t) xdr_gpols_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } getprivs_ret * get_privs_2(void *argp, CLIENT *clnt) { - static getprivs_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_PRIVS, - (xdrproc_t) xdr_u_int32, (caddr_t) argp, - (xdrproc_t) xdr_getprivs_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static getprivs_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_PRIVS, + (xdrproc_t) xdr_u_int32, (caddr_t) argp, + (xdrproc_t) xdr_getprivs_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * init_2(void *argp, CLIENT *clnt) { - static generic_ret clnt_res; - - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, INIT, - (xdrproc_t) xdr_u_int32, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + static generic_ret clnt_res; + + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, INIT, + (xdrproc_t) xdr_u_int32, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } diff --git a/src/lib/kadm5/clnt/clnt_chpass_util.c b/src/lib/kadm5/clnt/clnt_chpass_util.c index 71ab649..618efda 100644 --- a/src/lib/kadm5/clnt/clnt_chpass_util.c +++ b/src/lib/kadm5/clnt/clnt_chpass_util.c @@ -1,16 +1,17 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <kadm5/admin.h> #include "client_internal.h" kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, - krb5_principal princ, - char *new_pw, - char **ret_pw, - char *msg_ret, - unsigned int msg_len) + krb5_principal princ, + char *new_pw, + char **ret_pw, + char *msg_ret, + unsigned int msg_len) { - kadm5_server_handle_t handle = server_handle; + kadm5_server_handle_t handle = server_handle; - CHECK_HANDLE(server_handle); - return _kadm5_chpass_principal_util(handle, handle->lhandle, princ, - new_pw, ret_pw, msg_ret, msg_len); + CHECK_HANDLE(server_handle); + return _kadm5_chpass_principal_util(handle, handle->lhandle, princ, + new_pw, ret_pw, msg_ret, msg_len); } diff --git a/src/lib/kadm5/clnt/clnt_policy.c b/src/lib/kadm5/clnt/clnt_policy.c index fc91245..0b6796f 100644 --- a/src/lib/kadm5/clnt/clnt_policy.c +++ b/src/lib/kadm5/clnt/clnt_policy.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -12,29 +13,29 @@ static char *rcsid = "$Header$"; #include <kadm5/admin.h> #include <kadm5/kadm_rpc.h> #include "client_internal.h" -#include <stdlib.h> -#include <string.h> -#include <errno.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> kadm5_ret_t kadm5_create_policy(void *server_handle, - kadm5_policy_ent_t policy, long mask) + kadm5_policy_ent_t policy, long mask) { - cpol_arg arg; - generic_ret *r; + cpol_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); if(policy == (kadm5_policy_ent_t) NULL) - return EINVAL; + return EINVAL; arg.mask = mask; arg.api_version = handle->api_version; memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec)); r = create_policy_2(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + return KADM5_RPC_ERROR; return r->code; } @@ -42,45 +43,45 @@ kadm5_create_policy(void *server_handle, kadm5_ret_t kadm5_delete_policy(void *server_handle, char *name) { - dpol_arg arg; - generic_ret *r; + dpol_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; - + CHECK_HANDLE(server_handle); if(name == NULL) - return EINVAL; + return EINVAL; arg.name = name; arg.api_version = handle->api_version; r = delete_policy_2(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + return KADM5_RPC_ERROR; return r->code; } kadm5_ret_t kadm5_modify_policy(void *server_handle, - kadm5_policy_ent_t policy, long mask) + kadm5_policy_ent_t policy, long mask) { - mpol_arg arg; - generic_ret *r; + mpol_arg arg; + generic_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); if(policy == (kadm5_policy_ent_t) NULL) - return EINVAL; - + return EINVAL; + arg.mask = mask; arg.api_version = handle->api_version; memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec)); r = modify_policy_2(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + return KADM5_RPC_ERROR; return r->code; } @@ -88,8 +89,8 @@ kadm5_modify_policy(void *server_handle, kadm5_ret_t kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent) { - gpol_arg arg; - gpol_ret *r; + gpol_arg arg; + gpol_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -98,41 +99,41 @@ kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent) arg.api_version = handle->api_version; if(name == NULL) - return EINVAL; - + return EINVAL; + r = get_policy_2(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + return KADM5_RPC_ERROR; if (r->code == 0) - memcpy(ent, &r->rec, sizeof(r->rec)); - + memcpy(ent, &r->rec, sizeof(r->rec)); + return r->code; } kadm5_ret_t kadm5_get_policies(void *server_handle, - char *exp, char ***pols, int *count) + char *exp, char ***pols, int *count) { - gpols_arg arg; - gpols_ret *r; + gpols_arg arg; + gpols_ret *r; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); if(pols == NULL || count == NULL) - return EINVAL; + return EINVAL; arg.exp = exp; arg.api_version = handle->api_version; r = get_pols_2(&arg, handle->clnt); if(r == NULL) - return KADM5_RPC_ERROR; + return KADM5_RPC_ERROR; if(r->code == 0) { - *count = r->count; - *pols = r->pols; + *count = r->count; + *pols = r->pols; } else { - *count = 0; - *pols = NULL; + *count = 0; + *pols = NULL; } - + return r->code; } diff --git a/src/lib/kadm5/clnt/clnt_privs.c b/src/lib/kadm5/clnt/clnt_privs.c index 5f7ed43..15b16b1 100644 --- a/src/lib/kadm5/clnt/clnt_privs.c +++ b/src/lib/kadm5/clnt/clnt_privs.c @@ -1,9 +1,10 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. * * $Id$ * $Source$ - * + * */ #if !defined(lint) && !defined(__CODECENTER__) @@ -17,14 +18,14 @@ static char *rcsid = "$Header$"; kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) { - getprivs_ret *r; - kadm5_server_handle_t handle = server_handle; + getprivs_ret *r; + kadm5_server_handle_t handle = server_handle; - r = get_privs_2(&handle->api_version, handle->clnt); - if (r == NULL) - return KADM5_RPC_ERROR; - else if (r->code == KADM5_OK) - *privs = r->privs; + r = get_privs_2(&handle->api_version, handle->clnt); + if (r == NULL) + return KADM5_RPC_ERROR; + else if (r->code == KADM5_OK) + *privs = r->privs; - return r->code; + return r->code; } diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c index 8ddf33a..41ab3f1 100644 --- a/src/lib/kadm5/kadm_rpc_xdr.c +++ b/src/lib/kadm5/kadm_rpc_xdr.c @@ -64,7 +64,7 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp) } } return (xdr_opaque(xdrs, *objp, size)); - + case XDR_ENCODE: if (size != 0) return (xdr_opaque(xdrs, *objp, size)); @@ -226,15 +226,15 @@ xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp) static bool_t xdr_krb5_boolean(XDR *xdrs, krb5_boolean *kbool) { bool_t val; - + switch (xdrs->x_op) { case XDR_DECODE: if (!xdr_bool(xdrs, &val)) return FALSE; - + *kbool = (val == FALSE) ? FALSE : TRUE; return TRUE; - + case XDR_ENCODE: val = *kbool ? TRUE : FALSE; return xdr_bool(xdrs, &val); @@ -242,7 +242,7 @@ static bool_t xdr_krb5_boolean(XDR *xdrs, krb5_boolean *kbool) case XDR_FREE: return TRUE; } - + return FALSE; } @@ -283,13 +283,13 @@ bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp) if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0], &tmp, ~0)) return FALSE; - + tmp = (unsigned int) objp->key_data_length[1]; if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1], &tmp, ~0)) return FALSE; } - + return (TRUE); } @@ -320,7 +320,7 @@ bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head) tl = tl2; } break; - + case XDR_ENCODE: tl = *tl_data_head; while (1) { @@ -394,7 +394,7 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, int v) { unsigned int n; - + if (!xdr_krb5_principal(xdrs, &objp->principal)) { return (FALSE); } @@ -625,7 +625,7 @@ xdr_gprincs_arg(XDR *xdrs, gprincs_arg *objp) } bool_t -xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp) +xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp) { if (!xdr_ui_4(xdrs, &objp->api_version)) { return (FALSE); @@ -810,7 +810,7 @@ xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp) if (!xdr_long(xdrs, &objp->mask)) { return FALSE; } - + return (TRUE); } @@ -920,7 +920,7 @@ xdr_gpols_arg(XDR *xdrs, gpols_arg *objp) } bool_t -xdr_gpols_ret(XDR *xdrs, gpols_ret *objp) +xdr_gpols_ret(XDR *xdrs, gpols_ret *objp) { if (!xdr_ui_4(xdrs, &objp->api_version)) { return (FALSE); @@ -972,7 +972,7 @@ xdr_krb5_principal(XDR *xdrs, krb5_principal *objp) switch(xdrs->x_op) { case XDR_ENCODE: if (*objp) { - if((ret = krb5_unparse_name(context, *objp, &p)) != 0) + if((ret = krb5_unparse_name(context, *objp, &p)) != 0) return FALSE; } if(!xdr_nullstring(xdrs, &p)) @@ -984,7 +984,7 @@ xdr_krb5_principal(XDR *xdrs, krb5_principal *objp) return FALSE; if (p) { ret = krb5_parse_name(context, p, &pr); - if(ret != 0) + if(ret != 0) return FALSE; *objp = pr; free(p); @@ -992,7 +992,7 @@ xdr_krb5_principal(XDR *xdrs, krb5_principal *objp) *objp = NULL; break; case XDR_FREE: - if(*objp != NULL) + if(*objp != NULL) krb5_free_principal(context, *objp); break; } diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index efff818..b8da209 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kadm/logger.c * @@ -29,117 +30,117 @@ #define VERBOSE_LOGS /* - * logger.c - Handle logging functions for those who want it. + * logger.c - Handle logging functions for those who want it. */ #include "k5-int.h" #include "adm_proto.h" #include "com_err.h" #include <stdio.h> #include <ctype.h> -#ifdef HAVE_SYSLOG_H +#ifdef HAVE_SYSLOG_H #include <syslog.h> -#endif /* HAVE_SYSLOG_H */ +#endif /* HAVE_SYSLOG_H */ #include <stdarg.h> -#define KRB5_KLOG_MAX_ERRMSG_SIZE 2048 -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 256 -#endif /* MAXHOSTNAMELEN */ +#define KRB5_KLOG_MAX_ERRMSG_SIZE 2048 +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 256 +#endif /* MAXHOSTNAMELEN */ /* This is to assure that we have at least one match in the syslog stuff */ -#ifndef LOG_AUTH -#define LOG_AUTH 0 -#endif /* LOG_AUTH */ -#ifndef LOG_ERR -#define LOG_ERR 0 -#endif /* LOG_ERR */ - -#define lspec_parse_err_1 "%s: cannot parse <%s>\n" -#define lspec_parse_err_2 "%s: warning - logging entry syntax error\n" -#define log_file_err "%s: error writing to %s\n" -#define log_device_err "%s: error writing to %s device\n" -#define log_ufo_string "?\?\?" /* nb: avoid trigraphs */ -#define log_emerg_string "EMERGENCY" -#define log_alert_string "ALERT" -#define log_crit_string "CRITICAL" -#define log_err_string "Error" -#define log_warning_string "Warning" -#define log_notice_string "Notice" -#define log_info_string "info" -#define log_debug_string "debug" +#ifndef LOG_AUTH +#define LOG_AUTH 0 +#endif /* LOG_AUTH */ +#ifndef LOG_ERR +#define LOG_ERR 0 +#endif /* LOG_ERR */ + +#define lspec_parse_err_1 "%s: cannot parse <%s>\n" +#define lspec_parse_err_2 "%s: warning - logging entry syntax error\n" +#define log_file_err "%s: error writing to %s\n" +#define log_device_err "%s: error writing to %s device\n" +#define log_ufo_string "?\?\?" /* nb: avoid trigraphs */ +#define log_emerg_string "EMERGENCY" +#define log_alert_string "ALERT" +#define log_crit_string "CRITICAL" +#define log_err_string "Error" +#define log_warning_string "Warning" +#define log_notice_string "Notice" +#define log_info_string "info" +#define log_debug_string "debug" /* * Output logging. * * Output logging is now controlled by the configuration file. We can specify * the following syntaxes under the [logging]->entity specification. - * FILE<opentype><pathname> - * SYSLOG[=<severity>[:<facility>]] - * STDERR - * CONSOLE - * DEVICE=<device-spec> + * FILE<opentype><pathname> + * SYSLOG[=<severity>[:<facility>]] + * STDERR + * CONSOLE + * DEVICE=<device-spec> * * Where: - * <opentype> is ":" for open/append, "=" for open/create. - * <pathname> is a valid path name. - * <severity> is one of: (default = ERR) - * EMERG - * ALERT - * CRIT - * ERR - * WARNING - * NOTICE - * INFO - * DEBUG - * <facility> is one of: (default = AUTH) - * KERN - * USER - * MAIL - * DAEMON - * AUTH - * LPR - * NEWS - * UUCP - * CRON - * LOCAL0..LOCAL7 - * <device-spec> is a valid device specification. + * <opentype> is ":" for open/append, "=" for open/create. + * <pathname> is a valid path name. + * <severity> is one of: (default = ERR) + * EMERG + * ALERT + * CRIT + * ERR + * WARNING + * NOTICE + * INFO + * DEBUG + * <facility> is one of: (default = AUTH) + * KERN + * USER + * MAIL + * DAEMON + * AUTH + * LPR + * NEWS + * UUCP + * CRON + * LOCAL0..LOCAL7 + * <device-spec> is a valid device specification. */ struct log_entry { enum log_type { K_LOG_FILE, - K_LOG_SYSLOG, - K_LOG_STDERR, - K_LOG_CONSOLE, - K_LOG_DEVICE, - K_LOG_NONE } log_type; + K_LOG_SYSLOG, + K_LOG_STDERR, + K_LOG_CONSOLE, + K_LOG_DEVICE, + K_LOG_NONE } log_type; krb5_pointer log_2free; union log_union { - struct log_file { - FILE *lf_filep; - char *lf_fname; - } log_file; - struct log_syslog { - int ls_facility; - int ls_severity; - } log_syslog; - struct log_device { - FILE *ld_filep; - char *ld_devname; - } log_device; + struct log_file { + FILE *lf_filep; + char *lf_fname; + } log_file; + struct log_syslog { + int ls_facility; + int ls_severity; + } log_syslog; + struct log_device { + FILE *ld_filep; + char *ld_devname; + } log_device; } log_union; }; -#define lfu_filep log_union.log_file.lf_filep -#define lfu_fname log_union.log_file.lf_fname -#define lsu_facility log_union.log_syslog.ls_facility -#define lsu_severity log_union.log_syslog.ls_severity -#define ldu_filep log_union.log_device.ld_filep -#define ldu_devname log_union.log_device.ld_devname +#define lfu_filep log_union.log_file.lf_filep +#define lfu_fname log_union.log_file.lf_fname +#define lsu_facility log_union.log_syslog.ls_facility +#define lsu_severity log_union.log_syslog.ls_severity +#define ldu_filep log_union.log_device.ld_filep +#define ldu_devname log_union.log_device.ld_devname struct log_control { - struct log_entry *log_entries; - int log_nentries; - char *log_whoami; - char *log_hostname; - krb5_boolean log_opened; + struct log_entry *log_entries; + int log_nentries; + char *log_whoami; + char *log_hostname; + krb5_boolean log_opened; }; static struct log_control log_control = { @@ -149,23 +150,23 @@ static struct log_control log_control = { (char *) NULL, 0 }; -static struct log_entry def_log_entry; +static struct log_entry def_log_entry; /* * These macros define any special processing that needs to happen for * devices. For unix, of course, this is hardly anything. */ -#define DEVICE_OPEN(d, m) fopen(d, m) -#define CONSOLE_OPEN(m) fopen("/dev/console", m) -#define DEVICE_PRINT(f, m) ((fprintf(f, "%s\r\n", m) >= 0) ? \ - (fflush(f), 0) : \ - -1) -#define DEVICE_CLOSE(d) fclose(d) +#define DEVICE_OPEN(d, m) fopen(d, m) +#define CONSOLE_OPEN(m) fopen("/dev/console", m) +#define DEVICE_PRINT(f, m) ((fprintf(f, "%s\r\n", m) >= 0) ? \ + (fflush(f), 0) : \ + -1) +#define DEVICE_CLOSE(d) fclose(d) /* - * klog_com_err_proc() - Handle com_err(3) messages as specified by the - * profile. + * klog_com_err_proc() - Handle com_err(3) messages as specified by the + * profile. */ static krb5_context err_context; @@ -179,14 +180,14 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list static void klog_com_err_proc(const char *whoami, long int code, const char *format, va_list ap) { - char outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE]; - int lindex; - const char *actual_format; -#ifdef HAVE_SYSLOG - int log_pri = -1; -#endif /* HAVE_SYSLOG */ - char *cp; - char *syslogp; + char outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE]; + int lindex; + const char *actual_format; +#ifdef HAVE_SYSLOG + int log_pri = -1; +#endif /* HAVE_SYSLOG */ + char *cp; + char *syslogp; /* Make the header */ snprintf(outbuf, sizeof(outbuf), "%s: ", whoami); @@ -201,15 +202,15 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list char *emsg; outbuf[sizeof(outbuf) - 1] = '\0'; - emsg = krb5_get_error_message (err_context, code); - strncat(outbuf, emsg, sizeof(outbuf) - 1 - strlen(outbuf)); - strncat(outbuf, " - ", sizeof(outbuf) - 1 - strlen(outbuf)); - krb5_free_error_message(err_context, emsg); + emsg = krb5_get_error_message (err_context, code); + strncat(outbuf, emsg, sizeof(outbuf) - 1 - strlen(outbuf)); + strncat(outbuf, " - ", sizeof(outbuf) - 1 - strlen(outbuf)); + krb5_free_error_message(err_context, emsg); } cp = &outbuf[strlen(outbuf)]; - + actual_format = format; -#ifdef HAVE_SYSLOG +#ifdef HAVE_SYSLOG /* * This is an unpleasant hack. If the first character is less than * 8, then we assume that it is a priority. @@ -219,50 +220,50 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list * intermediate representation. */ if ((((unsigned char) *format) > 0) && (((unsigned char) *format) <= 8)) { - actual_format = (format + 1); - switch ((unsigned char) *format) { -#ifdef LOG_EMERG - case 1: - log_pri = LOG_EMERG; - break; + actual_format = (format + 1); + switch ((unsigned char) *format) { +#ifdef LOG_EMERG + case 1: + log_pri = LOG_EMERG; + break; #endif /* LOG_EMERG */ -#ifdef LOG_ALERT - case 2: - log_pri = LOG_ALERT; - break; +#ifdef LOG_ALERT + case 2: + log_pri = LOG_ALERT; + break; #endif /* LOG_ALERT */ -#ifdef LOG_CRIT - case 3: - log_pri = LOG_CRIT; - break; +#ifdef LOG_CRIT + case 3: + log_pri = LOG_CRIT; + break; #endif /* LOG_CRIT */ - default: - case 4: - log_pri = LOG_ERR; - break; -#ifdef LOG_WARNING - case 5: - log_pri = LOG_WARNING; - break; + default: + case 4: + log_pri = LOG_ERR; + break; +#ifdef LOG_WARNING + case 5: + log_pri = LOG_WARNING; + break; #endif /* LOG_WARNING */ -#ifdef LOG_NOTICE - case 6: - log_pri = LOG_NOTICE; - break; +#ifdef LOG_NOTICE + case 6: + log_pri = LOG_NOTICE; + break; #endif /* LOG_NOTICE */ -#ifdef LOG_INFO - case 7: - log_pri = LOG_INFO; - break; +#ifdef LOG_INFO + case 7: + log_pri = LOG_INFO; + break; #endif /* LOG_INFO */ -#ifdef LOG_DEBUG - case 8: - log_pri = LOG_DEBUG; - break; +#ifdef LOG_DEBUG + case 8: + log_pri = LOG_DEBUG; + break; #endif /* LOG_DEBUG */ - } - } -#endif /* HAVE_SYSLOG */ + } + } +#endif /* HAVE_SYSLOG */ /* Now format the actual message */ vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap); @@ -272,92 +273,92 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list * logging specification. */ for (lindex = 0; lindex < log_control.log_nentries; lindex++) { - switch (log_control.log_entries[lindex].log_type) { - case K_LOG_FILE: - case K_LOG_STDERR: - /* - * Files/standard error. - */ - if (fprintf(log_control.log_entries[lindex].lfu_filep, "%s\n", - outbuf) < 0) { - /* Attempt to report error */ - fprintf(stderr, log_file_err, whoami, - log_control.log_entries[lindex].lfu_fname); - } - else { - fflush(log_control.log_entries[lindex].lfu_filep); - } - break; - case K_LOG_CONSOLE: - case K_LOG_DEVICE: - /* - * Devices (may need special handling) - */ - if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep, - outbuf) < 0) { - /* Attempt to report error */ - fprintf(stderr, log_device_err, whoami, - log_control.log_entries[lindex].ldu_devname); - } - break; -#ifdef HAVE_SYSLOG - case K_LOG_SYSLOG: - /* - * System log. - */ - /* - * If we have specified a priority through our hackery, then - * use it, otherwise use the default. - */ - if (log_pri >= 0) - log_pri |= log_control.log_entries[lindex].lsu_facility; - else - log_pri = log_control.log_entries[lindex].lsu_facility | - log_control.log_entries[lindex].lsu_severity; - - /* Log the message with our header trimmed off */ - syslog(log_pri, "%s", syslogp); - break; + switch (log_control.log_entries[lindex].log_type) { + case K_LOG_FILE: + case K_LOG_STDERR: + /* + * Files/standard error. + */ + if (fprintf(log_control.log_entries[lindex].lfu_filep, "%s\n", + outbuf) < 0) { + /* Attempt to report error */ + fprintf(stderr, log_file_err, whoami, + log_control.log_entries[lindex].lfu_fname); + } + else { + fflush(log_control.log_entries[lindex].lfu_filep); + } + break; + case K_LOG_CONSOLE: + case K_LOG_DEVICE: + /* + * Devices (may need special handling) + */ + if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep, + outbuf) < 0) { + /* Attempt to report error */ + fprintf(stderr, log_device_err, whoami, + log_control.log_entries[lindex].ldu_devname); + } + break; +#ifdef HAVE_SYSLOG + case K_LOG_SYSLOG: + /* + * System log. + */ + /* + * If we have specified a priority through our hackery, then + * use it, otherwise use the default. + */ + if (log_pri >= 0) + log_pri |= log_control.log_entries[lindex].lsu_facility; + else + log_pri = log_control.log_entries[lindex].lsu_facility | + log_control.log_entries[lindex].lsu_severity; + + /* Log the message with our header trimmed off */ + syslog(log_pri, "%s", syslogp); + break; #endif /* HAVE_SYSLOG */ - default: - break; - } + default: + break; + } } } /* - * krb5_klog_init() - Initialize logging. + * krb5_klog_init() - Initialize logging. * * This routine parses the syntax described above to specify destinations for * com_err(3) or krb5_klog_syslog() messages generated by the caller. * * Parameters: - * kcontext - Kerberos context. - * ename - Entity name as it is to appear in the profile. - * whoami - Entity name as it is to appear in error output. - * do_com_err - Take over com_err(3) processing. + * kcontext - Kerberos context. + * ename - Entity name as it is to appear in the profile. + * whoami - Entity name as it is to appear in error output. + * do_com_err - Take over com_err(3) processing. * * Implicit inputs: - * stderr - This is where STDERR output goes. + * stderr - This is where STDERR output goes. * * Implicit outputs: - * log_nentries - Number of log entries, both valid and invalid. - * log_control - List of entries (log_nentries long) which contains - * data for klog_com_err_proc() to use to determine - * where/how to send output. + * log_nentries - Number of log entries, both valid and invalid. + * log_control - List of entries (log_nentries long) which contains + * data for klog_com_err_proc() to use to determine + * where/how to send output. */ krb5_error_code krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do_com_err) { - const char *logging_profent[3]; - const char *logging_defent[3]; - char **logging_specs; - int i, ngood; - char *cp, *cp2; - char savec = '\0'; - int error; - int do_openlog, log_facility; - FILE *f; + const char *logging_profent[3]; + const char *logging_defent[3]; + char **logging_specs; + int i, ngood; + char *cp, *cp2; + char savec = '\0'; + int error; + int do_openlog, log_facility; + FILE *f; /* Initialize */ do_openlog = 0; @@ -379,311 +380,311 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do ngood = 0; log_control.log_nentries = 0; if (!profile_get_values(kcontext->profile, - logging_profent, - &logging_specs) || - !profile_get_values(kcontext->profile, - logging_defent, - &logging_specs)) { - /* - * We have a match, so we first count the number of elements - */ - for (log_control.log_nentries = 0; - logging_specs[log_control.log_nentries]; - log_control.log_nentries++); - - /* - * Now allocate our structure. - */ - log_control.log_entries = (struct log_entry *) - malloc(log_control.log_nentries * sizeof(struct log_entry)); - if (log_control.log_entries) { - /* - * Scan through the list. - */ - for (i=0; i<log_control.log_nentries; i++) { - log_control.log_entries[i].log_type = K_LOG_NONE; - log_control.log_entries[i].log_2free = logging_specs[i]; - /* - * The format is: - * <whitespace><data><whitespace> - * so, trim off the leading and trailing whitespace here. - */ - for (cp = logging_specs[i]; isspace((int) *cp); cp++); - for (cp2 = &logging_specs[i][strlen(logging_specs[i])-1]; - isspace((int) *cp2); cp2--); - cp2++; - *cp2 = '\0'; - /* - * Is this a file? - */ - if (!strncasecmp(cp, "FILE", 4)) { - /* - * Check for append/overwrite, then open the file. - */ - if (cp[4] == ':' || cp[4] == '=') { - f = fopen(&cp[5], (cp[4] == ':') ? "a" : "w"); - if (f) { - set_cloexec_file(f); - log_control.log_entries[i].lfu_filep = f; - log_control.log_entries[i].log_type = K_LOG_FILE; - log_control.log_entries[i].lfu_fname = &cp[5]; - } else { - fprintf(stderr,"Couldn't open log file %s: %s\n", - &cp[5], error_message(errno)); - continue; - } - } - } -#ifdef HAVE_SYSLOG - /* - * Is this a syslog? - */ - else if (!strncasecmp(cp, "SYSLOG", 6)) { - error = 0; - log_control.log_entries[i].lsu_facility = LOG_AUTH; - log_control.log_entries[i].lsu_severity = LOG_ERR; - /* - * Is there a severify specified? - */ - if (cp[6] == ':') { - /* - * Find the end of the severity. - */ - cp2 = strchr(&cp[7], ':'); - if (cp2) { - savec = *cp2; - *cp2 = '\0'; - cp2++; - } - - /* - * Match a severity. - */ - if (!strcasecmp(&cp[7], "ERR")) { - log_control.log_entries[i].lsu_severity = LOG_ERR; - } -#ifdef LOG_EMERG - else if (!strcasecmp(&cp[7], "EMERG")) { - log_control.log_entries[i].lsu_severity = - LOG_EMERG; - } -#endif /* LOG_EMERG */ -#ifdef LOG_ALERT - else if (!strcasecmp(&cp[7], "ALERT")) { - log_control.log_entries[i].lsu_severity = - LOG_ALERT; - } -#endif /* LOG_ALERT */ -#ifdef LOG_CRIT - else if (!strcasecmp(&cp[7], "CRIT")) { - log_control.log_entries[i].lsu_severity = LOG_CRIT; - } -#endif /* LOG_CRIT */ -#ifdef LOG_WARNING - else if (!strcasecmp(&cp[7], "WARNING")) { - log_control.log_entries[i].lsu_severity = - LOG_WARNING; - } -#endif /* LOG_WARNING */ -#ifdef LOG_NOTICE - else if (!strcasecmp(&cp[7], "NOTICE")) { - log_control.log_entries[i].lsu_severity = - LOG_NOTICE; - } -#endif /* LOG_NOTICE */ -#ifdef LOG_INFO - else if (!strcasecmp(&cp[7], "INFO")) { - log_control.log_entries[i].lsu_severity = LOG_INFO; - } -#endif /* LOG_INFO */ -#ifdef LOG_DEBUG - else if (!strcasecmp(&cp[7], "DEBUG")) { - log_control.log_entries[i].lsu_severity = - LOG_DEBUG; - } -#endif /* LOG_DEBUG */ - else - error = 1; - - /* - * If there is a facility present, then parse that. - */ - if (cp2) { - static const struct { - const char *name; - int value; - } facilities[] = { - { "AUTH", LOG_AUTH }, -#ifdef LOG_AUTHPRIV - { "AUTHPRIV", LOG_AUTHPRIV }, -#endif /* LOG_AUTHPRIV */ -#ifdef LOG_KERN - { "KERN", LOG_KERN }, -#endif /* LOG_KERN */ -#ifdef LOG_USER - { "USER", LOG_USER }, -#endif /* LOG_USER */ -#ifdef LOG_MAIL - { "MAIL", LOG_MAIL }, -#endif /* LOG_MAIL */ -#ifdef LOG_DAEMON - { "DAEMON", LOG_DAEMON }, -#endif /* LOG_DAEMON */ -#ifdef LOG_FTP - { "FTP", LOG_FTP }, -#endif /* LOG_FTP */ -#ifdef LOG_LPR - { "LPR", LOG_LPR }, -#endif /* LOG_LPR */ -#ifdef LOG_NEWS - { "NEWS", LOG_NEWS }, -#endif /* LOG_NEWS */ -#ifdef LOG_UUCP - { "UUCP", LOG_UUCP }, -#endif /* LOG_UUCP */ -#ifdef LOG_CRON - { "CRON", LOG_CRON }, -#endif /* LOG_CRON */ -#ifdef LOG_LOCAL0 - { "LOCAL0", LOG_LOCAL0 }, -#endif /* LOG_LOCAL0 */ -#ifdef LOG_LOCAL1 - { "LOCAL1", LOG_LOCAL1 }, -#endif /* LOG_LOCAL1 */ -#ifdef LOG_LOCAL2 - { "LOCAL2", LOG_LOCAL2 }, -#endif /* LOG_LOCAL2 */ -#ifdef LOG_LOCAL3 - { "LOCAL3", LOG_LOCAL3 }, -#endif /* LOG_LOCAL3 */ -#ifdef LOG_LOCAL4 - { "LOCAL4", LOG_LOCAL4 }, -#endif /* LOG_LOCAL4 */ -#ifdef LOG_LOCAL5 - { "LOCAL5", LOG_LOCAL5 }, -#endif /* LOG_LOCAL5 */ -#ifdef LOG_LOCAL6 - { "LOCAL6", LOG_LOCAL6 }, -#endif /* LOG_LOCAL6 */ -#ifdef LOG_LOCAL7 - { "LOCAL7", LOG_LOCAL7 }, -#endif /* LOG_LOCAL7 */ - }; - unsigned int j; - - for (j = 0; j < sizeof(facilities)/sizeof(facilities[0]); j++) - if (!strcasecmp(cp2, facilities[j].name)) { - log_control.log_entries[i].lsu_facility = facilities[j].value; - break; - } - cp2--; - *cp2 = savec; - } - } - if (!error) { - log_control.log_entries[i].log_type = K_LOG_SYSLOG; - do_openlog = 1; - log_facility = log_control.log_entries[i].lsu_facility; - } - } -#endif /* HAVE_SYSLOG */ - /* - * Is this a standard error specification? - */ - else if (!strcasecmp(cp, "STDERR")) { - log_control.log_entries[i].lfu_filep = - fdopen(fileno(stderr), "a+"); - if (log_control.log_entries[i].lfu_filep) { - log_control.log_entries[i].log_type = K_LOG_STDERR; - log_control.log_entries[i].lfu_fname = - "standard error"; - } - } - /* - * Is this a specification of the console? - */ - else if (!strcasecmp(cp, "CONSOLE")) { - log_control.log_entries[i].ldu_filep = - CONSOLE_OPEN("a+"); - if (log_control.log_entries[i].ldu_filep) { - set_cloexec_file(log_control.log_entries[i].ldu_filep); - log_control.log_entries[i].log_type = K_LOG_CONSOLE; - log_control.log_entries[i].ldu_devname = "console"; - } - } - /* - * Is this a specification of a device? - */ - else if (!strncasecmp(cp, "DEVICE", 6)) { - /* - * We handle devices very similarly to files. - */ - if (cp[6] == '=') { - log_control.log_entries[i].ldu_filep = - DEVICE_OPEN(&cp[7], "w"); - if (log_control.log_entries[i].ldu_filep) { - set_cloexec_file(log_control.log_entries[i].ldu_filep); - log_control.log_entries[i].log_type = K_LOG_DEVICE; - log_control.log_entries[i].ldu_devname = &cp[7]; - } - } - } - /* - * See if we successfully parsed this specification. - */ - if (log_control.log_entries[i].log_type == K_LOG_NONE) { - fprintf(stderr, lspec_parse_err_1, whoami, cp); - fprintf(stderr, lspec_parse_err_2, whoami); - } - else - ngood++; - } - } - /* - * If we didn't find anything, then free our lists. - */ - if (ngood == 0) { - for (i=0; i<log_control.log_nentries; i++) - free(logging_specs[i]); - } - free(logging_specs); + logging_profent, + &logging_specs) || + !profile_get_values(kcontext->profile, + logging_defent, + &logging_specs)) { + /* + * We have a match, so we first count the number of elements + */ + for (log_control.log_nentries = 0; + logging_specs[log_control.log_nentries]; + log_control.log_nentries++); + + /* + * Now allocate our structure. + */ + log_control.log_entries = (struct log_entry *) + malloc(log_control.log_nentries * sizeof(struct log_entry)); + if (log_control.log_entries) { + /* + * Scan through the list. + */ + for (i=0; i<log_control.log_nentries; i++) { + log_control.log_entries[i].log_type = K_LOG_NONE; + log_control.log_entries[i].log_2free = logging_specs[i]; + /* + * The format is: + * <whitespace><data><whitespace> + * so, trim off the leading and trailing whitespace here. + */ + for (cp = logging_specs[i]; isspace((int) *cp); cp++); + for (cp2 = &logging_specs[i][strlen(logging_specs[i])-1]; + isspace((int) *cp2); cp2--); + cp2++; + *cp2 = '\0'; + /* + * Is this a file? + */ + if (!strncasecmp(cp, "FILE", 4)) { + /* + * Check for append/overwrite, then open the file. + */ + if (cp[4] == ':' || cp[4] == '=') { + f = fopen(&cp[5], (cp[4] == ':') ? "a" : "w"); + if (f) { + set_cloexec_file(f); + log_control.log_entries[i].lfu_filep = f; + log_control.log_entries[i].log_type = K_LOG_FILE; + log_control.log_entries[i].lfu_fname = &cp[5]; + } else { + fprintf(stderr,"Couldn't open log file %s: %s\n", + &cp[5], error_message(errno)); + continue; + } + } + } +#ifdef HAVE_SYSLOG + /* + * Is this a syslog? + */ + else if (!strncasecmp(cp, "SYSLOG", 6)) { + error = 0; + log_control.log_entries[i].lsu_facility = LOG_AUTH; + log_control.log_entries[i].lsu_severity = LOG_ERR; + /* + * Is there a severify specified? + */ + if (cp[6] == ':') { + /* + * Find the end of the severity. + */ + cp2 = strchr(&cp[7], ':'); + if (cp2) { + savec = *cp2; + *cp2 = '\0'; + cp2++; + } + + /* + * Match a severity. + */ + if (!strcasecmp(&cp[7], "ERR")) { + log_control.log_entries[i].lsu_severity = LOG_ERR; + } +#ifdef LOG_EMERG + else if (!strcasecmp(&cp[7], "EMERG")) { + log_control.log_entries[i].lsu_severity = + LOG_EMERG; + } +#endif /* LOG_EMERG */ +#ifdef LOG_ALERT + else if (!strcasecmp(&cp[7], "ALERT")) { + log_control.log_entries[i].lsu_severity = + LOG_ALERT; + } +#endif /* LOG_ALERT */ +#ifdef LOG_CRIT + else if (!strcasecmp(&cp[7], "CRIT")) { + log_control.log_entries[i].lsu_severity = LOG_CRIT; + } +#endif /* LOG_CRIT */ +#ifdef LOG_WARNING + else if (!strcasecmp(&cp[7], "WARNING")) { + log_control.log_entries[i].lsu_severity = + LOG_WARNING; + } +#endif /* LOG_WARNING */ +#ifdef LOG_NOTICE + else if (!strcasecmp(&cp[7], "NOTICE")) { + log_control.log_entries[i].lsu_severity = + LOG_NOTICE; + } +#endif /* LOG_NOTICE */ +#ifdef LOG_INFO + else if (!strcasecmp(&cp[7], "INFO")) { + log_control.log_entries[i].lsu_severity = LOG_INFO; + } +#endif /* LOG_INFO */ +#ifdef LOG_DEBUG + else if (!strcasecmp(&cp[7], "DEBUG")) { + log_control.log_entries[i].lsu_severity = + LOG_DEBUG; + } +#endif /* LOG_DEBUG */ + else + error = 1; + + /* + * If there is a facility present, then parse that. + */ + if (cp2) { + static const struct { + const char *name; + int value; + } facilities[] = { + { "AUTH", LOG_AUTH }, +#ifdef LOG_AUTHPRIV + { "AUTHPRIV", LOG_AUTHPRIV }, +#endif /* LOG_AUTHPRIV */ +#ifdef LOG_KERN + { "KERN", LOG_KERN }, +#endif /* LOG_KERN */ +#ifdef LOG_USER + { "USER", LOG_USER }, +#endif /* LOG_USER */ +#ifdef LOG_MAIL + { "MAIL", LOG_MAIL }, +#endif /* LOG_MAIL */ +#ifdef LOG_DAEMON + { "DAEMON", LOG_DAEMON }, +#endif /* LOG_DAEMON */ +#ifdef LOG_FTP + { "FTP", LOG_FTP }, +#endif /* LOG_FTP */ +#ifdef LOG_LPR + { "LPR", LOG_LPR }, +#endif /* LOG_LPR */ +#ifdef LOG_NEWS + { "NEWS", LOG_NEWS }, +#endif /* LOG_NEWS */ +#ifdef LOG_UUCP + { "UUCP", LOG_UUCP }, +#endif /* LOG_UUCP */ +#ifdef LOG_CRON + { "CRON", LOG_CRON }, +#endif /* LOG_CRON */ +#ifdef LOG_LOCAL0 + { "LOCAL0", LOG_LOCAL0 }, +#endif /* LOG_LOCAL0 */ +#ifdef LOG_LOCAL1 + { "LOCAL1", LOG_LOCAL1 }, +#endif /* LOG_LOCAL1 */ +#ifdef LOG_LOCAL2 + { "LOCAL2", LOG_LOCAL2 }, +#endif /* LOG_LOCAL2 */ +#ifdef LOG_LOCAL3 + { "LOCAL3", LOG_LOCAL3 }, +#endif /* LOG_LOCAL3 */ +#ifdef LOG_LOCAL4 + { "LOCAL4", LOG_LOCAL4 }, +#endif /* LOG_LOCAL4 */ +#ifdef LOG_LOCAL5 + { "LOCAL5", LOG_LOCAL5 }, +#endif /* LOG_LOCAL5 */ +#ifdef LOG_LOCAL6 + { "LOCAL6", LOG_LOCAL6 }, +#endif /* LOG_LOCAL6 */ +#ifdef LOG_LOCAL7 + { "LOCAL7", LOG_LOCAL7 }, +#endif /* LOG_LOCAL7 */ + }; + unsigned int j; + + for (j = 0; j < sizeof(facilities)/sizeof(facilities[0]); j++) + if (!strcasecmp(cp2, facilities[j].name)) { + log_control.log_entries[i].lsu_facility = facilities[j].value; + break; + } + cp2--; + *cp2 = savec; + } + } + if (!error) { + log_control.log_entries[i].log_type = K_LOG_SYSLOG; + do_openlog = 1; + log_facility = log_control.log_entries[i].lsu_facility; + } + } +#endif /* HAVE_SYSLOG */ + /* + * Is this a standard error specification? + */ + else if (!strcasecmp(cp, "STDERR")) { + log_control.log_entries[i].lfu_filep = + fdopen(fileno(stderr), "a+"); + if (log_control.log_entries[i].lfu_filep) { + log_control.log_entries[i].log_type = K_LOG_STDERR; + log_control.log_entries[i].lfu_fname = + "standard error"; + } + } + /* + * Is this a specification of the console? + */ + else if (!strcasecmp(cp, "CONSOLE")) { + log_control.log_entries[i].ldu_filep = + CONSOLE_OPEN("a+"); + if (log_control.log_entries[i].ldu_filep) { + set_cloexec_file(log_control.log_entries[i].ldu_filep); + log_control.log_entries[i].log_type = K_LOG_CONSOLE; + log_control.log_entries[i].ldu_devname = "console"; + } + } + /* + * Is this a specification of a device? + */ + else if (!strncasecmp(cp, "DEVICE", 6)) { + /* + * We handle devices very similarly to files. + */ + if (cp[6] == '=') { + log_control.log_entries[i].ldu_filep = + DEVICE_OPEN(&cp[7], "w"); + if (log_control.log_entries[i].ldu_filep) { + set_cloexec_file(log_control.log_entries[i].ldu_filep); + log_control.log_entries[i].log_type = K_LOG_DEVICE; + log_control.log_entries[i].ldu_devname = &cp[7]; + } + } + } + /* + * See if we successfully parsed this specification. + */ + if (log_control.log_entries[i].log_type == K_LOG_NONE) { + fprintf(stderr, lspec_parse_err_1, whoami, cp); + fprintf(stderr, lspec_parse_err_2, whoami); + } + else + ngood++; + } + } + /* + * If we didn't find anything, then free our lists. + */ + if (ngood == 0) { + for (i=0; i<log_control.log_nentries; i++) + free(logging_specs[i]); + } + free(logging_specs); } /* * If we didn't find anything, go for the default which is to log to * the system log. */ if (ngood == 0) { - if (log_control.log_entries) - free(log_control.log_entries); - log_control.log_entries = &def_log_entry; - log_control.log_entries->log_type = K_LOG_SYSLOG; - log_control.log_entries->log_2free = (krb5_pointer) NULL; - log_facility = log_control.log_entries->lsu_facility = LOG_AUTH; - log_control.log_entries->lsu_severity = LOG_ERR; - do_openlog = 1; - log_control.log_nentries = 1; + if (log_control.log_entries) + free(log_control.log_entries); + log_control.log_entries = &def_log_entry; + log_control.log_entries->log_type = K_LOG_SYSLOG; + log_control.log_entries->log_2free = (krb5_pointer) NULL; + log_facility = log_control.log_entries->lsu_facility = LOG_AUTH; + log_control.log_entries->lsu_severity = LOG_ERR; + do_openlog = 1; + log_control.log_nentries = 1; } if (log_control.log_nentries) { - log_control.log_whoami = strdup(whoami); - log_control.log_hostname = (char *) malloc(MAXHOSTNAMELEN + 1); - if (log_control.log_hostname) { - gethostname(log_control.log_hostname, MAXHOSTNAMELEN); - log_control.log_hostname[MAXHOSTNAMELEN] = '\0'; - } -#ifdef HAVE_OPENLOG - if (do_openlog) { - openlog(whoami, LOG_NDELAY|LOG_PID, log_facility); - log_control.log_opened = 1; - } + log_control.log_whoami = strdup(whoami); + log_control.log_hostname = (char *) malloc(MAXHOSTNAMELEN + 1); + if (log_control.log_hostname) { + gethostname(log_control.log_hostname, MAXHOSTNAMELEN); + log_control.log_hostname[MAXHOSTNAMELEN] = '\0'; + } +#ifdef HAVE_OPENLOG + if (do_openlog) { + openlog(whoami, LOG_NDELAY|LOG_PID, log_facility); + log_control.log_opened = 1; + } #endif /* HAVE_OPENLOG */ - if (do_com_err) - (void) set_com_err_hook(klog_com_err_proc); + if (do_com_err) + (void) set_com_err_hook(klog_com_err_proc); } return((log_control.log_nentries) ? 0 : ENOENT); } /* - * krb5_klog_close() - Close the logging context and free all data. + * krb5_klog_close() - Close the logging context and free all data. */ void krb5_klog_close(krb5_context kcontext) @@ -691,52 +692,52 @@ krb5_klog_close(krb5_context kcontext) int lindex; (void) reset_com_err_hook(); for (lindex = 0; lindex < log_control.log_nentries; lindex++) { - switch (log_control.log_entries[lindex].log_type) { - case K_LOG_FILE: - case K_LOG_STDERR: - /* - * Files/standard error. - */ - fclose(log_control.log_entries[lindex].lfu_filep); - break; - case K_LOG_CONSOLE: - case K_LOG_DEVICE: - /* - * Devices (may need special handling) - */ - DEVICE_CLOSE(log_control.log_entries[lindex].ldu_filep); - break; -#ifdef HAVE_SYSLOG - case K_LOG_SYSLOG: - /* - * System log. - */ - break; -#endif /* HAVE_SYSLOG */ - default: - break; - } - if (log_control.log_entries[lindex].log_2free) - free(log_control.log_entries[lindex].log_2free); + switch (log_control.log_entries[lindex].log_type) { + case K_LOG_FILE: + case K_LOG_STDERR: + /* + * Files/standard error. + */ + fclose(log_control.log_entries[lindex].lfu_filep); + break; + case K_LOG_CONSOLE: + case K_LOG_DEVICE: + /* + * Devices (may need special handling) + */ + DEVICE_CLOSE(log_control.log_entries[lindex].ldu_filep); + break; +#ifdef HAVE_SYSLOG + case K_LOG_SYSLOG: + /* + * System log. + */ + break; +#endif /* HAVE_SYSLOG */ + default: + break; + } + if (log_control.log_entries[lindex].log_2free) + free(log_control.log_entries[lindex].log_2free); } if (log_control.log_entries != &def_log_entry) - free(log_control.log_entries); + free(log_control.log_entries); log_control.log_entries = (struct log_entry *) NULL; log_control.log_nentries = 0; if (log_control.log_whoami) - free(log_control.log_whoami); + free(log_control.log_whoami); log_control.log_whoami = (char *) NULL; if (log_control.log_hostname) - free(log_control.log_hostname); + free(log_control.log_hostname); log_control.log_hostname = (char *) NULL; -#ifdef HAVE_CLOSELOG +#ifdef HAVE_CLOSELOG if (log_control.log_opened) - closelog(); -#endif /* HAVE_CLOSELOG */ + closelog(); +#endif /* HAVE_CLOSELOG */ } /* - * severity2string() - Convert a severity to a string. + * severity2string() - Convert a severity to a string. */ static const char * severity2string(int severity) @@ -747,52 +748,52 @@ severity2string(int severity) s = severity & LOG_PRIMASK; ss = log_ufo_string; switch (s) { -#ifdef LOG_EMERG +#ifdef LOG_EMERG case LOG_EMERG: - ss = log_emerg_string; - break; -#endif /* LOG_EMERG */ -#ifdef LOG_ALERT + ss = log_emerg_string; + break; +#endif /* LOG_EMERG */ +#ifdef LOG_ALERT case LOG_ALERT: - ss = log_alert_string; - break; -#endif /* LOG_ALERT */ -#ifdef LOG_CRIT + ss = log_alert_string; + break; +#endif /* LOG_ALERT */ +#ifdef LOG_CRIT case LOG_CRIT: - ss = log_crit_string; - break; -#endif /* LOG_CRIT */ + ss = log_crit_string; + break; +#endif /* LOG_CRIT */ case LOG_ERR: - ss = log_err_string; - break; -#ifdef LOG_WARNING + ss = log_err_string; + break; +#ifdef LOG_WARNING case LOG_WARNING: - ss = log_warning_string; - break; -#endif /* LOG_WARNING */ -#ifdef LOG_NOTICE + ss = log_warning_string; + break; +#endif /* LOG_WARNING */ +#ifdef LOG_NOTICE case LOG_NOTICE: - ss = log_notice_string; - break; -#endif /* LOG_NOTICE */ -#ifdef LOG_INFO + ss = log_notice_string; + break; +#endif /* LOG_NOTICE */ +#ifdef LOG_INFO case LOG_INFO: - ss = log_info_string; - break; -#endif /* LOG_INFO */ -#ifdef LOG_DEBUG + ss = log_info_string; + break; +#endif /* LOG_INFO */ +#ifdef LOG_DEBUG case LOG_DEBUG: - ss = log_debug_string; - break; -#endif /* LOG_DEBUG */ + ss = log_debug_string; + break; +#endif /* LOG_DEBUG */ } return(ss); } /* - * krb5_klog_syslog() - Simulate the calling sequence of syslog(3), while - * also performing the logging redirection as specified - * by krb5_klog_init(). + * krb5_klog_syslog() - Simulate the calling sequence of syslog(3), while + * also performing the logging redirection as specified + * by krb5_klog_init(). */ static int klog_vsyslog(int priority, const char *format, va_list arglist) @@ -804,51 +805,51 @@ klog_vsyslog(int priority, const char *format, va_list arglist) static int klog_vsyslog(int priority, const char *format, va_list arglist) { - char outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE]; - int lindex; - char *syslogp; - char *cp; - time_t now; -#ifdef HAVE_STRFTIME - size_t soff; -#endif /* HAVE_STRFTIME */ + char outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE]; + int lindex; + char *syslogp; + char *cp; + time_t now; +#ifdef HAVE_STRFTIME + size_t soff; +#endif /* HAVE_STRFTIME */ /* * Format a syslog-esque message of the format: * * (verbose form) - * <date> <hostname> <id>[<pid>](<priority>): <message> + * <date> <hostname> <id>[<pid>](<priority>): <message> * * (short form) - * <date> <message> + * <date> <message> */ cp = outbuf; (void) time(&now); -#ifdef HAVE_STRFTIME +#ifdef HAVE_STRFTIME /* * Format the date: mon dd hh:mm:ss */ soff = strftime(outbuf, sizeof(outbuf), "%b %d %H:%M:%S", localtime(&now)); if (soff > 0) - cp += soff; + cp += soff; else - return(-1); -#else /* HAVE_STRFTIME */ + return(-1); +#else /* HAVE_STRFTIME */ /* * Format the date: * We ASSUME here that the output of ctime is of the format: - * dow mon dd hh:mm:ss tzs yyyy\n + * dow mon dd hh:mm:ss tzs yyyy\n * 012345678901234567890123456789 */ strncpy(outbuf, ctime(&now) + 4, 15); cp += 15; -#endif /* HAVE_STRFTIME */ +#endif /* HAVE_STRFTIME */ #ifdef VERBOSE_LOGS snprintf(cp, sizeof(outbuf) - (cp-outbuf), " %s %s[%ld](%s): ", - log_control.log_hostname ? log_control.log_hostname : "", - log_control.log_whoami ? log_control.log_whoami : "", - (long) getpid(), - severity2string(priority)); + log_control.log_hostname ? log_control.log_hostname : "", + log_control.log_whoami ? log_control.log_whoami : "", + (long) getpid(), + severity2string(priority)); #else snprintf(cp, sizeof(outbuf) - (cp-outbuf), " "); #endif @@ -863,8 +864,8 @@ klog_vsyslog(int priority, const char *format, va_list arglist) */ #ifdef HAVE_SYSLOG if (log_control.log_nentries == 0) { - /* Log the message with our header trimmed off */ - syslog(priority, "%s", syslogp); + /* Log the message with our header trimmed off */ + syslog(priority, "%s", syslogp); } #endif @@ -873,47 +874,47 @@ klog_vsyslog(int priority, const char *format, va_list arglist) * logging specification. */ for (lindex = 0; lindex < log_control.log_nentries; lindex++) { - switch (log_control.log_entries[lindex].log_type) { - case K_LOG_FILE: - case K_LOG_STDERR: - /* - * Files/standard error. - */ - if (fprintf(log_control.log_entries[lindex].lfu_filep, "%s\n", - outbuf) < 0) { - /* Attempt to report error */ - fprintf(stderr, log_file_err, log_control.log_whoami, - log_control.log_entries[lindex].lfu_fname); - } - else { - fflush(log_control.log_entries[lindex].lfu_filep); - } - break; - case K_LOG_CONSOLE: - case K_LOG_DEVICE: - /* - * Devices (may need special handling) - */ - if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep, - outbuf) < 0) { - /* Attempt to report error */ - fprintf(stderr, log_device_err, log_control.log_whoami, - log_control.log_entries[lindex].ldu_devname); - } - break; -#ifdef HAVE_SYSLOG - case K_LOG_SYSLOG: - /* - * System log. - */ - - /* Log the message with our header trimmed off */ - syslog(priority, "%s", syslogp); - break; + switch (log_control.log_entries[lindex].log_type) { + case K_LOG_FILE: + case K_LOG_STDERR: + /* + * Files/standard error. + */ + if (fprintf(log_control.log_entries[lindex].lfu_filep, "%s\n", + outbuf) < 0) { + /* Attempt to report error */ + fprintf(stderr, log_file_err, log_control.log_whoami, + log_control.log_entries[lindex].lfu_fname); + } + else { + fflush(log_control.log_entries[lindex].lfu_filep); + } + break; + case K_LOG_CONSOLE: + case K_LOG_DEVICE: + /* + * Devices (may need special handling) + */ + if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep, + outbuf) < 0) { + /* Attempt to report error */ + fprintf(stderr, log_device_err, log_control.log_whoami, + log_control.log_entries[lindex].ldu_devname); + } + break; +#ifdef HAVE_SYSLOG + case K_LOG_SYSLOG: + /* + * System log. + */ + + /* Log the message with our header trimmed off */ + syslog(priority, "%s", syslogp); + break; #endif /* HAVE_SYSLOG */ - default: - break; - } + default: + break; + } } return(0); } @@ -921,8 +922,8 @@ klog_vsyslog(int priority, const char *format, va_list arglist) int krb5_klog_syslog(int priority, const char *format, ...) { - int retval; - va_list pvar; + int retval; + va_list pvar; va_start(pvar, format); retval = klog_vsyslog(priority, format, pvar); @@ -948,21 +949,21 @@ krb5_klog_reopen(krb5_context kcontext) * and reopened in response to a SIGHUP */ for (lindex = 0; lindex < log_control.log_nentries; lindex++) { - if (log_control.log_entries[lindex].log_type == K_LOG_FILE) { - fclose(log_control.log_entries[lindex].lfu_filep); - /* - * In case the old logfile did not get moved out of the - * way, open for append to prevent squashing the old logs. - */ - f = fopen(log_control.log_entries[lindex].lfu_fname, "a+"); - if (f) { - set_cloexec_file(f); - log_control.log_entries[lindex].lfu_filep = f; - } else { - fprintf(stderr, "Couldn't open log file %s: %s\n", - log_control.log_entries[lindex].lfu_fname, - error_message(errno)); - } - } + if (log_control.log_entries[lindex].log_type == K_LOG_FILE) { + fclose(log_control.log_entries[lindex].lfu_filep); + /* + * In case the old logfile did not get moved out of the + * way, open for append to prevent squashing the old logs. + */ + f = fopen(log_control.log_entries[lindex].lfu_fname, "a+"); + if (f) { + set_cloexec_file(f); + log_control.log_entries[lindex].lfu_filep = f; + } else { + fprintf(stderr, "Couldn't open log file %s: %s\n", + log_control.log_entries[lindex].lfu_fname, + error_message(errno)); + } + } } } diff --git a/src/lib/kadm5/misc_free.c b/src/lib/kadm5/misc_free.c index b0e3d24..17c8ccc 100644 --- a/src/lib/kadm5/misc_free.c +++ b/src/lib/kadm5/misc_free.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -7,9 +8,9 @@ #if !defined(lint) && !defined(__CODECENTER__) static char *rcsid = "$Header$"; #endif -#include <kadm5/admin.h> -#include <stdlib.h> -#include "server_internal.h" +#include <kadm5/admin.h> +#include <stdlib.h> +#include "server_internal.h" kadm5_ret_t kadm5_free_policy_ent(void *server_handle, kadm5_policy_ent_t val) @@ -17,54 +18,54 @@ kadm5_free_policy_ent(void *server_handle, kadm5_policy_ent_t val) _KADM5_CHECK_HANDLE(server_handle); if (val) - free(val->policy); + free(val->policy); return KADM5_OK; } kadm5_ret_t - kadm5_free_name_list(void *server_handle, char **names, int count) +kadm5_free_name_list(void *server_handle, char **names, int count) { _KADM5_CHECK_HANDLE(server_handle); - + while (count--) - free(names[count]); - free(names); + free(names[count]); + free(names); return KADM5_OK; } /* XXX this ought to be in libkrb5.a, but isn't */ kadm5_ret_t krb5_free_key_data_contents(context, key) - krb5_context context; - krb5_key_data *key; + krb5_context context; + krb5_key_data *key; { - int i, idx; - - idx = (key->key_data_ver == 1 ? 1 : 2); - for (i = 0; i < idx; i++) { - if (key->key_data_contents[i]) { - memset(key->key_data_contents[i], 0, key->key_data_length[i]); - free(key->key_data_contents[i]); - } - } - return KADM5_OK; + int i, idx; + + idx = (key->key_data_ver == 1 ? 1 : 2); + for (i = 0; i < idx; i++) { + if (key->key_data_contents[i]) { + memset(key->key_data_contents[i], 0, key->key_data_length[i]); + free(key->key_data_contents[i]); + } + } + return KADM5_OK; } kadm5_ret_t kadm5_free_key_data(void *server_handle, - krb5_int16 *n_key_data, - krb5_key_data *key_data) + krb5_int16 *n_key_data, + krb5_key_data *key_data) { - kadm5_server_handle_t handle = server_handle; - int i, nkeys = (int) *n_key_data; - - _KADM5_CHECK_HANDLE(server_handle); - - if (key_data == NULL) - return KADM5_OK; - - for (i = 0; i < nkeys; i++) - krb5_free_key_data_contents(handle->context, &key_data[i]); - free(key_data); - return KADM5_OK; + kadm5_server_handle_t handle = server_handle; + int i, nkeys = (int) *n_key_data; + + _KADM5_CHECK_HANDLE(server_handle); + + if (key_data == NULL) + return KADM5_OK; + + for (i = 0; i < nkeys; i++) + krb5_free_key_data_contents(handle->context, &key_data[i]); + free(key_data); + return KADM5_OK; } kadm5_ret_t @@ -77,22 +78,22 @@ kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t val) _KADM5_CHECK_HANDLE(server_handle); if (!val) - return KADM5_OK; + return KADM5_OK; krb5_free_principal(handle->context, val->principal); krb5_free_principal(handle->context, val->mod_name); free(val->policy); if (val->n_key_data) { - for (i = 0; i < val->n_key_data; i++) - krb5_free_key_data_contents(handle->context, &val->key_data[i]); - free(val->key_data); + for (i = 0; i < val->n_key_data; i++) + krb5_free_key_data_contents(handle->context, &val->key_data[i]); + free(val->key_data); } while (val->tl_data) { - tl = val->tl_data->tl_data_next; - free(val->tl_data->tl_data_contents); - free(val->tl_data); - val->tl_data = tl; + tl = val->tl_data->tl_data_next; + free(val->tl_data->tl_data_contents); + free(val->tl_data); + val->tl_data = tl; } return KADM5_OK; } diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h index c9bb073..7f58750 100644 --- a/src/lib/kadm5/server_internal.h +++ b/src/lib/kadm5/server_internal.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -24,116 +25,116 @@ #include "admin_internal.h" typedef struct _kadm5_server_handle_t { - krb5_ui_4 magic_number; - krb5_ui_4 struct_version; - krb5_ui_4 api_version; - krb5_context context; - krb5_principal current_caller; - kadm5_config_params params; - struct _kadm5_server_handle_t *lhandle; - char **db_args; + krb5_ui_4 magic_number; + krb5_ui_4 struct_version; + krb5_ui_4 api_version; + krb5_context context; + krb5_principal current_caller; + kadm5_config_params params; + struct _kadm5_server_handle_t *lhandle; + char **db_args; } kadm5_server_handle_rec, *kadm5_server_handle_t; #define OSA_ADB_PRINC_VERSION_1 0x12345C01 typedef struct _osa_pw_hist_t { - int n_key_data; - krb5_key_data *key_data; + int n_key_data; + krb5_key_data *key_data; } osa_pw_hist_ent, *osa_pw_hist_t; typedef struct _osa_princ_ent_t { - int version; - char *policy; - long aux_attributes; - unsigned int old_key_len; - unsigned int old_key_next; - krb5_kvno admin_history_kvno; - osa_pw_hist_ent *old_keys; + int version; + char *policy; + long aux_attributes; + unsigned int old_key_len; + unsigned int old_key_next; + krb5_kvno admin_history_kvno; + osa_pw_hist_ent *old_keys; } osa_princ_ent_rec, *osa_princ_ent_t; kadm5_ret_t adb_policy_init(kadm5_server_handle_t handle); kadm5_ret_t adb_policy_close(kadm5_server_handle_t handle); kadm5_ret_t passwd_check(kadm5_server_handle_t handle, - char *pass, int use_policy, - kadm5_policy_ent_t policy, - krb5_principal principal); + char *pass, int use_policy, + kadm5_policy_ent_t policy, + krb5_principal principal); kadm5_ret_t principal_exists(krb5_principal principal); -krb5_error_code kdb_init_master(kadm5_server_handle_t handle, - char *r, int from_keyboard); -krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, - char *r); +krb5_error_code kdb_init_master(kadm5_server_handle_t handle, + char *r, int from_keyboard); +krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, + char *r); krb5_error_code kdb_get_entry(kadm5_server_handle_t handle, - krb5_principal principal, krb5_db_entry *kdb, - osa_princ_ent_rec *adb); + krb5_principal principal, krb5_db_entry *kdb, + osa_princ_ent_rec *adb); krb5_error_code kdb_free_entry(kadm5_server_handle_t handle, - krb5_db_entry *kdb, osa_princ_ent_rec *adb); + krb5_db_entry *kdb, osa_princ_ent_rec *adb); krb5_error_code kdb_put_entry(kadm5_server_handle_t handle, - krb5_db_entry *kdb, osa_princ_ent_rec *adb); + krb5_db_entry *kdb, osa_princ_ent_rec *adb); krb5_error_code kdb_delete_entry(kadm5_server_handle_t handle, - krb5_principal name); + krb5_principal name); krb5_error_code kdb_iter_entry(kadm5_server_handle_t handle, - char *match_entry, - void (*iter_fct)(void *, krb5_principal), - void *data); + char *match_entry, + void (*iter_fct)(void *, krb5_principal), + void *data); -int init_dict(kadm5_config_params *); -int find_word(const char *word); -void destroy_dict(void); +int init_dict(kadm5_config_params *); +int find_word(const char *word); +void destroy_dict(void); /* XXX this ought to be in libkrb5.a, but isn't */ kadm5_ret_t krb5_copy_key_data_contents(krb5_context context, - krb5_key_data *from, - krb5_key_data *to); -kadm5_ret_t krb5_free_key_data_contents(krb5_context context, - krb5_key_data *key); + krb5_key_data *from, + krb5_key_data *to); +kadm5_ret_t krb5_free_key_data_contents(krb5_context context, + krb5_key_data *key); /* - * *Warning* - * *Warning* This is going to break if we - * *Warning* ever go multi-threaded - * *Warning* + * *Warning* + * *Warning* This is going to break if we + * *Warning* ever go multi-threaded + * *Warning* */ -extern krb5_principal current_caller; +extern krb5_principal current_caller; /* * Why is this (or something similar) not defined *anywhere* in krb5? */ -#define KSUCCESS 0 -#define WORD_NOT_FOUND 1 +#define KSUCCESS 0 +#define WORD_NOT_FOUND 1 /* * all the various mask bits or'd together */ -#define ALL_PRINC_MASK \ - (KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION | \ - KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | \ - KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO | \ - KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY | \ - KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT ) - -#define ALL_POLICY_MASK \ - (KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE | \ - KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \ - KADM5_REF_COUNT | KADM5_PW_MAX_FAILURE | KADM5_PW_FAILURE_COUNT_INTERVAL | \ - KADM5_PW_LOCKOUT_DURATION ) - -#define SERVER_CHECK_HANDLE(handle) \ -{ \ - kadm5_server_handle_t srvr = \ - (kadm5_server_handle_t) handle; \ - \ - if (! srvr->current_caller) \ - return KADM5_BAD_SERVER_HANDLE; \ - if (! srvr->lhandle) \ - return KADM5_BAD_SERVER_HANDLE; \ -} - -#define CHECK_HANDLE(handle) \ - GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, \ - KADM5_NEW_SERVER_API_VERSION) \ - SERVER_CHECK_HANDLE(handle) +#define ALL_PRINC_MASK \ + (KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION | \ + KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | \ + KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO | \ + KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY | \ + KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT ) + +#define ALL_POLICY_MASK \ + (KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE | \ + KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \ + KADM5_REF_COUNT | KADM5_PW_MAX_FAILURE | KADM5_PW_FAILURE_COUNT_INTERVAL | \ + KADM5_PW_LOCKOUT_DURATION ) + +#define SERVER_CHECK_HANDLE(handle) \ + { \ + kadm5_server_handle_t srvr = \ + (kadm5_server_handle_t) handle; \ + \ + if (! srvr->current_caller) \ + return KADM5_BAD_SERVER_HANDLE; \ + if (! srvr->lhandle) \ + return KADM5_BAD_SERVER_HANDLE; \ + } + +#define CHECK_HANDLE(handle) \ + GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, \ + KADM5_NEW_SERVER_API_VERSION) \ + SERVER_CHECK_HANDLE(handle) bool_t xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp); diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c index d5d1706..87ed27a 100644 --- a/src/lib/kadm5/srv/adb_xdr.c +++ b/src/lib/kadm5/srv/adb_xdr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -11,7 +12,7 @@ static char *rcsid = "$Header$"; #include <sys/types.h> #include <krb5.h> #include <gssrpc/rpc.h> -#include "server_internal.h" +#include "server_internal.h" #include "admin_xdr.h" #ifdef HAVE_MEMORY_H #include <memory.h> @@ -23,27 +24,27 @@ xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp) unsigned int tmp; if (!xdr_krb5_int16(xdrs, &objp->key_data_ver)) - return(FALSE); + return(FALSE); if (!xdr_krb5_int16(xdrs, &objp->key_data_kvno)) - return(FALSE); + return(FALSE); if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0])) - return(FALSE); + return(FALSE); if (!xdr_krb5_int16(xdrs, &objp->key_data_type[1])) - return(FALSE); + return(FALSE); if (!xdr_krb5_ui_2(xdrs, &objp->key_data_length[0])) - return(FALSE); + return(FALSE); if (!xdr_krb5_ui_2(xdrs, &objp->key_data_length[1])) - return(FALSE); + return(FALSE); tmp = (unsigned int) objp->key_data_length[0]; if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0], - &tmp, ~0)) - return FALSE; + &tmp, ~0)) + return FALSE; tmp = (unsigned int) objp->key_data_length[1]; if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1], - &tmp, ~0)) - return FALSE; + &tmp, ~0)) + return FALSE; /* don't need to copy tmp out, since key_data_length will be set by the above encoding. */ @@ -55,10 +56,10 @@ bool_t xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp) { if (!xdr_array(xdrs, (caddr_t *) &objp->key_data, - (u_int *) &objp->n_key_data, ~0, - sizeof(krb5_key_data), - xdr_krb5_key_data)) - return (FALSE); + (u_int *) &objp->n_key_data, ~0, + sizeof(krb5_key_data), + xdr_krb5_key_data)) + return (FALSE); return (TRUE); } @@ -67,33 +68,33 @@ xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp) { switch (xdrs->x_op) { case XDR_ENCODE: - objp->version = OSA_ADB_PRINC_VERSION_1; - /* fall through */ + objp->version = OSA_ADB_PRINC_VERSION_1; + /* fall through */ case XDR_FREE: - if (!xdr_int(xdrs, &objp->version)) - return FALSE; - break; + if (!xdr_int(xdrs, &objp->version)) + return FALSE; + break; case XDR_DECODE: - if (!xdr_int(xdrs, &objp->version)) - return FALSE; - if (objp->version != OSA_ADB_PRINC_VERSION_1) - return FALSE; - break; + if (!xdr_int(xdrs, &objp->version)) + return FALSE; + if (objp->version != OSA_ADB_PRINC_VERSION_1) + return FALSE; + break; } - + if (!xdr_nullstring(xdrs, &objp->policy)) - return (FALSE); + return (FALSE); if (!xdr_long(xdrs, &objp->aux_attributes)) - return (FALSE); + return (FALSE); if (!xdr_u_int(xdrs, &objp->old_key_next)) - return (FALSE); + return (FALSE); if (!xdr_krb5_kvno(xdrs, &objp->admin_history_kvno)) - return (FALSE); + return (FALSE); if (!xdr_array(xdrs, (caddr_t *) &objp->old_keys, - (unsigned int *) &objp->old_key_len, ~0, - sizeof(osa_pw_hist_ent), - xdr_osa_pw_hist_ent)) - return (FALSE); + (unsigned int *) &objp->old_key_len, ~0, + sizeof(osa_pw_hist_ent), + xdr_osa_pw_hist_ent)) + return (FALSE); return (TRUE); } @@ -101,10 +102,9 @@ void osa_free_princ_ent(osa_princ_ent_t val) { XDR xdrs; - + xdrmem_create(&xdrs, NULL, 0, XDR_FREE); - + xdr_osa_princ_ent_rec(&xdrs, val); free(val); } - diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c index 45f3879..b8abe8a 100644 --- a/src/lib/kadm5/srv/server_acl.c +++ b/src/lib/kadm5/srv/server_acl.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kadm5/srv/server_acl.c * @@ -40,46 +41,46 @@ #include <ctype.h> typedef struct _acl_op_table { - char ao_op; - krb5_int32 ao_mask; + char ao_op; + krb5_int32 ao_mask; } aop_t; typedef struct _acl_entry { - struct _acl_entry *ae_next; - char *ae_name; - krb5_boolean ae_name_bad; - krb5_principal ae_principal; - krb5_int32 ae_op_allowed; - char *ae_target; - krb5_boolean ae_target_bad; - krb5_principal ae_target_princ; - char *ae_restriction_string; - /* eg: "-maxlife 3h -service +proxiable" */ - krb5_boolean ae_restriction_bad; - restriction_t *ae_restrictions; + struct _acl_entry *ae_next; + char *ae_name; + krb5_boolean ae_name_bad; + krb5_principal ae_principal; + krb5_int32 ae_op_allowed; + char *ae_target; + krb5_boolean ae_target_bad; + krb5_principal ae_target_princ; + char *ae_restriction_string; + /* eg: "-maxlife 3h -service +proxiable" */ + krb5_boolean ae_restriction_bad; + restriction_t *ae_restrictions; } aent_t; static const aop_t acl_op_table[] = { - { 'a', ACL_ADD }, - { 'd', ACL_DELETE }, - { 'm', ACL_MODIFY }, - { 'c', ACL_CHANGEPW }, - { 'i', ACL_INQUIRE }, - { 'l', ACL_LIST }, - { 'p', ACL_IPROP }, - { 's', ACL_SETKEY }, - { 'x', ACL_ALL_MASK }, - { '*', ACL_ALL_MASK }, - { '\0', 0 } + { 'a', ACL_ADD }, + { 'd', ACL_DELETE }, + { 'm', ACL_MODIFY }, + { 'c', ACL_CHANGEPW }, + { 'i', ACL_INQUIRE }, + { 'l', ACL_LIST }, + { 'p', ACL_IPROP }, + { 's', ACL_SETKEY }, + { 'x', ACL_ALL_MASK }, + { '*', ACL_ALL_MASK }, + { '\0', 0 } }; typedef struct _wildstate { - int nwild; - krb5_data *backref[9]; + int nwild; + krb5_data *backref[9]; } wildstate_t; -static aent_t *acl_list_head = (aent_t *) NULL; -static aent_t *acl_list_tail = (aent_t *) NULL; +static aent_t *acl_list_head = (aent_t *) NULL; +static aent_t *acl_list_tail = (aent_t *) NULL; static const char *acl_acl_file = (char *) NULL; static int acl_inited = 0; @@ -99,65 +100,65 @@ static const char *acl_cantopen_msg = "%s while opening ACL file %s"; /* * kadm5int_acl_get_line() - Get a line from the ACL file. - * Lines ending with \ are continued on the next line + * Lines ending with \ are continued on the next line */ static char * kadm5int_acl_get_line(fp, lnp) - FILE *fp; - int *lnp; /* caller should set to 1 before first call */ + FILE *fp; + int *lnp; /* caller should set to 1 before first call */ { - int i, domore; - static int line_incr = 0; + int i, domore; + static int line_incr = 0; static char acl_buf[BUFSIZ]; *lnp += line_incr; line_incr = 0; for (domore = 1; domore && !feof(fp); ) { - /* Copy in the line, with continuations */ - for (i=0; ((i < sizeof acl_buf) && !feof(fp)); i++ ) { - int byte; - byte = fgetc(fp); - acl_buf[i] = byte; - if (byte == (char)EOF) { - if (i > 0 && acl_buf[i-1] == '\\') - i--; - break; /* it gets nulled-out below */ - } - else if (acl_buf[i] == '\n') { - if (i == 0 || acl_buf[i-1] != '\\') - break; /* empty line or normal end of line */ - else { - i -= 2; /* back up over "\\\n" and continue */ - line_incr++; - } - } - } - /* Check if we exceeded our buffer size */ - if (i == sizeof acl_buf && (i--, !feof(fp))) { - int c1 = acl_buf[i], c2; - - krb5_klog_syslog(LOG_ERR, acl_line2long_msg, acl_acl_file, *lnp); - while ((c2 = fgetc(fp)) != EOF) { - if (c2 == '\n') { - if (c1 != '\\') - break; - line_incr++; - } - c1 = c2; - } - } - acl_buf[i] = '\0'; - if (acl_buf[0] == (char) EOF) /* ptooey */ - acl_buf[0] = '\0'; - else - line_incr++; - if ((acl_buf[0] != '#') && (acl_buf[0] != '\0')) - domore = 0; + /* Copy in the line, with continuations */ + for (i=0; ((i < sizeof acl_buf) && !feof(fp)); i++ ) { + int byte; + byte = fgetc(fp); + acl_buf[i] = byte; + if (byte == (char)EOF) { + if (i > 0 && acl_buf[i-1] == '\\') + i--; + break; /* it gets nulled-out below */ + } + else if (acl_buf[i] == '\n') { + if (i == 0 || acl_buf[i-1] != '\\') + break; /* empty line or normal end of line */ + else { + i -= 2; /* back up over "\\\n" and continue */ + line_incr++; + } + } + } + /* Check if we exceeded our buffer size */ + if (i == sizeof acl_buf && (i--, !feof(fp))) { + int c1 = acl_buf[i], c2; + + krb5_klog_syslog(LOG_ERR, acl_line2long_msg, acl_acl_file, *lnp); + while ((c2 = fgetc(fp)) != EOF) { + if (c2 == '\n') { + if (c1 != '\\') + break; + line_incr++; + } + c1 = c2; + } + } + acl_buf[i] = '\0'; + if (acl_buf[0] == (char) EOF) /* ptooey */ + acl_buf[0] = '\0'; + else + line_incr++; + if ((acl_buf[0] != '#') && (acl_buf[0] != '\0')) + domore = 0; } if (domore || (strlen(acl_buf) == 0)) - return((char *) NULL); + return((char *) NULL); else - return(acl_buf); + return(acl_buf); } /* @@ -171,95 +172,95 @@ kadm5int_acl_parse_line(lp) static char acle_ops[BUFSIZ]; static char acle_object[BUFSIZ]; static char acle_restrictions[BUFSIZ]; - aent_t *acle; - char *op; - int t, found, opok, nmatch; + aent_t *acle; + char *op; + int t, found, opok, nmatch; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* kadm5int_acl_parse_line(line=%20s)\n", lp)); + ("* kadm5int_acl_parse_line(line=%20s)\n", lp)); /* * Format is still simple: * entry ::= [<whitespace>] <principal> <whitespace> <opstring> - * [<whitespace> <target> [<whitespace> <restrictions> - * [<whitespace>]]] + * [<whitespace> <target> [<whitespace> <restrictions> + * [<whitespace>]]] */ acle = (aent_t *) NULL; acle_object[0] = '\0'; nmatch = sscanf(lp, "%s %s %s %[^\n]", acle_principal, acle_ops, - acle_object, acle_restrictions); + acle_object, acle_restrictions); if (nmatch >= 2) { - acle = (aent_t *) malloc(sizeof(aent_t)); - if (acle) { - acle->ae_next = (aent_t *) NULL; - acle->ae_op_allowed = (krb5_int32) 0; - acle->ae_target = - (nmatch >= 3) ? strdup(acle_object) : (char *) NULL; - acle->ae_target_bad = 0; - acle->ae_target_princ = (krb5_principal) NULL; - opok = 1; - for (op=acle_ops; *op; op++) { - char rop; - - rop = (isupper((unsigned char) *op)) ? tolower((unsigned char) *op) : *op; - found = 0; - for (t=0; acl_op_table[t].ao_op; t++) { - if (rop == acl_op_table[t].ao_op) { - found = 1; - if (rop == *op) - acle->ae_op_allowed |= acl_op_table[t].ao_mask; - else - acle->ae_op_allowed &= ~acl_op_table[t].ao_mask; - } - } - if (!found) { - krb5_klog_syslog(LOG_ERR, acl_op_bad_msg, *op, lp); - opok = 0; - } - } - if (opok) { - acle->ae_name = strdup(acle_principal); - if (acle->ae_name) { - acle->ae_principal = (krb5_principal) NULL; - acle->ae_name_bad = 0; - DPRINT(DEBUG_ACL, acl_debug_level, - ("A ACL entry %s -> opmask %x\n", - acle->ae_name, acle->ae_op_allowed)); - } - else { - if (acle->ae_target) - free(acle->ae_target); - free(acle); - acle = (aent_t *) NULL; - } - } - else { - if (acle->ae_target) - free(acle->ae_target); - free(acle); - acle = (aent_t *) NULL; - } - - if (acle) { - if ( nmatch >= 4 ) { - char *trailing; - - trailing = &acle_restrictions[strlen(acle_restrictions)-1]; - while ( isspace((int) *trailing) ) - trailing--; - trailing[1] = '\0'; - acle->ae_restriction_string = - strdup(acle_restrictions); - } - else { - acle->ae_restriction_string = (char *) NULL; - } - acle->ae_restriction_bad = 0; - acle->ae_restrictions = (restriction_t *) NULL; - } - } + acle = (aent_t *) malloc(sizeof(aent_t)); + if (acle) { + acle->ae_next = (aent_t *) NULL; + acle->ae_op_allowed = (krb5_int32) 0; + acle->ae_target = + (nmatch >= 3) ? strdup(acle_object) : (char *) NULL; + acle->ae_target_bad = 0; + acle->ae_target_princ = (krb5_principal) NULL; + opok = 1; + for (op=acle_ops; *op; op++) { + char rop; + + rop = (isupper((unsigned char) *op)) ? tolower((unsigned char) *op) : *op; + found = 0; + for (t=0; acl_op_table[t].ao_op; t++) { + if (rop == acl_op_table[t].ao_op) { + found = 1; + if (rop == *op) + acle->ae_op_allowed |= acl_op_table[t].ao_mask; + else + acle->ae_op_allowed &= ~acl_op_table[t].ao_mask; + } + } + if (!found) { + krb5_klog_syslog(LOG_ERR, acl_op_bad_msg, *op, lp); + opok = 0; + } + } + if (opok) { + acle->ae_name = strdup(acle_principal); + if (acle->ae_name) { + acle->ae_principal = (krb5_principal) NULL; + acle->ae_name_bad = 0; + DPRINT(DEBUG_ACL, acl_debug_level, + ("A ACL entry %s -> opmask %x\n", + acle->ae_name, acle->ae_op_allowed)); + } + else { + if (acle->ae_target) + free(acle->ae_target); + free(acle); + acle = (aent_t *) NULL; + } + } + else { + if (acle->ae_target) + free(acle->ae_target); + free(acle); + acle = (aent_t *) NULL; + } + + if (acle) { + if ( nmatch >= 4 ) { + char *trailing; + + trailing = &acle_restrictions[strlen(acle_restrictions)-1]; + while ( isspace((int) *trailing) ) + trailing--; + trailing[1] = '\0'; + acle->ae_restriction_string = + strdup(acle_restrictions); + } + else { + acle->ae_restriction_string = (char *) NULL; + } + acle->ae_restriction_bad = 0; + acle->ae_restrictions = (restriction_t *) NULL; + } + } } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X kadm5int_acl_parse_line() = %x\n", (long) acle)); + ("X kadm5int_acl_parse_line() = %x\n", (long) acle)); return(acle); } @@ -267,177 +268,177 @@ kadm5int_acl_parse_line(lp) * kadm5int_acl_parse_restrictions() - Parse optional restrictions field * * Allowed restrictions are: - * [+-]flagname (recognized by krb5_string_to_flags) - * flag is forced to indicated value - * -clearpolicy policy is forced clear - * -policy pol policy is forced to be "pol" - * -{expire,pwexpire,maxlife,maxrenewlife} deltat - * associated value will be forced to - * MIN(deltat, requested value) + * [+-]flagname (recognized by krb5_string_to_flags) + * flag is forced to indicated value + * -clearpolicy policy is forced clear + * -policy pol policy is forced to be "pol" + * -{expire,pwexpire,maxlife,maxrenewlife} deltat + * associated value will be forced to + * MIN(deltat, requested value) * * Returns: 0 on success, or system errors */ static krb5_error_code kadm5int_acl_parse_restrictions(s, rpp) - char *s; - restriction_t **rpp; + char *s; + restriction_t **rpp; { - char *sp = NULL, *tp, *ap, *save; - static const char *delims = "\t\n\f\v\r ,"; - krb5_deltat dt; - krb5_flags flag; - krb5_error_code code; + char *sp = NULL, *tp, *ap, *save; + static const char *delims = "\t\n\f\v\r ,"; + krb5_deltat dt; + krb5_flags flag; + krb5_error_code code; - DPRINT(DEBUG_CALLS, acl_debug_level, - ("* kadm5int_acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp)); + DPRINT(DEBUG_CALLS, acl_debug_level, + ("* kadm5int_acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp)); *rpp = (restriction_t *) NULL; code = 0; if (s) { - if (!(sp = strdup(s)) /* Don't munge the original */ - || !(*rpp = (restriction_t *) malloc(sizeof(restriction_t)))) { - code = ENOMEM; - } else { - memset(*rpp, 0, sizeof(**rpp)); - for (tp = strtok_r(sp, delims, &save); tp; - tp = strtok_r(NULL, delims, &save)) { - flag = 0; - if (!krb5_string_to_flags(tp, "+", "-", &flag)) { - /* OK, but was it in the positive or negative sense? */ - if (flag) { - (*rpp)->require_attrs |= flag; - } else { - flag = ~0; - (void) krb5_string_to_flags(tp, "+", "-", &flag); - (*rpp)->forbid_attrs |= ~flag; - } - (*rpp)->mask |= KADM5_ATTRIBUTES; - } else if (!strcmp(tp, "-clearpolicy")) { - (*rpp)->mask |= KADM5_POLICY_CLR; - } else { - /* everything else needs an argument ... */ - if (!(ap = strtok_r(NULL, delims, &save))) { - code = EINVAL; - break; - } - if (!strcmp(tp, "-policy")) { - if (!((*rpp)->policy = strdup(ap))) { - code = ENOMEM; - break; - } - (*rpp)->mask |= KADM5_POLICY; - } else { - /* all other arguments must be a deltat ... */ - if (krb5_string_to_deltat(ap, &dt)) { - code = EINVAL; - break; - } - if (!strcmp(tp, "-expire")) { - (*rpp)->princ_lifetime = dt; - (*rpp)->mask |= KADM5_PRINC_EXPIRE_TIME; - } else if (!strcmp(tp, "-pwexpire")) { - (*rpp)->pw_lifetime = dt; - (*rpp)->mask |= KADM5_PW_EXPIRATION; - } else if (!strcmp(tp, "-maxlife")) { - (*rpp)->max_life = dt; - (*rpp)->mask |= KADM5_MAX_LIFE; - } else if (!strcmp(tp, "-maxrenewlife")) { - (*rpp)->max_renewable_life = dt; - (*rpp)->mask |= KADM5_MAX_RLIFE; - } else { - code = EINVAL; - break; - } - } - } - } - } + if (!(sp = strdup(s)) /* Don't munge the original */ + || !(*rpp = (restriction_t *) malloc(sizeof(restriction_t)))) { + code = ENOMEM; + } else { + memset(*rpp, 0, sizeof(**rpp)); + for (tp = strtok_r(sp, delims, &save); tp; + tp = strtok_r(NULL, delims, &save)) { + flag = 0; + if (!krb5_string_to_flags(tp, "+", "-", &flag)) { + /* OK, but was it in the positive or negative sense? */ + if (flag) { + (*rpp)->require_attrs |= flag; + } else { + flag = ~0; + (void) krb5_string_to_flags(tp, "+", "-", &flag); + (*rpp)->forbid_attrs |= ~flag; + } + (*rpp)->mask |= KADM5_ATTRIBUTES; + } else if (!strcmp(tp, "-clearpolicy")) { + (*rpp)->mask |= KADM5_POLICY_CLR; + } else { + /* everything else needs an argument ... */ + if (!(ap = strtok_r(NULL, delims, &save))) { + code = EINVAL; + break; + } + if (!strcmp(tp, "-policy")) { + if (!((*rpp)->policy = strdup(ap))) { + code = ENOMEM; + break; + } + (*rpp)->mask |= KADM5_POLICY; + } else { + /* all other arguments must be a deltat ... */ + if (krb5_string_to_deltat(ap, &dt)) { + code = EINVAL; + break; + } + if (!strcmp(tp, "-expire")) { + (*rpp)->princ_lifetime = dt; + (*rpp)->mask |= KADM5_PRINC_EXPIRE_TIME; + } else if (!strcmp(tp, "-pwexpire")) { + (*rpp)->pw_lifetime = dt; + (*rpp)->mask |= KADM5_PW_EXPIRATION; + } else if (!strcmp(tp, "-maxlife")) { + (*rpp)->max_life = dt; + (*rpp)->mask |= KADM5_MAX_LIFE; + } else if (!strcmp(tp, "-maxrenewlife")) { + (*rpp)->max_renewable_life = dt; + (*rpp)->mask |= KADM5_MAX_RLIFE; + } else { + code = EINVAL; + break; + } + } + } + } + } } if (sp) - free(sp); + free(sp); if (*rpp && code) { - if ((*rpp)->policy) - free((*rpp)->policy); - free(*rpp); - *rpp = (restriction_t *) NULL; + if ((*rpp)->policy) + free((*rpp)->policy); + free(*rpp); + *rpp = (restriction_t *) NULL; } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X kadm5int_acl_parse_restrictions() = %d, mask=0x%08x\n", - code, (*rpp) ? (*rpp)->mask : 0)); + ("X kadm5int_acl_parse_restrictions() = %d, mask=0x%08x\n", + code, (*rpp) ? (*rpp)->mask : 0)); return code; } /* - * kadm5int_acl_impose_restrictions() - impose restrictions, modifying *recp, *maskp + * kadm5int_acl_impose_restrictions() - impose restrictions, modifying *recp, *maskp * * Returns: 0 on success; - * malloc or timeofday errors + * malloc or timeofday errors */ krb5_error_code kadm5int_acl_impose_restrictions(kcontext, recp, maskp, rp) - krb5_context kcontext; - kadm5_principal_ent_rec *recp; - long *maskp; - restriction_t *rp; + krb5_context kcontext; + kadm5_principal_ent_rec *recp; + long *maskp; + restriction_t *rp; { - krb5_error_code code; - krb5_int32 now; + krb5_error_code code; + krb5_int32 now; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* kadm5int_acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n", - *maskp, (long)rp)); + ("* kadm5int_acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n", + *maskp, (long)rp)); if (!rp) - return 0; + return 0; if (rp->mask & (KADM5_PRINC_EXPIRE_TIME|KADM5_PW_EXPIRATION)) - if ((code = krb5_timeofday(kcontext, &now))) - return code; + if ((code = krb5_timeofday(kcontext, &now))) + return code; if (rp->mask & KADM5_ATTRIBUTES) { - recp->attributes |= rp->require_attrs; - recp->attributes &= ~(rp->forbid_attrs); - *maskp |= KADM5_ATTRIBUTES; + recp->attributes |= rp->require_attrs; + recp->attributes &= ~(rp->forbid_attrs); + *maskp |= KADM5_ATTRIBUTES; } if (rp->mask & KADM5_POLICY_CLR) { - *maskp &= ~KADM5_POLICY; - *maskp |= KADM5_POLICY_CLR; + *maskp &= ~KADM5_POLICY; + *maskp |= KADM5_POLICY_CLR; } else if (rp->mask & KADM5_POLICY) { - if (recp->policy && strcmp(recp->policy, rp->policy)) { - free(recp->policy); - recp->policy = (char *) NULL; - } - if (!recp->policy) { - recp->policy = strdup(rp->policy); /* XDR will free it */ - if (!recp->policy) - return ENOMEM; - } - *maskp |= KADM5_POLICY; + if (recp->policy && strcmp(recp->policy, rp->policy)) { + free(recp->policy); + recp->policy = (char *) NULL; + } + if (!recp->policy) { + recp->policy = strdup(rp->policy); /* XDR will free it */ + if (!recp->policy) + return ENOMEM; + } + *maskp |= KADM5_POLICY; } if (rp->mask & KADM5_PRINC_EXPIRE_TIME) { - if (!(*maskp & KADM5_PRINC_EXPIRE_TIME) - || (recp->princ_expire_time > (now + rp->princ_lifetime))) - recp->princ_expire_time = now + rp->princ_lifetime; - *maskp |= KADM5_PRINC_EXPIRE_TIME; + if (!(*maskp & KADM5_PRINC_EXPIRE_TIME) + || (recp->princ_expire_time > (now + rp->princ_lifetime))) + recp->princ_expire_time = now + rp->princ_lifetime; + *maskp |= KADM5_PRINC_EXPIRE_TIME; } if (rp->mask & KADM5_PW_EXPIRATION) { - if (!(*maskp & KADM5_PW_EXPIRATION) - || (recp->pw_expiration > (now + rp->pw_lifetime))) - recp->pw_expiration = now + rp->pw_lifetime; - *maskp |= KADM5_PW_EXPIRATION; + if (!(*maskp & KADM5_PW_EXPIRATION) + || (recp->pw_expiration > (now + rp->pw_lifetime))) + recp->pw_expiration = now + rp->pw_lifetime; + *maskp |= KADM5_PW_EXPIRATION; } if (rp->mask & KADM5_MAX_LIFE) { - if (!(*maskp & KADM5_MAX_LIFE) - || (recp->max_life > rp->max_life)) - recp->max_life = rp->max_life; - *maskp |= KADM5_MAX_LIFE; + if (!(*maskp & KADM5_MAX_LIFE) + || (recp->max_life > rp->max_life)) + recp->max_life = rp->max_life; + *maskp |= KADM5_MAX_LIFE; } if (rp->mask & KADM5_MAX_RLIFE) { - if (!(*maskp & KADM5_MAX_RLIFE) - || (recp->max_renewable_life > rp->max_renewable_life)) - recp->max_renewable_life = rp->max_renewable_life; - *maskp |= KADM5_MAX_RLIFE; + if (!(*maskp & KADM5_MAX_RLIFE) + || (recp->max_renewable_life > rp->max_renewable_life)) + recp->max_renewable_life = rp->max_renewable_life; + *maskp |= KADM5_MAX_RLIFE; } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X kadm5int_acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp)); + ("X kadm5int_acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp)); return 0; } @@ -447,28 +448,28 @@ kadm5int_acl_impose_restrictions(kcontext, recp, maskp, rp) static void kadm5int_acl_free_entries() { - aent_t *ap; - aent_t *np; + aent_t *ap; + aent_t *np; DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_free_entries()\n")); for (ap=acl_list_head; ap; ap = np) { - if (ap->ae_name) - free(ap->ae_name); - if (ap->ae_principal) - krb5_free_principal((krb5_context) NULL, ap->ae_principal); - if (ap->ae_target) - free(ap->ae_target); - if (ap->ae_target_princ) - krb5_free_principal((krb5_context) NULL, ap->ae_target_princ); - if (ap->ae_restriction_string) - free(ap->ae_restriction_string); - if (ap->ae_restrictions) { - if (ap->ae_restrictions->policy) - free(ap->ae_restrictions->policy); - free(ap->ae_restrictions); - } - np = ap->ae_next; - free(ap); + if (ap->ae_name) + free(ap->ae_name); + if (ap->ae_principal) + krb5_free_principal((krb5_context) NULL, ap->ae_principal); + if (ap->ae_target) + free(ap->ae_target); + if (ap->ae_target_princ) + krb5_free_principal((krb5_context) NULL, ap->ae_target_princ); + if (ap->ae_restriction_string) + free(ap->ae_restriction_string); + if (ap->ae_restrictions) { + if (ap->ae_restrictions->policy) + free(ap->ae_restrictions->policy); + free(ap->ae_restrictions); + } + np = ap->ae_next; + free(ap); } acl_list_head = acl_list_tail = (aent_t *) NULL; acl_inited = 0; @@ -476,250 +477,250 @@ kadm5int_acl_free_entries() } /* - * kadm5int_acl_load_acl_file() - Open and parse the ACL file. + * kadm5int_acl_load_acl_file() - Open and parse the ACL file. */ static int kadm5int_acl_load_acl_file() { - FILE *afp; - char *alinep; - aent_t **aentpp; - int alineno; - int retval = 1; + FILE *afp; + char *alinep; + aent_t **aentpp; + int alineno; + int retval = 1; DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_load_acl_file()\n")); /* Open the ACL file for read */ afp = fopen(acl_acl_file, "r"); if (afp) { - set_cloexec_file(afp); - alineno = 1; - aentpp = &acl_list_head; - - /* Get a non-comment line */ - while ((alinep = kadm5int_acl_get_line(afp, &alineno))) { - /* Parse it */ - *aentpp = kadm5int_acl_parse_line(alinep); - /* If syntax error, then fall out */ - if (!*aentpp) { - krb5_klog_syslog(LOG_ERR, acl_syn_err_msg, - acl_acl_file, alineno, alinep); - retval = 0; - break; - } - acl_list_tail = *aentpp; - aentpp = &(*aentpp)->ae_next; - } - - fclose(afp); - - if (acl_catchall_entry) { - *aentpp = kadm5int_acl_parse_line(acl_catchall_entry); - if (*aentpp) { - acl_list_tail = *aentpp; - } - else { - retval = 0; - DPRINT(DEBUG_OPERATION, acl_debug_level, - ("> catchall acl entry (%s) load failed\n", - acl_catchall_entry)); - } - } + set_cloexec_file(afp); + alineno = 1; + aentpp = &acl_list_head; + + /* Get a non-comment line */ + while ((alinep = kadm5int_acl_get_line(afp, &alineno))) { + /* Parse it */ + *aentpp = kadm5int_acl_parse_line(alinep); + /* If syntax error, then fall out */ + if (!*aentpp) { + krb5_klog_syslog(LOG_ERR, acl_syn_err_msg, + acl_acl_file, alineno, alinep); + retval = 0; + break; + } + acl_list_tail = *aentpp; + aentpp = &(*aentpp)->ae_next; + } + + fclose(afp); + + if (acl_catchall_entry) { + *aentpp = kadm5int_acl_parse_line(acl_catchall_entry); + if (*aentpp) { + acl_list_tail = *aentpp; + } + else { + retval = 0; + DPRINT(DEBUG_OPERATION, acl_debug_level, + ("> catchall acl entry (%s) load failed\n", + acl_catchall_entry)); + } + } } else { - krb5_klog_syslog(LOG_ERR, acl_cantopen_msg, - error_message(errno), acl_acl_file); - if (acl_catchall_entry && - (acl_list_head = kadm5int_acl_parse_line(acl_catchall_entry))) { - acl_list_tail = acl_list_head; - } - else { - retval = 0; - DPRINT(DEBUG_OPERATION, acl_debug_level, - ("> catchall acl entry (%s) load failed\n", - acl_catchall_entry)); - } + krb5_klog_syslog(LOG_ERR, acl_cantopen_msg, + error_message(errno), acl_acl_file); + if (acl_catchall_entry && + (acl_list_head = kadm5int_acl_parse_line(acl_catchall_entry))) { + acl_list_tail = acl_list_head; + } + else { + retval = 0; + DPRINT(DEBUG_OPERATION, acl_debug_level, + ("> catchall acl entry (%s) load failed\n", + acl_catchall_entry)); + } } if (!retval) { - kadm5int_acl_free_entries(); + kadm5int_acl_free_entries(); } DPRINT(DEBUG_CALLS, acl_debug_level, - ("X kadm5int_acl_load_acl_file() = %d\n", retval)); + ("X kadm5int_acl_load_acl_file() = %d\n", retval)); return(retval); } /* - * kadm5int_acl_match_data() - See if two data entries match. + * kadm5int_acl_match_data() - See if two data entries match. * * Wildcarding is only supported for a whole component. */ static krb5_boolean kadm5int_acl_match_data(e1, e2, targetflag, ws) - krb5_data *e1, *e2; - int targetflag; - wildstate_t *ws; + krb5_data *e1, *e2; + int targetflag; + wildstate_t *ws; { - krb5_boolean retval; + krb5_boolean retval; - DPRINT(DEBUG_CALLS, acl_debug_level, - ("* acl_match_entry(%s, %s)\n", e1->data, e2->data)); + DPRINT(DEBUG_CALLS, acl_debug_level, + ("* acl_match_entry(%s, %s)\n", e1->data, e2->data)); retval = 0; if (!strncmp(e1->data, "*", e1->length)) { - retval = 1; - if (ws && !targetflag) { - if (ws->nwild >= 9) { - DPRINT(DEBUG_ACL, acl_debug_level, - ("Too many wildcards in ACL entry %s\n", entry->ae_name)); - } - else - ws->backref[ws->nwild++] = e2; - } + retval = 1; + if (ws && !targetflag) { + if (ws->nwild >= 9) { + DPRINT(DEBUG_ACL, acl_debug_level, + ("Too many wildcards in ACL entry %s\n", entry->ae_name)); + } + else + ws->backref[ws->nwild++] = e2; + } } else if (ws && targetflag && (e1->length == 2) && (e1->data[0] == '*') && - (e1->data[1] >= '1') && (e1->data[1] <= '9')) { - int n = e1->data[1] - '1'; - if (n >= ws->nwild) { - DPRINT(DEBUG_ACL, acl_debug_level, - ("Too many backrefs in ACL entry %s\n", entry->ae_name)); - } - else if ((ws->backref[n]->length == e2->length) && - (!strncmp(ws->backref[n]->data, e2->data, e2->length))) - retval = 1; - + (e1->data[1] >= '1') && (e1->data[1] <= '9')) { + int n = e1->data[1] - '1'; + if (n >= ws->nwild) { + DPRINT(DEBUG_ACL, acl_debug_level, + ("Too many backrefs in ACL entry %s\n", entry->ae_name)); + } + else if ((ws->backref[n]->length == e2->length) && + (!strncmp(ws->backref[n]->data, e2->data, e2->length))) + retval = 1; + } else { - if ((e1->length == e2->length) && - (!strncmp(e1->data, e2->data, e1->length))) - retval = 1; + if ((e1->length == e2->length) && + (!strncmp(e1->data, e2->data, e1->length))) + retval = 1; } DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_match_entry()=%d\n",retval)); return(retval); } /* - * kadm5int_acl_find_entry() - Find a matching entry. + * kadm5int_acl_find_entry() - Find a matching entry. */ static aent_t * kadm5int_acl_find_entry(kcontext, principal, dest_princ) - krb5_context kcontext; - krb5_principal principal; - krb5_principal dest_princ; + krb5_context kcontext; + krb5_principal principal; + krb5_principal dest_princ; { - aent_t *entry; - krb5_error_code kret; - int i; - int matchgood; - wildstate_t state; + aent_t *entry; + krb5_error_code kret; + int i; + int matchgood; + wildstate_t state; DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_find_entry()\n")); memset(&state, 0, sizeof state); for (entry=acl_list_head; entry; entry = entry->ae_next) { - if (entry->ae_name_bad) - continue; - if (!strcmp(entry->ae_name, "*")) { - DPRINT(DEBUG_ACL, acl_debug_level, ("A wildcard ACL match\n")); - matchgood = 1; - } - else { - if (!entry->ae_principal && !entry->ae_name_bad) { - kret = krb5_parse_name(kcontext, - entry->ae_name, - &entry->ae_principal); - if (kret) - entry->ae_name_bad = 1; - } - if (entry->ae_name_bad) { - DPRINT(DEBUG_ACL, acl_debug_level, - ("Bad ACL entry %s\n", entry->ae_name)); - continue; - } - matchgood = 0; - if (kadm5int_acl_match_data(&entry->ae_principal->realm, - &principal->realm, 0, (wildstate_t *)0) && - (entry->ae_principal->length == principal->length)) { - matchgood = 1; - for (i=0; i<principal->length; i++) { - if (!kadm5int_acl_match_data(&entry->ae_principal->data[i], - &principal->data[i], 0, &state)) { - matchgood = 0; - break; - } - } - } - } - if (!matchgood) - continue; - - /* We've matched the principal. If we have a target, then try it */ - if (entry->ae_target && strcmp(entry->ae_target, "*")) { - if (!entry->ae_target_princ && !entry->ae_target_bad) { - kret = krb5_parse_name(kcontext, entry->ae_target, - &entry->ae_target_princ); - if (kret) - entry->ae_target_bad = 1; - } - if (entry->ae_target_bad) { - DPRINT(DEBUG_ACL, acl_debug_level, - ("Bad target in ACL entry for %s\n", entry->ae_name)); - entry->ae_name_bad = 1; - continue; - } - if (!dest_princ) - matchgood = 0; - else if (entry->ae_target_princ && dest_princ) { - if (kadm5int_acl_match_data(&entry->ae_target_princ->realm, - &dest_princ->realm, 1, (wildstate_t *)0) && - (entry->ae_target_princ->length == dest_princ->length)) { - for (i=0; i<dest_princ->length; i++) { - if (!kadm5int_acl_match_data(&entry->ae_target_princ->data[i], - &dest_princ->data[i], 1, &state)) { - matchgood = 0; - break; - } - } - } - else - matchgood = 0; - } + if (entry->ae_name_bad) + continue; + if (!strcmp(entry->ae_name, "*")) { + DPRINT(DEBUG_ACL, acl_debug_level, ("A wildcard ACL match\n")); + matchgood = 1; } - if (!matchgood) - continue; - - if (entry->ae_restriction_string - && !entry->ae_restriction_bad - && !entry->ae_restrictions - && kadm5int_acl_parse_restrictions(entry->ae_restriction_string, - &entry->ae_restrictions)) { - DPRINT(DEBUG_ACL, acl_debug_level, - ("Bad restrictions in ACL entry for %s\n", entry->ae_name)); - entry->ae_restriction_bad = 1; - } - if (entry->ae_restriction_bad) { - entry->ae_name_bad = 1; - continue; - } - break; + else { + if (!entry->ae_principal && !entry->ae_name_bad) { + kret = krb5_parse_name(kcontext, + entry->ae_name, + &entry->ae_principal); + if (kret) + entry->ae_name_bad = 1; + } + if (entry->ae_name_bad) { + DPRINT(DEBUG_ACL, acl_debug_level, + ("Bad ACL entry %s\n", entry->ae_name)); + continue; + } + matchgood = 0; + if (kadm5int_acl_match_data(&entry->ae_principal->realm, + &principal->realm, 0, (wildstate_t *)0) && + (entry->ae_principal->length == principal->length)) { + matchgood = 1; + for (i=0; i<principal->length; i++) { + if (!kadm5int_acl_match_data(&entry->ae_principal->data[i], + &principal->data[i], 0, &state)) { + matchgood = 0; + break; + } + } + } + } + if (!matchgood) + continue; + + /* We've matched the principal. If we have a target, then try it */ + if (entry->ae_target && strcmp(entry->ae_target, "*")) { + if (!entry->ae_target_princ && !entry->ae_target_bad) { + kret = krb5_parse_name(kcontext, entry->ae_target, + &entry->ae_target_princ); + if (kret) + entry->ae_target_bad = 1; + } + if (entry->ae_target_bad) { + DPRINT(DEBUG_ACL, acl_debug_level, + ("Bad target in ACL entry for %s\n", entry->ae_name)); + entry->ae_name_bad = 1; + continue; + } + if (!dest_princ) + matchgood = 0; + else if (entry->ae_target_princ && dest_princ) { + if (kadm5int_acl_match_data(&entry->ae_target_princ->realm, + &dest_princ->realm, 1, (wildstate_t *)0) && + (entry->ae_target_princ->length == dest_princ->length)) { + for (i=0; i<dest_princ->length; i++) { + if (!kadm5int_acl_match_data(&entry->ae_target_princ->data[i], + &dest_princ->data[i], 1, &state)) { + matchgood = 0; + break; + } + } + } + else + matchgood = 0; + } + } + if (!matchgood) + continue; + + if (entry->ae_restriction_string + && !entry->ae_restriction_bad + && !entry->ae_restrictions + && kadm5int_acl_parse_restrictions(entry->ae_restriction_string, + &entry->ae_restrictions)) { + DPRINT(DEBUG_ACL, acl_debug_level, + ("Bad restrictions in ACL entry for %s\n", entry->ae_name)); + entry->ae_restriction_bad = 1; + } + if (entry->ae_restriction_bad) { + entry->ae_name_bad = 1; + continue; + } + break; } DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_find_entry()=%x\n",entry)); return(entry); } /* - * kadm5int_acl_init() - Initialize ACL context. + * kadm5int_acl_init() - Initialize ACL context. */ krb5_error_code kadm5int_acl_init(kcontext, debug_level, acl_file) - krb5_context kcontext; - int debug_level; - char *acl_file; + krb5_context kcontext; + int debug_level; + char *acl_file; { - krb5_error_code kret; + krb5_error_code kret; kret = 0; acl_debug_level = debug_level; DPRINT(DEBUG_CALLS, acl_debug_level, - ("* kadm5int_acl_init(afile=%s)\n", - ((acl_file) ? acl_file : "(null)"))); + ("* kadm5int_acl_init(afile=%s)\n", + ((acl_file) ? acl_file : "(null)"))); acl_acl_file = (acl_file) ? acl_file : (char *) KRB5_DEFAULT_ADMIN_ACL; acl_inited = kadm5int_acl_load_acl_file(); @@ -728,12 +729,12 @@ kadm5int_acl_init(kcontext, debug_level, acl_file) } /* - * kadm5int_acl_finish - Terminate ACL context. + * kadm5int_acl_finish - Terminate ACL context. */ void kadm5int_acl_finish(kcontext, debug_level) - krb5_context kcontext; - int debug_level; + krb5_context kcontext; + int debug_level; { DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_finish()\n")); kadm5int_acl_free_entries(); @@ -741,18 +742,18 @@ kadm5int_acl_finish(kcontext, debug_level) } /* - * kadm5int_acl_check_krb() - Is this operation permitted for this principal? + * kadm5int_acl_check_krb() - Is this operation permitted for this principal? */ krb5_boolean kadm5int_acl_check_krb(kcontext, caller_princ, opmask, principal, restrictions) - krb5_context kcontext; + krb5_context kcontext; krb5_const_principal caller_princ; - krb5_int32 opmask; + krb5_int32 opmask; krb5_const_principal principal; - restriction_t **restrictions; + restriction_t **restrictions; { - krb5_boolean retval; - aent_t *aentry; + krb5_boolean retval; + aent_t *aentry; DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_op_permitted()\n")); @@ -760,59 +761,59 @@ kadm5int_acl_check_krb(kcontext, caller_princ, opmask, principal, restrictions) aentry = kadm5int_acl_find_entry(kcontext, caller_princ, principal); if (aentry) { - if ((aentry->ae_op_allowed & opmask) == opmask) { - retval = TRUE; - if (restrictions) { - *restrictions = - (aentry->ae_restrictions && aentry->ae_restrictions->mask) - ? aentry->ae_restrictions - : (restriction_t *) NULL; - } - } + if ((aentry->ae_op_allowed & opmask) == opmask) { + retval = TRUE; + if (restrictions) { + *restrictions = + (aentry->ae_restrictions && aentry->ae_restrictions->mask) + ? aentry->ae_restrictions + : (restriction_t *) NULL; + } + } } DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_op_permitted()=%d\n", - retval)); + retval)); return retval; } /* - * kadm5int_acl_check() - Is this operation permitted for this principal? - * this code used not to be based on gssapi. In order - * to minimize porting hassles, I've put all the - * gssapi hair in this function. This might not be - * the best medium-term solution. (The best long-term - * solution is, of course, a real authorization service.) + * kadm5int_acl_check() - Is this operation permitted for this principal? + * this code used not to be based on gssapi. In order + * to minimize porting hassles, I've put all the + * gssapi hair in this function. This might not be + * the best medium-term solution. (The best long-term + * solution is, of course, a real authorization service.) */ krb5_boolean kadm5int_acl_check(kcontext, caller, opmask, principal, restrictions) - krb5_context kcontext; - gss_name_t caller; - krb5_int32 opmask; - krb5_principal principal; - restriction_t **restrictions; + krb5_context kcontext; + gss_name_t caller; + krb5_int32 opmask; + krb5_principal principal; + restriction_t **restrictions; { - krb5_boolean retval; - gss_buffer_desc caller_buf; - gss_OID caller_oid; - OM_uint32 emaj, emin; - krb5_error_code code; - krb5_principal caller_princ; + krb5_boolean retval; + gss_buffer_desc caller_buf; + gss_OID caller_oid; + OM_uint32 emaj, emin; + krb5_error_code code; + krb5_principal caller_princ; if (GSS_ERROR(emaj = gss_display_name(&emin, caller, &caller_buf, - &caller_oid))) - return FALSE; + &caller_oid))) + return FALSE; code = krb5_parse_name(kcontext, (char *) caller_buf.value, - &caller_princ); + &caller_princ); gss_release_buffer(&emin, &caller_buf); if (code != 0) - return FALSE; + return FALSE; retval = kadm5int_acl_check_krb(kcontext, caller_princ, - opmask, principal, restrictions); + opmask, principal, restrictions); krb5_free_principal(kcontext, caller_princ); @@ -822,13 +823,13 @@ kadm5int_acl_check(kcontext, caller, opmask, principal, restrictions) kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) { - CHECK_HANDLE(server_handle); + CHECK_HANDLE(server_handle); - /* this is impossible to do with the current interface. For now, - return all privs, which will confuse some clients, but not - deny any access to users of "smart" clients which try to cache */ + /* this is impossible to do with the current interface. For now, + return all privs, which will confuse some clients, but not + deny any access to users of "smart" clients which try to cache */ - *privs = ~0; + *privs = ~0; - return KADM5_OK; + return KADM5_OK; } diff --git a/src/lib/kadm5/srv/server_acl.h b/src/lib/kadm5/srv/server_acl.h index c4c4789..b76fbb5 100644 --- a/src/lib/kadm5/srv/server_acl.h +++ b/src/lib/kadm5/srv/server_acl.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kadm5/srv/server_acl.h * @@ -25,85 +26,85 @@ * */ -#ifndef SERVER_ACL_H__ -#define SERVER_ACL_H__ +#ifndef SERVER_ACL_H__ +#define SERVER_ACL_H__ /* * Debug definitions. */ -#define DEBUG_SPROC 1 -#define DEBUG_OPERATION 2 -#define DEBUG_HOST 4 -#define DEBUG_REALM 8 -#define DEBUG_REQUESTS 16 -#define DEBUG_ACL 32 -#define DEBUG_PROTO 64 -#define DEBUG_CALLS 128 -#define DEBUG_NOSLAVES 256 -#ifdef DEBUG -#define DPRINT(l1, cl, al) if ((cl & l1) != 0) xprintf al -#else /* DEBUG */ -#define DPRINT(l1, cl, al) -#endif /* DEBUG */ +#define DEBUG_SPROC 1 +#define DEBUG_OPERATION 2 +#define DEBUG_HOST 4 +#define DEBUG_REALM 8 +#define DEBUG_REQUESTS 16 +#define DEBUG_ACL 32 +#define DEBUG_PROTO 64 +#define DEBUG_CALLS 128 +#define DEBUG_NOSLAVES 256 +#ifdef DEBUG +#define DPRINT(l1, cl, al) if ((cl & l1) != 0) xprintf al +#else /* DEBUG */ +#define DPRINT(l1, cl, al) +#endif /* DEBUG */ /* * Access control bits. */ -#define ACL_ADD 1 -#define ACL_DELETE 2 -#define ACL_MODIFY 4 -#define ACL_CHANGEPW 8 -/* #define ACL_CHANGE_OWN_PW 16 */ -#define ACL_INQUIRE 32 -/* #define ACL_EXTRACT 64 */ -#define ACL_LIST 128 -#define ACL_SETKEY 256 -#define ACL_IPROP 512 -#define ACL_RENAME (ACL_ADD+ACL_DELETE) +#define ACL_ADD 1 +#define ACL_DELETE 2 +#define ACL_MODIFY 4 +#define ACL_CHANGEPW 8 +/* #define ACL_CHANGE_OWN_PW 16 */ +#define ACL_INQUIRE 32 +/* #define ACL_EXTRACT 64 */ +#define ACL_LIST 128 +#define ACL_SETKEY 256 +#define ACL_IPROP 512 +#define ACL_RENAME (ACL_ADD+ACL_DELETE) -#define ACL_ALL_MASK (ACL_ADD | \ - ACL_DELETE | \ - ACL_MODIFY | \ - ACL_CHANGEPW | \ - ACL_INQUIRE | \ - ACL_LIST | \ - ACL_IPROP | \ - ACL_SETKEY) +#define ACL_ALL_MASK (ACL_ADD | \ + ACL_DELETE | \ + ACL_MODIFY | \ + ACL_CHANGEPW | \ + ACL_INQUIRE | \ + ACL_LIST | \ + ACL_IPROP | \ + ACL_SETKEY) typedef struct _restriction { - long mask; - krb5_flags require_attrs; - krb5_flags forbid_attrs; - krb5_deltat princ_lifetime; - krb5_deltat pw_lifetime; - krb5_deltat max_life; - krb5_deltat max_renewable_life; - long aux_attributes; - char *policy; + long mask; + krb5_flags require_attrs; + krb5_flags forbid_attrs; + krb5_deltat princ_lifetime; + krb5_deltat pw_lifetime; + krb5_deltat max_life; + krb5_deltat max_renewable_life; + long aux_attributes; + char *policy; } restriction_t; krb5_error_code kadm5int_acl_init - (krb5_context, - int, - char *); +(krb5_context, + int, + char *); void kadm5int_acl_finish - (krb5_context, - int); +(krb5_context, + int); krb5_boolean kadm5int_acl_check - (krb5_context, - gss_name_t, - krb5_int32, - krb5_principal, - restriction_t **); +(krb5_context, + gss_name_t, + krb5_int32, + krb5_principal, + restriction_t **); krb5_boolean kadm5int_acl_check_krb - (krb5_context, - krb5_const_principal, - krb5_int32, - krb5_const_principal, - restriction_t **); +(krb5_context, + krb5_const_principal, + krb5_int32, + krb5_const_principal, + restriction_t **); krb5_error_code kadm5int_acl_impose_restrictions - (krb5_context, - kadm5_principal_ent_rec *, - long *, - restriction_t *); -#endif /* SERVER_ACL_H__ */ +(krb5_context, + kadm5_principal_ent_rec *, + long *, + restriction_t *); +#endif /* SERVER_ACL_H__ */ diff --git a/src/lib/kadm5/srv/server_dict.c b/src/lib/kadm5/srv/server_dict.c index 8129994..81cc5f9 100644 --- a/src/lib/kadm5/srv/server_dict.c +++ b/src/lib/kadm5/srv/server_dict.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -26,24 +27,24 @@ static char *rcsid = "$Header$"; #include "server_internal.h" #include "k5-platform.h" -static char **word_list = NULL; /* list of word pointers */ -static char *word_block = NULL; /* actual word data */ -static unsigned int word_count = 0; /* number of words */ +static char **word_list = NULL; /* list of word pointers */ +static char *word_block = NULL; /* actual word data */ +static unsigned int word_count = 0; /* number of words */ /* * Function: word_compare - * + * * Purpose: compare two words in the dictionary. * * Arguments: - * w1 (input) pointer to first word - * w2 (input) pointer to second word - * <return value> result of strcmp + * w1 (input) pointer to first word + * w2 (input) pointer to second word + * <return value> result of strcmp * * Requires: - * w1 and w2 to point to valid memory - * + * w1 and w2 to point to valid memory + * */ static int @@ -54,81 +55,81 @@ word_compare(const void *s1, const void *s2) /* * Function: init-dict - * + * * Purpose: Initialize in memory word dictionary * * Arguments: - * none - * <return value> KADM5_OK on success errno on failure; - * (but success on ENOENT) + * none + * <return value> KADM5_OK on success errno on failure; + * (but success on ENOENT) * * Requires: - * If WORDFILE exists, it must contain a list of words, - * one word per-line. - * + * If WORDFILE exists, it must contain a list of words, + * one word per-line. + * * Effects: - * If WORDFILE exists, it is read into memory sorted for future + * If WORDFILE exists, it is read into memory sorted for future * use. If it does not exist, it syslogs an error message and returns * success. * * Modifies: - * word_list to point to a chunck of allocated memory containing - * pointers to words - * word_block to contain the dictionary. - * + * word_list to point to a chunck of allocated memory containing + * pointers to words + * word_block to contain the dictionary. + * */ int init_dict(kadm5_config_params *params) { - int fd, - len, - i; - char *p, - *t; + int fd, + len, + i; + char *p, + *t; struct stat sb; - + if(word_list != NULL && word_block != NULL) - return KADM5_OK; + return KADM5_OK; if (! (params->mask & KADM5_CONFIG_DICT_FILE)) { - krb5_klog_syslog(LOG_INFO, "No dictionary file specified, continuing " - "without one."); - return KADM5_OK; + krb5_klog_syslog(LOG_INFO, "No dictionary file specified, continuing " + "without one."); + return KADM5_OK; } if ((fd = open(params->dict_file, O_RDONLY)) == -1) { - if (errno == ENOENT) { - krb5_klog_syslog(LOG_ERR, - "WARNING! Cannot find dictionary file %s, " - "continuing without one.", params->dict_file); - return KADM5_OK; - } else - return errno; + if (errno == ENOENT) { + krb5_klog_syslog(LOG_ERR, + "WARNING! Cannot find dictionary file %s, " + "continuing without one.", params->dict_file); + return KADM5_OK; + } else + return errno; } set_cloexec_fd(fd); if (fstat(fd, &sb) == -1) { - close(fd); - return errno; + close(fd); + return errno; } if ((word_block = (char *) malloc(sb.st_size + 1)) == NULL) - return ENOMEM; + return ENOMEM; if (read(fd, word_block, sb.st_size) != sb.st_size) - return errno; + return errno; (void) close(fd); word_block[sb.st_size] = '\0'; p = word_block; len = sb.st_size; while(len > 0 && (t = memchr(p, '\n', len)) != NULL) { - *t = '\0'; - len -= t - p + 1; - p = t + 1; - word_count++; + *t = '\0'; + len -= t - p + 1; + p = t + 1; + word_count++; } if ((word_list = (char **) malloc(word_count * sizeof(char *))) == NULL) - return ENOMEM; + return ENOMEM; p = word_block; for (i = 0; i < word_count; i++) { - word_list[i] = p; - p += strlen(p) + 1; + word_list[i] = p; + p += strlen(p) + 1; } qsort(word_list, word_count, sizeof(char *), word_compare); return KADM5_OK; @@ -136,25 +137,25 @@ int init_dict(kadm5_config_params *params) /* * Function: find_word - * + * * Purpose: See if the specified word exists in the in-core dictionary * * Arguments: - * word (input) word to search for. - * <return value> WORD_NOT_FOUND if not in dictionary, - * KADM5_OK if if found word - * errno if init needs to be called and returns an - * error + * word (input) word to search for. + * <return value> WORD_NOT_FOUND if not in dictionary, + * KADM5_OK if if found word + * errno if init needs to be called and returns an + * error * * Requires: - * word to be a null terminated string. - * That word_list and word_block besetup - * + * word to be a null terminated string. + * That word_list and word_block besetup + * * Effects: - * finds word in dictionary. + * finds word in dictionary. * Modifies: - * nothing. - * + * nothing. + * */ int @@ -162,46 +163,46 @@ find_word(const char *word) { char **value; - if(word_list == NULL || word_block == NULL) - return WORD_NOT_FOUND; + if(word_list == NULL || word_block == NULL) + return WORD_NOT_FOUND; if ((value = (char **) bsearch(&word, word_list, word_count, sizeof(char *), - word_compare)) == NULL) - return WORD_NOT_FOUND; + word_compare)) == NULL) + return WORD_NOT_FOUND; else - return KADM5_OK; + return KADM5_OK; } /* * Function: destroy_dict - * + * * Purpose: destroy in-core copy of dictionary. * * Arguments: - * none - * <return value> none + * none + * <return value> none * Requires: - * nothing + * nothing * Effects: - * frees up memory occupied by word_list and word_block - * sets count back to 0, and resets the pointers to NULL + * frees up memory occupied by word_list and word_block + * sets count back to 0, and resets the pointers to NULL * * Modifies: - * word_list, word_block, and word_count. - * + * word_list, word_block, and word_count. + * */ void destroy_dict(void) { if(word_list) { - free(word_list); - word_list = NULL; + free(word_list); + word_list = NULL; } if(word_block) { - free(word_block); - word_block = NULL; + free(word_block); + word_block = NULL; } if(word_count) - word_count = 0; + word_count = 0; return; } diff --git a/src/lib/kadm5/srv/server_handle.c b/src/lib/kadm5/srv/server_handle.c index 53abe94..37425c8 100644 --- a/src/lib/kadm5/srv/server_handle.c +++ b/src/lib/kadm5/srv/server_handle.c @@ -1,9 +1,10 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <krb5.h> #include <kadm5/admin.h> #include "server_internal.h" int _kadm5_check_handle(void *handle) { - CHECK_HANDLE(handle); - return 0; + CHECK_HANDLE(handle); + return 0; } diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index d5426f8..ed71cbf 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. * @@ -17,7 +18,7 @@ static char *rcsid = "$Header$"; #include <stdlib.h> #include <errno.h> #include <com_err.h> -#include "k5-int.h" /* needed for gssapiP_krb5.h */ +#include "k5-int.h" /* needed for gssapiP_krb5.h */ #include <kadm5/admin.h> #include <krb5.h> #include <kdb_log.h> @@ -33,13 +34,13 @@ static char *rcsid = "$Header$"; * * Arguments: * - * handle The server handle. + * handle The server handle. */ static int check_handle(void *handle) { - CHECK_HANDLE(handle); - return 0; + CHECK_HANDLE(handle); + return 0; } static int dup_db_args(kadm5_server_handle_t handle, char **db_args) @@ -49,30 +50,30 @@ static int dup_db_args(kadm5_server_handle_t handle, char **db_args) for (count=0; db_args && db_args[count]; count++); if (count == 0) { - handle->db_args = NULL; - goto clean_n_exit; + handle->db_args = NULL; + goto clean_n_exit; } handle->db_args = calloc(sizeof(char*), count+1); if (handle->db_args == NULL) { - ret=ENOMEM; - goto clean_n_exit; + ret=ENOMEM; + goto clean_n_exit; } for (count=0; db_args[count]; count++) { - handle->db_args[count] = strdup(db_args[count]); - if (handle->db_args[count] == NULL) { - ret = ENOMEM; - goto clean_n_exit; - } + handle->db_args[count] = strdup(db_args[count]); + if (handle->db_args[count] == NULL) { + ret = ENOMEM; + goto clean_n_exit; + } } - clean_n_exit: +clean_n_exit: if (ret && handle->db_args) { - for (count=0; handle->db_args[count]; count++) - free(handle->db_args[count]); + for (count=0; handle->db_args[count]; count++) + free(handle->db_args[count]); - free(handle->db_args), handle->db_args = NULL; + free(handle->db_args), handle->db_args = NULL; } return ret; @@ -83,97 +84,97 @@ static void free_db_args(kadm5_server_handle_t handle) int count; if (handle->db_args) { - for (count=0; handle->db_args[count]; count++) - free(handle->db_args[count]); + for (count=0; handle->db_args[count]; count++) + free(handle->db_args[count]); - free(handle->db_args), handle->db_args = NULL; + free(handle->db_args), handle->db_args = NULL; } } kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name, - char *pass, char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *pass, char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { return kadm5_init(context, client_name, pass, service_name, params, - struct_version, api_version, db_args, - server_handle); + struct_version, api_version, db_args, + server_handle); } kadm5_ret_t kadm5_init_with_creds(krb5_context context, - char *client_name, - krb5_ccache ccache, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *client_name, + krb5_ccache ccache, + char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { - /* - * A program calling init_with_creds *never* expects to prompt - * the user. If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is - * non-zero, return an error. - */ - if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && - params->mkey_from_kbd) - return KADM5_BAD_SERVER_PARAMS; - return kadm5_init(context, client_name, NULL, service_name, params, - struct_version, api_version, db_args, - server_handle); + /* + * A program calling init_with_creds *never* expects to prompt + * the user. If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is + * non-zero, return an error. + */ + if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && + params->mkey_from_kbd) + return KADM5_BAD_SERVER_PARAMS; + return kadm5_init(context, client_name, NULL, service_name, params, + struct_version, api_version, db_args, + server_handle); } kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name, - char *keytab, char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *keytab, char *service_name, + kadm5_config_params *params, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { - /* - * A program calling init_with_skey *never* expects to prompt the - * user. If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is - * non-zero, return an error. - */ - if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && - params->mkey_from_kbd) - return KADM5_BAD_SERVER_PARAMS; - return kadm5_init(context, client_name, NULL, service_name, params, - struct_version, api_version, db_args, - server_handle); + /* + * A program calling init_with_skey *never* expects to prompt the + * user. If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is + * non-zero, return an error. + */ + if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && + params->mkey_from_kbd) + return KADM5_BAD_SERVER_PARAMS; + return kadm5_init(context, client_name, NULL, service_name, params, + struct_version, api_version, db_args, + server_handle); } kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, - char *service_name, - kadm5_config_params *params_in, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - char **db_args, - void **server_handle) + char *service_name, + kadm5_config_params *params_in, + krb5_ui_4 struct_version, + krb5_ui_4 api_version, + char **db_args, + void **server_handle) { - int ret; - kadm5_server_handle_t handle; - kadm5_config_params params_local; /* for v1 compat */ + int ret; + kadm5_server_handle_t handle; + kadm5_config_params params_local; /* for v1 compat */ if (! server_handle) - return EINVAL; + return EINVAL; if (! client_name) - return EINVAL; + return EINVAL; if (! (handle = (kadm5_server_handle_t) malloc(sizeof *handle))) - return ENOMEM; + return ENOMEM; memset(handle, 0, sizeof(*handle)); ret = dup_db_args(handle, db_args); if (ret) { - free(handle); - return ret; + free(handle); + return ret; } handle->context = context; @@ -186,91 +187,91 @@ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, handle->struct_version = struct_version; handle->api_version = api_version; - /* - * Verify the version numbers before proceeding; we can't use - * CHECK_HANDLE because not all fields are set yet. - */ - GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, - KADM5_NEW_SERVER_API_VERSION); + /* + * Verify the version numbers before proceeding; we can't use + * CHECK_HANDLE because not all fields are set yet. + */ + GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, + KADM5_NEW_SERVER_API_VERSION); - /* - * Acquire relevant profile entries. Merge values - * in params_in with values from profile, based on - * params_in->mask. - */ - memset(¶ms_local, 0, sizeof(params_local)); + /* + * Acquire relevant profile entries. Merge values + * in params_in with values from profile, based on + * params_in->mask. + */ + memset(¶ms_local, 0, sizeof(params_local)); #if 0 /* Now that we look at krb5.conf as well as kdc.conf, we can - expect to see admin_server being set sometimes. */ + expect to see admin_server being set sometimes. */ #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER) - if (params_in && (params_in->mask & ILLEGAL_PARAMS)) { - free_db_args(handle); - free(handle); - return KADM5_BAD_SERVER_PARAMS; - } + if (params_in && (params_in->mask & ILLEGAL_PARAMS)) { + free_db_args(handle); + free(handle); + return KADM5_BAD_SERVER_PARAMS; + } #endif - ret = kadm5_get_config_params(handle->context, 1, params_in, - &handle->params); - if (ret) { - free_db_args(handle); - free(handle); - return(ret); - } - -#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_DBNAME | \ - KADM5_CONFIG_ENCTYPE | \ - KADM5_CONFIG_FLAGS | \ - KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \ - KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES) - -#define IPROP_REQUIRED_PARAMS \ - (KADM5_CONFIG_IPROP_ENABLED | \ - KADM5_CONFIG_IPROP_LOGFILE | \ - KADM5_CONFIG_IPROP_PORT) - - if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { - free_db_args(handle); - free(handle); - return KADM5_MISSING_CONF_PARAMS; - } - if ((handle->params.mask & KADM5_CONFIG_IPROP_ENABLED) == KADM5_CONFIG_IPROP_ENABLED - && handle->params.iprop_enabled) { - if ((handle->params.mask & IPROP_REQUIRED_PARAMS) != IPROP_REQUIRED_PARAMS) { - free_db_args(handle); - free(handle); - return KADM5_MISSING_CONF_PARAMS; - } - } - - ret = krb5_set_default_realm(handle->context, handle->params.realm); - if (ret) { - free_db_args(handle); - free(handle); - return ret; - } + ret = kadm5_get_config_params(handle->context, 1, params_in, + &handle->params); + if (ret) { + free_db_args(handle); + free(handle); + return(ret); + } + +#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_DBNAME | \ + KADM5_CONFIG_ENCTYPE | \ + KADM5_CONFIG_FLAGS | \ + KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \ + KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES) + +#define IPROP_REQUIRED_PARAMS \ + (KADM5_CONFIG_IPROP_ENABLED | \ + KADM5_CONFIG_IPROP_LOGFILE | \ + KADM5_CONFIG_IPROP_PORT) + + if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { + free_db_args(handle); + free(handle); + return KADM5_MISSING_CONF_PARAMS; + } + if ((handle->params.mask & KADM5_CONFIG_IPROP_ENABLED) == KADM5_CONFIG_IPROP_ENABLED + && handle->params.iprop_enabled) { + if ((handle->params.mask & IPROP_REQUIRED_PARAMS) != IPROP_REQUIRED_PARAMS) { + free_db_args(handle); + free(handle); + return KADM5_MISSING_CONF_PARAMS; + } + } + + ret = krb5_set_default_realm(handle->context, handle->params.realm); + if (ret) { + free_db_args(handle); + free(handle); + return ret; + } ret = krb5_db_open(handle->context, db_args, - KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN); + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN); if (ret) { - free_db_args(handle); - free(handle); - return(ret); + free_db_args(handle); + free(handle); + return(ret); } if ((ret = krb5_parse_name(handle->context, client_name, - &handle->current_caller))) { - krb5_db_fini(handle->context); - free_db_args(handle); - free(handle); - return ret; + &handle->current_caller))) { + krb5_db_fini(handle->context); + free_db_args(handle); + free(handle); + return ret; } if (! (handle->lhandle = malloc(sizeof(*handle)))) { - krb5_db_fini(handle->context); - free_db_args(handle); - free(handle); - return ENOMEM; + krb5_db_fini(handle->context); + free_db_args(handle); + free(handle); + return ENOMEM; } *handle->lhandle = *handle; handle->lhandle->api_version = KADM5_API_VERSION_3; @@ -280,36 +281,36 @@ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, /* can't check the handle until current_caller is set */ ret = check_handle((void *) handle); if (ret) { - free_db_args(handle); - free(handle); - return ret; + free_db_args(handle); + free(handle); + return ret; } ret = kdb_init_master(handle, handle->params.realm, - (handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD) - && handle->params.mkey_from_kbd); + (handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD) + && handle->params.mkey_from_kbd); if (ret) { - krb5_db_fini(handle->context); - free_db_args(handle); - free(handle); - return ret; + krb5_db_fini(handle->context); + free_db_args(handle); + free(handle); + return ret; } ret = kdb_init_hist(handle, handle->params.realm); if (ret) { - krb5_db_fini(handle->context); - free_db_args(handle); - free(handle); - return ret; + krb5_db_fini(handle->context); + free_db_args(handle); + free(handle); + return ret; } ret = init_dict(&handle->params); if (ret) { - krb5_db_fini(handle->context); - krb5_free_principal(handle->context, handle->current_caller); - free_db_args(handle); - free(handle); - return ret; + krb5_db_fini(handle->context); + krb5_free_principal(handle->context, handle->current_caller); + free_db_args(handle); + free(handle); + return ret; } *server_handle = (void *) handle; @@ -345,7 +346,7 @@ kadm5_ret_t kadm5_lock(void *server_handle) CHECK_HANDLE(server_handle); ret = krb5_db_lock(handle->context, KRB5_DB_LOCKMODE_EXCLUSIVE); if (ret) - return ret; + return ret; return KADM5_OK; } @@ -358,33 +359,33 @@ kadm5_ret_t kadm5_unlock(void *server_handle) CHECK_HANDLE(server_handle); ret = krb5_db_unlock(handle->context); if (ret) - return ret; + return ret; return KADM5_OK; } kadm5_ret_t kadm5_flush(void *server_handle) { - kadm5_server_handle_t handle = server_handle; - kadm5_ret_t ret; - - CHECK_HANDLE(server_handle); - - if ((ret = krb5_db_fini(handle->context)) || - (ret = krb5_db_open(handle->context, handle->db_args, - KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) || - (ret = adb_policy_close(handle)) || - (ret = adb_policy_init(handle))) { - (void) kadm5_destroy(server_handle); - return ret; - } - return KADM5_OK; + kadm5_server_handle_t handle = server_handle; + kadm5_ret_t ret; + + CHECK_HANDLE(server_handle); + + if ((ret = krb5_db_fini(handle->context)) || + (ret = krb5_db_open(handle->context, handle->db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) || + (ret = adb_policy_close(handle)) || + (ret = adb_policy_init(handle))) { + (void) kadm5_destroy(server_handle); + return ret; + } + return KADM5_OK; } int _kadm5_check_handle(void *handle) { - CHECK_HANDLE(handle); - return 0; + CHECK_HANDLE(handle); + return 0; } #include "gssapiP_krb5.h" @@ -392,11 +393,11 @@ krb5_error_code kadm5_init_krb5_context (krb5_context *ctx) { static int first_time = 1; if (first_time) { - krb5_error_code err; - err = krb5_gss_use_kdc_context(); - if (err) - return err; - first_time = 0; + krb5_error_code err; + err = krb5_gss_use_kdc_context(); + if (err) + return err; + first_time = 0; } return krb5int_init_context_kdc(ctx); } @@ -404,17 +405,17 @@ krb5_error_code kadm5_init_krb5_context (krb5_context *ctx) krb5_error_code kadm5_init_iprop(void *handle, char **db_args) { - kadm5_server_handle_t iprop_h; - krb5_error_code retval; - - iprop_h = handle; - if (iprop_h->params.iprop_enabled) { - ulog_set_role(iprop_h->context, IPROP_MASTER); - if ((retval = ulog_map(iprop_h->context, - iprop_h->params.iprop_logfile, - iprop_h->params.iprop_ulogsize, - FKCOMMAND, db_args)) != 0) - return (retval); - } - return (0); + kadm5_server_handle_t iprop_h; + krb5_error_code retval; + + iprop_h = handle; + if (iprop_h->params.iprop_enabled) { + ulog_set_role(iprop_h->context, IPROP_MASTER); + if ((retval = ulog_map(iprop_h->context, + iprop_h->params.iprop_logfile, + iprop_h->params.iprop_ulogsize, + FKCOMMAND, db_args)) != 0) + return (retval); + } + return (0); } diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index fe2020d..4b1d05d 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -19,88 +20,88 @@ static char *rcsid = "$Header$"; #include <kadm5/admin.h> #include "server_internal.h" -krb5_principal master_princ; -krb5_keyblock master_keyblock; /* local mkey */ +krb5_principal master_princ; +krb5_keyblock master_keyblock; /* local mkey */ krb5_keylist_node *master_keylist = NULL; krb5_actkvno_node *active_mkey_list = NULL; -krb5_db_entry master_db; +krb5_db_entry master_db; -krb5_principal hist_princ; -krb5_keyblock hist_key; -krb5_db_entry hist_db; -krb5_kvno hist_kvno; +krb5_principal hist_princ; +krb5_keyblock hist_key; +krb5_db_entry hist_db; +krb5_kvno hist_kvno; /* much of this code is stolen from the kdc. there should be some library code to deal with this. */ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, - char *r, int from_keyboard) + char *r, int from_keyboard) { - int ret = 0; - char *realm; + int ret = 0; + char *realm; krb5_boolean from_kbd = FALSE; krb5_kvno mkvno = IGNORE_VNO; if (from_keyboard) - from_kbd = TRUE; + from_kbd = TRUE; if (r == NULL) { - if ((ret = krb5_get_default_realm(handle->context, &realm))) - return ret; + if ((ret = krb5_get_default_realm(handle->context, &realm))) + return ret; } else { - realm = r; + realm = r; } if ((ret = krb5_db_setup_mkey_name(handle->context, - handle->params.mkey_name, - realm, NULL, &master_princ))) - goto done; + handle->params.mkey_name, + realm, NULL, &master_princ))) + goto done; master_keyblock.enctype = handle->params.enctype; - /* + /* * Fetch the local mkey, may not be the latest but that's okay because we * really want the list of all mkeys and those can be retrieved with any * valid mkey. */ ret = krb5_db_fetch_mkey(handle->context, master_princ, - master_keyblock.enctype, from_kbd, - FALSE /* only prompt once */, - handle->params.stash_file, - &mkvno /* get the kvno of the returned mkey */, - NULL /* I'm not sure about this, - but it's what the kdc does --marc */, - &master_keyblock); + master_keyblock.enctype, from_kbd, + FALSE /* only prompt once */, + handle->params.stash_file, + &mkvno /* get the kvno of the returned mkey */, + NULL /* I'm not sure about this, + but it's what the kdc does --marc */, + &master_keyblock); if (ret) - goto done; - + goto done; + #if 0 /************** Begin IFDEF'ed OUT *******************************/ /* * krb5_db_fetch_mkey_list will verify mkey so don't call * krb5_db_verify_master_key() */ if ((ret = krb5_db_verify_master_key(handle->context, master_princ, - IGNORE_VNO, &master_keyblock))) { - krb5_db_fini(handle->context); - return ret; + IGNORE_VNO, &master_keyblock))) { + krb5_db_fini(handle->context); + return ret; } #endif /**************** END IFDEF'ed OUT *******************************/ if ((ret = krb5_db_fetch_mkey_list(handle->context, master_princ, - &master_keyblock, mkvno, &master_keylist))) { - krb5_db_fini(handle->context); - return (ret); + &master_keyblock, mkvno, &master_keylist))) { + krb5_db_fini(handle->context); + return (ret); } if ((ret = krb5_dbe_fetch_act_key_list(handle->context, master_princ, - &active_mkey_list))) { - krb5_db_fini(handle->context); - return (ret); + &active_mkey_list))) { + krb5_db_fini(handle->context); + return (ret); } done: if (r == NULL) - free(realm); + free(realm); return(ret); } @@ -112,17 +113,17 @@ done: * * Arguments: * - * handle (r) kadm5 api server handle - * r (r) realm of history principal to use, or NULL + * handle (r) kadm5 api server handle + * r (r) realm of history principal to use, or NULL * * Effects: This function sets the value of the following global * variables: * - * hist_princ krb5_principal holding the history principal - * hist_db krb5_db_entry of the history principal - * hist_key krb5_keyblock holding the history principal's key - * hist_encblock krb5_encrypt_block holding the procssed hist_key - * hist_kvno the version number of the history key + * hist_princ krb5_principal holding the history principal + * hist_db krb5_db_entry of the history principal + * hist_key krb5_keyblock holding the history principal's key + * hist_encblock krb5_encrypt_block holding the procssed hist_key + * hist_kvno the version number of the history key * * If the history principal does not already exist, this function * attempts to create it with kadm5_create_principal. WARNING! @@ -133,98 +134,98 @@ done: */ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r) { - int ret = 0; + int ret = 0; char *realm, *hist_name; krb5_key_data *key_data; krb5_key_salt_tuple ks[1]; krb5_keyblock *tmp_mkey; if (r == NULL) { - if ((ret = krb5_get_default_realm(handle->context, &realm))) - return ret; + if ((ret = krb5_get_default_realm(handle->context, &realm))) + return ret; } else { - realm = r; + realm = r; } if (asprintf(&hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm) < 0) { - hist_name = NULL; - goto done; + hist_name = NULL; + goto done; } if ((ret = krb5_parse_name(handle->context, hist_name, &hist_princ))) - goto done; + goto done; if ((ret = kdb_get_entry(handle, hist_princ, &hist_db, NULL))) { - kadm5_principal_ent_rec ent; + kadm5_principal_ent_rec ent; - if (ret != KADM5_UNK_PRINC) - goto done; + if (ret != KADM5_UNK_PRINC) + goto done; - /* try to create the principal */ + /* try to create the principal */ - memset(&ent, 0, sizeof(ent)); + memset(&ent, 0, sizeof(ent)); - ent.principal = hist_princ; - ent.max_life = KRB5_KDB_DISALLOW_ALL_TIX; - ent.attributes = 0; + ent.principal = hist_princ; + ent.max_life = KRB5_KDB_DISALLOW_ALL_TIX; + ent.attributes = 0; - /* this uses hist_kvno. So we set it to 2, which will be the - correct value once the principal is created and randomized. - Of course, it doesn't make sense to keep a history for the - history principal, anyway. */ + /* this uses hist_kvno. So we set it to 2, which will be the + correct value once the principal is created and randomized. + Of course, it doesn't make sense to keep a history for the + history principal, anyway. */ - hist_kvno = 2; - ks[0].ks_enctype = handle->params.enctype; - ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL; - ret = kadm5_create_principal_3(handle, &ent, - (KADM5_PRINCIPAL | KADM5_MAX_LIFE | - KADM5_ATTRIBUTES), - 1, ks, - "to-be-random"); - if (ret) - goto done; + hist_kvno = 2; + ks[0].ks_enctype = handle->params.enctype; + ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL; + ret = kadm5_create_principal_3(handle, &ent, + (KADM5_PRINCIPAL | KADM5_MAX_LIFE | + KADM5_ATTRIBUTES), + 1, ks, + "to-be-random"); + if (ret) + goto done; - /* this won't let us randomize the hist_princ. So we cheat. */ + /* this won't let us randomize the hist_princ. So we cheat. */ - hist_princ = NULL; + hist_princ = NULL; - ret = kadm5_randkey_principal_3(handle, ent.principal, 0, 1, ks, - NULL, NULL); + ret = kadm5_randkey_principal_3(handle, ent.principal, 0, 1, ks, + NULL, NULL); - hist_princ = ent.principal; + hist_princ = ent.principal; - if (ret) - goto done; + if (ret) + goto done; - /* now read the newly-created kdb record out of the - database. */ + /* now read the newly-created kdb record out of the + database. */ - if ((ret = kdb_get_entry(handle, hist_princ, &hist_db, NULL))) - goto done; + if ((ret = kdb_get_entry(handle, hist_princ, &hist_db, NULL))) + goto done; } ret = krb5_dbe_find_enctype(handle->context, &hist_db, - handle->params.enctype, -1, -1, &key_data); + handle->params.enctype, -1, -1, &key_data); if (ret) - goto done; + goto done; ret = krb5_dbe_find_mkey(handle->context, master_keylist, &hist_db, &tmp_mkey); if (ret) - goto done; + goto done; ret = krb5_dbekd_decrypt_key_data(handle->context, tmp_mkey, - key_data, &hist_key, NULL); + key_data, &hist_key, NULL); if (ret) - goto done; + goto done; hist_kvno = key_data->key_data_kvno; done: free(hist_name); if (r == NULL) - free(realm); + free(realm); return ret; } @@ -236,10 +237,10 @@ done: * * Arguments: * - * handle (r) the server_handle - * principal (r) the principal to get - * kdb (w) krb5_db_entry to fill in - * adb (w) osa_princ_ent_rec to fill in + * handle (r) the server_handle + * principal (r) the principal to get + * kdb (w) krb5_db_entry to fill in + * adb (w) osa_princ_ent_rec to fill in * * when the caller is done with kdb and adb, kdb_free_entry must be * called to release them. The adb record is filled in with the @@ -248,8 +249,8 @@ done: */ krb5_error_code kdb_get_entry(kadm5_server_handle_t handle, - krb5_principal principal, krb5_db_entry *kdb, - osa_princ_ent_rec *adb) + krb5_principal principal, krb5_db_entry *kdb, + osa_princ_ent_rec *adb) { krb5_error_code ret; int nprincs; @@ -258,49 +259,49 @@ kdb_get_entry(kadm5_server_handle_t handle, XDR xdrs; ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs, - &more); + &more); if (ret) - return(ret); + return(ret); if (more) { - krb5_db_free_principal(handle->context, kdb, nprincs); - return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); + krb5_db_free_principal(handle->context, kdb, nprincs); + return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } else if (nprincs != 1) { - krb5_db_free_principal(handle->context, kdb, nprincs); - return(KADM5_UNK_PRINC); + krb5_db_free_principal(handle->context, kdb, nprincs); + return(KADM5_UNK_PRINC); } if (adb) { - memset(adb, 0, sizeof(*adb)); - - tl_data.tl_data_type = KRB5_TL_KADM_DATA; - /* - * XXX Currently, lookup_tl_data always returns zero; it sets - * tl_data->tl_data_length to zero if the type isn't found. - * This should be fixed... - */ - if ((ret = krb5_dbe_lookup_tl_data(handle->context, kdb, &tl_data)) - || (tl_data.tl_data_length == 0)) { - /* there's no admin data. this can happen, if the admin - server is put into production after some principals - are created. In this case, return valid admin - data (which is all zeros with the hist_kvno filled - in), and when the entry is written, the admin - data will get stored correctly. */ - - adb->admin_history_kvno = hist_kvno; - - return(ret); - } - - xdrmem_create(&xdrs, tl_data.tl_data_contents, - tl_data.tl_data_length, XDR_DECODE); - if (! xdr_osa_princ_ent_rec(&xdrs, adb)) { - xdr_destroy(&xdrs); - krb5_db_free_principal(handle->context, kdb, 1); - return(KADM5_XDR_FAILURE); - } - xdr_destroy(&xdrs); + memset(adb, 0, sizeof(*adb)); + + tl_data.tl_data_type = KRB5_TL_KADM_DATA; + /* + * XXX Currently, lookup_tl_data always returns zero; it sets + * tl_data->tl_data_length to zero if the type isn't found. + * This should be fixed... + */ + if ((ret = krb5_dbe_lookup_tl_data(handle->context, kdb, &tl_data)) + || (tl_data.tl_data_length == 0)) { + /* there's no admin data. this can happen, if the admin + server is put into production after some principals + are created. In this case, return valid admin + data (which is all zeros with the hist_kvno filled + in), and when the entry is written, the admin + data will get stored correctly. */ + + adb->admin_history_kvno = hist_kvno; + + return(ret); + } + + xdrmem_create(&xdrs, tl_data.tl_data_contents, + tl_data.tl_data_length, XDR_DECODE); + if (! xdr_osa_princ_ent_rec(&xdrs, adb)) { + xdr_destroy(&xdrs); + krb5_db_free_principal(handle->context, kdb, 1); + return(KADM5_XDR_FAILURE); + } + xdr_destroy(&xdrs); } return(0); @@ -313,9 +314,9 @@ kdb_get_entry(kadm5_server_handle_t handle, * * Arguments: * - * handle (r) the server_handle - * kdb (w) krb5_db_entry to fill in - * adb (w) osa_princ_ent_rec to fill in + * handle (r) the server_handle + * kdb (w) krb5_db_entry to fill in + * adb (w) osa_princ_ent_rec to fill in * * when the caller is done with kdb and adb, kdb_free_entry must be * called to release them. @@ -323,18 +324,18 @@ kdb_get_entry(kadm5_server_handle_t handle, krb5_error_code kdb_free_entry(kadm5_server_handle_t handle, - krb5_db_entry *kdb, osa_princ_ent_rec *adb) + krb5_db_entry *kdb, osa_princ_ent_rec *adb) { XDR xdrs; if (kdb) - krb5_db_free_principal(handle->context, kdb, 1); + krb5_db_free_principal(handle->context, kdb, 1); if (adb) { - xdrmem_create(&xdrs, NULL, 0, XDR_FREE); - xdr_osa_princ_ent_rec(&xdrs, adb); - xdr_destroy(&xdrs); + xdrmem_create(&xdrs, NULL, 0, XDR_FREE); + xdr_osa_princ_ent_rec(&xdrs, adb); + xdr_destroy(&xdrs); } return(0); @@ -348,9 +349,9 @@ kdb_free_entry(kadm5_server_handle_t handle, * * Arguments: * - * handle (r) the server_handle - * kdb (r/w) the krb5_db_entry to store - * adb (r) the osa_princ_db_ent to store + * handle (r) the server_handle + * kdb (r/w) the krb5_db_entry to store + * adb (r) the osa_princ_db_ent to store * * Effects: * @@ -360,7 +361,7 @@ kdb_free_entry(kadm5_server_handle_t handle, */ krb5_error_code kdb_put_entry(kadm5_server_handle_t handle, - krb5_db_entry *kdb, osa_princ_ent_rec *adb) + krb5_db_entry *kdb, osa_princ_ent_rec *adb) { krb5_error_code ret; krb5_int32 now; @@ -370,17 +371,17 @@ kdb_put_entry(kadm5_server_handle_t handle, ret = krb5_timeofday(handle->context, &now); if (ret) - return(ret); + return(ret); ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now, - handle->current_caller); + handle->current_caller); if (ret) - return(ret); - - xdralloc_create(&xdrs, XDR_ENCODE); + return(ret); + + xdralloc_create(&xdrs, XDR_ENCODE); if(! xdr_osa_princ_ent_rec(&xdrs, adb)) { - xdr_destroy(&xdrs); - return(KADM5_XDR_FAILURE); + xdr_destroy(&xdrs); + return(KADM5_XDR_FAILURE); } tl_data.tl_data_type = KRB5_TL_KADM_DATA; tl_data.tl_data_length = xdr_getpos(&xdrs); @@ -391,7 +392,7 @@ kdb_put_entry(kadm5_server_handle_t handle, xdr_destroy(&xdrs); if (ret) - return(ret); + return(ret); one = 1; @@ -400,7 +401,7 @@ kdb_put_entry(kadm5_server_handle_t handle, ret = krb5_db_put_principal(handle->context, kdb, &one); if (ret) - return(ret); + return(ret); return(0); } @@ -410,7 +411,7 @@ kdb_delete_entry(kadm5_server_handle_t handle, krb5_principal name) { int one = 1; krb5_error_code ret; - + ret = krb5_db_delete_principal(handle->context, name, &one); return ret; @@ -433,7 +434,7 @@ kdb_iter_func(krb5_pointer data, krb5_db_entry *kdb) krb5_error_code kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry, - void (*iter_fct)(void *, krb5_principal), void *data) + void (*iter_fct)(void *, krb5_principal), void *data) { iter_data id; krb5_error_code ret; @@ -443,8 +444,7 @@ kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry, ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id); if (ret) - return(ret); + return(ret); return(0); } - diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c index cd65371..1faeb86 100644 --- a/src/lib/kadm5/srv/server_misc.c +++ b/src/lib/kadm5/srv/server_misc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -23,10 +24,10 @@ adb_policy_init(kadm5_server_handle_t handle) { /* now policy is initialized as part of database. No seperate call needed */ if( krb5_db_inited( handle->context ) ) - return KADM5_OK; + return KADM5_OK; - return krb5_db_open( handle->context, NULL, - KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN ); + return krb5_db_open( handle->context, NULL, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN ); } kadm5_ret_t @@ -40,144 +41,143 @@ adb_policy_close(kadm5_server_handle_t handle) /* stolen from v4sever/kadm_funcs.c */ static char * reverse(str) - char *str; + char *str; { - static char newstr[80]; - char *p, *q; - int i; - - i = strlen(str); - if (i >= sizeof(newstr)) - i = sizeof(newstr)-1; - p = str+i-1; - q = newstr; - q[i]='\0'; - for(; i > 0; i--) - *q++ = *p--; - - return(newstr); + static char newstr[80]; + char *p, *q; + int i; + + i = strlen(str); + if (i >= sizeof(newstr)) + i = sizeof(newstr)-1; + p = str+i-1; + q = newstr; + q[i]='\0'; + for(; i > 0; i--) + *q++ = *p--; + + return(newstr); } #endif /* HESIOD */ #if 0 static int lower(str) - char *str; + char *str; { - register char *cp; - int effect=0; - - for (cp = str; *cp; cp++) { - if (isupper(*cp)) { - *cp = tolower(*cp); - effect++; - } - } - return(effect); + register char *cp; + int effect=0; + + for (cp = str; *cp; cp++) { + if (isupper(*cp)) { + *cp = tolower(*cp); + effect++; + } + } + return(effect); } #endif #ifdef HESIOD static int str_check_gecos(gecos, pwstr) - char *gecos; - char *pwstr; + char *gecos; + char *pwstr; { - char *cp, *ncp, *tcp; - - for (cp = gecos; *cp; ) { - /* Skip past punctuation */ - for (; *cp; cp++) - if (isalnum(*cp)) - break; - /* Skip to the end of the word */ - for (ncp = cp; *ncp; ncp++) - if (!isalnum(*ncp) && *ncp != '\'') - break; - /* Delimit end of word */ - if (*ncp) - *ncp++ = '\0'; - /* Check word to see if it's the password */ - if (*cp) { - if (!strcasecmp(pwstr, cp)) - return 1; - tcp = reverse(cp); - if (!strcasecmp(pwstr, tcp)) - return 1; - cp = ncp; - } else - break; - } - return 0; + char *cp, *ncp, *tcp; + + for (cp = gecos; *cp; ) { + /* Skip past punctuation */ + for (; *cp; cp++) + if (isalnum(*cp)) + break; + /* Skip to the end of the word */ + for (ncp = cp; *ncp; ncp++) + if (!isalnum(*ncp) && *ncp != '\'') + break; + /* Delimit end of word */ + if (*ncp) + *ncp++ = '\0'; + /* Check word to see if it's the password */ + if (*cp) { + if (!strcasecmp(pwstr, cp)) + return 1; + tcp = reverse(cp); + if (!strcasecmp(pwstr, tcp)) + return 1; + cp = ncp; + } else + break; + } + return 0; } #endif /* HESIOD */ /* some of this is stolen from gatekeeper ... */ kadm5_ret_t passwd_check(kadm5_server_handle_t handle, - char *password, int use_policy, kadm5_policy_ent_t pol, - krb5_principal principal) + char *password, int use_policy, kadm5_policy_ent_t pol, + krb5_principal principal) { - int nupper = 0, - nlower = 0, - ndigit = 0, - npunct = 0, - nspec = 0; + int nupper = 0, + nlower = 0, + ndigit = 0, + npunct = 0, + nspec = 0; char c, *s, *cp; #ifdef HESIOD extern struct passwd *hes_getpwnam(); struct passwd *ent; #endif - + if(use_policy) { - if(strlen(password) < pol->pw_min_length) - return KADM5_PASS_Q_TOOSHORT; - s = password; - while ((c = *s++)) { - if (islower((unsigned char) c)) { - nlower = 1; - continue; - } - else if (isupper((unsigned char) c)) { - nupper = 1; - continue; - } else if (isdigit((unsigned char) c)) { - ndigit = 1; - continue; - } else if (ispunct((unsigned char) c)) { - npunct = 1; - continue; - } else { - nspec = 1; - continue; - } - } - if ((nupper + nlower + ndigit + npunct + nspec) < pol->pw_min_classes) - return KADM5_PASS_Q_CLASS; - if((find_word(password) == KADM5_OK)) - return KADM5_PASS_Q_DICT; - else { - int i, n = krb5_princ_size(handle->context, principal); - cp = krb5_princ_realm(handle->context, principal)->data; - if (strcasecmp(cp, password) == 0) - return KADM5_PASS_Q_DICT; - for (i = 0; i < n ; i++) { - cp = krb5_princ_component(handle->context, principal, i)->data; - if (strcasecmp(cp, password) == 0) - return KADM5_PASS_Q_DICT; + if(strlen(password) < pol->pw_min_length) + return KADM5_PASS_Q_TOOSHORT; + s = password; + while ((c = *s++)) { + if (islower((unsigned char) c)) { + nlower = 1; + continue; + } + else if (isupper((unsigned char) c)) { + nupper = 1; + continue; + } else if (isdigit((unsigned char) c)) { + ndigit = 1; + continue; + } else if (ispunct((unsigned char) c)) { + npunct = 1; + continue; + } else { + nspec = 1; + continue; + } + } + if ((nupper + nlower + ndigit + npunct + nspec) < pol->pw_min_classes) + return KADM5_PASS_Q_CLASS; + if((find_word(password) == KADM5_OK)) + return KADM5_PASS_Q_DICT; + else { + int i, n = krb5_princ_size(handle->context, principal); + cp = krb5_princ_realm(handle->context, principal)->data; + if (strcasecmp(cp, password) == 0) + return KADM5_PASS_Q_DICT; + for (i = 0; i < n ; i++) { + cp = krb5_princ_component(handle->context, principal, i)->data; + if (strcasecmp(cp, password) == 0) + return KADM5_PASS_Q_DICT; #ifdef HESIOD - ent = hes_getpwnam(cp); - if (ent && ent->pw_gecos) - if (str_check_gecos(ent->pw_gecos, password)) - return KADM5_PASS_Q_DICT; /* XXX new error code? */ + ent = hes_getpwnam(cp); + if (ent && ent->pw_gecos) + if (str_check_gecos(ent->pw_gecos, password)) + return KADM5_PASS_Q_DICT; /* XXX new error code? */ #endif - } - return KADM5_OK; - } + } + return KADM5_OK; + } } else { - if (strlen(password) < 1) - return KADM5_PASS_Q_TOOSHORT; + if (strlen(password) < 1) + return KADM5_PASS_Q_TOOSHORT; } - return KADM5_OK; + return KADM5_OK; } - diff --git a/src/lib/kadm5/srv/svr_chpass_util.c b/src/lib/kadm5/srv/svr_chpass_util.c index c8b6310..bfb6646 100644 --- a/src/lib/kadm5/srv/svr_chpass_util.c +++ b/src/lib/kadm5/srv/svr_chpass_util.c @@ -1,16 +1,17 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <kadm5/admin.h> #include "server_internal.h" kadm5_ret_t kadm5_chpass_principal_util(void *server_handle, - krb5_principal princ, - char *new_pw, - char **ret_pw, - char *msg_ret, - unsigned int msg_len) + krb5_principal princ, + char *new_pw, + char **ret_pw, + char *msg_ret, + unsigned int msg_len) { - kadm5_server_handle_t handle = server_handle; + kadm5_server_handle_t handle = server_handle; - CHECK_HANDLE(server_handle); - return _kadm5_chpass_principal_util(handle, handle->lhandle, princ, - new_pw, ret_pw, msg_ret, msg_len); + CHECK_HANDLE(server_handle); + return _kadm5_chpass_principal_util(handle, handle->lhandle, princ, + new_pw, ret_pw, msg_ret, msg_len); } diff --git a/src/lib/kadm5/srv/svr_iters.c b/src/lib/kadm5/srv/svr_iters.c index 757d3ab..77ef05a 100644 --- a/src/lib/kadm5/srv/svr_iters.c +++ b/src/lib/kadm5/srv/svr_iters.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -19,30 +20,30 @@ static char *rcsid = "$Header$"; #error I cannot find any regexp functions #endif -#include <sys/types.h> -#include <string.h> -#include <kadm5/admin.h> +#include <sys/types.h> +#include <string.h> +#include <kadm5/admin.h> #ifdef SOLARIS_REGEXPS -#include <regexpr.h> +#include <regexpr.h> #endif #ifdef POSIX_REGEXPS -#include <regex.h> +#include <regex.h> #endif #include <stdlib.h> -#include "server_internal.h" +#include "server_internal.h" struct iter_data { - krb5_context context; - char **names; - int n_names, sz_names; - unsigned int malloc_failed; - char *exp; + krb5_context context; + char **names; + int n_names, sz_names; + unsigned int malloc_failed; + char *exp; #ifdef SOLARIS_REGEXPS - char *expbuf; + char *expbuf; #endif #ifdef POSIX_REGEXPS - regex_t preg; + regex_t preg; #endif }; @@ -52,9 +53,9 @@ struct iter_data { * * Arguments: * - * glob (r) the shell-style glob (?*[]) to convert - * realm (r) the default realm to append, or NULL - * regexp (w) the ed-style regexp created from glob + * glob (r) the shell-style glob (?*[]) to convert + * realm (r) the default realm to append, or NULL + * regexp (w) the ed-style regexp created from glob * * Effects: * @@ -65,210 +66,209 @@ struct iter_data { * * Conversion algorithm: * - * quoted characters are copied quoted - * ? is converted to . - * * is converted to .* - * active characters are quoted: ^, $, . - * [ and ] are active but supported and have the same meaning, so - * they are copied - * other characters are copied - * regexp is anchored with ^ and $ + * quoted characters are copied quoted + * ? is converted to . + * * is converted to .* + * active characters are quoted: ^, $, . + * [ and ] are active but supported and have the same meaning, so + * they are copied + * other characters are copied + * regexp is anchored with ^ and $ */ static kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp) { - int append_realm; - char *p; + int append_realm; + char *p; - /* validate the glob */ - if (glob[strlen(glob)-1] == '\\') - return EINVAL; + /* validate the glob */ + if (glob[strlen(glob)-1] == '\\') + return EINVAL; - /* A character of glob can turn into two in regexp, plus ^ and $ */ - /* and trailing null. If glob has no @, also allocate space for */ - /* the realm. */ - append_realm = (realm != NULL) && (strchr(glob, '@') == NULL); - p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0)); - if (p == NULL) - return ENOMEM; - *regexp = p; + /* A character of glob can turn into two in regexp, plus ^ and $ */ + /* and trailing null. If glob has no @, also allocate space for */ + /* the realm. */ + append_realm = (realm != NULL) && (strchr(glob, '@') == NULL); + p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0)); + if (p == NULL) + return ENOMEM; + *regexp = p; - *p++ = '^'; - while (*glob) { - switch (*glob) { - case '?': - *p++ = '.'; - break; - case '*': - *p++ = '.'; - *p++ = '*'; - break; - case '.': - case '^': - case '$': - *p++ = '\\'; - *p++ = *glob; - break; - case '\\': - *p++ = '\\'; - *p++ = *++glob; - break; - default: - *p++ = *glob; - break; - } - glob++; - } + *p++ = '^'; + while (*glob) { + switch (*glob) { + case '?': + *p++ = '.'; + break; + case '*': + *p++ = '.'; + *p++ = '*'; + break; + case '.': + case '^': + case '$': + *p++ = '\\'; + *p++ = *glob; + break; + case '\\': + *p++ = '\\'; + *p++ = *++glob; + break; + default: + *p++ = *glob; + break; + } + glob++; + } - if (append_realm) { - *p++ = '@'; - *p++ = '.'; - *p++ = '*'; - } + if (append_realm) { + *p++ = '@'; + *p++ = '.'; + *p++ = '*'; + } - *p++ = '$'; - *p++ = '\0'; - return KADM5_OK; + *p++ = '$'; + *p++ = '\0'; + return KADM5_OK; } static void get_either_iter(struct iter_data *data, char *name) { - int match; + int match; #ifdef SOLARIS_REGEXPS - match = (step(name, data->expbuf) != 0); + match = (step(name, data->expbuf) != 0); #endif #ifdef POSIX_REGEXPS - match = (regexec(&data->preg, name, 0, NULL, 0) == 0); + match = (regexec(&data->preg, name, 0, NULL, 0) == 0); #endif #ifdef BSD_REGEXPS - match = (re_exec(name) != 0); + match = (re_exec(name) != 0); #endif - if (match) { - if (data->n_names == data->sz_names) { - int new_sz = data->sz_names * 2; - char **new_names = realloc(data->names, - new_sz * sizeof(char *)); - if (new_names) { - data->names = new_names; - data->sz_names = new_sz; - } else { - data->malloc_failed = 1; - free(name); - return; - } - } - data->names[data->n_names++] = name; - } else - free(name); + if (match) { + if (data->n_names == data->sz_names) { + int new_sz = data->sz_names * 2; + char **new_names = realloc(data->names, + new_sz * sizeof(char *)); + if (new_names) { + data->names = new_names; + data->sz_names = new_sz; + } else { + data->malloc_failed = 1; + free(name); + return; + } + } + data->names[data->n_names++] = name; + } else + free(name); } static void get_pols_iter(void *data, osa_policy_ent_t entry) { - char *name; + char *name; - if ((name = strdup(entry->name)) == NULL) - return; - get_either_iter(data, name); + if ((name = strdup(entry->name)) == NULL) + return; + get_either_iter(data, name); } static void get_princs_iter(void *data, krb5_principal princ) { - struct iter_data *id = (struct iter_data *) data; - char *name; - - if (krb5_unparse_name(id->context, princ, &name) != 0) - return; - get_either_iter(data, name); + struct iter_data *id = (struct iter_data *) data; + char *name; + + if (krb5_unparse_name(id->context, princ, &name) != 0) + return; + get_either_iter(data, name); } static kadm5_ret_t kadm5_get_either(int princ, - void *server_handle, - char *exp, - char ***princs, - int *count) + void *server_handle, + char *exp, + char ***princs, + int *count) { - struct iter_data data; + struct iter_data data; #ifdef BSD_REGEXPS - char *msg; + char *msg; #endif - char *regexp; - int i, ret; - kadm5_server_handle_t handle = server_handle; + char *regexp; + int i, ret; + kadm5_server_handle_t handle = server_handle; - *princs = NULL; - *count = 0; - if (exp == NULL) - exp = "*"; + *princs = NULL; + *count = 0; + if (exp == NULL) + exp = "*"; - CHECK_HANDLE(server_handle); + CHECK_HANDLE(server_handle); - if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL, - ®exp)) != KADM5_OK) - return ret; + if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL, + ®exp)) != KADM5_OK) + return ret; - if ( + if ( #ifdef SOLARIS_REGEXPS - ((data.expbuf = compile(regexp, NULL, NULL)) == NULL) + ((data.expbuf = compile(regexp, NULL, NULL)) == NULL) #endif #ifdef POSIX_REGEXPS - ((regcomp(&data.preg, regexp, REG_NOSUB)) != 0) + ((regcomp(&data.preg, regexp, REG_NOSUB)) != 0) #endif #ifdef BSD_REGEXPS - ((msg = (char *) re_comp(regexp)) != NULL) + ((msg = (char *) re_comp(regexp)) != NULL) #endif - ) - { - /* XXX syslog msg or regerr(regerrno) */ - free(regexp); - return EINVAL; - } + ) + { + /* XXX syslog msg or regerr(regerrno) */ + free(regexp); + return EINVAL; + } + + data.n_names = 0; + data.sz_names = 10; + data.malloc_failed = 0; + data.names = malloc(sizeof(char *) * data.sz_names); + if (data.names == NULL) { + free(regexp); + return ENOMEM; + } - data.n_names = 0; - data.sz_names = 10; - data.malloc_failed = 0; - data.names = malloc(sizeof(char *) * data.sz_names); - if (data.names == NULL) { - free(regexp); - return ENOMEM; - } + if (princ) { + data.context = handle->context; + ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data); + } else { + ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data); + } - if (princ) { - data.context = handle->context; - ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data); - } else { - ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data); - } - - free(regexp); + free(regexp); #ifdef POSIX_REGEXPS - regfree(&data.preg); + regfree(&data.preg); #endif - if ( !ret && data.malloc_failed) - ret = ENOMEM; - if ( ret ) { - for (i = 0; i < data.n_names; i++) - free(data.names[i]); - free(data.names); - return ret; - } + if ( !ret && data.malloc_failed) + ret = ENOMEM; + if ( ret ) { + for (i = 0; i < data.n_names; i++) + free(data.names[i]); + free(data.names); + return ret; + } - *princs = data.names; - *count = data.n_names; - return KADM5_OK; + *princs = data.names; + *count = data.n_names; + return KADM5_OK; } kadm5_ret_t kadm5_get_principals(void *server_handle, - char *exp, - char ***princs, - int *count) + char *exp, + char ***princs, + int *count) { - return kadm5_get_either(1, server_handle, exp, princs, count); + return kadm5_get_either(1, server_handle, exp, princs, count); } kadm5_ret_t kadm5_get_policies(void *server_handle, - char *exp, - char ***pols, - int *count) + char *exp, + char ***pols, + int *count) { - return kadm5_get_either(0, server_handle, exp, pols, count); + return kadm5_get_either(0, server_handle, exp, pols, count); } - diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index 0d8c5ce..1d3ccbc 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -8,170 +9,170 @@ static char *rcsid = "$Header$"; #endif -#include <sys/types.h> -#include <kadm5/admin.h> -#include "server_internal.h" -#include <stdlib.h> -#include <string.h> -#include <errno.h> +#include <sys/types.h> +#include <kadm5/admin.h> +#include "server_internal.h" +#include <stdlib.h> +#include <string.h> +#include <errno.h> -#define MIN_PW_HISTORY 1 -#define MIN_PW_CLASSES 1 -#define MAX_PW_CLASSES 5 -#define MIN_PW_LENGTH 1 +#define MIN_PW_HISTORY 1 +#define MIN_PW_CLASSES 1 +#define MAX_PW_CLASSES 5 +#define MIN_PW_LENGTH 1 /* * Function: kadm5_create_policy - * + * * Purpose: Create Policies in the policy DB. * * Arguments: - * entry (input) The policy entry to be written out to the DB. - * mask (input) Specifies which fields in entry are to ge written out - * and which get default values. - * <return value> 0 if successful otherwise an error code is returned. + * entry (input) The policy entry to be written out to the DB. + * mask (input) Specifies which fields in entry are to ge written out + * and which get default values. + * <return value> 0 if successful otherwise an error code is returned. * * Requires: - * Entry must be a valid principal entry, and mask have a valid value. - * + * Entry must be a valid principal entry, and mask have a valid value. + * * Effects: - * Verifies that mask does not specify that the refcount should - * be set as part of the creation, and calls - * kadm5_create_policy_internal. If the refcount *is* - * specified, returns KADM5_BAD_MASK. + * Verifies that mask does not specify that the refcount should + * be set as part of the creation, and calls + * kadm5_create_policy_internal. If the refcount *is* + * specified, returns KADM5_BAD_MASK. */ kadm5_ret_t kadm5_create_policy(void *server_handle, - kadm5_policy_ent_t entry, long mask) + kadm5_policy_ent_t entry, long mask) { CHECK_HANDLE(server_handle); krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context); if (mask & KADM5_REF_COUNT) - return KADM5_BAD_MASK; + return KADM5_BAD_MASK; else - return kadm5_create_policy_internal(server_handle, entry, mask); + return kadm5_create_policy_internal(server_handle, entry, mask); } /* * Function: kadm5_create_policy_internal - * + * * Purpose: Create Policies in the policy DB. * * Arguments: - * entry (input) The policy entry to be written out to the DB. - * mask (input) Specifies which fields in entry are to ge written out - * and which get default values. - * <return value> 0 if successful otherwise an error code is returned. + * entry (input) The policy entry to be written out to the DB. + * mask (input) Specifies which fields in entry are to ge written out + * and which get default values. + * <return value> 0 if successful otherwise an error code is returned. * * Requires: - * Entry must be a valid principal entry, and mask have a valid value. - * + * Entry must be a valid principal entry, and mask have a valid value. + * * Effects: - * Writes the data to the database, and does a database sync if - * successful. + * Writes the data to the database, and does a database sync if + * successful. * */ kadm5_ret_t kadm5_create_policy_internal(void *server_handle, - kadm5_policy_ent_t entry, long mask) + kadm5_policy_ent_t entry, long mask) { kadm5_server_handle_t handle = server_handle; - osa_policy_ent_rec pent; - int ret; - char *p; + osa_policy_ent_rec pent; + int ret; + char *p; CHECK_HANDLE(server_handle); if ((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL)) - return EINVAL; + return EINVAL; if(strlen(entry->policy) == 0) - return KADM5_BAD_POLICY; + return KADM5_BAD_POLICY; if (!(mask & KADM5_POLICY)) - return KADM5_BAD_MASK; - + return KADM5_BAD_MASK; + pent.name = entry->policy; p = entry->policy; while(*p != '\0') { - if(*p < ' ' || *p > '~') - return KADM5_BAD_POLICY; - else - p++; + if(*p < ' ' || *p > '~') + return KADM5_BAD_POLICY; + else + p++; } if (!(mask & KADM5_PW_MAX_LIFE)) - pent.pw_max_life = 0; + pent.pw_max_life = 0; else - pent.pw_max_life = entry->pw_max_life; + pent.pw_max_life = entry->pw_max_life; if (!(mask & KADM5_PW_MIN_LIFE)) - pent.pw_min_life = 0; + pent.pw_min_life = 0; else { - if((mask & KADM5_PW_MAX_LIFE)) { - if(entry->pw_min_life > entry->pw_max_life && entry->pw_max_life != 0) - return KADM5_BAD_MIN_PASS_LIFE; - } - pent.pw_min_life = entry->pw_min_life; + if((mask & KADM5_PW_MAX_LIFE)) { + if(entry->pw_min_life > entry->pw_max_life && entry->pw_max_life != 0) + return KADM5_BAD_MIN_PASS_LIFE; + } + pent.pw_min_life = entry->pw_min_life; } if (!(mask & KADM5_PW_MIN_LENGTH)) - pent.pw_min_length = MIN_PW_LENGTH; + pent.pw_min_length = MIN_PW_LENGTH; else { - if(entry->pw_min_length < MIN_PW_LENGTH) - return KADM5_BAD_LENGTH; - pent.pw_min_length = entry->pw_min_length; + if(entry->pw_min_length < MIN_PW_LENGTH) + return KADM5_BAD_LENGTH; + pent.pw_min_length = entry->pw_min_length; } if (!(mask & KADM5_PW_MIN_CLASSES)) - pent.pw_min_classes = MIN_PW_CLASSES; + pent.pw_min_classes = MIN_PW_CLASSES; else { - if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES) - return KADM5_BAD_CLASS; - pent.pw_min_classes = entry->pw_min_classes; + if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES) + return KADM5_BAD_CLASS; + pent.pw_min_classes = entry->pw_min_classes; } if (!(mask & KADM5_PW_HISTORY_NUM)) - pent.pw_history_num = MIN_PW_HISTORY; + pent.pw_history_num = MIN_PW_HISTORY; else { - if(entry->pw_history_num < MIN_PW_HISTORY) - return KADM5_BAD_HISTORY; - else - pent.pw_history_num = entry->pw_history_num; + if(entry->pw_history_num < MIN_PW_HISTORY) + return KADM5_BAD_HISTORY; + else + pent.pw_history_num = entry->pw_history_num; } if (!(mask & KADM5_REF_COUNT)) - pent.policy_refcnt = 0; + pent.policy_refcnt = 0; else - pent.policy_refcnt = entry->policy_refcnt; + pent.policy_refcnt = entry->policy_refcnt; if (handle->api_version == KADM5_API_VERSION_3) { - if (!(mask & KADM5_PW_MAX_FAILURE)) - pent.pw_max_fail = 0; - else - pent.pw_max_fail = entry->pw_max_fail; - if (!(mask & KADM5_PW_FAILURE_COUNT_INTERVAL)) - pent.pw_failcnt_interval = 0; - else - pent.pw_failcnt_interval = entry->pw_failcnt_interval; - if (!(mask & KADM5_PW_LOCKOUT_DURATION)) - pent.pw_lockout_duration = 0; - else - pent.pw_lockout_duration = entry->pw_lockout_duration; + if (!(mask & KADM5_PW_MAX_FAILURE)) + pent.pw_max_fail = 0; + else + pent.pw_max_fail = entry->pw_max_fail; + if (!(mask & KADM5_PW_FAILURE_COUNT_INTERVAL)) + pent.pw_failcnt_interval = 0; + else + pent.pw_failcnt_interval = entry->pw_failcnt_interval; + if (!(mask & KADM5_PW_LOCKOUT_DURATION)) + pent.pw_lockout_duration = 0; + else + pent.pw_lockout_duration = entry->pw_lockout_duration; } else { - pent.pw_max_fail = 0; - pent.pw_failcnt_interval = 0; - pent.pw_lockout_duration = 0; + pent.pw_max_fail = 0; + pent.pw_failcnt_interval = 0; + pent.pw_lockout_duration = 0; } if ((ret = krb5_db_create_policy(handle->context, &pent))) - return ret; + return ret; else - return KADM5_OK; + return KADM5_OK; } - + kadm5_ret_t kadm5_delete_policy(void *server_handle, kadm5_policy_t name) { kadm5_server_handle_t handle = server_handle; - osa_policy_ent_t entry; - int ret; + osa_policy_ent_t entry; + int ret; int cnt=1; CHECK_HANDLE(server_handle); @@ -179,102 +180,102 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name) krb5_clear_error_message(handle->context); if(name == (kadm5_policy_t) NULL) - return EINVAL; + return EINVAL; if(strlen(name) == 0) - return KADM5_BAD_POLICY; + return KADM5_BAD_POLICY; if((ret = krb5_db_get_policy(handle->context, name, &entry,&cnt))) - return ret; + return ret; if( cnt != 1 ) - return KADM5_UNK_POLICY; + return KADM5_UNK_POLICY; if(entry->policy_refcnt != 0) { - krb5_db_free_policy(handle->context, entry); - return KADM5_POLICY_REF; + krb5_db_free_policy(handle->context, entry); + return KADM5_POLICY_REF; } krb5_db_free_policy(handle->context, entry); if ((ret = krb5_db_delete_policy(handle->context, name))) - return ret; + return ret; else - return KADM5_OK; + return KADM5_OK; } kadm5_ret_t kadm5_modify_policy(void *server_handle, - kadm5_policy_ent_t entry, long mask) + kadm5_policy_ent_t entry, long mask) { CHECK_HANDLE(server_handle); krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context); if (mask & KADM5_REF_COUNT) - return KADM5_BAD_MASK; + return KADM5_BAD_MASK; else - return kadm5_modify_policy_internal(server_handle, entry, mask); + return kadm5_modify_policy_internal(server_handle, entry, mask); } kadm5_ret_t kadm5_modify_policy_internal(void *server_handle, - kadm5_policy_ent_t entry, long mask) + kadm5_policy_ent_t entry, long mask) { kadm5_server_handle_t handle = server_handle; - osa_policy_ent_t p; - int ret; + osa_policy_ent_t p; + int ret; int cnt=1; CHECK_HANDLE(server_handle); if((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL)) - return EINVAL; + return EINVAL; if(strlen(entry->policy) == 0) - return KADM5_BAD_POLICY; + return KADM5_BAD_POLICY; if((mask & KADM5_POLICY)) - return KADM5_BAD_MASK; - + return KADM5_BAD_MASK; + if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt))) - return ret; + return ret; if (cnt != 1) - return KADM5_UNK_POLICY; + return KADM5_UNK_POLICY; if ((mask & KADM5_PW_MAX_LIFE)) - p->pw_max_life = entry->pw_max_life; + p->pw_max_life = entry->pw_max_life; if ((mask & KADM5_PW_MIN_LIFE)) { - if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0) { - krb5_db_free_policy(handle->context, p); - return KADM5_BAD_MIN_PASS_LIFE; - } - p->pw_min_life = entry->pw_min_life; + if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0) { + krb5_db_free_policy(handle->context, p); + return KADM5_BAD_MIN_PASS_LIFE; + } + p->pw_min_life = entry->pw_min_life; } if ((mask & KADM5_PW_MIN_LENGTH)) { - if(entry->pw_min_length < MIN_PW_LENGTH) { - krb5_db_free_policy(handle->context, p); - return KADM5_BAD_LENGTH; - } - p->pw_min_length = entry->pw_min_length; + if(entry->pw_min_length < MIN_PW_LENGTH) { + krb5_db_free_policy(handle->context, p); + return KADM5_BAD_LENGTH; + } + p->pw_min_length = entry->pw_min_length; } if ((mask & KADM5_PW_MIN_CLASSES)) { - if(entry->pw_min_classes > MAX_PW_CLASSES || - entry->pw_min_classes < MIN_PW_CLASSES) { - krb5_db_free_policy(handle->context, p); - return KADM5_BAD_CLASS; - } - p->pw_min_classes = entry->pw_min_classes; + if(entry->pw_min_classes > MAX_PW_CLASSES || + entry->pw_min_classes < MIN_PW_CLASSES) { + krb5_db_free_policy(handle->context, p); + return KADM5_BAD_CLASS; + } + p->pw_min_classes = entry->pw_min_classes; } if ((mask & KADM5_PW_HISTORY_NUM)) { - if(entry->pw_history_num < MIN_PW_HISTORY) { - krb5_db_free_policy(handle->context, p); - return KADM5_BAD_HISTORY; - } - p->pw_history_num = entry->pw_history_num; + if(entry->pw_history_num < MIN_PW_HISTORY) { + krb5_db_free_policy(handle->context, p); + return KADM5_BAD_HISTORY; + } + p->pw_history_num = entry->pw_history_num; } if ((mask & KADM5_REF_COUNT)) - p->policy_refcnt = entry->policy_refcnt; + p->policy_refcnt = entry->policy_refcnt; if (handle->api_version == KADM5_API_VERSION_3) { - if ((mask & KADM5_PW_MAX_FAILURE)) - p->pw_max_fail = entry->pw_max_fail; - if ((mask & KADM5_PW_FAILURE_COUNT_INTERVAL)) - p->pw_failcnt_interval = entry->pw_failcnt_interval; - if ((mask & KADM5_PW_LOCKOUT_DURATION)) - p->pw_lockout_duration = entry->pw_lockout_duration; + if ((mask & KADM5_PW_MAX_FAILURE)) + p->pw_max_fail = entry->pw_max_fail; + if ((mask & KADM5_PW_FAILURE_COUNT_INTERVAL)) + p->pw_failcnt_interval = entry->pw_failcnt_interval; + if ((mask & KADM5_PW_LOCKOUT_DURATION)) + p->pw_lockout_duration = entry->pw_lockout_duration; } ret = krb5_db_put_policy(handle->context, p); krb5_db_free_policy(handle->context, p); @@ -283,10 +284,10 @@ kadm5_modify_policy_internal(void *server_handle, kadm5_ret_t kadm5_get_policy(void *server_handle, kadm5_policy_t name, - kadm5_policy_ent_t entry) + kadm5_policy_ent_t entry) { - osa_policy_ent_t t; - int ret; + osa_policy_ent_t t; + int ret; kadm5_server_handle_t handle = server_handle; int cnt=1; @@ -295,18 +296,18 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, krb5_clear_error_message(handle->context); if (name == (kadm5_policy_t) NULL) - return EINVAL; + return EINVAL; if(strlen(name) == 0) - return KADM5_BAD_POLICY; + return KADM5_BAD_POLICY; if((ret = krb5_db_get_policy(handle->context, name, &t, &cnt))) - return ret; + return ret; if( cnt != 1 ) - return KADM5_UNK_POLICY; + return KADM5_UNK_POLICY; if ((entry->policy = strdup(t->name)) == NULL) { - krb5_db_free_policy(handle->context, t); - return ENOMEM; + krb5_db_free_policy(handle->context, t); + return ENOMEM; } entry->pw_min_life = t->pw_min_life; entry->pw_max_life = t->pw_max_life; @@ -315,9 +316,9 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, entry->pw_history_num = t->pw_history_num; entry->policy_refcnt = t->policy_refcnt; if (handle->api_version == KADM5_API_VERSION_3) { - entry->pw_max_fail = t->pw_max_fail; - entry->pw_failcnt_interval = t->pw_failcnt_interval; - entry->pw_lockout_duration = t->pw_lockout_duration; + entry->pw_max_fail = t->pw_max_fail; + entry->pw_failcnt_interval = t->pw_failcnt_interval; + entry->pw_lockout_duration = t->pw_lockout_duration; } krb5_db_free_policy(handle->context, t); diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 40eea87..a58c798 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -8,19 +9,19 @@ static char *rcsid = "$Header$"; #endif -#include <sys/types.h> -#include <sys/time.h> -#include <errno.h> -#include <kadm5/admin.h> -#include <kdb.h> -#include <stdio.h> -#include <string.h> -#include "server_internal.h" -#include <stdarg.h> -#include <stdlib.h> +#include <sys/types.h> +#include <sys/time.h> +#include <errno.h> +#include <kadm5/admin.h> +#include <kdb.h> +#include <stdio.h> +#include <string.h> +#include "server_internal.h" +#include <stdarg.h> +#include <stdlib.h> #ifdef USE_PASSWORD_SERVER -#include <sys/wait.h> -#include <signal.h> +#include <sys/wait.h> +#include <signal.h> #endif @@ -30,19 +31,19 @@ static char *rcsid = "$Header$"; #define VALGRIND_CHECK_DEFINED(LVALUE) ((void)0) #endif -extern krb5_principal master_princ; -extern krb5_principal hist_princ; -extern krb5_keyblock master_keyblock; +extern krb5_principal master_princ; +extern krb5_principal hist_princ; +extern krb5_keyblock master_keyblock; extern krb5_keylist_node *master_keylist; extern krb5_actkvno_node *active_mkey_list; -extern krb5_keyblock hist_key; -extern krb5_db_entry master_db; -extern krb5_db_entry hist_db; -extern krb5_kvno hist_kvno; +extern krb5_keyblock hist_key; +extern krb5_db_entry master_db; +extern krb5_db_entry hist_db; +extern krb5_kvno hist_kvno; static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey, - int n_key_data, krb5_key_data *key_data, - krb5_keyblock **keyblocks, int *n_keys); + int n_key_data, krb5_key_data *key_data, + krb5_keyblock **keyblocks, int *n_keys); static krb5_error_code kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc) @@ -61,7 +62,7 @@ kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pr nelems = (int) krb5_princ_size(context, inprinc); tempprinc->data = krb5_db_alloc(context, NULL, nelems * sizeof(krb5_data)); if (tempprinc->data == 0) { - krb5_db_free(context, (char *)tempprinc); + krb5_db_free(context, (char *)tempprinc); return ENOMEM; } @@ -79,17 +80,17 @@ kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pr if (len) memcpy(krb5_princ_component(context, tempprinc, i)->data, krb5_princ_component(context, inprinc, i)->data, len); - krb5_princ_component(context, tempprinc, i)->magic = KV5M_DATA; + krb5_princ_component(context, tempprinc, i)->magic = KV5M_DATA; } tempprinc->realm.data = - krb5_db_alloc(context, NULL, tempprinc->realm.length = inprinc->realm.length); + krb5_db_alloc(context, NULL, tempprinc->realm.length = inprinc->realm.length); if (!tempprinc->realm.data && tempprinc->realm.length) { - for (i = 0; i < nelems; i++) - krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data); - krb5_db_free(context, tempprinc->data); - krb5_db_free(context, tempprinc); - return ENOMEM; + for (i = 0; i < nelems; i++) + krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data); + krb5_db_free(context, tempprinc->data); + krb5_db_free(context, tempprinc); + return ENOMEM; } if (tempprinc->realm.length) memcpy(tempprinc->realm.data, inprinc->realm.data, @@ -122,90 +123,90 @@ kadm5_free_principal(krb5_context context, krb5_principal val) * XXX Functions that ought to be in libkrb5.a, but aren't. */ kadm5_ret_t krb5_copy_key_data_contents(context, from, to) - krb5_context context; - krb5_key_data *from, *to; + krb5_context context; + krb5_key_data *from, *to; { - int i, idx; - - *to = *from; - - idx = (from->key_data_ver == 1 ? 1 : 2); - - for (i = 0; i < idx; i++) { - if ( from->key_data_length[i] ) { - to->key_data_contents[i] = malloc(from->key_data_length[i]); - if (to->key_data_contents[i] == NULL) { - for (i = 0; i < idx; i++) { - if (to->key_data_contents[i]) { - memset(to->key_data_contents[i], 0, - to->key_data_length[i]); - free(to->key_data_contents[i]); - } - } - return ENOMEM; - } - memcpy(to->key_data_contents[i], from->key_data_contents[i], - from->key_data_length[i]); - } - } - return 0; + int i, idx; + + *to = *from; + + idx = (from->key_data_ver == 1 ? 1 : 2); + + for (i = 0; i < idx; i++) { + if ( from->key_data_length[i] ) { + to->key_data_contents[i] = malloc(from->key_data_length[i]); + if (to->key_data_contents[i] == NULL) { + for (i = 0; i < idx; i++) { + if (to->key_data_contents[i]) { + memset(to->key_data_contents[i], 0, + to->key_data_length[i]); + free(to->key_data_contents[i]); + } + } + return ENOMEM; + } + memcpy(to->key_data_contents[i], from->key_data_contents[i], + from->key_data_length[i]); + } + } + return 0; } static krb5_tl_data *dup_tl_data(krb5_tl_data *tl) { - krb5_tl_data *n; - - n = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)); - if (n == NULL) - return NULL; - n->tl_data_contents = malloc(tl->tl_data_length); - if (n->tl_data_contents == NULL) { - free(n); - return NULL; - } - memcpy(n->tl_data_contents, tl->tl_data_contents, tl->tl_data_length); - n->tl_data_type = tl->tl_data_type; - n->tl_data_length = tl->tl_data_length; - n->tl_data_next = NULL; - return n; + krb5_tl_data *n; + + n = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)); + if (n == NULL) + return NULL; + n->tl_data_contents = malloc(tl->tl_data_length); + if (n->tl_data_contents == NULL) { + free(n); + return NULL; + } + memcpy(n->tl_data_contents, tl->tl_data_contents, tl->tl_data_length); + n->tl_data_type = tl->tl_data_type; + n->tl_data_length = tl->tl_data_length; + n->tl_data_next = NULL; + return n; } /* This is in lib/kdb/kdb_cpw.c, but is static */ static void cleanup_key_data(context, count, data) - krb5_context context; - int count; - krb5_key_data * data; + krb5_context context; + int count; + krb5_key_data * data; { - int i, j; + int i, j; - for (i = 0; i < count; i++) - for (j = 0; j < data[i].key_data_ver; j++) - if (data[i].key_data_length[j]) - krb5_db_free(context, data[i].key_data_contents[j]); - krb5_db_free(context, data); + for (i = 0; i < count; i++) + for (j = 0; j < data[i].key_data_ver; j++) + if (data[i].key_data_length[j]) + krb5_db_free(context, data[i].key_data_contents[j]); + krb5_db_free(context, data); } kadm5_ret_t kadm5_create_principal(void *server_handle, - kadm5_principal_ent_t entry, long mask, - char *password) + kadm5_principal_ent_t entry, long mask, + char *password) { return - kadm5_create_principal_3(server_handle, entry, mask, - 0, NULL, password); + kadm5_create_principal_3(server_handle, entry, mask, + 0, NULL, password); } kadm5_ret_t kadm5_create_principal_3(void *server_handle, - kadm5_principal_ent_t entry, long mask, - int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, - char *password) + kadm5_principal_ent_t entry, long mask, + int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, + char *password) { - krb5_db_entry kdb; - osa_princ_ent_rec adb; - kadm5_policy_ent_rec polent; - krb5_int32 now; - krb5_tl_data *tl_data_orig, *tl_data_tail; - unsigned int ret; + krb5_db_entry kdb; + osa_princ_ent_rec adb; + kadm5_policy_ent_rec polent; + krb5_int32 now; + krb5_tl_data *tl_data_orig, *tl_data_tail; + unsigned int ret; kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; krb5_kvno act_kvno; @@ -223,11 +224,11 @@ kadm5_create_principal_3(void *server_handle, (mask & KADM5_AUX_ATTRIBUTES) || (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED) || (mask & KADM5_FAIL_AUTH_COUNT)) - return KADM5_BAD_MASK; + return KADM5_BAD_MASK; if((mask & ~ALL_PRINC_MASK)) - return KADM5_BAD_MASK; + return KADM5_BAD_MASK; if (entry == NULL) - return EINVAL; + return EINVAL; /* * Check to see if the principal exists @@ -236,12 +237,12 @@ kadm5_create_principal_3(void *server_handle, switch(ret) { case KADM5_UNK_PRINC: - break; + break; case 0: - kdb_free_entry(handle, &kdb, &adb); - return KADM5_DUP; + kdb_free_entry(handle, &kdb, &adb); + return KADM5_DUP; default: - return ret; + return ret; } memset(&kdb, 0, sizeof(krb5_db_entry)); @@ -252,22 +253,22 @@ kadm5_create_principal_3(void *server_handle, * If we can not find the one specified return an error */ if ((mask & KADM5_POLICY)) { - if ((ret = kadm5_get_policy(handle->lhandle, entry->policy, - &polent)) != KADM5_OK) { - if(ret == EINVAL) - return KADM5_BAD_POLICY; - else - return ret; - } + if ((ret = kadm5_get_policy(handle->lhandle, entry->policy, + &polent)) != KADM5_OK) { + if(ret == EINVAL) + return KADM5_BAD_POLICY; + else + return ret; + } } if (password) { - ret = passwd_check(handle, password, (mask & KADM5_POLICY), - &polent, entry->principal); - if (ret) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; - } + ret = passwd_check(handle, password, (mask & KADM5_POLICY), + &polent, entry->principal); + if (ret) { + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; + } } /* * Start populating the various DB fields, using the @@ -275,43 +276,43 @@ kadm5_create_principal_3(void *server_handle, * mask. */ if ((ret = krb5_timeofday(handle->context, &now))) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; } kdb.magic = KRB5_KDB_MAGIC_NUMBER; kdb.len = KRB5_KDB_V1_BASE_LENGTH; /* gag me with a chainsaw */ if ((mask & KADM5_ATTRIBUTES)) - kdb.attributes = entry->attributes; + kdb.attributes = entry->attributes; else - kdb.attributes = handle->params.flags; + kdb.attributes = handle->params.flags; if ((mask & KADM5_MAX_LIFE)) - kdb.max_life = entry->max_life; + kdb.max_life = entry->max_life; else - kdb.max_life = handle->params.max_life; + kdb.max_life = handle->params.max_life; if (mask & KADM5_MAX_RLIFE) - kdb.max_renewable_life = entry->max_renewable_life; + kdb.max_renewable_life = entry->max_renewable_life; else - kdb.max_renewable_life = handle->params.max_rlife; + kdb.max_renewable_life = handle->params.max_rlife; if ((mask & KADM5_PRINC_EXPIRE_TIME)) - kdb.expiration = entry->princ_expire_time; + kdb.expiration = entry->princ_expire_time; else - kdb.expiration = handle->params.expiration; + kdb.expiration = handle->params.expiration; kdb.pw_expiration = 0; if ((mask & KADM5_POLICY)) { - if(polent.pw_max_life) - kdb.pw_expiration = now + polent.pw_max_life; - else - kdb.pw_expiration = 0; + if(polent.pw_max_life) + kdb.pw_expiration = now + polent.pw_max_life; + else + kdb.pw_expiration = 0; } if ((mask & KADM5_PW_EXPIRATION)) - kdb.pw_expiration = entry->pw_expiration; + kdb.pw_expiration = entry->pw_expiration; kdb.last_success = 0; kdb.last_failed = 0; @@ -322,40 +323,40 @@ kadm5_create_principal_3(void *server_handle, principal. */ if ((ret = kadm5_copy_principal(handle->context, - entry->principal, &(kdb.princ)))) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); + entry->principal, &(kdb.princ)))) { + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return(ret); } if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); + krb5_db_free_principal(handle->context, &kdb, 1); + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return(ret); } if (mask & KADM5_TL_DATA) { - /* splice entry->tl_data onto the front of kdb.tl_data */ - tl_data_orig = kdb.tl_data; - for (tl_data_tail = entry->tl_data; tl_data_tail; - tl_data_tail = tl_data_tail->tl_data_next) - { - ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail); - if( ret ) - { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; - } - } + /* splice entry->tl_data onto the front of kdb.tl_data */ + tl_data_orig = kdb.tl_data; + for (tl_data_tail = entry->tl_data; tl_data_tail; + tl_data_tail = tl_data_tail->tl_data_next) + { + ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail); + if( ret ) + { + krb5_db_free_principal(handle->context, &kdb, 1); + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; + } + } } /* initialize the keys */ ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, &act_kvno, &act_mkey); + active_mkey_list, &act_kvno, &act_mkey); if (ret) { krb5_db_free_principal(handle->context, &kdb, 1); if (mask & KADM5_POLICY) @@ -364,33 +365,33 @@ kadm5_create_principal_3(void *server_handle, } if (password) { - ret = krb5_dbe_cpw(handle->context, act_mkey, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - password, (mask & KADM5_KVNO)?entry->kvno:1, - FALSE, &kdb); + ret = krb5_dbe_cpw(handle->context, act_mkey, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + password, (mask & KADM5_KVNO)?entry->kvno:1, + FALSE, &kdb); } else { - /* Null password means create with random key (new in 1.8). */ - ret = krb5_dbe_crk(handle->context, &master_keyblock, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - FALSE, &kdb); + /* Null password means create with random key (new in 1.8). */ + ret = krb5_dbe_crk(handle->context, &master_keyblock, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + FALSE, &kdb); } if (ret) { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); + krb5_db_free_principal(handle->context, &kdb, 1); + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return(ret); } /* Record the master key VNO used to encrypt this entry's keys */ ret = krb5_dbe_update_mkvno(handle->context, &kdb, act_kvno); if (ret) { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; + krb5_db_free_principal(handle->context, &kdb, 1); + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; } /* populate the admin-server-specific fields. In the OV server, @@ -401,26 +402,26 @@ kadm5_create_principal_3(void *server_handle, adb.admin_history_kvno = hist_kvno; if ((mask & KADM5_POLICY)) { - adb.aux_attributes = KADM5_POLICY; + adb.aux_attributes = KADM5_POLICY; - /* this does *not* need to be strdup'ed, because adb is xdr */ - /* encoded in osa_adb_create_princ, and not ever freed */ + /* this does *not* need to be strdup'ed, because adb is xdr */ + /* encoded in osa_adb_create_princ, and not ever freed */ - adb.policy = entry->policy; + adb.policy = entry->policy; } /* increment the policy ref count, if any */ if ((mask & KADM5_POLICY)) { - polent.policy_refcnt++; - if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent, - KADM5_REF_COUNT)) - != KADM5_OK) { - krb5_db_free_principal(handle->context, &kdb, 1); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); - } + polent.policy_refcnt++; + if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent, + KADM5_REF_COUNT)) + != KADM5_OK) { + krb5_db_free_principal(handle->context, &kdb, 1); + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return(ret); + } } /* In all cases key and the principal data is set, let the database provider know */ @@ -432,25 +433,25 @@ kadm5_create_principal_3(void *server_handle, krb5_db_free_principal(handle->context, &kdb, 1); if (ret) { - if ((mask & KADM5_POLICY)) { - /* decrement the policy ref count */ - - polent.policy_refcnt--; - /* - * if this fails, there's nothing we can do anyway. the - * policy refcount wil be too high. - */ - (void) kadm5_modify_policy_internal(handle->lhandle, &polent, - KADM5_REF_COUNT); - } - - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); + if ((mask & KADM5_POLICY)) { + /* decrement the policy ref count */ + + polent.policy_refcnt--; + /* + * if this fails, there's nothing we can do anyway. the + * policy refcount wil be too high. + */ + (void) kadm5_modify_policy_internal(handle->lhandle, &polent, + KADM5_REF_COUNT); + } + + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return(ret); } if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); + (void) kadm5_free_policy_ent(handle->lhandle, &polent); return KADM5_OK; } @@ -459,10 +460,10 @@ kadm5_create_principal_3(void *server_handle, kadm5_ret_t kadm5_delete_principal(void *server_handle, krb5_principal principal) { - unsigned int ret; - kadm5_policy_ent_rec polent; - krb5_db_entry kdb; - osa_princ_ent_rec adb; + unsigned int ret; + kadm5_policy_ent_rec polent; + krb5_db_entry kdb; + osa_princ_ent_rec adb; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -470,28 +471,28 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) krb5_clear_error_message(handle->context); if (principal == NULL) - return EINVAL; + return EINVAL; if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) - return(ret); + return(ret); if ((adb.aux_attributes & KADM5_POLICY)) { - if ((ret = kadm5_get_policy(handle->lhandle, - adb.policy, &polent)) - == KADM5_OK) { - polent.policy_refcnt--; - if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent, - KADM5_REF_COUNT)) - != KADM5_OK) { - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - kdb_free_entry(handle, &kdb, &adb); - return(ret); - } - } - if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) { - kdb_free_entry(handle, &kdb, &adb); - return ret; - } + if ((ret = kadm5_get_policy(handle->lhandle, + adb.policy, &polent)) + == KADM5_OK) { + polent.policy_refcnt--; + if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent, + KADM5_REF_COUNT)) + != KADM5_OK) { + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + kdb_free_entry(handle, &kdb, &adb); + return(ret); + } + } + if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) { + kdb_free_entry(handle, &kdb, &adb); + return ret; + } } ret = kdb_delete_entry(handle, principal); @@ -503,14 +504,14 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) kadm5_ret_t kadm5_modify_principal(void *server_handle, - kadm5_principal_ent_t entry, long mask) + kadm5_principal_ent_t entry, long mask) { - int ret, ret2, i; + int ret, ret2, i; kadm5_policy_ent_rec npol, opol; - int have_npol = 0, have_opol = 0; - krb5_db_entry kdb; - krb5_tl_data *tl_data_orig; - osa_princ_ent_rec adb; + int have_npol = 0, have_opol = 0; + krb5_db_entry kdb; + krb5_tl_data *tl_data_orig; + osa_princ_ent_rec adb; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -522,154 +523,154 @@ kadm5_modify_principal(void *server_handle, (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED)) - return KADM5_BAD_MASK; + return KADM5_BAD_MASK; if((mask & ~ALL_PRINC_MASK)) - return KADM5_BAD_MASK; + return KADM5_BAD_MASK; if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) - return KADM5_BAD_MASK; + return KADM5_BAD_MASK; if(entry == (kadm5_principal_ent_t) NULL) - return EINVAL; + return EINVAL; if (mask & KADM5_TL_DATA) { - tl_data_orig = entry->tl_data; - while (tl_data_orig) { - if (tl_data_orig->tl_data_type < 256) - return KADM5_BAD_TL_TYPE; - tl_data_orig = tl_data_orig->tl_data_next; - } + tl_data_orig = entry->tl_data; + while (tl_data_orig) { + if (tl_data_orig->tl_data_type < 256) + return KADM5_BAD_TL_TYPE; + tl_data_orig = tl_data_orig->tl_data_next; + } } ret = kdb_get_entry(handle, entry->principal, &kdb, &adb); if (ret) - return(ret); + return(ret); /* * This is pretty much the same as create ... */ if ((mask & KADM5_POLICY)) { - /* get the new policy */ - ret = kadm5_get_policy(handle->lhandle, entry->policy, &npol); - if (ret) { - switch (ret) { - case EINVAL: - ret = KADM5_BAD_POLICY; - break; - case KADM5_UNK_POLICY: - case KADM5_BAD_POLICY: - ret = KADM5_UNK_POLICY; - break; - } - goto done; - } - have_npol = 1; - - /* if we already have a policy, get it to decrement the refcnt */ - if(adb.aux_attributes & KADM5_POLICY) { - /* ... but not if the old and new are the same */ - if(strcmp(adb.policy, entry->policy)) { - ret = kadm5_get_policy(handle->lhandle, - adb.policy, &opol); - switch(ret) { - case EINVAL: - case KADM5_BAD_POLICY: - case KADM5_UNK_POLICY: - break; - case KADM5_OK: - have_opol = 1; - opol.policy_refcnt--; - break; - default: - goto done; - break; - } - npol.policy_refcnt++; - } - } else npol.policy_refcnt++; - - /* set us up to use the new policy */ - adb.aux_attributes |= KADM5_POLICY; - if (adb.policy) - free(adb.policy); - adb.policy = strdup(entry->policy); - - /* set pw_max_life based on new policy */ - if (npol.pw_max_life) { - ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb, - &(kdb.pw_expiration)); - if (ret) - goto done; - kdb.pw_expiration += npol.pw_max_life; - } else { - kdb.pw_expiration = 0; - } + /* get the new policy */ + ret = kadm5_get_policy(handle->lhandle, entry->policy, &npol); + if (ret) { + switch (ret) { + case EINVAL: + ret = KADM5_BAD_POLICY; + break; + case KADM5_UNK_POLICY: + case KADM5_BAD_POLICY: + ret = KADM5_UNK_POLICY; + break; + } + goto done; + } + have_npol = 1; + + /* if we already have a policy, get it to decrement the refcnt */ + if(adb.aux_attributes & KADM5_POLICY) { + /* ... but not if the old and new are the same */ + if(strcmp(adb.policy, entry->policy)) { + ret = kadm5_get_policy(handle->lhandle, + adb.policy, &opol); + switch(ret) { + case EINVAL: + case KADM5_BAD_POLICY: + case KADM5_UNK_POLICY: + break; + case KADM5_OK: + have_opol = 1; + opol.policy_refcnt--; + break; + default: + goto done; + break; + } + npol.policy_refcnt++; + } + } else npol.policy_refcnt++; + + /* set us up to use the new policy */ + adb.aux_attributes |= KADM5_POLICY; + if (adb.policy) + free(adb.policy); + adb.policy = strdup(entry->policy); + + /* set pw_max_life based on new policy */ + if (npol.pw_max_life) { + ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb, + &(kdb.pw_expiration)); + if (ret) + goto done; + kdb.pw_expiration += npol.pw_max_life; + } else { + kdb.pw_expiration = 0; + } } if ((mask & KADM5_POLICY_CLR) && - (adb.aux_attributes & KADM5_POLICY)) { - ret = kadm5_get_policy(handle->lhandle, adb.policy, &opol); - switch(ret) { - case EINVAL: - case KADM5_BAD_POLICY: - case KADM5_UNK_POLICY: - ret = KADM5_BAD_DB; - goto done; - break; - case KADM5_OK: - have_opol = 1; - if (adb.policy) - free(adb.policy); - adb.policy = NULL; - adb.aux_attributes &= ~KADM5_POLICY; - kdb.pw_expiration = 0; - opol.policy_refcnt--; - break; - default: - goto done; - break; - } + (adb.aux_attributes & KADM5_POLICY)) { + ret = kadm5_get_policy(handle->lhandle, adb.policy, &opol); + switch(ret) { + case EINVAL: + case KADM5_BAD_POLICY: + case KADM5_UNK_POLICY: + ret = KADM5_BAD_DB; + goto done; + break; + case KADM5_OK: + have_opol = 1; + if (adb.policy) + free(adb.policy); + adb.policy = NULL; + adb.aux_attributes &= ~KADM5_POLICY; + kdb.pw_expiration = 0; + opol.policy_refcnt--; + break; + default: + goto done; + break; + } } if (((mask & KADM5_POLICY) || (mask & KADM5_POLICY_CLR)) && - (((have_opol) && - (ret = - kadm5_modify_policy_internal(handle->lhandle, &opol, - KADM5_REF_COUNT))) || - ((have_npol) && - (ret = - kadm5_modify_policy_internal(handle->lhandle, &npol, - KADM5_REF_COUNT))))) - goto done; + (((have_opol) && + (ret = + kadm5_modify_policy_internal(handle->lhandle, &opol, + KADM5_REF_COUNT))) || + ((have_npol) && + (ret = + kadm5_modify_policy_internal(handle->lhandle, &npol, + KADM5_REF_COUNT))))) + goto done; if ((mask & KADM5_ATTRIBUTES)) - kdb.attributes = entry->attributes; + kdb.attributes = entry->attributes; if ((mask & KADM5_MAX_LIFE)) - kdb.max_life = entry->max_life; + kdb.max_life = entry->max_life; if ((mask & KADM5_PRINC_EXPIRE_TIME)) - kdb.expiration = entry->princ_expire_time; + kdb.expiration = entry->princ_expire_time; if (mask & KADM5_PW_EXPIRATION) - kdb.pw_expiration = entry->pw_expiration; + kdb.pw_expiration = entry->pw_expiration; if (mask & KADM5_MAX_RLIFE) - kdb.max_renewable_life = entry->max_renewable_life; + kdb.max_renewable_life = entry->max_renewable_life; if((mask & KADM5_KVNO)) { - for (i = 0; i < kdb.n_key_data; i++) - kdb.key_data[i].key_data_kvno = entry->kvno; + for (i = 0; i < kdb.n_key_data; i++) + kdb.key_data[i].key_data_kvno = entry->kvno; } if (mask & KADM5_TL_DATA) { - krb5_tl_data *tl; - - /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */ - - for (tl = entry->tl_data; tl; - tl = tl->tl_data_next) - { - ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl); - if( ret ) - { - goto done; - } - } + krb5_tl_data *tl; + + /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */ + + for (tl = entry->tl_data; tl; + tl = tl->tl_data_next) + { + ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl); + if( ret ) + { + goto done; + } + } } /* @@ -678,12 +679,12 @@ kadm5_modify_principal(void *server_handle, * value using kadmin. */ if (mask & KADM5_FAIL_AUTH_COUNT) { - if (entry->fail_auth_count != 0) { - ret = KADM5_BAD_SERVER_PARAMS; - goto done; - } + if (entry->fail_auth_count != 0) { + ret = KADM5_BAD_SERVER_PARAMS; + goto done; + } - kdb.fail_auth_count = 0; + kdb.fail_auth_count = 0; } /* let the mask propagate to the database provider */ @@ -695,12 +696,12 @@ kadm5_modify_principal(void *server_handle, ret = KADM5_OK; done: if (have_opol) { - ret2 = kadm5_free_policy_ent(handle->lhandle, &opol); - ret = ret ? ret : ret2; + ret2 = kadm5_free_policy_ent(handle->lhandle, &opol); + ret = ret ? ret : ret2; } if (have_npol) { - ret2 = kadm5_free_policy_ent(handle->lhandle, &npol); - ret = ret ? ret : ret2; + ret2 = kadm5_free_policy_ent(handle->lhandle, &npol); + ret = ret ? ret : ret2; } kdb_free_entry(handle, &kdb, &adb); return ret; @@ -708,11 +709,11 @@ done: kadm5_ret_t kadm5_rename_principal(void *server_handle, - krb5_principal source, krb5_principal target) + krb5_principal source, krb5_principal target) { - krb5_db_entry kdb; - osa_princ_ent_rec adb; - int ret, i; + krb5_db_entry kdb; + osa_princ_ent_rec adb; + int ret, i; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -720,35 +721,35 @@ kadm5_rename_principal(void *server_handle, krb5_clear_error_message(handle->context); if (source == NULL || target == NULL) - return EINVAL; + return EINVAL; if ((ret = kdb_get_entry(handle, target, &kdb, &adb)) == 0) { - kdb_free_entry(handle, &kdb, &adb); - return(KADM5_DUP); + kdb_free_entry(handle, &kdb, &adb); + return(KADM5_DUP); } if ((ret = kdb_get_entry(handle, source, &kdb, &adb))) - return ret; + return ret; /* this is kinda gross, but unavoidable */ for (i=0; i<kdb.n_key_data; i++) { - if ((kdb.key_data[i].key_data_ver == 1) || - (kdb.key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) { - ret = KADM5_NO_RENAME_SALT; - goto done; - } + if ((kdb.key_data[i].key_data_ver == 1) || + (kdb.key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) { + ret = KADM5_NO_RENAME_SALT; + goto done; + } } kadm5_free_principal(handle->context, kdb.princ); ret = kadm5_copy_principal(handle->context, target, &kdb.princ); if (ret) { - kdb.princ = NULL; /* so freeing the dbe doesn't lose */ - goto done; + kdb.princ = NULL; /* so freeing the dbe doesn't lose */ + goto done; } if ((ret = kdb_put_entry(handle, &kdb, &adb))) - goto done; + goto done; ret = kdb_delete_entry(handle, source); @@ -759,13 +760,13 @@ done: kadm5_ret_t kadm5_get_principal(void *server_handle, krb5_principal principal, - kadm5_principal_ent_t entry, - long in_mask) + kadm5_principal_ent_t entry, + long in_mask) { - krb5_db_entry kdb; - osa_princ_ent_rec adb; - krb5_error_code ret = 0; - long mask; + krb5_db_entry kdb; + osa_princ_ent_rec adb; + krb5_error_code ret = 0; + long mask; int i; kadm5_server_handle_t handle = server_handle; @@ -783,125 +784,125 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, memset(entry, 0, sizeof(*entry)); if (principal == NULL) - return EINVAL; + return EINVAL; if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) - return ret; + return ret; if ((mask & KADM5_POLICY) && - adb.policy && (adb.aux_attributes & KADM5_POLICY)) { - if ((entry->policy = strdup(adb.policy)) == NULL) { - ret = ENOMEM; - goto done; - } + adb.policy && (adb.aux_attributes & KADM5_POLICY)) { + if ((entry->policy = strdup(adb.policy)) == NULL) { + ret = ENOMEM; + goto done; + } } if (mask & KADM5_AUX_ATTRIBUTES) - entry->aux_attributes = adb.aux_attributes; + entry->aux_attributes = adb.aux_attributes; if ((mask & KADM5_PRINCIPAL) && - (ret = krb5_copy_principal(handle->context, kdb.princ, - &entry->principal))) { - goto done; + (ret = krb5_copy_principal(handle->context, kdb.princ, + &entry->principal))) { + goto done; } if (mask & KADM5_PRINC_EXPIRE_TIME) - entry->princ_expire_time = kdb.expiration; + entry->princ_expire_time = kdb.expiration; if ((mask & KADM5_LAST_PWD_CHANGE) && - (ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb, - &(entry->last_pwd_change)))) { - goto done; + (ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb, + &(entry->last_pwd_change)))) { + goto done; } if (mask & KADM5_PW_EXPIRATION) - entry->pw_expiration = kdb.pw_expiration; + entry->pw_expiration = kdb.pw_expiration; if (mask & KADM5_MAX_LIFE) - entry->max_life = kdb.max_life; + entry->max_life = kdb.max_life; /* this is a little non-sensical because the function returns two */ /* values that must be checked separately against the mask */ if ((mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME)) { - ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb, - &(entry->mod_date), - &(entry->mod_name)); - if (ret) { - goto done; - } - - if (! (mask & KADM5_MOD_TIME)) - entry->mod_date = 0; - if (! (mask & KADM5_MOD_NAME)) { - krb5_free_principal(handle->context, entry->principal); - entry->principal = NULL; - } + ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb, + &(entry->mod_date), + &(entry->mod_name)); + if (ret) { + goto done; + } + + if (! (mask & KADM5_MOD_TIME)) + entry->mod_date = 0; + if (! (mask & KADM5_MOD_NAME)) { + krb5_free_principal(handle->context, entry->principal); + entry->principal = NULL; + } } if (mask & KADM5_ATTRIBUTES) - entry->attributes = kdb.attributes; + entry->attributes = kdb.attributes; if (mask & KADM5_KVNO) - for (entry->kvno = 0, i=0; i<kdb.n_key_data; i++) - if (kdb.key_data[i].key_data_kvno > entry->kvno) - entry->kvno = kdb.key_data[i].key_data_kvno; + for (entry->kvno = 0, i=0; i<kdb.n_key_data; i++) + if (kdb.key_data[i].key_data_kvno > entry->kvno) + entry->kvno = kdb.key_data[i].key_data_kvno; ret = krb5_dbe_lookup_mkvno(handle->context, &kdb, &entry->mkvno); if (ret) - goto done; + goto done; if (mask & KADM5_MAX_RLIFE) - entry->max_renewable_life = kdb.max_renewable_life; + entry->max_renewable_life = kdb.max_renewable_life; if (mask & KADM5_LAST_SUCCESS) - entry->last_success = kdb.last_success; + entry->last_success = kdb.last_success; if (mask & KADM5_LAST_FAILED) - entry->last_failed = kdb.last_failed; + entry->last_failed = kdb.last_failed; if (mask & KADM5_FAIL_AUTH_COUNT) - entry->fail_auth_count = kdb.fail_auth_count; + entry->fail_auth_count = kdb.fail_auth_count; if (mask & KADM5_TL_DATA) { - krb5_tl_data *tl, *tl2; - - entry->tl_data = NULL; - - tl = kdb.tl_data; - while (tl) { - if (tl->tl_data_type > 255) { - if ((tl2 = dup_tl_data(tl)) == NULL) { - ret = ENOMEM; - goto done; - } - tl2->tl_data_next = entry->tl_data; - entry->tl_data = tl2; - entry->n_tl_data++; - } - - tl = tl->tl_data_next; - } + krb5_tl_data *tl, *tl2; + + entry->tl_data = NULL; + + tl = kdb.tl_data; + while (tl) { + if (tl->tl_data_type > 255) { + if ((tl2 = dup_tl_data(tl)) == NULL) { + ret = ENOMEM; + goto done; + } + tl2->tl_data_next = entry->tl_data; + entry->tl_data = tl2; + entry->n_tl_data++; + } + + tl = tl->tl_data_next; + } } if (mask & KADM5_KEY_DATA) { - entry->n_key_data = kdb.n_key_data; - if(entry->n_key_data) { - entry->key_data = malloc(entry->n_key_data*sizeof(krb5_key_data)); - if (entry->key_data == NULL) { - ret = ENOMEM; - goto done; - } - } else - entry->key_data = NULL; - - for (i = 0; i < entry->n_key_data; i++) - ret = krb5_copy_key_data_contents(handle->context, - &kdb.key_data[i], - &entry->key_data[i]); - if (ret) - goto done; + entry->n_key_data = kdb.n_key_data; + if(entry->n_key_data) { + entry->key_data = malloc(entry->n_key_data*sizeof(krb5_key_data)); + if (entry->key_data == NULL) { + ret = ENOMEM; + goto done; + } + } else + entry->key_data = NULL; + + for (i = 0; i < entry->n_key_data; i++) + ret = krb5_copy_key_data_contents(handle->context, + &kdb.key_data[i], + &entry->key_data[i]); + if (ret) + goto done; } ret = KADM5_OK; done: if (ret && entry->principal) { - krb5_free_principal(handle->context, entry->principal); - entry->principal = NULL; + krb5_free_principal(handle->context, entry->principal); + entry->principal = NULL; } kdb_free_entry(handle, &kdb, &adb); @@ -916,66 +917,66 @@ done: * * Arguments: * - * context (r) the krb5 context - * hist_keyblock (r) the key that hist_key_data is - * encrypted in - * n_new_key_data (r) length of new_key_data - * new_key_data (r) keys to check against - * pw_hist_data, encrypted in hist_keyblock - * n_pw_hist_data (r) length of pw_hist_data - * pw_hist_data (r) passwords to check new_key_data against + * context (r) the krb5 context + * hist_keyblock (r) the key that hist_key_data is + * encrypted in + * n_new_key_data (r) length of new_key_data + * new_key_data (r) keys to check against + * pw_hist_data, encrypted in hist_keyblock + * n_pw_hist_data (r) length of pw_hist_data + * pw_hist_data (r) passwords to check new_key_data against * * Effects: * For each new_key in new_key_data: - * decrypt new_key with the master_keyblock - * for each password in pw_hist_data: - * for each hist_key in password: - * decrypt hist_key with hist_keyblock - * compare the new_key and hist_key + * decrypt new_key with the master_keyblock + * for each password in pw_hist_data: + * for each hist_key in password: + * decrypt hist_key with hist_keyblock + * compare the new_key and hist_key * * Returns krb5 errors, KADM5_PASS_RESUSE if a key in * new_key_data is the same as a key in pw_hist_data, or 0. */ static kadm5_ret_t check_pw_reuse(krb5_context context, - krb5_keyblock *mkey, - krb5_keyblock *hist_keyblock, - int n_new_key_data, krb5_key_data *new_key_data, - unsigned int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data) + krb5_keyblock *mkey, + krb5_keyblock *hist_keyblock, + int n_new_key_data, krb5_key_data *new_key_data, + unsigned int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data) { int x, y, z; krb5_keyblock newkey, histkey; krb5_error_code ret; for (x = 0; x < n_new_key_data; x++) { - ret = krb5_dbekd_decrypt_key_data(context, - mkey, - &(new_key_data[x]), - &newkey, NULL); - if (ret) - return(ret); - for (y = 0; y < n_pw_hist_data; y++) { - for (z = 0; z < pw_hist_data[y].n_key_data; z++) { - ret = krb5_dbekd_decrypt_key_data(context, - hist_keyblock, - &pw_hist_data[y].key_data[z], - &histkey, NULL); - if (ret) - return(ret); - - if ((newkey.length == histkey.length) && - (newkey.enctype == histkey.enctype) && - (memcmp(newkey.contents, histkey.contents, - histkey.length) == 0)) { - krb5_free_keyblock_contents(context, &histkey); - krb5_free_keyblock_contents(context, &newkey); - - return(KADM5_PASS_REUSE); - } - krb5_free_keyblock_contents(context, &histkey); - } - } - krb5_free_keyblock_contents(context, &newkey); + ret = krb5_dbekd_decrypt_key_data(context, + mkey, + &(new_key_data[x]), + &newkey, NULL); + if (ret) + return(ret); + for (y = 0; y < n_pw_hist_data; y++) { + for (z = 0; z < pw_hist_data[y].n_key_data; z++) { + ret = krb5_dbekd_decrypt_key_data(context, + hist_keyblock, + &pw_hist_data[y].key_data[z], + &histkey, NULL); + if (ret) + return(ret); + + if ((newkey.length == histkey.length) && + (newkey.enctype == histkey.enctype) && + (memcmp(newkey.contents, histkey.contents, + histkey.length) == 0)) { + krb5_free_keyblock_contents(context, &histkey); + krb5_free_keyblock_contents(context, &newkey); + + return(KADM5_PASS_REUSE); + } + krb5_free_keyblock_contents(context, &histkey); + } + } + krb5_free_keyblock_contents(context, &newkey); } return(0); @@ -989,10 +990,10 @@ check_pw_reuse(krb5_context context, * * Arguments: * - * context (r) krb5_context to use - * n_key_data (r) number of elements in key_data - * key_data (r) keys to add to the history entry - * hist (w) history entry to fill in + * context (r) krb5_context to use + * n_key_data (r) number of elements in key_data + * key_data (r) keys to add to the history entry + * hist (w) history entry to fill in * * Effects: * @@ -1003,48 +1004,48 @@ check_pw_reuse(krb5_context context, */ static int create_history_entry(krb5_context context, krb5_keyblock *mkey, int n_key_data, - krb5_key_data *key_data, osa_pw_hist_ent *hist) + krb5_key_data *key_data, osa_pw_hist_ent *hist) { - int i, ret; - krb5_keyblock key; - krb5_keysalt salt; - - hist->key_data = (krb5_key_data*)malloc(n_key_data*sizeof(krb5_key_data)); - if (hist->key_data == NULL) - return ENOMEM; - memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data)); - - for (i = 0; i < n_key_data; i++) { - ret = krb5_dbekd_decrypt_key_data(context, - mkey, - &key_data[i], - &key, &salt); - if (ret) - return ret; - - ret = krb5_dbekd_encrypt_key_data(context, &hist_key, - &key, &salt, - key_data[i].key_data_kvno, - &hist->key_data[i]); - if (ret) - return ret; - - krb5_free_keyblock_contents(context, &key); - /* krb5_free_keysalt(context, &salt); */ - } - - hist->n_key_data = n_key_data; - return 0; + int i, ret; + krb5_keyblock key; + krb5_keysalt salt; + + hist->key_data = (krb5_key_data*)malloc(n_key_data*sizeof(krb5_key_data)); + if (hist->key_data == NULL) + return ENOMEM; + memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data)); + + for (i = 0; i < n_key_data; i++) { + ret = krb5_dbekd_decrypt_key_data(context, + mkey, + &key_data[i], + &key, &salt); + if (ret) + return ret; + + ret = krb5_dbekd_encrypt_key_data(context, &hist_key, + &key, &salt, + key_data[i].key_data_kvno, + &hist->key_data[i]); + if (ret) + return ret; + + krb5_free_keyblock_contents(context, &key); + /* krb5_free_keysalt(context, &salt); */ + } + + hist->n_key_data = n_key_data; + return 0; } static void free_history_entry(krb5_context context, osa_pw_hist_ent *hist) { - int i; + int i; - for (i = 0; i < hist->n_key_data; i++) - krb5_free_key_data_contents(context, &hist->key_data[i]); - free(hist->key_data); + for (i = 0; i < hist->n_key_data; i++) + krb5_free_key_data_contents(context, &hist->key_data[i]); + free(hist->key_data); } /* @@ -1054,10 +1055,10 @@ void free_history_entry(krb5_context context, osa_pw_hist_ent *hist) * * Arguments: * - * context (r) krb5_context to use - * adb (r/w) admin principal entry to add keys to - * pol (r) adb's policy - * pw (r) keys for the password to add to adb's key history + * context (r) krb5_context to use + * adb (r/w) admin principal entry to add keys to + * pol (r) adb's policy + * pw (r) keys for the password to add to adb's key history * * Effects: * @@ -1074,111 +1075,111 @@ void free_history_entry(krb5_context context, osa_pw_hist_ent *hist) * adb->old_key_len). */ static kadm5_ret_t add_to_history(krb5_context context, - osa_princ_ent_t adb, - kadm5_policy_ent_t pol, - osa_pw_hist_ent *pw) + osa_princ_ent_t adb, + kadm5_policy_ent_t pol, + osa_pw_hist_ent *pw) { - osa_pw_hist_ent *histp; - uint32_t nhist; - unsigned int i, knext, nkeys; - - nhist = pol->pw_history_num; - /* A history of 1 means just check the current password */ - if (nhist <= 1) - return 0; - - nkeys = adb->old_key_len; - knext = adb->old_key_next; - /* resize the adb->old_keys array if necessary */ - if (nkeys + 1 < nhist) { - if (adb->old_keys == NULL) { - adb->old_keys = (osa_pw_hist_ent *) - malloc((nkeys + 1) * sizeof (osa_pw_hist_ent)); - } else { - adb->old_keys = (osa_pw_hist_ent *) - realloc(adb->old_keys, - (nkeys + 1) * sizeof (osa_pw_hist_ent)); - } - if (adb->old_keys == NULL) - return(ENOMEM); - - memset(&adb->old_keys[nkeys], 0, sizeof(osa_pw_hist_ent)); - nkeys = ++adb->old_key_len; - /* - * To avoid losing old keys, shift forward each entry after - * knext. - */ - for (i = nkeys - 1; i > knext; i--) { - adb->old_keys[i] = adb->old_keys[i - 1]; - } - memset(&adb->old_keys[knext], 0, sizeof(osa_pw_hist_ent)); - } else if (nkeys + 1 > nhist) { - /* - * The policy must have changed! Shrink the array. - * Can't simply realloc() down, since it might be wrapped. - * To understand the arithmetic below, note that we are - * copying into new positions 0 .. N-1 from old positions - * old_key_next-N .. old_key_next-1, modulo old_key_len, - * where N = pw_history_num - 1 is the length of the - * shortened list. Matt Crawford, FNAL - */ - /* - * M = adb->old_key_len, N = pol->pw_history_num - 1 - * - * tmp[0] .. tmp[N-1] = old[(knext-N)%M] .. old[(knext-1)%M] - */ - int j; - osa_pw_hist_t tmp; - - tmp = (osa_pw_hist_ent *) - malloc((nhist - 1) * sizeof (osa_pw_hist_ent)); - if (tmp == NULL) - return ENOMEM; - for (i = 0; i < nhist - 1; i++) { - /* - * Add nkeys once before taking remainder to avoid - * negative values. - */ - j = (i + nkeys + knext - (nhist - 1)) % nkeys; - tmp[i] = adb->old_keys[j]; - } - /* Now free the ones we don't keep (the oldest ones) */ - for (i = 0; i < nkeys - (nhist - 1); i++) { - j = (i + nkeys + knext) % nkeys; - histp = &adb->old_keys[j]; - for (j = 0; j < histp->n_key_data; j++) { - krb5_free_key_data_contents(context, &histp->key_data[j]); - } - free(histp->key_data); - } - free(adb->old_keys); - adb->old_keys = tmp; - nkeys = adb->old_key_len = nhist - 1; - knext = adb->old_key_next = 0; - } - - /* - * If nhist decreased since the last password change, and nkeys+1 - * is less than the previous nhist, it is possible for knext to - * index into unallocated space. This condition would not be - * caught by the resizing code above. - */ - if (knext + 1 > nkeys) - knext = adb->old_key_next = 0; - /* free the old pw history entry if it contains data */ - histp = &adb->old_keys[knext]; - for (i = 0; i < histp->n_key_data; i++) - krb5_free_key_data_contents(context, &histp->key_data[i]); - free(histp->key_data); - - /* store the new entry */ - adb->old_keys[knext] = *pw; - - /* update the next pointer */ - if (++adb->old_key_next == nhist - 1) - adb->old_key_next = 0; - - return(0); + osa_pw_hist_ent *histp; + uint32_t nhist; + unsigned int i, knext, nkeys; + + nhist = pol->pw_history_num; + /* A history of 1 means just check the current password */ + if (nhist <= 1) + return 0; + + nkeys = adb->old_key_len; + knext = adb->old_key_next; + /* resize the adb->old_keys array if necessary */ + if (nkeys + 1 < nhist) { + if (adb->old_keys == NULL) { + adb->old_keys = (osa_pw_hist_ent *) + malloc((nkeys + 1) * sizeof (osa_pw_hist_ent)); + } else { + adb->old_keys = (osa_pw_hist_ent *) + realloc(adb->old_keys, + (nkeys + 1) * sizeof (osa_pw_hist_ent)); + } + if (adb->old_keys == NULL) + return(ENOMEM); + + memset(&adb->old_keys[nkeys], 0, sizeof(osa_pw_hist_ent)); + nkeys = ++adb->old_key_len; + /* + * To avoid losing old keys, shift forward each entry after + * knext. + */ + for (i = nkeys - 1; i > knext; i--) { + adb->old_keys[i] = adb->old_keys[i - 1]; + } + memset(&adb->old_keys[knext], 0, sizeof(osa_pw_hist_ent)); + } else if (nkeys + 1 > nhist) { + /* + * The policy must have changed! Shrink the array. + * Can't simply realloc() down, since it might be wrapped. + * To understand the arithmetic below, note that we are + * copying into new positions 0 .. N-1 from old positions + * old_key_next-N .. old_key_next-1, modulo old_key_len, + * where N = pw_history_num - 1 is the length of the + * shortened list. Matt Crawford, FNAL + */ + /* + * M = adb->old_key_len, N = pol->pw_history_num - 1 + * + * tmp[0] .. tmp[N-1] = old[(knext-N)%M] .. old[(knext-1)%M] + */ + int j; + osa_pw_hist_t tmp; + + tmp = (osa_pw_hist_ent *) + malloc((nhist - 1) * sizeof (osa_pw_hist_ent)); + if (tmp == NULL) + return ENOMEM; + for (i = 0; i < nhist - 1; i++) { + /* + * Add nkeys once before taking remainder to avoid + * negative values. + */ + j = (i + nkeys + knext - (nhist - 1)) % nkeys; + tmp[i] = adb->old_keys[j]; + } + /* Now free the ones we don't keep (the oldest ones) */ + for (i = 0; i < nkeys - (nhist - 1); i++) { + j = (i + nkeys + knext) % nkeys; + histp = &adb->old_keys[j]; + for (j = 0; j < histp->n_key_data; j++) { + krb5_free_key_data_contents(context, &histp->key_data[j]); + } + free(histp->key_data); + } + free(adb->old_keys); + adb->old_keys = tmp; + nkeys = adb->old_key_len = nhist - 1; + knext = adb->old_key_next = 0; + } + + /* + * If nhist decreased since the last password change, and nkeys+1 + * is less than the previous nhist, it is possible for knext to + * index into unallocated space. This condition would not be + * caught by the resizing code above. + */ + if (knext + 1 > nkeys) + knext = adb->old_key_next = 0; + /* free the old pw history entry if it contains data */ + histp = &adb->old_keys[knext]; + for (i = 0; i < histp->n_key_data; i++) + krb5_free_key_data_contents(context, &histp->key_data[i]); + free(histp->key_data); + + /* store the new entry */ + adb->old_keys[knext] = *pw; + + /* update the next pointer */ + if (++adb->old_key_next == nhist - 1) + adb->old_key_next = 0; + + return(0); } /* FIXME: don't use global variable for this */ @@ -1221,22 +1222,22 @@ kadm5_launch_task (krb5_context context, ret = pipe (data_pipe); if (ret) - ret = errno; + ret = errno; if (!ret) { pid_t pid = fork (); if (pid == -1) { ret = errno; - close (data_pipe[0]); - close (data_pipe[1]); + close (data_pipe[0]); + close (data_pipe[1]); } else if (pid == 0) { /* The child: */ if (dup2 (data_pipe[0], STDIN_FILENO) == -1) - _exit (1); + _exit (1); - close (data_pipe[0]); - close (data_pipe[1]); + close (data_pipe[0]); + close (data_pipe[1]); execv (task_path, task_argv); @@ -1245,21 +1246,21 @@ kadm5_launch_task (krb5_context context, /* The parent: */ int status; - ret = 0; + ret = 0; - close (data_pipe[0]); + close (data_pipe[0]); - /* Write out the buffer to the child, add \n */ - if (buffer) { - if (krb5_net_write (context, data_pipe[1], buffer, strlen (buffer)) < 0 - || krb5_net_write (context, data_pipe[1], "\n", 1) < 0) - { - /* kill the child to make sure waitpid() won't hang later */ - ret = errno; - kill (pid, SIGKILL); - } - } - close (data_pipe[1]); + /* Write out the buffer to the child, add \n */ + if (buffer) { + if (krb5_net_write (context, data_pipe[1], buffer, strlen (buffer)) < 0 + || krb5_net_write (context, data_pipe[1], "\n", 1) < 0) + { + /* kill the child to make sure waitpid() won't hang later */ + ret = errno; + kill (pid, SIGKILL); + } + } + close (data_pipe[1]); waitpid (pid, &status, 0); @@ -1267,7 +1268,7 @@ kadm5_launch_task (krb5_context context, if (WIFEXITED (status)) { /* child read password and exited. Check the return value. */ if ((WEXITSTATUS (status) != 0) && (WEXITSTATUS (status) != 252)) { - ret = KRB5KDC_ERR_POLICY; /* password change rejected */ + ret = KRB5KDC_ERR_POLICY; /* password change rejected */ } } else { /* child read password but crashed or was killed */ @@ -1284,27 +1285,27 @@ kadm5_launch_task (krb5_context context, kadm5_ret_t kadm5_chpass_principal(void *server_handle, - krb5_principal principal, char *password) + krb5_principal principal, char *password) { return - kadm5_chpass_principal_3(server_handle, principal, FALSE, - 0, NULL, password); + kadm5_chpass_principal_3(server_handle, principal, FALSE, + 0, NULL, password); } kadm5_ret_t kadm5_chpass_principal_3(void *server_handle, - krb5_principal principal, krb5_boolean keepold, - int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, - char *password) + krb5_principal principal, krb5_boolean keepold, + int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, + char *password) { - krb5_int32 now; - kadm5_policy_ent_rec pol; - osa_princ_ent_rec adb; - krb5_db_entry kdb, kdb_save; - int ret, ret2, last_pwd, hist_added; - int have_pol = 0; - kadm5_server_handle_t handle = server_handle; - osa_pw_hist_ent hist; + krb5_int32 now; + kadm5_policy_ent_rec pol; + osa_princ_ent_rec adb; + krb5_db_entry kdb, kdb_save; + int ret, ret2, last_pwd, hist_added; + int have_pol = 0; + kadm5_server_handle_t handle = server_handle; + osa_pw_hist_ent hist; krb5_keyblock *act_mkey; krb5_kvno act_kvno; @@ -1316,112 +1317,112 @@ kadm5_chpass_principal_3(void *server_handle, memset(&hist, 0, sizeof(hist)); if (principal == NULL || password == NULL) - return EINVAL; + return EINVAL; if ((krb5_principal_compare(handle->context, - principal, hist_princ)) == TRUE) - return KADM5_PROTECT_PRINCIPAL; + principal, hist_princ)) == TRUE) + return KADM5_PROTECT_PRINCIPAL; if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) - return(ret); + return(ret); /* we are going to need the current keys after the new keys are set */ if ((ret = kdb_get_entry(handle, principal, &kdb_save, NULL))) { - kdb_free_entry(handle, &kdb, &adb); - return(ret); + kdb_free_entry(handle, &kdb, &adb); + return(ret); } if ((adb.aux_attributes & KADM5_POLICY)) { - if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, &pol))) - goto done; - have_pol = 1; + if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, &pol))) + goto done; + have_pol = 1; } if ((ret = passwd_check(handle, password, adb.aux_attributes & - KADM5_POLICY, &pol, principal))) - goto done; + KADM5_POLICY, &pol, principal))) + goto done; ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, &act_kvno, &act_mkey); + active_mkey_list, &act_kvno, &act_mkey); if (ret) - goto done; + goto done; ret = krb5_dbe_cpw(handle->context, act_mkey, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - password, 0 /* increment kvno */, - keepold, &kdb); + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + password, 0 /* increment kvno */, + keepold, &kdb); if (ret) - goto done; + goto done; ret = krb5_dbe_update_mkvno(handle->context, &kdb, act_kvno); if (ret) - goto done; + goto done; kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(handle->context, &now); if (ret) - goto done; + goto done; if ((adb.aux_attributes & KADM5_POLICY)) { - /* the policy was loaded before */ + /* the policy was loaded before */ - ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd); - if (ret) - goto done; + ret = krb5_dbe_lookup_last_pwd_change(handle->context, + &kdb, &last_pwd); + if (ret) + goto done; #if 0 - /* - * The spec says this check is overridden if the caller has - * modify privilege. The admin server therefore makes this - * check itself (in chpass_principal_wrapper, misc.c). A - * local caller implicitly has all authorization bits. - */ - if ((now - last_pwd) < pol.pw_min_life && - !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { - ret = KADM5_PASS_TOOSOON; - goto done; - } + /* + * The spec says this check is overridden if the caller has + * modify privilege. The admin server therefore makes this + * check itself (in chpass_principal_wrapper, misc.c). A + * local caller implicitly has all authorization bits. + */ + if ((now - last_pwd) < pol.pw_min_life && + !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + ret = KADM5_PASS_TOOSOON; + goto done; + } #endif - ret = create_history_entry(handle->context, - act_mkey, - kdb_save.n_key_data, - kdb_save.key_data, &hist); - if (ret) - goto done; - - ret = check_pw_reuse(handle->context, act_mkey, &hist_key, - kdb.n_key_data, kdb.key_data, - 1, &hist); - if (ret) - goto done; - - if (pol.pw_history_num > 1) { - if (adb.admin_history_kvno != hist_kvno) { - ret = KADM5_BAD_HIST_KEY; - goto done; - } - - ret = check_pw_reuse(handle->context, act_mkey, &hist_key, - kdb.n_key_data, kdb.key_data, - adb.old_key_len, adb.old_keys); - if (ret) - goto done; - - ret = add_to_history(handle->context, &adb, &pol, &hist); - if (ret) - goto done; - hist_added = 1; - } - - if (pol.pw_max_life) - kdb.pw_expiration = now + pol.pw_max_life; - else - kdb.pw_expiration = 0; + ret = create_history_entry(handle->context, + act_mkey, + kdb_save.n_key_data, + kdb_save.key_data, &hist); + if (ret) + goto done; + + ret = check_pw_reuse(handle->context, act_mkey, &hist_key, + kdb.n_key_data, kdb.key_data, + 1, &hist); + if (ret) + goto done; + + if (pol.pw_history_num > 1) { + if (adb.admin_history_kvno != hist_kvno) { + ret = KADM5_BAD_HIST_KEY; + goto done; + } + + ret = check_pw_reuse(handle->context, act_mkey, &hist_key, + kdb.n_key_data, kdb.key_data, + adb.old_key_len, adb.old_keys); + if (ret) + goto done; + + ret = add_to_history(handle->context, &adb, &pol, &hist); + if (ret) + goto done; + hist_added = 1; + } + + if (pol.pw_max_life) + kdb.pw_expiration = now + pol.pw_max_life; + else + kdb.pw_expiration = 0; } else { - kdb.pw_expiration = 0; + kdb.pw_expiration = 0; } #ifdef USE_PASSWORD_SERVER @@ -1455,169 +1456,169 @@ kadm5_chpass_principal_3(void *server_handle, ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now); if (ret) - goto done; + goto done; /* unlock principal on this KDC */ kdb.fail_auth_count = 0; /* key data and attributes changed, let the database provider know */ kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES | - KADM5_FAIL_AUTH_COUNT; - /* | KADM5_CPW_FUNCTION */ + KADM5_FAIL_AUTH_COUNT; + /* | KADM5_CPW_FUNCTION */ if ((ret = kdb_put_entry(handle, &kdb, &adb))) - goto done; + goto done; ret = KADM5_OK; done: if (!hist_added && hist.key_data) - free_history_entry(handle->context, &hist); + free_history_entry(handle->context, &hist); kdb_free_entry(handle, &kdb, &adb); kdb_free_entry(handle, &kdb_save, NULL); krb5_db_free_principal(handle->context, &kdb, 1); if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol)) - && !ret) - ret = ret2; + && !ret) + ret = ret2; return ret; } kadm5_ret_t kadm5_randkey_principal(void *server_handle, - krb5_principal principal, - krb5_keyblock **keyblocks, - int *n_keys) + krb5_principal principal, + krb5_keyblock **keyblocks, + int *n_keys) { return - kadm5_randkey_principal_3(server_handle, principal, - FALSE, 0, NULL, - keyblocks, n_keys); + kadm5_randkey_principal_3(server_handle, principal, + FALSE, 0, NULL, + keyblocks, n_keys); } kadm5_ret_t kadm5_randkey_principal_3(void *server_handle, - krb5_principal principal, - krb5_boolean keepold, - int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, - krb5_keyblock **keyblocks, - int *n_keys) + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, + krb5_keyblock **keyblocks, + int *n_keys) { - krb5_db_entry kdb; - osa_princ_ent_rec adb; - krb5_int32 now; - kadm5_policy_ent_rec pol; - int ret, last_pwd, have_pol = 0; - kadm5_server_handle_t handle = server_handle; + krb5_db_entry kdb; + osa_princ_ent_rec adb; + krb5_int32 now; + kadm5_policy_ent_rec pol; + int ret, last_pwd, have_pol = 0; + kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; if (keyblocks) - *keyblocks = NULL; + *keyblocks = NULL; CHECK_HANDLE(server_handle); krb5_clear_error_message(handle->context); if (principal == NULL) - return EINVAL; + return EINVAL; if (hist_princ && /* this will be NULL when initializing the databse */ - ((krb5_principal_compare(handle->context, - principal, hist_princ)) == TRUE)) - return KADM5_PROTECT_PRINCIPAL; + ((krb5_principal_compare(handle->context, + principal, hist_princ)) == TRUE)) + return KADM5_PROTECT_PRINCIPAL; if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) - return(ret); + return(ret); ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, NULL, &act_mkey); + active_mkey_list, NULL, &act_mkey); if (ret) - goto done; + goto done; ret = krb5_dbe_crk(handle->context, act_mkey, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - keepold, - &kdb); + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + keepold, + &kdb); if (ret) - goto done; + goto done; kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(handle->context, &now); if (ret) - goto done; + goto done; if ((adb.aux_attributes & KADM5_POLICY)) { - if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, - &pol)) != KADM5_OK) - goto done; - have_pol = 1; + if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, + &pol)) != KADM5_OK) + goto done; + have_pol = 1; - ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd); - if (ret) - goto done; + ret = krb5_dbe_lookup_last_pwd_change(handle->context, + &kdb, &last_pwd); + if (ret) + goto done; #if 0 - /* - * The spec says this check is overridden if the caller has - * modify privilege. The admin server therefore makes this - * check itself (in chpass_principal_wrapper, misc.c). A - * local caller implicitly has all authorization bits. - */ - if((now - last_pwd) < pol.pw_min_life && - !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { - ret = KADM5_PASS_TOOSOON; - goto done; - } + /* + * The spec says this check is overridden if the caller has + * modify privilege. The admin server therefore makes this + * check itself (in chpass_principal_wrapper, misc.c). A + * local caller implicitly has all authorization bits. + */ + if((now - last_pwd) < pol.pw_min_life && + !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + ret = KADM5_PASS_TOOSOON; + goto done; + } #endif - if(pol.pw_history_num > 1) { - if(adb.admin_history_kvno != hist_kvno) { - ret = KADM5_BAD_HIST_KEY; - goto done; - } - - ret = check_pw_reuse(handle->context, act_mkey, &hist_key, - kdb.n_key_data, kdb.key_data, - adb.old_key_len, adb.old_keys); - if (ret) - goto done; - } - if (pol.pw_max_life) - kdb.pw_expiration = now + pol.pw_max_life; - else - kdb.pw_expiration = 0; + if(pol.pw_history_num > 1) { + if(adb.admin_history_kvno != hist_kvno) { + ret = KADM5_BAD_HIST_KEY; + goto done; + } + + ret = check_pw_reuse(handle->context, act_mkey, &hist_key, + kdb.n_key_data, kdb.key_data, + adb.old_key_len, adb.old_keys); + if (ret) + goto done; + } + if (pol.pw_max_life) + kdb.pw_expiration = now + pol.pw_max_life; + else + kdb.pw_expiration = 0; } else { - kdb.pw_expiration = 0; + kdb.pw_expiration = 0; } ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now); if (ret) - goto done; + goto done; /* unlock principal on this KDC */ kdb.fail_auth_count = 0; - if (keyblocks) { - ret = decrypt_key_data(handle->context, act_mkey, - kdb.n_key_data, kdb.key_data, - keyblocks, n_keys); - if (ret) - goto done; + if (keyblocks) { + ret = decrypt_key_data(handle->context, act_mkey, + kdb.n_key_data, kdb.key_data, + keyblocks, n_keys); + if (ret) + goto done; } /* key data changed, let the database provider know */ kdb.mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT; - /* | KADM5_RANDKEY_USED */; + /* | KADM5_RANDKEY_USED */; if ((ret = kdb_put_entry(handle, &kdb, &adb))) - goto done; + goto done; ret = KADM5_OK; done: kdb_free_entry(handle, &kdb, &adb); if (have_pol) - kadm5_free_policy_ent(handle->lhandle, &pol); + kadm5_free_policy_ent(handle->lhandle, &pol); return ret; } @@ -1631,19 +1632,19 @@ done: */ kadm5_ret_t kadm5_setv4key_principal(void *server_handle, - krb5_principal principal, - krb5_keyblock *keyblock) + krb5_principal principal, + krb5_keyblock *keyblock) { - krb5_db_entry kdb; - osa_princ_ent_rec adb; - krb5_int32 now; - kadm5_policy_ent_rec pol; - krb5_keysalt keysalt; - int i, k, kvno, ret, have_pol = 0; + krb5_db_entry kdb; + osa_princ_ent_rec adb; + krb5_int32 now; + kadm5_policy_ent_rec pol; + krb5_keysalt keysalt; + int i, k, kvno, ret, have_pol = 0; #if 0 int last_pwd; #endif - kadm5_server_handle_t handle = server_handle; + kadm5_server_handle_t handle = server_handle; krb5_key_data tmp_key_data; krb5_keyblock *act_mkey; @@ -1654,28 +1655,28 @@ kadm5_setv4key_principal(void *server_handle, krb5_clear_error_message(handle->context); if (principal == NULL || keyblock == NULL) - return EINVAL; + return EINVAL; if (hist_princ && /* this will be NULL when initializing the databse */ - ((krb5_principal_compare(handle->context, - principal, hist_princ)) == TRUE)) - return KADM5_PROTECT_PRINCIPAL; + ((krb5_principal_compare(handle->context, + principal, hist_princ)) == TRUE)) + return KADM5_PROTECT_PRINCIPAL; if (keyblock->enctype != ENCTYPE_DES_CBC_CRC) - return KADM5_SETV4KEY_INVAL_ENCTYPE; + return KADM5_SETV4KEY_INVAL_ENCTYPE; if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) - return(ret); + return(ret); for (kvno = 0, i=0; i<kdb.n_key_data; i++) - if (kdb.key_data[i].key_data_kvno > kvno) - kvno = kdb.key_data[i].key_data_kvno; + if (kdb.key_data[i].key_data_kvno > kvno) + kvno = kdb.key_data[i].key_data_kvno; if (kdb.key_data != NULL) - cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); + cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data)); if (kdb.key_data == NULL) - return ENOMEM; + return ENOMEM; memset(kdb.key_data, 0, sizeof(krb5_key_data)); kdb.n_key_data = 1; keysalt.type = KRB5_KDB_SALTTYPE_V4; @@ -1684,36 +1685,36 @@ kadm5_setv4key_principal(void *server_handle, keysalt.data.data = NULL; ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, NULL, &act_mkey); + active_mkey_list, NULL, &act_mkey); if (ret) - goto done; + goto done; /* use tmp_key_data as temporary location and reallocate later */ ret = krb5_dbekd_encrypt_key_data(handle->context, act_mkey, - keyblock, &keysalt, kvno + 1, - &tmp_key_data); + keyblock, &keysalt, kvno + 1, + &tmp_key_data); if (ret) { - goto done; + goto done; } for (k = 0; k < tmp_key_data.key_data_ver; k++) { - kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k]; - kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k]; - if (tmp_key_data.key_data_contents[k]) { - kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); - if (kdb.key_data->key_data_contents[k] == NULL) { - cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); - kdb.key_data = NULL; - kdb.n_key_data = 0; - ret = ENOMEM; - goto done; - } - memcpy (kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); - - memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); - free (tmp_key_data.key_data_contents[k]); - tmp_key_data.key_data_contents[k] = NULL; - } + kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k]; + kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k]; + if (tmp_key_data.key_data_contents[k]) { + kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); + if (kdb.key_data->key_data_contents[k] == NULL) { + cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); + kdb.key_data = NULL; + kdb.n_key_data = 0; + ret = ENOMEM; + goto done; + } + memcpy (kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free (tmp_key_data.key_data_contents[k]); + tmp_key_data.key_data_contents[k] = NULL; + } } @@ -1722,115 +1723,115 @@ kadm5_setv4key_principal(void *server_handle, ret = krb5_timeofday(handle->context, &now); if (ret) - goto done; + goto done; if ((adb.aux_attributes & KADM5_POLICY)) { - if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, - &pol)) != KADM5_OK) - goto done; - have_pol = 1; + if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, + &pol)) != KADM5_OK) + goto done; + have_pol = 1; #if 0 - /* - * The spec says this check is overridden if the caller has - * modify privilege. The admin server therefore makes this - * check itself (in chpass_principal_wrapper, misc.c). A - * local caller implicitly has all authorization bits. - */ - if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd)) - goto done; - if((now - last_pwd) < pol.pw_min_life && - !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { - ret = KADM5_PASS_TOOSOON; - goto done; - } + /* + * The spec says this check is overridden if the caller has + * modify privilege. The admin server therefore makes this + * check itself (in chpass_principal_wrapper, misc.c). A + * local caller implicitly has all authorization bits. + */ + if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, + &kdb, &last_pwd)) + goto done; + if((now - last_pwd) < pol.pw_min_life && + !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + ret = KADM5_PASS_TOOSOON; + goto done; + } #endif #if 0 - /* - * Should we be checking/updating pw history here? - */ - if(pol.pw_history_num > 1) { - if(adb.admin_history_kvno != hist_kvno) { - ret = KADM5_BAD_HIST_KEY; - goto done; - } - - if (ret = check_pw_reuse(handle->context, - &hist_key, - kdb.n_key_data, kdb.key_data, - adb.old_key_len, adb.old_keys)) - goto done; - } + /* + * Should we be checking/updating pw history here? + */ + if(pol.pw_history_num > 1) { + if(adb.admin_history_kvno != hist_kvno) { + ret = KADM5_BAD_HIST_KEY; + goto done; + } + + if (ret = check_pw_reuse(handle->context, + &hist_key, + kdb.n_key_data, kdb.key_data, + adb.old_key_len, adb.old_keys)) + goto done; + } #endif - if (pol.pw_max_life) - kdb.pw_expiration = now + pol.pw_max_life; - else - kdb.pw_expiration = 0; + if (pol.pw_max_life) + kdb.pw_expiration = now + pol.pw_max_life; + else + kdb.pw_expiration = 0; } else { - kdb.pw_expiration = 0; + kdb.pw_expiration = 0; } ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now); if (ret) - goto done; + goto done; /* unlock principal on this KDC */ kdb.fail_auth_count = 0; if ((ret = kdb_put_entry(handle, &kdb, &adb))) - goto done; + goto done; ret = KADM5_OK; done: for (i = 0; i < tmp_key_data.key_data_ver; i++) { - if (tmp_key_data.key_data_contents[i]) { - memset (tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); - free (tmp_key_data.key_data_contents[i]); - } + if (tmp_key_data.key_data_contents[i]) { + memset (tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); + free (tmp_key_data.key_data_contents[i]); + } } kdb_free_entry(handle, &kdb, &adb); if (have_pol) - kadm5_free_policy_ent(handle->lhandle, &pol); + kadm5_free_policy_ent(handle->lhandle, &pol); return ret; } kadm5_ret_t kadm5_setkey_principal(void *server_handle, - krb5_principal principal, - krb5_keyblock *keyblocks, - int n_keys) + krb5_principal principal, + krb5_keyblock *keyblocks, + int n_keys) { return - kadm5_setkey_principal_3(server_handle, principal, - FALSE, 0, NULL, - keyblocks, n_keys); + kadm5_setkey_principal_3(server_handle, principal, + FALSE, 0, NULL, + keyblocks, n_keys); } kadm5_ret_t kadm5_setkey_principal_3(void *server_handle, - krb5_principal principal, - krb5_boolean keepold, - int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, - krb5_keyblock *keyblocks, - int n_keys) + krb5_principal principal, + krb5_boolean keepold, + int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, + krb5_keyblock *keyblocks, + int n_keys) { - krb5_db_entry kdb; - osa_princ_ent_rec adb; - krb5_int32 now; - kadm5_policy_ent_rec pol; - krb5_key_data *old_key_data; - int n_old_keys; - int i, j, k, kvno, ret, have_pol = 0; + krb5_db_entry kdb; + osa_princ_ent_rec adb; + krb5_int32 now; + kadm5_policy_ent_rec pol; + krb5_key_data *old_key_data; + int n_old_keys; + int i, j, k, kvno, ret, have_pol = 0; #if 0 int last_pwd; #endif - kadm5_server_handle_t handle = server_handle; - krb5_boolean similar; - krb5_keysalt keysalt; + kadm5_server_handle_t handle = server_handle; + krb5_boolean similar; + krb5_keysalt keysalt; krb5_key_data tmp_key_data; krb5_key_data *tptr; krb5_keyblock *act_mkey; @@ -1840,177 +1841,177 @@ kadm5_setkey_principal_3(void *server_handle, krb5_clear_error_message(handle->context); if (principal == NULL || keyblocks == NULL) - return EINVAL; + return EINVAL; if (hist_princ && /* this will be NULL when initializing the databse */ - ((krb5_principal_compare(handle->context, - principal, hist_princ)) == TRUE)) - return KADM5_PROTECT_PRINCIPAL; + ((krb5_principal_compare(handle->context, + principal, hist_princ)) == TRUE)) + return KADM5_PROTECT_PRINCIPAL; for (i = 0; i < n_keys; i++) { - for (j = i+1; j < n_keys; j++) { - if ((ret = krb5_c_enctype_compare(handle->context, - keyblocks[i].enctype, - keyblocks[j].enctype, - &similar))) - return(ret); - if (similar) { - if (n_ks_tuple) { - if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype) - return KADM5_SETKEY_DUP_ENCTYPES; - } else - return KADM5_SETKEY_DUP_ENCTYPES; - } - } + for (j = i+1; j < n_keys; j++) { + if ((ret = krb5_c_enctype_compare(handle->context, + keyblocks[i].enctype, + keyblocks[j].enctype, + &similar))) + return(ret); + if (similar) { + if (n_ks_tuple) { + if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype) + return KADM5_SETKEY_DUP_ENCTYPES; + } else + return KADM5_SETKEY_DUP_ENCTYPES; + } + } } if (n_ks_tuple && n_ks_tuple != n_keys) - return KADM5_SETKEY3_ETYPE_MISMATCH; + return KADM5_SETKEY3_ETYPE_MISMATCH; if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) - return(ret); + return(ret); for (kvno = 0, i=0; i<kdb.n_key_data; i++) - if (kdb.key_data[i].key_data_kvno > kvno) - kvno = kdb.key_data[i].key_data_kvno; + if (kdb.key_data[i].key_data_kvno > kvno) + kvno = kdb.key_data[i].key_data_kvno; if (keepold) { - old_key_data = kdb.key_data; - n_old_keys = kdb.n_key_data; + old_key_data = kdb.key_data; + n_old_keys = kdb.n_key_data; } else { - if (kdb.key_data != NULL) - cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); - n_old_keys = 0; - old_key_data = NULL; + if (kdb.key_data != NULL) + cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); + n_old_keys = 0; + old_key_data = NULL; } kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys) - *sizeof(krb5_key_data)); + *sizeof(krb5_key_data)); if (kdb.key_data == NULL) { - ret = ENOMEM; - goto done; + ret = ENOMEM; + goto done; } memset(kdb.key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data)); kdb.n_key_data = 0; for (i = 0; i < n_keys; i++) { - if (n_ks_tuple) { - keysalt.type = ks_tuple[i].ks_salttype; - keysalt.data.length = 0; - keysalt.data.data = NULL; - if (ks_tuple[i].ks_enctype != keyblocks[i].enctype) { - ret = KADM5_SETKEY3_ETYPE_MISMATCH; - goto done; - } - } - memset (&tmp_key_data, 0, sizeof(tmp_key_data)); - - ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, - active_mkey_list, NULL, &act_mkey); - if (ret) - goto done; - - ret = krb5_dbekd_encrypt_key_data(handle->context, - act_mkey, - &keyblocks[i], - n_ks_tuple ? &keysalt : NULL, - kvno + 1, - &tmp_key_data); - if (ret) - goto done; - - tptr = &kdb.key_data[i]; - tptr->key_data_ver = tmp_key_data.key_data_ver; - tptr->key_data_kvno = tmp_key_data.key_data_kvno; - for (k = 0; k < tmp_key_data.key_data_ver; k++) { - tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; - tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; - if (tmp_key_data.key_data_contents[k]) { - tptr->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); - if (tptr->key_data_contents[k] == NULL) { - int i1; - for (i1 = k; i1 < tmp_key_data.key_data_ver; i1++) { - if (tmp_key_data.key_data_contents[i1]) { - memset (tmp_key_data.key_data_contents[i1], 0, tmp_key_data.key_data_length[i1]); - free (tmp_key_data.key_data_contents[i1]); - } - } - - ret = ENOMEM; - goto done; - } - memcpy (tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); - - memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); - free (tmp_key_data.key_data_contents[k]); - tmp_key_data.key_data_contents[k] = NULL; - } - } - kdb.n_key_data++; + if (n_ks_tuple) { + keysalt.type = ks_tuple[i].ks_salttype; + keysalt.data.length = 0; + keysalt.data.data = NULL; + if (ks_tuple[i].ks_enctype != keyblocks[i].enctype) { + ret = KADM5_SETKEY3_ETYPE_MISMATCH; + goto done; + } + } + memset (&tmp_key_data, 0, sizeof(tmp_key_data)); + + ret = krb5_dbe_find_act_mkey(handle->context, master_keylist, + active_mkey_list, NULL, &act_mkey); + if (ret) + goto done; + + ret = krb5_dbekd_encrypt_key_data(handle->context, + act_mkey, + &keyblocks[i], + n_ks_tuple ? &keysalt : NULL, + kvno + 1, + &tmp_key_data); + if (ret) + goto done; + + tptr = &kdb.key_data[i]; + tptr->key_data_ver = tmp_key_data.key_data_ver; + tptr->key_data_kvno = tmp_key_data.key_data_kvno; + for (k = 0; k < tmp_key_data.key_data_ver; k++) { + tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; + tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; + if (tmp_key_data.key_data_contents[k]) { + tptr->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); + if (tptr->key_data_contents[k] == NULL) { + int i1; + for (i1 = k; i1 < tmp_key_data.key_data_ver; i1++) { + if (tmp_key_data.key_data_contents[i1]) { + memset (tmp_key_data.key_data_contents[i1], 0, tmp_key_data.key_data_length[i1]); + free (tmp_key_data.key_data_contents[i1]); + } + } + + ret = ENOMEM; + goto done; + } + memcpy (tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free (tmp_key_data.key_data_contents[k]); + tmp_key_data.key_data_contents[k] = NULL; + } + } + kdb.n_key_data++; } /* copy old key data if necessary */ for (i = 0; i < n_old_keys; i++) { - kdb.key_data[i+n_keys] = old_key_data[i]; - memset(&old_key_data[i], 0, sizeof (krb5_key_data)); - kdb.n_key_data++; + kdb.key_data[i+n_keys] = old_key_data[i]; + memset(&old_key_data[i], 0, sizeof (krb5_key_data)); + kdb.n_key_data++; } if (old_key_data) - krb5_db_free(handle->context, old_key_data); + krb5_db_free(handle->context, old_key_data); /* assert(kdb.n_key_data == n_keys + n_old_keys) */ kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; if ((ret = krb5_timeofday(handle->context, &now))) - goto done; + goto done; if ((adb.aux_attributes & KADM5_POLICY)) { - if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, - &pol)) != KADM5_OK) - goto done; - have_pol = 1; + if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, + &pol)) != KADM5_OK) + goto done; + have_pol = 1; #if 0 - /* - * The spec says this check is overridden if the caller has - * modify privilege. The admin server therefore makes this - * check itself (in chpass_principal_wrapper, misc.c). A - * local caller implicitly has all authorization bits. - */ - if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, - &kdb, &last_pwd)) - goto done; - if((now - last_pwd) < pol.pw_min_life && - !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { - ret = KADM5_PASS_TOOSOON; - goto done; - } + /* + * The spec says this check is overridden if the caller has + * modify privilege. The admin server therefore makes this + * check itself (in chpass_principal_wrapper, misc.c). A + * local caller implicitly has all authorization bits. + */ + if (ret = krb5_dbe_lookup_last_pwd_change(handle->context, + &kdb, &last_pwd)) + goto done; + if((now - last_pwd) < pol.pw_min_life && + !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + ret = KADM5_PASS_TOOSOON; + goto done; + } #endif #if 0 - /* - * Should we be checking/updating pw history here? - */ - if (pol.pw_history_num > 1) { - if(adb.admin_history_kvno != hist_kvno) { - ret = KADM5_BAD_HIST_KEY; - goto done; - } - - if (ret = check_pw_reuse(handle->context, - &hist_key, - kdb.n_key_data, kdb.key_data, - adb.old_key_len, adb.old_keys)) - goto done; - } + /* + * Should we be checking/updating pw history here? + */ + if (pol.pw_history_num > 1) { + if(adb.admin_history_kvno != hist_kvno) { + ret = KADM5_BAD_HIST_KEY; + goto done; + } + + if (ret = check_pw_reuse(handle->context, + &hist_key, + kdb.n_key_data, kdb.key_data, + adb.old_key_len, adb.old_keys)) + goto done; + } #endif - if (pol.pw_max_life) - kdb.pw_expiration = now + pol.pw_max_life; - else - kdb.pw_expiration = 0; + if (pol.pw_max_life) + kdb.pw_expiration = now + pol.pw_max_life; + else + kdb.pw_expiration = 0; } else { - kdb.pw_expiration = 0; + kdb.pw_expiration = 0; } if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) @@ -2020,13 +2021,13 @@ kadm5_setkey_principal_3(void *server_handle, kdb.fail_auth_count = 0; if ((ret = kdb_put_entry(handle, &kdb, &adb))) - goto done; + goto done; ret = KADM5_OK; done: kdb_free_entry(handle, &kdb, &adb); if (have_pol) - kadm5_free_policy_ent(handle->lhandle, &pol); + kadm5_free_policy_ent(handle->lhandle, &pol); return ret; } @@ -2048,7 +2049,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */, krb5_keyblock *mkey_ptr; if (keyblocks) - *keyblocks = NULL; + *keyblocks = NULL; CHECK_HANDLE(server_handle); @@ -2056,10 +2057,10 @@ kadm5_get_principal_keys(void *server_handle /* IN */, return EINVAL; if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) - return(ret); + return(ret); if (keyblocks) { - if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, &kdb, + if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, &kdb, &mkey_ptr))) { krb5_keylist_node *tmp_mkey_list; /* try refreshing master key list */ @@ -2078,11 +2079,11 @@ kadm5_get_principal_keys(void *server_handle /* IN */, } } - ret = decrypt_key_data(handle->context, mkey_ptr, - kdb.n_key_data, kdb.key_data, - keyblocks, n_keys); - if (ret) - goto done; + ret = decrypt_key_data(handle->context, mkey_ptr, + kdb.n_key_data, kdb.key_data, + keyblocks, n_keys); + if (ret) + goto done; } ret = KADM5_OK; @@ -2100,40 +2101,40 @@ done: * number of keys decrypted. */ static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey, - int n_key_data, krb5_key_data *key_data, - krb5_keyblock **keyblocks, int *n_keys) + int n_key_data, krb5_key_data *key_data, + krb5_keyblock **keyblocks, int *n_keys) { - krb5_keyblock *keys; - int ret, i; - - keys = (krb5_keyblock *) malloc(n_key_data*sizeof(krb5_keyblock)); - if (keys == NULL) - return ENOMEM; - memset(keys, 0, n_key_data*sizeof(krb5_keyblock)); - - for (i = 0; i < n_key_data; i++) { - ret = krb5_dbekd_decrypt_key_data(context, mkey, - &key_data[i], - &keys[i], NULL); - if (ret) { - for (; i >= 0; i--) { - if (keys[i].contents) { - memset (keys[i].contents, 0, keys[i].length); - free( keys[i].contents ); - } - } - - memset(keys, 0, n_key_data*sizeof(krb5_keyblock)); - free(keys); - return ret; - } - } - - *keyblocks = keys; - if (n_keys) - *n_keys = n_key_data; - - return 0; + krb5_keyblock *keys; + int ret, i; + + keys = (krb5_keyblock *) malloc(n_key_data*sizeof(krb5_keyblock)); + if (keys == NULL) + return ENOMEM; + memset(keys, 0, n_key_data*sizeof(krb5_keyblock)); + + for (i = 0; i < n_key_data; i++) { + ret = krb5_dbekd_decrypt_key_data(context, mkey, + &key_data[i], + &keys[i], NULL); + if (ret) { + for (; i >= 0; i--) { + if (keys[i].contents) { + memset (keys[i].contents, 0, keys[i].length); + free( keys[i].contents ); + } + } + + memset(keys, 0, n_key_data*sizeof(krb5_keyblock)); + free(keys); + return ret; + } + } + + *keyblocks = keys; + if (n_keys) + *n_keys = n_key_data; + + return 0; } /* @@ -2143,15 +2144,15 @@ static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey, * * Arguments: * - * server_handle (r) kadm5 handle - * entry (r) principal retrieved with kadm5_get_principal - * ktype (r) enctype to search for, or -1 to ignore - * stype (r) salt type to search for, or -1 to ignore - * kvno (r) kvno to search for, -1 for max, 0 for max - * only if it also matches ktype and stype - * keyblock (w) keyblock to fill in - * keysalt (w) keysalt to fill in, or NULL - * kvnop (w) kvno to fill in, or NULL + * server_handle (r) kadm5 handle + * entry (r) principal retrieved with kadm5_get_principal + * ktype (r) enctype to search for, or -1 to ignore + * stype (r) salt type to search for, or -1 to ignore + * kvno (r) kvno to search for, -1 for max, 0 for max + * only if it also matches ktype and stype + * keyblock (w) keyblock to fill in + * keysalt (w) keysalt to fill in, or NULL + * kvnop (w) kvno to fill in, or NULL * * Effects: Searches the key_data array of entry, which must have been * retrived with kadm5_get_principal with the KADM5_KEY_DATA mask, to @@ -2167,10 +2168,10 @@ static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey, * returned. */ kadm5_ret_t kadm5_decrypt_key(void *server_handle, - kadm5_principal_ent_t entry, krb5_int32 - ktype, krb5_int32 stype, krb5_int32 - kvno, krb5_keyblock *keyblock, - krb5_keysalt *keysalt, int *kvnop) + kadm5_principal_ent_t entry, krb5_int32 + ktype, krb5_int32 stype, krb5_int32 + kvno, krb5_keyblock *keyblock, + krb5_keysalt *keysalt, int *kvnop) { kadm5_server_handle_t handle = server_handle; krb5_db_entry dbent; @@ -2181,14 +2182,14 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, CHECK_HANDLE(server_handle); if (entry->n_key_data == 0 || entry->key_data == NULL) - return EINVAL; + return EINVAL; /* find_enctype only uses these two fields */ dbent.n_key_data = entry->n_key_data; dbent.key_data = entry->key_data; if ((ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype, - stype, kvno, &key_data))) - return ret; + stype, kvno, &key_data))) + return ret; /* find_mkey only uses this field */ dbent.tl_data = entry->tl_data; @@ -2211,9 +2212,9 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, } if ((ret = krb5_dbekd_decrypt_key_data(handle->context, - mkey_ptr, key_data, - keyblock, keysalt))) - return ret; + mkey_ptr, key_data, + keyblock, keysalt))) + return ret; /* * Coerce the enctype of the output keyblock in case we got an @@ -2224,7 +2225,7 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, keyblock->enctype = ktype; if (kvnop) - *kvnop = key_data->key_data_kvno; + *kvnop = key_data->key_data_kvno; return KADM5_OK; } diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c index 51637f7..c6fd435 100644 --- a/src/lib/kadm5/str_conv.c +++ b/src/lib/kadm5/str_conv.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kadm/str_conv.c * @@ -34,11 +35,11 @@ * * String decoding: * ---------------- - * krb5_string_to_flags() - Convert string to krb5_flags. + * krb5_string_to_flags() - Convert string to krb5_flags. * * String encoding: * ---------------- - * krb5_flags_to_string() - Convert krb5_flags to string. + * krb5_flags_to_string() - Convert krb5_flags to string. */ #include "k5-int.h" @@ -49,10 +50,10 @@ * Local data structures. */ struct flags_lookup_entry { - krb5_flags fl_flags; /* Flag */ - krb5_boolean fl_sense; /* Sense of the flag */ - const char * fl_specifier; /* How to recognize it */ - const char * fl_output; /* How to spit it out */ + krb5_flags fl_flags; /* Flag */ + krb5_boolean fl_sense; /* Sense of the flag */ + const char * fl_specifier; /* How to recognize it */ + const char * fl_output; /* How to spit it out */ }; /* @@ -64,82 +65,82 @@ static const char default_ksaltseps[] = ":."; /* Keytype strings */ /* Flags strings */ -static const char flags_pdate_in[] = "postdateable"; -static const char flags_fwd_in[] = "forwardable"; -static const char flags_tgtbased_in[] = "tgt-based"; -static const char flags_renew_in[] = "renewable"; -static const char flags_proxy_in[] = "proxiable"; -static const char flags_dup_skey_in[] = "dup-skey"; -static const char flags_tickets_in[] = "allow-tickets"; -static const char flags_preauth_in[] = "preauth"; -static const char flags_hwauth_in[] = "hwauth"; -static const char flags_ok_as_delegate_in[] = "ok-as-delegate"; -static const char flags_pwchange_in[] = "pwchange"; -static const char flags_service_in[] = "service"; -static const char flags_pwsvc_in[] = "pwservice"; -static const char flags_md5_in[] = "md5"; +static const char flags_pdate_in[] = "postdateable"; +static const char flags_fwd_in[] = "forwardable"; +static const char flags_tgtbased_in[] = "tgt-based"; +static const char flags_renew_in[] = "renewable"; +static const char flags_proxy_in[] = "proxiable"; +static const char flags_dup_skey_in[] = "dup-skey"; +static const char flags_tickets_in[] = "allow-tickets"; +static const char flags_preauth_in[] = "preauth"; +static const char flags_hwauth_in[] = "hwauth"; +static const char flags_ok_as_delegate_in[] = "ok-as-delegate"; +static const char flags_pwchange_in[] = "pwchange"; +static const char flags_service_in[] = "service"; +static const char flags_pwsvc_in[] = "pwservice"; +static const char flags_md5_in[] = "md5"; static const char flags_ok_to_auth_as_delegate_in[] = "ok-to-auth-as-delegate"; static const char flags_no_auth_data_required_in[] = "no-auth-data-required"; -static const char flags_pdate_out[] = "Not Postdateable"; -static const char flags_fwd_out[] = "Not Forwardable"; -static const char flags_tgtbased_out[] = "No TGT-based requests"; -static const char flags_renew_out[] = "Not renewable"; -static const char flags_proxy_out[] = "Not proxiable"; -static const char flags_dup_skey_out[] = "No DUP_SKEY requests"; -static const char flags_tickets_out[] = "All Tickets Disallowed"; -static const char flags_preauth_out[] = "Preauthentication required"; -static const char flags_hwauth_out[] = "HW authentication required"; -static const char flags_ok_as_delegate_out[] = "OK as Delegate"; -static const char flags_pwchange_out[] = "Password Change required"; -static const char flags_service_out[] = "Service Disabled"; -static const char flags_pwsvc_out[] = "Password Changing Service"; -static const char flags_md5_out[] = "RSA-MD5 supported"; +static const char flags_pdate_out[] = "Not Postdateable"; +static const char flags_fwd_out[] = "Not Forwardable"; +static const char flags_tgtbased_out[] = "No TGT-based requests"; +static const char flags_renew_out[] = "Not renewable"; +static const char flags_proxy_out[] = "Not proxiable"; +static const char flags_dup_skey_out[] = "No DUP_SKEY requests"; +static const char flags_tickets_out[] = "All Tickets Disallowed"; +static const char flags_preauth_out[] = "Preauthentication required"; +static const char flags_hwauth_out[] = "HW authentication required"; +static const char flags_ok_as_delegate_out[] = "OK as Delegate"; +static const char flags_pwchange_out[] = "Password Change required"; +static const char flags_service_out[] = "Service Disabled"; +static const char flags_pwsvc_out[] = "Password Changing Service"; +static const char flags_md5_out[] = "RSA-MD5 supported"; static const char flags_ok_to_auth_as_delegate_out[] = "Protocol transition with delegation allowed"; static const char flags_no_auth_data_required_out[] = "No authorization data required"; -static const char flags_default_neg[] = "-"; -static const char flags_default_sep[] = " "; +static const char flags_default_neg[] = "-"; +static const char flags_default_sep[] = " "; /* * Lookup tables. */ static const struct flags_lookup_entry flags_table[] = { -/* flag sense input specifier output string */ -/*----------------------------- ------- ------------------ ------------------*/ -{ KRB5_KDB_DISALLOW_POSTDATED, 0, flags_pdate_in, flags_pdate_out }, -{ KRB5_KDB_DISALLOW_FORWARDABLE,0, flags_fwd_in, flags_fwd_out }, -{ KRB5_KDB_DISALLOW_TGT_BASED, 0, flags_tgtbased_in, flags_tgtbased_out}, -{ KRB5_KDB_DISALLOW_RENEWABLE, 0, flags_renew_in, flags_renew_out }, -{ KRB5_KDB_DISALLOW_PROXIABLE, 0, flags_proxy_in, flags_proxy_out }, -{ KRB5_KDB_DISALLOW_DUP_SKEY, 0, flags_dup_skey_in, flags_dup_skey_out}, -{ KRB5_KDB_DISALLOW_ALL_TIX, 0, flags_tickets_in, flags_tickets_out }, -{ KRB5_KDB_REQUIRES_PRE_AUTH, 1, flags_preauth_in, flags_preauth_out }, -{ KRB5_KDB_REQUIRES_HW_AUTH, 1, flags_hwauth_in, flags_hwauth_out }, -{ KRB5_KDB_OK_AS_DELEGATE, 1, flags_ok_as_delegate_in, flags_ok_as_delegate_out }, -{ KRB5_KDB_REQUIRES_PWCHANGE, 1, flags_pwchange_in, flags_pwchange_out}, -{ KRB5_KDB_DISALLOW_SVR, 0, flags_service_in, flags_service_out }, -{ KRB5_KDB_PWCHANGE_SERVICE, 1, flags_pwsvc_in, flags_pwsvc_out }, -{ KRB5_KDB_SUPPORT_DESMD5, 1, flags_md5_in, flags_md5_out }, -{ KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 1, flags_ok_to_auth_as_delegate_in, flags_ok_to_auth_as_delegate_out }, -{ KRB5_KDB_NO_AUTH_DATA_REQUIRED, 1, flags_no_auth_data_required_in, flags_no_auth_data_required_out } +/* flag sense input specifier output string */ +/*----------------------------- ------- ------------------ ------------------*/ + { KRB5_KDB_DISALLOW_POSTDATED, 0, flags_pdate_in, flags_pdate_out }, + { KRB5_KDB_DISALLOW_FORWARDABLE,0, flags_fwd_in, flags_fwd_out }, + { KRB5_KDB_DISALLOW_TGT_BASED, 0, flags_tgtbased_in, flags_tgtbased_out}, + { KRB5_KDB_DISALLOW_RENEWABLE, 0, flags_renew_in, flags_renew_out }, + { KRB5_KDB_DISALLOW_PROXIABLE, 0, flags_proxy_in, flags_proxy_out }, + { KRB5_KDB_DISALLOW_DUP_SKEY, 0, flags_dup_skey_in, flags_dup_skey_out}, + { KRB5_KDB_DISALLOW_ALL_TIX, 0, flags_tickets_in, flags_tickets_out }, + { KRB5_KDB_REQUIRES_PRE_AUTH, 1, flags_preauth_in, flags_preauth_out }, + { KRB5_KDB_REQUIRES_HW_AUTH, 1, flags_hwauth_in, flags_hwauth_out }, + { KRB5_KDB_OK_AS_DELEGATE, 1, flags_ok_as_delegate_in, flags_ok_as_delegate_out }, + { KRB5_KDB_REQUIRES_PWCHANGE, 1, flags_pwchange_in, flags_pwchange_out}, + { KRB5_KDB_DISALLOW_SVR, 0, flags_service_in, flags_service_out }, + { KRB5_KDB_PWCHANGE_SERVICE, 1, flags_pwsvc_in, flags_pwsvc_out }, + { KRB5_KDB_SUPPORT_DESMD5, 1, flags_md5_in, flags_md5_out }, + { KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 1, flags_ok_to_auth_as_delegate_in, flags_ok_to_auth_as_delegate_out }, + { KRB5_KDB_NO_AUTH_DATA_REQUIRED, 1, flags_no_auth_data_required_in, flags_no_auth_data_required_out } }; static const int flags_table_nents = sizeof(flags_table)/ - sizeof(flags_table[0]); + sizeof(flags_table[0]); krb5_error_code krb5_string_to_flags(string, positive, negative, flagsp) - char * string; - const char * positive; - const char * negative; - krb5_flags * flagsp; + char * string; + const char * positive; + const char * negative; + krb5_flags * flagsp; { - int i; - int found; - const char *neg; - size_t nsize, psize; - int cpos; - int sense; + int i; + int found; + const char *neg; + size_t nsize, psize; + int cpos; + int sense; found = 0; /* We need to have a way to negate it. */ @@ -151,260 +152,260 @@ krb5_string_to_flags(string, positive, negative, flagsp) sense = 1; /* First check for positive or negative sense */ if (!strncasecmp(neg, string, nsize)) { - sense = 0; - cpos += (int) nsize; + sense = 0; + cpos += (int) nsize; } else if (psize && !strncasecmp(positive, string, psize)) { - cpos += (int) psize; + cpos += (int) psize; } for (i=0; i<flags_table_nents; i++) { - if (!strcasecmp(&string[cpos], flags_table[i].fl_specifier)) { - found = 1; - if (sense == (int) flags_table[i].fl_sense) - *flagsp |= flags_table[i].fl_flags; - else - *flagsp &= ~flags_table[i].fl_flags; - - break; - } + if (!strcasecmp(&string[cpos], flags_table[i].fl_specifier)) { + found = 1; + if (sense == (int) flags_table[i].fl_sense) + *flagsp |= flags_table[i].fl_flags; + else + *flagsp &= ~flags_table[i].fl_flags; + + break; + } } return((found) ? 0 : EINVAL); } krb5_error_code krb5_flags_to_string(flags, sep, buffer, buflen) - krb5_flags flags; - const char * sep; - char * buffer; - size_t buflen; + krb5_flags flags; + const char * sep; + char * buffer; + size_t buflen; { - int i; - krb5_flags pflags; - const char *sepstring; - struct k5buf buf; + int i; + krb5_flags pflags; + const char *sepstring; + struct k5buf buf; pflags = 0; sepstring = (sep) ? sep : flags_default_sep; krb5int_buf_init_fixed(&buf, buffer, buflen); /* Blast through the table matching all we can */ for (i=0; i<flags_table_nents; i++) { - if (flags & flags_table[i].fl_flags) { - if (krb5int_buf_len(&buf) > 0) - krb5int_buf_add(&buf, sepstring); - krb5int_buf_add(&buf, flags_table[i].fl_output); - /* Keep track of what we matched */ - pflags |= flags_table[i].fl_flags; - } + if (flags & flags_table[i].fl_flags) { + if (krb5int_buf_len(&buf) > 0) + krb5int_buf_add(&buf, sepstring); + krb5int_buf_add(&buf, flags_table[i].fl_output); + /* Keep track of what we matched */ + pflags |= flags_table[i].fl_flags; + } } if (krb5int_buf_data(&buf) == NULL) - return(ENOMEM); + return(ENOMEM); /* See if there's any leftovers */ if (flags & ~pflags) - return(EINVAL); + return(EINVAL); return(0); } krb5_error_code krb5_input_flag_to_string(flag, buffer, buflen) - int flag; - char * buffer; - size_t buflen; + int flag; + char * buffer; + size_t buflen; { if(flag < 0 || flag >= flags_table_nents) return ENOENT; /* End of list */ if(strlcpy(buffer, flags_table[flag].fl_specifier, buflen) >= buflen) - return ENOMEM; + return ENOMEM; return 0; } /* - * krb5_keysalt_is_present() - Determine if a key/salt pair is present - * in a list of key/salt tuples. + * krb5_keysalt_is_present() - Determine if a key/salt pair is present + * in a list of key/salt tuples. * - * Salttype may be negative to indicate a search for only a enctype. + * Salttype may be negative to indicate a search for only a enctype. */ krb5_boolean krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype) - krb5_key_salt_tuple *ksaltlist; - krb5_int32 nksalts; - krb5_enctype enctype; - krb5_int32 salttype; + krb5_key_salt_tuple *ksaltlist; + krb5_int32 nksalts; + krb5_enctype enctype; + krb5_int32 salttype; { - krb5_boolean foundit; - int i; + krb5_boolean foundit; + int i; foundit = 0; if (ksaltlist) { - for (i=0; i<nksalts; i++) { - if ((ksaltlist[i].ks_enctype == enctype) && - ((ksaltlist[i].ks_salttype == salttype) || - (salttype < 0))) { - foundit = 1; - break; - } - } + for (i=0; i<nksalts; i++) { + if ((ksaltlist[i].ks_enctype == enctype) && + ((ksaltlist[i].ks_salttype == salttype) || + (salttype < 0))) { + foundit = 1; + break; + } + } } return(foundit); } /* - * krb5_string_to_keysalts() - Convert a string representation to a list - * of key/salt tuples. + * krb5_string_to_keysalts() - Convert a string representation to a list + * of key/salt tuples. */ krb5_error_code krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp) - char *string; - const char *tupleseps; - const char *ksaltseps; - krb5_boolean dups; - krb5_key_salt_tuple **ksaltp; - krb5_int32 *nksaltp; + char *string; + const char *tupleseps; + const char *ksaltseps; + krb5_boolean dups; + krb5_key_salt_tuple **ksaltp; + krb5_int32 *nksaltp; { - krb5_error_code kret; - char *kp, *sp, *ep; - char sepchar, trailchar; - krb5_enctype ktype; - krb5_int32 stype; - krb5_key_salt_tuple *savep; - const char *tseplist; - const char *ksseplist; - const char *septmp; - size_t len; - + krb5_error_code kret; + char *kp, *sp, *ep; + char sepchar, trailchar; + krb5_enctype ktype; + krb5_int32 stype; + krb5_key_salt_tuple *savep; + const char *tseplist; + const char *ksseplist; + const char *septmp; + size_t len; + kret = 0; kp = string; tseplist = (tupleseps) ? tupleseps : default_tupleseps; ksseplist = (ksaltseps) ? ksaltseps : default_ksaltseps; while (kp) { - /* Attempt to find a separator */ - ep = (char *) NULL; - if (*tseplist) { - septmp = tseplist; - for (ep = strchr(kp, (int) *septmp); - *(++septmp) && !ep; - ep = strchr(kp, (int) *septmp)); - } - - if (ep) { - trailchar = *ep; - *ep = '\0'; - ep++; - } - /* - * kp points to something (hopefully) of the form: - * <enctype><ksseplist><salttype> - * or - * <enctype> - */ - sp = (char *) NULL; - /* Attempt to find a separator */ - septmp = ksseplist; - for (sp = strchr(kp, (int) *septmp); - *(++septmp) && !sp; - sp = strchr(kp, (int) *septmp)); - - if (sp) { - /* Separate enctype from salttype */ - sepchar = *sp; - *sp = '\0'; - sp++; - } - else - stype = -1; - - /* - * Attempt to parse enctype and salttype. If we parse well - * then make sure that it specifies a unique key/salt combo - */ - if (!(kret = krb5_string_to_enctype(kp, &ktype)) && - (!sp || !(kret = krb5_string_to_salttype(sp, &stype))) && - (dups || - !krb5_keysalt_is_present(*ksaltp, *nksaltp, ktype, stype))) { - - /* Squirrel away old keysalt array */ - savep = *ksaltp; - len = (size_t) *nksaltp; - - /* Get new keysalt array */ - *ksaltp = (krb5_key_salt_tuple *) - malloc((len + 1) * sizeof(krb5_key_salt_tuple)); - if (*ksaltp) { - - /* Copy old keysalt if appropriate */ - if (savep) { - memcpy(*ksaltp, savep, - len * sizeof(krb5_key_salt_tuple)); - free(savep); - } - - /* Save our values */ - (*ksaltp)[(*nksaltp)].ks_enctype = ktype; - (*ksaltp)[(*nksaltp)].ks_salttype = stype; - (*nksaltp)++; - } - else { - *ksaltp = savep; - break; - } - } - if (kret) - return kret; - if (sp) - sp[-1] = sepchar; - if (ep) - ep[-1] = trailchar; - kp = ep; - - /* Skip over extra separators - like spaces */ - if (kp && *tseplist) { - septmp = tseplist; - while(*septmp && *kp) { - if(*septmp == *kp) { - /* Increment string - reset separator list */ - kp++; - septmp = tseplist; - } else { - septmp++; - } - } - if (!*kp) kp = NULL; - } + /* Attempt to find a separator */ + ep = (char *) NULL; + if (*tseplist) { + septmp = tseplist; + for (ep = strchr(kp, (int) *septmp); + *(++septmp) && !ep; + ep = strchr(kp, (int) *septmp)); + } + + if (ep) { + trailchar = *ep; + *ep = '\0'; + ep++; + } + /* + * kp points to something (hopefully) of the form: + * <enctype><ksseplist><salttype> + * or + * <enctype> + */ + sp = (char *) NULL; + /* Attempt to find a separator */ + septmp = ksseplist; + for (sp = strchr(kp, (int) *septmp); + *(++septmp) && !sp; + sp = strchr(kp, (int) *septmp)); + + if (sp) { + /* Separate enctype from salttype */ + sepchar = *sp; + *sp = '\0'; + sp++; + } + else + stype = -1; + + /* + * Attempt to parse enctype and salttype. If we parse well + * then make sure that it specifies a unique key/salt combo + */ + if (!(kret = krb5_string_to_enctype(kp, &ktype)) && + (!sp || !(kret = krb5_string_to_salttype(sp, &stype))) && + (dups || + !krb5_keysalt_is_present(*ksaltp, *nksaltp, ktype, stype))) { + + /* Squirrel away old keysalt array */ + savep = *ksaltp; + len = (size_t) *nksaltp; + + /* Get new keysalt array */ + *ksaltp = (krb5_key_salt_tuple *) + malloc((len + 1) * sizeof(krb5_key_salt_tuple)); + if (*ksaltp) { + + /* Copy old keysalt if appropriate */ + if (savep) { + memcpy(*ksaltp, savep, + len * sizeof(krb5_key_salt_tuple)); + free(savep); + } + + /* Save our values */ + (*ksaltp)[(*nksaltp)].ks_enctype = ktype; + (*ksaltp)[(*nksaltp)].ks_salttype = stype; + (*nksaltp)++; + } + else { + *ksaltp = savep; + break; + } + } + if (kret) + return kret; + if (sp) + sp[-1] = sepchar; + if (ep) + ep[-1] = trailchar; + kp = ep; + + /* Skip over extra separators - like spaces */ + if (kp && *tseplist) { + septmp = tseplist; + while(*septmp && *kp) { + if(*septmp == *kp) { + /* Increment string - reset separator list */ + kp++; + septmp = tseplist; + } else { + septmp++; + } + } + if (!*kp) kp = NULL; + } } /* while kp */ return(kret); } /* - * krb5_keysalt_iterate() - Do something for each unique key/salt - * combination. + * krb5_keysalt_iterate() - Do something for each unique key/salt + * combination. * * If ignoresalt set, then salttype is ignored. */ krb5_error_code krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg) - krb5_key_salt_tuple *ksaltlist; - krb5_int32 nksalt; - krb5_boolean ignoresalt; - krb5_error_code (*iterator) (krb5_key_salt_tuple *, krb5_pointer); - krb5_pointer arg; + krb5_key_salt_tuple *ksaltlist; + krb5_int32 nksalt; + krb5_boolean ignoresalt; + krb5_error_code (*iterator) (krb5_key_salt_tuple *, krb5_pointer); + krb5_pointer arg; { - int i; - krb5_error_code kret; - krb5_key_salt_tuple scratch; + int i; + krb5_error_code kret; + krb5_key_salt_tuple scratch; kret = 0; for (i=0; i<nksalt; i++) { - scratch.ks_enctype = ksaltlist[i].ks_enctype; - scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype; - if (!krb5_keysalt_is_present(ksaltlist, - i, - scratch.ks_enctype, - scratch.ks_salttype)) { - kret = (*iterator)(&scratch, arg); - if (kret) - break; - } + scratch.ks_enctype = ksaltlist[i].ks_enctype; + scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype; + if (!krb5_keysalt_is_present(ksaltlist, + i, + scratch.ks_enctype, + scratch.ks_salttype)) { + kret = (*iterator)(&scratch, arg); + if (kret) + break; + } } return(kret); } diff --git a/src/lib/kadm5/unit-test/destroy-test.c b/src/lib/kadm5/unit-test/destroy-test.c index 9aabb1a..b12d42f 100644 --- a/src/lib/kadm5/unit-test/destroy-test.c +++ b/src/lib/kadm5/unit-test/destroy-test.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <kadm5/admin.h> #include <com_err.h> #include <stdio.h> @@ -9,39 +10,38 @@ #include <kadm5/client_internal.h> #include <string.h> -#define TEST_NUM 25 +#define TEST_NUM 25 int main() { - kadm5_ret_t ret; - char *cp; - int x; - void *server_handle; - kadm5_server_handle_t handle; - krb5_context context; + kadm5_ret_t ret; + char *cp; + int x; + void *server_handle; + kadm5_server_handle_t handle; + krb5_context context; - ret = kadm5_init_krb5_context(&context); - if (ret != 0) { - com_err("test", ret, "context init"); - exit(2); - } - for(x = 0; x < TEST_NUM; x++) { - ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, - &server_handle); - if(ret != KADM5_OK) { - com_err("test", ret, "init"); - exit(2); - } - handle = (kadm5_server_handle_t) server_handle; - cp = strdup(strchr(handle->cache_name, ':') + 1); - kadm5_destroy(server_handle); - if(access(cp, F_OK) == 0) { - puts("ticket cache not destroyed"); - exit(2); - } - free(cp); - } - exit(0); + ret = kadm5_init_krb5_context(&context); + if (ret != 0) { + com_err("test", ret, "context init"); + exit(2); + } + for(x = 0; x < TEST_NUM; x++) { + ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, + &server_handle); + if(ret != KADM5_OK) { + com_err("test", ret, "init"); + exit(2); + } + handle = (kadm5_server_handle_t) server_handle; + cp = strdup(strchr(handle->cache_name, ':') + 1); + kadm5_destroy(server_handle); + if(access(cp, F_OK) == 0) { + puts("ticket cache not destroyed"); + exit(2); + } + free(cp); + } + exit(0); } - diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c index 6c26e5f..56eac84 100644 --- a/src/lib/kadm5/unit-test/handle-test.c +++ b/src/lib/kadm5/unit-test/handle-test.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <kadm5/admin.h> #include <com_err.h> #include <stdio.h> @@ -11,120 +12,120 @@ int main(int argc, char *argv[]) { - kadm5_ret_t ret; - void *server_handle; - kadm5_server_handle_t handle; - kadm5_server_handle_rec orig_handle; - kadm5_policy_ent_rec pol; - kadm5_principal_ent_t princ; - krb5_keyblock *key; - krb5_principal tprinc; - krb5_context context; + kadm5_ret_t ret; + void *server_handle; + kadm5_server_handle_t handle; + kadm5_server_handle_rec orig_handle; + kadm5_policy_ent_rec pol; + kadm5_principal_ent_t princ; + krb5_keyblock *key; + krb5_principal tprinc; + krb5_context context; kadm5_init_krb5_context(&context); - + ret = kadm5_init(context, "admin/none", "admin", KADM5_ADMIN_SERVICE, NULL, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, - &server_handle); + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, + &server_handle); if(ret != KADM5_OK) { - com_err("test", ret, "init"); - exit(2); + com_err("test", ret, "init"); + exit(2); } handle = (kadm5_server_handle_t) server_handle; orig_handle = *handle; handle->magic_number = KADM5_STRUCT_VERSION; krb5_parse_name(context, "testuser", &tprinc); ret = kadm5_get_principal(server_handle, tprinc, &princ, - KADM5_PRINCIPAL_NORMAL_MASK); + KADM5_PRINCIPAL_NORMAL_MASK); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "get-principal", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "get-principal", + error_message(ret)); + exit(1); } - + ret = kadm5_get_policy(server_handle, "pol1", &pol); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "get-policy", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "get-policy", + error_message(ret)); + exit(1); } - + ret = kadm5_create_principal(server_handle, princ, KADM5_PRINCIPAL, "pass"); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "create-principal", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "create-principal", + error_message(ret)); + exit(1); } - + ret = kadm5_create_policy(server_handle, &pol, KADM5_POLICY); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "create-policy", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "create-policy", + error_message(ret)); + exit(1); } - + ret = kadm5_modify_principal(server_handle, princ, KADM5_PW_EXPIRATION); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "modify-principal", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "modify-principal", + error_message(ret)); + exit(1); } - + ret = kadm5_modify_policy(server_handle, &pol, KADM5_PW_MAX_LIFE); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "modify-policy", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "modify-policy", + error_message(ret)); + exit(1); } - + ret = kadm5_delete_principal(server_handle, tprinc); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "delete-principal", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "delete-principal", + error_message(ret)); + exit(1); } - + ret = kadm5_delete_policy(server_handle, "pol1"); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "delete-policy", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "delete-policy", + error_message(ret)); + exit(1); } - + ret = kadm5_chpass_principal(server_handle, tprinc, "FooBar"); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "chpass", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "chpass", + error_message(ret)); + exit(1); } ret = kadm5_randkey_principal(server_handle, tprinc, &key, NULL); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "randkey", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "randkey", + error_message(ret)); + exit(1); } - + ret = kadm5_rename_principal(server_handle, tprinc, tprinc); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "rename", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "rename", + error_message(ret)); + exit(1); } - + ret = kadm5_destroy(server_handle); if(ret != KADM5_BAD_SERVER_HANDLE) { - fprintf(stderr, "%s -- returned -- %s\n", "destroy", - error_message(ret)); - exit(1); + fprintf(stderr, "%s -- returned -- %s\n", "destroy", + error_message(ret)); + exit(1); } *handle = orig_handle; ret = kadm5_destroy(server_handle); if (ret != KADM5_OK) { - fprintf(stderr, "valid %s -- returned -- %s\n", "destroy", - error_message(ret)); - exit(1); + fprintf(stderr, "valid %s -- returned -- %s\n", "destroy", + error_message(ret)); + exit(1); } exit(0); diff --git a/src/lib/kadm5/unit-test/init-test.c b/src/lib/kadm5/unit-test/init-test.c index cfa7937..a7f065d 100644 --- a/src/lib/kadm5/unit-test/init-test.c +++ b/src/lib/kadm5/unit-test/init-test.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <kadm5/admin.h> #include <com_err.h> #include <stdio.h> @@ -7,29 +8,29 @@ int main() { - kadm5_ret_t ret; - void *server_handle; - kadm5_config_params params; - krb5_context context; + kadm5_ret_t ret; + void *server_handle; + kadm5_config_params params; + krb5_context context; - memset(¶ms, 0, sizeof(params)); - params.mask |= KADM5_CONFIG_NO_AUTH; - ret = kadm5_init_krb5_context(&context); - if (ret != 0) { - com_err("init-test", ret, "while initializing krb5 context"); - exit(1); - } - ret = kadm5_init(context, "admin", "admin", NULL, ¶ms, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, - &server_handle); - if (ret == KADM5_RPC_ERROR) - exit(0); - else if (ret != 0) { - com_err("init-test", ret, "while initializing without auth"); - exit(1); - } else { - fprintf(stderr, "Unexpected success while initializing without auth!\n"); - (void) kadm5_destroy(server_handle); - exit(1); - } + memset(¶ms, 0, sizeof(params)); + params.mask |= KADM5_CONFIG_NO_AUTH; + ret = kadm5_init_krb5_context(&context); + if (ret != 0) { + com_err("init-test", ret, "while initializing krb5 context"); + exit(1); + } + ret = kadm5_init(context, "admin", "admin", NULL, ¶ms, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, + &server_handle); + if (ret == KADM5_RPC_ERROR) + exit(0); + else if (ret != 0) { + com_err("init-test", ret, "while initializing without auth"); + exit(1); + } else { + fprintf(stderr, "Unexpected success while initializing without auth!\n"); + (void) kadm5_destroy(server_handle); + exit(1); + } } diff --git a/src/lib/kadm5/unit-test/iter-test.c b/src/lib/kadm5/unit-test/iter-test.c index be15407..bc7cfdc 100644 --- a/src/lib/kadm5/unit-test/iter-test.c +++ b/src/lib/kadm5/unit-test/iter-test.c @@ -1,51 +1,51 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <stdio.h> #include <kadm5/admin.h> #include <string.h> int main(int argc, char **argv) { - kadm5_ret_t ret; - void *server_handle; - char **names; - int count, princ, i; - krb5_context context; - - if (argc != 3) { - fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]); - exit(1); - } - princ = (strcmp(argv[1], "-princ") == 0); - - ret = kadm5_init_krb5_context(&context); - if (ret != KADM5_OK) { - com_err("iter-test", ret, "while initializing context"); - exit(1); - } - ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, - &server_handle); - if (ret != KADM5_OK) { - com_err("iter-test", ret, "while initializing"); - exit(1); - } - - if (princ) - ret = kadm5_get_principals(server_handle, argv[2], &names, &count); - else - ret = kadm5_get_policies(server_handle, argv[2], &names, &count); - - if (ret != KADM5_OK) { - com_err("iter-test", ret, "while retrieving list"); - exit(1); - } - - for (i = 0; i < count; i++) - printf("%d: %s\n", i, names[i]); - - kadm5_free_name_list(server_handle, names, count); - - (void) kadm5_destroy(server_handle); - - return 0; + kadm5_ret_t ret; + void *server_handle; + char **names; + int count, princ, i; + krb5_context context; + + if (argc != 3) { + fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]); + exit(1); + } + princ = (strcmp(argv[1], "-princ") == 0); + + ret = kadm5_init_krb5_context(&context); + if (ret != KADM5_OK) { + com_err("iter-test", ret, "while initializing context"); + exit(1); + } + ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, + &server_handle); + if (ret != KADM5_OK) { + com_err("iter-test", ret, "while initializing"); + exit(1); + } + + if (princ) + ret = kadm5_get_principals(server_handle, argv[2], &names, &count); + else + ret = kadm5_get_policies(server_handle, argv[2], &names, &count); + + if (ret != KADM5_OK) { + com_err("iter-test", ret, "while retrieving list"); + exit(1); + } + + for (i = 0; i < count; i++) + printf("%d: %s\n", i, names[i]); + + kadm5_free_name_list(server_handle, names, count); + + (void) kadm5_destroy(server_handle); + + return 0; } - diff --git a/src/lib/kadm5/unit-test/lock-test.c b/src/lib/kadm5/unit-test/lock-test.c index 85049a7..5a0501b 100644 --- a/src/lib/kadm5/unit-test/lock-test.c +++ b/src/lib/kadm5/unit-test/lock-test.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <stdio.h> #include <krb5.h> #include <kadm5/admin.h> @@ -8,99 +9,99 @@ char *whoami; static void usage() { - fprintf(stderr, - "Usage: %s {shared|exclusive|permanent|release|" - "get name|wait} ...\n", whoami); - exit(1); + fprintf(stderr, + "Usage: %s {shared|exclusive|permanent|release|" + "get name|wait} ...\n", whoami); + exit(1); } int main(int argc, char **argv) { - krb5_error_code ret; - osa_policy_ent_t entry; - krb5_context context; - kadm5_config_params params; - krb5_error_code kret; + krb5_error_code ret; + osa_policy_ent_t entry; + krb5_context context; + kadm5_config_params params; + krb5_error_code kret; - whoami = argv[0]; + whoami = argv[0]; - kret = kadm5_init_krb5_context(&context); - if (kret) { - com_err(whoami, kret, "while initializing krb5"); - exit(1); - } + kret = kadm5_init_krb5_context(&context); + if (kret) { + com_err(whoami, kret, "while initializing krb5"); + exit(1); + } - params.mask = 0; - ret = kadm5_get_config_params(context, 1, ¶ms, ¶ms); - if (ret) { - com_err(whoami, ret, "while retrieving configuration parameters"); - exit(1); - } - if (! (params.mask & KADM5_CONFIG_ADBNAME)) { - com_err(whoami, KADM5_BAD_SERVER_PARAMS, - "while retrieving configuration parameters"); - exit(1); - } + params.mask = 0; + ret = kadm5_get_config_params(context, 1, ¶ms, ¶ms); + if (ret) { + com_err(whoami, ret, "while retrieving configuration parameters"); + exit(1); + } + if (! (params.mask & KADM5_CONFIG_ADBNAME)) { + com_err(whoami, KADM5_BAD_SERVER_PARAMS, + "while retrieving configuration parameters"); + exit(1); + } - ret = krb5_db_open( context, NULL, KRB5_KDB_OPEN_RW); - if (ret) { - com_err(whoami, ret, "while opening database"); - exit(1); - } + ret = krb5_db_open( context, NULL, KRB5_KDB_OPEN_RW); + if (ret) { + com_err(whoami, ret, "while opening database"); + exit(1); + } - argc--; argv++; - while (argc) { - if (strcmp(*argv, "shared") == 0) { - ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_SHARED); - if (ret) - com_err(whoami, ret, "while getting shared lock"); - else - printf("shared\n"); - } else if (strcmp(*argv, "exclusive") == 0) { - ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); - if (ret) - com_err(whoami, ret, "while getting exclusive lock"); - else - printf("exclusive\n"); - } else if (strcmp(*argv, "permanent") == 0) { - ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); - if (ret) - com_err(whoami, ret, "while getting permanent lock"); - else - printf("permanent\n"); - } else if (strcmp(*argv, "release") == 0) { - ret = krb5_db_unlock(context); - if (ret) - com_err(whoami, ret, "while releasing lock"); - else - printf("released\n"); - } else if (strcmp(*argv, "get") == 0) { - int cnt = 1; - argc--; argv++; - if (!argc) usage(); - if ((ret = krb5_db_get_policy(context, *argv, - &entry, &cnt)) ) { - com_err(whoami, ret, "while getting policy"); - } else { - printf("retrieved\n"); - krb5_db_free_policy(context, entry); - } - } else if (strcmp(*argv, "wait") == 0) { - getchar(); - } else { - fprintf(stderr, "%s: Invalid argument \"%s\"\n", - whoami, *argv); - usage(); - } + argc--; argv++; + while (argc) { + if (strcmp(*argv, "shared") == 0) { + ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_SHARED); + if (ret) + com_err(whoami, ret, "while getting shared lock"); + else + printf("shared\n"); + } else if (strcmp(*argv, "exclusive") == 0) { + ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); + if (ret) + com_err(whoami, ret, "while getting exclusive lock"); + else + printf("exclusive\n"); + } else if (strcmp(*argv, "permanent") == 0) { + ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); + if (ret) + com_err(whoami, ret, "while getting permanent lock"); + else + printf("permanent\n"); + } else if (strcmp(*argv, "release") == 0) { + ret = krb5_db_unlock(context); + if (ret) + com_err(whoami, ret, "while releasing lock"); + else + printf("released\n"); + } else if (strcmp(*argv, "get") == 0) { + int cnt = 1; + argc--; argv++; + if (!argc) usage(); + if ((ret = krb5_db_get_policy(context, *argv, + &entry, &cnt)) ) { + com_err(whoami, ret, "while getting policy"); + } else { + printf("retrieved\n"); + krb5_db_free_policy(context, entry); + } + } else if (strcmp(*argv, "wait") == 0) { + getchar(); + } else { + fprintf(stderr, "%s: Invalid argument \"%s\"\n", + whoami, *argv); + usage(); + } - argc--; argv++; - } + argc--; argv++; + } - ret = krb5_db_fini(context); - if (ret) { - com_err(whoami, ret, "while closing database"); - exit(1); - } + ret = krb5_db_fini(context); + if (ret) { + com_err(whoami, ret, "while closing database"); + exit(1); + } - return 0; + return 0; } diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c index 4e6787a..7cf4ee8 100644 --- a/src/lib/kadm5/unit-test/randkey-test.c +++ b/src/lib/kadm5/unit-test/randkey-test.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <kadm5/admin.h> #include <com_err.h> #include <stdio.h> @@ -6,37 +7,36 @@ #include <netinet/in.h> #include <string.h> -#define TEST_NUM 1000 +#define TEST_NUM 1000 int main() { - kadm5_ret_t ret; - krb5_keyblock *keys[TEST_NUM]; - krb5_principal tprinc; - krb5_keyblock *newkey; - krb5_context context; - void *server_handle; + kadm5_ret_t ret; + krb5_keyblock *keys[TEST_NUM]; + krb5_principal tprinc; + krb5_keyblock *newkey; + krb5_context context; + void *server_handle; - int x, i; + int x, i; - kadm5_init_krb5_context(&context); + kadm5_init_krb5_context(&context); - krb5_parse_name(context, "testuser", &tprinc); - ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, - &server_handle); - if(ret != KADM5_OK) { - com_err("test", ret, "init"); - exit(2); - } - for(x = 0; x < TEST_NUM; x++) { - kadm5_randkey_principal(server_handle, tprinc, &keys[x], NULL); - for(i = 0; i < x; i++) { - if (!memcmp(newkey->contents, keys[i]->contents, newkey->length)) - puts("match found"); - } - } - kadm5_destroy(server_handle); - exit(0); + krb5_parse_name(context, "testuser", &tprinc); + ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, + &server_handle); + if(ret != KADM5_OK) { + com_err("test", ret, "init"); + exit(2); + } + for(x = 0; x < TEST_NUM; x++) { + kadm5_randkey_principal(server_handle, tprinc, &keys[x], NULL); + for(i = 0; i < x; i++) { + if (!memcmp(newkey->contents, keys[i]->contents, newkey->length)) + puts("match found"); + } + } + kadm5_destroy(server_handle); + exit(0); } - diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c index 1dadfc7..53056e4 100644 --- a/src/lib/kadm5/unit-test/setkey-test.c +++ b/src/lib/kadm5/unit-test/setkey-test.c @@ -1,46 +1,47 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <stdio.h> #include <k5-int.h> #include <kadm5/admin.h> -#if HAVE_SRAND48 -#define RAND() lrand48() -#define SRAND(a) srand48(a) -#define RAND_TYPE long -#elif HAVE_SRAND -#define RAND() rand() -#define SRAND(a) srand(a) -#define RAND_TYPE int -#elif HAVE_SRANDOM -#define RAND() random() -#define SRAND(a) srandom(a) -#define RAND_TYPE long -#else /* no random */ +#if HAVE_SRAND48 +#define RAND() lrand48() +#define SRAND(a) srand48(a) +#define RAND_TYPE long +#elif HAVE_SRAND +#define RAND() rand() +#define SRAND(a) srand(a) +#define RAND_TYPE int +#elif HAVE_SRANDOM +#define RAND() random() +#define SRAND(a) srandom(a) +#define RAND_TYPE long +#else /* no random */ need a random number generator -#endif /* no random */ +#endif /* no random */ krb5_keyblock test1[] = { {0, ENCTYPE_DES_CBC_CRC, 0, 0}, {-1}, }; krb5_keyblock test2[] = { - {0, ENCTYPE_DES_CBC_RAW, 0, 0}, - {-1}, + {0, ENCTYPE_DES_CBC_RAW, 0, 0}, + {-1}, }; krb5_keyblock test3[] = { - {0, ENCTYPE_DES_CBC_MD5, 0, 0}, - {-1}, + {0, ENCTYPE_DES_CBC_MD5, 0, 0}, + {-1}, }; -krb5_keyblock *tests[] = { - test1, test2, test3, NULL +krb5_keyblock *tests[] = { + test1, test2, test3, NULL }; #if 0 int keyblocks_equal(krb5_keyblock *kb1, krb5_keyblock *kb2) { - return (kb1->enctype == kb2->enctype && - kb1->length == kb2->length && - memcmp(kb1->contents, kb2->contents, kb1->length) == 0); + return (kb1->enctype == kb2->enctype && + kb1->length == kb2->length && + memcmp(kb1->contents, kb2->contents, kb1->length) == 0); } #endif @@ -57,177 +58,171 @@ extern krb5_kt_ops krb5_ktf_writable_ops; int main(int argc, char **argv) { - krb5_context context; - krb5_keytab kt; - krb5_keytab_entry ktent; - krb5_encrypt_block eblock; - krb5_creds my_creds; - kadm5_principal_ent_rec princ_ent; - krb5_principal princ, server; - char pw[16]; - char *whoami, *principal, *authprinc; - krb5_data pwdata; - void *handle; - int ret, i, test, encnum; - - whoami = argv[0]; - - if (argc != 2 && argc != 3) { - fprintf(stderr, "Usage: %s principal [authuser]\n", whoami); - exit(1); - } - principal = argv[1]; - authprinc = argv[2] ? argv[2] : argv[0]; - - /* - * Setup. Initialize data structures, open keytab, open connection - * to kadm5 server. - */ - - memset(&context, 0, sizeof(context)); - kadm5_init_krb5_context(&context); - - ret = krb5_parse_name(context, principal, &princ); - if (ret) { - com_err(whoami, ret, "while parsing principal name %s", principal); - exit(1); - } - - if((ret = krb5_build_principal_ext(context, &server, - krb5_princ_realm(kcontext, princ)->length, - krb5_princ_realm(kcontext, princ)->data, - tgtname.length, tgtname.data, - krb5_princ_realm(kcontext, princ)->length, - krb5_princ_realm(kcontext, princ)->data, - 0))) { - com_err(whoami, ret, "while building server name"); - exit(1); - } - - /* register the WRFILE keytab type */ - ret = krb5_kt_register(context, &krb5_ktf_writable_ops); - if (ret) { - com_err(whoami, ret, - "while registering writable key table functions"); - exit(1); - } - - ret = krb5_kt_default(context, &kt); - if (ret) { - com_err(whoami, ret, "while opening keytab"); - exit(1); - } - - ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, - &handle); - if (ret) { - com_err(whoami, ret, "while initializing connection"); - exit(1); - } - - /* these pw's don't need to be secure, just different every time */ - SRAND((RAND_TYPE)time((void *) NULL)); - pwdata.data = pw; - pwdata.length = sizeof(pw); - - /* - * For each test: - * - * For each enctype in the test, construct a random password/key. - * Assign all keys to principal with kadm5_setkey_principal. Add - * each key to the keytab, and acquire an initial ticket with the - * keytab (XXX can I specify the enctype & kvno explicitly?). If - * krb5_get_in_tkt_with_keytab succeeds, then the keys were set - * successfully. - */ - for (test = 0; tests[test] != NULL; test++) { - krb5_keyblock *testp = tests[test]; - printf("+ Test %d:\n", test); - - for (encnum = 0; testp[encnum].magic != -1; encnum++) { - for (i = 0; i < sizeof(pw); i++) - pw[i] = (RAND() % 26) + '0'; /* XXX */ - - krb5_use_enctype(context, &eblock, testp[encnum].enctype); - ret = krb5_string_to_key(context, &eblock, &testp[encnum], - &pwdata, NULL); - if (ret) { - com_err(whoami, ret, "while converting string to key"); - exit(1); - } - } - - /* now, encnum == # of keyblocks in testp */ - ret = kadm5_setkey_principal(handle, princ, testp, encnum); - if (ret) { - com_err(whoami, ret, "while setting keys"); - exit(1); - } - - ret = kadm5_get_principal(handle, princ, &princ_ent, KADM5_KVNO); - if (ret) { - com_err(whoami, ret, "while retrieving principal"); - exit(1); - } - - for (encnum = 0; testp[encnum].magic != -1; encnum++) { - printf("+ enctype %d\n", testp[encnum].enctype); - - memset(&ktent, 0, sizeof(ktent)); - ktent.principal = princ; - ktent.key = testp[encnum]; - ktent.vno = princ_ent.kvno; - - ret = krb5_kt_add_entry(context, kt, &ktent); - if (ret) { - com_err(whoami, ret, "while adding keytab entry"); - exit(1); - } - - memset(&my_creds, 0, sizeof(my_creds)); - my_creds.client = princ; - my_creds.server = server; - - ktypes[0] = testp[encnum].enctype; - ret = krb5_get_in_tkt_with_keytab(context, - 0 /* options */, - NULL /* addrs */, - ktypes, - NULL /* preauth */, - kt, 0, - &my_creds, 0); - if (ret) { - com_err(whoami, ret, "while acquiring initial ticket"); - exit(1); - } - - /* since I can't specify enctype explicitly ... */ - ret = krb5_kt_remove_entry(context, kt, &ktent); - if (ret) { - com_err(whoami, ret, "while removing keytab entry"); - exit(1); - } - } - } - - ret = krb5_kt_close(context, kt); - if (ret) { - com_err(whoami, ret, "while closing keytab"); - exit(1); - } - - ret = kadm5_destroy(handle); - if (ret) { - com_err(whoami, ret, "while closing kadmin connection"); - exit(1); - } - - return 0; + krb5_context context; + krb5_keytab kt; + krb5_keytab_entry ktent; + krb5_encrypt_block eblock; + krb5_creds my_creds; + kadm5_principal_ent_rec princ_ent; + krb5_principal princ, server; + char pw[16]; + char *whoami, *principal, *authprinc; + krb5_data pwdata; + void *handle; + int ret, i, test, encnum; + + whoami = argv[0]; + + if (argc != 2 && argc != 3) { + fprintf(stderr, "Usage: %s principal [authuser]\n", whoami); + exit(1); + } + principal = argv[1]; + authprinc = argv[2] ? argv[2] : argv[0]; + + /* + * Setup. Initialize data structures, open keytab, open connection + * to kadm5 server. + */ + + memset(&context, 0, sizeof(context)); + kadm5_init_krb5_context(&context); + + ret = krb5_parse_name(context, principal, &princ); + if (ret) { + com_err(whoami, ret, "while parsing principal name %s", principal); + exit(1); + } + + if((ret = krb5_build_principal_ext(context, &server, + krb5_princ_realm(kcontext, princ)->length, + krb5_princ_realm(kcontext, princ)->data, + tgtname.length, tgtname.data, + krb5_princ_realm(kcontext, princ)->length, + krb5_princ_realm(kcontext, princ)->data, + 0))) { + com_err(whoami, ret, "while building server name"); + exit(1); + } + + /* register the WRFILE keytab type */ + ret = krb5_kt_register(context, &krb5_ktf_writable_ops); + if (ret) { + com_err(whoami, ret, + "while registering writable key table functions"); + exit(1); + } + + ret = krb5_kt_default(context, &kt); + if (ret) { + com_err(whoami, ret, "while opening keytab"); + exit(1); + } + + ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, + &handle); + if (ret) { + com_err(whoami, ret, "while initializing connection"); + exit(1); + } + + /* these pw's don't need to be secure, just different every time */ + SRAND((RAND_TYPE)time((void *) NULL)); + pwdata.data = pw; + pwdata.length = sizeof(pw); + + /* + * For each test: + * + * For each enctype in the test, construct a random password/key. + * Assign all keys to principal with kadm5_setkey_principal. Add + * each key to the keytab, and acquire an initial ticket with the + * keytab (XXX can I specify the enctype & kvno explicitly?). If + * krb5_get_in_tkt_with_keytab succeeds, then the keys were set + * successfully. + */ + for (test = 0; tests[test] != NULL; test++) { + krb5_keyblock *testp = tests[test]; + printf("+ Test %d:\n", test); + + for (encnum = 0; testp[encnum].magic != -1; encnum++) { + for (i = 0; i < sizeof(pw); i++) + pw[i] = (RAND() % 26) + '0'; /* XXX */ + + krb5_use_enctype(context, &eblock, testp[encnum].enctype); + ret = krb5_string_to_key(context, &eblock, &testp[encnum], + &pwdata, NULL); + if (ret) { + com_err(whoami, ret, "while converting string to key"); + exit(1); + } + } + + /* now, encnum == # of keyblocks in testp */ + ret = kadm5_setkey_principal(handle, princ, testp, encnum); + if (ret) { + com_err(whoami, ret, "while setting keys"); + exit(1); + } + + ret = kadm5_get_principal(handle, princ, &princ_ent, KADM5_KVNO); + if (ret) { + com_err(whoami, ret, "while retrieving principal"); + exit(1); + } + + for (encnum = 0; testp[encnum].magic != -1; encnum++) { + printf("+ enctype %d\n", testp[encnum].enctype); + + memset(&ktent, 0, sizeof(ktent)); + ktent.principal = princ; + ktent.key = testp[encnum]; + ktent.vno = princ_ent.kvno; + + ret = krb5_kt_add_entry(context, kt, &ktent); + if (ret) { + com_err(whoami, ret, "while adding keytab entry"); + exit(1); + } + + memset(&my_creds, 0, sizeof(my_creds)); + my_creds.client = princ; + my_creds.server = server; + + ktypes[0] = testp[encnum].enctype; + ret = krb5_get_in_tkt_with_keytab(context, + 0 /* options */, + NULL /* addrs */, + ktypes, + NULL /* preauth */, + kt, 0, + &my_creds, 0); + if (ret) { + com_err(whoami, ret, "while acquiring initial ticket"); + exit(1); + } + + /* since I can't specify enctype explicitly ... */ + ret = krb5_kt_remove_entry(context, kt, &ktent); + if (ret) { + com_err(whoami, ret, "while removing keytab entry"); + exit(1); + } + } + } + + ret = krb5_kt_close(context, kt); + if (ret) { + com_err(whoami, ret, "while closing keytab"); + exit(1); + } + + ret = kadm5_destroy(handle); + if (ret) { + com_err(whoami, ret, "while closing kadmin connection"); + exit(1); + } + + return 0; } - - - - - - diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c index a564c37..8006cf3 100644 --- a/src/lib/kdb/decrypt_key.c +++ b/src/lib/kdb/decrypt_key.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb/decrypt_key.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +23,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +48,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -63,76 +64,76 @@ */ krb5_error_code -krb5_dbekd_def_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt) +krb5_dbekd_def_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) { - krb5_error_code retval = 0; - krb5_int16 tmplen; - krb5_octet * ptr; - krb5_enc_data cipher; - krb5_data plain; + krb5_error_code retval = 0; + krb5_int16 tmplen; + krb5_octet * ptr; + krb5_enc_data cipher; + krb5_data plain; ptr = key_data->key_data_contents[0]; if (ptr) { - krb5_kdb_decode_int16(ptr, tmplen); - ptr += 2; + krb5_kdb_decode_int16(ptr, tmplen); + ptr += 2; - cipher.enctype = ENCTYPE_UNKNOWN; - cipher.ciphertext.length = key_data->key_data_length[0]-2; - cipher.ciphertext.data = ptr; - plain.length = key_data->key_data_length[0]-2; - if ((plain.data = (krb5_octet *) malloc(plain.length)) == NULL) - return(ENOMEM); + cipher.enctype = ENCTYPE_UNKNOWN; + cipher.ciphertext.length = key_data->key_data_length[0]-2; + cipher.ciphertext.data = ptr; + plain.length = key_data->key_data_length[0]-2; + if ((plain.data = (krb5_octet *) malloc(plain.length)) == NULL) + return(ENOMEM); - if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0, - &cipher, &plain))) { - free(plain.data); - return retval; - } + if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0, + &cipher, &plain))) { + free(plain.data); + return retval; + } - /* tmplen is the true length of the key. plain.data is the - plaintext data length, but it may be padded, since the - old-style etypes didn't store the real length. I can check - to make sure that there are enough bytes, but I can't do - any better than that. */ + /* tmplen is the true length of the key. plain.data is the + plaintext data length, but it may be padded, since the + old-style etypes didn't store the real length. I can check + to make sure that there are enough bytes, but I can't do + any better than that. */ - if (tmplen > plain.length) { - free(plain.data); - return(KRB5_CRYPTO_INTERNAL); - } + if (tmplen > plain.length) { + free(plain.data); + return(KRB5_CRYPTO_INTERNAL); + } - dbkey->magic = KV5M_KEYBLOCK; - dbkey->enctype = key_data->key_data_type[0]; - dbkey->length = tmplen; - dbkey->contents = plain.data; + dbkey->magic = KV5M_KEYBLOCK; + dbkey->enctype = key_data->key_data_type[0]; + dbkey->length = tmplen; + dbkey->contents = plain.data; } /* Decode salt data */ if (keysalt) { - if (key_data->key_data_ver == 2) { - keysalt->type = key_data->key_data_type[1]; - if ((keysalt->data.length = key_data->key_data_length[1])) { - if (!(keysalt->data.data=(char *)malloc(keysalt->data.length))){ - if (key_data->key_data_contents[0]) { - free(dbkey->contents); - dbkey->contents = 0; - dbkey->length = 0; - } - return ENOMEM; - } - memcpy(keysalt->data.data, key_data->key_data_contents[1], - (size_t) keysalt->data.length); - } else - keysalt->data.data = (char *) NULL; - } else { - keysalt->type = KRB5_KDB_SALTTYPE_NORMAL; - keysalt->data.data = (char *) NULL; - keysalt->data.length = 0; - } + if (key_data->key_data_ver == 2) { + keysalt->type = key_data->key_data_type[1]; + if ((keysalt->data.length = key_data->key_data_length[1])) { + if (!(keysalt->data.data=(char *)malloc(keysalt->data.length))){ + if (key_data->key_data_contents[0]) { + free(dbkey->contents); + dbkey->contents = 0; + dbkey->length = 0; + } + return ENOMEM; + } + memcpy(keysalt->data.data, key_data->key_data_contents[1], + (size_t) keysalt->data.length); + } else + keysalt->data.data = (char *) NULL; + } else { + keysalt->type = KRB5_KDB_SALTTYPE_NORMAL; + keysalt->data.data = (char *) NULL; + keysalt->data.length = 0; + } } return retval; diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c index 0db1a02..bbf520b 100644 --- a/src/lib/kdb/encrypt_key.c +++ b/src/lib/kdb/encrypt_key.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb/encrypt_key.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,21 +23,21 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,7 +48,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -63,37 +64,37 @@ */ krb5_error_code -krb5_dbekd_def_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data) +krb5_dbekd_def_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) { - krb5_error_code retval; - krb5_octet * ptr; - size_t len; - int i; - krb5_data plain; - krb5_enc_data cipher; + krb5_error_code retval; + krb5_octet * ptr; + size_t len; + int i; + krb5_data plain; + krb5_enc_data cipher; for (i = 0; i < key_data->key_data_ver; i++) - if (key_data->key_data_contents[i]) - free(key_data->key_data_contents[i]); + if (key_data->key_data_contents[i]) + free(key_data->key_data_contents[i]); key_data->key_data_ver = 1; key_data->key_data_kvno = keyver; - /* - * The First element of the type/length/contents + /* + * The First element of the type/length/contents * fields is the key type/length/contents */ if ((retval = krb5_c_encrypt_length(context, mkey->enctype, dbkey->length, - &len))) - return(retval); + &len))) + return(retval); if ((ptr = (krb5_octet *) malloc(2 + len)) == NULL) - return(ENOMEM); + return(ENOMEM); key_data->key_data_type[0] = dbkey->enctype; key_data->key_data_length[0] = 2 + len; @@ -109,27 +110,27 @@ krb5_dbekd_def_encrypt_key_data( krb5_context context, cipher.ciphertext.data = ptr; if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0, - &plain, &cipher))) { - free(key_data->key_data_contents[0]); - return retval; + &plain, &cipher))) { + free(key_data->key_data_contents[0]); + return retval; } /* After key comes the salt in necessary */ if (keysalt) { - if (keysalt->type > 0) { - key_data->key_data_ver++; - key_data->key_data_type[1] = keysalt->type; - if ((key_data->key_data_length[1] = keysalt->data.length) != 0) { - key_data->key_data_contents[1] = - (krb5_octet *)malloc(keysalt->data.length); - if (key_data->key_data_contents[1] == NULL) { - free(key_data->key_data_contents[0]); - return ENOMEM; - } - memcpy(key_data->key_data_contents[1], keysalt->data.data, - (size_t) keysalt->data.length); - } - } + if (keysalt->type > 0) { + key_data->key_data_ver++; + key_data->key_data_type[1] = keysalt->type; + if ((key_data->key_data_length[1] = keysalt->data.length) != 0) { + key_data->key_data_contents[1] = + (krb5_octet *)malloc(keysalt->data.length); + if (key_data->key_data_contents[1] == NULL) { + free(key_data->key_data_contents[0]); + return ENOMEM; + } + memcpy(key_data->key_data_contents[1], keysalt->data.data, + (size_t) keysalt->data.length); + } + } } return retval; diff --git a/src/lib/kdb/iprop_xdr.c b/src/lib/kdb/iprop_xdr.c index a8b7685..093c056 100644 --- a/src/lib/kdb/iprop_xdr.c +++ b/src/lib/kdb/iprop_xdr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Please do not edit this file. * It was generated using rpcgen. @@ -9,343 +10,343 @@ bool_t xdr_int16_t (XDR *xdrs, int16_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_short (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_short (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_uint16_t (XDR *xdrs, uint16_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_u_short (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_u_short (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_int32_t (XDR *xdrs, int32_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_int (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_int (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_uint32_t (XDR *xdrs, uint32_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_u_int (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_u_int (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_utf8str_t (XDR *xdrs, utf8str_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_bytes (xdrs, (char **)&objp->utf8str_t_val, (u_int *) &objp->utf8str_t_len, ~0)) - return FALSE; - return TRUE; + if (!xdr_bytes (xdrs, (char **)&objp->utf8str_t_val, (u_int *) &objp->utf8str_t_len, ~0)) + return FALSE; + return TRUE; } bool_t xdr_kdb_sno_t (XDR *xdrs, kdb_sno_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_uint32_t (xdrs, objp)) - return FALSE; - return TRUE; + if (!xdr_uint32_t (xdrs, objp)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_time_t (XDR *xdrs, kdbe_time_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_uint32_t (xdrs, &objp->seconds)) - return FALSE; - if (!xdr_uint32_t (xdrs, &objp->useconds)) - return FALSE; - return TRUE; + if (!xdr_uint32_t (xdrs, &objp->seconds)) + return FALSE; + if (!xdr_uint32_t (xdrs, &objp->useconds)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_key_t (XDR *xdrs, kdbe_key_t *objp) { - register int32_t *buf; - - if (!xdr_int32_t (xdrs, &objp->k_ver)) - return FALSE; - if (!xdr_int32_t (xdrs, &objp->k_kvno)) - return FALSE; - if (!xdr_array (xdrs, (char **)&objp->k_enctype.k_enctype_val, (u_int *) &objp->k_enctype.k_enctype_len, ~0, - sizeof (int32_t), (xdrproc_t) xdr_int32_t)) - return FALSE; - if (!xdr_array (xdrs, (char **)&objp->k_contents.k_contents_val, (u_int *) &objp->k_contents.k_contents_len, ~0, - sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t)) - return FALSE; - return TRUE; + register int32_t *buf; + + if (!xdr_int32_t (xdrs, &objp->k_ver)) + return FALSE; + if (!xdr_int32_t (xdrs, &objp->k_kvno)) + return FALSE; + if (!xdr_array (xdrs, (char **)&objp->k_enctype.k_enctype_val, (u_int *) &objp->k_enctype.k_enctype_len, ~0, + sizeof (int32_t), (xdrproc_t) xdr_int32_t)) + return FALSE; + if (!xdr_array (xdrs, (char **)&objp->k_contents.k_contents_val, (u_int *) &objp->k_contents.k_contents_len, ~0, + sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_data_t (XDR *xdrs, kdbe_data_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_int32_t (xdrs, &objp->k_magic)) - return FALSE; - if (!xdr_utf8str_t (xdrs, &objp->k_data)) - return FALSE; - return TRUE; + if (!xdr_int32_t (xdrs, &objp->k_magic)) + return FALSE; + if (!xdr_utf8str_t (xdrs, &objp->k_data)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_princ_t (XDR *xdrs, kdbe_princ_t *objp) { - register int32_t *buf; - - if (!xdr_utf8str_t (xdrs, &objp->k_realm)) - return FALSE; - if (!xdr_array (xdrs, (char **)&objp->k_components.k_components_val, (u_int *) &objp->k_components.k_components_len, ~0, - sizeof (kdbe_data_t), (xdrproc_t) xdr_kdbe_data_t)) - return FALSE; - if (!xdr_int32_t (xdrs, &objp->k_nametype)) - return FALSE; - return TRUE; + register int32_t *buf; + + if (!xdr_utf8str_t (xdrs, &objp->k_realm)) + return FALSE; + if (!xdr_array (xdrs, (char **)&objp->k_components.k_components_val, (u_int *) &objp->k_components.k_components_len, ~0, + sizeof (kdbe_data_t), (xdrproc_t) xdr_kdbe_data_t)) + return FALSE; + if (!xdr_int32_t (xdrs, &objp->k_nametype)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_tl_t (XDR *xdrs, kdbe_tl_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_int16_t (xdrs, &objp->tl_type)) - return FALSE; - if (!xdr_bytes (xdrs, (char **)&objp->tl_data.tl_data_val, (u_int *) &objp->tl_data.tl_data_len, ~0)) - return FALSE; - return TRUE; + if (!xdr_int16_t (xdrs, &objp->tl_type)) + return FALSE; + if (!xdr_bytes (xdrs, (char **)&objp->tl_data.tl_data_val, (u_int *) &objp->tl_data.tl_data_len, ~0)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_pw_hist_t (XDR *xdrs, kdbe_pw_hist_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_array (xdrs, (char **)&objp->kdbe_pw_hist_t_val, (u_int *) &objp->kdbe_pw_hist_t_len, ~0, - sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t)) - return FALSE; - return TRUE; + if (!xdr_array (xdrs, (char **)&objp->kdbe_pw_hist_t_val, (u_int *) &objp->kdbe_pw_hist_t_len, ~0, + sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_attr_type_t (XDR *xdrs, kdbe_attr_type_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_enum (xdrs, (enum_t *) objp)) - return FALSE; - return TRUE; + if (!xdr_enum (xdrs, (enum_t *) objp)) + return FALSE; + return TRUE; } bool_t xdr_kdbe_val_t (XDR *xdrs, kdbe_val_t *objp) { - register int32_t *buf; - - if (!xdr_kdbe_attr_type_t (xdrs, &objp->av_type)) - return FALSE; - switch (objp->av_type) { - case AT_ATTRFLAGS: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_attrflags)) - return FALSE; - break; - case AT_MAX_LIFE: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_life)) - return FALSE; - break; - case AT_MAX_RENEW_LIFE: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_renew_life)) - return FALSE; - break; - case AT_EXP: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_exp)) - return FALSE; - break; - case AT_PW_EXP: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_exp)) - return FALSE; - break; - case AT_LAST_SUCCESS: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_success)) - return FALSE; - break; - case AT_LAST_FAILED: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_failed)) - return FALSE; - break; - case AT_FAIL_AUTH_COUNT: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_fail_auth_count)) - return FALSE; - break; - case AT_PRINC: - if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_princ)) - return FALSE; - break; - case AT_KEYDATA: - if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_keydata.av_keydata_val, (u_int *) &objp->kdbe_val_t_u.av_keydata.av_keydata_len, ~0, - sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t)) - return FALSE; - break; - case AT_TL_DATA: - if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_tldata.av_tldata_val, (u_int *) &objp->kdbe_val_t_u.av_tldata.av_tldata_len, ~0, - sizeof (kdbe_tl_t), (xdrproc_t) xdr_kdbe_tl_t)) - return FALSE; - break; - case AT_LEN: - if (!xdr_int16_t (xdrs, &objp->kdbe_val_t_u.av_len)) - return FALSE; - break; - case AT_PW_LAST_CHANGE: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_last_change)) - return FALSE; - break; - case AT_MOD_PRINC: - if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_mod_princ)) - return FALSE; - break; - case AT_MOD_TIME: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_mod_time)) - return FALSE; - break; - case AT_MOD_WHERE: - if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_mod_where)) - return FALSE; - break; - case AT_PW_POLICY: - if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_pw_policy)) - return FALSE; - break; - case AT_PW_POLICY_SWITCH: - if (!xdr_bool (xdrs, &objp->kdbe_val_t_u.av_pw_policy_switch)) - return FALSE; - break; - case AT_PW_HIST_KVNO: - if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_hist_kvno)) - return FALSE; - break; - case AT_PW_HIST: - if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_val, (u_int *) &objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_len, ~0, - sizeof (kdbe_pw_hist_t), (xdrproc_t) xdr_kdbe_pw_hist_t)) - return FALSE; - break; - default: - if (!xdr_bytes (xdrs, (char **)&objp->kdbe_val_t_u.av_extension.av_extension_val, (u_int *) &objp->kdbe_val_t_u.av_extension.av_extension_len, ~0)) - return FALSE; - break; - } - return TRUE; + register int32_t *buf; + + if (!xdr_kdbe_attr_type_t (xdrs, &objp->av_type)) + return FALSE; + switch (objp->av_type) { + case AT_ATTRFLAGS: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_attrflags)) + return FALSE; + break; + case AT_MAX_LIFE: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_life)) + return FALSE; + break; + case AT_MAX_RENEW_LIFE: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_renew_life)) + return FALSE; + break; + case AT_EXP: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_exp)) + return FALSE; + break; + case AT_PW_EXP: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_exp)) + return FALSE; + break; + case AT_LAST_SUCCESS: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_success)) + return FALSE; + break; + case AT_LAST_FAILED: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_failed)) + return FALSE; + break; + case AT_FAIL_AUTH_COUNT: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_fail_auth_count)) + return FALSE; + break; + case AT_PRINC: + if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_princ)) + return FALSE; + break; + case AT_KEYDATA: + if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_keydata.av_keydata_val, (u_int *) &objp->kdbe_val_t_u.av_keydata.av_keydata_len, ~0, + sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t)) + return FALSE; + break; + case AT_TL_DATA: + if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_tldata.av_tldata_val, (u_int *) &objp->kdbe_val_t_u.av_tldata.av_tldata_len, ~0, + sizeof (kdbe_tl_t), (xdrproc_t) xdr_kdbe_tl_t)) + return FALSE; + break; + case AT_LEN: + if (!xdr_int16_t (xdrs, &objp->kdbe_val_t_u.av_len)) + return FALSE; + break; + case AT_PW_LAST_CHANGE: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_last_change)) + return FALSE; + break; + case AT_MOD_PRINC: + if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_mod_princ)) + return FALSE; + break; + case AT_MOD_TIME: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_mod_time)) + return FALSE; + break; + case AT_MOD_WHERE: + if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_mod_where)) + return FALSE; + break; + case AT_PW_POLICY: + if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_pw_policy)) + return FALSE; + break; + case AT_PW_POLICY_SWITCH: + if (!xdr_bool (xdrs, &objp->kdbe_val_t_u.av_pw_policy_switch)) + return FALSE; + break; + case AT_PW_HIST_KVNO: + if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_hist_kvno)) + return FALSE; + break; + case AT_PW_HIST: + if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_val, (u_int *) &objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_len, ~0, + sizeof (kdbe_pw_hist_t), (xdrproc_t) xdr_kdbe_pw_hist_t)) + return FALSE; + break; + default: + if (!xdr_bytes (xdrs, (char **)&objp->kdbe_val_t_u.av_extension.av_extension_val, (u_int *) &objp->kdbe_val_t_u.av_extension.av_extension_len, ~0)) + return FALSE; + break; + } + return TRUE; } bool_t xdr_kdbe_t (XDR *xdrs, kdbe_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_array (xdrs, (char **)&objp->kdbe_t_val, (u_int *) &objp->kdbe_t_len, ~0, - sizeof (kdbe_val_t), (xdrproc_t) xdr_kdbe_val_t)) - return FALSE; - return TRUE; + if (!xdr_array (xdrs, (char **)&objp->kdbe_t_val, (u_int *) &objp->kdbe_t_len, ~0, + sizeof (kdbe_val_t), (xdrproc_t) xdr_kdbe_val_t)) + return FALSE; + return TRUE; } bool_t xdr_kdb_incr_update_t (XDR *xdrs, kdb_incr_update_t *objp) { - register int32_t *buf; - - if (!xdr_utf8str_t (xdrs, &objp->kdb_princ_name)) - return FALSE; - if (!xdr_kdb_sno_t (xdrs, &objp->kdb_entry_sno)) - return FALSE; - if (!xdr_kdbe_time_t (xdrs, &objp->kdb_time)) - return FALSE; - if (!xdr_kdbe_t (xdrs, &objp->kdb_update)) - return FALSE; - if (!xdr_bool (xdrs, &objp->kdb_deleted)) - return FALSE; - if (!xdr_bool (xdrs, &objp->kdb_commit)) - return FALSE; - if (!xdr_array (xdrs, (char **)&objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val, (u_int *) &objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len, ~0, - sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t)) - return FALSE; - if (!xdr_bytes (xdrs, (char **)&objp->kdb_futures.kdb_futures_val, (u_int *) &objp->kdb_futures.kdb_futures_len, ~0)) - return FALSE; - return TRUE; + register int32_t *buf; + + if (!xdr_utf8str_t (xdrs, &objp->kdb_princ_name)) + return FALSE; + if (!xdr_kdb_sno_t (xdrs, &objp->kdb_entry_sno)) + return FALSE; + if (!xdr_kdbe_time_t (xdrs, &objp->kdb_time)) + return FALSE; + if (!xdr_kdbe_t (xdrs, &objp->kdb_update)) + return FALSE; + if (!xdr_bool (xdrs, &objp->kdb_deleted)) + return FALSE; + if (!xdr_bool (xdrs, &objp->kdb_commit)) + return FALSE; + if (!xdr_array (xdrs, (char **)&objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val, (u_int *) &objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len, ~0, + sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t)) + return FALSE; + if (!xdr_bytes (xdrs, (char **)&objp->kdb_futures.kdb_futures_val, (u_int *) &objp->kdb_futures.kdb_futures_len, ~0)) + return FALSE; + return TRUE; } bool_t xdr_kdb_ulog_t (XDR *xdrs, kdb_ulog_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_array (xdrs, (char **)&objp->kdb_ulog_t_val, (u_int *) &objp->kdb_ulog_t_len, ~0, - sizeof (kdb_incr_update_t), (xdrproc_t) xdr_kdb_incr_update_t)) - return FALSE; - return TRUE; + if (!xdr_array (xdrs, (char **)&objp->kdb_ulog_t_val, (u_int *) &objp->kdb_ulog_t_len, ~0, + sizeof (kdb_incr_update_t), (xdrproc_t) xdr_kdb_incr_update_t)) + return FALSE; + return TRUE; } bool_t xdr_update_status_t (XDR *xdrs, update_status_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_enum (xdrs, (enum_t *) objp)) - return FALSE; - return TRUE; + if (!xdr_enum (xdrs, (enum_t *) objp)) + return FALSE; + return TRUE; } bool_t xdr_kdb_last_t (XDR *xdrs, kdb_last_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_kdb_sno_t (xdrs, &objp->last_sno)) - return FALSE; - if (!xdr_kdbe_time_t (xdrs, &objp->last_time)) - return FALSE; - return TRUE; + if (!xdr_kdb_sno_t (xdrs, &objp->last_sno)) + return FALSE; + if (!xdr_kdbe_time_t (xdrs, &objp->last_time)) + return FALSE; + return TRUE; } bool_t xdr_kdb_incr_result_t (XDR *xdrs, kdb_incr_result_t *objp) { - register int32_t *buf; - - if (!xdr_kdb_last_t (xdrs, &objp->lastentry)) - return FALSE; - if (!xdr_kdb_ulog_t (xdrs, &objp->updates)) - return FALSE; - if (!xdr_update_status_t (xdrs, &objp->ret)) - return FALSE; - return TRUE; + register int32_t *buf; + + if (!xdr_kdb_last_t (xdrs, &objp->lastentry)) + return FALSE; + if (!xdr_kdb_ulog_t (xdrs, &objp->updates)) + return FALSE; + if (!xdr_update_status_t (xdrs, &objp->ret)) + return FALSE; + return TRUE; } bool_t xdr_kdb_fullresync_result_t (XDR *xdrs, kdb_fullresync_result_t *objp) { - register int32_t *buf; + register int32_t *buf; - if (!xdr_kdb_last_t (xdrs, &objp->lastentry)) - return FALSE; - if (!xdr_update_status_t (xdrs, &objp->ret)) - return FALSE; - return TRUE; + if (!xdr_kdb_last_t (xdrs, &objp->lastentry)) + return FALSE; + if (!xdr_update_status_t (xdrs, &objp->ret)) + return FALSE; + return TRUE; } diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 8aef88a..cd9f716 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2006, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -32,7 +33,7 @@ * distribution under the MIT license. */ -/* +/* * Include files */ @@ -81,7 +82,7 @@ kdb_lock_list() int err; err = CALL_INIT_FUNCTION (kdb_init_lock_list); if (err) - return err; + return err; return k5_mutex_lock(&db_lock); } @@ -89,7 +90,7 @@ void kdb_fini_lock_list(void) { if (INITIALIZER_RAN(kdb_init_lock_list)) - k5_mutex_destroy(&db_lock); + k5_mutex_destroy(&db_lock); } static int @@ -177,27 +178,27 @@ kdb_get_conf_section(krb5_context kcontext) char *value = NULL; if (kcontext->default_realm == NULL) - return NULL; + return NULL; /* The profile has to have been initialized. If the profile was not initialized, expect nothing less than a crash. */ status = profile_get_string(kcontext->profile, - /* realms */ - KDB_REALM_SECTION, - kcontext->default_realm, - /* under the realm name, database_module */ - KDB_MODULE_POINTER, - /* default value is the realm name itself */ - kcontext->default_realm, - &value); + /* realms */ + KDB_REALM_SECTION, + kcontext->default_realm, + /* under the realm name, database_module */ + KDB_MODULE_POINTER, + /* default value is the realm name itself */ + kcontext->default_realm, + &value); if (status) { - /* some problem */ - result = strdup(kcontext->default_realm); - /* let NULL be handled by the caller */ + /* some problem */ + result = strdup(kcontext->default_realm); + /* let NULL be handled by the caller */ } else { - result = strdup(value); - /* free profile string */ - profile_release_string(value); + result = strdup(value); + /* free profile string */ + profile_release_string(value); } return result; @@ -212,27 +213,27 @@ kdb_get_library_name(krb5_context kcontext) char *lib = NULL; status = profile_get_string(kcontext->profile, - /* realms */ - KDB_REALM_SECTION, - kcontext->default_realm, - /* under the realm name, database_module */ - KDB_MODULE_POINTER, - /* default value is the realm name itself */ - kcontext->default_realm, - &value); + /* realms */ + KDB_REALM_SECTION, + kcontext->default_realm, + /* under the realm name, database_module */ + KDB_MODULE_POINTER, + /* default value is the realm name itself */ + kcontext->default_realm, + &value); if (status) - goto clean_n_exit; + goto clean_n_exit; #define DB2_NAME "db2" /* we got the module section. Get the library name from the module */ status = profile_get_string(kcontext->profile, KDB_MODULE_SECTION, value, - KDB_LIB_POINTER, - /* default to db2 */ - DB2_NAME, - &lib); + KDB_LIB_POINTER, + /* default to db2 */ + DB2_NAME, + &lib); if (status) { - goto clean_n_exit; + goto clean_n_exit; } result = strdup(lib); @@ -246,33 +247,33 @@ static void kdb_setup_opt_functions(db_library lib) { if (lib->vftabl.set_master_key == NULL) - lib->vftabl.set_master_key = kdb_def_set_mkey; + lib->vftabl.set_master_key = kdb_def_set_mkey; if (lib->vftabl.set_master_key_list == NULL) - lib->vftabl.set_master_key_list = kdb_def_set_mkey_list; + lib->vftabl.set_master_key_list = kdb_def_set_mkey_list; if (lib->vftabl.get_master_key == NULL) - lib->vftabl.get_master_key = kdb_def_get_mkey; + lib->vftabl.get_master_key = kdb_def_get_mkey; if (lib->vftabl.get_master_key_list == NULL) - lib->vftabl.get_master_key_list = kdb_def_get_mkey_list; + lib->vftabl.get_master_key_list = kdb_def_get_mkey_list; if (lib->vftabl.fetch_master_key == NULL) - lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey; + lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey; if (lib->vftabl.verify_master_key == NULL) - lib->vftabl.verify_master_key = krb5_def_verify_master_key; + lib->vftabl.verify_master_key = krb5_def_verify_master_key; if (lib->vftabl.fetch_master_key_list == NULL) - lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list; + lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list; if (lib->vftabl.store_master_key_list == NULL) - lib->vftabl.store_master_key_list = krb5_def_store_mkey_list; + lib->vftabl.store_master_key_list = krb5_def_store_mkey_list; if (lib->vftabl.dbe_search_enctype == NULL) - lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype; + lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype; if (lib->vftabl.db_change_pwd == NULL) - lib->vftabl.db_change_pwd = krb5_dbe_def_cpw; + lib->vftabl.db_change_pwd = krb5_dbe_def_cpw; if (lib->vftabl.store_master_key == NULL) - lib->vftabl.store_master_key = krb5_def_store_mkey; + lib->vftabl.store_master_key = krb5_def_store_mkey; if (lib->vftabl.promote_db == NULL) - lib->vftabl.promote_db = krb5_def_promote_db; + lib->vftabl.promote_db = krb5_def_promote_db; if (lib->vftabl.dbekd_decrypt_key_data == NULL) - lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data; + lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data; if (lib->vftabl.dbekd_encrypt_key_data == NULL) - lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data; + lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data; } #ifdef STATIC_PLUGINS @@ -290,21 +291,21 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr) kdb_vftabl *vftabl_addr = NULL; if (strcmp(lib_name, "db2") == 0) - vftabl_addr = &krb5_db2_kdb_function_table; + vftabl_addr = &krb5_db2_kdb_function_table; #ifdef ENABLE_LDAP if (strcmp(lib_name, "ldap") == 0) - vftabl_addr = &krb5_ldap_kdb_function_table; + vftabl_addr = &krb5_ldap_kdb_function_table; #endif if (!vftabl_addr) { - krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND, - "Unable to find requested database type: %s", - lib_name); - return KRB5_KDB_DBTYPE_NOSUP; + krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND, + "Unable to find requested database type: %s", + lib_name); + return KRB5_KDB_DBTYPE_NOSUP; } lib = calloc(1, sizeof(*lib)); if (lib == NULL) - return ENOMEM; + return ENOMEM; strlcpy(lib->name, lib_name, sizeof(lib->name)); memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl)); @@ -312,7 +313,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr) status = lib->vftabl.init_library(); if (status) - goto cleanup; + goto cleanup; *libptr = lib; return 0; @@ -339,7 +340,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) When it's static, it goes into ".picdata", which is read-write. */ static const char *const dbpath_names[] = { - KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL, + KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL, }; const char *filebases[2]; char **profpath = NULL; @@ -350,7 +351,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) *lib = calloc((size_t) 1, sizeof(**lib)); if (*lib == NULL) - return ENOMEM; + return ENOMEM; strlcpy((*lib)->name, lib_name, sizeof((*lib)->name)); @@ -358,31 +359,31 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) file(s) first. */ status = profile_get_values(kcontext->profile, dbpath_names, &profpath); if (status != 0 && status != PROF_NO_RELATION) - goto clean_n_exit; + goto clean_n_exit; ndx = 0; if (profpath) - while (profpath[ndx] != NULL) - ndx++; + while (profpath[ndx] != NULL) + ndx++; path = calloc(ndx + db_dl_n_locations, sizeof (char *)); if (path == NULL) { - status = ENOMEM; - goto clean_n_exit; + status = ENOMEM; + goto clean_n_exit; } if (ndx) - memcpy(path, profpath, ndx * sizeof(profpath[0])); + memcpy(path, profpath, ndx * sizeof(profpath[0])); memcpy(path + ndx, db_dl_location, db_dl_n_locations * sizeof(char *)); status = 0; - - if ((status = krb5int_open_plugin_dirs ((const char **) path, - filebases, + + if ((status = krb5int_open_plugin_dirs ((const char **) path, + filebases, &(*lib)->dl_dir_handle, &kcontext->err))) { - const char *err_str = krb5_get_error_message(kcontext, status); - status = KRB5_KDB_DBTYPE_NOTFOUND; - krb5_set_error_message (kcontext, status, - "Unable to find requested database type: %s", err_str); - krb5_free_error_message (kcontext, err_str); - goto clean_n_exit; + const char *err_str = krb5_get_error_message(kcontext, status); + status = KRB5_KDB_DBTYPE_NOTFOUND; + krb5_set_error_message (kcontext, status, + "Unable to find requested database type: %s", err_str); + krb5_free_error_message (kcontext, err_str); + goto clean_n_exit; } if ((status = krb5int_get_plugin_dir_data (&(*lib)->dl_dir_handle, "kdb_function_table", @@ -392,34 +393,34 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) krb5_set_error_message (kcontext, status, "plugin symbol 'kdb_function_table' lookup failed: %s", err_str); krb5_free_error_message (kcontext, err_str); - goto clean_n_exit; + goto clean_n_exit; } if (vftabl_addrs[0] == NULL) { - /* No plugins! */ - status = KRB5_KDB_DBTYPE_NOTFOUND; - krb5_set_error_message (kcontext, status, - _("Unable to load requested database module '%s': plugin symbol 'kdb_function_table' not found"), - lib_name); - goto clean_n_exit; + /* No plugins! */ + status = KRB5_KDB_DBTYPE_NOTFOUND; + krb5_set_error_message (kcontext, status, + _("Unable to load requested database module '%s': plugin symbol 'kdb_function_table' not found"), + lib_name); + goto clean_n_exit; } memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl)); kdb_setup_opt_functions(*lib); - + if ((status = (*lib)->vftabl.init_library())) goto clean_n_exit; - + clean_n_exit: krb5int_free_plugin_dir_data(vftabl_addrs); /* Both of these DTRT with NULL. */ profile_free_list(profpath); free(path); if (status && *lib) { - if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle))) - krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle); - free(*lib); - *lib = NULL; + if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle))) + krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle); + free(*lib); + *lib = NULL; } return status; } @@ -436,43 +437,43 @@ kdb_find_library(krb5_context kcontext, char *lib_name, db_library * lib) static int kdb_db2_pol_err_loaded = 0; if (!strcmp(DB2_NAME, lib_name) && (kdb_db2_pol_err_loaded == 0)) { - initialize_adb_error_table(); - kdb_db2_pol_err_loaded = 1; + initialize_adb_error_table(); + kdb_db2_pol_err_loaded = 1; } if ((status = kdb_lock_list()) != 0) - goto clean_n_exit; + goto clean_n_exit; locked = 1; curr_elt = lib_list; while (curr_elt != NULL) { - if (strcmp(lib_name, curr_elt->name) == 0) { - *lib = curr_elt; - goto clean_n_exit; - } - prev_elt = curr_elt; - curr_elt = curr_elt->next; + if (strcmp(lib_name, curr_elt->name) == 0) { + *lib = curr_elt; + goto clean_n_exit; + } + prev_elt = curr_elt; + curr_elt = curr_elt->next; } /* module not found. create and add to list */ status = kdb_load_library(kcontext, lib_name, lib); if (status) - goto clean_n_exit; + goto clean_n_exit; if (prev_elt) { - /* prev_elt points to the last element in the list */ - prev_elt->next = *lib; - (*lib)->prev = prev_elt; + /* prev_elt points to the last element in the list */ + prev_elt->next = *lib; + (*lib)->prev = prev_elt; } else { - lib_list = *lib; + lib_list = *lib; } clean_n_exit: if (*lib) - (*lib)->reference_cnt++; + (*lib)->reference_cnt++; if (locked) - kdb_unlock_list(); + kdb_unlock_list(); return status; } @@ -484,33 +485,33 @@ kdb_free_library(db_library lib) int locked = 0; if ((status = kdb_lock_list()) != 0) - goto clean_n_exit; + goto clean_n_exit; locked = 1; lib->reference_cnt--; if (lib->reference_cnt == 0) { - status = lib->vftabl.fini_library(); - if (status) - goto clean_n_exit; + status = lib->vftabl.fini_library(); + if (status) + goto clean_n_exit; - /* close the library */ + /* close the library */ if (PLUGIN_DIR_OPEN((&lib->dl_dir_handle))) krb5int_close_plugin_dirs (&lib->dl_dir_handle); - - if (lib->prev == NULL) - lib_list = lib->next; /* first element in the list */ - else - lib->prev->next = lib->next; - - if (lib->next) - lib->next->prev = lib->prev; - free(lib); + + if (lib->prev == NULL) + lib_list = lib->next; /* first element in the list */ + else + lib->prev->next = lib->next; + + if (lib->next) + lib->next->prev = lib->prev; + free(lib); } clean_n_exit: if (locked) - kdb_unlock_list(); + kdb_unlock_list(); return status; } @@ -525,19 +526,19 @@ krb5_db_setup_lib_handle(krb5_context kcontext) dal_handle = calloc((size_t) 1, sizeof(kdb5_dal_handle)); if (dal_handle == NULL) { - status = ENOMEM; - goto clean_n_exit; + status = ENOMEM; + goto clean_n_exit; } library = kdb_get_library_name(kcontext); if (library == NULL) { - status = KRB5_KDB_DBTYPE_NOTFOUND; - goto clean_n_exit; + status = KRB5_KDB_DBTYPE_NOTFOUND; + goto clean_n_exit; } status = kdb_find_library(kcontext, library, &lib); if (status) - goto clean_n_exit; + goto clean_n_exit; dal_handle->lib_handle = lib; kcontext->dal_handle = dal_handle; @@ -546,9 +547,9 @@ clean_n_exit: free(library); if (status) { - free(dal_handle); - if (lib) - kdb_free_library(lib); + free(dal_handle); + if (lib) + kdb_free_library(lib); } return status; @@ -561,7 +562,7 @@ kdb_free_lib_handle(krb5_context kcontext) status = kdb_free_library(kcontext->dal_handle->lib_handle); if (status) - return status; + return status; free(kcontext->dal_handle); kcontext->dal_handle = NULL; @@ -575,16 +576,16 @@ get_errmsg(krb5_context kcontext, krb5_error_code err_code) const char *e; if (err_code == 0) - return; + return; assert(kcontext != NULL && kcontext->dal_handle != NULL); v = &kcontext->dal_handle->lib_handle->vftabl; if (v->errcode_2_string == NULL) - return; + return; e = v->errcode_2_string(kcontext, err_code); assert (e != NULL); krb5_set_error_message(kcontext, err_code, "%s", e); if (v->release_errcode_string) - v->release_errcode_string(kcontext, e); + v->release_errcode_string(kcontext, e); } static krb5_error_code @@ -594,9 +595,9 @@ get_vftabl(krb5_context kcontext, kdb_vftabl **vftabl_ptr) *vftabl_ptr = NULL; if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) - return status; + status = krb5_db_setup_lib_handle(kcontext); + if (status) + return status; } *vftabl_ptr = &kcontext->dal_handle->lib_handle->vftabl; return 0; @@ -614,23 +615,23 @@ krb5_db_open(krb5_context kcontext, char **db_args, int mode) section = kdb_get_conf_section(kcontext); if (section == NULL) { - status = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message (kcontext, status, - "unable to determine configuration section for realm %s\n", - kcontext->default_realm ? kcontext->default_realm : "[UNSET]"); - goto clean_n_exit; + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, + "unable to determine configuration section for realm %s\n", + kcontext->default_realm ? kcontext->default_realm : "[UNSET]"); + goto clean_n_exit; } status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; assert(v->init_module != NULL); status = v->init_module(kcontext, section, db_args, mode); get_errmsg(kcontext, status); clean_n_exit: if (section) - free(section); + free(section); return status; } @@ -638,7 +639,7 @@ krb5_error_code krb5_db_inited(krb5_context kcontext) { return !(kcontext && kcontext->dal_handle && - kcontext->dal_handle->db_context); + kcontext->dal_handle->db_context); } krb5_error_code @@ -650,26 +651,26 @@ krb5_db_create(krb5_context kcontext, char **db_args) section = kdb_get_conf_section(kcontext); if (section == NULL) { - status = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message (kcontext, status, - "unable to determine configuration section for realm %s\n", - kcontext->default_realm); - goto clean_n_exit; + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, + "unable to determine configuration section for realm %s\n", + kcontext->default_realm); + goto clean_n_exit; } status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; if (v->db_create == NULL) { - status = KRB5_KDB_DBTYPE_NOSUP; - goto clean_n_exit; + status = KRB5_KDB_DBTYPE_NOSUP; + goto clean_n_exit; } status = v->db_create(kcontext, section, db_args); get_errmsg(kcontext, status); clean_n_exit: if (section) - free(section); + free(section); return status; } @@ -681,7 +682,7 @@ krb5_db_fini(krb5_context kcontext) /* Do nothing if module was never loaded. */ if (kcontext->dal_handle == NULL) - return 0; + return 0; v = &kcontext->dal_handle->lib_handle->vftabl; assert(v->fini_module != NULL); @@ -689,7 +690,7 @@ krb5_db_fini(krb5_context kcontext) get_errmsg(kcontext, status); if (status) - return status; + return status; return kdb_free_lib_handle(kcontext); } @@ -703,26 +704,26 @@ krb5_db_destroy(krb5_context kcontext, char **db_args) section = kdb_get_conf_section(kcontext); if (section == NULL) { - status = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message (kcontext, status, - "unable to determine configuration section for realm %s\n", - kcontext->default_realm); - goto clean_n_exit; + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, + "unable to determine configuration section for realm %s\n", + kcontext->default_realm); + goto clean_n_exit; } status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; if (v->db_destroy == NULL) { - status = KRB5_KDB_DBTYPE_NOSUP; - goto clean_n_exit; + status = KRB5_KDB_DBTYPE_NOSUP; + goto clean_n_exit; } status = v->db_destroy(kcontext, section, db_args); get_errmsg(kcontext, status); clean_n_exit: if (section) - free(section); + free(section); return status; } @@ -734,9 +735,9 @@ krb5_db_get_age(krb5_context kcontext, char *db_name, time_t * t) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_get_age == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_get_age(kcontext, db_name, t); get_errmsg(kcontext, status); return status; @@ -750,9 +751,9 @@ krb5_db_set_option(krb5_context kcontext, int option, void *value) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_set_option == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_set_option(kcontext, option, value); get_errmsg(kcontext, status); return status; @@ -766,9 +767,9 @@ krb5_db_lock(krb5_context kcontext, int lock_mode) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_lock == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_lock(kcontext, lock_mode); get_errmsg(kcontext, status); return status; @@ -782,9 +783,9 @@ krb5_db_unlock(krb5_context kcontext) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_unlock == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_unlock(kcontext); get_errmsg(kcontext, status); return status; @@ -792,41 +793,41 @@ krb5_db_unlock(krb5_context kcontext) krb5_error_code krb5_db_get_principal(krb5_context kcontext, - krb5_const_principal search_for, - krb5_db_entry * entries, - int *nentries, krb5_boolean * more) + krb5_const_principal search_for, + krb5_db_entry * entries, + int *nentries, krb5_boolean * more) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_get_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_get_principal(kcontext, search_for, 0, entries, nentries, - more); + more); get_errmsg(kcontext, status); return status; } krb5_error_code krb5_db_get_principal_ext(krb5_context kcontext, - krb5_const_principal search_for, - unsigned int flags, - krb5_db_entry * entries, - int *nentries, krb5_boolean * more) + krb5_const_principal search_for, + unsigned int flags, + krb5_db_entry * entries, + int *nentries, krb5_boolean * more) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_get_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_get_principal(kcontext, search_for, - flags, entries, nentries, more); + flags, entries, nentries, more); get_errmsg(kcontext, status); return status; } @@ -839,9 +840,9 @@ krb5_db_free_principal(krb5_context kcontext, krb5_db_entry * entry, int count) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_free_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_free_principal(kcontext, entry, count); get_errmsg(kcontext, status); return status; @@ -852,18 +853,18 @@ free_db_args(krb5_context kcontext, char **db_args) { int i; if (db_args) { - /* XXX Is this right? Or are we borrowing storage from - the caller? */ - for (i = 0; db_args[i]; i++) - krb5_db_free(kcontext, db_args[i]); - free(db_args); + /* XXX Is this right? Or are we borrowing storage from + the caller? */ + for (i = 0; db_args[i]; i++) + krb5_db_free(kcontext, db_args[i]); + free(db_args); } } static krb5_error_code extract_db_args_from_tl_data(krb5_context kcontext, - krb5_tl_data **start, krb5_int16 *count, - char ***db_argsp) + krb5_tl_data **start, krb5_int16 *count, + char ***db_argsp) { char **db_args = NULL; int db_args_size = 0; @@ -877,51 +878,51 @@ extract_db_args_from_tl_data(krb5_context kcontext, difficult for kadmin remote to pass arguments to server. */ prev = NULL, curr = *start; while (curr) { - if (curr->tl_data_type == KRB5_TL_DB_ARGS) { - char **t; - /* Since this is expected to be NULL terminated string and - this could come from any client, do a check before - passing it to db. */ - if (((char *) curr->tl_data_contents)[curr->tl_data_length - 1] != - '\0') { - /* Not null terminated. Dangerous input. */ - status = EINVAL; - goto clean_n_exit; - } - - db_args_size++; - t = realloc(db_args, sizeof(char *) * (db_args_size + 1)); /* 1 for NULL */ - if (t == NULL) { - status = ENOMEM; - goto clean_n_exit; - } - - db_args = t; - db_args[db_args_size - 1] = (char *) curr->tl_data_contents; - db_args[db_args_size] = NULL; - - next = curr->tl_data_next; - if (prev == NULL) { - /* current node is the first in the linked list. remove it */ - *start = curr->tl_data_next; - } else { - prev->tl_data_next = curr->tl_data_next; - } - (*count)--; - krb5_db_free(kcontext, curr); - - /* previous does not change */ - curr = next; - } else { - prev = curr; - curr = curr->tl_data_next; - } + if (curr->tl_data_type == KRB5_TL_DB_ARGS) { + char **t; + /* Since this is expected to be NULL terminated string and + this could come from any client, do a check before + passing it to db. */ + if (((char *) curr->tl_data_contents)[curr->tl_data_length - 1] != + '\0') { + /* Not null terminated. Dangerous input. */ + status = EINVAL; + goto clean_n_exit; + } + + db_args_size++; + t = realloc(db_args, sizeof(char *) * (db_args_size + 1)); /* 1 for NULL */ + if (t == NULL) { + status = ENOMEM; + goto clean_n_exit; + } + + db_args = t; + db_args[db_args_size - 1] = (char *) curr->tl_data_contents; + db_args[db_args_size] = NULL; + + next = curr->tl_data_next; + if (prev == NULL) { + /* current node is the first in the linked list. remove it */ + *start = curr->tl_data_next; + } else { + prev->tl_data_next = curr->tl_data_next; + } + (*count)--; + krb5_db_free(kcontext, curr); + + /* previous does not change */ + curr = next; + } else { + prev = curr; + curr = curr->tl_data_next; + } } status = 0; clean_n_exit: if (status != 0) { - free_db_args(kcontext, db_args); - db_args = NULL; + free_db_args(kcontext, db_args); + db_args = NULL; } *db_argsp = db_args; return status; @@ -929,7 +930,7 @@ clean_n_exit: krb5_error_code krb5int_put_principal_no_log(krb5_context kcontext, - krb5_db_entry *entries, int *nentries) + krb5_db_entry *entries, int *nentries) { kdb_vftabl *v; krb5_error_code status; @@ -937,14 +938,14 @@ krb5int_put_principal_no_log(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_put_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = extract_db_args_from_tl_data(kcontext, &entries->tl_data, - &entries->n_tl_data, - &db_args); + &entries->n_tl_data, + &db_args); if (status) - return status; + return status; status = v->db_put_principal(kcontext, entries, nentries, db_args); get_errmsg(kcontext, status); free_db_args(kcontext, db_args); @@ -953,7 +954,7 @@ krb5int_put_principal_no_log(krb5_context kcontext, krb5_error_code krb5_db_put_principal(krb5_context kcontext, - krb5_db_entry * entries, int *nentries) + krb5_db_entry * entries, int *nentries) { krb5_error_code status = 0; kdb_vftabl *v; @@ -968,88 +969,88 @@ krb5_db_put_principal(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; status = extract_db_args_from_tl_data(kcontext, &entries->tl_data, - &entries->n_tl_data, - &db_args); + &entries->n_tl_data, + &db_args); if (status) - goto clean_n_exit; + goto clean_n_exit; if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) { - if (!(upd = (kdb_incr_update_t *) - malloc(sizeof (kdb_incr_update_t)* *nentries))) { - status = errno; - goto err_lock; - } - fupd = upd; + if (!(upd = (kdb_incr_update_t *) + malloc(sizeof (kdb_incr_update_t)* *nentries))) { + status = errno; + goto err_lock; + } + fupd = upd; - (void) memset(upd, 0, sizeof(kdb_incr_update_t)* *nentries); + (void) memset(upd, 0, sizeof(kdb_incr_update_t)* *nentries); if ((status = ulog_conv_2logentry(kcontext, entries, upd, *nentries))) - goto err_lock; + goto err_lock; } status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE); if (status != 0) - goto err_lock; + goto err_lock; ulog_locked = 1; for (i = 0; i < *nentries; i++) { if (fupd) { - if ((status = krb5_unparse_name(kcontext, entries->princ, - &princ_name))) - goto err_lock; + if ((status = krb5_unparse_name(kcontext, entries->princ, + &princ_name))) + goto err_lock; - upd->kdb_princ_name.utf8str_t_val = princ_name; - upd->kdb_princ_name.utf8str_t_len = strlen(princ_name); + upd->kdb_princ_name.utf8str_t_val = princ_name; + upd->kdb_princ_name.utf8str_t_len = strlen(princ_name); - if ((status = ulog_add_update(kcontext, upd)) != 0) - goto err_lock; - upd++; + if ((status = ulog_add_update(kcontext, upd)) != 0) + goto err_lock; + upd++; } } if (v->db_put_principal == NULL) { - status = KRB5_KDB_DBTYPE_NOSUP; - goto err_lock; + status = KRB5_KDB_DBTYPE_NOSUP; + goto err_lock; } status = v->db_put_principal(kcontext, entries, nentries, db_args); get_errmsg(kcontext, status); if (status == 0 && fupd) { - upd = fupd; - for (i = 0; i < *nentries; i++) { - (void) ulog_finish_update(kcontext, upd); - upd++; - } + upd = fupd; + for (i = 0; i < *nentries; i++) { + (void) ulog_finish_update(kcontext, upd); + upd++; + } } err_lock: if (ulog_locked) - ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); + ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); clean_n_exit: free_db_args(kcontext, db_args); if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) - ulog_free_entries(fupd, *nentries); + ulog_free_entries(fupd, *nentries); return status; } krb5_error_code krb5int_delete_principal_no_log(krb5_context kcontext, - krb5_principal search_for, - int *nentries) + krb5_principal search_for, + int *nentries) { kdb_vftabl *v; krb5_error_code status; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_delete_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_delete_principal(kcontext, search_for, nentries); get_errmsg(kcontext, status); return status; @@ -1057,7 +1058,7 @@ krb5int_delete_principal_no_log(krb5_context kcontext, krb5_error_code krb5_db_delete_principal(krb5_context kcontext, - krb5_principal search_for, int *nentries) + krb5_principal search_for, int *nentries) { krb5_error_code status = 0; kdb_vftabl *v; @@ -1069,36 +1070,36 @@ krb5_db_delete_principal(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE); if (status) - return status; + return status; /* * We'll be sharing the same locks as db for logging */ if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) { - if ((status = krb5_unparse_name(kcontext, search_for, &princ_name))) { - ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); - return status; - } + if ((status = krb5_unparse_name(kcontext, search_for, &princ_name))) { + ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); + return status; + } - (void) memset(&upd, 0, sizeof (kdb_incr_update_t)); + (void) memset(&upd, 0, sizeof (kdb_incr_update_t)); - upd.kdb_princ_name.utf8str_t_val = princ_name; - upd.kdb_princ_name.utf8str_t_len = strlen(princ_name); + upd.kdb_princ_name.utf8str_t_val = princ_name; + upd.kdb_princ_name.utf8str_t_len = strlen(princ_name); - if ((status = ulog_delete_update(kcontext, &upd)) != 0) { - ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); - free(princ_name); - return status; - } + if ((status = ulog_delete_update(kcontext, &upd)) != 0) { + ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); + free(princ_name); + return status; + } - free(princ_name); + free(princ_name); } if (v->db_delete_principal == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_delete_principal(kcontext, search_for, nentries); get_errmsg(kcontext, status); @@ -1107,8 +1108,8 @@ krb5_db_delete_principal(krb5_context kcontext, * We need to commit our update upon success */ if (!status) - if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) - (void) ulog_finish_update(kcontext, &upd); + if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) + (void) ulog_finish_update(kcontext, &upd); ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); @@ -1117,18 +1118,18 @@ krb5_db_delete_principal(krb5_context kcontext, krb5_error_code krb5_db_iterate(krb5_context kcontext, - char *match_entry, - int (*func) (krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg) + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_iterate == NULL) - return 0; + return 0; status = v->db_iterate(kcontext, match_entry, func, func_arg); get_errmsg(kcontext, status); return status; @@ -1142,9 +1143,9 @@ krb5_supported_realms(krb5_context kcontext, char **realms) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_supported_realms == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_supported_realms(kcontext, realms); get_errmsg(kcontext, status); return status; @@ -1158,9 +1159,9 @@ krb5_free_supported_realms(krb5_context kcontext, char **realms) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_free_supported_realms == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_free_supported_realms(kcontext, realms); get_errmsg(kcontext, status); return status; @@ -1168,14 +1169,14 @@ krb5_free_supported_realms(krb5_context kcontext, char **realms) krb5_error_code krb5_db_set_master_key_ext(krb5_context kcontext, - char *pwd, krb5_keyblock * key) + char *pwd, krb5_keyblock * key) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->set_master_key(kcontext, pwd, key); get_errmsg(kcontext, status); return status; @@ -1196,7 +1197,7 @@ krb5_db_set_mkey_list(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->set_master_key_list(kcontext, keylist); get_errmsg(kcontext, status); return status; @@ -1210,7 +1211,7 @@ krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->get_master_key(kcontext, key); get_errmsg(kcontext, status); return status; @@ -1224,9 +1225,9 @@ krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->get_master_key_list == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->get_master_key_list(kcontext, keylist); get_errmsg(kcontext, status); return status; @@ -1234,17 +1235,17 @@ krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist) krb5_error_code krb5_db_fetch_mkey_list(krb5_context context, - krb5_principal mname, - const krb5_keyblock * mkey, - krb5_kvno mkvno, - krb5_keylist_node **mkey_list) + krb5_principal mname, + const krb5_keyblock * mkey, + krb5_kvno mkvno, + krb5_keylist_node **mkey_list) { kdb_vftabl *v; krb5_error_code status = 0; status = get_vftabl(context, &v); if (status) - return status; + return status; status = v->fetch_master_key_list(context, mname, mkey, mkvno, mkey_list); get_errmsg(context, status); return status; @@ -1268,42 +1269,42 @@ krb5_db_free_mkey_list(krb5_context context, krb5_error_code krb5_db_store_master_key(krb5_context kcontext, - char *keyfile, - krb5_principal mname, - krb5_kvno kvno, - krb5_keyblock * key, char *master_pwd) + char *keyfile, + krb5_principal mname, + krb5_kvno kvno, + krb5_keyblock * key, char *master_pwd) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->store_master_key == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->store_master_key(kcontext, keyfile, mname, kvno, key, - master_pwd); + master_pwd); get_errmsg(kcontext, status); return status; } krb5_error_code krb5_db_store_master_key_list(krb5_context kcontext, - char *keyfile, - krb5_principal mname, - krb5_keylist_node *keylist, - char *master_pwd) + char *keyfile, + krb5_principal mname, + krb5_keylist_node *keylist, + char *master_pwd) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->store_master_key_list == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->store_master_key_list(kcontext, keyfile, mname, keylist, - master_pwd); + master_pwd); get_errmsg(kcontext, status); return status; } @@ -1331,24 +1332,24 @@ krb5_db_fetch_mkey(krb5_context context, memset(&tmp_key, 0, sizeof(tmp_key)); if (fromkeyboard) { - krb5_data scratch; - - if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1, - twice ? krb5_mkey_pwd_prompt2 : 0, - password, &size))) { - goto clean_n_exit; - } - - pwd.data = password; - pwd.length = size; - if (!salt) { - retval = krb5_principal2salt(context, mname, &scratch); - if (retval) - goto clean_n_exit; - } - retval = - krb5_c_string_to_key(context, etype, &pwd, salt ? salt : &scratch, - key); + krb5_data scratch; + + if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1, + twice ? krb5_mkey_pwd_prompt2 : 0, + password, &size))) { + goto clean_n_exit; + } + + pwd.data = password; + pwd.length = size; + if (!salt) { + retval = krb5_principal2salt(context, mname, &scratch); + if (retval) + goto clean_n_exit; + } + retval = + krb5_c_string_to_key(context, etype, &pwd, salt ? salt : &scratch, + key); /* * If a kvno pointer was passed in and it dereferences the IGNORE_VNO * value then it should be assigned the value of the kvno associated @@ -1363,9 +1364,9 @@ krb5_db_fetch_mkey(krb5_context context, krb5_db_entry master_entry; rc = krb5_db_get_principal(context, mname, - &master_entry, &nentries, &more); + &master_entry, &nentries, &more); - if (rc == 0 && nentries == 1 && more == FALSE) + if (rc == 0 && nentries == 1 && more == FALSE) *kvno = (krb5_kvno) master_entry.key_data->key_data_kvno; else *kvno = 1; @@ -1374,45 +1375,45 @@ krb5_db_fetch_mkey(krb5_context context, krb5_db_free_principal(context, &master_entry, nentries); } - if (!salt) - free(scratch.data); - zap(password, sizeof(password)); /* erase it */ + if (!salt) + free(scratch.data); + zap(password, sizeof(password)); /* erase it */ } else { - kdb_vftabl *v; + kdb_vftabl *v; - if (context->dal_handle == NULL) { - retval = krb5_db_setup_lib_handle(context); - if (retval) - goto clean_n_exit; - } + if (context->dal_handle == NULL) { + retval = krb5_db_setup_lib_handle(context); + if (retval) + goto clean_n_exit; + } /* get the enctype from the stash */ - tmp_key.enctype = ENCTYPE_UNKNOWN; + tmp_key.enctype = ENCTYPE_UNKNOWN; - v = &context->dal_handle->lib_handle->vftabl; - retval = v->fetch_master_key(context, mname, &tmp_key, kvno, db_args); - get_errmsg(context, retval); + v = &context->dal_handle->lib_handle->vftabl; + retval = v->fetch_master_key(context, mname, &tmp_key, kvno, db_args); + get_errmsg(context, retval); - if (retval) - goto clean_n_exit; + if (retval) + goto clean_n_exit; - key->contents = malloc(tmp_key.length); - if (key->contents == NULL) { - retval = ENOMEM; - goto clean_n_exit; - } + key->contents = malloc(tmp_key.length); + if (key->contents == NULL) { + retval = ENOMEM; + goto clean_n_exit; + } - key->magic = tmp_key.magic; - key->enctype = tmp_key.enctype; - key->length = tmp_key.length; - memcpy(key->contents, tmp_key.contents, tmp_key.length); + key->magic = tmp_key.magic; + key->enctype = tmp_key.enctype; + key->length = tmp_key.length; + memcpy(key->contents, tmp_key.contents, tmp_key.length); } clean_n_exit: if (tmp_key.contents) { - zap(tmp_key.contents, tmp_key.length); - krb5_db_free(context, tmp_key.contents); + zap(tmp_key.contents, tmp_key.length); + krb5_db_free(context, tmp_key.contents); } return retval; } @@ -1428,9 +1429,9 @@ krb5_db_verify_master_key(krb5_context kcontext, status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->verify_master_key == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->verify_master_key(kcontext, mprinc, kvno, mkey); get_errmsg(kcontext, status); return status; @@ -1506,13 +1507,13 @@ krb5_dbe_find_act_mkey(krb5_context context, krb5_error_code retval; krb5_keylist_node *cur_keyblock = mkey_list; krb5_actkvno_node *prev_actkvno, *cur_actkvno; - krb5_timestamp now; - krb5_boolean found = FALSE; + krb5_timestamp now; + krb5_boolean found = FALSE; if (act_mkey_list == NULL) { - *act_kvno = 0; - *act_mkey = NULL; - return 0; + *act_kvno = 0; + *act_mkey = NULL; + return 0; } if ((retval = krb5_timeofday(context, &now))) @@ -1613,7 +1614,7 @@ krb5_db_alloc(krb5_context kcontext, void *ptr, size_t size) status = get_vftabl(kcontext, &v); if (status) - return NULL; + return NULL; return v->db_alloc(kcontext, ptr, size); } @@ -1625,7 +1626,7 @@ krb5_db_free(krb5_context kcontext, void *ptr) status = get_vftabl(kcontext, &v); if (status) - return; + return; v->db_free(kcontext, ptr); } @@ -1633,59 +1634,59 @@ krb5_db_free(krb5_context kcontext, void *ptr) krb5_error_code krb5_dbe_find_enctype(krb5_context kcontext, - krb5_db_entry * dbentp, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, krb5_key_data ** kdatap) + krb5_db_entry * dbentp, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, krb5_key_data ** kdatap) { krb5_int32 start = 0; return krb5_dbe_search_enctype(kcontext, dbentp, &start, ktype, stype, - kvno, kdatap); + kvno, kdatap); } krb5_error_code krb5_dbe_search_enctype(krb5_context kcontext, - krb5_db_entry * dbentp, - krb5_int32 * start, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, krb5_key_data ** kdatap) + krb5_db_entry * dbentp, + krb5_int32 * start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, krb5_key_data ** kdatap) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->dbe_search_enctype(kcontext, dbentp, start, ktype, stype, - kvno, kdatap); + kvno, kdatap); get_errmsg(kcontext, status); return status; } -#define REALM_SEP_STRING "@" +#define REALM_SEP_STRING "@" krb5_error_code krb5_db_setup_mkey_name(krb5_context context, - const char *keyname, - const char *realm, - char **fullname, krb5_principal * principal) + const char *keyname, + const char *realm, + char **fullname, krb5_principal * principal) { krb5_error_code retval; char *fname; if (!keyname) - keyname = KRB5_KDB_M_NAME; /* XXX external? */ + keyname = KRB5_KDB_M_NAME; /* XXX external? */ if (asprintf(&fname, "%s%s%s", keyname, REALM_SEP_STRING, realm) < 0) - return ENOMEM; + return ENOMEM; if ((retval = krb5_parse_name(context, fname, principal))) - return retval; + return retval; if (fullname) - *fullname = fname; + *fullname = fname; else - free(fname); + free(fname); return 0; } @@ -1702,11 +1703,11 @@ krb5_dbe_lookup_last_pwd_change(context, entry, stamp) tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) - return (code); + return (code); if (tl_data.tl_data_length != 4) { - *stamp = 0; - return (0); + *stamp = 0; + return (0); } krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp); @@ -1725,10 +1726,10 @@ krb5_dbe_lookup_tl_data(context, entry, ret_tl_data) krb5_tl_data *tl_data; for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) { - if (tl_data->tl_data_type == ret_tl_data->tl_data_type) { - *ret_tl_data = *tl_data; - return (0); - } + if (tl_data->tl_data_type == ret_tl_data->tl_data_type) { + *ret_tl_data = *tl_data; + return (0); + } } /* @@ -1748,10 +1749,10 @@ krb5_dbe_create_key_data(context, entry) krb5_db_entry *entry; { if ((entry->key_data = - (krb5_key_data *) krb5_db_alloc(context, entry->key_data, - (sizeof(krb5_key_data) * - (entry->n_key_data + 1)))) == NULL) - return (ENOMEM); + (krb5_key_data *) krb5_db_alloc(context, entry->key_data, + (sizeof(krb5_key_data) * + (entry->n_key_data + 1)))) == NULL) + return (ENOMEM); memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data)); entry->n_key_data++; @@ -1774,14 +1775,14 @@ krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ) unsigned int unparse_mod_princ_size; if ((retval = krb5_unparse_name(context, mod_princ, &unparse_mod_princ))) - return (retval); + return (retval); unparse_mod_princ_size = strlen(unparse_mod_princ) + 1; if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4)) - == NULL) { - free(unparse_mod_princ); - return (ENOMEM); + == NULL) { + free(unparse_mod_princ); + return (ENOMEM); } tl_data.tl_data_type = KRB5_TL_MOD_PRINC; @@ -1818,28 +1819,28 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ) tl_data.tl_data_type = KRB5_TL_MOD_PRINC; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) - return (code); + return (code); if ((tl_data.tl_data_length < 5) || - (tl_data.tl_data_contents[tl_data.tl_data_length - 1] != '\0')) - return (KRB5_KDB_TRUNCATED_RECORD); + (tl_data.tl_data_contents[tl_data.tl_data_length - 1] != '\0')) + return (KRB5_KDB_TRUNCATED_RECORD); /* Mod Date */ krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time); /* Mod Princ */ if ((code = krb5_parse_name(context, - (const char *) (tl_data.tl_data_contents + 4), - mod_princ))) - return (code); + (const char *) (tl_data.tl_data_contents + 4), + mod_princ))) + return (code); return (0); } krb5_error_code -krb5_dbe_lookup_mkvno(krb5_context context, - krb5_db_entry *entry, - krb5_kvno *mkvno) +krb5_dbe_lookup_mkvno(krb5_context context, + krb5_db_entry *entry, + krb5_kvno *mkvno) { krb5_tl_data tl_data; krb5_error_code code; @@ -1848,13 +1849,13 @@ krb5_dbe_lookup_mkvno(krb5_context context, tl_data.tl_data_type = KRB5_TL_MKVNO; if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) - return (code); + return (code); if (tl_data.tl_data_length == 0) { - *mkvno = 1; /* default for princs that lack the KRB5_TL_MKVNO data */ - return (0); + *mkvno = 1; /* default for princs that lack the KRB5_TL_MKVNO data */ + return (0); } else if (tl_data.tl_data_length != 2) { - return (KRB5_KDB_TRUNCATED_RECORD); + return (KRB5_KDB_TRUNCATED_RECORD); } krb5_kdb_decode_int16(tl_data.tl_data_contents, tmp); @@ -1887,7 +1888,7 @@ krb5_dbe_lookup_mkey_aux(krb5_context context, krb5_tl_data tl_data; krb5_int16 version; krb5_mkey_aux_node *head_data = NULL, *new_data = NULL, - *prev_data = NULL; + *prev_data = NULL; krb5_octet *curloc; /* current location pointer */ krb5_error_code code; @@ -2079,7 +2080,7 @@ krb5_dbe_lookup_actkvno(krb5_context context, * field. */ num_actkvno = (tl_data.tl_data_length - sizeof(version)) / - ACTKVNO_TUPLE_SIZE; + ACTKVNO_TUPLE_SIZE; prev_data = NULL; /* next_tuple points to first tuple entry in the tl_data_contents */ next_tuple = tl_data.tl_data_contents + sizeof(version); @@ -2105,8 +2106,8 @@ krb5_dbe_lookup_actkvno(krb5_context context, } } else { krb5_set_error_message (context, KRB5_KDB_BAD_VERSION, - "Illegal version number for KRB5_TL_ACTKVNO %d\n", - version); + "Illegal version number for KRB5_TL_ACTKVNO %d\n", + version); return (KRB5_KDB_BAD_VERSION); } } @@ -2183,7 +2184,7 @@ krb5_dbe_update_last_pwd_change(context, entry, stamp) krb5_timestamp stamp; { krb5_tl_data tl_data; - krb5_octet buf[4]; /* this is the encoded size of an int32 */ + krb5_octet buf[4]; /* this is the encoded size of an int32 */ tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE; tl_data.tl_data_length = sizeof(buf); @@ -2196,7 +2197,7 @@ krb5_dbe_update_last_pwd_change(context, entry, stamp) krb5_error_code krb5_dbe_delete_tl_data(krb5_context context, krb5_db_entry *entry, - krb5_int16 tl_data_type) + krb5_int16 tl_data_type) { krb5_tl_data *tl_data, *prev_tl_data, *free_tl_data; @@ -2245,40 +2246,40 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data) * fails. */ if ((tmp = - (krb5_octet *) krb5_db_alloc(context, NULL, - new_tl_data->tl_data_length)) == NULL) - return (ENOMEM); + (krb5_octet *) krb5_db_alloc(context, NULL, + new_tl_data->tl_data_length)) == NULL) + return (ENOMEM); /* * Find an existing entry of the specified type and point at * it, or NULL if not found. */ - if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */ - for (tl_data = entry->tl_data; tl_data; - tl_data = tl_data->tl_data_next) - if (tl_data->tl_data_type == new_tl_data->tl_data_type) - break; + if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */ + for (tl_data = entry->tl_data; tl_data; + tl_data = tl_data->tl_data_next) + if (tl_data->tl_data_type == new_tl_data->tl_data_type) + break; } /* If necessary, chain a new record in the beginning and point at it. */ if (!tl_data) { - tl_data = krb5_db_alloc(context, NULL, sizeof(krb5_tl_data)); - if (tl_data == NULL) { - free(tmp); - return (ENOMEM); - } - memset(tl_data, 0, sizeof(krb5_tl_data)); - tl_data->tl_data_next = entry->tl_data; - entry->tl_data = tl_data; - entry->n_tl_data++; + tl_data = krb5_db_alloc(context, NULL, sizeof(krb5_tl_data)); + if (tl_data == NULL) { + free(tmp); + return (ENOMEM); + } + memset(tl_data, 0, sizeof(krb5_tl_data)); + tl_data->tl_data_next = entry->tl_data; + entry->tl_data = tl_data; + entry->n_tl_data++; } /* fill in the record */ if (tl_data->tl_data_contents) - krb5_db_free(context, tl_data->tl_data_contents); + krb5_db_free(context, tl_data->tl_data_contents); tl_data->tl_data_type = new_tl_data->tl_data_type; tl_data->tl_data_length = new_tl_data->tl_data_length; @@ -2291,20 +2292,20 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data) /* change password functions */ krb5_error_code krb5_dbe_cpw(krb5_context kcontext, - krb5_keyblock * master_key, - krb5_key_salt_tuple * ks_tuple, - int ks_tuple_count, - char *passwd, - int new_kvno, krb5_boolean keepold, krb5_db_entry * db_entry) + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char *passwd, + int new_kvno, krb5_boolean keepold, krb5_db_entry * db_entry) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; status = v->db_change_pwd(kcontext, master_key, ks_tuple, ks_tuple_count, - passwd, new_kvno, keepold, db_entry); + passwd, new_kvno, keepold, db_entry); get_errmsg(kcontext, status); return status; } @@ -2318,9 +2319,9 @@ krb5_db_create_policy(krb5_context kcontext, osa_policy_ent_t policy) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_create_policy == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_create_policy(kcontext, policy); get_errmsg(kcontext, status); return status; @@ -2328,16 +2329,16 @@ krb5_db_create_policy(krb5_context kcontext, osa_policy_ent_t policy) krb5_error_code krb5_db_get_policy(krb5_context kcontext, char *name, - osa_policy_ent_t * policy, int *cnt) + osa_policy_ent_t * policy, int *cnt) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_get_policy == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_get_policy(kcontext, name, policy, cnt); get_errmsg(kcontext, status); return status; @@ -2351,9 +2352,9 @@ krb5_db_put_policy(krb5_context kcontext, osa_policy_ent_t policy) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_put_policy == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_put_policy(kcontext, policy); get_errmsg(kcontext, status); return status; @@ -2361,16 +2362,16 @@ krb5_db_put_policy(krb5_context kcontext, osa_policy_ent_t policy) krb5_error_code krb5_db_iter_policy(krb5_context kcontext, char *match_entry, - osa_adb_iter_policy_func func, void *data) + osa_adb_iter_policy_func func, void *data) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_iter_policy == NULL) - return 0; + return 0; status = v->db_iter_policy(kcontext, match_entry, func, data); get_errmsg(kcontext, status); return status; @@ -2384,9 +2385,9 @@ krb5_db_delete_policy(krb5_context kcontext, char *policy) status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_delete_policy == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; status = v->db_delete_policy(kcontext, policy); get_errmsg(kcontext, status); return status; @@ -2400,7 +2401,7 @@ krb5_db_free_policy(krb5_context kcontext, osa_policy_ent_t policy) status = get_vftabl(kcontext, &v); if (status || v->db_free_policy == NULL) - return; + return; v->db_free_policy(kcontext, policy); get_errmsg(kcontext, status); } @@ -2414,16 +2415,16 @@ krb5_db_promote(krb5_context kcontext, char **db_args) section = kdb_get_conf_section(kcontext); if (section == NULL) { - status = KRB5_KDB_SERVER_INTERNAL_ERR; - krb5_set_error_message (kcontext, status, - "unable to determine configuration section for realm %s\n", - kcontext->default_realm); - goto clean_n_exit; + status = KRB5_KDB_SERVER_INTERNAL_ERR; + krb5_set_error_message (kcontext, status, + "unable to determine configuration section for realm %s\n", + kcontext->default_realm); + goto clean_n_exit; } status = get_vftabl(kcontext, &v); if (status) - goto clean_n_exit; + goto clean_n_exit; status = v->promote_db(kcontext, section, db_args); get_errmsg(kcontext, status); @@ -2433,37 +2434,37 @@ clean_n_exit: } krb5_error_code -krb5_dbekd_decrypt_key_data( krb5_context kcontext, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt) +krb5_dbekd_decrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; return v->dbekd_decrypt_key_data(kcontext, mkey, key_data, dbkey, keysalt); } krb5_error_code -krb5_dbekd_encrypt_key_data( krb5_context kcontext, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data) +krb5_dbekd_encrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; return v->dbekd_encrypt_key_data(kcontext, mkey, dbkey, keysalt, keyver, - key_data); + key_data); } krb5_error_code @@ -2471,7 +2472,7 @@ krb5_db_get_context(krb5_context context, void **db_context) { *db_context = KRB5_DB_GET_DB_CONTEXT(context); if (*db_context == NULL) - return KRB5_KDB_DBNOTINITED; + return KRB5_KDB_DBNOTINITED; return 0; } @@ -2485,17 +2486,17 @@ krb5_db_set_context(krb5_context context, void *db_context) krb5_error_code krb5_db_invoke(krb5_context kcontext, - unsigned int method, - const krb5_data *req, - krb5_data *rep) + unsigned int method, + const krb5_data *req, + krb5_data *rep) { krb5_error_code status = 0; kdb_vftabl *v; status = get_vftabl(kcontext, &v); if (status) - return status; + return status; if (v->db_invoke == NULL) - return KRB5_KDB_DBTYPE_NOSUP; + return KRB5_KDB_DBTYPE_NOSUP; return v->db_invoke(kcontext, method, req, rep); } diff --git a/src/lib/kdb/kdb5.h b/src/lib/kdb/kdb5.h index e3a1f26..eb9e15c 100644 --- a/src/lib/kdb/kdb5.h +++ b/src/lib/kdb/kdb5.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #ifndef _KRB5_KDB5_H_ #define _KRB5_KDB5_H_ diff --git a/src/lib/kdb/kdb5int.h b/src/lib/kdb/kdb5int.h index 40f38ad..994f1f9 100644 --- a/src/lib/kdb/kdb5int.h +++ b/src/lib/kdb/kdb5int.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb5/kdb5int.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Private header file for the kdb5 library for internal functions */ @@ -34,11 +35,11 @@ krb5_error_code krb5int_put_principal_no_log(krb5_context kcontext, - krb5_db_entry *entries, int *nentries); + krb5_db_entry *entries, int *nentries); krb5_error_code krb5int_delete_principal_no_log(krb5_context kcontext, - krb5_principal search_for, - int *nentries); + krb5_principal search_for, + int *nentries); #endif /* __KDB5INT_H__ */ diff --git a/src/lib/kdb/kdb_convert.c b/src/lib/kdb/kdb_convert.c index 9eacac3..df3019d 100644 --- a/src/lib/kdb/kdb_convert.c +++ b/src/lib/kdb/kdb_convert.c @@ -1,9 +1,10 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -/* #pragma ident "@(#)kdb_convert.c 1.3 05/01/05 SMI" */ +/* #pragma ident "@(#)kdb_convert.c 1.3 05/01/05 SMI" */ /* * This file contains api's for conversion of the kdb_incr_update_t @@ -20,15 +21,15 @@ #include <kdb_log.h> /* BEGIN CSTYLED */ -#define ULOG_ENTRY_TYPE(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i] +#define ULOG_ENTRY_TYPE(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i] -#define ULOG_ENTRY(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u +#define ULOG_ENTRY(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u -#define ULOG_ENTRY_KEYVAL(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_keydata.av_keydata_val[j] +#define ULOG_ENTRY_KEYVAL(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_keydata.av_keydata_val[j] -#define ULOG_ENTRY_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_princ.k_components.k_components_val[j] +#define ULOG_ENTRY_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_princ.k_components.k_components_val[j] -#define ULOG_ENTRY_MOD_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_mod_princ.k_components.k_components_val[j] +#define ULOG_ENTRY_MOD_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_mod_princ.k_components.k_components_val[j] /* END CSTYLED */ typedef enum { @@ -44,99 +45,99 @@ typedef enum { */ static void find_changed_attrs(krb5_db_entry *current, krb5_db_entry *new, - krb5_boolean exclude_nra, - kdbe_attr_type_t *attrs, int *nattrs) + krb5_boolean exclude_nra, + kdbe_attr_type_t *attrs, int *nattrs) { int i = 0, j = 0; krb5_tl_data *first, *second; if (current->attributes != new->attributes) - attrs[i++] = AT_ATTRFLAGS; + attrs[i++] = AT_ATTRFLAGS; if (current->max_life != new->max_life) - attrs[i++] = AT_MAX_LIFE; + attrs[i++] = AT_MAX_LIFE; if (current->max_renewable_life != new->max_renewable_life) - attrs[i++] = AT_MAX_RENEW_LIFE; + attrs[i++] = AT_MAX_RENEW_LIFE; if (current->expiration != new->expiration) - attrs[i++] = AT_EXP; + attrs[i++] = AT_EXP; if (current->pw_expiration != new->pw_expiration) - attrs[i++] = AT_PW_EXP; + attrs[i++] = AT_PW_EXP; if (!exclude_nra) { - if (current->last_success != new->last_success) - attrs[i++] = AT_LAST_SUCCESS; + if (current->last_success != new->last_success) + attrs[i++] = AT_LAST_SUCCESS; - if (current->last_failed != new->last_failed) - attrs[i++] = AT_LAST_FAILED; + if (current->last_failed != new->last_failed) + attrs[i++] = AT_LAST_FAILED; - if (current->fail_auth_count != new->fail_auth_count) - attrs[i++] = AT_FAIL_AUTH_COUNT; + if (current->fail_auth_count != new->fail_auth_count) + attrs[i++] = AT_FAIL_AUTH_COUNT; } if ((current->princ->type == new->princ->type) && - (current->princ->length == new->princ->length)) { - if ((current->princ->realm.length == - new->princ->realm.length) && - strncmp(current->princ->realm.data, - new->princ->realm.data, - current->princ->realm.length)) { - for (j = 0; j < current->princ->length; j++) { - if ((current->princ->data[j].data != NULL) && - (strncmp(current->princ->data[j].data, - new->princ->data[j].data, - current->princ->data[j].length))) { - attrs[i++] = AT_PRINC; - break; - } - } - } else { - attrs[i++] = AT_PRINC; - } + (current->princ->length == new->princ->length)) { + if ((current->princ->realm.length == + new->princ->realm.length) && + strncmp(current->princ->realm.data, + new->princ->realm.data, + current->princ->realm.length)) { + for (j = 0; j < current->princ->length; j++) { + if ((current->princ->data[j].data != NULL) && + (strncmp(current->princ->data[j].data, + new->princ->data[j].data, + current->princ->data[j].length))) { + attrs[i++] = AT_PRINC; + break; + } + } + } else { + attrs[i++] = AT_PRINC; + } } else { - attrs[i++] = AT_PRINC; + attrs[i++] = AT_PRINC; } if (current->n_key_data == new->n_key_data) { - /* Assuming key ordering is the same in new & current */ - for (j = 0; j < new->n_key_data; j++) { - if (current->key_data[j].key_data_kvno != - new->key_data[j].key_data_kvno) { - attrs[i++] = AT_KEYDATA; - break; - } - } + /* Assuming key ordering is the same in new & current */ + for (j = 0; j < new->n_key_data; j++) { + if (current->key_data[j].key_data_kvno != + new->key_data[j].key_data_kvno) { + attrs[i++] = AT_KEYDATA; + break; + } + } } else { - attrs[i++] = AT_KEYDATA; + attrs[i++] = AT_KEYDATA; } if (current->n_tl_data == new->n_tl_data) { - /* Assuming we preserve the TL_DATA ordering between updates */ - for (first = current->tl_data, second = new->tl_data; - first; first = first->tl_data_next, - second = second->tl_data_next) { - if ((first->tl_data_length == second->tl_data_length) && - (first->tl_data_type == second->tl_data_type)) { - if ((memcmp((char *)first->tl_data_contents, - (char *)second->tl_data_contents, - first->tl_data_length)) != 0) { - attrs[i++] = AT_TL_DATA; - break; - } - } else { - attrs[i++] = AT_TL_DATA; - break; - } - } + /* Assuming we preserve the TL_DATA ordering between updates */ + for (first = current->tl_data, second = new->tl_data; + first; first = first->tl_data_next, + second = second->tl_data_next) { + if ((first->tl_data_length == second->tl_data_length) && + (first->tl_data_type == second->tl_data_type)) { + if ((memcmp((char *)first->tl_data_contents, + (char *)second->tl_data_contents, + first->tl_data_length)) != 0) { + attrs[i++] = AT_TL_DATA; + break; + } + } else { + attrs[i++] = AT_TL_DATA; + break; + } + } } else { - attrs[i++] = AT_TL_DATA; + attrs[i++] = AT_TL_DATA; } if (current->len != new->len) - attrs[i++] = AT_LEN; + attrs[i++] = AT_LEN; /* * Store the no. of (possibly :)) changed attributes */ @@ -151,12 +152,12 @@ data_to_utf8str(utf8str_t *u, krb5_data d) { u->utf8str_t_len = d.length; if (d.data) { - u->utf8str_t_val = malloc(d.length); - if (u->utf8str_t_val == NULL) - return -1; - memcpy(u->utf8str_t_val, d.data, d.length); + u->utf8str_t_val = malloc(d.length); + if (u->utf8str_t_val == NULL) + return -1; + memcpy(u->utf8str_t_val, d.data, d.length); } else - u->utf8str_t_val = NULL; + u->utf8str_t_val = NULL; return 0; } @@ -165,57 +166,57 @@ data_to_utf8str(utf8str_t *u, krb5_data d) */ static krb5_error_code conv_princ_2ulog(krb5_principal princ, kdb_incr_update_t *upd, - int cnt, princ_type tp) + int cnt, princ_type tp) { int i = 0; kdbe_princ_t *p; kdbe_data_t *components; if ((upd == NULL) || !princ) - return (KRB5KRB_ERR_GENERIC); + return (KRB5KRB_ERR_GENERIC); switch (tp) { case REG_PRINC: case MOD_PRINC: - p = &ULOG_ENTRY(upd, cnt).av_princ; /* or av_mod_princ */ - p->k_nametype = (int32_t)princ->type; - - if (data_to_utf8str(&p->k_realm, princ->realm) < 0) { - return ENOMEM; - } - - p->k_components.k_components_len = princ->length; - - p->k_components.k_components_val = components - = malloc(princ->length * sizeof (kdbe_data_t)); - if (p->k_components.k_components_val == NULL) { - free(p->k_realm.utf8str_t_val); - p->k_realm.utf8str_t_val = NULL; - return (ENOMEM); - } - - memset(components, 0, princ->length * sizeof(kdbe_data_t)); - for (i = 0; i < princ->length; i++) - components[i].k_data.utf8str_t_val = NULL; - for (i = 0; i < princ->length; i++) { - components[i].k_magic = princ->data[i].magic; - if (data_to_utf8str(&components[i].k_data, princ->data[i]) < 0) { - int j; - for (j = 0; j < i; j++) { - free(components[j].k_data.utf8str_t_val); - components[j].k_data.utf8str_t_val = NULL; - } - free(components); - p->k_components.k_components_val = NULL; - free(p->k_realm.utf8str_t_val); - p->k_realm.utf8str_t_val = NULL; - return ENOMEM; - } - } - break; + p = &ULOG_ENTRY(upd, cnt).av_princ; /* or av_mod_princ */ + p->k_nametype = (int32_t)princ->type; + + if (data_to_utf8str(&p->k_realm, princ->realm) < 0) { + return ENOMEM; + } + + p->k_components.k_components_len = princ->length; + + p->k_components.k_components_val = components + = malloc(princ->length * sizeof (kdbe_data_t)); + if (p->k_components.k_components_val == NULL) { + free(p->k_realm.utf8str_t_val); + p->k_realm.utf8str_t_val = NULL; + return (ENOMEM); + } + + memset(components, 0, princ->length * sizeof(kdbe_data_t)); + for (i = 0; i < princ->length; i++) + components[i].k_data.utf8str_t_val = NULL; + for (i = 0; i < princ->length; i++) { + components[i].k_magic = princ->data[i].magic; + if (data_to_utf8str(&components[i].k_data, princ->data[i]) < 0) { + int j; + for (j = 0; j < i; j++) { + free(components[j].k_data.utf8str_t_val); + components[j].k_data.utf8str_t_val = NULL; + } + free(components); + p->k_components.k_components_val = NULL; + free(p->k_realm.utf8str_t_val); + p->k_realm.utf8str_t_val = NULL; + return ENOMEM; + } + } + break; default: - break; + break; } return (0); } @@ -230,15 +231,15 @@ static void set_from_utf8str(krb5_data *d, utf8str_t u) { if (u.utf8str_t_len > INT_MAX-1 || u.utf8str_t_len >= SIZE_MAX-1) { - d->data = NULL; - return; + d->data = NULL; + return; } d->length = u.utf8str_t_len; d->data = malloc(d->length + 1); if (d->data == NULL) - return; - if (d->length) /* Pointer may be null if length = 0. */ - strncpy(d->data, u.utf8str_t_val, d->length); + return; + if (d->length) /* Pointer may be null if length = 0. */ + strncpy(d->data, u.utf8str_t_val, d->length); d->data[d->length] = 0; } @@ -254,7 +255,7 @@ conv_princ_2db(krb5_context context, kdbe_princ_t *kdbe_princ) princ = calloc(1, sizeof (krb5_principal_data)); if (princ == NULL) { - return NULL; + return NULL; } princ->length = 0; princ->data = NULL; @@ -265,21 +266,21 @@ conv_princ_2db(krb5_context context, kdbe_princ_t *kdbe_princ) princ->realm.data = NULL; set_from_utf8str(&princ->realm, kdbe_princ->k_realm); if (princ->realm.data == NULL) - goto error; + goto error; princ->data = calloc(kdbe_princ->k_components.k_components_len, - sizeof (krb5_data)); + sizeof (krb5_data)); if (princ->data == NULL) - goto error; + goto error; for (i = 0; i < kdbe_princ->k_components.k_components_len; i++) - princ->data[i].data = NULL; + princ->data[i].data = NULL; princ->length = (krb5_int32)kdbe_princ->k_components.k_components_len; for (i = 0; i < princ->length; i++) { - princ->data[i].magic = components[i].k_magic; - set_from_utf8str(&princ->data[i], components[i].k_data); - if (princ->data[i].data == NULL) - goto error; + princ->data[i].magic = components[i].k_magic; + set_from_utf8str(&princ->data[i], components[i].k_data); + if (princ->data[i].data == NULL) + goto error; } return princ; @@ -296,8 +297,8 @@ error: */ krb5_error_code ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries, - kdb_incr_update_t *updates, - int nentries) + kdb_incr_update_t *updates, + int nentries) { int i, j, k, cnt, final, nattrs, tmpint, nprincs; unsigned int more; @@ -313,294 +314,294 @@ ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries, krb5_boolean exclude_nra = TRUE; if ((updates == NULL) || (entries == NULL)) - return (KRB5KRB_ERR_GENERIC); + return (KRB5KRB_ERR_GENERIC); upd = updates; ent = entries; for (k = 0; k < nentries; k++) { - nprincs = nattrs = tmpint = 0; - final = -1; - kadm_data_yes = 0; - attr_types = NULL; - - /* - * XXX we rely on the good behaviour of the database not to - * exceed this limit. - */ - if ((upd->kdb_update.kdbe_t_val = (kdbe_val_t *) - malloc(MAXENTRY_SIZE)) == NULL) { - return (ENOMEM); - } - - /* - * Find out which attrs have been modified - */ - if ((attr_types = (kdbe_attr_type_t *)malloc( - sizeof (kdbe_attr_type_t) * MAXATTRS_SIZE)) - == NULL) { - return (ENOMEM); - } - - if ((ret = krb5_db_get_principal(context, ent->princ, &curr, - &nprincs, &more))) { - free(attr_types); - return (ret); - } - - if (nprincs == 0) { - /* - * This is a new entry to the database, hence will - * include all the attribute-value pairs - * - * We leave out the TL_DATA types which we model as - * attrs in kdbe_attr_type_t, since listing AT_TL_DATA - * encompasses these other types-turned-attributes - * - * So, we do *NOT* consider AT_MOD_PRINC, AT_MOD_TIME, - * AT_MOD_WHERE, AT_PW_LAST_CHANGE, AT_PW_POLICY, - * AT_PW_POLICY_SWITCH, AT_PW_HIST_KVNO and AT_PW_HIST, - * totalling 8 attrs. - */ - while (nattrs < MAXATTRS_SIZE - 8) { - attr_types[nattrs] = nattrs; - nattrs++; - } - } else { - find_changed_attrs(&curr, ent, exclude_nra, attr_types, &nattrs); - - krb5_db_free_principal(context, &curr, nprincs); - } - - for (i = 0; i < nattrs; i++) { - switch (attr_types[i]) { - case AT_ATTRFLAGS: - if (ent->attributes >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_ATTRFLAGS; - ULOG_ENTRY(upd, final).av_attrflags = - (uint32_t)ent->attributes; - } - break; - - case AT_MAX_LIFE: - if (ent->max_life >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_MAX_LIFE; - ULOG_ENTRY(upd, final).av_max_life = - (uint32_t)ent->max_life; - } - break; - - case AT_MAX_RENEW_LIFE: - if (ent->max_renewable_life >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_MAX_RENEW_LIFE; - ULOG_ENTRY(upd, - final).av_max_renew_life = - (uint32_t)ent->max_renewable_life; - } - break; - - case AT_EXP: - if (ent->expiration >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_EXP; - ULOG_ENTRY(upd, final).av_exp = - (uint32_t)ent->expiration; - } - break; - - case AT_PW_EXP: - if (ent->pw_expiration >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_PW_EXP; - ULOG_ENTRY(upd, final).av_pw_exp = - (uint32_t)ent->pw_expiration; - } - break; - - case AT_LAST_SUCCESS: - if (!exclude_nra && ent->last_success >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_LAST_SUCCESS; - ULOG_ENTRY(upd, - final).av_last_success = - (uint32_t)ent->last_success; - } - break; - - case AT_LAST_FAILED: - if (!exclude_nra && ent->last_failed >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_LAST_FAILED; - ULOG_ENTRY(upd, - final).av_last_failed = - (uint32_t)ent->last_failed; - } - break; - - case AT_FAIL_AUTH_COUNT: - if (!exclude_nra && ent->fail_auth_count >= (krb5_kvno)0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_FAIL_AUTH_COUNT; - ULOG_ENTRY(upd, - final).av_fail_auth_count = - (uint32_t)ent->fail_auth_count; - } - break; - - case AT_PRINC: - if (ent->princ->length > 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_PRINC; - if ((ret = conv_princ_2ulog(ent->princ, - upd, final, REG_PRINC))) { - free(attr_types); - return (ret); - } - } - break; - - case AT_KEYDATA: + nprincs = nattrs = tmpint = 0; + final = -1; + kadm_data_yes = 0; + attr_types = NULL; + + /* + * XXX we rely on the good behaviour of the database not to + * exceed this limit. + */ + if ((upd->kdb_update.kdbe_t_val = (kdbe_val_t *) + malloc(MAXENTRY_SIZE)) == NULL) { + return (ENOMEM); + } + + /* + * Find out which attrs have been modified + */ + if ((attr_types = (kdbe_attr_type_t *)malloc( + sizeof (kdbe_attr_type_t) * MAXATTRS_SIZE)) + == NULL) { + return (ENOMEM); + } + + if ((ret = krb5_db_get_principal(context, ent->princ, &curr, + &nprincs, &more))) { + free(attr_types); + return (ret); + } + + if (nprincs == 0) { + /* + * This is a new entry to the database, hence will + * include all the attribute-value pairs + * + * We leave out the TL_DATA types which we model as + * attrs in kdbe_attr_type_t, since listing AT_TL_DATA + * encompasses these other types-turned-attributes + * + * So, we do *NOT* consider AT_MOD_PRINC, AT_MOD_TIME, + * AT_MOD_WHERE, AT_PW_LAST_CHANGE, AT_PW_POLICY, + * AT_PW_POLICY_SWITCH, AT_PW_HIST_KVNO and AT_PW_HIST, + * totalling 8 attrs. + */ + while (nattrs < MAXATTRS_SIZE - 8) { + attr_types[nattrs] = nattrs; + nattrs++; + } + } else { + find_changed_attrs(&curr, ent, exclude_nra, attr_types, &nattrs); + + krb5_db_free_principal(context, &curr, nprincs); + } + + for (i = 0; i < nattrs; i++) { + switch (attr_types[i]) { + case AT_ATTRFLAGS: + if (ent->attributes >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_ATTRFLAGS; + ULOG_ENTRY(upd, final).av_attrflags = + (uint32_t)ent->attributes; + } + break; + + case AT_MAX_LIFE: + if (ent->max_life >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_MAX_LIFE; + ULOG_ENTRY(upd, final).av_max_life = + (uint32_t)ent->max_life; + } + break; + + case AT_MAX_RENEW_LIFE: + if (ent->max_renewable_life >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_MAX_RENEW_LIFE; + ULOG_ENTRY(upd, + final).av_max_renew_life = + (uint32_t)ent->max_renewable_life; + } + break; + + case AT_EXP: + if (ent->expiration >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_EXP; + ULOG_ENTRY(upd, final).av_exp = + (uint32_t)ent->expiration; + } + break; + + case AT_PW_EXP: + if (ent->pw_expiration >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_PW_EXP; + ULOG_ENTRY(upd, final).av_pw_exp = + (uint32_t)ent->pw_expiration; + } + break; + + case AT_LAST_SUCCESS: + if (!exclude_nra && ent->last_success >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_LAST_SUCCESS; + ULOG_ENTRY(upd, + final).av_last_success = + (uint32_t)ent->last_success; + } + break; + + case AT_LAST_FAILED: + if (!exclude_nra && ent->last_failed >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_LAST_FAILED; + ULOG_ENTRY(upd, + final).av_last_failed = + (uint32_t)ent->last_failed; + } + break; + + case AT_FAIL_AUTH_COUNT: + if (!exclude_nra && ent->fail_auth_count >= (krb5_kvno)0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_FAIL_AUTH_COUNT; + ULOG_ENTRY(upd, + final).av_fail_auth_count = + (uint32_t)ent->fail_auth_count; + } + break; + + case AT_PRINC: + if (ent->princ->length > 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_PRINC; + if ((ret = conv_princ_2ulog(ent->princ, + upd, final, REG_PRINC))) { + free(attr_types); + return (ret); + } + } + break; + + case AT_KEYDATA: /* BEGIN CSTYLED */ - if (ent->n_key_data >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_KEYDATA; - ULOG_ENTRY(upd, final).av_keydata.av_keydata_len = ent->n_key_data; - - ULOG_ENTRY(upd, final).av_keydata.av_keydata_val = malloc(ent->n_key_data * sizeof (kdbe_key_t)); - if (ULOG_ENTRY(upd, final).av_keydata.av_keydata_val == NULL) { - free(attr_types); - return (ENOMEM); - } - - for (j = 0; j < ent->n_key_data; j++) { - ULOG_ENTRY_KEYVAL(upd, final, j).k_ver = ent->key_data[j].key_data_ver; - ULOG_ENTRY_KEYVAL(upd, final, j).k_kvno = ent->key_data[j].key_data_kvno; - ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_len = ent->key_data[j].key_data_ver; - ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_len = ent->key_data[j].key_data_ver; - - ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val = malloc(ent->key_data[j].key_data_ver * sizeof(int32_t)); - if (ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val == NULL) { - free(attr_types); - return (ENOMEM); - } - - ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val = malloc(ent->key_data[j].key_data_ver * sizeof(utf8str_t)); - if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val == NULL) { - free(attr_types); - return (ENOMEM); - } - - for (cnt = 0; cnt < ent->key_data[j].key_data_ver; cnt++) { - ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val[cnt] = ent->key_data[j].key_data_type[cnt]; - ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_len = ent->key_data[j].key_data_length[cnt]; - ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val = malloc(ent->key_data[j].key_data_length[cnt] * sizeof (char)); - if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val == NULL) { - free(attr_types); - return (ENOMEM); - } - (void) memcpy(ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val, ent->key_data[j].key_data_contents[cnt], ent->key_data[j].key_data_length[cnt]); - } - } - } - break; - - case AT_TL_DATA: - ret = krb5_dbe_lookup_last_pwd_change(context, - ent, &tmpint); - if (ret == 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_PW_LAST_CHANGE; - ULOG_ENTRY(upd, final).av_pw_last_change = tmpint; - } - tmpint = 0; - - if(!(ret = krb5_dbe_lookup_mod_princ_data( - context, ent, &tmpint, &tmpprinc))) { - - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_MOD_PRINC; - - ret = conv_princ_2ulog(tmpprinc, - upd, final, MOD_PRINC); - krb5_free_principal(context, tmpprinc); - if (ret) { - free(attr_types); - return (ret); - } - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_MOD_TIME; - ULOG_ENTRY(upd, final).av_mod_time = - tmpint; - } - - newtl = ent->tl_data; - while (newtl) { - switch (newtl->tl_data_type) { - case KRB5_TL_LAST_PWD_CHANGE: - case KRB5_TL_MOD_PRINC: - break; - - case KRB5_TL_KADM_DATA: - default: - if (kadm_data_yes == 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = AT_TL_DATA; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_len = 0; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_val = malloc(ent->n_tl_data * sizeof(kdbe_tl_t)); - - if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val == NULL) { - free(attr_types); - return (ENOMEM); - } - kadm_data_yes = 1; - } - - tmpint = ULOG_ENTRY(upd, final).av_tldata.av_tldata_len; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_len++; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_type = newtl->tl_data_type; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_len = newtl->tl_data_length; - ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val = malloc(newtl->tl_data_length * sizeof (char)); - if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val == NULL) { - free(attr_types); - return (ENOMEM); - } - (void) memcpy(ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val, newtl->tl_data_contents, newtl->tl_data_length); - break; - } - newtl = newtl->tl_data_next; - } - break; + if (ent->n_key_data >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_KEYDATA; + ULOG_ENTRY(upd, final).av_keydata.av_keydata_len = ent->n_key_data; + + ULOG_ENTRY(upd, final).av_keydata.av_keydata_val = malloc(ent->n_key_data * sizeof (kdbe_key_t)); + if (ULOG_ENTRY(upd, final).av_keydata.av_keydata_val == NULL) { + free(attr_types); + return (ENOMEM); + } + + for (j = 0; j < ent->n_key_data; j++) { + ULOG_ENTRY_KEYVAL(upd, final, j).k_ver = ent->key_data[j].key_data_ver; + ULOG_ENTRY_KEYVAL(upd, final, j).k_kvno = ent->key_data[j].key_data_kvno; + ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_len = ent->key_data[j].key_data_ver; + ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_len = ent->key_data[j].key_data_ver; + + ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val = malloc(ent->key_data[j].key_data_ver * sizeof(int32_t)); + if (ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val == NULL) { + free(attr_types); + return (ENOMEM); + } + + ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val = malloc(ent->key_data[j].key_data_ver * sizeof(utf8str_t)); + if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val == NULL) { + free(attr_types); + return (ENOMEM); + } + + for (cnt = 0; cnt < ent->key_data[j].key_data_ver; cnt++) { + ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val[cnt] = ent->key_data[j].key_data_type[cnt]; + ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_len = ent->key_data[j].key_data_length[cnt]; + ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val = malloc(ent->key_data[j].key_data_length[cnt] * sizeof (char)); + if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val == NULL) { + free(attr_types); + return (ENOMEM); + } + (void) memcpy(ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val, ent->key_data[j].key_data_contents[cnt], ent->key_data[j].key_data_length[cnt]); + } + } + } + break; + + case AT_TL_DATA: + ret = krb5_dbe_lookup_last_pwd_change(context, + ent, &tmpint); + if (ret == 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_PW_LAST_CHANGE; + ULOG_ENTRY(upd, final).av_pw_last_change = tmpint; + } + tmpint = 0; + + if(!(ret = krb5_dbe_lookup_mod_princ_data( + context, ent, &tmpint, &tmpprinc))) { + + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_MOD_PRINC; + + ret = conv_princ_2ulog(tmpprinc, + upd, final, MOD_PRINC); + krb5_free_principal(context, tmpprinc); + if (ret) { + free(attr_types); + return (ret); + } + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_MOD_TIME; + ULOG_ENTRY(upd, final).av_mod_time = + tmpint; + } + + newtl = ent->tl_data; + while (newtl) { + switch (newtl->tl_data_type) { + case KRB5_TL_LAST_PWD_CHANGE: + case KRB5_TL_MOD_PRINC: + break; + + case KRB5_TL_KADM_DATA: + default: + if (kadm_data_yes == 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = AT_TL_DATA; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_len = 0; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_val = malloc(ent->n_tl_data * sizeof(kdbe_tl_t)); + + if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val == NULL) { + free(attr_types); + return (ENOMEM); + } + kadm_data_yes = 1; + } + + tmpint = ULOG_ENTRY(upd, final).av_tldata.av_tldata_len; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_len++; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_type = newtl->tl_data_type; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_len = newtl->tl_data_length; + ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val = malloc(newtl->tl_data_length * sizeof (char)); + if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val == NULL) { + free(attr_types); + return (ENOMEM); + } + (void) memcpy(ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val, newtl->tl_data_contents, newtl->tl_data_length); + break; + } + newtl = newtl->tl_data_next; + } + break; /* END CSTYLED */ - case AT_LEN: - if (ent->len >= 0) { - ULOG_ENTRY_TYPE(upd, ++final).av_type = - AT_LEN; - ULOG_ENTRY(upd, final).av_len = - (int16_t)ent->len; - } - break; - - default: - break; - } - - } - - free(attr_types); - - /* - * Update len field in kdb_update - */ - upd->kdb_update.kdbe_t_len = ++final; - - /* - * Bump up to next struct - */ - upd++; - ent++; + case AT_LEN: + if (ent->len >= 0) { + ULOG_ENTRY_TYPE(upd, ++final).av_type = + AT_LEN; + ULOG_ENTRY(upd, final).av_len = + (int16_t)ent->len; + } + break; + + default: + break; + } + + } + + free(attr_types); + + /* + * Update len field in kdb_update + */ + upd->kdb_update.kdbe_t_len = ++final; + + /* + * Bump up to next struct + */ + upd++; + ent++; } return (0); } @@ -613,8 +614,8 @@ ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries, */ krb5_error_code ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, - kdb_incr_update_t *updates, - int nentries) + kdb_incr_update_t *updates, + int nentries) { int k; krb5_db_entry *ent; @@ -622,248 +623,248 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, int slave; if ((updates == NULL) || (entries == NULL)) - return (KRB5KRB_ERR_GENERIC); + return (KRB5KRB_ERR_GENERIC); ent = entries; upd = updates; slave = (context->kdblog_context != NULL) && - (context->kdblog_context->iproprole == IPROP_SLAVE); + (context->kdblog_context->iproprole == IPROP_SLAVE); for (k = 0; k < nentries; k++) { - krb5_principal mod_princ = NULL; - int i, j, cnt = 0, mod_time = 0, nattrs, nprincs = 0; - krb5_principal dbprinc; - char *dbprincstr = NULL; - - krb5_tl_data *newtl = NULL; - krb5_error_code ret; - unsigned int more; - unsigned int prev_n_keys = 0; - - /* - * If the ulog entry represents a DELETE update, - * just skip to the next entry. - */ - if (upd->kdb_deleted == TRUE) - goto next; - - /* - * Store the no. of changed attributes in nattrs - */ - nattrs = upd->kdb_update.kdbe_t_len; - - dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len + 1) - * sizeof (char)); - if (dbprincstr == NULL) - return (ENOMEM); - strncpy(dbprincstr, (char *)upd->kdb_princ_name.utf8str_t_val, - upd->kdb_princ_name.utf8str_t_len); - dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; - - ret = krb5_parse_name(context, dbprincstr, &dbprinc); - free(dbprincstr); - if (ret) - return (ret); - - ret = krb5_db_get_principal(context, dbprinc, ent, &nprincs, - &more); - krb5_free_principal(context, dbprinc); - if (ret) - return (ret); - - /* - * Set ent->n_tl_data = 0 initially, if this is an ADD update - */ - if (nprincs == 0) - ent->n_tl_data = 0; - - for (i = 0; i < nattrs; i++) { - krb5_principal tmpprinc = NULL; + krb5_principal mod_princ = NULL; + int i, j, cnt = 0, mod_time = 0, nattrs, nprincs = 0; + krb5_principal dbprinc; + char *dbprincstr = NULL; + + krb5_tl_data *newtl = NULL; + krb5_error_code ret; + unsigned int more; + unsigned int prev_n_keys = 0; + + /* + * If the ulog entry represents a DELETE update, + * just skip to the next entry. + */ + if (upd->kdb_deleted == TRUE) + goto next; + + /* + * Store the no. of changed attributes in nattrs + */ + nattrs = upd->kdb_update.kdbe_t_len; + + dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len + 1) + * sizeof (char)); + if (dbprincstr == NULL) + return (ENOMEM); + strncpy(dbprincstr, (char *)upd->kdb_princ_name.utf8str_t_val, + upd->kdb_princ_name.utf8str_t_len); + dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; + + ret = krb5_parse_name(context, dbprincstr, &dbprinc); + free(dbprincstr); + if (ret) + return (ret); + + ret = krb5_db_get_principal(context, dbprinc, ent, &nprincs, + &more); + krb5_free_principal(context, dbprinc); + if (ret) + return (ret); + + /* + * Set ent->n_tl_data = 0 initially, if this is an ADD update + */ + if (nprincs == 0) + ent->n_tl_data = 0; + + for (i = 0; i < nattrs; i++) { + krb5_principal tmpprinc = NULL; #define u (ULOG_ENTRY(upd, i)) - switch (ULOG_ENTRY_TYPE(upd, i).av_type) { - case AT_ATTRFLAGS: - ent->attributes = (krb5_flags) u.av_attrflags; - break; - - case AT_MAX_LIFE: - ent->max_life = (krb5_deltat) u.av_max_life; - break; - - case AT_MAX_RENEW_LIFE: - ent->max_renewable_life = (krb5_deltat) u.av_max_renew_life; - break; - - case AT_EXP: - ent->expiration = (krb5_timestamp) u.av_exp; - break; - - case AT_PW_EXP: - ent->pw_expiration = (krb5_timestamp) u.av_pw_exp; - break; - - case AT_LAST_SUCCESS: - if (!slave) - ent->last_success = (krb5_timestamp) u.av_last_success; - break; - - case AT_LAST_FAILED: - if (!slave) - ent->last_failed = (krb5_timestamp) u.av_last_failed; - break; - - case AT_FAIL_AUTH_COUNT: - if (!slave) - ent->fail_auth_count = (krb5_kvno) u.av_fail_auth_count; - break; - - case AT_PRINC: - tmpprinc = conv_princ_2db(context, &u.av_princ); - if (tmpprinc == NULL) - return ENOMEM; - if (nprincs) - krb5_free_principal(context, ent->princ); - ent->princ = tmpprinc; - break; - - case AT_KEYDATA: - if (nprincs != 0) - prev_n_keys = ent->n_key_data; - else - prev_n_keys = 0; - ent->n_key_data = (krb5_int16)u.av_keydata.av_keydata_len; - if (nprincs == 0) - ent->key_data = NULL; - - ent->key_data = (krb5_key_data *)realloc(ent->key_data, - (ent->n_key_data * - sizeof (krb5_key_data))); - /* XXX Memory leak: Old key data in - records eliminated by resizing to - smaller size. */ - if (ent->key_data == NULL) - /* XXX Memory leak: old storage. */ - return (ENOMEM); + switch (ULOG_ENTRY_TYPE(upd, i).av_type) { + case AT_ATTRFLAGS: + ent->attributes = (krb5_flags) u.av_attrflags; + break; + + case AT_MAX_LIFE: + ent->max_life = (krb5_deltat) u.av_max_life; + break; + + case AT_MAX_RENEW_LIFE: + ent->max_renewable_life = (krb5_deltat) u.av_max_renew_life; + break; + + case AT_EXP: + ent->expiration = (krb5_timestamp) u.av_exp; + break; + + case AT_PW_EXP: + ent->pw_expiration = (krb5_timestamp) u.av_pw_exp; + break; + + case AT_LAST_SUCCESS: + if (!slave) + ent->last_success = (krb5_timestamp) u.av_last_success; + break; + + case AT_LAST_FAILED: + if (!slave) + ent->last_failed = (krb5_timestamp) u.av_last_failed; + break; + + case AT_FAIL_AUTH_COUNT: + if (!slave) + ent->fail_auth_count = (krb5_kvno) u.av_fail_auth_count; + break; + + case AT_PRINC: + tmpprinc = conv_princ_2db(context, &u.av_princ); + if (tmpprinc == NULL) + return ENOMEM; + if (nprincs) + krb5_free_principal(context, ent->princ); + ent->princ = tmpprinc; + break; + + case AT_KEYDATA: + if (nprincs != 0) + prev_n_keys = ent->n_key_data; + else + prev_n_keys = 0; + ent->n_key_data = (krb5_int16)u.av_keydata.av_keydata_len; + if (nprincs == 0) + ent->key_data = NULL; + + ent->key_data = (krb5_key_data *)realloc(ent->key_data, + (ent->n_key_data * + sizeof (krb5_key_data))); + /* XXX Memory leak: Old key data in + records eliminated by resizing to + smaller size. */ + if (ent->key_data == NULL) + /* XXX Memory leak: old storage. */ + return (ENOMEM); /* BEGIN CSTYLED */ - for (j = prev_n_keys; j < ent->n_key_data; j++) { - for (cnt = 0; cnt < 2; cnt++) { - ent->key_data[j].key_data_contents[cnt] = NULL; - } - } - for (j = 0; j < ent->n_key_data; j++) { - krb5_key_data *kp = &ent->key_data[j]; - kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(upd, i, j); - kp->key_data_ver = (krb5_int16)kv->k_ver; - kp->key_data_kvno = (krb5_int16)kv->k_kvno; - if (kp->key_data_ver > 2) { - return EINVAL; /* XXX ? */ - } - - for (cnt = 0; cnt < kp->key_data_ver; cnt++) { - void *newptr; - kp->key_data_type[cnt] = (krb5_int16)kv->k_enctype.k_enctype_val[cnt]; - kp->key_data_length[cnt] = (krb5_int16)kv->k_contents.k_contents_val[cnt].utf8str_t_len; - newptr = realloc(kp->key_data_contents[cnt], - kp->key_data_length[cnt]); - if (newptr == NULL) - return ENOMEM; - kp->key_data_contents[cnt] = newptr; - - (void) memset(kp->key_data_contents[cnt], 0, - kp->key_data_length[cnt]); - (void) memcpy(kp->key_data_contents[cnt], - kv->k_contents.k_contents_val[cnt].utf8str_t_val, - kp->key_data_length[cnt]); - } - } - break; - - case AT_TL_DATA: { - int t; - - cnt = u.av_tldata.av_tldata_len; - newtl = calloc(cnt, sizeof (krb5_tl_data)); - if (newtl == NULL) - return (ENOMEM); - - for (j = 0, t = 0; j < cnt; j++) { - newtl[t].tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type; - newtl[t].tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len; - newtl[t].tl_data_contents = malloc(newtl[t].tl_data_length * sizeof (krb5_octet)); - if (newtl[t].tl_data_contents == NULL) - /* XXX Memory leak: newtl - and previously - allocated elements. */ - return (ENOMEM); - - (void) memcpy(newtl[t].tl_data_contents, u.av_tldata.av_tldata_val[t].tl_data.tl_data_val, newtl[t].tl_data_length); - newtl[t].tl_data_next = NULL; - if (t > 0) - newtl[t - 1].tl_data_next = &newtl[t]; - t++; - } - - if ((ret = krb5_dbe_update_tl_data(context, ent, newtl))) - return (ret); - for (j = 0; j < t; j++) - if (newtl[j].tl_data_contents) { - free(newtl[j].tl_data_contents); - newtl[j].tl_data_contents = NULL; - } - if (newtl) { - free(newtl); - newtl = NULL; - } - break; + for (j = prev_n_keys; j < ent->n_key_data; j++) { + for (cnt = 0; cnt < 2; cnt++) { + ent->key_data[j].key_data_contents[cnt] = NULL; + } + } + for (j = 0; j < ent->n_key_data; j++) { + krb5_key_data *kp = &ent->key_data[j]; + kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(upd, i, j); + kp->key_data_ver = (krb5_int16)kv->k_ver; + kp->key_data_kvno = (krb5_int16)kv->k_kvno; + if (kp->key_data_ver > 2) { + return EINVAL; /* XXX ? */ + } + + for (cnt = 0; cnt < kp->key_data_ver; cnt++) { + void *newptr; + kp->key_data_type[cnt] = (krb5_int16)kv->k_enctype.k_enctype_val[cnt]; + kp->key_data_length[cnt] = (krb5_int16)kv->k_contents.k_contents_val[cnt].utf8str_t_len; + newptr = realloc(kp->key_data_contents[cnt], + kp->key_data_length[cnt]); + if (newptr == NULL) + return ENOMEM; + kp->key_data_contents[cnt] = newptr; + + (void) memset(kp->key_data_contents[cnt], 0, + kp->key_data_length[cnt]); + (void) memcpy(kp->key_data_contents[cnt], + kv->k_contents.k_contents_val[cnt].utf8str_t_val, + kp->key_data_length[cnt]); + } + } + break; + + case AT_TL_DATA: { + int t; + + cnt = u.av_tldata.av_tldata_len; + newtl = calloc(cnt, sizeof (krb5_tl_data)); + if (newtl == NULL) + return (ENOMEM); + + for (j = 0, t = 0; j < cnt; j++) { + newtl[t].tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type; + newtl[t].tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len; + newtl[t].tl_data_contents = malloc(newtl[t].tl_data_length * sizeof (krb5_octet)); + if (newtl[t].tl_data_contents == NULL) + /* XXX Memory leak: newtl + and previously + allocated elements. */ + return (ENOMEM); + + (void) memcpy(newtl[t].tl_data_contents, u.av_tldata.av_tldata_val[t].tl_data.tl_data_val, newtl[t].tl_data_length); + newtl[t].tl_data_next = NULL; + if (t > 0) + newtl[t - 1].tl_data_next = &newtl[t]; + t++; + } + + if ((ret = krb5_dbe_update_tl_data(context, ent, newtl))) + return (ret); + for (j = 0; j < t; j++) + if (newtl[j].tl_data_contents) { + free(newtl[j].tl_data_contents); + newtl[j].tl_data_contents = NULL; + } + if (newtl) { + free(newtl); + newtl = NULL; + } + break; /* END CSTYLED */ - } - case AT_PW_LAST_CHANGE: - if ((ret = krb5_dbe_update_last_pwd_change(context, ent, - u.av_pw_last_change))) - return (ret); - break; - - case AT_MOD_PRINC: - tmpprinc = conv_princ_2db(context, &u.av_mod_princ); - if (tmpprinc == NULL) - return ENOMEM; - mod_princ = tmpprinc; - break; - - case AT_MOD_TIME: - mod_time = u.av_mod_time; - break; - - case AT_LEN: - ent->len = (krb5_int16) u.av_len; - break; - - default: - break; - } + } + case AT_PW_LAST_CHANGE: + if ((ret = krb5_dbe_update_last_pwd_change(context, ent, + u.av_pw_last_change))) + return (ret); + break; + + case AT_MOD_PRINC: + tmpprinc = conv_princ_2db(context, &u.av_mod_princ); + if (tmpprinc == NULL) + return ENOMEM; + mod_princ = tmpprinc; + break; + + case AT_MOD_TIME: + mod_time = u.av_mod_time; + break; + + case AT_LEN: + ent->len = (krb5_int16) u.av_len; + break; + + default: + break; + } #undef u - } - - /* - * process mod_princ_data request - */ - if (mod_time && mod_princ) { - ret = krb5_dbe_update_mod_princ_data(context, ent, - mod_time, mod_princ); - krb5_free_principal(context, mod_princ); - mod_princ = NULL; - if (ret) - return (ret); - } + } + + /* + * process mod_princ_data request + */ + if (mod_time && mod_princ) { + ret = krb5_dbe_update_mod_princ_data(context, ent, + mod_time, mod_princ); + krb5_free_principal(context, mod_princ); + mod_princ = NULL; + if (ret) + return (ret); + } next: - /* - * Bump up to next struct - */ - upd++; - ent++; + /* + * Bump up to next struct + */ + upd++; + ent++; } return (0); } @@ -881,7 +882,7 @@ ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates) int i, j, k, cnt; if (updates == NULL) - return; + return; upd = updates; @@ -890,127 +891,127 @@ ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates) */ for (cnt = 0; cnt < no_of_updates; cnt++) { - /* - * ulog entry - kdb_princ_name - */ - free(upd->kdb_princ_name.utf8str_t_val); + /* + * ulog entry - kdb_princ_name + */ + free(upd->kdb_princ_name.utf8str_t_val); /* BEGIN CSTYLED */ - /* - * ulog entry - kdb_kdcs_seen_by - */ - if (upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val) { - for (i = 0; i < upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len; i++) - free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val[i].utf8str_t_val); - free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val); - } - - /* - * ulog entry - kdb_futures - */ - free(upd->kdb_futures.kdb_futures_val); - - /* - * ulog entry - kdb_update - */ - if (upd->kdb_update.kdbe_t_val) { - /* - * Loop thru all the attributes and free up stuff - */ - for (i = 0; i < upd->kdb_update.kdbe_t_len; i++) { - - /* - * Free av_key_data - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_KEYDATA) && ULOG_ENTRY(upd, i).av_keydata.av_keydata_val) { - - for (j = 0; j < ULOG_ENTRY(upd, i).av_keydata.av_keydata_len; j++) { - free(ULOG_ENTRY_KEYVAL(upd, i, j).k_enctype.k_enctype_val); - if (ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val) { - for (k = 0; k < ULOG_ENTRY_KEYVAL(upd, i, j).k_ver; k++) { - free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[k].utf8str_t_val); - } - free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val); - } - } - free(ULOG_ENTRY(upd, i).av_keydata.av_keydata_val); - } - - - /* - * Free av_tl_data - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_TL_DATA) && ULOG_ENTRY(upd, i).av_tldata.av_tldata_val) { - for (j = 0; j < ULOG_ENTRY(upd, i).av_tldata.av_tldata_len; j++) { - free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_val); - } - free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val); - } - - /* - * Free av_princ - */ - if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_PRINC) { - free(ULOG_ENTRY(upd, i).av_princ.k_realm.utf8str_t_val); - if (ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val) { - for (j = 0; j < ULOG_ENTRY(upd, i).av_princ.k_components.k_components_len; j++) { - free(ULOG_ENTRY_PRINC(upd, i, j).k_data.utf8str_t_val); - } - free(ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val); - } - } - - /* - * Free av_mod_princ - */ - if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_PRINC) { - free(ULOG_ENTRY(upd, i).av_mod_princ.k_realm.utf8str_t_val); - if (ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val) { - for (j = 0; j < ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_len; j++) { - free(ULOG_ENTRY_MOD_PRINC(upd, i, j).k_data.utf8str_t_val); - } - free(ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val); - } - } - - /* - * Free av_mod_where - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_WHERE) && ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val) - free(ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val); - - /* - * Free av_pw_policy - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_POLICY) && ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val) - free(ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val); - - /* - * XXX: Free av_pw_hist - * - * For now, we just free the pointer - * to av_pw_hist_val, since we aren't - * populating this union member in - * the conv api function(s) anyways. - */ - if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_HIST) && ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val) - free(ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val); - - } - - /* - * Free up the pointer to kdbe_t_val - */ - free(upd->kdb_update.kdbe_t_val); - } + /* + * ulog entry - kdb_kdcs_seen_by + */ + if (upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val) { + for (i = 0; i < upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len; i++) + free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val[i].utf8str_t_val); + free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val); + } + + /* + * ulog entry - kdb_futures + */ + free(upd->kdb_futures.kdb_futures_val); + + /* + * ulog entry - kdb_update + */ + if (upd->kdb_update.kdbe_t_val) { + /* + * Loop thru all the attributes and free up stuff + */ + for (i = 0; i < upd->kdb_update.kdbe_t_len; i++) { + + /* + * Free av_key_data + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_KEYDATA) && ULOG_ENTRY(upd, i).av_keydata.av_keydata_val) { + + for (j = 0; j < ULOG_ENTRY(upd, i).av_keydata.av_keydata_len; j++) { + free(ULOG_ENTRY_KEYVAL(upd, i, j).k_enctype.k_enctype_val); + if (ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val) { + for (k = 0; k < ULOG_ENTRY_KEYVAL(upd, i, j).k_ver; k++) { + free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[k].utf8str_t_val); + } + free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val); + } + } + free(ULOG_ENTRY(upd, i).av_keydata.av_keydata_val); + } + + + /* + * Free av_tl_data + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_TL_DATA) && ULOG_ENTRY(upd, i).av_tldata.av_tldata_val) { + for (j = 0; j < ULOG_ENTRY(upd, i).av_tldata.av_tldata_len; j++) { + free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_val); + } + free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val); + } + + /* + * Free av_princ + */ + if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_PRINC) { + free(ULOG_ENTRY(upd, i).av_princ.k_realm.utf8str_t_val); + if (ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val) { + for (j = 0; j < ULOG_ENTRY(upd, i).av_princ.k_components.k_components_len; j++) { + free(ULOG_ENTRY_PRINC(upd, i, j).k_data.utf8str_t_val); + } + free(ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val); + } + } + + /* + * Free av_mod_princ + */ + if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_PRINC) { + free(ULOG_ENTRY(upd, i).av_mod_princ.k_realm.utf8str_t_val); + if (ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val) { + for (j = 0; j < ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_len; j++) { + free(ULOG_ENTRY_MOD_PRINC(upd, i, j).k_data.utf8str_t_val); + } + free(ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val); + } + } + + /* + * Free av_mod_where + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_WHERE) && ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val) + free(ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val); + + /* + * Free av_pw_policy + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_POLICY) && ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val) + free(ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val); + + /* + * XXX: Free av_pw_hist + * + * For now, we just free the pointer + * to av_pw_hist_val, since we aren't + * populating this union member in + * the conv api function(s) anyways. + */ + if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_HIST) && ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val) + free(ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val); + + } + + /* + * Free up the pointer to kdbe_t_val + */ + free(upd->kdb_update.kdbe_t_val); + } /* END CSTYLED */ - /* - * Bump up to next struct - */ - upd++; + /* + * Bump up to next struct + */ + upd++; } diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index 55e8199..723d98e 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -1,14 +1,15 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb/kdb_cpw.c * - * Copyright 1995, 2009 by the Massachusetts Institute of Technology. + * Copyright 1995, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,19 +23,19 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -45,7 +46,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -58,25 +59,25 @@ int krb5_db_get_key_data_kvno(context, count, data) - krb5_context context; - int count; - krb5_key_data * data; + krb5_context context; + int count; + krb5_key_data * data; { int i, kvno; /* Find last key version number */ for (kvno = i = 0; i < count; i++) { - if (kvno < data[i].key_data_kvno) { - kvno = data[i].key_data_kvno; - } + if (kvno < data[i].key_data_kvno) { + kvno = data[i].key_data_kvno; + } } return(kvno); } static void cleanup_key_data(context, count, data) - krb5_context context; - int count; - krb5_key_data * data; + krb5_context context; + int count; + krb5_key_data * data; { int i, j; @@ -84,30 +85,30 @@ cleanup_key_data(context, count, data) if (data == NULL) return; for (i = 0; i < count; i++) { - for (j = 0; j < data[i].key_data_ver; j++) { - if (data[i].key_data_length[j]) { - krb5_db_free(context, data[i].key_data_contents[j]); - } - } + for (j = 0; j < data[i].key_data_ver; j++) { + if (data[i].key_data_length[j]) { + krb5_db_free(context, data[i].key_data_contents[j]); + } + } } krb5_db_free(context, data); } static krb5_error_code add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) - krb5_context context; + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - krb5_db_entry * db_entry; - int kvno; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + krb5_db_entry * db_entry; + int kvno; { - krb5_principal krbtgt_princ; - krb5_keyblock key; - krb5_db_entry krbtgt_entry; - krb5_boolean more; - int max_kvno, one, i, j, k; - krb5_error_code retval; + krb5_principal krbtgt_princ; + krb5_keyblock key; + krb5_db_entry krbtgt_entry; + krb5_boolean more; + int max_kvno, one, i, j, k; + krb5_error_code retval; krb5_key_data tmp_key_data; krb5_key_data *tptr; @@ -115,111 +116,111 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) retval = krb5_build_principal_ext(context, &krbtgt_princ, - db_entry->princ->realm.length, - db_entry->princ->realm.data, - KRB5_TGS_NAME_SIZE, - KRB5_TGS_NAME, - db_entry->princ->realm.length, - db_entry->princ->realm.data, - 0); + db_entry->princ->realm.length, + db_entry->princ->realm.data, + KRB5_TGS_NAME_SIZE, + KRB5_TGS_NAME, + db_entry->princ->realm.length, + db_entry->princ->realm.data, + 0); if (retval) - return retval; + return retval; /* Get tgt from database */ retval = krb5_db_get_principal(context, krbtgt_princ, &krbtgt_entry, - &one, &more); + &one, &more); krb5_free_principal(context, krbtgt_princ); /* don't need it anymore */ if (retval) - return(retval); + return(retval); if ((one > 1) || (more)) { - krb5_db_free_principal(context, &krbtgt_entry, one); - return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; + krb5_db_free_principal(context, &krbtgt_entry, one); + return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; } - if (!one) - return KRB5_KDB_NOENTRY; + if (!one) + return KRB5_KDB_NOENTRY; /* Get max kvno */ for (max_kvno = j = 0; j < krbtgt_entry.n_key_data; j++) { - if (max_kvno < krbtgt_entry.key_data[j].key_data_kvno) { - max_kvno = krbtgt_entry.key_data[j].key_data_kvno; - } + if (max_kvno < krbtgt_entry.key_data[j].key_data_kvno) { + max_kvno = krbtgt_entry.key_data[j].key_data_kvno; + } } for (i = 0; i < ks_tuple_count; i++) { - krb5_boolean similar; - - similar = 0; - - /* - * We could use krb5_keysalt_iterate to replace this loop, or use - * krb5_keysalt_is_present for the loop below, but we want to avoid - * circular library dependencies. - */ - for (j = 0; j < i; j++) { - if ((retval = krb5_c_enctype_compare(context, - ks_tuple[i].ks_enctype, - ks_tuple[j].ks_enctype, - &similar))) - return(retval); - - if (similar) - break; - } - - if (similar) - continue; - - if ((retval = krb5_dbe_create_key_data(context, db_entry))) - goto add_key_rnd_err; - - /* there used to be code here to extract the old key, and derive - a new key from it. Now that there's a unified prng, that isn't - necessary. */ - - /* make new key */ - if ((retval = krb5_c_make_random_key(context, ks_tuple[i].ks_enctype, - &key))) - goto add_key_rnd_err; - - - /* db library will free this. Since, its a so, it could actually be using different memory management - function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used - here which will later be copied to the db_entry */ - retval = krb5_dbekd_encrypt_key_data(context, master_key, - &key, NULL, kvno, - &tmp_key_data); - - krb5_free_keyblock_contents(context, &key); - if( retval ) - goto add_key_rnd_err; - - tptr = &db_entry->key_data[db_entry->n_key_data-1]; - - tptr->key_data_ver = tmp_key_data.key_data_ver; - tptr->key_data_kvno = tmp_key_data.key_data_kvno; - - for( k = 0; k < tmp_key_data.key_data_ver; k++ ) - { - tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; - tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; - if( tmp_key_data.key_data_contents[k] ) - { - tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); - if( tptr->key_data_contents[k] == NULL ) - { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->key_data = NULL; - db_entry->n_key_data = 0; - retval = ENOMEM; - goto add_key_rnd_err; - } - memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); - - memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); - free( tmp_key_data.key_data_contents[k] ); - tmp_key_data.key_data_contents[k] = NULL; - } - } + krb5_boolean similar; + + similar = 0; + + /* + * We could use krb5_keysalt_iterate to replace this loop, or use + * krb5_keysalt_is_present for the loop below, but we want to avoid + * circular library dependencies. + */ + for (j = 0; j < i; j++) { + if ((retval = krb5_c_enctype_compare(context, + ks_tuple[i].ks_enctype, + ks_tuple[j].ks_enctype, + &similar))) + return(retval); + + if (similar) + break; + } + + if (similar) + continue; + + if ((retval = krb5_dbe_create_key_data(context, db_entry))) + goto add_key_rnd_err; + + /* there used to be code here to extract the old key, and derive + a new key from it. Now that there's a unified prng, that isn't + necessary. */ + + /* make new key */ + if ((retval = krb5_c_make_random_key(context, ks_tuple[i].ks_enctype, + &key))) + goto add_key_rnd_err; + + + /* db library will free this. Since, its a so, it could actually be using different memory management + function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used + here which will later be copied to the db_entry */ + retval = krb5_dbekd_encrypt_key_data(context, master_key, + &key, NULL, kvno, + &tmp_key_data); + + krb5_free_keyblock_contents(context, &key); + if( retval ) + goto add_key_rnd_err; + + tptr = &db_entry->key_data[db_entry->n_key_data-1]; + + tptr->key_data_ver = tmp_key_data.key_data_ver; + tptr->key_data_kvno = tmp_key_data.key_data_kvno; + + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; + tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); + if( tptr->key_data_contents[k] == NULL ) + { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->key_data = NULL; + db_entry->n_key_data = 0; + retval = ENOMEM; + goto add_key_rnd_err; + } + memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } + } } @@ -228,40 +229,40 @@ add_key_rnd_err: for( i = 0; i < tmp_key_data.key_data_ver; i++ ) { - if( tmp_key_data.key_data_contents[i] ) - { - memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); - free( tmp_key_data.key_data_contents[i] ); - } + if( tmp_key_data.key_data_contents[i] ) + { + memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); + free( tmp_key_data.key_data_contents[i] ); + } } return(retval); } /* - * Change random key for a krb5_db_entry + * Change random key for a krb5_db_entry * Assumes the max kvno * * As a side effect all old keys are nuked if keepold is false. */ krb5_error_code krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, keepold, db_entry) - krb5_context context; + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - krb5_boolean keepold; - krb5_db_entry * db_entry; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + krb5_boolean keepold; + krb5_db_entry * db_entry; { - int key_data_count; - int n_new_key_data; - krb5_key_data * key_data; - krb5_error_code retval; - int kvno; - int i; + int key_data_count; + int n_new_key_data; + krb5_key_data * key_data; + krb5_error_code retval; + int kvno; + int i; /* First save the old keydata */ kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data, - db_entry->key_data); + db_entry->key_data); key_data_count = db_entry->n_key_data; key_data = db_entry->key_data; db_entry->key_data = NULL; @@ -271,53 +272,53 @@ krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, keepold, db_entry) kvno++; retval = add_key_rnd(context, master_key, ks_tuple, - ks_tuple_count, db_entry, kvno); + ks_tuple_count, db_entry, kvno); if (retval) { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->n_key_data = key_data_count; - db_entry->key_data = key_data; + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->n_key_data = key_data_count; + db_entry->key_data = key_data; } else if (keepold) { - n_new_key_data = db_entry->n_key_data; - for (i = 0; i < key_data_count; i++) { - retval = krb5_dbe_create_key_data(context, db_entry); - if (retval) { - cleanup_key_data(context, db_entry->n_key_data, - db_entry->key_data); - break; - } - db_entry->key_data[i+n_new_key_data] = key_data[i]; - memset(&key_data[i], 0, sizeof(krb5_key_data)); - } - krb5_db_free(context, key_data); /* we moved the cotents to new memory. But, the original block which contained the data */ + n_new_key_data = db_entry->n_key_data; + for (i = 0; i < key_data_count; i++) { + retval = krb5_dbe_create_key_data(context, db_entry); + if (retval) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + db_entry->key_data[i+n_new_key_data] = key_data[i]; + memset(&key_data[i], 0, sizeof(krb5_key_data)); + } + krb5_db_free(context, key_data); /* we moved the cotents to new memory. But, the original block which contained the data */ } else { - cleanup_key_data(context, key_data_count, key_data); + cleanup_key_data(context, key_data_count, key_data); } return(retval); } /* - * Add random key for a krb5_db_entry + * Add random key for a krb5_db_entry * Assumes the max kvno * * As a side effect all old keys older than the max kvno are nuked. */ krb5_error_code krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry) - krb5_context context; + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - krb5_db_entry * db_entry; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + krb5_db_entry * db_entry; { - int key_data_count; - krb5_key_data * key_data; - krb5_error_code retval; - int kvno; - int i; + int key_data_count; + krb5_key_data * key_data; + krb5_error_code retval; + int kvno; + int i; /* First save the old keydata */ kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data, - db_entry->key_data); + db_entry->key_data); key_data_count = db_entry->n_key_data; key_data = db_entry->key_data; db_entry->key_data = NULL; @@ -326,50 +327,50 @@ krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry) /* increment the kvno */ kvno++; - if ((retval = add_key_rnd(context, master_key, ks_tuple, - ks_tuple_count, db_entry, kvno))) { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->n_key_data = key_data_count; - db_entry->key_data = key_data; + if ((retval = add_key_rnd(context, master_key, ks_tuple, + ks_tuple_count, db_entry, kvno))) { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->n_key_data = key_data_count; + db_entry->key_data = key_data; } else { - /* Copy keys with key_data_kvno == kvno - 1 ( = old kvno ) */ - for (i = 0; i < key_data_count; i++) { - if (key_data[i].key_data_kvno == (kvno - 1)) { - if ((retval = krb5_dbe_create_key_data(context, db_entry))) { - cleanup_key_data(context, db_entry->n_key_data, - db_entry->key_data); - break; - } - /* We should decrypt/re-encrypt the data to use the same mkvno*/ - db_entry->key_data[db_entry->n_key_data - 1] = key_data[i]; - memset(&key_data[i], 0, sizeof(krb5_key_data)); - } - } - cleanup_key_data(context, key_data_count, key_data); + /* Copy keys with key_data_kvno == kvno - 1 ( = old kvno ) */ + for (i = 0; i < key_data_count; i++) { + if (key_data[i].key_data_kvno == (kvno - 1)) { + if ((retval = krb5_dbe_create_key_data(context, db_entry))) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + /* We should decrypt/re-encrypt the data to use the same mkvno*/ + db_entry->key_data[db_entry->n_key_data - 1] = key_data[i]; + memset(&key_data[i], 0, sizeof(krb5_key_data)); + } + } + cleanup_key_data(context, key_data_count, key_data); } return(retval); } /* - * Add key_data for a krb5_db_entry + * Add key_data for a krb5_db_entry * If passwd is NULL the assumes that the caller wants a random password. */ static krb5_error_code -add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, - db_entry, kvno) - krb5_context context; +add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, + db_entry, kvno) + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - char * passwd; - krb5_db_entry * db_entry; - int kvno; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + char * passwd; + krb5_db_entry * db_entry; + int kvno; { - krb5_error_code retval; - krb5_keysalt key_salt; - krb5_keyblock key; - krb5_data pwd; - int i, j, k; + krb5_error_code retval; + krb5_keysalt key_salt; + krb5_keyblock key; + krb5_data pwd; + int i, j, k; krb5_key_data tmp_key_data; krb5_key_data *tptr; @@ -378,229 +379,229 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, retval = 0; for (i = 0; i < ks_tuple_count; i++) { - krb5_boolean similar; - - similar = 0; - - /* - * We could use krb5_keysalt_iterate to replace this loop, or use - * krb5_keysalt_is_present for the loop below, but we want to avoid - * circular library dependencies. - */ - for (j = 0; j < i; j++) { - if ((retval = krb5_c_enctype_compare(context, - ks_tuple[i].ks_enctype, - ks_tuple[j].ks_enctype, - &similar))) - return(retval); - - if (similar && - (ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype)) - break; - } - - if (j < i) - continue; - - if ((retval = krb5_dbe_create_key_data(context, db_entry))) - return(retval); - - /* Convert password string to key using appropriate salt */ - switch (key_salt.type = ks_tuple[i].ks_salttype) { - case KRB5_KDB_SALTTYPE_ONLYREALM: { + krb5_boolean similar; + + similar = 0; + + /* + * We could use krb5_keysalt_iterate to replace this loop, or use + * krb5_keysalt_is_present for the loop below, but we want to avoid + * circular library dependencies. + */ + for (j = 0; j < i; j++) { + if ((retval = krb5_c_enctype_compare(context, + ks_tuple[i].ks_enctype, + ks_tuple[j].ks_enctype, + &similar))) + return(retval); + + if (similar && + (ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype)) + break; + } + + if (j < i) + continue; + + if ((retval = krb5_dbe_create_key_data(context, db_entry))) + return(retval); + + /* Convert password string to key using appropriate salt */ + switch (key_salt.type = ks_tuple[i].ks_salttype) { + case KRB5_KDB_SALTTYPE_ONLYREALM: { krb5_data * saltdata; if ((retval = krb5_copy_data(context, krb5_princ_realm(context, - db_entry->princ), &saltdata))) - return(retval); - - key_salt.data = *saltdata; - free(saltdata); - } - break; - case KRB5_KDB_SALTTYPE_NOREALM: + db_entry->princ), &saltdata))) + return(retval); + + key_salt.data = *saltdata; + free(saltdata); + } + break; + case KRB5_KDB_SALTTYPE_NOREALM: if ((retval=krb5_principal2salt_norealm(context, db_entry->princ, - &key_salt.data))) - return(retval); + &key_salt.data))) + return(retval); break; - case KRB5_KDB_SALTTYPE_NORMAL: + case KRB5_KDB_SALTTYPE_NORMAL: if ((retval = krb5_principal2salt(context, db_entry->princ, - &key_salt.data))) - return(retval); + &key_salt.data))) + return(retval); break; - case KRB5_KDB_SALTTYPE_V4: + case KRB5_KDB_SALTTYPE_V4: key_salt.data.length = 0; key_salt.data.data = 0; break; - case KRB5_KDB_SALTTYPE_AFS3: - /* The afs_mit_string_to_key needs to use strlen, and the - realm field is not (necessarily) NULL terminated. */ - retval = krb5int_copy_data_contents_add0(context, - krb5_princ_realm(context, - db_entry->princ), - &key_salt.data); - if (retval) - return retval; - key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ - break; - default: - return(KRB5_KDB_BAD_SALTTYPE); - } - - pwd.data = passwd; - pwd.length = strlen(passwd); - - /* AFS string to key will happen here */ - if ((retval = krb5_c_string_to_key(context, ks_tuple[i].ks_enctype, - &pwd, &key_salt.data, &key))) { - if (key_salt.data.data) - free(key_salt.data.data); - return(retval); - } - - if (key_salt.data.length == SALT_TYPE_AFS_LENGTH) - key_salt.data.length = - krb5_princ_realm(context, db_entry->princ)->length; - - /* memory allocation to be done by db. So, use temporary block and later copy - it to the memory allocated by db */ - retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, - (const krb5_keysalt *)&key_salt, - kvno, &tmp_key_data); - if (key_salt.data.data) - free(key_salt.data.data); - free(key.contents); - - if( retval ) - return retval; - - tptr = &db_entry->key_data[db_entry->n_key_data-1]; - - tptr->key_data_ver = tmp_key_data.key_data_ver; - tptr->key_data_kvno = tmp_key_data.key_data_kvno; - - for( k = 0; k < tmp_key_data.key_data_ver; k++ ) - { - tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; - tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; - if( tmp_key_data.key_data_contents[k] ) - { - tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); - if( tptr->key_data_contents[k] == NULL ) - { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->key_data = NULL; - db_entry->n_key_data = 0; - retval = ENOMEM; - goto add_key_pwd_err; - } - memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); - - memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); - free( tmp_key_data.key_data_contents[k] ); - tmp_key_data.key_data_contents[k] = NULL; - } - } + case KRB5_KDB_SALTTYPE_AFS3: + /* The afs_mit_string_to_key needs to use strlen, and the + realm field is not (necessarily) NULL terminated. */ + retval = krb5int_copy_data_contents_add0(context, + krb5_princ_realm(context, + db_entry->princ), + &key_salt.data); + if (retval) + return retval; + key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ + break; + default: + return(KRB5_KDB_BAD_SALTTYPE); + } + + pwd.data = passwd; + pwd.length = strlen(passwd); + + /* AFS string to key will happen here */ + if ((retval = krb5_c_string_to_key(context, ks_tuple[i].ks_enctype, + &pwd, &key_salt.data, &key))) { + if (key_salt.data.data) + free(key_salt.data.data); + return(retval); + } + + if (key_salt.data.length == SALT_TYPE_AFS_LENGTH) + key_salt.data.length = + krb5_princ_realm(context, db_entry->princ)->length; + + /* memory allocation to be done by db. So, use temporary block and later copy + it to the memory allocated by db */ + retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, + (const krb5_keysalt *)&key_salt, + kvno, &tmp_key_data); + if (key_salt.data.data) + free(key_salt.data.data); + free(key.contents); + + if( retval ) + return retval; + + tptr = &db_entry->key_data[db_entry->n_key_data-1]; + + tptr->key_data_ver = tmp_key_data.key_data_ver; + tptr->key_data_kvno = tmp_key_data.key_data_kvno; + + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; + tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); + if( tptr->key_data_contents[k] == NULL ) + { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->key_data = NULL; + db_entry->n_key_data = 0; + retval = ENOMEM; + goto add_key_pwd_err; + } + memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } + } } - add_key_pwd_err: +add_key_pwd_err: for( i = 0; i < tmp_key_data.key_data_ver; i++ ) { - if( tmp_key_data.key_data_contents[i] ) - { - memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); - free( tmp_key_data.key_data_contents[i] ); - } + if( tmp_key_data.key_data_contents[i] ) + { + memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); + free( tmp_key_data.key_data_contents[i] ); + } } return(retval); } /* - * Change password for a krb5_db_entry + * Change password for a krb5_db_entry * Assumes the max kvno * * As a side effect all old keys are nuked if keepold is false. */ krb5_error_code krb5_dbe_def_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd, - new_kvno, keepold, db_entry) - krb5_context context; + new_kvno, keepold, db_entry) + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - char * passwd; - int new_kvno; - krb5_boolean keepold; - krb5_db_entry * db_entry; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + char * passwd; + int new_kvno; + krb5_boolean keepold; + krb5_db_entry * db_entry; { - int key_data_count; - int n_new_key_data; - krb5_key_data * key_data; - krb5_error_code retval; - int old_kvno; - int i; + int key_data_count; + int n_new_key_data; + krb5_key_data * key_data; + krb5_error_code retval; + int old_kvno; + int i; /* First save the old keydata */ old_kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data, - db_entry->key_data); + db_entry->key_data); key_data_count = db_entry->n_key_data; key_data = db_entry->key_data; db_entry->key_data = NULL; db_entry->n_key_data = 0; - /* increment the kvno. if the requested kvno is too small, + /* increment the kvno. if the requested kvno is too small, increment the old kvno */ if (new_kvno < old_kvno+1) - new_kvno = old_kvno+1; + new_kvno = old_kvno+1; retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, - passwd, db_entry, new_kvno); + passwd, db_entry, new_kvno); if (retval) { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->n_key_data = key_data_count; - db_entry->key_data = key_data; + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->n_key_data = key_data_count; + db_entry->key_data = key_data; } else if (keepold) { - n_new_key_data = db_entry->n_key_data; - for (i = 0; i < key_data_count; i++) { - retval = krb5_dbe_create_key_data(context, db_entry); - if (retval) { - cleanup_key_data(context, db_entry->n_key_data, - db_entry->key_data); - break; - } - db_entry->key_data[i+n_new_key_data] = key_data[i]; - memset(&key_data[i], 0, sizeof(krb5_key_data)); - } - krb5_db_free( context, key_data ); + n_new_key_data = db_entry->n_key_data; + for (i = 0; i < key_data_count; i++) { + retval = krb5_dbe_create_key_data(context, db_entry); + if (retval) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + db_entry->key_data[i+n_new_key_data] = key_data[i]; + memset(&key_data[i], 0, sizeof(krb5_key_data)); + } + krb5_db_free( context, key_data ); } else { - cleanup_key_data(context, key_data_count, key_data); + cleanup_key_data(context, key_data_count, key_data); } return(retval); } /* - * Add password for a krb5_db_entry + * Add password for a krb5_db_entry * Assumes the max kvno * * As a side effect all old keys older than the max kvno are nuked. */ krb5_error_code krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry) - krb5_context context; + krb5_context context; krb5_keyblock * master_key; - krb5_key_salt_tuple * ks_tuple; - int ks_tuple_count; - char * passwd; - krb5_db_entry * db_entry; + krb5_key_salt_tuple * ks_tuple; + int ks_tuple_count; + char * passwd; + krb5_db_entry * db_entry; { - int key_data_count; - krb5_key_data * key_data; - krb5_error_code retval; - int old_kvno, new_kvno; - int i; + int key_data_count; + krb5_key_data * key_data; + krb5_error_code retval; + int old_kvno, new_kvno; + int i; /* First save the old keydata */ old_kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data, - db_entry->key_data); + db_entry->key_data); key_data_count = db_entry->n_key_data; key_data = db_entry->key_data; db_entry->key_data = NULL; @@ -610,27 +611,25 @@ krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry) new_kvno = old_kvno+1; if ((retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, - passwd, db_entry, new_kvno))) { - cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); - db_entry->n_key_data = key_data_count; - db_entry->key_data = key_data; + passwd, db_entry, new_kvno))) { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->n_key_data = key_data_count; + db_entry->key_data = key_data; } else { - /* Copy keys with key_data_kvno == old_kvno */ - for (i = 0; i < key_data_count; i++) { - if (key_data[i].key_data_kvno == old_kvno) { - if ((retval = krb5_dbe_create_key_data(context, db_entry))) { - cleanup_key_data(context, db_entry->n_key_data, - db_entry->key_data); - break; - } - /* We should decrypt/re-encrypt the data to use the same mkvno*/ - db_entry->key_data[db_entry->n_key_data - 1] = key_data[i]; - memset(&key_data[i], 0, sizeof(krb5_key_data)); - } - } - cleanup_key_data(context, key_data_count, key_data); + /* Copy keys with key_data_kvno == old_kvno */ + for (i = 0; i < key_data_count; i++) { + if (key_data[i].key_data_kvno == old_kvno) { + if ((retval = krb5_dbe_create_key_data(context, db_entry))) { + cleanup_key_data(context, db_entry->n_key_data, + db_entry->key_data); + break; + } + /* We should decrypt/re-encrypt the data to use the same mkvno*/ + db_entry->key_data[db_entry->n_key_data - 1] = key_data[i]; + memset(&key_data[i], 0, sizeof(krb5_key_data)); + } + } + cleanup_key_data(context, key_data_count, key_data); } return(retval); } - - diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index 69cc52b..81c70f3 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -1,14 +1,15 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kdb/kdb_helper.c * - * Copyright 1995, 2009 by the Massachusetts Institute of Technology. + * Copyright 1995, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* @@ -48,30 +49,30 @@ */ krb5_error_code krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) - krb5_context kcontext; - krb5_db_entry *dbentp; - krb5_int32 *start; - krb5_int32 ktype; - krb5_int32 stype; - krb5_int32 kvno; - krb5_key_data **kdatap; + krb5_context kcontext; + krb5_db_entry *dbentp; + krb5_int32 *start; + krb5_int32 ktype; + krb5_int32 stype; + krb5_int32 kvno; + krb5_key_data **kdatap; { - int i, idx; - int maxkvno; - krb5_key_data *datap; - krb5_error_code ret; + int i, idx; + int maxkvno; + krb5_key_data *datap; + krb5_error_code ret; ret = 0; if (kvno == -1 && stype == -1 && ktype == -1) - kvno = 0; - - if (kvno == 0) { - /* Get the max key version */ - for (i = 0; i < dbentp->n_key_data; i++) { - if (kvno < dbentp->key_data[i].key_data_kvno) { - kvno = dbentp->key_data[i].key_data_kvno; - } - } + kvno = 0; + + if (kvno == 0) { + /* Get the max key version */ + for (i = 0; i < dbentp->n_key_data; i++) { + if (kvno < dbentp->key_data[i].key_data_kvno) { + kvno = dbentp->key_data[i].key_data_kvno; + } + } } maxkvno = -1; @@ -80,56 +81,56 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) krb5_boolean similar; krb5_int32 db_stype; - ret = 0; - if (dbentp->key_data[i].key_data_ver > 1) { - db_stype = dbentp->key_data[i].key_data_type[1]; - } else { - db_stype = KRB5_KDB_SALTTYPE_NORMAL; - } - - /* - * Filter out non-permitted enctypes. - */ - if (!krb5_is_permitted_enctype(kcontext, - dbentp->key_data[i].key_data_type[0])) { - ret = KRB5_KDB_NO_PERMITTED_KEY; - continue; - } - - - if (ktype > 0) { - if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype, - dbentp->key_data[i].key_data_type[0], - &similar))) - - return(ret); - } - - if (((ktype <= 0) || similar) && - ((db_stype == stype) || (stype < 0))) { - if (kvno >= 0) { - if (kvno == dbentp->key_data[i].key_data_kvno) { - datap = &dbentp->key_data[i]; - idx = i; - maxkvno = kvno; - break; - } - } else { - if (dbentp->key_data[i].key_data_kvno > maxkvno) { - maxkvno = dbentp->key_data[i].key_data_kvno; - datap = &dbentp->key_data[i]; - idx = i; - } - } - } + ret = 0; + if (dbentp->key_data[i].key_data_ver > 1) { + db_stype = dbentp->key_data[i].key_data_type[1]; + } else { + db_stype = KRB5_KDB_SALTTYPE_NORMAL; + } + + /* + * Filter out non-permitted enctypes. + */ + if (!krb5_is_permitted_enctype(kcontext, + dbentp->key_data[i].key_data_type[0])) { + ret = KRB5_KDB_NO_PERMITTED_KEY; + continue; + } + + + if (ktype > 0) { + if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype, + dbentp->key_data[i].key_data_type[0], + &similar))) + + return(ret); + } + + if (((ktype <= 0) || similar) && + ((db_stype == stype) || (stype < 0))) { + if (kvno >= 0) { + if (kvno == dbentp->key_data[i].key_data_kvno) { + datap = &dbentp->key_data[i]; + idx = i; + maxkvno = kvno; + break; + } + } else { + if (dbentp->key_data[i].key_data_kvno > maxkvno) { + maxkvno = dbentp->key_data[i].key_data_kvno; + datap = &dbentp->key_data[i]; + idx = i; + } + } + } } if (maxkvno < 0) - return ret ? ret : KRB5_KDB_NO_MATCHING_KEY; + return ret ? ret : KRB5_KDB_NO_MATCHING_KEY; *kdatap = datap; *start = idx+1; return 0; } - + /* * kdb default functions. Ideally, some other file should have this functions. For now, TBD. */ @@ -139,10 +140,10 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) krb5_error_code krb5_def_store_mkey_list(krb5_context context, - char *keyfile, - krb5_principal mname, - krb5_keylist_node *keylist, - char *master_pwd) + char *keyfile, + krb5_principal mname, + krb5_keylist_node *keylist, + char *master_pwd) { krb5_error_code retval = 0; char defkeyfile[MAXPATHLEN+1]; @@ -168,8 +169,8 @@ krb5_def_store_mkey_list(krb5_context context, if (!S_ISREG(stb.st_mode)) { retval = EINVAL; krb5_set_error_message (context, retval, - "keyfile (%s) is not a regular file: %s", - keyfile, error_message(retval)); + "keyfile (%s) is not a regular file: %s", + keyfile, error_message(retval)); goto out; } } @@ -179,7 +180,7 @@ krb5_def_store_mkey_list(krb5_context context, /* create temp file template for use by mktemp() */ if ((retval = asprintf(&tmp_ktname, "WRFILE:%s_XXXXXX", keyfile)) < 0) { krb5_set_error_message (context, retval, - "Could not create temp keytab file name."); + "Could not create temp keytab file name."); goto out; } @@ -193,8 +194,8 @@ krb5_def_store_mkey_list(krb5_context context, if (mktemp(tmp_ktpath) == NULL) { retval = errno; krb5_set_error_message (context, retval, - "Could not create temp stash file: %s", - error_message(errno)); + "Could not create temp stash file: %s", + error_message(errno)); goto out; } @@ -223,8 +224,8 @@ krb5_def_store_mkey_list(krb5_context context, if (rename(tmp_ktpath, keyfile) < 0) { retval = errno; krb5_set_error_message (context, retval, - "rename of temporary keyfile (%s) to (%s) failed: %s", - tmp_ktpath, keyfile, error_message(errno)); + "rename of temporary keyfile (%s) to (%s) failed: %s", + tmp_ktpath, keyfile, error_message(errno)); } } @@ -249,14 +250,14 @@ krb5_def_store_mkey(krb5_context context, list.keyblock = *key; list.next = NULL; return krb5_def_store_mkey_list(context, keyfile, mname, &list, - master_pwd); + master_pwd); } static krb5_error_code krb5_db_def_fetch_mkey_stash(krb5_context context, - const char *keyfile, - krb5_keyblock *key, - krb5_kvno *kvno) + const char *keyfile, + krb5_keyblock *key, + krb5_kvno *kvno) { krb5_error_code retval = 0; krb5_ui_2 enctype; @@ -266,14 +267,14 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, #ifdef ANSI_STDIO if (!(kf = fopen(keyfile, "rb"))) #else - if (!(kf = fopen(keyfile, "r"))) + if (!(kf = fopen(keyfile, "r"))) #endif - return KRB5_KDB_CANTREAD_STORED; + return KRB5_KDB_CANTREAD_STORED; set_cloexec_file(kf); if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) { - retval = KRB5_KDB_CANTREAD_STORED; - goto errout; + retval = KRB5_KDB_CANTREAD_STORED; + goto errout; } #if BIG_ENDIAN_MASTER_KEY @@ -281,16 +282,16 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, #endif if (key->enctype == ENCTYPE_UNKNOWN) - key->enctype = enctype; + key->enctype = enctype; else if (enctype != key->enctype) { - retval = KRB5_KDB_BADSTORED_MKEY; - goto errout; + retval = KRB5_KDB_BADSTORED_MKEY; + goto errout; } if (fread((krb5_pointer) &keylength, - sizeof(keylength), 1, kf) != 1) { - retval = KRB5_KDB_CANTREAD_STORED; - goto errout; + sizeof(keylength), 1, kf) != 1) { + retval = KRB5_KDB_CANTREAD_STORED; + goto errout; } #if BIG_ENDIAN_MASTER_KEY @@ -300,23 +301,23 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, #endif if (!key->length || ((int) key->length) < 0) { - retval = KRB5_KDB_BADSTORED_MKEY; - goto errout; + retval = KRB5_KDB_BADSTORED_MKEY; + goto errout; } - + if (!(key->contents = (krb5_octet *)malloc(key->length))) { - retval = ENOMEM; - goto errout; + retval = ENOMEM; + goto errout; } if (fread((krb5_pointer) key->contents, sizeof(key->contents[0]), - key->length, kf) != key->length) { - retval = KRB5_KDB_CANTREAD_STORED; - zap(key->contents, key->length); - free(key->contents); - key->contents = 0; + key->length, kf) != key->length) { + retval = KRB5_KDB_CANTREAD_STORED; + zap(key->contents, key->length); + free(key->contents); + key->contents = 0; } else - retval = 0; + retval = 0; /* * Note, the old stash format did not store the kvno and at this point it @@ -325,9 +326,9 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, * verifcation trouble if the mkey princ is using a kvno other than 1. */ if (kvno && *kvno == IGNORE_VNO) - *kvno = 1; + *kvno = 1; - errout: +errout: (void) fclose(kf); return retval; } @@ -391,7 +392,7 @@ krb5_db_def_fetch_mkey_keytab(krb5_context context, errout: if (kt) - krb5_kt_close(context, kt); + krb5_kt_close(context, kt); return retval; } @@ -428,12 +429,12 @@ krb5_db_def_fetch_mkey(krb5_context context, * key, but set a message indicating the actual error. */ if (retval != 0) { - krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED, - "Can not fetch master key (error: %s).", - error_message(retval)); - return KRB5_KDB_CANTREAD_STORED; + krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED, + "Can not fetch master key (error: %s).", + error_message(retval)); + return KRB5_KDB_CANTREAD_STORED; } else - return 0; + return 0; } /* @@ -453,52 +454,52 @@ krb5_def_verify_master_key(krb5_context context, nprinc = 1; if ((retval = krb5_db_get_principal(context, mprinc, - &master_entry, &nprinc, &more))) - return(retval); - + &master_entry, &nprinc, &more))) + return(retval); + if (nprinc != 1) { - if (nprinc) - krb5_db_free_principal(context, &master_entry, nprinc); - return(KRB5_KDB_NOMASTERKEY); + if (nprinc) + krb5_db_free_principal(context, &master_entry, nprinc); + return(KRB5_KDB_NOMASTERKEY); } else if (more) { - krb5_db_free_principal(context, &master_entry, nprinc); - return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); - } - - if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, - &master_entry.key_data[0], - &tempkey, NULL))) { - krb5_db_free_principal(context, &master_entry, nprinc); - return retval; + krb5_db_free_principal(context, &master_entry, nprinc); + return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); + } + + if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, + &master_entry.key_data[0], + &tempkey, NULL))) { + krb5_db_free_principal(context, &master_entry, nprinc); + return retval; } if (mkey->length != tempkey.length || - memcmp((char *)mkey->contents, - (char *)tempkey.contents,mkey->length)) { - retval = KRB5_KDB_BADMASTERKEY; + memcmp((char *)mkey->contents, + (char *)tempkey.contents,mkey->length)) { + retval = KRB5_KDB_BADMASTERKEY; } if (kvno != IGNORE_VNO && kvno != (krb5_kvno) master_entry.key_data->key_data_kvno) { retval = KRB5_KDB_BADMASTERKEY; krb5_set_error_message (context, retval, - "User specified mkeyVNO (%u) does not match master key princ's KVNO (%u)", - kvno, master_entry.key_data->key_data_kvno); + "User specified mkeyVNO (%u) does not match master key princ's KVNO (%u)", + kvno, master_entry.key_data->key_data_kvno); } zap((char *)tempkey.contents, tempkey.length); free(tempkey.contents); krb5_db_free_principal(context, &master_entry, nprinc); - + return retval; } krb5_error_code krb5_def_fetch_mkey_list(krb5_context context, - krb5_principal mprinc, - const krb5_keyblock *mkey, - krb5_kvno mkvno, - krb5_keylist_node **mkeys_list) + krb5_principal mprinc, + const krb5_keyblock *mkey, + krb5_kvno mkvno, + krb5_keylist_node **mkeys_list) { krb5_error_code retval; krb5_db_entry master_entry; @@ -507,7 +508,7 @@ krb5_def_fetch_mkey_list(krb5_context context, krb5_keyblock cur_mkey; krb5_keylist_node *mkey_list_head = NULL, **mkey_list_node; krb5_key_data *key_data; - krb5_mkey_aux_node *mkey_aux_data_list = NULL, *aux_data_entry; + krb5_mkey_aux_node *mkey_aux_data_list = NULL, *aux_data_entry; int i; if (mkeys_list == NULL) @@ -583,7 +584,7 @@ krb5_def_fetch_mkey_list(krb5_context context, } if (found_key != TRUE) { krb5_set_error_message (context, KRB5_KDB_BADMASTERKEY, - "Unable to decrypt latest master key with the provided master key\n"); + "Unable to decrypt latest master key with the provided master key\n"); retval = KRB5_KDB_BADMASTERKEY; goto clean_n_exit; } @@ -592,7 +593,7 @@ krb5_def_fetch_mkey_list(krb5_context context, /* * Extract all the mkeys from master_entry using the most current mkey and - * create a mkey list for the mkeys field in kdc_realm_t. + * create a mkey list for the mkeys field in kdc_realm_t. */ mkey_list_head = (krb5_keylist_node *) malloc(sizeof(krb5_keylist_node)); @@ -644,36 +645,36 @@ clean_n_exit: } krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, - char *pwd, - krb5_keyblock *key ) + char *pwd, + krb5_keyblock *key ) { /* printf("default set master key\n"); */ return 0; } krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, - krb5_keyblock **key ) + krb5_keyblock **key ) { /* printf("default get master key\n"); */ return 0; } krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext, - krb5_keylist_node *keylist ) + krb5_keylist_node *keylist ) { /* printf("default set master key\n"); */ return 0; } krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext, - krb5_keylist_node **keylist ) + krb5_keylist_node **keylist ) { /* printf("default get master key\n"); */ return 0; } krb5_error_code krb5_def_promote_db (krb5_context kcontext, - char *s, char **args) + char *s, char **args) { /* printf("default promote_db\n"); */ return KRB5_PLUGIN_OP_NOTSUPP; diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c index 3652935..fe12853 100644 --- a/src/lib/kdb/kdb_log.c +++ b/src/lib/kdb/kdb_log.c @@ -1,9 +1,10 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -/* #pragma ident "@(#)kdb_log.c 1.3 04/02/23 SMI" */ +/* #pragma ident "@(#)kdb_log.c 1.3 04/02/23 SMI" */ #include <sys/stat.h> #include <sys/types.h> @@ -23,15 +24,15 @@ * modify the Kerberos principal update and header logs. */ -#define getpagesize() sysconf(_SC_PAGESIZE) +#define getpagesize() sysconf(_SC_PAGESIZE) -static int pagesize = 0; +static int pagesize = 0; -#define INIT_ULOG(ctx) \ - log_ctx = ctx->kdblog_context; \ - assert(log_ctx != NULL); \ - ulog = log_ctx->ulog; \ - assert(ulog != NULL) +#define INIT_ULOG(ctx) \ + log_ctx = ctx->kdblog_context; \ + assert(log_ctx != NULL); \ + ulog = log_ctx->ulog; \ + assert(ulog != NULL) /* XXX */ typedef unsigned long ulong_t; @@ -46,9 +47,9 @@ ulog_lock(krb5_context ctx, int mode) kdb_hlog_t *ulog = NULL; if (ctx == NULL) - return KRB5_LOG_ERROR; + return KRB5_LOG_ERROR; if (ctx->kdblog_context == NULL || ctx->kdblog_context->iproprole == IPROP_NULL) - return 0; + return 0; INIT_ULOG(ctx); return krb5_lock_file(ctx, log_ctx->ulogfd, mode); } @@ -59,23 +60,23 @@ ulog_lock(krb5_context ctx, int mode) static krb5_error_code ulog_sync_update(kdb_hlog_t *ulog, kdb_ent_header_t *upd) { - ulong_t start, end, size; - krb5_error_code retval; + ulong_t start, end, size; + krb5_error_code retval; if (ulog == NULL) - return (KRB5_LOG_ERROR); + return (KRB5_LOG_ERROR); if (!pagesize) - pagesize = getpagesize(); + pagesize = getpagesize(); start = ((ulong_t)upd) & (~(pagesize-1)); end = (((ulong_t)upd) + ulog->kdb_block + - (pagesize-1)) & (~(pagesize-1)); + (pagesize-1)) & (~(pagesize-1)); size = end - start; if ((retval = msync((caddr_t)start, size, MS_SYNC))) { - return (retval); + return (retval); } return (0); @@ -89,14 +90,14 @@ ulog_sync_header(kdb_hlog_t *ulog) { if (!pagesize) - pagesize = getpagesize(); + pagesize = getpagesize(); if (msync((caddr_t)ulog, pagesize, MS_SYNC)) { - /* - * Couldn't sync to disk, let's panic - */ - syslog(LOG_ERR, "ulog_sync_header: could not sync to disk"); - abort(); + /* + * Couldn't sync to disk, let's panic + */ + syslog(LOG_ERR, "ulog_sync_header: could not sync to disk"); + abort(); } } @@ -109,10 +110,10 @@ ulog_sync_header(kdb_hlog_t *ulog) static krb5_error_code ulog_resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd, uint_t recsize) { - uint_t new_block, new_size; + uint_t new_block, new_size; if (ulog == NULL) - return (KRB5_LOG_ERROR); + return (KRB5_LOG_ERROR); new_size = sizeof (kdb_hlog_t); @@ -122,28 +123,28 @@ ulog_resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd, uint_t recsize) new_size += ulogentries * new_block; if (new_size <= MAXLOGLEN) { - /* - * Reinit log with new block size - */ - (void) memset(ulog, 0, sizeof (kdb_hlog_t)); - - ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; - ulog->db_version_num = KDB_VERSION; - ulog->kdb_state = KDB_STABLE; - ulog->kdb_block = new_block; - - ulog_sync_header(ulog); - - /* - * Time to expand log considering new block size - */ - if (extend_file_to(ulogfd, new_size) < 0) - return errno; + /* + * Reinit log with new block size + */ + (void) memset(ulog, 0, sizeof (kdb_hlog_t)); + + ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; + ulog->db_version_num = KDB_VERSION; + ulog->kdb_state = KDB_STABLE; + ulog->kdb_block = new_block; + + ulog_sync_header(ulog); + + /* + * Time to expand log considering new block size + */ + if (extend_file_to(ulogfd, new_size) < 0) + return errno; } else { - /* - * Can't map into file larger than MAXLOGLEN - */ - return (KRB5_LOG_ERROR); + /* + * Can't map into file larger than MAXLOGLEN + */ + return (KRB5_LOG_ERROR); } return (0); @@ -158,25 +159,25 @@ ulog_resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd, uint_t recsize) krb5_error_code ulog_add_update(krb5_context context, kdb_incr_update_t *upd) { - XDR xdrs; - kdbe_time_t ktime; - struct timeval timestamp; + XDR xdrs; + kdbe_time_t ktime; + struct timeval timestamp; kdb_ent_header_t *indx_log; - uint_t i, recsize; - ulong_t upd_size; - krb5_error_code retval; - kdb_sno_t cur_sno; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; - uint32_t ulogentries; - int ulogfd; + uint_t i, recsize; + ulong_t upd_size; + krb5_error_code retval; + kdb_sno_t cur_sno; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; + uint32_t ulogentries; + int ulogfd; INIT_ULOG(context); ulogentries = log_ctx->ulogentries; ulogfd = log_ctx->ulogfd; if (upd == NULL) - return (KRB5_LOG_ERROR); + return (KRB5_LOG_ERROR); (void) gettimeofday(×tamp, NULL); ktime.seconds = timestamp.tv_sec; @@ -187,10 +188,10 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) recsize = sizeof (kdb_ent_header_t) + upd_size; if (recsize > ulog->kdb_block) { - if ((retval = ulog_resize(ulog, ulogentries, ulogfd, recsize))) { - /* Resize element array failed */ - return (retval); - } + if ((retval = ulog_resize(ulog, ulogentries, ulogfd, recsize))) { + /* Resize element array failed */ + return (retval); + } } cur_sno = ulog->kdb_last_sno; @@ -200,9 +201,9 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) * resyncs once they see their sno > than the masters. */ if (cur_sno == ULONG_MAX) - cur_sno = 1; + cur_sno = 1; else - cur_sno++; + cur_sno++; /* * We squirrel this away for finish_update() to index @@ -224,15 +225,15 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) ulog->kdb_state = KDB_UNSTABLE; xdrmem_create(&xdrs, (char *)indx_log->entry_data, - indx_log->kdb_entry_size, XDR_ENCODE); + indx_log->kdb_entry_size, XDR_ENCODE); if (!xdr_kdb_incr_update_t(&xdrs, upd)) - return (KRB5_LOG_CONV); + return (KRB5_LOG_CONV); if ((retval = ulog_sync_update(ulog, indx_log))) - return (retval); + return (retval); if (ulog->kdb_num < ulogentries) - ulog->kdb_num++; + ulog->kdb_num++; ulog->kdb_last_sno = cur_sno; ulog->kdb_last_time = ktime; @@ -242,13 +243,13 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) * always kdb_entry_sno + 1. */ if (cur_sno > ulogentries) { - i = upd->kdb_entry_sno % ulogentries; - indx_log = (kdb_ent_header_t *)INDEX(ulog, i); - ulog->kdb_first_sno = indx_log->kdb_entry_sno; - ulog->kdb_first_time = indx_log->kdb_time; + i = upd->kdb_entry_sno % ulogentries; + indx_log = (kdb_ent_header_t *)INDEX(ulog, i); + ulog->kdb_first_sno = indx_log->kdb_entry_sno; + ulog->kdb_first_time = indx_log->kdb_time; } else if (cur_sno == 1) { - ulog->kdb_first_sno = 1; - ulog->kdb_first_time = indx_log->kdb_time; + ulog->kdb_first_sno = 1; + ulog->kdb_first_time = indx_log->kdb_time; } ulog_sync_header(ulog); @@ -263,12 +264,12 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) krb5_error_code ulog_finish_update(krb5_context context, kdb_incr_update_t *upd) { - krb5_error_code retval; - kdb_ent_header_t *indx_log; - uint_t i; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; - uint32_t ulogentries; + krb5_error_code retval; + kdb_ent_header_t *indx_log; + uint_t i; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; + uint32_t ulogentries; INIT_ULOG(context); ulogentries = log_ctx->ulogentries; @@ -282,7 +283,7 @@ ulog_finish_update(krb5_context context, kdb_incr_update_t *upd) ulog->kdb_state = KDB_STABLE; if ((retval = ulog_sync_update(ulog, indx_log))) - return (retval); + return (retval); ulog_sync_header(ulog); @@ -323,15 +324,15 @@ ulog_delete_update(krb5_context context, kdb_incr_update_t *upd) krb5_error_code ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args) { - krb5_db_entry *entry = NULL; - kdb_incr_update_t *upd = NULL, *fupd; - int i, no_of_updates; - krb5_error_code retval; - krb5_principal dbprinc = NULL; - kdb_last_t errlast; - char *dbprincstr = NULL; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; + krb5_db_entry *entry = NULL; + kdb_incr_update_t *upd = NULL, *fupd; + int i, no_of_updates; + krb5_error_code retval; + krb5_principal dbprinc = NULL; + kdb_last_t errlast; + char *dbprincstr = NULL; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; INIT_ULOG(context); @@ -348,84 +349,84 @@ ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args) errlast.last_time.useconds = (unsigned int)0; if ((retval = krb5_db_open(context, db_args, - KRB5_KDB_OPEN_RW|KRB5_KDB_SRV_TYPE_ADMIN))) - goto cleanup; + KRB5_KDB_OPEN_RW|KRB5_KDB_SRV_TYPE_ADMIN))) + goto cleanup; for (i = 0; i < no_of_updates; i++) { - int nentry = 1; + int nentry = 1; - if (!upd->kdb_commit) - continue; + if (!upd->kdb_commit) + continue; - if (upd->kdb_deleted) { - dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len - + 1) * sizeof (char)); + if (upd->kdb_deleted) { + dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len + + 1) * sizeof (char)); - if (dbprincstr == NULL) { - retval = ENOMEM; - goto cleanup; - } + if (dbprincstr == NULL) { + retval = ENOMEM; + goto cleanup; + } - (void) strncpy(dbprincstr, - (char *)upd->kdb_princ_name.utf8str_t_val, - (upd->kdb_princ_name.utf8str_t_len + 1)); - dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; + (void) strncpy(dbprincstr, + (char *)upd->kdb_princ_name.utf8str_t_val, + (upd->kdb_princ_name.utf8str_t_len + 1)); + dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; - if ((retval = krb5_parse_name(context, dbprincstr, - &dbprinc))) { - goto cleanup; - } + if ((retval = krb5_parse_name(context, dbprincstr, + &dbprinc))) { + goto cleanup; + } - free(dbprincstr); + free(dbprincstr); - retval = krb5int_delete_principal_no_log(context, - dbprinc, - &nentry); + retval = krb5int_delete_principal_no_log(context, + dbprinc, + &nentry); - if (dbprinc) { - krb5_free_principal(context, dbprinc); - dbprinc = NULL; - } + if (dbprinc) { + krb5_free_principal(context, dbprinc); + dbprinc = NULL; + } - if (retval) - goto cleanup; - } else { - entry = (krb5_db_entry *)malloc(sizeof (krb5_db_entry)); + if (retval) + goto cleanup; + } else { + entry = (krb5_db_entry *)malloc(sizeof (krb5_db_entry)); - if (!entry) { - retval = errno; - goto cleanup; - } + if (!entry) { + retval = errno; + goto cleanup; + } - (void) memset(entry, 0, sizeof (krb5_db_entry)); + (void) memset(entry, 0, sizeof (krb5_db_entry)); - if ((retval = ulog_conv_2dbentry(context, entry, upd, 1))) - goto cleanup; + if ((retval = ulog_conv_2dbentry(context, entry, upd, 1))) + goto cleanup; - retval = krb5int_put_principal_no_log(context, entry, - &nentry); + retval = krb5int_put_principal_no_log(context, entry, + &nentry); - if (entry) { - krb5_db_free_principal(context, entry, nentry); - free(entry); - entry = NULL; - } - if (retval) - goto cleanup; - } + if (entry) { + krb5_db_free_principal(context, entry, nentry); + free(entry); + entry = NULL; + } + if (retval) + goto cleanup; + } - upd++; + upd++; } cleanup: if (fupd) - ulog_free_entries(fupd, no_of_updates); + ulog_free_entries(fupd, no_of_updates); if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) { - if (retval) - ulog_finish_update_slave(ulog, errlast); - else - ulog_finish_update_slave(ulog, incr_ret->lastentry); + if (retval) + ulog_finish_update_slave(ulog, errlast); + else + ulog_finish_update_slave(ulog, incr_ret->lastentry); } return (retval); @@ -440,95 +441,95 @@ cleanup: static krb5_error_code ulog_check(krb5_context context, kdb_hlog_t *ulog, char **db_args) { - XDR xdrs; - krb5_error_code retval = 0; - unsigned int i; - kdb_ent_header_t *indx_log; - kdb_incr_update_t *upd = NULL; - kdb_incr_result_t *incr_ret = NULL; + XDR xdrs; + krb5_error_code retval = 0; + unsigned int i; + kdb_ent_header_t *indx_log; + kdb_incr_update_t *upd = NULL; + kdb_incr_result_t *incr_ret = NULL; ulog->kdb_state = KDB_STABLE; for (i = 0; i < ulog->kdb_num; i++) { - indx_log = (kdb_ent_header_t *)INDEX(ulog, i); - - if (indx_log->kdb_umagic != KDB_ULOG_MAGIC) { - /* - * Update entry corrupted we should scream and die - */ - ulog->kdb_state = KDB_CORRUPT; - retval = KRB5_LOG_CORRUPT; - break; - } - - if (indx_log->kdb_commit == FALSE) { - ulog->kdb_state = KDB_UNSTABLE; - - incr_ret = (kdb_incr_result_t *) - malloc(sizeof (kdb_incr_result_t)); - if (incr_ret == NULL) { - retval = errno; - goto error; - } - - upd = (kdb_incr_update_t *) - malloc(sizeof (kdb_incr_update_t)); - if (upd == NULL) { - retval = errno; - goto error; - } - - (void) memset(upd, 0, sizeof (kdb_incr_update_t)); - xdrmem_create(&xdrs, (char *)indx_log->entry_data, - indx_log->kdb_entry_size, XDR_DECODE); - if (!xdr_kdb_incr_update_t(&xdrs, upd)) { - retval = KRB5_LOG_CONV; - goto error; - } - - incr_ret->updates.kdb_ulog_t_len = 1; - incr_ret->updates.kdb_ulog_t_val = upd; - - upd->kdb_commit = TRUE; - - /* - * We don't want to readd this update and just use the - * existing update to be propagated later on - */ - ulog_set_role(context, IPROP_NULL); - retval = ulog_replay(context, incr_ret, db_args); - - /* - * upd was freed by ulog_replay, we NULL - * the pointer in case we subsequently break from loop. - */ - upd = NULL; - if (incr_ret) { - free(incr_ret); - incr_ret = NULL; - } - ulog_set_role(context, IPROP_MASTER); - - if (retval) - goto error; - - /* - * We flag this as committed since this was - * the last entry before kadmind crashed, ergo - * the slaves have not seen this update before - */ - indx_log->kdb_commit = TRUE; - retval = ulog_sync_update(ulog, indx_log); - if (retval) - goto error; - - ulog->kdb_state = KDB_STABLE; - } + indx_log = (kdb_ent_header_t *)INDEX(ulog, i); + + if (indx_log->kdb_umagic != KDB_ULOG_MAGIC) { + /* + * Update entry corrupted we should scream and die + */ + ulog->kdb_state = KDB_CORRUPT; + retval = KRB5_LOG_CORRUPT; + break; + } + + if (indx_log->kdb_commit == FALSE) { + ulog->kdb_state = KDB_UNSTABLE; + + incr_ret = (kdb_incr_result_t *) + malloc(sizeof (kdb_incr_result_t)); + if (incr_ret == NULL) { + retval = errno; + goto error; + } + + upd = (kdb_incr_update_t *) + malloc(sizeof (kdb_incr_update_t)); + if (upd == NULL) { + retval = errno; + goto error; + } + + (void) memset(upd, 0, sizeof (kdb_incr_update_t)); + xdrmem_create(&xdrs, (char *)indx_log->entry_data, + indx_log->kdb_entry_size, XDR_DECODE); + if (!xdr_kdb_incr_update_t(&xdrs, upd)) { + retval = KRB5_LOG_CONV; + goto error; + } + + incr_ret->updates.kdb_ulog_t_len = 1; + incr_ret->updates.kdb_ulog_t_val = upd; + + upd->kdb_commit = TRUE; + + /* + * We don't want to readd this update and just use the + * existing update to be propagated later on + */ + ulog_set_role(context, IPROP_NULL); + retval = ulog_replay(context, incr_ret, db_args); + + /* + * upd was freed by ulog_replay, we NULL + * the pointer in case we subsequently break from loop. + */ + upd = NULL; + if (incr_ret) { + free(incr_ret); + incr_ret = NULL; + } + ulog_set_role(context, IPROP_MASTER); + + if (retval) + goto error; + + /* + * We flag this as committed since this was + * the last entry before kadmind crashed, ergo + * the slaves have not seen this update before + */ + indx_log->kdb_commit = TRUE; + retval = ulog_sync_update(ulog, indx_log); + if (retval) + goto error; + + ulog->kdb_state = KDB_STABLE; + } } error: if (upd) - ulog_free_entries(upd, 1); + ulog_free_entries(upd, 1); free(incr_ret); @@ -547,134 +548,134 @@ error: */ krb5_error_code ulog_map(krb5_context context, const char *logname, uint32_t ulogentries, - int caller, char **db_args) + int caller, char **db_args) { - struct stat st; - krb5_error_code retval; - uint32_t ulog_filesize; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; - int ulogfd = -1; + struct stat st; + krb5_error_code retval; + uint32_t ulog_filesize; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; + int ulogfd = -1; ulog_filesize = sizeof (kdb_hlog_t); if (stat(logname, &st) == -1) { - if (caller == FKPROPLOG) { - /* - * File doesn't exist so we exit with kproplog - */ - return (errno); - } + if (caller == FKPROPLOG) { + /* + * File doesn't exist so we exit with kproplog + */ + return (errno); + } - if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) { - return (errno); - } + if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) { + return (errno); + } - if (lseek(ulogfd, 0L, SEEK_CUR) == -1) { - return (errno); - } + if (lseek(ulogfd, 0L, SEEK_CUR) == -1) { + return (errno); + } - if ((caller == FKADMIND) || (caller == FKCOMMAND)) - ulog_filesize += ulogentries * ULOG_BLOCK; + if ((caller == FKADMIND) || (caller == FKCOMMAND)) + ulog_filesize += ulogentries * ULOG_BLOCK; - if (extend_file_to(ulogfd, ulog_filesize) < 0) - return errno; + if (extend_file_to(ulogfd, ulog_filesize) < 0) + return errno; } else { - ulogfd = open(logname, O_RDWR, 0600); - if (ulogfd == -1) - /* - * Can't open existing log file - */ - return errno; + ulogfd = open(logname, O_RDWR, 0600); + if (ulogfd == -1) + /* + * Can't open existing log file + */ + return errno; } if (caller == FKPROPLOG) { - if (fstat(ulogfd, &st) < 0) { - close(ulogfd); - return errno; - } - ulog_filesize = st.st_size; - - ulog = (kdb_hlog_t *)mmap(0, ulog_filesize, - PROT_READ+PROT_WRITE, MAP_PRIVATE, ulogfd, 0); + if (fstat(ulogfd, &st) < 0) { + close(ulogfd); + return errno; + } + ulog_filesize = st.st_size; + + ulog = (kdb_hlog_t *)mmap(0, ulog_filesize, + PROT_READ+PROT_WRITE, MAP_PRIVATE, ulogfd, 0); } else { - /* - * else kadmind, kpropd, & kcommands should udpate stores - */ - ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN, - PROT_READ+PROT_WRITE, MAP_SHARED, ulogfd, 0); + /* + * else kadmind, kpropd, & kcommands should udpate stores + */ + ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN, + PROT_READ+PROT_WRITE, MAP_SHARED, ulogfd, 0); } if ((int)(ulog) == -1) { - /* - * Can't map update log file to memory - */ - close(ulogfd); - return (errno); + /* + * Can't map update log file to memory + */ + close(ulogfd); + return (errno); } if (!context->kdblog_context) { - if (!(log_ctx = malloc(sizeof (kdb_log_context)))) - return (errno); - memset(log_ctx, 0, sizeof(*log_ctx)); - context->kdblog_context = log_ctx; + if (!(log_ctx = malloc(sizeof (kdb_log_context)))) + return (errno); + memset(log_ctx, 0, sizeof(*log_ctx)); + context->kdblog_context = log_ctx; } else - log_ctx = context->kdblog_context; + log_ctx = context->kdblog_context; log_ctx->ulog = ulog; log_ctx->ulogentries = ulogentries; log_ctx->ulogfd = ulogfd; if (ulog->kdb_hmagic != KDB_ULOG_HDR_MAGIC) { - if (ulog->kdb_hmagic == 0) { - /* - * New update log - */ - (void) memset(ulog, 0, sizeof (kdb_hlog_t)); - - ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; - ulog->db_version_num = KDB_VERSION; - ulog->kdb_state = KDB_STABLE; - ulog->kdb_block = ULOG_BLOCK; - if (!(caller == FKPROPLOG)) - ulog_sync_header(ulog); - } else { - return (KRB5_LOG_CORRUPT); - } + if (ulog->kdb_hmagic == 0) { + /* + * New update log + */ + (void) memset(ulog, 0, sizeof (kdb_hlog_t)); + + ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; + ulog->db_version_num = KDB_VERSION; + ulog->kdb_state = KDB_STABLE; + ulog->kdb_block = ULOG_BLOCK; + if (!(caller == FKPROPLOG)) + ulog_sync_header(ulog); + } else { + return (KRB5_LOG_CORRUPT); + } } if (caller == FKADMIND) { - retval = ulog_lock(context, KRB5_LOCKMODE_EXCLUSIVE); - if (retval) - return retval; - switch (ulog->kdb_state) { - case KDB_STABLE: - case KDB_UNSTABLE: - /* - * Log is currently un/stable, check anyway - */ - retval = ulog_check(context, ulog, db_args); - ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - if (retval == KRB5_LOG_CORRUPT) { - return (retval); - } - break; - case KDB_CORRUPT: - ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (KRB5_LOG_CORRUPT); - default: - /* - * Invalid db state - */ - ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (KRB5_LOG_ERROR); - } + retval = ulog_lock(context, KRB5_LOCKMODE_EXCLUSIVE); + if (retval) + return retval; + switch (ulog->kdb_state) { + case KDB_STABLE: + case KDB_UNSTABLE: + /* + * Log is currently un/stable, check anyway + */ + retval = ulog_check(context, ulog, db_args); + ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + if (retval == KRB5_LOG_CORRUPT) { + return (retval); + } + break; + case KDB_CORRUPT: + ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (KRB5_LOG_CORRUPT); + default: + /* + * Invalid db state + */ + ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (KRB5_LOG_ERROR); + } } else if ((caller == FKPROPLOG) || (caller == FKPROPD)) { - /* - * kproplog and kpropd don't need to do anything else - */ - return (0); + /* + * kproplog and kpropd don't need to do anything else + */ + return (0); } /* @@ -683,33 +684,33 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries, */ retval = ulog_lock(context, KRB5_LOCKMODE_EXCLUSIVE); if (retval) - return retval; + return retval; if (ulog->kdb_num != ulogentries) { - if ((ulog->kdb_num != 0) && - ((ulog->kdb_last_sno > ulog->kdb_num) || - (ulog->kdb_num > ulogentries))) { - - (void) memset(ulog, 0, sizeof (kdb_hlog_t)); - - ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; - ulog->db_version_num = KDB_VERSION; - ulog->kdb_state = KDB_STABLE; - ulog->kdb_block = ULOG_BLOCK; - - ulog_sync_header(ulog); - } - - /* - * Expand ulog if we have specified a greater size - */ - if (ulog->kdb_num < ulogentries) { - ulog_filesize += ulogentries * ulog->kdb_block; - - if (extend_file_to(ulogfd, ulog_filesize) < 0) { - ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return errno; - } - } + if ((ulog->kdb_num != 0) && + ((ulog->kdb_last_sno > ulog->kdb_num) || + (ulog->kdb_num > ulogentries))) { + + (void) memset(ulog, 0, sizeof (kdb_hlog_t)); + + ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC; + ulog->db_version_num = KDB_VERSION; + ulog->kdb_state = KDB_STABLE; + ulog->kdb_block = ULOG_BLOCK; + + ulog_sync_header(ulog); + } + + /* + * Expand ulog if we have specified a greater size + */ + if (ulog->kdb_num < ulogentries) { + ulog_filesize += ulogentries * ulog->kdb_block; + + if (extend_file_to(ulogfd, ulog_filesize) < 0) { + ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return errno; + } + } } ulog_lock(context, KRB5_LOCKMODE_UNLOCK); @@ -720,44 +721,44 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries, * Get the last set of updates seen, (last+1) to n is returned. */ krb5_error_code -ulog_get_entries(krb5_context context, /* input - krb5 lib config */ - kdb_last_t last, /* input - slave's last sno */ - kdb_incr_result_t *ulog_handle) /* output - incr result for slave */ +ulog_get_entries(krb5_context context, /* input - krb5 lib config */ + kdb_last_t last, /* input - slave's last sno */ + kdb_incr_result_t *ulog_handle) /* output - incr result for slave */ { - XDR xdrs; - kdb_ent_header_t *indx_log; - kdb_incr_update_t *upd; - uint_t indx, count, tdiff; - uint32_t sno; - krb5_error_code retval; - struct timeval timestamp; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; - uint32_t ulogentries; + XDR xdrs; + kdb_ent_header_t *indx_log; + kdb_incr_update_t *upd; + uint_t indx, count, tdiff; + uint32_t sno; + krb5_error_code retval; + struct timeval timestamp; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; + uint32_t ulogentries; INIT_ULOG(context); ulogentries = log_ctx->ulogentries; retval = ulog_lock(context, KRB5_LOCKMODE_SHARED); if (retval) - return retval; + return retval; /* * Check to make sure we don't have a corrupt ulog first. */ if (ulog->kdb_state == KDB_CORRUPT) { - ulog_handle->ret = UPDATE_ERROR; - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (KRB5_LOG_CORRUPT); + ulog_handle->ret = UPDATE_ERROR; + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (KRB5_LOG_CORRUPT); } gettimeofday(×tamp, NULL); tdiff = timestamp.tv_sec - ulog->kdb_last_time.seconds; if (tdiff <= ULOG_IDLE_TIME) { - ulog_handle->ret = UPDATE_BUSY; - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (0); + ulog_handle->ret = UPDATE_BUSY; + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (0); } /* @@ -767,8 +768,8 @@ ulog_get_entries(krb5_context context, /* input - krb5 lib config */ */ retval = krb5_db_lock(context, KRB5_LOCKMODE_SHARED); if (retval) { - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - return (retval); + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + return (retval); } /* @@ -776,103 +777,103 @@ ulog_get_entries(krb5_context context, /* input - krb5 lib config */ * the client's ulog has just been created. */ if ((last.last_sno > ulog->kdb_last_sno) || - (last.last_sno < ulog->kdb_first_sno) || - (last.last_sno == 0)) { - ulog_handle->lastentry.last_sno = ulog->kdb_last_sno; - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED; - return (0); + (last.last_sno < ulog->kdb_first_sno) || + (last.last_sno == 0)) { + ulog_handle->lastentry.last_sno = ulog->kdb_last_sno; + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED; + return (0); } else if (last.last_sno <= ulog->kdb_last_sno) { - sno = last.last_sno; - - indx = (sno - 1) % ulogentries; - - indx_log = (kdb_ent_header_t *)INDEX(ulog, indx); - - /* - * Validate the time stamp just to make sure it was the same sno - */ - if ((indx_log->kdb_time.seconds == last.last_time.seconds) && - (indx_log->kdb_time.useconds == last.last_time.useconds)) { - - /* - * If we have the same sno we return success - */ - if (last.last_sno == ulog->kdb_last_sno) { - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_NIL; - return (0); - } - - count = ulog->kdb_last_sno - sno; - - ulog_handle->updates.kdb_ulog_t_val = - (kdb_incr_update_t *)malloc( - sizeof (kdb_incr_update_t) * count); - - upd = ulog_handle->updates.kdb_ulog_t_val; - - if (upd == NULL) { - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_ERROR; - return (errno); - } - - while (sno < ulog->kdb_last_sno) { - indx = sno % ulogentries; - - indx_log = (kdb_ent_header_t *) - INDEX(ulog, indx); - - (void) memset(upd, 0, - sizeof (kdb_incr_update_t)); - xdrmem_create(&xdrs, - (char *)indx_log->entry_data, - indx_log->kdb_entry_size, XDR_DECODE); - if (!xdr_kdb_incr_update_t(&xdrs, upd)) { - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_ERROR; - return (KRB5_LOG_CONV); - } - /* - * Mark commitment since we didn't - * want to decode and encode the - * incr update record the first time. - */ - upd->kdb_commit = indx_log->kdb_commit; - - upd++; - sno++; - } /* while */ - - ulog_handle->updates.kdb_ulog_t_len = count; - - ulog_handle->lastentry.last_sno = ulog->kdb_last_sno; - ulog_handle->lastentry.last_time.seconds = - ulog->kdb_last_time.seconds; - ulog_handle->lastentry.last_time.useconds = - ulog->kdb_last_time.useconds; - ulog_handle->ret = UPDATE_OK; - - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - - return (0); - } else { - /* - * We have time stamp mismatch or we no longer have - * the slave's last sno, so we brute force it - */ - (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); - (void) krb5_db_unlock(context); - ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED; - - return (0); - } + sno = last.last_sno; + + indx = (sno - 1) % ulogentries; + + indx_log = (kdb_ent_header_t *)INDEX(ulog, indx); + + /* + * Validate the time stamp just to make sure it was the same sno + */ + if ((indx_log->kdb_time.seconds == last.last_time.seconds) && + (indx_log->kdb_time.useconds == last.last_time.useconds)) { + + /* + * If we have the same sno we return success + */ + if (last.last_sno == ulog->kdb_last_sno) { + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_NIL; + return (0); + } + + count = ulog->kdb_last_sno - sno; + + ulog_handle->updates.kdb_ulog_t_val = + (kdb_incr_update_t *)malloc( + sizeof (kdb_incr_update_t) * count); + + upd = ulog_handle->updates.kdb_ulog_t_val; + + if (upd == NULL) { + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_ERROR; + return (errno); + } + + while (sno < ulog->kdb_last_sno) { + indx = sno % ulogentries; + + indx_log = (kdb_ent_header_t *) + INDEX(ulog, indx); + + (void) memset(upd, 0, + sizeof (kdb_incr_update_t)); + xdrmem_create(&xdrs, + (char *)indx_log->entry_data, + indx_log->kdb_entry_size, XDR_DECODE); + if (!xdr_kdb_incr_update_t(&xdrs, upd)) { + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_ERROR; + return (KRB5_LOG_CONV); + } + /* + * Mark commitment since we didn't + * want to decode and encode the + * incr update record the first time. + */ + upd->kdb_commit = indx_log->kdb_commit; + + upd++; + sno++; + } /* while */ + + ulog_handle->updates.kdb_ulog_t_len = count; + + ulog_handle->lastentry.last_sno = ulog->kdb_last_sno; + ulog_handle->lastentry.last_time.seconds = + ulog->kdb_last_time.seconds; + ulog_handle->lastentry.last_time.useconds = + ulog->kdb_last_time.useconds; + ulog_handle->ret = UPDATE_OK; + + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + + return (0); + } else { + /* + * We have time stamp mismatch or we no longer have + * the slave's last sno, so we brute force it + */ + (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK); + (void) krb5_db_unlock(context); + ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED; + + return (0); + } } /* @@ -886,15 +887,15 @@ ulog_get_entries(krb5_context context, /* input - krb5 lib config */ krb5_error_code ulog_set_role(krb5_context ctx, iprop_role role) { - kdb_log_context *log_ctx; + kdb_log_context *log_ctx; if (!ctx->kdblog_context) { - if (!(log_ctx = malloc(sizeof (kdb_log_context)))) - return (errno); - memset(log_ctx, 0, sizeof(*log_ctx)); - ctx->kdblog_context = log_ctx; + if (!(log_ctx = malloc(sizeof (kdb_log_context)))) + return (errno); + memset(log_ctx, 0, sizeof(*log_ctx)); + ctx->kdblog_context = log_ctx; } else - log_ctx = ctx->kdblog_context; + log_ctx = ctx->kdblog_context; log_ctx->iproprole = role; @@ -911,25 +912,25 @@ static int extend_file_to(int fd, uint_t new_size) current_offset = lseek(fd, 0, SEEK_END); if (current_offset < 0) - return -1; + return -1; if (new_size > INT_MAX) { - errno = EINVAL; - return -1; + errno = EINVAL; + return -1; } while (current_offset < new_size) { - int write_size, wrote_size; - write_size = new_size - current_offset; - if (write_size > 512) - write_size = 512; - wrote_size = write(fd, zero, write_size); - if (wrote_size < 0) - return -1; - if (wrote_size == 0) { - errno = EINVAL; /* XXX ?? */ - return -1; - } - current_offset += wrote_size; - write_size = new_size - current_offset; + int write_size, wrote_size; + write_size = new_size - current_offset; + if (write_size > 512) + write_size = 512; + wrote_size = write(fd, zero, write_size); + if (wrote_size < 0) + return -1; + if (wrote_size == 0) { + errno = EINVAL; /* XXX ?? */ + return -1; + } + current_offset += wrote_size; + write_size = new_size - current_offset; } return 0; } diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c index 47626f1..03cc897 100644 --- a/src/lib/kdb/keytab.c +++ b/src/lib/kdb/keytab.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * kadmin/v5server/keytab.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #include <string.h> @@ -35,30 +36,30 @@ is_xrealm_tgt(krb5_context, krb5_const_principal); krb5_error_code krb5_ktkdb_close (krb5_context, krb5_keytab); krb5_error_code krb5_ktkdb_get_entry (krb5_context, krb5_keytab, krb5_const_principal, - krb5_kvno, krb5_enctype, krb5_keytab_entry *); + krb5_kvno, krb5_enctype, krb5_keytab_entry *); static krb5_error_code krb5_ktkdb_get_name(krb5_context context, krb5_keytab keytab, - char *name, unsigned int namelen) + char *name, unsigned int namelen) { if (strlcpy(name, "KDB:", namelen) >= namelen); - return KRB5_KT_NAME_TOOLONG; + return KRB5_KT_NAME_TOOLONG; return 0; } krb5_kt_ops krb5_kt_kdb_ops = { 0, - "KDB", /* Prefix -- this string should not appear anywhere else! */ - krb5_ktkdb_resolve, /* resolve */ - krb5_ktkdb_get_name, /* get_name */ - krb5_ktkdb_close, /* close */ - krb5_ktkdb_get_entry, /* get */ - NULL, /* start_seq_get */ - NULL, /* get_next */ - NULL, /* end_get */ - NULL, /* add (extended) */ - NULL, /* remove (extended) */ - NULL, /* (void *) &krb5_ktfile_ser_entry */ + "KDB", /* Prefix -- this string should not appear anywhere else! */ + krb5_ktkdb_resolve, /* resolve */ + krb5_ktkdb_get_name, /* get_name */ + krb5_ktkdb_close, /* close */ + krb5_ktkdb_get_entry, /* get */ + NULL, /* start_seq_get */ + NULL, /* get_next */ + NULL, /* end_get */ + NULL, /* add (extended) */ + NULL, /* remove (extended) */ + NULL, /* (void *) &krb5_ktfile_ser_entry */ }; typedef struct krb5_ktkdb_data { @@ -67,9 +68,9 @@ typedef struct krb5_ktkdb_data { krb5_error_code krb5_ktkdb_resolve(context, name, id) - krb5_context context; - const char * name; - krb5_keytab * id; + krb5_context context; + const char * name; + krb5_keytab * id; { if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) return(ENOMEM); @@ -80,21 +81,21 @@ krb5_ktkdb_resolve(context, name, id) krb5_error_code krb5_ktkdb_close(context, kt) - krb5_context context; - krb5_keytab kt; + krb5_context context; + krb5_keytab kt; { - /* - * This routine is responsible for freeing all memory allocated - * for this keytab. There are no system resources that need - * to be freed nor are there any open files. - * - * This routine should undo anything done by krb5_ktkdb_resolve(). - */ - - kt->ops = NULL; - free(kt); - - return 0; + /* + * This routine is responsible for freeing all memory allocated + * for this keytab. There are no system resources that need + * to be freed nor are there any open files. + * + * This routine should undo anything done by krb5_ktkdb_resolve(). + */ + + kt->ops = NULL; + free(kt); + + return 0; } static krb5_context ktkdb_ctx = NULL; @@ -115,28 +116,28 @@ krb5_ktkdb_set_context(krb5_context ctx) krb5_error_code krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) - krb5_context in_context; - krb5_keytab id; + krb5_context in_context; + krb5_keytab id; krb5_const_principal principal; - krb5_kvno kvno; - krb5_enctype enctype; - krb5_keytab_entry * entry; + krb5_kvno kvno; + krb5_enctype enctype; + krb5_keytab_entry * entry; { - krb5_context context; + krb5_context context; krb5_keylist_node * master_keylist; krb5_keyblock * master_key; - krb5_error_code kerror = 0; - krb5_key_data * key_data; - krb5_db_entry db_entry; - krb5_boolean more = 0; - int n = 0; + krb5_error_code kerror = 0; + krb5_key_data * key_data; + krb5_db_entry db_entry; + krb5_boolean more = 0; + int n = 0; int xrealm_tgt; krb5_boolean similar; if (ktkdb_ctx) - context = ktkdb_ctx; + context = ktkdb_ctx; else - context = in_context; + context = in_context; xrealm_tgt = is_xrealm_tgt(context, principal); @@ -146,59 +147,59 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) /* get_principal */ kerror = krb5_db_get_principal(context, principal, & - db_entry, &n, &more); + db_entry, &n, &more); if (kerror) { - /* krb5_db_close_database(context); */ + /* krb5_db_close_database(context); */ return(kerror); } if (n != 1) { - /* krb5_db_close_database(context); */ - return KRB5_KT_NOTFOUND; + /* krb5_db_close_database(context); */ + return KRB5_KT_NOTFOUND; } if (db_entry.attributes & KRB5_KDB_DISALLOW_SVR - || db_entry.attributes & KRB5_KDB_DISALLOW_ALL_TIX) { - kerror = KRB5_KT_NOTFOUND; - goto error; + || db_entry.attributes & KRB5_KDB_DISALLOW_ALL_TIX) { + kerror = KRB5_KT_NOTFOUND; + goto error; } /* match key */ kerror = krb5_db_get_mkey_list(context, &master_keylist); if (kerror) - goto error; + goto error; kerror = krb5_dbe_find_mkey(context, master_keylist, &db_entry, &master_key); if (kerror) - goto error; + goto error; /* For cross realm tgts, we match whatever enctype is provided; * for other principals, we only match the first enctype that is * found. Since the TGS and AS code do the same thing, then we * will only successfully decrypt tickets we have issued.*/ kerror = krb5_dbe_find_enctype(context, &db_entry, - xrealm_tgt?enctype:-1, - -1, kvno, &key_data); + xrealm_tgt?enctype:-1, + -1, kvno, &key_data); if (kerror == KRB5_KDB_NO_MATCHING_KEY) - kerror = KRB5_KT_KVNONOTFOUND; + kerror = KRB5_KT_KVNONOTFOUND; if (kerror) - goto error; + goto error; kerror = krb5_dbekd_decrypt_key_data(context, master_key, - key_data, &entry->key, NULL); + key_data, &entry->key, NULL); if (kerror) - goto error; - - if (enctype > 0) { - kerror = krb5_c_enctype_compare(context, enctype, - entry->key.enctype, &similar); - if (kerror) - goto error; - - if (!similar) { - kerror = KRB5_KDB_NO_PERMITTED_KEY; - goto error; - } + goto error; + + if (enctype > 0) { + kerror = krb5_c_enctype_compare(context, enctype, + entry->key.enctype, &similar); + if (kerror) + goto error; + + if (!similar) { + kerror = KRB5_KDB_NO_PERMITTED_KEY; + goto error; + } } /* * Coerce the enctype of the output keyblock in case we got an @@ -208,10 +209,10 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) kerror = krb5_copy_principal(context, principal, &entry->principal); if (kerror) - goto error; + goto error; /* Close database */ - error: +error: krb5_db_free_principal(context, &db_entry, 1); /* krb5_db_close_database(context); */ return(kerror); @@ -227,16 +228,15 @@ is_xrealm_tgt(krb5_context context, krb5_const_principal princ) { krb5_data *dat; if (krb5_princ_size(context, princ) != 2) - return 0; + return 0; dat = krb5_princ_component(context, princ, 0); if (strncmp("krbtgt", dat->data, dat->length) != 0) - return 0; + return 0; dat = krb5_princ_component(context, princ, 1); if (dat->length != princ->realm.length) - return 1; + return 1; if (strncmp(dat->data, princ->realm.data, dat->length) == 0) - return 0; + return 0; return 1; } - diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 1a46894..e6682b5 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -1774,7 +1774,7 @@ error_out: asn1_error_code asn1_decode_external_principal_identifier_ptr - (asn1buf *buf, + (asn1buf *buf, krb5_external_principal_identifier **valptr) { decode_ptr(krb5_external_principal_identifier *, diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h index f0d99dc..4cf7e08 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.h +++ b/src/lib/krb5/asn.1/asn1_k_decode.h @@ -109,7 +109,7 @@ asn1_error_code asn1_decode_checksum_ptr asn1_error_code asn1_decode_encryption_key (asn1buf *buf, krb5_keyblock *val); asn1_error_code asn1_decode_encryption_key_ptr - (asn1buf *buf, krb5_keyblock **valptr); + (asn1buf *buf, krb5_keyblock **valptr); asn1_error_code asn1_decode_encrypted_data (asn1buf *buf, krb5_enc_data *val); asn1_error_code asn1_decode_ticket_flags @@ -127,7 +127,7 @@ asn1_error_code asn1_decode_kdc_options asn1_error_code asn1_decode_ticket (asn1buf *buf, krb5_ticket *val); asn1_error_code asn1_decode_ticket_ptr - (asn1buf *buf, krb5_ticket **valptr); + (asn1buf *buf, krb5_ticket **valptr); asn1_error_code asn1_decode_kdc_req (asn1buf *buf, krb5_kdc_req *val); asn1_error_code asn1_decode_kdc_req_body @@ -137,7 +137,7 @@ asn1_error_code asn1_decode_krb_safe_body asn1_error_code asn1_decode_host_address (asn1buf *buf, krb5_address *val); asn1_error_code asn1_decode_host_address_ptr - (asn1buf *buf, krb5_address **valptr); + (asn1buf *buf, krb5_address **valptr); asn1_error_code asn1_decode_kdc_rep (asn1buf *buf, krb5_kdc_rep *val); asn1_error_code asn1_decode_last_req_entry @@ -155,7 +155,7 @@ asn1_error_code asn1_decode_krb_cred_info_ptr asn1_error_code asn1_decode_pa_data (asn1buf *buf, krb5_pa_data *val); asn1_error_code asn1_decode_pa_data_ptr - (asn1buf *buf, krb5_pa_data **valptr); + (asn1buf *buf, krb5_pa_data **valptr); asn1_error_code asn1_decode_passwdsequence (asn1buf *buf, passwd_phrase_element *val); asn1_error_code asn1_decode_passwdsequence_ptr diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index 215608d..fa835fe 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -1191,7 +1191,7 @@ krb5_error_code decode_krb5_ad_kdcissued cleanup(free); } - + #ifndef DISABLE_PKINIT krb5_error_code decode_krb5_pa_pk_as_req(const krb5_data *code, krb5_pa_pk_as_req **repptr) diff --git a/src/lib/krb5/asn.1/krb5_encode.c b/src/lib/krb5/asn.1/krb5_encode.c index 5834e8a..144b726 100644 --- a/src/lib/krb5/asn.1/krb5_encode.c +++ b/src/lib/krb5/asn.1/krb5_encode.c @@ -171,4 +171,3 @@ krb5_error_code encode_krb5_typed_data(const krb5_typed_data **rep, krb5_data ** sum += length; krb5_cleanup(); } - diff --git a/src/lib/krb5/ccache/cc-int.h b/src/lib/krb5/ccache/cc-int.h index 84b1002..6854265 100644 --- a/src/lib/krb5/ccache/cc-int.h +++ b/src/lib/krb5/ccache/cc-int.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/file/cc-int.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * This file contains constant and function declarations used in the * file-based credential cache routines. @@ -71,8 +72,8 @@ typedef struct _k5_cc_mutex { krb5_int32 refcount; } k5_cc_mutex; -#define K5_CC_MUTEX_PARTIAL_INITIALIZER \ - { K5_MUTEX_PARTIAL_INITIALIZER, NULL, 0 } +#define K5_CC_MUTEX_PARTIAL_INITIALIZER \ + { K5_MUTEX_PARTIAL_INITIALIZER, NULL, 0 } krb5_error_code k5_cc_mutex_init(k5_cc_mutex *m); @@ -80,8 +81,8 @@ k5_cc_mutex_init(k5_cc_mutex *m); krb5_error_code k5_cc_mutex_finish_init(k5_cc_mutex *m); -#define k5_cc_mutex_destroy(M) \ -k5_mutex_destroy(&(M)->lock); +#define k5_cc_mutex_destroy(M) \ + k5_mutex_destroy(&(M)->lock); void k5_cc_mutex_assert_locked(krb5_context context, k5_cc_mutex *m); @@ -101,7 +102,7 @@ extern k5_cc_mutex krb5int_cc_file_mutex; #ifdef USE_CCAPI_V3 extern krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock -(krb5_context context); +(krb5_context context); extern krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock (krb5_context context); diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 32564a0..d1499bc 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/cc_file.c * @@ -10,7 +11,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -24,46 +25,46 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * implementation of file-based credentials cache */ /* -If OPENCLOSE is defined, each of the functions opens and closes the -file whenever it needs to access it. Otherwise, the file is opened -once in initialize and closed once is close. - -This library depends on UNIX-like file descriptors, and UNIX-like -behavior from the functions: open, close, read, write, lseek. - -The quasi-BNF grammar for a credentials cache: - -file ::= - principal list-of-credentials - -credential ::= - client (principal) - server (principal) - keyblock (keyblock) - times (ticket_times) - is_skey (boolean) - ticket_flags (flags) - ticket (data) - second_ticket (data) - -principal ::= - number of components (int32) - component 1 (data) - component 2 (data) - ... - -data ::= - length (int32) - string of length bytes - -etc. - */ + If OPENCLOSE is defined, each of the functions opens and closes the + file whenever it needs to access it. Otherwise, the file is opened + once in initialize and closed once is close. + + This library depends on UNIX-like file descriptors, and UNIX-like + behavior from the functions: open, close, read, write, lseek. + + The quasi-BNF grammar for a credentials cache: + + file ::= + principal list-of-credentials + + credential ::= + client (principal) + server (principal) + keyblock (keyblock) + times (ticket_times) + is_skey (boolean) + ticket_flags (flags) + ticket (data) + second_ticket (data) + + principal ::= + number of components (int32) + component 1 (data) + component 2 (data) + ... + + data ::= + length (int32) + string of length bytes + + etc. +*/ /* todo: Make sure that each time a function returns KRB5_NOMEM, everything allocated earlier in the function and stack tree is freed. @@ -74,7 +75,7 @@ etc. simultaneously. (That may require reader/writer locks.) fcc_nseq.c and fcc_read don't check return values a lot. - */ +*/ #include "k5-int.h" #include "cc-int.h" @@ -96,93 +97,93 @@ etc. #endif static krb5_error_code KRB5_CALLCONV krb5_fcc_close - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_fcc_destroy - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_fcc_end_seq_get - (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); +(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); static krb5_error_code KRB5_CALLCONV krb5_fcc_generate_new - (krb5_context, krb5_ccache *id); +(krb5_context, krb5_ccache *id); static const char * KRB5_CALLCONV krb5_fcc_get_name - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_fcc_get_principal - (krb5_context, krb5_ccache id, krb5_principal *princ); +(krb5_context, krb5_ccache id, krb5_principal *princ); static krb5_error_code KRB5_CALLCONV krb5_fcc_initialize - (krb5_context, krb5_ccache id, krb5_principal princ); +(krb5_context, krb5_ccache id, krb5_principal princ); static krb5_error_code KRB5_CALLCONV krb5_fcc_next_cred - (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor, - krb5_creds *creds); +(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor, + krb5_creds *creds); static krb5_error_code krb5_fcc_read - (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len); +(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len); static krb5_error_code krb5_fcc_read_principal - (krb5_context, krb5_ccache id, krb5_principal *princ); +(krb5_context, krb5_ccache id, krb5_principal *princ); static krb5_error_code krb5_fcc_read_keyblock - (krb5_context, krb5_ccache id, krb5_keyblock *keyblock); +(krb5_context, krb5_ccache id, krb5_keyblock *keyblock); static krb5_error_code krb5_fcc_read_data - (krb5_context, krb5_ccache id, krb5_data *data); +(krb5_context, krb5_ccache id, krb5_data *data); static krb5_error_code krb5_fcc_read_int32 - (krb5_context, krb5_ccache id, krb5_int32 *i); +(krb5_context, krb5_ccache id, krb5_int32 *i); static krb5_error_code krb5_fcc_read_ui_2 - (krb5_context, krb5_ccache id, krb5_ui_2 *i); +(krb5_context, krb5_ccache id, krb5_ui_2 *i); static krb5_error_code krb5_fcc_read_octet - (krb5_context, krb5_ccache id, krb5_octet *i); +(krb5_context, krb5_ccache id, krb5_octet *i); static krb5_error_code krb5_fcc_read_times - (krb5_context, krb5_ccache id, krb5_ticket_times *t); +(krb5_context, krb5_ccache id, krb5_ticket_times *t); static krb5_error_code krb5_fcc_read_addrs - (krb5_context, krb5_ccache, krb5_address ***); +(krb5_context, krb5_ccache, krb5_address ***); static krb5_error_code krb5_fcc_read_addr - (krb5_context, krb5_ccache, krb5_address *); +(krb5_context, krb5_ccache, krb5_address *); static krb5_error_code krb5_fcc_read_authdata - (krb5_context, krb5_ccache, krb5_authdata ***); +(krb5_context, krb5_ccache, krb5_authdata ***); static krb5_error_code krb5_fcc_read_authdatum - (krb5_context, krb5_ccache, krb5_authdata *); +(krb5_context, krb5_ccache, krb5_authdata *); static krb5_error_code KRB5_CALLCONV krb5_fcc_resolve - (krb5_context, krb5_ccache *id, const char *residual); +(krb5_context, krb5_ccache *id, const char *residual); static krb5_error_code KRB5_CALLCONV krb5_fcc_retrieve - (krb5_context, krb5_ccache id, krb5_flags whichfields, - krb5_creds *mcreds, krb5_creds *creds); +(krb5_context, krb5_ccache id, krb5_flags whichfields, + krb5_creds *mcreds, krb5_creds *creds); static krb5_error_code KRB5_CALLCONV krb5_fcc_start_seq_get - (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); +(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); static krb5_error_code KRB5_CALLCONV krb5_fcc_store - (krb5_context, krb5_ccache id, krb5_creds *creds); +(krb5_context, krb5_ccache id, krb5_creds *creds); static krb5_error_code krb5_fcc_skip_header - (krb5_context, krb5_ccache); +(krb5_context, krb5_ccache); static krb5_error_code krb5_fcc_skip_principal - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_fcc_set_flags - (krb5_context, krb5_ccache id, krb5_flags flags); +(krb5_context, krb5_ccache id, krb5_flags flags); static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_new - (krb5_context context, krb5_cc_ptcursor *cursor); +(krb5_context context, krb5_cc_ptcursor *cursor); static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_next - (krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache); +(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache); static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_free - (krb5_context context, krb5_cc_ptcursor *cursor); +(krb5_context context, krb5_cc_ptcursor *cursor); static krb5_error_code KRB5_CALLCONV krb5_fcc_last_change_time - (krb5_context context, krb5_ccache id, krb5_timestamp *change_time); +(krb5_context context, krb5_ccache id, krb5_timestamp *change_time); static krb5_error_code KRB5_CALLCONV krb5_fcc_lock - (krb5_context context, krb5_ccache id); +(krb5_context context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_fcc_unlock - (krb5_context context, krb5_ccache id); +(krb5_context context, krb5_ccache id); extern const krb5_cc_ops krb5_cc_file_ops; @@ -190,43 +191,43 @@ extern const krb5_cc_ops krb5_cc_file_ops; krb5_error_code krb5_change_cache (void); static krb5_error_code krb5_fcc_write - (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len); +(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len); static krb5_error_code krb5_fcc_store_principal - (krb5_context, krb5_ccache id, krb5_principal princ); +(krb5_context, krb5_ccache id, krb5_principal princ); static krb5_error_code krb5_fcc_store_keyblock - (krb5_context, krb5_ccache id, krb5_keyblock *keyblock); +(krb5_context, krb5_ccache id, krb5_keyblock *keyblock); static krb5_error_code krb5_fcc_store_data - (krb5_context, krb5_ccache id, krb5_data *data); +(krb5_context, krb5_ccache id, krb5_data *data); static krb5_error_code krb5_fcc_store_int32 - (krb5_context, krb5_ccache id, krb5_int32 i); +(krb5_context, krb5_ccache id, krb5_int32 i); static krb5_error_code krb5_fcc_store_ui_4 - (krb5_context, krb5_ccache id, krb5_ui_4 i); +(krb5_context, krb5_ccache id, krb5_ui_4 i); static krb5_error_code krb5_fcc_store_ui_2 - (krb5_context, krb5_ccache id, krb5_int32 i); +(krb5_context, krb5_ccache id, krb5_int32 i); static krb5_error_code krb5_fcc_store_octet - (krb5_context, krb5_ccache id, krb5_int32 i); +(krb5_context, krb5_ccache id, krb5_int32 i); static krb5_error_code krb5_fcc_store_times - (krb5_context, krb5_ccache id, krb5_ticket_times *t); +(krb5_context, krb5_ccache id, krb5_ticket_times *t); static krb5_error_code krb5_fcc_store_addrs - (krb5_context, krb5_ccache, krb5_address **); +(krb5_context, krb5_ccache, krb5_address **); static krb5_error_code krb5_fcc_store_addr - (krb5_context, krb5_ccache, krb5_address *); +(krb5_context, krb5_ccache, krb5_address *); static krb5_error_code krb5_fcc_store_authdata - (krb5_context, krb5_ccache, krb5_authdata **); +(krb5_context, krb5_ccache, krb5_authdata **); static krb5_error_code krb5_fcc_store_authdatum - (krb5_context, krb5_ccache, krb5_authdata *); +(krb5_context, krb5_ccache, krb5_authdata *); static krb5_error_code krb5_fcc_interpret - (krb5_context, int); +(krb5_context, int); struct _krb5_fcc_data; static krb5_error_code krb5_fcc_close_file - (krb5_context, struct _krb5_fcc_data *data); +(krb5_context, struct _krb5_fcc_data *data); static krb5_error_code krb5_fcc_open_file - (krb5_context, krb5_ccache, int); +(krb5_context, krb5_ccache, int); static krb5_error_code krb5_fcc_data_last_change_time - (krb5_context context, struct _krb5_fcc_data *data, - krb5_timestamp *change_time); +(krb5_context context, struct _krb5_fcc_data *data, + krb5_timestamp *change_time); #define KRB5_OK 0 @@ -236,11 +237,11 @@ static krb5_error_code krb5_fcc_data_last_change_time /* * FCC version 2 contains type information for principals. FCC * version 1 does not. - * + * * FCC version 3 contains keyblock encryption type information, and is * architecture independent. Previous versions are not. * - * The code will accept version 1, 2, and 3 ccaches, and depending + * The code will accept version 1, 2, and 3 ccaches, and depending * what KRB5_FCC_DEFAULT_FVNO is set to, it will create version 1, 2, * or 3 FCC caches. * @@ -248,24 +249,24 @@ static krb5_error_code krb5_fcc_data_last_change_time * init_ctx.c). */ -#define KRB5_FCC_FVNO_1 0x0501 /* krb v5, fcc v1 */ -#define KRB5_FCC_FVNO_2 0x0502 /* krb v5, fcc v2 */ -#define KRB5_FCC_FVNO_3 0x0503 /* krb v5, fcc v3 */ -#define KRB5_FCC_FVNO_4 0x0504 /* krb v5, fcc v4 */ +#define KRB5_FCC_FVNO_1 0x0501 /* krb v5, fcc v1 */ +#define KRB5_FCC_FVNO_2 0x0502 /* krb v5, fcc v2 */ +#define KRB5_FCC_FVNO_3 0x0503 /* krb v5, fcc v3 */ +#define KRB5_FCC_FVNO_4 0x0504 /* krb v5, fcc v4 */ -#define FCC_OPEN_AND_ERASE 1 -#define FCC_OPEN_RDWR 2 -#define FCC_OPEN_RDONLY 3 +#define FCC_OPEN_AND_ERASE 1 +#define FCC_OPEN_RDWR 2 +#define FCC_OPEN_RDONLY 3 /* Credential file header tags. * The header tags are constructed as: - * krb5_ui_2 tag - * krb5_ui_2 len - * krb5_octet data[len] + * krb5_ui_2 tag + * krb5_ui_2 len + * krb5_octet data[len] * This format allows for older versions of the fcc processing code to skip * past unrecognized tag formats. */ -#define FCC_TAG_DELTATIME 1 +#define FCC_TAG_DELTATIME 1 #ifndef TKT_ROOT #ifdef MSDOS_FILESYSTEM @@ -286,8 +287,8 @@ typedef struct _krb5_fcc_data { k5_cc_mutex lock; int file; krb5_flags flags; - int mode; /* needed for locking code */ - int version; /* version number of the file */ + int mode; /* needed for locking code */ + int version; /* version number of the file */ /* Buffer data on reading, for performance. We used to have a stdio option, but we get more precise control @@ -308,10 +309,10 @@ static off_t fcc_lseek(krb5_fcc_data *data, off_t offset, int whence) /* If we read some extra data in advance, and then want to know or use our "current" position, we need to back up a little. */ if (whence == SEEK_CUR && data->valid_bytes) { - assert(data->valid_bytes > 0); - assert(data->cur_offset > 0); - assert(data->cur_offset <= data->valid_bytes); - offset -= (data->valid_bytes - data->cur_offset); + assert(data->valid_bytes > 0); + assert(data->cur_offset > 0); + assert(data->cur_offset <= data->valid_bytes); + offset -= (data->valid_bytes - data->cur_offset); } invalidate_cache(data); return lseek(data->file, offset, whence); @@ -336,31 +337,31 @@ typedef struct _krb5_fcc_cursor { off_t pos; } krb5_fcc_cursor; -#define MAYBE_OPEN(CONTEXT, ID, MODE) \ -{ \ - k5_cc_mutex_assert_locked(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \ - if (OPENCLOSE (ID)) { \ - krb5_error_code maybe_open_ret; \ - maybe_open_ret = krb5_fcc_open_file (CONTEXT,ID,MODE); \ - if (maybe_open_ret) { \ - k5_cc_mutex_unlock(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \ - return maybe_open_ret; \ - } \ - } \ -} +#define MAYBE_OPEN(CONTEXT, ID, MODE) \ + { \ + k5_cc_mutex_assert_locked(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \ + if (OPENCLOSE (ID)) { \ + krb5_error_code maybe_open_ret; \ + maybe_open_ret = krb5_fcc_open_file (CONTEXT,ID,MODE); \ + if (maybe_open_ret) { \ + k5_cc_mutex_unlock(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \ + return maybe_open_ret; \ + } \ + } \ + } -#define MAYBE_CLOSE(CONTEXT, ID, RET) \ -{ \ - if (OPENCLOSE (ID)) { \ - krb5_error_code maybe_close_ret; \ - maybe_close_ret = krb5_fcc_close_file (CONTEXT, \ - (krb5_fcc_data *)(ID)->data); \ - if (!(RET)) RET = maybe_close_ret; } } +#define MAYBE_CLOSE(CONTEXT, ID, RET) \ + { \ + if (OPENCLOSE (ID)) { \ + krb5_error_code maybe_close_ret; \ + maybe_close_ret = krb5_fcc_close_file (CONTEXT, \ + (krb5_fcc_data *)(ID)->data); \ + if (!(RET)) RET = maybe_close_ret; } } -#define MAYBE_CLOSE_IGNORE(CONTEXT, ID) \ -{ \ - if (OPENCLOSE (ID)) { \ - (void) krb5_fcc_close_file (CONTEXT,(krb5_fcc_data *)(ID)->data); } } +#define MAYBE_CLOSE_IGNORE(CONTEXT, ID) \ + { \ + if (OPENCLOSE (ID)) { \ + (void) krb5_fcc_close_file (CONTEXT,(krb5_fcc_data *)(ID)->data); } } #define CHECK(ret) if (ret != KRB5_OK) goto errout; @@ -381,56 +382,56 @@ static krb5_error_code krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len) { #if 0 - int ret; + int ret; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - ret = read(((krb5_fcc_data *) id->data)->file, (char *) buf, len); - if (ret == -1) - return krb5_fcc_interpret(context, errno); - if (ret != len) - return KRB5_CC_END; - else - return KRB5_OK; + ret = read(((krb5_fcc_data *) id->data)->file, (char *) buf, len); + if (ret == -1) + return krb5_fcc_interpret(context, errno); + if (ret != len) + return KRB5_CC_END; + else + return KRB5_OK; #else - krb5_fcc_data *data = (krb5_fcc_data *) id->data; - - k5_cc_mutex_assert_locked(context, &data->lock); - - while (len > 0) { - int nread, e; - size_t ncopied; - - assert (data->valid_bytes >= 0); - if (data->valid_bytes > 0) - assert(data->cur_offset <= data->valid_bytes); - if (data->valid_bytes == 0 - || data->cur_offset == data->valid_bytes) { - /* Fill buffer from current file position. */ - nread = read(data->file, data->buf, sizeof(data->buf)); - e = errno; - if (nread < 0) - return krb5_fcc_interpret(context, e); - if (nread == 0) - /* EOF */ - return KRB5_CC_END; - data->valid_bytes = nread; - data->cur_offset = 0; - } - assert(data->cur_offset < data->valid_bytes); - ncopied = len; - assert(ncopied == len); - if (data->valid_bytes - data->cur_offset < ncopied) - ncopied = data->valid_bytes - data->cur_offset; - memcpy(buf, data->buf + data->cur_offset, ncopied); - data->cur_offset += ncopied; - assert(data->cur_offset > 0); - assert(data->cur_offset <= data->valid_bytes); - len -= ncopied; - /* Don't do arithmetic on void pointers. */ - buf = (char*)buf + ncopied; - } - return 0; + krb5_fcc_data *data = (krb5_fcc_data *) id->data; + + k5_cc_mutex_assert_locked(context, &data->lock); + + while (len > 0) { + int nread, e; + size_t ncopied; + + assert (data->valid_bytes >= 0); + if (data->valid_bytes > 0) + assert(data->cur_offset <= data->valid_bytes); + if (data->valid_bytes == 0 + || data->cur_offset == data->valid_bytes) { + /* Fill buffer from current file position. */ + nread = read(data->file, data->buf, sizeof(data->buf)); + e = errno; + if (nread < 0) + return krb5_fcc_interpret(context, e); + if (nread == 0) + /* EOF */ + return KRB5_CC_END; + data->valid_bytes = nread; + data->cur_offset = 0; + } + assert(data->cur_offset < data->valid_bytes); + ncopied = len; + assert(ncopied == len); + if (data->valid_bytes - data->cur_offset < ncopied) + ncopied = data->valid_bytes - data->cur_offset; + memcpy(buf, data->buf + data->cur_offset, ncopied); + data->cur_offset += ncopied; + assert(data->cur_offset > 0); + assert(data->cur_offset <= data->valid_bytes); + len -= ncopied; + /* Don't do arithmetic on void pointers. */ + buf = (char*)buf + ncopied; + } + return 0; #endif } @@ -453,9 +454,9 @@ krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned i * KRB5_CC_NOMEM */ -#define ALLOC(NUM,TYPE) \ - (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \ - ? (TYPE *) calloc((NUM), sizeof(TYPE)) \ +#define ALLOC(NUM,TYPE) \ + (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \ + ? (TYPE *) calloc((NUM), sizeof(TYPE)) \ : (errno = ENOMEM,(TYPE *) 0)) static krb5_error_code @@ -472,44 +473,44 @@ krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *pr *princ = NULL; if (data->version == KRB5_FCC_FVNO_1) { - type = KRB5_NT_UNKNOWN; + type = KRB5_NT_UNKNOWN; } else { /* Read principal type */ kret = krb5_fcc_read_int32(context, id, &type); if (kret != KRB5_OK) - return kret; + return kret; } /* Read the number of components */ kret = krb5_fcc_read_int32(context, id, &length); if (kret != KRB5_OK) - return kret; + return kret; /* * DCE includes the principal's realm in the count; the new format * does not. */ if (data->version == KRB5_FCC_FVNO_1) - length--; + length--; if (length < 0) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data)); if (tmpprinc == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; if (length) { - size_t msize = length; - if (msize != length) { - free(tmpprinc); - return KRB5_CC_NOMEM; - } - tmpprinc->data = ALLOC (msize, krb5_data); - if (tmpprinc->data == 0) { - free(tmpprinc); - return KRB5_CC_NOMEM; - } + size_t msize = length; + if (msize != length) { + free(tmpprinc); + return KRB5_CC_NOMEM; + } + tmpprinc->data = ALLOC (msize, krb5_data); + if (tmpprinc->data == 0) { + free(tmpprinc); + return KRB5_CC_NOMEM; + } } else - tmpprinc->data = 0; + tmpprinc->data = 0; tmpprinc->magic = KV5M_PRINCIPAL; tmpprinc->length = length; tmpprinc->type = type; @@ -520,15 +521,15 @@ krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *pr CHECK(kret); for (i=0; i < length; i++) { - kret = krb5_fcc_read_data(context, id, krb5_princ_component(context, tmpprinc, i)); - CHECK(kret); + kret = krb5_fcc_read_data(context, id, krb5_princ_component(context, tmpprinc, i)); + CHECK(kret); } *princ = tmpprinc; return KRB5_OK; - errout: +errout: while(--i >= 0) - free(krb5_princ_component(context, tmpprinc, i)->data); + free(krb5_princ_component(context, tmpprinc, i)->data); free(krb5_princ_realm(context, tmpprinc)->data); free(tmpprinc->data); free(tmpprinc); @@ -538,185 +539,185 @@ krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *pr static krb5_error_code krb5_fcc_read_addrs(krb5_context context, krb5_ccache id, krb5_address ***addrs) { - krb5_error_code kret; - krb5_int32 length; - size_t msize; - int i; - - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - - *addrs = 0; - - /* Read the number of components */ - kret = krb5_fcc_read_int32(context, id, &length); - CHECK(kret); - - /* Make *addrs able to hold length pointers to krb5_address structs - * Add one extra for a null-terminated list - */ - msize = length; - msize += 1; - if (msize == 0 || msize - 1 != length || length < 0) - return KRB5_CC_NOMEM; - *addrs = ALLOC (msize, krb5_address *); - if (*addrs == NULL) - return KRB5_CC_NOMEM; - - for (i=0; i < length; i++) { - (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address)); - if ((*addrs)[i] == NULL) { - krb5_free_addresses(context, *addrs); - *addrs = 0; - return KRB5_CC_NOMEM; - } - (*addrs)[i]->contents = NULL; - kret = krb5_fcc_read_addr(context, id, (*addrs)[i]); - CHECK(kret); - } - - return KRB5_OK; - errout: - if (*addrs) { - krb5_free_addresses(context, *addrs); - *addrs = NULL; - } - return kret; + krb5_error_code kret; + krb5_int32 length; + size_t msize; + int i; + + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + + *addrs = 0; + + /* Read the number of components */ + kret = krb5_fcc_read_int32(context, id, &length); + CHECK(kret); + + /* Make *addrs able to hold length pointers to krb5_address structs + * Add one extra for a null-terminated list + */ + msize = length; + msize += 1; + if (msize == 0 || msize - 1 != length || length < 0) + return KRB5_CC_NOMEM; + *addrs = ALLOC (msize, krb5_address *); + if (*addrs == NULL) + return KRB5_CC_NOMEM; + + for (i=0; i < length; i++) { + (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address)); + if ((*addrs)[i] == NULL) { + krb5_free_addresses(context, *addrs); + *addrs = 0; + return KRB5_CC_NOMEM; + } + (*addrs)[i]->contents = NULL; + kret = krb5_fcc_read_addr(context, id, (*addrs)[i]); + CHECK(kret); + } + + return KRB5_OK; +errout: + if (*addrs) { + krb5_free_addresses(context, *addrs); + *addrs = NULL; + } + return kret; } static krb5_error_code krb5_fcc_read_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; - krb5_error_code kret; - krb5_ui_2 ui2; - krb5_int32 int32; - - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - - keyblock->magic = KV5M_KEYBLOCK; - keyblock->contents = 0; - - kret = krb5_fcc_read_ui_2(context, id, &ui2); - keyblock->enctype = ui2; - CHECK(kret); - if (data->version == KRB5_FCC_FVNO_3) { - /* This works because the old etype is the same as the new enctype. */ - kret = krb5_fcc_read_ui_2(context, id, &ui2); - /* keyblock->enctype = ui2; */ - CHECK(kret); - } - - kret = krb5_fcc_read_int32(context, id, &int32); - CHECK(kret); - if (int32 < 0) - return KRB5_CC_NOMEM; - keyblock->length = int32; - /* Overflow check. */ - if (keyblock->length != int32) - return KRB5_CC_NOMEM; - if ( keyblock->length == 0 ) - return KRB5_OK; - keyblock->contents = ALLOC (keyblock->length, krb5_octet); - if (keyblock->contents == NULL) - return KRB5_CC_NOMEM; - - kret = krb5_fcc_read(context, id, keyblock->contents, keyblock->length); - if (kret) - goto errout; - - return KRB5_OK; - errout: - if (keyblock->contents) { - free(keyblock->contents); - keyblock->contents = NULL; - } - return kret; + krb5_fcc_data *data = (krb5_fcc_data *)id->data; + krb5_error_code kret; + krb5_ui_2 ui2; + krb5_int32 int32; + + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + + keyblock->magic = KV5M_KEYBLOCK; + keyblock->contents = 0; + + kret = krb5_fcc_read_ui_2(context, id, &ui2); + keyblock->enctype = ui2; + CHECK(kret); + if (data->version == KRB5_FCC_FVNO_3) { + /* This works because the old etype is the same as the new enctype. */ + kret = krb5_fcc_read_ui_2(context, id, &ui2); + /* keyblock->enctype = ui2; */ + CHECK(kret); + } + + kret = krb5_fcc_read_int32(context, id, &int32); + CHECK(kret); + if (int32 < 0) + return KRB5_CC_NOMEM; + keyblock->length = int32; + /* Overflow check. */ + if (keyblock->length != int32) + return KRB5_CC_NOMEM; + if ( keyblock->length == 0 ) + return KRB5_OK; + keyblock->contents = ALLOC (keyblock->length, krb5_octet); + if (keyblock->contents == NULL) + return KRB5_CC_NOMEM; + + kret = krb5_fcc_read(context, id, keyblock->contents, keyblock->length); + if (kret) + goto errout; + + return KRB5_OK; +errout: + if (keyblock->contents) { + free(keyblock->contents); + keyblock->contents = NULL; + } + return kret; } static krb5_error_code krb5_fcc_read_data(krb5_context context, krb5_ccache id, krb5_data *data) { - krb5_error_code kret; - krb5_int32 len; + krb5_error_code kret; + krb5_int32 len; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - data->magic = KV5M_DATA; - data->data = 0; + data->magic = KV5M_DATA; + data->data = 0; - kret = krb5_fcc_read_int32(context, id, &len); - CHECK(kret); - if (len < 0) + kret = krb5_fcc_read_int32(context, id, &len); + CHECK(kret); + if (len < 0) return KRB5_CC_NOMEM; - data->length = len; - if (data->length != len || data->length + 1 == 0) - return KRB5_CC_NOMEM; - - if (data->length == 0) { - data->data = 0; - return KRB5_OK; - } - - data->data = (char *) malloc(data->length+1); - if (data->data == NULL) - return KRB5_CC_NOMEM; - - kret = krb5_fcc_read(context, id, data->data, (unsigned) data->length); - CHECK(kret); - - data->data[data->length] = 0; /* Null terminate, just in case.... */ - return KRB5_OK; - errout: - if (data->data) { - free(data->data); - data->data = NULL; - } - return kret; + data->length = len; + if (data->length != len || data->length + 1 == 0) + return KRB5_CC_NOMEM; + + if (data->length == 0) { + data->data = 0; + return KRB5_OK; + } + + data->data = (char *) malloc(data->length+1); + if (data->data == NULL) + return KRB5_CC_NOMEM; + + kret = krb5_fcc_read(context, id, data->data, (unsigned) data->length); + CHECK(kret); + + data->data[data->length] = 0; /* Null terminate, just in case.... */ + return KRB5_OK; +errout: + if (data->data) { + free(data->data); + data->data = NULL; + } + return kret; } static krb5_error_code krb5_fcc_read_addr(krb5_context context, krb5_ccache id, krb5_address *addr) { - krb5_error_code kret; - krb5_ui_2 ui2; - krb5_int32 int32; - - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - - addr->magic = KV5M_ADDRESS; - addr->contents = 0; - - kret = krb5_fcc_read_ui_2(context, id, &ui2); - CHECK(kret); - addr->addrtype = ui2; - - kret = krb5_fcc_read_int32(context, id, &int32); - CHECK(kret); - if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ - return KRB5_CC_NOMEM; - addr->length = int32; - /* Length field is "unsigned int", which may be smaller than 32 - bits. */ - if (addr->length != int32) - return KRB5_CC_NOMEM; /* XXX */ - - if (addr->length == 0) - return KRB5_OK; - - addr->contents = (krb5_octet *) malloc(addr->length); - if (addr->contents == NULL) - return KRB5_CC_NOMEM; - - kret = krb5_fcc_read(context, id, addr->contents, addr->length); - CHECK(kret); - - return KRB5_OK; - errout: - if (addr->contents) { - free(addr->contents); - addr->contents = NULL; - } - return kret; + krb5_error_code kret; + krb5_ui_2 ui2; + krb5_int32 int32; + + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + + addr->magic = KV5M_ADDRESS; + addr->contents = 0; + + kret = krb5_fcc_read_ui_2(context, id, &ui2); + CHECK(kret); + addr->addrtype = ui2; + + kret = krb5_fcc_read_int32(context, id, &int32); + CHECK(kret); + if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ + return KRB5_CC_NOMEM; + addr->length = int32; + /* Length field is "unsigned int", which may be smaller than 32 + bits. */ + if (addr->length != int32) + return KRB5_CC_NOMEM; /* XXX */ + + if (addr->length == 0) + return KRB5_OK; + + addr->contents = (krb5_octet *) malloc(addr->length); + if (addr->contents == NULL) + return KRB5_CC_NOMEM; + + kret = krb5_fcc_read(context, id, addr->contents, addr->length); + CHECK(kret); + + return KRB5_OK; +errout: + if (addr->contents) { + free(addr->contents); + addr->contents = NULL; + } + return kret; } static krb5_error_code @@ -729,14 +730,14 @@ krb5_fcc_read_int32(krb5_context context, krb5_ccache id, krb5_int32 *i) k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_int32)); + (data->version == KRB5_FCC_FVNO_2)) + return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_int32)); else { - retval = krb5_fcc_read(context, id, buf, 4); - if (retval) - return retval; + retval = krb5_fcc_read(context, id, buf, 4); + if (retval) + return retval; *i = load_32_be (buf); - return 0; + return 0; } } @@ -746,27 +747,27 @@ krb5_fcc_read_ui_2(krb5_context context, krb5_ccache id, krb5_ui_2 *i) krb5_fcc_data *data = (krb5_fcc_data *)id->data; krb5_error_code retval; unsigned char buf[2]; - + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_ui_2)); + (data->version == KRB5_FCC_FVNO_2)) + return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_ui_2)); else { - retval = krb5_fcc_read(context, id, buf, 2); - if (retval) - return retval; - *i = load_16_be (buf); - return 0; + retval = krb5_fcc_read(context, id, buf, 2); + if (retval) + return retval; + *i = load_16_be (buf); + return 0; } -} +} static krb5_error_code krb5_fcc_read_octet(krb5_context context, krb5_ccache id, krb5_octet *i) { k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); return krb5_fcc_read(context, id, (krb5_pointer) i, 1); -} +} static krb5_error_code @@ -775,28 +776,28 @@ krb5_fcc_read_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t) krb5_fcc_data *data = (krb5_fcc_data *)id->data; krb5_error_code retval; krb5_int32 i; - + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_read(context, id, (krb5_pointer) t, sizeof(krb5_ticket_times)); + (data->version == KRB5_FCC_FVNO_2)) + return krb5_fcc_read(context, id, (krb5_pointer) t, sizeof(krb5_ticket_times)); else { - retval = krb5_fcc_read_int32(context, id, &i); - CHECK(retval); - t->authtime = i; - - retval = krb5_fcc_read_int32(context, id, &i); - CHECK(retval); - t->starttime = i; - - retval = krb5_fcc_read_int32(context, id, &i); - CHECK(retval); - t->endtime = i; - - retval = krb5_fcc_read_int32(context, id, &i); - CHECK(retval); - t->renew_till = i; + retval = krb5_fcc_read_int32(context, id, &i); + CHECK(retval); + t->authtime = i; + + retval = krb5_fcc_read_int32(context, id, &i); + CHECK(retval); + t->starttime = i; + + retval = krb5_fcc_read_int32(context, id, &i); + CHECK(retval); + t->endtime = i; + + retval = krb5_fcc_read_int32(context, id, &i); + CHECK(retval); + t->renew_till = i; } return 0; errout: @@ -806,52 +807,52 @@ errout: static krb5_error_code krb5_fcc_read_authdata(krb5_context context, krb5_ccache id, krb5_authdata ***a) { - krb5_error_code kret; - krb5_int32 length; - size_t msize; - int i; - - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - - *a = 0; - - /* Read the number of components */ - kret = krb5_fcc_read_int32(context, id, &length); - CHECK(kret); - - if (length == 0) - return KRB5_OK; - - /* Make *a able to hold length pointers to krb5_authdata structs - * Add one extra for a null-terminated list - */ - msize = length; - msize += 1; - if (msize == 0 || msize - 1 != length || length < 0) - return KRB5_CC_NOMEM; - *a = ALLOC (msize, krb5_authdata *); - if (*a == NULL) - return KRB5_CC_NOMEM; - - for (i=0; i < length; i++) { - (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata)); - if ((*a)[i] == NULL) { - krb5_free_authdata(context, *a); - *a = NULL; - return KRB5_CC_NOMEM; - } - (*a)[i]->contents = NULL; - kret = krb5_fcc_read_authdatum(context, id, (*a)[i]); - CHECK(kret); - } - - return KRB5_OK; - errout: - if (*a) { - krb5_free_authdata(context, *a); - *a = NULL; - } - return kret; + krb5_error_code kret; + krb5_int32 length; + size_t msize; + int i; + + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + + *a = 0; + + /* Read the number of components */ + kret = krb5_fcc_read_int32(context, id, &length); + CHECK(kret); + + if (length == 0) + return KRB5_OK; + + /* Make *a able to hold length pointers to krb5_authdata structs + * Add one extra for a null-terminated list + */ + msize = length; + msize += 1; + if (msize == 0 || msize - 1 != length || length < 0) + return KRB5_CC_NOMEM; + *a = ALLOC (msize, krb5_authdata *); + if (*a == NULL) + return KRB5_CC_NOMEM; + + for (i=0; i < length; i++) { + (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata)); + if ((*a)[i] == NULL) { + krb5_free_authdata(context, *a); + *a = NULL; + return KRB5_CC_NOMEM; + } + (*a)[i]->contents = NULL; + kret = krb5_fcc_read_authdatum(context, id, (*a)[i]); + CHECK(kret); + } + + return KRB5_OK; +errout: + if (*a) { + krb5_free_authdata(context, *a); + *a = NULL; + } + return kret; } static krb5_error_code @@ -860,7 +861,7 @@ krb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a) krb5_error_code kret; krb5_int32 int32; krb5_int16 ui2; /* negative authorization data types are allowed */ - + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); a->magic = KV5M_AUTHDATA; @@ -872,31 +873,31 @@ krb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a) kret = krb5_fcc_read_int32(context, id, &int32); CHECK(kret); if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; a->length = int32; /* Value could have gotten truncated if int is smaller than 32 bits. */ if (a->length != int32) - return KRB5_CC_NOMEM; /* XXX */ - + return KRB5_CC_NOMEM; /* XXX */ + if (a->length == 0 ) - return KRB5_OK; + return KRB5_OK; a->contents = (krb5_octet *) malloc(a->length); if (a->contents == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; kret = krb5_fcc_read(context, id, a->contents, a->length); CHECK(kret); - - return KRB5_OK; - errout: - if (a->contents) { - free(a->contents); - a->contents = NULL; - } - return kret; - + + return KRB5_OK; +errout: + if (a->contents) { + free(a->contents); + a->contents = NULL; + } + return kret; + } #undef CHECK @@ -915,27 +916,27 @@ krb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a) static krb5_error_code krb5_fcc_write(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len) { - int ret; + int ret; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - invalidate_cache((krb5_fcc_data *) id->data); + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + invalidate_cache((krb5_fcc_data *) id->data); - ret = write(((krb5_fcc_data *)id->data)->file, (char *) buf, len); - if (ret < 0) - return krb5_fcc_interpret(context, errno); - if (ret != len) - return KRB5_CC_WRITE; - return KRB5_OK; + ret = write(((krb5_fcc_data *)id->data)->file, (char *) buf, len); + if (ret < 0) + return krb5_fcc_interpret(context, errno); + if (ret != len) + return KRB5_CC_WRITE; + return KRB5_OK; } /* * FOR ALL OF THE FOLLOWING FUNCTIONS: - * + * * Requires: * ((krb5_fcc_data *) id->data)->file is open and at the right position. * * mutex is locked - * + * * Effects: * Stores an encoded version of the second argument in the * cache file. @@ -957,17 +958,17 @@ krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal pr tmp = length = krb5_princ_size(context, princ); if (data->version == KRB5_FCC_FVNO_1) { - /* - * DCE-compatible format means that the length count - * includes the realm. (It also doesn't include the - * principal type information.) - */ - tmp++; + /* + * DCE-compatible format means that the length count + * includes the realm. (It also doesn't include the + * principal type information.) + */ + tmp++; } else { - ret = krb5_fcc_store_int32(context, id, type); - CHECK(ret); + ret = krb5_fcc_store_int32(context, id, type); + CHECK(ret); } - + ret = krb5_fcc_store_int32(context, id, tmp); CHECK(ret); @@ -975,8 +976,8 @@ krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal pr CHECK(ret); for (i=0; i < length; i++) { - ret = krb5_fcc_store_data(context, id, krb5_princ_component(context, princ, i)); - CHECK(ret); + ret = krb5_fcc_store_data(context, id, krb5_princ_component(context, princ, i)); + CHECK(ret); } return KRB5_OK; @@ -985,73 +986,73 @@ krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal pr static krb5_error_code krb5_fcc_store_addrs(krb5_context context, krb5_ccache id, krb5_address **addrs) { - krb5_error_code ret; - krb5_address **temp; - krb5_int32 i, length = 0; - - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - - /* Count the number of components */ - if (addrs) { - temp = addrs; - while (*temp++) - length += 1; - } - - ret = krb5_fcc_store_int32(context, id, length); - CHECK(ret); - for (i=0; i < length; i++) { - ret = krb5_fcc_store_addr(context, id, addrs[i]); - CHECK(ret); - } - - return KRB5_OK; + krb5_error_code ret; + krb5_address **temp; + krb5_int32 i, length = 0; + + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + + /* Count the number of components */ + if (addrs) { + temp = addrs; + while (*temp++) + length += 1; + } + + ret = krb5_fcc_store_int32(context, id, length); + CHECK(ret); + for (i=0; i < length; i++) { + ret = krb5_fcc_store_addr(context, id, addrs[i]); + CHECK(ret); + } + + return KRB5_OK; } static krb5_error_code krb5_fcc_store_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; - krb5_error_code ret; - - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - - ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype); - CHECK(ret); - if (data->version == KRB5_FCC_FVNO_3) { - ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype); - CHECK(ret); - } - ret = krb5_fcc_store_ui_4(context, id, keyblock->length); - CHECK(ret); - return krb5_fcc_write(context, id, (char *) keyblock->contents, keyblock->length); + krb5_fcc_data *data = (krb5_fcc_data *)id->data; + krb5_error_code ret; + + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + + ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype); + CHECK(ret); + if (data->version == KRB5_FCC_FVNO_3) { + ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype); + CHECK(ret); + } + ret = krb5_fcc_store_ui_4(context, id, keyblock->length); + CHECK(ret); + return krb5_fcc_write(context, id, (char *) keyblock->contents, keyblock->length); } static krb5_error_code krb5_fcc_store_addr(krb5_context context, krb5_ccache id, krb5_address *addr) { - krb5_error_code ret; + krb5_error_code ret; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - ret = krb5_fcc_store_ui_2(context, id, addr->addrtype); - CHECK(ret); - ret = krb5_fcc_store_ui_4(context, id, addr->length); - CHECK(ret); - return krb5_fcc_write(context, id, (char *) addr->contents, addr->length); + ret = krb5_fcc_store_ui_2(context, id, addr->addrtype); + CHECK(ret); + ret = krb5_fcc_store_ui_4(context, id, addr->length); + CHECK(ret); + return krb5_fcc_write(context, id, (char *) addr->contents, addr->length); } static krb5_error_code krb5_fcc_store_data(krb5_context context, krb5_ccache id, krb5_data *data) { - krb5_error_code ret; + krb5_error_code ret; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - ret = krb5_fcc_store_ui_4(context, id, data->length); - CHECK(ret); - return krb5_fcc_write(context, id, data->data, data->length); + ret = krb5_fcc_store_ui_4(context, id, data->length); + CHECK(ret); + return krb5_fcc_write(context, id, data->data, data->length); } static krb5_error_code @@ -1069,11 +1070,11 @@ krb5_fcc_store_ui_4(krb5_context context, krb5_ccache id, krb5_ui_4 i) k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_write(context, id, (char *) &i, sizeof(krb5_int32)); + (data->version == KRB5_FCC_FVNO_2)) + return krb5_fcc_write(context, id, (char *) &i, sizeof(krb5_int32)); else { - store_32_be (i, buf); - return krb5_fcc_write(context, id, buf, 4); + store_32_be (i, buf); + return krb5_fcc_write(context, id, buf, 4); } } @@ -1083,19 +1084,19 @@ krb5_fcc_store_ui_2(krb5_context context, krb5_ccache id, krb5_int32 i) krb5_fcc_data *data = (krb5_fcc_data *)id->data; krb5_ui_2 ibuf; unsigned char buf[2]; - + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) { + (data->version == KRB5_FCC_FVNO_2)) { ibuf = (krb5_ui_2) i; - return krb5_fcc_write(context, id, (char *) &ibuf, sizeof(krb5_ui_2)); + return krb5_fcc_write(context, id, (char *) &ibuf, sizeof(krb5_ui_2)); } else { - store_16_be (i, buf); - return krb5_fcc_write(context, id, buf, 2); + store_16_be (i, buf); + return krb5_fcc_write(context, id, buf, 2); } } - + static krb5_error_code krb5_fcc_store_octet(krb5_context context, krb5_ccache id, krb5_int32 i) { @@ -1106,7 +1107,7 @@ krb5_fcc_store_octet(krb5_context context, krb5_ccache id, krb5_int32 i) ibuf = (krb5_octet) i; return krb5_fcc_write(context, id, (char *) &ibuf, 1); } - + static krb5_error_code krb5_fcc_store_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t) { @@ -1116,21 +1117,21 @@ krb5_fcc_store_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t) k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); if ((data->version == KRB5_FCC_FVNO_1) || - (data->version == KRB5_FCC_FVNO_2)) - return krb5_fcc_write(context, id, (char *) t, sizeof(krb5_ticket_times)); + (data->version == KRB5_FCC_FVNO_2)) + return krb5_fcc_write(context, id, (char *) t, sizeof(krb5_ticket_times)); else { - retval = krb5_fcc_store_int32(context, id, t->authtime); - CHECK(retval); - retval = krb5_fcc_store_int32(context, id, t->starttime); - CHECK(retval); - retval = krb5_fcc_store_int32(context, id, t->endtime); - CHECK(retval); - retval = krb5_fcc_store_int32(context, id, t->renew_till); - CHECK(retval); - return 0; + retval = krb5_fcc_store_int32(context, id, t->authtime); + CHECK(retval); + retval = krb5_fcc_store_int32(context, id, t->starttime); + CHECK(retval); + retval = krb5_fcc_store_int32(context, id, t->endtime); + CHECK(retval); + retval = krb5_fcc_store_int32(context, id, t->renew_till); + CHECK(retval); + return 0; } } - + static krb5_error_code krb5_fcc_store_authdata(krb5_context context, krb5_ccache id, krb5_authdata **a) { @@ -1141,15 +1142,15 @@ krb5_fcc_store_authdata(krb5_context context, krb5_ccache id, krb5_authdata **a) k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); if (a != NULL) { - for (temp=a; *temp; temp++) - length++; + for (temp=a; *temp; temp++) + length++; } ret = krb5_fcc_store_int32(context, id, length); CHECK(ret); for (i=0; i<length; i++) { - ret = krb5_fcc_store_authdatum (context, id, a[i]); - CHECK(ret); + ret = krb5_fcc_store_authdatum (context, id, a[i]); + CHECK(ret); } return KRB5_OK; } @@ -1172,21 +1173,21 @@ krb5_fcc_store_authdatum (krb5_context context, krb5_ccache id, krb5_authdata *a static krb5_error_code krb5_fcc_close_file (krb5_context context, krb5_fcc_data *data) { - int ret; - krb5_error_code retval; + int ret; + krb5_error_code retval; - k5_cc_mutex_assert_locked(context, &data->lock); + k5_cc_mutex_assert_locked(context, &data->lock); - if (data->file == NO_FILE) - return KRB5_FCC_INTERNAL; + if (data->file == NO_FILE) + return KRB5_FCC_INTERNAL; - retval = krb5_unlock_file(context, data->file); - ret = close (data->file); - data->file = NO_FILE; - if (retval) - return retval; + retval = krb5_unlock_file(context, data->file); + ret = close (data->file); + data->file = NO_FILE; + if (retval) + return retval; - return ret ? krb5_fcc_interpret (context, errno) : 0; + return ret ? krb5_fcc_interpret (context, errno) : 0; } #if defined(ANSI_STDIO) || defined(_WIN32) @@ -1197,8 +1198,8 @@ krb5_fcc_close_file (krb5_context context, krb5_fcc_data *data) #ifndef HAVE_SETVBUF #undef setvbuf -#define setvbuf(FILE,BUF,MODE,SIZE) \ - ((SIZE) < BUFSIZE ? (abort(),0) : setbuf(FILE, BUF)) +#define setvbuf(FILE,BUF,MODE,SIZE) \ + ((SIZE) < BUFSIZE ? (abort(),0) : setbuf(FILE, BUF)) #endif static krb5_error_code @@ -1218,211 +1219,211 @@ krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode) invalidate_cache(data); if (data->file != NO_FILE) { - /* Don't know what state it's in; shut down and start anew. */ - (void) krb5_unlock_file(context, data->file); - (void) close (data->file); - data->file = NO_FILE; + /* Don't know what state it's in; shut down and start anew. */ + (void) krb5_unlock_file(context, data->file); + (void) close (data->file); + data->file = NO_FILE; } switch(mode) { case FCC_OPEN_AND_ERASE: - unlink(data->filename); - open_flag = O_CREAT|O_EXCL|O_TRUNC|O_RDWR; - break; + unlink(data->filename); + open_flag = O_CREAT|O_EXCL|O_TRUNC|O_RDWR; + break; case FCC_OPEN_RDWR: - open_flag = O_RDWR; - break; + open_flag = O_RDWR; + break; case FCC_OPEN_RDONLY: default: - open_flag = O_RDONLY; - break; + open_flag = O_RDONLY; + break; } f = THREEPARAMOPEN (data->filename, open_flag | O_BINARY, 0600); if (f == NO_FILE) { - switch (errno) { - case ENOENT: - retval = KRB5_FCC_NOFILE; - krb5_set_error_message(context, retval, - "Credentials cache file '%s' not found", - data->filename); - return retval; - default: - return krb5_fcc_interpret (context, errno); - } + switch (errno) { + case ENOENT: + retval = KRB5_FCC_NOFILE; + krb5_set_error_message(context, retval, + "Credentials cache file '%s' not found", + data->filename); + return retval; + default: + return krb5_fcc_interpret (context, errno); + } } set_cloexec_fd(f); data->mode = mode; if (data->mode == FCC_OPEN_RDONLY) - lock_flag = KRB5_LOCKMODE_SHARED; - else - lock_flag = KRB5_LOCKMODE_EXCLUSIVE; + lock_flag = KRB5_LOCKMODE_SHARED; + else + lock_flag = KRB5_LOCKMODE_EXCLUSIVE; if ((retval = krb5_lock_file(context, f, lock_flag))) { - (void) close(f); - return retval; + (void) close(f); + return retval; } if (mode == FCC_OPEN_AND_ERASE) { - /* write the version number */ - int cnt; - - fcc_fvno = htons(context->fcc_default_format); - data->version = context->fcc_default_format; - if ((cnt = write(f, (char *)&fcc_fvno, sizeof(fcc_fvno))) != - sizeof(fcc_fvno)) { - retval = ((cnt == -1) ? krb5_fcc_interpret(context, errno) : - KRB5_CC_IO); - goto done; - } - data->file = f; - - if (data->version == KRB5_FCC_FVNO_4) { - /* V4 of the credentials cache format allows for header tags */ - fcc_flen = 0; - - if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) - fcc_flen += (2*sizeof(krb5_ui_2) + 2*sizeof(krb5_int32)); - - /* Write header length */ - retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_flen); - if (retval) goto done; - - if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) { - /* Write time offset tag */ - fcc_tag = FCC_TAG_DELTATIME; - fcc_taglen = 2*sizeof(krb5_int32); - - retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_tag); - if (retval) goto done; - retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_taglen); - if (retval) goto done; - retval = krb5_fcc_store_int32(context,id,os_ctx->time_offset); - if (retval) goto done; - retval = krb5_fcc_store_int32(context,id,os_ctx->usec_offset); - if (retval) goto done; - } - } - invalidate_cache(data); - goto done; - } - - /* verify a valid version number is there */ + /* write the version number */ + int cnt; + + fcc_fvno = htons(context->fcc_default_format); + data->version = context->fcc_default_format; + if ((cnt = write(f, (char *)&fcc_fvno, sizeof(fcc_fvno))) != + sizeof(fcc_fvno)) { + retval = ((cnt == -1) ? krb5_fcc_interpret(context, errno) : + KRB5_CC_IO); + goto done; + } + data->file = f; + + if (data->version == KRB5_FCC_FVNO_4) { + /* V4 of the credentials cache format allows for header tags */ + fcc_flen = 0; + + if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) + fcc_flen += (2*sizeof(krb5_ui_2) + 2*sizeof(krb5_int32)); + + /* Write header length */ + retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_flen); + if (retval) goto done; + + if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) { + /* Write time offset tag */ + fcc_tag = FCC_TAG_DELTATIME; + fcc_taglen = 2*sizeof(krb5_int32); + + retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_tag); + if (retval) goto done; + retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_taglen); + if (retval) goto done; + retval = krb5_fcc_store_int32(context,id,os_ctx->time_offset); + if (retval) goto done; + retval = krb5_fcc_store_int32(context,id,os_ctx->usec_offset); + if (retval) goto done; + } + } + invalidate_cache(data); + goto done; + } + + /* verify a valid version number is there */ invalidate_cache(data); - if (read(f, (char *)&fcc_fvno, sizeof(fcc_fvno)) != sizeof(fcc_fvno)) { - retval = KRB5_CC_FORMAT; - goto done; - } - data->version = ntohs(fcc_fvno); + if (read(f, (char *)&fcc_fvno, sizeof(fcc_fvno)) != sizeof(fcc_fvno)) { + retval = KRB5_CC_FORMAT; + goto done; + } + data->version = ntohs(fcc_fvno); if ((data->version != KRB5_FCC_FVNO_4) && - (data->version != KRB5_FCC_FVNO_3) && - (data->version != KRB5_FCC_FVNO_2) && - (data->version != KRB5_FCC_FVNO_1)) { - retval = KRB5_CCACHE_BADVNO; - goto done; + (data->version != KRB5_FCC_FVNO_3) && + (data->version != KRB5_FCC_FVNO_2) && + (data->version != KRB5_FCC_FVNO_1)) { + retval = KRB5_CCACHE_BADVNO; + goto done; } data->file = f; - if (data->version == KRB5_FCC_FVNO_4) { - char buf[1024]; - - if (krb5_fcc_read_ui_2(context, id, &fcc_flen) || - (fcc_flen > sizeof(buf))) - { - retval = KRB5_CC_FORMAT; - goto done; - } - - while (fcc_flen) { - if ((fcc_flen < (2 * sizeof(krb5_ui_2))) || - krb5_fcc_read_ui_2(context, id, &fcc_tag) || - krb5_fcc_read_ui_2(context, id, &fcc_taglen) || - (fcc_taglen > (fcc_flen - 2*sizeof(krb5_ui_2)))) - { - retval = KRB5_CC_FORMAT; - goto done; - } - - switch (fcc_tag) { - case FCC_TAG_DELTATIME: - if (fcc_taglen != 2*sizeof(krb5_int32)) { - retval = KRB5_CC_FORMAT; - goto done; - } - if (!(context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) || - (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) - { - if (krb5_fcc_read(context, id, buf, fcc_taglen)) { - retval = KRB5_CC_FORMAT; - goto done; - } - break; - } - if (krb5_fcc_read_int32(context, id, &os_ctx->time_offset) || - krb5_fcc_read_int32(context, id, &os_ctx->usec_offset)) - { - retval = KRB5_CC_FORMAT; - goto done; - } - os_ctx->os_flags = - ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | - KRB5_OS_TOFFSET_VALID); - break; - default: - if (fcc_taglen && krb5_fcc_read(context,id,buf,fcc_taglen)) { - retval = KRB5_CC_FORMAT; - goto done; - } - break; - } - fcc_flen -= (2*sizeof(krb5_ui_2) + fcc_taglen); - } - } + if (data->version == KRB5_FCC_FVNO_4) { + char buf[1024]; + + if (krb5_fcc_read_ui_2(context, id, &fcc_flen) || + (fcc_flen > sizeof(buf))) + { + retval = KRB5_CC_FORMAT; + goto done; + } + + while (fcc_flen) { + if ((fcc_flen < (2 * sizeof(krb5_ui_2))) || + krb5_fcc_read_ui_2(context, id, &fcc_tag) || + krb5_fcc_read_ui_2(context, id, &fcc_taglen) || + (fcc_taglen > (fcc_flen - 2*sizeof(krb5_ui_2)))) + { + retval = KRB5_CC_FORMAT; + goto done; + } + + switch (fcc_tag) { + case FCC_TAG_DELTATIME: + if (fcc_taglen != 2*sizeof(krb5_int32)) { + retval = KRB5_CC_FORMAT; + goto done; + } + if (!(context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) || + (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) + { + if (krb5_fcc_read(context, id, buf, fcc_taglen)) { + retval = KRB5_CC_FORMAT; + goto done; + } + break; + } + if (krb5_fcc_read_int32(context, id, &os_ctx->time_offset) || + krb5_fcc_read_int32(context, id, &os_ctx->usec_offset)) + { + retval = KRB5_CC_FORMAT; + goto done; + } + os_ctx->os_flags = + ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | + KRB5_OS_TOFFSET_VALID); + break; + default: + if (fcc_taglen && krb5_fcc_read(context,id,buf,fcc_taglen)) { + retval = KRB5_CC_FORMAT; + goto done; + } + break; + } + fcc_flen -= (2*sizeof(krb5_ui_2) + fcc_taglen); + } + } done: - if (retval) { - data->file = -1; - (void) krb5_unlock_file(context, f); - (void) close(f); - } - return retval; + if (retval) { + data->file = -1; + (void) krb5_unlock_file(context, f); + (void) close(f); + } + return retval; } static krb5_error_code krb5_fcc_skip_header(krb5_context context, krb5_ccache id) { - krb5_fcc_data *data = (krb5_fcc_data *)id->data; - krb5_error_code kret; - krb5_ui_2 fcc_flen; - - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - - fcc_lseek(data, (off_t) sizeof(krb5_ui_2), SEEK_SET); - if (data->version == KRB5_FCC_FVNO_4) { - kret = krb5_fcc_read_ui_2(context, id, &fcc_flen); - if (kret) return kret; - if(fcc_lseek(data, (off_t) fcc_flen, SEEK_CUR) < 0) - return errno; - } - return KRB5_OK; + krb5_fcc_data *data = (krb5_fcc_data *)id->data; + krb5_error_code kret; + krb5_ui_2 fcc_flen; + + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + + fcc_lseek(data, (off_t) sizeof(krb5_ui_2), SEEK_SET); + if (data->version == KRB5_FCC_FVNO_4) { + kret = krb5_fcc_read_ui_2(context, id, &fcc_flen); + if (kret) return kret; + if(fcc_lseek(data, (off_t) fcc_flen, SEEK_CUR) < 0) + return errno; + } + return KRB5_OK; } static krb5_error_code krb5_fcc_skip_principal(krb5_context context, krb5_ccache id) { - krb5_error_code kret; - krb5_principal princ; + krb5_error_code kret; + krb5_principal princ; - k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); + k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock); - kret = krb5_fcc_read_principal(context, id, &princ); - if (kret != KRB5_OK) - return kret; + kret = krb5_fcc_read_principal(context, id, &princ); + if (kret != KRB5_OK) + return kret; - krb5_free_principal(context, princ); - return KRB5_OK; + krb5_free_principal(context, princ); + return KRB5_OK; } @@ -1441,36 +1442,36 @@ krb5_fcc_skip_principal(krb5_context context, krb5_ccache id) static krb5_error_code KRB5_CALLCONV krb5_fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) { - krb5_error_code kret = 0; - int reti = 0; + krb5_error_code kret = 0; + int reti = 0; - kret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); - if (kret) - return kret; + kret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); + if (kret) + return kret; - MAYBE_OPEN(context, id, FCC_OPEN_AND_ERASE); + MAYBE_OPEN(context, id, FCC_OPEN_AND_ERASE); #if defined(HAVE_FCHMOD) || defined(HAVE_CHMOD) - { + { #ifdef HAVE_FCHMOD - reti = fchmod(((krb5_fcc_data *) id->data)->file, S_IREAD | S_IWRITE); + reti = fchmod(((krb5_fcc_data *) id->data)->file, S_IREAD | S_IWRITE); #else - reti = chmod(((krb5_fcc_data *) id->data)->filename, S_IREAD | S_IWRITE); + reti = chmod(((krb5_fcc_data *) id->data)->filename, S_IREAD | S_IWRITE); #endif - if (reti == -1) { - kret = krb5_fcc_interpret(context, errno); - MAYBE_CLOSE(context, id, kret); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - return kret; - } - } + if (reti == -1) { + kret = krb5_fcc_interpret(context, errno); + MAYBE_CLOSE(context, id, kret); + k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); + return kret; + } + } #endif - kret = krb5_fcc_store_principal(context, id, princ); + kret = krb5_fcc_store_principal(context, id, princ); - MAYBE_CLOSE(context, id, kret); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - krb5_change_cache (); - return kret; + MAYBE_CLOSE(context, id, kret); + k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); + krb5_change_cache (); + return kret; } /* @@ -1484,34 +1485,34 @@ static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data) kerr = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); if (kerr) - return kerr; + return kerr; for (fccsp = &fccs; *fccsp != NULL; fccsp = &(*fccsp)->next) - if ((*fccsp)->data == data) - break; + if ((*fccsp)->data == data) + break; assert(*fccsp != NULL); assert((*fccsp)->data == data); (*fccsp)->refcount--; if ((*fccsp)->refcount == 0) { struct fcc_set *temp; - data = (*fccsp)->data; - temp = *fccsp; - *fccsp = (*fccsp)->next; - free(temp); - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - k5_cc_mutex_assert_unlocked(context, &data->lock); - free(data->filename); - zap(data->buf, sizeof(data->buf)); - if (data->file >= 0) { - kerr = k5_cc_mutex_lock(context, &data->lock); - if (kerr) - return kerr; - krb5_fcc_close_file(context, data); - k5_cc_mutex_unlock(context, &data->lock); - } - k5_cc_mutex_destroy(&data->lock); - free(data); + data = (*fccsp)->data; + temp = *fccsp; + *fccsp = (*fccsp)->next; + free(temp); + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + k5_cc_mutex_assert_unlocked(context, &data->lock); + free(data->filename); + zap(data->buf, sizeof(data->buf)); + if (data->file >= 0) { + kerr = k5_cc_mutex_lock(context, &data->lock); + if (kerr) + return kerr; + krb5_fcc_close_file(context, data); + k5_cc_mutex_unlock(context, &data->lock); + } + k5_cc_mutex_destroy(&data->lock); + free(data); } else - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); return 0; } @@ -1526,9 +1527,9 @@ static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data) static krb5_error_code KRB5_CALLCONV krb5_fcc_close(krb5_context context, krb5_ccache id) { - dereference(context, (krb5_fcc_data *) id->data); - free(id); - return KRB5_OK; + dereference(context, (krb5_fcc_data *) id->data); + free(id); + return KRB5_OK; } /* @@ -1541,32 +1542,32 @@ krb5_fcc_close(krb5_context context, krb5_ccache id) static krb5_error_code KRB5_CALLCONV krb5_fcc_destroy(krb5_context context, krb5_ccache id) { - krb5_error_code kret = 0; - krb5_fcc_data *data = (krb5_fcc_data *) id->data; - register int ret; - - struct stat buf; - unsigned long i, size; - unsigned int wlen; - char zeros[BUFSIZ]; - - kret = k5_cc_mutex_lock(context, &data->lock); - if (kret) - return kret; - - if (OPENCLOSE(id)) { - invalidate_cache(data); - ret = THREEPARAMOPEN(data->filename, - O_RDWR | O_BINARY, 0); - if (ret < 0) { - kret = krb5_fcc_interpret(context, errno); - goto cleanup; - } - set_cloexec_fd(ret); - data->file = ret; - } - else - fcc_lseek(data, (off_t) 0, SEEK_SET); + krb5_error_code kret = 0; + krb5_fcc_data *data = (krb5_fcc_data *) id->data; + register int ret; + + struct stat buf; + unsigned long i, size; + unsigned int wlen; + char zeros[BUFSIZ]; + + kret = k5_cc_mutex_lock(context, &data->lock); + if (kret) + return kret; + + if (OPENCLOSE(id)) { + invalidate_cache(data); + ret = THREEPARAMOPEN(data->filename, + O_RDWR | O_BINARY, 0); + if (ret < 0) { + kret = krb5_fcc_interpret(context, errno); + goto cleanup; + } + set_cloexec_fd(ret); + data->file = ret; + } + else + fcc_lseek(data, (off_t) 0, SEEK_SET); #ifdef MSDOS_FILESYSTEM /* "disgusting bit of UNIX trivia" - that's how the writers of NFS describe @@ -1607,65 +1608,65 @@ krb5_fcc_destroy(krb5_context context, krb5_ccache id) #else /* MSDOS_FILESYSTEM */ - ret = unlink(data->filename); - if (ret < 0) { - kret = krb5_fcc_interpret(context, errno); - if (OPENCLOSE(id)) { - (void) close(((krb5_fcc_data *)id->data)->file); - data->file = -1; - kret = ret; - } - goto cleanup; - } - - ret = fstat(data->file, &buf); - if (ret < 0) { - kret = krb5_fcc_interpret(context, errno); - if (OPENCLOSE(id)) { - (void) close(((krb5_fcc_data *)id->data)->file); - data->file = -1; - } - goto cleanup; - } - - /* XXX This may not be legal XXX */ - size = (unsigned long) buf.st_size; - memset(zeros, 0, BUFSIZ); - for (i=0; i < size / BUFSIZ; i++) - if (write(data->file, zeros, BUFSIZ) < 0) { - kret = krb5_fcc_interpret(context, errno); - if (OPENCLOSE(id)) { - (void) close(((krb5_fcc_data *)id->data)->file); - data->file = -1; - } - goto cleanup; - } - - wlen = (unsigned int) (size % BUFSIZ); - if (write(data->file, zeros, wlen) < 0) { - kret = krb5_fcc_interpret(context, errno); - if (OPENCLOSE(id)) { - (void) close(((krb5_fcc_data *)id->data)->file); - data->file = -1; - } - goto cleanup; - } - - ret = close(data->file); - data->file = -1; - - if (ret) - kret = krb5_fcc_interpret(context, errno); + ret = unlink(data->filename); + if (ret < 0) { + kret = krb5_fcc_interpret(context, errno); + if (OPENCLOSE(id)) { + (void) close(((krb5_fcc_data *)id->data)->file); + data->file = -1; + kret = ret; + } + goto cleanup; + } + + ret = fstat(data->file, &buf); + if (ret < 0) { + kret = krb5_fcc_interpret(context, errno); + if (OPENCLOSE(id)) { + (void) close(((krb5_fcc_data *)id->data)->file); + data->file = -1; + } + goto cleanup; + } + + /* XXX This may not be legal XXX */ + size = (unsigned long) buf.st_size; + memset(zeros, 0, BUFSIZ); + for (i=0; i < size / BUFSIZ; i++) + if (write(data->file, zeros, BUFSIZ) < 0) { + kret = krb5_fcc_interpret(context, errno); + if (OPENCLOSE(id)) { + (void) close(((krb5_fcc_data *)id->data)->file); + data->file = -1; + } + goto cleanup; + } + + wlen = (unsigned int) (size % BUFSIZ); + if (write(data->file, zeros, wlen) < 0) { + kret = krb5_fcc_interpret(context, errno); + if (OPENCLOSE(id)) { + (void) close(((krb5_fcc_data *)id->data)->file); + data->file = -1; + } + goto cleanup; + } + + ret = close(data->file); + data->file = -1; + + if (ret) + kret = krb5_fcc_interpret(context, errno); #endif /* MSDOS_FILESYSTEM */ - cleanup: - k5_cc_mutex_unlock(context, &data->lock); - dereference(context, data); - free(id); +cleanup: + k5_cc_mutex_unlock(context, &data->lock); + dereference(context, data); + free(id); - krb5_change_cache (); - return kret; + krb5_change_cache (); + return kret; } extern const krb5_cc_ops krb5_fcc_ops; @@ -1676,109 +1677,109 @@ extern const krb5_cc_ops krb5_fcc_ops; * * Modifies: * id - * + * * Effects: * creates a file-based cred cache that will reside in the file * residual. The cache is not opened, but the filename is reserved. - * + * * Returns: * A filled in krb5_ccache structure "id". * * Errors: * KRB5_CC_NOMEM - there was insufficient memory to allocate the - * krb5_ccache. id is undefined. + * krb5_ccache. id is undefined. * permission errors */ static krb5_error_code KRB5_CALLCONV krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) { - krb5_ccache lid; - krb5_error_code kret; - krb5_fcc_data *data; - struct fcc_set *setptr; - - kret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); - if (kret) - return kret; - for (setptr = fccs; setptr; setptr = setptr->next) { - if (!strcmp(setptr->data->filename, residual)) - break; - } - if (setptr) { - data = setptr->data; - assert(setptr->refcount != 0); - setptr->refcount++; - assert(setptr->refcount != 0); - kret = k5_cc_mutex_lock(context, &data->lock); - if (kret) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - return kret; - } - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - } else { - data = malloc(sizeof(krb5_fcc_data)); - if (data == NULL) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - return KRB5_CC_NOMEM; - } - data->filename = strdup(residual); - if (data->filename == NULL) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - free(data); - return KRB5_CC_NOMEM; - } - kret = k5_cc_mutex_init(&data->lock); - if (kret) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - free(data->filename); - free(data); - return kret; - } - kret = k5_cc_mutex_lock(context, &data->lock); - if (kret) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - k5_cc_mutex_destroy(&data->lock); - free(data->filename); - free(data); - return kret; - } - /* data->version,mode filled in for real later */ - data->version = data->mode = 0; - data->flags = KRB5_TC_OPENCLOSE; - data->file = -1; - data->valid_bytes = 0; - setptr = malloc(sizeof(struct fcc_set)); - if (setptr == NULL) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - k5_cc_mutex_unlock(context, &data->lock); - k5_cc_mutex_destroy(&data->lock); - free(data->filename); - free(data); - return KRB5_CC_NOMEM; - } - setptr->refcount = 1; - setptr->data = data; - setptr->next = fccs; - fccs = setptr; - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - } - - k5_cc_mutex_assert_locked(context, &data->lock); - k5_cc_mutex_unlock(context, &data->lock); - lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); - if (lid == NULL) { - dereference(context, data); - return KRB5_CC_NOMEM; - } - - lid->ops = &krb5_fcc_ops; - lid->data = data; - lid->magic = KV5M_CCACHE; - - /* other routines will get errors on open, and callers must expect them, - if cache is non-existent/unusable */ - *id = lid; - return KRB5_OK; + krb5_ccache lid; + krb5_error_code kret; + krb5_fcc_data *data; + struct fcc_set *setptr; + + kret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); + if (kret) + return kret; + for (setptr = fccs; setptr; setptr = setptr->next) { + if (!strcmp(setptr->data->filename, residual)) + break; + } + if (setptr) { + data = setptr->data; + assert(setptr->refcount != 0); + setptr->refcount++; + assert(setptr->refcount != 0); + kret = k5_cc_mutex_lock(context, &data->lock); + if (kret) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + return kret; + } + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + } else { + data = malloc(sizeof(krb5_fcc_data)); + if (data == NULL) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + return KRB5_CC_NOMEM; + } + data->filename = strdup(residual); + if (data->filename == NULL) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + free(data); + return KRB5_CC_NOMEM; + } + kret = k5_cc_mutex_init(&data->lock); + if (kret) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + free(data->filename); + free(data); + return kret; + } + kret = k5_cc_mutex_lock(context, &data->lock); + if (kret) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + k5_cc_mutex_destroy(&data->lock); + free(data->filename); + free(data); + return kret; + } + /* data->version,mode filled in for real later */ + data->version = data->mode = 0; + data->flags = KRB5_TC_OPENCLOSE; + data->file = -1; + data->valid_bytes = 0; + setptr = malloc(sizeof(struct fcc_set)); + if (setptr == NULL) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + k5_cc_mutex_unlock(context, &data->lock); + k5_cc_mutex_destroy(&data->lock); + free(data->filename); + free(data); + return KRB5_CC_NOMEM; + } + setptr->refcount = 1; + setptr->data = data; + setptr->next = fccs; + fccs = setptr; + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + } + + k5_cc_mutex_assert_locked(context, &data->lock); + k5_cc_mutex_unlock(context, &data->lock); + lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); + if (lid == NULL) { + dereference(context, data); + return KRB5_CC_NOMEM; + } + + lid->ops = &krb5_fcc_ops; + lid->data = data; + lid->magic = KV5M_CCACHE; + + /* other routines will get errors on open, and callers must expect them, + if cache is non-existent/unusable */ + *id = lid; + return KRB5_OK; } /* @@ -1796,49 +1797,49 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) */ static krb5_error_code KRB5_CALLCONV krb5_fcc_start_seq_get(krb5_context context, krb5_ccache id, - krb5_cc_cursor *cursor) + krb5_cc_cursor *cursor) { - krb5_fcc_cursor *fcursor; - krb5_error_code kret = KRB5_OK; - krb5_fcc_data *data = (krb5_fcc_data *)id->data; - - kret = k5_cc_mutex_lock(context, &data->lock); - if (kret) - return kret; - - fcursor = (krb5_fcc_cursor *) malloc(sizeof(krb5_fcc_cursor)); - if (fcursor == NULL) { - k5_cc_mutex_unlock(context, &data->lock); - return KRB5_CC_NOMEM; - } - if (OPENCLOSE(id)) { - kret = krb5_fcc_open_file(context, id, FCC_OPEN_RDONLY); - if (kret) { - free(fcursor); - k5_cc_mutex_unlock(context, &data->lock); - return kret; - } - } - - /* Make sure we start reading right after the primary principal */ - kret = krb5_fcc_skip_header(context, id); - if (kret) { - free(fcursor); - goto done; - } - kret = krb5_fcc_skip_principal(context, id); - if (kret) { - free(fcursor); - goto done; - } - - fcursor->pos = fcc_lseek(data, (off_t) 0, SEEK_CUR); - *cursor = (krb5_cc_cursor) fcursor; + krb5_fcc_cursor *fcursor; + krb5_error_code kret = KRB5_OK; + krb5_fcc_data *data = (krb5_fcc_data *)id->data; + + kret = k5_cc_mutex_lock(context, &data->lock); + if (kret) + return kret; + + fcursor = (krb5_fcc_cursor *) malloc(sizeof(krb5_fcc_cursor)); + if (fcursor == NULL) { + k5_cc_mutex_unlock(context, &data->lock); + return KRB5_CC_NOMEM; + } + if (OPENCLOSE(id)) { + kret = krb5_fcc_open_file(context, id, FCC_OPEN_RDONLY); + if (kret) { + free(fcursor); + k5_cc_mutex_unlock(context, &data->lock); + return kret; + } + } + + /* Make sure we start reading right after the primary principal */ + kret = krb5_fcc_skip_header(context, id); + if (kret) { + free(fcursor); + goto done; + } + kret = krb5_fcc_skip_principal(context, id); + if (kret) { + free(fcursor); + goto done; + } + + fcursor->pos = fcc_lseek(data, (off_t) 0, SEEK_CUR); + *cursor = (krb5_cc_cursor) fcursor; done: - MAYBE_CLOSE(context, id, kret); - k5_cc_mutex_unlock(context, &data->lock); - return kret; + MAYBE_CLOSE(context, id, kret); + k5_cc_mutex_unlock(context, &data->lock); + return kret; } @@ -1849,7 +1850,7 @@ done: * * Modifes: * cursor, creds - * + * * Effects: * Fills in creds with the "next" credentals structure from the cache * id. The actual order the creds are returned in is arbitrary. @@ -1864,62 +1865,62 @@ done: */ static krb5_error_code KRB5_CALLCONV krb5_fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, - krb5_creds *creds) + krb5_creds *creds) { #define TCHECK(ret) if (ret != KRB5_OK) goto lose; - krb5_error_code kret; - krb5_fcc_cursor *fcursor; - krb5_int32 int32; - krb5_octet octet; - krb5_fcc_data *d = (krb5_fcc_data *) id->data; - - kret = k5_cc_mutex_lock(context, &d->lock); - if (kret) - return kret; - - memset(creds, 0, sizeof(*creds)); - MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); - fcursor = (krb5_fcc_cursor *) *cursor; - - kret = (fcc_lseek(d, fcursor->pos, SEEK_SET) == (off_t) -1); - if (kret) { - kret = krb5_fcc_interpret(context, errno); - MAYBE_CLOSE(context, id, kret); - k5_cc_mutex_unlock(context, &d->lock); - return kret; - } - - kret = krb5_fcc_read_principal(context, id, &creds->client); - TCHECK(kret); - kret = krb5_fcc_read_principal(context, id, &creds->server); - TCHECK(kret); - kret = krb5_fcc_read_keyblock(context, id, &creds->keyblock); - TCHECK(kret); - kret = krb5_fcc_read_times(context, id, &creds->times); - TCHECK(kret); - kret = krb5_fcc_read_octet(context, id, &octet); - TCHECK(kret); - creds->is_skey = octet; - kret = krb5_fcc_read_int32(context, id, &int32); - TCHECK(kret); - creds->ticket_flags = int32; - kret = krb5_fcc_read_addrs(context, id, &creds->addresses); - TCHECK(kret); - kret = krb5_fcc_read_authdata(context, id, &creds->authdata); - TCHECK(kret); - kret = krb5_fcc_read_data(context, id, &creds->ticket); - TCHECK(kret); - kret = krb5_fcc_read_data(context, id, &creds->second_ticket); - TCHECK(kret); - - fcursor->pos = fcc_lseek(d, (off_t) 0, SEEK_CUR); + krb5_error_code kret; + krb5_fcc_cursor *fcursor; + krb5_int32 int32; + krb5_octet octet; + krb5_fcc_data *d = (krb5_fcc_data *) id->data; + + kret = k5_cc_mutex_lock(context, &d->lock); + if (kret) + return kret; + + memset(creds, 0, sizeof(*creds)); + MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); + fcursor = (krb5_fcc_cursor *) *cursor; + + kret = (fcc_lseek(d, fcursor->pos, SEEK_SET) == (off_t) -1); + if (kret) { + kret = krb5_fcc_interpret(context, errno); + MAYBE_CLOSE(context, id, kret); + k5_cc_mutex_unlock(context, &d->lock); + return kret; + } + + kret = krb5_fcc_read_principal(context, id, &creds->client); + TCHECK(kret); + kret = krb5_fcc_read_principal(context, id, &creds->server); + TCHECK(kret); + kret = krb5_fcc_read_keyblock(context, id, &creds->keyblock); + TCHECK(kret); + kret = krb5_fcc_read_times(context, id, &creds->times); + TCHECK(kret); + kret = krb5_fcc_read_octet(context, id, &octet); + TCHECK(kret); + creds->is_skey = octet; + kret = krb5_fcc_read_int32(context, id, &int32); + TCHECK(kret); + creds->ticket_flags = int32; + kret = krb5_fcc_read_addrs(context, id, &creds->addresses); + TCHECK(kret); + kret = krb5_fcc_read_authdata(context, id, &creds->authdata); + TCHECK(kret); + kret = krb5_fcc_read_data(context, id, &creds->ticket); + TCHECK(kret); + kret = krb5_fcc_read_data(context, id, &creds->second_ticket); + TCHECK(kret); + + fcursor->pos = fcc_lseek(d, (off_t) 0, SEEK_CUR); lose: - MAYBE_CLOSE (context, id, kret); - k5_cc_mutex_unlock(context, &d->lock); - if (kret != KRB5_OK) - krb5_free_cred_contents(context, creds); - return kret; + MAYBE_CLOSE (context, id, kret); + k5_cc_mutex_unlock(context, &d->lock); + if (kret != KRB5_OK) + krb5_free_cred_contents(context, creds); + return kret; } /* @@ -1938,15 +1939,15 @@ lose: static krb5_error_code KRB5_CALLCONV krb5_fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { - /* We don't do anything with the file cache itself, so - no need to lock anything. */ - - /* don't close; it may be left open by the caller, - and if not, fcc_start_seq_get and/or fcc_next_cred will do the - MAYBE_CLOSE. - MAYBE_CLOSE(context, id, kret); */ - free((krb5_fcc_cursor *) *cursor); - return 0; + /* We don't do anything with the file cache itself, so + no need to lock anything. */ + + /* don't close; it may be left open by the caller, + and if not, fcc_start_seq_get and/or fcc_next_cred will do the + MAYBE_CLOSE. + MAYBE_CLOSE(context, id, kret); */ + free((krb5_fcc_cursor *) *cursor); + return 0; } @@ -1955,184 +1956,184 @@ krb5_fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso * Creates a new file cred cache whose name is guaranteed to be * unique. The name begins with the string TKT_ROOT (from fcc.h). * The cache is not opened, but the new filename is reserved. - * + * * Returns: * The filled in krb5_ccache id. * * Errors: * KRB5_CC_NOMEM - there was insufficient memory to allocate the - * krb5_ccache. id is undefined. + * krb5_ccache. id is undefined. * system errors (from open) */ static krb5_error_code KRB5_CALLCONV krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) { - krb5_ccache lid; - int ret; - krb5_error_code kret = 0; - char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for - NUL */ - krb5_fcc_data *data; - krb5_int16 fcc_fvno = htons(context->fcc_default_format); - krb5_int16 fcc_flen = 0; - int errsave, cnt; - struct fcc_set *setptr; - - /* Set master lock */ - kret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); - if (kret) - return kret; - - (void) snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT); - ret = mkstemp(scratch); - if (ret == -1) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - return krb5_fcc_interpret(context, errno); - } - set_cloexec_fd(ret); - - /* Allocate memory */ - data = (krb5_pointer) malloc(sizeof(krb5_fcc_data)); - if (data == NULL) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - close(ret); - unlink(scratch); - return KRB5_CC_NOMEM; - } - - data->filename = strdup(scratch); - if (data->filename == NULL) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - free(data); - close(ret); - unlink(scratch); - return KRB5_CC_NOMEM; - } - - kret = k5_cc_mutex_init(&data->lock); - if (kret) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - free(data->filename); - free(data); - close(ret); - unlink(scratch); - return kret; - } - kret = k5_cc_mutex_lock(context, &data->lock); - if (kret) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - k5_cc_mutex_destroy(&data->lock); - free(data->filename); - free(data); - close(ret); - unlink(scratch); - return kret; - } - - /* - * The file is initially closed at the end of this call... - */ - data->flags = 0; - data->file = -1; - data->valid_bytes = 0; - /* data->version,mode filled in for real later */ - data->version = data->mode = 0; - - - /* Ignore user's umask, set mode = 0600 */ + krb5_ccache lid; + int ret; + krb5_error_code kret = 0; + char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for + NUL */ + krb5_fcc_data *data; + krb5_int16 fcc_fvno = htons(context->fcc_default_format); + krb5_int16 fcc_flen = 0; + int errsave, cnt; + struct fcc_set *setptr; + + /* Set master lock */ + kret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); + if (kret) + return kret; + + (void) snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT); + ret = mkstemp(scratch); + if (ret == -1) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + return krb5_fcc_interpret(context, errno); + } + set_cloexec_fd(ret); + + /* Allocate memory */ + data = (krb5_pointer) malloc(sizeof(krb5_fcc_data)); + if (data == NULL) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + close(ret); + unlink(scratch); + return KRB5_CC_NOMEM; + } + + data->filename = strdup(scratch); + if (data->filename == NULL) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + free(data); + close(ret); + unlink(scratch); + return KRB5_CC_NOMEM; + } + + kret = k5_cc_mutex_init(&data->lock); + if (kret) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + free(data->filename); + free(data); + close(ret); + unlink(scratch); + return kret; + } + kret = k5_cc_mutex_lock(context, &data->lock); + if (kret) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + k5_cc_mutex_destroy(&data->lock); + free(data->filename); + free(data); + close(ret); + unlink(scratch); + return kret; + } + + /* + * The file is initially closed at the end of this call... + */ + data->flags = 0; + data->file = -1; + data->valid_bytes = 0; + /* data->version,mode filled in for real later */ + data->version = data->mode = 0; + + + /* Ignore user's umask, set mode = 0600 */ #ifndef HAVE_FCHMOD #ifdef HAVE_CHMOD - chmod(data->filename, S_IRUSR | S_IWUSR); + chmod(data->filename, S_IRUSR | S_IWUSR); #endif #else - fchmod(ret, S_IRUSR | S_IWUSR); + fchmod(ret, S_IRUSR | S_IWUSR); #endif - if ((cnt = write(ret, (char *)&fcc_fvno, sizeof(fcc_fvno))) - != sizeof(fcc_fvno)) { - errsave = errno; - (void) close(ret); - (void) unlink(data->filename); - kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; - goto err_out; - } - /* For version 4 we save a length for the rest of the header */ - if (context->fcc_default_format == KRB5_FCC_FVNO_4) { - if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen))) - != sizeof(fcc_flen)) { - errsave = errno; - (void) close(ret); - (void) unlink(data->filename); - kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; - goto err_out; - } - } - if (close(ret) == -1) { - errsave = errno; - (void) unlink(data->filename); - kret = krb5_fcc_interpret(context, errsave); - goto err_out; - } - - - setptr = malloc(sizeof(struct fcc_set)); - if (setptr == NULL) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - k5_cc_mutex_unlock(context, &data->lock); - k5_cc_mutex_destroy(&data->lock); - free(data->filename); - free(data); - (void) close(ret); - (void) unlink(scratch); - return KRB5_CC_NOMEM; - } - setptr->refcount = 1; - setptr->data = data; - setptr->next = fccs; - fccs = setptr; - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - - k5_cc_mutex_assert_locked(context, &data->lock); - k5_cc_mutex_unlock(context, &data->lock); - lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); - if (lid == NULL) { - dereference(context, data); - return KRB5_CC_NOMEM; - } - - lid->ops = &krb5_fcc_ops; - lid->data = data; - lid->magic = KV5M_CCACHE; - - /* default to open/close on every trn - otherwise destroy - will get as to state confused */ - ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE; - - *id = lid; - - - krb5_change_cache (); - return KRB5_OK; + if ((cnt = write(ret, (char *)&fcc_fvno, sizeof(fcc_fvno))) + != sizeof(fcc_fvno)) { + errsave = errno; + (void) close(ret); + (void) unlink(data->filename); + kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; + goto err_out; + } + /* For version 4 we save a length for the rest of the header */ + if (context->fcc_default_format == KRB5_FCC_FVNO_4) { + if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen))) + != sizeof(fcc_flen)) { + errsave = errno; + (void) close(ret); + (void) unlink(data->filename); + kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; + goto err_out; + } + } + if (close(ret) == -1) { + errsave = errno; + (void) unlink(data->filename); + kret = krb5_fcc_interpret(context, errsave); + goto err_out; + } + + + setptr = malloc(sizeof(struct fcc_set)); + if (setptr == NULL) { + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + k5_cc_mutex_unlock(context, &data->lock); + k5_cc_mutex_destroy(&data->lock); + free(data->filename); + free(data); + (void) close(ret); + (void) unlink(scratch); + return KRB5_CC_NOMEM; + } + setptr->refcount = 1; + setptr->data = data; + setptr->next = fccs; + fccs = setptr; + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + + k5_cc_mutex_assert_locked(context, &data->lock); + k5_cc_mutex_unlock(context, &data->lock); + lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); + if (lid == NULL) { + dereference(context, data); + return KRB5_CC_NOMEM; + } + + lid->ops = &krb5_fcc_ops; + lid->data = data; + lid->magic = KV5M_CCACHE; + + /* default to open/close on every trn - otherwise destroy + will get as to state confused */ + ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE; + + *id = lid; + + + krb5_change_cache (); + return KRB5_OK; err_out: - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - k5_cc_mutex_unlock(context, &data->lock); - k5_cc_mutex_destroy(&data->lock); - free(data->filename); - free(data); - return kret; + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + k5_cc_mutex_unlock(context, &data->lock); + k5_cc_mutex_destroy(&data->lock); + free(data->filename); + free(data); + return kret; } /* * Requires: * id is a file credential cache - * + * * Returns: * The name of the file cred cache id. */ static const char * KRB5_CALLCONV krb5_fcc_get_name (krb5_context context, krb5_ccache id) { - return (char *) ((krb5_fcc_data *) id->data)->filename; + return (char *) ((krb5_fcc_data *) id->data)->filename; } /* @@ -2151,31 +2152,31 @@ krb5_fcc_get_name (krb5_context context, krb5_ccache id) static krb5_error_code KRB5_CALLCONV krb5_fcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) { - krb5_error_code kret = KRB5_OK; + krb5_error_code kret = KRB5_OK; + + kret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); + if (kret) + return kret; - kret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); - if (kret) - return kret; + MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); - MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); - - /* make sure we're beyond the header */ - kret = krb5_fcc_skip_header(context, id); - if (kret) goto done; - kret = krb5_fcc_read_principal(context, id, princ); + /* make sure we're beyond the header */ + kret = krb5_fcc_skip_header(context, id); + if (kret) goto done; + kret = krb5_fcc_read_principal(context, id, princ); done: - MAYBE_CLOSE(context, id, kret); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - return kret; + MAYBE_CLOSE(context, id, kret); + k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); + return kret; } - + static krb5_error_code KRB5_CALLCONV krb5_fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds) { return krb5_cc_retrieve_cred_default (context, id, whichfields, - mcreds, creds); + mcreds, creds); } @@ -2194,55 +2195,55 @@ static krb5_error_code KRB5_CALLCONV krb5_fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds) { #define TCHECK(ret) if (ret != KRB5_OK) goto lose; - krb5_error_code ret; - - ret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); - if (ret) - return ret; - - /* Make sure we are writing to the end of the file */ - MAYBE_OPEN(context, id, FCC_OPEN_RDWR); - - /* Make sure we are writing to the end of the file */ - ret = fcc_lseek((krb5_fcc_data *) id->data, (off_t) 0, SEEK_END); - if (ret < 0) { - MAYBE_CLOSE_IGNORE(context, id); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - return krb5_fcc_interpret(context, errno); - } - - ret = krb5_fcc_store_principal(context, id, creds->client); - TCHECK(ret); - ret = krb5_fcc_store_principal(context, id, creds->server); - TCHECK(ret); - ret = krb5_fcc_store_keyblock(context, id, &creds->keyblock); - TCHECK(ret); - ret = krb5_fcc_store_times(context, id, &creds->times); - TCHECK(ret); - ret = krb5_fcc_store_octet(context, id, (krb5_int32) creds->is_skey); - TCHECK(ret); - ret = krb5_fcc_store_int32(context, id, creds->ticket_flags); - TCHECK(ret); - ret = krb5_fcc_store_addrs(context, id, creds->addresses); - TCHECK(ret); - ret = krb5_fcc_store_authdata(context, id, creds->authdata); - TCHECK(ret); - ret = krb5_fcc_store_data(context, id, &creds->ticket); - TCHECK(ret); - ret = krb5_fcc_store_data(context, id, &creds->second_ticket); - TCHECK(ret); + krb5_error_code ret; + + ret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); + if (ret) + return ret; + + /* Make sure we are writing to the end of the file */ + MAYBE_OPEN(context, id, FCC_OPEN_RDWR); + + /* Make sure we are writing to the end of the file */ + ret = fcc_lseek((krb5_fcc_data *) id->data, (off_t) 0, SEEK_END); + if (ret < 0) { + MAYBE_CLOSE_IGNORE(context, id); + k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); + return krb5_fcc_interpret(context, errno); + } + + ret = krb5_fcc_store_principal(context, id, creds->client); + TCHECK(ret); + ret = krb5_fcc_store_principal(context, id, creds->server); + TCHECK(ret); + ret = krb5_fcc_store_keyblock(context, id, &creds->keyblock); + TCHECK(ret); + ret = krb5_fcc_store_times(context, id, &creds->times); + TCHECK(ret); + ret = krb5_fcc_store_octet(context, id, (krb5_int32) creds->is_skey); + TCHECK(ret); + ret = krb5_fcc_store_int32(context, id, creds->ticket_flags); + TCHECK(ret); + ret = krb5_fcc_store_addrs(context, id, creds->addresses); + TCHECK(ret); + ret = krb5_fcc_store_authdata(context, id, creds->authdata); + TCHECK(ret); + ret = krb5_fcc_store_data(context, id, &creds->ticket); + TCHECK(ret); + ret = krb5_fcc_store_data(context, id, &creds->second_ticket); + TCHECK(ret); lose: - MAYBE_CLOSE(context, id, ret); - k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); - krb5_change_cache (); - return ret; + MAYBE_CLOSE(context, id, ret); + k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); + krb5_change_cache (); + return ret; #undef TCHECK } -/* +/* * Non-functional stub implementation for krb5_fcc_remove - * + * * Errors: * KRB5_CC_NOSUPP - not implemented */ @@ -2260,7 +2261,7 @@ krb5_fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, * * Modifies: * id - * + * * Effects: * Sets the operational flags of id to flags. */ @@ -2271,18 +2272,18 @@ krb5_fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) ret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); if (ret) - return ret; + return ret; /* XXX This should check for illegal combinations, if any.. */ if (flags & KRB5_TC_OPENCLOSE) { - /* asking to turn on OPENCLOSE mode */ - if (!OPENCLOSE(id) - /* XXX Is this test necessary? */ - && ((krb5_fcc_data *) id->data)->file != NO_FILE) + /* asking to turn on OPENCLOSE mode */ + if (!OPENCLOSE(id) + /* XXX Is this test necessary? */ + && ((krb5_fcc_data *) id->data)->file != NO_FILE) (void) krb5_fcc_close_file (context, ((krb5_fcc_data *) id->data)); } else { - /* asking to turn off OPENCLOSE mode, meaning it must be - left open. We open if it's not yet open */ + /* asking to turn off OPENCLOSE mode, meaning it must be + left open. We open if it's not yet open */ MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); } @@ -2298,7 +2299,7 @@ krb5_fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) * * Modifies: * id (mutex only; temporary) - * + * * Effects: * Returns the operational flags of id. */ @@ -2309,7 +2310,7 @@ krb5_fcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags) ret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock); if (ret) - return ret; + return ret; *flags = ((krb5_fcc_data *) id->data)->flags; k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock); return ret; @@ -2321,9 +2322,9 @@ krb5_fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor) krb5_error_code ret = 0; krb5_cc_ptcursor n = NULL; struct krb5_fcc_ptcursor_data *cdata = NULL; - + *cursor = NULL; - + n = malloc(sizeof(*n)); if (n == NULL) return ENOMEM; @@ -2341,11 +2342,11 @@ krb5_fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor) ret = k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); if (ret) goto errout; - + errout: - if (ret) { - krb5_fcc_ptcursor_free(context, &n); - } + if (ret) { + krb5_fcc_ptcursor_free(context, &n); + } *cursor = n; return ret; } @@ -2358,39 +2359,39 @@ krb5_fcc_ptcursor_next(krb5_context context, krb5_error_code ret = 0; struct krb5_fcc_ptcursor_data *cdata = NULL; krb5_ccache n; - + *ccache = NULL; n = malloc(sizeof(*n)); if (n == NULL) return ENOMEM; - + cdata = cursor->data; ret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); if (ret) goto errout; - + if (cdata->cur == NULL) { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); free(n); n = NULL; goto errout; } - + n->ops = &krb5_fcc_ops; n->data = cdata->cur->data; cdata->cur->refcount++; - + cdata->cur = cdata->cur->next; - + ret = k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); if (ret) goto errout; errout: - if (ret && n != NULL) { - free(n); - n = NULL; - } + if (ret && n != NULL) { + free(n); + n = NULL; + } *ccache = n; return ret; } @@ -2411,14 +2412,14 @@ krb5_fcc_ptcursor_free(krb5_context context, /* * Modifies: * change_time - * + * * Effects: * Returns the timestamp of id's file modification date. * If an error occurs, change_time is set to 0. */ static krb5_error_code KRB5_CALLCONV krb5_fcc_last_change_time(krb5_context context, krb5_ccache id, - krb5_timestamp *change_time) + krb5_timestamp *change_time) { krb5_error_code kret = KRB5_OK; krb5_fcc_data *data = (krb5_fcc_data *) id->data; @@ -2429,7 +2430,7 @@ krb5_fcc_last_change_time(krb5_context context, krb5_ccache id, } static krb5_error_code KRB5_CALLCONV krb5_fcc_lock(krb5_context context, - krb5_ccache id) + krb5_ccache id) { krb5_error_code ret = 0; krb5_fcc_data *data = (krb5_fcc_data *) id->data; @@ -2438,7 +2439,7 @@ static krb5_error_code KRB5_CALLCONV krb5_fcc_lock(krb5_context context, } static krb5_error_code KRB5_CALLCONV krb5_fcc_unlock(krb5_context context, - krb5_ccache id) + krb5_ccache id) { krb5_error_code ret = 0; krb5_fcc_data *data = (krb5_fcc_data *) id->data; @@ -2448,7 +2449,7 @@ static krb5_error_code KRB5_CALLCONV krb5_fcc_unlock(krb5_context context, static krb5_error_code krb5_fcc_data_last_change_time(krb5_context context, krb5_fcc_data *data, - krb5_timestamp *change_time) + krb5_timestamp *change_time) { krb5_error_code kret = KRB5_OK; register int ret; @@ -2480,8 +2481,8 @@ krb5_fcc_interpret(krb5_context context, int errnum) register krb5_error_code retval; switch (errnum) { case ENOENT: - retval = KRB5_FCC_NOFILE; - break; + retval = KRB5_FCC_NOFILE; + break; case EPERM: case EACCES: #ifdef EISDIR @@ -2496,10 +2497,10 @@ krb5_fcc_interpret(krb5_context context, int errnum) #endif case EBUSY: case EROFS: - retval = KRB5_FCC_PERM; - break; + retval = KRB5_FCC_PERM; + break; case EINVAL: - case EEXIST: /* XXX */ + case EEXIST: /* XXX */ case EFAULT: case EBADF: #ifdef ENAMETOOLONG @@ -2508,8 +2509,8 @@ krb5_fcc_interpret(krb5_context context, int errnum) #ifdef EWOULDBLOCK case EWOULDBLOCK: #endif - retval = KRB5_FCC_INTERNAL; - break; + retval = KRB5_FCC_INTERNAL; + break; #ifdef EDQUOT case EDQUOT: #endif @@ -2519,40 +2520,40 @@ krb5_fcc_interpret(krb5_context context, int errnum) case EMFILE: case ENXIO: default: - retval = KRB5_CC_IO; /* XXX */ - krb5_set_error_message(context, retval, - "Credentials cache I/O operation failed (%s)", - strerror(errnum)); + retval = KRB5_CC_IO; /* XXX */ + krb5_set_error_message(context, retval, + "Credentials cache I/O operation failed (%s)", + strerror(errnum)); } return retval; } const krb5_cc_ops krb5_fcc_ops = { - 0, - "FILE", - krb5_fcc_get_name, - krb5_fcc_resolve, - krb5_fcc_generate_new, - krb5_fcc_initialize, - krb5_fcc_destroy, - krb5_fcc_close, - krb5_fcc_store, - krb5_fcc_retrieve, - krb5_fcc_get_principal, - krb5_fcc_start_seq_get, - krb5_fcc_next_cred, - krb5_fcc_end_seq_get, - krb5_fcc_remove_cred, - krb5_fcc_set_flags, - krb5_fcc_get_flags, - krb5_fcc_ptcursor_new, - krb5_fcc_ptcursor_next, - krb5_fcc_ptcursor_free, - NULL, /* move */ - krb5_fcc_last_change_time, - NULL, /* wasdefault */ - krb5_fcc_lock, - krb5_fcc_unlock, + 0, + "FILE", + krb5_fcc_get_name, + krb5_fcc_resolve, + krb5_fcc_generate_new, + krb5_fcc_initialize, + krb5_fcc_destroy, + krb5_fcc_close, + krb5_fcc_store, + krb5_fcc_retrieve, + krb5_fcc_get_principal, + krb5_fcc_start_seq_get, + krb5_fcc_next_cred, + krb5_fcc_end_seq_get, + krb5_fcc_remove_cred, + krb5_fcc_set_flags, + krb5_fcc_get_flags, + krb5_fcc_ptcursor_new, + krb5_fcc_ptcursor_next, + krb5_fcc_ptcursor_free, + NULL, /* move */ + krb5_fcc_last_change_time, + NULL, /* wasdefault */ + krb5_fcc_lock, + krb5_fcc_unlock, }; #if defined(_WIN32) @@ -2561,10 +2562,10 @@ const krb5_cc_ops krb5_fcc_ops = { * A notification message is is posted out to all top level * windows so that they may recheck the cache based on the * changes made. We register a unique message type with which - * we'll communicate to all other processes. + * we'll communicate to all other processes. */ -krb5_error_code +krb5_error_code krb5_change_cache (void) { PostMessage(HWND_BROADCAST, krb5_get_notification_message(), 0, 0); @@ -2597,29 +2598,29 @@ krb5_get_notification_message (void) #endif /* _WIN32 */ const krb5_cc_ops krb5_cc_file_ops = { - 0, - "FILE", - krb5_fcc_get_name, - krb5_fcc_resolve, - krb5_fcc_generate_new, - krb5_fcc_initialize, - krb5_fcc_destroy, - krb5_fcc_close, - krb5_fcc_store, - krb5_fcc_retrieve, - krb5_fcc_get_principal, - krb5_fcc_start_seq_get, - krb5_fcc_next_cred, - krb5_fcc_end_seq_get, - krb5_fcc_remove_cred, - krb5_fcc_set_flags, - krb5_fcc_get_flags, - krb5_fcc_ptcursor_new, - krb5_fcc_ptcursor_next, - krb5_fcc_ptcursor_free, - NULL, /* move */ - krb5_fcc_last_change_time, - NULL, /* wasdefault */ - krb5_fcc_lock, - krb5_fcc_unlock, + 0, + "FILE", + krb5_fcc_get_name, + krb5_fcc_resolve, + krb5_fcc_generate_new, + krb5_fcc_initialize, + krb5_fcc_destroy, + krb5_fcc_close, + krb5_fcc_store, + krb5_fcc_retrieve, + krb5_fcc_get_principal, + krb5_fcc_start_seq_get, + krb5_fcc_next_cred, + krb5_fcc_end_seq_get, + krb5_fcc_remove_cred, + krb5_fcc_set_flags, + krb5_fcc_get_flags, + krb5_fcc_ptcursor_new, + krb5_fcc_ptcursor_next, + krb5_fcc_ptcursor_free, + NULL, /* move */ + krb5_fcc_last_change_time, + NULL, /* wasdefault */ + krb5_fcc_lock, + krb5_fcc_unlock, }; diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c index 9353fd4..9841ed5 100644 --- a/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/cc_keyring.c * @@ -40,7 +41,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -61,13 +62,13 @@ * * Some assumptions: * - * - A credentials cache "file" == a keyring with separate keys - * for the information in the ccache (see below) - * - A credentials cache keyring will contain only keys, - * not other keyrings - * - Each Kerberos ticket will have its own key within the ccache keyring - * - The principal information for the ccache is stored in a - * special key, which is not counted in the 'numkeys' count + * - A credentials cache "file" == a keyring with separate keys + * for the information in the ccache (see below) + * - A credentials cache keyring will contain only keys, + * not other keyrings + * - Each Kerberos ticket will have its own key within the ccache keyring + * - The principal information for the ccache is stored in a + * special key, which is not counted in the 'numkeys' count */ #include "cc-int.h" @@ -78,24 +79,24 @@ #include <keyutils.h> #ifdef DEBUG -#define KRCC_DEBUG 1 +#define KRCC_DEBUG 1 #endif #if KRCC_DEBUG -void debug_print(char *fmt, ...); /* prototype to silence warning */ +void debug_print(char *fmt, ...); /* prototype to silence warning */ #include <syslog.h> #define DEBUG_PRINT(x) debug_print x void debug_print(char *fmt, ...) { - va_list ap; - va_start(ap, fmt); + va_list ap; + va_start(ap, fmt); #ifdef DEBUG_STDERR - vfprintf(stderr, fmt, ap); + vfprintf(stderr, fmt, ap); #else - vsyslog(LOG_ERR, fmt, ap); + vsyslog(LOG_ERR, fmt, ap); #endif - va_end(ap); + va_end(ap); } #else #define DEBUG_PRINT(x) @@ -145,9 +146,9 @@ debug_print(char *fmt, ...) /* Hopefully big enough to hold a serialized credential */ #define GUESS_CRED_SIZE 4096 -#define ALLOC(NUM,TYPE) \ - (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \ - ? (TYPE *) calloc((NUM), sizeof(TYPE)) \ +#define ALLOC(NUM,TYPE) \ + (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \ + ? (TYPE *) calloc((NUM), sizeof(TYPE)) \ : (errno = ENOMEM,(TYPE *) 0)) #define CHECK_N_GO(ret, errdest) if (ret != KRB5_OK) goto errdest @@ -155,9 +156,9 @@ debug_print(char *fmt, ...) #define CHECK_OUT(ret) if (ret != KRB5_OK) return ret typedef struct krb5_krcc_ring_ids { - key_serial_t session; - key_serial_t process; - key_serial_t thread; + key_serial_t session; + key_serial_t process; + key_serial_t thread; } krb5_krcc_ring_ids_t; typedef struct _krb5_krcc_cursor @@ -176,13 +177,13 @@ typedef struct _krb5_krcc_cursor */ typedef struct _krb5_krcc_data { - char *name; /* Name for this credentials cache */ - k5_cc_mutex lock; /* synchronization */ - key_serial_t parent_id; /* parent keyring of this ccache keyring */ - key_serial_t ring_id; /* keyring representing ccache */ - key_serial_t princ_id; /* key holding principal info */ - int numkeys; /* # of keys in this ring - * (does NOT include principal info) */ + char *name; /* Name for this credentials cache */ + k5_cc_mutex lock; /* synchronization */ + key_serial_t parent_id; /* parent keyring of this ccache keyring */ + key_serial_t ring_id; /* keyring representing ccache */ + key_serial_t princ_id; /* key holding principal info */ + int numkeys; /* # of keys in this ring + * (does NOT include principal info) */ krb5_timestamp changetime; } krb5_krcc_data; @@ -203,154 +204,154 @@ k5_cc_mutex krb5int_krcc_mutex = K5_CC_MUTEX_PARTIAL_INITIALIZER; extern const krb5_cc_ops krb5_krcc_ops; static const char *KRB5_CALLCONV krb5_krcc_get_name - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_krcc_resolve - (krb5_context, krb5_ccache * id, const char *residual); +(krb5_context, krb5_ccache * id, const char *residual); static krb5_error_code KRB5_CALLCONV krb5_krcc_generate_new - (krb5_context, krb5_ccache * id); +(krb5_context, krb5_ccache * id); static krb5_error_code KRB5_CALLCONV krb5_krcc_initialize - (krb5_context, krb5_ccache id, krb5_principal princ); +(krb5_context, krb5_ccache id, krb5_principal princ); static krb5_error_code KRB5_CALLCONV krb5_krcc_destroy - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_krcc_close - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_krcc_store - (krb5_context, krb5_ccache id, krb5_creds * creds); +(krb5_context, krb5_ccache id, krb5_creds * creds); static krb5_error_code KRB5_CALLCONV krb5_krcc_retrieve - (krb5_context, krb5_ccache id, krb5_flags whichfields, - krb5_creds * mcreds, krb5_creds * creds); +(krb5_context, krb5_ccache id, krb5_flags whichfields, + krb5_creds * mcreds, krb5_creds * creds); static krb5_error_code KRB5_CALLCONV krb5_krcc_get_principal - (krb5_context, krb5_ccache id, krb5_principal * princ); +(krb5_context, krb5_ccache id, krb5_principal * princ); static krb5_error_code KRB5_CALLCONV krb5_krcc_start_seq_get - (krb5_context, krb5_ccache id, krb5_cc_cursor * cursor); +(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor); static krb5_error_code KRB5_CALLCONV krb5_krcc_next_cred - (krb5_context, krb5_ccache id, krb5_cc_cursor * cursor, - krb5_creds * creds); +(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor, + krb5_creds * creds); static krb5_error_code KRB5_CALLCONV krb5_krcc_end_seq_get - (krb5_context, krb5_ccache id, krb5_cc_cursor * cursor); +(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor); static krb5_error_code KRB5_CALLCONV krb5_krcc_remove_cred - (krb5_context context, krb5_ccache cache, krb5_flags flags, - krb5_creds * creds); +(krb5_context context, krb5_ccache cache, krb5_flags flags, + krb5_creds * creds); static krb5_error_code KRB5_CALLCONV krb5_krcc_set_flags - (krb5_context, krb5_ccache id, krb5_flags flags); +(krb5_context, krb5_ccache id, krb5_flags flags); static krb5_error_code KRB5_CALLCONV krb5_krcc_get_flags - (krb5_context context, krb5_ccache id, krb5_flags * flags); +(krb5_context context, krb5_ccache id, krb5_flags * flags); static krb5_error_code KRB5_CALLCONV krb5_krcc_last_change_time - (krb5_context, krb5_ccache, krb5_timestamp *); +(krb5_context, krb5_ccache, krb5_timestamp *); static krb5_error_code KRB5_CALLCONV krb5_krcc_lock - (krb5_context context, krb5_ccache id); +(krb5_context context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_krcc_unlock - (krb5_context context, krb5_ccache id); +(krb5_context context, krb5_ccache id); /* * Internal utility functions */ static krb5_error_code krb5_krcc_clearcache - (krb5_context context, krb5_ccache id); +(krb5_context context, krb5_ccache id); static krb5_error_code krb5_krcc_new_data - (const char *, key_serial_t ring, key_serial_t parent_ring, - krb5_krcc_data **); +(const char *, key_serial_t ring, key_serial_t parent_ring, + krb5_krcc_data **); static krb5_error_code krb5_krcc_save_principal - (krb5_context context, krb5_ccache id, krb5_principal princ); +(krb5_context context, krb5_ccache id, krb5_principal princ); static krb5_error_code krb5_krcc_retrieve_principal - (krb5_context context, krb5_ccache id, krb5_principal * princ); +(krb5_context context, krb5_ccache id, krb5_principal * princ); static int krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p); /* Routines to parse a key from a keyring into a cred structure */ static krb5_error_code krb5_krcc_parse - (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len, - krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_cred - (krb5_context context, krb5_ccache id, krb5_creds * creds, - char *payload, int psize); +(krb5_context context, krb5_ccache id, krb5_creds * creds, + char *payload, int psize); static krb5_error_code krb5_krcc_parse_principal - (krb5_context context, krb5_ccache id, krb5_principal * princ, - krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_principal * princ, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_keyblock - (krb5_context context, krb5_ccache id, krb5_keyblock * keyblock, - krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_keyblock * keyblock, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_times - (krb5_context context, krb5_ccache id, krb5_ticket_times * t, - krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_ticket_times * t, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_krb5data - (krb5_context context, krb5_ccache id, krb5_data * data, - krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_data * data, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_int32 - (krb5_context context, krb5_ccache id, krb5_int32 * i, krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_int32 * i, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_octet - (krb5_context context, krb5_ccache id, krb5_octet * octet, - krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_octet * octet, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_addrs - (krb5_context context, krb5_ccache id, krb5_address *** a, - krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_address *** a, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_addr - (krb5_context context, krb5_ccache id, krb5_address * a, - krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_address * a, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_authdata - (krb5_context context, krb5_ccache id, krb5_authdata *** ad, - krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_authdata *** ad, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_authdatum - (krb5_context context, krb5_ccache id, krb5_authdata * ad, - krb5_krcc_bc * bc); +(krb5_context context, krb5_ccache id, krb5_authdata * ad, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_parse_ui_2 - (krb5_context, krb5_ccache id, krb5_ui_2 * i, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_ui_2 * i, krb5_krcc_bc * bc); /* Routines to unparse a cred structure into keyring key */ static krb5_error_code krb5_krcc_unparse - (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len, - krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_cred - (krb5_context context, krb5_ccache id, krb5_creds * creds, - char **datapp, unsigned int *lenptr); +(krb5_context context, krb5_ccache id, krb5_creds * creds, + char **datapp, unsigned int *lenptr); static krb5_error_code krb5_krcc_unparse_principal - (krb5_context, krb5_ccache id, krb5_principal princ, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_principal princ, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_keyblock - (krb5_context, krb5_ccache id, krb5_keyblock * keyblock, - krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_keyblock * keyblock, + krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_times - (krb5_context, krb5_ccache id, krb5_ticket_times * t, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_ticket_times * t, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_krb5data - (krb5_context, krb5_ccache id, krb5_data * data, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_data * data, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_int32 - (krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_octet - (krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_addrs - (krb5_context, krb5_ccache, krb5_address ** a, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache, krb5_address ** a, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_addr - (krb5_context, krb5_ccache, krb5_address * a, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache, krb5_address * a, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_authdata - (krb5_context, krb5_ccache, krb5_authdata ** ad, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache, krb5_authdata ** ad, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_authdatum - (krb5_context, krb5_ccache, krb5_authdata * ad, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache, krb5_authdata * ad, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_ui_4 - (krb5_context, krb5_ccache id, krb5_ui_4 i, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_ui_4 i, krb5_krcc_bc * bc); static krb5_error_code krb5_krcc_unparse_ui_2 - (krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc); +(krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc); static void krb5_krcc_update_change_time - (krb5_krcc_data *); +(krb5_krcc_data *); /* Note the following is a stub function for Linux */ extern krb5_error_code krb5_change_cache(void); @@ -363,12 +364,12 @@ static int KRB5_CALLCONV krb5_krcc_getkeycount(key_serial_t cred_ring) { int res, nkeys; - + res = keyctl_read(cred_ring, NULL, 0); if (res > 0) - nkeys = (res / sizeof(key_serial_t)) - 1; + nkeys = (res / sizeof(key_serial_t)) - 1; else - nkeys = 0; + nkeys = 0; return(nkeys); } @@ -387,7 +388,7 @@ krb5_krcc_getkeycount(key_serial_t cred_ring) static krb5_error_code KRB5_CALLCONV krb5_krcc_initialize(krb5_context context, krb5_ccache id, - krb5_principal princ) + krb5_principal princ) { krb5_error_code kret; @@ -395,15 +396,15 @@ krb5_krcc_initialize(krb5_context context, krb5_ccache id, kret = k5_cc_mutex_lock(context, &((krb5_krcc_data *) id->data)->lock); if (kret) - return kret; + return kret; kret = krb5_krcc_clearcache(context, id); if (kret != KRB5_OK) - goto out; + goto out; kret = krb5_krcc_save_principal(context, id, princ); if (kret == KRB5_OK) - krb5_change_cache(); + krb5_change_cache(); out: k5_cc_mutex_unlock(context, &((krb5_krcc_data *) id->data)->lock); @@ -462,11 +463,11 @@ krb5_krcc_clearcache(krb5_context context, krb5_ccache id) d = (krb5_krcc_data *) id->data; DEBUG_PRINT(("krb5_krcc_clearcache: ring_id %d, princ_id %d, " - "numkeys is %d\n", d->ring_id, d->princ_id, d->numkeys)); + "numkeys is %d\n", d->ring_id, d->princ_id, d->numkeys)); res = keyctl_clear(d->ring_id); if (res != 0) { - return errno; + return errno; } d->numkeys = 0; d->princ_id = 0; @@ -495,16 +496,16 @@ krb5_krcc_destroy(krb5_context context, krb5_ccache id) kret = k5_cc_mutex_lock(context, &d->lock); if (kret) - return kret; + return kret; krb5_krcc_clearcache(context, id); free(d->name); res = keyctl_unlink(d->ring_id, d->parent_id); if (res < 0) { - kret = errno; - DEBUG_PRINT(("krb5_krcc_destroy: unlinking key %d from ring %d: %s", - d->ring_id, d->parent_id, error_message(errno))); - goto cleanup; + kret = errno; + DEBUG_PRINT(("krb5_krcc_destroy: unlinking key %d from ring %d: %s", + d->ring_id, d->parent_id, error_message(errno))); + goto cleanup; } cleanup: k5_cc_mutex_unlock(context, &d->lock); @@ -553,28 +554,28 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache * id, const char *full_resid const char *residual; DEBUG_PRINT(("krb5_krcc_resolve: entered with name '%s'\n", - full_residual)); + full_residual)); res = krb5_krcc_get_ring_ids(&ids); if (res) { - kret = EINVAL; - DEBUG_PRINT(("krb5_krcc_resolve: Error getting ring id values!\n")); - return kret; + kret = EINVAL; + DEBUG_PRINT(("krb5_krcc_resolve: Error getting ring id values!\n")); + return kret; } if (strncmp(full_residual, "thread:", 7) == 0) { - residual = full_residual + 7; - ring_id = ids.thread; + residual = full_residual + 7; + ring_id = ids.thread; } else if (strncmp(full_residual, "process:", 8) == 0) { - residual = full_residual + 8; - ring_id = ids.process; + residual = full_residual + 8; + ring_id = ids.process; } else { - residual = full_residual; - ring_id = ids.session; + residual = full_residual; + ring_id = ids.session; } DEBUG_PRINT(("krb5_krcc_resolve: searching ring %d for residual '%s'\n", - ring_id, residual)); + ring_id, residual)); /* * Use keyctl_search instead of request_key. If we're supposed @@ -587,46 +588,46 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache * id, const char *full_resid */ key = keyctl_search(ring_id, KRCC_KEY_TYPE_KEYRING, residual, 0); if (key < 0) { - key = add_key(KRCC_KEY_TYPE_KEYRING, residual, NULL, 0, ring_id); - if (key < 0) { - kret = errno; - DEBUG_PRINT(("krb5_krcc_resolve: Error adding new " - "keyring '%s': %s\n", residual, strerror(errno))); - return kret; - } - DEBUG_PRINT(("krb5_krcc_resolve: new keyring '%s', " - "key %d, added to keyring %d\n", - residual, key, ring_id)); + key = add_key(KRCC_KEY_TYPE_KEYRING, residual, NULL, 0, ring_id); + if (key < 0) { + kret = errno; + DEBUG_PRINT(("krb5_krcc_resolve: Error adding new " + "keyring '%s': %s\n", residual, strerror(errno))); + return kret; + } + DEBUG_PRINT(("krb5_krcc_resolve: new keyring '%s', " + "key %d, added to keyring %d\n", + residual, key, ring_id)); } else { - DEBUG_PRINT(("krb5_krcc_resolve: found existing " - "key %d, with name '%s' in keyring %d\n", - key, residual, ring_id)); - /* Determine key containing principal information */ - pkey = keyctl_search(key, KRCC_KEY_TYPE_USER, - KRCC_SPEC_PRINC_KEYNAME, 0); - if (pkey < 0) { - DEBUG_PRINT(("krb5_krcc_resolve: Error locating principal " - "info for existing ccache in ring %d: %s\n", - key, strerror(errno))); - pkey = 0; - } - /* Determine how many keys exist */ - nkeys = krb5_krcc_getkeycount(key); + DEBUG_PRINT(("krb5_krcc_resolve: found existing " + "key %d, with name '%s' in keyring %d\n", + key, residual, ring_id)); + /* Determine key containing principal information */ + pkey = keyctl_search(key, KRCC_KEY_TYPE_USER, + KRCC_SPEC_PRINC_KEYNAME, 0); + if (pkey < 0) { + DEBUG_PRINT(("krb5_krcc_resolve: Error locating principal " + "info for existing ccache in ring %d: %s\n", + key, strerror(errno))); + pkey = 0; + } + /* Determine how many keys exist */ + nkeys = krb5_krcc_getkeycount(key); } lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); if (lid == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; kret = krb5_krcc_new_data(residual, key, ring_id, &d); if (kret) { - free(lid); - return kret; + free(lid); + return kret; } DEBUG_PRINT(("krb5_krcc_resolve: ring_id %d, princ_id %d, " - "nkeys %d\n", key, pkey, nkeys)); + "nkeys %d\n", key, pkey, nkeys)); d->princ_id = pkey; d->numkeys = nkeys; lid->ops = &krb5_krcc_ops; @@ -651,7 +652,7 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache * id, const char *full_resid */ static krb5_error_code KRB5_CALLCONV krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id, - krb5_cc_cursor * cursor) + krb5_cc_cursor * cursor) { krb5_krcc_cursor krcursor; krb5_error_code kret; @@ -664,7 +665,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id, d = id->data; kret = k5_cc_mutex_lock(context, &d->lock); if (kret) - return kret; + return kret; /* * Determine how many keys currently exist and update numkeys. @@ -677,19 +678,19 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id, krcursor = (krb5_krcc_cursor) malloc(size); if (krcursor == NULL) { - k5_cc_mutex_unlock(context, &d->lock); - return KRB5_CC_NOMEM; + k5_cc_mutex_unlock(context, &d->lock); + return KRB5_CC_NOMEM; } krcursor->keys = (key_serial_t *) ((char *) krcursor + sizeof(*krcursor)); res = keyctl_read(d->ring_id, (char *) krcursor->keys, - ((d->numkeys + 1) * sizeof(key_serial_t))); + ((d->numkeys + 1) * sizeof(key_serial_t))); if (res < 0 || res > ((d->numkeys + 1) * sizeof(key_serial_t))) { - DEBUG_PRINT(("Read %d bytes from keyring, numkeys %d: %s\n", - res, d->numkeys, strerror(errno))); - free(krcursor); - k5_cc_mutex_unlock(context, &d->lock); - return KRB5_CC_IO; + DEBUG_PRINT(("Read %d bytes from keyring, numkeys %d: %s\n", + res, d->numkeys, strerror(errno))); + free(krcursor); + k5_cc_mutex_unlock(context, &d->lock); + return KRB5_CC_IO; } krcursor->numkeys = d->numkeys; @@ -723,7 +724,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id, */ static krb5_error_code KRB5_CALLCONV krb5_krcc_next_cred(krb5_context context, krb5_ccache id, - krb5_cc_cursor * cursor, krb5_creds * creds) + krb5_cc_cursor * cursor, krb5_creds * creds) { krb5_krcc_cursor krcursor; krb5_error_code kret; @@ -738,35 +739,35 @@ krb5_krcc_next_cred(krb5_context context, krb5_ccache id, */ krcursor = (krb5_krcc_cursor) * cursor; if (krcursor == NULL) - return KRB5_CC_END; + return KRB5_CC_END; memset(creds, 0, sizeof(krb5_creds)); /* If we're pointing past the end of the keys array, there are no more */ if (krcursor->currkey > krcursor->numkeys) - return KRB5_CC_END; + return KRB5_CC_END; /* If we're pointing at the entry with the principal, skip it */ if (krcursor->keys[krcursor->currkey] == krcursor->princ_id) { - krcursor->currkey++; - /* Check if we have now reached the end */ - if (krcursor->currkey > krcursor->numkeys) - return KRB5_CC_END; + krcursor->currkey++; + /* Check if we have now reached the end */ + if (krcursor->currkey > krcursor->numkeys) + return KRB5_CC_END; } /* Read the key, the right size buffer will ba allocated and returned */ psize = keyctl_read_alloc(krcursor->keys[krcursor->currkey], &payload); if (psize == -1) { - DEBUG_PRINT(("Error reading key %d: %s\n", - krcursor->keys[krcursor->currkey], - strerror(errno))); - kret = KRB5_FCC_NOFILE; - goto freepayload; + DEBUG_PRINT(("Error reading key %d: %s\n", + krcursor->keys[krcursor->currkey], + strerror(errno))); + kret = KRB5_FCC_NOFILE; + goto freepayload; } krcursor->currkey++; kret = krb5_krcc_parse_cred(context, id, creds, payload, psize); - freepayload: +freepayload: if (payload) free(payload); return kret; } @@ -786,7 +787,7 @@ krb5_krcc_next_cred(krb5_context context, krb5_ccache id, /* ARGSUSED */ static krb5_error_code KRB5_CALLCONV krb5_krcc_end_seq_get(krb5_context context, krb5_ccache id, - krb5_cc_cursor * cursor) + krb5_cc_cursor * cursor) { DEBUG_PRINT(("krb5_krcc_end_seq_get: entered\n")); @@ -800,26 +801,26 @@ krb5_krcc_end_seq_get(krb5_context context, krb5_ccache id, Call with the global list lock held. */ static krb5_error_code krb5_krcc_new_data(const char *name, key_serial_t ring, - key_serial_t parent_ring, krb5_krcc_data ** datapp) + key_serial_t parent_ring, krb5_krcc_data ** datapp) { krb5_error_code kret; krb5_krcc_data *d; d = malloc(sizeof(krb5_krcc_data)); if (d == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; kret = k5_cc_mutex_init(&d->lock); if (kret) { - free(d); - return kret; + free(d); + return kret; } d->name = strdup(name); if (d->name == NULL) { - k5_cc_mutex_destroy(&d->lock); - free(d); - return KRB5_CC_NOMEM; + k5_cc_mutex_destroy(&d->lock); + free(d); + return KRB5_CC_NOMEM; } d->princ_id = 0; d->ring_id = ring; @@ -859,14 +860,14 @@ krb5_krcc_generate_new(krb5_context context, krb5_ccache * id) /* Allocate memory */ lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); if (lid == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; lid->ops = &krb5_krcc_ops; kret = k5_cc_mutex_lock(context, &krb5int_krcc_mutex); if (kret) { - free(lid); - return kret; + free(lid); + return kret; } /* XXX These values are platform-specific and should not be here! */ @@ -889,36 +890,36 @@ krb5_krcc_generate_new(krb5_context context, krb5_ccache * id) * a unique name, or we get an error. */ while (1) { - kret = krb5int_random_string(context, uniquename, sizeof(uniquename)); + kret = krb5int_random_string(context, uniquename, sizeof(uniquename)); if (kret) { k5_cc_mutex_unlock(context, &krb5int_krcc_mutex); free(lid); return kret; - } - - DEBUG_PRINT(("krb5_krcc_generate_new: searching for name '%s'\n", - uniquename)); - key = keyctl_search(ring_id, KRCC_KEY_TYPE_KEYRING, uniquename, 0); -/*XXX*/ DEBUG_PRINT(("krb5_krcc_generate_new: after searching for '%s', key = %d, errno = %d\n", uniquename, key, errno)); - if (key < 0 && errno == ENOKEY) { - /* name does not already exist, create it to reserve the name */ - key = add_key(KRCC_KEY_TYPE_KEYRING, uniquename, NULL, 0, ring_id); - if (key < 0) { - kret = errno; - DEBUG_PRINT(("krb5_krcc_generate_new: '%s' trying to " - "create '%s'\n", strerror(errno), uniquename)); - k5_cc_mutex_unlock(context, &krb5int_krcc_mutex); - return kret; - } - break; - } + } + + DEBUG_PRINT(("krb5_krcc_generate_new: searching for name '%s'\n", + uniquename)); + key = keyctl_search(ring_id, KRCC_KEY_TYPE_KEYRING, uniquename, 0); + /*XXX*/ DEBUG_PRINT(("krb5_krcc_generate_new: after searching for '%s', key = %d, errno = %d\n", uniquename, key, errno)); + if (key < 0 && errno == ENOKEY) { + /* name does not already exist, create it to reserve the name */ + key = add_key(KRCC_KEY_TYPE_KEYRING, uniquename, NULL, 0, ring_id); + if (key < 0) { + kret = errno; + DEBUG_PRINT(("krb5_krcc_generate_new: '%s' trying to " + "create '%s'\n", strerror(errno), uniquename)); + k5_cc_mutex_unlock(context, &krb5int_krcc_mutex); + return kret; + } + break; + } } - + kret = krb5_krcc_new_data(uniquename, key, ring_id, &d); k5_cc_mutex_unlock(context, &krb5int_krcc_mutex); if (kret) { - free(lid); - return kret; + free(lid); + return kret; } lid->data = d; *id = lid; @@ -955,7 +956,7 @@ krb5_krcc_get_name(krb5_context context, krb5_ccache id) */ static krb5_error_code KRB5_CALLCONV krb5_krcc_get_principal(krb5_context context, krb5_ccache id, - krb5_principal * princ) + krb5_principal * princ) { DEBUG_PRINT(("krb5_krcc_get_principal: entered\n")); @@ -964,13 +965,13 @@ krb5_krcc_get_principal(krb5_context context, krb5_ccache id, static krb5_error_code KRB5_CALLCONV krb5_krcc_retrieve(krb5_context context, krb5_ccache id, - krb5_flags whichfields, krb5_creds * mcreds, - krb5_creds * creds) + krb5_flags whichfields, krb5_creds * mcreds, + krb5_creds * creds) { DEBUG_PRINT(("krb5_krcc_retrieve: entered\n")); return krb5_cc_retrieve_cred_default(context, id, whichfields, - mcreds, creds); + mcreds, creds); } /* @@ -981,7 +982,7 @@ krb5_krcc_retrieve(krb5_context context, krb5_ccache id, */ static krb5_error_code KRB5_CALLCONV krb5_krcc_remove_cred(krb5_context context, krb5_ccache cache, - krb5_flags flags, krb5_creds * creds) + krb5_flags flags, krb5_creds * creds) { DEBUG_PRINT(("krb5_krcc_remove_cred: entered (returning KRB5_CC_NOSUPP)\n")); @@ -1031,54 +1032,54 @@ krb5_krcc_store(krb5_context context, krb5_ccache id, krb5_creds * creds) kret = k5_cc_mutex_lock(context, &d->lock); if (kret) - return kret; + return kret; /* Get the service principal name and use it as the key name */ kret = krb5_unparse_name(context, creds->server, &keyname); if (kret) { - DEBUG_PRINT(("Error unparsing service principal name!\n")); - goto errout; + DEBUG_PRINT(("Error unparsing service principal name!\n")); + goto errout; } /* Serialize credential into memory */ kret = krb5_krcc_unparse_cred(context, id, creds, &payload, &payloadlen); if (kret != KRB5_OK) - goto errout; + goto errout; /* Add new key (credentials) into keyring */ DEBUG_PRINT(("krb5_krcc_store: adding new key '%s' to keyring %d\n", - keyname, d->ring_id)); + keyname, d->ring_id)); newkey = add_key(KRCC_KEY_TYPE_USER, keyname, payload, - payloadlen, d->ring_id); + payloadlen, d->ring_id); if (newkey < 0) { - kret = errno; - DEBUG_PRINT(("Error adding user key '%s': %s\n", - keyname, strerror(kret))); + kret = errno; + DEBUG_PRINT(("Error adding user key '%s': %s\n", + keyname, strerror(kret))); } else { - d->numkeys++; - kret = KRB5_OK; - krb5_krcc_update_change_time(d); + d->numkeys++; + kret = KRB5_OK; + krb5_krcc_update_change_time(d); } - errout: +errout: if (keyname) - krb5_free_unparsed_name(context, keyname); + krb5_free_unparsed_name(context, keyname); if (payload) - free(payload); + free(payload); k5_cc_mutex_unlock(context, &d->lock); return kret; } -static krb5_error_code KRB5_CALLCONV -krb5_krcc_last_change_time(krb5_context context, krb5_ccache id, - krb5_timestamp *change_time) +static krb5_error_code KRB5_CALLCONV +krb5_krcc_last_change_time(krb5_context context, krb5_ccache id, + krb5_timestamp *change_time) { krb5_error_code ret = 0; krb5_krcc_data *data = (krb5_krcc_data *) id->data; - + *change_time = 0; - + ret = k5_cc_mutex_lock(context, &data->lock); if (!ret) { *change_time = data->changetime; @@ -1088,7 +1089,7 @@ krb5_krcc_last_change_time(krb5_context context, krb5_ccache id, return ret; } -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_krcc_lock(krb5_context context, krb5_ccache id) { krb5_error_code ret = 0; @@ -1097,7 +1098,7 @@ krb5_krcc_lock(krb5_context context, krb5_ccache id) return ret; } -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_krcc_unlock(krb5_context context, krb5_ccache id) { krb5_error_code ret = 0; @@ -1109,7 +1110,7 @@ krb5_krcc_unlock(krb5_context context, krb5_ccache id) static krb5_error_code krb5_krcc_save_principal(krb5_context context, krb5_ccache id, - krb5_principal princ) + krb5_principal princ) { krb5_krcc_data *d; krb5_error_code kret; @@ -1124,7 +1125,7 @@ krb5_krcc_save_principal(krb5_context context, krb5_ccache id, payload = malloc(GUESS_CRED_SIZE); if (payload == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; bc.bpp = payload; bc.endp = payload + GUESS_CRED_SIZE; @@ -1136,36 +1137,36 @@ krb5_krcc_save_principal(krb5_context context, krb5_ccache id, payloadsize = bc.bpp - payload; #ifdef KRCC_DEBUG { - krb5_error_code rc; - char *princname = NULL; - rc = krb5_unparse_name(context, princ, &princname); - DEBUG_PRINT(("krb5_krcc_save_principal: adding new key '%s' " - "to keyring %d for principal '%s'\n", - KRCC_SPEC_PRINC_KEYNAME, d->ring_id, - rc ? "<unknown>" : princname)); - if (rc == 0) - krb5_free_unparsed_name(context, princname); + krb5_error_code rc; + char *princname = NULL; + rc = krb5_unparse_name(context, princ, &princname); + DEBUG_PRINT(("krb5_krcc_save_principal: adding new key '%s' " + "to keyring %d for principal '%s'\n", + KRCC_SPEC_PRINC_KEYNAME, d->ring_id, + rc ? "<unknown>" : princname)); + if (rc == 0) + krb5_free_unparsed_name(context, princname); } #endif newkey = add_key(KRCC_KEY_TYPE_USER, KRCC_SPEC_PRINC_KEYNAME, payload, - payloadsize, d->ring_id); + payloadsize, d->ring_id); if (newkey < 0) { - kret = errno; - DEBUG_PRINT(("Error adding principal key: %s\n", strerror(kret))); + kret = errno; + DEBUG_PRINT(("Error adding principal key: %s\n", strerror(kret))); } else { - d->princ_id = newkey; - kret = KRB5_OK; - krb5_krcc_update_change_time(d); + d->princ_id = newkey; + kret = KRB5_OK; + krb5_krcc_update_change_time(d); } - errout: +errout: free(payload); return kret; } static krb5_error_code krb5_krcc_retrieve_principal(krb5_context context, krb5_ccache id, - krb5_principal * princ) + krb5_principal * princ) { krb5_krcc_data *d = (krb5_krcc_data *) id->data; krb5_error_code kret; @@ -1175,28 +1176,28 @@ krb5_krcc_retrieve_principal(krb5_context context, krb5_ccache id, kret = k5_cc_mutex_lock(context, &d->lock); if (kret) - return kret; + return kret; if (!d->princ_id) { - princ = 0L; - kret = KRB5_FCC_NOFILE; - goto errout; + princ = 0L; + kret = KRB5_FCC_NOFILE; + goto errout; } psize = keyctl_read_alloc(d->princ_id, &payload); if (psize == -1) { - DEBUG_PRINT(("Reading principal key %d: %s\n", - d->princ_id, strerror(errno))); - kret = KRB5_CC_IO; - goto errout; + DEBUG_PRINT(("Reading principal key %d: %s\n", + d->princ_id, strerror(errno))); + kret = KRB5_CC_IO; + goto errout; } bc.bpp = payload; bc.endp = (char *)payload + psize; kret = krb5_krcc_parse_principal(context, id, princ, &bc); - errout: +errout: if (payload) - free(payload); + free(payload); k5_cc_mutex_unlock(context, &d->lock); return kret; } @@ -1212,7 +1213,7 @@ krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p) DEBUG_PRINT(("krb5_krcc_get_ring_ids: entered\n")); if (!p) - return EINVAL; + return EINVAL; /* Use the defaults in case we find no ids key */ p->session = KEY_SPEC_SESSION_KEYRING; @@ -1226,29 +1227,29 @@ krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p) */ ids_key = request_key(KRCC_KEY_TYPE_USER, KRCC_SPEC_IDS_KEYNAME, NULL, 0); if (ids_key < 0) - goto out; + goto out; DEBUG_PRINT(("krb5_krcc_get_ring_ids: processing '%s' key %d\n", - KRCC_SPEC_IDS_KEYNAME, ids_key)); + KRCC_SPEC_IDS_KEYNAME, ids_key)); /* * Read and parse the ids file */ memset(ids_buf, '\0', sizeof(ids_buf)); val = keyctl_read(ids_key, ids_buf, sizeof(ids_buf)); if (val > sizeof(ids_buf)) - goto out; + goto out; val = sscanf(ids_buf, "%d:%d:%d", &session, &process, &thread); if (val != 3) - goto out; + goto out; p->session = session; p->process = process; p->thread = thread; - out: +out: DEBUG_PRINT(("krb5_krcc_get_ring_ids: returning %d:%d:%d\n", - p->session, p->process, p->thread)); + p->session, p->process, p->thread)); return 0; } @@ -1273,12 +1274,12 @@ krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p) */ static krb5_error_code krb5_krcc_parse(krb5_context context, krb5_ccache id, krb5_pointer buf, - unsigned int len, krb5_krcc_bc * bc) + unsigned int len, krb5_krcc_bc * bc) { DEBUG_PRINT(("krb5_krcc_parse: entered\n")); if ((bc->endp == bc->bpp) || (bc->endp - bc->bpp) < len) - return KRB5_CC_END; + return KRB5_CC_END; memcpy(buf, bc->bpp, len); bc->bpp += len; @@ -1292,7 +1293,7 @@ krb5_krcc_parse(krb5_context context, krb5_ccache id, krb5_pointer buf, */ static krb5_error_code krb5_krcc_parse_cred(krb5_context context, krb5_ccache id, krb5_creds * creds, - char *payload, int psize) + char *payload, int psize) { krb5_error_code kret; krb5_octet octet; @@ -1337,27 +1338,27 @@ krb5_krcc_parse_cred(krb5_context context, krb5_ccache id, krb5_creds * creds, kret = KRB5_OK; goto out; - cleanticket: +cleanticket: memset(creds->ticket.data, 0, (unsigned) creds->ticket.length); free(creds->ticket.data); - cleanauthdata: +cleanauthdata: krb5_free_authdata(context, creds->authdata); - cleanaddrs: +cleanaddrs: krb5_free_addresses(context, creds->addresses); - cleanblock: +cleanblock: free(creds->keyblock.contents); - cleanserver: +cleanserver: krb5_free_principal(context, creds->server); - cleanclient: +cleanclient: krb5_free_principal(context, creds->client); - out: +out: return kret; } static krb5_error_code krb5_krcc_parse_principal(krb5_context context, krb5_ccache id, - krb5_principal * princ, krb5_krcc_bc * bc) + krb5_principal * princ, krb5_krcc_bc * bc) { krb5_error_code kret; register krb5_principal tmpprinc; @@ -1367,53 +1368,53 @@ krb5_krcc_parse_principal(krb5_context context, krb5_ccache id, /* Read principal type */ kret = krb5_krcc_parse_int32(context, id, &type, bc); if (kret != KRB5_OK) - return kret; + return kret; /* Read the number of components */ kret = krb5_krcc_parse_int32(context, id, &length, bc); if (kret != KRB5_OK) - return kret; + return kret; if (length < 0) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data)); if (tmpprinc == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; if (length) { - size_t msize = length; - if (msize != length) { - free(tmpprinc); - return KRB5_CC_NOMEM; - } - tmpprinc->data = ALLOC(msize, krb5_data); - if (tmpprinc->data == 0) { - free(tmpprinc); - return KRB5_CC_NOMEM; - } + size_t msize = length; + if (msize != length) { + free(tmpprinc); + return KRB5_CC_NOMEM; + } + tmpprinc->data = ALLOC(msize, krb5_data); + if (tmpprinc->data == 0) { + free(tmpprinc); + return KRB5_CC_NOMEM; + } } else - tmpprinc->data = 0; + tmpprinc->data = 0; tmpprinc->magic = KV5M_PRINCIPAL; tmpprinc->length = length; tmpprinc->type = type; kret = krb5_krcc_parse_krb5data(context, id, - krb5_princ_realm(context, tmpprinc), bc); + krb5_princ_realm(context, tmpprinc), bc); i = 0; CHECK(kret); for (i = 0; i < length; i++) { - kret = krb5_krcc_parse_krb5data(context, id, - krb5_princ_component(context, tmpprinc, - i), bc); - CHECK(kret); + kret = krb5_krcc_parse_krb5data(context, id, + krb5_princ_component(context, tmpprinc, + i), bc); + CHECK(kret); } *princ = tmpprinc; return KRB5_OK; - errout: +errout: while (--i >= 0) - free(krb5_princ_component(context, tmpprinc, i)->data); + free(krb5_princ_component(context, tmpprinc, i)->data); free(krb5_princ_realm(context, tmpprinc)->data); free(tmpprinc->data); free(tmpprinc); @@ -1422,7 +1423,7 @@ krb5_krcc_parse_principal(krb5_context context, krb5_ccache id, static krb5_error_code krb5_krcc_parse_keyblock(krb5_context context, krb5_ccache id, - krb5_keyblock * keyblock, krb5_krcc_bc * bc) + krb5_keyblock * keyblock, krb5_krcc_bc * bc) { krb5_error_code kret; krb5_ui_2 ui2; @@ -1438,31 +1439,31 @@ krb5_krcc_parse_keyblock(krb5_context context, krb5_ccache id, kret = krb5_krcc_parse_int32(context, id, &int32, bc); CHECK(kret); if (int32 < 0) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; keyblock->length = int32; /* Overflow check. */ if (keyblock->length != int32) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; if (keyblock->length == 0) - return KRB5_OK; + return KRB5_OK; keyblock->contents = ALLOC(keyblock->length, krb5_octet); if (keyblock->contents == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; kret = krb5_krcc_parse(context, id, keyblock->contents, - keyblock->length, bc); + keyblock->length, bc); CHECK(kret); return KRB5_OK; - errout: +errout: if (keyblock->contents) - free(keyblock->contents); + free(keyblock->contents); return kret; } static krb5_error_code krb5_krcc_parse_times(krb5_context context, krb5_ccache id, - krb5_ticket_times * t, krb5_krcc_bc * bc) + krb5_ticket_times * t, krb5_krcc_bc * bc) { krb5_error_code kret; krb5_int32 i; @@ -1484,13 +1485,13 @@ krb5_krcc_parse_times(krb5_context context, krb5_ccache id, t->renew_till = i; return 0; - errout: +errout: return kret; } static krb5_error_code krb5_krcc_parse_krb5data(krb5_context context, krb5_ccache id, - krb5_data * data, krb5_krcc_bc * bc) + krb5_data * data, krb5_krcc_bc * bc) { krb5_error_code kret; krb5_int32 len; @@ -1501,56 +1502,56 @@ krb5_krcc_parse_krb5data(krb5_context context, krb5_ccache id, kret = krb5_krcc_parse_int32(context, id, &len, bc); CHECK(kret); if (len < 0) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; data->length = len; if (data->length != len || data->length + 1 == 0) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; if (data->length == 0) { - data->data = 0; - return KRB5_OK; + data->data = 0; + return KRB5_OK; } data->data = (char *) malloc(data->length + 1); if (data->data == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; kret = krb5_krcc_parse(context, id, data->data, (unsigned) data->length, - bc); + bc); CHECK(kret); - data->data[data->length] = 0; /* Null terminate, just in case.... */ + data->data[data->length] = 0; /* Null terminate, just in case.... */ return KRB5_OK; - errout: +errout: if (data->data) - free(data->data); + free(data->data); return kret; } static krb5_error_code krb5_krcc_parse_int32(krb5_context context, krb5_ccache id, krb5_int32 * i, - krb5_krcc_bc * bc) + krb5_krcc_bc * bc) { krb5_error_code kret; unsigned char buf[4]; kret = krb5_krcc_parse(context, id, buf, 4, bc); if (kret) - return kret; + return kret; *i = load_32_be(buf); return 0; } static krb5_error_code krb5_krcc_parse_octet(krb5_context context, krb5_ccache id, krb5_octet * i, - krb5_krcc_bc * bc) + krb5_krcc_bc * bc) { return krb5_krcc_parse(context, id, (krb5_pointer) i, 1, bc); } static krb5_error_code krb5_krcc_parse_addrs(krb5_context context, krb5_ccache id, - krb5_address *** addrs, krb5_krcc_bc * bc) + krb5_address *** addrs, krb5_krcc_bc * bc) { krb5_error_code kret; krb5_int32 length; @@ -1570,31 +1571,31 @@ krb5_krcc_parse_addrs(krb5_context context, krb5_ccache id, msize = length; msize += 1; if (msize == 0 || msize - 1 != length || length < 0) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; *addrs = ALLOC(msize, krb5_address *); if (*addrs == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; for (i = 0; i < length; i++) { - (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address)); - if ((*addrs)[i] == NULL) { - krb5_free_addresses(context, *addrs); - return KRB5_CC_NOMEM; - } - kret = krb5_krcc_parse_addr(context, id, (*addrs)[i], bc); - CHECK(kret); + (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address)); + if ((*addrs)[i] == NULL) { + krb5_free_addresses(context, *addrs); + return KRB5_CC_NOMEM; + } + kret = krb5_krcc_parse_addr(context, id, (*addrs)[i], bc); + CHECK(kret); } return KRB5_OK; - errout: +errout: if (*addrs) - krb5_free_addresses(context, *addrs); + krb5_free_addresses(context, *addrs); return kret; } static krb5_error_code krb5_krcc_parse_addr(krb5_context context, krb5_ccache id, krb5_address * addr, - krb5_krcc_bc * bc) + krb5_krcc_bc * bc) { krb5_error_code kret; krb5_ui_2 ui2; @@ -1609,36 +1610,36 @@ krb5_krcc_parse_addr(krb5_context context, krb5_ccache id, krb5_address * addr, kret = krb5_krcc_parse_int32(context, id, &int32, bc); CHECK(kret); - if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ - return KRB5_CC_NOMEM; + if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ + return KRB5_CC_NOMEM; addr->length = int32; /* * Length field is "unsigned int", which may be smaller * than 32 bits. */ if (addr->length != int32) - return KRB5_CC_NOMEM; /* XXX */ + return KRB5_CC_NOMEM; /* XXX */ if (addr->length == 0) - return KRB5_OK; + return KRB5_OK; addr->contents = (krb5_octet *) malloc(addr->length); if (addr->contents == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; kret = krb5_krcc_parse(context, id, addr->contents, addr->length, bc); CHECK(kret); return KRB5_OK; - errout: +errout: if (addr->contents) - free(addr->contents); + free(addr->contents); return kret; } static krb5_error_code krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id, - krb5_authdata *** a, krb5_krcc_bc * bc) + krb5_authdata *** a, krb5_krcc_bc * bc) { krb5_error_code kret; krb5_int32 length; @@ -1652,7 +1653,7 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id, CHECK(kret); if (length == 0) - return KRB5_OK; + return KRB5_OK; /* * Make *a able to hold length pointers to krb5_authdata structs @@ -1661,34 +1662,34 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id, msize = length; msize += 1; if (msize == 0 || msize - 1 != length || length < 0) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; *a = ALLOC(msize, krb5_authdata *); if (*a == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; for (i = 0; i < length; i++) { - (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata)); - if ((*a)[i] == NULL) { - krb5_free_authdata(context, *a); - *a = NULL; - return KRB5_CC_NOMEM; - } - kret = krb5_krcc_parse_authdatum(context, id, (*a)[i], bc); - CHECK(kret); + (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata)); + if ((*a)[i] == NULL) { + krb5_free_authdata(context, *a); + *a = NULL; + return KRB5_CC_NOMEM; + } + kret = krb5_krcc_parse_authdatum(context, id, (*a)[i], bc); + CHECK(kret); } return KRB5_OK; - errout: +errout: if (*a) { - krb5_free_authdata(context, *a); - *a = NULL; + krb5_free_authdata(context, *a); + *a = NULL; } return kret; } static krb5_error_code krb5_krcc_parse_authdatum(krb5_context context, krb5_ccache id, - krb5_authdata * a, krb5_krcc_bc * bc) + krb5_authdata * a, krb5_krcc_bc * bc) { krb5_error_code kret; krb5_int32 int32; @@ -1702,44 +1703,44 @@ krb5_krcc_parse_authdatum(krb5_context context, krb5_ccache id, a->ad_type = (krb5_authdatatype) ui2; kret = krb5_krcc_parse_int32(context, id, &int32, bc); CHECK(kret); - if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ - return KRB5_CC_NOMEM; + if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ + return KRB5_CC_NOMEM; a->length = int32; /* * Value could have gotten truncated if int is * smaller than 32 bits. */ if (a->length != int32) - return KRB5_CC_NOMEM; /* XXX */ + return KRB5_CC_NOMEM; /* XXX */ if (a->length == 0) - return KRB5_OK; + return KRB5_OK; a->contents = (krb5_octet *) malloc(a->length); if (a->contents == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; kret = krb5_krcc_parse(context, id, a->contents, a->length, bc); CHECK(kret); return KRB5_OK; - errout: +errout: if (a->contents) - free(a->contents); + free(a->contents); return kret; } static krb5_error_code krb5_krcc_parse_ui_2(krb5_context context, krb5_ccache id, krb5_ui_2 * i, - krb5_krcc_bc * bc) + krb5_krcc_bc * bc) { krb5_error_code kret; unsigned char buf[2]; kret = krb5_krcc_parse(context, id, buf, 2, bc); if (kret) - return kret; + return kret; *i = load_16_be(buf); return 0; } @@ -1758,10 +1759,10 @@ krb5_krcc_parse_ui_2(krb5_context context, krb5_ccache id, krb5_ui_2 * i, */ static krb5_error_code krb5_krcc_unparse(krb5_context context, krb5_ccache id, krb5_pointer buf, - unsigned int len, krb5_krcc_bc * bc) + unsigned int len, krb5_krcc_bc * bc) { if (bc->bpp + len > bc->endp) - return KRB5_CC_WRITE; + return KRB5_CC_WRITE; memcpy(bc->bpp, buf, len); bc->bpp += len; @@ -1771,7 +1772,7 @@ krb5_krcc_unparse(krb5_context context, krb5_ccache id, krb5_pointer buf, static krb5_error_code krb5_krcc_unparse_principal(krb5_context context, krb5_ccache id, - krb5_principal princ, krb5_krcc_bc * bc) + krb5_principal princ, krb5_krcc_bc * bc) { krb5_error_code kret; krb5_int32 i, length, tmp, type; @@ -1786,14 +1787,14 @@ krb5_krcc_unparse_principal(krb5_context context, krb5_ccache id, CHECK_OUT(kret); kret = krb5_krcc_unparse_krb5data(context, id, - krb5_princ_realm(context, princ), bc); + krb5_princ_realm(context, princ), bc); CHECK_OUT(kret); for (i = 0; i < length; i++) { - kret = krb5_krcc_unparse_krb5data(context, id, - krb5_princ_component(context, princ, - i), bc); - CHECK_OUT(kret); + kret = krb5_krcc_unparse_krb5data(context, id, + krb5_princ_component(context, princ, + i), bc); + CHECK_OUT(kret); } return KRB5_OK; @@ -1801,7 +1802,7 @@ krb5_krcc_unparse_principal(krb5_context context, krb5_ccache id, static krb5_error_code krb5_krcc_unparse_keyblock(krb5_context context, krb5_ccache id, - krb5_keyblock * keyblock, krb5_krcc_bc * bc) + krb5_keyblock * keyblock, krb5_krcc_bc * bc) { krb5_error_code kret; @@ -1810,12 +1811,12 @@ krb5_krcc_unparse_keyblock(krb5_context context, krb5_ccache id, kret = krb5_krcc_unparse_ui_4(context, id, keyblock->length, bc); CHECK_OUT(kret); return krb5_krcc_unparse(context, id, (char *) keyblock->contents, - keyblock->length, bc); + keyblock->length, bc); } static krb5_error_code krb5_krcc_unparse_times(krb5_context context, krb5_ccache id, - krb5_ticket_times * t, krb5_krcc_bc * bc) + krb5_ticket_times * t, krb5_krcc_bc * bc) { krb5_error_code kret; @@ -1832,7 +1833,7 @@ krb5_krcc_unparse_times(krb5_context context, krb5_ccache id, static krb5_error_code krb5_krcc_unparse_krb5data(krb5_context context, krb5_ccache id, - krb5_data * data, krb5_krcc_bc * bc) + krb5_data * data, krb5_krcc_bc * bc) { krb5_error_code kret; @@ -1843,14 +1844,14 @@ krb5_krcc_unparse_krb5data(krb5_context context, krb5_ccache id, static krb5_error_code krb5_krcc_unparse_int32(krb5_context context, krb5_ccache id, krb5_int32 i, - krb5_krcc_bc * bc) + krb5_krcc_bc * bc) { return krb5_krcc_unparse_ui_4(context, id, (krb5_ui_4) i, bc); } static krb5_error_code krb5_krcc_unparse_octet(krb5_context context, krb5_ccache id, krb5_int32 i, - krb5_krcc_bc * bc) + krb5_krcc_bc * bc) { krb5_octet ibuf; @@ -1860,7 +1861,7 @@ krb5_krcc_unparse_octet(krb5_context context, krb5_ccache id, krb5_int32 i, static krb5_error_code krb5_krcc_unparse_addrs(krb5_context context, krb5_ccache id, - krb5_address ** addrs, krb5_krcc_bc * bc) + krb5_address ** addrs, krb5_krcc_bc * bc) { krb5_error_code kret; krb5_address **temp; @@ -1868,16 +1869,16 @@ krb5_krcc_unparse_addrs(krb5_context context, krb5_ccache id, /* Count the number of components */ if (addrs) { - temp = addrs; - while (*temp++) - length += 1; + temp = addrs; + while (*temp++) + length += 1; } kret = krb5_krcc_unparse_int32(context, id, length, bc); CHECK_OUT(kret); for (i = 0; i < length; i++) { - kret = krb5_krcc_unparse_addr(context, id, addrs[i], bc); - CHECK_OUT(kret); + kret = krb5_krcc_unparse_addr(context, id, addrs[i], bc); + CHECK_OUT(kret); } return KRB5_OK; @@ -1885,7 +1886,7 @@ krb5_krcc_unparse_addrs(krb5_context context, krb5_ccache id, static krb5_error_code krb5_krcc_unparse_addr(krb5_context context, krb5_ccache id, - krb5_address * addr, krb5_krcc_bc * bc) + krb5_address * addr, krb5_krcc_bc * bc) { krb5_error_code kret; @@ -1894,34 +1895,34 @@ krb5_krcc_unparse_addr(krb5_context context, krb5_ccache id, kret = krb5_krcc_unparse_ui_4(context, id, addr->length, bc); CHECK_OUT(kret); return krb5_krcc_unparse(context, id, (char *) addr->contents, - addr->length, bc); + addr->length, bc); } static krb5_error_code krb5_krcc_unparse_authdata(krb5_context context, krb5_ccache id, - krb5_authdata ** a, krb5_krcc_bc * bc) + krb5_authdata ** a, krb5_krcc_bc * bc) { krb5_error_code kret; krb5_authdata **temp; krb5_int32 i, length = 0; if (a != NULL) { - for (temp = a; *temp; temp++) - length++; + for (temp = a; *temp; temp++) + length++; } kret = krb5_krcc_unparse_int32(context, id, length, bc); CHECK_OUT(kret); for (i = 0; i < length; i++) { - kret = krb5_krcc_unparse_authdatum(context, id, a[i], bc); - CHECK_OUT(kret); + kret = krb5_krcc_unparse_authdatum(context, id, a[i], bc); + CHECK_OUT(kret); } return KRB5_OK; } static krb5_error_code krb5_krcc_unparse_authdatum(krb5_context context, krb5_ccache id, - krb5_authdata * a, krb5_krcc_bc * bc) + krb5_authdata * a, krb5_krcc_bc * bc) { krb5_error_code kret; @@ -1930,12 +1931,12 @@ krb5_krcc_unparse_authdatum(krb5_context context, krb5_ccache id, kret = krb5_krcc_unparse_ui_4(context, id, a->length, bc); CHECK_OUT(kret); return krb5_krcc_unparse(context, id, (krb5_pointer) a->contents, - a->length, bc); + a->length, bc); } static krb5_error_code krb5_krcc_unparse_ui_4(krb5_context context, krb5_ccache id, krb5_ui_4 i, - krb5_krcc_bc * bc) + krb5_krcc_bc * bc) { unsigned char buf[4]; @@ -1945,7 +1946,7 @@ krb5_krcc_unparse_ui_4(krb5_context context, krb5_ccache id, krb5_ui_4 i, static krb5_error_code krb5_krcc_unparse_ui_2(krb5_context context, krb5_ccache id, krb5_int32 i, - krb5_krcc_bc * bc) + krb5_krcc_bc * bc) { unsigned char buf[2]; @@ -1967,21 +1968,21 @@ krb5_krcc_unparse_ui_2(krb5_context context, krb5_ccache id, krb5_int32 i, */ static krb5_error_code krb5_krcc_unparse_cred(krb5_context context, krb5_ccache id, - krb5_creds * creds, char **datapp, unsigned int *lenptr) + krb5_creds * creds, char **datapp, unsigned int *lenptr) { krb5_error_code kret; char *buf; krb5_krcc_bc bc; if (!creds || !datapp || !lenptr) - return EINVAL; + return EINVAL; *datapp = NULL; *lenptr = 0; buf = malloc(GUESS_CRED_SIZE); if (buf == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; bc.bpp = buf; bc.endp = buf + GUESS_CRED_SIZE; @@ -1999,7 +2000,7 @@ krb5_krcc_unparse_cred(krb5_context context, krb5_ccache id, CHECK_N_GO(kret, errout); kret = krb5_krcc_unparse_octet(context, id, (krb5_int32) creds->is_skey, - &bc); + &bc); CHECK_N_GO(kret, errout); kret = krb5_krcc_unparse_int32(context, id, creds->ticket_flags, &bc); @@ -2022,23 +2023,23 @@ krb5_krcc_unparse_cred(krb5_context context, krb5_ccache id, *lenptr = bc.bpp - buf; kret = KRB5_OK; - errout: +errout: return kret; } /* - * Utility routine: called by krb5_krcc_* functions to keep + * Utility routine: called by krb5_krcc_* functions to keep * result of krb5_krcc_last_change_time up to date. - * Value monotonically increases -- based on but not guaranteed to be actual + * Value monotonically increases -- based on but not guaranteed to be actual * system time. */ static void krb5_krcc_update_change_time(krb5_krcc_data *d) { - krb5_timestamp now_time = time(NULL); - d->changetime = (d->changetime >= now_time) ? - d->changetime + 1 : now_time; + krb5_timestamp now_time = time(NULL); + d->changetime = (d->changetime >= now_time) ? + d->changetime + 1 : now_time; } @@ -2065,7 +2066,7 @@ const krb5_cc_ops krb5_krcc_ops = { krb5_krcc_end_seq_get, krb5_krcc_remove_cred, krb5_krcc_set_flags, - krb5_krcc_get_flags, /* added after 1.4 release */ + krb5_krcc_get_flags, /* added after 1.4 release */ NULL, NULL, NULL, @@ -2098,7 +2099,7 @@ const krb5_cc_ops krb5_krcc_ops = { NULL, NULL, NULL, - NULL, /* added after 1.4 release */ + NULL, /* added after 1.4 release */ NULL, NULL, NULL, @@ -2108,4 +2109,4 @@ const krb5_cc_ops krb5_krcc_ops = { NULL, NULL, }; -#endif /* USE_KEYRING_CCACHE */ +#endif /* USE_KEYRING_CCACHE */ diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c index 076f7eb..578b5dd 100644 --- a/src/lib/krb5/ccache/cc_memory.c +++ b/src/lib/krb5/ccache/cc_memory.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/cc_memory.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * implementation of memory-based credentials cache */ @@ -30,68 +31,68 @@ #include <errno.h> static krb5_error_code KRB5_CALLCONV krb5_mcc_close - (krb5_context, krb5_ccache id ); +(krb5_context, krb5_ccache id ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_destroy - (krb5_context, krb5_ccache id ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_destroy +(krb5_context, krb5_ccache id ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_end_seq_get - (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_end_seq_get +(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_generate_new - (krb5_context, krb5_ccache *id ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_generate_new +(krb5_context, krb5_ccache *id ); -static const char * KRB5_CALLCONV krb5_mcc_get_name - (krb5_context, krb5_ccache id ); +static const char * KRB5_CALLCONV krb5_mcc_get_name +(krb5_context, krb5_ccache id ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_get_principal - (krb5_context, krb5_ccache id , krb5_principal *princ ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_get_principal +(krb5_context, krb5_ccache id , krb5_principal *princ ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_initialize - (krb5_context, krb5_ccache id , krb5_principal princ ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_initialize +(krb5_context, krb5_ccache id , krb5_principal princ ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_next_cred - (krb5_context, - krb5_ccache id , - krb5_cc_cursor *cursor , - krb5_creds *creds ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_next_cred +(krb5_context, + krb5_ccache id , + krb5_cc_cursor *cursor , + krb5_creds *creds ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_resolve - (krb5_context, krb5_ccache *id , const char *residual ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_resolve +(krb5_context, krb5_ccache *id , const char *residual ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_retrieve - (krb5_context, - krb5_ccache id , - krb5_flags whichfields , - krb5_creds *mcreds , - krb5_creds *creds ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_retrieve +(krb5_context, + krb5_ccache id , + krb5_flags whichfields , + krb5_creds *mcreds , + krb5_creds *creds ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_start_seq_get - (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_start_seq_get +(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_store - (krb5_context, krb5_ccache id , krb5_creds *creds ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_store +(krb5_context, krb5_ccache id , krb5_creds *creds ); -static krb5_error_code KRB5_CALLCONV krb5_mcc_set_flags - (krb5_context, krb5_ccache id , krb5_flags flags ); +static krb5_error_code KRB5_CALLCONV krb5_mcc_set_flags +(krb5_context, krb5_ccache id , krb5_flags flags ); static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_new - (krb5_context, krb5_cc_ptcursor *); +(krb5_context, krb5_cc_ptcursor *); static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_next - (krb5_context, krb5_cc_ptcursor, krb5_ccache *); +(krb5_context, krb5_cc_ptcursor, krb5_ccache *); static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_free - (krb5_context, krb5_cc_ptcursor *); +(krb5_context, krb5_cc_ptcursor *); static krb5_error_code KRB5_CALLCONV krb5_mcc_last_change_time - (krb5_context, krb5_ccache, krb5_timestamp *); +(krb5_context, krb5_ccache, krb5_timestamp *); static krb5_error_code KRB5_CALLCONV krb5_mcc_lock - (krb5_context context, krb5_ccache id); +(krb5_context context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_mcc_unlock - (krb5_context context, krb5_ccache id); +(krb5_context context, krb5_ccache id); extern const krb5_cc_ops krb5_mcc_ops; @@ -146,7 +147,7 @@ static void krb5_mcc_free (krb5_context context, krb5_ccache id); krb5_error_code KRB5_CALLCONV krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) { - krb5_error_code ret; + krb5_error_code ret; krb5_mcc_data *d; d = (krb5_mcc_data *)id->data; @@ -155,10 +156,10 @@ krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) return ret; krb5_mcc_free(context, id); - + d = (krb5_mcc_data *)id->data; ret = krb5_copy_principal(context, princ, - &d->prin); + &d->prin); update_mcc_change_time(d); k5_cc_mutex_unlock(context, &d->lock); @@ -178,8 +179,8 @@ krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) krb5_error_code KRB5_CALLCONV krb5_mcc_close(krb5_context context, krb5_ccache id) { - free(id); - return KRB5_OK; + free(id); + return KRB5_OK; } static void @@ -190,10 +191,10 @@ krb5_mcc_free(krb5_context context, krb5_ccache id) d = (krb5_mcc_data *) id->data; for (curr = d->link; curr;) { - krb5_free_creds(context, curr->creds); - next = curr->next; - free(curr); - curr = next; + krb5_free_creds(context, curr->creds); + next = curr->next; + free(curr); + curr = next; } d->link = NULL; krb5_free_principal(context, d->prin); @@ -215,16 +216,16 @@ krb5_mcc_destroy(krb5_context context, krb5_ccache id) err = k5_cc_mutex_lock(context, &krb5int_mcc_mutex); if (err) - return err; + return err; d = (krb5_mcc_data *)id->data; for (curr = &mcc_head; *curr; curr = &(*curr)->next) { - if ((*curr)->cache == d) { - node = *curr; - *curr = node->next; - free(node); - break; - } + if ((*curr)->cache == d) { + node = *curr; + *curr = node->next; + free(node); + break; + } } k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); @@ -236,7 +237,7 @@ krb5_mcc_destroy(krb5_context context, krb5_ccache id) free(d->name); k5_cc_mutex_unlock(context, &d->lock); k5_cc_mutex_destroy(&d->lock); - free(d); + free(d); free(id); krb5_change_cache (); @@ -249,11 +250,11 @@ krb5_mcc_destroy(krb5_context context, krb5_ccache id) * * Modifies: * id - * + * * Effects: - * creates or accesses a memory-based cred cache that is referenced by - * residual. - * + * creates or accesses a memory-based cred cache that is referenced by + * residual. + * * Returns: * A filled in krb5_ccache structure "id". * @@ -274,28 +275,28 @@ krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) err = k5_cc_mutex_lock(context, &krb5int_mcc_mutex); if (err) - return err; + return err; for (ptr = mcc_head; ptr; ptr=ptr->next) - if (!strcmp(ptr->cache->name, residual)) - break; + if (!strcmp(ptr->cache->name, residual)) + break; if (ptr) - d = ptr->cache; + d = ptr->cache; else { - err = new_mcc_data(residual, &d); - if (err) { - k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); - return err; - } + err = new_mcc_data(residual, &d); + if (err) { + k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); + return err; + } } k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); if (lid == NULL) - return KRB5_CC_NOMEM; - + return KRB5_CC_NOMEM; + lid->ops = &krb5_mcc_ops; lid->data = d; - *id = lid; + *id = lid; return KRB5_OK; } @@ -314,20 +315,20 @@ krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) */ krb5_error_code KRB5_CALLCONV krb5_mcc_start_seq_get(krb5_context context, krb5_ccache id, - krb5_cc_cursor *cursor) + krb5_cc_cursor *cursor) { - krb5_mcc_cursor mcursor; - krb5_error_code err; - krb5_mcc_data *d; - - d = id->data; - err = k5_cc_mutex_lock(context, &d->lock); - if (err) - return err; - mcursor = d->link; - k5_cc_mutex_unlock(context, &d->lock); - *cursor = (krb5_cc_cursor) mcursor; - return KRB5_OK; + krb5_mcc_cursor mcursor; + krb5_error_code err; + krb5_mcc_data *d; + + d = id->data; + err = k5_cc_mutex_lock(context, &d->lock); + if (err) + return err; + mcursor = d->link; + k5_cc_mutex_unlock(context, &d->lock); + *cursor = (krb5_cc_cursor) mcursor; + return KRB5_OK; } /* @@ -337,7 +338,7 @@ krb5_mcc_start_seq_get(krb5_context context, krb5_ccache id, * * Modifes: * cursor, creds - * + * * Effects: * Fills in creds with the "next" credentals structure from the cache * id. The actual order the creds are returned in is arbitrary. @@ -352,25 +353,25 @@ krb5_mcc_start_seq_get(krb5_context context, krb5_ccache id, */ krb5_error_code KRB5_CALLCONV krb5_mcc_next_cred(krb5_context context, krb5_ccache id, - krb5_cc_cursor *cursor, krb5_creds *creds) + krb5_cc_cursor *cursor, krb5_creds *creds) { - krb5_mcc_cursor mcursor; - krb5_error_code retval; - - /* Once the node in the linked list is created, it's never - modified, so we don't need to worry about locking here. (Note - that we don't support _remove_cred.) */ - mcursor = (krb5_mcc_cursor) *cursor; - if (mcursor == NULL) - return KRB5_CC_END; - memset(creds, 0, sizeof(krb5_creds)); - if (mcursor->creds) { - retval = krb5int_copy_creds_contents(context, mcursor->creds, creds); - if (retval) - return retval; - } - *cursor = (krb5_cc_cursor)mcursor->next; - return KRB5_OK; + krb5_mcc_cursor mcursor; + krb5_error_code retval; + + /* Once the node in the linked list is created, it's never + modified, so we don't need to worry about locking here. (Note + that we don't support _remove_cred.) */ + mcursor = (krb5_mcc_cursor) *cursor; + if (mcursor == NULL) + return KRB5_CC_END; + memset(creds, 0, sizeof(krb5_creds)); + if (mcursor->creds) { + retval = krb5int_copy_creds_contents(context, mcursor->creds, creds); + if (retval) + return retval; + } + *cursor = (krb5_cc_cursor)mcursor->next; + return KRB5_OK; } /* @@ -389,8 +390,8 @@ krb5_mcc_next_cred(krb5_context context, krb5_ccache id, krb5_error_code KRB5_CALLCONV krb5_mcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { - *cursor = 0L; - return KRB5_OK; + *cursor = 0L; + return KRB5_OK; } /* Utility routine: Creates the back-end data for a memory cache, and @@ -406,19 +407,19 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr) d = malloc(sizeof(krb5_mcc_data)); if (d == NULL) - return KRB5_CC_NOMEM; - + return KRB5_CC_NOMEM; + err = k5_cc_mutex_init(&d->lock); if (err) { - free(d); - return err; + free(d); + return err; } d->name = strdup(name); if (d->name == NULL) { - k5_cc_mutex_destroy(&d->lock); - free(d); - return KRB5_CC_NOMEM; + k5_cc_mutex_destroy(&d->lock); + free(d); + return KRB5_CC_NOMEM; } d->link = NULL; d->prin = NULL; @@ -427,10 +428,10 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr) n = malloc(sizeof(krb5_mcc_list_node)); if (n == NULL) { - free(d->name); - k5_cc_mutex_destroy(&d->lock); - free(d); - return KRB5_CC_NOMEM; + free(d->name); + k5_cc_mutex_destroy(&d->lock); + free(d); + return KRB5_CC_NOMEM; } n->cache = d; @@ -445,7 +446,7 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr) * Effects: * Creates a new memory cred cache whose name is guaranteed to be * unique. The name begins with the string TKT_ROOT (from mcc.h). - * + * * Returns: * The filled in krb5_ccache id. * @@ -466,41 +467,41 @@ krb5_mcc_generate_new (krb5_context context, krb5_ccache *id) /* Allocate memory */ lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)); if (lid == NULL) - return KRB5_CC_NOMEM; + return KRB5_CC_NOMEM; lid->ops = &krb5_mcc_ops; - + err = k5_cc_mutex_lock(context, &krb5int_mcc_mutex); if (err) { - free(lid); - return err; + free(lid); + return err; } - + /* Check for uniqueness with mutex locked to avoid race conditions */ while (1) { krb5_mcc_list_node *ptr; err = krb5int_random_string (context, uniquename, sizeof (uniquename)); if (err) { - k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); - free(lid); - return err; + k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); + free(lid); + return err; } - - for (ptr = mcc_head; ptr; ptr=ptr->next) { + + for (ptr = mcc_head; ptr; ptr=ptr->next) { if (!strcmp(ptr->cache->name, uniquename)) { - break; /* got a match, loop again */ + break; /* got a match, loop again */ } - } + } if (!ptr) break; /* got to the end without finding a match */ } - + err = new_mcc_data(uniquename, &d); k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); if (err) { - free(lid); - return err; + free(lid); + return err; } lid->data = d; *id = lid; @@ -508,8 +509,8 @@ krb5_mcc_generate_new (krb5_context context, krb5_ccache *id) return KRB5_OK; } -/* Utility routine: Creates a random memory ccache name. - * This algorithm was selected because it creates readable +/* Utility routine: Creates a random memory ccache name. + * This algorithm was selected because it creates readable * random ccache names in a fixed size buffer. */ krb5_error_code @@ -520,19 +521,19 @@ krb5int_random_string (krb5_context context, char *string, unsigned int length) krb5_error_code err = 0; unsigned char *bytes = NULL; unsigned int bytecount = length - 1; - + if (!err) { bytes = malloc (bytecount); if (bytes == NULL) { err = ENOMEM; } } - + if (!err) { krb5_data data; data.length = bytecount; data.data = (char *) bytes; err = krb5_c_random_make_octets (context, &data); } - + if (!err) { unsigned int i; for (i = 0; i < bytecount; i++) { @@ -540,23 +541,23 @@ krb5int_random_string (krb5_context context, char *string, unsigned int length) } string[length - 1] = '\0'; } - + if (bytes != NULL) { free (bytes); } - + return err; } /* * Requires: * id is a file credential cache - * + * * Returns: * A pointer to the name of the file cred cache id. */ const char * KRB5_CALLCONV krb5_mcc_get_name (krb5_context context, krb5_ccache id) { - return (char *) ((krb5_mcc_data *) id->data)->name; + return (char *) ((krb5_mcc_data *) id->data)->name; } /* @@ -575,25 +576,25 @@ krb5_mcc_get_name (krb5_context context, krb5_ccache id) krb5_error_code KRB5_CALLCONV krb5_mcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) { - krb5_mcc_data *ptr = (krb5_mcc_data *)id->data; - if (!ptr->prin) { + krb5_mcc_data *ptr = (krb5_mcc_data *)id->data; + if (!ptr->prin) { *princ = 0L; return KRB5_FCC_NOFILE; - } - return krb5_copy_principal(context, ptr->prin, princ); + } + return krb5_copy_principal(context, ptr->prin, princ); } krb5_error_code KRB5_CALLCONV krb5_mcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, - krb5_creds *mcreds, krb5_creds *creds) + krb5_creds *mcreds, krb5_creds *creds) { return krb5_cc_retrieve_cred_default (context, id, whichfields, - mcreds, creds); + mcreds, creds); } -/* +/* * Non-functional stub implementation for krb5_mcc_remove - * + * * Errors: * KRB5_CC_NOSUPP - not implemented */ @@ -612,7 +613,7 @@ krb5_mcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, * * Modifies: * id - * + * * Effects: * Sets the operational flags of id to flags. */ @@ -649,13 +650,13 @@ krb5_mcc_store(krb5_context ctx, krb5_ccache id, krb5_creds *creds) new_node = malloc(sizeof(krb5_mcc_link)); if (new_node == NULL) - return ENOMEM; + return ENOMEM; err = krb5_copy_creds(ctx, creds, &new_node->creds); if (err) - goto cleanup; + goto cleanup; err = k5_cc_mutex_lock(ctx, &mptr->lock); if (err) - goto cleanup; + goto cleanup; new_node->next = mptr->link; mptr->link = new_node; update_mcc_change_time(mptr); @@ -679,25 +680,25 @@ krb5_mcc_ptcursor_new( n = malloc(sizeof(*n)); if (n == NULL) - return ENOMEM; + return ENOMEM; n->ops = &krb5_mcc_ops; cdata = malloc(sizeof(struct krb5_mcc_ptcursor_data)); if (cdata == NULL) { - ret = ENOMEM; - goto errout; + ret = ENOMEM; + goto errout; } n->data = cdata; ret = k5_cc_mutex_lock(context, &krb5int_mcc_mutex); if (ret) - goto errout; + goto errout; cdata->cur = mcc_head; ret = k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); if (ret) - goto errout; + goto errout; errout: if (ret) { - krb5_mcc_ptcursor_free(context, &n); + krb5_mcc_ptcursor_free(context, &n); } *cursor = n; return ret; @@ -715,25 +716,25 @@ krb5_mcc_ptcursor_next( *ccache = NULL; cdata = cursor->data; if (cdata->cur == NULL) - return 0; + return 0; *ccache = malloc(sizeof(**ccache)); if (*ccache == NULL) - return ENOMEM; + return ENOMEM; (*ccache)->ops = &krb5_mcc_ops; (*ccache)->data = cdata->cur->cache; ret = k5_cc_mutex_lock(context, &krb5int_mcc_mutex); if (ret) - goto errout; + goto errout; cdata->cur = cdata->cur->next; ret = k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); if (ret) - goto errout; + goto errout; errout: if (ret && *ccache != NULL) { - free(*ccache); - *ccache = NULL; + free(*ccache); + *ccache = NULL; } return ret; } @@ -744,25 +745,25 @@ krb5_mcc_ptcursor_free( krb5_cc_ptcursor *cursor) { if (*cursor == NULL) - return 0; + return 0; if ((*cursor)->data != NULL) - free((*cursor)->data); + free((*cursor)->data); free(*cursor); *cursor = NULL; return 0; } -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_mcc_last_change_time( krb5_context context, - krb5_ccache id, + krb5_ccache id, krb5_timestamp *change_time) { krb5_error_code ret = 0; krb5_mcc_data *data = (krb5_mcc_data *) id->data; - + *change_time = 0; - + ret = k5_cc_mutex_lock(context, &data->lock); if (!ret) { *change_time = data->changetime; @@ -773,19 +774,19 @@ krb5_mcc_last_change_time( } /* - Utility routine: called by krb5_mcc_* functions to keep - result of krb5_mcc_last_change_time up to date - */ + Utility routine: called by krb5_mcc_* functions to keep + result of krb5_mcc_last_change_time up to date +*/ static void update_mcc_change_time(krb5_mcc_data *d) { krb5_timestamp now_time = time(NULL); - d->changetime = (d->changetime >= now_time) ? - d->changetime + 1 : now_time; + d->changetime = (d->changetime >= now_time) ? + d->changetime + 1 : now_time; } -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_mcc_lock(krb5_context context, krb5_ccache id) { krb5_error_code ret = 0; @@ -794,7 +795,7 @@ krb5_mcc_lock(krb5_context context, krb5_ccache id) return ret; } -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_mcc_unlock(krb5_context context, krb5_ccache id) { krb5_error_code ret = 0; @@ -804,29 +805,29 @@ krb5_mcc_unlock(krb5_context context, krb5_ccache id) } const krb5_cc_ops krb5_mcc_ops = { - 0, - "MEMORY", - krb5_mcc_get_name, - krb5_mcc_resolve, - krb5_mcc_generate_new, - krb5_mcc_initialize, - krb5_mcc_destroy, - krb5_mcc_close, - krb5_mcc_store, - krb5_mcc_retrieve, - krb5_mcc_get_principal, - krb5_mcc_start_seq_get, - krb5_mcc_next_cred, - krb5_mcc_end_seq_get, - krb5_mcc_remove_cred, - krb5_mcc_set_flags, - krb5_mcc_get_flags, - krb5_mcc_ptcursor_new, - krb5_mcc_ptcursor_next, - krb5_mcc_ptcursor_free, - NULL, /* move */ - krb5_mcc_last_change_time, - NULL, /* wasdefault */ - krb5_mcc_lock, - krb5_mcc_unlock, + 0, + "MEMORY", + krb5_mcc_get_name, + krb5_mcc_resolve, + krb5_mcc_generate_new, + krb5_mcc_initialize, + krb5_mcc_destroy, + krb5_mcc_close, + krb5_mcc_store, + krb5_mcc_retrieve, + krb5_mcc_get_principal, + krb5_mcc_start_seq_get, + krb5_mcc_next_cred, + krb5_mcc_end_seq_get, + krb5_mcc_remove_cred, + krb5_mcc_set_flags, + krb5_mcc_get_flags, + krb5_mcc_ptcursor_new, + krb5_mcc_ptcursor_next, + krb5_mcc_ptcursor_free, + NULL, /* move */ + krb5_mcc_last_change_time, + NULL, /* wasdefault */ + krb5_mcc_lock, + krb5_mcc_unlock, }; diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index db74828..826794f 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/cc_mslsa.c * @@ -10,7 +11,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -24,11 +25,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * Copyright 2000 by Carnegie Mellon University * * All Rights Reserved - * + * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that @@ -37,7 +38,7 @@ * University not be used in advertising or publicity pertaining to * distribution of the software without specific, written prior * permission. - * + * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND * FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR @@ -88,63 +89,63 @@ #define MAX_MSG_SIZE 256 #define MAX_MSPRINC_SIZE 1024 -/* THREAD SAFETY - * The functions is_windows_2000(), is_windows_xp(), - * does_retrieve_ticket_cache_ticket() and does_query_ticket_cache_ex2() - * contain static variables to cache the responses of the tests being - * performed. There is no harm in the test being performed more than +/* THREAD SAFETY + * The functions is_windows_2000(), is_windows_xp(), + * does_retrieve_ticket_cache_ticket() and does_query_ticket_cache_ex2() + * contain static variables to cache the responses of the tests being + * performed. There is no harm in the test being performed more than * once since the result will always be the same. */ -static BOOL +static BOOL is_windows_2000 (void) { - static BOOL fChecked = FALSE; - static BOOL fIsWin2K = FALSE; + static BOOL fChecked = FALSE; + static BOOL fIsWin2K = FALSE; - if (!fChecked) - { - OSVERSIONINFO Version; + if (!fChecked) + { + OSVERSIONINFO Version; - memset (&Version, 0x00, sizeof(Version)); - Version.dwOSVersionInfoSize = sizeof(Version); + memset (&Version, 0x00, sizeof(Version)); + Version.dwOSVersionInfoSize = sizeof(Version); - if (GetVersionEx (&Version)) - { - if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && + if (GetVersionEx (&Version)) + { + if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && Version.dwMajorVersion >= 5) - fIsWin2K = TRUE; - } - fChecked = TRUE; - } + fIsWin2K = TRUE; + } + fChecked = TRUE; + } - return fIsWin2K; + return fIsWin2K; } -static BOOL +static BOOL is_windows_xp (void) { - static BOOL fChecked = FALSE; - static BOOL fIsWinXP = FALSE; + static BOOL fChecked = FALSE; + static BOOL fIsWinXP = FALSE; - if (!fChecked) - { - OSVERSIONINFO Version; + if (!fChecked) + { + OSVERSIONINFO Version; - memset (&Version, 0x00, sizeof(Version)); - Version.dwOSVersionInfoSize = sizeof(Version); + memset (&Version, 0x00, sizeof(Version)); + Version.dwOSVersionInfoSize = sizeof(Version); - if (GetVersionEx (&Version)) - { - if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && + if (GetVersionEx (&Version)) + { + if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && (Version.dwMajorVersion > 5 || Version.dwMajorVersion == 5 && Version.dwMinorVersion >= 1) ) - fIsWinXP = TRUE; - } - fChecked = TRUE; - } + fIsWinXP = TRUE; + } + fChecked = TRUE; + } - return fIsWinXP; + return fIsWinXP; } static BOOL @@ -155,17 +156,17 @@ is_windows_vista (void) if (!fChecked) { - OSVERSIONINFO Version; + OSVERSIONINFO Version; - memset (&Version, 0x00, sizeof(Version)); - Version.dwOSVersionInfoSize = sizeof(Version); + memset (&Version, 0x00, sizeof(Version)); + Version.dwOSVersionInfoSize = sizeof(Version); - if (GetVersionEx (&Version)) - { - if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && Version.dwMajorVersion >= 6) - fIsVista = TRUE; - } - fChecked = TRUE; + if (GetVersionEx (&Version)) + { + if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && Version.dwMajorVersion >= 6) + fIsVista = TRUE; + } + fChecked = TRUE; } return fIsVista; @@ -179,24 +180,24 @@ is_process_uac_limited (void) if (!fChecked) { - NTSTATUS Status = 0; - HANDLE TokenHandle; - DWORD ElevationLevel; - DWORD ReqLen; - BOOL Success; - - if (is_windows_vista()) { - Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle ); - if ( Success ) { - Success = GetTokenInformation( TokenHandle, - TokenOrigin+1 /* ElevationLevel */, - &ElevationLevel, sizeof(DWORD), &ReqLen ); - CloseHandle( TokenHandle ); - if ( Success && ElevationLevel == 3 /* Limited */ ) - fIsUAC = TRUE; - } - } - fChecked = TRUE; + NTSTATUS Status = 0; + HANDLE TokenHandle; + DWORD ElevationLevel; + DWORD ReqLen; + BOOL Success; + + if (is_windows_vista()) { + Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle ); + if ( Success ) { + Success = GetTokenInformation( TokenHandle, + TokenOrigin+1 /* ElevationLevel */, + &ElevationLevel, sizeof(DWORD), &ReqLen ); + CloseHandle( TokenHandle ); + if ( Success && ElevationLevel == 3 /* Limited */ ) + fIsUAC = TRUE; + } + } + fChecked = TRUE; } return fIsUAC; @@ -212,31 +213,31 @@ is_broken_wow64(void) if (!fChecked) { - BOOL isWow64 = FALSE; - OSVERSIONINFO Version; - HANDLE h1 = NULL; - LPFN_ISWOW64PROCESS fnIsWow64Process = NULL; - - h1 = GetModuleHandle(L"kernel32.dll"); - fnIsWow64Process = - (LPFN_ISWOW64PROCESS)GetProcAddress(h1, "IsWow64Process"); - - /* If we don't find the fnIsWow64Process function then we - * are not running in a broken Wow64 - */ - if (fnIsWow64Process) { - memset (&Version, 0x00, sizeof(Version)); - Version.dwOSVersionInfoSize = sizeof(Version); - - if (fnIsWow64Process(GetCurrentProcess(), &isWow64) && - GetVersionEx (&Version)) { - if (isWow64 && - Version.dwPlatformId == VER_PLATFORM_WIN32_NT && - Version.dwMajorVersion < 6) - fIsBrokenWow64 = TRUE; - } - } - fChecked = TRUE; + BOOL isWow64 = FALSE; + OSVERSIONINFO Version; + HANDLE h1 = NULL; + LPFN_ISWOW64PROCESS fnIsWow64Process = NULL; + + h1 = GetModuleHandle(L"kernel32.dll"); + fnIsWow64Process = + (LPFN_ISWOW64PROCESS)GetProcAddress(h1, "IsWow64Process"); + + /* If we don't find the fnIsWow64Process function then we + * are not running in a broken Wow64 + */ + if (fnIsWow64Process) { + memset (&Version, 0x00, sizeof(Version)); + Version.dwOSVersionInfoSize = sizeof(Version); + + if (fnIsWow64Process(GetCurrentProcess(), &isWow64) && + GetVersionEx (&Version)) { + if (isWow64 && + Version.dwPlatformId == VER_PLATFORM_WIN32_NT && + Version.dwMajorVersion < 6) + fIsBrokenWow64 = TRUE; + } + } + fChecked = TRUE; } return fIsBrokenWow64; @@ -244,7 +245,7 @@ is_broken_wow64(void) /* This flag is only supported by versions of Windows which have obtained * a code change from Microsoft. When the code change is installed, - * setting this flag will cause all retrieved credentials to be stored + * setting this flag will cause all retrieved credentials to be stored * in the LSA cache. */ #ifndef KERB_RETRIEVE_TICKET_CACHE_TICKET @@ -308,27 +309,27 @@ UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen) // Only supporting non-Unicode strings int reqLen = WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1, NULL, 0, NULL, NULL); - if ( reqLen > nOutStringLen) + if ( reqLen > nOutStringLen) { return FALSE; } else { - if (WideCharToMultiByte(CP_ACP, - /* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK, - (LPCWSTR) lpInputString, -1, - lpszOutputString, - nOutStringLen, NULL, NULL) == 0) - return FALSE; + if (WideCharToMultiByte(CP_ACP, + /* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK, + (LPCWSTR) lpInputString, -1, + lpszOutputString, + nOutStringLen, NULL, NULL) == 0) + return FALSE; } - } + } else { // Looks like unicode, better translate it - if (WideCharToMultiByte(CP_ACP, - /* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK, - (LPCWSTR) lpInputString, -1, - lpszOutputString, - nOutStringLen, NULL, NULL) == 0) - return FALSE; + if (WideCharToMultiByte(CP_ACP, + /* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK, + (LPCWSTR) lpInputString, -1, + lpszOutputString, + nOutStringLen, NULL, NULL) == 0) + return FALSE; } return TRUE; @@ -365,14 +366,14 @@ MITPrincToMSPrinc(krb5_context context, krb5_principal principal, UNICODE_STRING msprinc->Length = strlen(aname) * sizeof(WCHAR); if ( msprinc->Length <= msprinc->MaximumLength ) ANSIToUnicode(aname, msprinc->Buffer, msprinc->MaximumLength); - else + else msprinc->Length = 0; krb5_free_unparsed_name(context,aname); } } static BOOL -UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context context, +UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context context, krb5_principal *principal) { WCHAR princbuf[512]; @@ -385,14 +386,14 @@ UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context cont wcscat(princbuf, realm); if (UnicodeToANSI(princbuf, aname, sizeof(aname))) { if (krb5_parse_name(context, aname, principal) == 0) - return TRUE; + return TRUE; } return FALSE; } static BOOL -KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_context context, +KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_context context, krb5_principal *principal) { WCHAR princbuf[512],tmpbuf[128]; @@ -411,7 +412,7 @@ KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_conte wcscat(princbuf, realm); if (UnicodeToANSI(princbuf, aname, sizeof(aname))) { if (krb5_parse_name(context, aname, principal) == 0) - return TRUE; + return TRUE; } return FALSE; } @@ -451,16 +452,16 @@ static BOOL IsMSSessionKeyNull(KERB_CRYPTO_KEY *mskey) { DWORD i; - + if (is_process_uac_limited()) - return TRUE; + return TRUE; if (mskey->KeyType == KERB_ETYPE_NULL) - return TRUE; + return TRUE; for ( i=0; i<mskey->Length; i++ ) { - if (mskey->Value[i]) - return FALSE; + if (mskey->Value[i]) + return FALSE; } return TRUE; @@ -482,12 +483,12 @@ MSTicketToMITTicket(KERB_EXTERNAL_TICKET *msticket, krb5_context context, krb5_d tmpdata.length=msticket->EncodedTicketSize; tmpdata.data=msticket->EncodedTicket; - // this is ugly and will break krb5_free_data() + // this is ugly and will break krb5_free_data() // now that this is being done within the library it won't break krb5_free_data() rc = krb5_copy_data(context, &tmpdata, &newdata); if (rc) return FALSE; - + memcpy(ticket, newdata, sizeof(krb5_data)); free(newdata); return TRUE; @@ -496,7 +497,7 @@ MSTicketToMITTicket(KERB_EXTERNAL_TICKET *msticket, krb5_context context, krb5_d /* * PreserveInitialTicketIdentity() * - * This will find the "PreserveInitialTicketIdentity" key in the registry. + * This will find the "PreserveInitialTicketIdentity" key in the registry. * Returns 1 to preserve and 0 to not. */ @@ -520,7 +521,7 @@ PreserveInitialTicketIdentity(void) RegCloseKey(hKey); goto done; - syskey: +syskey: if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, key_path, 0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS) goto done; if (RegQueryValueExA(hKey, value_name, 0, &type, (LPBYTE)&retval, &size) != ERROR_SUCCESS) @@ -530,13 +531,13 @@ PreserveInitialTicketIdentity(void) } RegCloseKey(hKey); - done: +done: return retval; } static BOOL -MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, +MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, krb5_context context, krb5_creds *creds) { WCHAR wrealm[128]; @@ -555,7 +556,7 @@ MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, wrealm[msticket->DomainName.Length/sizeof(WCHAR)]=0; if (!KerbExternalNameToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server)) return FALSE; - MSSessionKeyToMITKeyblock(&msticket->SessionKey, context, + MSSessionKeyToMITKeyblock(&msticket->SessionKey, context, &creds->keyblock); MSFlagsToMITFlags(msticket->TicketFlags, &creds->ticket_flags); creds->times.starttime=FileTimeToUnixTime(&msticket->StartTime); @@ -581,14 +582,14 @@ CacheInfoEx2ToMITCred(KERB_TICKET_CACHE_INFO_EX2 *info, wcsncpy(wrealm, info->ClientRealm.Buffer, info->ClientRealm.Length/sizeof(WCHAR)); wrealm[info->ClientRealm.Length/sizeof(WCHAR)]=0; if (!UnicodeStringToMITPrinc(&info->ClientName, wrealm, context, &creds->client)) - return FALSE; + return FALSE; // construct Service Principal wcsncpy(wrealm, info->ServerRealm.Buffer, info->ServerRealm.Length/sizeof(WCHAR)); wrealm[info->ServerRealm.Length/sizeof(WCHAR)]=0; if (!UnicodeStringToMITPrinc(&info->ServerName, wrealm, context, &creds->server)) - return FALSE; + return FALSE; creds->keyblock.magic = KV5M_KEYBLOCK; creds->keyblock.enctype = info->SessionKeyType; @@ -616,7 +617,7 @@ PackageConnectLookup(HANDLE *pLogonHandle, ULONG *pPackageId) Status = LsaConnectUntrusted( pLogonHandle - ); + ); if (FAILED(Status)) { @@ -632,7 +633,7 @@ PackageConnectLookup(HANDLE *pLogonHandle, ULONG *pPackageId) *pLogonHandle, &Name, pPackageId - ); + ); if (FAILED(Status)) { @@ -644,123 +645,123 @@ PackageConnectLookup(HANDLE *pLogonHandle, ULONG *pPackageId) } -static BOOL +static BOOL does_retrieve_ticket_cache_ticket (void) { - static BOOL fChecked = FALSE; - static BOOL fCachesTicket = FALSE; - - if (!fChecked) - { - NTSTATUS Status = 0; - NTSTATUS SubStatus = 0; - HANDLE LogonHandle; - ULONG PackageId; - ULONG RequestSize; - PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; - PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; - ULONG ResponseSize; - - RequestSize = sizeof(*pTicketRequest) + 1; - - if (!PackageConnectLookup(&LogonHandle, &PackageId)) - return FALSE; - - pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize); - if (!pTicketRequest) { - CloseHandle(LogonHandle); - return FALSE; - } - - pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage; - pTicketRequest->LogonId.LowPart = 0; - pTicketRequest->LogonId.HighPart = 0; - pTicketRequest->TargetName.Length = 0; - pTicketRequest->TargetName.MaximumLength = 0; - pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); - pTicketRequest->CacheOptions = - KERB_RETRIEVE_TICKET_DONT_USE_CACHE | KERB_RETRIEVE_TICKET_CACHE_TICKET; - pTicketRequest->EncryptionType = 0; - pTicketRequest->TicketFlags = 0; - - Status = LsaCallAuthenticationPackage( LogonHandle, - PackageId, - pTicketRequest, - RequestSize, - &pTicketResponse, - &ResponseSize, - &SubStatus - ); - - LocalFree(pTicketRequest); - CloseHandle(LogonHandle); - - if (FAILED(Status) || FAILED(SubStatus)) { - if ( SubStatus == STATUS_NOT_SUPPORTED ) - /* The combination of the two CacheOption flags - * is not supported; therefore, the new flag is supported - */ - fCachesTicket = TRUE; - } - fChecked = TRUE; - } - - return fCachesTicket; + static BOOL fChecked = FALSE; + static BOOL fCachesTicket = FALSE; + + if (!fChecked) + { + NTSTATUS Status = 0; + NTSTATUS SubStatus = 0; + HANDLE LogonHandle; + ULONG PackageId; + ULONG RequestSize; + PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; + PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; + ULONG ResponseSize; + + RequestSize = sizeof(*pTicketRequest) + 1; + + if (!PackageConnectLookup(&LogonHandle, &PackageId)) + return FALSE; + + pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize); + if (!pTicketRequest) { + CloseHandle(LogonHandle); + return FALSE; + } + + pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage; + pTicketRequest->LogonId.LowPart = 0; + pTicketRequest->LogonId.HighPart = 0; + pTicketRequest->TargetName.Length = 0; + pTicketRequest->TargetName.MaximumLength = 0; + pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); + pTicketRequest->CacheOptions = + KERB_RETRIEVE_TICKET_DONT_USE_CACHE | KERB_RETRIEVE_TICKET_CACHE_TICKET; + pTicketRequest->EncryptionType = 0; + pTicketRequest->TicketFlags = 0; + + Status = LsaCallAuthenticationPackage( LogonHandle, + PackageId, + pTicketRequest, + RequestSize, + &pTicketResponse, + &ResponseSize, + &SubStatus + ); + + LocalFree(pTicketRequest); + CloseHandle(LogonHandle); + + if (FAILED(Status) || FAILED(SubStatus)) { + if ( SubStatus == STATUS_NOT_SUPPORTED ) + /* The combination of the two CacheOption flags + * is not supported; therefore, the new flag is supported + */ + fCachesTicket = TRUE; + } + fChecked = TRUE; + } + + return fCachesTicket; } #ifdef HAVE_CACHE_INFO_EX2 -static BOOL +static BOOL does_query_ticket_cache_ex2 (void) { - static BOOL fChecked = FALSE; - static BOOL fEx2Response = FALSE; - - if (!fChecked) - { - NTSTATUS Status = 0; - NTSTATUS SubStatus = 0; - HANDLE LogonHandle; - ULONG PackageId; - ULONG RequestSize; - PKERB_QUERY_TKT_CACHE_REQUEST pCacheRequest = NULL; - PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pCacheResponse = NULL; - ULONG ResponseSize; - - RequestSize = sizeof(*pCacheRequest) + 1; - - if (!PackageConnectLookup(&LogonHandle, &PackageId)) - return FALSE; - - pCacheRequest = (PKERB_QUERY_TKT_CACHE_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize); - if (!pCacheRequest) { - CloseHandle(LogonHandle); - return FALSE; - } - - pCacheRequest->MessageType = KerbQueryTicketCacheEx2Message; - pCacheRequest->LogonId.LowPart = 0; - pCacheRequest->LogonId.HighPart = 0; - - Status = LsaCallAuthenticationPackage( LogonHandle, - PackageId, - pCacheRequest, - RequestSize, - &pCacheResponse, - &ResponseSize, - &SubStatus - ); - - LocalFree(pCacheRequest); - CloseHandle(LogonHandle); - - if (!(FAILED(Status) || FAILED(SubStatus))) { - LsaFreeReturnBuffer(pCacheResponse); - fEx2Response = TRUE; - } - fChecked = TRUE; - } - - return fEx2Response; + static BOOL fChecked = FALSE; + static BOOL fEx2Response = FALSE; + + if (!fChecked) + { + NTSTATUS Status = 0; + NTSTATUS SubStatus = 0; + HANDLE LogonHandle; + ULONG PackageId; + ULONG RequestSize; + PKERB_QUERY_TKT_CACHE_REQUEST pCacheRequest = NULL; + PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pCacheResponse = NULL; + ULONG ResponseSize; + + RequestSize = sizeof(*pCacheRequest) + 1; + + if (!PackageConnectLookup(&LogonHandle, &PackageId)) + return FALSE; + + pCacheRequest = (PKERB_QUERY_TKT_CACHE_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize); + if (!pCacheRequest) { + CloseHandle(LogonHandle); + return FALSE; + } + + pCacheRequest->MessageType = KerbQueryTicketCacheEx2Message; + pCacheRequest->LogonId.LowPart = 0; + pCacheRequest->LogonId.HighPart = 0; + + Status = LsaCallAuthenticationPackage( LogonHandle, + PackageId, + pCacheRequest, + RequestSize, + &pCacheResponse, + &ResponseSize, + &SubStatus + ); + + LocalFree(pCacheRequest); + CloseHandle(LogonHandle); + + if (!(FAILED(Status) || FAILED(SubStatus))) { + LsaFreeReturnBuffer(pCacheResponse); + fEx2Response = TRUE; + } + fChecked = TRUE; + } + + return fEx2Response; } #endif /* HAVE_CACHE_INFO_EX2 */ @@ -794,8 +795,8 @@ get_STRING_from_registry(HKEY hBaseKey, char * key, char * value, char * outbuf, DWORD dwCount; LONG rc; - if (!outbuf || outlen == 0) - return FALSE; + if (!outbuf || outlen == 0) + return FALSE; rc = RegOpenKeyExA(hBaseKey, key, 0, KEY_QUERY_VALUE, &hKey); if (rc) @@ -838,11 +839,11 @@ GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData) } // -// IsKerberosLogon() does not validate whether or not there are valid tickets in the -// cache. It validates whether or not it is reasonable to assume that if we -// attempted to retrieve valid tickets we could do so. Microsoft does not +// IsKerberosLogon() does not validate whether or not there are valid tickets in the +// cache. It validates whether or not it is reasonable to assume that if we +// attempted to retrieve valid tickets we could do so. Microsoft does not // automatically renew expired tickets. Therefore, the cache could contain -// expired or invalid tickets. Microsoft also caches the user's password +// expired or invalid tickets. Microsoft also caches the user's password // and will use it to retrieve new TGTs if the cache is empty and tickets // are requested. @@ -896,7 +897,7 @@ ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * o TargetPrefix.MaximumLength = TargetPrefix.Length; // - // We will need to concatenate the "krbtgt/" prefix and the + // We will need to concatenate the "krbtgt/" prefix and the // Logon Session's DnsDomainName into our request's target name. // // Therefore, first compute the necessary buffer size for that. @@ -930,8 +931,8 @@ ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * o pTicketRequest->TargetName.MaximumLength = TargetSize; pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); Error = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName), - TargetPrefix, - DomainName); + TargetPrefix, + DomainName); *outRequest = pTicketRequest; *outSize = RequestSize; return Error; @@ -954,20 +955,20 @@ PurgeAllTickets(HANDLE LogonHandle, ULONG PackageId) PurgeRequest.RealmName.Length = 0; PurgeRequest.RealmName.MaximumLength = 0; Status = LsaCallAuthenticationPackage(LogonHandle, - PackageId, - &PurgeRequest, - sizeof(PurgeRequest), - NULL, - NULL, - &SubStatus - ); + PackageId, + &PurgeRequest, + sizeof(PurgeRequest), + NULL, + NULL, + &SubStatus + ); if (FAILED(Status) || FAILED(SubStatus)) return FALSE; return TRUE; } static BOOL -PurgeTicket2000( HANDLE LogonHandle, ULONG PackageId, +PurgeTicket2000( HANDLE LogonHandle, ULONG PackageId, krb5_context context, krb5_creds *cred ) { NTSTATUS Status = 0; @@ -1009,7 +1010,7 @@ PurgeTicket2000( HANDLE LogonHandle, ULONG PackageId, NULL, NULL, &SubStatus - ); + ); free(pPurgeRequest); krb5_free_unparsed_name(context, sname); @@ -1021,7 +1022,7 @@ PurgeTicket2000( HANDLE LogonHandle, ULONG PackageId, static BOOL -PurgeTicketXP( HANDLE LogonHandle, ULONG PackageId, +PurgeTicketXP( HANDLE LogonHandle, ULONG PackageId, krb5_context context, krb5_flags flags, krb5_creds *cred) { NTSTATUS Status = 0; @@ -1033,7 +1034,7 @@ PurgeTicketXP( HANDLE LogonHandle, ULONG PackageId, if (krb5_unparse_name(context, cred->client, &cname)) return FALSE; - + if (krb5_unparse_name(context, cred->server, &sname)) { krb5_free_unparsed_name(context, cname); return FALSE; @@ -1093,7 +1094,7 @@ PurgeTicketXP( HANDLE LogonHandle, ULONG PackageId, NULL, NULL, &SubStatus - ); + ); free(pPurgeRequest); krb5_free_unparsed_name(context,cname); krb5_free_unparsed_name(context,sname); @@ -1105,7 +1106,7 @@ PurgeTicketXP( HANDLE LogonHandle, ULONG PackageId, #ifdef KERB_SUBMIT_TICKET static BOOL -KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId, +KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId, krb5_context context, krb5_creds *cred) { NTSTATUS Status = 0; @@ -1126,14 +1127,14 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId, KRB5_AUTH_CONTEXT_RET_TIME)) { return FALSE; } - + krb5_auth_con_getsendsubkey(context, auth_context, &keyblock); if (keyblock == NULL) krb5_auth_con_getkey(context, auth_context, &keyblock); - /* make up a key, any key, that can be used to generate the - * encrypted KRB_CRED pdu. The Vista release LSA requires - * that an enctype other than NULL be used. */ + /* make up a key, any key, that can be used to generate the + * encrypted KRB_CRED pdu. The Vista release LSA requires + * that an enctype other than NULL be used. */ if (keyblock == NULL) { keyblock = (krb5_keyblock *)malloc(sizeof(krb5_keyblock)); keyblock->enctype = ENCTYPE_ARCFOUR_HMAC; @@ -1176,7 +1177,7 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId, pSubmitRequest->LogonId.LowPart = 0; pSubmitRequest->LogonId.HighPart = 0; pSubmitRequest->Flags = 0; - + if (keyblock) { pSubmitRequest->Key.KeyType = keyblock->enctype; pSubmitRequest->Key.Length = keyblock->length; @@ -1192,7 +1193,7 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId, krb_cred->data, krb_cred->length); if (keyblock) memcpy(((CHAR *)pSubmitRequest)+sizeof(KERB_SUBMIT_TKT_REQUEST)+krb_cred->length, - keyblock->contents, keyblock->length); + keyblock->contents, keyblock->length); krb5_free_data(context, krb_cred); Status = LsaCallAuthenticationPackage( LogonHandle, @@ -1202,20 +1203,20 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId, NULL, NULL, &SubStatus - ); + ); free(pSubmitRequest); if (keyblock) krb5_free_keyblock(context, keyblock); krb5_auth_con_free(context, auth_context); if (FAILED(Status) || FAILED(SubStatus)) { - return FALSE; + return FALSE; } return TRUE; } #endif /* KERB_SUBMIT_TICKET */ -/* +/* * A simple function to determine if there is an exact match between two tickets * We rely on the fact that the external tickets contain the raw Kerberos ticket. * If the EncodedTicket fields match, the KERB_EXTERNAL_TICKETs must be the same. @@ -1227,7 +1228,7 @@ KerbExternalTicketMatch( PKERB_EXTERNAL_TICKET one, PKERB_EXTERNAL_TICKET two ) return FALSE; if ( memcmp(one->EncodedTicket, two->EncodedTicket, one->EncodedTicketSize) ) - return FALSE; + return FALSE; return TRUE; } @@ -1240,12 +1241,12 @@ krb5_is_permitted_tgs_enctype(krb5_context context, krb5_const_principal princ, if (krb5_get_tgs_ktypes(context, princ, &list)) return(0); - + ret = 0; for (ptr = list; *ptr; ptr++) - if (*ptr == etype) - ret = 1; + if (*ptr == etype) + ret = 1; krb5_free_ktypes (context, list); @@ -1256,7 +1257,7 @@ krb5_is_permitted_tgs_enctype(krb5_context context, krb5_const_principal princ, // to allow the purging of expired tickets from LSA cache. This is necessary // to force the retrieval of new TGTs. Microsoft does not appear to retrieve // new tickets when they expire. Instead they continue to accept the expired -// tickets. This is safe to do because the LSA purges its cache when it +// tickets. This is safe to do because the LSA purges its cache when it // retrieves a new TGT (ms calls this renew) but not when it renews the TGT // (ms calls this refresh). @@ -1287,7 +1288,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA krb5_enctype *etype_list = NULL, *ptr = NULL, etype = 0; if (is_process_uac_limited()) { - Status = STATUS_ACCESS_DENIED; + Status = STATUS_ACCESS_DENIED; goto cleanup; } @@ -1304,12 +1305,12 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA &pTicketResponse, &ResponseSize, &SubStatus - ); + ); if (FAILED(Status)) { // if the call to LsaCallAuthenticationPackage failed we cannot - // perform any queries most likely because the Kerberos package + // perform any queries most likely because the Kerberos package // is not available or we do not have access bIsLsaError = TRUE; goto cleanup; @@ -1330,7 +1331,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA verinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX); GetVersionEx((OSVERSIONINFO *)&verinfo); - supported = (verinfo.dwMajorVersion > 5) || + supported = (verinfo.dwMajorVersion > 5) || (verinfo.dwMajorVersion == 5 && verinfo.dwMinorVersion >= 1); // If we could not get a TGT from the cache we won't know what the @@ -1340,7 +1341,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA if ( supported && GetSecurityLogonSessionData(&pSessionData) ) { if ( pSessionData->DnsDomainName.Buffer ) { Error = ConstructTicketRequest(pSessionData->DnsDomainName, - &pTicketRequest, &RequestSize); + &pTicketRequest, &RequestSize); LsaFreeReturnBuffer(pSessionData); if ( Error ) goto cleanup; @@ -1354,11 +1355,11 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA WCHAR UnicodeUserDnsDomain[256]; UNICODE_STRING wrapper; if ( !get_STRING_from_registry(HKEY_CURRENT_USER, - "Volatile Environment", - "USERDNSDOMAIN", + "Volatile Environment", + "USERDNSDOMAIN", UserDnsDomain, sizeof(UserDnsDomain) - ) ) + ) ) { goto cleanup; } @@ -1369,16 +1370,16 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA wrapper.MaximumLength = 256; Error = ConstructTicketRequest(wrapper, - &pTicketRequest, &RequestSize); + &pTicketRequest, &RequestSize); if ( Error ) goto cleanup; } } else { - /* We have succeeded in obtaining a credential from the cache. + /* We have succeeded in obtaining a credential from the cache. * Assuming the enctype is one that we support and the ticket * has not expired and is not marked invalid we will use it. * Otherwise, we must create a new ticket request and obtain - * a credential we can use. + * a credential we can use. */ #ifdef PURGE_ALL @@ -1386,7 +1387,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA #else /* Check Supported Enctypes */ if ( !enforce_tgs_enctypes || - IsMSSessionKeyNull(&pTicketResponse->Ticket.SessionKey) || + IsMSSessionKeyNull(&pTicketResponse->Ticket.SessionKey) || krb5_is_permitted_tgs_enctype(context, NULL, pTicketResponse->Ticket.SessionKey.KeyType) ) { FILETIME Now, MinLife, EndTime, LocalEndTime; __int64 temp; @@ -1421,7 +1422,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA #endif /* PURGE_ALL */ Error = ConstructTicketRequest(pTicketResponse->Ticket.TargetDomainName, - &pTicketRequest, &RequestSize); + &pTicketRequest, &RequestSize); if ( Error ) { goto cleanup; } @@ -1439,7 +1440,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA #ifdef ENABLE_PURGING if ( purge_cache ) { // - // Purge the existing tickets which we cannot use so new ones can + // Purge the existing tickets which we cannot use so new ones can // be requested. It is not possible to purge just the TGT. All // service tickets must be purged. // @@ -1447,7 +1448,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA } #endif /* ENABLE_PURGING */ } - + // // Intialize the request of the request. // @@ -1457,8 +1458,8 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA pTicketRequest->LogonId.HighPart = 0; // Note: pTicketRequest->TargetName set up above #ifdef ENABLE_PURGING - pTicketRequest->CacheOptions = ((ignore_cache || !purge_cache) ? - KERB_RETRIEVE_TICKET_DONT_USE_CACHE : 0L); + pTicketRequest->CacheOptions = ((ignore_cache || !purge_cache) ? + KERB_RETRIEVE_TICKET_DONT_USE_CACHE : 0L); #else pTicketRequest->CacheOptions = (ignore_cache ? KERB_RETRIEVE_TICKET_DONT_USE_CACHE : 0L); #endif /* ENABLE_PURGING */ @@ -1472,7 +1473,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA &pTicketResponse, &ResponseSize, &SubStatus - ); + ); if (FAILED(Status) || FAILED(SubStatus)) { @@ -1520,7 +1521,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA &pTicketResponse, &ResponseSize, &SubStatus - ); + ); if (FAILED(Status) || FAILED(SubStatus)) { @@ -1528,9 +1529,9 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA goto cleanup; } - if ( pTicketResponse->Ticket.SessionKey.KeyType == etype && + if ( pTicketResponse->Ticket.SessionKey.KeyType == etype && (!enforce_tgs_enctypes || - krb5_is_permitted_tgs_enctype(context, NULL, pTicketResponse->Ticket.SessionKey.KeyType)) ) { + krb5_is_permitted_tgs_enctype(context, NULL, pTicketResponse->Ticket.SessionKey.KeyType)) ) { goto cleanup; // we have a valid ticket, all done } @@ -1541,7 +1542,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA } } - cleanup: +cleanup: if ( etype_list ) krb5_free_ktypes(context, etype_list); @@ -1585,7 +1586,7 @@ GetQueryTktCacheResponseW2K( HANDLE LogonHandle, ULONG PackageId, KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; PKERB_QUERY_TKT_CACHE_RESPONSE pQueryResponse = NULL; ULONG ResponseSize; - + CacheRequest.MessageType = KerbQueryTicketCacheMessage; CacheRequest.LogonId.LowPart = 0; CacheRequest.LogonId.HighPart = 0; @@ -1598,7 +1599,7 @@ GetQueryTktCacheResponseW2K( HANDLE LogonHandle, ULONG PackageId, &pQueryResponse, &ResponseSize, &SubStatus - ); + ); if ( !(FAILED(Status) || FAILED(SubStatus)) ) { *ppResponse = pQueryResponse; @@ -1618,7 +1619,7 @@ GetQueryTktCacheResponseXP( HANDLE LogonHandle, ULONG PackageId, KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; PKERB_QUERY_TKT_CACHE_EX_RESPONSE pQueryResponse = NULL; ULONG ResponseSize; - + CacheRequest.MessageType = KerbQueryTicketCacheExMessage; CacheRequest.LogonId.LowPart = 0; CacheRequest.LogonId.HighPart = 0; @@ -1631,7 +1632,7 @@ GetQueryTktCacheResponseXP( HANDLE LogonHandle, ULONG PackageId, &pQueryResponse, &ResponseSize, &SubStatus - ); + ); if ( !(FAILED(Status) || FAILED(SubStatus)) ) { *ppResponse = pQueryResponse; @@ -1652,7 +1653,7 @@ GetQueryTktCacheResponseEX2( HANDLE LogonHandle, ULONG PackageId, KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pQueryResponse = NULL; ULONG ResponseSize; - + CacheRequest.MessageType = KerbQueryTicketCacheEx2Message; CacheRequest.LogonId.LowPart = 0; CacheRequest.LogonId.HighPart = 0; @@ -1665,7 +1666,7 @@ GetQueryTktCacheResponseEX2( HANDLE LogonHandle, ULONG PackageId, &pQueryResponse, &ResponseSize, &SubStatus - ); + ); if ( !(FAILED(Status) || FAILED(SubStatus)) ) { *ppResponse = pQueryResponse; @@ -1678,7 +1679,7 @@ GetQueryTktCacheResponseEX2( HANDLE LogonHandle, ULONG PackageId, static BOOL GetMSCacheTicketFromMITCred( HANDLE LogonHandle, ULONG PackageId, - krb5_context context, krb5_creds *creds, + krb5_context context, krb5_creds *creds, PKERB_EXTERNAL_TICKET *ticket) { NTSTATUS Status = 0; @@ -1715,7 +1716,7 @@ GetMSCacheTicketFromMITCred( HANDLE LogonHandle, ULONG PackageId, &pTicketResponse, &ResponseSize, &SubStatus - ); + ); LocalFree(pTicketRequest); @@ -1729,7 +1730,7 @@ GetMSCacheTicketFromMITCred( HANDLE LogonHandle, ULONG PackageId, static BOOL GetMSCacheTicketFromCacheInfoW2K( HANDLE LogonHandle, ULONG PackageId, - PKERB_TICKET_CACHE_INFO tktinfo, PKERB_EXTERNAL_TICKET *ticket) + PKERB_TICKET_CACHE_INFO tktinfo, PKERB_EXTERNAL_TICKET *ticket) { NTSTATUS Status = 0; NTSTATUS SubStatus = 0; @@ -1773,13 +1774,13 @@ GetMSCacheTicketFromCacheInfoW2K( HANDLE LogonHandle, ULONG PackageId, &pTicketResponse, &ResponseSize, &SubStatus - ); + ); LocalFree(pTicketRequest); if (FAILED(Status) || FAILED(SubStatus)) return(FALSE); - + /* otherwise return ticket */ *ticket = &(pTicketResponse->Ticket); @@ -1795,7 +1796,7 @@ GetMSCacheTicketFromCacheInfoW2K( HANDLE LogonHandle, ULONG PackageId, static BOOL GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId, - PKERB_TICKET_CACHE_INFO_EX tktinfo, PKERB_EXTERNAL_TICKET *ticket) + PKERB_TICKET_CACHE_INFO_EX tktinfo, PKERB_EXTERNAL_TICKET *ticket) { NTSTATUS Status = 0; NTSTATUS SubStatus = 0; @@ -1837,16 +1838,16 @@ GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId, &pTicketResponse, &ResponseSize, &SubStatus - ); + ); LocalFree(pTicketRequest); if (FAILED(Status) || FAILED(SubStatus)) return(FALSE); - + /* otherwise return ticket */ *ticket = &(pTicketResponse->Ticket); - + /* set the initial flag if we were attempting to retrieve one * because Windows won't necessarily return the initial ticket * to us. @@ -1860,7 +1861,7 @@ GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId, #ifdef HAVE_CACHE_INFO_EX2 static BOOL GetMSCacheTicketFromCacheInfoEX2( HANDLE LogonHandle, ULONG PackageId, - PKERB_TICKET_CACHE_INFO_EX2 tktinfo, PKERB_EXTERNAL_TICKET *ticket) + PKERB_TICKET_CACHE_INFO_EX2 tktinfo, PKERB_EXTERNAL_TICKET *ticket) { NTSTATUS Status = 0; NTSTATUS SubStatus = 0; @@ -1902,71 +1903,71 @@ GetMSCacheTicketFromCacheInfoEX2( HANDLE LogonHandle, ULONG PackageId, &pTicketResponse, &ResponseSize, &SubStatus - ); + ); LocalFree(pTicketRequest); if (FAILED(Status) || FAILED(SubStatus)) return(FALSE); - + /* otherwise return ticket */ *ticket = &(pTicketResponse->Ticket); - + /* set the initial flag if we were attempting to retrieve one - * because Windows won't necessarily return the initial ticket - * to us. - */ - if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial ) - (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial; + * because Windows won't necessarily return the initial ticket + * to us. + */ + if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial ) + (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial; return(TRUE); } #endif /* HAVE_CACHE_INFO_EX2 */ static krb5_error_code KRB5_CALLCONV krb5_lcc_close - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_lcc_destroy - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_lcc_end_seq_get - (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); +(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); static krb5_error_code KRB5_CALLCONV krb5_lcc_generate_new - (krb5_context, krb5_ccache *id); +(krb5_context, krb5_ccache *id); static const char * KRB5_CALLCONV krb5_lcc_get_name - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); static krb5_error_code KRB5_CALLCONV krb5_lcc_get_principal - (krb5_context, krb5_ccache id, krb5_principal *princ); +(krb5_context, krb5_ccache id, krb5_principal *princ); static krb5_error_code KRB5_CALLCONV krb5_lcc_initialize - (krb5_context, krb5_ccache id, krb5_principal princ); +(krb5_context, krb5_ccache id, krb5_principal princ); static krb5_error_code KRB5_CALLCONV krb5_lcc_next_cred - (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor, - krb5_creds *creds); +(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor, + krb5_creds *creds); static krb5_error_code KRB5_CALLCONV krb5_lcc_resolve - (krb5_context, krb5_ccache *id, const char *residual); +(krb5_context, krb5_ccache *id, const char *residual); static krb5_error_code KRB5_CALLCONV krb5_lcc_retrieve - (krb5_context, krb5_ccache id, krb5_flags whichfields, - krb5_creds *mcreds, krb5_creds *creds); +(krb5_context, krb5_ccache id, krb5_flags whichfields, + krb5_creds *mcreds, krb5_creds *creds); static krb5_error_code KRB5_CALLCONV krb5_lcc_start_seq_get - (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); +(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor); static krb5_error_code KRB5_CALLCONV krb5_lcc_store - (krb5_context, krb5_ccache id, krb5_creds *creds); +(krb5_context, krb5_ccache id, krb5_creds *creds); static krb5_error_code KRB5_CALLCONV krb5_lcc_set_flags - (krb5_context, krb5_ccache id, krb5_flags flags); +(krb5_context, krb5_ccache id, krb5_flags flags); static krb5_error_code KRB5_CALLCONV krb5_lcc_get_flags - (krb5_context, krb5_ccache id, krb5_flags *flags); +(krb5_context, krb5_ccache id, krb5_flags *flags); extern const krb5_cc_ops krb5_lcc_ops; @@ -2004,18 +2005,18 @@ typedef struct _krb5_lcc_cursor { * * Modifies: * id - * + * * Effects: * Acccess the MS Kerberos LSA cache in the current logon session * Ignore the residual. - * + * * Returns: * A filled in krb5_ccache structure "id". * * Errors: * KRB5_CC_NOMEM - there was insufficient memory to allocate the - * - * krb5_ccache. id is undefined. + * + * krb5_ccache. id is undefined. * permission errors */ static krb5_error_code KRB5_CALLCONV @@ -2032,7 +2033,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) return KRB5_FCC_NOFILE; #ifdef COMMENT - /* In at least one case on Win2003 it appears that it is possible + /* In at least one case on Win2003 it appears that it is possible * for the logon session to be authenticated via NTLM and yet for * there to be Kerberos credentials obtained by the LSA on behalf * of the logged in user. Therefore, we are removing this test @@ -2062,7 +2063,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) } lid->magic = KV5M_CCACHE; - data = (krb5_lcc_data *)lid->data; + data = (krb5_lcc_data *)lid->data; data->LogonHandle = LogonHandle; data->PackageId = PackageId; data->princ = 0; @@ -2099,16 +2100,16 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) /* * other routines will get errors on open, and callers must expect them, - * if cache is non-existent/unusable + * if cache is non-existent/unusable */ *id = lid; return retval; } /* -* return success although we do not do anything -* We should delete all tickets belonging to the specified principal -*/ + * return success although we do not do anything + * We should delete all tickets belonging to the specified principal + */ static krb5_error_code KRB5_CALLCONV krb5_lcc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags flags, @@ -2160,7 +2161,7 @@ krb5_lcc_close(krb5_context context, krb5_ccache id) { register int closeval = KRB5_OK; register krb5_lcc_data *data; - + if (!is_windows_2000()) return KRB5_FCC_NOFILE; @@ -2187,15 +2188,15 @@ static krb5_error_code KRB5_CALLCONV krb5_lcc_destroy(krb5_context context, krb5_ccache id) { register krb5_lcc_data *data; - + if (!is_windows_2000()) return KRB5_FCC_NOFILE; - if (id) { + if (id) { data = (krb5_lcc_data *) id->data; return PurgeAllTickets(data->LogonHandle, data->PackageId) ? KRB5_OK : KRB5_FCC_INTERNAL; - } + } return KRB5_FCC_INTERNAL; } @@ -2244,23 +2245,23 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur *cursor = 0; return KRB5_FCC_INTERNAL; } - } else + } else #endif /* HAVE_CACHE_INFO_EX2 */ - if ( is_windows_xp() ) { - if ( !GetQueryTktCacheResponseXP(data->LogonHandle, data->PackageId, &lcursor->response.xp) ) { - LsaFreeReturnBuffer(lcursor->mstgt); - free(lcursor); - *cursor = 0; - return KRB5_FCC_INTERNAL; - } - } else { - if ( !GetQueryTktCacheResponseW2K(data->LogonHandle, data->PackageId, &lcursor->response.w2k) ) { - LsaFreeReturnBuffer(lcursor->mstgt); - free(lcursor); - *cursor = 0; - return KRB5_FCC_INTERNAL; + if ( is_windows_xp() ) { + if ( !GetQueryTktCacheResponseXP(data->LogonHandle, data->PackageId, &lcursor->response.xp) ) { + LsaFreeReturnBuffer(lcursor->mstgt); + free(lcursor); + *cursor = 0; + return KRB5_FCC_INTERNAL; + } + } else { + if ( !GetQueryTktCacheResponseW2K(data->LogonHandle, data->PackageId, &lcursor->response.w2k) ) { + LsaFreeReturnBuffer(lcursor->mstgt); + free(lcursor); + *cursor = 0; + return KRB5_FCC_INTERNAL; + } } - } lcursor->index = 0; *cursor = (krb5_cc_cursor) lcursor; return KRB5_OK; @@ -2274,7 +2275,7 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur * * Modifes: * cursor - * + * * Effects: * Fills in creds with the TGT obtained from the MS LSA * @@ -2297,7 +2298,7 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, data = (krb5_lcc_data *)id->data; - next_cred: +next_cred: #ifdef HAVE_CACHE_INFO_EX2 if ( does_query_ticket_cache_ex2() ) { if ( lcursor->index >= lcursor->response.ex2->CountOfTickets ) { @@ -2313,58 +2314,58 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, } if ( data->flags & KRB5_TC_NOTICKET ) { - if (!CacheInfoEx2ToMITCred( &lcursor->response.ex2->Tickets[lcursor->index++], - context, creds)) { + if (!CacheInfoEx2ToMITCred( &lcursor->response.ex2->Tickets[lcursor->index++], + context, creds)) { retval = KRB5_FCC_INTERNAL; goto next_cred; - } + } return KRB5_OK; } else { if (!GetMSCacheTicketFromCacheInfoEX2(data->LogonHandle, data->PackageId, - &lcursor->response.ex2->Tickets[lcursor->index++],&msticket)) { + &lcursor->response.ex2->Tickets[lcursor->index++],&msticket)) { retval = KRB5_FCC_INTERNAL; goto next_cred; } } - } else + } else #endif /* HAVE_CACHE_INFO_EX2 */ - if ( is_windows_xp() ) { - if ( lcursor->index >= lcursor->response.xp->CountOfTickets ) { - if (retval == KRB5_OK) - return KRB5_CC_END; - else { - LsaFreeReturnBuffer(lcursor->mstgt); - LsaFreeReturnBuffer(lcursor->response.xp); - free(*cursor); - *cursor = 0; - return retval; + if ( is_windows_xp() ) { + if ( lcursor->index >= lcursor->response.xp->CountOfTickets ) { + if (retval == KRB5_OK) + return KRB5_CC_END; + else { + LsaFreeReturnBuffer(lcursor->mstgt); + LsaFreeReturnBuffer(lcursor->response.xp); + free(*cursor); + *cursor = 0; + return retval; + } } - } - if (!GetMSCacheTicketFromCacheInfoXP(data->LogonHandle, data->PackageId, - &lcursor->response.xp->Tickets[lcursor->index++],&msticket)) { - retval = KRB5_FCC_INTERNAL; - goto next_cred; - } - } else { - if ( lcursor->index >= lcursor->response.w2k->CountOfTickets ) { - if (retval == KRB5_OK) - return KRB5_CC_END; - else { - LsaFreeReturnBuffer(lcursor->mstgt); - LsaFreeReturnBuffer(lcursor->response.w2k); - free(*cursor); - *cursor = 0; - return retval; + if (!GetMSCacheTicketFromCacheInfoXP(data->LogonHandle, data->PackageId, + &lcursor->response.xp->Tickets[lcursor->index++],&msticket)) { + retval = KRB5_FCC_INTERNAL; + goto next_cred; + } + } else { + if ( lcursor->index >= lcursor->response.w2k->CountOfTickets ) { + if (retval == KRB5_OK) + return KRB5_CC_END; + else { + LsaFreeReturnBuffer(lcursor->mstgt); + LsaFreeReturnBuffer(lcursor->response.w2k); + free(*cursor); + *cursor = 0; + return retval; + } } - } - if (!GetMSCacheTicketFromCacheInfoW2K(data->LogonHandle, data->PackageId, - &lcursor->response.w2k->Tickets[lcursor->index++],&msticket)) { - retval = KRB5_FCC_INTERNAL; - goto next_cred; + if (!GetMSCacheTicketFromCacheInfoW2K(data->LogonHandle, data->PackageId, + &lcursor->response.w2k->Tickets[lcursor->index++],&msticket)) { + retval = KRB5_FCC_INTERNAL; + goto next_cred; + } } - } /* Don't return tickets with NULL Session Keys */ if ( IsMSSessionKeyNull(&msticket->SessionKey) ) { @@ -2377,15 +2378,15 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, if ( does_query_ticket_cache_ex2() ) { if (!MSCredToMITCred(msticket, lcursor->response.ex2->Tickets[lcursor->index-1].ClientRealm, context, creds)) retval = KRB5_FCC_INTERNAL; - } else + } else #endif /* HAVE_CACHE_INFO_EX2 */ - if ( is_windows_xp() ) { - if (!MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds)) - retval = KRB5_FCC_INTERNAL; - } else { - if (!MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds)) - retval = KRB5_FCC_INTERNAL; - } + if ( is_windows_xp() ) { + if (!MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds)) + retval = KRB5_FCC_INTERNAL; + } else { + if (!MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds)) + retval = KRB5_FCC_INTERNAL; + } LsaFreeReturnBuffer(msticket); return retval; } @@ -2416,12 +2417,12 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso #ifdef HAVE_CACHE_INFO_EX2 if ( does_query_ticket_cache_ex2() ) LsaFreeReturnBuffer(lcursor->response.ex2); - else -#endif /* HAVE_CACHE_INFO_EX2 */ - if ( is_windows_xp() ) - LsaFreeReturnBuffer(lcursor->response.xp); else - LsaFreeReturnBuffer(lcursor->response.w2k); +#endif /* HAVE_CACHE_INFO_EX2 */ + if ( is_windows_xp() ) + LsaFreeReturnBuffer(lcursor->response.xp); + else + LsaFreeReturnBuffer(lcursor->response.w2k); free(*cursor); } *cursor = 0; @@ -2446,7 +2447,7 @@ krb5_lcc_generate_new (krb5_context context, krb5_ccache *id) /* * Requires: * id is a ms lsa credential cache - * + * * Returns: * The ccname specified during the krb5_lcc_resolve call */ @@ -2505,14 +2506,14 @@ krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *pri krb5_copy_principal(context, creds.client, &data->princ); krb5_free_cred_contents(context,&creds); return krb5_copy_principal(context, data->princ, princ); - } + } } return KRB5_CC_NOTFOUND; } - + static krb5_error_code KRB5_CALLCONV -krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, +krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds) { krb5_error_code kret = KRB5_OK; @@ -2530,7 +2531,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds); if ( !kret ) return KRB5_OK; - + /* if not, we must try to get a ticket without specifying any flags or etypes */ kret = krb5_copy_creds(context, mcreds, &mcreds_noflags); if (kret) @@ -2585,7 +2586,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, for ( i=0; i<pResponse->CountOfTickets; i++ ) { if (!GetMSCacheTicketFromCacheInfoXP(data->LogonHandle, data->PackageId, - &pResponse->Tickets[i],&mstmp)) { + &pResponse->Tickets[i],&mstmp)) { continue; } @@ -2616,7 +2617,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, kret = KRB5_CC_NOTFOUND; } - cleanup: +cleanup: if ( mstmp ) LsaFreeReturnBuffer(mstmp); if ( mstgt ) @@ -2678,12 +2679,12 @@ krb5_lcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds) return KRB5_CC_READONLY; } -/* +/* * Individual credentials can be implemented differently depending * on the operating system version. (undocumented.) - * + * * Errors: - * KRB5_CC_READONLY: + * KRB5_CC_READONLY: */ static krb5_error_code KRB5_CALLCONV krb5_lcc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags flags, @@ -2735,28 +2736,28 @@ krb5_lcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags) } const krb5_cc_ops krb5_lcc_ops = { - 0, - "MSLSA", - krb5_lcc_get_name, - krb5_lcc_resolve, - krb5_lcc_generate_new, - krb5_lcc_initialize, - krb5_lcc_destroy, - krb5_lcc_close, - krb5_lcc_store, - krb5_lcc_retrieve, - krb5_lcc_get_principal, - krb5_lcc_start_seq_get, - krb5_lcc_next_cred, - krb5_lcc_end_seq_get, - krb5_lcc_remove_cred, - krb5_lcc_set_flags, - krb5_lcc_get_flags, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, + 0, + "MSLSA", + krb5_lcc_get_name, + krb5_lcc_resolve, + krb5_lcc_generate_new, + krb5_lcc_initialize, + krb5_lcc_destroy, + krb5_lcc_close, + krb5_lcc_store, + krb5_lcc_retrieve, + krb5_lcc_get_principal, + krb5_lcc_start_seq_get, + krb5_lcc_next_cred, + krb5_lcc_end_seq_get, + krb5_lcc_remove_cred, + krb5_lcc_set_flags, + krb5_lcc_get_flags, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, }; #endif /* _WIN32 */ diff --git a/src/lib/krb5/ccache/cc_retr.c b/src/lib/krb5/ccache/cc_retr.c index 8d3398b..1c4b575 100644 --- a/src/lib/krb5/ccache/cc_retr.c +++ b/src/lib/krb5/ccache/cc_retr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/cc_retr.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * */ @@ -38,21 +39,21 @@ static int times_match_exact(const krb5_ticket_times *t1, const krb5_ticket_times *t2) { return (t1->authtime == t2->authtime && - t1->starttime == t2->starttime && - t1->endtime == t2->endtime && - t1->renew_till == t2->renew_till); + t1->starttime == t2->starttime && + t1->endtime == t2->endtime && + t1->renew_till == t2->renew_till); } static krb5_boolean times_match(const krb5_ticket_times *t1, const krb5_ticket_times *t2) { if (t1->renew_till) { - if (t1->renew_till > t2->renew_till) - return FALSE; /* this one expires too late */ + if (t1->renew_till > t2->renew_till) + return FALSE; /* this one expires too late */ } if (t1->endtime) { - if (t1->endtime > t2->endtime) - return FALSE; /* this one expires too late */ + if (t1->endtime > t2->endtime) + return FALSE; /* this one expires too late */ } /* only care about expiration on a times_match */ return TRUE; @@ -61,8 +62,8 @@ times_match(const krb5_ticket_times *t1, const krb5_ticket_times *t2) static krb5_boolean standard_fields_match(krb5_context context, const krb5_creds *mcreds, const krb5_creds *creds) { - return (krb5_principal_compare(context, mcreds->client,creds->client) - && krb5_principal_compare(context, mcreds->server,creds->server)); + return (krb5_principal_compare(context, mcreds->client,creds->client) + && krb5_principal_compare(context, mcreds->server,creds->server)); } /* only match the server name portion, not the server realm portion */ @@ -72,10 +73,10 @@ srvname_match(krb5_context context, const krb5_creds *mcreds, const krb5_creds * { krb5_boolean retval; krb5_principal_data p1, p2; - + retval = krb5_principal_compare(context, mcreds->client,creds->client); if (retval != TRUE) - return retval; + return retval; /* * Hack to ignore the server realm for the purposes of the compare. */ @@ -91,22 +92,22 @@ authdata_match(krb5_authdata *const *mdata, krb5_authdata *const *data) const krb5_authdata *mdatap, *datap; if (mdata == data) - return TRUE; + return TRUE; if (mdata == NULL) - return *data == NULL; - + return *data == NULL; + if (data == NULL) - return *mdata == NULL; - + return *mdata == NULL; + while ((mdatap = *mdata) && (datap = *data)) { - if ((mdatap->ad_type != datap->ad_type) || - (mdatap->length != datap->length) || - (memcmp ((char *)mdatap->contents, - (char *)datap->contents, (unsigned) mdatap->length) != 0)) - return FALSE; - mdata++; - data++; + if ((mdatap->ad_type != datap->ad_type) || + (mdatap->length != datap->length) || + (memcmp ((char *)mdatap->contents, + (char *)datap->contents, (unsigned) mdatap->length) != 0)) + return FALSE; + mdata++; + data++; } return (*mdata == NULL) && (*data == NULL); } @@ -115,10 +116,10 @@ static krb5_boolean data_match(const krb5_data *data1, const krb5_data *data2) { if (!data1) { - if (!data2) - return TRUE; - else - return FALSE; + if (!data2) + return TRUE; + else + return FALSE; } if (!data2) return FALSE; @@ -128,11 +129,11 @@ data_match(const krb5_data *data1, const krb5_data *data2) static int pref (krb5_enctype my_ktype, int nktypes, krb5_enctype *ktypes) { - int i; - for (i = 0; i < nktypes; i++) - if (my_ktype == ktypes[i]) - return i; - return -1; + int i; + for (i = 0; i < nktypes; i++) + if (my_ktype == ktypes[i]) + return i; + return -1; } /* @@ -141,7 +142,7 @@ pref (krb5_enctype my_ktype, int nktypes, krb5_enctype *ktypes) * with the fields specified by whichfields. If one if found, it is * returned in creds, which should be freed by the caller with * krb5_free_credentials(). - * + * * The fields are interpreted in the following way (all constants are * preceded by KRB5_TC_). MATCH_IS_SKEY requires the is_skey field to * match exactly. MATCH_TIMES requires the requested lifetime to be @@ -166,105 +167,105 @@ krb5_boolean krb5int_cc_creds_match_request(krb5_context context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds) { if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) && - srvname_match(context, mcreds, creds)) || - standard_fields_match(context, mcreds, creds)) - && - (! set(KRB5_TC_MATCH_IS_SKEY) || - mcreds->is_skey == creds->is_skey) - && - (! set(KRB5_TC_MATCH_FLAGS_EXACT) || - mcreds->ticket_flags == creds->ticket_flags) - && - (! set(KRB5_TC_MATCH_FLAGS) || - flags_match(mcreds->ticket_flags, creds->ticket_flags)) - && - (! set(KRB5_TC_MATCH_TIMES_EXACT) || - times_match_exact(&mcreds->times, &creds->times)) - && - (! set(KRB5_TC_MATCH_TIMES) || - times_match(&mcreds->times, &creds->times)) - && - ( ! set(KRB5_TC_MATCH_AUTHDATA) || - authdata_match(mcreds->authdata, creds->authdata)) - && - (! set(KRB5_TC_MATCH_2ND_TKT) || - data_match (&mcreds->second_ticket, &creds->second_ticket)) - && - ((! set(KRB5_TC_MATCH_KTYPE))|| - (mcreds->keyblock.enctype == creds->keyblock.enctype))) + srvname_match(context, mcreds, creds)) || + standard_fields_match(context, mcreds, creds)) + && + (! set(KRB5_TC_MATCH_IS_SKEY) || + mcreds->is_skey == creds->is_skey) + && + (! set(KRB5_TC_MATCH_FLAGS_EXACT) || + mcreds->ticket_flags == creds->ticket_flags) + && + (! set(KRB5_TC_MATCH_FLAGS) || + flags_match(mcreds->ticket_flags, creds->ticket_flags)) + && + (! set(KRB5_TC_MATCH_TIMES_EXACT) || + times_match_exact(&mcreds->times, &creds->times)) + && + (! set(KRB5_TC_MATCH_TIMES) || + times_match(&mcreds->times, &creds->times)) + && + ( ! set(KRB5_TC_MATCH_AUTHDATA) || + authdata_match(mcreds->authdata, creds->authdata)) + && + (! set(KRB5_TC_MATCH_2ND_TKT) || + data_match (&mcreds->second_ticket, &creds->second_ticket)) + && + ((! set(KRB5_TC_MATCH_KTYPE))|| + (mcreds->keyblock.enctype == creds->keyblock.enctype))) return TRUE; return FALSE; } static krb5_error_code krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id, - krb5_flags whichfields, krb5_creds *mcreds, - krb5_creds *creds, int nktypes, krb5_enctype *ktypes) + krb5_flags whichfields, krb5_creds *mcreds, + krb5_creds *creds, int nktypes, krb5_enctype *ktypes) { - /* This function could be considerably faster if it kept indexing */ - /* information.. sounds like a "next version" idea to me. :-) */ - - krb5_cc_cursor cursor; - krb5_error_code kret; - krb5_error_code nomatch_err = KRB5_CC_NOTFOUND; - struct { - krb5_creds creds; - int pref; - } fetched, best; - int have_creds = 0; - krb5_flags oflags = 0; + /* This function could be considerably faster if it kept indexing */ + /* information.. sounds like a "next version" idea to me. :-) */ + + krb5_cc_cursor cursor; + krb5_error_code kret; + krb5_error_code nomatch_err = KRB5_CC_NOTFOUND; + struct { + krb5_creds creds; + int pref; + } fetched, best; + int have_creds = 0; + krb5_flags oflags = 0; #define fetchcreds (fetched.creds) - kret = krb5_cc_get_flags(context, id, &oflags); - if (kret != KRB5_OK) - return kret; - if (oflags & KRB5_TC_OPENCLOSE) - (void) krb5_cc_set_flags(context, id, oflags & ~KRB5_TC_OPENCLOSE); - kret = krb5_cc_start_seq_get(context, id, &cursor); - if (kret != KRB5_OK) { - if (oflags & KRB5_TC_OPENCLOSE) - krb5_cc_set_flags(context, id, oflags); - return kret; - } - - while (krb5_cc_next_cred(context, id, &cursor, &fetchcreds) == KRB5_OK) { - if (krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds)) - { - if (ktypes) { - fetched.pref = pref (fetchcreds.keyblock.enctype, - nktypes, ktypes); - if (fetched.pref < 0) - nomatch_err = KRB5_CC_NOT_KTYPE; - else if (!have_creds || fetched.pref < best.pref) { - if (have_creds) - krb5_free_cred_contents (context, &best.creds); - else - have_creds = 1; - best = fetched; - continue; - } - } else { - krb5_cc_end_seq_get(context, id, &cursor); - *creds = fetchcreds; - if (oflags & KRB5_TC_OPENCLOSE) - krb5_cc_set_flags(context, id, oflags); - return KRB5_OK; - } - } - - /* This one doesn't match */ - krb5_free_cred_contents(context, &fetchcreds); - } - - /* If we get here, a match wasn't found */ - krb5_cc_end_seq_get(context, id, &cursor); - if (oflags & KRB5_TC_OPENCLOSE) - krb5_cc_set_flags(context, id, oflags); - if (have_creds) { - *creds = best.creds; - return KRB5_OK; - } else - return nomatch_err; + kret = krb5_cc_get_flags(context, id, &oflags); + if (kret != KRB5_OK) + return kret; + if (oflags & KRB5_TC_OPENCLOSE) + (void) krb5_cc_set_flags(context, id, oflags & ~KRB5_TC_OPENCLOSE); + kret = krb5_cc_start_seq_get(context, id, &cursor); + if (kret != KRB5_OK) { + if (oflags & KRB5_TC_OPENCLOSE) + krb5_cc_set_flags(context, id, oflags); + return kret; + } + + while (krb5_cc_next_cred(context, id, &cursor, &fetchcreds) == KRB5_OK) { + if (krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds)) + { + if (ktypes) { + fetched.pref = pref (fetchcreds.keyblock.enctype, + nktypes, ktypes); + if (fetched.pref < 0) + nomatch_err = KRB5_CC_NOT_KTYPE; + else if (!have_creds || fetched.pref < best.pref) { + if (have_creds) + krb5_free_cred_contents (context, &best.creds); + else + have_creds = 1; + best = fetched; + continue; + } + } else { + krb5_cc_end_seq_get(context, id, &cursor); + *creds = fetchcreds; + if (oflags & KRB5_TC_OPENCLOSE) + krb5_cc_set_flags(context, id, oflags); + return KRB5_OK; + } + } + + /* This one doesn't match */ + krb5_free_cred_contents(context, &fetchcreds); + } + + /* If we get here, a match wasn't found */ + krb5_cc_end_seq_get(context, id, &cursor); + if (oflags & KRB5_TC_OPENCLOSE) + krb5_cc_set_flags(context, id, oflags); + if (have_creds) { + *creds = best.creds; + return KRB5_OK; + } else + return nomatch_err; } krb5_error_code KRB5_CALLCONV @@ -275,20 +276,20 @@ krb5_cc_retrieve_cred_default (krb5_context context, krb5_ccache id, krb5_flags krb5_error_code ret; if (flags & KRB5_TC_SUPPORTED_KTYPES) { - ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes); - if (ret) - return ret; - nktypes = 0; - while (ktypes[nktypes]) - nktypes++; - - ret = krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds, - nktypes, ktypes); - free (ktypes); - return ret; + ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes); + if (ret) + return ret; + nktypes = 0; + while (ktypes[nktypes]) + nktypes++; + + ret = krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds, + nktypes, ktypes); + free (ktypes); + return ret; } else { - return krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds, - 0, 0); + return krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds, + 0, 0); } } @@ -298,24 +299,24 @@ krb5_cc_retrieve_cred_default (krb5_context context, krb5_ccache id, krb5_flags /* returned by the CCAPI is the same creds as the caller passed in. */ /* Unlike the code above it requires that all structures be identical. */ -krb5_boolean KRB5_CALLCONV +krb5_boolean KRB5_CALLCONV krb5_creds_compare (krb5_context in_context, krb5_creds *in_creds, krb5_creds *in_compare_creds) { /* Set to 0 when we hit the first mismatch and then fall through */ int equal = 1; - + if (equal) { - equal = krb5_principal_compare (in_context, in_creds->client, + equal = krb5_principal_compare (in_context, in_creds->client, in_compare_creds->client); } - + if (equal) { - equal = krb5_principal_compare (in_context, in_creds->server, + equal = krb5_principal_compare (in_context, in_creds->server, in_compare_creds->server); } - + if (equal) { equal = (in_creds->keyblock.enctype == in_compare_creds->keyblock.enctype && in_creds->keyblock.length == in_compare_creds->keyblock.length && @@ -323,27 +324,27 @@ krb5_creds_compare (krb5_context in_context, !memcmp (in_creds->keyblock.contents, in_compare_creds->keyblock.contents, in_creds->keyblock.length))); } - - if (equal) { + + if (equal) { equal = (in_creds->times.authtime == in_compare_creds->times.authtime && in_creds->times.starttime == in_compare_creds->times.starttime && in_creds->times.endtime == in_compare_creds->times.endtime && in_creds->times.renew_till == in_compare_creds->times.renew_till); } - + if (equal) { equal = (in_creds->is_skey == in_compare_creds->is_skey); - } - + } + if (equal) { equal = (in_creds->ticket_flags == in_compare_creds->ticket_flags); } - + if (equal) { krb5_address **addresses = in_creds->addresses; krb5_address **compare_addresses = in_compare_creds->addresses; unsigned int i; - + if (addresses && compare_addresses) { for (i = 0; (equal && addresses[i] && compare_addresses[i]); i++) { equal = krb5_address_compare (in_context, addresses[i], @@ -354,29 +355,29 @@ krb5_creds_compare (krb5_context in_context, if (equal) { equal = (!addresses && !compare_addresses); } } } - + if (equal) { - equal = data_eq(in_creds->ticket, in_compare_creds->ticket); + equal = data_eq(in_creds->ticket, in_compare_creds->ticket); } - + if (equal) { - equal = data_eq(in_creds->second_ticket, in_compare_creds->second_ticket); + equal = data_eq(in_creds->second_ticket, in_compare_creds->second_ticket); } - + if (equal) { krb5_authdata **authdata = in_creds->authdata; krb5_authdata **compare_authdata = in_compare_creds->authdata; unsigned int i; - - if (authdata && compare_authdata) { + + if (authdata && compare_authdata) { for (i = 0; (equal && authdata[i] && compare_authdata[i]); i++) { - equal = authdata_eq(*authdata[i], *compare_authdata[i]); + equal = authdata_eq(*authdata[i], *compare_authdata[i]); } if (equal) { equal = (!authdata[i] && !compare_authdata[i]); } } else { if (equal) { equal = (!authdata && !compare_authdata); } } } - + return equal; } diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c index 14569fb..33fb97c 100644 --- a/src/lib/krb5/ccache/ccapi/stdcc.c +++ b/src/lib/krb5/ccache/ccapi/stdcc.c @@ -1,7 +1,8 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * stdcc.c - additions to the Kerberos 5 library to support the memory - * credentical cache API - * + * credentical cache API + * * Written by Frank Dabek July 1998 * Updated by Jeffrey Altman June 2006 * @@ -12,7 +13,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -26,7 +27,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #if defined(_WIN32) || defined(USE_CCAPI) @@ -38,7 +39,7 @@ #include <stdio.h> #if defined(_WIN32) -#include "winccld.h" +#include "winccld.h" #endif #ifndef CC_API_VER2 @@ -50,8 +51,8 @@ #include <io.h> #define SHOW_DEBUG(buf) MessageBox((HWND)NULL, (buf), "ccapi debug", MB_OK) #endif - /* XXX need macintosh debugging statement if we want to debug */ - /* on the mac */ +/* XXX need macintosh debugging statement if we want to debug */ +/* on the mac */ #else #define SHOW_DEBUG(buf) #endif @@ -69,54 +70,54 @@ apiCB *gCntrlBlock = NULL; */ krb5_cc_ops krb5_cc_stdcc_ops = { - 0, - "API", + 0, + "API", #ifdef USE_CCAPI_V3 - krb5_stdccv3_get_name, - krb5_stdccv3_resolve, - krb5_stdccv3_generate_new, - krb5_stdccv3_initialize, - krb5_stdccv3_destroy, - krb5_stdccv3_close, - krb5_stdccv3_store, - krb5_stdccv3_retrieve, - krb5_stdccv3_get_principal, - krb5_stdccv3_start_seq_get, - krb5_stdccv3_next_cred, - krb5_stdccv3_end_seq_get, - krb5_stdccv3_remove, - krb5_stdccv3_set_flags, - krb5_stdccv3_get_flags, - krb5_stdccv3_ptcursor_new, - krb5_stdccv3_ptcursor_next, - krb5_stdccv3_ptcursor_free, - NULL, /* move */ - krb5_stdccv3_last_change_time, /* lastchange */ - NULL, /* wasdefault */ - krb5_stdccv3_lock, - krb5_stdccv3_unlock, + krb5_stdccv3_get_name, + krb5_stdccv3_resolve, + krb5_stdccv3_generate_new, + krb5_stdccv3_initialize, + krb5_stdccv3_destroy, + krb5_stdccv3_close, + krb5_stdccv3_store, + krb5_stdccv3_retrieve, + krb5_stdccv3_get_principal, + krb5_stdccv3_start_seq_get, + krb5_stdccv3_next_cred, + krb5_stdccv3_end_seq_get, + krb5_stdccv3_remove, + krb5_stdccv3_set_flags, + krb5_stdccv3_get_flags, + krb5_stdccv3_ptcursor_new, + krb5_stdccv3_ptcursor_next, + krb5_stdccv3_ptcursor_free, + NULL, /* move */ + krb5_stdccv3_last_change_time, /* lastchange */ + NULL, /* wasdefault */ + krb5_stdccv3_lock, + krb5_stdccv3_unlock, #else - krb5_stdcc_get_name, - krb5_stdcc_resolve, - krb5_stdcc_generate_new, - krb5_stdcc_initialize, - krb5_stdcc_destroy, - krb5_stdcc_close, - krb5_stdcc_store, - krb5_stdcc_retrieve, - krb5_stdcc_get_principal, - krb5_stdcc_start_seq_get, - krb5_stdcc_next_cred, - krb5_stdcc_end_seq_get, - krb5_stdcc_remove, - krb5_stdcc_set_flags, - krb5_stdcc_get_flags, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, + krb5_stdcc_get_name, + krb5_stdcc_resolve, + krb5_stdcc_generate_new, + krb5_stdcc_initialize, + krb5_stdcc_destroy, + krb5_stdcc_close, + krb5_stdcc_store, + krb5_stdcc_retrieve, + krb5_stdcc_get_principal, + krb5_stdcc_start_seq_get, + krb5_stdcc_next_cred, + krb5_stdcc_end_seq_get, + krb5_stdcc_remove, + krb5_stdcc_set_flags, + krb5_stdcc_get_flags, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, #endif }; @@ -126,89 +127,89 @@ krb5_cc_ops krb5_cc_stdcc_ops = { * A notification message is is posted out to all top level * windows so that they may recheck the cache based on the * changes made. We register a unique message type with which - * we'll communicate to all other processes. + * we'll communicate to all other processes. */ static void cache_changed() { - static unsigned int message = 0; - - if (message == 0) - message = RegisterWindowMessage(WM_KERBEROS5_CHANGED); + static unsigned int message = 0; - PostMessage(HWND_BROADCAST, message, 0, 0); + if (message == 0) + message = RegisterWindowMessage(WM_KERBEROS5_CHANGED); + + PostMessage(HWND_BROADCAST, message, 0, 0); } #else /* _WIN32 */ static void cache_changed() { - return; + return; } #endif /* _WIN32 */ struct err_xlate { - int cc_err; - krb5_error_code krb5_err; + int cc_err; + krb5_error_code krb5_err; }; static const struct err_xlate err_xlate_table[] = { #ifdef USE_CCAPI_V3 - { ccIteratorEnd, KRB5_CC_END }, - { ccErrBadParam, KRB5_FCC_INTERNAL }, - { ccErrNoMem, KRB5_CC_NOMEM }, - { ccErrInvalidContext, KRB5_FCC_NOFILE }, - { ccErrInvalidCCache, KRB5_FCC_NOFILE }, - { ccErrInvalidString, KRB5_FCC_INTERNAL }, - { ccErrInvalidCredentials, KRB5_FCC_INTERNAL }, - { ccErrInvalidCCacheIterator, KRB5_FCC_INTERNAL }, - { ccErrInvalidCredentialsIterator, KRB5_FCC_INTERNAL }, - { ccErrInvalidLock, KRB5_FCC_INTERNAL }, - { ccErrBadName, KRB5_CC_BADNAME }, - { ccErrBadCredentialsVersion, KRB5_FCC_INTERNAL }, - { ccErrBadAPIVersion, KRB5_FCC_INTERNAL }, - { ccErrContextLocked, KRB5_FCC_INTERNAL }, - { ccErrContextUnlocked, KRB5_FCC_INTERNAL }, - { ccErrCCacheLocked, KRB5_FCC_INTERNAL }, - { ccErrCCacheUnlocked, KRB5_FCC_INTERNAL }, - { ccErrBadLockType, KRB5_FCC_INTERNAL }, - { ccErrNeverDefault, KRB5_FCC_INTERNAL }, - { ccErrCredentialsNotFound, KRB5_CC_NOTFOUND }, - { ccErrCCacheNotFound, KRB5_FCC_NOFILE }, - { ccErrContextNotFound, KRB5_FCC_NOFILE }, - { ccErrServerUnavailable, KRB5_CC_IO }, - { ccErrServerInsecure, KRB5_CC_IO }, - { ccErrServerCantBecomeUID, KRB5_CC_IO }, - { ccErrTimeOffsetNotSet, KRB5_FCC_INTERNAL }, - { ccErrBadInternalMessage, KRB5_FCC_INTERNAL }, - { ccErrNotImplemented, KRB5_FCC_INTERNAL }, + { ccIteratorEnd, KRB5_CC_END }, + { ccErrBadParam, KRB5_FCC_INTERNAL }, + { ccErrNoMem, KRB5_CC_NOMEM }, + { ccErrInvalidContext, KRB5_FCC_NOFILE }, + { ccErrInvalidCCache, KRB5_FCC_NOFILE }, + { ccErrInvalidString, KRB5_FCC_INTERNAL }, + { ccErrInvalidCredentials, KRB5_FCC_INTERNAL }, + { ccErrInvalidCCacheIterator, KRB5_FCC_INTERNAL }, + { ccErrInvalidCredentialsIterator, KRB5_FCC_INTERNAL }, + { ccErrInvalidLock, KRB5_FCC_INTERNAL }, + { ccErrBadName, KRB5_CC_BADNAME }, + { ccErrBadCredentialsVersion, KRB5_FCC_INTERNAL }, + { ccErrBadAPIVersion, KRB5_FCC_INTERNAL }, + { ccErrContextLocked, KRB5_FCC_INTERNAL }, + { ccErrContextUnlocked, KRB5_FCC_INTERNAL }, + { ccErrCCacheLocked, KRB5_FCC_INTERNAL }, + { ccErrCCacheUnlocked, KRB5_FCC_INTERNAL }, + { ccErrBadLockType, KRB5_FCC_INTERNAL }, + { ccErrNeverDefault, KRB5_FCC_INTERNAL }, + { ccErrCredentialsNotFound, KRB5_CC_NOTFOUND }, + { ccErrCCacheNotFound, KRB5_FCC_NOFILE }, + { ccErrContextNotFound, KRB5_FCC_NOFILE }, + { ccErrServerUnavailable, KRB5_CC_IO }, + { ccErrServerInsecure, KRB5_CC_IO }, + { ccErrServerCantBecomeUID, KRB5_CC_IO }, + { ccErrTimeOffsetNotSet, KRB5_FCC_INTERNAL }, + { ccErrBadInternalMessage, KRB5_FCC_INTERNAL }, + { ccErrNotImplemented, KRB5_FCC_INTERNAL }, #else - { CC_BADNAME, KRB5_CC_BADNAME }, - { CC_NOTFOUND, KRB5_CC_NOTFOUND }, - { CC_END, KRB5_CC_END }, - { CC_IO, KRB5_CC_IO }, - { CC_WRITE, KRB5_CC_WRITE }, - { CC_NOMEM, KRB5_CC_NOMEM }, - { CC_FORMAT, KRB5_CC_FORMAT }, - { CC_WRITE, KRB5_CC_WRITE }, - { CC_LOCKED, KRB5_FCC_INTERNAL /* XXX */ }, - { CC_BAD_API_VERSION, KRB5_FCC_INTERNAL /* XXX */ }, - { CC_NO_EXIST, KRB5_FCC_NOFILE }, - { CC_NOT_SUPP, KRB5_FCC_INTERNAL /* XXX */ }, - { CC_BAD_PARM, KRB5_FCC_INTERNAL /* XXX */ }, - { CC_ERR_CACHE_ATTACH, KRB5_FCC_INTERNAL /* XXX */ }, - { CC_ERR_CACHE_RELEASE, KRB5_FCC_INTERNAL /* XXX */ }, - { CC_ERR_CACHE_FULL, KRB5_FCC_INTERNAL /* XXX */ }, - { CC_ERR_CRED_VERSION, KRB5_FCC_INTERNAL /* XXX */ }, + { CC_BADNAME, KRB5_CC_BADNAME }, + { CC_NOTFOUND, KRB5_CC_NOTFOUND }, + { CC_END, KRB5_CC_END }, + { CC_IO, KRB5_CC_IO }, + { CC_WRITE, KRB5_CC_WRITE }, + { CC_NOMEM, KRB5_CC_NOMEM }, + { CC_FORMAT, KRB5_CC_FORMAT }, + { CC_WRITE, KRB5_CC_WRITE }, + { CC_LOCKED, KRB5_FCC_INTERNAL /* XXX */ }, + { CC_BAD_API_VERSION, KRB5_FCC_INTERNAL /* XXX */ }, + { CC_NO_EXIST, KRB5_FCC_NOFILE }, + { CC_NOT_SUPP, KRB5_FCC_INTERNAL /* XXX */ }, + { CC_BAD_PARM, KRB5_FCC_INTERNAL /* XXX */ }, + { CC_ERR_CACHE_ATTACH, KRB5_FCC_INTERNAL /* XXX */ }, + { CC_ERR_CACHE_RELEASE, KRB5_FCC_INTERNAL /* XXX */ }, + { CC_ERR_CACHE_FULL, KRB5_FCC_INTERNAL /* XXX */ }, + { CC_ERR_CRED_VERSION, KRB5_FCC_INTERNAL /* XXX */ }, #endif - { 0, 0 } + { 0, 0 } }; /* Note: cc_err_xlate is NOT idempotent. Don't call it multiple times. */ static krb5_error_code cc_err_xlate(int err) { const struct err_xlate *p; - + #ifdef USE_CCAPI_V3 if (err == ccNoError) return 0; @@ -216,12 +217,12 @@ static krb5_error_code cc_err_xlate(int err) if (err == CC_NOERROR) return 0; #endif - + for (p = err_xlate_table; p->cc_err; p++) { if (err == p->cc_err) return p->krb5_err; } - + return KRB5_FCC_INTERNAL; } @@ -232,26 +233,26 @@ static krb5_error_code stdccv3_get_timeoffset (krb5_context in_context, cc_ccache_t in_ccache) { krb5_error_code err = 0; - + if (gCCVersion >= ccapi_version_5) { krb5_os_context os_ctx = (krb5_os_context) &in_context->os_context; cc_time_t time_offset = 0; - + err = cc_ccache_get_kdc_time_offset (in_ccache, cc_credentials_v5, &time_offset); - + if (!err) { os_ctx->time_offset = time_offset; os_ctx->usec_offset = 0; os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | KRB5_OS_TOFFSET_VALID); } - + if (err == ccErrTimeOffsetNotSet) { err = 0; /* okay if there is no time offset */ } } - + return err; /* Don't translate. Callers will translate for us */ } @@ -259,17 +260,17 @@ static krb5_error_code stdccv3_set_timeoffset (krb5_context in_context, cc_ccache_t in_ccache) { krb5_error_code err = 0; - + if (gCCVersion >= ccapi_version_5) { krb5_os_context os_ctx = (krb5_os_context) &in_context->os_context; - + if (!err && os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) { - err = cc_ccache_set_kdc_time_offset (in_ccache, + err = cc_ccache_set_kdc_time_offset (in_ccache, cc_credentials_v5, os_ctx->time_offset); } } - + return err; /* Don't translate. Callers will translate for us */ } @@ -277,21 +278,21 @@ static krb5_error_code stdccv3_setup (krb5_context context, stdccCacheDataPtr ccapi_data) { krb5_error_code err = 0; - + if (!err && !gCntrlBlock) { err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL); } - + if (!err && ccapi_data && !ccapi_data->NamedCache) { - /* ccache has not been opened yet. open it. */ + /* ccache has not been opened yet. open it. */ err = cc_context_open_ccache (gCntrlBlock, ccapi_data->cache_name, &ccapi_data->NamedCache); } - + if (!err && ccapi_data && ccapi_data->NamedCache) { err = stdccv3_get_timeoffset (context, ccapi_data->NamedCache); } - + return err; /* Don't translate. Callers will translate for us */ } @@ -305,12 +306,12 @@ void krb5_stdcc_shutdown() /* * -- generate_new -------------------------------- - * + * * create a new cache with a unique name, corresponds to creating a * named cache initialize the API here if we have to. */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id ) +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id ) { krb5_error_code err = 0; krb5_ccache newCache = NULL; @@ -318,98 +319,98 @@ krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id ) cc_ccache_t ccache = NULL; cc_string_t ccstring = NULL; char *name = NULL; - + if (!err) { err = stdccv3_setup(context, NULL); } - + if (!err) { newCache = (krb5_ccache) malloc (sizeof (*newCache)); if (!newCache) { err = KRB5_CC_NOMEM; } } - + if (!err) { ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data)); if (!ccapi_data) { err = KRB5_CC_NOMEM; } } - + if (!err) { err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, "", &ccache); } - + if (!err) { err = stdccv3_set_timeoffset (context, ccache); } - + if (!err) { err = cc_ccache_get_name (ccache, &ccstring); } - + if (!err) { name = strdup (ccstring->data); if (!name) { err = KRB5_CC_NOMEM; } } - + if (!err) { ccapi_data->cache_name = name; name = NULL; /* take ownership */ - + ccapi_data->NamedCache = ccache; ccache = NULL; /* take ownership */ - + newCache->ops = &krb5_cc_stdcc_ops; newCache->data = ccapi_data; ccapi_data = NULL; /* take ownership */ - + /* return a pointer to the new cache */ *id = newCache; newCache = NULL; } - + if (ccstring) { cc_string_release (ccstring); } if (name) { free (name); } if (ccache) { cc_ccache_release (ccache); } if (ccapi_data) { free (ccapi_data); } if (newCache) { free (newCache); } - + return cc_err_xlate (err); } - + /* * resolve * * create a new cache with the name stored in residual */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residual ) +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residual ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = NULL; krb5_ccache ccache = NULL; char *name = NULL; - + if (id == NULL) { err = KRB5_CC_NOMEM; } - + if (!err) { err = stdccv3_setup (context, NULL); } - + if (!err) { ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data)); if (!ccapi_data) { err = KRB5_CC_NOMEM; } } - + if (!err) { ccache = (krb5_ccache ) malloc (sizeof (*ccache)); if (!ccache) { err = KRB5_CC_NOMEM; } } - + if (!err) { name = strdup (residual); if (!name) { err = KRB5_CC_NOMEM; } } - + if (!err) { err = cc_context_open_ccache (gCntrlBlock, residual, &ccapi_data->NamedCache); @@ -420,24 +421,24 @@ krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residu } if (!err) { - ccapi_data->cache_name = name; + ccapi_data->cache_name = name; name = NULL; /* take ownership */ - ccache->ops = &krb5_cc_stdcc_ops; - ccache->data = ccapi_data; + ccache->ops = &krb5_cc_stdcc_ops; + ccache->data = ccapi_data; ccapi_data = NULL; /* take ownership */ - + *id = ccache; ccache = NULL; /* take ownership */ } - + if (ccache) { free (ccache); } if (ccapi_data) { free (ccapi_data); } if (name) { free (name); } - + return cc_err_xlate (err); } - + /* * initialize * @@ -445,36 +446,36 @@ krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residu * principal if not set our principal to this principal. This * searching enables ticket sharing */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_initialize (krb5_context context, - krb5_ccache id, - krb5_principal princ) +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_initialize (krb5_context context, + krb5_ccache id, + krb5_principal princ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; char *name = NULL; cc_ccache_t ccache = NULL; - + if (id == NULL) { err = KRB5_CC_NOMEM; } - + if (!err) { err = stdccv3_setup (context, NULL); } - + if (!err) { err = krb5_unparse_name(context, princ, &name); } - + if (!err) { - err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name, + err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name, cc_credentials_v5, name, &ccache); } - + if (!err) { err = stdccv3_set_timeoffset (context, ccache); } - + if (!err) { if (ccapi_data->NamedCache) { err = cc_ccache_release (ccapi_data->NamedCache); @@ -483,10 +484,10 @@ krb5_stdccv3_initialize (krb5_context context, ccache = NULL; /* take ownership */ cache_changed (); } - + if (ccache) { cc_ccache_release (ccache); } if (name ) { krb5_free_unparsed_name(context, name); } - + return cc_err_xlate(err); } @@ -495,32 +496,32 @@ krb5_stdccv3_initialize (krb5_context context, * * store some credentials in our cache */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_stdccv3_store (krb5_context context, krb5_ccache id, krb5_creds *creds ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_union *cred_union = NULL; - + if (!err) { err = stdccv3_setup (context, ccapi_data); } - + if (!err) { /* copy the fields from the almost identical structures */ err = copy_krb5_creds_to_cc_cred_union (context, creds, &cred_union); } - + if (!err) { err = cc_ccache_store_credentials (ccapi_data->NamedCache, cred_union); } - + if (!err) { cache_changed(); } - + if (cred_union) { cred_union_release (cred_union); } - + return cc_err_xlate (err); } @@ -529,54 +530,54 @@ krb5_stdccv3_store (krb5_context context, krb5_ccache id, krb5_creds *creds ) * * begin an iterator call to get all of the credentials in the cache */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_start_seq_get (krb5_context context, - krb5_ccache id, +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_start_seq_get (krb5_context context, + krb5_ccache id, krb5_cc_cursor *cursor ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_iterator_t iterator = NULL; - + if (!err) { err = stdccv3_setup (context, ccapi_data); } - + if (!err) { err = cc_ccache_new_credentials_iterator(ccapi_data->NamedCache, &iterator); } - + if (!err) { *cursor = iterator; } - + return cc_err_xlate (err); } /* * next cred - * + * * - get the next credential in the cache as part of an iterator call * - this maps to call to cc_seq_fetch_creds */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_next_cred (krb5_context context, - krb5_ccache id, - krb5_cc_cursor *cursor, +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_next_cred (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_t credentials = NULL; cc_credentials_iterator_t iterator = *cursor; - + if (!iterator) { err = KRB5_CC_END; } - + if (!err) { err = stdccv3_setup (context, ccapi_data); } - + /* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */ while (!err) { err = cc_credentials_iterator_next (iterator, &credentials); @@ -586,13 +587,13 @@ krb5_stdccv3_next_cred (krb5_context context, break; } } - + if (credentials) { cc_credentials_release (credentials); } if (err == ccIteratorEnd) { cc_credentials_iterator_release (iterator); *cursor = 0; - } - + } + return cc_err_xlate (err); } @@ -603,14 +604,14 @@ krb5_stdccv3_next_cred (krb5_context context, * - try to find a matching credential in the cache */ krb5_error_code KRB5_CALLCONV -krb5_stdccv3_retrieve (krb5_context context, - krb5_ccache id, - krb5_flags whichfields, - krb5_creds *mcreds, +krb5_stdccv3_retrieve (krb5_context context, + krb5_ccache id, + krb5_flags whichfields, + krb5_creds *mcreds, krb5_creds *creds) { return krb5_cc_retrieve_cred_default (context, id, whichfields, - mcreds, creds); + mcreds, creds); } /* @@ -618,58 +619,58 @@ krb5_stdccv3_retrieve (krb5_context context, * * just free up the storage assoicated with the cursor (if we can) */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_end_seq_get (krb5_context context, - krb5_ccache id, +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_end_seq_get (krb5_context context, + krb5_ccache id, krb5_cc_cursor *cursor) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_iterator_t iterator = *cursor; - + if (!iterator) { return 0; } - + if (!err) { err = stdccv3_setup (context, ccapi_data); } - + if (!err) { err = cc_credentials_iterator_release(iterator); } - + return cc_err_xlate(err); } - + /* * close * * - free our pointers to the NC */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_close(krb5_context context, +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_close(krb5_context context, krb5_ccache id) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; - + if (!err) { err = stdccv3_setup (context, NULL); } - + if (!err) { - if (ccapi_data) { - if (ccapi_data->cache_name) { - free (ccapi_data->cache_name); + if (ccapi_data) { + if (ccapi_data->cache_name) { + free (ccapi_data->cache_name); } - if (ccapi_data->NamedCache) { - err = cc_ccache_release (ccapi_data->NamedCache); + if (ccapi_data->NamedCache) { + err = cc_ccache_release (ccapi_data->NamedCache); } free (ccapi_data); id->data = NULL; - } - free (id); + } + free (id); } - + return cc_err_xlate(err); } @@ -679,35 +680,35 @@ krb5_stdccv3_close(krb5_context context, * - free our storage and the cache */ krb5_error_code KRB5_CALLCONV -krb5_stdccv3_destroy (krb5_context context, +krb5_stdccv3_destroy (krb5_context context, krb5_ccache id) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; - + if (!err) { err = stdccv3_setup(context, ccapi_data); } - + if (!err) { - if (ccapi_data) { - if (ccapi_data->cache_name) { - free(ccapi_data->cache_name); + if (ccapi_data) { + if (ccapi_data->cache_name) { + free(ccapi_data->cache_name); } if (ccapi_data->NamedCache) { /* destroy the named cache */ err = cc_ccache_destroy(ccapi_data->NamedCache); - if (err == ccErrCCacheNotFound) { + if (err == ccErrCCacheNotFound) { err = 0; /* ccache maybe already destroyed */ } cache_changed(); } free(ccapi_data); id->data = NULL; - } - free(id); + } + free(id); } - + return cc_err_xlate(err); } @@ -716,12 +717,12 @@ krb5_stdccv3_destroy (krb5_context context, * * - return the name of the named cache */ -const char * KRB5_CALLCONV -krb5_stdccv3_get_name (krb5_context context, +const char * KRB5_CALLCONV +krb5_stdccv3_get_name (krb5_context context, krb5_ccache id ) { stdccCacheDataPtr ccapi_data = id->data; - + if (!ccapi_data) { return NULL; } else { @@ -734,29 +735,29 @@ krb5_stdccv3_get_name (krb5_context context, * * - return the principal associated with the named cache */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_get_principal (krb5_context context, - krb5_ccache id , - krb5_principal *princ) +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_get_principal (krb5_context context, + krb5_ccache id , + krb5_principal *princ) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_string_t name = NULL; - + if (!err) { err = stdccv3_setup(context, ccapi_data); } - + if (!err) { err = cc_ccache_get_principal (ccapi_data->NamedCache, cc_credentials_v5, &name); } - + if (!err) { err = krb5_parse_name (context, name->data, princ); } - + if (name) { cc_string_release (name); } - + return cc_err_xlate (err); } @@ -765,16 +766,16 @@ krb5_stdccv3_get_principal (krb5_context context, * * - currently a NOP since we don't store any flags in the NC */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_set_flags (krb5_context context, - krb5_ccache id, +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_set_flags (krb5_context context, + krb5_ccache id, krb5_flags flags) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; - + err = stdccv3_setup (context, ccapi_data); - + return cc_err_xlate (err); } @@ -783,16 +784,16 @@ krb5_stdccv3_set_flags (krb5_context context, * * - currently a NOP since we don't store any flags in the NC */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_get_flags (krb5_context context, - krb5_ccache id, +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_get_flags (krb5_context context, + krb5_ccache id, krb5_flags *flags) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; - + err = stdccv3_setup (context, ccapi_data); - + return cc_err_xlate (err); } @@ -801,22 +802,22 @@ krb5_stdccv3_get_flags (krb5_context context, * * - remove the specified credentials from the NC */ -krb5_error_code KRB5_CALLCONV -krb5_stdccv3_remove (krb5_context context, +krb5_error_code KRB5_CALLCONV +krb5_stdccv3_remove (krb5_context context, krb5_ccache id, - krb5_flags flags, + krb5_flags flags, krb5_creds *in_creds) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_credentials_iterator_t iterator = NULL; int found = 0; - + if (!err) { err = stdccv3_setup(context, ccapi_data); } - - + + if (!err) { err = cc_ccache_new_credentials_iterator(ccapi_data->NamedCache, &iterator); @@ -825,28 +826,28 @@ krb5_stdccv3_remove (krb5_context context, /* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */ while (!err && !found) { cc_credentials_t credentials = NULL; - + err = cc_credentials_iterator_next (iterator, &credentials); - + if (!err && (credentials->data->version == cc_credentials_v5)) { krb5_creds creds; - - err = copy_cc_cred_union_to_krb5_creds(context, + + err = copy_cc_cred_union_to_krb5_creds(context, credentials->data, &creds); if (!err) { found = krb5_creds_compare (context, in_creds, &creds); krb5_free_cred_contents (context, &creds); } - + if (!err && found) { err = cc_ccache_remove_credentials (ccapi_data->NamedCache, credentials); } } - + if (credentials) { cc_credentials_release (credentials); } } - if (err == ccIteratorEnd) { err = ccErrCredentialsNotFound; } + if (err == ccIteratorEnd) { err = ccErrCredentialsNotFound; } if (iterator) { err = cc_credentials_iterator_release(iterator); @@ -855,7 +856,7 @@ krb5_stdccv3_remove (krb5_context context, if (!err) { cache_changed (); } - + return cc_err_xlate (err); } @@ -863,38 +864,38 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor) { - krb5_error_code err = 0; - krb5_cc_ptcursor ptcursor = NULL; - cc_ccache_iterator_t iterator = NULL; - - ptcursor = malloc(sizeof(*ptcursor)); - if (ptcursor == NULL) { - err = ENOMEM; - } - else { - memset(ptcursor, 0, sizeof(*ptcursor)); - } - - if (!err) { - err = stdccv3_setup(context, NULL); - } - if (!err) { - ptcursor->ops = &krb5_cc_stdcc_ops; - err = cc_context_new_ccache_iterator(gCntrlBlock, &iterator); - } - - if (!err) { - ptcursor->data = iterator; - } - - if (err) { - if (ptcursor) { krb5_stdccv3_ptcursor_free(context, &ptcursor); } - // krb5_stdccv3_ptcursor_free sets ptcursor to NULL for us - } - - *cursor = ptcursor; - - return err; + krb5_error_code err = 0; + krb5_cc_ptcursor ptcursor = NULL; + cc_ccache_iterator_t iterator = NULL; + + ptcursor = malloc(sizeof(*ptcursor)); + if (ptcursor == NULL) { + err = ENOMEM; + } + else { + memset(ptcursor, 0, sizeof(*ptcursor)); + } + + if (!err) { + err = stdccv3_setup(context, NULL); + } + if (!err) { + ptcursor->ops = &krb5_cc_stdcc_ops; + err = cc_context_new_ccache_iterator(gCntrlBlock, &iterator); + } + + if (!err) { + ptcursor->data = iterator; + } + + if (err) { + if (ptcursor) { krb5_stdccv3_ptcursor_free(context, &ptcursor); } + // krb5_stdccv3_ptcursor_free sets ptcursor to NULL for us + } + + *cursor = ptcursor; + + return err; } krb5_error_code KRB5_CALLCONV @@ -903,72 +904,72 @@ krb5_stdccv3_ptcursor_next( krb5_cc_ptcursor cursor, krb5_ccache *ccache) { - krb5_error_code err = 0; - cc_ccache_iterator_t iterator = NULL; - - krb5_ccache newCache = NULL; - stdccCacheDataPtr ccapi_data = NULL; - cc_ccache_t ccCache = NULL; - cc_string_t ccstring = NULL; - char *name = NULL; - - if (!cursor || !cursor->data) { - err = ccErrInvalidContext; - } - - *ccache = NULL; - - if (!err) { - newCache = (krb5_ccache) malloc (sizeof (*newCache)); - if (!newCache) { err = KRB5_CC_NOMEM; } - } - - if (!err) { - ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data)); - if (!ccapi_data) { err = KRB5_CC_NOMEM; } - } - - if (!err) { - iterator = cursor->data; - err = cc_ccache_iterator_next(iterator, &ccCache); - } - - if (!err) { - err = cc_ccache_get_name (ccCache, &ccstring); - } - - if (!err) { - name = strdup (ccstring->data); - if (!name) { err = KRB5_CC_NOMEM; } - } - - if (!err) { - ccapi_data->cache_name = name; - name = NULL; /* take ownership */ - - ccapi_data->NamedCache = ccCache; - ccCache = NULL; /* take ownership */ - - newCache->ops = &krb5_cc_stdcc_ops; - newCache->data = ccapi_data; - ccapi_data = NULL; /* take ownership */ - - /* return a pointer to the new cache */ - *ccache = newCache; - newCache = NULL; - } - - if (name) { free (name); } - if (ccstring) { cc_string_release (ccstring); } - if (ccCache) { cc_ccache_release (ccCache); } - if (ccapi_data) { free (ccapi_data); } - if (newCache) { free (newCache); } - - if (err == ccIteratorEnd) { - err = ccNoError; - } - - return err; + krb5_error_code err = 0; + cc_ccache_iterator_t iterator = NULL; + + krb5_ccache newCache = NULL; + stdccCacheDataPtr ccapi_data = NULL; + cc_ccache_t ccCache = NULL; + cc_string_t ccstring = NULL; + char *name = NULL; + + if (!cursor || !cursor->data) { + err = ccErrInvalidContext; + } + + *ccache = NULL; + + if (!err) { + newCache = (krb5_ccache) malloc (sizeof (*newCache)); + if (!newCache) { err = KRB5_CC_NOMEM; } + } + + if (!err) { + ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data)); + if (!ccapi_data) { err = KRB5_CC_NOMEM; } + } + + if (!err) { + iterator = cursor->data; + err = cc_ccache_iterator_next(iterator, &ccCache); + } + + if (!err) { + err = cc_ccache_get_name (ccCache, &ccstring); + } + + if (!err) { + name = strdup (ccstring->data); + if (!name) { err = KRB5_CC_NOMEM; } + } + + if (!err) { + ccapi_data->cache_name = name; + name = NULL; /* take ownership */ + + ccapi_data->NamedCache = ccCache; + ccCache = NULL; /* take ownership */ + + newCache->ops = &krb5_cc_stdcc_ops; + newCache->data = ccapi_data; + ccapi_data = NULL; /* take ownership */ + + /* return a pointer to the new cache */ + *ccache = newCache; + newCache = NULL; + } + + if (name) { free (name); } + if (ccstring) { cc_string_release (ccstring); } + if (ccCache) { cc_ccache_release (ccCache); } + if (ccapi_data) { free (ccapi_data); } + if (newCache) { free (newCache); } + + if (err == ccIteratorEnd) { + err = ccNoError; + } + + return err; } krb5_error_code KRB5_CALLCONV @@ -977,25 +978,25 @@ krb5_stdccv3_ptcursor_free( krb5_cc_ptcursor *cursor) { if (*cursor != NULL) { - if ((*cursor)->data != NULL) { - cc_ccache_iterator_release((cc_ccache_iterator_t)((*cursor)->data)); - } - free(*cursor); - *cursor = NULL; - } + if ((*cursor)->data != NULL) { + cc_ccache_iterator_release((cc_ccache_iterator_t)((*cursor)->data)); + } + free(*cursor); + *cursor = NULL; + } return 0; } krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time - (krb5_context context, krb5_ccache id, - krb5_timestamp *change_time) +(krb5_context context, krb5_ccache id, + krb5_timestamp *change_time) { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; cc_time_t ccapi_change_time = 0; *change_time = 0; - + if (!err) { err = stdccv3_setup(context, ccapi_data); } @@ -1005,7 +1006,7 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time if (!err) { *change_time = ccapi_change_time; } - + return cc_err_xlate (err); } @@ -1014,14 +1015,14 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; - + if (!err) { err = stdccv3_setup(context, ccapi_data); } if (!err) { err = cc_ccache_lock(ccapi_data->NamedCache, cc_lock_write, cc_lock_block); } - return cc_err_xlate(err); + return cc_err_xlate(err); } krb5_error_code KRB5_CALLCONV krb5_stdccv3_unlock @@ -1029,14 +1030,14 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_unlock { krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; - + if (!err) { err = stdccv3_setup(context, ccapi_data); } if (!err) { err = cc_ccache_unlock(ccapi_data->NamedCache); } - return cc_err_xlate(err); + return cc_err_xlate(err); } krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock @@ -1050,7 +1051,7 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock if (!err) { err = cc_context_lock(gCntrlBlock, cc_lock_write, cc_lock_block); } - return cc_err_xlate(err); + return cc_err_xlate(err); } krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock @@ -1064,173 +1065,173 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock if (!err) { err = cc_context_unlock(gCntrlBlock); } - return cc_err_xlate(err); + return cc_err_xlate(err); } #else /* !USE_CCAPI_V3 */ static krb5_error_code stdcc_setup(krb5_context context, - stdccCacheDataPtr ccapi_data) + stdccCacheDataPtr ccapi_data) { - int err; + int err; - /* make sure the API has been intialized */ - if (gCntrlBlock == NULL) { + /* make sure the API has been intialized */ + if (gCntrlBlock == NULL) { #ifdef CC_API_VER2 - err = cc_initialize(&gCntrlBlock, CC_API_VER_2, NULL, NULL); + err = cc_initialize(&gCntrlBlock, CC_API_VER_2, NULL, NULL); #else - err = cc_initialize(&gCntrlBlock, CC_API_VER_1, NULL, NULL); + err = cc_initialize(&gCntrlBlock, CC_API_VER_1, NULL, NULL); #endif - if (err != CC_NOERROR) - return cc_err_xlate(err); - } - - /* - * No ccapi_data structure, so we don't need to make sure the - * ccache exists. - */ - if (!ccapi_data) - return 0; - - /* - * The ccache already exists - */ - if (ccapi_data->NamedCache) - return 0; - - err = cc_open(gCntrlBlock, ccapi_data->cache_name, - CC_CRED_V5, 0L, &ccapi_data->NamedCache); - if (err == CC_NOTFOUND) - err = CC_NO_EXIST; - if (err == CC_NOERROR) - return 0; - - ccapi_data->NamedCache = NULL; - return cc_err_xlate(err); + if (err != CC_NOERROR) + return cc_err_xlate(err); + } + + /* + * No ccapi_data structure, so we don't need to make sure the + * ccache exists. + */ + if (!ccapi_data) + return 0; + + /* + * The ccache already exists + */ + if (ccapi_data->NamedCache) + return 0; + + err = cc_open(gCntrlBlock, ccapi_data->cache_name, + CC_CRED_V5, 0L, &ccapi_data->NamedCache); + if (err == CC_NOTFOUND) + err = CC_NO_EXIST; + if (err == CC_NOERROR) + return 0; + + ccapi_data->NamedCache = NULL; + return cc_err_xlate(err); } void krb5_stdcc_shutdown() { - if (gCntrlBlock) - cc_shutdown(&gCntrlBlock); - gCntrlBlock = NULL; + if (gCntrlBlock) + cc_shutdown(&gCntrlBlock); + gCntrlBlock = NULL; } /* * -- generate_new -------------------------------- - * + * * create a new cache with a unique name, corresponds to creating a * named cache iniitialize the API here if we have to. */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_generate_new - (krb5_context context, krb5_ccache *id ) +krb5_error_code KRB5_CALLCONV krb5_stdcc_generate_new +(krb5_context context, krb5_ccache *id ) { - krb5_ccache newCache = NULL; - krb5_error_code retval; - stdccCacheDataPtr ccapi_data = NULL; - char *name = NULL; - cc_time_t change_time; - int err; - - if ((retval = stdcc_setup(context, NULL))) - return retval; - - retval = KRB5_CC_NOMEM; - if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)))) - goto errout; - if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData)))) - goto errout; - if (!(name = malloc(256))) - goto errout; - - /* create a unique name */ - cc_get_change_time(gCntrlBlock, &change_time); - snprintf(name, 256, "gen_new_cache%d", change_time); - - /* create the new cache */ - err = cc_create(gCntrlBlock, name, name, CC_CRED_V5, 0L, - &ccapi_data->NamedCache); - if (err != CC_NOERROR) { - retval = cc_err_xlate(err); - goto errout; - } - - /* setup some fields */ - newCache->ops = &krb5_cc_stdcc_ops; - newCache->data = ccapi_data; - ccapi_data->cache_name = name; - - /* return a pointer to the new cache */ - *id = newCache; - - return 0; + krb5_ccache newCache = NULL; + krb5_error_code retval; + stdccCacheDataPtr ccapi_data = NULL; + char *name = NULL; + cc_time_t change_time; + int err; + + if ((retval = stdcc_setup(context, NULL))) + return retval; + + retval = KRB5_CC_NOMEM; + if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)))) + goto errout; + if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData)))) + goto errout; + if (!(name = malloc(256))) + goto errout; + + /* create a unique name */ + cc_get_change_time(gCntrlBlock, &change_time); + snprintf(name, 256, "gen_new_cache%d", change_time); + + /* create the new cache */ + err = cc_create(gCntrlBlock, name, name, CC_CRED_V5, 0L, + &ccapi_data->NamedCache); + if (err != CC_NOERROR) { + retval = cc_err_xlate(err); + goto errout; + } + + /* setup some fields */ + newCache->ops = &krb5_cc_stdcc_ops; + newCache->data = ccapi_data; + ccapi_data->cache_name = name; + + /* return a pointer to the new cache */ + *id = newCache; + + return 0; errout: - if (newCache) - free(newCache); - if (ccapi_data) - free(ccapi_data); - if (name) - free(name); - return retval; + if (newCache) + free(newCache); + if (ccapi_data) + free(ccapi_data); + if (name) + free(name); + return retval; } - + /* * resolve * * create a new cache with the name stored in residual */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_resolve - (krb5_context context, krb5_ccache *id , const char *residual ) +krb5_error_code KRB5_CALLCONV krb5_stdcc_resolve +(krb5_context context, krb5_ccache *id , const char *residual ) { - krb5_ccache newCache = NULL; - stdccCacheDataPtr ccapi_data = NULL; - int err; - krb5_error_code retval; - char *cName = NULL; - - if ((retval = stdcc_setup(context, NULL))) - return retval; - - retval = KRB5_CC_NOMEM; - if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)))) - goto errout; - - if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData)))) - goto errout; - - if (!(cName = strdup(residual))) - goto errout; - - newCache->ops = &krb5_cc_stdcc_ops; - newCache->data = ccapi_data; - ccapi_data->cache_name = cName; - - err = cc_open(gCntrlBlock, cName, CC_CRED_V5, 0L, - &ccapi_data->NamedCache); - if (err != CC_NOERROR) { - ccapi_data->NamedCache = NULL; - if (err != CC_NO_EXIST) { - retval = cc_err_xlate(err); - goto errout; - } + krb5_ccache newCache = NULL; + stdccCacheDataPtr ccapi_data = NULL; + int err; + krb5_error_code retval; + char *cName = NULL; + + if ((retval = stdcc_setup(context, NULL))) + return retval; + + retval = KRB5_CC_NOMEM; + if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache)))) + goto errout; + + if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData)))) + goto errout; + + if (!(cName = strdup(residual))) + goto errout; + + newCache->ops = &krb5_cc_stdcc_ops; + newCache->data = ccapi_data; + ccapi_data->cache_name = cName; + + err = cc_open(gCntrlBlock, cName, CC_CRED_V5, 0L, + &ccapi_data->NamedCache); + if (err != CC_NOERROR) { + ccapi_data->NamedCache = NULL; + if (err != CC_NO_EXIST) { + retval = cc_err_xlate(err); + goto errout; } - - /* return new cache structure */ - *id = newCache; - - return 0; - + } + + /* return new cache structure */ + *id = newCache; + + return 0; + errout: - if (newCache) - free(newCache); - if (ccapi_data) - free(ccapi_data); - if (cName) - free(cName); - return retval; + if (newCache) + free(newCache); + if (ccapi_data) + free(ccapi_data); + if (cName) + free(cName); + return retval; } - + /* * initialize * @@ -1238,48 +1239,48 @@ errout: * principal if not set our principal to this principal. This * searching enables ticket sharing */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_initialize - (krb5_context context, krb5_ccache id, krb5_principal princ) +krb5_error_code KRB5_CALLCONV krb5_stdcc_initialize +(krb5_context context, krb5_ccache id, krb5_principal princ) { - stdccCacheDataPtr ccapi_data = NULL; - int err; - char *cName = NULL; - krb5_error_code retval; - - if ((retval = stdcc_setup(context, NULL))) - return retval; - - /* test id for null */ - if (id == NULL) return KRB5_CC_NOMEM; - - if ((retval = krb5_unparse_name(context, princ, &cName))) - return retval; - - ccapi_data = id->data; - - - if (ccapi_data->NamedCache) - cc_close(gCntrlBlock, &ccapi_data->NamedCache); - - err = cc_create(gCntrlBlock, ccapi_data->cache_name, cName, - CC_CRED_V5, 0L, &ccapi_data->NamedCache); - if (err != CC_NOERROR) { - krb5_free_unparsed_name(context, cName); - return cc_err_xlate(err); - } + stdccCacheDataPtr ccapi_data = NULL; + int err; + char *cName = NULL; + krb5_error_code retval; + + if ((retval = stdcc_setup(context, NULL))) + return retval; + + /* test id for null */ + if (id == NULL) return KRB5_CC_NOMEM; + + if ((retval = krb5_unparse_name(context, princ, &cName))) + return retval; + + ccapi_data = id->data; + + + if (ccapi_data->NamedCache) + cc_close(gCntrlBlock, &ccapi_data->NamedCache); + + err = cc_create(gCntrlBlock, ccapi_data->cache_name, cName, + CC_CRED_V5, 0L, &ccapi_data->NamedCache); + if (err != CC_NOERROR) { + krb5_free_unparsed_name(context, cName); + return cc_err_xlate(err); + } #if 0 - /* - * Some implementations don't set the principal name - * correctly, so we force set it to the correct value. - */ - err = cc_set_principal(gCntrlBlock, ccapi_data->NamedCache, - CC_CRED_V5, cName); + /* + * Some implementations don't set the principal name + * correctly, so we force set it to the correct value. + */ + err = cc_set_principal(gCntrlBlock, ccapi_data->NamedCache, + CC_CRED_V5, cName); #endif - krb5_free_unparsed_name(context, cName); - cache_changed(); - - return cc_err_xlate(err); + krb5_free_unparsed_name(context, cName); + cache_changed(); + + return cc_err_xlate(err); } /* @@ -1287,35 +1288,35 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_initialize * * store some credentials in our cache */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_store - (krb5_context context, krb5_ccache id, krb5_creds *creds ) +krb5_error_code KRB5_CALLCONV krb5_stdcc_store +(krb5_context context, krb5_ccache id, krb5_creds *creds ) { - krb5_error_code retval; - stdccCacheDataPtr ccapi_data = id->data; - cred_union *cu = NULL; - int err; - - if ((retval = stdcc_setup(context, ccapi_data))) - return retval; - - /* copy the fields from the almost identical structures */ - dupK5toCC(context, creds, &cu); - - /* - * finally store the credential - * store will copy (that is duplicate) everything - */ - err = cc_store(gCntrlBlock, - ((stdccCacheDataPtr)(id->data))->NamedCache, *cu); - if (err != CC_NOERROR) - return cc_err_xlate(err); - - /* free the cred union using our local version of cc_free_creds() - since we allocated it locally */ - err = krb5int_free_cc_cred_union(&cu); - - cache_changed(); - return err; + krb5_error_code retval; + stdccCacheDataPtr ccapi_data = id->data; + cred_union *cu = NULL; + int err; + + if ((retval = stdcc_setup(context, ccapi_data))) + return retval; + + /* copy the fields from the almost identical structures */ + dupK5toCC(context, creds, &cu); + + /* + * finally store the credential + * store will copy (that is duplicate) everything + */ + err = cc_store(gCntrlBlock, + ((stdccCacheDataPtr)(id->data))->NamedCache, *cu); + if (err != CC_NOERROR) + return cc_err_xlate(err); + + /* free the cred union using our local version of cc_free_creds() + since we allocated it locally */ + err = krb5int_free_cc_cred_union(&cu); + + cache_changed(); + return err; } /* @@ -1323,75 +1324,75 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_store * * begin an iterator call to get all of the credentials in the cache */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_start_seq_get +krb5_error_code KRB5_CALLCONV krb5_stdcc_start_seq_get (krb5_context context, krb5_ccache id , krb5_cc_cursor *cursor ) { - stdccCacheDataPtr ccapi_data = id->data; - krb5_error_code retval; - int err; - ccache_cit *iterator; + stdccCacheDataPtr ccapi_data = id->data; + krb5_error_code retval; + int err; + ccache_cit *iterator; - if ((retval = stdcc_setup(context, ccapi_data))) - return retval; + if ((retval = stdcc_setup(context, ccapi_data))) + return retval; #ifdef CC_API_VER2 - err = cc_seq_fetch_creds_begin(gCntrlBlock, ccapi_data->NamedCache, - &iterator); - if (err != CC_NOERROR) - return cc_err_xlate(err); - *cursor = iterator; + err = cc_seq_fetch_creds_begin(gCntrlBlock, ccapi_data->NamedCache, + &iterator); + if (err != CC_NOERROR) + return cc_err_xlate(err); + *cursor = iterator; #else - /* all we have to do is initialize the cursor */ - *cursor = NULL; + /* all we have to do is initialize the cursor */ + *cursor = NULL; #endif - return 0; + return 0; } /* * next cred - * + * * - get the next credential in the cache as part of an iterator call * - this maps to call to cc_seq_fetch_creds */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred - (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, - krb5_creds *creds) +krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred +(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, + krb5_creds *creds) { - krb5_error_code retval; - stdccCacheDataPtr ccapi_data = id->data; - int err; - cred_union *credU = NULL; - ccache_cit *iterator; - - if ((retval = stdcc_setup(context, ccapi_data))) - return retval; - + krb5_error_code retval; + stdccCacheDataPtr ccapi_data = id->data; + int err; + cred_union *credU = NULL; + ccache_cit *iterator; + + if ((retval = stdcc_setup(context, ccapi_data))) + return retval; + #ifdef CC_API_VER2 - iterator = *cursor; - if (iterator == 0) - return KRB5_CC_END; - err = cc_seq_fetch_creds_next(gCntrlBlock, &credU, iterator); - - if (err == CC_END) { - cc_seq_fetch_creds_end(gCntrlBlock, &iterator); - *cursor = 0; - } + iterator = *cursor; + if (iterator == 0) + return KRB5_CC_END; + err = cc_seq_fetch_creds_next(gCntrlBlock, &credU, iterator); + + if (err == CC_END) { + cc_seq_fetch_creds_end(gCntrlBlock, &iterator); + *cursor = 0; + } #else - err = cc_seq_fetch_creds(gCntrlBlock, ccapi_data->NamedCache, - &credU, (ccache_cit **)cursor); + err = cc_seq_fetch_creds(gCntrlBlock, ccapi_data->NamedCache, + &credU, (ccache_cit **)cursor); #endif - if (err != CC_NOERROR) - return cc_err_xlate(err); - - /* copy data (with translation) */ - dupCCtoK5(context, credU->cred.pV5Cred, creds); - - /* free our version of the cred - okay to use cc_free_creds() here - because we got it from the CCache library */ - cc_free_creds(gCntrlBlock, &credU); - - return 0; + if (err != CC_NOERROR) + return cc_err_xlate(err); + + /* copy data (with translation) */ + dupCCtoK5(context, credU->cred.pV5Cred, creds); + + /* free our version of the cred - okay to use cc_free_creds() here + because we got it from the CCache library */ + cc_free_creds(gCntrlBlock, &credU); + + return 0; } @@ -1401,63 +1402,63 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred * - try to find a matching credential in the cache */ #if 0 -krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve - (krb5_context context, - krb5_ccache id, - krb5_flags whichfields, - krb5_creds *mcreds, - krb5_creds *creds ) +krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve +(krb5_context context, + krb5_ccache id, + krb5_flags whichfields, + krb5_creds *mcreds, + krb5_creds *creds ) { - krb5_error_code retval; - krb5_cc_cursor curs = NULL; - krb5_creds *fetchcreds; - - if ((retval = stdcc_setup(context, NULL))) - return retval; - - fetchcreds = (krb5_creds *)malloc(sizeof(krb5_creds)); - if (fetchcreds == NULL) return KRB5_CC_NOMEM; - - /* we're going to use the iterators */ - krb5_stdcc_start_seq_get(context, id, &curs); - - while (!krb5_stdcc_next_cred(context, id, &curs, fetchcreds)) { - /* - * look at each credential for a match - * use this match routine since it takes the - * whichfields and the API doesn't - */ - if (stdccCredsMatch(context, fetchcreds, - mcreds, whichfields)) { - /* we found it, copy and exit */ - *creds = *fetchcreds; - krb5_stdcc_end_seq_get(context, id, &curs); - return 0; - } - /* free copy allocated by next_cred */ - krb5_free_cred_contents(context, fetchcreds); - } - - /* no luck, end get and exit */ - krb5_stdcc_end_seq_get(context, id, &curs); - - /* we're not using this anymore so we should get rid of it! */ - free(fetchcreds); - - return KRB5_CC_NOTFOUND; + krb5_error_code retval; + krb5_cc_cursor curs = NULL; + krb5_creds *fetchcreds; + + if ((retval = stdcc_setup(context, NULL))) + return retval; + + fetchcreds = (krb5_creds *)malloc(sizeof(krb5_creds)); + if (fetchcreds == NULL) return KRB5_CC_NOMEM; + + /* we're going to use the iterators */ + krb5_stdcc_start_seq_get(context, id, &curs); + + while (!krb5_stdcc_next_cred(context, id, &curs, fetchcreds)) { + /* + * look at each credential for a match + * use this match routine since it takes the + * whichfields and the API doesn't + */ + if (stdccCredsMatch(context, fetchcreds, + mcreds, whichfields)) { + /* we found it, copy and exit */ + *creds = *fetchcreds; + krb5_stdcc_end_seq_get(context, id, &curs); + return 0; + } + /* free copy allocated by next_cred */ + krb5_free_cred_contents(context, fetchcreds); + } + + /* no luck, end get and exit */ + krb5_stdcc_end_seq_get(context, id, &curs); + + /* we're not using this anymore so we should get rid of it! */ + free(fetchcreds); + + return KRB5_CC_NOTFOUND; } #else krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve(context, id, whichfields, mcreds, creds) - krb5_context context; - krb5_ccache id; - krb5_flags whichfields; - krb5_creds *mcreds; - krb5_creds *creds; + krb5_context context; + krb5_ccache id; + krb5_flags whichfields; + krb5_creds *mcreds; + krb5_creds *creds; { return krb5_cc_retrieve_cred_default (context, id, whichfields, - mcreds, creds); + mcreds, creds); } #endif @@ -1467,73 +1468,73 @@ krb5_stdcc_retrieve(context, id, whichfields, mcreds, creds) * * just free up the storage assoicated with the cursor (if we could) */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_end_seq_get - (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) +krb5_error_code KRB5_CALLCONV krb5_stdcc_end_seq_get +(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { - krb5_error_code retval; - stdccCacheDataPtr ccapi_data = NULL; - int err; + krb5_error_code retval; + stdccCacheDataPtr ccapi_data = NULL; + int err; #ifndef CC_API_VER2 - cred_union *credU = NULL; + cred_union *credU = NULL; #endif - ccapi_data = id->data; - - if ((retval = stdcc_setup(context, ccapi_data))) - return retval; + ccapi_data = id->data; - if (*cursor == NULL) - return 0; + if ((retval = stdcc_setup(context, ccapi_data))) + return retval; + + if (*cursor == NULL) + return 0; #ifdef CC_API_VER2 - err = cc_seq_fetch_creds_end(gCntrlBlock, (ccache_cit **)cursor); - if (err != CC_NOERROR) - return cc_err_xlate(err); -#else - /* - * Finish calling cc_seq_fetch_creds to clear out the cursor - */ - while (*cursor) { - err = cc_seq_fetch_creds(gCntrlBlock, ccapi_data->NamedCache, - &credU, (ccache_cit **)cursor); - if (err) - break; - - /* okay to call cc_free_creds() here because we got credU from CCache lib */ - cc_free_creds(gCntrlBlock, &credU); - } + err = cc_seq_fetch_creds_end(gCntrlBlock, (ccache_cit **)cursor); + if (err != CC_NOERROR) + return cc_err_xlate(err); +#else + /* + * Finish calling cc_seq_fetch_creds to clear out the cursor + */ + while (*cursor) { + err = cc_seq_fetch_creds(gCntrlBlock, ccapi_data->NamedCache, + &credU, (ccache_cit **)cursor); + if (err) + break; + + /* okay to call cc_free_creds() here because we got credU from CCache lib */ + cc_free_creds(gCntrlBlock, &credU); + } #endif - - return(0); + + return(0); } - + /* * close * * - free our pointers to the NC */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_stdcc_close(krb5_context context, krb5_ccache id) { - krb5_error_code retval; - stdccCacheDataPtr ccapi_data = id->data; - - if ((retval = stdcc_setup(context, NULL))) - return retval; - - /* free it */ - - if (ccapi_data) { - if (ccapi_data->cache_name) - free(ccapi_data->cache_name); - if (ccapi_data->NamedCache) - cc_close(gCntrlBlock, &ccapi_data->NamedCache); - free(ccapi_data); - id->data = NULL; - } - free(id); - - return 0; + krb5_error_code retval; + stdccCacheDataPtr ccapi_data = id->data; + + if ((retval = stdcc_setup(context, NULL))) + return retval; + + /* free it */ + + if (ccapi_data) { + if (ccapi_data->cache_name) + free(ccapi_data->cache_name); + if (ccapi_data->NamedCache) + cc_close(gCntrlBlock, &ccapi_data->NamedCache); + free(ccapi_data); + id->data = NULL; + } + free(id); + + return 0; } /* @@ -1544,35 +1545,35 @@ krb5_stdcc_close(krb5_context context, krb5_ccache id) krb5_error_code KRB5_CALLCONV krb5_stdcc_destroy (krb5_context context, krb5_ccache id) { - int err; - krb5_error_code retval; - stdccCacheDataPtr ccapi_data = id->data; - - if ((retval = stdcc_setup(context, ccapi_data))) { - return retval; - } - - /* free memory associated with the krb5_ccache */ - if (ccapi_data) { - if (ccapi_data->cache_name) - free(ccapi_data->cache_name); - if (ccapi_data->NamedCache) { - /* destroy the named cache */ - err = cc_destroy(gCntrlBlock, &ccapi_data->NamedCache); - retval = cc_err_xlate(err); - cache_changed(); - } - free(ccapi_data); - id->data = NULL; - } - free(id); - - /* If the cache does not exist when we tried to destroy it, - that's fine. That means someone else destryoed it since - we resolved it. */ - if (retval == KRB5_FCC_NOFILE) - return 0; - return retval; + int err; + krb5_error_code retval; + stdccCacheDataPtr ccapi_data = id->data; + + if ((retval = stdcc_setup(context, ccapi_data))) { + return retval; + } + + /* free memory associated with the krb5_ccache */ + if (ccapi_data) { + if (ccapi_data->cache_name) + free(ccapi_data->cache_name); + if (ccapi_data->NamedCache) { + /* destroy the named cache */ + err = cc_destroy(gCntrlBlock, &ccapi_data->NamedCache); + retval = cc_err_xlate(err); + cache_changed(); + } + free(ccapi_data); + id->data = NULL; + } + free(id); + + /* If the cache does not exist when we tried to destroy it, + that's fine. That means someone else destryoed it since + we resolved it. */ + if (retval == KRB5_FCC_NOFILE) + return 0; + return retval; } /* @@ -1580,15 +1581,15 @@ krb5_stdcc_destroy (krb5_context context, krb5_ccache id) * * - return the name of the named cache */ -const char * KRB5_CALLCONV krb5_stdcc_get_name - (krb5_context context, krb5_ccache id ) +const char * KRB5_CALLCONV krb5_stdcc_get_name +(krb5_context context, krb5_ccache id ) { - stdccCacheDataPtr ccapi_data = id->data; + stdccCacheDataPtr ccapi_data = id->data; - if (!ccapi_data) - return 0; + if (!ccapi_data) + return 0; - return (ccapi_data->cache_name); + return (ccapi_data->cache_name); } @@ -1597,29 +1598,29 @@ const char * KRB5_CALLCONV krb5_stdcc_get_name * - return the principal associated with the named cache */ krb5_error_code KRB5_CALLCONV krb5_stdcc_get_principal - (krb5_context context, krb5_ccache id , krb5_principal *princ) +(krb5_context context, krb5_ccache id , krb5_principal *princ) { - int err; - char *name = NULL; - stdccCacheDataPtr ccapi_data = id->data; - krb5_error_code retval; - - if ((retval = stdcc_setup(context, ccapi_data))) - return retval; - - /* another wrapper */ - err = cc_get_principal(gCntrlBlock, ccapi_data->NamedCache, - &name); - - if (err != CC_NOERROR) - return cc_err_xlate(err); - - /* turn it into a krb principal */ - err = krb5_parse_name(context, name, princ); - - cc_free_principal(gCntrlBlock, &name); - - return err; + int err; + char *name = NULL; + stdccCacheDataPtr ccapi_data = id->data; + krb5_error_code retval; + + if ((retval = stdcc_setup(context, ccapi_data))) + return retval; + + /* another wrapper */ + err = cc_get_principal(gCntrlBlock, ccapi_data->NamedCache, + &name); + + if (err != CC_NOERROR) + return cc_err_xlate(err); + + /* turn it into a krb principal */ + err = krb5_parse_name(context, name, princ); + + cc_free_principal(gCntrlBlock, &name); + + return err; } /* @@ -1627,16 +1628,16 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_get_principal * * - currently a NOP since we don't store any flags in the NC */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags - (krb5_context context, krb5_ccache id , krb5_flags flags) +krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags +(krb5_context context, krb5_ccache id , krb5_flags flags) { - stdccCacheDataPtr ccapi_data = id->data; - krb5_error_code retval; - - if ((retval = stdcc_setup(context, ccapi_data))) - return retval; + stdccCacheDataPtr ccapi_data = id->data; + krb5_error_code retval; + + if ((retval = stdcc_setup(context, ccapi_data))) + return retval; - return 0; + return 0; } /* @@ -1644,16 +1645,16 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags * * - currently a NOP since we don't store any flags in the NC */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags - (krb5_context context, krb5_ccache id , krb5_flags *flags) +krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags +(krb5_context context, krb5_ccache id , krb5_flags *flags) { - stdccCacheDataPtr ccapi_data = id->data; - krb5_error_code retval; - - if ((retval = stdcc_setup(context, ccapi_data))) - return retval; + stdccCacheDataPtr ccapi_data = id->data; + krb5_error_code retval; + + if ((retval = stdcc_setup(context, ccapi_data))) + return retval; - return 0; + return 0; } /* @@ -1661,39 +1662,38 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags * * - remove the specified credentials from the NC */ -krb5_error_code KRB5_CALLCONV krb5_stdcc_remove - (krb5_context context, krb5_ccache id, - krb5_flags flags, krb5_creds *creds) +krb5_error_code KRB5_CALLCONV krb5_stdcc_remove +(krb5_context context, krb5_ccache id, + krb5_flags flags, krb5_creds *creds) { - cred_union *cu = NULL; - int err; - stdccCacheDataPtr ccapi_data = id->data; - krb5_error_code retval; - - if ((retval = stdcc_setup(context, ccapi_data))) { - if (retval == KRB5_FCC_NOFILE) - return 0; - return retval; - } - - /* convert to a cred union */ - dupK5toCC(context, creds, &cu); - - /* remove it */ - err = cc_remove_cred(gCntrlBlock, ccapi_data->NamedCache, *cu); - if (err != CC_NOERROR) - return cc_err_xlate(err); - - /* free the cred union using our local version of cc_free_creds() - since we allocated it locally */ - err = krb5int_free_cc_cred_union(&cu); - cache_changed(); - if (err != CC_NOERROR) - return cc_err_xlate(err); + cred_union *cu = NULL; + int err; + stdccCacheDataPtr ccapi_data = id->data; + krb5_error_code retval; + + if ((retval = stdcc_setup(context, ccapi_data))) { + if (retval == KRB5_FCC_NOFILE) + return 0; + return retval; + } - return 0; + /* convert to a cred union */ + dupK5toCC(context, creds, &cu); + + /* remove it */ + err = cc_remove_cred(gCntrlBlock, ccapi_data->NamedCache, *cu); + if (err != CC_NOERROR) + return cc_err_xlate(err); + + /* free the cred union using our local version of cc_free_creds() + since we allocated it locally */ + err = krb5int_free_cc_cred_union(&cu); + cache_changed(); + if (err != CC_NOERROR) + return cc_err_xlate(err); + + return 0; } #endif /* !USE_CCAPI_V3 */ #endif /* defined(_WIN32) || defined(USE_CCAPI) */ - diff --git a/src/lib/krb5/ccache/ccapi/stdcc.h b/src/lib/krb5/ccache/ccapi/stdcc.h index e9ec085..6550efc 100644 --- a/src/lib/krb5/ccache/ccapi/stdcc.h +++ b/src/lib/krb5/ccache/ccapi/stdcc.h @@ -1,9 +1,10 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #ifndef __KRB5_STDCC_H__ #define __KRB5_STDCC_H__ #if defined(_WIN32) || defined(USE_CCAPI) -#include "k5-int.h" /* loads krb5.h */ +#include "k5-int.h" /* loads krb5.h */ #ifdef USE_CCAPI_V3 #include <CredentialsCache.h> @@ -24,11 +25,11 @@ extern krb5_cc_ops krb5_cc_stdcc_ops; * structure to stash in the cache's data field */ typedef struct _stdccCacheData { - char *cache_name; + char *cache_name; #ifdef USE_CCAPI_V3 - cc_ccache_t NamedCache; + cc_ccache_t NamedCache; #else - ccache_p *NamedCache; + ccache_p *NamedCache; #endif } stdccCacheData, *stdccCacheDataPtr; @@ -40,135 +41,135 @@ void krb5_stdcc_shutdown(void); #ifdef USE_CCAPI_V3 krb5_error_code KRB5_CALLCONV krb5_stdccv3_close - (krb5_context, krb5_ccache id ); +(krb5_context, krb5_ccache id ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_destroy - (krb5_context, krb5_ccache id ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_destroy +(krb5_context, krb5_ccache id ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_end_seq_get - (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_end_seq_get +(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_generate_new - (krb5_context, krb5_ccache *id ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_generate_new +(krb5_context, krb5_ccache *id ); -const char * KRB5_CALLCONV krb5_stdccv3_get_name - (krb5_context, krb5_ccache id ); +const char * KRB5_CALLCONV krb5_stdccv3_get_name +(krb5_context, krb5_ccache id ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_principal - (krb5_context, krb5_ccache id , krb5_principal *princ ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_principal +(krb5_context, krb5_ccache id , krb5_principal *princ ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_initialize - (krb5_context, krb5_ccache id , krb5_principal princ ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_initialize +(krb5_context, krb5_ccache id , krb5_principal princ ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_next_cred - (krb5_context, - krb5_ccache id , - krb5_cc_cursor *cursor , - krb5_creds *creds ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_next_cred +(krb5_context, + krb5_ccache id , + krb5_cc_cursor *cursor , + krb5_creds *creds ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_resolve - (krb5_context, krb5_ccache *id , const char *residual ); - -krb5_error_code KRB5_CALLCONV krb5_stdccv3_retrieve - (krb5_context, - krb5_ccache id , - krb5_flags whichfields , - krb5_creds *mcreds , - krb5_creds *creds ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_resolve +(krb5_context, krb5_ccache *id , const char *residual ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_start_seq_get - (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_retrieve +(krb5_context, + krb5_ccache id , + krb5_flags whichfields , + krb5_creds *mcreds , + krb5_creds *creds ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_store - (krb5_context, krb5_ccache id , krb5_creds *creds ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_start_seq_get +(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_set_flags - (krb5_context, krb5_ccache id , krb5_flags flags ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_store +(krb5_context, krb5_ccache id , krb5_creds *creds ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_flags - (krb5_context, krb5_ccache id , krb5_flags *flags ); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_set_flags +(krb5_context, krb5_ccache id , krb5_flags flags ); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_remove - (krb5_context, krb5_ccache id , krb5_flags flags, krb5_creds *creds); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_flags +(krb5_context, krb5_ccache id , krb5_flags *flags ); + +krb5_error_code KRB5_CALLCONV krb5_stdccv3_remove +(krb5_context, krb5_ccache id , krb5_flags flags, krb5_creds *creds); krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_new - (krb5_context context, krb5_cc_ptcursor *cursor); +(krb5_context context, krb5_cc_ptcursor *cursor); krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_next - (krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache); +(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache); krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_free - (krb5_context context, krb5_cc_ptcursor *cursor); +(krb5_context context, krb5_cc_ptcursor *cursor); krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time - (krb5_context context, krb5_ccache id, - krb5_timestamp *change_time); +(krb5_context context, krb5_ccache id, + krb5_timestamp *change_time); -krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock - (krb5_context, krb5_ccache id); +krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock +(krb5_context, krb5_ccache id); krb5_error_code KRB5_CALLCONV krb5_stdccv3_unlock - (krb5_context, krb5_ccache id); +(krb5_context, krb5_ccache id); krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock - (krb5_context context); +(krb5_context context); krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock - (krb5_context context); +(krb5_context context); #else krb5_error_code KRB5_CALLCONV krb5_stdcc_close - (krb5_context, krb5_ccache id ); +(krb5_context, krb5_ccache id ); + +krb5_error_code KRB5_CALLCONV krb5_stdcc_destroy +(krb5_context, krb5_ccache id ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_destroy - (krb5_context, krb5_ccache id ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_end_seq_get +(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_end_seq_get - (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_generate_new +(krb5_context, krb5_ccache *id ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_generate_new - (krb5_context, krb5_ccache *id ); +const char * KRB5_CALLCONV krb5_stdcc_get_name +(krb5_context, krb5_ccache id ); -const char * KRB5_CALLCONV krb5_stdcc_get_name - (krb5_context, krb5_ccache id ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_get_principal +(krb5_context, krb5_ccache id , krb5_principal *princ ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_get_principal - (krb5_context, krb5_ccache id , krb5_principal *princ ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_initialize +(krb5_context, krb5_ccache id , krb5_principal princ ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_initialize - (krb5_context, krb5_ccache id , krb5_principal princ ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred +(krb5_context, + krb5_ccache id , + krb5_cc_cursor *cursor , + krb5_creds *creds ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred - (krb5_context, - krb5_ccache id , - krb5_cc_cursor *cursor , - krb5_creds *creds ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_resolve +(krb5_context, krb5_ccache *id , const char *residual ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_resolve - (krb5_context, krb5_ccache *id , const char *residual ); - -krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve - (krb5_context, - krb5_ccache id , - krb5_flags whichfields , - krb5_creds *mcreds , - krb5_creds *creds ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve +(krb5_context, + krb5_ccache id , + krb5_flags whichfields , + krb5_creds *mcreds , + krb5_creds *creds ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_start_seq_get - (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_start_seq_get +(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_store - (krb5_context, krb5_ccache id , krb5_creds *creds ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_store +(krb5_context, krb5_ccache id , krb5_creds *creds ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags - (krb5_context, krb5_ccache id , krb5_flags flags ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags +(krb5_context, krb5_ccache id , krb5_flags flags ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags - (krb5_context, krb5_ccache id , krb5_flags *flags ); +krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags +(krb5_context, krb5_ccache id , krb5_flags *flags ); -krb5_error_code KRB5_CALLCONV krb5_stdcc_remove - (krb5_context, krb5_ccache id , krb5_flags flags, krb5_creds *creds); +krb5_error_code KRB5_CALLCONV krb5_stdcc_remove +(krb5_context, krb5_ccache id , krb5_flags flags, krb5_creds *creds); #endif #endif /* defined(_WIN32) || defined(USE_CCAPI) */ diff --git a/src/lib/krb5/ccache/ccapi/stdcc_util.c b/src/lib/krb5/ccache/ccapi/stdcc_util.c index 114e79e..9f44af3 100644 --- a/src/lib/krb5/ccache/ccapi/stdcc_util.c +++ b/src/lib/krb5/ccache/ccapi/stdcc_util.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * stdcc_util.c * utility functions used in implementing the ccache api for krb5 @@ -17,7 +18,7 @@ #include "stdcc_util.h" #include "krb5.h" -#ifdef _WIN32 /* it's part of krb5.h everywhere else */ +#ifdef _WIN32 /* it's part of krb5.h everywhere else */ #include "kv5m_err.h" #endif @@ -26,30 +27,30 @@ #ifdef USE_CCAPI_V3 -static void +static void free_cc_array (cc_data **io_cc_array) { if (io_cc_array) { unsigned int i; - + for (i = 0; io_cc_array[i]; i++) { if (io_cc_array[i]->data) { free (io_cc_array[i]->data); } free (io_cc_array[i]); } free (io_cc_array); - } + } } -static krb5_error_code -copy_cc_array_to_addresses (krb5_context in_context, - cc_data **in_cc_array, +static krb5_error_code +copy_cc_array_to_addresses (krb5_context in_context, + cc_data **in_cc_array, krb5_address ***out_addresses) { krb5_error_code err = 0; - + if (in_cc_array == NULL) { *out_addresses = NULL; - + } else { unsigned int count, i; krb5_address **addresses = NULL; @@ -58,26 +59,26 @@ copy_cc_array_to_addresses (krb5_context in_context, for (count = 0; in_cc_array[count]; count++); addresses = (krb5_address **) malloc (sizeof (*addresses) * (count + 1)); if (!addresses) { err = KRB5_CC_NOMEM; } - - for (i = 0; !err && i < count; i++) { + + for (i = 0; !err && i < count; i++) { addresses[i] = (krb5_address *) malloc (sizeof (krb5_address)); if (!addresses[i]) { err = KRB5_CC_NOMEM; } - + if (!err) { - addresses[i]->contents = (krb5_octet *) malloc (sizeof (krb5_octet) * - in_cc_array[i]->length); + addresses[i]->contents = (krb5_octet *) malloc (sizeof (krb5_octet) * + in_cc_array[i]->length); if (!addresses[i]->contents) { err = KRB5_CC_NOMEM; } } - + if (!err) { addresses[i]->magic = KV5M_ADDRESS; addresses[i]->addrtype = in_cc_array[i]->type; addresses[i]->length = in_cc_array[i]->length; - memcpy (addresses[i]->contents, + memcpy (addresses[i]->contents, in_cc_array[i]->data, in_cc_array[i]->length); } } - + if (!err) { addresses[i] = NULL; /* terminator */ *out_addresses = addresses; @@ -86,70 +87,70 @@ copy_cc_array_to_addresses (krb5_context in_context, if (addresses) { krb5_free_addresses (in_context, addresses); } } - + return err; } -static krb5_error_code -copy_cc_array_to_authdata (krb5_context in_context, - cc_data **in_cc_array, +static krb5_error_code +copy_cc_array_to_authdata (krb5_context in_context, + cc_data **in_cc_array, krb5_authdata ***out_authdata) { krb5_error_code err = 0; - + if (in_cc_array == NULL) { *out_authdata = NULL; - + } else { unsigned int count, i; krb5_authdata **authdata = NULL; - + /* get length of array */ for (count = 0; in_cc_array[count]; count++); authdata = (krb5_authdata **) malloc (sizeof (*authdata) * (count + 1)); if (!authdata) { err = KRB5_CC_NOMEM; } - - for (i = 0; !err && i < count; i++) { + + for (i = 0; !err && i < count; i++) { authdata[i] = (krb5_authdata *) malloc (sizeof (krb5_authdata)); if (!authdata[i]) { err = KRB5_CC_NOMEM; } - + if (!err) { - authdata[i]->contents = (krb5_octet *) malloc (sizeof (krb5_octet) * - in_cc_array[i]->length); + authdata[i]->contents = (krb5_octet *) malloc (sizeof (krb5_octet) * + in_cc_array[i]->length); if (!authdata[i]->contents) { err = KRB5_CC_NOMEM; } } - + if (!err) { authdata[i]->magic = KV5M_AUTHDATA; authdata[i]->ad_type = in_cc_array[i]->type; authdata[i]->length = in_cc_array[i]->length; - memcpy (authdata[i]->contents, + memcpy (authdata[i]->contents, in_cc_array[i]->data, in_cc_array[i]->length); } } - + if (!err) { authdata[i] = NULL; /* terminator */ *out_authdata = authdata; authdata = NULL; } - + if (authdata) { krb5_free_authdata (in_context, authdata); } } - + return err; } -static krb5_error_code -copy_addresses_to_cc_array (krb5_context in_context, - krb5_address **in_addresses, +static krb5_error_code +copy_addresses_to_cc_array (krb5_context in_context, + krb5_address **in_addresses, cc_data ***out_cc_array) { krb5_error_code err = 0; - + if (in_addresses == NULL) { *out_cc_array = NULL; - + } else { unsigned int count, i; cc_data **cc_array = NULL; @@ -158,23 +159,23 @@ copy_addresses_to_cc_array (krb5_context in_context, for (count = 0; in_addresses[count]; count++); cc_array = (cc_data **) malloc (sizeof (*cc_array) * (count + 1)); if (!cc_array) { err = KRB5_CC_NOMEM; } - - for (i = 0; !err && i < count; i++) { + + for (i = 0; !err && i < count; i++) { cc_array[i] = (cc_data *) malloc (sizeof (cc_data)); if (!cc_array[i]) { err = KRB5_CC_NOMEM; } - + if (!err) { cc_array[i]->data = malloc (in_addresses[i]->length); if (!cc_array[i]->data) { err = KRB5_CC_NOMEM; } } - + if (!err) { cc_array[i]->type = in_addresses[i]->addrtype; cc_array[i]->length = in_addresses[i]->length; memcpy (cc_array[i]->data, in_addresses[i]->contents, in_addresses[i]->length); } } - + if (!err) { cc_array[i] = NULL; /* terminator */ *out_cc_array = cc_array; @@ -183,18 +184,18 @@ copy_addresses_to_cc_array (krb5_context in_context, if (cc_array) { free_cc_array (cc_array); } } - - + + return err; } -static krb5_error_code -copy_authdata_to_cc_array (krb5_context in_context, - krb5_authdata **in_authdata, +static krb5_error_code +copy_authdata_to_cc_array (krb5_context in_context, + krb5_authdata **in_authdata, cc_data ***out_cc_array) { krb5_error_code err = 0; - + if (in_authdata == NULL) { *out_cc_array = NULL; @@ -206,23 +207,23 @@ copy_authdata_to_cc_array (krb5_context in_context, for (count = 0; in_authdata[count]; count++); cc_array = (cc_data **) malloc (sizeof (*cc_array) * (count + 1)); if (!cc_array) { err = KRB5_CC_NOMEM; } - - for (i = 0; !err && i < count; i++) { + + for (i = 0; !err && i < count; i++) { cc_array[i] = (cc_data *) malloc (sizeof (cc_data)); if (!cc_array[i]) { err = KRB5_CC_NOMEM; } - + if (!err) { cc_array[i]->data = malloc (in_authdata[i]->length); if (!cc_array[i]->data) { err = KRB5_CC_NOMEM; } } - + if (!err) { cc_array[i]->type = in_authdata[i]->ad_type; cc_array[i]->length = in_authdata[i]->length; memcpy (cc_array[i]->data, in_authdata[i]->contents, in_authdata[i]->length); } } - + if (!err) { cc_array[i] = NULL; /* terminator */ *out_cc_array = cc_array; @@ -231,8 +232,8 @@ copy_authdata_to_cc_array (krb5_context in_context, if (cc_array) { free_cc_array (cc_array); } } - - + + return err; } @@ -242,9 +243,9 @@ copy_authdata_to_cc_array (krb5_context in_context, * - allocate an empty k5 style ticket and copy info from the cc_creds ticket */ -krb5_error_code -copy_cc_cred_union_to_krb5_creds (krb5_context in_context, - const cc_credentials_union *in_cred_union, +krb5_error_code +copy_cc_cred_union_to_krb5_creds (krb5_context in_context, + const cc_credentials_union *in_cred_union, krb5_creds *out_creds) { krb5_error_code err = 0; @@ -257,59 +258,59 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context, unsigned char *keyblock_contents = NULL; krb5_address **addresses = NULL; krb5_authdata **authdata = NULL; - - if (in_cred_union->version != cc_credentials_v5) { - err = KRB5_CC_NOT_KTYPE; + + if (in_cred_union->version != cc_credentials_v5) { + err = KRB5_CC_NOT_KTYPE; } else { cv5 = in_cred_union->credentials.credentials_v5; } - + #if TARGET_OS_MAC if (!err) { err = krb5_get_time_offsets (in_context, &offset_seconds, &offset_microseconds); } #endif - + if (!err) { err = krb5_parse_name (in_context, cv5->client, &client); } - + if (!err) { err = krb5_parse_name (in_context, cv5->server, &server); } - + if (!err && cv5->keyblock.data) { keyblock_contents = (unsigned char *) malloc (cv5->keyblock.length); if (!keyblock_contents) { err = KRB5_CC_NOMEM; } } - + if (!err && cv5->ticket.data) { ticket_data = (char *) malloc (cv5->ticket.length); if (!ticket_data) { err = KRB5_CC_NOMEM; } } - + if (!err && cv5->second_ticket.data) { second_ticket_data = (char *) malloc (cv5->second_ticket.length); if (!second_ticket_data) { err = KRB5_CC_NOMEM; } } - + if (!err) { /* addresses */ err = copy_cc_array_to_addresses (in_context, cv5->addresses, &addresses); } - + if (!err) { /* authdata */ err = copy_cc_array_to_authdata (in_context, cv5->authdata, &authdata); } - + if (!err) { /* principals */ out_creds->client = client; client = NULL; out_creds->server = server; server = NULL; - + /* copy keyblock */ if (cv5->keyblock.data) { memcpy (keyblock_contents, cv5->keyblock.data, cv5->keyblock.length); @@ -334,7 +335,7 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context, out_creds->ticket.length = cv5->ticket.length; out_creds->ticket.data = ticket_data; ticket_data = NULL; - + /* second ticket */ if (cv5->second_ticket.data) { memcpy(second_ticket_data, cv5->second_ticket.data, cv5->second_ticket.length); @@ -342,17 +343,17 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context, out_creds->second_ticket.length = cv5->second_ticket.length; out_creds->second_ticket.data = second_ticket_data; second_ticket_data = NULL; - + out_creds->addresses = addresses; addresses = NULL; out_creds->authdata = authdata; authdata = NULL; - + /* zero out magic number */ out_creds->magic = 0; } - + if (addresses) { krb5_free_addresses (in_context, addresses); } if (authdata) { krb5_free_authdata (in_context, authdata); } if (keyblock_contents) { free (keyblock_contents); } @@ -360,7 +361,7 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context, if (second_ticket_data) { free (second_ticket_data); } if (client) { krb5_free_principal (in_context, client); } if (server) { krb5_free_principal (in_context, server); } - + return err; } @@ -369,8 +370,8 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context, * - analagous to above but in the reverse direction */ krb5_error_code -copy_krb5_creds_to_cc_cred_union (krb5_context in_context, - krb5_creds *in_creds, +copy_krb5_creds_to_cc_cred_union (krb5_context in_context, + krb5_creds *in_creds, cc_credentials_union **out_cred_union) { krb5_error_code err = 0; @@ -384,56 +385,56 @@ copy_krb5_creds_to_cc_cred_union (krb5_context in_context, krb5_int32 offset_seconds = 0, offset_microseconds = 0; cc_data **cc_address_array = NULL; cc_data **cc_authdata_array = NULL; - + if (out_cred_union == NULL) { err = KRB5_CC_NOMEM; } - + #if TARGET_OS_MAC if (!err) { err = krb5_get_time_offsets (in_context, &offset_seconds, &offset_microseconds); } #endif - + if (!err) { cred_union = (cc_credentials_union *) malloc (sizeof (*cred_union)); if (!cred_union) { err = KRB5_CC_NOMEM; } } - + if (!err) { cv5 = (cc_credentials_v5_t *) malloc (sizeof (*cv5)); if (!cv5) { err = KRB5_CC_NOMEM; } } - + if (!err) { err = krb5_unparse_name (in_context, in_creds->client, &client); } - + if (!err) { err = krb5_unparse_name (in_context, in_creds->server, &server); } - + if (!err && in_creds->keyblock.contents) { keyblock_data = (unsigned char *) malloc (in_creds->keyblock.length); if (!keyblock_data) { err = KRB5_CC_NOMEM; } } - + if (!err && in_creds->ticket.data) { ticket_data = (unsigned char *) malloc (in_creds->ticket.length); if (!ticket_data) { err = KRB5_CC_NOMEM; } } - + if (!err && in_creds->second_ticket.data) { second_ticket_data = (unsigned char *) malloc (in_creds->second_ticket.length); if (!second_ticket_data) { err = KRB5_CC_NOMEM; } } - + if (!err) { err = copy_addresses_to_cc_array (in_context, in_creds->addresses, &cc_address_array); } - + if (!err) { err = copy_authdata_to_cc_array (in_context, in_creds->authdata, &cc_authdata_array); } - + if (!err) { /* principals */ cv5->client = client; @@ -449,7 +450,7 @@ copy_krb5_creds_to_cc_cred_union (krb5_context in_context, cv5->keyblock.length = in_creds->keyblock.length; cv5->keyblock.data = keyblock_data; keyblock_data = NULL; - + cv5->authtime = in_creds->times.authtime - offset_seconds; cv5->starttime = in_creds->times.starttime - offset_seconds; cv5->endtime = in_creds->times.endtime - offset_seconds; @@ -463,29 +464,29 @@ copy_krb5_creds_to_cc_cred_union (krb5_context in_context, cv5->ticket.length = in_creds->ticket.length; cv5->ticket.data = ticket_data; ticket_data = NULL; - + if (in_creds->second_ticket.data) { memcpy (second_ticket_data, in_creds->second_ticket.data, in_creds->second_ticket.length); } cv5->second_ticket.length = in_creds->second_ticket.length; cv5->second_ticket.data = second_ticket_data; second_ticket_data = NULL; - + cv5->addresses = cc_address_array; cc_address_array = NULL; - + cv5->authdata = cc_authdata_array; - cc_authdata_array = NULL; - + cc_authdata_array = NULL; + /* Set up the structures to return to the caller */ cred_union->version = cc_credentials_v5; cred_union->credentials.credentials_v5 = cv5; cv5 = NULL; - + *out_cred_union = cred_union; cred_union = NULL; } - + if (cc_address_array) { free_cc_array (cc_address_array); } if (cc_authdata_array) { free_cc_array (cc_authdata_array); } if (keyblock_data) { free (keyblock_data); } @@ -495,38 +496,38 @@ copy_krb5_creds_to_cc_cred_union (krb5_context in_context, if (server) { krb5_free_unparsed_name (in_context, server); } if (cv5) { free (cv5); } if (cred_union) { free (cred_union); } - + return err; } -krb5_error_code -cred_union_release (cc_credentials_union *in_cred_union) +krb5_error_code +cred_union_release (cc_credentials_union *in_cred_union) { if (in_cred_union) { if (in_cred_union->version == cc_credentials_v5 && in_cred_union->credentials.credentials_v5) { cc_credentials_v5_t *cv5 = in_cred_union->credentials.credentials_v5; - + /* should use krb5_free_unparsed_name but we have no context */ if (cv5->client) { free (cv5->client); } if (cv5->server) { free (cv5->server); } - + if (cv5->keyblock.data) { free (cv5->keyblock.data); } if (cv5->ticket.data) { free (cv5->ticket.data); } if (cv5->second_ticket.data) { free (cv5->second_ticket.data); } - + free_cc_array (cv5->addresses); free_cc_array (cv5->authdata); - + free (cv5); - + } else if (in_cred_union->version == cc_credentials_v4 && in_cred_union->credentials.credentials_v4) { free (in_cred_union->credentials.credentials_v4); } free ((cc_credentials_union *) in_cred_union); } - + return 0; } @@ -534,85 +535,85 @@ cred_union_release (cc_credentials_union *in_cred_union) /* * CopyCCDataArrayToK5 * - copy and translate the null terminated arrays of data records - * used in k5 tickets + * used in k5 tickets */ int copyCCDataArrayToK5(cc_creds *ccCreds, krb5_creds *v5Creds, char whichArray) { if (whichArray == kAddressArray) { - if (ccCreds->addresses == NULL) { - v5Creds->addresses = NULL; - } else { - - krb5_address **addrPtr, *addr; - cc_data **dataPtr, *data; - unsigned int numRecords = 0; - - /* Allocate the array of pointers: */ - for (dataPtr = ccCreds->addresses; *dataPtr != NULL; numRecords++, dataPtr++) {} - - v5Creds->addresses = (krb5_address **) malloc (sizeof(krb5_address *) * (numRecords + 1)); - if (v5Creds->addresses == NULL) - return ENOMEM; - - /* Fill in the array, allocating the address structures: */ - for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *dataPtr != NULL; addrPtr++, dataPtr++) { - - *addrPtr = (krb5_address *) malloc (sizeof(krb5_address)); - if (*addrPtr == NULL) - return ENOMEM; - data = *dataPtr; - addr = *addrPtr; - - addr->addrtype = data->type; - addr->magic = KV5M_ADDRESS; - addr->length = data->length; - addr->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * addr->length); - if (addr->contents == NULL) - return ENOMEM; - memmove(addr->contents, data->data, addr->length); /* copy contents */ - } - - /* Write terminator: */ - *addrPtr = NULL; - } + if (ccCreds->addresses == NULL) { + v5Creds->addresses = NULL; + } else { + + krb5_address **addrPtr, *addr; + cc_data **dataPtr, *data; + unsigned int numRecords = 0; + + /* Allocate the array of pointers: */ + for (dataPtr = ccCreds->addresses; *dataPtr != NULL; numRecords++, dataPtr++) {} + + v5Creds->addresses = (krb5_address **) malloc (sizeof(krb5_address *) * (numRecords + 1)); + if (v5Creds->addresses == NULL) + return ENOMEM; + + /* Fill in the array, allocating the address structures: */ + for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *dataPtr != NULL; addrPtr++, dataPtr++) { + + *addrPtr = (krb5_address *) malloc (sizeof(krb5_address)); + if (*addrPtr == NULL) + return ENOMEM; + data = *dataPtr; + addr = *addrPtr; + + addr->addrtype = data->type; + addr->magic = KV5M_ADDRESS; + addr->length = data->length; + addr->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * addr->length); + if (addr->contents == NULL) + return ENOMEM; + memmove(addr->contents, data->data, addr->length); /* copy contents */ + } + + /* Write terminator: */ + *addrPtr = NULL; + } } if (whichArray == kAuthDataArray) { - if (ccCreds->authdata == NULL) { - v5Creds->authdata = NULL; - } else { - krb5_authdata **authPtr, *auth; - cc_data **dataPtr, *data; - unsigned int numRecords = 0; - - /* Allocate the array of pointers: */ - for (dataPtr = ccCreds->authdata; *dataPtr != NULL; numRecords++, dataPtr++) {} - - v5Creds->authdata = (krb5_authdata **) malloc (sizeof(krb5_authdata *) * (numRecords + 1)); - if (v5Creds->authdata == NULL) - return ENOMEM; - - /* Fill in the array, allocating the address structures: */ - for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *dataPtr != NULL; authPtr++, dataPtr++) { - - *authPtr = (krb5_authdata *) malloc (sizeof(krb5_authdata)); - if (*authPtr == NULL) - return ENOMEM; - data = *dataPtr; - auth = *authPtr; - - auth->ad_type = data->type; - auth->magic = KV5M_AUTHDATA; - auth->length = data->length; - auth->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * auth->length); - if (auth->contents == NULL) - return ENOMEM; - memmove(auth->contents, data->data, auth->length); /* copy contents */ - } - - /* Write terminator: */ - *authPtr = NULL; - } + if (ccCreds->authdata == NULL) { + v5Creds->authdata = NULL; + } else { + krb5_authdata **authPtr, *auth; + cc_data **dataPtr, *data; + unsigned int numRecords = 0; + + /* Allocate the array of pointers: */ + for (dataPtr = ccCreds->authdata; *dataPtr != NULL; numRecords++, dataPtr++) {} + + v5Creds->authdata = (krb5_authdata **) malloc (sizeof(krb5_authdata *) * (numRecords + 1)); + if (v5Creds->authdata == NULL) + return ENOMEM; + + /* Fill in the array, allocating the address structures: */ + for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *dataPtr != NULL; authPtr++, dataPtr++) { + + *authPtr = (krb5_authdata *) malloc (sizeof(krb5_authdata)); + if (*authPtr == NULL) + return ENOMEM; + data = *dataPtr; + auth = *authPtr; + + auth->ad_type = data->type; + auth->magic = KV5M_AUTHDATA; + auth->length = data->length; + auth->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * auth->length); + if (auth->contents == NULL) + return ENOMEM; + memmove(auth->contents, data->data, auth->length); /* copy contents */ + } + + /* Write terminator: */ + *authPtr = NULL; + } } return 0; @@ -625,78 +626,78 @@ int copyCCDataArrayToK5(cc_creds *ccCreds, krb5_creds *v5Creds, char whichArray) int copyK5DataArrayToCC(krb5_creds *v5Creds, cc_creds *ccCreds, char whichArray) { if (whichArray == kAddressArray) { - if (v5Creds->addresses == NULL) { - ccCreds->addresses = NULL; - } else { - - krb5_address **addrPtr, *addr; - cc_data **dataPtr, *data; - unsigned int numRecords = 0; - - /* Allocate the array of pointers: */ - for (addrPtr = v5Creds->addresses; *addrPtr != NULL; numRecords++, addrPtr++) {} - - ccCreds->addresses = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1)); - if (ccCreds->addresses == NULL) - return ENOMEM; - - /* Fill in the array, allocating the address structures: */ - for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *addrPtr != NULL; addrPtr++, dataPtr++) { - - *dataPtr = (cc_data *) malloc (sizeof(cc_data)); - if (*dataPtr == NULL) - return ENOMEM; - data = *dataPtr; - addr = *addrPtr; - - data->type = addr->addrtype; - data->length = addr->length; - data->data = malloc (sizeof(char) * data->length); - if (data->data == NULL) - return ENOMEM; - memmove(data->data, addr->contents, data->length); /* copy contents */ - } - - /* Write terminator: */ - *dataPtr = NULL; - } + if (v5Creds->addresses == NULL) { + ccCreds->addresses = NULL; + } else { + + krb5_address **addrPtr, *addr; + cc_data **dataPtr, *data; + unsigned int numRecords = 0; + + /* Allocate the array of pointers: */ + for (addrPtr = v5Creds->addresses; *addrPtr != NULL; numRecords++, addrPtr++) {} + + ccCreds->addresses = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1)); + if (ccCreds->addresses == NULL) + return ENOMEM; + + /* Fill in the array, allocating the address structures: */ + for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *addrPtr != NULL; addrPtr++, dataPtr++) { + + *dataPtr = (cc_data *) malloc (sizeof(cc_data)); + if (*dataPtr == NULL) + return ENOMEM; + data = *dataPtr; + addr = *addrPtr; + + data->type = addr->addrtype; + data->length = addr->length; + data->data = malloc (sizeof(char) * data->length); + if (data->data == NULL) + return ENOMEM; + memmove(data->data, addr->contents, data->length); /* copy contents */ + } + + /* Write terminator: */ + *dataPtr = NULL; + } } if (whichArray == kAuthDataArray) { - if (v5Creds->authdata == NULL) { - ccCreds->authdata = NULL; - } else { - krb5_authdata **authPtr, *auth; - cc_data **dataPtr, *data; - unsigned int numRecords = 0; - - /* Allocate the array of pointers: */ - for (authPtr = v5Creds->authdata; *authPtr != NULL; numRecords++, authPtr++) {} - - ccCreds->authdata = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1)); - if (ccCreds->authdata == NULL) - return ENOMEM; - - /* Fill in the array, allocating the address structures: */ - for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *authPtr != NULL; authPtr++, dataPtr++) { - - *dataPtr = (cc_data *) malloc (sizeof(cc_data)); - if (*dataPtr == NULL) - return ENOMEM; - data = *dataPtr; - auth = *authPtr; - - data->type = auth->ad_type; - data->length = auth->length; - data->data = malloc (sizeof(char) * data->length); - if (data->data == NULL) - return ENOMEM; - memmove(data->data, auth->contents, data->length); /* copy contents */ - } - - /* Write terminator: */ - *dataPtr = NULL; - } + if (v5Creds->authdata == NULL) { + ccCreds->authdata = NULL; + } else { + krb5_authdata **authPtr, *auth; + cc_data **dataPtr, *data; + unsigned int numRecords = 0; + + /* Allocate the array of pointers: */ + for (authPtr = v5Creds->authdata; *authPtr != NULL; numRecords++, authPtr++) {} + + ccCreds->authdata = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1)); + if (ccCreds->authdata == NULL) + return ENOMEM; + + /* Fill in the array, allocating the address structures: */ + for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *authPtr != NULL; authPtr++, dataPtr++) { + + *dataPtr = (cc_data *) malloc (sizeof(cc_data)); + if (*dataPtr == NULL) + return ENOMEM; + data = *dataPtr; + auth = *authPtr; + + data->type = auth->ad_type; + data->length = auth->length; + data->data = malloc (sizeof(char) * data->length); + if (data->data == NULL) + return ENOMEM; + memmove(data->data, auth->contents, data->length); /* copy contents */ + } + + /* Write terminator: */ + *dataPtr = NULL; + } } return 0; @@ -774,7 +775,7 @@ void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu) /* allocate the cred_union */ *cu = (cred_union *)malloc(sizeof(cred_union)); if ((*cu) == NULL) - return; + return; (*cu)->cred_type = CC_CRED_V5; @@ -793,10 +794,10 @@ void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu) c->keyblock.length = creds->keyblock.length; if (creds->keyblock.contents != NULL) { - c->keyblock.data = (unsigned char *)malloc(creds->keyblock.length); - memcpy(c->keyblock.data, creds->keyblock.contents, creds->keyblock.length); + c->keyblock.data = (unsigned char *)malloc(creds->keyblock.length); + memcpy(c->keyblock.data, creds->keyblock.contents, creds->keyblock.length); } else { - c->keyblock.data = NULL; + c->keyblock.data = NULL; } #if TARGET_OS_MAC @@ -815,18 +816,18 @@ void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu) c->ticket.length = creds->ticket.length; if (creds->ticket.data != NULL) { - c->ticket.data = (unsigned char *)malloc(creds->ticket.length); - memcpy(c->ticket.data, creds->ticket.data, creds->ticket.length); + c->ticket.data = (unsigned char *)malloc(creds->ticket.length); + memcpy(c->ticket.data, creds->ticket.data, creds->ticket.length); } else { - c->ticket.data = NULL; + c->ticket.data = NULL; } c->second_ticket.length = creds->second_ticket.length; if (creds->second_ticket.data != NULL) { - c->second_ticket.data = (unsigned char *)malloc(creds->second_ticket.length); - memcpy(c->second_ticket.data, creds->second_ticket.data, creds->second_ticket.length); + c->second_ticket.data = (unsigned char *)malloc(creds->second_ticket.length); + memcpy(c->second_ticket.data, creds->second_ticket.data, creds->second_ticket.length); } else { - c->second_ticket.data = NULL; + c->second_ticket.data = NULL; } err = copyK5DataArrayToCC(creds, c, kAuthDataArray); @@ -851,7 +852,7 @@ void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu) static void deep_free_cc_data (cc_data data) { if (data.data != NULL) - free (data.data); + free (data.data); } static void deep_free_cc_data_array (cc_data** data) { @@ -859,11 +860,11 @@ static void deep_free_cc_data_array (cc_data** data) { unsigned int i; if (data == NULL) - return; + return; for (i = 0; data [i] != NULL; i++) { - deep_free_cc_data (*(data [i])); - free (data [i]); + deep_free_cc_data (*(data [i])); + free (data [i]); } free (data); @@ -872,12 +873,12 @@ static void deep_free_cc_data_array (cc_data** data) { static void deep_free_cc_v5_creds (cc_creds* creds) { if (creds == NULL) - return; + return; if (creds -> client != NULL) - free (creds -> client); + free (creds -> client); if (creds -> server != NULL) - free (creds -> server); + free (creds -> server); deep_free_cc_data (creds -> keyblock); deep_free_cc_data (creds -> ticket); @@ -892,10 +893,10 @@ static void deep_free_cc_v5_creds (cc_creds* creds) static void deep_free_cc_creds (cred_union creds) { if (creds.cred_type == CC_CRED_V4) { - /* we shouldn't get this, of course */ - free (creds.cred.pV4Cred); + /* we shouldn't get this, of course */ + free (creds.cred.pV4Cred); } else if (creds.cred_type == CC_CRED_V5) { - deep_free_cc_v5_creds (creds.cred.pV5Cred); + deep_free_cc_v5_creds (creds.cred.pV5Cred); } } @@ -903,12 +904,12 @@ static void deep_free_cc_creds (cred_union creds) cc_int32 krb5int_free_cc_cred_union (cred_union** creds) { if (creds == NULL) - return CC_BAD_PARM; + return CC_BAD_PARM; if (*creds != NULL) { - deep_free_cc_creds (**creds); - free (*creds); - *creds = NULL; + deep_free_cc_creds (**creds); + free (*creds); + *creds = NULL; } return CC_NOERROR; @@ -921,15 +922,15 @@ cc_int32 krb5int_free_cc_cred_union (cred_union** creds) static krb5_boolean times_match(t1, t2) register const krb5_ticket_times *t1; -register const krb5_ticket_times *t2; + register const krb5_ticket_times *t2; { if (t1->renew_till) { - if (t1->renew_till > t2->renew_till) - return FALSE; /* this one expires too late */ + if (t1->renew_till > t2->renew_till) + return FALSE; /* this one expires too late */ } if (t1->endtime) { - if (t1->endtime > t2->endtime) - return FALSE; /* this one expires too late */ + if (t1->endtime > t2->endtime) + return FALSE; /* this one expires too late */ } /* only care about expiration on a times_match */ return TRUE; @@ -940,18 +941,18 @@ times_match_exact (t1, t2) register const krb5_ticket_times *t1, *t2; { return (t1->authtime == t2->authtime - && t1->starttime == t2->starttime - && t1->endtime == t2->endtime - && t1->renew_till == t2->renew_till); + && t1->starttime == t2->starttime + && t1->endtime == t2->endtime + && t1->renew_till == t2->renew_till); } static krb5_boolean standard_fields_match(context, mcreds, creds) krb5_context context; -register const krb5_creds *mcreds, *creds; + register const krb5_creds *mcreds, *creds; { return (krb5_principal_compare(context, mcreds->client,creds->client) && - krb5_principal_compare(context, mcreds->server,creds->server)); + krb5_principal_compare(context, mcreds->server,creds->server)); } /* only match the server name portion, not the server realm portion */ @@ -959,14 +960,14 @@ register const krb5_creds *mcreds, *creds; static krb5_boolean srvname_match(context, mcreds, creds) krb5_context context; -register const krb5_creds *mcreds, *creds; + register const krb5_creds *mcreds, *creds; { krb5_boolean retval; krb5_principal_data p1, p2; retval = krb5_principal_compare(context, mcreds->client,creds->client); if (retval != TRUE) - return retval; + return retval; /* * Hack to ignore the server realm for the purposes of the compare. */ @@ -984,22 +985,22 @@ authdata_match(mdata, data) const krb5_authdata *mdatap, *datap; if (mdata == data) - return TRUE; + return TRUE; if (mdata == NULL) - return *data == NULL; + return *data == NULL; if (data == NULL) - return *mdata == NULL; + return *mdata == NULL; while ((mdatap = *mdata) - && (datap = *data) - && mdatap->ad_type == datap->ad_type - && mdatap->length == datap->length - && !memcmp ((char *) mdatap->contents, (char *) datap->contents, - datap->length)) { - mdata++; - data++; + && (datap = *data) + && mdatap->ad_type == datap->ad_type + && mdatap->length == datap->length + && !memcmp ((char *) mdatap->contents, (char *) datap->contents, + datap->length)) { + mdata++; + data++; } return !*mdata && !*data; @@ -1010,17 +1011,17 @@ data_match(data1, data2) register const krb5_data *data1, *data2; { if (!data1) { - if (!data2) - return TRUE; - else - return FALSE; + if (!data2) + return TRUE; + else + return FALSE; } if (!data2) return FALSE; if (data1->length != data2->length) - return FALSE; + return FALSE; else - return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE; + return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE; } #define MATCH_SET(bits) (whichfields & bits) @@ -1029,41 +1030,41 @@ data_match(data1, data2) /* stdccCredsMatch * - check to see if the creds match based on the whichFields variable * NOTE: if whichfields is zero we are now comparing 'standard fields.' - * This is the bug that was killing fetch for a - * week. The behaviour is what krb5 expects, however. + * This is the bug that was killing fetch for a + * week. The behaviour is what krb5 expects, however. */ int stdccCredsMatch(krb5_context context, krb5_creds *base, - krb5_creds *match, int whichfields) + krb5_creds *match, int whichfields) { if (((MATCH_SET(KRB5_TC_MATCH_SRV_NAMEONLY) && - srvname_match(context, match, base)) || - standard_fields_match(context, match, base)) + srvname_match(context, match, base)) || + standard_fields_match(context, match, base)) + && + (! MATCH_SET(KRB5_TC_MATCH_IS_SKEY) || + match->is_skey == base->is_skey) + && + (! MATCH_SET(KRB5_TC_MATCH_FLAGS_EXACT) || + match->ticket_flags == base->ticket_flags) + && + (! MATCH_SET(KRB5_TC_MATCH_FLAGS) || + flags_match(match->ticket_flags, base->ticket_flags)) + && + (! MATCH_SET(KRB5_TC_MATCH_TIMES_EXACT) || + times_match_exact(&match->times, &base->times)) + && + (! MATCH_SET(KRB5_TC_MATCH_TIMES) || + times_match(&match->times, &base->times)) + && + (! MATCH_SET(KRB5_TC_MATCH_AUTHDATA) || + authdata_match (match->authdata, base->authdata)) + && + (! MATCH_SET(KRB5_TC_MATCH_2ND_TKT) || + data_match (&match->second_ticket, &base->second_ticket)) && - (! MATCH_SET(KRB5_TC_MATCH_IS_SKEY) || - match->is_skey == base->is_skey) - && - (! MATCH_SET(KRB5_TC_MATCH_FLAGS_EXACT) || - match->ticket_flags == base->ticket_flags) - && - (! MATCH_SET(KRB5_TC_MATCH_FLAGS) || - flags_match(match->ticket_flags, base->ticket_flags)) - && - (! MATCH_SET(KRB5_TC_MATCH_TIMES_EXACT) || - times_match_exact(&match->times, &base->times)) - && - (! MATCH_SET(KRB5_TC_MATCH_TIMES) || - times_match(&match->times, &base->times)) - && - (! MATCH_SET(KRB5_TC_MATCH_AUTHDATA) || - authdata_match (match->authdata, base->authdata)) - && - (! MATCH_SET(KRB5_TC_MATCH_2ND_TKT) || - data_match (&match->second_ticket, &base->second_ticket)) - && - ((! MATCH_SET(KRB5_TC_MATCH_KTYPE))|| - (match->keyblock.enctype == base->keyblock.enctype)) - ) - return TRUE; + ((! MATCH_SET(KRB5_TC_MATCH_KTYPE))|| + (match->keyblock.enctype == base->keyblock.enctype)) + ) + return TRUE; return FALSE; } diff --git a/src/lib/krb5/ccache/ccapi/stdcc_util.h b/src/lib/krb5/ccache/ccapi/stdcc_util.h index 2b724eb..2e5eecc 100644 --- a/src/lib/krb5/ccache/ccapi/stdcc_util.h +++ b/src/lib/krb5/ccache/ccapi/stdcc_util.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* stdcc_util.h * * Frank Dabek, July 1998 @@ -21,16 +22,16 @@ /* protoypes for private functions declared in stdcc_util.c */ #ifdef USE_CCAPI_V3 -krb5_error_code -copy_cc_cred_union_to_krb5_creds (krb5_context in_context, - const cc_credentials_union *in_cred_union, +krb5_error_code +copy_cc_cred_union_to_krb5_creds (krb5_context in_context, + const cc_credentials_union *in_cred_union, krb5_creds *out_creds); krb5_error_code -copy_krb5_creds_to_cc_cred_union (krb5_context in_context, - krb5_creds *in_creds, +copy_krb5_creds_to_cc_cred_union (krb5_context in_context, + krb5_creds *in_creds, cc_credentials_union **out_cred_union); -krb5_error_code +krb5_error_code cred_union_release (cc_credentials_union *in_cred_union); #else int copyCCDataArrayToK5(cc_creds *cc, krb5_creds *kc, char whichArray); @@ -42,7 +43,7 @@ cc_int32 krb5int_free_cc_cred_union (cred_union** creds); int stdccCredsMatch(krb5_context context, krb5_creds *base, krb5_creds *match, int whichfields); int bitTst(int var, int mask); -#define kAddressArray 4 +#define kAddressArray 4 #define kAuthDataArray 5 #endif /* defined(_WIN32) || defined(USE_CCAPI) */ diff --git a/src/lib/krb5/ccache/ccapi/winccld.c b/src/lib/krb5/ccache/ccapi/winccld.c index 22646e1..8b2e90c 100644 --- a/src/lib/krb5/ccache/ccapi/winccld.c +++ b/src/lib/krb5/ccache/ccapi/winccld.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #if defined(_WIN32) /* * winccld.c --- routine for dynamically loading the ccache DLL if @@ -23,9 +24,9 @@ extern int krb5_is_ccdll_loaded(); /* * return codes */ -#define LF_OK 0 -#define LF_NODLL 1 -#define LF_NOFUNC 2 +#define LF_OK 0 +#define LF_NODLL 1 +#define LF_NOFUNC 2 #ifdef _WIN64 #define KRBCC_DLL "krbcc64.dll" @@ -34,10 +35,10 @@ extern int krb5_is_ccdll_loaded(); #endif static int LoadFuncs(const char* dll_name, FUNC_INFO fi[], - HINSTANCE* ph, int debug); + HINSTANCE* ph, int debug); static int LoadFuncs(const char* dll_name, FUNC_INFO fi[], - HINSTANCE* ph, int debug) + HINSTANCE* ph, int debug) { HINSTANCE h; int i, n; @@ -46,55 +47,55 @@ static int LoadFuncs(const char* dll_name, FUNC_INFO fi[], if (ph) *ph = 0; for (n = 0; fi[n].func_ptr_var; n++) { - *(fi[n].func_ptr_var) = 0; + *(fi[n].func_ptr_var) = 0; } if (!(h = LoadLibrary(dll_name))) { - /* Get error for source debugging purposes. */ - error = (int)GetLastError(); - return LF_NODLL; + /* Get error for source debugging purposes. */ + error = (int)GetLastError(); + return LF_NODLL; } if (debug) - printf("Loaded %s\n", dll_name); + printf("Loaded %s\n", dll_name); for (i = 0; !error && (i < n); i++) { - void* p = (void*)GetProcAddress(h, fi[i].func_name); - if (!p) { - if (debug) - printf("Could not get function: %s\n", fi[i].func_name); - error = 1; - } else { - *(fi[i].func_ptr_var) = p; - if (debug) - printf("Loaded function %s at 0x%08X\n", fi[i].func_name, p); - } + void* p = (void*)GetProcAddress(h, fi[i].func_name); + if (!p) { + if (debug) + printf("Could not get function: %s\n", fi[i].func_name); + error = 1; + } else { + *(fi[i].func_ptr_var) = p; + if (debug) + printf("Loaded function %s at 0x%08X\n", fi[i].func_name, p); + } } if (error) { - for (i = 0; i < n; i++) { - *(fi[i].func_ptr_var) = 0; - } - FreeLibrary(h); - return LF_NOFUNC; + for (i = 0; i < n; i++) { + *(fi[i].func_ptr_var) = 0; + } + FreeLibrary(h); + return LF_NOFUNC; } if (ph) *ph = h; return LF_OK; } void krb5_win_ccdll_load(context) - krb5_context context; + krb5_context context; { - krb5_cc_register(context, &krb5_fcc_ops, 0); - if (krb5_win_ccdll_loaded) - return; - if (LoadFuncs(KRBCC_DLL, krbcc_fi, 0, 0)) - return; /* Error, give up */ - krb5_win_ccdll_loaded = 1; - krb5_cc_dfl_ops = &krb5_cc_stdcc_ops; /* Use stdcc! */ + krb5_cc_register(context, &krb5_fcc_ops, 0); + if (krb5_win_ccdll_loaded) + return; + if (LoadFuncs(KRBCC_DLL, krbcc_fi, 0, 0)) + return; /* Error, give up */ + krb5_win_ccdll_loaded = 1; + krb5_cc_dfl_ops = &krb5_cc_stdcc_ops; /* Use stdcc! */ } int krb5_is_ccdll_loaded() { - return krb5_win_ccdll_loaded; + return krb5_win_ccdll_loaded; } -#endif /* Windows */ +#endif /* Windows */ diff --git a/src/lib/krb5/ccache/ccapi/winccld.h b/src/lib/krb5/ccache/ccapi/winccld.h index 245ae24..85017ab 100644 --- a/src/lib/krb5/ccache/ccapi/winccld.h +++ b/src/lib/krb5/ccache/ccapi/winccld.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * winccld.h -- the dynamic loaded version of the ccache DLL */ @@ -19,19 +20,19 @@ #ifdef USE_CCAPI_V3 typedef CCACHE_API cc_int32 (*FP_cc_initialize) ( - cc_context_t* outContext, - cc_int32 inVersion, - cc_int32* outSupportedVersion, - char const** outVendor); + cc_context_t* outContext, + cc_int32 inVersion, + cc_int32* outSupportedVersion, + char const** outVendor); #else -typedef cc_int32 (*FP_cc_initialize)(apiCB**, const cc_int32, - cc_int32*, const char**); -typedef cc_int32 (*FP_cc_shutdown)(apiCB**); -typedef cc_int32 (*FP_cc_get_change_time)(apiCB*, cc_time_t*); +typedef cc_int32 (*FP_cc_initialize)(apiCB**, const cc_int32, + cc_int32*, const char**); +typedef cc_int32 (*FP_cc_shutdown)(apiCB**); +typedef cc_int32 (*FP_cc_get_change_time)(apiCB*, cc_time_t*); typedef cc_int32 (*FP_cc_create)(apiCB*, const char*, const char*, - const enum cc_cred_vers, const cc_int32, ccache_p**); + const enum cc_cred_vers, const cc_int32, ccache_p**); typedef cc_int32 (*FP_cc_open)(apiCB*, const char*, const enum cc_cred_vers, - const cc_int32, ccache_p**); + const cc_int32, ccache_p**); typedef cc_int32 (*FP_cc_close)(apiCB*, ccache_p**); typedef cc_int32 (*FP_cc_destroy)(apiCB*, ccache_p**); typedef cc_int32 (*FP_cc_seq_fetch_NCs)(apiCB*, ccache_p**, ccache_cit**); @@ -42,21 +43,21 @@ typedef cc_int32 (*FP_cc_get_NC_info)(apiCB*, struct _infoNC***); typedef cc_int32 (*FP_cc_free_NC_info)(apiCB*, struct _infoNC***); typedef cc_int32 (*FP_cc_get_name)(apiCB*, const ccache_p*, char**); typedef cc_int32 (*FP_cc_set_principal)(apiCB*, const ccache_p*, - const enum cc_cred_vers, const char*); + const enum cc_cred_vers, const char*); typedef cc_int32 (*FP_cc_get_principal)(apiCB*, ccache_p*, char**); typedef cc_int32 (*FP_cc_get_cred_version)(apiCB*, const ccache_p*, - enum cc_cred_vers*); + enum cc_cred_vers*); typedef cc_int32 (*FP_cc_lock_request)(apiCB*, const ccache_p*, - const cc_int32); + const cc_int32); typedef cc_int32 (*FP_cc_store)(apiCB*, const ccache_p*, const cred_union); typedef cc_int32 (*FP_cc_remove_cred)(apiCB*, const ccache_p*, - const cred_union); -typedef cc_int32 (*FP_cc_seq_fetch_creds)(apiCB*, const ccache_p*, - cred_union**, ccache_cit**); -typedef cc_int32 (*FP_cc_seq_fetch_creds_begin)(apiCB*, const ccache_p*, - ccache_cit**); -typedef cc_int32 (*FP_cc_seq_fetch_creds_next)(apiCB*, cred_union**, - ccache_cit*); + const cred_union); +typedef cc_int32 (*FP_cc_seq_fetch_creds)(apiCB*, const ccache_p*, + cred_union**, ccache_cit**); +typedef cc_int32 (*FP_cc_seq_fetch_creds_begin)(apiCB*, const ccache_p*, + ccache_cit**); +typedef cc_int32 (*FP_cc_seq_fetch_creds_next)(apiCB*, cred_union**, + ccache_cit*); typedef cc_int32 (*FP_cc_seq_fetch_creds_end)(apiCB*, ccache_cit**); typedef cc_int32 (*FP_cc_free_principal)(apiCB*, char**); typedef cc_int32 (*FP_cc_free_name)(apiCB*, char** name); diff --git a/src/lib/krb5/ccache/ccbase.c b/src/lib/krb5/ccache/ccbase.c index f54486f..fb3d7ec 100644 --- a/src/lib/krb5/ccache/ccbase.c +++ b/src/lib/krb5/ccache/ccbase.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/ccbase.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Registration functions for ccache. */ @@ -96,22 +97,22 @@ krb5int_cc_initialize(void) err = k5_cc_mutex_finish_init(&cccol_lock); if (err) - return err; + return err; err = k5_cc_mutex_finish_init(&krb5int_mcc_mutex); if (err) - return err; + return err; err = k5_mutex_finish_init(&cc_typelist_lock); if (err) - return err; + return err; #ifndef NO_FILE_CCACHE err = k5_cc_mutex_finish_init(&krb5int_cc_file_mutex); if (err) - return err; + return err; #endif #ifdef USE_KEYRING_CCACHE err = k5_cc_mutex_finish_init(&krb5int_krcc_mutex); if (err) - return err; + return err; #endif return 0; } @@ -131,8 +132,8 @@ krb5int_cc_finalize(void) k5_cc_mutex_destroy(&krb5int_krcc_mutex); #endif for (t = cc_typehead; t != INITIAL_TYPEHEAD; t = t_next) { - t_next = t->next; - free(t); + t_next = t->next; + free(t); } } @@ -143,30 +144,30 @@ krb5int_cc_finalize(void) */ krb5_error_code KRB5_CALLCONV -krb5_cc_register(krb5_context context, const krb5_cc_ops *ops, - krb5_boolean override) +krb5_cc_register(krb5_context context, const krb5_cc_ops *ops, + krb5_boolean override) { struct krb5_cc_typelist *t; krb5_error_code err; err = k5_mutex_lock(&cc_typelist_lock); if (err) - return err; + return err; for (t = cc_typehead;t && strcmp(t->ops->prefix,ops->prefix);t = t->next) - ; + ; if (t) { - if (override) { - t->ops = ops; - k5_mutex_unlock(&cc_typelist_lock); - return 0; - } else { - k5_mutex_unlock(&cc_typelist_lock); - return KRB5_CC_TYPE_EXISTS; - } + if (override) { + t->ops = ops; + k5_mutex_unlock(&cc_typelist_lock); + return 0; + } else { + k5_mutex_unlock(&cc_typelist_lock); + return KRB5_CC_TYPE_EXISTS; + } } if (!(t = (struct krb5_cc_typelist *) malloc(sizeof(*t)))) { - k5_mutex_unlock(&cc_typelist_lock); - return ENOMEM; + k5_mutex_unlock(&cc_typelist_lock); + return ENOMEM; } t->next = cc_typehead; t->ops = ops; @@ -196,14 +197,14 @@ krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache) const krb5_cc_ops *ops; if (name == NULL) - return KRB5_CC_BADNAME; + return KRB5_CC_BADNAME; pfx = NULL; cp = strchr (name, ':'); if (!cp) { - if (krb5_cc_dfl_ops) - return (*krb5_cc_dfl_ops->resolve)(context, cache, name); - else - return KRB5_CC_BADNAME; + if (krb5_cc_dfl_ops) + return (*krb5_cc_dfl_ops->resolve)(context, cache, name); + else + return KRB5_CC_BADNAME; } pfxlen = cp - name; @@ -230,9 +231,9 @@ krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache) err = krb5int_cc_getops(context, pfx, &ops); if (pfx != NULL) - free(pfx); + free(pfx); if (err) - return err; + return err; return ops->resolve(context, cache, resid); } @@ -254,19 +255,19 @@ krb5int_cc_getops( err = k5_mutex_lock(&cc_typelist_lock); if (err) - return err; + return err; for (tlist = cc_typehead; tlist; tlist = tlist->next) { - if (strcmp (tlist->ops->prefix, pfx) == 0) { - *ops = tlist->ops; - k5_mutex_unlock(&cc_typelist_lock); - return 0; - } + if (strcmp (tlist->ops->prefix, pfx) == 0) { + *ops = tlist->ops; + k5_mutex_unlock(&cc_typelist_lock); + return 0; + } } k5_mutex_unlock(&cc_typelist_lock); if (krb5_cc_dfl_ops && !strcmp (pfx, krb5_cc_dfl_ops->prefix)) { - *ops = krb5_cc_dfl_ops; - return 0; + *ops = krb5_cc_dfl_ops; + return 0; } return KRB5_CC_UNKNOWN_TYPE; } @@ -291,7 +292,7 @@ krb5_cc_new_unique( err = krb5int_cc_getops(context, type, &ops); if (err) - return err; + return err; return ops->gen_new(context, id); } @@ -312,20 +313,20 @@ krb5int_cc_typecursor_new(krb5_context context, krb5_cc_typecursor *t) *t = NULL; n = malloc(sizeof(*n)); if (n == NULL) - return ENOMEM; + return ENOMEM; err = k5_mutex_lock(&cc_typelist_lock); if (err) - goto errout; + goto errout; n->tptr = cc_typehead; err = k5_mutex_unlock(&cc_typelist_lock); if (err) - goto errout; + goto errout; *t = n; errout: if (err) - free(n); + free(n); return err; } @@ -339,16 +340,16 @@ krb5int_cc_typecursor_next( *ops = NULL; if (t->tptr == NULL) - return 0; + return 0; err = k5_mutex_lock(&cc_typelist_lock); if (err) - goto errout; + goto errout; *ops = t->tptr->ops; t->tptr = t->tptr->next; err = k5_mutex_unlock(&cc_typelist_lock); if (err) - goto errout; + goto errout; errout: return err; @@ -367,40 +368,40 @@ krb5_cc_move (krb5_context context, krb5_ccache src, krb5_ccache dst) { krb5_error_code ret = 0; krb5_principal princ = NULL; - + ret = krb5_cccol_lock(context); if (ret) { - return ret; + return ret; } - + ret = krb5_cc_lock(context, src); if (ret) { - krb5_cccol_unlock(context); - return ret; + krb5_cccol_unlock(context); + return ret; } - + ret = krb5_cc_get_principal(context, src, &princ); if (!ret) { - ret = krb5_cc_initialize(context, dst, princ); + ret = krb5_cc_initialize(context, dst, princ); } if (!ret) { - ret = krb5_cc_lock(context, dst); + ret = krb5_cc_lock(context, dst); } if (!ret) { - ret = krb5_cc_copy_creds(context, src, dst); - krb5_cc_unlock(context, dst); + ret = krb5_cc_copy_creds(context, src, dst); + krb5_cc_unlock(context, dst); } - + krb5_cc_unlock(context, src); if (!ret) { - ret = krb5_cc_destroy(context, src); + ret = krb5_cc_destroy(context, src); } krb5_cccol_unlock(context); if (princ) { - krb5_free_principal(context, princ); - princ = NULL; - } - + krb5_free_principal(context, princ); + princ = NULL; + } + return ret; } @@ -408,12 +409,12 @@ krb5_error_code k5_cc_mutex_init(k5_cc_mutex *m) { krb5_error_code ret = 0; - + ret = k5_mutex_init(&m->lock); if (ret) return ret; m->owner = NULL; m->refcount = 0; - + return ret; } @@ -421,12 +422,12 @@ krb5_error_code k5_cc_mutex_finish_init(k5_cc_mutex *m) { krb5_error_code ret = 0; - + ret = k5_mutex_finish_init(&m->lock); if (ret) return ret; m->owner = NULL; m->refcount = 0; - + return ret; } @@ -447,42 +448,42 @@ k5_cc_mutex_assert_unlocked(krb5_context context, k5_cc_mutex *m) assert(m->refcount == 0); assert(m->owner == NULL); #endif - k5_assert_unlocked(&m->lock); + k5_assert_unlocked(&m->lock); } krb5_error_code k5_cc_mutex_lock(krb5_context context, k5_cc_mutex *m) { krb5_error_code ret = 0; - + // not locked or already locked by another context if (m->owner != context) { - // acquire lock, blocking until available - ret = k5_mutex_lock(&m->lock); - m->owner = context; - m->refcount = 1; + // acquire lock, blocking until available + ret = k5_mutex_lock(&m->lock); + m->owner = context; + m->refcount = 1; } // already locked by this context, just increase refcount else { - m->refcount++; + m->refcount++; } - return ret; + return ret; } krb5_error_code k5_cc_mutex_unlock(krb5_context context, k5_cc_mutex *m) { krb5_error_code ret = 0; - + /* verify owner and sanity check refcount */ if ((m->owner != context) || (m->refcount < 1)) { - return ret; + return ret; } /* decrement & unlock when count reaches zero */ m->refcount--; if (m->refcount == 0) { - m->owner = NULL; - k5_mutex_unlock(&m->lock); + m->owner = NULL; + k5_mutex_unlock(&m->lock); } return ret; } @@ -492,13 +493,13 @@ krb5_error_code k5_cc_mutex_force_unlock(k5_cc_mutex *m) { krb5_error_code ret = 0; - + m->refcount = 0; m->owner = NULL; if (m->refcount > 0) { - k5_mutex_unlock(&m->lock); + k5_mutex_unlock(&m->lock); } - return ret; + return ret; } /* @@ -509,28 +510,28 @@ krb5_error_code KRB5_CALLCONV krb5_cccol_lock(krb5_context context) { krb5_error_code ret = 0; - + ret = k5_cc_mutex_lock(context, &cccol_lock); if (ret) { - return ret; - } + return ret; + } ret = k5_mutex_lock(&cc_typelist_lock); if (ret) { - k5_cc_mutex_unlock(context, &cccol_lock); - return ret; + k5_cc_mutex_unlock(context, &cccol_lock); + return ret; } ret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex); if (ret) { - k5_mutex_unlock(&cc_typelist_lock); - k5_cc_mutex_unlock(context, &cccol_lock); - return ret; + k5_mutex_unlock(&cc_typelist_lock); + k5_cc_mutex_unlock(context, &cccol_lock); + return ret; } ret = k5_cc_mutex_lock(context, &krb5int_mcc_mutex); if (ret) { - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - k5_mutex_unlock(&cc_typelist_lock); - k5_cc_mutex_unlock(context, &cccol_lock); - return ret; + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + k5_mutex_unlock(&cc_typelist_lock); + k5_cc_mutex_unlock(context, &cccol_lock); + return ret; } #ifdef USE_CCAPI_V3 ret = krb5_stdccv3_context_lock(context); @@ -539,11 +540,11 @@ krb5_cccol_lock(krb5_context context) ret = k5_cc_mutex_lock(context, &krb5int_krcc_mutex); #endif if (ret) { - k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); - k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); - k5_mutex_unlock(&cc_typelist_lock); - k5_cc_mutex_unlock(context, &cccol_lock); - return ret; + k5_cc_mutex_unlock(context, &krb5int_mcc_mutex); + k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); + k5_mutex_unlock(&cc_typelist_lock); + k5_cc_mutex_unlock(context, &cccol_lock); + return ret; } k5_mutex_unlock(&cc_typelist_lock); return ret; @@ -553,15 +554,15 @@ krb5_error_code KRB5_CALLCONV krb5_cccol_unlock(krb5_context context) { krb5_error_code ret = 0; - + /* sanity check */ k5_cc_mutex_assert_locked(context, &cccol_lock); - + ret = k5_mutex_lock(&cc_typelist_lock); if (ret) { - k5_cc_mutex_unlock(context, &cccol_lock); - return ret; - } + k5_cc_mutex_unlock(context, &cccol_lock); + return ret; + } // unlock each type in the opposite order #ifdef USE_KEYRING_CCACHE @@ -588,20 +589,20 @@ krb5_error_code k5_cccol_force_unlock() { krb5_error_code ret = 0; - + /* sanity check */ if ((&cccol_lock)->refcount == 0) { - return 0; + return 0; } - + ret = k5_mutex_lock(&cc_typelist_lock); if (ret) { - (&cccol_lock)->refcount = 0; - (&cccol_lock)->owner = NULL; - k5_mutex_unlock(&(&cccol_lock)->lock); - return ret; - } - + (&cccol_lock)->refcount = 0; + (&cccol_lock)->owner = NULL; + k5_mutex_unlock(&(&cccol_lock)->lock); + return ret; + } + // unlock each type in the opposite order #ifdef USE_KEYRING_CCACHE k5_cc_mutex_force_unlock(&krb5int_krcc_mutex); @@ -611,9 +612,9 @@ k5_cccol_force_unlock() #endif k5_cc_mutex_force_unlock(&krb5int_mcc_mutex); k5_cc_mutex_force_unlock(&krb5int_cc_file_mutex); - + k5_mutex_unlock(&cc_typelist_lock); k5_cc_mutex_force_unlock(&cccol_lock); - + return ret; } diff --git a/src/lib/krb5/ccache/cccopy.c b/src/lib/krb5/ccache/cccopy.c index a9a45b5..36b3f42 100644 --- a/src/lib/krb5/ccache/cccopy.c +++ b/src/lib/krb5/ccache/cccopy.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" krb5_error_code KRB5_CALLCONV @@ -8,29 +9,29 @@ krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc) krb5_cc_cursor cur = 0; krb5_creds creds; - flags = 0; /* turns off OPENCLOSE mode */ + flags = 0; /* turns off OPENCLOSE mode */ if ((code = krb5_cc_set_flags(context, incc, flags))) - return(code); + return(code); /* the code for this will open the file for reading only, which is not what I had in mind. So I won't turn off OPENCLOSE for the output ccache */ #if 0 if ((code = krb5_cc_set_flags(context, outcc, flags))) - return(code); + return(code); #endif if ((code = krb5_cc_start_seq_get(context, incc, &cur))) - goto cleanup; + goto cleanup; while (!(code = krb5_cc_next_cred(context, incc, &cur, &creds))) { - code = krb5_cc_store_cred(context, outcc, &creds); - krb5_free_cred_contents(context, &creds); - if (code) - goto cleanup; + code = krb5_cc_store_cred(context, outcc, &creds); + krb5_free_cred_contents(context, &creds); + if (code) + goto cleanup; } if (code != KRB5_CC_END) - goto cleanup; + goto cleanup; code = krb5_cc_end_seq_get(context, incc, &cur); cur = 0; @@ -43,19 +44,19 @@ cleanup: flags = KRB5_TC_OPENCLOSE; /* If set then we are in an error pathway */ - if (cur) - krb5_cc_end_seq_get(context, incc, &cur); + if (cur) + krb5_cc_end_seq_get(context, incc, &cur); if (code) - krb5_cc_set_flags(context, incc, flags); + krb5_cc_set_flags(context, incc, flags); else - code = krb5_cc_set_flags(context, incc, flags); + code = krb5_cc_set_flags(context, incc, flags); #if 0 if (code) - krb5_cc_set_flags(context, outcc, flags); + krb5_cc_set_flags(context, outcc, flags); else - code = krb5_cc_set_flags(context, outcc, flags); + code = krb5_cc_set_flags(context, outcc, flags); #endif return(code); diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c index 5a062d4..852eff8 100644 --- a/src/lib/krb5/ccache/cccursor.c +++ b/src/lib/krb5/ccache/cccursor.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/cccursor.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -75,7 +76,7 @@ krb5_cccol_cursor_new( *cursor = NULL; n = malloc(sizeof(*n)); if (n == NULL) - return ENOMEM; + return ENOMEM; n->pos = CCCURSOR_CONTEXT; n->typecursor = NULL; @@ -83,27 +84,27 @@ krb5_cccol_cursor_new( n->ops = NULL; for (i = 0; i < NFULLNAMES; i++) { - n->fullnames[i].pfx = n->fullnames[i].res = NULL; + n->fullnames[i].pfx = n->fullnames[i].res = NULL; } n->cur_fullname = 0; ret = krb5int_cc_typecursor_new(context, &n->typecursor); if (ret) - goto errout; + goto errout; do { - /* Find first backend with ptcursor functionality. */ - ret = krb5int_cc_typecursor_next(context, n->typecursor, &n->ops); - if (ret || n->ops == NULL) - goto errout; + /* Find first backend with ptcursor functionality. */ + ret = krb5int_cc_typecursor_next(context, n->typecursor, &n->ops); + if (ret || n->ops == NULL) + goto errout; } while (n->ops->ptcursor_new == NULL); ret = n->ops->ptcursor_new(context, &n->ptcursor); if (ret) - goto errout; + goto errout; errout: if (ret) { - krb5_cccol_cursor_free(context, &n); + krb5_cccol_cursor_free(context, &n); } *cursor = n; return ret; @@ -124,48 +125,48 @@ krb5_cccol_cursor_next( switch (cursor->pos) { case CCCURSOR_CONTEXT: - name = os_ctx->default_ccname; - if (name != NULL) { - cursor->pos = CCCURSOR_ENV; - ret = cccol_do_resolve(context, cursor, name, ccache); - if (ret) - goto errout; - if (*ccache != NULL) - break; - } - /* fall through */ + name = os_ctx->default_ccname; + if (name != NULL) { + cursor->pos = CCCURSOR_ENV; + ret = cccol_do_resolve(context, cursor, name, ccache); + if (ret) + goto errout; + if (*ccache != NULL) + break; + } + /* fall through */ case CCCURSOR_ENV: - name = getenv(KRB5_ENV_CCNAME); - if (name != NULL) { - cursor->pos = CCCURSOR_OS; - ret = cccol_do_resolve(context, cursor, name, ccache); - if (ret) - goto errout; - if (*ccache != NULL) - break; - } - /* fall through */ + name = getenv(KRB5_ENV_CCNAME); + if (name != NULL) { + cursor->pos = CCCURSOR_OS; + ret = cccol_do_resolve(context, cursor, name, ccache); + if (ret) + goto errout; + if (*ccache != NULL) + break; + } + /* fall through */ case CCCURSOR_OS: - ret = krb5int_cc_os_default_name(context, &name); - if (ret) goto errout; - if (name != NULL) { - cursor->pos = CCCURSOR_PERTYPE; - ret = cccol_do_resolve(context, cursor, name, ccache); - free(name); - if (ret) - goto errout; - if (*ccache != NULL) - break; - } - /* fall through */ + ret = krb5int_cc_os_default_name(context, &name); + if (ret) goto errout; + if (name != NULL) { + cursor->pos = CCCURSOR_PERTYPE; + ret = cccol_do_resolve(context, cursor, name, ccache); + free(name); + if (ret) + goto errout; + if (*ccache != NULL) + break; + } + /* fall through */ case CCCURSOR_PERTYPE: - cursor->pos = CCCURSOR_PERTYPE; - do { - ret = cccol_pertype_next(context, cursor, ccache); - if (ret) - goto errout; - } while (cccol_already(context, cursor, ccache)); - break; + cursor->pos = CCCURSOR_PERTYPE; + do { + ret = cccol_pertype_next(context, cursor, ccache); + if (ret) + goto errout; + } while (cccol_already(context, cursor, ccache)); + break; } errout: return ret; @@ -180,18 +181,18 @@ krb5_cccol_cursor_free( int i; if (c == NULL) - return 0; + return 0; for (i = 0; i < NFULLNAMES; i++) { - if (c->fullnames[i].pfx != NULL) - free(c->fullnames[i].pfx); - if (c->fullnames[i].res != NULL) - free(c->fullnames[i].res); + if (c->fullnames[i].pfx != NULL) + free(c->fullnames[i].pfx); + if (c->fullnames[i].res != NULL) + free(c->fullnames[i].res); } if (c->ptcursor != NULL) - c->ops->ptcursor_free(context, &c->ptcursor); + c->ops->ptcursor_free(context, &c->ptcursor); if (c->typecursor != NULL) - krb5int_cc_typecursor_free(context, &c->typecursor); + krb5int_cc_typecursor_free(context, &c->typecursor); free(c); *cursor = NULL; @@ -200,7 +201,7 @@ krb5_cccol_cursor_free( krb5_error_code KRB5_CALLCONV krb5_cccol_last_change_time( - krb5_context context, + krb5_context context, krb5_timestamp *change_time) { krb5_error_code ret = 0; @@ -208,11 +209,11 @@ krb5_cccol_last_change_time( krb5_ccache ccache = NULL; krb5_timestamp last_time = 0; krb5_timestamp max_change_time = 0; - + *change_time = 0; - + ret = krb5_cccol_cursor_new(context, &c); - + while (!ret) { ret = krb5_cccol_cursor_next(context, c, &ccache); if (ccache) { @@ -248,19 +249,19 @@ cccol_already( int i; if (*ccache == NULL) - return 0; + return 0; name = krb5_cc_get_name(context, *ccache); if (name == NULL) - return 0; + return 0; prefix = krb5_cc_get_type(context, *ccache); assert(c->cur_fullname < NFULLNAMES); for (i = 0; i < c->cur_fullname; i++) { - if (cccol_cmpname(prefix, name, &c->fullnames[i])) { - krb5_cc_close(context, *ccache); - *ccache = NULL; - return 1; - } + if (cccol_cmpname(prefix, name, &c->fullnames[i])) { + krb5_cc_close(context, *ccache); + *ccache = NULL; + return 1; + } } return 0; } @@ -275,11 +276,11 @@ cccol_cmpname( struct cc_fullname *fullname) { if (fullname->pfx == NULL || fullname->res == NULL) - return 0; + return 0; if (strcmp(prefix, fullname->pfx)) - return 0; + return 0; if (strcmp(name, fullname->res)) - return 0; + return 0; return 1; } @@ -303,10 +304,10 @@ cccol_do_resolve( assert(cursor->cur_fullname < NFULLNAMES); ret = krb5_cc_resolve(context, name, ccache); if (ret) - return ret; + return ret; if (cccol_already(context, cursor, ccache)) - return 0; + return 0; fullname = &cursor->fullnames[cursor->cur_fullname]; fullname->pfx = strdup(krb5_cc_get_type(context, *ccache)); @@ -331,35 +332,35 @@ cccol_pertype_next( /* Are we out of backends? */ if (cursor->ops == NULL) - return 0; + return 0; /* * Loop in case there are multiple backends with empty ccache * lists. */ while (*ccache == NULL) { - ret = cursor->ops->ptcursor_next(context, cursor->ptcursor, ccache); - if (ret) - goto errout; - if (*ccache != NULL) - return 0; - - ret = cursor->ops->ptcursor_free(context, &cursor->ptcursor); - if (ret) - goto errout; - - do { - /* Find first backend with ptcursor functionality. */ - ret = krb5int_cc_typecursor_next(context, cursor->typecursor, - &cursor->ops); - if (ret) - goto errout; - if (cursor->ops == NULL) - return 0; - } while (cursor->ops->ptcursor_new == NULL); - - ret = cursor->ops->ptcursor_new(context, &cursor->ptcursor); - if (ret) - goto errout; + ret = cursor->ops->ptcursor_next(context, cursor->ptcursor, ccache); + if (ret) + goto errout; + if (*ccache != NULL) + return 0; + + ret = cursor->ops->ptcursor_free(context, &cursor->ptcursor); + if (ret) + goto errout; + + do { + /* Find first backend with ptcursor functionality. */ + ret = krb5int_cc_typecursor_next(context, cursor->typecursor, + &cursor->ops); + if (ret) + goto errout; + if (cursor->ops == NULL) + return 0; + } while (cursor->ops->ptcursor_new == NULL); + + ret = cursor->ops->ptcursor_new(context, &cursor->ptcursor); + if (ret) + goto errout; } errout: return ret; diff --git a/src/lib/krb5/ccache/ccdefault.c b/src/lib/krb5/ccache/ccdefault.c index c4f9f29..a4498d0 100644 --- a/src/lib/krb5/ccache/ccdefault.c +++ b/src/lib/krb5/ccache/ccdefault.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/ccdefault.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Find default credential cache */ @@ -46,20 +47,20 @@ static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; krb5_error_code KRB5_CALLCONV krb5_cc_default(krb5_context context, krb5_ccache *ccache) { - const char *default_name; - - if (!context || context->magic != KV5M_CONTEXT) - return KV5M_CONTEXT; - - default_name = krb5_cc_default_name(context); - if (default_name == NULL) { - /* Could be a bogus context, or an allocation failure, or - other things. Unfortunately the API doesn't allow us - to find out any specifics. */ - return KRB5_FCC_INTERNAL; - } - - return krb5_cc_resolve(context, default_name, ccache); + const char *default_name; + + if (!context || context->magic != KV5M_CONTEXT) + return KV5M_CONTEXT; + + default_name = krb5_cc_default_name(context); + if (default_name == NULL) { + /* Could be a bogus context, or an allocation failure, or + other things. Unfortunately the API doesn't allow us + to find out any specifics. */ + return KRB5_FCC_INTERNAL; + } + + return krb5_cc_resolve(context, default_name, ccache); } /* This is the internal function which opens the default ccache. On @@ -85,35 +86,35 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) kim_identity identity = KIM_IDENTITY_ANY; kim_credential_state state; kim_string name = NULL; - - err = kim_ccache_create_from_display_name (&kimccache, + + err = kim_ccache_create_from_display_name (&kimccache, krb5_cc_default_name (context)); - + if (!err) { err = kim_ccache_get_client_identity (kimccache, &identity); } - + if (!err) { err = kim_ccache_get_state (kimccache, &state); } - + if (err || state != kim_credentials_state_valid) { /* Either the ccache is does not exist or is invalid. Get new * tickets. Use the identity in the ccache if there was one. */ kim_ccache_free (&kimccache); - err = kim_ccache_create_new (&kimccache, + err = kim_ccache_create_new (&kimccache, identity, KIM_OPTIONS_DEFAULT); } - + if (!err) { err = kim_ccache_get_display_name (kimccache, &name); } - + if (!err) { - krb5_cc_set_default_name (context, name); + krb5_cc_set_default_name (context, name); } - kim_identity_free (&identity); + kim_identity_free (&identity); kim_string_free (&name); kim_ccache_free (&kimccache); } @@ -123,19 +124,19 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) hLeashDLL = LoadLibrary(LEASH_DLL); if ( hLeashDLL != INVALID_HANDLE_VALUE ) { (FARPROC) pLeash_AcquireInitialTicketsIfNeeded = - GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded"); + GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded"); } } - + if ( pLeash_AcquireInitialTicketsIfNeeded ) { - char ccname[256]=""; + char ccname[256]=""; pLeash_AcquireInitialTicketsIfNeeded(context, NULL, ccname, sizeof(ccname)); - if (ccname[0]) { + if (ccname[0]) { char * ccdefname = krb5_cc_default_name (context); if (!ccdefname || strcmp (ccdefname, ccname) != 0) { krb5_cc_set_default_name (context, ccname); } - } + } } #endif #endif diff --git a/src/lib/krb5/ccache/ccdefops.c b/src/lib/krb5/ccache/ccdefops.c index 949758b..e517a25 100644 --- a/src/lib/krb5/ccache/ccdefops.c +++ b/src/lib/krb5/ccache/ccdefops.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/ccdefops.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Default credentials cache determination. This is a separate file * so that the user can more easily override it. @@ -35,7 +36,7 @@ /* * Macs use the shared, memory based credentials cache * Windows may also use the ccapi cache, but only if the Krbcc32.dll - * can be found; otherwise it falls back to using the old + * can be found; otherwise it falls back to using the old * file-based ccache. */ #include "stdcc.h" /* from ccapi subdir */ diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c index abfc037..e12dd56 100644 --- a/src/lib/krb5/ccache/ccfns.c +++ b/src/lib/krb5/ccache/ccfns.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/ccfns.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -44,7 +45,7 @@ krb5_cc_gen_new (krb5_context context, krb5_ccache *cache) krb5_error_code KRB5_CALLCONV krb5_cc_initialize(krb5_context context, krb5_ccache cache, - krb5_principal principal) + krb5_principal principal) { return cache->ops->init(context, cache, principal); } @@ -63,7 +64,7 @@ krb5_cc_close (krb5_context context, krb5_ccache cache) krb5_error_code KRB5_CALLCONV krb5_cc_store_cred (krb5_context context, krb5_ccache cache, - krb5_creds *creds) + krb5_creds *creds) { krb5_error_code ret; krb5_ticket *tkt; @@ -97,17 +98,17 @@ krb5_cc_store_cred (krb5_context context, krb5_ccache cache, krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache, - krb5_flags flags, krb5_creds *mcreds, - krb5_creds *creds) + krb5_flags flags, krb5_creds *mcreds, + krb5_creds *creds) { krb5_error_code ret; krb5_data tmprealm; ret = cache->ops->retrieve(context, cache, flags, mcreds, creds); if (ret != KRB5_CC_NOTFOUND) - return ret; + return ret; if (!krb5_is_referral_realm(&mcreds->server->realm)) - return ret; + return ret; /* * Retry using client's realm if service has referral realm. @@ -121,35 +122,35 @@ krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache, krb5_error_code KRB5_CALLCONV krb5_cc_get_principal (krb5_context context, krb5_ccache cache, - krb5_principal *principal) + krb5_principal *principal) { return cache->ops->get_princ(context, cache, principal); } krb5_error_code KRB5_CALLCONV krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor) + krb5_cc_cursor *cursor) { return cache->ops->get_first(context, cache, cursor); } krb5_error_code KRB5_CALLCONV krb5_cc_next_cred (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor, krb5_creds *creds) + krb5_cc_cursor *cursor, krb5_creds *creds) { return cache->ops->get_next(context, cache, cursor, creds); } krb5_error_code KRB5_CALLCONV krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor) + krb5_cc_cursor *cursor) { return cache->ops->end_get(context, cache, cursor); } krb5_error_code KRB5_CALLCONV krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, - krb5_creds *creds) + krb5_creds *creds) { return cache->ops->remove_cred(context, cache, flags, creds); } @@ -173,8 +174,8 @@ krb5_cc_get_type (krb5_context context, krb5_ccache cache) } krb5_error_code KRB5_CALLCONV -krb5_cc_last_change_time (krb5_context context, krb5_ccache ccache, - krb5_timestamp *change_time) +krb5_cc_last_change_time (krb5_context context, krb5_ccache ccache, + krb5_timestamp *change_time) { return ccache->ops->lastchange(context, ccache, change_time); } @@ -190,4 +191,3 @@ krb5_cc_unlock (krb5_context context, krb5_ccache ccache) { return ccache->ops->unlock(context, ccache); } - diff --git a/src/lib/krb5/ccache/fcc.h b/src/lib/krb5/ccache/fcc.h index f349da9..7ca60da 100644 --- a/src/lib/krb5/ccache/fcc.h +++ b/src/lib/krb5/ccache/fcc.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/file/fcc.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * This file contains constant and function declarations used in the * file-based credential cache routines. diff --git a/src/lib/krb5/ccache/scc.h b/src/lib/krb5/ccache/scc.h index 98acbc2..c6b5254 100644 --- a/src/lib/krb5/ccache/scc.h +++ b/src/lib/krb5/ccache/scc.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/stdio/scc.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * This file contains constant and function declarations used in the * file-based credential cache routines. @@ -46,14 +47,14 @@ * */ -#define KRB5_SCC_FVNO_1 0x0501 /* krb v5, scc v1 */ -#define KRB5_SCC_FVNO_2 0x0502 /* krb v5, scc v2 */ -#define KRB5_SCC_FVNO_3 0x0503 /* krb v5, scc v3 */ -#define KRB5_SCC_FVNO_4 0x0504 /* krb v5, scc v4 */ +#define KRB5_SCC_FVNO_1 0x0501 /* krb v5, scc v1 */ +#define KRB5_SCC_FVNO_2 0x0502 /* krb v5, scc v2 */ +#define KRB5_SCC_FVNO_3 0x0503 /* krb v5, scc v3 */ +#define KRB5_SCC_FVNO_4 0x0504 /* krb v5, scc v4 */ -#define SCC_OPEN_AND_ERASE 1 -#define SCC_OPEN_RDWR 2 -#define SCC_OPEN_RDONLY 3 +#define SCC_OPEN_AND_ERASE 1 +#define SCC_OPEN_RDWR 2 +#define SCC_OPEN_RDONLY 3 /* Credential file header tags. * The header tags are constructed as: @@ -63,7 +64,7 @@ * This format allows for older versions of the fcc processing code to skip * past unrecognized tag formats. */ -#define SCC_TAG_DELTATIME 1 +#define SCC_TAG_DELTATIME 1 #ifndef TKT_ROOT #define TKT_ROOT "/tmp/tkt" @@ -73,11 +74,11 @@ #define OPENCLOSE(id) (((krb5_scc_data *)id->data)->flags & KRB5_TC_OPENCLOSE) typedef struct _krb5_scc_data { - char *filename; - FILE *file; - krb5_flags flags; - char stdio_buffer[BUFSIZ]; - int version; + char *filename; + FILE *file; + krb5_flags flags; + char stdio_buffer[BUFSIZ]; + int version; } krb5_scc_data; /* An off_t can be arbitrarily complex */ @@ -85,17 +86,17 @@ typedef struct _krb5_scc_cursor { long pos; } krb5_scc_cursor; -#define MAYBE_OPEN(context, ID, MODE) \ -{ \ - if (OPENCLOSE (ID)) { \ - krb5_error_code maybe_open_ret = krb5_scc_open_file (context, ID,MODE); \ - if (maybe_open_ret) return maybe_open_ret; } } +#define MAYBE_OPEN(context, ID, MODE) \ + { \ + if (OPENCLOSE (ID)) { \ + krb5_error_code maybe_open_ret = krb5_scc_open_file (context, ID,MODE); \ + if (maybe_open_ret) return maybe_open_ret; } } -#define MAYBE_CLOSE(context, ID, RET) \ -{ \ - if (OPENCLOSE (ID)) { \ - krb5_error_code maybe_close_ret = krb5_scc_close_file (context, ID); \ - if (!(RET)) RET = maybe_close_ret; } } +#define MAYBE_CLOSE(context, ID, RET) \ + { \ + if (OPENCLOSE (ID)) { \ + krb5_error_code maybe_close_ret = krb5_scc_close_file (context, ID); \ + if (!(RET)) RET = maybe_close_ret; } } /* DO NOT ADD ANYTHING AFTER THIS #endif */ #endif /* __KRB5_FILE_CCACHE__ */ diff --git a/src/lib/krb5/ccache/ser_cc.c b/src/lib/krb5/ccache/ser_cc.c index 882dbf7..dfe5e60 100644 --- a/src/lib/krb5/ccache/ser_cc.c +++ b/src/lib/krb5/ccache/ser_cc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/ser_rc.c * @@ -32,129 +33,129 @@ /* * Routines to deal with externalizing krb5_ccache. - * krb5_ccache_size(); - * krb5_ccache_externalize(); - * krb5_ccache_internalize(); + * krb5_ccache_size(); + * krb5_ccache_externalize(); + * krb5_ccache_internalize(); */ static krb5_error_code krb5_ccache_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_ccache_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_ccache_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* * Serialization entry for this type. */ static const krb5_ser_entry krb5_ccache_ser_entry = { - KV5M_CCACHE, /* Type */ - krb5_ccache_size, /* Sizer routine */ - krb5_ccache_externalize, /* Externalize routine */ - krb5_ccache_internalize /* Internalize routine */ + KV5M_CCACHE, /* Type */ + krb5_ccache_size, /* Sizer routine */ + krb5_ccache_externalize, /* Externalize routine */ + krb5_ccache_internalize /* Internalize routine */ }; /* - * krb5_ccache_size() - Determine the size required to externalize - * this krb5_ccache variant. + * krb5_ccache_size() - Determine the size required to externalize + * this krb5_ccache variant. */ static krb5_error_code krb5_ccache_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_ccache ccache; - size_t required; + krb5_error_code kret; + krb5_ccache ccache; + size_t required; kret = EINVAL; if ((ccache = (krb5_ccache) arg)) { - /* - * Saving FILE: variants of krb5_ccache requires at minimum: - * krb5_int32 for KV5M_CCACHE - * krb5_int32 for length of ccache name. - * krb5_int32 for KV5M_CCACHE - */ - required = sizeof(krb5_int32) * 3; - if (ccache->ops->prefix) - required += (strlen(ccache->ops->prefix)+1); - - /* - * The ccache name is formed as follows: - * <prefix>:<name> - */ - required += strlen(krb5_cc_get_name(kcontext, ccache)); - - kret = 0; - *sizep += required; + /* + * Saving FILE: variants of krb5_ccache requires at minimum: + * krb5_int32 for KV5M_CCACHE + * krb5_int32 for length of ccache name. + * krb5_int32 for KV5M_CCACHE + */ + required = sizeof(krb5_int32) * 3; + if (ccache->ops->prefix) + required += (strlen(ccache->ops->prefix)+1); + + /* + * The ccache name is formed as follows: + * <prefix>:<name> + */ + required += strlen(krb5_cc_get_name(kcontext, ccache)); + + kret = 0; + *sizep += required; } return(kret); } /* - * krb5_ccache_externalize() - Externalize the krb5_ccache. + * krb5_ccache_externalize() - Externalize the krb5_ccache. */ static krb5_error_code krb5_ccache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_ccache ccache; - size_t required; - krb5_octet *bp; - size_t remain; - char *ccname; - const char *fnamep; + krb5_error_code kret; + krb5_ccache ccache; + size_t required; + krb5_octet *bp; + size_t remain; + char *ccname; + const char *fnamep; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((ccache = (krb5_ccache) arg)) { - kret = ENOMEM; - if (!krb5_ccache_size(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain); - - fnamep = krb5_cc_get_name(kcontext, ccache); - - if (ccache->ops->prefix) { - if (asprintf(&ccname, "%s:%s", ccache->ops->prefix, fnamep) < 0) - ccname = NULL; - } else - ccname = strdup(fnamep); - - if (ccname) { - /* Put the length of the file name */ - (void) krb5_ser_pack_int32((krb5_int32) strlen(ccname), - &bp, &remain); - - /* Put the name */ - (void) krb5_ser_pack_bytes((krb5_octet *) ccname, - strlen(ccname), - &bp, &remain); - - /* Put the trailer */ - (void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain); - kret = 0; - *buffer = bp; - *lenremain = remain; - free(ccname); - } - } + kret = ENOMEM; + if (!krb5_ccache_size(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain); + + fnamep = krb5_cc_get_name(kcontext, ccache); + + if (ccache->ops->prefix) { + if (asprintf(&ccname, "%s:%s", ccache->ops->prefix, fnamep) < 0) + ccname = NULL; + } else + ccname = strdup(fnamep); + + if (ccname) { + /* Put the length of the file name */ + (void) krb5_ser_pack_int32((krb5_int32) strlen(ccname), + &bp, &remain); + + /* Put the name */ + (void) krb5_ser_pack_bytes((krb5_octet *) ccname, + strlen(ccname), + &bp, &remain); + + /* Put the trailer */ + (void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain); + kret = 0; + *buffer = bp; + *lenremain = remain; + free(ccname); + } + } } return(kret); } /* - * krb5_ccache_internalize() - Internalize the krb5_ccache. + * krb5_ccache_internalize() - Internalize the krb5_ccache. */ static krb5_error_code krb5_ccache_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_ccache ccache; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - char *ccname = NULL; + krb5_error_code kret; + krb5_ccache ccache; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + char *ccname = NULL; *argp = NULL; @@ -164,40 +165,40 @@ krb5_ccache_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet ** /* Read our magic number. */ kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (kret) - return kret; + return kret; if (ibuf != KV5M_CCACHE) - return EINVAL; + return EINVAL; /* Unpack and validate the length of the ccache name. */ kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (kret) - return kret; + return kret; if (ibuf < 0 || ibuf > remain) - return EINVAL; + return EINVAL; /* Allocate and unpack the name. */ ccname = malloc(ibuf + 1); if (!ccname) - return ENOMEM; + return ENOMEM; kret = krb5_ser_unpack_bytes((krb5_octet *) ccname, (size_t) ibuf, - &bp, &remain); + &bp, &remain); if (kret) - goto cleanup; + goto cleanup; ccname[ibuf] = '\0'; /* Read the second magic number. */ kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (kret) - goto cleanup; + goto cleanup; if (ibuf != KV5M_CCACHE) { - kret = EINVAL; - goto cleanup; + kret = EINVAL; + goto cleanup; } /* Resolve the named credential cache. */ kret = krb5_cc_resolve(kcontext, ccname, &ccache); if (kret) - goto cleanup; + goto cleanup; *buffer = bp; *lenremain = remain; diff --git a/src/lib/krb5/ccache/t_cc.c b/src/lib/krb5/ccache/t_cc.c index c243809..466fa23 100644 --- a/src/lib/krb5/ccache/t_cc.c +++ b/src/lib/krb5/ccache/t_cc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/scc_test.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * */ @@ -44,273 +45,273 @@ int debug=0; static void init_structs(void) { - static int add=0x12345; - - static krb5_address addr; - - static krb5_address *addrs[] = { - &addr, - 0, - }; - - addr.magic = KV5M_ADDRESS; - addr.addrtype = ADDRTYPE_INET; - addr.length = 4; - addr.contents = (krb5_octet *) &add; - - test_creds.magic = KV5M_CREDS; - test_creds.client = NULL; - test_creds.server = NULL; - - test_creds.keyblock.magic = KV5M_KEYBLOCK; - test_creds.keyblock.contents = 0; - test_creds.keyblock.enctype = 1; - test_creds.keyblock.length = 1; - test_creds.keyblock.contents = (unsigned char *) "1"; - test_creds.times.authtime = 1111; - test_creds.times.starttime = 2222; - test_creds.times.endtime = 3333; - test_creds.times.renew_till = 4444; - test_creds.is_skey = 1; - test_creds.ticket_flags = 5555; - test_creds.addresses = addrs; - + static int add=0x12345; + + static krb5_address addr; + + static krb5_address *addrs[] = { + &addr, + 0, + }; + + addr.magic = KV5M_ADDRESS; + addr.addrtype = ADDRTYPE_INET; + addr.length = 4; + addr.contents = (krb5_octet *) &add; + + test_creds.magic = KV5M_CREDS; + test_creds.client = NULL; + test_creds.server = NULL; + + test_creds.keyblock.magic = KV5M_KEYBLOCK; + test_creds.keyblock.contents = 0; + test_creds.keyblock.enctype = 1; + test_creds.keyblock.length = 1; + test_creds.keyblock.contents = (unsigned char *) "1"; + test_creds.times.authtime = 1111; + test_creds.times.starttime = 2222; + test_creds.times.endtime = 3333; + test_creds.times.renew_till = 4444; + test_creds.is_skey = 1; + test_creds.ticket_flags = 5555; + test_creds.addresses = addrs; + #define SET_TICKET(ent, str) {ent.magic = KV5M_DATA; ent.length = sizeof(str); ent.data = str;} - SET_TICKET(test_creds.ticket, "This is ticket 1"); - SET_TICKET(test_creds.second_ticket, "This is ticket 2"); - test_creds.authdata = NULL; + SET_TICKET(test_creds.ticket, "This is ticket 1"); + SET_TICKET(test_creds.second_ticket, "This is ticket 2"); + test_creds.authdata = NULL; } static krb5_error_code init_test_cred(krb5_context context) { - krb5_error_code kret; - unsigned int i; - krb5_authdata *a; + krb5_error_code kret; + unsigned int i; + krb5_authdata *a; #define REALM "REALM" - kret = krb5_build_principal(context, &test_creds.client, sizeof(REALM), REALM, - "client-comp1", "client-comp2", NULL); - if(kret) - return kret; - - kret = krb5_build_principal(context, &test_creds.server, sizeof(REALM), REALM, - "server-comp1", "server-comp2", NULL); - if(kret) { - krb5_free_principal(context, test_creds.client); - test_creds.client = 0; - goto cleanup; - } - - test_creds.authdata = malloc (3 * sizeof(krb5_authdata *)); - if (!test_creds.authdata) { - kret = ENOMEM; - goto cleanup; - } - - for (i = 0 ; i <= 2 ; i++) { - test_creds.authdata[i] = 0; - } - a = (krb5_authdata *) malloc(sizeof(krb5_authdata)); - if(!a) { - kret = ENOMEM; - goto cleanup; - } - a->magic = KV5M_AUTHDATA; - a->ad_type = KRB5_AUTHDATA_IF_RELEVANT; - a->contents = (krb5_octet * ) malloc(1); - if(!a->contents) { - free(a); - kret = ENOMEM; - goto cleanup; - } - a->contents[0]=5; - a->length = 1; - test_creds.authdata[0] = a; - - a = (krb5_authdata *) malloc(sizeof(krb5_authdata)); - if(!a) { - kret = ENOMEM; - goto cleanup; - } - a->magic = KV5M_AUTHDATA; - a->ad_type = KRB5_AUTHDATA_KDC_ISSUED; - a->contents = (krb5_octet * ) malloc(2); - if(!a->contents) { - free(a); - kret = ENOMEM; - goto cleanup; - } - a->contents[0]=4; - a->contents[1]=6; - a->length = 2; - test_creds.authdata[1] = a; - + kret = krb5_build_principal(context, &test_creds.client, sizeof(REALM), REALM, + "client-comp1", "client-comp2", NULL); + if(kret) + return kret; + + kret = krb5_build_principal(context, &test_creds.server, sizeof(REALM), REALM, + "server-comp1", "server-comp2", NULL); + if(kret) { + krb5_free_principal(context, test_creds.client); + test_creds.client = 0; + goto cleanup; + } + + test_creds.authdata = malloc (3 * sizeof(krb5_authdata *)); + if (!test_creds.authdata) { + kret = ENOMEM; + goto cleanup; + } + + for (i = 0 ; i <= 2 ; i++) { + test_creds.authdata[i] = 0; + } + a = (krb5_authdata *) malloc(sizeof(krb5_authdata)); + if(!a) { + kret = ENOMEM; + goto cleanup; + } + a->magic = KV5M_AUTHDATA; + a->ad_type = KRB5_AUTHDATA_IF_RELEVANT; + a->contents = (krb5_octet * ) malloc(1); + if(!a->contents) { + free(a); + kret = ENOMEM; + goto cleanup; + } + a->contents[0]=5; + a->length = 1; + test_creds.authdata[0] = a; + + a = (krb5_authdata *) malloc(sizeof(krb5_authdata)); + if(!a) { + kret = ENOMEM; + goto cleanup; + } + a->magic = KV5M_AUTHDATA; + a->ad_type = KRB5_AUTHDATA_KDC_ISSUED; + a->contents = (krb5_octet * ) malloc(2); + if(!a->contents) { + free(a); + kret = ENOMEM; + goto cleanup; + } + a->contents[0]=4; + a->contents[1]=6; + a->length = 2; + test_creds.authdata[1] = a; + cleanup: - if(kret) { - if (test_creds.client) { - krb5_free_principal(context, test_creds.client); - test_creds.client = 0; - } - if (test_creds.server) { - krb5_free_principal(context, test_creds.server); - test_creds.server = 0; - - } - if (test_creds.authdata) { - krb5_free_authdata(context, test_creds.authdata); - test_creds.authdata = 0; - } - } - - return kret; + if(kret) { + if (test_creds.client) { + krb5_free_principal(context, test_creds.client); + test_creds.client = 0; + } + if (test_creds.server) { + krb5_free_principal(context, test_creds.server); + test_creds.server = 0; + + } + if (test_creds.authdata) { + krb5_free_authdata(context, test_creds.authdata); + test_creds.authdata = 0; + } + } + + return kret; } static void free_test_cred(krb5_context context) { - krb5_free_principal(context, test_creds.client); - - krb5_free_principal(context, test_creds.server); - - if(test_creds.authdata) { - krb5_free_authdata(context, test_creds.authdata); - test_creds.authdata = 0; - } + krb5_free_principal(context, test_creds.client); + + krb5_free_principal(context, test_creds.server); + + if(test_creds.authdata) { + krb5_free_authdata(context, test_creds.authdata); + test_creds.authdata = 0; + } } -#define CHECK(kret,msg) \ - if (kret != KRB5_OK) {\ - com_err(msg, kret, ""); \ - fflush(stderr);\ - exit(1);\ - } else if(debug) printf("%s went ok\n", msg); +#define CHECK(kret,msg) \ + if (kret != KRB5_OK) { \ + com_err(msg, kret, ""); \ + fflush(stderr); \ + exit(1); \ + } else if(debug) printf("%s went ok\n", msg); -#define CHECK_STR(str,msg) \ - if (str == 0) {\ - com_err(msg, kret, "");\ - exit(1);\ - } else if(debug) printf("%s went ok\n", msg); +#define CHECK_STR(str,msg) \ + if (str == 0) { \ + com_err(msg, kret, ""); \ + exit(1); \ + } else if(debug) printf("%s went ok\n", msg); -#define CHECK_BOOL(expr,errstr,msg) \ - if (expr) {\ - fprintf(stderr, "%s %s\n", msg, errstr); \ - exit(1); \ - } else if(debug) printf("%s went ok\n", msg); +#define CHECK_BOOL(expr,errstr,msg) \ + if (expr) { \ + fprintf(stderr, "%s %s\n", msg, errstr); \ + exit(1); \ + } else if(debug) printf("%s went ok\n", msg); -#define CHECK_FAIL(experr, kret, msg) \ - if (experr != kret) { CHECK(kret, msg);} +#define CHECK_FAIL(experr, kret, msg) \ + if (experr != kret) { CHECK(kret, msg);} static void cc_test(krb5_context context, const char *name, krb5_flags flags) { - krb5_ccache id, id2; - krb5_creds creds; - krb5_error_code kret; - krb5_cc_cursor cursor; - krb5_principal tmp; - - const char *c_name; - char newcache[300]; - char *save_type; - - kret = init_test_cred(context); - CHECK(kret, "init_creds"); - - kret = krb5_cc_resolve(context, name, &id); - CHECK(kret, "resolve"); - kret = krb5_cc_initialize(context, id, test_creds.client); - CHECK(kret, "initialize"); - - c_name = krb5_cc_get_name(context, id); - CHECK_STR(c_name, "get_name"); - - c_name = krb5_cc_get_type(context, id); - CHECK_STR(c_name, "get_type"); - save_type=strdup(c_name); - CHECK_STR(save_type, "copying type"); - - kret = krb5_cc_store_cred(context, id, &test_creds); - CHECK(kret, "store"); - - kret = krb5_cc_get_principal(context, id, &tmp); - CHECK(kret, "get_principal"); - - CHECK_BOOL(krb5_realm_compare(context, tmp, test_creds.client) != TRUE, - "realms do not match", "realm_compare"); - - - CHECK_BOOL(krb5_principal_compare(context, tmp, test_creds.client) != TRUE, - "principals do not match", "principal_compare"); - - krb5_free_principal(context, tmp); - - kret = krb5_cc_set_flags (context, id, flags); - CHECK(kret, "set_flags"); - - kret = krb5_cc_start_seq_get(context, id, &cursor); - CHECK(kret, "start_seq_get"); - kret = 0; - while (kret != KRB5_CC_END) { - if(debug) printf("Calling next_cred\n"); - kret = krb5_cc_next_cred(context, id, &cursor, &creds); - if(kret == KRB5_CC_END) { - if(debug) printf("next_cred: ok at end\n"); - } - else { - CHECK(kret, "next_cred"); - krb5_free_cred_contents(context, &creds); - } - - } - kret = krb5_cc_end_seq_get(context, id, &cursor); - CHECK(kret, "end_seq_get"); - - kret = krb5_cc_close(context, id); - CHECK(kret, "close"); - - - /* ------------------------------------------------- */ - kret = krb5_cc_resolve(context, name, &id); - CHECK(kret, "resolve2"); - - { - /* Copy the cache test*/ - snprintf(newcache, sizeof(newcache), "%s.new", name); - kret = krb5_cc_resolve(context, newcache, &id2); - CHECK(kret, "resolve of new cache"); - - /* This should fail as the new creds are not initialized */ - kret = krb5_cc_copy_creds(context, id, id2); - CHECK_FAIL(KRB5_FCC_NOFILE, kret, "copy_creds"); - - kret = krb5_cc_initialize(context, id2, test_creds.client); - CHECK(kret, "initialize of id2"); - - kret = krb5_cc_copy_creds(context, id, id2); - CHECK(kret, "copy_creds"); - - kret = krb5_cc_destroy(context, id2); - CHECK(kret, "destroy new cache"); - } - - /* Destroy the first cache */ - kret = krb5_cc_destroy(context, id); - CHECK(kret, "destroy"); - - /* ----------------------------------------------------- */ - /* Tests the generate new code */ - kret = krb5_cc_new_unique(context, save_type, - NULL, &id2); - CHECK(kret, "new_unique"); - - kret = krb5_cc_initialize(context, id2, test_creds.client); - CHECK(kret, "initialize"); - - kret = krb5_cc_store_cred(context, id2, &test_creds); - CHECK(kret, "store"); - - kret = krb5_cc_destroy(context, id2); - CHECK(kret, "destroy id2"); - - free(save_type); - free_test_cred(context); + krb5_ccache id, id2; + krb5_creds creds; + krb5_error_code kret; + krb5_cc_cursor cursor; + krb5_principal tmp; + + const char *c_name; + char newcache[300]; + char *save_type; + + kret = init_test_cred(context); + CHECK(kret, "init_creds"); + + kret = krb5_cc_resolve(context, name, &id); + CHECK(kret, "resolve"); + kret = krb5_cc_initialize(context, id, test_creds.client); + CHECK(kret, "initialize"); + + c_name = krb5_cc_get_name(context, id); + CHECK_STR(c_name, "get_name"); + + c_name = krb5_cc_get_type(context, id); + CHECK_STR(c_name, "get_type"); + save_type=strdup(c_name); + CHECK_STR(save_type, "copying type"); + + kret = krb5_cc_store_cred(context, id, &test_creds); + CHECK(kret, "store"); + + kret = krb5_cc_get_principal(context, id, &tmp); + CHECK(kret, "get_principal"); + + CHECK_BOOL(krb5_realm_compare(context, tmp, test_creds.client) != TRUE, + "realms do not match", "realm_compare"); + + + CHECK_BOOL(krb5_principal_compare(context, tmp, test_creds.client) != TRUE, + "principals do not match", "principal_compare"); + + krb5_free_principal(context, tmp); + + kret = krb5_cc_set_flags (context, id, flags); + CHECK(kret, "set_flags"); + + kret = krb5_cc_start_seq_get(context, id, &cursor); + CHECK(kret, "start_seq_get"); + kret = 0; + while (kret != KRB5_CC_END) { + if(debug) printf("Calling next_cred\n"); + kret = krb5_cc_next_cred(context, id, &cursor, &creds); + if(kret == KRB5_CC_END) { + if(debug) printf("next_cred: ok at end\n"); + } + else { + CHECK(kret, "next_cred"); + krb5_free_cred_contents(context, &creds); + } + + } + kret = krb5_cc_end_seq_get(context, id, &cursor); + CHECK(kret, "end_seq_get"); + + kret = krb5_cc_close(context, id); + CHECK(kret, "close"); + + + /* ------------------------------------------------- */ + kret = krb5_cc_resolve(context, name, &id); + CHECK(kret, "resolve2"); + + { + /* Copy the cache test*/ + snprintf(newcache, sizeof(newcache), "%s.new", name); + kret = krb5_cc_resolve(context, newcache, &id2); + CHECK(kret, "resolve of new cache"); + + /* This should fail as the new creds are not initialized */ + kret = krb5_cc_copy_creds(context, id, id2); + CHECK_FAIL(KRB5_FCC_NOFILE, kret, "copy_creds"); + + kret = krb5_cc_initialize(context, id2, test_creds.client); + CHECK(kret, "initialize of id2"); + + kret = krb5_cc_copy_creds(context, id, id2); + CHECK(kret, "copy_creds"); + + kret = krb5_cc_destroy(context, id2); + CHECK(kret, "destroy new cache"); + } + + /* Destroy the first cache */ + kret = krb5_cc_destroy(context, id); + CHECK(kret, "destroy"); + + /* ----------------------------------------------------- */ + /* Tests the generate new code */ + kret = krb5_cc_new_unique(context, save_type, + NULL, &id2); + CHECK(kret, "new_unique"); + + kret = krb5_cc_initialize(context, id2, test_creds.client); + CHECK(kret, "initialize"); + + kret = krb5_cc_store_cred(context, id2, &test_creds); + CHECK(kret, "store"); + + kret = krb5_cc_destroy(context, id2); + CHECK(kret, "destroy id2"); + + free(save_type); + free_test_cred(context); } @@ -319,66 +320,66 @@ static void cc_test(krb5_context context, const char *name, krb5_flags flags) */ static int check_registered(krb5_context context, const char *prefix) { - char name[300]; - krb5_error_code kret; - krb5_ccache id; - - snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid()); - - kret = krb5_cc_resolve(context, name, &id); - if(kret != KRB5_OK) { - if(kret == KRB5_CC_UNKNOWN_TYPE) - return 0; - com_err("Checking on credential type", kret,prefix); - fflush(stderr); - return 0; - } + char name[300]; + krb5_error_code kret; + krb5_ccache id; + + snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid()); + + kret = krb5_cc_resolve(context, name, &id); + if(kret != KRB5_OK) { + if(kret == KRB5_CC_UNKNOWN_TYPE) + return 0; + com_err("Checking on credential type", kret,prefix); + fflush(stderr); + return 0; + } - kret = krb5_cc_close(context, id); - if(kret != KRB5_OK) { - com_err("Checking on credential type - closing", kret,prefix); - fflush(stderr); - } + kret = krb5_cc_close(context, id); + if(kret != KRB5_OK) { + com_err("Checking on credential type - closing", kret,prefix); + fflush(stderr); + } - return 1; + return 1; } static void do_test(krb5_context context, const char *prefix) { - char name[300]; + char name[300]; - snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid()); - printf("Starting test on %s\n", name); - cc_test (context, name, 0); - cc_test (context, name, !0); - printf("Test on %s passed\n", name); + snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid()); + printf("Starting test on %s\n", name); + cc_test (context, name, 0); + cc_test (context, name, !0); + printf("Test on %s passed\n", name); } static void test_misc(krb5_context context) { - /* Tests for certain error returns */ - krb5_error_code kret; - krb5_ccache id; - const krb5_cc_ops *ops_save; + /* Tests for certain error returns */ + krb5_error_code kret; + krb5_ccache id; + const krb5_cc_ops *ops_save; - fprintf(stderr, "Testing miscellaneous error conditions\n"); + fprintf(stderr, "Testing miscellaneous error conditions\n"); - kret = krb5_cc_resolve(context, "unknown_method_ep:/tmp/name", &id); - if (kret != KRB5_CC_UNKNOWN_TYPE) { - CHECK(kret, "resolve unknown type"); - } + kret = krb5_cc_resolve(context, "unknown_method_ep:/tmp/name", &id); + if (kret != KRB5_CC_UNKNOWN_TYPE) { + CHECK(kret, "resolve unknown type"); + } - /* Test for not specifiying a cache type with no defaults */ - ops_save = krb5_cc_dfl_ops; - krb5_cc_dfl_ops = 0; + /* Test for not specifiying a cache type with no defaults */ + ops_save = krb5_cc_dfl_ops; + krb5_cc_dfl_ops = 0; - kret = krb5_cc_resolve(context, "/tmp/e", &id); - if (kret != KRB5_CC_BADNAME) { - CHECK(kret, "resolve no builtin type"); - } + kret = krb5_cc_resolve(context, "/tmp/e", &id); + if (kret != KRB5_CC_BADNAME) { + CHECK(kret, "resolve no builtin type"); + } - krb5_cc_dfl_ops = ops_save; + krb5_cc_dfl_ops = ops_save; } extern const krb5_cc_ops krb5_mcc_ops; @@ -387,28 +388,28 @@ extern const krb5_cc_ops krb5_fcc_ops; int main (void) { krb5_context context; - krb5_error_code kret; + krb5_error_code kret; if ((kret = krb5_init_context(&context))) { - printf("Couldn't initialize krb5 library: %s\n", - error_message(kret)); - exit(1); + printf("Couldn't initialize krb5 library: %s\n", + error_message(kret)); + exit(1); } kret = krb5_cc_register(context, &krb5_mcc_ops,0); if(kret && kret != KRB5_CC_TYPE_EXISTS) { - CHECK(kret, "register_mem"); + CHECK(kret, "register_mem"); } kret = krb5_cc_register(context, &krb5_fcc_ops,0); if(kret && kret != KRB5_CC_TYPE_EXISTS) { - CHECK(kret, "register_mem"); + CHECK(kret, "register_mem"); } /* Registering a second time tests for error return */ kret = krb5_cc_register(context, &krb5_fcc_ops,0); if(kret != KRB5_CC_TYPE_EXISTS) { - CHECK(kret, "register_mem"); + CHECK(kret, "register_mem"); } /* Registering with override should work */ @@ -421,9 +422,9 @@ int main (void) do_test(context, ""); if(check_registered(context, "KEYRING:")) - do_test(context, "KEYRING:"); - else - printf("Skiping KEYRING: test - unregistered type\n"); + do_test(context, "KEYRING:"); + else + printf("Skiping KEYRING: test - unregistered type\n"); do_test(context, "MEMORY:"); do_test(context, "FILE:"); diff --git a/src/lib/krb5/ccache/t_cccursor.c b/src/lib/krb5/ccache/t_cccursor.c index e65bead..1e4f4b9 100644 --- a/src/lib/krb5/ccache/t_cccursor.c +++ b/src/lib/krb5/ccache/t_cccursor.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/t_cccursor.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -101,22 +102,22 @@ cr_cache(krb5_context context, const char *ccname, const char *pname) ret = krb5_cc_resolve(context, ccname, &ccache); if (ret) - goto errout; + goto errout; if (pname != NULL) { - ret = krb5_parse_name(context, pname, &princ); - if (ret) - return ret; - ret = krb5_cc_initialize(context, ccache, princ); - if (ret) - goto errout; - printf("created cache %s with principal %s\n", ccname, pname); + ret = krb5_parse_name(context, pname, &princ); + if (ret) + return ret; + ret = krb5_cc_initialize(context, ccache, princ); + if (ret) + goto errout; + printf("created cache %s with principal %s\n", ccname, pname); } else - printf("created cache %s (uninitialized)\n", ccname); + printf("created cache %s (uninitialized)\n", ccname); errout: if (princ != NULL) - krb5_free_principal(context, princ); + krb5_free_principal(context, princ); if (ccache != NULL) - krb5_cc_close(context, ccache); + krb5_cc_close(context, ccache); return ret; } @@ -128,15 +129,15 @@ dest_cache(krb5_context context, const char *ccname, const char *pname) ret = krb5_cc_resolve(context, ccname, &ccache); if (ret) - goto errout; + goto errout; if (pname != NULL) { - ret = krb5_cc_destroy(context, ccache); - if (ret) - return ret; - printf("Destroyed cache %s\n", ccname); + ret = krb5_cc_destroy(context, ccache); + if (ret) + return ret; + printf("Destroyed cache %s\n", ccname); } else { - printf("Closed cache %s (uninitialized)\n", ccname); - ret = krb5_cc_close(context, ccache); + printf("Closed cache %s (uninitialized)\n", ccname); + ret = krb5_cc_close(context, ccache); } errout: return ret; @@ -147,11 +148,11 @@ do_chk_one(const char *prefix, const char *name, struct chklist *chk) { if (chk->pfx == NULL) - return 0; + return 0; if (strcmp(chk->pfx, prefix) || strcmp(chk->res, name)) { - fprintf(stderr, "MATCH FAILED: expected %s:%s\n", - chk->pfx, chk->res); - return 1; + fprintf(stderr, "MATCH FAILED: expected %s:%s\n", + chk->pfx, chk->res); + return 1; } return 0; } @@ -175,33 +176,33 @@ do_chk( i = 0; printf(">>>\n"); for (i = 0; ; i++) { - ret = krb5_cccol_cursor_next(context, cursor, &ccache); - if (ret) goto errout; - if (ccache == NULL) { - printf("<<< end of list\n"); - break; - } - prefix = krb5_cc_get_type(context, ccache); - name = krb5_cc_get_name(context, ccache); - printf("cursor: %s:%s\n", prefix, name); - - if (i < nmax) { - if (do_chk_one(prefix, name, &chklist[i])) { - *good = 0; - } - } - ret = krb5_cc_close(context, ccache); - if (ret) goto errout; + ret = krb5_cccol_cursor_next(context, cursor, &ccache); + if (ret) goto errout; + if (ccache == NULL) { + printf("<<< end of list\n"); + break; + } + prefix = krb5_cc_get_type(context, ccache); + name = krb5_cc_get_name(context, ccache); + printf("cursor: %s:%s\n", prefix, name); + + if (i < nmax) { + if (do_chk_one(prefix, name, &chklist[i])) { + *good = 0; + } + } + ret = krb5_cc_close(context, ccache); + if (ret) goto errout; } if (i != nmax) { - fprintf(stderr, "total ccaches %d != expected ccaches %d\n", i, nmax); - *good = 0; + fprintf(stderr, "total ccaches %d != expected ccaches %d\n", i, nmax); + *good = 0; } errout: if (cursor != NULL) - krb5_cccol_cursor_free(context, &cursor); + krb5_cccol_cursor_free(context, &cursor); return ret; } @@ -216,8 +217,8 @@ main(int argc, char *argv[]) if (ret) exit(1); for (i = 0; i < NCRLIST; i++) { - ret = cr_cache(context, crlist[i].ccname, crlist[i].pname); - if (ret) goto errout; + ret = cr_cache(context, crlist[i].ccname, crlist[i].pname); + if (ret) goto errout; } #ifdef HAVE_SETENV @@ -228,7 +229,7 @@ main(int argc, char *argv[]) printf("KRB5CCNAME=foo\n"); ret = do_chk(context, chklist0, NCHKLIST0, &good); if (ret) - goto errout; + goto errout; #ifdef HAVE_SETENV setenv("KRB5CCNAME", "MEMORY:env", 1); @@ -238,28 +239,28 @@ main(int argc, char *argv[]) printf("KRB5CCNAME=MEMORY:env\n"); ret = do_chk(context, chklist1, NCHKLIST1, &good); if (ret) - goto errout; + goto errout; ret = krb5_cc_set_default_name(context, "MEMORY:env"); if (ret) - goto errout; + goto errout; printf("KRB5CCNAME=MEMORY:env, ccdefname=MEMORY:env\n"); ret = do_chk(context, chklist2, NCHKLIST2, &good); if (ret) - goto errout; + goto errout; for (i = 0; i < NCRLIST; i++) { - ret = dest_cache(context, crlist[i].ccname, crlist[i].pname); - if (ret) goto errout; + ret = dest_cache(context, crlist[i].ccname, crlist[i].pname); + if (ret) goto errout; } errout: krb5_free_context(context); if (ret) { - com_err("main", ret, ""); - exit(1); + com_err("main", ret, ""); + exit(1); } else { - exit(!good); + exit(!good); } } diff --git a/src/lib/krb5/ccache/t_memory.c b/src/lib/krb5/ccache/t_memory.c index b117aed..5650280 100644 --- a/src/lib/krb5/ccache/t_memory.c +++ b/src/lib/krb5/ccache/t_memory.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/file/mcc_test.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * */ @@ -31,110 +32,109 @@ krb5_data client1 = { #define DATA "client1-comp1" - sizeof(DATA), - DATA, + sizeof(DATA), + DATA, #undef DATA }; krb5_data client2 = { #define DATA "client1-comp2" - sizeof(DATA), - DATA, + sizeof(DATA), + DATA, #undef DATA }; krb5_data server1 = { #define DATA "server1-comp1" - sizeof(DATA), - DATA, + sizeof(DATA), + DATA, #undef DATA }; krb5_data server2 = { #define DATA "server1-comp2" - sizeof(DATA), - DATA, + sizeof(DATA), + DATA, #undef DATA }; krb5_creds test_creds = { - NULL, - NULL, - { - 1, - 1, - (unsigned char *) "1" - }, - { - 1111, - 2222, - 3333, - 4444 - }, - 1, - 5555, - { + NULL, + NULL, + { + 1, + 1, + (unsigned char *) "1" + }, + { + 1111, + 2222, + 3333, + 4444 + }, + 1, + 5555, + { #define TICKET "This is ticket 1" - sizeof(TICKET), - TICKET, + sizeof(TICKET), + TICKET, #undef TICKET - }, - { + }, + { #define TICKET "This is ticket 2" - sizeof(TICKET), - TICKET, + sizeof(TICKET), + TICKET, #undef TICKET - }, + }, }; void init_test_cred() { - test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3); - test_creds.client[0] = &client1; - test_creds.client[1] = &client2; - test_creds.client[2] = NULL; + test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3); + test_creds.client[0] = &client1; + test_creds.client[1] = &client2; + test_creds.client[2] = NULL; - test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3); - test_creds.server[0] = &server1; - test_creds.server[1] = &server2; - test_creds.server[2] = NULL; + test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3); + test_creds.server[0] = &server1; + test_creds.server[1] = &server2; + test_creds.server[2] = NULL; } -#define CHECK(kret,msg) \ - if (kret != KRB5_OK) {\ - printf("%s returned %d\n", msg, kret);\ - }; - +#define CHECK(kret,msg) \ + if (kret != KRB5_OK) { \ + printf("%s returned %d\n", msg, kret); \ + }; + void mcc_test() { - krb5_ccache id; - krb5_creds creds; - krb5_error_code kret; - krb5_cc_cursor cursor; + krb5_ccache id; + krb5_creds creds; + krb5_error_code kret; + krb5_cc_cursor cursor; - init_test_cred(); + init_test_cred(); - kret = krb5_mcc_resolve(context, &id, "/tmp/tkt_test"); - CHECK(kret, "resolve"); - kret = krb5_mcc_initialize(context, id, test_creds.client); - CHECK(kret, "initialize"); - kret = krb5_mcc_store(context, id, &test_creds); - CHECK(kret, "store"); + kret = krb5_mcc_resolve(context, &id, "/tmp/tkt_test"); + CHECK(kret, "resolve"); + kret = krb5_mcc_initialize(context, id, test_creds.client); + CHECK(kret, "initialize"); + kret = krb5_mcc_store(context, id, &test_creds); + CHECK(kret, "store"); - kret = krb5_mcc_start_seq_get(context, id, &cursor); - CHECK(kret, "start_seq_get"); - kret = 0; - while (kret != KRB5_CC_END) { - printf("Calling next_cred\n"); - kret = krb5_mcc_next_cred(context, id, &cursor, &creds); - CHECK(kret, "next_cred"); - } - kret = krb5_mcc_end_seq_get(context, id, &cursor); - CHECK(kret, "end_seq_get"); + kret = krb5_mcc_start_seq_get(context, id, &cursor); + CHECK(kret, "start_seq_get"); + kret = 0; + while (kret != KRB5_CC_END) { + printf("Calling next_cred\n"); + kret = krb5_mcc_next_cred(context, id, &cursor, &creds); + CHECK(kret, "next_cred"); + } + kret = krb5_mcc_end_seq_get(context, id, &cursor); + CHECK(kret, "end_seq_get"); - kret = krb5_mcc_destroy(context, id); - CHECK(kret, "destroy"); - kret = krb5_mcc_close(context, id); - CHECK(kret, "close"); + kret = krb5_mcc_destroy(context, id); + CHECK(kret, "destroy"); + kret = krb5_mcc_close(context, id); + CHECK(kret, "close"); } - diff --git a/src/lib/krb5/ccache/t_stdio.c b/src/lib/krb5/ccache/t_stdio.c index a76d1fc..f17d506 100644 --- a/src/lib/krb5/ccache/t_stdio.c +++ b/src/lib/krb5/ccache/t_stdio.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/ccache/stdio/scc_test.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * */ @@ -31,29 +32,29 @@ krb5_data client1 = { #define DATA "client1-comp1" - sizeof(DATA), - DATA, + sizeof(DATA), + DATA, #undef DATA }; krb5_data client2 = { #define DATA "client1-comp2" - sizeof(DATA), - DATA, + sizeof(DATA), + DATA, #undef DATA }; krb5_data server1 = { #define DATA "server1-comp1" - sizeof(DATA), - DATA, + sizeof(DATA), + DATA, #undef DATA }; krb5_data server2 = { #define DATA "server1-comp2" - sizeof(DATA), - DATA, + sizeof(DATA), + DATA, #undef DATA }; @@ -70,92 +71,92 @@ krb5_address *addrs[] = { }; krb5_creds test_creds = { - NULL, - NULL, - { - 1, - 1, - (unsigned char *) "1" - }, - { - 1111, - 2222, - 3333, - 4444, - }, - 1, - 5555, - addrs, - { + NULL, + NULL, + { + 1, + 1, + (unsigned char *) "1" + }, + { + 1111, + 2222, + 3333, + 4444, + }, + 1, + 5555, + addrs, + { #define TICKET "This is ticket 1" - sizeof(TICKET), - TICKET, + sizeof(TICKET), + TICKET, #undef TICKET - }, - { + }, + { #define TICKET "This is ticket 2" - sizeof(TICKET), - TICKET, + sizeof(TICKET), + TICKET, #undef TICKET - }, + }, }; void init_test_cred() { - test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3); - test_creds.client[0] = &client1; - test_creds.client[1] = &client2; - test_creds.client[2] = NULL; - - test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3); - test_creds.server[0] = &server1; - test_creds.server[1] = &server2; - test_creds.server[2] = NULL; + test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3); + test_creds.client[0] = &client1; + test_creds.client[1] = &client2; + test_creds.client[2] = NULL; + + test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3); + test_creds.server[0] = &server1; + test_creds.server[1] = &server2; + test_creds.server[2] = NULL; } -#define CHECK(kret,msg) \ - if (kret != KRB5_OK) {\ - com_err(msg, kret, "");\ - } else printf("%s went ok\n", msg); - +#define CHECK(kret,msg) \ + if (kret != KRB5_OK) { \ + com_err(msg, kret, ""); \ + } else printf("%s went ok\n", msg); + int flags = 0; void scc_test() { - krb5_ccache id; - krb5_creds creds; - krb5_error_code kret; - krb5_cc_cursor cursor; - - init_test_cred(); - - kret = krb5_scc_resolve(context, &id, "/tmp/tkt_test"); - CHECK(kret, "resolve"); - kret = krb5_scc_initialize(context, id, test_creds.client); - CHECK(kret, "initialize"); - kret = krb5_scc_store(id, &test_creds); - CHECK(kret, "store"); - - kret = krb5_scc_set_flags (id, flags); - CHECK(kret, "set_flags"); - kret = krb5_scc_start_seq_get(id, &cursor); - CHECK(kret, "start_seq_get"); - kret = 0; - while (kret != KRB5_CC_END) { - printf("Calling next_cred\n"); - kret = krb5_scc_next_cred(id, &cursor, &creds); - CHECK(kret, "next_cred"); - } - kret = krb5_scc_end_seq_get(id, &cursor); - CHECK(kret, "end_seq_get"); - - kret = krb5_scc_close(id); - CHECK(kret, "close"); - - - kret = krb5_scc_resolve(&id, "/tmp/tkt_test"); - CHECK(kret, "resolve"); - kret = krb5_scc_destroy(id); - CHECK(kret, "destroy"); + krb5_ccache id; + krb5_creds creds; + krb5_error_code kret; + krb5_cc_cursor cursor; + + init_test_cred(); + + kret = krb5_scc_resolve(context, &id, "/tmp/tkt_test"); + CHECK(kret, "resolve"); + kret = krb5_scc_initialize(context, id, test_creds.client); + CHECK(kret, "initialize"); + kret = krb5_scc_store(id, &test_creds); + CHECK(kret, "store"); + + kret = krb5_scc_set_flags (id, flags); + CHECK(kret, "set_flags"); + kret = krb5_scc_start_seq_get(id, &cursor); + CHECK(kret, "start_seq_get"); + kret = 0; + while (kret != KRB5_CC_END) { + printf("Calling next_cred\n"); + kret = krb5_scc_next_cred(id, &cursor, &creds); + CHECK(kret, "next_cred"); + } + kret = krb5_scc_end_seq_get(id, &cursor); + CHECK(kret, "end_seq_get"); + + kret = krb5_scc_close(id); + CHECK(kret, "close"); + + + kret = krb5_scc_resolve(&id, "/tmp/tkt_test"); + CHECK(kret, "resolve"); + kret = krb5_scc_destroy(id); + CHECK(kret, "destroy"); } int remove (s) char*s; { return unlink(s); } diff --git a/src/lib/krb5/error_tables/init_ets.c b/src/lib/krb5/error_tables/init_ets.c index 56a750e..f682c85 100644 --- a/src/lib/krb5/error_tables/init_ets.c +++ b/src/lib/krb5/error_tables/init_ets.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/error_tables/init_ets.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Initialize Kerberos library error tables. */ @@ -35,12 +36,12 @@ krb5_init_ets (krb5_context context) static int inited = 0; if (inited == 0) { - initialize_krb5_error_table(); - initialize_kv5m_error_table(); - initialize_kdb5_error_table(); - initialize_asn1_error_table(); - initialize_k524_error_table(); - inited++; + initialize_krb5_error_table(); + initialize_kv5m_error_table(); + initialize_kdb5_error_table(); + initialize_asn1_error_table(); + initialize_k524_error_table(); + inited++; } } diff --git a/src/lib/krb5/keytab/kt-int.h b/src/lib/krb5/keytab/kt-int.h index e62b2d3..383d346 100644 --- a/src/lib/krb5/keytab/kt-int.h +++ b/src/lib/krb5/keytab/kt-int.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/kt-int.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * This file contains constant and function declarations used in the * file-based credential cache routines. diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index 4c90b8b..c27829c 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/kt_file.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #ifndef LEAN_CLIENT @@ -40,22 +41,22 @@ * Constants */ -#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ -#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ +#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ +#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ #define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO -/* +/* * Types */ typedef struct _krb5_ktfile_data { - char *name; /* Name of the file */ - FILE *openf; /* open file, if any. */ - char iobuf[BUFSIZ]; /* so we can zap it later */ - int version; /* Version number of keytab */ - unsigned int iter_count; /* Number of active iterators */ - long start_offset; /* Starting offset after version */ - k5_mutex_t lock; /* Protect openf, version */ + char *name; /* Name of the file */ + FILE *openf; /* open file, if any. */ + char iobuf[BUFSIZ]; /* so we can zap it later */ + int version; /* Version number of keytab */ + unsigned int iter_count; /* Number of active iterators */ + long start_offset; /* Starting offset after version */ + k5_mutex_t lock; /* Protect openf, version */ } krb5_ktfile_data; /* @@ -93,114 +94,114 @@ typedef struct _krb5_ktfile_data { extern const struct _krb5_kt_ops krb5_ktf_ops; extern const struct _krb5_kt_ops krb5_ktf_writable_ops; -static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve - (krb5_context, - const char *, - krb5_keytab *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_wresolve - (krb5_context, - const char *, - krb5_keytab *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name - (krb5_context, - krb5_keytab, - char *, - unsigned int); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_close - (krb5_context, - krb5_keytab); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_entry - (krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_start_seq_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_next - (krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); +static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve +(krb5_context, + const char *, + krb5_keytab *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_wresolve +(krb5_context, + const char *, + krb5_keytab *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name +(krb5_context, + krb5_keytab, + char *, + unsigned int); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_close +(krb5_context, + krb5_keytab); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_entry +(krb5_context, + krb5_keytab, + krb5_const_principal, + krb5_kvno, + krb5_enctype, + krb5_keytab_entry *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_start_seq_get +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_next +(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); /* routines to be included on extended version (write routines) */ -static krb5_error_code KRB5_CALLCONV krb5_ktfile_add - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); - -static krb5_error_code KRB5_CALLCONV krb5_ktfile_remove - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); - -static krb5_error_code krb5_ktfileint_openr - (krb5_context, - krb5_keytab); - -static krb5_error_code krb5_ktfileint_openw - (krb5_context, - krb5_keytab); - -static krb5_error_code krb5_ktfileint_close - (krb5_context, - krb5_keytab); - -static krb5_error_code krb5_ktfileint_read_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); - -static krb5_error_code krb5_ktfileint_write_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); - -static krb5_error_code krb5_ktfileint_delete_entry - (krb5_context, - krb5_keytab, - krb5_int32); - -static krb5_error_code krb5_ktfileint_internal_read_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_int32 *); - -static krb5_error_code krb5_ktfileint_size_entry - (krb5_context, - krb5_keytab_entry *, - krb5_int32 *); - -static krb5_error_code krb5_ktfileint_find_slot - (krb5_context, - krb5_keytab, - krb5_int32 *, - krb5_int32 *); +static krb5_error_code KRB5_CALLCONV krb5_ktfile_add +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); + +static krb5_error_code KRB5_CALLCONV krb5_ktfile_remove +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); + +static krb5_error_code krb5_ktfileint_openr +(krb5_context, + krb5_keytab); + +static krb5_error_code krb5_ktfileint_openw +(krb5_context, + krb5_keytab); + +static krb5_error_code krb5_ktfileint_close +(krb5_context, + krb5_keytab); + +static krb5_error_code krb5_ktfileint_read_entry +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); + +static krb5_error_code krb5_ktfileint_write_entry +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); + +static krb5_error_code krb5_ktfileint_delete_entry +(krb5_context, + krb5_keytab, + krb5_int32); + +static krb5_error_code krb5_ktfileint_internal_read_entry +(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_int32 *); + +static krb5_error_code krb5_ktfileint_size_entry +(krb5_context, + krb5_keytab_entry *, + krb5_int32 *); + +static krb5_error_code krb5_ktfileint_find_slot +(krb5_context, + krb5_keytab, + krb5_int32 *, + krb5_int32 *); /* - * This is an implementation specific resolver. It returns a keytab id + * This is an implementation specific resolver. It returns a keytab id * initialized with file keytab routines. */ static krb5_error_code ktfile_common_resolve(krb5_context context, const char *name, - krb5_keytab *idptr, const struct _krb5_kt_ops *ops) + krb5_keytab *idptr, const struct _krb5_kt_ops *ops) { krb5_ktfile_data *data = NULL; krb5_error_code err = ENOMEM; @@ -210,20 +211,20 @@ ktfile_common_resolve(krb5_context context, const char *name, id = calloc(1, sizeof(*id)); if (id == NULL) - return ENOMEM; - + return ENOMEM; + id->ops = ops; data = calloc(1, sizeof(krb5_ktfile_data)); if (data == NULL) - goto cleanup; + goto cleanup; data->name = strdup(name); if (data->name == NULL) - goto cleanup; + goto cleanup; err = k5_mutex_init(&data->lock); if (err) - goto cleanup; + goto cleanup; data->openf = 0; data->version = 0; @@ -235,13 +236,13 @@ ktfile_common_resolve(krb5_context context, const char *name, return 0; cleanup: if (data) - free(data->name); + free(data->name); free(data); free(id); return err; } -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id) { return ktfile_common_resolve(context, name, id, &krb5_ktf_writable_ops); @@ -253,15 +254,15 @@ krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id) * free memory hidden in the structures. */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_close(krb5_context context, krb5_keytab id) - /* - * This routine is responsible for freeing all memory allocated - * for this keytab. There are no system resources that need - * to be freed nor are there any open files. - * - * This routine should undo anything done by krb5_ktfile_resolve(). - */ +/* + * This routine is responsible for freeing all memory allocated + * for this keytab. There are no system resources that need + * to be freed nor are there any open files. + * + * This routine should undo anything done by krb5_ktfile_resolve(). + */ { free(KTFILENAME(id)); zap(KTFILEBUFP(id), BUFSIZ); @@ -280,8 +281,8 @@ krb5_ktfile_close(krb5_context context, krb5_keytab id) static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, - krb5_const_principal principal, krb5_kvno kvno, - krb5_enctype enctype, krb5_keytab_entry *entry) + krb5_const_principal principal, krb5_kvno kvno, + krb5_enctype enctype, krb5_keytab_entry *entry) { krb5_keytab_entry cur_entry, new_entry; krb5_error_code kerror = 0; @@ -292,27 +293,27 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, kerror = KTLOCK(id); if (kerror) - return kerror; + return kerror; if (KTFILEP(id) != NULL) { - was_open = 1; + was_open = 1; - if (fseek(KTFILEP(id), KTSTARTOFF(id), SEEK_SET) == -1) { - KTUNLOCK(id); - return errno; - } + if (fseek(KTFILEP(id), KTSTARTOFF(id), SEEK_SET) == -1) { + KTUNLOCK(id); + return errno; + } } else { - was_open = 0; + was_open = 0; - /* Open the keyfile for reading */ - if ((kerror = krb5_ktfileint_openr(context, id))) { - KTUNLOCK(id); - return(kerror); - } + /* Open the keyfile for reading */ + if ((kerror = krb5_ktfileint_openr(context, id))) { + KTUNLOCK(id); + return(kerror); + } } - - /* - * For efficiency and simplicity, we'll use a while true that + + /* + * For efficiency and simplicity, we'll use a while true that * is exited with a break statement. */ cur_entry.principal = 0; @@ -320,111 +321,111 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, cur_entry.key.contents = 0; while (TRUE) { - if ((kerror = krb5_ktfileint_read_entry(context, id, &new_entry))) - break; - - /* by the time this loop exits, it must either free cur_entry, - and copy new_entry there, or free new_entry. Otherwise, it - leaks. */ - - /* if the principal isn't the one requested, free new_entry - and continue to the next. */ - - if (!krb5_principal_compare(context, principal, new_entry.principal)) { - krb5_kt_free_entry(context, &new_entry); - continue; - } - - /* if the enctype is not ignored and doesn't match, free new_entry - and continue to the next */ - - if (enctype != IGNORE_ENCTYPE) { - if ((kerror = krb5_c_enctype_compare(context, enctype, - new_entry.key.enctype, - &similar))) { - krb5_kt_free_entry(context, &new_entry); - break; - } - - if (!similar) { - krb5_kt_free_entry(context, &new_entry); - continue; - } - /* - * Coerce the enctype of the output keyblock in case we - * got an inexact match on the enctype. - */ - new_entry.key.enctype = enctype; - - } - - if (kvno == IGNORE_VNO) { - /* if this is the first match, or if the new vno is - bigger, free the current and keep the new. Otherwise, - free the new. */ - /* A 1.2.x keytab contains only the low 8 bits of the key - version number. Since it can be much bigger, and thus - the 8-bit value can wrap, we need some heuristics to - figure out the "highest" numbered key if some numbers - close to 255 and some near 0 are used. - - The heuristic here: - - If we have any keys with versions over 240, then assume - that all version numbers 0-127 refer to 256+N instead. - Not perfect, but maybe good enough? */ + if ((kerror = krb5_ktfileint_read_entry(context, id, &new_entry))) + break; + + /* by the time this loop exits, it must either free cur_entry, + and copy new_entry there, or free new_entry. Otherwise, it + leaks. */ + + /* if the principal isn't the one requested, free new_entry + and continue to the next. */ + + if (!krb5_principal_compare(context, principal, new_entry.principal)) { + krb5_kt_free_entry(context, &new_entry); + continue; + } + + /* if the enctype is not ignored and doesn't match, free new_entry + and continue to the next */ + + if (enctype != IGNORE_ENCTYPE) { + if ((kerror = krb5_c_enctype_compare(context, enctype, + new_entry.key.enctype, + &similar))) { + krb5_kt_free_entry(context, &new_entry); + break; + } + + if (!similar) { + krb5_kt_free_entry(context, &new_entry); + continue; + } + /* + * Coerce the enctype of the output keyblock in case we + * got an inexact match on the enctype. + */ + new_entry.key.enctype = enctype; + + } + + if (kvno == IGNORE_VNO) { + /* if this is the first match, or if the new vno is + bigger, free the current and keep the new. Otherwise, + free the new. */ + /* A 1.2.x keytab contains only the low 8 bits of the key + version number. Since it can be much bigger, and thus + the 8-bit value can wrap, we need some heuristics to + figure out the "highest" numbered key if some numbers + close to 255 and some near 0 are used. + + The heuristic here: + + If we have any keys with versions over 240, then assume + that all version numbers 0-127 refer to 256+N instead. + Not perfect, but maybe good enough? */ #define M(VNO) (((VNO) - kvno_offset + 256) % 256) - if (new_entry.vno > 240) - kvno_offset = 128; - if (! cur_entry.principal || - M(new_entry.vno) > M(cur_entry.vno)) { - krb5_kt_free_entry(context, &cur_entry); - cur_entry = new_entry; - } else { - krb5_kt_free_entry(context, &new_entry); - } - } else { - /* if this kvno matches, free the current (will there ever - be one?), keep the new, and break out. Otherwise, remember - that we were here so we can return the right error, and - free the new */ - /* Yuck. The krb5-1.2.x keytab format only stores one byte - for the kvno, so we're toast if the kvno requested is - higher than that. Short-term workaround: only compare - the low 8 bits. */ - - if (new_entry.vno == (kvno & 0xff)) { - krb5_kt_free_entry(context, &cur_entry); - cur_entry = new_entry; - break; - } else { - found_wrong_kvno++; - krb5_kt_free_entry(context, &new_entry); - } - } + if (new_entry.vno > 240) + kvno_offset = 128; + if (! cur_entry.principal || + M(new_entry.vno) > M(cur_entry.vno)) { + krb5_kt_free_entry(context, &cur_entry); + cur_entry = new_entry; + } else { + krb5_kt_free_entry(context, &new_entry); + } + } else { + /* if this kvno matches, free the current (will there ever + be one?), keep the new, and break out. Otherwise, remember + that we were here so we can return the right error, and + free the new */ + /* Yuck. The krb5-1.2.x keytab format only stores one byte + for the kvno, so we're toast if the kvno requested is + higher than that. Short-term workaround: only compare + the low 8 bits. */ + + if (new_entry.vno == (kvno & 0xff)) { + krb5_kt_free_entry(context, &cur_entry); + cur_entry = new_entry; + break; + } else { + found_wrong_kvno++; + krb5_kt_free_entry(context, &new_entry); + } + } } if (kerror == KRB5_KT_END) { - if (cur_entry.principal) - kerror = 0; - else if (found_wrong_kvno) - kerror = KRB5_KT_KVNONOTFOUND; - else - kerror = KRB5_KT_NOTFOUND; + if (cur_entry.principal) + kerror = 0; + else if (found_wrong_kvno) + kerror = KRB5_KT_KVNONOTFOUND; + else + kerror = KRB5_KT_NOTFOUND; } if (kerror) { - if (was_open == 0) - (void) krb5_ktfileint_close(context, id); - KTUNLOCK(id); - krb5_kt_free_entry(context, &cur_entry); - return kerror; + if (was_open == 0) + (void) krb5_ktfileint_close(context, id); + KTUNLOCK(id); + krb5_kt_free_entry(context, &cur_entry); + return kerror; } if (was_open == 0 && (kerror = krb5_ktfileint_close(context, id)) != 0) { - KTUNLOCK(id); - krb5_kt_free_entry(context, &cur_entry); - return kerror; + KTUNLOCK(id); + krb5_kt_free_entry(context, &cur_entry); + return kerror; } KTUNLOCK(id); *entry = cur_entry; @@ -437,19 +438,19 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len) - /* - * This routine returns the name of the name of the file associated with - * this file-based keytab. name is zeroed and the filename is truncated - * to fit in name if necessary. The name is prefixed with PREFIX:, so that - * trt will happen if the name is passed back to resolve. - */ +/* + * This routine returns the name of the name of the file associated with + * this file-based keytab. name is zeroed and the filename is truncated + * to fit in name if necessary. The name is prefixed with PREFIX:, so that + * trt will happen if the name is passed back to resolve. + */ { int result; memset(name, 0, len); result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id)); if (SNPRINTF_OVERFLOW(result, len)) - return(KRB5_KT_NAME_TOOLONG); + return(KRB5_KT_NAME_TOOLONG); return(0); } @@ -465,31 +466,31 @@ krb5_ktfile_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor * retval = KTLOCK(id); if (retval) - return retval; + return retval; if (KTITERS(id) == 0) { - if ((retval = krb5_ktfileint_openr(context, id))) { - KTUNLOCK(id); - return retval; - } + if ((retval = krb5_ktfileint_openr(context, id))) { + KTUNLOCK(id); + return retval; + } } if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) { - if (KTITERS(id) == 0) - krb5_ktfileint_close(context, id); - KTUNLOCK(id); - return ENOMEM; + if (KTITERS(id) == 0) + krb5_ktfileint_close(context, id); + KTUNLOCK(id); + return ENOMEM; } *fileoff = KTSTARTOFF(id); *cursorp = (krb5_kt_cursor)fileoff; KTITERS(id)++; if (KTITERS(id) == 0) { - /* Wrapped?! */ - KTITERS(id)--; - KTUNLOCK(id); - krb5_set_error_message(context, KRB5_KT_IOERR, - "Too many keytab iterators active"); - return KRB5_KT_IOERR; /* XXX */ + /* Wrapped?! */ + KTITERS(id)--; + KTUNLOCK(id); + krb5_set_error_message(context, KRB5_KT_IOERR, + "Too many keytab iterators active"); + return KRB5_KT_IOERR; /* XXX */ } KTUNLOCK(id); @@ -500,7 +501,7 @@ krb5_ktfile_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor * * krb5_ktfile_get_next() */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { long *fileoff = (long *)*cursor; @@ -509,18 +510,18 @@ krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *en kerror = KTLOCK(id); if (kerror) - return kerror; + return kerror; if (KTFILEP(id) == NULL) { - KTUNLOCK(id); - return KRB5_KT_IOERR; + KTUNLOCK(id); + return KRB5_KT_IOERR; } if (fseek(KTFILEP(id), *fileoff, 0) == -1) { - KTUNLOCK(id); - return KRB5_KT_END; + KTUNLOCK(id); + return KRB5_KT_END; } if ((kerror = krb5_ktfileint_read_entry(context, id, &cur_entry))) { - KTUNLOCK(id); - return kerror; + KTUNLOCK(id); + return kerror; } *fileoff = ftell(KTFILEP(id)); *entry = cur_entry; @@ -532,7 +533,7 @@ krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *en * krb5_ktfile_end_get() */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { krb5_error_code kerror; @@ -540,12 +541,12 @@ krb5_ktfile_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor free(*cursor); kerror = KTLOCK(id); if (kerror) - return kerror; + return kerror; KTITERS(id)--; if (KTFILEP(id) != NULL && KTITERS(id) == 0) - kerror = krb5_ktfileint_close(context, id); + kerror = krb5_ktfileint_close(context, id); else - kerror = 0; + kerror = 0; KTUNLOCK(id); return kerror; } @@ -558,183 +559,183 @@ static const char ktfile_def_name[] = "."; /* * Routines to deal with externalizing krb5_keytab for [WR]FILE: variants. - * krb5_ktf_keytab_size(); - * krb5_ktf_keytab_externalize(); - * krb5_ktf_keytab_internalize(); + * krb5_ktf_keytab_size(); + * krb5_ktf_keytab_externalize(); + * krb5_ktf_keytab_internalize(); */ static krb5_error_code krb5_ktf_keytab_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_ktf_keytab_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_ktf_keytab_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* * Serialization entry for this type. */ const krb5_ser_entry krb5_ktfile_ser_entry = { - KV5M_KEYTAB, /* Type */ - krb5_ktf_keytab_size, /* Sizer routine */ - krb5_ktf_keytab_externalize, /* Externalize routine */ - krb5_ktf_keytab_internalize /* Internalize routine */ + KV5M_KEYTAB, /* Type */ + krb5_ktf_keytab_size, /* Sizer routine */ + krb5_ktf_keytab_externalize, /* Externalize routine */ + krb5_ktf_keytab_internalize /* Internalize routine */ }; /* - * krb5_ktf_keytab_size() - Determine the size required to externalize - * this krb5_keytab variant. + * krb5_ktf_keytab_size() - Determine the size required to externalize + * this krb5_keytab variant. */ static krb5_error_code krb5_ktf_keytab_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_keytab keytab; - size_t required; - krb5_ktfile_data *ktdata; + krb5_error_code kret; + krb5_keytab keytab; + size_t required; + krb5_ktfile_data *ktdata; kret = EINVAL; if ((keytab = (krb5_keytab) arg)) { - /* - * Saving FILE: variants of krb5_keytab requires at minimum: - * krb5_int32 for KV5M_KEYTAB - * krb5_int32 for length of keytab name. - * krb5_int32 for file status. - * krb5_int32 for file position. - * krb5_int32 for file position. - * krb5_int32 for version. - * krb5_int32 for KV5M_KEYTAB - */ - required = sizeof(krb5_int32) * 7; - if (keytab->ops && keytab->ops->prefix) - required += (strlen(keytab->ops->prefix)+1); - - /* - * The keytab name is formed as follows: - * <prefix>:<name> - * If there's no name, we use a default name so that we have something - * to call krb5_keytab_resolve with. - */ - ktdata = (krb5_ktfile_data *) keytab->data; - required += strlen((ktdata && ktdata->name) ? - ktdata->name : ktfile_def_name); - kret = 0; - - if (!kret) - *sizep += required; + /* + * Saving FILE: variants of krb5_keytab requires at minimum: + * krb5_int32 for KV5M_KEYTAB + * krb5_int32 for length of keytab name. + * krb5_int32 for file status. + * krb5_int32 for file position. + * krb5_int32 for file position. + * krb5_int32 for version. + * krb5_int32 for KV5M_KEYTAB + */ + required = sizeof(krb5_int32) * 7; + if (keytab->ops && keytab->ops->prefix) + required += (strlen(keytab->ops->prefix)+1); + + /* + * The keytab name is formed as follows: + * <prefix>:<name> + * If there's no name, we use a default name so that we have something + * to call krb5_keytab_resolve with. + */ + ktdata = (krb5_ktfile_data *) keytab->data; + required += strlen((ktdata && ktdata->name) ? + ktdata->name : ktfile_def_name); + kret = 0; + + if (!kret) + *sizep += required; } return(kret); } /* - * krb5_ktf_keytab_externalize() - Externalize the krb5_keytab. + * krb5_ktf_keytab_externalize() - Externalize the krb5_keytab. */ static krb5_error_code krb5_ktf_keytab_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_keytab keytab; - size_t required; - krb5_octet *bp; - size_t remain; - krb5_ktfile_data *ktdata; - krb5_int32 file_is_open; - krb5_int64 file_pos; - char *ktname; - const char *fnamep; + krb5_error_code kret; + krb5_keytab keytab; + size_t required; + krb5_octet *bp; + size_t remain; + krb5_ktfile_data *ktdata; + krb5_int32 file_is_open; + krb5_int64 file_pos; + char *ktname; + const char *fnamep; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((keytab = (krb5_keytab) arg)) { - kret = ENOMEM; - if (!krb5_ktf_keytab_size(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain); - - ktdata = (krb5_ktfile_data *) keytab->data; - file_is_open = 0; - file_pos = 0; - - /* Calculate the length of the name */ - if (ktdata && ktdata->name) - fnamep = ktdata->name; - else - fnamep = ktfile_def_name; - - if (keytab->ops && keytab->ops->prefix) { - if (asprintf(&ktname, "%s:%s", keytab->ops->prefix, fnamep) < 0) - ktname = NULL; - } else - ktname = strdup(fnamep); - - if (ktname) { - /* Fill in the file-specific keytab information. */ - if (ktdata) { - if (ktdata->openf) { - long fpos; - int fflags = 0; - - file_is_open = 1; + kret = ENOMEM; + if (!krb5_ktf_keytab_size(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain); + + ktdata = (krb5_ktfile_data *) keytab->data; + file_is_open = 0; + file_pos = 0; + + /* Calculate the length of the name */ + if (ktdata && ktdata->name) + fnamep = ktdata->name; + else + fnamep = ktfile_def_name; + + if (keytab->ops && keytab->ops->prefix) { + if (asprintf(&ktname, "%s:%s", keytab->ops->prefix, fnamep) < 0) + ktname = NULL; + } else + ktname = strdup(fnamep); + + if (ktname) { + /* Fill in the file-specific keytab information. */ + if (ktdata) { + if (ktdata->openf) { + long fpos; + int fflags = 0; + + file_is_open = 1; #if !defined(_WIN32) - fflags = fcntl(fileno(ktdata->openf), F_GETFL, 0); - if (fflags > 0) - file_is_open |= ((fflags & O_ACCMODE) << 1); + fflags = fcntl(fileno(ktdata->openf), F_GETFL, 0); + if (fflags > 0) + file_is_open |= ((fflags & O_ACCMODE) << 1); #else - file_is_open = 0; + file_is_open = 0; #endif - fpos = ftell(ktdata->openf); - file_pos = fpos; /* XX range check? */ - } - } - - /* Put the length of the file name */ - (void) krb5_ser_pack_int32((krb5_int32) strlen(ktname), - &bp, &remain); - - /* Put the name */ - (void) krb5_ser_pack_bytes((krb5_octet *) ktname, - strlen(ktname), - &bp, &remain); - - /* Put the file open flag */ - (void) krb5_ser_pack_int32(file_is_open, &bp, &remain); - - /* Put the file position */ - (void) krb5_ser_pack_int64(file_pos, &bp, &remain); - - /* Put the version */ - (void) krb5_ser_pack_int32((krb5_int32) ((ktdata) ? - ktdata->version : 0), - &bp, &remain); - - /* Put the trailer */ - (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain); - kret = 0; - *buffer = bp; - *lenremain = remain; - free(ktname); - } - } + fpos = ftell(ktdata->openf); + file_pos = fpos; /* XX range check? */ + } + } + + /* Put the length of the file name */ + (void) krb5_ser_pack_int32((krb5_int32) strlen(ktname), + &bp, &remain); + + /* Put the name */ + (void) krb5_ser_pack_bytes((krb5_octet *) ktname, + strlen(ktname), + &bp, &remain); + + /* Put the file open flag */ + (void) krb5_ser_pack_int32(file_is_open, &bp, &remain); + + /* Put the file position */ + (void) krb5_ser_pack_int64(file_pos, &bp, &remain); + + /* Put the version */ + (void) krb5_ser_pack_int32((krb5_int32) ((ktdata) ? + ktdata->version : 0), + &bp, &remain); + + /* Put the trailer */ + (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain); + kret = 0; + *buffer = bp; + *lenremain = remain; + free(ktname); + } + } } return(kret); } /* - * krb5_ktf_keytab_internalize() - Internalize the krb5_ktf_keytab. + * krb5_ktf_keytab_internalize() - Internalize the krb5_ktf_keytab. */ static krb5_error_code krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_keytab keytab = NULL; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - char *ktname = NULL; - krb5_ktfile_data *ktdata; - krb5_int32 file_is_open; - krb5_int64 foff; + krb5_error_code kret; + krb5_keytab keytab = NULL; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + char *ktname = NULL; + krb5_ktfile_data *ktdata; + krb5_int32 file_is_open; + krb5_int64 foff; *argp = NULL; bp = *buffer; @@ -742,36 +743,36 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) || ibuf != KV5M_KEYTAB) - return EINVAL; + return EINVAL; /* Read the keytab name */ kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (kret) - return kret; + return kret; ktname = malloc(ibuf + 1); if (!ktname) - return ENOMEM; + return ENOMEM; kret = krb5_ser_unpack_bytes((krb5_octet *) ktname, (size_t) ibuf, - &bp, &remain); + &bp, &remain); if (kret) - goto cleanup; + goto cleanup; ktname[ibuf] = '\0'; /* Resolve the keytab. */ kret = krb5_kt_resolve(kcontext, ktname, &keytab); if (kret) - goto cleanup; + goto cleanup; if (keytab->ops != &krb5_ktf_writable_ops - && keytab->ops != &krb5_ktf_ops) { - kret = EINVAL; - goto cleanup; + && keytab->ops != &krb5_ktf_ops) { + kret = EINVAL; + goto cleanup; } ktdata = (krb5_ktfile_data *) keytab->data; if (remain < (sizeof(krb5_int32)*5)) { - kret = EINVAL; - goto cleanup; + kret = EINVAL; + goto cleanup; } (void) krb5_ser_unpack_int32(&file_is_open, &bp, &remain); (void) krb5_ser_unpack_int64(&foff, &bp, &remain); @@ -779,30 +780,30 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe ktdata->version = (int) ibuf; (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (ibuf != KV5M_KEYTAB) { - kret = EINVAL; - goto cleanup; + kret = EINVAL; + goto cleanup; } if (file_is_open) { - int fmode; - long fpos; + int fmode; + long fpos; #if !defined(_WIN32) - fmode = (file_is_open >> 1) & O_ACCMODE; + fmode = (file_is_open >> 1) & O_ACCMODE; #else - fmode = 0; + fmode = 0; #endif - if (fmode) - kret = krb5_ktfileint_openw(kcontext, keytab); - else - kret = krb5_ktfileint_openr(kcontext, keytab); - if (kret) - goto cleanup; - fpos = foff; /* XX range check? */ - if (fseek(KTFILEP(keytab), fpos, SEEK_SET) == -1) { - kret = errno; - goto cleanup; - } + if (fmode) + kret = krb5_ktfileint_openw(kcontext, keytab); + else + kret = krb5_ktfileint_openr(kcontext, keytab); + if (kret) + goto cleanup; + fpos = foff; /* XX range check? */ + if (fseek(KTFILEP(keytab), fpos, SEEK_SET) == -1) { + kret = errno; + goto cleanup; + } } *buffer = bp; @@ -810,13 +811,13 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe *argp = (krb5_pointer) keytab; cleanup: if (kret != 0 && keytab) - krb5_kt_close(kcontext, keytab); + krb5_kt_close(kcontext, keytab); free(ktname); return kret; } /* - * This is an implementation specific resolver. It returns a keytab id + * This is an implementation specific resolver. It returns a keytab id * initialized with file keytab routines. */ @@ -831,28 +832,28 @@ krb5_ktfile_wresolve(krb5_context context, const char *name, krb5_keytab *id) * krb5_ktfile_add() */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_error_code retval; retval = KTLOCK(id); if (retval) - return retval; + return retval; if (KTFILEP(id)) { - /* Iterator(s) active -- no changes. */ - KTUNLOCK(id); - krb5_set_error_message(context, KRB5_KT_IOERR, - "Cannot change keytab with keytab iterators active"); - return KRB5_KT_IOERR; /* XXX */ + /* Iterator(s) active -- no changes. */ + KTUNLOCK(id); + krb5_set_error_message(context, KRB5_KT_IOERR, + "Cannot change keytab with keytab iterators active"); + return KRB5_KT_IOERR; /* XXX */ } if ((retval = krb5_ktfileint_openw(context, id))) { - KTUNLOCK(id); - return retval; + KTUNLOCK(id); + return retval; } if (fseek(KTFILEP(id), 0, 2) == -1) { - KTUNLOCK(id); - return KRB5_KT_END; + KTUNLOCK(id); + return KRB5_KT_END; } retval = krb5_ktfileint_write_entry(context, id, entry); krb5_ktfileint_close(context, id); @@ -864,7 +865,7 @@ krb5_ktfile_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) * krb5_ktfile_remove() */ -static krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_keytab_entry cur_entry; @@ -873,53 +874,53 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr kerror = KTLOCK(id); if (kerror) - return kerror; + return kerror; if (KTFILEP(id)) { - /* Iterator(s) active -- no changes. */ - KTUNLOCK(id); - krb5_set_error_message(context, KRB5_KT_IOERR, - "Cannot change keytab with keytab iterators active"); - return KRB5_KT_IOERR; /* XXX */ + /* Iterator(s) active -- no changes. */ + KTUNLOCK(id); + krb5_set_error_message(context, KRB5_KT_IOERR, + "Cannot change keytab with keytab iterators active"); + return KRB5_KT_IOERR; /* XXX */ } if ((kerror = krb5_ktfileint_openw(context, id))) { - KTUNLOCK(id); - return kerror; + KTUNLOCK(id); + return kerror; } - /* - * For efficiency and simplicity, we'll use a while true that + /* + * For efficiency and simplicity, we'll use a while true that * is exited with a break statement. */ while (TRUE) { - if ((kerror = krb5_ktfileint_internal_read_entry(context, id, - &cur_entry, - &delete_point))) - break; + if ((kerror = krb5_ktfileint_internal_read_entry(context, id, + &cur_entry, + &delete_point))) + break; - if ((entry->vno == cur_entry.vno) && + if ((entry->vno == cur_entry.vno) && (entry->key.enctype == cur_entry.key.enctype) && - krb5_principal_compare(context, entry->principal, cur_entry.principal)) { - /* found a match */ + krb5_principal_compare(context, entry->principal, cur_entry.principal)) { + /* found a match */ krb5_kt_free_entry(context, &cur_entry); - break; - } - krb5_kt_free_entry(context, &cur_entry); + break; + } + krb5_kt_free_entry(context, &cur_entry); } if (kerror == KRB5_KT_END) - kerror = KRB5_KT_NOTFOUND; + kerror = KRB5_KT_NOTFOUND; if (kerror) { - (void) krb5_ktfileint_close(context, id); - KTUNLOCK(id); - return kerror; + (void) krb5_ktfileint_close(context, id); + KTUNLOCK(id); + return kerror; } kerror = krb5_ktfileint_delete_entry(context, id, delete_point); if (kerror) { - (void) krb5_ktfileint_close(context, id); + (void) krb5_ktfileint_close(context, id); } else { kerror = krb5_ktfileint_close(context, id); } @@ -933,9 +934,9 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr const struct _krb5_kt_ops krb5_ktf_ops = { 0, - "FILE", /* Prefix -- this string should not appear anywhere else! */ + "FILE", /* Prefix -- this string should not appear anywhere else! */ krb5_ktfile_resolve, - krb5_ktfile_get_name, + krb5_ktfile_get_name, krb5_ktfile_close, krb5_ktfile_get_entry, krb5_ktfile_start_seq_get, @@ -952,9 +953,9 @@ const struct _krb5_kt_ops krb5_ktf_ops = { const struct _krb5_kt_ops krb5_ktf_writable_ops = { 0, - "WRFILE", /* Prefix -- this string should not appear anywhere else! */ + "WRFILE", /* Prefix -- this string should not appear anywhere else! */ krb5_ktfile_wresolve, - krb5_ktfile_get_name, + krb5_ktfile_get_name, krb5_ktfile_close, krb5_ktfile_get_entry, krb5_ktfile_start_seq_get, @@ -971,9 +972,9 @@ const struct _krb5_kt_ops krb5_ktf_writable_ops = { const krb5_kt_ops krb5_kt_dfl_ops = { 0, - "FILE", /* Prefix -- this string should not appear anywhere else! */ + "FILE", /* Prefix -- this string should not appear anywhere else! */ krb5_ktfile_resolve, - krb5_ktfile_get_name, + krb5_ktfile_get_name, krb5_ktfile_close, krb5_ktfile_get_entry, krb5_ktfile_start_seq_get, @@ -998,7 +999,7 @@ const krb5_kt_ops krb5_kt_dfl_ops = { * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -1012,16 +1013,16 @@ const krb5_kt_ops krb5_kt_dfl_ops = { * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * * - * This function contains utilities for the file based implementation of + * + * This function contains utilities for the file based implementation of * the keytab. There are no public functions in this file. * * This file is the only one that has knowledge of the format of a * keytab file. * * The format is as follows: - * + * * <file format vno> * <record length> * principal timestamp vno key @@ -1031,21 +1032,21 @@ const krb5_kt_ops krb5_kt_dfl_ops = { * * A length field (sizeof(krb5_int32)) exists between entries. When this * length is positive it indicates an active entry, when negative a hole. - * The length indicates the size of the block in the file (this may be + * The length indicates the size of the block in the file (this may be * larger than the size of the next record, since we are using a first * fit algorithm for re-using holes and the first fit may be larger than * the entry we are writing). Another (compatible) implementation could - * break up holes when allocating them to smaller entries to minimize + * break up holes when allocating them to smaller entries to minimize * wasted space. (Such an implementation should also coalesce adjacent * holes to reduce fragmentation). This implementation does neither. * - * There are no separators between fields of an entry. + * There are no separators between fields of an entry. * A principal is a length-encoded array of length-encoded strings. The - * length is a krb5_int16 in each case. The specific format, then, is - * multiple entries concatinated with no separators. An entry has this + * length is a krb5_int16 in each case. The specific format, then, is + * multiple entries concatinated with no separators. An entry has this * exact format: * - * sizeof(krb5_int16) bytes for number of components in the principal; + * sizeof(krb5_int16) bytes for number of components in the principal; * then, each component listed in ordser. * For each component, sizeof(krb5_int16) bytes for the number of bytes * in the component, followed by the component. @@ -1083,73 +1084,73 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) KTCHECKLOCK(id); errno = 0; KTFILEP(id) = fopen(KTFILENAME(id), - (mode == KRB5_LOCKMODE_EXCLUSIVE) ? - fopen_mode_rbplus : fopen_mode_rb); + (mode == KRB5_LOCKMODE_EXCLUSIVE) ? + fopen_mode_rbplus : fopen_mode_rb); if (!KTFILEP(id)) { - if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) { - /* try making it first time around */ + if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) { + /* try making it first time around */ krb5_create_secure_file(context, KTFILENAME(id)); - errno = 0; - KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus); - if (!KTFILEP(id)) - goto report_errno; - writevno = 1; - } else { - report_errno: - switch (errno) { - case 0: - /* XXX */ - return EMFILE; - case ENOENT: - krb5_set_error_message(context, ENOENT, - "Key table file '%s' not found", - KTFILENAME(id)); - return ENOENT; - default: - return errno; - } - } + errno = 0; + KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus); + if (!KTFILEP(id)) + goto report_errno; + writevno = 1; + } else { + report_errno: + switch (errno) { + case 0: + /* XXX */ + return EMFILE; + case ENOENT: + krb5_set_error_message(context, ENOENT, + "Key table file '%s' not found", + KTFILENAME(id)); + return ENOENT; + default: + return errno; + } + } } set_cloexec_file(KTFILEP(id)); if ((kerror = krb5_lock_file(context, fileno(KTFILEP(id)), mode))) { - (void) fclose(KTFILEP(id)); - KTFILEP(id) = 0; - return kerror; + (void) fclose(KTFILEP(id)); + KTFILEP(id) = 0; + return kerror; } /* assume ANSI or BSD-style stdio */ setbuf(KTFILEP(id), KTFILEBUFP(id)); /* get the vno and verify it */ if (writevno) { - kt_vno = htons(krb5_kt_default_vno); - KTVERSION(id) = krb5_kt_default_vno; - if (!fwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { - kerror = errno; - (void) krb5_unlock_file(context, fileno(KTFILEP(id))); - (void) fclose(KTFILEP(id)); - KTFILEP(id) = 0; - return kerror; - } + kt_vno = htons(krb5_kt_default_vno); + KTVERSION(id) = krb5_kt_default_vno; + if (!fwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { + kerror = errno; + (void) krb5_unlock_file(context, fileno(KTFILEP(id))); + (void) fclose(KTFILEP(id)); + KTFILEP(id) = 0; + return kerror; + } } else { - /* gotta verify it instead... */ - if (!fread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { - if (feof(KTFILEP(id))) - kerror = KRB5_KEYTAB_BADVNO; - else - kerror = errno; - (void) krb5_unlock_file(context, fileno(KTFILEP(id))); - (void) fclose(KTFILEP(id)); - KTFILEP(id) = 0; - return kerror; - } - kt_vno = KTVERSION(id) = ntohs(kt_vno); - if ((kt_vno != KRB5_KT_VNO) && - (kt_vno != KRB5_KT_VNO_1)) { - (void) krb5_unlock_file(context, fileno(KTFILEP(id))); - (void) fclose(KTFILEP(id)); - KTFILEP(id) = 0; - return KRB5_KEYTAB_BADVNO; - } + /* gotta verify it instead... */ + if (!fread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { + if (feof(KTFILEP(id))) + kerror = KRB5_KEYTAB_BADVNO; + else + kerror = errno; + (void) krb5_unlock_file(context, fileno(KTFILEP(id))); + (void) fclose(KTFILEP(id)); + KTFILEP(id) = 0; + return kerror; + } + kt_vno = KTVERSION(id) = ntohs(kt_vno); + if ((kt_vno != KRB5_KT_VNO) && + (kt_vno != KRB5_KT_VNO_1)) { + (void) krb5_unlock_file(context, fileno(KTFILEP(id))); + (void) fclose(KTFILEP(id)); + KTFILEP(id) = 0; + return KRB5_KEYTAB_BADVNO; + } } KTSTARTOFF(id) = ftell(KTFILEP(id)); return 0; @@ -1174,7 +1175,7 @@ krb5_ktfileint_close(krb5_context context, krb5_keytab id) KTCHECKLOCK(id); if (!KTFILEP(id)) - return 0; + return 0; kerror = krb5_unlock_file(context, fileno(KTFILEP(id))); (void) fclose(KTFILEP(id)); KTFILEP(id) = 0; @@ -1196,12 +1197,12 @@ krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 del return KRB5_KT_END; } if (KTVERSION(id) != KRB5_KT_VNO_1) - size = ntohl(size); + size = ntohl(size); if (size > 0) { krb5_int32 minus_size = -size; - if (KTVERSION(id) != KRB5_KT_VNO_1) - minus_size = htonl(minus_size); + if (KTVERSION(id) != KRB5_KT_VNO_1) + minus_size = htonl(minus_size); if (fseek(KTFILEP(id), delete_point, SEEK_SET)) { return errno; @@ -1220,8 +1221,8 @@ krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 del memset(iobuf, 0, (size_t) len); while (size > 0) { if (!fwrite(iobuf, 1, (size_t) len, KTFILEP(id))) { - return KRB5_KT_IOERR; - } + return KRB5_KT_IOERR; + } size -= len; if (size < len) { len = size; @@ -1246,8 +1247,8 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke krb5_int32 size; krb5_int32 start_pos; krb5_error_code error; - char *tmpdata; - krb5_data *princ; + char *tmpdata; + krb5_data *princ; KTCHECKLOCK(id); memset(ret_entry, 0, sizeof(krb5_keytab_entry)); @@ -1265,8 +1266,8 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke if (!fread(&size, sizeof(size), 1, KTFILEP(id))) { return KRB5_KT_END; } - if (KTVERSION(id) != KRB5_KT_VNO_1) - size = ntohl(size); + if (KTVERSION(id) != KRB5_KT_VNO_1) + size = ntohl(size); if (size < 0) { if (fseek(KTFILEP(id), -size, SEEK_CUR)) { @@ -1285,163 +1286,163 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke /* first, int16 with #princ components */ if (!fread(&count, sizeof(count), 1, KTFILEP(id))) - return KRB5_KT_END; + return KRB5_KT_END; if (KTVERSION(id) == KRB5_KT_VNO_1) { - count -= 1; /* V1 includes the realm in the count */ + count -= 1; /* V1 includes the realm in the count */ } else { - count = ntohs(count); + count = ntohs(count); } if (!count || (count < 0)) - return KRB5_KT_END; + return KRB5_KT_END; ret_entry->principal = (krb5_principal)malloc(sizeof(krb5_principal_data)); if (!ret_entry->principal) return ENOMEM; - + u_count = count; ret_entry->principal->magic = KV5M_PRINCIPAL; ret_entry->principal->length = u_count; - ret_entry->principal->data = (krb5_data *) - calloc(u_count, sizeof(krb5_data)); + ret_entry->principal->data = (krb5_data *) + calloc(u_count, sizeof(krb5_data)); if (!ret_entry->principal->data) { - free(ret_entry->principal); - ret_entry->principal = 0; - return ENOMEM; + free(ret_entry->principal); + ret_entry->principal = 0; + return ENOMEM; } /* Now, get the realm data */ if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } if (KTVERSION(id) != KRB5_KT_VNO_1) - princ_size = ntohs(princ_size); + princ_size = ntohs(princ_size); if (!princ_size || (princ_size < 0)) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } u_princ_size = princ_size; krb5_princ_set_realm_length(context, ret_entry->principal, u_princ_size); tmpdata = malloc(u_princ_size+1); if (!tmpdata) { - error = ENOMEM; - goto fail; + error = ENOMEM; + goto fail; } if (fread(tmpdata, 1, u_princ_size, KTFILEP(id)) != (size_t) princ_size) { - free(tmpdata); - error = KRB5_KT_END; - goto fail; + free(tmpdata); + error = KRB5_KT_END; + goto fail; } - tmpdata[princ_size] = 0; /* Some things might be expecting null */ - /* termination... ``Be conservative in */ - /* what you send out'' */ + tmpdata[princ_size] = 0; /* Some things might be expecting null */ + /* termination... ``Be conservative in */ + /* what you send out'' */ krb5_princ_set_realm_data(context, ret_entry->principal, tmpdata); - + for (i = 0; i < count; i++) { - princ = krb5_princ_component(context, ret_entry->principal, i); - if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + princ = krb5_princ_component(context, ret_entry->principal, i); + if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { + error = KRB5_KT_END; + goto fail; } - if (KTVERSION(id) != KRB5_KT_VNO_1) - princ_size = ntohs(princ_size); - if (!princ_size || (princ_size < 0)) { - error = KRB5_KT_END; - goto fail; + if (KTVERSION(id) != KRB5_KT_VNO_1) + princ_size = ntohs(princ_size); + if (!princ_size || (princ_size < 0)) { + error = KRB5_KT_END; + goto fail; } - u_princ_size = princ_size; - princ->length = u_princ_size; - princ->data = malloc(u_princ_size+1); - if (!princ->data) { - error = ENOMEM; - goto fail; + u_princ_size = princ_size; + princ->length = u_princ_size; + princ->data = malloc(u_princ_size+1); + if (!princ->data) { + error = ENOMEM; + goto fail; } - if (!fread(princ->data, sizeof(char), u_princ_size, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + if (!fread(princ->data, sizeof(char), u_princ_size, KTFILEP(id))) { + error = KRB5_KT_END; + goto fail; } - princ->data[princ_size] = 0; /* Null terminate */ + princ->data[princ_size] = 0; /* Null terminate */ } /* read in the principal type, if we can get it */ if (KTVERSION(id) != KRB5_KT_VNO_1) { - if (!fread(&ret_entry->principal->type, - sizeof(ret_entry->principal->type), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; - } - ret_entry->principal->type = ntohl(ret_entry->principal->type); - } - + if (!fread(&ret_entry->principal->type, + sizeof(ret_entry->principal->type), 1, KTFILEP(id))) { + error = KRB5_KT_END; + goto fail; + } + ret_entry->principal->type = ntohl(ret_entry->principal->type); + } + /* read in the timestamp */ if (!fread(&ret_entry->timestamp, sizeof(ret_entry->timestamp), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } if (KTVERSION(id) != KRB5_KT_VNO_1) - ret_entry->timestamp = ntohl(ret_entry->timestamp); - + ret_entry->timestamp = ntohl(ret_entry->timestamp); + /* read in the version number */ if (!fread(&vno, sizeof(vno), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } ret_entry->vno = (krb5_kvno)vno; - + /* key type */ if (!fread(&enctype, sizeof(enctype), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } ret_entry->key.enctype = (krb5_enctype)enctype; if (KTVERSION(id) != KRB5_KT_VNO_1) - ret_entry->key.enctype = ntohs(ret_entry->key.enctype); - + ret_entry->key.enctype = ntohs(ret_entry->key.enctype); + /* key contents */ ret_entry->key.magic = KV5M_KEYBLOCK; - + if (!fread(&count, sizeof(count), 1, KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } if (KTVERSION(id) != KRB5_KT_VNO_1) - count = ntohs(count); + count = ntohs(count); if (!count || (count < 0)) { - error = KRB5_KT_END; - goto fail; + error = KRB5_KT_END; + goto fail; } u_count = count; ret_entry->key.length = u_count; - + ret_entry->key.contents = (krb5_octet *)malloc(u_count); if (!ret_entry->key.contents) { - error = ENOMEM; - goto fail; - } + error = ENOMEM; + goto fail; + } if (!fread(ret_entry->key.contents, sizeof(krb5_octet), count, - KTFILEP(id))) { - error = KRB5_KT_END; - goto fail; + KTFILEP(id))) { + error = KRB5_KT_END; + goto fail; } /* * Reposition file pointer to the next inter-record length field. */ if (fseek(KTFILEP(id), start_pos + size, SEEK_SET) == -1) { - error = errno; - goto fail; + error = errno; + goto fail; } return 0; fail: - + for (i = 0; i < krb5_princ_size(context, ret_entry->principal); i++) { - princ = krb5_princ_component(context, ret_entry->principal, i); - if (princ->data) - free(princ->data); + princ = krb5_princ_component(context, ret_entry->principal, i); + if (princ->data) + free(princ->data); } free(ret_entry->principal->data); ret_entry->principal->data = 0; @@ -1466,10 +1467,10 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent krb5_int16 count, size, enctype; krb5_error_code retval = 0; krb5_timestamp timestamp; - krb5_int32 princ_type; + krb5_int32 princ_type; krb5_int32 size_needed; krb5_int32 commit_point = -1; - int i; + int i; KTCHECKLOCK(id); retval = krb5_ktfileint_size_entry(context, entry, &size_needed); @@ -1487,50 +1488,50 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent } if (KTVERSION(id) == KRB5_KT_VNO_1) { - count = (krb5_int16) krb5_princ_size(context, entry->principal) + 1; + count = (krb5_int16) krb5_princ_size(context, entry->principal) + 1; } else { - count = htons((u_short) krb5_princ_size(context, entry->principal)); + count = htons((u_short) krb5_princ_size(context, entry->principal)); } - + if (!fwrite(&count, sizeof(count), 1, KTFILEP(id))) { abend: - return KRB5_KT_IOERR; + return KRB5_KT_IOERR; } size = krb5_princ_realm(context, entry->principal)->length; if (KTVERSION(id) != KRB5_KT_VNO_1) - size = htons(size); + size = htons(size); if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { - goto abend; + goto abend; } if (!fwrite(krb5_princ_realm(context, entry->principal)->data, sizeof(char), - krb5_princ_realm(context, entry->principal)->length, KTFILEP(id))) { - goto abend; + krb5_princ_realm(context, entry->principal)->length, KTFILEP(id))) { + goto abend; } count = (krb5_int16) krb5_princ_size(context, entry->principal); for (i = 0; i < count; i++) { - princ = krb5_princ_component(context, entry->principal, i); - size = princ->length; - if (KTVERSION(id) != KRB5_KT_VNO_1) - size = htons(size); - if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { - goto abend; - } - if (!fwrite(princ->data, sizeof(char), princ->length, KTFILEP(id))) { - goto abend; - } + princ = krb5_princ_component(context, entry->principal, i); + size = princ->length; + if (KTVERSION(id) != KRB5_KT_VNO_1) + size = htons(size); + if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { + goto abend; + } + if (!fwrite(princ->data, sizeof(char), princ->length, KTFILEP(id))) { + goto abend; + } } /* * Write out the principal type */ if (KTVERSION(id) != KRB5_KT_VNO_1) { - princ_type = htonl(krb5_princ_type(context, entry->principal)); - if (!fwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) { - goto abend; - } + princ_type = htonl(krb5_princ_type(context, entry->principal)); + if (!fwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) { + goto abend; + } } - + /* * Fill in the time of day the entry was written to the keytab. */ @@ -1538,41 +1539,41 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent entry->timestamp = 0; } if (KTVERSION(id) == KRB5_KT_VNO_1) - timestamp = entry->timestamp; + timestamp = entry->timestamp; else - timestamp = htonl(entry->timestamp); + timestamp = htonl(entry->timestamp); if (!fwrite(×tamp, sizeof(timestamp), 1, KTFILEP(id))) { - goto abend; + goto abend; } - + /* key version number */ vno = (krb5_octet)entry->vno; if (!fwrite(&vno, sizeof(vno), 1, KTFILEP(id))) { - goto abend; + goto abend; } /* key type */ if (KTVERSION(id) == KRB5_KT_VNO_1) - enctype = entry->key.enctype; + enctype = entry->key.enctype; else - enctype = htons(entry->key.enctype); + enctype = htons(entry->key.enctype); if (!fwrite(&enctype, sizeof(enctype), 1, KTFILEP(id))) { - goto abend; + goto abend; } /* key length */ if (KTVERSION(id) == KRB5_KT_VNO_1) - size = entry->key.length; + size = entry->key.length; else - size = htons(entry->key.length); + size = htons(entry->key.length); if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { - goto abend; + goto abend; } if (!fwrite(entry->key.contents, sizeof(krb5_octet), - entry->key.length, KTFILEP(id))) { - goto abend; - } + entry->key.length, KTFILEP(id))) { + goto abend; + } if (fflush(KTFILEP(id))) - goto abend; + goto abend; retval = krb5_sync_disk_file(context, KTFILEP(id)); @@ -1584,12 +1585,12 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent return errno; } if (KTVERSION(id) != KRB5_KT_VNO_1) - size_needed = htonl(size_needed); + size_needed = htonl(size_needed); if (!fwrite(&size_needed, sizeof(size_needed), 1, KTFILEP(id))) { goto abend; } if (fflush(KTFILEP(id))) - goto abend; + goto abend; retval = krb5_sync_disk_file(context, KTFILEP(id)); return retval; @@ -1607,13 +1608,13 @@ krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_i krb5_error_code retval = 0; count = (krb5_int16) krb5_princ_size(context, entry->principal); - + total_size = sizeof(count); total_size += krb5_princ_realm(context, entry->principal)->length + (sizeof(krb5_int16)); - + for (i = 0; i < count; i++) { - total_size += krb5_princ_component(context, entry->principal,i)->length - + (sizeof(krb5_int16)); + total_size += krb5_princ_component(context, entry->principal,i)->length + + (sizeof(krb5_int16)); } total_size += sizeof(entry->principal->type); @@ -1636,7 +1637,7 @@ krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_i * The size_needed argument may be adjusted if we find a hole that is * larger than the size needed. (Recall that size_needed will be used * to commit the write, but that this field must indicate the size of the - * block in the file rather than the size of the actual entry) + * block in the file rather than the size of the actual entry) */ static krb5_error_code krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_needed, krb5_int32 *commit_point_ptr) @@ -1655,56 +1656,55 @@ krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_ for (;;) { commit_point = ftell(fp); - if (commit_point == -1) - return errno; + if (commit_point == -1) + return errno; if (!fread(&size, sizeof(size), 1, fp)) { /* Hit the end of file, reserve this slot. */ /* Necessary to avoid a later fseek failing on Solaris 10. */ - if (fseek(fp, 0, SEEK_CUR)) - return errno; - /* htonl(0) is 0, so no need to worry about byte order */ + if (fseek(fp, 0, SEEK_CUR)) + return errno; + /* htonl(0) is 0, so no need to worry about byte order */ size = 0; if (!fwrite(&size, sizeof(size), 1, fp)) return errno; break; } - if (KTVERSION(id) != KRB5_KT_VNO_1) - size = ntohl(size); + if (KTVERSION(id) != KRB5_KT_VNO_1) + size = ntohl(size); if (size > 0) { - /* Non-empty record; seek past it. */ + /* Non-empty record; seek past it. */ if (fseek(fp, size, SEEK_CUR)) return errno; - } else if (size < 0) { - /* Empty record; use if it's big enough, seek past otherwise. */ - size = -size; + } else if (size < 0) { + /* Empty record; use if it's big enough, seek past otherwise. */ + size = -size; if (size >= *size_needed) { *size_needed = size; - break; - } else { + break; + } else { if (fseek(fp, size, SEEK_CUR)) return errno; - } - } else { - /* Empty record at end of file; use it. */ - /* Ensure the new record will be followed by another 0. */ - zero_point = ftell(fp); - if (zero_point == -1) - return errno; - if (fseek(fp, *size_needed, SEEK_CUR)) - return errno; - /* htonl(0) is 0, so no need to worry about byte order */ + } + } else { + /* Empty record at end of file; use it. */ + /* Ensure the new record will be followed by another 0. */ + zero_point = ftell(fp); + if (zero_point == -1) + return errno; + if (fseek(fp, *size_needed, SEEK_CUR)) + return errno; + /* htonl(0) is 0, so no need to worry about byte order */ if (!fwrite(&size, sizeof(size), 1, fp)) return errno; - if (fseek(fp, zero_point, SEEK_SET)) - return errno; - break; - } + if (fseek(fp, zero_point, SEEK_SET)) + return errno; + break; + } } *commit_point_ptr = commit_point; return 0; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c index b78e706..d58ffee 100644 --- a/src/lib/krb5/keytab/kt_memory.c +++ b/src/lib/krb5/keytab/kt_memory.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/kt_memory.c * @@ -42,15 +43,15 @@ * Constants */ -/* +/* * Types */ -/* From krb5.h: +/* From krb5.h: * typedef struct krb5_keytab_entry_st { * krb5_magic magic; * krb5_principal principal; principal of this key - * krb5_timestamp timestamp; time entry written to keytable - * krb5_kvno vno; key version number + * krb5_timestamp timestamp; time entry written to keytable + * krb5_kvno vno; key version number * krb5_keyblock key; the secret key *} krb5_keytab_entry; */ @@ -63,10 +64,10 @@ typedef struct _krb5_mkt_link { /* Per-keytab data header */ typedef struct _krb5_mkt_data { - char *name; /* Name of the keytab */ - k5_mutex_t lock; /* Thread-safety - all but link */ - krb5_int32 refcount; - krb5_mkt_cursor link; + char *name; /* Name of the keytab */ + k5_mutex_t lock; /* Thread-safety - all but link */ + krb5_int32 refcount; + krb5_mkt_cursor link; } krb5_mkt_data; /* List of memory key tables */ @@ -80,8 +81,8 @@ typedef struct _krb5_mkt_ptcursor_data { struct _krb5_mkt_list_node *cur; } krb5_mkt_ptcursor_data; -/* - * Globals +/* + * Globals */ static krb5_mkt_list_node * krb5int_mkt_list = NULL; static k5_mutex_t krb5int_mkt_mutex = K5_MUTEX_PARTIAL_INITIALIZER; @@ -103,55 +104,55 @@ static k5_mutex_t krb5int_mkt_mutex = K5_MUTEX_PARTIAL_INITIALIZER; extern const struct _krb5_kt_ops krb5_mkt_ops; -krb5_error_code KRB5_CALLCONV krb5_mkt_resolve - (krb5_context, - const char *, - krb5_keytab *); - -krb5_error_code KRB5_CALLCONV krb5_mkt_get_name - (krb5_context, - krb5_keytab, - char *, - unsigned int); - -krb5_error_code KRB5_CALLCONV krb5_mkt_close - (krb5_context, - krb5_keytab); - -krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry - (krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); - -krb5_error_code KRB5_CALLCONV krb5_mkt_start_seq_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); - -krb5_error_code KRB5_CALLCONV krb5_mkt_get_next - (krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); - -krb5_error_code KRB5_CALLCONV krb5_mkt_end_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); +krb5_error_code KRB5_CALLCONV krb5_mkt_resolve +(krb5_context, + const char *, + krb5_keytab *); + +krb5_error_code KRB5_CALLCONV krb5_mkt_get_name +(krb5_context, + krb5_keytab, + char *, + unsigned int); + +krb5_error_code KRB5_CALLCONV krb5_mkt_close +(krb5_context, + krb5_keytab); + +krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry +(krb5_context, + krb5_keytab, + krb5_const_principal, + krb5_kvno, + krb5_enctype, + krb5_keytab_entry *); + +krb5_error_code KRB5_CALLCONV krb5_mkt_start_seq_get +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); + +krb5_error_code KRB5_CALLCONV krb5_mkt_get_next +(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *); + +krb5_error_code KRB5_CALLCONV krb5_mkt_end_get +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); /* routines to be included on extended version (write routines) */ -krb5_error_code KRB5_CALLCONV krb5_mkt_add - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); +krb5_error_code KRB5_CALLCONV krb5_mkt_add +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); -krb5_error_code KRB5_CALLCONV krb5_mkt_remove - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); +krb5_error_code KRB5_CALLCONV krb5_mkt_remove +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); int krb5int_mkt_initialize(void) { return k5_mutex_finish_init(&krb5int_mkt_mutex); @@ -164,33 +165,33 @@ void krb5int_mkt_finalize(void) { k5_mutex_destroy(&krb5int_mkt_mutex); for (node = krb5int_mkt_list; node; node = next_node) { - next_node = node->next; + next_node = node->next; - /* destroy the contents of node->keytab */ - free(KTNAME(node->keytab)); + /* destroy the contents of node->keytab */ + free(KTNAME(node->keytab)); - /* free the keytab entries */ - for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) { - next_cursor = cursor->next; - /* the call to krb5_kt_free_entry uses a NULL in place of the - * krb5_context since we know that the context isn't used by - * krb5_kt_free_entry or krb5_free_principal. */ - krb5_kt_free_entry(NULL, cursor->entry); - free(cursor->entry); - free(cursor); - } + /* free the keytab entries */ + for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) { + next_cursor = cursor->next; + /* the call to krb5_kt_free_entry uses a NULL in place of the + * krb5_context since we know that the context isn't used by + * krb5_kt_free_entry or krb5_free_principal. */ + krb5_kt_free_entry(NULL, cursor->entry); + free(cursor->entry); + free(cursor); + } - /* destroy the lock */ - k5_mutex_destroy(&(((krb5_mkt_data *)node->keytab->data)->lock)); + /* destroy the lock */ + k5_mutex_destroy(&(((krb5_mkt_data *)node->keytab->data)->lock)); - /* free the private data */ - free(node->keytab->data); + /* free the private data */ + free(node->keytab->data); - /* and the keytab */ - free(node->keytab); + /* and the keytab */ + free(node->keytab); - /* and finally the node */ - free(node); + /* and finally the node */ + free(node); } } @@ -205,34 +206,34 @@ create_list_node(const char *name, krb5_mkt_list_node **listp) list = calloc(1, sizeof(krb5_mkt_list_node)); if (list == NULL) { - err = ENOMEM; - goto cleanup; + err = ENOMEM; + goto cleanup; } list->keytab = calloc(1, sizeof(struct _krb5_kt)); if (list->keytab == NULL) { - err = ENOMEM; - goto cleanup; + err = ENOMEM; + goto cleanup; } list->keytab->ops = &krb5_mkt_ops; data = calloc(1, sizeof(krb5_mkt_data)); if (data == NULL) { - err = ENOMEM; - goto cleanup; + err = ENOMEM; + goto cleanup; } data->link = NULL; data->refcount = 0; data->name = strdup(name); if (data->name == NULL) { - err = ENOMEM; - goto cleanup; + err = ENOMEM; + goto cleanup; } err = k5_mutex_init(&data->lock); if (err) - goto cleanup; + goto cleanup; list->keytab->data = data; list->keytab->magic = KV5M_KEYTAB; @@ -243,20 +244,20 @@ create_list_node(const char *name, krb5_mkt_list_node **listp) cleanup: /* data->lock was initialized last, so no need to destroy. */ if (data) - free(data->name); + free(data->name); free(data); if (list) - free(list->keytab); + free(list->keytab); free(list); return err; } /* - * This is an implementation specific resolver. It returns a keytab + * This is an implementation specific resolver. It returns a keytab * initialized with memory keytab routines. */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id) { krb5_mkt_list_node *list; @@ -267,29 +268,29 @@ krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id) /* First determine if a memory keytab of this name already exists */ err = KTGLOCK; if (err) - return err; + return err; for (list = krb5int_mkt_list; list; list = list->next) { - if (strcmp(name,KTNAME(list->keytab)) == 0) - break; + if (strcmp(name,KTNAME(list->keytab)) == 0) + break; } if (!list) { - /* We will now create the new key table with the specified name. - * We do not drop the global lock, therefore the name will indeed - * be unique when we add it. - */ - err = create_list_node(name, &list); - if (err) - goto done; - list->next = krb5int_mkt_list; - krb5int_mkt_list = list; + /* We will now create the new key table with the specified name. + * We do not drop the global lock, therefore the name will indeed + * be unique when we add it. + */ + err = create_list_node(name, &list); + if (err) + goto done; + list->next = krb5int_mkt_list; + krb5int_mkt_list = list; } /* Increment the reference count on the keytab we found or created. */ err = KTLOCK(list->keytab); if (err) - goto done; + goto done; KTREFCNT(list->keytab)++; KTUNLOCK(list->keytab); *id = list->keytab; @@ -306,7 +307,7 @@ done: * a memory keytab shouldn't either. */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_close(krb5_context context, krb5_keytab id) { krb5_mkt_list_node **listp; @@ -319,71 +320,71 @@ krb5_mkt_close(krb5_context context, krb5_keytab id) /* First determine if a memory keytab of this name already exists */ err = KTGLOCK; if (err) - return(err); - + return(err); + for (listp = &krb5int_mkt_list; *listp; listp = &((*listp)->next)) { - if (id == (*listp)->keytab) { - /* Found */ - break; - } + if (id == (*listp)->keytab) { + /* Found */ + break; + } } if (*listp == NULL) { - /* The specified keytab could not be found */ - err = KRB5_KT_NOTFOUND; - goto done; + /* The specified keytab could not be found */ + err = KRB5_KT_NOTFOUND; + goto done; } /* reduce the refcount and return */ err = KTLOCK(id); if (err) - goto done; + goto done; KTREFCNT(id)--; KTUNLOCK(id); #ifdef HEIMDAL_COMPATIBLE - /* In Heimdal if the refcount hits 0, the MEMORY keytab is + /* In Heimdal if the refcount hits 0, the MEMORY keytab is * destroyed since there is no krb5_kt_destroy function. - * There is no need to lock the entry while performing + * There is no need to lock the entry while performing * these operations as the refcount will be 0 and we are * holding the global lock. */ data = (krb5_mkt_data *)id->data; if (data->refcount == 0) { - krb5_mkt_cursor cursor, next_cursor; + krb5_mkt_cursor cursor, next_cursor; - node = *listp; - *listp = node->next; + node = *listp; + *listp = node->next; - /* destroy the contents of node->keytab (aka id) */ - free(data->name); + /* destroy the contents of node->keytab (aka id) */ + free(data->name); - /* free the keytab entries */ - for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) { - next_cursor = cursor->next; + /* free the keytab entries */ + for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) { + next_cursor = cursor->next; - krb5_kt_free_entry(context, cursor->entry); - free(cursor->entry); - free(cursor); - } + krb5_kt_free_entry(context, cursor->entry); + free(cursor->entry); + free(cursor); + } - /* destroy the lock */ - k5_mutex_destroy(&(data->lock)); + /* destroy the lock */ + k5_mutex_destroy(&(data->lock)); - /* free the private data */ - free(data); + /* free the private data */ + free(data); - /* and the keytab */ - free(node->keytab); + /* and the keytab */ + free(node->keytab); - /* and finally the node */ - free(node); + /* and finally the node */ + free(node); } #endif /* HEIMDAL_COMPATIBLE */ - done: +done: KTGUNLOCK; return(err); } @@ -395,8 +396,8 @@ krb5_mkt_close(krb5_context context, krb5_keytab id) krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry(krb5_context context, krb5_keytab id, - krb5_const_principal principal, krb5_kvno kvno, - krb5_enctype enctype, krb5_keytab_entry *out_entry) + krb5_const_principal principal, krb5_kvno kvno, + krb5_enctype enctype, krb5_keytab_entry *out_entry) { krb5_mkt_cursor cursor; krb5_keytab_entry *entry, *match = NULL; @@ -406,67 +407,67 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id, err = KTLOCK(id); if (err) - return err; + return err; for (cursor = KTLINK(id); cursor && cursor->entry; cursor = cursor->next) { - entry = cursor->entry; - - /* if the principal isn't the one requested, continue to the next. */ - - if (!krb5_principal_compare(context, principal, entry->principal)) - continue; - - /* if the enctype is not ignored and doesn't match, - and continue to the next */ - if (enctype != IGNORE_ENCTYPE) { - if ((err = krb5_c_enctype_compare(context, enctype, - entry->key.enctype, - &similar))) { - /* we can't determine the enctype of the entry */ - continue; - } - - if (!similar) - continue; - } - - if (kvno == IGNORE_VNO) { - if (match == NULL) - match = entry; - else if (entry->vno > match->vno) - match = entry; - } else { - if (entry->vno == kvno) { - match = entry; - break; - } else { - found_wrong_kvno++; - } - } + entry = cursor->entry; + + /* if the principal isn't the one requested, continue to the next. */ + + if (!krb5_principal_compare(context, principal, entry->principal)) + continue; + + /* if the enctype is not ignored and doesn't match, + and continue to the next */ + if (enctype != IGNORE_ENCTYPE) { + if ((err = krb5_c_enctype_compare(context, enctype, + entry->key.enctype, + &similar))) { + /* we can't determine the enctype of the entry */ + continue; + } + + if (!similar) + continue; + } + + if (kvno == IGNORE_VNO) { + if (match == NULL) + match = entry; + else if (entry->vno > match->vno) + match = entry; + } else { + if (entry->vno == kvno) { + match = entry; + break; + } else { + found_wrong_kvno++; + } + } } /* if we found an entry that matches, ... */ - if (match) { - out_entry->magic = match->magic; - out_entry->timestamp = match->timestamp; - out_entry->vno = match->vno; - out_entry->key = match->key; - err = krb5_copy_keyblock_contents(context, &(match->key), - &(out_entry->key)); - /* - * Coerce the enctype of the output keyblock in case we - * got an inexact match on the enctype. - */ - if(enctype != IGNORE_ENCTYPE) - out_entry->key.enctype = enctype; - if(!err) { - err = krb5_copy_principal(context, - match->principal, - &(out_entry->principal)); - } + if (match) { + out_entry->magic = match->magic; + out_entry->timestamp = match->timestamp; + out_entry->vno = match->vno; + out_entry->key = match->key; + err = krb5_copy_keyblock_contents(context, &(match->key), + &(out_entry->key)); + /* + * Coerce the enctype of the output keyblock in case we + * got an inexact match on the enctype. + */ + if(enctype != IGNORE_ENCTYPE) + out_entry->key.enctype = enctype; + if(!err) { + err = krb5_copy_principal(context, + match->principal, + &(out_entry->principal)); + } } else { - if (!err) - err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND; + if (!err) + err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND; } KTUNLOCK(id); @@ -485,7 +486,7 @@ krb5_mkt_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int memset(name, 0, len); result = snprintf(name, len, "%s:%s", id->ops->prefix, KTNAME(id)); if (SNPRINTF_OVERFLOW(result, len)) - return(KRB5_KT_NAME_TOOLONG); + return(KRB5_KT_NAME_TOOLONG); return(0); } @@ -500,7 +501,7 @@ krb5_mkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cur err = KTLOCK(id); if (err) - return(err); + return(err); *cursorp = (krb5_kt_cursor)KTLINK(id); KTUNLOCK(id); @@ -512,7 +513,7 @@ krb5_mkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cur * krb5_mkt_get_next() */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { krb5_mkt_cursor mkt_cursor = (krb5_mkt_cursor)*cursor; @@ -520,24 +521,24 @@ krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry err = KTLOCK(id); if (err) - return err; + return err; if (mkt_cursor == NULL) { - KTUNLOCK(id); - return KRB5_KT_END; + KTUNLOCK(id); + return KRB5_KT_END; } entry->magic = mkt_cursor->entry->magic; entry->timestamp = mkt_cursor->entry->timestamp; entry->vno = mkt_cursor->entry->vno; - entry->key = mkt_cursor->entry->key; - err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key), - &(entry->key)); - if (!err) - err = krb5_copy_principal(context, mkt_cursor->entry->principal, - &(entry->principal)); + entry->key = mkt_cursor->entry->key; + err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key), + &(entry->key)); + if (!err) + err = krb5_copy_principal(context, mkt_cursor->entry->principal, + &(entry->principal)); if (!err) - *cursor = (krb5_kt_cursor *)mkt_cursor->next; + *cursor = (krb5_kt_cursor *)mkt_cursor->next; KTUNLOCK(id); return(err); } @@ -546,7 +547,7 @@ krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry * krb5_mkt_end_get() */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { *cursor = NULL; @@ -558,7 +559,7 @@ krb5_mkt_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) * krb5_mkt_add() */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_error_code err = 0; @@ -566,47 +567,47 @@ krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) err = KTLOCK(id); if (err) - return err; + return err; cursor = (krb5_mkt_cursor)malloc(sizeof(krb5_mkt_link)); if (cursor == NULL) { - err = ENOMEM; - goto done; + err = ENOMEM; + goto done; } cursor->entry = (krb5_keytab_entry *)malloc(sizeof(krb5_keytab_entry)); if (cursor->entry == NULL) { - free(cursor); - err = ENOMEM; - goto done; + free(cursor); + err = ENOMEM; + goto done; } cursor->entry->magic = entry->magic; cursor->entry->timestamp = entry->timestamp; cursor->entry->vno = entry->vno; - err = krb5_copy_keyblock_contents(context, &(entry->key), - &(cursor->entry->key)); + err = krb5_copy_keyblock_contents(context, &(entry->key), + &(cursor->entry->key)); if (err) { - free(cursor->entry); - free(cursor); - goto done; + free(cursor->entry); + free(cursor); + goto done; } err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal)); if (err) { - krb5_free_keyblock_contents(context, &(cursor->entry->key)); - free(cursor->entry); - free(cursor); - goto done; + krb5_free_keyblock_contents(context, &(cursor->entry->key)); + free(cursor->entry); + free(cursor); + goto done; } if (KTLINK(id) == NULL) { - cursor->next = NULL; - KTLINK(id) = cursor; + cursor->next = NULL; + KTLINK(id) = cursor; } else { - cursor->next = KTLINK(id); - KTLINK(id) = cursor; + cursor->next = KTLINK(id); + KTLINK(id) = cursor; } - done: +done: KTUNLOCK(id); return err; } @@ -615,7 +616,7 @@ krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) * krb5_mkt_remove() */ -krb5_error_code KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_mkt_cursor *pcursor, next; @@ -623,23 +624,23 @@ krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) err = KTLOCK(id); if (err) - return err; + return err; if ( KTLINK(id) == NULL ) { - err = KRB5_KT_NOTFOUND; - goto done; + err = KRB5_KT_NOTFOUND; + goto done; } - + for ( pcursor = &KTLINK(id); *pcursor; pcursor = &(*pcursor)->next ) { - if ( (*pcursor)->entry->vno == entry->vno && - (*pcursor)->entry->key.enctype == entry->key.enctype && - krb5_principal_compare(context, (*pcursor)->entry->principal, entry->principal)) - break; + if ( (*pcursor)->entry->vno == entry->vno && + (*pcursor)->entry->key.enctype == entry->key.enctype && + krb5_principal_compare(context, (*pcursor)->entry->principal, entry->principal)) + break; } if (!*pcursor) { - err = KRB5_KT_NOTFOUND; - goto done; + err = KRB5_KT_NOTFOUND; + goto done; } krb5_kt_free_entry(context, (*pcursor)->entry); @@ -648,7 +649,7 @@ krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) free(*pcursor); (*pcursor) = next; - done: +done: KTUNLOCK(id); return err; } @@ -660,9 +661,9 @@ krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) const struct _krb5_kt_ops krb5_mkt_ops = { 0, - "MEMORY", /* Prefix -- this string should not appear anywhere else! */ + "MEMORY", /* Prefix -- this string should not appear anywhere else! */ krb5_mkt_resolve, - krb5_mkt_get_name, + krb5_mkt_get_name, krb5_mkt_close, krb5_mkt_get_entry, krb5_mkt_start_seq_get, @@ -674,4 +675,3 @@ const struct _krb5_kt_ops krb5_mkt_ops = { }; #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c index 20ea3d7..a2e1304 100644 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ b/src/lib/krb5/keytab/kt_srvtab.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/srvtab/kts_resolv.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -27,23 +28,23 @@ #include "k5-int.h" #include <stdio.h> -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT /* * Constants */ -#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ -#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ +#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ +#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ #define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO -/* +/* * Types */ typedef struct _krb5_ktsrvtab_data { - char *name; /* Name of the file */ - FILE *openf; /* open file, if any. */ + char *name; /* Name of the file */ + FILE *openf; /* open file, if any. */ } krb5_ktsrvtab_data; /* @@ -56,59 +57,59 @@ typedef struct _krb5_ktsrvtab_data { extern const struct _krb5_kt_ops krb5_kts_ops; static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_resolve - (krb5_context, - const char *, - krb5_keytab *); +(krb5_context, + const char *, + krb5_keytab *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_name - (krb5_context, - krb5_keytab, - char *, - unsigned int); +(krb5_context, + krb5_keytab, + char *, + unsigned int); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_close - (krb5_context, - krb5_keytab); +(krb5_context, + krb5_keytab); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_entry - (krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); +(krb5_context, + krb5_keytab, + krb5_const_principal, + krb5_kvno, + krb5_enctype, + krb5_keytab_entry *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_start_seq_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_next - (krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); +(krb5_context, + krb5_keytab, + krb5_keytab_entry *, + krb5_kt_cursor *); static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_end_get - (krb5_context, - krb5_keytab, - krb5_kt_cursor *); +(krb5_context, + krb5_keytab, + krb5_kt_cursor *); static krb5_error_code krb5_ktsrvint_open - (krb5_context, - krb5_keytab); +(krb5_context, + krb5_keytab); static krb5_error_code krb5_ktsrvint_close - (krb5_context, - krb5_keytab); +(krb5_context, + krb5_keytab); -static krb5_error_code krb5_ktsrvint_read_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry *); +static krb5_error_code krb5_ktsrvint_read_entry +(krb5_context, + krb5_keytab, + krb5_keytab_entry *); /* - * This is an implementation specific resolver. It returns a keytab id + * This is an implementation specific resolver. It returns a keytab id * initialized with srvtab keytab routines. */ @@ -118,20 +119,20 @@ krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id) krb5_ktsrvtab_data *data; if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) - return(ENOMEM); - + return(ENOMEM); + (*id)->ops = &krb5_kts_ops; data = (krb5_ktsrvtab_data *)malloc(sizeof(krb5_ktsrvtab_data)); if (data == NULL) { - free(*id); - return(ENOMEM); + free(*id); + return(ENOMEM); } data->name = strdup(name); if (data->name == NULL) { - free(data); - free(*id); - return(ENOMEM); + free(data); + free(*id); + return(ENOMEM); } data->openf = 0; @@ -148,13 +149,13 @@ krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id) krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_close(krb5_context context, krb5_keytab id) - /* - * This routine is responsible for freeing all memory allocated - * for this keytab. There are no system resources that need - * to be freed nor are there any open files. - * - * This routine should undo anything done by krb5_ktsrvtab_resolve(). - */ +/* + * This routine is responsible for freeing all memory allocated + * for this keytab. There are no system resources that need + * to be freed nor are there any open files. + * + * This routine should undo anything done by krb5_ktsrvtab_resolve(). + */ { free(KTFILENAME(id)); free(id->data); @@ -178,7 +179,7 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip /* Open the srvtab. */ if ((kerror = krb5_ktsrvint_open(context, id))) - return(kerror); + return(kerror); /* srvtab files only have DES_CBC_CRC keys. */ switch (enctype) { @@ -187,50 +188,50 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip case ENCTYPE_DES_CBC_MD4: case ENCTYPE_DES_CBC_RAW: case IGNORE_ENCTYPE: - break; + break; default: - return KRB5_KT_NOTFOUND; + return KRB5_KT_NOTFOUND; } best_entry.principal = 0; best_entry.vno = 0; best_entry.key.contents = 0; while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) { - ent.key.enctype = enctype; - if (krb5_principal_compare(context, principal, ent.principal)) { - if (kvno == IGNORE_VNO) { - if (!best_entry.principal || (best_entry.vno < ent.vno)) { - krb5_kt_free_entry(context, &best_entry); - best_entry = ent; - } - } else { - if (ent.vno == kvno) { - best_entry = ent; - break; - } else { - found_wrong_kvno = 1; - } - } - } else { - krb5_kt_free_entry(context, &ent); - } + ent.key.enctype = enctype; + if (krb5_principal_compare(context, principal, ent.principal)) { + if (kvno == IGNORE_VNO) { + if (!best_entry.principal || (best_entry.vno < ent.vno)) { + krb5_kt_free_entry(context, &best_entry); + best_entry = ent; + } + } else { + if (ent.vno == kvno) { + best_entry = ent; + break; + } else { + found_wrong_kvno = 1; + } + } + } else { + krb5_kt_free_entry(context, &ent); + } } if (kerror == KRB5_KT_END) { - if (best_entry.principal) - kerror = 0; - else if (found_wrong_kvno) - kerror = KRB5_KT_KVNONOTFOUND; - else - kerror = KRB5_KT_NOTFOUND; + if (best_entry.principal) + kerror = 0; + else if (found_wrong_kvno) + kerror = KRB5_KT_KVNONOTFOUND; + else + kerror = KRB5_KT_NOTFOUND; } if (kerror) { - (void) krb5_ktsrvint_close(context, id); - krb5_kt_free_entry(context, &best_entry); - return kerror; + (void) krb5_ktsrvint_close(context, id); + krb5_kt_free_entry(context, &best_entry); + return kerror; } if ((kerror = krb5_ktsrvint_close(context, id)) != 0) { - krb5_kt_free_entry(context, &best_entry); - return kerror; + krb5_kt_free_entry(context, &best_entry); + return kerror; } *entry = best_entry; return 0; @@ -242,18 +243,18 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len) - /* - * This routine returns the name of the name of the file associated with - * this srvtab-based keytab. The name is prefixed with PREFIX:, so that - * trt will happen if the name is passed back to resolve. - */ +/* + * This routine returns the name of the name of the file associated with + * this srvtab-based keytab. The name is prefixed with PREFIX:, so that + * trt will happen if the name is passed back to resolve. + */ { int result; memset(name, 0, len); result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id)); if (SNPRINTF_OVERFLOW(result, len)) - return(KRB5_KT_NAME_TOOLONG); + return(KRB5_KT_NAME_TOOLONG); return(0); } @@ -268,11 +269,11 @@ krb5_ktsrvtab_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor long *fileoff; if ((retval = krb5_ktsrvint_open(context, id))) - return retval; + return retval; if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) { - krb5_ktsrvint_close(context, id); - return ENOMEM; + krb5_ktsrvint_close(context, id); + return ENOMEM; } *fileoff = ftell(KTFILEP(id)); *cursorp = (krb5_kt_cursor)fileoff; @@ -292,9 +293,9 @@ krb5_ktsrvtab_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry * krb5_error_code kerror; if (fseek(KTFILEP(id), *fileoff, 0) == -1) - return KRB5_KT_END; + return KRB5_KT_END; if ((kerror = krb5_ktsrvint_read_entry(context, id, &cur_entry))) - return kerror; + return kerror; *fileoff = ftell(KTFILEP(id)); *entry = cur_entry; return 0; @@ -317,9 +318,9 @@ krb5_ktsrvtab_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *curs const struct _krb5_kt_ops krb5_kts_ops = { 0, - "SRVTAB", /* Prefix -- this string should not appear anywhere else! */ + "SRVTAB", /* Prefix -- this string should not appear anywhere else! */ krb5_ktsrvtab_resolve, - krb5_ktsrvtab_get_name, + krb5_ktsrvtab_get_name, krb5_ktsrvtab_close, krb5_ktsrvtab_get_entry, krb5_ktsrvtab_start_seq_get, @@ -344,7 +345,7 @@ const struct _krb5_kt_ops krb5_kts_ops = { * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -358,7 +359,7 @@ const struct _krb5_kt_ops krb5_kts_ops = { * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * This function contains utilities for the srvtab based implementation * of the keytab. There are no public functions in this file. @@ -367,17 +368,17 @@ const struct _krb5_kt_ops krb5_kts_ops = { #include <stdio.h> #ifdef ANSI_STDIO -#define READ_MODE "rb" +#define READ_MODE "rb" #else -#define READ_MODE "r" +#define READ_MODE "r" #endif /* The maximum sizes for V4 aname, realm, sname, and instance +1 */ /* Taken from krb.h */ -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 static krb5_error_code read_field(FILE *fp, char *s, int len) @@ -385,11 +386,11 @@ read_field(FILE *fp, char *s, int len) int c; while ((c = getc(fp)) != 0) { - if (c == EOF || len <= 1) - return KRB5_KT_END; - *s = c; - s++; - len--; + if (c == EOF || len <= 1) + return KRB5_KT_END; + *s = c; + s++; + len--; } *s = 0; return 0; @@ -400,7 +401,7 @@ krb5_ktsrvint_open(krb5_context context, krb5_keytab id) { KTFILEP(id) = fopen(KTFILENAME(id), READ_MODE); if (!KTFILEP(id)) - return errno; + return errno; set_cloexec_file(KTFILEP(id)); return 0; } @@ -409,7 +410,7 @@ krb5_error_code krb5_ktsrvint_close(krb5_context context, krb5_keytab id) { if (!KTFILEP(id)) - return 0; + return 0; (void) fclose(KTFILEP(id)); KTFILEP(id) = 0; return 0; @@ -428,18 +429,18 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry fp = KTFILEP(id); kerror = read_field(fp, name, sizeof(name)); if (kerror != 0) - return kerror; + return kerror; kerror = read_field(fp, instance, sizeof(instance)); if (kerror != 0) - return kerror; + return kerror; kerror = read_field(fp, realm, sizeof(realm)); if (kerror != 0) - return kerror; + return kerror; vno = getc(fp); if (vno == EOF) - return KRB5_KT_END; + return KRB5_KT_END; if (fread(key, 1, sizeof(key), fp) != sizeof(key)) - return KRB5_KT_END; + return KRB5_KT_END; /* Fill in ret_entry with the data we read. Everything maps well * except for the timestamp, which we don't have a value for. For @@ -447,9 +448,9 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry memset(ret_entry, 0, sizeof(*ret_entry)); ret_entry->magic = KV5M_KEYTAB_ENTRY; kerror = krb5_425_conv_principal(context, name, instance, realm, - &ret_entry->principal); + &ret_entry->principal); if (kerror != 0) - return kerror; + return kerror; ret_entry->vno = vno; ret_entry->timestamp = 0; ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC; @@ -457,12 +458,11 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry ret_entry->key.length = sizeof(key); ret_entry->key.contents = malloc(sizeof(key)); if (!ret_entry->key.contents) { - krb5_free_principal(context, ret_entry->principal); - return ENOMEM; + krb5_free_principal(context, ret_entry->principal); + return ENOMEM; } memcpy(ret_entry->key.contents, key, sizeof(key)); return 0; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktadd.c b/src/lib/krb5/keytab/ktadd.c index 360dd64..10bb246 100644 --- a/src/lib/krb5/keytab/ktadd.c +++ b/src/lib/krb5/keytab/ktadd.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktadd.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kt_add_entry() */ @@ -35,9 +36,8 @@ krb5_error_code KRB5_CALLCONV krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { if (id->ops->add) - return (*id->ops->add)(context, id, entry); + return (*id->ops->add)(context, id, entry); else - return KRB5_KT_NOWRITE; + return KRB5_KT_NOWRITE; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c index b99bee4..b88380e 100644 --- a/src/lib/krb5/keytab/ktbase.c +++ b/src/lib/krb5/keytab/ktbase.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktbase.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Copyright 2007 by Secure Endpoints Inc. * @@ -91,12 +92,12 @@ int krb5int_kt_initialize(void) err = k5_mutex_finish_init(&kt_typehead_lock); if (err) - goto done; + goto done; err = krb5int_mkt_initialize(); if (err) - goto done; + goto done; - done: +done: return(err); } @@ -107,8 +108,8 @@ krb5int_kt_finalize(void) k5_mutex_destroy(&kt_typehead_lock); for (t = kt_typehead; t != &krb5_kt_typelist_file; t = t_next) { - t_next = t->next; - free((struct krb5_kt_typelist *)t); + t_next = t->next; + free((struct krb5_kt_typelist *)t); } krb5int_mkt_finalize(); @@ -129,16 +130,16 @@ krb5_kt_register(krb5_context context, const krb5_kt_ops *ops) err = k5_mutex_lock(&kt_typehead_lock); if (err) - return err; + return err; for (t = kt_typehead; t && strcmp(t->ops->prefix,ops->prefix);t = t->next) - ; + ; if (t) { - k5_mutex_unlock(&kt_typehead_lock); - return KRB5_KT_TYPE_EXISTS; + k5_mutex_unlock(&kt_typehead_lock); + return KRB5_KT_TYPE_EXISTS; } if (!(newt = (struct krb5_kt_typelist *) malloc(sizeof(*t)))) { - k5_mutex_unlock(&kt_typehead_lock); - return ENOMEM; + k5_mutex_unlock(&kt_typehead_lock); + return ENOMEM; } newt->next = kt_typehead; newt->ops = ops; @@ -172,7 +173,7 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid) cp = strchr (name, ':'); if (!cp) - return (*krb5_kt_dfl_ops.resolve)(context, name, ktid); + return (*krb5_kt_dfl_ops.resolve)(context, name, ktid); pfxlen = cp - name; @@ -184,13 +185,13 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid) resid = name; } else if (name[0] == '/') { - pfx = strdup("FILE"); - if (!pfx) - return ENOMEM; - resid = name; + pfx = strdup("FILE"); + if (!pfx) + return ENOMEM; + resid = name; } else { resid = name + pfxlen + 1; - + pfx = malloc (pfxlen+1); if (!pfx) return ENOMEM; @@ -203,19 +204,19 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid) err = k5_mutex_lock(&kt_typehead_lock); if (err) - goto cleanup; + goto cleanup; tlist = kt_typehead; /* Don't need to hold the lock, since entries are never modified or removed once they're in the list. Just need to protect access to the list head variable itself. */ k5_mutex_unlock(&kt_typehead_lock); for (; tlist; tlist = tlist->next) { - if (strcmp (tlist->ops->prefix, pfx) == 0) { - err = (*tlist->ops->resolve)(context, resid, &id); - if (!err) - *ktid = id; - goto cleanup; - } + if (strcmp (tlist->ops->prefix, pfx) == 0) { + err = (*tlist->ops->resolve)(context, resid, &id); + if (!err) + *ktid = id; + goto cleanup; + } } err = KRB5_KT_UNKNOWN_TYPE; @@ -226,69 +227,69 @@ cleanup: /* * Routines to deal with externalizingt krb5_keytab. - * krb5_keytab_size(); - * krb5_keytab_externalize(); - * krb5_keytab_internalize(); + * krb5_keytab_size(); + * krb5_keytab_externalize(); + * krb5_keytab_internalize(); */ static krb5_error_code krb5_keytab_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_keytab_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_keytab_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* * Serialization entry for this type. */ static const krb5_ser_entry krb5_keytab_ser_entry = { - KV5M_KEYTAB, /* Type */ - krb5_keytab_size, /* Sizer routine */ - krb5_keytab_externalize, /* Externalize routine */ - krb5_keytab_internalize /* Internalize routine */ + KV5M_KEYTAB, /* Type */ + krb5_keytab_size, /* Sizer routine */ + krb5_keytab_externalize, /* Externalize routine */ + krb5_keytab_internalize /* Internalize routine */ }; static krb5_error_code krb5_keytab_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_keytab keytab; - krb5_ser_handle shandle; + krb5_error_code kret; + krb5_keytab keytab; + krb5_ser_handle shandle; kret = EINVAL; if ((keytab = (krb5_keytab) arg) && - keytab->ops && - (shandle = (krb5_ser_handle) keytab->ops->serializer) && - shandle->sizer) - kret = (*shandle->sizer)(kcontext, arg, sizep); + keytab->ops && + (shandle = (krb5_ser_handle) keytab->ops->serializer) && + shandle->sizer) + kret = (*shandle->sizer)(kcontext, arg, sizep); return(kret); } static krb5_error_code krb5_keytab_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_keytab keytab; - krb5_ser_handle shandle; + krb5_error_code kret; + krb5_keytab keytab; + krb5_ser_handle shandle; kret = EINVAL; if ((keytab = (krb5_keytab) arg) && - keytab->ops && - (shandle = (krb5_ser_handle) keytab->ops->serializer) && - shandle->externalizer) - kret = (*shandle->externalizer)(kcontext, arg, buffer, lenremain); + keytab->ops && + (shandle = (krb5_ser_handle) keytab->ops->serializer) && + shandle->externalizer) + kret = (*shandle->externalizer)(kcontext, arg, buffer, lenremain); return(kret); } static krb5_error_code krb5_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_ser_handle shandle; + krb5_error_code kret; + krb5_ser_handle shandle; kret = EINVAL; if ((shandle = (krb5_ser_handle) krb5_kt_dfl_ops.serializer) && - shandle->internalizer) - kret = (*shandle->internalizer)(kcontext, argp, buffer, lenremain); + shandle->internalizer) + kret = (*shandle->internalizer)(kcontext, argp, buffer, lenremain); return(kret); } @@ -298,4 +299,3 @@ krb5_ser_keytab_init(krb5_context kcontext) return(krb5_register_serializer(kcontext, &krb5_keytab_ser_entry)); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktdefault.c b/src/lib/krb5/keytab/ktdefault.c index 3d7ee09..7a4d68f 100644 --- a/src/lib/krb5/keytab/ktdefault.c +++ b/src/lib/krb5/keytab/ktdefault.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktdefault.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Get a default keytab. */ @@ -38,9 +39,8 @@ krb5_kt_default(krb5_context context, krb5_keytab *id) krb5_error_code retval; if ((retval = krb5_kt_default_name(context, defname, sizeof(defname)))) - return retval; + return retval; return krb5_kt_resolve(context, defname, id); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c index 9239f3d..3496c09 100644 --- a/src/lib/krb5/keytab/ktfns.c +++ b/src/lib/krb5/keytab/ktfns.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktfns.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -28,7 +29,7 @@ * Dispatch methods for keytab code. */ -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -40,7 +41,7 @@ krb5_kt_get_type (krb5_context context, krb5_keytab keytab) krb5_error_code KRB5_CALLCONV krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, - unsigned int namelen) + unsigned int namelen) { return krb5_x((keytab)->ops->get_name,(context, keytab,name,namelen)); } @@ -53,48 +54,47 @@ krb5_kt_close(krb5_context context, krb5_keytab keytab) krb5_error_code KRB5_CALLCONV krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, - krb5_const_principal principal, krb5_kvno vno, - krb5_enctype enctype, krb5_keytab_entry *entry) + krb5_const_principal principal, krb5_kvno vno, + krb5_enctype enctype, krb5_keytab_entry *entry) { krb5_error_code err; krb5_principal_data princ_data; if (krb5_is_referral_realm(&principal->realm)) { - char *realm; - princ_data = *principal; - principal = &princ_data; - err = krb5_get_default_realm(context, &realm); - if (err) - return err; - princ_data.realm.data = realm; - princ_data.realm.length = strlen(realm); + char *realm; + princ_data = *principal; + principal = &princ_data; + err = krb5_get_default_realm(context, &realm); + if (err) + return err; + princ_data.realm.data = realm; + princ_data.realm.length = strlen(realm); } err = krb5_x((keytab)->ops->get,(context, keytab, principal, vno, enctype, - entry)); + entry)); if (principal == &princ_data) - krb5_free_default_realm(context, princ_data.realm.data); + krb5_free_default_realm(context, princ_data.realm.data); return err; } krb5_error_code KRB5_CALLCONV krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor) + krb5_kt_cursor *cursor) { return krb5_x((keytab)->ops->start_seq_get,(context, keytab, cursor)); } krb5_error_code KRB5_CALLCONV krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, - krb5_keytab_entry *entry, krb5_kt_cursor *cursor) + krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { return krb5_x((keytab)->ops->get_next,(context, keytab, entry, cursor)); } krb5_error_code KRB5_CALLCONV krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor) + krb5_kt_cursor *cursor) { return krb5_x((keytab)->ops->end_get,(context, keytab, cursor)); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktfr_entry.c b/src/lib/krb5/keytab/ktfr_entry.c index 9587efc..8fdbda2 100644 --- a/src/lib/krb5/keytab/ktfr_entry.c +++ b/src/lib/krb5/keytab/ktfr_entry.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktfr_entry.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,11 +23,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kt_free_entry() */ -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -34,12 +35,12 @@ krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents (krb5_context context, krb5_keytab_entry *entry) { if (!entry) - return 0; - + return 0; + krb5_free_principal(context, entry->principal); if (entry->key.contents) { - zap((char *)entry->key.contents, entry->key.length); - free(entry->key.contents); + zap((char *)entry->key.contents, entry->key.length); + free(entry->key.contents); } return 0; } @@ -50,4 +51,3 @@ krb5_kt_free_entry (krb5_context context, krb5_keytab_entry *entry) return krb5_free_keytab_entry_contents (context, entry); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/ktremove.c b/src/lib/krb5/keytab/ktremove.c index 4ba6063..1ccefd8 100644 --- a/src/lib/krb5/keytab/ktremove.c +++ b/src/lib/krb5/keytab/ktremove.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/ktremove.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,11 +23,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kt_remove_entry() */ -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -34,9 +35,8 @@ krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { if (id->ops->remove) - return (*id->ops->remove)(context, id, entry); + return (*id->ops->remove)(context, id, entry); else - return KRB5_KT_NOWRITE; + return KRB5_KT_NOWRITE; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/read_servi.c b/src/lib/krb5/keytab/read_servi.c index 6638a5a..0172edb 100644 --- a/src/lib/krb5/keytab/read_servi.c +++ b/src/lib/krb5/keytab/read_servi.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/read_servi.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,25 +23,25 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * * - * This routine is designed to be passed to krb5_rd_req. + * + * This routine is designed to be passed to krb5_rd_req. * It is a convenience function that reads a key out of a keytab. - * It handles all of the opening and closing of the keytab - * internally. + * It handles all of the opening and closing of the keytab + * internally. */ -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT #include "k5-int.h" #define KSUCCESS 0 /* - * effects: If keyprocarg is not NULL, it is taken to be the name of a - * keytab. Otherwise, the default keytab will be used. This - * routine opens the keytab and finds the principal associated with - * principal, vno, and enctype and returns the resulting key in *key - * or returning an error code if it is not found. + * effects: If keyprocarg is not NULL, it is taken to be the name of a + * keytab. Otherwise, the default keytab will be used. This + * routine opens the keytab and finds the principal associated with + * principal, vno, and enctype and returns the resulting key in *key + * or returning an error code if it is not found. * returns: Either KSUCCESS or error code. * errors: error code if not found or keyprocarg is invalid. */ @@ -51,28 +52,28 @@ krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_pri char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */ krb5_keytab id; krb5_keytab_entry entry; - + /* - * Get the name of the file that we should use. + * Get the name of the file that we should use. */ if (!keyprocarg) { - if ((kerror = krb5_kt_default_name(context, (char *)keytabname, - sizeof(keytabname) - 1))!= KSUCCESS) - return (kerror); + if ((kerror = krb5_kt_default_name(context, (char *)keytabname, + sizeof(keytabname) - 1))!= KSUCCESS) + return (kerror); } else { - memset(keytabname, 0, sizeof(keytabname)); - (void) strncpy(keytabname, (char *)keyprocarg, - sizeof(keytabname) - 1); + memset(keytabname, 0, sizeof(keytabname)); + (void) strncpy(keytabname, (char *)keyprocarg, + sizeof(keytabname) - 1); } if ((kerror = krb5_kt_resolve(context, (char *)keytabname, &id))) - return (kerror); + return (kerror); kerror = krb5_kt_get_entry(context, id, principal, vno, enctype, &entry); krb5_kt_close(context, id); if (kerror) - return(kerror); + return(kerror); krb5_copy_keyblock(context, &entry.key, key); @@ -81,4 +82,3 @@ krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_pri return (KSUCCESS); } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/keytab/t_keytab.c b/src/lib/krb5/keytab/t_keytab.c index d235022..607ce9f 100644 --- a/src/lib/krb5/keytab/t_keytab.c +++ b/src/lib/krb5/keytab/t_keytab.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/t_keytab.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +23,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * * A set of tests for the keytab interface */ @@ -45,410 +46,410 @@ extern const krb5_kt_ops krb5_ktf_writable_ops; #define KRB5_OK 0 -#define CHECK(kret,msg) \ - if (kret != KRB5_OK) {\ - com_err(msg, kret, ""); \ - fflush(stderr);\ - exit(1);\ - } else if(debug) printf("%s went ok\n", msg); +#define CHECK(kret,msg) \ + if (kret != KRB5_OK) { \ + com_err(msg, kret, ""); \ + fflush(stderr); \ + exit(1); \ + } else if(debug) printf("%s went ok\n", msg); -#define CHECK_STR(str,msg) \ - if (str == 0) {\ - com_err(msg, kret, "");\ - exit(1);\ - } else if(debug) printf("%s went ok\n", msg); +#define CHECK_STR(str,msg) \ + if (str == 0) { \ + com_err(msg, kret, ""); \ + exit(1); \ + } else if(debug) printf("%s went ok\n", msg); static void test_misc(krb5_context context) { - /* Tests for certain error returns */ - krb5_error_code kret; - krb5_keytab ktid; - char defname[BUFSIZ]; - char *name; - - fprintf(stderr, "Testing miscellaneous error conditions\n"); - - kret = krb5_kt_resolve(context, "unknown_method_ep:/tmp/name", &ktid); - if (kret != KRB5_KT_UNKNOWN_TYPE) { - CHECK(kret, "resolve unknown type"); - } - - /* Test length limits on krb5_kt_default_name */ - kret = krb5_kt_default_name(context, defname, sizeof(defname)); - CHECK(kret, "krb5_kt_default_name error"); - - /* Now allocate space - without the null... */ - name = malloc(strlen(defname)); - if(!name) { - fprintf(stderr, "Out of memory in testing\n"); - exit(1); - } - kret = krb5_kt_default_name(context, name, strlen(defname)); - free(name); - if (kret != KRB5_CONFIG_NOTENUFSPACE) { - CHECK(kret, "krb5_kt_default_name limited"); - } + /* Tests for certain error returns */ + krb5_error_code kret; + krb5_keytab ktid; + char defname[BUFSIZ]; + char *name; + + fprintf(stderr, "Testing miscellaneous error conditions\n"); + + kret = krb5_kt_resolve(context, "unknown_method_ep:/tmp/name", &ktid); + if (kret != KRB5_KT_UNKNOWN_TYPE) { + CHECK(kret, "resolve unknown type"); + } + + /* Test length limits on krb5_kt_default_name */ + kret = krb5_kt_default_name(context, defname, sizeof(defname)); + CHECK(kret, "krb5_kt_default_name error"); + + /* Now allocate space - without the null... */ + name = malloc(strlen(defname)); + if(!name) { + fprintf(stderr, "Out of memory in testing\n"); + exit(1); + } + kret = krb5_kt_default_name(context, name, strlen(defname)); + free(name); + if (kret != KRB5_CONFIG_NOTENUFSPACE) { + CHECK(kret, "krb5_kt_default_name limited"); + } } static void kt_test(krb5_context context, const char *name) { - krb5_error_code kret; - krb5_keytab kt; - const char *type; - char buf[BUFSIZ]; - char *p; - krb5_keytab_entry kent, kent2; - krb5_principal princ; - krb5_kt_cursor cursor, cursor2; - int cnt; - - kret = krb5_kt_resolve(context, name, &kt); - CHECK(kret, "resolve"); - - type = krb5_kt_get_type(context, kt); - CHECK_STR(type, "getting kt type"); - printf(" Type is: %s\n", type); - - kret = krb5_kt_get_name(context, kt, buf, sizeof(buf)); - CHECK(kret, "get_name"); - printf(" Name is: %s\n", buf); - - /* Check that length checks fail */ - /* The buffer is allocated too small - to allow for valgrind test of - overflows + krb5_error_code kret; + krb5_keytab kt; + const char *type; + char buf[BUFSIZ]; + char *p; + krb5_keytab_entry kent, kent2; + krb5_principal princ; + krb5_kt_cursor cursor, cursor2; + int cnt; + + kret = krb5_kt_resolve(context, name, &kt); + CHECK(kret, "resolve"); + + type = krb5_kt_get_type(context, kt); + CHECK_STR(type, "getting kt type"); + printf(" Type is: %s\n", type); + + kret = krb5_kt_get_name(context, kt, buf, sizeof(buf)); + CHECK(kret, "get_name"); + printf(" Name is: %s\n", buf); + + /* Check that length checks fail */ + /* The buffer is allocated too small - to allow for valgrind test of + overflows + */ + p = malloc(strlen(buf)); + kret = krb5_kt_get_name(context, kt, p, 1); + if(kret != KRB5_KT_NAME_TOOLONG) { + CHECK(kret, "get_name - size 1"); + } + + + kret = krb5_kt_get_name(context, kt, p, strlen(buf)); + if(kret != KRB5_KT_NAME_TOOLONG) { + CHECK(kret, "get_name"); + } + free(p); + + /* Try to lookup unknown principal - when keytab does not exist*/ + kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + + kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); + if((kret != KRB5_KT_NOTFOUND) && (kret != ENOENT)) { + CHECK(kret, "Getting non-existant entry"); + } + + + /* =================== Add entries to keytab ================= */ + /* + * Add the following for this principal + * enctype 1, kvno 1, key = "1" + * enctype 2, kvno 1, key = "1" + * enctype 1, kvno 2, key = "2" */ - p = malloc(strlen(buf)); - kret = krb5_kt_get_name(context, kt, p, 1); - if(kret != KRB5_KT_NAME_TOOLONG) { - CHECK(kret, "get_name - size 1"); - } - - - kret = krb5_kt_get_name(context, kt, p, strlen(buf)); - if(kret != KRB5_KT_NAME_TOOLONG) { - CHECK(kret, "get_name"); - } - free(p); - - /* Try to lookup unknown principal - when keytab does not exist*/ - kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); - CHECK(kret, "parsing principal"); - - - kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); - if((kret != KRB5_KT_NOTFOUND) && (kret != ENOENT)) { - CHECK(kret, "Getting non-existant entry"); - } - - - /* =================== Add entries to keytab ================= */ - /* - * Add the following for this principal - * enctype 1, kvno 1, key = "1" - * enctype 2, kvno 1, key = "1" - * enctype 1, kvno 2, key = "2" - */ - memset(&kent, 0, sizeof(kent)); - kent.magic = KV5M_KEYTAB_ENTRY; - kent.principal = princ; - kent.timestamp = 327689; - kent.vno = 1; - kent.key.magic = KV5M_KEYBLOCK; - kent.key.enctype = 1; - kent.key.length = 1; - kent.key.contents = (krb5_octet *) "1"; - - - kret = krb5_kt_add_entry(context, kt, &kent); - CHECK(kret, "Adding initial entry"); - - kent.key.enctype = 2; - kret = krb5_kt_add_entry(context, kt, &kent); - CHECK(kret, "Adding second entry"); - - kent.key.enctype = 1; - kent.vno = 2; - kent.key.contents = (krb5_octet *) "2"; - kret = krb5_kt_add_entry(context, kt, &kent); - CHECK(kret, "Adding third entry"); - - /* Free memory */ - krb5_free_principal(context, princ); - - /* ============== Test iterating over contents of keytab ========= */ - - kret = krb5_kt_start_seq_get(context, kt, &cursor); - CHECK(kret, "Start sequence get"); - - - memset(&kent, 0, sizeof(kent)); - cnt = 0; - while((kret = krb5_kt_next_entry(context, kt, &kent, &cursor)) == 0) { - if(((kent.vno != 1) && (kent.vno != 2)) || - ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Error in read contents\n"); - exit(1); - } + memset(&kent, 0, sizeof(kent)); + kent.magic = KV5M_KEYTAB_ENTRY; + kent.principal = princ; + kent.timestamp = 327689; + kent.vno = 1; + kent.key.magic = KV5M_KEYBLOCK; + kent.key.enctype = 1; + kent.key.length = 1; + kent.key.contents = (krb5_octet *) "1"; + + + kret = krb5_kt_add_entry(context, kt, &kent); + CHECK(kret, "Adding initial entry"); + + kent.key.enctype = 2; + kret = krb5_kt_add_entry(context, kt, &kent); + CHECK(kret, "Adding second entry"); + + kent.key.enctype = 1; + kent.vno = 2; + kent.key.contents = (krb5_octet *) "2"; + kret = krb5_kt_add_entry(context, kt, &kent); + CHECK(kret, "Adding third entry"); + + /* Free memory */ + krb5_free_principal(context, princ); + + /* ============== Test iterating over contents of keytab ========= */ + + kret = krb5_kt_start_seq_get(context, kt, &cursor); + CHECK(kret, "Start sequence get"); + + + memset(&kent, 0, sizeof(kent)); + cnt = 0; + while((kret = krb5_kt_next_entry(context, kt, &kent, &cursor)) == 0) { + if(((kent.vno != 1) && (kent.vno != 2)) || + ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Error in read contents\n"); + exit(1); + } + + if((kent.magic != KV5M_KEYTAB_ENTRY) || + (kent.key.magic != KV5M_KEYBLOCK)) { + fprintf(stderr, "Magic number in sequence not proper\n"); + exit(1); + } + + cnt++; + krb5_free_keytab_entry_contents(context, &kent); + } + if (kret != KRB5_KT_END) { + CHECK(kret, "getting next entry"); + } + + if(cnt != 3) { + fprintf(stderr, "Mismatch in number of entries in keytab"); + } + + kret = krb5_kt_end_seq_get(context, kt, &cursor); + CHECK(kret, "End sequence get"); + + + /* ========================== get_entry tests ============== */ + + /* Try to lookup unknown principal - now that keytab exists*/ + kret = krb5_parse_name(context, "test3/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + + kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); + if((kret != KRB5_KT_NOTFOUND)) { + CHECK(kret, "Getting non-existant entry"); + } + + krb5_free_principal(context, princ); + + /* Try to lookup known principal */ + kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we did not specify an enctype or kvno */ + if (!krb5_principal_compare(context, princ, kent.principal) || + ((kent.vno != 1) && (kent.vno != 2)) || + ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + exit(1); + } + + krb5_free_keytab_entry_contents(context, &kent); + + /* Try to lookup a specific enctype - but unspecified kvno - should give + * max kvno + */ + kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we did specified an enctype */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 2) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + + exit(1); + + } + + krb5_free_keytab_entry_contents(context, &kent); + + /* Try to lookup unspecified enctype, but a specified kvno */ + + kret = krb5_kt_get_entry(context, kt, princ, 2, 0, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we did not specify a kvno */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 2) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + + exit(1); + + } - if((kent.magic != KV5M_KEYTAB_ENTRY) || - (kent.key.magic != KV5M_KEYBLOCK)) { - fprintf(stderr, "Magic number in sequence not proper\n"); - exit(1); - } + krb5_free_keytab_entry_contents(context, &kent); - cnt++; - krb5_free_keytab_entry_contents(context, &kent); - } - if (kret != KRB5_KT_END) { - CHECK(kret, "getting next entry"); - } - if(cnt != 3) { - fprintf(stderr, "Mismatch in number of entries in keytab"); - } - kret = krb5_kt_end_seq_get(context, kt, &cursor); - CHECK(kret, "End sequence get"); + /* Try to lookup specified enctype and kvno */ + kret = krb5_kt_get_entry(context, kt, princ, 1, 1, &kent); + CHECK(kret, "looking up principal"); - /* ========================== get_entry tests ============== */ - - /* Try to lookup unknown principal - now that keytab exists*/ - kret = krb5_parse_name(context, "test3/test2@TEST.MIT.EDU", &princ); - CHECK(kret, "parsing principal"); - - - kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); - if((kret != KRB5_KT_NOTFOUND)) { - CHECK(kret, "Getting non-existant entry"); - } - - krb5_free_principal(context, princ); - - /* Try to lookup known principal */ - kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); - CHECK(kret, "parsing principal"); - - kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); - CHECK(kret, "looking up principal"); - - /* Ensure a valid answer - we did not specify an enctype or kvno */ - if (!krb5_principal_compare(context, princ, kent.principal) || - ((kent.vno != 1) && (kent.vno != 2)) || - ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); - exit(1); - } - - krb5_free_keytab_entry_contents(context, &kent); - - /* Try to lookup a specific enctype - but unspecified kvno - should give - * max kvno - */ - kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); - CHECK(kret, "looking up principal"); - - /* Ensure a valid answer - we did specified an enctype */ - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 2) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); - - exit(1); - - } - - krb5_free_keytab_entry_contents(context, &kent); - - /* Try to lookup unspecified enctype, but a specified kvno */ - - kret = krb5_kt_get_entry(context, kt, princ, 2, 0, &kent); - CHECK(kret, "looking up principal"); - - /* Ensure a valid answer - we did not specify a kvno */ - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 2) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); - - exit(1); - - } - - krb5_free_keytab_entry_contents(context, &kent); - - - - /* Try to lookup specified enctype and kvno */ - - kret = krb5_kt_get_entry(context, kt, princ, 1, 1, &kent); - CHECK(kret, "looking up principal"); - - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 1) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 1) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); - exit(1); + exit(1); - } + } - krb5_free_keytab_entry_contents(context, &kent); + krb5_free_keytab_entry_contents(context, &kent); - /* Try lookup with active iterators. */ - kret = krb5_kt_start_seq_get(context, kt, &cursor); - CHECK(kret, "Start sequence get(2)"); - kret = krb5_kt_start_seq_get(context, kt, &cursor2); - CHECK(kret, "Start sequence get(3)"); - kret = krb5_kt_next_entry(context, kt, &kent, &cursor); - CHECK(kret, "getting next entry(2)"); - krb5_free_keytab_entry_contents(context, &kent); - kret = krb5_kt_next_entry(context, kt, &kent, &cursor); - CHECK(kret, "getting next entry(3)"); - kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); - CHECK(kret, "getting next entry(4)"); - krb5_free_keytab_entry_contents(context, &kent2); - kret = krb5_kt_get_entry(context, kt, kent.principal, 0, 0, &kent2); - CHECK(kret, "looking up principal(2)"); - krb5_free_keytab_entry_contents(context, &kent2); - kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); - CHECK(kret, "getting next entry(5)"); - if (!krb5_principal_compare(context, kent.principal, kent2.principal)) { - fprintf(stderr, "iterators not in sync\n"); - exit(1); - } - krb5_free_keytab_entry_contents(context, &kent); - krb5_free_keytab_entry_contents(context, &kent2); - kret = krb5_kt_next_entry(context, kt, &kent, &cursor); - CHECK(kret, "getting next entry(6)"); - kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); - CHECK(kret, "getting next entry(7)"); - krb5_free_keytab_entry_contents(context, &kent); - krb5_free_keytab_entry_contents(context, &kent2); - kret = krb5_kt_end_seq_get(context, kt, &cursor); - CHECK(kret, "ending sequence get(1)"); - kret = krb5_kt_end_seq_get(context, kt, &cursor2); - CHECK(kret, "ending sequence get(2)"); + /* Try lookup with active iterators. */ + kret = krb5_kt_start_seq_get(context, kt, &cursor); + CHECK(kret, "Start sequence get(2)"); + kret = krb5_kt_start_seq_get(context, kt, &cursor2); + CHECK(kret, "Start sequence get(3)"); + kret = krb5_kt_next_entry(context, kt, &kent, &cursor); + CHECK(kret, "getting next entry(2)"); + krb5_free_keytab_entry_contents(context, &kent); + kret = krb5_kt_next_entry(context, kt, &kent, &cursor); + CHECK(kret, "getting next entry(3)"); + kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); + CHECK(kret, "getting next entry(4)"); + krb5_free_keytab_entry_contents(context, &kent2); + kret = krb5_kt_get_entry(context, kt, kent.principal, 0, 0, &kent2); + CHECK(kret, "looking up principal(2)"); + krb5_free_keytab_entry_contents(context, &kent2); + kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); + CHECK(kret, "getting next entry(5)"); + if (!krb5_principal_compare(context, kent.principal, kent2.principal)) { + fprintf(stderr, "iterators not in sync\n"); + exit(1); + } + krb5_free_keytab_entry_contents(context, &kent); + krb5_free_keytab_entry_contents(context, &kent2); + kret = krb5_kt_next_entry(context, kt, &kent, &cursor); + CHECK(kret, "getting next entry(6)"); + kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2); + CHECK(kret, "getting next entry(7)"); + krb5_free_keytab_entry_contents(context, &kent); + krb5_free_keytab_entry_contents(context, &kent2); + kret = krb5_kt_end_seq_get(context, kt, &cursor); + CHECK(kret, "ending sequence get(1)"); + kret = krb5_kt_end_seq_get(context, kt, &cursor2); + CHECK(kret, "ending sequence get(2)"); - /* Try to lookup specified enctype and kvno - that does not exist*/ + /* Try to lookup specified enctype and kvno - that does not exist*/ - kret = krb5_kt_get_entry(context, kt, princ, 3, 1, &kent); - if(kret != KRB5_KT_KVNONOTFOUND) { - CHECK(kret, "looking up specific principal, kvno, enctype"); - } + kret = krb5_kt_get_entry(context, kt, princ, 3, 1, &kent); + if(kret != KRB5_KT_KVNONOTFOUND) { + CHECK(kret, "looking up specific principal, kvno, enctype"); + } - krb5_free_principal(context, princ); + krb5_free_principal(context, princ); - /* ========================= krb5_kt_remove_entry =========== */ - /* Lookup the keytab entry w/ 2 kvno - and delete version 2 - - ensure gone */ - kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); - CHECK(kret, "parsing principal"); + /* ========================= krb5_kt_remove_entry =========== */ + /* Lookup the keytab entry w/ 2 kvno - and delete version 2 - + ensure gone */ + kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); - kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); - CHECK(kret, "looking up principal"); + kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); + CHECK(kret, "looking up principal"); - /* Ensure a valid answer - we are looking for max(kvno) and enc=1 */ - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 2) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Retrieved principal does not check\n"); + /* Ensure a valid answer - we are looking for max(kvno) and enc=1 */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 2) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); - exit(1); + exit(1); - } + } - /* Delete it */ - kret = krb5_kt_remove_entry(context, kt, &kent); - CHECK(kret, "Removing entry"); + /* Delete it */ + kret = krb5_kt_remove_entry(context, kt, &kent); + CHECK(kret, "Removing entry"); - krb5_free_keytab_entry_contents(context, &kent); - /* And ensure gone */ + krb5_free_keytab_entry_contents(context, &kent); + /* And ensure gone */ - kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); - CHECK(kret, "looking up principal"); + kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); + CHECK(kret, "looking up principal"); - /* Ensure a valid answer - kvno should now be 1 - we deleted 2 */ - if (!krb5_principal_compare(context, princ, kent.principal) || - (kent.vno != 1) || (kent.key.enctype != 1) || - (kent.key.length != 1) || - (kent.key.contents[0] != kent.vno +'0')) { - fprintf(stderr, "Delete principal check failed\n"); - - exit(1); - - } - krb5_free_keytab_entry_contents(context, &kent); - - krb5_free_principal(context, princ); - - /* ======================= Finally close ======================= */ - - kret = krb5_kt_close(context, kt); - CHECK(kret, "close"); + /* Ensure a valid answer - kvno should now be 1 - we deleted 2 */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 1) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Delete principal check failed\n"); + + exit(1); + + } + krb5_free_keytab_entry_contents(context, &kent); + + krb5_free_principal(context, princ); + + /* ======================= Finally close ======================= */ + + kret = krb5_kt_close(context, kt); + CHECK(kret, "close"); } -static void do_test(krb5_context context, const char *prefix, - krb5_boolean delete) +static void do_test(krb5_context context, const char *prefix, + krb5_boolean delete) { - char *name, *filename; - - if (asprintf(&filename, "/tmp/kttest.%ld", (long) getpid()) < 0) { - perror("asprintf"); - exit(1); - } - if (asprintf(&name, "%s%s", prefix, filename) < 0) { - perror("asprintf"); - exit(1); - } - printf("Starting test on %s\n", name); - kt_test(context, name); - printf("Test on %s passed\n", name); - if(delete) - unlink(filename); - free(filename); - free(name); + char *name, *filename; + + if (asprintf(&filename, "/tmp/kttest.%ld", (long) getpid()) < 0) { + perror("asprintf"); + exit(1); + } + if (asprintf(&name, "%s%s", prefix, filename) < 0) { + perror("asprintf"); + exit(1); + } + printf("Starting test on %s\n", name); + kt_test(context, name); + printf("Test on %s passed\n", name); + if(delete) + unlink(filename); + free(filename); + free(name); } -int +int main (void) { - krb5_context context; - krb5_error_code kret; + krb5_context context; + krb5_error_code kret; - if ((kret = krb5_init_context(&context))) { - printf("Couldn't initialize krb5 library: %s\n", - error_message(kret)); - exit(1); - } + if ((kret = krb5_init_context(&context))) { + printf("Couldn't initialize krb5 library: %s\n", + error_message(kret)); + exit(1); + } - /* All keytab types are registered by default -- test for - redundant error */ - kret = krb5_kt_register(context, &krb5_ktf_writable_ops); - if(kret && kret != KRB5_KT_TYPE_EXISTS) { - CHECK(kret, "register ktf_writable"); - } + /* All keytab types are registered by default -- test for + redundant error */ + kret = krb5_kt_register(context, &krb5_ktf_writable_ops); + if(kret && kret != KRB5_KT_TYPE_EXISTS) { + CHECK(kret, "register ktf_writable"); + } - test_misc(context); - do_test(context, "WRFILE:", FALSE); - do_test(context, "MEMORY:", TRUE); + test_misc(context); + do_test(context, "WRFILE:", FALSE); + do_test(context, "MEMORY:", TRUE); - krb5_free_context(context); - return 0; + krb5_free_context(context); + return 0; } @@ -457,9 +458,9 @@ main (void) /* remove and add are functions, so that they can return NOWRITE if not a writable keytab */ krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry * ); +(krb5_context, + krb5_keytab, + krb5_keytab_entry * ); diff --git a/src/lib/krb5/krb/addr_comp.c b/src/lib/krb5/krb/addr_comp.c index 16ab03b..194fc2b 100644 --- a/src/lib/krb5/krb/addr_comp.c +++ b/src/lib/krb5/krb/addr_comp.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/addr_comp.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_address_compare() */ @@ -36,13 +37,13 @@ krb5_boolean KRB5_CALLCONV krb5_address_compare(krb5_context context, const krb5_address *addr1, const krb5_address *addr2) { if (addr1->addrtype != addr2->addrtype) - return(FALSE); + return(FALSE); if (addr1->length != addr2->length) - return(FALSE); + return(FALSE); if (memcmp((char *)addr1->contents, (char *)addr2->contents, - addr1->length)) - return FALSE; + addr1->length)) + return FALSE; else - return TRUE; + return TRUE; } diff --git a/src/lib/krb5/krb/addr_order.c b/src/lib/krb5/krb/addr_order.c index 2f01e1f..b742d01 100644 --- a/src/lib/krb5/krb/addr_order.c +++ b/src/lib/krb5/krb/addr_order.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/addr_order.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_address_order() */ @@ -45,18 +46,18 @@ krb5_address_order(krb5_context context, const krb5_address *addr1, const krb5_a const int minlen = min(addr1->length, addr2->length); if (addr1->addrtype != addr2->addrtype) - return(FALSE); + return(FALSE); dir = addr1->length - addr2->length; - + for (i = 0; i < minlen; i++) { - if ((unsigned char) addr1->contents[i] < - (unsigned char) addr2->contents[i]) - return -1; - else if ((unsigned char) addr1->contents[i] > - (unsigned char) addr2->contents[i]) - return 1; + if ((unsigned char) addr1->contents[i] < + (unsigned char) addr2->contents[i]) + return -1; + else if ((unsigned char) addr1->contents[i] > + (unsigned char) addr2->contents[i]) + return 1; } /* compared equal so far...which is longer? */ return dir; diff --git a/src/lib/krb5/krb/addr_srch.c b/src/lib/krb5/krb/addr_srch.c index 11a3ce0..7a60304 100644 --- a/src/lib/krb5/krb/addr_srch.c +++ b/src/lib/krb5/krb/addr_srch.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/addr_srch.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_address_search() */ @@ -35,10 +36,10 @@ address_count(krb5_address *const *addrlist) unsigned int i; if (addrlist == NULL) - return 0; + return 0; for (i = 0; addrlist[i]; i++) - ; + ; return i; } @@ -57,12 +58,12 @@ krb5_address_search(krb5_context context, const krb5_address *addr, krb5_address */ if (address_count(addrlist) == 1 && addrlist[0]->addrtype == ADDRTYPE_NETBIOS) - return TRUE; + return TRUE; if (!addrlist) - return TRUE; + return TRUE; for (; *addrlist; addrlist++) { - if (krb5_address_compare(context, addr, *addrlist)) - return TRUE; + if (krb5_address_compare(context, addr, *addrlist)) + return TRUE; } return FALSE; } diff --git a/src/lib/krb5/krb/appdefault.c b/src/lib/krb5/krb/appdefault.c index 9478889..6fa8cd3 100644 --- a/src/lib/krb5/krb/appdefault.c +++ b/src/lib/krb5/krb/appdefault.c @@ -1,6 +1,7 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appdefault - routines designed to be called from applications to - * handle the [appdefaults] profile section + * handle the [appdefaults] profile section */ #include <stdio.h> @@ -9,158 +10,158 @@ - /*xxx Duplicating this is annoying; try to work on a better way.*/ +/*xxx Duplicating this is annoying; try to work on a better way.*/ static const char *const conf_yes[] = { - "y", "yes", "true", "t", "1", "on", - 0, + "y", "yes", "true", "t", "1", "on", + 0, }; static const char *const conf_no[] = { - "n", "no", "false", "nil", "0", "off", - 0, + "n", "no", "false", "nil", "0", "off", + 0, }; static int conf_boolean(char *s) { - const char * const *p; - for(p=conf_yes; *p; p++) { - if (!strcasecmp(*p,s)) - return 1; - } - for(p=conf_no; *p; p++) { - if (!strcasecmp(*p,s)) - return 0; - } - /* Default to "no" */ - return 0; + const char * const *p; + for(p=conf_yes; *p; p++) { + if (!strcasecmp(*p,s)) + return 1; + } + for(p=conf_no; *p; p++) { + if (!strcasecmp(*p,s)) + return 0; + } + /* Default to "no" */ + return 0; } static krb5_error_code appdefault_get(krb5_context context, const char *appname, const krb5_data *realm, const char *option, char **ret_value) { - profile_t profile; - const char *names[5]; - char **nameval = NULL; - krb5_error_code retval; - const char * realmstr = realm?realm->data:NULL; - - if (!context || (context->magic != KV5M_CONTEXT)) - return KV5M_CONTEXT; - - profile = context->profile; - - /* - * Try number one: - * - * [appdefaults] - * app = { - * SOME.REALM = { - * option = <boolean> - * } - * } - */ - - names[0] = "appdefaults"; - names[1] = appname; - - if (realmstr) { - names[2] = realmstr; - names[3] = option; - names[4] = 0; - retval = profile_get_values(profile, names, &nameval); - if (retval == 0 && nameval && nameval[0]) { - *ret_value = strdup(nameval[0]); - goto goodbye; - } - } - - /* - * Try number two: - * - * [appdefaults] - * app = { - * option = <boolean> - * } - */ - - names[2] = option; - names[3] = 0; - retval = profile_get_values(profile, names, &nameval); - if (retval == 0 && nameval && nameval[0]) { - *ret_value = strdup(nameval[0]); - goto goodbye; - } - - /* - * Try number three: - * - * [appdefaults] - * realm = { - * option = <boolean> - */ - - if (realmstr) { - names[1] = realmstr; - names[2] = option; - names[3] = 0; - retval = profile_get_values(profile, names, &nameval); - if (retval == 0 && nameval && nameval[0]) { - *ret_value = strdup(nameval[0]); - goto goodbye; - } - } - - /* - * Try number four: - * - * [appdefaults] - * option = <boolean> - */ - - names[1] = option; - names[2] = 0; - retval = profile_get_values(profile, names, &nameval); - if (retval == 0 && nameval && nameval[0]) { - *ret_value = strdup(nameval[0]); - } else { - return retval; - } + profile_t profile; + const char *names[5]; + char **nameval = NULL; + krb5_error_code retval; + const char * realmstr = realm?realm->data:NULL; + + if (!context || (context->magic != KV5M_CONTEXT)) + return KV5M_CONTEXT; + + profile = context->profile; + + /* + * Try number one: + * + * [appdefaults] + * app = { + * SOME.REALM = { + * option = <boolean> + * } + * } + */ + + names[0] = "appdefaults"; + names[1] = appname; + + if (realmstr) { + names[2] = realmstr; + names[3] = option; + names[4] = 0; + retval = profile_get_values(profile, names, &nameval); + if (retval == 0 && nameval && nameval[0]) { + *ret_value = strdup(nameval[0]); + goto goodbye; + } + } + + /* + * Try number two: + * + * [appdefaults] + * app = { + * option = <boolean> + * } + */ + + names[2] = option; + names[3] = 0; + retval = profile_get_values(profile, names, &nameval); + if (retval == 0 && nameval && nameval[0]) { + *ret_value = strdup(nameval[0]); + goto goodbye; + } + + /* + * Try number three: + * + * [appdefaults] + * realm = { + * option = <boolean> + */ + + if (realmstr) { + names[1] = realmstr; + names[2] = option; + names[3] = 0; + retval = profile_get_values(profile, names, &nameval); + if (retval == 0 && nameval && nameval[0]) { + *ret_value = strdup(nameval[0]); + goto goodbye; + } + } + + /* + * Try number four: + * + * [appdefaults] + * option = <boolean> + */ + + names[1] = option; + names[2] = 0; + retval = profile_get_values(profile, names, &nameval); + if (retval == 0 && nameval && nameval[0]) { + *ret_value = strdup(nameval[0]); + } else { + return retval; + } goodbye: - if (nameval) { - char **cpp; - for (cpp = nameval; *cpp; cpp++) - free(*cpp); - free(nameval); - } - return 0; + if (nameval) { + char **cpp; + for (cpp = nameval; *cpp; cpp++) + free(*cpp); + free(nameval); + } + return 0; } -void KRB5_CALLCONV +void KRB5_CALLCONV krb5_appdefault_boolean(krb5_context context, const char *appname, const krb5_data *realm, const char *option, int default_value, int *ret_value) { - char *string = NULL; - krb5_error_code retval; + char *string = NULL; + krb5_error_code retval; - retval = appdefault_get(context, appname, realm, option, &string); + retval = appdefault_get(context, appname, realm, option, &string); - if (! retval && string) { - *ret_value = conf_boolean(string); - free(string); - } else - *ret_value = default_value; + if (! retval && string) { + *ret_value = conf_boolean(string); + free(string); + } else + *ret_value = default_value; } -void KRB5_CALLCONV +void KRB5_CALLCONV krb5_appdefault_string(krb5_context context, const char *appname, const krb5_data *realm, const char *option, const char *default_value, char **ret_value) { - krb5_error_code retval; - char *string; + krb5_error_code retval; + char *string; - retval = appdefault_get(context, appname, realm, option, &string); + retval = appdefault_get(context, appname, realm, option, &string); - if (! retval && string) { - *ret_value = string; - } else { - *ret_value = strdup(default_value); - } + if (! retval && string) { + *ret_value = string; + } else { + *ret_value = strdup(default_value); + } } diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c index ee31fb8..e6bbac1 100644 --- a/src/lib/krb5/krb/auth_con.c +++ b/src/lib/krb5/krb/auth_con.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" #include "auth_con.h" @@ -9,11 +10,11 @@ actx_copy_addr(krb5_context context, const krb5_address *inad, krb5_address **ou krb5_address *tmpad; if (!(tmpad = (krb5_address *)malloc(sizeof(*tmpad)))) - return ENOMEM; + return ENOMEM; *tmpad = *inad; if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) { - free(tmpad); - return ENOMEM; + free(tmpad); + return ENOMEM; } memcpy(tmpad->contents, inad->contents, inad->length); *outad = tmpad; @@ -24,13 +25,13 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context) { *auth_context = - (krb5_auth_context)calloc(1, sizeof(struct _krb5_auth_context)); + (krb5_auth_context)calloc(1, sizeof(struct _krb5_auth_context)); if (!*auth_context) - return ENOMEM; + return ENOMEM; /* Default flags, do time not seq */ - (*auth_context)->auth_context_flags = - KRB5_AUTH_CONTEXT_DO_TIME | KRB5_AUTH_CONN_INITIALIZED; + (*auth_context)->auth_context_flags = + KRB5_AUTH_CONTEXT_DO_TIME | KRB5_AUTH_CONN_INITIALIZED; (*auth_context)->req_cksumtype = context->default_ap_req_sumtype; (*auth_context)->safe_cksumtype = context->default_safe_sumtype; @@ -45,29 +46,29 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context) { if (auth_context == NULL) - return 0; - if (auth_context->local_addr) - krb5_free_address(context, auth_context->local_addr); - if (auth_context->remote_addr) - krb5_free_address(context, auth_context->remote_addr); - if (auth_context->local_port) - krb5_free_address(context, auth_context->local_port); - if (auth_context->remote_port) - krb5_free_address(context, auth_context->remote_port); - if (auth_context->authentp) - krb5_free_authenticator(context, auth_context->authentp); + return 0; + if (auth_context->local_addr) + krb5_free_address(context, auth_context->local_addr); + if (auth_context->remote_addr) + krb5_free_address(context, auth_context->remote_addr); + if (auth_context->local_port) + krb5_free_address(context, auth_context->local_port); + if (auth_context->remote_port) + krb5_free_address(context, auth_context->remote_port); + if (auth_context->authentp) + krb5_free_authenticator(context, auth_context->authentp); if (auth_context->key) - krb5_k_free_key(context, auth_context->key); - if (auth_context->send_subkey) - krb5_k_free_key(context, auth_context->send_subkey); - if (auth_context->recv_subkey) - krb5_k_free_key(context, auth_context->recv_subkey); + krb5_k_free_key(context, auth_context->key); + if (auth_context->send_subkey) + krb5_k_free_key(context, auth_context->send_subkey); + if (auth_context->recv_subkey) + krb5_k_free_key(context, auth_context->recv_subkey); if (auth_context->rcache) - krb5_rc_close(context, auth_context->rcache); + krb5_rc_close(context, auth_context->rcache); if (auth_context->permitted_etypes) - free(auth_context->permitted_etypes); + free(auth_context->permitted_etypes); if (auth_context->ad_context) - krb5_authdata_context_free(context, auth_context->ad_context); + krb5_authdata_context_free(context, auth_context->ad_context); free(auth_context); return 0; } @@ -75,28 +76,28 @@ krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context) krb5_error_code krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, krb5_address *remote_addr) { - krb5_error_code retval; + krb5_error_code retval; /* Free old addresses */ if (auth_context->local_addr) - (void) krb5_free_address(context, auth_context->local_addr); + (void) krb5_free_address(context, auth_context->local_addr); if (auth_context->remote_addr) - (void) krb5_free_address(context, auth_context->remote_addr); + (void) krb5_free_address(context, auth_context->remote_addr); retval = 0; if (local_addr) - retval = actx_copy_addr(context, - local_addr, - &auth_context->local_addr); + retval = actx_copy_addr(context, + local_addr, + &auth_context->local_addr); else - auth_context->local_addr = NULL; + auth_context->local_addr = NULL; if (!retval && remote_addr) - retval = actx_copy_addr(context, - remote_addr, - &auth_context->remote_addr); + retval = actx_copy_addr(context, + remote_addr, + &auth_context->remote_addr); else - auth_context->remote_addr = NULL; + auth_context->remote_addr = NULL; return retval; } @@ -104,18 +105,18 @@ krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, krb5_address **remote_addr) { - krb5_error_code retval; + krb5_error_code retval; retval = 0; if (local_addr && auth_context->local_addr) { - retval = actx_copy_addr(context, - auth_context->local_addr, - local_addr); + retval = actx_copy_addr(context, + auth_context->local_addr, + local_addr); } if (!retval && (remote_addr) && auth_context->remote_addr) { - retval = actx_copy_addr(context, - auth_context->remote_addr, - remote_addr); + retval = actx_copy_addr(context, + auth_context->remote_addr, + remote_addr); } return retval; } @@ -123,28 +124,28 @@ krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb krb5_error_code KRB5_CALLCONV krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context, krb5_address *local_port, krb5_address *remote_port) { - krb5_error_code retval; + krb5_error_code retval; /* Free old addresses */ if (auth_context->local_port) - (void) krb5_free_address(context, auth_context->local_port); + (void) krb5_free_address(context, auth_context->local_port); if (auth_context->remote_port) - (void) krb5_free_address(context, auth_context->remote_port); + (void) krb5_free_address(context, auth_context->remote_port); retval = 0; if (local_port) - retval = actx_copy_addr(context, - local_port, - &auth_context->local_port); + retval = actx_copy_addr(context, + local_port, + &auth_context->local_port); else - auth_context->local_port = NULL; + auth_context->local_port = NULL; if (!retval && remote_port) - retval = actx_copy_addr(context, - remote_port, - &auth_context->remote_port); + retval = actx_copy_addr(context, + remote_port, + &auth_context->remote_port); else - auth_context->remote_port = NULL; + auth_context->remote_port = NULL; return retval; } @@ -161,7 +162,7 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) { if (auth_context->key) - krb5_k_free_key(context, auth_context->key); + krb5_k_free_key(context, auth_context->key); return(krb5_k_create_key(context, keyblock, &(auth_context->key))); } @@ -169,7 +170,7 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) { if (auth_context->key) - return krb5_k_key_keyblock(context, auth_context->key, keyblock); + return krb5_k_key_keyblock(context, auth_context->key, keyblock); *keyblock = NULL; return 0; } @@ -190,31 +191,31 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock) { if (ac->send_subkey != NULL) - krb5_k_free_key(ctx, ac->send_subkey); + krb5_k_free_key(ctx, ac->send_subkey); ac->send_subkey = NULL; if (keyblock !=NULL) - return krb5_k_create_key(ctx, keyblock, &ac->send_subkey); + return krb5_k_create_key(ctx, keyblock, &ac->send_subkey); else - return 0; + return 0; } krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock) { if (ac->recv_subkey != NULL) - krb5_k_free_key(ctx, ac->recv_subkey); + krb5_k_free_key(ctx, ac->recv_subkey); ac->recv_subkey = NULL; if (keyblock != NULL) - return krb5_k_create_key(ctx, keyblock, &ac->recv_subkey); + return krb5_k_create_key(ctx, keyblock, &ac->recv_subkey); else - return 0; + return 0; } krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock) { if (ac->send_subkey != NULL) - return krb5_k_key_keyblock(ctx, ac->send_subkey, keyblock); + return krb5_k_key_keyblock(ctx, ac->send_subkey, keyblock); *keyblock = NULL; return 0; } @@ -223,7 +224,7 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock) { if (ac->recv_subkey != NULL) - return krb5_k_key_keyblock(ctx, ac->recv_subkey, keyblock); + return krb5_k_key_keyblock(ctx, ac->recv_subkey, keyblock); *keyblock = NULL; return 0; } @@ -253,7 +254,7 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator **authenticator) { return (krb5_copy_authenticator(context, auth_context->authentp, - authenticator)); + authenticator)); } #endif @@ -271,15 +272,15 @@ krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context) krb5_enctype enctype; if (auth_context->key) { - size_t blocksize; - - enctype = krb5_k_key_enctype(context, auth_context->key); - if ((ret = krb5_c_block_size(context, enctype, &blocksize))) - return(ret); - if ((auth_context->i_vector = (krb5_pointer)calloc(1,blocksize))) { - return 0; - } - return ENOMEM; + size_t blocksize; + + enctype = krb5_k_key_enctype(context, auth_context->key); + if ((ret = krb5_c_block_size(context, enctype, &blocksize))) + return(ret); + if ((auth_context->i_vector = (krb5_pointer)calloc(1,blocksize))) { + return 0; + } + return ENOMEM; } return EINVAL; /* XXX need an error for no keyblock */ } @@ -318,30 +319,30 @@ krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context, kr auth_context->rcache = rcache; return 0; } - + krb5_error_code krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache *rcache) { *rcache = auth_context->rcache; return 0; } - + krb5_error_code krb5_auth_con_setpermetypes(krb5_context context, krb5_auth_context auth_context, const krb5_enctype *permetypes) { - krb5_enctype * newpe; + krb5_enctype * newpe; int i; for (i=0; permetypes[i]; i++) - ; + ; i++; /* include the zero */ if ((newpe = (krb5_enctype *) malloc(i*sizeof(krb5_enctype))) - == NULL) - return(ENOMEM); + == NULL) + return(ENOMEM); if (auth_context->permitted_etypes) - free(auth_context->permitted_etypes); + free(auth_context->permitted_etypes); auth_context->permitted_etypes = newpe; @@ -353,21 +354,21 @@ krb5_auth_con_setpermetypes(krb5_context context, krb5_auth_context auth_context krb5_error_code krb5_auth_con_getpermetypes(krb5_context context, krb5_auth_context auth_context, krb5_enctype **permetypes) { - krb5_enctype * newpe; + krb5_enctype * newpe; int i; if (! auth_context->permitted_etypes) { - *permetypes = NULL; - return(0); + *permetypes = NULL; + return(0); } for (i=0; auth_context->permitted_etypes[i]; i++) - ; + ; i++; /* include the zero */ if ((newpe = (krb5_enctype *) malloc(i*sizeof(krb5_enctype))) - == NULL) - return(ENOMEM); + == NULL) + return(ENOMEM); *permetypes = newpe; @@ -378,24 +379,24 @@ krb5_auth_con_getpermetypes(krb5_context context, krb5_auth_context auth_context krb5_error_code KRB5_CALLCONV krb5_auth_con_set_checksum_func( krb5_context context, - krb5_auth_context auth_context, - krb5_mk_req_checksum_func func, - void *data) + krb5_auth_context auth_context, + krb5_mk_req_checksum_func func, + void *data) { - auth_context->checksum_func = func; - auth_context->checksum_func_data = data; - return 0; + auth_context->checksum_func = func; + auth_context->checksum_func_data = data; + return 0; } krb5_error_code KRB5_CALLCONV krb5_auth_con_get_checksum_func( krb5_context context, - krb5_auth_context auth_context, - krb5_mk_req_checksum_func *func, - void **data) + krb5_auth_context auth_context, + krb5_mk_req_checksum_func *func, + void **data) { - *func = auth_context->checksum_func; - *data = auth_context->checksum_func_data; - return 0; + *func = auth_context->checksum_func; + *data = auth_context->checksum_func_data; + return 0; } /* @@ -425,16 +426,16 @@ krb5_auth_con_get_checksum_func( krb5_context context, * compatibility with our older implementations. This also means that * encodings emitted by Heimdal are ambiguous. * - * Heimdal counter value received uint32 value + * Heimdal counter value received uint32 value * - * 0x00000080 0xFFFFFF80 - * 0x000000FF 0xFFFFFFFF - * 0x00008000 0xFFFF8000 - * 0x0000FFFF 0xFFFFFFFF - * 0x00800000 0xFF800000 - * 0x00FFFFFF 0xFFFFFFFF - * 0xFF800000 0xFF800000 - * 0xFFFFFFFF 0xFFFFFFFF + * 0x00000080 0xFFFFFF80 + * 0x000000FF 0xFFFFFFFF + * 0x00008000 0xFFFF8000 + * 0x0000FFFF 0xFFFFFFFF + * 0x00800000 0xFF800000 + * 0x00FFFFFF 0xFFFFFFFF + * 0xFF800000 0xFF800000 + * 0xFFFFFFFF 0xFFFFFFFF * * We use two auth_context flags, SANE_SEQ and HEIMDAL_SEQ, which are * only set after we can unambiguously determine the sanity of the @@ -474,38 +475,38 @@ krb5int_auth_con_chkseqnum( * If sender is known to be sane, accept _only_ exact matches. */ if (ac->auth_context_flags & KRB5_AUTH_CONN_SANE_SEQ) - return in_seq == exp_seq; + return in_seq == exp_seq; /* * If sender is not known to be sane, first check the ambiguous * range of received values, 0xFF800000..0xFFFFFFFF. */ if ((in_seq & 0xFF800000) == 0xFF800000) { - /* - * If expected sequence number is in the range - * 0xFF800000..0xFFFFFFFF, then we can't make any - * determinations about the sanity of the sending - * implementation. - */ - if ((exp_seq & 0xFF800000) == 0xFF800000 && in_seq == exp_seq) - return 1; - /* - * If sender is not known for certain to be a broken Heimdal - * implementation, check for exact match. - */ - if (!(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ) - && in_seq == exp_seq) - return 1; - /* - * Now apply hairy algorithm for matching sequence numbers - * sent by broken Heimdal implementations. If it matches, we - * know for certain it's a broken Heimdal sender. - */ - if (chk_heimdal_seqnum(exp_seq, in_seq)) { - ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ; - return 1; - } - return 0; + /* + * If expected sequence number is in the range + * 0xFF800000..0xFFFFFFFF, then we can't make any + * determinations about the sanity of the sending + * implementation. + */ + if ((exp_seq & 0xFF800000) == 0xFF800000 && in_seq == exp_seq) + return 1; + /* + * If sender is not known for certain to be a broken Heimdal + * implementation, check for exact match. + */ + if (!(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ) + && in_seq == exp_seq) + return 1; + /* + * Now apply hairy algorithm for matching sequence numbers + * sent by broken Heimdal implementations. If it matches, we + * know for certain it's a broken Heimdal sender. + */ + if (chk_heimdal_seqnum(exp_seq, in_seq)) { + ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ; + return 1; + } + return 0; } /* @@ -514,11 +515,11 @@ krb5int_auth_con_chkseqnum( * it matches the received value, sender is known to be sane. */ if (in_seq == exp_seq) { - if (( exp_seq & 0xFFFFFF80) == 0x00000080 - || (exp_seq & 0xFFFF8000) == 0x00008000 - || (exp_seq & 0xFF800000) == 0x00800000) - ac->auth_context_flags |= KRB5_AUTH_CONN_SANE_SEQ; - return 1; + if (( exp_seq & 0xFFFFFF80) == 0x00000080 + || (exp_seq & 0xFFFF8000) == 0x00008000 + || (exp_seq & 0xFF800000) == 0x00800000) + ac->auth_context_flags |= KRB5_AUTH_CONN_SANE_SEQ; + return 1; } /* @@ -528,17 +529,17 @@ krb5int_auth_con_chkseqnum( * and mark the sender as being a broken Heimdal implementation. */ if (exp_seq == 0 - && !(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)) { - switch (in_seq) { - case 0x100: - case 0x10000: - case 0x1000000: - ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ; - exp_seq = in_seq; - return 1; - default: - return 0; - } + && !(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)) { + switch (in_seq) { + case 0x100: + case 0x10000: + case 0x1000000: + ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ; + exp_seq = in_seq; + return 1; + default: + return 0; + } } return 0; } @@ -547,25 +548,25 @@ static krb5_boolean chk_heimdal_seqnum(krb5_ui_4 exp_seq, krb5_ui_4 in_seq) { if (( exp_seq & 0xFF800000) == 0x00800000 - && (in_seq & 0xFF800000) == 0xFF800000 - && (in_seq & 0x00FFFFFF) == exp_seq) - return 1; + && (in_seq & 0xFF800000) == 0xFF800000 + && (in_seq & 0x00FFFFFF) == exp_seq) + return 1; else if (( exp_seq & 0xFFFF8000) == 0x00008000 - && (in_seq & 0xFFFF8000) == 0xFFFF8000 - && (in_seq & 0x0000FFFF) == exp_seq) - return 1; + && (in_seq & 0xFFFF8000) == 0xFFFF8000 + && (in_seq & 0x0000FFFF) == exp_seq) + return 1; else if (( exp_seq & 0xFFFFFF80) == 0x00000080 - && (in_seq & 0xFFFFFF80) == 0xFFFFFF80 - && (in_seq & 0x000000FF) == exp_seq) - return 1; + && (in_seq & 0xFFFFFF80) == 0xFFFFFF80 + && (in_seq & 0x000000FF) == exp_seq) + return 1; else - return 0; + return 0; } krb5_error_code krb5_auth_con_get_subkey_enctype(krb5_context context, - krb5_auth_context auth_context, - krb5_enctype *etype) + krb5_auth_context auth_context, + krb5_enctype *etype) { *etype = auth_context->negotiated_etype; return 0; @@ -573,8 +574,8 @@ krb5_auth_con_get_subkey_enctype(krb5_context context, krb5_error_code KRB5_CALLCONV krb5_auth_con_get_authdata_context(krb5_context context, - krb5_auth_context auth_context, - krb5_authdata_context *ad_context) + krb5_auth_context auth_context, + krb5_authdata_context *ad_context) { *ad_context = auth_context->ad_context; return 0; @@ -582,10 +583,9 @@ krb5_auth_con_get_authdata_context(krb5_context context, krb5_error_code KRB5_CALLCONV krb5_auth_con_set_authdata_context(krb5_context context, - krb5_auth_context auth_context, - krb5_authdata_context ad_context) + krb5_auth_context auth_context, + krb5_authdata_context ad_context) { auth_context->ad_context = ad_context; return 0; } - diff --git a/src/lib/krb5/krb/auth_con.h b/src/lib/krb5/krb/auth_con.h index 684eb4e..94d2c51 100644 --- a/src/lib/krb5/krb/auth_con.h +++ b/src/lib/krb5/krb/auth_con.h @@ -1,38 +1,39 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #ifndef KRB5_AUTH_CONTEXT #define KRB5_AUTH_CONTEXT struct _krb5_auth_context { - krb5_magic magic; - krb5_address * remote_addr; - krb5_address * remote_port; - krb5_address * local_addr; - krb5_address * local_port; + krb5_magic magic; + krb5_address * remote_addr; + krb5_address * remote_port; + krb5_address * local_addr; + krb5_address * local_port; krb5_key key; krb5_key send_subkey; krb5_key recv_subkey; - krb5_int32 auth_context_flags; - krb5_ui_4 remote_seq_number; - krb5_ui_4 local_seq_number; - krb5_authenticator *authentp; /* mk_req, rd_req, mk_rep, ...*/ - krb5_cksumtype req_cksumtype; /* mk_safe, ... */ - krb5_cksumtype safe_cksumtype; /* mk_safe, ... */ - krb5_pointer i_vector; /* mk_priv, rd_priv only */ - krb5_rcache rcache; - krb5_enctype * permitted_etypes; /* rd_req */ + krb5_int32 auth_context_flags; + krb5_ui_4 remote_seq_number; + krb5_ui_4 local_seq_number; + krb5_authenticator *authentp; /* mk_req, rd_req, mk_rep, ...*/ + krb5_cksumtype req_cksumtype; /* mk_safe, ... */ + krb5_cksumtype safe_cksumtype; /* mk_safe, ... */ + krb5_pointer i_vector; /* mk_priv, rd_priv only */ + krb5_rcache rcache; + krb5_enctype * permitted_etypes; /* rd_req */ krb5_mk_req_checksum_func checksum_func; void *checksum_func_data; - krb5_enctype negotiated_etype; + krb5_enctype negotiated_etype; krb5_authdata_context ad_context; }; /* Internal auth_context_flags */ -#define KRB5_AUTH_CONN_INITIALIZED 0x00010000 -#define KRB5_AUTH_CONN_USED_W_MK_REQ 0x00020000 -#define KRB5_AUTH_CONN_USED_W_RD_REQ 0x00040000 -#define KRB5_AUTH_CONN_SANE_SEQ 0x00080000 -#define KRB5_AUTH_CONN_HEIMDAL_SEQ 0x00100000 +#define KRB5_AUTH_CONN_INITIALIZED 0x00010000 +#define KRB5_AUTH_CONN_USED_W_MK_REQ 0x00020000 +#define KRB5_AUTH_CONN_USED_W_RD_REQ 0x00040000 +#define KRB5_AUTH_CONN_SANE_SEQ 0x00080000 +#define KRB5_AUTH_CONN_HEIMDAL_SEQ 0x00100000 #endif diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index c5992ad..5430127 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2009 by the Massachusetts Institute of Technology. All * Rights Reserved. @@ -39,7 +39,7 @@ static const char *objdirs[] = { #endif LIBDIR "/krb5/plugins/authdata", NULL - }; /* should be a list */ +}; /* should be a list */ /* Internal authdata systems */ static krb5plugin_authdata_client_ftable_v0 *authdata_systems[] = { @@ -648,10 +648,10 @@ krb5int_authdata_verify(krb5_context kcontext, if (authdata == NULL) { code = krb5int_find_authdata(kcontext, - ticket_authdata, - authen_authdata, - module->ad_type, - &authdata); + ticket_authdata, + authen_authdata, + module->ad_type, + &authdata); if (code != 0) break; } @@ -1244,4 +1244,3 @@ krb5_ser_authdata_context_init(krb5_context kcontext) return krb5_register_serializer(kcontext, &krb5_authdata_context_ser_entry); } - diff --git a/src/lib/krb5/krb/authdata.h b/src/lib/krb5/krb/authdata.h index 9e4dcce..39d80d6 100644 --- a/src/lib/krb5/krb/authdata.h +++ b/src/lib/krb5/krb/authdata.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/authdata.h * @@ -35,14 +36,13 @@ /* authdata.c */ krb5_error_code krb5int_authdata_verify(krb5_context context, - krb5_authdata_context, - krb5_flags usage, - const krb5_auth_context *auth_context, - const krb5_keyblock *key, - const krb5_ap_req *ap_req); + krb5_authdata_context, + krb5_flags usage, + const krb5_auth_context *auth_context, + const krb5_keyblock *key, + const krb5_ap_req *ap_req); /* pac.c */ extern krb5plugin_authdata_client_ftable_v0 krb5int_mspac_authdata_client_ftable; #endif /* !KRB_AUTHDATA_H */ - diff --git a/src/lib/krb5/krb/bld_pr_ext.c b/src/lib/krb5/krb/bld_pr_ext.c index 1a288c8..899b9ee 100644 --- a/src/lib/krb5/krb/bld_pr_ext.c +++ b/src/lib/krb5/krb/bld_pr_ext.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/bld_pr_ext.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Build a principal from a list of lengths and strings */ @@ -33,7 +34,7 @@ krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext(krb5_context context, krb5_principal * princ, - unsigned int rlen, const char * realm, ...) + unsigned int rlen, const char * realm, ...) { va_list ap; int i, count = 0; @@ -44,8 +45,8 @@ krb5_build_principal_ext(krb5_context context, krb5_principal * princ, va_start(ap, realm); /* count up */ while (va_arg(ap, int) != 0) { - (void)va_arg(ap, char *); /* pass one up */ - count++; + (void)va_arg(ap, char *); /* pass one up */ + count++; } va_end(ap); @@ -54,30 +55,30 @@ krb5_build_principal_ext(krb5_context context, krb5_principal * princ, /* get space for array */ princ_data = (krb5_data *) malloc(sizeof(krb5_data) * count); if (!princ_data) - return ENOMEM; + return ENOMEM; princ_ret = (krb5_principal) malloc(sizeof(krb5_principal_data)); if (!princ_ret) { - free(princ_data); - return ENOMEM; + free(princ_data); + return ENOMEM; } princ_ret->data = princ_data; princ_ret->length = count; tmpdata.length = rlen; tmpdata.data = (char *) realm; if (krb5int_copy_data_contents_add0(context, &tmpdata, &princ_ret->realm) != 0) { - free(princ_data); - free(princ_ret); - return ENOMEM; - } + free(princ_data); + free(princ_ret); + return ENOMEM; + } /* process rest of components */ va_start(ap, realm); for (i = 0; i < count; i++) { - tmpdata.length = va_arg(ap, unsigned int); - tmpdata.data = va_arg(ap, char *); - if (krb5int_copy_data_contents_add0(context, &tmpdata, - &princ_data[i]) != 0) - goto free_out; + tmpdata.length = va_arg(ap, unsigned int); + tmpdata.data = va_arg(ap, char *); + if (krb5int_copy_data_contents_add0(context, &tmpdata, + &princ_data[i]) != 0) + goto free_out; } va_end(ap); *princ = princ_ret; @@ -86,7 +87,7 @@ krb5_build_principal_ext(krb5_context context, krb5_principal * princ, free_out: while (--i >= 0) - free(princ_data[i].data); + free(princ_data[i].data); free(princ_data); free(princ_ret->realm.data); free(princ_ret); diff --git a/src/lib/krb5/krb/bld_princ.c b/src/lib/krb5/krb/bld_princ.c index d3e0d29..ac2c92a 100644 --- a/src/lib/krb5/krb/bld_princ.c +++ b/src/lib/krb5/krb/bld_princ.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/bld_princ.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Build a principal from a list of strings */ @@ -30,13 +31,13 @@ #include <stdarg.h> #include "k5-int.h" -/* Takes first component as argument for KIM API, +/* Takes first component as argument for KIM API, * which does not allow realms with zero components */ static krb5_error_code -krb5int_build_principal_va(krb5_context context, - krb5_principal princ, - unsigned int rlen, - const char *realm, +krb5int_build_principal_va(krb5_context context, + krb5_principal princ, + unsigned int rlen, + const char *realm, const char *first, va_list ap) { @@ -46,26 +47,26 @@ krb5int_build_principal_va(krb5_context context, krb5_int32 count = 0; krb5_int32 size = 2; /* initial guess at needed space */ char *component = NULL; - + data = malloc(size * sizeof(krb5_data)); if (!data) { retval = ENOMEM; } - + if (!retval) { r = strdup(realm); if (!r) { retval = ENOMEM; } } - + if (!retval && first) { data[0].length = strlen(first); data[0].data = strdup(first); if (!data[0].data) { retval = ENOMEM; } count++; - + /* ap is only valid if first is non-NULL */ while (!retval && (component = va_arg(ap, char *))) { if (count == size) { krb5_data *new_data = NULL; - + size *= 2; new_data = realloc ((char *) data, sizeof(krb5_data) * size); if (new_data) { @@ -74,16 +75,16 @@ krb5int_build_principal_va(krb5_context context, retval = ENOMEM; } } - + if (!retval) { data[count].length = strlen(component); - data[count].data = strdup(component); + data[count].data = strdup(component); if (!data[count].data) { retval = ENOMEM; } count++; } } } - + if (!retval) { princ->type = KRB5_NT_UNKNOWN; princ->magic = KV5M_PRINCIPAL; @@ -94,7 +95,7 @@ krb5int_build_principal_va(krb5_context context, r = NULL; /* take ownership */ data = NULL; /* take ownership */ } - + if (data) { while (--count >= 0) { free(data[count].data); @@ -102,68 +103,68 @@ krb5int_build_principal_va(krb5_context context, free(data); } free(r); - + return retval; } krb5_error_code KRB5_CALLCONV -krb5_build_principal_va(krb5_context context, - krb5_principal princ, - unsigned int rlen, - const char *realm, +krb5_build_principal_va(krb5_context context, + krb5_principal princ, + unsigned int rlen, + const char *realm, va_list ap) { char *first = va_arg(ap, char *); - + return krb5int_build_principal_va(context, princ, rlen, realm, first, ap); } -/* Takes first component as argument for KIM API, +/* Takes first component as argument for KIM API, * which does not allow realms with zero components */ krb5_error_code KRB5_CALLCONV -krb5int_build_principal_alloc_va(krb5_context context, - krb5_principal *princ, - unsigned int rlen, - const char *realm, +krb5int_build_principal_alloc_va(krb5_context context, + krb5_principal *princ, + unsigned int rlen, + const char *realm, const char *first, va_list ap) { krb5_error_code retval = 0; - + krb5_principal p = malloc(sizeof(krb5_principal_data)); if (!p) { retval = ENOMEM; } - + if (!retval) { retval = krb5int_build_principal_va(context, p, rlen, realm, first, ap); } - + if (!retval) { - *princ = p; + *princ = p; } else { free(p); } - - return retval; + + return retval; } krb5_error_code KRB5_CALLCONV -krb5_build_principal_alloc_va(krb5_context context, - krb5_principal *princ, - unsigned int rlen, - const char *realm, +krb5_build_principal_alloc_va(krb5_context context, + krb5_principal *princ, + unsigned int rlen, + const char *realm, va_list ap) { krb5_error_code retval = 0; - + krb5_principal p = malloc(sizeof(krb5_principal_data)); if (!p) { retval = ENOMEM; } - + if (!retval) { retval = krb5_build_principal_va(context, p, rlen, realm, ap); } - + if (!retval) { - *princ = p; + *princ = p; } else { free(p); } @@ -172,17 +173,17 @@ krb5_build_principal_alloc_va(krb5_context context, } krb5_error_code KRB5_CALLCONV_C -krb5_build_principal(krb5_context context, - krb5_principal * princ, - unsigned int rlen, - const char * realm, ...) +krb5_build_principal(krb5_context context, + krb5_principal * princ, + unsigned int rlen, + const char * realm, ...) { krb5_error_code retval = 0; va_list ap; - + va_start(ap, realm); retval = krb5_build_principal_alloc_va(context, princ, rlen, realm, ap); va_end(ap); - + return retval; } diff --git a/src/lib/krb5/krb/brand.c b/src/lib/krb5/krb/brand.c index 7e4e0db..fc098dd 100644 --- a/src/lib/krb5/krb/brand.c +++ b/src/lib/krb5/krb/brand.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/brand.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/src/lib/krb5/krb/chk_trans.c b/src/lib/krb5/krb/chk_trans.c index 9af063c..3c01481 100644 --- a/src/lib/krb5/krb/chk_trans.c +++ b/src/lib/krb5/krb/chk_trans.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/chk_trans.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_check_transited_list() */ @@ -46,12 +47,12 @@ static int verbose = 0; static krb5_error_code process_intermediates (krb5_error_code (*fn)(krb5_data *, void *), void *data, - const krb5_data *n1, const krb5_data *n2) { + const krb5_data *n1, const krb5_data *n2) { unsigned int len1, len2, i; char *p1, *p2; Tprintf (("process_intermediates(%.*s,%.*s)\n", - (int) n1->length, n1->data, (int) n2->length, n2->data)); + (int) n1->length, n1->data, (int) n2->length, n2->data)); len1 = n1->length; len2 = n2->length; @@ -59,78 +60,78 @@ process_intermediates (krb5_error_code (*fn)(krb5_data *, void *), void *data, Tprintf (("(walking intermediates now)\n")); /* Simplify... */ if (len1 > len2) { - const krb5_data *p; - int tmp = len1; - len1 = len2; - len2 = tmp; - p = n1; - n1 = n2; - n2 = p; + const krb5_data *p; + int tmp = len1; + len1 = len2; + len2 = tmp; + p = n1; + n1 = n2; + n2 = p; } /* Okay, now len1 is always shorter or equal. */ if (len1 == len2) { - if (memcmp (n1->data, n2->data, len1)) { - Tprintf (("equal length but different strings in path: '%.*s' '%.*s'\n", - (int) n1->length, n1->data, (int) n2->length, n2->data)); - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } - Tprintf (("(end intermediates)\n")); - return 0; + if (memcmp (n1->data, n2->data, len1)) { + Tprintf (("equal length but different strings in path: '%.*s' '%.*s'\n", + (int) n1->length, n1->data, (int) n2->length, n2->data)); + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + Tprintf (("(end intermediates)\n")); + return 0; } /* Now len1 is always shorter. */ if (len1 == 0) - /* Shouldn't be possible. Internal error? */ - return KRB5KRB_AP_ERR_ILL_CR_TKT; + /* Shouldn't be possible. Internal error? */ + return KRB5KRB_AP_ERR_ILL_CR_TKT; p1 = n1->data; p2 = n2->data; if (p1[0] == '/') { - /* X.500 style names, with common prefix. */ - if (p2[0] != '/') { - Tprintf (("mixed name formats in path: x500='%.*s' domain='%.*s'\n", - (int) len1, p1, (int) len2, p2)); - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } - if (memcmp (p1, p2, len1)) { - Tprintf (("x500 names with different prefixes '%.*s' '%.*s'\n", - (int) len1, p1, (int) len2, p2)); - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } - for (i = len1 + 1; i < len2; i++) - if (p2[i] == '/') { - krb5_data d; - krb5_error_code r; - - d.data = p2; - d.length = i; - r = (*fn) (&d, data); - if (r) - return r; - } + /* X.500 style names, with common prefix. */ + if (p2[0] != '/') { + Tprintf (("mixed name formats in path: x500='%.*s' domain='%.*s'\n", + (int) len1, p1, (int) len2, p2)); + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + if (memcmp (p1, p2, len1)) { + Tprintf (("x500 names with different prefixes '%.*s' '%.*s'\n", + (int) len1, p1, (int) len2, p2)); + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + for (i = len1 + 1; i < len2; i++) + if (p2[i] == '/') { + krb5_data d; + krb5_error_code r; + + d.data = p2; + d.length = i; + r = (*fn) (&d, data); + if (r) + return r; + } } else { - /* Domain style names, with common suffix. */ - if (p2[0] == '/') { - Tprintf (("mixed name formats in path: domain='%.*s' x500='%.*s'\n", - (int) len1, p1, (int) len2, p2)); - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } - if (memcmp (p1, p2 + (len2 - len1), len1)) { - Tprintf (("domain names with different suffixes '%.*s' '%.*s'\n", - (int) len1, p1, (int) len2, p2)); - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } - for (i = len2 - len1 - 1; i > 0; i--) { - Tprintf (("looking at '%.*s'\n", (int) (len2 - i), p2+i)); - if (p2[i-1] == '.') { - krb5_data d; - krb5_error_code r; - - d.data = p2+i; - d.length = len2 - i; - r = (*fn) (&d, data); - if (r) - return r; - } - } + /* Domain style names, with common suffix. */ + if (p2[0] == '/') { + Tprintf (("mixed name formats in path: domain='%.*s' x500='%.*s'\n", + (int) len1, p1, (int) len2, p2)); + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + if (memcmp (p1, p2 + (len2 - len1), len1)) { + Tprintf (("domain names with different suffixes '%.*s' '%.*s'\n", + (int) len1, p1, (int) len2, p2)); + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + for (i = len2 - len1 - 1; i > 0; i--) { + Tprintf (("looking at '%.*s'\n", (int) (len2 - i), p2+i)); + if (p2[i-1] == '.') { + krb5_data d; + krb5_error_code r; + + d.data = p2+i; + d.length = len2 - i; + r = (*fn) (&d, data); + if (r) + return r; + } + } } Tprintf (("(end intermediates)\n")); return 0; @@ -140,25 +141,25 @@ static krb5_error_code maybe_join (krb5_data *last, krb5_data *buf, unsigned int bufsiz) { if (buf->length == 0) - return 0; + return 0; if (buf->data[0] == '/') { - if (last->length + buf->length > bufsiz) { - Tprintf (("too big: last=%d cur=%d max=%d\n", last->length, buf->length, bufsiz)); - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } - memmove (buf->data+last->length, buf->data, buf->length); - memcpy (buf->data, last->data, last->length); - buf->length += last->length; + if (last->length + buf->length > bufsiz) { + Tprintf (("too big: last=%d cur=%d max=%d\n", last->length, buf->length, bufsiz)); + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + memmove (buf->data+last->length, buf->data, buf->length); + memcpy (buf->data, last->data, last->length); + buf->length += last->length; } else if (buf->data[buf->length-1] == '.') { - /* We can ignore the case where the previous component was - empty; the strcat will be a no-op. It should probably - be an error case, but let's be flexible. */ - if (last->length+buf->length > bufsiz) { - Tprintf (("too big\n")); - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } - memcpy (buf->data + buf->length, last->data, last->length); - buf->length += last->length; + /* We can ignore the case where the previous component was + empty; the strcat will be a no-op. It should probably + be an error case, but let's be flexible. */ + if (last->length+buf->length > bufsiz) { + Tprintf (("too big\n")); + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + memcpy (buf->data + buf->length, last->data, last->length); + buf->length += last->length; } /* Otherwise, do nothing. */ return 0; @@ -170,8 +171,8 @@ maybe_join (krb5_data *last, krb5_data *buf, unsigned int bufsiz) of C strings. */ static krb5_error_code foreach_realm (krb5_error_code (*fn)(krb5_data *comp,void *data), void *data, - const krb5_data *crealm, const krb5_data *srealm, - const krb5_data *transit) + const krb5_data *crealm, const krb5_data *srealm, + const krb5_data *transit) { char buf[MAXLEN], last[MAXLEN]; char *p, *bufp; @@ -201,88 +202,88 @@ foreach_realm (krb5_error_code (*fn)(krb5_data *comp,void *data), void *data, print_data ("transit enc.: %.*s\n", transit); if (transit->length == 0) { - Tprintf (("no other realms transited\n")); - return 0; + Tprintf (("no other realms transited\n")); + return 0; } bufp = buf; for (p = transit->data, l = transit->length; l; p++, l--) { - if (next_lit) { - *bufp++ = *p; - if (bufp == buf+sizeof(buf)) - return KRB5KRB_AP_ERR_ILL_CR_TKT; - next_lit = 0; - } else if (*p == '\\') { - next_lit = 1; - } else if (*p == ',') { - if (bufp != buf) { - this_component.length = bufp - buf; - r = maybe_join (&last_component, &this_component, sizeof(buf)); - if (r) - return r; - r = (*fn) (&this_component, data); - if (r) - return r; - if (intermediates) { - if (p == transit->data) - r = process_intermediates (fn, data, - &this_component, crealm); - else { - r = process_intermediates (fn, data, &this_component, - &last_component); - } - if (r) - return r; - } - intermediates = 0; - memcpy (last, buf, sizeof (buf)); - last_component.length = this_component.length; - memset (buf, 0, sizeof (buf)); - bufp = buf; - } else { - intermediates = 1; - if (p == transit->data) { - if (crealm->length >= MAXLEN) - return KRB5KRB_AP_ERR_ILL_CR_TKT; - memcpy (last, crealm->data, crealm->length); - last[crealm->length] = '\0'; - last_component.length = crealm->length; - } - } - } else if (*p == ' ' && bufp == buf) { - /* This next component stands alone, even if it has a - trailing dot or leading slash. */ - memset (last, 0, sizeof (last)); - last_component.length = 0; - } else { - /* Not a special character; literal. */ - *bufp++ = *p; - if (bufp == buf+sizeof(buf)) - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } + if (next_lit) { + *bufp++ = *p; + if (bufp == buf+sizeof(buf)) + return KRB5KRB_AP_ERR_ILL_CR_TKT; + next_lit = 0; + } else if (*p == '\\') { + next_lit = 1; + } else if (*p == ',') { + if (bufp != buf) { + this_component.length = bufp - buf; + r = maybe_join (&last_component, &this_component, sizeof(buf)); + if (r) + return r; + r = (*fn) (&this_component, data); + if (r) + return r; + if (intermediates) { + if (p == transit->data) + r = process_intermediates (fn, data, + &this_component, crealm); + else { + r = process_intermediates (fn, data, &this_component, + &last_component); + } + if (r) + return r; + } + intermediates = 0; + memcpy (last, buf, sizeof (buf)); + last_component.length = this_component.length; + memset (buf, 0, sizeof (buf)); + bufp = buf; + } else { + intermediates = 1; + if (p == transit->data) { + if (crealm->length >= MAXLEN) + return KRB5KRB_AP_ERR_ILL_CR_TKT; + memcpy (last, crealm->data, crealm->length); + last[crealm->length] = '\0'; + last_component.length = crealm->length; + } + } + } else if (*p == ' ' && bufp == buf) { + /* This next component stands alone, even if it has a + trailing dot or leading slash. */ + memset (last, 0, sizeof (last)); + last_component.length = 0; + } else { + /* Not a special character; literal. */ + *bufp++ = *p; + if (bufp == buf+sizeof(buf)) + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } } /* At end. Must be normal state. */ if (next_lit) - Tprintf (("ending in next-char-literal state\n")); + Tprintf (("ending in next-char-literal state\n")); /* Process trailing element or comma. */ if (bufp == buf) { - /* Trailing comma. */ - r = process_intermediates (fn, data, &last_component, srealm); + /* Trailing comma. */ + r = process_intermediates (fn, data, &last_component, srealm); } else { - /* Trailing component. */ - this_component.length = bufp - buf; - r = maybe_join (&last_component, &this_component, sizeof(buf)); - if (r) - return r; - r = (*fn) (&this_component, data); - if (r) - return r; - if (intermediates) - r = process_intermediates (fn, data, &this_component, - &last_component); + /* Trailing component. */ + this_component.length = bufp - buf; + r = maybe_join (&last_component, &this_component, sizeof(buf)); + if (r) + return r; + r = (*fn) (&this_component, data); + if (r) + return r; + if (intermediates) + r = process_intermediates (fn, data, &this_component, + &last_component); } if (r != 0) - return r; + return r; return 0; } @@ -300,8 +301,8 @@ check_realm_in_list (krb5_data *realm, void *data) Tprintf ((".. checking '%.*s'\n", (int) realm->length, realm->data)); for (i = 0; cdata->tgs[i]; i++) { - if (data_eq (*krb5_princ_realm (cdata->ctx, cdata->tgs[i]), *realm)) - return 0; + if (data_eq (*krb5_princ_realm (cdata->ctx, cdata->tgs[i]), *realm)) + return 0; } Tprintf (("BAD!\n")); return KRB5KRB_AP_ERR_ILL_CR_TKT; @@ -309,7 +310,7 @@ check_realm_in_list (krb5_data *realm, void *data) krb5_error_code krb5_check_transited_list (krb5_context ctx, const krb5_data *trans_in, - const krb5_data *crealm, const krb5_data *srealm) + const krb5_data *crealm, const krb5_data *srealm) { krb5_data trans; struct check_data cdata; @@ -318,31 +319,31 @@ krb5_check_transited_list (krb5_context ctx, const krb5_data *trans_in, trans.length = trans_in->length; trans.data = (char *) trans_in->data; if (trans.length && (trans.data[trans.length-1] == '\0')) - trans.length--; + trans.length--; Tprintf (("krb5_check_transited_list(trans=\"%.*s\", crealm=\"%.*s\", srealm=\"%.*s\")\n", - (int) trans.length, trans.data, - (int) crealm->length, crealm->data, - (int) srealm->length, srealm->data)); + (int) trans.length, trans.data, + (int) crealm->length, crealm->data, + (int) srealm->length, srealm->data)); if (trans.length == 0) - return 0; + return 0; r = krb5_walk_realm_tree (ctx, crealm, srealm, &cdata.tgs, - KRB5_REALM_BRANCH_CHAR); + KRB5_REALM_BRANCH_CHAR); if (r) { - Tprintf (("error %ld\n", (long) r)); - return r; + Tprintf (("error %ld\n", (long) r)); + return r; } #ifdef DEBUG /* avoid compiler warning about 'd' unused */ { - int i; - Tprintf (("tgs list = {\n")); - for (i = 0; cdata.tgs[i]; i++) { - char *name; - r = krb5_unparse_name (ctx, cdata.tgs[i], &name); - Tprintf (("\t'%s'\n", name)); - free (name); - } - Tprintf (("}\n")); + int i; + Tprintf (("tgs list = {\n")); + for (i = 0; cdata.tgs[i]; i++) { + char *name; + r = krb5_unparse_name (ctx, cdata.tgs[i], &name); + Tprintf (("\t'%s'\n", name)); + free (name); + } + Tprintf (("}\n")); } #endif cdata.ctx = ctx; @@ -370,19 +371,19 @@ int main (int argc, char *argv[]) { me = me ? me+1 : argv[0]; while (argc > 3 && argv[1][0] == '-') { - if (!strcmp ("-v", argv[1])) - verbose++, argc--, argv++; - else if (!strcmp ("-x", argv[1])) - expand_only++, argc--, argv++; - else - goto usage; + if (!strcmp ("-v", argv[1])) + verbose++, argc--, argv++; + else if (!strcmp ("-x", argv[1])) + expand_only++, argc--, argv++; + else + goto usage; } if (argc != 4) { usage: - printf ("usage: %s [-v] [-x] clientRealm serverRealm transitEncoding\n", - me); - return 1; + printf ("usage: %s [-v] [-x] clientRealm serverRealm transitEncoding\n", + me); + return 1; } crealm.data = argv[1]; @@ -394,40 +395,40 @@ int main (int argc, char *argv[]) { if (expand_only) { - printf ("client realm: %s\n", argv[1]); - printf ("server realm: %s\n", argv[2]); - printf ("transit enc.: %s\n", argv[3]); + printf ("client realm: %s\n", argv[1]); + printf ("server realm: %s\n", argv[2]); + printf ("transit enc.: %s\n", argv[3]); - if (argv[3][0] == 0) { - printf ("no other realms transited\n"); - return 0; - } + if (argv[3][0] == 0) { + printf ("no other realms transited\n"); + return 0; + } - r = foreach_realm (print_a_realm, NULL, &crealm, &srealm, &transit); - if (r) - printf ("--> returned error %ld\n", (long) r); - return r != 0; + r = foreach_realm (print_a_realm, NULL, &crealm, &srealm, &transit); + if (r) + printf ("--> returned error %ld\n", (long) r); + return r != 0; } else { - /* Actually check the values against the supplied krb5.conf file. */ - krb5_context ctx; - r = krb5_init_context (&ctx); - if (r) { - com_err (me, r, "initializing krb5 context"); - return 1; - } - r = krb5_check_transited_list (ctx, &transit, &crealm, &srealm); - if (r == KRB5KRB_AP_ERR_ILL_CR_TKT) { - printf ("NO\n"); - } else if (r == 0) { - printf ("YES\n"); - } else { - printf ("kablooey!\n"); - com_err (me, r, "checking transited-realm list"); - return 1; - } - return 0; + /* Actually check the values against the supplied krb5.conf file. */ + krb5_context ctx; + r = krb5_init_context (&ctx); + if (r) { + com_err (me, r, "initializing krb5 context"); + return 1; + } + r = krb5_check_transited_list (ctx, &transit, &crealm, &srealm); + if (r == KRB5KRB_AP_ERR_ILL_CR_TKT) { + printf ("NO\n"); + } else if (r == 0) { + printf ("YES\n"); + } else { + printf ("kablooey!\n"); + com_err (me, r, "checking transited-realm list"); + return 1; + } + return 0; } } diff --git a/src/lib/krb5/krb/chpw.c b/src/lib/krb5/krb/chpw.c index d38a7ef..1488f62 100644 --- a/src/lib/krb5/krb/chpw.c +++ b/src/lib/krb5/krb/chpw.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* ** set password functions added by Paul W. Nelson, Thursby Software Systems, Inc. */ @@ -7,12 +8,12 @@ #include "auth_con.h" -krb5_error_code -krb5int_mk_chpw_req(krb5_context context, - krb5_auth_context auth_context, - krb5_data *ap_req, - char *passwd, - krb5_data *packet) +krb5_error_code +krb5int_mk_chpw_req(krb5_context context, + krb5_auth_context auth_context, + krb5_data *ap_req, + char *passwd, + krb5_data *packet) { krb5_error_code ret = 0; krb5_data clearpw; @@ -23,21 +24,21 @@ krb5int_mk_chpw_req(krb5_context context, cipherpw.data = NULL; if ((ret = krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE))) - goto cleanup; + KRB5_AUTH_CONTEXT_DO_SEQUENCE))) + goto cleanup; clearpw.length = strlen(passwd); clearpw.data = passwd; if ((ret = krb5_mk_priv(context, auth_context, - &clearpw, &cipherpw, &replay))) - goto cleanup; + &clearpw, &cipherpw, &replay))) + goto cleanup; packet->length = 6 + ap_req->length + cipherpw.length; packet->data = (char *) malloc(packet->length); if (packet->data == NULL) { - ret = ENOMEM; - goto cleanup; + ret = ENOMEM; + goto cleanup; } ptr = packet->data; @@ -67,14 +68,14 @@ krb5int_mk_chpw_req(krb5_context context, cleanup: if (cipherpw.data != NULL) /* allocated by krb5_mk_priv */ - free(cipherpw.data); - + free(cipherpw.data); + return(ret); } -krb5_error_code +krb5_error_code krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, - krb5_data *packet, int *result_code, krb5_data *result_data) + krb5_data *packet, int *result_code, krb5_data *result_data) { char *ptr; int plen, vno; @@ -88,9 +89,9 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *tmp; if (packet->length < 4) - /* either this, or the server is printing bad messages, - or the caller passed in garbage */ - return(KRB5KRB_AP_ERR_MODIFIED); + /* either this, or the server is printing bad messages, + or the caller passed in garbage */ + return(KRB5KRB_AP_ERR_MODIFIED); ptr = packet->data; @@ -100,27 +101,27 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, plen = (plen<<8) | (*ptr++ & 0xff); if (plen != packet->length) { - /* - * MS KDCs *may* send back a KRB_ERROR. Although - * not 100% correct via RFC3244, it's something - * we can workaround here. - */ - if (krb5_is_krb_error(packet)) { - - if ((ret = krb5_rd_error(context, packet, &krberror))) - return(ret); - - if (krberror->e_data.data == NULL) - ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error; - else - ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_free_error(context, krberror); - return(ret); - } else { - return(KRB5KRB_AP_ERR_MODIFIED); - } + /* + * MS KDCs *may* send back a KRB_ERROR. Although + * not 100% correct via RFC3244, it's something + * we can workaround here. + */ + if (krb5_is_krb_error(packet)) { + + if ((ret = krb5_rd_error(context, packet, &krberror))) + return(ret); + + if (krberror->e_data.data == NULL) + ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error; + else + ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_free_error(context, krberror); + return(ret); + } else { + return(KRB5KRB_AP_ERR_MODIFIED); + } } - + /* verify version number */ @@ -128,7 +129,7 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, vno = (vno<<8) | (*ptr++ & 0xff); if (vno != 1) - return(KRB5KDC_ERR_BAD_PVNO); + return(KRB5KDC_ERR_BAD_PVNO); /* read, check ap-rep length */ @@ -136,59 +137,59 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, ap_rep.length = (ap_rep.length<<8) | (*ptr++ & 0xff); if (ptr + ap_rep.length >= packet->data + packet->length) - return(KRB5KRB_AP_ERR_MODIFIED); + return(KRB5KRB_AP_ERR_MODIFIED); if (ap_rep.length) { - /* verify ap_rep */ - ap_rep.data = ptr; - ptr += ap_rep.length; - - /* - * Save send_subkey to later smash recv_subkey. - */ - ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmp); - if (ret) - return ret; - - ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc); - if (ret) { - krb5_free_keyblock(context, tmp); - return(ret); - } - - krb5_free_ap_rep_enc_part(context, ap_rep_enc); - - /* extract and decrypt the result */ - - cipherresult.data = ptr; - cipherresult.length = (packet->data + packet->length) - ptr; - - /* - * Smash recv_subkey to be send_subkey, per spec. - */ - ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmp); - krb5_free_keyblock(context, tmp); - if (ret) - return ret; - - ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult, - &replay); - - if (ret) - return(ret); + /* verify ap_rep */ + ap_rep.data = ptr; + ptr += ap_rep.length; + + /* + * Save send_subkey to later smash recv_subkey. + */ + ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmp); + if (ret) + return ret; + + ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc); + if (ret) { + krb5_free_keyblock(context, tmp); + return(ret); + } + + krb5_free_ap_rep_enc_part(context, ap_rep_enc); + + /* extract and decrypt the result */ + + cipherresult.data = ptr; + cipherresult.length = (packet->data + packet->length) - ptr; + + /* + * Smash recv_subkey to be send_subkey, per spec. + */ + ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmp); + krb5_free_keyblock(context, tmp); + if (ret) + return ret; + + ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult, + &replay); + + if (ret) + return(ret); } else { - cipherresult.data = ptr; - cipherresult.length = (packet->data + packet->length) - ptr; + cipherresult.data = ptr; + cipherresult.length = (packet->data + packet->length) - ptr; - if ((ret = krb5_rd_error(context, &cipherresult, &krberror))) - return(ret); + if ((ret = krb5_rd_error(context, &cipherresult, &krberror))) + return(ret); - clearresult = krberror->e_data; + clearresult = krberror->e_data; } if (clearresult.length < 2) { - ret = KRB5KRB_AP_ERR_MODIFIED; - goto cleanup; + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; } ptr = clearresult.data; @@ -197,38 +198,38 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context, *result_code = (*result_code<<8) | (*ptr++ & 0xff); if ((*result_code < KRB5_KPASSWD_SUCCESS) || - (*result_code > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)) { - ret = KRB5KRB_AP_ERR_MODIFIED; - goto cleanup; + (*result_code > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)) { + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; } /* all success replies should be authenticated/encrypted */ if ((ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS)) { - ret = KRB5KRB_AP_ERR_MODIFIED; - goto cleanup; + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; } result_data->length = (clearresult.data + clearresult.length) - ptr; if (result_data->length) { - result_data->data = (char *) malloc(result_data->length); - if (result_data->data == NULL) { - ret = ENOMEM; - goto cleanup; - } - memcpy(result_data->data, ptr, result_data->length); + result_data->data = (char *) malloc(result_data->length); + if (result_data->data == NULL) { + ret = ENOMEM; + goto cleanup; + } + memcpy(result_data->data, ptr, result_data->length); } else { - result_data->data = NULL; + result_data->data = NULL; } ret = 0; cleanup: if (ap_rep.length) { - free(clearresult.data); + free(clearresult.data); } else { - krb5_free_error(context, krberror); + krb5_free_error(context, krberror); } return(ret); @@ -236,71 +237,71 @@ cleanup: krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string(krb5_context context, int result_code, - char **code_string) + char **code_string) { switch (result_code) { case KRB5_KPASSWD_MALFORMED: - *code_string = "Malformed request error"; - break; + *code_string = "Malformed request error"; + break; case KRB5_KPASSWD_HARDERROR: - *code_string = "Server error"; - break; + *code_string = "Server error"; + break; case KRB5_KPASSWD_AUTHERROR: - *code_string = "Authentication error"; - break; + *code_string = "Authentication error"; + break; case KRB5_KPASSWD_SOFTERROR: - *code_string = "Password change rejected"; - break; + *code_string = "Password change rejected"; + break; default: - *code_string = "Password change failed"; - break; + *code_string = "Password change failed"; + break; } return(0); } -krb5_error_code +krb5_error_code krb5int_mk_setpw_req(krb5_context context, - krb5_auth_context auth_context, - krb5_data *ap_req, - krb5_principal targprinc, - char *passwd, - krb5_data *packet) + krb5_auth_context auth_context, + krb5_data *ap_req, + krb5_principal targprinc, + char *passwd, + krb5_data *packet) { krb5_error_code ret; - krb5_data cipherpw; - krb5_data *encoded_setpw; + krb5_data cipherpw; + krb5_data *encoded_setpw; struct krb5_setpw_req req; char *ptr; cipherpw.data = NULL; cipherpw.length = 0; - + if ((ret = krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE))) - return(ret); + KRB5_AUTH_CONTEXT_DO_SEQUENCE))) + return(ret); req.target = targprinc; req.password.data = passwd; req.password.length = strlen(passwd); ret = encode_krb5_setpw_req(&req, &encoded_setpw); if (ret) { - return ret; + return ret; } if ((ret = krb5_mk_priv(context, auth_context, encoded_setpw, &cipherpw, NULL)) != 0) { - krb5_free_data(context, encoded_setpw); - return(ret); + krb5_free_data(context, encoded_setpw); + return(ret); } krb5_free_data(context, encoded_setpw); - + packet->length = 6 + ap_req->length + cipherpw.length; packet->data = (char *) malloc(packet->length); if (packet->data == NULL) { - ret = ENOMEM; - goto cleanup; + ret = ENOMEM; + goto cleanup; } ptr = packet->data; /* @@ -325,18 +326,18 @@ krb5int_mk_setpw_req(krb5_context context, ret = 0; cleanup: if (cipherpw.data) - krb5_free_data_contents(context, &cipherpw); + krb5_free_data_contents(context, &cipherpw); if ((ret != 0) && packet->data) { - free(packet->data); - packet->data = NULL; + free(packet->data); + packet->data = NULL; } return ret; } -krb5_error_code +krb5_error_code krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, - krb5_data *packet, - int *result_code, krb5_data *result_data) + krb5_data *packet, + int *result_code, krb5_data *result_data) { char *ptr; unsigned int message_length, version_number; @@ -350,7 +351,7 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, ** validate the packet length - */ if (packet->length < 4) - return(KRB5KRB_AP_ERR_MODIFIED); + return(KRB5KRB_AP_ERR_MODIFIED); ptr = packet->data; @@ -358,109 +359,109 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, ** see if it is an error */ if (krb5_is_krb_error(packet)) { - krb5_error *krberror; - if ((ret = krb5_rd_error(context, packet, &krberror))) - return(ret); - if (krberror->e_data.data == NULL) { - ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error; - krb5_free_error(context, krberror); - return (ret); - } - clearresult = krberror->e_data; - krberror->e_data.data = NULL; /*So we can free it later*/ - krberror->e_data.length = 0; - krb5_free_error(context, krberror); - ap_rep.length = 0; + krb5_error *krberror; + if ((ret = krb5_rd_error(context, packet, &krberror))) + return(ret); + if (krberror->e_data.data == NULL) { + ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error; + krb5_free_error(context, krberror); + return (ret); + } + clearresult = krberror->e_data; + krberror->e_data.data = NULL; /*So we can free it later*/ + krberror->e_data.length = 0; + krb5_free_error(context, krberror); + ap_rep.length = 0; } else { /* Not an error*/ - /* - ** validate the message length - - ** length is big endian - */ - message_length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); - ptr += 2; - /* - ** make sure the message length and packet length agree - - */ - if (message_length != packet->length) - return(KRB5KRB_AP_ERR_MODIFIED); - /* - ** get the version number - - */ - version_number = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); - ptr += 2; - /* - ** make sure we support the version returned - - */ - /* - ** set password version is 0xff80, change password version is 1 - */ - if (version_number != 1 && version_number != 0xff80) - return(KRB5KDC_ERR_BAD_PVNO); - /* - ** now fill in ap_rep with the reply - - */ - /* - ** get the reply length - - */ - ap_rep.length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); - ptr += 2; - /* - ** validate ap_rep length agrees with the packet length - - */ - if (ptr + ap_rep.length >= packet->data + packet->length) - return(KRB5KRB_AP_ERR_MODIFIED); - /* - ** if data was returned, set the ap_rep ptr - - */ - if (ap_rep.length) { - ap_rep.data = ptr; - ptr += ap_rep.length; - - /* - * Save send_subkey to later smash recv_subkey. - */ - ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmpkey); - if (ret) - return ret; - - ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc); - if (ret) { - krb5_free_keyblock(context, tmpkey); - return(ret); - } - - krb5_free_ap_rep_enc_part(context, ap_rep_enc); - /* - ** now decrypt the result - - */ - cipherresult.data = ptr; - cipherresult.length = (packet->data + packet->length) - ptr; - - /* - * Smash recv_subkey to be send_subkey, per spec. - */ - ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmpkey); - krb5_free_keyblock(context, tmpkey); - if (ret) - return ret; - - ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult, - NULL); - if (ret) - return(ret); - } /*We got an ap_rep*/ - else - return (KRB5KRB_AP_ERR_MODIFIED); + /* + ** validate the message length - + ** length is big endian + */ + message_length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + ptr += 2; + /* + ** make sure the message length and packet length agree - + */ + if (message_length != packet->length) + return(KRB5KRB_AP_ERR_MODIFIED); + /* + ** get the version number - + */ + version_number = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + ptr += 2; + /* + ** make sure we support the version returned - + */ + /* + ** set password version is 0xff80, change password version is 1 + */ + if (version_number != 1 && version_number != 0xff80) + return(KRB5KDC_ERR_BAD_PVNO); + /* + ** now fill in ap_rep with the reply - + */ + /* + ** get the reply length - + */ + ap_rep.length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + ptr += 2; + /* + ** validate ap_rep length agrees with the packet length - + */ + if (ptr + ap_rep.length >= packet->data + packet->length) + return(KRB5KRB_AP_ERR_MODIFIED); + /* + ** if data was returned, set the ap_rep ptr - + */ + if (ap_rep.length) { + ap_rep.data = ptr; + ptr += ap_rep.length; + + /* + * Save send_subkey to later smash recv_subkey. + */ + ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmpkey); + if (ret) + return ret; + + ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc); + if (ret) { + krb5_free_keyblock(context, tmpkey); + return(ret); + } + + krb5_free_ap_rep_enc_part(context, ap_rep_enc); + /* + ** now decrypt the result - + */ + cipherresult.data = ptr; + cipherresult.length = (packet->data + packet->length) - ptr; + + /* + * Smash recv_subkey to be send_subkey, per spec. + */ + ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmpkey); + krb5_free_keyblock(context, tmpkey); + if (ret) + return ret; + + ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult, + NULL); + if (ret) + return(ret); + } /*We got an ap_rep*/ + else + return (KRB5KRB_AP_ERR_MODIFIED); } /*Response instead of error*/ /* - ** validate the cleartext length + ** validate the cleartext length */ if (clearresult.length < 2) { - ret = KRB5KRB_AP_ERR_MODIFIED; - goto cleanup; + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; } /* ** now decode the result - @@ -474,68 +475,67 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, ** result code 5 is access denied */ if ((*result_code < KRB5_KPASSWD_SUCCESS) || (*result_code > 5)) { - ret = KRB5KRB_AP_ERR_MODIFIED; - goto cleanup; + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; } /* ** all success replies should be authenticated/encrypted */ if ((ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS)) { - ret = KRB5KRB_AP_ERR_MODIFIED; - goto cleanup; + ret = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; } if (result_data) { - result_data->length = (clearresult.data + clearresult.length) - ptr; - - if (result_data->length) { - result_data->data = (char *) malloc(result_data->length); - if (result_data->data) - memcpy(result_data->data, ptr, result_data->length); - } else - result_data->data = NULL; + result_data->length = (clearresult.data + clearresult.length) - ptr; + + if (result_data->length) { + result_data->data = (char *) malloc(result_data->length); + if (result_data->data) + memcpy(result_data->data, ptr, result_data->length); + } else + result_data->data = NULL; } ret = 0; - cleanup: +cleanup: krb5_free_data_contents(context, &clearresult); return(ret); } -krb5_error_code +krb5_error_code krb5int_setpw_result_code_string(krb5_context context, int result_code, - const char **code_string) + const char **code_string) { switch (result_code) { case KRB5_KPASSWD_MALFORMED: - *code_string = "Malformed request error"; - break; + *code_string = "Malformed request error"; + break; case KRB5_KPASSWD_HARDERROR: - *code_string = "Server error"; - break; + *code_string = "Server error"; + break; case KRB5_KPASSWD_AUTHERROR: - *code_string = "Authentication error"; - break; + *code_string = "Authentication error"; + break; case KRB5_KPASSWD_SOFTERROR: - *code_string = "Password change rejected"; - break; + *code_string = "Password change rejected"; + break; case 5: /* access denied */ - *code_string = "Access denied"; - break; - case 6: /* bad version */ - *code_string = "Wrong protocol version"; - break; + *code_string = "Access denied"; + break; + case 6: /* bad version */ + *code_string = "Wrong protocol version"; + break; case 7: /* initial flag is needed */ - *code_string = "Initial password required"; - break; + *code_string = "Initial password required"; + break; case 0: - *code_string = "Success"; - break; + *code_string = "Success"; + break; default: - *code_string = "Password change failed"; - break; + *code_string = "Password change failed"; + break; } return(0); } - diff --git a/src/lib/krb5/krb/cleanup.h b/src/lib/krb5/krb/cleanup.h index 94b39f7..3a01833 100644 --- a/src/lib/krb5/krb/cleanup.h +++ b/src/lib/krb5/krb/cleanup.h @@ -1,29 +1,30 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #ifndef KRB5_CLEANUP #define KRB5_CLEANUP struct cleanup { - void * arg; - void (*func)(void *); + void * arg; + void (*func)(void *); }; -#define CLEANUP_INIT(x) \ - struct cleanup cleanup_data[x]; \ - int cleanup_count = 0; +#define CLEANUP_INIT(x) \ + struct cleanup cleanup_data[x]; \ + int cleanup_count = 0; -#define CLEANUP_PUSH(x, y) \ - cleanup_data[cleanup_count].arg = x; \ - cleanup_data[cleanup_count].func = y; \ +#define CLEANUP_PUSH(x, y) \ + cleanup_data[cleanup_count].arg = x; \ + cleanup_data[cleanup_count].func = y; \ cleanup_count++; -#define CLEANUP_POP(x) \ - if ((--cleanup_count) && x && (cleanup_data[cleanup_count].func)) \ - cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg); - -#define CLEANUP_DONE() \ - while(cleanup_count--) \ - if (cleanup_data[cleanup_count].func) \ - cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg); - +#define CLEANUP_POP(x) \ + if ((--cleanup_count) && x && (cleanup_data[cleanup_count].func)) \ + cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg); + +#define CLEANUP_DONE() \ + while(cleanup_count--) \ + if (cleanup_data[cleanup_count].func) \ + cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg); + #endif diff --git a/src/lib/krb5/krb/conv_creds.c b/src/lib/krb5/krb/conv_creds.c index b6c6108..6f46088 100644 --- a/src/lib/krb5/krb/conv_creds.c +++ b/src/lib/krb5/krb/conv_creds.c @@ -1,6 +1,7 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -29,7 +30,7 @@ krb5_error_code KRB5_CALLCONV krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, - struct credentials *v4creds) + struct credentials *v4creds) { return KRB524_KRB4_DISABLED; } @@ -45,11 +46,11 @@ krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, void KRB5_CALLCONV krb524_init_ets (void); krb5_error_code KRB5_CALLCONV krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, - struct credentials *v4creds); + struct credentials *v4creds); krb5_error_code KRB5_CALLCONV krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, - struct credentials *v4creds) + struct credentials *v4creds) { return KRB524_KRB4_DISABLED; } diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c index 43c588f..5f63f46 100644 --- a/src/lib/krb5/krb/conv_princ.c +++ b/src/lib/krb5/krb/conv_princ.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/conv_princ.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,10 +23,10 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * Build a principal from a V4 specification, or separate a V5 * principal into name, instance, and realm. - * + * * NOTE: This is highly site specific, and is only really necessary * for sites who need to convert from V4 to V5. It is used by both * the KDC and the kdb5_convert program. Since its use is highly @@ -39,16 +40,16 @@ /* The maximum sizes for V4 aname, realm, sname, and instance +1 */ /* Taken from krb.h */ -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 struct krb_convert { - char *v4_str; - char *v5_str; - unsigned int flags : 8; - unsigned int len : 8; + char *v4_str; + char *v5_str; + unsigned int flags : 8; + unsigned int len : 8; }; #define DO_REALM_CONVERSION 0x00000001 @@ -71,9 +72,9 @@ static const struct krb_convert sconv_list[] = { /* Realm conversion, Change service name */ #define RC(V5NAME,V4NAME) { V5NAME, V4NAME, DO_REALM_CONVERSION, sizeof(V5NAME)-1 } /* Realm conversion */ -#define R(NAME) { NAME, NAME, DO_REALM_CONVERSION, sizeof(NAME)-1 } +#define R(NAME) { NAME, NAME, DO_REALM_CONVERSION, sizeof(NAME)-1 } /* No Realm conversion */ -#define NR(NAME) { NAME, NAME, 0, sizeof(NAME)-1 } +#define NR(NAME) { NAME, NAME, 0, sizeof(NAME)-1 } NR("kadmin"), RC("rcmd", "host"), @@ -128,18 +129,18 @@ static const struct krb_convert sconv_list[] = { * This falls in the "should have been in the ANSI C library" * category. :-) */ -static char *strnchr(register char *s, register int c, - register unsigned int n) +static char *strnchr(register char *s, register int c, + register unsigned int n) { - if (n < 1) - return 0; - - while (n-- && *s) { - if (*s == c) - return s; - s++; - } - return 0; + if (n < 1) + return 0; + + while (n-- && *s) { + if (*s == c) + return s; + s++; + } + return 0; } @@ -148,207 +149,207 @@ static char *strnchr(register char *s, register int c, krb5_error_code KRB5_CALLCONV krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, - char *name, char *inst, char *realm) + char *name, char *inst, char *realm) { - const struct krb_convert *p; - const krb5_data *compo; - char *c, *tmp_realm, *tmp_prealm; - unsigned int tmp_realm_len; - int retval; + const struct krb_convert *p; + const krb5_data *compo; + char *c, *tmp_realm, *tmp_prealm; + unsigned int tmp_realm_len; + int retval; - if (context->profile == 0) - return KRB5_CONFIG_CANTOPEN; + if (context->profile == 0) + return KRB5_CONFIG_CANTOPEN; - *name = *inst = '\0'; - switch (krb5_princ_size(context, princ)) { - case 2: - /* Check if this principal is listed in the table */ - compo = krb5_princ_component(context, princ, 0); - p = sconv_list; - while (p->v4_str) { - if (p->len == compo->length - && memcmp(p->v5_str, compo->data, compo->length) == 0) { - /* - * It is, so set the new name now, and chop off - * instance's domain name if requested. - */ - if (strlcpy(name, p->v4_str, ANAME_SZ) >= ANAME_SZ) - return KRB5_INVALID_PRINCIPAL; - if (p->flags & DO_REALM_CONVERSION) { - compo = krb5_princ_component(context, princ, 1); - c = strnchr(compo->data, '.', compo->length); - if (!c || (c - compo->data) >= INST_SZ - 1) - return KRB5_INVALID_PRINCIPAL; - memcpy(inst, compo->data, (size_t) (c - compo->data)); - inst[c - compo->data] = '\0'; - } - break; - } - p++; - } - /* If inst isn't set, the service isn't listed in the table, */ - /* so just copy it. */ - if (*inst == '\0') { - compo = krb5_princ_component(context, princ, 1); - if (compo->length >= INST_SZ - 1) - return KRB5_INVALID_PRINCIPAL; - memcpy(inst, compo->data, compo->length); - inst[compo->length] = '\0'; - } - /* fall through */ - case 1: - /* name may have been set above; otherwise, just copy it */ - if (*name == '\0') { - compo = krb5_princ_component(context, princ, 0); - if (compo->length >= ANAME_SZ) - return KRB5_INVALID_PRINCIPAL; - memcpy(name, compo->data, compo->length); - name[compo->length] = '\0'; - } - break; - default: - return KRB5_INVALID_PRINCIPAL; - } + *name = *inst = '\0'; + switch (krb5_princ_size(context, princ)) { + case 2: + /* Check if this principal is listed in the table */ + compo = krb5_princ_component(context, princ, 0); + p = sconv_list; + while (p->v4_str) { + if (p->len == compo->length + && memcmp(p->v5_str, compo->data, compo->length) == 0) { + /* + * It is, so set the new name now, and chop off + * instance's domain name if requested. + */ + if (strlcpy(name, p->v4_str, ANAME_SZ) >= ANAME_SZ) + return KRB5_INVALID_PRINCIPAL; + if (p->flags & DO_REALM_CONVERSION) { + compo = krb5_princ_component(context, princ, 1); + c = strnchr(compo->data, '.', compo->length); + if (!c || (c - compo->data) >= INST_SZ - 1) + return KRB5_INVALID_PRINCIPAL; + memcpy(inst, compo->data, (size_t) (c - compo->data)); + inst[c - compo->data] = '\0'; + } + break; + } + p++; + } + /* If inst isn't set, the service isn't listed in the table, */ + /* so just copy it. */ + if (*inst == '\0') { + compo = krb5_princ_component(context, princ, 1); + if (compo->length >= INST_SZ - 1) + return KRB5_INVALID_PRINCIPAL; + memcpy(inst, compo->data, compo->length); + inst[compo->length] = '\0'; + } + /* fall through */ + case 1: + /* name may have been set above; otherwise, just copy it */ + if (*name == '\0') { + compo = krb5_princ_component(context, princ, 0); + if (compo->length >= ANAME_SZ) + return KRB5_INVALID_PRINCIPAL; + memcpy(name, compo->data, compo->length); + name[compo->length] = '\0'; + } + break; + default: + return KRB5_INVALID_PRINCIPAL; + } - compo = krb5_princ_realm(context, princ); + compo = krb5_princ_realm(context, princ); - tmp_prealm = malloc(compo->length + 1); - if (tmp_prealm == NULL) - return ENOMEM; - strncpy(tmp_prealm, compo->data, compo->length); - tmp_prealm[compo->length] = '\0'; + tmp_prealm = malloc(compo->length + 1); + if (tmp_prealm == NULL) + return ENOMEM; + strncpy(tmp_prealm, compo->data, compo->length); + tmp_prealm[compo->length] = '\0'; - /* Ask for v4_realm corresponding to - krb5 principal realm from krb5.conf realms stanza */ + /* Ask for v4_realm corresponding to + krb5 principal realm from krb5.conf realms stanza */ - retval = profile_get_string(context->profile, KRB5_CONF_REALMS, - tmp_prealm, KRB5_CONF_V4_REALM, 0, - &tmp_realm); - free(tmp_prealm); - if (retval) { - return retval; - } else { - if (tmp_realm == 0) { - if (compo->length > REALM_SZ - 1) - return KRB5_INVALID_PRINCIPAL; - strncpy(realm, compo->data, compo->length); - realm[compo->length] = '\0'; - } else { - tmp_realm_len = strlen(tmp_realm); - if (tmp_realm_len > REALM_SZ - 1) - return KRB5_INVALID_PRINCIPAL; - strncpy(realm, tmp_realm, tmp_realm_len); - realm[tmp_realm_len] = '\0'; - profile_release_string(tmp_realm); - } - } - return 0; + retval = profile_get_string(context->profile, KRB5_CONF_REALMS, + tmp_prealm, KRB5_CONF_V4_REALM, 0, + &tmp_realm); + free(tmp_prealm); + if (retval) { + return retval; + } else { + if (tmp_realm == 0) { + if (compo->length > REALM_SZ - 1) + return KRB5_INVALID_PRINCIPAL; + strncpy(realm, compo->data, compo->length); + realm[compo->length] = '\0'; + } else { + tmp_realm_len = strlen(tmp_realm); + if (tmp_realm_len > REALM_SZ - 1) + return KRB5_INVALID_PRINCIPAL; + strncpy(realm, tmp_realm, tmp_realm_len); + realm[tmp_realm_len] = '\0'; + profile_release_string(tmp_realm); + } + } + return 0; } krb5_error_code KRB5_CALLCONV krb5_425_conv_principal(krb5_context context, const char *name, - const char *instance, const char *realm, - krb5_principal *princ) + const char *instance, const char *realm, + krb5_principal *princ) { - const struct krb_convert *p; - char buf[256]; /* V4 instances are limited to 40 characters */ - krb5_error_code retval; - char *domain, *cp; - char **full_name = 0; - const char *names[5], *names2[2]; - void* iterator = NULL; - char** v4realms = NULL; - char* realm_name = NULL; - char* dummy_value = NULL; - - /* First, convert the realm, since the v4 realm is not necessarily the same as the v5 realm - To do that, iterate over all the realms in the config file, looking for a matching - v4_realm line */ - names2 [0] = KRB5_CONF_REALMS; - names2 [1] = NULL; - retval = profile_iterator_create (context -> profile, names2, PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY, &iterator); - while (retval == 0) { - retval = profile_iterator (&iterator, &realm_name, &dummy_value); - if ((retval == 0) && (realm_name != NULL)) { - names [0] = KRB5_CONF_REALMS; - names [1] = realm_name; - names [2] = KRB5_CONF_V4_REALM; - names [3] = NULL; + const struct krb_convert *p; + char buf[256]; /* V4 instances are limited to 40 characters */ + krb5_error_code retval; + char *domain, *cp; + char **full_name = 0; + const char *names[5], *names2[2]; + void* iterator = NULL; + char** v4realms = NULL; + char* realm_name = NULL; + char* dummy_value = NULL; + + /* First, convert the realm, since the v4 realm is not necessarily the same as the v5 realm + To do that, iterate over all the realms in the config file, looking for a matching + v4_realm line */ + names2 [0] = KRB5_CONF_REALMS; + names2 [1] = NULL; + retval = profile_iterator_create (context -> profile, names2, PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY, &iterator); + while (retval == 0) { + retval = profile_iterator (&iterator, &realm_name, &dummy_value); + if ((retval == 0) && (realm_name != NULL)) { + names [0] = KRB5_CONF_REALMS; + names [1] = realm_name; + names [2] = KRB5_CONF_V4_REALM; + names [3] = NULL; + + retval = profile_get_values (context -> profile, names, &v4realms); + if ((retval == 0) && (v4realms != NULL) && (v4realms [0] != NULL) && (strcmp (v4realms [0], realm) == 0)) { + realm = realm_name; + break; + } else if (retval == PROF_NO_RELATION) { + /* If it's not found, just keep going */ + retval = 0; + } + } else if ((retval == 0) && (realm_name == NULL)) { + break; + } + if (v4realms != NULL) { + profile_free_list(v4realms); + v4realms = NULL; + } + if (realm_name != NULL) { + profile_release_string (realm_name); + realm_name = NULL; + } + if (dummy_value != NULL) { + profile_release_string (dummy_value); + dummy_value = NULL; + } + } + + if (instance) { + if (instance[0] == '\0') { + instance = 0; + goto not_service; + } + p = sconv_list; + while (1) { + if (!p->v4_str) + goto not_service; + if (!strcmp(p->v4_str, name)) + break; + p++; + } + name = p->v5_str; + if ((p->flags & DO_REALM_CONVERSION) && !strchr(instance, '.')) { + names[0] = KRB5_CONF_REALMS; + names[1] = realm; + names[2] = KRB5_CONF_V4_INSTANCE_CONVERT; + names[3] = instance; + names[4] = 0; + retval = profile_get_values(context->profile, names, &full_name); + if (retval == 0 && full_name && full_name[0]) { + instance = full_name[0]; + } else { + strncpy(buf, instance, sizeof(buf)); + buf[sizeof(buf) - 1] = '\0'; + retval = krb5_get_realm_domain(context, realm, &domain); + if (retval) + return retval; + if (domain) { + for (cp = domain; *cp; cp++) + if (isupper((unsigned char) (*cp))) + *cp = tolower((unsigned char) *cp); + strncat(buf, ".", sizeof(buf) - 1 - strlen(buf)); + strncat(buf, domain, sizeof(buf) - 1 - strlen(buf)); + free(domain); + } + instance = buf; + } + } + } - retval = profile_get_values (context -> profile, names, &v4realms); - if ((retval == 0) && (v4realms != NULL) && (v4realms [0] != NULL) && (strcmp (v4realms [0], realm) == 0)) { - realm = realm_name; - break; - } else if (retval == PROF_NO_RELATION) { - /* If it's not found, just keep going */ - retval = 0; - } - } else if ((retval == 0) && (realm_name == NULL)) { - break; - } - if (v4realms != NULL) { - profile_free_list(v4realms); - v4realms = NULL; - } - if (realm_name != NULL) { - profile_release_string (realm_name); - realm_name = NULL; - } - if (dummy_value != NULL) { - profile_release_string (dummy_value); - dummy_value = NULL; - } - } - - if (instance) { - if (instance[0] == '\0') { - instance = 0; - goto not_service; - } - p = sconv_list; - while (1) { - if (!p->v4_str) - goto not_service; - if (!strcmp(p->v4_str, name)) - break; - p++; - } - name = p->v5_str; - if ((p->flags & DO_REALM_CONVERSION) && !strchr(instance, '.')) { - names[0] = KRB5_CONF_REALMS; - names[1] = realm; - names[2] = KRB5_CONF_V4_INSTANCE_CONVERT; - names[3] = instance; - names[4] = 0; - retval = profile_get_values(context->profile, names, &full_name); - if (retval == 0 && full_name && full_name[0]) { - instance = full_name[0]; - } else { - strncpy(buf, instance, sizeof(buf)); - buf[sizeof(buf) - 1] = '\0'; - retval = krb5_get_realm_domain(context, realm, &domain); - if (retval) - return retval; - if (domain) { - for (cp = domain; *cp; cp++) - if (isupper((unsigned char) (*cp))) - *cp = tolower((unsigned char) *cp); - strncat(buf, ".", sizeof(buf) - 1 - strlen(buf)); - strncat(buf, domain, sizeof(buf) - 1 - strlen(buf)); - free(domain); - } - instance = buf; - } - } - } - not_service: - retval = krb5_build_principal(context, princ, strlen(realm), realm, name, - instance, NULL); - if (iterator) profile_iterator_free (&iterator); - if (full_name) profile_free_list(full_name); - if (v4realms) profile_free_list(v4realms); - if (realm_name) profile_release_string (realm_name); - if (dummy_value) profile_release_string (dummy_value); - return retval; + retval = krb5_build_principal(context, princ, strlen(realm), realm, name, + instance, NULL); + if (iterator) profile_iterator_free (&iterator); + if (full_name) profile_free_list(full_name); + if (v4realms) profile_free_list(v4realms); + if (realm_name) profile_release_string (realm_name); + if (dummy_value) profile_release_string (dummy_value); + return retval; } diff --git a/src/lib/krb5/krb/copy_addrs.c b/src/lib/krb5/krb/copy_addrs.c index c3dcd57..7207c4c 100644 --- a/src/lib/krb5/krb/copy_addrs.c +++ b/src/lib/krb5/krb/copy_addrs.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/copy_addrs.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_addresses() */ @@ -35,11 +36,11 @@ krb5_copy_addr(krb5_context context, const krb5_address *inad, krb5_address **ou krb5_address *tmpad; if (!(tmpad = (krb5_address *)malloc(sizeof(*tmpad)))) - return ENOMEM; + return ENOMEM; *tmpad = *inad; if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) { - free(tmpad); - return ENOMEM; + free(tmpad); + return ENOMEM; } memcpy(tmpad->contents, inad->contents, inad->length); *outad = tmpad; @@ -57,22 +58,22 @@ krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr, krb5_addr register unsigned int nelems = 0; if (!inaddr) { - *outaddr = 0; - return 0; + *outaddr = 0; + return 0; } - + while (inaddr[nelems]) nelems++; /* one more for a null terminated list */ if (!(tempaddr = (krb5_address **) calloc(nelems+1, sizeof(*tempaddr)))) - return ENOMEM; + return ENOMEM; for (nelems = 0; inaddr[nelems]; nelems++) { - retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]); + retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]); if (retval) { - krb5_free_addresses(context, tempaddr); - return retval; - } + krb5_free_addresses(context, tempaddr); + return retval; + } } *outaddr = tempaddr; @@ -88,8 +89,8 @@ krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr, krb5_addr krb5_error_code krb5_append_addresses(context, inaddr, outaddr) krb5_context context; - krb5_address * const * inaddr; - krb5_address ***outaddr; + krb5_address * const * inaddr; + krb5_address ***outaddr; { krb5_error_code retval; krb5_address ** tempaddr; @@ -98,7 +99,7 @@ krb5_append_addresses(context, inaddr, outaddr) register int norigelems = 0; if (!inaddr) - return 0; + return 0; tempaddr2 = *outaddr; @@ -106,34 +107,33 @@ krb5_append_addresses(context, inaddr, outaddr) while (tempaddr2[norigelems]) norigelems++; tempaddr = (krb5_address **) realloc((char *)*outaddr, - (nelems + norigelems + 1) * sizeof(*tempaddr)); + (nelems + norigelems + 1) * sizeof(*tempaddr)); if (!tempaddr) - return ENOMEM; + return ENOMEM; /* The old storage has been freed. */ *outaddr = tempaddr; for (nelems = 0; inaddr[nelems]; nelems++) { - retval = krb5_copy_addr(context, inaddr[nelems], - &tempaddr[norigelems + nelems]); - if (retval) - goto cleanup; + retval = krb5_copy_addr(context, inaddr[nelems], + &tempaddr[norigelems + nelems]); + if (retval) + goto cleanup; } tempaddr[norigelems + nelems] = 0; return 0; - cleanup: +cleanup: while (--nelems >= 0) - krb5_free_address(context, tempaddr[norigelems + nelems]); + krb5_free_address(context, tempaddr[norigelems + nelems]); /* Try to allocate a smaller amount of memory for *outaddr. */ tempaddr = (krb5_address **) realloc((char *)tempaddr, - (norigelems + 1) * sizeof(*tempaddr)); + (norigelems + 1) * sizeof(*tempaddr)); if (tempaddr) - *outaddr = tempaddr; + *outaddr = tempaddr; return retval; } #endif - diff --git a/src/lib/krb5/krb/copy_athctr.c b/src/lib/krb5/krb/copy_athctr.c index c356fbf..3345486 100644 --- a/src/lib/krb5/krb/copy_athctr.c +++ b/src/lib/krb5/krb/copy_athctr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/copy_athctr.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_authenticator() */ @@ -36,48 +37,47 @@ krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom krb5_authenticator *tempto; if (!(tempto = (krb5_authenticator *)malloc(sizeof(*tempto)))) - return ENOMEM; + return ENOMEM; *tempto = *authfrom; retval = krb5_copy_principal(context, authfrom->client, &tempto->client); if (retval) { - free(tempto); - return retval; + free(tempto); + return retval; } - + if (authfrom->checksum && - (retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) { - krb5_free_principal(context, tempto->client); - free(tempto); - return retval; + (retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) { + krb5_free_principal(context, tempto->client); + free(tempto); + return retval; } - + if (authfrom->subkey) { - retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey); - if (retval) { - free(tempto->subkey); - krb5_free_checksum(context, tempto->checksum); - krb5_free_principal(context, tempto->client); - free(tempto); - return retval; - } + retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey); + if (retval) { + free(tempto->subkey); + krb5_free_checksum(context, tempto->checksum); + krb5_free_principal(context, tempto->client); + free(tempto); + return retval; + } } - + if (authfrom->authorization_data) { - retval = krb5_copy_authdata(context, authfrom->authorization_data, - &tempto->authorization_data); - if (retval) { - free(tempto->subkey); - krb5_free_checksum(context, tempto->checksum); - krb5_free_principal(context, tempto->client); - krb5_free_authdata(context, tempto->authorization_data); - free(tempto); - return retval; - } + retval = krb5_copy_authdata(context, authfrom->authorization_data, + &tempto->authorization_data); + if (retval) { + free(tempto->subkey); + krb5_free_checksum(context, tempto->checksum); + krb5_free_principal(context, tempto->client); + krb5_free_authdata(context, tempto->authorization_data); + free(tempto); + return retval; + } } *authto = tempto; return 0; } #endif - diff --git a/src/lib/krb5/krb/copy_auth.c b/src/lib/krb5/krb/copy_auth.c index 6f36b26..303badd 100644 --- a/src/lib/krb5/krb/copy_auth.c +++ b/src/lib/krb5/krb/copy_auth.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/copy_auth.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_authdata() */ @@ -62,11 +63,11 @@ krb5_copy_authdatum(krb5_context context, const krb5_authdata *inad, krb5_authda krb5_authdata *tmpad; if (!(tmpad = (krb5_authdata *)malloc(sizeof(*tmpad)))) - return ENOMEM; + return ENOMEM; *tmpad = *inad; if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) { - free(tmpad); - return ENOMEM; + free(tmpad); + return ENOMEM; } memcpy(tmpad->contents, inad->contents, inad->length); *outad = tmpad; @@ -78,7 +79,7 @@ krb5_copy_authdatum(krb5_context context, const krb5_authdata *inad, krb5_authda */ krb5_error_code KRB5_CALLCONV krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5_authdata * const *inauthdat2, - krb5_authdata ***outauthdat) + krb5_authdata ***outauthdat) { krb5_error_code retval; krb5_authdata ** tempauthdat; @@ -86,40 +87,40 @@ krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5 *outauthdat = NULL; if (!inauthdat1 && !inauthdat2) { - *outauthdat = 0; - return 0; + *outauthdat = 0; + return 0; } - if (inauthdat1) - while (inauthdat1[nelems]) nelems++; - if (inauthdat2) - while (inauthdat2[nelems2]) nelems2++; + if (inauthdat1) + while (inauthdat1[nelems]) nelems++; + if (inauthdat2) + while (inauthdat2[nelems2]) nelems2++; /* one more for a null terminated list */ if (!(tempauthdat = (krb5_authdata **) calloc(nelems+nelems2+1, - sizeof(*tempauthdat)))) - return ENOMEM; + sizeof(*tempauthdat)))) + return ENOMEM; if (inauthdat1) { - for (nelems = 0; inauthdat1[nelems]; nelems++) { - retval = krb5_copy_authdatum(context, inauthdat1[nelems], - &tempauthdat[nelems]); - if (retval) { - krb5_free_authdata(context, tempauthdat); - return retval; - } - } + for (nelems = 0; inauthdat1[nelems]; nelems++) { + retval = krb5_copy_authdatum(context, inauthdat1[nelems], + &tempauthdat[nelems]); + if (retval) { + krb5_free_authdata(context, tempauthdat); + return retval; + } + } } if (inauthdat2) { - for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) { - retval = krb5_copy_authdatum(context, inauthdat2[nelems2], - &tempauthdat[nelems++]); - if (retval) { - krb5_free_authdata(context, tempauthdat); - return retval; - } - } + for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) { + retval = krb5_copy_authdatum(context, inauthdat2[nelems2], + &tempauthdat[nelems++]); + if (retval) { + krb5_free_authdata(context, tempauthdat); + return retval; + } + } } *outauthdat = tempauthdat; @@ -128,16 +129,16 @@ krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5 krb5_error_code KRB5_CALLCONV krb5_copy_authdata(krb5_context context, - krb5_authdata *const *in_authdat, krb5_authdata ***out) + krb5_authdata *const *in_authdat, krb5_authdata ***out) { return krb5_merge_authdata(context, in_authdat, NULL, out); } krb5_error_code KRB5_CALLCONV krb5_decode_authdata_container(krb5_context context, - krb5_authdatatype type, - const krb5_authdata *container, - krb5_authdata ***authdata) + krb5_authdatatype type, + const krb5_authdata *container, + krb5_authdata ***authdata) { krb5_error_code code; krb5_data data; @@ -145,23 +146,23 @@ krb5_decode_authdata_container(krb5_context context, *authdata = NULL; if ((container->ad_type & AD_TYPE_FIELD_TYPE_MASK) != type) - return EINVAL; + return EINVAL; data.length = container->length; data.data = (char *)container->contents; code = decode_krb5_authdata(&data, authdata); if (code) - return code; + return code; return 0; } krb5_error_code KRB5_CALLCONV krb5_encode_authdata_container(krb5_context context, - krb5_authdatatype type, - krb5_authdata *const*authdata, - krb5_authdata ***container) + krb5_authdatatype type, + krb5_authdata *const*authdata, + krb5_authdata ***container) { krb5_error_code code; krb5_data *data; @@ -172,7 +173,7 @@ krb5_encode_authdata_container(krb5_context context, code = encode_krb5_authdata((krb5_authdata * const *)authdata, &data); if (code) - return code; + return code; ad_datum.ad_type = type & AD_TYPE_FIELD_TYPE_MASK; ad_datum.length = data->length; @@ -189,67 +190,67 @@ krb5_encode_authdata_container(krb5_context context, } struct find_authdata_context { - krb5_authdata **out; - size_t space; - size_t length; + krb5_authdata **out; + size_t space; + size_t length; }; static krb5_error_code grow_find_authdata (krb5_context context, struct find_authdata_context *fctx, krb5_authdata *elem) { - krb5_error_code retval = 0; - if (fctx->length == fctx->space) { - krb5_authdata **new; - if (fctx->space >= 256) { - krb5_set_error_message(context, ERANGE, "More than 256 authdata matched a query"); - return ERANGE; + krb5_error_code retval = 0; + if (fctx->length == fctx->space) { + krb5_authdata **new; + if (fctx->space >= 256) { + krb5_set_error_message(context, ERANGE, "More than 256 authdata matched a query"); + return ERANGE; + } + new = realloc(fctx->out, + sizeof (krb5_authdata *)*(2*fctx->space+1)); + if (new == NULL) + return ENOMEM; + fctx->out = new; + fctx->space *=2; } - new = realloc(fctx->out, - sizeof (krb5_authdata *)*(2*fctx->space+1)); - if (new == NULL) - return ENOMEM; - fctx->out = new; - fctx->space *=2; - } - fctx->out[fctx->length+1] = NULL; - retval = krb5_copy_authdatum(context, elem, - &fctx->out[fctx->length]); - if (retval == 0) - fctx->length++; - return retval; + fctx->out[fctx->length+1] = NULL; + retval = krb5_copy_authdatum(context, elem, + &fctx->out[fctx->length]); + if (retval == 0) + fctx->length++; + return retval; } - - + + static krb5_error_code find_authdata_1 (krb5_context context, krb5_authdata *const *in_authdat, krb5_authdatatype ad_type, struct find_authdata_context *fctx) { - int i = 0; - krb5_error_code retval=0; - - for (i = 0; in_authdat[i]; i++) { - krb5_authdata *ad = in_authdat[i]; - if (ad->ad_type == ad_type && retval ==0) - retval = grow_find_authdata(context, fctx, ad); - else switch (ad->ad_type) { - krb5_authdata **decoded_container; - case KRB5_AUTHDATA_IF_RELEVANT: - if (retval == 0) - retval = krb5_decode_authdata_container( context, ad->ad_type, ad, &decoded_container); - if (retval == 0) { - retval = find_authdata_1(context, - decoded_container, ad_type, fctx); - krb5_free_authdata(context, decoded_container); - } - break; - default: - break; + int i = 0; + krb5_error_code retval=0; + + for (i = 0; in_authdat[i]; i++) { + krb5_authdata *ad = in_authdat[i]; + if (ad->ad_type == ad_type && retval ==0) + retval = grow_find_authdata(context, fctx, ad); + else switch (ad->ad_type) { + krb5_authdata **decoded_container; + case KRB5_AUTHDATA_IF_RELEVANT: + if (retval == 0) + retval = krb5_decode_authdata_container( context, ad->ad_type, ad, &decoded_container); + if (retval == 0) { + retval = find_authdata_1(context, + decoded_container, ad_type, fctx); + krb5_free_authdata(context, decoded_container); + } + break; + default: + break; + } } - } - return retval; + return retval; } @@ -259,30 +260,30 @@ krb5_error_code krb5int_find_authdata krb5_authdatatype ad_type, krb5_authdata ***results) { - krb5_error_code retval = 0; - struct find_authdata_context fctx; - fctx.length = 0; - fctx.space = 2; - fctx.out = calloc(fctx.space+1, sizeof (krb5_authdata *)); - *results = NULL; - if (fctx.out == NULL) - return ENOMEM; - if (ticket_authdata) - retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx); - if ((retval==0) && ap_req_authdata) - retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx); - if ((retval== 0) && fctx.length) - *results = fctx.out; - else krb5_free_authdata(context, fctx.out); - return retval; + krb5_error_code retval = 0; + struct find_authdata_context fctx; + fctx.length = 0; + fctx.space = 2; + fctx.out = calloc(fctx.space+1, sizeof (krb5_authdata *)); + *results = NULL; + if (fctx.out == NULL) + return ENOMEM; + if (ticket_authdata) + retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx); + if ((retval==0) && ap_req_authdata) + retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx); + if ((retval== 0) && fctx.length) + *results = fctx.out; + else krb5_free_authdata(context, fctx.out); + return retval; } krb5_error_code KRB5_CALLCONV krb5_make_authdata_kdc_issued(krb5_context context, - const krb5_keyblock *key, - krb5_const_principal issuer, - krb5_authdata *const *authdata, - krb5_authdata ***ad_kdcissued) + const krb5_keyblock *key, + krb5_const_principal issuer, + krb5_authdata *const *authdata, + krb5_authdata ***ad_kdcissued) { krb5_error_code code; krb5_ad_kdcissued ad_kdci; @@ -337,10 +338,10 @@ krb5_make_authdata_kdc_issued(krb5_context context, krb5_error_code KRB5_CALLCONV krb5_verify_authdata_kdc_issued(krb5_context context, - const krb5_keyblock *key, - const krb5_authdata *ad_kdcissued, - krb5_principal *issuer, - krb5_authdata ***authdata) + const krb5_keyblock *key, + const krb5_authdata *ad_kdcissued, + krb5_principal *issuer, + krb5_authdata ***authdata) { krb5_error_code code; krb5_ad_kdcissued *ad_kdci; @@ -348,8 +349,8 @@ krb5_verify_authdata_kdc_issued(krb5_context context, krb5_boolean valid = FALSE; if ((ad_kdcissued->ad_type & AD_TYPE_FIELD_TYPE_MASK) != - KRB5_AUTHDATA_KDC_ISSUED) - return EINVAL; + KRB5_AUTHDATA_KDC_ISSUED) + return EINVAL; if (issuer != NULL) *issuer = NULL; @@ -399,4 +400,3 @@ krb5_verify_authdata_kdc_issued(krb5_context context, return 0; } - diff --git a/src/lib/krb5/krb/copy_cksum.c b/src/lib/krb5/krb/copy_cksum.c index c7c1b16..68822d2 100644 --- a/src/lib/krb5/krb/copy_cksum.c +++ b/src/lib/krb5/krb/copy_cksum.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/copy_cksum.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_checksum() */ @@ -35,12 +36,12 @@ krb5_copy_checksum(krb5_context context, const krb5_checksum *ckfrom, krb5_check krb5_checksum *tempto; if (!(tempto = (krb5_checksum *)malloc(sizeof(*tempto)))) - return ENOMEM; + return ENOMEM; *tempto = *ckfrom; if (!(tempto->contents = (krb5_octet *)malloc(tempto->length))) { - free(tempto); - return ENOMEM; + free(tempto); + return ENOMEM; } memcpy(tempto->contents, ckfrom->contents, ckfrom->length); diff --git a/src/lib/krb5/krb/copy_creds.c b/src/lib/krb5/krb/copy_creds.c index e6fece3..0e1a814 100644 --- a/src/lib/krb5/krb/copy_creds.c +++ b/src/lib/krb5/krb/copy_creds.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/copy_creds.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_cred() */ @@ -40,13 +41,13 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out krb5_error_code retval; if (!(tempcred = (krb5_creds *)malloc(sizeof(*tempcred)))) - return ENOMEM; + return ENOMEM; retval = krb5int_copy_creds_contents(context, incred, tempcred); if (retval) - free(tempcred); + free(tempcred); else - *outcred = tempcred; + *outcred = tempcred; return retval; } @@ -58,7 +59,7 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out */ krb5_error_code krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred, - krb5_creds *tempcred) + krb5_creds *tempcred) { krb5_error_code retval; krb5_data *scratch; @@ -66,25 +67,25 @@ krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred, *tempcred = *incred; retval = krb5_copy_principal(context, incred->client, &tempcred->client); if (retval) - goto cleanlast; + goto cleanlast; retval = krb5_copy_principal(context, incred->server, &tempcred->server); if (retval) - goto cleanclient; + goto cleanclient; retval = krb5_copy_keyblock_contents(context, &incred->keyblock, - &tempcred->keyblock); + &tempcred->keyblock); if (retval) - goto cleanserver; + goto cleanserver; retval = krb5_copy_addresses(context, incred->addresses, &tempcred->addresses); if (retval) - goto cleanblock; + goto cleanblock; retval = krb5_copy_data(context, &incred->ticket, &scratch); if (retval) - goto cleanaddrs; + goto cleanaddrs; tempcred->ticket = *scratch; free(scratch); retval = krb5_copy_data(context, &incred->second_ticket, &scratch); if (retval) - goto clearticket; + goto clearticket; tempcred->second_ticket = *scratch; free(scratch); @@ -95,22 +96,22 @@ krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred, return 0; - clearsecondticket: +clearsecondticket: memset(tempcred->second_ticket.data,0,tempcred->second_ticket.length); free(tempcred->second_ticket.data); - clearticket: +clearticket: memset(tempcred->ticket.data,0,tempcred->ticket.length); free(tempcred->ticket.data); - cleanaddrs: +cleanaddrs: krb5_free_addresses(context, tempcred->addresses); - cleanblock: +cleanblock: free(tempcred->keyblock.contents); - cleanserver: +cleanserver: krb5_free_principal(context, tempcred->server); - cleanclient: +cleanclient: krb5_free_principal(context, tempcred->client); - cleanlast: - /* Do not free tempcred - we did not allocate it - its contents are +cleanlast: + /* Do not free tempcred - we did not allocate it - its contents are garbage - but we should not free it */ return retval; } diff --git a/src/lib/krb5/krb/copy_data.c b/src/lib/krb5/krb/copy_data.c index 4896e88..fa4b6ed 100644 --- a/src/lib/krb5/krb/copy_data.c +++ b/src/lib/krb5/krb/copy_data.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/copy_data.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_data() */ @@ -39,38 +40,38 @@ krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdat krb5_error_code retval; if (!indata) { - *outdata = 0; - return 0; + *outdata = 0; + return 0; } - + if (!(tempdata = (krb5_data *)malloc(sizeof(*tempdata)))) - return ENOMEM; + return ENOMEM; retval = krb5int_copy_data_contents(context, indata, tempdata); if (retval) { - free(tempdata); - return retval; + free(tempdata); + return retval; } *outdata = tempdata; return 0; } -krb5_error_code +krb5_error_code krb5int_copy_data_contents(krb5_context context, const krb5_data *indata, krb5_data *outdata) { if (!indata) { - return EINVAL; + return EINVAL; } outdata->length = indata->length; if (outdata->length) { - if (!(outdata->data = malloc(outdata->length))) { - return ENOMEM; - } - memcpy(outdata->data, indata->data, outdata->length); + if (!(outdata->data = malloc(outdata->length))) { + return ENOMEM; + } + memcpy(outdata->data, indata->data, outdata->length); } else - outdata->data = 0; + outdata->data = 0; outdata->magic = KV5M_DATA; return 0; @@ -79,16 +80,16 @@ krb5int_copy_data_contents(krb5_context context, const krb5_data *indata, krb5_d /* As above, but add an (uncounted) extra byte at the end to null-terminate the data so it can be used as a standard C string. */ -krb5_error_code +krb5_error_code krb5int_copy_data_contents_add0(krb5_context context, const krb5_data *indata, krb5_data *outdata) { if (!indata) - return EINVAL; + return EINVAL; outdata->length = indata->length; if (!(outdata->data = malloc(outdata->length + 1))) - return ENOMEM; + return ENOMEM; if (outdata->length) - memcpy(outdata->data, indata->data, outdata->length); + memcpy(outdata->data, indata->data, outdata->length); outdata->data[outdata->length] = 0; outdata->magic = KV5M_DATA; diff --git a/src/lib/krb5/krb/copy_key.c b/src/lib/krb5/krb/copy_key.c index 4772c58..532cced 100644 --- a/src/lib/krb5/krb/copy_key.c +++ b/src/lib/krb5/krb/copy_key.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/copy_key.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_keyblock() */ diff --git a/src/lib/krb5/krb/copy_princ.c b/src/lib/krb5/krb/copy_princ.c index 4e168b0..b7badef 100644 --- a/src/lib/krb5/krb/copy_princ.c +++ b/src/lib/krb5/krb/copy_princ.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/copy_princ.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_principal() */ @@ -41,7 +42,7 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri tempprinc = (krb5_principal)malloc(sizeof(krb5_principal_data)); if (tempprinc == 0) - return ENOMEM; + return ENOMEM; *tempprinc = *inprinc; @@ -49,29 +50,29 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri tempprinc->data = malloc(nelems * sizeof(krb5_data)); if (tempprinc->data == 0) { - free(tempprinc); - return ENOMEM; + free(tempprinc); + return ENOMEM; } for (i = 0; i < nelems; i++) { - if (krb5int_copy_data_contents(context, - krb5_princ_component(context, inprinc, i), - krb5_princ_component(context, tempprinc, i)) != 0) { - while (--i >= 0) - free(krb5_princ_component(context, tempprinc, i)->data); - free (tempprinc->data); - free (tempprinc); - return ENOMEM; + if (krb5int_copy_data_contents(context, + krb5_princ_component(context, inprinc, i), + krb5_princ_component(context, tempprinc, i)) != 0) { + while (--i >= 0) + free(krb5_princ_component(context, tempprinc, i)->data); + free (tempprinc->data); + free (tempprinc); + return ENOMEM; } } if (krb5int_copy_data_contents_add0(context, &inprinc->realm, - &tempprinc->realm) != 0) { + &tempprinc->realm) != 0) { for (i = 0; i < nelems; i++) - free(krb5_princ_component(context, tempprinc, i)->data); - free(tempprinc->data); - free(tempprinc); - return ENOMEM; + free(krb5_princ_component(context, tempprinc, i)->data); + free(tempprinc->data); + free(tempprinc); + return ENOMEM; } *outprinc = tempprinc; diff --git a/src/lib/krb5/krb/copy_tick.c b/src/lib/krb5/krb/copy_tick.c index 1dc3362..1fd3e68 100644 --- a/src/lib/krb5/krb/copy_tick.c +++ b/src/lib/krb5/krb/copy_tick.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/copy_tick.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_ticket() */ @@ -36,56 +37,56 @@ krb5_copy_enc_tkt_part(krb5_context context, const krb5_enc_tkt_part *partfrom, krb5_enc_tkt_part *tempto; if (!(tempto = (krb5_enc_tkt_part *)malloc(sizeof(*tempto)))) - return ENOMEM; + return ENOMEM; *tempto = *partfrom; retval = krb5_copy_keyblock(context, partfrom->session, - &tempto->session); + &tempto->session); if (retval) { - free(tempto); - return retval; + free(tempto); + return retval; } retval = krb5_copy_principal(context, partfrom->client, &tempto->client); if (retval) { - krb5_free_keyblock(context, tempto->session); - free(tempto); - return retval; + krb5_free_keyblock(context, tempto->session); + free(tempto); + return retval; } tempto->transited = partfrom->transited; if (tempto->transited.tr_contents.length == 0) { - tempto->transited.tr_contents.data = 0; + tempto->transited.tr_contents.data = 0; } else { - tempto->transited.tr_contents.data = - malloc(partfrom->transited.tr_contents.length); - if (!tempto->transited.tr_contents.data) { - krb5_free_principal(context, tempto->client); - krb5_free_keyblock(context, tempto->session); - free(tempto); - return ENOMEM; - } - memcpy(tempto->transited.tr_contents.data, - (char *)partfrom->transited.tr_contents.data, - partfrom->transited.tr_contents.length); + tempto->transited.tr_contents.data = + malloc(partfrom->transited.tr_contents.length); + if (!tempto->transited.tr_contents.data) { + krb5_free_principal(context, tempto->client); + krb5_free_keyblock(context, tempto->session); + free(tempto); + return ENOMEM; + } + memcpy(tempto->transited.tr_contents.data, + (char *)partfrom->transited.tr_contents.data, + partfrom->transited.tr_contents.length); } retval = krb5_copy_addresses(context, partfrom->caddrs, &tempto->caddrs); if (retval) { - free(tempto->transited.tr_contents.data); - krb5_free_principal(context, tempto->client); - krb5_free_keyblock(context, tempto->session); - free(tempto); - return retval; + free(tempto->transited.tr_contents.data); + krb5_free_principal(context, tempto->client); + krb5_free_keyblock(context, tempto->session); + free(tempto); + return retval; } if (partfrom->authorization_data) { - retval = krb5_copy_authdata(context, partfrom->authorization_data, - &tempto->authorization_data); - if (retval) { - krb5_free_addresses(context, tempto->caddrs); - free(tempto->transited.tr_contents.data); - krb5_free_principal(context, tempto->client); - krb5_free_keyblock(context, tempto->session); - free(tempto); - return retval; - } + retval = krb5_copy_authdata(context, partfrom->authorization_data, + &tempto->authorization_data); + if (retval) { + krb5_free_addresses(context, tempto->caddrs); + free(tempto->transited.tr_contents.data); + krb5_free_principal(context, tempto->client); + krb5_free_keyblock(context, tempto->session); + free(tempto); + return retval; + } } *partto = tempto; return 0; @@ -99,28 +100,28 @@ krb5_copy_ticket(krb5_context context, const krb5_ticket *from, krb5_ticket **pt krb5_data *scratch; if (!(tempto = (krb5_ticket *)malloc(sizeof(*tempto)))) - return ENOMEM; + return ENOMEM; *tempto = *from; retval = krb5_copy_principal(context, from->server, &tempto->server); if (retval) { - free(tempto); - return retval; + free(tempto); + return retval; } retval = krb5_copy_data(context, &from->enc_part.ciphertext, &scratch); if (retval) { - krb5_free_principal(context, tempto->server); - free(tempto); - return retval; + krb5_free_principal(context, tempto->server); + free(tempto); + return retval; } tempto->enc_part.ciphertext = *scratch; free(scratch); retval = krb5_copy_enc_tkt_part(context, from->enc_part2, &tempto->enc_part2); if (retval) { - free(tempto->enc_part.ciphertext.data); - krb5_free_principal(context, tempto->server); - free(tempto); - return retval; - } + free(tempto->enc_part.ciphertext.data); + krb5_free_principal(context, tempto->server); + free(tempto); + return retval; + } *pto = tempto; return 0; } diff --git a/src/lib/krb5/krb/cp_key_cnt.c b/src/lib/krb5/krb/cp_key_cnt.c index 74efb5e..2f97dbd 100644 --- a/src/lib/krb5/krb/cp_key_cnt.c +++ b/src/lib/krb5/krb/cp_key_cnt.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/cp_key_cnt.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_copy_keyblock() */ diff --git a/src/lib/krb5/krb/decode_kdc.c b/src/lib/krb5/krb/decode_kdc.c index 689e2a2..19451ee 100644 --- a/src/lib/krb5/krb/decode_kdc.c +++ b/src/lib/krb5/krb/decode_kdc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/decode_kdc.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_decode_kdc_rep() function. */ @@ -30,41 +31,40 @@ #include "k5-int.h" /* - Takes a KDC_REP message and decrypts encrypted part using etype and - *key, putting result in *rep. - dec_rep->client,ticket,session,last_req,server,caddrs - are all set to allocated storage which should be freed by the caller - when finished with the response. + Takes a KDC_REP message and decrypts encrypted part using etype and + *key, putting result in *rep. + dec_rep->client,ticket,session,last_req,server,caddrs + are all set to allocated storage which should be freed by the caller + when finished with the response. - If the response isn't a KDC_REP (tgs or as), it returns an error from - the decoding routines. + If the response isn't a KDC_REP (tgs or as), it returns an error from + the decoding routines. - returns errors from encryption routines, system errors - */ + returns errors from encryption routines, system errors +*/ krb5_error_code krb5int_decode_tgs_rep(krb5_context context, krb5_data *enc_rep, const krb5_keyblock *key, - krb5_keyusage usage, krb5_kdc_rep **dec_rep) + krb5_keyusage usage, krb5_kdc_rep **dec_rep) { krb5_error_code retval; krb5_kdc_rep *local_dec_rep; if (krb5_is_as_rep(enc_rep)) { - retval = decode_krb5_as_rep(enc_rep, &local_dec_rep); + retval = decode_krb5_as_rep(enc_rep, &local_dec_rep); } else if (krb5_is_tgs_rep(enc_rep)) { - retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep); + retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep); } else { - return KRB5KRB_AP_ERR_MSG_TYPE; + return KRB5KRB_AP_ERR_MSG_TYPE; } if (retval) - return retval; + return retval; if ((retval = krb5_kdc_rep_decrypt_proc(context, key, &usage, - local_dec_rep))) - krb5_free_kdc_rep(context, local_dec_rep); + local_dec_rep))) + krb5_free_kdc_rep(context, local_dec_rep); else - *dec_rep = local_dec_rep; + *dec_rep = local_dec_rep; return(retval); } - diff --git a/src/lib/krb5/krb/decrypt_tk.c b/src/lib/krb5/krb/decrypt_tk.c index 36ecbb4..c06353b 100644 --- a/src/lib/krb5/krb/decrypt_tk.c +++ b/src/lib/krb5/krb/decrypt_tk.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/decrypt_tk.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_decrypt_tkt_part() function. */ @@ -30,11 +31,11 @@ #include "k5-int.h" /* - Decrypts dec_ticket->enc_part - using *srv_key, and places result in dec_ticket->enc_part2. - The storage of dec_ticket->enc_part2 will be allocated before return. + Decrypts dec_ticket->enc_part + using *srv_key, and places result in dec_ticket->enc_part2. + The storage of dec_ticket->enc_part2 will be allocated before return. - returns errors from encryption routines, system errors + returns errors from encryption routines, system errors */ @@ -46,27 +47,27 @@ krb5_decrypt_tkt_part(krb5_context context, const krb5_keyblock *srv_key, regist krb5_error_code retval; if (!krb5_c_valid_enctype(ticket->enc_part.enctype)) - return KRB5_PROG_ETYPE_NOSUPP; + return KRB5_PROG_ETYPE_NOSUPP; scratch.length = ticket->enc_part.ciphertext.length; if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length))) - return(ENOMEM); + return(ENOMEM); /* call the encryption routine */ if ((retval = krb5_c_decrypt(context, srv_key, - KRB5_KEYUSAGE_KDC_REP_TICKET, 0, - &ticket->enc_part, &scratch))) { - free(scratch.data); - return retval; + KRB5_KEYUSAGE_KDC_REP_TICKET, 0, + &ticket->enc_part, &scratch))) { + free(scratch.data); + return retval; } -#define clean_scratch() {memset(scratch.data, 0, scratch.length); \ -free(scratch.data);} +#define clean_scratch() {memset(scratch.data, 0, scratch.length); \ + free(scratch.data);} /* now decode the decrypted stuff */ retval = decode_krb5_enc_tkt_part(&scratch, &dec_tkt_part); if (!retval) { - ticket->enc_part2 = dec_tkt_part; + ticket->enc_part2 = dec_tkt_part; } clean_scratch(); return retval; diff --git a/src/lib/krb5/krb/deltat.c b/src/lib/krb5/krb/deltat.c index 2541591..36c0d0e 100644 --- a/src/lib/krb5/krb/deltat.c +++ b/src/lib/krb5/krb/deltat.c @@ -95,14 +95,14 @@ struct param { #define MAX_MIN (MAX_TIME / 60) #define MIN_MIN (MIN_TIME / 60) -/* An explanation of the tests being performed. - We do not want to overflow a 32 bit integer with out manipulations, +/* An explanation of the tests being performed. + We do not want to overflow a 32 bit integer with out manipulations, even for testing for overflow. Therefore we rely on the following: The lex parser will not return a number > MAX_TIME (which is out 32 bit limit). - Therefore, seconds (s) will require + Therefore, seconds (s) will require MIN_TIME < s < MAX_TIME For subsequent tests, the logic is as follows: @@ -110,7 +110,7 @@ struct param { If A < MAX_TIME and B < MAX_TIME If we want to test if A+B < MAX_TIME, there are two cases - if (A > 0) + if (A > 0) then A + B < MAX_TIME if B < MAX_TIME - A else A + B < MAX_TIME always. @@ -131,7 +131,7 @@ struct param { res = (a) + (b) -#define OUT_D ((struct param *)tmv)->delta +#define OUT_D ((struct param *)tmv)->delta #define DO(D,H,M,S) \ { \ /* Overflow testing - this does not handle negative values well.. */ \ @@ -1420,10 +1420,10 @@ mylex (krb5_int32 *intp, char **pp) /* XXX assumes ASCII */ num = c - '0'; while (isdigit ((int) *P)) { - if (num > MAX_TIME / 10) + if (num > MAX_TIME / 10) return OVERFLOW; num *= 10; - if (num > MAX_TIME - (*P - '0')) + if (num > MAX_TIME - (*P - '0')) return OVERFLOW; num += *P++ - '0'; } @@ -1451,5 +1451,3 @@ krb5_string_to_deltat(char *string, krb5_deltat *deltatp) *deltatp = p.delta; return 0; } - - diff --git a/src/lib/krb5/krb/enc_helper.c b/src/lib/krb5/krb/enc_helper.c index 01324d0..41d2f00 100644 --- a/src/lib/krb5/krb/enc_helper.c +++ b/src/lib/krb5/krb/enc_helper.c @@ -1,13 +1,14 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -18,7 +19,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -33,24 +34,24 @@ krb5_encrypt_helper(krb5_context context, const krb5_keyblock *key, krb5_keyusag size_t enclen; if ((ret = krb5_c_encrypt_length(context, key->enctype, plain->length, - &enclen))) - return(ret); + &enclen))) + return(ret); cipher->ciphertext.length = enclen; if ((cipher->ciphertext.data = (char *) malloc(enclen)) == NULL) - return(ENOMEM); + return(ENOMEM); ret = krb5_c_encrypt(context, key, usage, 0, plain, cipher); if (ret) { - free(cipher->ciphertext.data); - cipher->ciphertext.data = NULL; + free(cipher->ciphertext.data); + cipher->ciphertext.data = NULL; } return(ret); } - + krb5_error_code krb5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage, - const krb5_data *plain, krb5_enc_data *cipher) + const krb5_data *plain, krb5_enc_data *cipher) { krb5_enctype enctype; krb5_error_code ret; @@ -59,16 +60,16 @@ krb5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage, enctype = krb5_k_key_enctype(context, key); ret = krb5_c_encrypt_length(context, enctype, plain->length, &enclen); if (ret != 0) - return ret; + return ret; cipher->ciphertext.length = enclen; cipher->ciphertext.data = malloc(enclen); if (cipher->ciphertext.data == NULL) - return ENOMEM; + return ENOMEM; ret = krb5_k_encrypt(context, key, usage, 0, plain, cipher); if (ret) { - free(cipher->ciphertext.data); - cipher->ciphertext.data = NULL; + free(cipher->ciphertext.data); + cipher->ciphertext.data = NULL; } return ret; diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c index 8b879c0..c86bd4c 100644 --- a/src/lib/krb5/krb/encode_kdc.c +++ b/src/lib/krb5/krb/encode_kdc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/encode_kdc.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_encode_kdc_rep() function. */ @@ -30,24 +31,24 @@ #include "k5-int.h" /* - Takes KDC rep parts in *rep and *encpart, and formats it into *enc_rep, - using message type type and encryption key client_key and encryption type - etype. + Takes KDC rep parts in *rep and *encpart, and formats it into *enc_rep, + using message type type and encryption key client_key and encryption type + etype. - The string *enc_rep will be allocated before formatting; the caller should - free when finished. + The string *enc_rep will be allocated before formatting; the caller should + free when finished. - returns system errors + returns system errors - dec_rep->enc_part.ciphertext is allocated and filled in. + dec_rep->enc_part.ciphertext is allocated and filled in. */ /* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG stuff... */ krb5_error_code krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type, - const krb5_enc_kdc_rep_part *encpart, - int using_subkey, const krb5_keyblock *client_key, - krb5_kdc_rep *dec_rep, krb5_data **enc_rep) + const krb5_enc_kdc_rep_part *encpart, + int using_subkey, const krb5_keyblock *client_key, + krb5_kdc_rep *dec_rep, krb5_data **enc_rep) { krb5_data *scratch; krb5_error_code retval; @@ -55,27 +56,27 @@ krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type, krb5_keyusage usage; if (!krb5_c_valid_enctype(dec_rep->enc_part.enctype)) - return KRB5_PROG_ETYPE_NOSUPP; + return KRB5_PROG_ETYPE_NOSUPP; switch (type) { case KRB5_AS_REP: - usage = KRB5_KEYUSAGE_AS_REP_ENCPART; - break; + usage = KRB5_KEYUSAGE_AS_REP_ENCPART; + break; case KRB5_TGS_REP: - if (using_subkey) - usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY; - else - usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY; - break; + if (using_subkey) + usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY; + else + usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY; + break; default: - return KRB5_BADMSGTYPE; + return KRB5_BADMSGTYPE; } /* * We don't want to modify encpart, but we need to be able to pass * in the message type to the encoder, so it can set the ASN.1 * type correct. - * + * * Although note that it may be doing nothing with the message * type, to be compatible with old versions of Kerberos that always * encode this as a TGS_REP regardly of what it really should be; @@ -88,41 +89,41 @@ krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type, tmp_encpart.msg_type = type; retval = encode_krb5_enc_kdc_rep_part(&tmp_encpart, &scratch); if (retval) { - return retval; + return retval; } memset(&tmp_encpart, 0, sizeof(tmp_encpart)); #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \ -krb5_free_data(context, scratch); } + krb5_free_data(context, scratch); } retval = krb5_encrypt_helper(context, client_key, usage, scratch, - &dec_rep->enc_part); + &dec_rep->enc_part); -#define cleanup_encpart() { \ -(void) memset(dec_rep->enc_part.ciphertext.data, 0, \ - dec_rep->enc_part.ciphertext.length); \ -free(dec_rep->enc_part.ciphertext.data); \ -dec_rep->enc_part.ciphertext.length = 0; \ -dec_rep->enc_part.ciphertext.data = 0;} +#define cleanup_encpart() { \ + (void) memset(dec_rep->enc_part.ciphertext.data, 0, \ + dec_rep->enc_part.ciphertext.length); \ + free(dec_rep->enc_part.ciphertext.data); \ + dec_rep->enc_part.ciphertext.length = 0; \ + dec_rep->enc_part.ciphertext.data = 0;} cleanup_scratch(); if (retval) - return(retval); + return(retval); /* now it's ready to be encoded for the wire! */ switch (type) { case KRB5_AS_REP: - retval = encode_krb5_as_rep(dec_rep, enc_rep); - break; + retval = encode_krb5_as_rep(dec_rep, enc_rep); + break; case KRB5_TGS_REP: - retval = encode_krb5_tgs_rep(dec_rep, enc_rep); - break; + retval = encode_krb5_tgs_rep(dec_rep, enc_rep); + break; } if (retval) - cleanup_encpart(); + cleanup_encpart(); return retval; } diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c index ed2b8c1..acf9c6f 100644 --- a/src/lib/krb5/krb/encrypt_tk.c +++ b/src/lib/krb5/krb/encrypt_tk.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/encrypt_tk.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_encrypt_tkt_part() routine. */ @@ -30,15 +31,15 @@ #include "k5-int.h" /* - Takes unencrypted dec_ticket & dec_tkt_part, encrypts with - dec_ticket->enc_part.etype - using *srv_key, and places result in dec_ticket->enc_part. - The string dec_ticket->enc_part.ciphertext will be allocated before - formatting. + Takes unencrypted dec_ticket & dec_tkt_part, encrypts with + dec_ticket->enc_part.etype + using *srv_key, and places result in dec_ticket->enc_part. + The string dec_ticket->enc_part.ciphertext will be allocated before + formatting. - returns errors from encryption routines, system errors + returns errors from encryption routines, system errors - enc_part->ciphertext.data allocated & filled in with encrypted stuff + enc_part->ciphertext.data allocated & filled in with encrypted stuff */ krb5_error_code @@ -50,16 +51,16 @@ krb5_encrypt_tkt_part(krb5_context context, const krb5_keyblock *srv_key, regist /* start by encoding the to-be-encrypted part. */ if ((retval = encode_krb5_enc_tkt_part(dec_tkt_part, &scratch))) { - return retval; + return retval; } #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \ -krb5_free_data(context, scratch); } + krb5_free_data(context, scratch); } /* call the encryption routine */ retval = krb5_encrypt_helper(context, srv_key, - KRB5_KEYUSAGE_KDC_REP_TICKET, scratch, - &dec_ticket->enc_part); + KRB5_KEYUSAGE_KDC_REP_TICKET, scratch, + &dec_ticket->enc_part); cleanup_scratch(); diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index 381173d..ae5602c 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/fast.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +23,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * */ @@ -66,65 +67,65 @@ static krb5_error_code fast_armor_ap_request memset(&creds, 0, sizeof(creds)); retval = krb5_tgtname(context, target_realm, target_realm, &creds.server); if (retval ==0) - retval = krb5_cc_get_principal(context, ccache, &creds.client); + retval = krb5_cc_get_principal(context, ccache, &creds.client); if (retval == 0) - retval = krb5_get_credentials(context, 0, ccache, &creds, &out_creds); + retval = krb5_get_credentials(context, 0, ccache, &creds, &out_creds); if (retval == 0) - retval = krb5_mk_req_extended(context, &authcontext, AP_OPTS_USE_SUBKEY, NULL /*data*/, - out_creds, &encoded_authenticator); + retval = krb5_mk_req_extended(context, &authcontext, AP_OPTS_USE_SUBKEY, NULL /*data*/, + out_creds, &encoded_authenticator); if (retval == 0) - retval = krb5_auth_con_getsendsubkey(context, authcontext, &subkey); + retval = krb5_auth_con_getsendsubkey(context, authcontext, &subkey); if (retval == 0) - retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor", - &out_creds->keyblock, "ticketarmor", &armor_key); + retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor", + &out_creds->keyblock, "ticketarmor", &armor_key); if (retval == 0) { - armor = calloc(1, sizeof(krb5_fast_armor)); - if (armor == NULL) - retval = ENOMEM; + armor = calloc(1, sizeof(krb5_fast_armor)); + if (armor == NULL) + retval = ENOMEM; } if (retval == 0) { - armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST; - armor->armor_value = encoded_authenticator; - encoded_authenticator.data = NULL; - encoded_authenticator.length = 0; - state->armor = armor; - armor = NULL; - state->armor_key = armor_key; - armor_key = NULL; + armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST; + armor->armor_value = encoded_authenticator; + encoded_authenticator.data = NULL; + encoded_authenticator.length = 0; + state->armor = armor; + armor = NULL; + state->armor_key = armor_key; + armor_key = NULL; } krb5_free_keyblock(context, armor_key); krb5_free_keyblock(context, subkey); if (out_creds) - krb5_free_creds(context, out_creds); + krb5_free_creds(context, out_creds); krb5_free_cred_contents(context, &creds); if (encoded_authenticator.data) - krb5_free_data_contents(context, &encoded_authenticator); + krb5_free_data_contents(context, &encoded_authenticator); krb5_auth_con_free(context, authcontext); return retval; } krb5_error_code krb5int_fast_prep_req_body(krb5_context context, struct krb5int_fast_request_state *state, - krb5_kdc_req *request, krb5_data **encoded_request_body) + krb5_kdc_req *request, krb5_data **encoded_request_body) { krb5_error_code retval = 0; krb5_data *local_encoded_request_body = NULL; assert(state != NULL); *encoded_request_body = NULL; if (state->armor_key == NULL) { - return encode_krb5_kdc_req_body(request, encoded_request_body); + return encode_krb5_kdc_req_body(request, encoded_request_body); } state->fast_outer_request = *request; state->fast_outer_request.padata = NULL; if (retval == 0) - retval = encode_krb5_kdc_req_body(&state->fast_outer_request, - &local_encoded_request_body); + retval = encode_krb5_kdc_req_body(&state->fast_outer_request, + &local_encoded_request_body); if (retval == 0) { - *encoded_request_body = local_encoded_request_body; - local_encoded_request_body = NULL; + *encoded_request_body = local_encoded_request_body; + local_encoded_request_body = NULL; } if (local_encoded_request_body != NULL) - krb5_free_data(context, local_encoded_request_body); + krb5_free_data(context, local_encoded_request_body); return retval; } @@ -137,31 +138,31 @@ krb5_error_code krb5int_fast_as_armor krb5_ccache ccache = NULL; krb5_clear_error_message(context); if (opte->opt_private->fast_ccache_name) { - retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name, - &ccache); - if (retval==0) - retval = fast_armor_ap_request(context, state, ccache, - krb5_princ_realm(context, request->server)); - if (retval != 0) { - const char * errmsg; - errmsg = krb5_get_error_message(context, retval); - if (errmsg) { - krb5_set_error_message(context, retval, "%s constructing AP-REQ armor", errmsg); - krb5_free_error_message(context, errmsg); - } - } + retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name, + &ccache); + if (retval==0) + retval = fast_armor_ap_request(context, state, ccache, + krb5_princ_realm(context, request->server)); + if (retval != 0) { + const char * errmsg; + errmsg = krb5_get_error_message(context, retval); + if (errmsg) { + krb5_set_error_message(context, retval, "%s constructing AP-REQ armor", errmsg); + krb5_free_error_message(context, errmsg); + } + } } if (ccache) - krb5_cc_close(context, ccache); + krb5_cc_close(context, ccache); return retval; } -krb5_error_code +krb5_error_code krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state *state, - krb5_kdc_req *request, - const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder, - krb5_data **encoded_request) + krb5_kdc_req *request, + const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder, + krb5_data **encoded_request) { krb5_error_code retval = 0; krb5_pa_data *pa_array[2]; @@ -180,68 +181,68 @@ krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state * assert(state->fast_outer_request.padata == NULL); memset(pa_array, 0, sizeof pa_array); if (state->armor_key == NULL) { - return encoder(request, encoded_request); + return encoder(request, encoded_request); } /* Fill in a fresh random nonce for each inner request*/ - random_data.length = 4; - random_data.data = (char *)random_buf; - retval = krb5_c_random_make_octets(context, &random_data); - if (retval == 0) { - request->nonce = 0x7fffffff & load_32_n(random_buf); - state->nonce = request->nonce; - } + random_data.length = 4; + random_data.data = (char *)random_buf; + retval = krb5_c_random_make_octets(context, &random_data); + if (retval == 0) { + request->nonce = 0x7fffffff & load_32_n(random_buf); + state->nonce = request->nonce; + } fast_req.req_body = request; if (fast_req.req_body->padata == NULL) { - fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *)); - if (fast_req.req_body->padata == NULL) - retval = ENOMEM; + fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *)); + if (fast_req.req_body->padata == NULL) + retval = ENOMEM; } fast_req.fast_options = state->fast_options; if (retval == 0) - retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req); + retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req); if (retval == 0) { - armored_req = calloc(1, sizeof(krb5_fast_armored_req)); - if (armored_req == NULL) - retval = ENOMEM; + armored_req = calloc(1, sizeof(krb5_fast_armored_req)); + if (armored_req == NULL) + retval = ENOMEM; } if (retval == 0) - armored_req->armor = state->armor; + armored_req->armor = state->armor; if (retval == 0) - retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype, - &cksumtype); + retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype, + &cksumtype); if (retval ==0) - retval = krb5_c_make_checksum(context, cksumtype, state->armor_key, - KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed, - &armored_req->req_checksum); + retval = krb5_c_make_checksum(context, cksumtype, state->armor_key, + KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed, + &armored_req->req_checksum); if (retval == 0) - retval = krb5_encrypt_helper(context, state->armor_key, - KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req, - &armored_req->enc_part); + retval = krb5_encrypt_helper(context, state->armor_key, + KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req, + &armored_req->enc_part); if (retval == 0) - retval = encode_krb5_pa_fx_fast_request(armored_req, &encoded_armored_req); + retval = encode_krb5_pa_fx_fast_request(armored_req, &encoded_armored_req); if (retval==0) { - pa[0].pa_type = KRB5_PADATA_FX_FAST; - pa[0].contents = (unsigned char *) encoded_armored_req->data; - pa[0].length = encoded_armored_req->length; - pa_array[0] = &pa[0]; + pa[0].pa_type = KRB5_PADATA_FX_FAST; + pa[0].contents = (unsigned char *) encoded_armored_req->data; + pa[0].length = encoded_armored_req->length; + pa_array[0] = &pa[0]; } state->fast_outer_request.padata = pa_array; if(retval == 0) - retval = encoder(&state->fast_outer_request, &local_encoded_result); + retval = encoder(&state->fast_outer_request, &local_encoded_result); if (retval == 0) { - *encoded_request = local_encoded_result; - local_encoded_result = NULL; + *encoded_request = local_encoded_result; + local_encoded_result = NULL; } if (encoded_armored_req) - krb5_free_data(context, encoded_armored_req); + krb5_free_data(context, encoded_armored_req); if (armored_req) { - armored_req->armor = NULL; /*owned by state*/ - krb5_free_fast_armored_req(context, armored_req); + armored_req->armor = NULL; /*owned by state*/ + krb5_free_fast_armored_req(context, armored_req); } if (encoded_fast_req) - krb5_free_data(context, encoded_fast_req); + krb5_free_data(context, encoded_fast_req); if (local_encoded_result) - krb5_free_data(context, local_encoded_result); + krb5_free_data(context, local_encoded_result); state->fast_outer_request.padata = NULL; return retval; } @@ -258,49 +259,49 @@ static krb5_error_code decrypt_fast_reply krb5_fast_response *local_resp = NULL; assert(state != NULL); assert(state->armor_key); - fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST); + fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST); if (fx_reply == NULL) - retval = KRB5_ERR_FAST_REQUIRED; + retval = KRB5_ERR_FAST_REQUIRED; if (retval == 0) { - scratch.data = (char *) fx_reply->contents; - scratch.length = fx_reply->length; - retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response); + scratch.data = (char *) fx_reply->contents; + scratch.length = fx_reply->length; + retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response); } scratch.data = NULL; if (retval == 0) { - scratch.data = malloc(encrypted_response->ciphertext.length); - if (scratch.data == NULL) - retval = ENOMEM; - scratch.length = encrypted_response->ciphertext.length; + scratch.data = malloc(encrypted_response->ciphertext.length); + if (scratch.data == NULL) + retval = ENOMEM; + scratch.length = encrypted_response->ciphertext.length; } if (retval == 0) - retval = krb5_c_decrypt(context, state->armor_key, - KRB5_KEYUSAGE_FAST_REP, NULL, - encrypted_response, &scratch); + retval = krb5_c_decrypt(context, state->armor_key, + KRB5_KEYUSAGE_FAST_REP, NULL, + encrypted_response, &scratch); if (retval != 0) { - const char * errmsg; - errmsg = krb5_get_error_message(context, retval); - krb5_set_error_message(context, retval, "%s while decrypting FAST reply", errmsg); - krb5_free_error_message(context, errmsg); + const char * errmsg; + errmsg = krb5_get_error_message(context, retval); + krb5_set_error_message(context, retval, "%s while decrypting FAST reply", errmsg); + krb5_free_error_message(context, errmsg); } if (retval == 0) - retval = decode_krb5_fast_response(&scratch, &local_resp); + retval = decode_krb5_fast_response(&scratch, &local_resp); if (retval == 0) { - if (local_resp->nonce != state->nonce) { - retval = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, retval, "nonce modified in FAST response: KDC response modified"); - } + if (local_resp->nonce != state->nonce) { + retval = KRB5_KDCREP_MODIFIED; + krb5_set_error_message(context, retval, "nonce modified in FAST response: KDC response modified"); + } } if (retval == 0) { - *response = local_resp; - local_resp = NULL; + *response = local_resp; + local_resp = NULL; } if (scratch.data) - free(scratch.data); + free(scratch.data); if (encrypted_response) - krb5_free_enc_data(context, encrypted_response); + krb5_free_enc_data(context, encrypted_response); if (local_resp) - krb5_free_fast_response(context, local_resp); + krb5_free_fast_response(context, local_resp); return retval; } @@ -319,91 +320,91 @@ static krb5_error_code decrypt_fast_reply */ krb5_error_code krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_state *state, - krb5_error **err_replyptr , krb5_pa_data ***out_padata, - krb5_boolean *retry) + krb5_error **err_replyptr , krb5_pa_data ***out_padata, + krb5_boolean *retry) { krb5_error_code retval = 0; krb5_error *err_reply = *err_replyptr; *out_padata = NULL; *retry = 0; if (state->armor_key) { - krb5_pa_data *fx_error_pa; - krb5_pa_data **result = NULL; - krb5_data scratch, *encoded_td = NULL; - krb5_error *fx_error = NULL; - krb5_fast_response *fast_response = NULL; - retval = decode_krb5_padata_sequence(&err_reply->e_data, &result); - if (retval == 0) - retval = decrypt_fast_reply(context, state, result, &fast_response); - if (retval) { - /*This can happen if the KDC does not understand FAST. We - * don't expect that, but treating it as the fatal error - * indicated by the KDC seems reasonable. - */ - *retry = 0; - krb5_free_pa_data(context, result); - return 0; - } - krb5_free_pa_data(context, result); - result = NULL; - if (retval == 0) { - fx_error_pa = krb5int_find_pa_data(context, fast_response->padata, KRB5_PADATA_FX_ERROR); - if (fx_error_pa == NULL) { - krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, "Expecting FX_ERROR pa-data inside FAST container"); - retval = KRB5KDC_ERR_PREAUTH_FAILED; - } - } - if (retval == 0) { - scratch.data = (char *) fx_error_pa->contents; - scratch.length = fx_error_pa->length; - retval = decode_krb5_error(&scratch, &fx_error); - } - /* - * krb5_pa_data and krb5_typed_data are safe to cast between: - * they have the same type fields in the same order. - * (krb5_preauthtype is a krb5_int32). If krb5_typed_data is - * ever changed then this will need to be a copy not a cast. - */ - if (retval == 0) - retval = encode_krb5_typed_data( (krb5_typed_data **) fast_response->padata, - &encoded_td); - if (retval == 0) { - fx_error->e_data = *encoded_td; - free(encoded_td); /*contents owned by fx_error*/ - encoded_td = NULL; - krb5_free_error(context, err_reply); - *err_replyptr = fx_error; - fx_error = NULL; - *out_padata = fast_response->padata; - fast_response->padata = NULL; - /* - * If there is more than the fx_error padata, then we want - * to retry the error if a cookie is present - */ - *retry = (*out_padata)[1] != NULL; - if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL) - *retry = 0; - } - if (fx_error) - krb5_free_error(context, fx_error); - krb5_free_fast_response(context, fast_response); + krb5_pa_data *fx_error_pa; + krb5_pa_data **result = NULL; + krb5_data scratch, *encoded_td = NULL; + krb5_error *fx_error = NULL; + krb5_fast_response *fast_response = NULL; + retval = decode_krb5_padata_sequence(&err_reply->e_data, &result); + if (retval == 0) + retval = decrypt_fast_reply(context, state, result, &fast_response); + if (retval) { + /*This can happen if the KDC does not understand FAST. We + * don't expect that, but treating it as the fatal error + * indicated by the KDC seems reasonable. + */ + *retry = 0; + krb5_free_pa_data(context, result); + return 0; + } + krb5_free_pa_data(context, result); + result = NULL; + if (retval == 0) { + fx_error_pa = krb5int_find_pa_data(context, fast_response->padata, KRB5_PADATA_FX_ERROR); + if (fx_error_pa == NULL) { + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, "Expecting FX_ERROR pa-data inside FAST container"); + retval = KRB5KDC_ERR_PREAUTH_FAILED; + } + } + if (retval == 0) { + scratch.data = (char *) fx_error_pa->contents; + scratch.length = fx_error_pa->length; + retval = decode_krb5_error(&scratch, &fx_error); + } + /* + * krb5_pa_data and krb5_typed_data are safe to cast between: + * they have the same type fields in the same order. + * (krb5_preauthtype is a krb5_int32). If krb5_typed_data is + * ever changed then this will need to be a copy not a cast. + */ + if (retval == 0) + retval = encode_krb5_typed_data( (krb5_typed_data **) fast_response->padata, + &encoded_td); + if (retval == 0) { + fx_error->e_data = *encoded_td; + free(encoded_td); /*contents owned by fx_error*/ + encoded_td = NULL; + krb5_free_error(context, err_reply); + *err_replyptr = fx_error; + fx_error = NULL; + *out_padata = fast_response->padata; + fast_response->padata = NULL; + /* + * If there is more than the fx_error padata, then we want + * to retry the error if a cookie is present + */ + *retry = (*out_padata)[1] != NULL; + if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL) + *retry = 0; + } + if (fx_error) + krb5_free_error(context, fx_error); + krb5_free_fast_response(context, fast_response); } else { /*not FAST*/ - *retry = (err_reply->e_data.length > 0); - if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED - ||err_reply->error == KDC_ERR_PREAUTH_FAILED) && err_reply->e_data.length) { - krb5_pa_data **result = NULL; - retval = decode_krb5_padata_sequence(&err_reply->e_data, &result); - if (retval == 0) - if (retval == 0) { - *out_padata = result; + *retry = (err_reply->e_data.length > 0); + if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED + ||err_reply->error == KDC_ERR_PREAUTH_FAILED) && err_reply->e_data.length) { + krb5_pa_data **result = NULL; + retval = decode_krb5_padata_sequence(&err_reply->e_data, &result); + if (retval == 0) + if (retval == 0) { + *out_padata = result; - return 0; - } - krb5_free_pa_data(context, result); - krb5_set_error_message(context, retval, - "Error decoding padata in error reply"); - return retval; - } + return 0; + } + krb5_free_pa_data(context, result); + krb5_set_error_message(context, retval, + "Error decoding padata in error reply"); + return retval; + } } return retval; } @@ -421,61 +422,61 @@ krb5_error_code krb5int_fast_process_response krb5_clear_error_message(context); *strengthen_key = NULL; if (state->armor_key == 0) - return 0; - retval = decrypt_fast_reply(context, state, resp->padata, - &fast_response); + return 0; + retval = decrypt_fast_reply(context, state, resp->padata, + &fast_response); if (retval == 0) { - if (fast_response->finished == 0) { - retval = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, retval, "FAST response missing finish message in KDC reply"); - } + if (fast_response->finished == 0) { + retval = KRB5_KDCREP_MODIFIED; + krb5_set_error_message(context, retval, "FAST response missing finish message in KDC reply"); + } } if (retval == 0) - retval = encode_krb5_ticket(resp->ticket, &encoded_ticket); + retval = encode_krb5_ticket(resp->ticket, &encoded_ticket); if (retval == 0) - retval = krb5_c_verify_checksum(context, state->armor_key, - KRB5_KEYUSAGE_FAST_FINISHED, - encoded_ticket, - &fast_response->finished->ticket_checksum, - &cksum_valid); + retval = krb5_c_verify_checksum(context, state->armor_key, + KRB5_KEYUSAGE_FAST_FINISHED, + encoded_ticket, + &fast_response->finished->ticket_checksum, + &cksum_valid); if (retval == 0 && cksum_valid == 0) { - retval = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, retval, "ticket modified in KDC reply"); + retval = KRB5_KDCREP_MODIFIED; + krb5_set_error_message(context, retval, "ticket modified in KDC reply"); } if (retval == 0) { - krb5_free_principal(context, resp->client); - resp->client = fast_response->finished->client; - fast_response->finished->client = NULL; - *strengthen_key = fast_response->strengthen_key; - fast_response->strengthen_key = NULL; - krb5_free_pa_data(context, resp->padata); - resp->padata = fast_response->padata; - fast_response->padata = NULL; + krb5_free_principal(context, resp->client); + resp->client = fast_response->finished->client; + fast_response->finished->client = NULL; + *strengthen_key = fast_response->strengthen_key; + fast_response->strengthen_key = NULL; + krb5_free_pa_data(context, resp->padata); + resp->padata = fast_response->padata; + fast_response->padata = NULL; } if (fast_response) - krb5_free_fast_response(context, fast_response); + krb5_free_fast_response(context, fast_response); if (encoded_ticket) - krb5_free_data(context, encoded_ticket); + krb5_free_data(context, encoded_ticket); return retval; } krb5_error_code krb5int_fast_reply_key(krb5_context context, - krb5_keyblock *strengthen_key, - krb5_keyblock *existing_key, - krb5_keyblock *out_key) + krb5_keyblock *strengthen_key, + krb5_keyblock *existing_key, + krb5_keyblock *out_key) { krb5_keyblock *key = NULL; krb5_error_code retval = 0; krb5_free_keyblock_contents(context, out_key); if (strengthen_key) { - retval = krb5_c_fx_cf2_simple(context, strengthen_key, - "strengthenkey", existing_key, "replykey", &key); - if (retval == 0) { - *out_key = *key; - free(key); - } + retval = krb5_c_fx_cf2_simple(context, strengthen_key, + "strengthenkey", existing_key, "replykey", &key); + if (retval == 0) { + *out_key = *key; + free(key); + } } else { - retval = krb5_copy_keyblock_contents(context, existing_key, out_key); + retval = krb5_copy_keyblock_contents(context, existing_key, out_key); } return retval; } @@ -487,7 +488,7 @@ krb5int_fast_make_state( krb5_context context, struct krb5int_fast_request_state struct krb5int_fast_request_state *local_state ; local_state = malloc(sizeof *local_state); if (local_state == NULL) - return ENOMEM; + return ENOMEM; memset(local_state, 0, sizeof(*local_state)); *state = local_state; return 0; @@ -505,16 +506,15 @@ krb5int_fast_free_state( krb5_context context, struct krb5int_fast_request_state krb5_pa_data * krb5int_find_pa_data (krb5_context context, krb5_pa_data *const *padata, krb5_preauthtype pa_type) { - krb5_pa_data * const *tmppa; + krb5_pa_data * const *tmppa; if (padata == NULL) - return NULL; + return NULL; for (tmppa = padata; *tmppa != NULL; tmppa++) { - if ((*tmppa)->pa_type == pa_type) - break; + if ((*tmppa)->pa_type == pa_type) + break; } return *tmppa; } - diff --git a/src/lib/krb5/krb/fast.h b/src/lib/krb5/krb/fast.h index 4cc1423..443f3e1 100644 --- a/src/lib/krb5/krb/fast.h +++ b/src/lib/krb5/krb/fast.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/fast.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * <<< Description >>> */ @@ -34,7 +35,7 @@ struct krb5int_fast_request_state { krb5_kdc_req fast_outer_request; - krb5_keyblock *armor_key; /*non-null means fast is in use*/ + krb5_keyblock *armor_key; /*non-null means fast is in use*/ krb5_fast_armor *armor; krb5_ui_4 fast_state_flags; krb5_ui_4 fast_options; @@ -43,19 +44,19 @@ struct krb5int_fast_request_state { krb5_error_code krb5int_fast_prep_req_body(krb5_context context, struct krb5int_fast_request_state *state, - krb5_kdc_req *request, krb5_data **encoded_req_body); + krb5_kdc_req *request, krb5_data **encoded_req_body); typedef krb5_error_code(*kdc_req_encoder_proc) (const krb5_kdc_req *, krb5_data **); -krb5_error_code +krb5_error_code krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state *state, - krb5_kdc_req *request, - const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder, - krb5_data **encoded_request); + krb5_kdc_req *request, + const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder, + krb5_data **encoded_request); krb5_error_code krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_state *state, - krb5_error **err_replyptr , krb5_pa_data ***out_padata, - krb5_boolean *retry); + krb5_error **err_replyptr , krb5_pa_data ***out_padata, + krb5_boolean *retry); krb5_error_code krb5int_fast_process_response (krb5_context context, struct krb5int_fast_request_state *state, @@ -73,10 +74,10 @@ krb5_error_code krb5int_fast_as_armor krb5_kdc_req *request); krb5_error_code krb5int_fast_reply_key(krb5_context context, - krb5_keyblock *strengthen_key, - krb5_keyblock *existing_key, - krb5_keyblock *output_key); + krb5_keyblock *strengthen_key, + krb5_keyblock *existing_key, + krb5_keyblock *output_key); + - #endif diff --git a/src/lib/krb5/krb/free_rtree.c b/src/lib/krb5/krb/free_rtree.c index 90c9dd3..951d55d 100644 --- a/src/lib/krb5/krb/free_rtree.c +++ b/src/lib/krb5/krb/free_rtree.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/free_rtree.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_free_realm_tree() */ @@ -34,10 +35,10 @@ krb5_free_realm_tree(krb5_context context, krb5_principal *realms) { register krb5_principal *nrealms = realms; if (realms == NULL) - return; + return; while (*nrealms) { - krb5_free_principal(context, *nrealms); - nrealms++; + krb5_free_principal(context, *nrealms); + nrealms++; } free(realms); } diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index 08646da..5725e49 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/get_in_tkt.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -35,14 +36,14 @@ /* Get a TGT for use at the remote host */ krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *rhost, krb5_principal client, krb5_principal server, krb5_ccache cc, int forwardable, krb5_data *outbuf) - - - - - - - /* Should forwarded TGT also be forwardable? */ - + + + + + + +/* Should forwarded TGT also be forwardable? */ + { krb5_replay_data replaydata; krb5_data * scratch = 0; @@ -61,136 +62,136 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r memset(&tgt, 0, sizeof(creds)); if (cc == 0) { - if ((retval = krb5int_cc_default(context, &cc))) - goto errout; - close_cc = 1; + if ((retval = krb5int_cc_default(context, &cc))) + goto errout; + close_cc = 1; } retval = krb5_auth_con_getkey (context, auth_context, &session_key); if (retval) - goto errout; + goto errout; if (session_key) { - enctype = session_key->enctype; - krb5_free_keyblock (context, session_key); - session_key = NULL; + enctype = session_key->enctype; + krb5_free_keyblock (context, session_key); + session_key = NULL; } else if (server) { /* must server be non-NULL when rhost is given? */ - /* Try getting credentials to see what the remote side supports. - Not bulletproof, just a heuristic. */ - krb5_creds in, *out = 0; - memset (&in, 0, sizeof(in)); - - retval = krb5_copy_principal (context, server, &in.server); - if (retval) - goto punt; - retval = krb5_copy_principal (context, client, &in.client); - if (retval) - goto punt; - retval = krb5_get_credentials (context, 0, cc, &in, &out); - if (retval) - goto punt; - /* Got the credentials. Okay, now record the enctype and - throw them away. */ - enctype = out->keyblock.enctype; - krb5_free_creds (context, out); + /* Try getting credentials to see what the remote side supports. + Not bulletproof, just a heuristic. */ + krb5_creds in, *out = 0; + memset (&in, 0, sizeof(in)); + + retval = krb5_copy_principal (context, server, &in.server); + if (retval) + goto punt; + retval = krb5_copy_principal (context, client, &in.client); + if (retval) + goto punt; + retval = krb5_get_credentials (context, 0, cc, &in, &out); + if (retval) + goto punt; + /* Got the credentials. Okay, now record the enctype and + throw them away. */ + enctype = out->keyblock.enctype; + krb5_free_creds (context, out); punt: - krb5_free_cred_contents (context, &in); + krb5_free_cred_contents (context, &in); } if ((retval = krb5_copy_principal(context, client, &creds.client))) - goto errout; - + goto errout; + if ((retval = krb5_build_principal_ext(context, &creds.server, - client->realm.length, - client->realm.data, - KRB5_TGS_NAME_SIZE, - KRB5_TGS_NAME, - client->realm.length, - client->realm.data, - 0))) - goto errout; - + client->realm.length, + client->realm.data, + KRB5_TGS_NAME_SIZE, + KRB5_TGS_NAME, + client->realm.length, + client->realm.data, + 0))) + goto errout; + /* fetch tgt directly from cache */ context->use_conf_ktypes = 1; retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES, - &creds, &tgt); + &creds, &tgt); context->use_conf_ktypes = old_use_conf_ktypes; if (retval) - goto errout; + goto errout; /* tgt->client must be equal to creds.client */ if (!krb5_principal_compare(context, tgt.client, creds.client)) { - retval = KRB5_PRINC_NOMATCH; - goto errout; + retval = KRB5_PRINC_NOMATCH; + goto errout; } if (!tgt.ticket.length) { - retval = KRB5_NO_TKT_SUPPLIED; - goto errout; + retval = KRB5_NO_TKT_SUPPLIED; + goto errout; } - + if (tgt.addresses && *tgt.addresses) { - if (rhost == NULL) { - if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) { -retval = KRB5_FWD_BAD_PRINCIPAL; - goto errout; - } - - if (krb5_princ_size(context, server) < 2){ - retval = KRB5_CC_BADNAME; - goto errout; - } - - rhost = malloc(server->data[1].length+1); - if (!rhost) { - retval = ENOMEM; - goto errout; - } - free_rhost = 1; - memcpy(rhost, server->data[1].data, server->data[1].length); - rhost[server->data[1].length] = '\0'; - } - - retval = krb5_os_hostaddr(context, rhost, &addrs); - if (retval) - goto errout; + if (rhost == NULL) { + if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) { + retval = KRB5_FWD_BAD_PRINCIPAL; + goto errout; + } + + if (krb5_princ_size(context, server) < 2){ + retval = KRB5_CC_BADNAME; + goto errout; + } + + rhost = malloc(server->data[1].length+1); + if (!rhost) { + retval = ENOMEM; + goto errout; + } + free_rhost = 1; + memcpy(rhost, server->data[1].data, server->data[1].length); + rhost[server->data[1].length] = '\0'; + } + + retval = krb5_os_hostaddr(context, rhost, &addrs); + if (retval) + goto errout; } - + creds.keyblock.enctype = enctype; creds.times = tgt.times; creds.times.starttime = 0; kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED; if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */ - kdcoptions &= ~(KDC_OPT_FORWARDABLE); + kdcoptions &= ~(KDC_OPT_FORWARDABLE); if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions, - addrs, &creds, &pcreds))) { - if (enctype) { - creds.keyblock.enctype = 0; - if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions, - addrs, &creds, &pcreds))) - goto errout; - } - else goto errout; + addrs, &creds, &pcreds))) { + if (enctype) { + creds.keyblock.enctype = 0; + if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions, + addrs, &creds, &pcreds))) + goto errout; + } + else goto errout; } retval = krb5_mk_1cred(context, auth_context, pcreds, &scratch, &replaydata); krb5_free_creds(context, pcreds); if (retval) { - if (scratch) - krb5_free_data(context, scratch); + if (scratch) + krb5_free_data(context, scratch); } else { - *outbuf = *scratch; - free(scratch); + *outbuf = *scratch; + free(scratch); } - + errout: if (addrs) - krb5_free_addresses(context, addrs); + krb5_free_addresses(context, addrs); if (close_cc) - krb5_cc_close(context, cc); + krb5_cc_close(context, cc); if (free_rhost) - free(rhost); + free(rhost); krb5_free_cred_contents(context, &creds); krb5_free_cred_contents(context, &tgt); return retval; diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 4102dd7..581d89d 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 1994,2003,2005,2007 by the Massachusetts Institute of Technology. * Copyright (c) 1994 CyberSAFE Corporation @@ -9,7 +10,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,11 +21,11 @@ * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. - * Neither M.I.T., the Open Computing Security Group, nor + * Neither M.I.T., the Open Computing Security Group, nor * CyberSAFE Corporation make any representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * krb5_get_cred_from_kdc() and related functions: * * Get credentials from some KDC somewhere, possibly accumulating TGTs @@ -50,13 +51,13 @@ struct cc_tgts { }; /* NOTE: This only checks if NXT_TGT is CUR_CC_TGT. */ -#define NXT_TGT_IS_CACHED(ts) \ - ((ts)->nxt_tgt == (ts)->cur_cc_tgt) +#define NXT_TGT_IS_CACHED(ts) \ + ((ts)->nxt_tgt == (ts)->cur_cc_tgt) -#define MARK_CUR_CC_TGT_CLEAN(ts) \ -do { \ - (ts)->cc_tgts.dirty[(ts)->cc_tgts.cur] = 0; \ -} while (0) +#define MARK_CUR_CC_TGT_CLEAN(ts) \ + do { \ + (ts)->cc_tgts.dirty[(ts)->cc_tgts.cur] = 0; \ + } while (0) static void init_cc_tgts(struct tr_state *); static void shift_cc_tgts(struct tr_state *); @@ -137,8 +138,8 @@ static void tr_dbg_rtree(struct tr_state *, const char *, krb5_principal); * Certain krb5_cc_retrieve_cred() errors are soft errors when looking * for a cross-realm TGT. */ -#define HARD_CC_ERR(r) ((r) && (r) != KRB5_CC_NOTFOUND && \ - (r) != KRB5_CC_NOT_KTYPE) +#define HARD_CC_ERR(r) ((r) && (r) != KRB5_CC_NOTFOUND && \ + (r) != KRB5_CC_NOT_KTYPE) /* * Flags for ccache lookups of cross-realm TGTs. @@ -152,24 +153,24 @@ static void tr_dbg_rtree(struct tr_state *, const char *, krb5_principal); * Prototypes of helper functions */ static krb5_error_code tgt_mcred(krb5_context, krb5_principal, - krb5_principal, krb5_principal, krb5_creds *); + krb5_principal, krb5_principal, krb5_creds *); static krb5_error_code retr_local_tgt(struct tr_state *, krb5_principal); static krb5_error_code try_ccache(struct tr_state *, krb5_creds *); static krb5_error_code find_nxt_kdc(struct tr_state *); static krb5_error_code try_kdc(struct tr_state *, krb5_creds *); static krb5_error_code kdc_mcred(struct tr_state *, krb5_principal, - krb5_creds *mcreds); + krb5_creds *mcreds); static krb5_error_code next_closest_tgt(struct tr_state *, krb5_principal); static krb5_error_code init_rtree(struct tr_state *, - krb5_principal, krb5_principal); + krb5_principal, krb5_principal); static krb5_error_code do_traversal(krb5_context ctx, krb5_ccache, - krb5_principal client, krb5_principal server, - krb5_creds *out_cc_tgt, krb5_creds **out_tgt, - krb5_creds ***out_kdc_tgts, int *tgtptr_isoffpath); + krb5_principal client, krb5_principal server, + krb5_creds *out_cc_tgt, krb5_creds **out_tgt, + krb5_creds ***out_kdc_tgts, int *tgtptr_isoffpath); static krb5_error_code chase_offpath(struct tr_state *, krb5_principal, - krb5_principal); + krb5_principal); static krb5_error_code offpath_loopchk(struct tr_state *ts, - krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount); + krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount); /* * init_cc_tgts() @@ -210,8 +211,8 @@ shift_cc_tgts(struct tr_state *ts) rb->nxt = i; ts->nxt_cc_tgt = &rb->cred[i]; if (rb->dirty[i]) { - krb5_free_cred_contents(ts->ctx, &rb->cred[i]); - rb->dirty[i] = 0; + krb5_free_cred_contents(ts->ctx, &rb->cred[i]); + rb->dirty[i] = 0; } } @@ -228,10 +229,10 @@ clean_cc_tgts(struct tr_state *ts) rb = &ts->cc_tgts; for (i = 0; i < NCC_TGTS; i++) { - if (rb->dirty[i]) { - krb5_free_cred_contents(ts->ctx, &rb->cred[i]); - rb->dirty[i] = 0; - } + if (rb->dirty[i]) { + krb5_free_cred_contents(ts->ctx, &rb->cred[i]); + rb->dirty[i] = 0; + } } } @@ -257,18 +258,18 @@ tr_dbg(struct tr_state *ts, const char *prog) fprintf(stderr, "%s: nxt_kdc %s\n", prog, nxt_kdc_str); cleanup: if (cur_tgt_str) - krb5_free_unparsed_name(ts->ctx, cur_tgt_str); + krb5_free_unparsed_name(ts->ctx, cur_tgt_str); if (cur_kdc_str) - krb5_free_unparsed_name(ts->ctx, cur_kdc_str); + krb5_free_unparsed_name(ts->ctx, cur_kdc_str); if (nxt_kdc_str) - krb5_free_unparsed_name(ts->ctx, nxt_kdc_str); + krb5_free_unparsed_name(ts->ctx, nxt_kdc_str); } static void tr_dbg_ret(struct tr_state *ts, const char *prog, krb5_error_code ret) { fprintf(stderr, "%s: return %d (%s)\n", prog, (int)ret, - error_message(ret)); + error_message(ret)); } static void @@ -277,7 +278,7 @@ tr_dbg_rtree(struct tr_state *ts, const char *prog, krb5_principal princ) char *str; if (krb5_unparse_name(ts->ctx, princ, &str)) - return; + return; fprintf(stderr, "%s: %s\n", prog, str); krb5_free_unparsed_name(ts->ctx, str); } @@ -296,8 +297,8 @@ tr_dbg_rtree(struct tr_state *ts, const char *prog, krb5_principal princ) */ static krb5_error_code tgt_mcred(krb5_context ctx, krb5_principal client, - krb5_principal dst, krb5_principal src, - krb5_creds *mcreds) + krb5_principal dst, krb5_principal src, + krb5_creds *mcreds) { krb5_error_code retval; @@ -306,16 +307,16 @@ tgt_mcred(krb5_context ctx, krb5_principal client, retval = krb5_copy_principal(ctx, client, &mcreds->client); if (retval) - goto cleanup; + goto cleanup; retval = krb5_tgtname(ctx, krb5_princ_realm(ctx, dst), - krb5_princ_realm(ctx, src), &mcreds->server); + krb5_princ_realm(ctx, src), &mcreds->server); if (retval) - goto cleanup; + goto cleanup; cleanup: if (retval) - krb5_free_cred_contents(ctx, mcreds); + krb5_free_cred_contents(ctx, mcreds); return retval; } @@ -327,27 +328,27 @@ cleanup: */ static krb5_error_code init_rtree(struct tr_state *ts, - krb5_principal client, krb5_principal server) + krb5_principal client, krb5_principal server) { krb5_error_code retval; ts->kdc_list = NULL; retval = krb5_walk_realm_tree(ts->ctx, krb5_princ_realm(ts->ctx, client), - krb5_princ_realm(ts->ctx, server), - &ts->kdc_list, KRB5_REALM_BRANCH_CHAR); + krb5_princ_realm(ts->ctx, server), + &ts->kdc_list, KRB5_REALM_BRANCH_CHAR); if (retval) - return retval; + return retval; for (ts->nkdcs = 0; ts->kdc_list[ts->nkdcs]; ts->nkdcs++) { - assert(krb5_princ_size(ts->ctx, ts->kdc_list[ts->nkdcs]) == 2); - TR_DBG_RTREE(ts, "init_rtree", ts->kdc_list[ts->nkdcs]); + assert(krb5_princ_size(ts->ctx, ts->kdc_list[ts->nkdcs]) == 2); + TR_DBG_RTREE(ts, "init_rtree", ts->kdc_list[ts->nkdcs]); } assert(ts->nkdcs > 1); ts->lst_kdc = ts->kdc_list + ts->nkdcs - 1; ts->kdc_tgts = calloc(ts->nkdcs + 1, sizeof(krb5_creds)); if (ts->kdc_tgts == NULL) - return ENOMEM; + return ENOMEM; return 0; } @@ -366,16 +367,16 @@ retr_local_tgt(struct tr_state *ts, krb5_principal client) memset(&tgtq, 0, sizeof(tgtq)); retval = tgt_mcred(ts->ctx, client, client, client, &tgtq); if (retval) - return retval; + return retval; /* Match realm, unlike other ccache retrievals here. */ retval = krb5_cc_retrieve_cred(ts->ctx, ts->ccache, - KRB5_TC_SUPPORTED_KTYPES, - &tgtq, ts->nxt_cc_tgt); + KRB5_TC_SUPPORTED_KTYPES, + &tgtq, ts->nxt_cc_tgt); krb5_free_cred_contents(ts->ctx, &tgtq); if (!retval) { - shift_cc_tgts(ts); - ts->nxt_tgt = ts->cur_tgt = ts->cur_cc_tgt; + shift_cc_tgts(ts); + ts->nxt_tgt = ts->cur_tgt = ts->cur_cc_tgt; } return retval; } @@ -393,10 +394,10 @@ try_ccache(struct tr_state *ts, krb5_creds *tgtq) TR_DBG(ts, "try_ccache"); retval = krb5_cc_retrieve_cred(ts->ctx, ts->ccache, RETR_FLAGS, - tgtq, ts->nxt_cc_tgt); + tgtq, ts->nxt_cc_tgt); if (!retval) { - shift_cc_tgts(ts); - ts->nxt_tgt = ts->cur_cc_tgt; + shift_cc_tgts(ts); + ts->nxt_tgt = ts->cur_cc_tgt; } TR_DBG_RET(ts, "try_ccache", retval); return retval; @@ -436,31 +437,31 @@ find_nxt_kdc(struct tr_state *ts) assert(ts->ntgts > 0); assert(ts->nxt_tgt == ts->kdc_tgts[ts->ntgts-1]); if (krb5_princ_size(ts->ctx, ts->nxt_tgt->server) != 2) - return KRB5_KDCREP_MODIFIED; + return KRB5_KDCREP_MODIFIED; r1 = krb5_princ_component(ts->ctx, ts->nxt_tgt->server, 1); for (kdcptr = ts->cur_kdc + 1; *kdcptr != NULL; kdcptr++) { - r2 = krb5_princ_component(ts->ctx, *kdcptr, 1); + r2 = krb5_princ_component(ts->ctx, *kdcptr, 1); - if (r1 != NULL && r2 != NULL && data_eq(*r1, *r2)) { - break; - } + if (r1 != NULL && r2 != NULL && data_eq(*r1, *r2)) { + break; + } } if (*kdcptr != NULL) { - ts->nxt_kdc = kdcptr; - TR_DBG_RET(ts, "find_nxt_kdc", 0); - return 0; + ts->nxt_kdc = kdcptr; + TR_DBG_RET(ts, "find_nxt_kdc", 0); + return 0; } r2 = krb5_princ_component(ts->ctx, ts->kdc_list[0], 1); if (r1 != NULL && r2 != NULL && - r1->length == r2->length && - !memcmp(r1->data, r2->data, r1->length)) { - TR_DBG_RET(ts, "find_nxt_kdc: looped back to local", - KRB5_KDCREP_MODIFIED); - return KRB5_KDCREP_MODIFIED; + r1->length == r2->length && + !memcmp(r1->data, r2->data, r1->length)) { + TR_DBG_RET(ts, "find_nxt_kdc: looped back to local", + KRB5_KDCREP_MODIFIED); + return KRB5_KDCREP_MODIFIED; } /* @@ -469,11 +470,11 @@ find_nxt_kdc(struct tr_state *ts) */ ts->offpath_tgt = ts->nxt_tgt; if (ts->cur_kdc == ts->kdc_list) { - /* - * Local KDC referred us off path; trust it for caching - * purposes. - */ - return 0; + /* + * Local KDC referred us off path; trust it for caching + * purposes. + */ + return 0; } /* * Unlink the off-path TGT from KDC_TGTS but don't free it, @@ -500,20 +501,20 @@ try_kdc(struct tr_state *ts, krb5_creds *tgtq) TR_DBG(ts, "try_kdc"); /* This check should probably be in gc_via_tkt. */ if (!krb5_c_valid_enctype(ts->cur_tgt->keyblock.enctype)) - return KRB5_PROG_ETYPE_NOSUPP; + return KRB5_PROG_ETYPE_NOSUPP; ltgtq = *tgtq; ltgtq.is_skey = FALSE; ltgtq.ticket_flags = ts->cur_tgt->ticket_flags; retval = krb5_get_cred_via_tkt(ts->ctx, ts->cur_tgt, - FLAGS2OPTS(ltgtq.ticket_flags), - ts->cur_tgt->addresses, - <gtq, &ts->kdc_tgts[ts->ntgts++]); + FLAGS2OPTS(ltgtq.ticket_flags), + ts->cur_tgt->addresses, + <gtq, &ts->kdc_tgts[ts->ntgts++]); if (retval) { - ts->ntgts--; - ts->nxt_tgt = ts->cur_tgt; - TR_DBG_RET(ts, "try_kdc", retval); - return retval; + ts->ntgts--; + ts->nxt_tgt = ts->cur_tgt; + TR_DBG_RET(ts, "try_kdc", retval); + return retval; } ts->nxt_tgt = ts->kdc_tgts[ts->ntgts-1]; retval = find_nxt_kdc(ts); @@ -544,15 +545,15 @@ kdc_mcred(struct tr_state *ts, krb5_principal client, krb5_creds *mcreds) rsrc = krb5_princ_component(ts->ctx, *ts->cur_kdc, 1); retval = krb5_copy_principal(ts->ctx, client, &mcreds->client); if (retval) - goto cleanup; + goto cleanup; retval = krb5_tgtname(ts->ctx, rdst, rsrc, &mcreds->server); if (retval) - goto cleanup; + goto cleanup; cleanup: if (retval) - krb5_free_cred_contents(ts->ctx, mcreds); + krb5_free_cred_contents(ts->ctx, mcreds); return retval; } @@ -574,30 +575,30 @@ next_closest_tgt(struct tr_state *ts, krb5_principal client) memset(&tgtq, 0, sizeof(tgtq)); for (ts->nxt_kdc = ts->lst_kdc; - ts->nxt_kdc > ts->cur_kdc; - ts->nxt_kdc--) { - - krb5_free_cred_contents(ts->ctx, &tgtq); - retval = kdc_mcred(ts, client, &tgtq); - if (retval) - goto cleanup; - /* Don't waste time retrying ccache for direct path. */ - if (ts->cur_kdc != ts->kdc_list || ts->nxt_kdc != ts->lst_kdc) { - retval = try_ccache(ts, &tgtq); - if (!retval) - break; - if (HARD_CC_ERR(retval)) - goto cleanup; - } - /* Not in the ccache, so talk to a KDC. */ - retval = try_kdc(ts, &tgtq); - if (!retval) { - break; - } - /* - * In case of errors in try_kdc() or find_nxt_kdc(), continue - * looping through the KDC list. - */ + ts->nxt_kdc > ts->cur_kdc; + ts->nxt_kdc--) { + + krb5_free_cred_contents(ts->ctx, &tgtq); + retval = kdc_mcred(ts, client, &tgtq); + if (retval) + goto cleanup; + /* Don't waste time retrying ccache for direct path. */ + if (ts->cur_kdc != ts->kdc_list || ts->nxt_kdc != ts->lst_kdc) { + retval = try_ccache(ts, &tgtq); + if (!retval) + break; + if (HARD_CC_ERR(retval)) + goto cleanup; + } + /* Not in the ccache, so talk to a KDC. */ + retval = try_kdc(ts, &tgtq); + if (!retval) { + break; + } + /* + * In case of errors in try_kdc() or find_nxt_kdc(), continue + * looping through the KDC list. + */ } /* * If we have a non-zero retval, we either have a hard error or we @@ -700,13 +701,13 @@ cleanup: */ static krb5_error_code do_traversal(krb5_context ctx, - krb5_ccache ccache, - krb5_principal client, - krb5_principal server, - krb5_creds *out_cc_tgt, - krb5_creds **out_tgt, - krb5_creds ***out_kdc_tgts, - int *tgtptr_isoffpath) + krb5_ccache ccache, + krb5_principal client, + krb5_principal server, + krb5_creds *out_cc_tgt, + krb5_creds **out_tgt, + krb5_creds ***out_kdc_tgts, + int *tgtptr_isoffpath) { krb5_error_code retval; struct tr_state state, *ts; @@ -721,51 +722,51 @@ do_traversal(krb5_context ctx, retval = init_rtree(ts, client, server); if (retval) - goto cleanup; + goto cleanup; retval = retr_local_tgt(ts, client); if (retval) - goto cleanup; + goto cleanup; for (ts->cur_kdc = ts->kdc_list, ts->nxt_kdc = NULL; - ts->cur_kdc != NULL && ts->cur_kdc < ts->lst_kdc; - ts->cur_kdc = ts->nxt_kdc, ts->cur_tgt = ts->nxt_tgt) { - - retval = next_closest_tgt(ts, client); - if (retval) - goto cleanup; - - if (ts->offpath_tgt != NULL) { - retval = chase_offpath(ts, client, server); - if (retval) - goto cleanup; - break; - } - assert(ts->cur_kdc != ts->nxt_kdc); + ts->cur_kdc != NULL && ts->cur_kdc < ts->lst_kdc; + ts->cur_kdc = ts->nxt_kdc, ts->cur_tgt = ts->nxt_tgt) { + + retval = next_closest_tgt(ts, client); + if (retval) + goto cleanup; + + if (ts->offpath_tgt != NULL) { + retval = chase_offpath(ts, client, server); + if (retval) + goto cleanup; + break; + } + assert(ts->cur_kdc != ts->nxt_kdc); } if (NXT_TGT_IS_CACHED(ts)) { - assert(ts->offpath_tgt == NULL); - *out_cc_tgt = *ts->cur_cc_tgt; - *out_tgt = out_cc_tgt; - MARK_CUR_CC_TGT_CLEAN(ts); + assert(ts->offpath_tgt == NULL); + *out_cc_tgt = *ts->cur_cc_tgt; + *out_tgt = out_cc_tgt; + MARK_CUR_CC_TGT_CLEAN(ts); } else if (ts->offpath_tgt != NULL){ - *out_tgt = ts->offpath_tgt; + *out_tgt = ts->offpath_tgt; } else { - /* CUR_TGT is somewhere in KDC_TGTS; no need to copy. */ - *out_tgt = ts->nxt_tgt; + /* CUR_TGT is somewhere in KDC_TGTS; no need to copy. */ + *out_tgt = ts->nxt_tgt; } cleanup: clean_cc_tgts(ts); if (ts->kdc_list != NULL) - krb5_free_realm_tree(ctx, ts->kdc_list); + krb5_free_realm_tree(ctx, ts->kdc_list); if (ts->ntgts == 0) { - *out_kdc_tgts = NULL; - if (ts->kdc_tgts != NULL) - free(ts->kdc_tgts); + *out_kdc_tgts = NULL; + if (ts->kdc_tgts != NULL) + free(ts->kdc_tgts); } else - *out_kdc_tgts = ts->kdc_tgts; + *out_kdc_tgts = ts->kdc_tgts; *tgtptr_isoffpath = (ts->offpath_tgt != NULL); return retval; } @@ -785,7 +786,7 @@ cleanup: */ static krb5_error_code chase_offpath(struct tr_state *ts, - krb5_principal client, krb5_principal server) + krb5_principal client, krb5_principal server) { krb5_error_code retval; krb5_creds mcred; @@ -797,61 +798,61 @@ chase_offpath(struct tr_state *ts, cur_tgt = ts->offpath_tgt; for (rcount = 0; rcount < KRB5_REFERRAL_MAXHOPS; rcount++) { - nxt_tgt = NULL; - memset(&mcred, 0, sizeof(mcred)); - rsrc = krb5_princ_component(ts->ctx, cur_tgt->server, 1); - retval = krb5_tgtname(ts->ctx, rdst, rsrc, &mcred.server); - if (retval) - goto cleanup; - mcred.client = client; + nxt_tgt = NULL; + memset(&mcred, 0, sizeof(mcred)); + rsrc = krb5_princ_component(ts->ctx, cur_tgt->server, 1); + retval = krb5_tgtname(ts->ctx, rdst, rsrc, &mcred.server); + if (retval) + goto cleanup; + mcred.client = client; retval = krb5_get_cred_via_tkt(ts->ctx, cur_tgt, - FLAGS2OPTS(cur_tgt->ticket_flags), - cur_tgt->addresses, &mcred, &nxt_tgt); - mcred.client = NULL; - krb5_free_principal(ts->ctx, mcred.server); - mcred.server = NULL; - if (retval) - goto cleanup; - if (!IS_TGS_PRINC(ts->ctx, nxt_tgt->server)) { - retval = KRB5_KDCREP_MODIFIED; - goto cleanup; - } - r1 = krb5_princ_component(ts->ctx, nxt_tgt->server, 1); - if (rdst->length == r1->length && - !memcmp(rdst->data, r1->data, rdst->length)) { - retval = 0; - goto cleanup; - } - retval = offpath_loopchk(ts, nxt_tgt, reftgts, rcount); - if (retval) - goto cleanup; - reftgts[rcount] = nxt_tgt; - cur_tgt = nxt_tgt; - nxt_tgt = NULL; + FLAGS2OPTS(cur_tgt->ticket_flags), + cur_tgt->addresses, &mcred, &nxt_tgt); + mcred.client = NULL; + krb5_free_principal(ts->ctx, mcred.server); + mcred.server = NULL; + if (retval) + goto cleanup; + if (!IS_TGS_PRINC(ts->ctx, nxt_tgt->server)) { + retval = KRB5_KDCREP_MODIFIED; + goto cleanup; + } + r1 = krb5_princ_component(ts->ctx, nxt_tgt->server, 1); + if (rdst->length == r1->length && + !memcmp(rdst->data, r1->data, rdst->length)) { + retval = 0; + goto cleanup; + } + retval = offpath_loopchk(ts, nxt_tgt, reftgts, rcount); + if (retval) + goto cleanup; + reftgts[rcount] = nxt_tgt; + cur_tgt = nxt_tgt; + nxt_tgt = NULL; } /* Max hop count exceeded. */ retval = KRB5_KDCREP_MODIFIED; cleanup: if (mcred.server != NULL) { - krb5_free_principal(ts->ctx, mcred.server); + krb5_free_principal(ts->ctx, mcred.server); } /* * Don't free TS->OFFPATH_TGT if it's in the list of cacheable * TGTs to be returned by do_traversal(). */ if (ts->offpath_tgt != ts->nxt_tgt) { - krb5_free_creds(ts->ctx, ts->offpath_tgt); + krb5_free_creds(ts->ctx, ts->offpath_tgt); } ts->offpath_tgt = NULL; if (nxt_tgt != NULL) { - if (retval) - krb5_free_creds(ts->ctx, nxt_tgt); - else - ts->offpath_tgt = nxt_tgt; + if (retval) + krb5_free_creds(ts->ctx, nxt_tgt); + else + ts->offpath_tgt = nxt_tgt; } for (i = 0; i < rcount; i++) { - krb5_free_creds(ts->ctx, reftgts[i]); + krb5_free_creds(ts->ctx, reftgts[i]); } return retval; } @@ -864,23 +865,23 @@ cleanup: */ static krb5_error_code offpath_loopchk(struct tr_state *ts, - krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount) + krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount) { krb5_data *r1, *r2; unsigned int i; r1 = krb5_princ_component(ts->ctx, tgt->server, 1); for (i = 0; i < rcount; i++) { - r2 = krb5_princ_component(ts->ctx, reftgts[i]->server, 1); - if (r1->length == r2->length && - !memcmp(r1->data, r2->data, r1->length)) - return KRB5_KDCREP_MODIFIED; + r2 = krb5_princ_component(ts->ctx, reftgts[i]->server, 1); + if (r1->length == r2->length && + !memcmp(r1->data, r2->data, r1->length)) + return KRB5_KDCREP_MODIFIED; } for (i = 0; i < ts->ntgts; i++) { - r2 = krb5_princ_component(ts->ctx, ts->kdc_tgts[i]->server, 1); - if (r1->length == r2->length && - !memcmp(r1->data, r2->data, r1->length)) - return KRB5_KDCREP_MODIFIED; + r2 = krb5_princ_component(ts->ctx, ts->kdc_tgts[i]->server, 1); + if (r1->length == r2->length && + !memcmp(r1->data, r2->data, r1->length)) + return KRB5_KDCREP_MODIFIED; } return 0; } @@ -923,8 +924,8 @@ offpath_loopchk(struct tr_state *ts, krb5_error_code krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, - krb5_creds *in_cred, krb5_creds **out_cred, - krb5_creds ***tgts, int kdcopt) + krb5_creds *in_cred, krb5_creds **out_cred, + krb5_creds ***tgts, int kdcopt) { krb5_error_code retval, subretval; krb5_principal client, server, supplied_server, out_supplied_server; @@ -936,7 +937,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, unsigned int referral_count, i; krb5_authdata **supplied_authdata, **out_supplied_authdata = NULL; - /* + /* * Set up client and server pointers. Make a fresh and modifyable * copy of the in_cred server and save the supplied version. */ @@ -945,17 +946,17 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, return retval; /* We need a second copy for the output creds. */ if ((retval = krb5_copy_principal(context, server, - &out_supplied_server)) != 0 ) { - krb5_free_principal(context, server); - return retval; + &out_supplied_server)) != 0 ) { + krb5_free_principal(context, server); + return retval; } if (in_cred->authdata != NULL) { - if ((retval = krb5_copy_authdata(context, in_cred->authdata, - &out_supplied_authdata)) != 0) { - krb5_free_principal(context, out_supplied_server); - krb5_free_principal(context, server); - return retval; - } + if ((retval = krb5_copy_authdata(context, in_cred->authdata, + &out_supplied_authdata)) != 0) { + krb5_free_principal(context, out_supplied_server); + krb5_free_principal(context, server); + return retval; + } } supplied_server = in_cred->server; @@ -977,16 +978,16 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, if (krb5_is_referral_realm(&server->realm)) { /* Use the client realm. */ DPRINTF(("gc_from_kdc: no server realm supplied, " - "using client realm.\n")); - krb5_free_data_contents(context, &server->realm); - server->realm.data = malloc(client->realm.length + 1); - if (server->realm.data == NULL) { - retval = ENOMEM; - goto cleanup; - } - memcpy(server->realm.data, client->realm.data, client->realm.length); - server->realm.length = client->realm.length; - server->realm.data[server->realm.length] = 0; + "using client realm.\n")); + krb5_free_data_contents(context, &server->realm); + server->realm.data = malloc(client->realm.length + 1); + if (server->realm.data == NULL) { + retval = ENOMEM; + goto cleanup; + } + memcpy(server->realm.data, client->realm.data, client->realm.length); + server->realm.length = client->realm.length; + server->realm.data[server->realm.length] = 0; } /* * Retreive initial TGT to match the specified server, either for the @@ -995,21 +996,21 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, */ retval = tgt_mcred(context, client, server, client, &tgtq); if (retval) - goto cleanup; + goto cleanup; /* Fast path: Is it in the ccache? */ context->use_conf_ktypes = 1; retval = krb5_cc_retrieve_cred(context, ccache, RETR_FLAGS, - &tgtq, &cc_tgt); + &tgtq, &cc_tgt); if (!retval) { - tgtptr = &cc_tgt; + tgtptr = &cc_tgt; } else if (!HARD_CC_ERR(retval)) { DPRINTF(("gc_from_kdc: starting do_traversal to find " - "initial TGT for referral\n")); - tgtptr_isoffpath = 0; - otgtptr = NULL; - retval = do_traversal(context, ccache, client, server, - &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath); + "initial TGT for referral\n")); + tgtptr_isoffpath = 0; + otgtptr = NULL; + retval = do_traversal(context, ccache, client, server, + &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath); } if (retval) { DPRINTF(("gc_from_kdc: failed to find initial TGT for referral\n")); @@ -1019,8 +1020,8 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, DUMP_PRINC("gc_from_kdc: server as requested", supplied_server); if (in_cred->second_ticket.length != 0 && - (kdcopt & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) { - kdcopt |= KDC_OPT_ENC_TKT_IN_SKEY; + (kdcopt & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) { + kdcopt |= KDC_OPT_ENC_TKT_IN_SKEY; } /* @@ -1035,152 +1036,152 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, */ otgtptr = tgtptr; for (referral_count = 0; - referral_count < KRB5_REFERRAL_MAXHOPS; - referral_count++) { + referral_count < KRB5_REFERRAL_MAXHOPS; + referral_count++) { #if 0 DUMP_PRINC("gc_from_kdc: referral loop: tgt in use", tgtptr->server); DUMP_PRINC("gc_from_kdc: referral loop: request is for", server); #endif retval = krb5_get_cred_via_tkt(context, tgtptr, - KDC_OPT_CANONICALIZE | - FLAGS2OPTS(tgtptr->ticket_flags) | - kdcopt, - tgtptr->addresses, in_cred, out_cred); - if (retval) { - DPRINTF(("gc_from_kdc: referral TGS-REQ request failed: <%s>\n", - error_message(retval))); - /* If we haven't gone anywhere yet, fail through to the - non-referral case. */ - if (referral_count==0) { - DPRINTF(("gc_from_kdc: initial referral failed; " - "punting to fallback.\n")); - break; - } - /* Otherwise, try the same query without canonicalization - set, and fail hard if that doesn't work. */ - DPRINTF(("gc_from_kdc: referral #%d failed; " - "retrying without option.\n", referral_count + 1)); - retval = krb5_get_cred_via_tkt(context, tgtptr, - FLAGS2OPTS(tgtptr->ticket_flags) | - kdcopt, - tgtptr->addresses, - in_cred, out_cred); - /* Whether or not that succeeded, we're done. */ - goto cleanup; - } - /* Referral request succeeded; let's see what it is. */ - if (krb5_principal_compare(context, in_cred->server, - (*out_cred)->server)) { - DPRINTF(("gc_from_kdc: request generated ticket " - "for requested server principal\n")); - DUMP_PRINC("gc_from_kdc final referred reply", - in_cred->server); - - /* - * Check if the return enctype is one that we requested if - * needed. - */ - if (old_use_conf_ktypes || !context->tgs_etypes) - goto cleanup; - for (i = 0; context->tgs_etypes[i]; i++) { - if ((*out_cred)->keyblock.enctype == context->tgs_etypes[i]) { - /* Found an allowable etype, so we're done */ - goto cleanup; - } - } - /* - * We need to try again, but this time use the - * tgs_ktypes in the context. At this point we should - * have all the tgts to succeed. - */ - - /* Free "wrong" credential */ - krb5_free_creds(context, *out_cred); - *out_cred = NULL; - /* Re-establish tgs etypes */ - context->use_conf_ktypes = old_use_conf_ktypes; - retval = krb5_get_cred_via_tkt(context, tgtptr, - KDC_OPT_CANONICALIZE | - FLAGS2OPTS(tgtptr->ticket_flags) | - kdcopt, - tgtptr->addresses, - in_cred, out_cred); - goto cleanup; - } - else if (IS_TGS_PRINC(context, (*out_cred)->server)) { - krb5_data *r1, *r2; - - DPRINTF(("gc_from_kdc: request generated referral tgt\n")); - DUMP_PRINC("gc_from_kdc credential received", - (*out_cred)->server); - - if (referral_count == 0) - r1 = &tgtptr->server->data[1]; - else - r1 = &referral_tgts[referral_count-1]->server->data[1]; - - r2 = &(*out_cred)->server->data[1]; - if (data_eq(*r1, *r2)) { - DPRINTF(("gc_from_kdc: referred back to " - "previous realm; fall back\n")); - krb5_free_creds(context, *out_cred); - *out_cred = NULL; - break; - } - /* Check for referral routing loop. */ - for (i=0;i<referral_count;i++) { + KDC_OPT_CANONICALIZE | + FLAGS2OPTS(tgtptr->ticket_flags) | + kdcopt, + tgtptr->addresses, in_cred, out_cred); + if (retval) { + DPRINTF(("gc_from_kdc: referral TGS-REQ request failed: <%s>\n", + error_message(retval))); + /* If we haven't gone anywhere yet, fail through to the + non-referral case. */ + if (referral_count==0) { + DPRINTF(("gc_from_kdc: initial referral failed; " + "punting to fallback.\n")); + break; + } + /* Otherwise, try the same query without canonicalization + set, and fail hard if that doesn't work. */ + DPRINTF(("gc_from_kdc: referral #%d failed; " + "retrying without option.\n", referral_count + 1)); + retval = krb5_get_cred_via_tkt(context, tgtptr, + FLAGS2OPTS(tgtptr->ticket_flags) | + kdcopt, + tgtptr->addresses, + in_cred, out_cred); + /* Whether or not that succeeded, we're done. */ + goto cleanup; + } + /* Referral request succeeded; let's see what it is. */ + if (krb5_principal_compare(context, in_cred->server, + (*out_cred)->server)) { + DPRINTF(("gc_from_kdc: request generated ticket " + "for requested server principal\n")); + DUMP_PRINC("gc_from_kdc final referred reply", + in_cred->server); + + /* + * Check if the return enctype is one that we requested if + * needed. + */ + if (old_use_conf_ktypes || !context->tgs_etypes) + goto cleanup; + for (i = 0; context->tgs_etypes[i]; i++) { + if ((*out_cred)->keyblock.enctype == context->tgs_etypes[i]) { + /* Found an allowable etype, so we're done */ + goto cleanup; + } + } + /* + * We need to try again, but this time use the + * tgs_ktypes in the context. At this point we should + * have all the tgts to succeed. + */ + + /* Free "wrong" credential */ + krb5_free_creds(context, *out_cred); + *out_cred = NULL; + /* Re-establish tgs etypes */ + context->use_conf_ktypes = old_use_conf_ktypes; + retval = krb5_get_cred_via_tkt(context, tgtptr, + KDC_OPT_CANONICALIZE | + FLAGS2OPTS(tgtptr->ticket_flags) | + kdcopt, + tgtptr->addresses, + in_cred, out_cred); + goto cleanup; + } + else if (IS_TGS_PRINC(context, (*out_cred)->server)) { + krb5_data *r1, *r2; + + DPRINTF(("gc_from_kdc: request generated referral tgt\n")); + DUMP_PRINC("gc_from_kdc credential received", + (*out_cred)->server); + + if (referral_count == 0) + r1 = &tgtptr->server->data[1]; + else + r1 = &referral_tgts[referral_count-1]->server->data[1]; + + r2 = &(*out_cred)->server->data[1]; + if (data_eq(*r1, *r2)) { + DPRINTF(("gc_from_kdc: referred back to " + "previous realm; fall back\n")); + krb5_free_creds(context, *out_cred); + *out_cred = NULL; + break; + } + /* Check for referral routing loop. */ + for (i=0;i<referral_count;i++) { #if 0 - DUMP_PRINC("gc_from_kdc: loop compare #1", - (*out_cred)->server); - DUMP_PRINC("gc_from_kdc: loop compare #2", - referral_tgts[i]->server); + DUMP_PRINC("gc_from_kdc: loop compare #1", + (*out_cred)->server); + DUMP_PRINC("gc_from_kdc: loop compare #2", + referral_tgts[i]->server); #endif - if (krb5_principal_compare(context, - (*out_cred)->server, - referral_tgts[i]->server)) { - DFPRINTF((stderr, - "krb5_get_cred_from_kdc_opt: " - "referral routing loop - " - "got referral back to hop #%d\n", i)); - retval=KRB5_KDC_UNREACH; - goto cleanup; - } - } - /* Point current tgt pointer at newly-received TGT. */ - if (tgtptr == &cc_tgt) - krb5_free_cred_contents(context, tgtptr); - tgtptr=*out_cred; - /* Save requested auth data with TGT in case it ends up stored */ - if (supplied_authdata != NULL) { - /* Ensure we note TGT contains authorization data */ - retval = krb5_copy_authdata(context, - supplied_authdata, - &(*out_cred)->authdata); - if (retval) - goto cleanup; - } - /* Save pointer to tgt in referral_tgts. */ - referral_tgts[referral_count]=*out_cred; - *out_cred = NULL; - /* Copy krbtgt realm to server principal. */ - krb5_free_data_contents(context, &server->realm); - retval = krb5int_copy_data_contents(context, - &tgtptr->server->data[1], - &server->realm); - if (retval) - goto cleanup; - /* Don't ask for KDC to add auth data multiple times */ - in_cred->authdata = NULL; - /* - * Future work: rewrite server principal per any - * supplied padata. - */ - } else { - /* Not a TGT; punt to fallback. */ - krb5_free_creds(context, *out_cred); - *out_cred = NULL; - break; - } + if (krb5_principal_compare(context, + (*out_cred)->server, + referral_tgts[i]->server)) { + DFPRINTF((stderr, + "krb5_get_cred_from_kdc_opt: " + "referral routing loop - " + "got referral back to hop #%d\n", i)); + retval=KRB5_KDC_UNREACH; + goto cleanup; + } + } + /* Point current tgt pointer at newly-received TGT. */ + if (tgtptr == &cc_tgt) + krb5_free_cred_contents(context, tgtptr); + tgtptr=*out_cred; + /* Save requested auth data with TGT in case it ends up stored */ + if (supplied_authdata != NULL) { + /* Ensure we note TGT contains authorization data */ + retval = krb5_copy_authdata(context, + supplied_authdata, + &(*out_cred)->authdata); + if (retval) + goto cleanup; + } + /* Save pointer to tgt in referral_tgts. */ + referral_tgts[referral_count]=*out_cred; + *out_cred = NULL; + /* Copy krbtgt realm to server principal. */ + krb5_free_data_contents(context, &server->realm); + retval = krb5int_copy_data_contents(context, + &tgtptr->server->data[1], + &server->realm); + if (retval) + goto cleanup; + /* Don't ask for KDC to add auth data multiple times */ + in_cred->authdata = NULL; + /* + * Future work: rewrite server principal per any + * supplied padata. + */ + } else { + /* Not a TGT; punt to fallback. */ + krb5_free_creds(context, *out_cred); + *out_cred = NULL; + break; + } } DUMP_PRINC("gc_from_kdc client at fallback", client); @@ -1198,33 +1199,33 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, */ if (krb5_is_referral_realm(&supplied_server->realm)) { if (server->length >= 2) { - retval=krb5_get_fallback_host_realm(context, &server->data[1], - &hrealms); - if (retval) goto cleanup; + retval=krb5_get_fallback_host_realm(context, &server->data[1], + &hrealms); + if (retval) goto cleanup; #if 0 - DPRINTF(("gc_from_kdc: using fallback realm of %s\n", - hrealms[0])); + DPRINTF(("gc_from_kdc: using fallback realm of %s\n", + hrealms[0])); #endif - krb5_free_data_contents(context,&in_cred->server->realm); - server->realm.data=hrealms[0]; - server->realm.length=strlen(hrealms[0]); - free(hrealms); - } - else { - /* - * Problem case: Realm tagged for referral but apparently not - * in a <type>/<host> format that - * krb5_get_fallback_host_realm can deal with. - */ - DPRINTF(("gc_from_kdc: referral specified " - "but no fallback realm avaiable!\n")); - retval = KRB5_ERR_HOST_REALM_UNKNOWN; - goto cleanup; - } + krb5_free_data_contents(context,&in_cred->server->realm); + server->realm.data=hrealms[0]; + server->realm.length=strlen(hrealms[0]); + free(hrealms); + } + else { + /* + * Problem case: Realm tagged for referral but apparently not + * in a <type>/<host> format that + * krb5_get_fallback_host_realm can deal with. + */ + DPRINTF(("gc_from_kdc: referral specified " + "but no fallback realm avaiable!\n")); + retval = KRB5_ERR_HOST_REALM_UNKNOWN; + goto cleanup; + } } DUMP_PRINC("gc_from_kdc server at fallback after fallback rewrite", - server); + server); /* * Get a TGT for the target realm. @@ -1233,37 +1234,37 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_free_cred_contents(context, &tgtq); retval = tgt_mcred(context, client, server, client, &tgtq); if (retval) - goto cleanup; + goto cleanup; /* Fast path: Is it in the ccache? */ /* Free tgtptr data if reused from above. */ if (tgtptr == &cc_tgt) - krb5_free_cred_contents(context, tgtptr); + krb5_free_cred_contents(context, tgtptr); tgtptr = NULL; /* Free saved TGT in OTGTPTR if it was off-path. */ if (tgtptr_isoffpath) - krb5_free_creds(context, otgtptr); + krb5_free_creds(context, otgtptr); otgtptr = NULL; /* Free TGTS if previously filled by do_traversal() */ if (*tgts != NULL) { - for (i = 0; (*tgts)[i] != NULL; i++) { - krb5_free_creds(context, (*tgts)[i]); - } - free(*tgts); - *tgts = NULL; + for (i = 0; (*tgts)[i] != NULL; i++) { + krb5_free_creds(context, (*tgts)[i]); + } + free(*tgts); + *tgts = NULL; } context->use_conf_ktypes = 1; retval = krb5_cc_retrieve_cred(context, ccache, RETR_FLAGS, - &tgtq, &cc_tgt); + &tgtq, &cc_tgt); if (!retval) { - tgtptr = &cc_tgt; + tgtptr = &cc_tgt; } else if (!HARD_CC_ERR(retval)) { - tgtptr_isoffpath = 0; - retval = do_traversal(context, ccache, client, server, - &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath); + tgtptr_isoffpath = 0; + retval = do_traversal(context, ccache, client, server, + &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath); } if (retval) - goto cleanup; + goto cleanup; otgtptr = tgtptr; /* @@ -1271,44 +1272,44 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, */ if (!krb5_c_valid_enctype(tgtptr->keyblock.enctype)) { - retval = KRB5_PROG_ETYPE_NOSUPP; - goto cleanup; + retval = KRB5_PROG_ETYPE_NOSUPP; + goto cleanup; } context->use_conf_ktypes = old_use_conf_ktypes; retval = krb5_get_cred_via_tkt(context, tgtptr, - FLAGS2OPTS(tgtptr->ticket_flags) | - kdcopt, - tgtptr->addresses, in_cred, out_cred); + FLAGS2OPTS(tgtptr->ticket_flags) | + kdcopt, + tgtptr->addresses, in_cred, out_cred); cleanup: krb5_free_cred_contents(context, &tgtq); if (tgtptr == &cc_tgt) - krb5_free_cred_contents(context, tgtptr); + krb5_free_cred_contents(context, tgtptr); if (tgtptr_isoffpath) - krb5_free_creds(context, otgtptr); + krb5_free_creds(context, otgtptr); context->use_conf_ktypes = old_use_conf_ktypes; /* Drop the original principal back into in_cred so that it's cached in the expected format. */ DUMP_PRINC("gc_from_kdc: final hacked server principal at cleanup", - server); + server); krb5_free_principal(context, server); in_cred->server = supplied_server; in_cred->authdata = supplied_authdata; if (*out_cred && !retval) { /* Success: free server, swap supplied server back in. */ krb5_free_principal (context, (*out_cred)->server); - (*out_cred)->server = out_supplied_server; - assert((*out_cred)->authdata == NULL); - (*out_cred)->authdata = out_supplied_authdata; + (*out_cred)->server = out_supplied_server; + assert((*out_cred)->authdata == NULL); + (*out_cred)->authdata = out_supplied_authdata; } else { - /* - * Failure: free out_supplied_server. Don't free out_cred here - * since it's either null or a referral TGT that we free below, - * and we may need it to return. - */ + /* + * Failure: free out_supplied_server. Don't free out_cred here + * since it's either null or a referral TGT that we free below, + * and we may need it to return. + */ krb5_free_principal(context, out_supplied_server); - krb5_free_authdata(context, out_supplied_authdata); + krb5_free_authdata(context, out_supplied_authdata); } DUMP_PRINC("gc_from_kdc: final server after reversion", in_cred->server); /* @@ -1323,74 +1324,74 @@ cleanup: if (*tgts == NULL) { if (referral_tgts[0]) { #if 0 - /* - * This should possibly be a check on the candidate return - * credential against the cache, in the circumstance where we - * don't want to clutter the cache with near-duplicate - * credentials on subsequent iterations. For now, it is - * disabled. - */ - subretval=...?; - if (subretval) { + /* + * This should possibly be a check on the candidate return + * credential against the cache, in the circumstance where we + * don't want to clutter the cache with near-duplicate + * credentials on subsequent iterations. For now, it is + * disabled. + */ + subretval=...?; + if (subretval) { #endif - /* Allocate returnable TGT list. */ - *tgts = calloc(2, sizeof (krb5_creds *)); - if (*tgts == NULL && retval == 0) - retval = ENOMEM; - if (*tgts) { - subretval = krb5_copy_creds(context, referral_tgts[0], - &((*tgts)[0])); - if (subretval) { - if (retval == 0) - retval = subretval; - free(*tgts); - *tgts = NULL; - } else { - (*tgts)[1] = NULL; - DUMP_PRINC("gc_from_kdc: referral TGT for ccache", - (*tgts)[0]->server); - } - } + /* Allocate returnable TGT list. */ + *tgts = calloc(2, sizeof (krb5_creds *)); + if (*tgts == NULL && retval == 0) + retval = ENOMEM; + if (*tgts) { + subretval = krb5_copy_creds(context, referral_tgts[0], + &((*tgts)[0])); + if (subretval) { + if (retval == 0) + retval = subretval; + free(*tgts); + *tgts = NULL; + } else { + (*tgts)[1] = NULL; + DUMP_PRINC("gc_from_kdc: referral TGT for ccache", + (*tgts)[0]->server); + } + } #if 0 - } + } #endif - } + } } /* Free referral TGTs list. */ for (i=0;i<KRB5_REFERRAL_MAXHOPS;i++) { if(referral_tgts[i]) { - krb5_free_creds(context, referral_tgts[i]); - } + krb5_free_creds(context, referral_tgts[i]); + } } DPRINTF(("gc_from_kdc finishing with %s\n", - retval ? error_message(retval) : "no error")); + retval ? error_message(retval) : "no error")); return retval; } krb5_error_code krb5_get_cred_from_kdc(krb5_context context, krb5_ccache ccache, - krb5_creds *in_cred, krb5_creds **out_cred, - krb5_creds ***tgts) + krb5_creds *in_cred, krb5_creds **out_cred, + krb5_creds ***tgts) { return krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, - 0); + 0); } krb5_error_code krb5_get_cred_from_kdc_validate(krb5_context context, krb5_ccache ccache, - krb5_creds *in_cred, krb5_creds **out_cred, - krb5_creds ***tgts) + krb5_creds *in_cred, krb5_creds **out_cred, + krb5_creds ***tgts) { return krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, - KDC_OPT_VALIDATE); + KDC_OPT_VALIDATE); } krb5_error_code krb5_get_cred_from_kdc_renew(krb5_context context, krb5_ccache ccache, - krb5_creds *in_cred, krb5_creds **out_cred, - krb5_creds ***tgts) + krb5_creds *in_cred, krb5_creds **out_cred, + krb5_creds ***tgts) { return krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, - KDC_OPT_RENEW); + KDC_OPT_RENEW); } diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 273655a..bea435b 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/gc_via_tgt.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Given a tkt, and a target cred, get it. * Assumes that the kdc_rep has been decrypted. @@ -34,28 +35,28 @@ static krb5_error_code krb5_kdcrep2creds(krb5_context context, krb5_kdc_rep *pkdcrep, krb5_address *const *address, krb5_data *psectkt, krb5_creds **ppcreds) { - krb5_error_code retval; + krb5_error_code retval; krb5_data *pdata; - + if ((*ppcreds = (krb5_creds *)calloc(1,sizeof(krb5_creds))) == NULL) { return ENOMEM; } if ((retval = krb5_copy_principal(context, pkdcrep->client, - &(*ppcreds)->client))) + &(*ppcreds)->client))) goto cleanup; if ((retval = krb5_copy_principal(context, pkdcrep->enc_part2->server, - &(*ppcreds)->server))) + &(*ppcreds)->server))) goto cleanup; - if ((retval = krb5_copy_keyblock_contents(context, - pkdcrep->enc_part2->session, - &(*ppcreds)->keyblock))) + if ((retval = krb5_copy_keyblock_contents(context, + pkdcrep->enc_part2->session, + &(*ppcreds)->keyblock))) goto cleanup; if ((retval = krb5_copy_data(context, psectkt, &pdata))) - goto cleanup_keyblock; + goto cleanup_keyblock; (*ppcreds)->second_ticket = *pdata; free(pdata); @@ -63,22 +64,22 @@ krb5_kdcrep2creds(krb5_context context, krb5_kdc_rep *pkdcrep, krb5_address *con (*ppcreds)->times = pkdcrep->enc_part2->times; (*ppcreds)->magic = KV5M_CREDS; - (*ppcreds)->authdata = NULL; /* not used */ + (*ppcreds)->authdata = NULL; /* not used */ (*ppcreds)->is_skey = psectkt->length != 0; if (pkdcrep->enc_part2->caddrs) { - if ((retval = krb5_copy_addresses(context, pkdcrep->enc_part2->caddrs, - &(*ppcreds)->addresses))) - goto cleanup_keyblock; + if ((retval = krb5_copy_addresses(context, pkdcrep->enc_part2->caddrs, + &(*ppcreds)->addresses))) + goto cleanup_keyblock; } else { - /* no addresses in the list means we got what we had */ - if ((retval = krb5_copy_addresses(context, address, - &(*ppcreds)->addresses))) - goto cleanup_keyblock; + /* no addresses in the list means we got what we had */ + if ((retval = krb5_copy_addresses(context, address, + &(*ppcreds)->addresses))) + goto cleanup_keyblock; } if ((retval = encode_krb5_ticket(pkdcrep->ticket, &pdata))) - goto cleanup_keyblock; + goto cleanup_keyblock; (*ppcreds)->ticket = *pdata; free(pdata); @@ -92,43 +93,43 @@ cleanup: *ppcreds = NULL; return retval; } - + static krb5_error_code check_reply_server(krb5_context context, krb5_flags kdcoptions, - krb5_creds *in_cred, krb5_kdc_rep *dec_rep) + krb5_creds *in_cred, krb5_kdc_rep *dec_rep) { if (!krb5_principal_compare(context, dec_rep->ticket->server, - dec_rep->enc_part2->server)) - return KRB5_KDCREP_MODIFIED; + dec_rep->enc_part2->server)) + return KRB5_KDCREP_MODIFIED; /* Reply is self-consistent. */ if (krb5_principal_compare(context, dec_rep->ticket->server, - in_cred->server)) - return 0; + in_cred->server)) + return 0; /* Server in reply differs from what we requested. */ if (kdcoptions & KDC_OPT_CANONICALIZE) { - /* in_cred server differs from ticket returned, but ticket - returned is consistent and we requested canonicalization. */ + /* in_cred server differs from ticket returned, but ticket + returned is consistent and we requested canonicalization. */ #if 0 #ifdef DEBUG_REFERRALS - printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n"); - krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server); - krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server); + printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n"); + krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server); + krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server); #endif #endif - return 0; + return 0; } /* We didn't request canonicalization. */ if (!IS_TGS_PRINC(context, in_cred->server) || - !IS_TGS_PRINC(context, dec_rep->ticket->server)) { - /* Canonicalization not requested, and not a TGS referral. */ - return KRB5_KDCREP_MODIFIED; + !IS_TGS_PRINC(context, dec_rep->ticket->server)) { + /* Canonicalization not requested, and not a TGS referral. */ + return KRB5_KDCREP_MODIFIED; } #if 0 /* @@ -136,288 +137,288 @@ check_reply_server(krb5_context context, krb5_flags kdcoptions, * effectively checks this. */ if (krb5_realm_compare(context, in_cred->client, in_cred->server) && - data_eq(*in_cred->server->data[1], *in_cred->client->realm) { - /* Attempted to rewrite local TGS. */ - return KRB5_KDCREP_MODIFIED; - } + data_eq(*in_cred->server->data[1], *in_cred->client->realm) { + /* Attempted to rewrite local TGS. */ + return KRB5_KDCREP_MODIFIED; + } #endif - return 0; -} + return 0; + } /* Return true if a TGS credential is for the client's local realm. */ -static inline int -tgt_is_local_realm(krb5_creds *tgt) -{ - return (tgt->server->length == 2 - && data_eq_string(tgt->server->data[0], KRB5_TGS_NAME) - && data_eq(tgt->server->data[1], tgt->client->realm) - && data_eq(tgt->server->realm, tgt->client->realm)); -} + static inline int + tgt_is_local_realm(krb5_creds *tgt) + { + return (tgt->server->length == 2 + && data_eq_string(tgt->server->data[0], KRB5_TGS_NAME) + && data_eq(tgt->server->data[1], tgt->client->realm) + && data_eq(tgt->server->realm, tgt->client->realm)); + } -krb5_error_code -krb5_get_cred_via_tkt (krb5_context context, krb5_creds *tkt, - krb5_flags kdcoptions, krb5_address *const *address, - krb5_creds *in_cred, krb5_creds **out_cred) -{ - return krb5_get_cred_via_tkt_ext (context, tkt, - kdcoptions, address, - NULL, in_cred, NULL, NULL, - NULL, NULL, out_cred, NULL); -} + krb5_error_code + krb5_get_cred_via_tkt (krb5_context context, krb5_creds *tkt, + krb5_flags kdcoptions, krb5_address *const *address, + krb5_creds *in_cred, krb5_creds **out_cred) + { + return krb5_get_cred_via_tkt_ext (context, tkt, + kdcoptions, address, + NULL, in_cred, NULL, NULL, + NULL, NULL, out_cred, NULL); + } -krb5_error_code -krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt, - krb5_flags kdcoptions, krb5_address *const *address, - krb5_pa_data **in_padata, - krb5_creds *in_cred, - krb5_error_code (*pacb_fct)(krb5_context, - krb5_keyblock *, - krb5_kdc_req *, - void *), - void *pacb_data, - krb5_pa_data ***out_padata, - krb5_pa_data ***out_enc_padata, - krb5_creds **out_cred, - krb5_keyblock **out_subkey) -{ - krb5_error_code retval; - krb5_kdc_rep *dec_rep; - krb5_error *err_reply; - krb5_response tgsrep; - krb5_enctype *enctypes = 0; - krb5_keyblock *subkey = NULL; - krb5_boolean s4u2self = FALSE, second_tkt; + krb5_error_code + krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt, + krb5_flags kdcoptions, krb5_address *const *address, + krb5_pa_data **in_padata, + krb5_creds *in_cred, + krb5_error_code (*pacb_fct)(krb5_context, + krb5_keyblock *, + krb5_kdc_req *, + void *), + void *pacb_data, + krb5_pa_data ***out_padata, + krb5_pa_data ***out_enc_padata, + krb5_creds **out_cred, + krb5_keyblock **out_subkey) + { + krb5_error_code retval; + krb5_kdc_rep *dec_rep; + krb5_error *err_reply; + krb5_response tgsrep; + krb5_enctype *enctypes = 0; + krb5_keyblock *subkey = NULL; + krb5_boolean s4u2self = FALSE, second_tkt; #ifdef DEBUG_REFERRALS - printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off"); - krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server); - krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server); + printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off"); + krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server); + krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server); #endif - /* tkt->client must be equal to in_cred->client */ - if (!krb5_principal_compare(context, tkt->client, in_cred->client)) - return KRB5_PRINC_NOMATCH; + /* tkt->client must be equal to in_cred->client */ + if (!krb5_principal_compare(context, tkt->client, in_cred->client)) + return KRB5_PRINC_NOMATCH; - if (!tkt->ticket.length) - return KRB5_NO_TKT_SUPPLIED; + if (!tkt->ticket.length) + return KRB5_NO_TKT_SUPPLIED; - second_tkt = ((kdcoptions & (KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)) != 0); + second_tkt = ((kdcoptions & (KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)) != 0); - if (second_tkt && !in_cred->second_ticket.length) - return(KRB5_NO_2ND_TKT); + if (second_tkt && !in_cred->second_ticket.length) + return(KRB5_NO_2ND_TKT); - s4u2self = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_S4U_X509_USER) || - krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FOR_USER); + s4u2self = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_S4U_X509_USER) || + krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FOR_USER); - /* check if we have the right TGT */ - /* tkt->server must be equal to */ - /* krbtgt/realmof(cred->server)@realmof(tgt->server) */ + /* check if we have the right TGT */ + /* tkt->server must be equal to */ + /* krbtgt/realmof(cred->server)@realmof(tgt->server) */ /* - { - krb5_principal tempprinc; - if (retval = krb5_tgtname(context, - krb5_princ_realm(context, in_cred->server), - krb5_princ_realm(context, tkt->server), &tempprinc)) - return(retval); - - if (!krb5_principal_compare(context, tempprinc, tkt->server)) { - krb5_free_principal(context, tempprinc); - return (KRB5_PRINC_NOMATCH); - } - krb5_free_principal(context, tempprinc); - } + { + krb5_principal tempprinc; + if (retval = krb5_tgtname(context, + krb5_princ_realm(context, in_cred->server), + krb5_princ_realm(context, tkt->server), &tempprinc)) + return(retval); + + if (!krb5_principal_compare(context, tempprinc, tkt->server)) { + krb5_free_principal(context, tempprinc); + return (KRB5_PRINC_NOMATCH); + } + krb5_free_principal(context, tempprinc); + } */ - if (in_cred->keyblock.enctype) { - enctypes = (krb5_enctype *) malloc(sizeof(krb5_enctype)*2); - if (!enctypes) - return ENOMEM; - enctypes[0] = in_cred->keyblock.enctype; - enctypes[1] = 0; - } + if (in_cred->keyblock.enctype) { + enctypes = (krb5_enctype *) malloc(sizeof(krb5_enctype)*2); + if (!enctypes) + return ENOMEM; + enctypes[0] = in_cred->keyblock.enctype; + enctypes[1] = 0; + } - retval = krb5int_send_tgs(context, kdcoptions, &in_cred->times, enctypes, - in_cred->server, address, in_cred->authdata, - in_padata, - second_tkt ? &in_cred->second_ticket : NULL, - tkt, pacb_fct, pacb_data, &tgsrep, &subkey); - if (enctypes) - free(enctypes); - if (retval) { + retval = krb5int_send_tgs(context, kdcoptions, &in_cred->times, enctypes, + in_cred->server, address, in_cred->authdata, + in_padata, + second_tkt ? &in_cred->second_ticket : NULL, + tkt, pacb_fct, pacb_data, &tgsrep, &subkey); + if (enctypes) + free(enctypes); + if (retval) { #ifdef DEBUG_REFERRALS - printf("krb5_get_cred_via_tkt ending early after send_tgs with: %s\n", - error_message(retval)); + printf("krb5_get_cred_via_tkt ending early after send_tgs with: %s\n", + error_message(retval)); #endif - return retval; - } + return retval; + } - switch (tgsrep.message_type) { - case KRB5_TGS_REP: - break; - case KRB5_ERROR: - default: - if (krb5_is_krb_error(&tgsrep.response)) - retval = decode_krb5_error(&tgsrep.response, &err_reply); - else - retval = KRB5KRB_AP_ERR_MSG_TYPE; - - if (retval) /* neither proper reply nor error! */ - goto error_4; - - retval = (krb5_error_code) err_reply->error + ERROR_TABLE_BASE_krb5; - if (err_reply->text.length > 0) { + switch (tgsrep.message_type) { + case KRB5_TGS_REP: + break; + case KRB5_ERROR: + default: + if (krb5_is_krb_error(&tgsrep.response)) + retval = decode_krb5_error(&tgsrep.response, &err_reply); + else + retval = KRB5KRB_AP_ERR_MSG_TYPE; + + if (retval) /* neither proper reply nor error! */ + goto error_4; + + retval = (krb5_error_code) err_reply->error + ERROR_TABLE_BASE_krb5; + if (err_reply->text.length > 0) { #if 0 - const char *m; + const char *m; #endif - switch (err_reply->error) { - case KRB_ERR_GENERIC: - krb5_set_error_message(context, retval, - "KDC returned error string: %.*s", - err_reply->text.length, - err_reply->text.data); - break; - case KDC_ERR_S_PRINCIPAL_UNKNOWN: - { - char *s_name; - if (krb5_unparse_name(context, in_cred->server, &s_name) == 0) { - krb5_set_error_message(context, retval, - "Server %s not found in Kerberos database", - s_name); - krb5_free_unparsed_name(context, s_name); - } else - /* In case there's a stale S_PRINCIPAL_UNKNOWN - report already noted. */ - krb5_clear_error_message(context); - } - break; - default: + switch (err_reply->error) { + case KRB_ERR_GENERIC: + krb5_set_error_message(context, retval, + "KDC returned error string: %.*s", + err_reply->text.length, + err_reply->text.data); + break; + case KDC_ERR_S_PRINCIPAL_UNKNOWN: + { + char *s_name; + if (krb5_unparse_name(context, in_cred->server, &s_name) == 0) { + krb5_set_error_message(context, retval, + "Server %s not found in Kerberos database", + s_name); + krb5_free_unparsed_name(context, s_name); + } else + /* In case there's a stale S_PRINCIPAL_UNKNOWN + report already noted. */ + krb5_clear_error_message(context); + } + break; + default: #if 0 /* We should stop the KDC from sending back this text, because - if the local language doesn't match the KDC's language, we'd - just wind up printing out the error message in two languages. - Well, when we get some localization. Which is already - happening in KfM. */ - m = error_message(retval); - /* Special case: MIT KDC may return this same string - in the e-text field. */ - if (strlen (m) == err_reply->text.length-1 - && !strcmp(m, err_reply->text.data)) - break; - krb5_set_error_message(context, retval, - "%s (KDC supplied additional data: %s)", - m, err_reply->text.data); + if the local language doesn't match the KDC's language, we'd + just wind up printing out the error message in two languages. + Well, when we get some localization. Which is already + happening in KfM. */ + m = error_message(retval); + /* Special case: MIT KDC may return this same string + in the e-text field. */ + if (strlen (m) == err_reply->text.length-1 + && !strcmp(m, err_reply->text.data)) + break; + krb5_set_error_message(context, retval, + "%s (KDC supplied additional data: %s)", + m, err_reply->text.data); #endif - break; - } - } + break; + } + } - krb5_free_error(context, err_reply); - goto error_4; - } + krb5_free_error(context, err_reply); + goto error_4; + } - /* Unfortunately, Heimdal at least up through 1.2 encrypts using - the session key not the subsession key. So we try both. */ - if ((retval = krb5int_decode_tgs_rep(context, &tgsrep.response, - subkey, - KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY, &dec_rep))) { - if ((krb5int_decode_tgs_rep(context, &tgsrep.response, - &tkt->keyblock, - KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY, &dec_rep)) == 0) - retval = 0; - else goto error_4; - } + /* Unfortunately, Heimdal at least up through 1.2 encrypts using + the session key not the subsession key. So we try both. */ + if ((retval = krb5int_decode_tgs_rep(context, &tgsrep.response, + subkey, + KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY, &dec_rep))) { + if ((krb5int_decode_tgs_rep(context, &tgsrep.response, + &tkt->keyblock, + KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY, &dec_rep)) == 0) + retval = 0; + else goto error_4; + } - if (dec_rep->msg_type != KRB5_TGS_REP) { - retval = KRB5KRB_AP_ERR_MSG_TYPE; - goto error_3; - } - - /* - * Don't trust the ok-as-delegate flag from foreign KDCs unless the - * cross-realm TGT also had the ok-as-delegate flag set. - */ - if (!tgt_is_local_realm(tkt) - && !(tkt->ticket_flags & TKT_FLG_OK_AS_DELEGATE)) - dec_rep->enc_part2->flags &= ~TKT_FLG_OK_AS_DELEGATE; - - /* make sure the response hasn't been tampered with..... */ - retval = 0; - - if (s4u2self && !IS_TGS_PRINC(context, dec_rep->ticket->server)) { - /* Final hop, check whether KDC supports S4U2Self */ - if (krb5_principal_compare(context, dec_rep->client, in_cred->server)) - retval = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - } else if ((kdcoptions & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) { - /* XXX for constrained delegation this check must be performed by caller - * as we don't have access to the key to decrypt the evidence ticket. - */ - if (!krb5_principal_compare(context, dec_rep->client, tkt->client)) - retval = KRB5_KDCREP_MODIFIED; - } + if (dec_rep->msg_type != KRB5_TGS_REP) { + retval = KRB5KRB_AP_ERR_MSG_TYPE; + goto error_3; + } - if (retval == 0) - retval = check_reply_server(context, kdcoptions, in_cred, dec_rep); + /* + * Don't trust the ok-as-delegate flag from foreign KDCs unless the + * cross-realm TGT also had the ok-as-delegate flag set. + */ + if (!tgt_is_local_realm(tkt) + && !(tkt->ticket_flags & TKT_FLG_OK_AS_DELEGATE)) + dec_rep->enc_part2->flags &= ~TKT_FLG_OK_AS_DELEGATE; + + /* make sure the response hasn't been tampered with..... */ + retval = 0; + + if (s4u2self && !IS_TGS_PRINC(context, dec_rep->ticket->server)) { + /* Final hop, check whether KDC supports S4U2Self */ + if (krb5_principal_compare(context, dec_rep->client, in_cred->server)) + retval = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + } else if ((kdcoptions & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) { + /* XXX for constrained delegation this check must be performed by caller + * as we don't have access to the key to decrypt the evidence ticket. + */ + if (!krb5_principal_compare(context, dec_rep->client, tkt->client)) + retval = KRB5_KDCREP_MODIFIED; + } - if (dec_rep->enc_part2->nonce != tgsrep.expected_nonce) - retval = KRB5_KDCREP_MODIFIED; + if (retval == 0) + retval = check_reply_server(context, kdcoptions, in_cred, dec_rep); - if ((kdcoptions & KDC_OPT_POSTDATED) && - (in_cred->times.starttime != 0) && - (in_cred->times.starttime != dec_rep->enc_part2->times.starttime)) - retval = KRB5_KDCREP_MODIFIED; + if (dec_rep->enc_part2->nonce != tgsrep.expected_nonce) + retval = KRB5_KDCREP_MODIFIED; - if ((in_cred->times.endtime != 0) && - (dec_rep->enc_part2->times.endtime > in_cred->times.endtime)) - retval = KRB5_KDCREP_MODIFIED; + if ((kdcoptions & KDC_OPT_POSTDATED) && + (in_cred->times.starttime != 0) && + (in_cred->times.starttime != dec_rep->enc_part2->times.starttime)) + retval = KRB5_KDCREP_MODIFIED; - if ((kdcoptions & KDC_OPT_RENEWABLE) && - (in_cred->times.renew_till != 0) && - (dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till)) - retval = KRB5_KDCREP_MODIFIED; + if ((in_cred->times.endtime != 0) && + (dec_rep->enc_part2->times.endtime > in_cred->times.endtime)) + retval = KRB5_KDCREP_MODIFIED; - if ((kdcoptions & KDC_OPT_RENEWABLE_OK) && - (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) && - (in_cred->times.endtime != 0) && - (dec_rep->enc_part2->times.renew_till > in_cred->times.endtime)) - retval = KRB5_KDCREP_MODIFIED; + if ((kdcoptions & KDC_OPT_RENEWABLE) && + (in_cred->times.renew_till != 0) && + (dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till)) + retval = KRB5_KDCREP_MODIFIED; - if (retval != 0) - goto error_3; + if ((kdcoptions & KDC_OPT_RENEWABLE_OK) && + (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) && + (in_cred->times.endtime != 0) && + (dec_rep->enc_part2->times.renew_till > in_cred->times.endtime)) + retval = KRB5_KDCREP_MODIFIED; - if (!in_cred->times.starttime && - !in_clock_skew(dec_rep->enc_part2->times.starttime, - tgsrep.request_time)) { - retval = KRB5_KDCREP_SKEW; - goto error_3; - } + if (retval != 0) + goto error_3; - if (out_padata != NULL) { - *out_padata = dec_rep->padata; - dec_rep->padata = NULL; - } - if (out_enc_padata != NULL) { - *out_enc_padata = dec_rep->enc_part2->enc_padata; - dec_rep->enc_part2->enc_padata = NULL; - } - - retval = krb5_kdcrep2creds(context, dec_rep, address, - &in_cred->second_ticket, out_cred); - -error_3:; - if (subkey != NULL) { - if (retval == 0 && out_subkey != NULL) - *out_subkey = subkey; - else - krb5_free_keyblock(context, subkey); - } - - memset(dec_rep->enc_part2->session->contents, 0, - dec_rep->enc_part2->session->length); - krb5_free_kdc_rep(context, dec_rep); + if (!in_cred->times.starttime && + !in_clock_skew(dec_rep->enc_part2->times.starttime, + tgsrep.request_time)) { + retval = KRB5_KDCREP_SKEW; + goto error_3; + } + + if (out_padata != NULL) { + *out_padata = dec_rep->padata; + dec_rep->padata = NULL; + } + if (out_enc_padata != NULL) { + *out_enc_padata = dec_rep->enc_part2->enc_padata; + dec_rep->enc_part2->enc_padata = NULL; + } + + retval = krb5_kdcrep2creds(context, dec_rep, address, + &in_cred->second_ticket, out_cred); -error_4:; - free(tgsrep.response.data); + error_3:; + if (subkey != NULL) { + if (retval == 0 && out_subkey != NULL) + *out_subkey = subkey; + else + krb5_free_keyblock(context, subkey); + } + + memset(dec_rep->enc_part2->session->contents, 0, + dec_rep->enc_part2->session->length); + krb5_free_kdc_rep(context, dec_rep); + + error_4:; + free(tgsrep.response.data); #ifdef DEBUG_REFERRALS - printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error"); + printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error"); #endif - return retval; -} + return retval; + } diff --git a/src/lib/krb5/krb/gen_seqnum.c b/src/lib/krb5/krb/gen_seqnum.c index 06564ee..8703457 100644 --- a/src/lib/krb5/krb/gen_seqnum.c +++ b/src/lib/krb5/krb/gen_seqnum.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/gen_seqnum.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Routine to automatically generate a starting sequence number. * We do this by getting a random key and encrypting something with it, @@ -53,13 +54,13 @@ krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui seed = key2data(*key); if ((retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed))) - return(retval); + return(retval); seed.length = sizeof(*seqno); seed.data = (char *) seqno; retval = krb5_c_random_make_octets(context, &seed); if (retval) - return retval; + return retval; /* * Work around implementation incompatibilities by not generating * initial sequence numbers greater than 2^30. Previous MIT @@ -71,6 +72,6 @@ krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui */ *seqno &= 0x3fffffff; if (*seqno == 0) - *seqno = 1; + *seqno = 1; return 0; } diff --git a/src/lib/krb5/krb/gen_subkey.c b/src/lib/krb5/krb/gen_subkey.c index 501428b..7739f04 100644 --- a/src/lib/krb5/krb/gen_subkey.c +++ b/src/lib/krb5/krb/gen_subkey.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/gen_subkey.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Routine to automatically generate a subsession key based on an input key. */ @@ -41,9 +42,9 @@ key2data (krb5_keyblock k) krb5_error_code krb5_generate_subkey_extended(krb5_context context, - const krb5_keyblock *key, - krb5_enctype enctype, - krb5_keyblock **subkey) + const krb5_keyblock *key, + krb5_enctype enctype, + krb5_keyblock **subkey) { krb5_error_code retval; krb5_data seed; @@ -53,18 +54,18 @@ krb5_generate_subkey_extended(krb5_context context, seed = key2data(*key); retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, - &seed); + &seed); if (retval) - return retval; + return retval; keyblock = malloc(sizeof(krb5_keyblock)); if (!keyblock) - return ENOMEM; + return ENOMEM; retval = krb5_c_make_random_key(context, enctype, keyblock); if (retval) { - free(*subkey); - return retval; + free(*subkey); + return retval; } *subkey = keyblock; diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 88148d7..491f864 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/get_creds.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_get_credentials() */ @@ -30,18 +31,18 @@ /* - Attempts to use the credentials cache or TGS exchange to get an additional - ticket for the - client identified by in_creds->client, the server identified by - in_creds->server, with options options, expiration date specified in - in_creds->times.endtime (0 means as long as possible), session key type - specified in in_creds->keyblock.enctype (if non-zero) + Attempts to use the credentials cache or TGS exchange to get an additional + ticket for the + client identified by in_creds->client, the server identified by + in_creds->server, with options options, expiration date specified in + in_creds->times.endtime (0 means as long as possible), session key type + specified in in_creds->keyblock.enctype (if non-zero) - Any returned ticket and intermediate ticket-granting tickets are - stored in ccache. + Any returned ticket and intermediate ticket-granting tickets are + stored in ccache. - returns errors from encryption routines, system errors - */ + returns errors from encryption routines, system errors +*/ #include "k5-int.h" #include "int-proto.h" @@ -54,8 +55,8 @@ */ krb5_error_code krb5int_construct_matching_creds(krb5_context context, krb5_flags options, - krb5_creds *in_creds, krb5_creds *mcreds, - krb5_flags *fields) + krb5_creds *in_creds, krb5_creds *mcreds, + krb5_flags *fields) { if (!in_creds || !in_creds->server || !in_creds->client) return EINVAL; @@ -63,47 +64,47 @@ krb5int_construct_matching_creds(krb5_context context, krb5_flags options, memset(mcreds, 0, sizeof(krb5_creds)); mcreds->magic = KV5M_CREDS; if (in_creds->times.endtime != 0) { - mcreds->times.endtime = in_creds->times.endtime; + mcreds->times.endtime = in_creds->times.endtime; } else { - krb5_error_code retval; - retval = krb5_timeofday(context, &mcreds->times.endtime); - if (retval != 0) return retval; + krb5_error_code retval; + retval = krb5_timeofday(context, &mcreds->times.endtime); + if (retval != 0) return retval; } mcreds->keyblock = in_creds->keyblock; mcreds->authdata = in_creds->authdata; mcreds->server = in_creds->server; mcreds->client = in_creds->client; - + *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */ - | KRB5_TC_MATCH_AUTHDATA - | KRB5_TC_SUPPORTED_KTYPES; + | KRB5_TC_MATCH_AUTHDATA + | KRB5_TC_SUPPORTED_KTYPES; if (mcreds->keyblock.enctype) { - krb5_enctype *ktypes; - krb5_error_code ret; - int i; - - *fields |= KRB5_TC_MATCH_KTYPE; - ret = krb5_get_tgs_ktypes(context, mcreds->server, &ktypes); - for (i = 0; ktypes[i]; i++) - if (ktypes[i] == mcreds->keyblock.enctype) - break; - if (ktypes[i] == 0) - ret = KRB5_CC_NOT_KTYPE; - free (ktypes); - if (ret) - return ret; + krb5_enctype *ktypes; + krb5_error_code ret; + int i; + + *fields |= KRB5_TC_MATCH_KTYPE; + ret = krb5_get_tgs_ktypes(context, mcreds->server, &ktypes); + for (i = 0; ktypes[i]; i++) + if (ktypes[i] == mcreds->keyblock.enctype) + break; + if (ktypes[i] == 0) + ret = KRB5_CC_NOT_KTYPE; + free (ktypes); + if (ret) + return ret; } if (options & (KRB5_GC_USER_USER | KRB5_GC_CONSTRAINED_DELEGATION)) { - /* also match on identical 2nd tkt and tkt encrypted in a - session key */ - *fields |= KRB5_TC_MATCH_2ND_TKT; - if (options & KRB5_GC_USER_USER) { - *fields |= KRB5_TC_MATCH_IS_SKEY; - mcreds->is_skey = TRUE; - } - mcreds->second_ticket = in_creds->second_ticket; - if (!in_creds->second_ticket.length) - return KRB5_NO_2ND_TKT; + /* also match on identical 2nd tkt and tkt encrypted in a + session key */ + *fields |= KRB5_TC_MATCH_2ND_TKT; + if (options & KRB5_GC_USER_USER) { + *fields |= KRB5_TC_MATCH_IS_SKEY; + mcreds->is_skey = TRUE; + } + mcreds->second_ticket = in_creds->second_ticket; + if (!in_creds->second_ticket.length) + return KRB5_NO_2ND_TKT; } return 0; @@ -111,8 +112,8 @@ krb5int_construct_matching_creds(krb5_context context, krb5_flags options, krb5_error_code KRB5_CALLCONV krb5_get_credentials(krb5_context context, krb5_flags options, - krb5_ccache ccache, krb5_creds *in_creds, - krb5_creds **out_creds) + krb5_ccache ccache, krb5_creds *in_creds, + krb5_creds **out_creds) { krb5_error_code retval; krb5_creds mcreds, *ncreds, **tgts, **tgts_iter; @@ -128,53 +129,53 @@ krb5_get_credentials(krb5_context context, krb5_flags options, * second_ticket, which we can't do. */ if ((options & KRB5_GC_CONSTRAINED_DELEGATION) == 0) { - retval = krb5int_construct_matching_creds(context, options, in_creds, - &mcreds, &fields); - - if (retval) - return retval; - - ncreds = malloc(sizeof(krb5_creds)); - if (!ncreds) - return ENOMEM; - - memset(ncreds, 0, sizeof(krb5_creds)); - ncreds->magic = KV5M_CREDS; - - retval = krb5_cc_retrieve_cred(context, ccache, fields, &mcreds, - ncreds); - if (retval == 0) { - *out_creds = ncreds; - return 0; - } - free(ncreds); - ncreds = NULL; - if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) - || options & KRB5_GC_CACHED) - return retval; - not_ktype = (retval == KRB5_CC_NOT_KTYPE); + retval = krb5int_construct_matching_creds(context, options, in_creds, + &mcreds, &fields); + + if (retval) + return retval; + + ncreds = malloc(sizeof(krb5_creds)); + if (!ncreds) + return ENOMEM; + + memset(ncreds, 0, sizeof(krb5_creds)); + ncreds->magic = KV5M_CREDS; + + retval = krb5_cc_retrieve_cred(context, ccache, fields, &mcreds, + ncreds); + if (retval == 0) { + *out_creds = ncreds; + return 0; + } + free(ncreds); + ncreds = NULL; + if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) + || options & KRB5_GC_CACHED) + return retval; + not_ktype = (retval == KRB5_CC_NOT_KTYPE); } else if (options & KRB5_GC_CACHED) - return KRB5_CC_NOTFOUND; + return KRB5_CC_NOTFOUND; if (options & KRB5_GC_CANONICALIZE) - kdcopt |= KDC_OPT_CANONICALIZE; + kdcopt |= KDC_OPT_CANONICALIZE; if (options & KRB5_GC_FORWARDABLE) - kdcopt |= KDC_OPT_FORWARDABLE; + kdcopt |= KDC_OPT_FORWARDABLE; if (options & KRB5_GC_NO_TRANSIT_CHECK) - kdcopt |= KDC_OPT_DISABLE_TRANSITED_CHECK; + kdcopt |= KDC_OPT_DISABLE_TRANSITED_CHECK; if (options & KRB5_GC_CONSTRAINED_DELEGATION) { - if (options & KRB5_GC_USER_USER) - return EINVAL; - kdcopt |= KDC_OPT_FORWARDABLE | KDC_OPT_CNAME_IN_ADDL_TKT; + if (options & KRB5_GC_USER_USER) + return EINVAL; + kdcopt |= KDC_OPT_FORWARDABLE | KDC_OPT_CNAME_IN_ADDL_TKT; } retval = krb5_get_cred_from_kdc_opt(context, ccache, in_creds, - &ncreds, &tgts, kdcopt); + &ncreds, &tgts, kdcopt); if (tgts) { - /* Attempt to cache intermediate ticket-granting tickets. */ - for (tgts_iter = tgts; *tgts_iter; tgts_iter++) - (void) krb5_cc_store_cred(context, ccache, *tgts_iter); - krb5_free_tgt_creds(context, tgts); + /* Attempt to cache intermediate ticket-granting tickets. */ + for (tgts_iter = tgts; *tgts_iter; tgts_iter++) + (void) krb5_cc_store_cred(context, ccache, *tgts_iter); + krb5_free_tgt_creds(context, tgts); } /* @@ -189,21 +190,21 @@ krb5_get_credentials(krb5_context context, krb5_flags options, * enctype rather than the missing TGT. */ if ((retval == KRB5_CC_NOTFOUND || retval == KRB5_CC_NOT_KTYPE) - && not_ktype) - return KRB5_CC_NOT_KTYPE; + && not_ktype) + return KRB5_CC_NOT_KTYPE; else if (retval) - return retval; + return retval; if ((options & KRB5_GC_CONSTRAINED_DELEGATION) - && (ncreds->ticket_flags & TKT_FLG_FORWARDABLE) == 0) { - /* This ticket won't work for constrained delegation. */ - krb5_free_creds(context, ncreds); - return KRB5_TKT_NOT_FORWARDABLE; + && (ncreds->ticket_flags & TKT_FLG_FORWARDABLE) == 0) { + /* This ticket won't work for constrained delegation. */ + krb5_free_creds(context, ncreds); + return KRB5_TKT_NOT_FORWARDABLE; } /* Attempt to cache the returned ticket. */ if (!(options & KRB5_GC_NO_STORE)) - (void) krb5_cc_store_cred(context, ccache, ncreds); + (void) krb5_cc_store_cred(context, ccache, ncreds); *out_creds = ncreds; return 0; @@ -212,10 +213,10 @@ krb5_get_credentials(krb5_context context, krb5_flags options, #define INT_GC_VALIDATE 1 #define INT_GC_RENEW 2 -static krb5_error_code +static krb5_error_code krb5_get_credentials_val_renew_core(krb5_context context, krb5_flags options, - krb5_ccache ccache, krb5_creds *in_creds, - krb5_creds **out_creds, int which) + krb5_ccache ccache, krb5_creds *in_creds, + krb5_creds **out_creds, int which) { krb5_error_code retval; krb5_principal tmp; @@ -223,17 +224,17 @@ krb5_get_credentials_val_renew_core(krb5_context context, krb5_flags options, switch(which) { case INT_GC_VALIDATE: - retval = krb5_get_cred_from_kdc_validate(context, ccache, - in_creds, out_creds, &tgts); - break; + retval = krb5_get_cred_from_kdc_validate(context, ccache, + in_creds, out_creds, &tgts); + break; case INT_GC_RENEW: - retval = krb5_get_cred_from_kdc_renew(context, ccache, - in_creds, out_creds, &tgts); - break; + retval = krb5_get_cred_from_kdc_renew(context, ccache, + in_creds, out_creds, &tgts); + break; default: - /* Should never happen */ - retval = 255; - break; + /* Should never happen */ + retval = 255; + break; } /* * Callers to krb5_get_cred_blah... must free up tgts even in @@ -244,39 +245,39 @@ krb5_get_credentials_val_renew_core(krb5_context context, krb5_flags options, retval = krb5_cc_get_principal(context, ccache, &tmp); if (retval) return retval; - + retval = krb5_cc_initialize(context, ccache, tmp); if (retval) return retval; - + retval = krb5_cc_store_cred(context, ccache, *out_creds); return retval; } krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate(krb5_context context, krb5_flags options, - krb5_ccache ccache, krb5_creds *in_creds, - krb5_creds **out_creds) + krb5_ccache ccache, krb5_creds *in_creds, + krb5_creds **out_creds) { - return(krb5_get_credentials_val_renew_core(context, options, ccache, - in_creds, out_creds, - INT_GC_VALIDATE)); + return(krb5_get_credentials_val_renew_core(context, options, ccache, + in_creds, out_creds, + INT_GC_VALIDATE)); } krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew(krb5_context context, krb5_flags options, - krb5_ccache ccache, krb5_creds *in_creds, - krb5_creds **out_creds) + krb5_ccache ccache, krb5_creds *in_creds, + krb5_creds **out_creds) { - return(krb5_get_credentials_val_renew_core(context, options, ccache, - in_creds, out_creds, - INT_GC_RENEW)); + return(krb5_get_credentials_val_renew_core(context, options, ccache, + in_creds, out_creds, + INT_GC_RENEW)); } static krb5_error_code krb5_validate_or_renew_creds(krb5_context context, krb5_creds *creds, - krb5_principal client, krb5_ccache ccache, - char *in_tkt_service, int validate) + krb5_principal client, krb5_ccache ccache, + char *in_tkt_service, int validate) { krb5_error_code ret; krb5_creds in_creds; /* only client and server need to be filled in */ @@ -291,57 +292,57 @@ krb5_validate_or_renew_creds(krb5_context context, krb5_creds *creds, in_creds.client = client; if (in_tkt_service) { - /* this is ugly, because so are the data structures involved. I'm - in the library, so I'm going to manipulate the data structures - directly, otherwise, it will be worse. */ + /* this is ugly, because so are the data structures involved. I'm + in the library, so I'm going to manipulate the data structures + directly, otherwise, it will be worse. */ if ((ret = krb5_parse_name(context, in_tkt_service, &in_creds.server))) - goto cleanup; - - /* stuff the client realm into the server principal. - realloc if necessary */ - if (in_creds.server->realm.length < in_creds.client->realm.length) - if ((in_creds.server->realm.data = - (char *) realloc(in_creds.server->realm.data, - in_creds.client->realm.length)) == NULL) { - ret = ENOMEM; - goto cleanup; - } - - in_creds.server->realm.length = in_creds.client->realm.length; - memcpy(in_creds.server->realm.data, in_creds.client->realm.data, - in_creds.client->realm.length); + goto cleanup; + + /* stuff the client realm into the server principal. + realloc if necessary */ + if (in_creds.server->realm.length < in_creds.client->realm.length) + if ((in_creds.server->realm.data = + (char *) realloc(in_creds.server->realm.data, + in_creds.client->realm.length)) == NULL) { + ret = ENOMEM; + goto cleanup; + } + + in_creds.server->realm.length = in_creds.client->realm.length; + memcpy(in_creds.server->realm.data, in_creds.client->realm.data, + in_creds.client->realm.length); } else { - if ((ret = krb5_build_principal_ext(context, &in_creds.server, - in_creds.client->realm.length, - in_creds.client->realm.data, - KRB5_TGS_NAME_SIZE, - KRB5_TGS_NAME, - in_creds.client->realm.length, - in_creds.client->realm.data, - 0))) - goto cleanup; + if ((ret = krb5_build_principal_ext(context, &in_creds.server, + in_creds.client->realm.length, + in_creds.client->realm.data, + KRB5_TGS_NAME_SIZE, + KRB5_TGS_NAME, + in_creds.client->realm.length, + in_creds.client->realm.data, + 0))) + goto cleanup; } if (validate) - ret = krb5_get_cred_from_kdc_validate(context, ccache, - &in_creds, &out_creds, &tgts); + ret = krb5_get_cred_from_kdc_validate(context, ccache, + &in_creds, &out_creds, &tgts); else - ret = krb5_get_cred_from_kdc_renew(context, ccache, - &in_creds, &out_creds, &tgts); - + ret = krb5_get_cred_from_kdc_renew(context, ccache, + &in_creds, &out_creds, &tgts); + /* ick. copy the struct contents, free the container */ if (out_creds) { - *creds = *out_creds; - free(out_creds); + *creds = *out_creds; + free(out_creds); } cleanup: if (in_creds.server) - krb5_free_principal(context, in_creds.server); + krb5_free_principal(context, in_creds.server); if (tgts) - krb5_free_tgt_creds(context, tgts); + krb5_free_tgt_creds(context, tgts); return(ret); } @@ -350,13 +351,12 @@ krb5_error_code KRB5_CALLCONV krb5_get_validated_creds(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service) { return(krb5_validate_or_renew_creds(context, creds, client, ccache, - in_tkt_service, 1)); + in_tkt_service, 1)); } krb5_error_code KRB5_CALLCONV krb5_get_renewed_creds(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service) { return(krb5_validate_or_renew_creds(context, creds, client, ccache, - in_tkt_service, 0)); + in_tkt_service, 0)); } - diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index a381c5c..40afea5 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/get_in_tkt.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_get_in_tkt() */ @@ -36,7 +37,7 @@ #if APPLE_PKINIT #define IN_TKT_DEBUG 0 -#if IN_TKT_DEBUG +#if IN_TKT_DEBUG #define inTktDebug(args...) printf(args) #else #define inTktDebug(args...) @@ -44,53 +45,53 @@ #endif /* APPLE_PKINIT */ /* - All-purpose initial ticket routine, usually called via - krb5_get_in_tkt_with_password or krb5_get_in_tkt_with_skey. + All-purpose initial ticket routine, usually called via + krb5_get_in_tkt_with_password or krb5_get_in_tkt_with_skey. - Attempts to get an initial ticket for creds->client to use server - creds->server, (realm is taken from creds->client), with options - options, and using creds->times.starttime, creds->times.endtime, - creds->times.renew_till as from, till, and rtime. - creds->times.renew_till is ignored unless the RENEWABLE option is requested. + Attempts to get an initial ticket for creds->client to use server + creds->server, (realm is taken from creds->client), with options + options, and using creds->times.starttime, creds->times.endtime, + creds->times.renew_till as from, till, and rtime. + creds->times.renew_till is ignored unless the RENEWABLE option is requested. - key_proc is called to fill in the key to be used for decryption. - keyseed is passed on to key_proc. + key_proc is called to fill in the key to be used for decryption. + keyseed is passed on to key_proc. - decrypt_proc is called to perform the decryption of the response (the - encrypted part is in dec_rep->enc_part; the decrypted part should be - allocated and filled into dec_rep->enc_part2 - arg is passed on to decrypt_proc. + decrypt_proc is called to perform the decryption of the response (the + encrypted part is in dec_rep->enc_part; the decrypted part should be + allocated and filled into dec_rep->enc_part2 + arg is passed on to decrypt_proc. - If addrs is non-NULL, it is used for the addresses requested. If it is - null, the system standard addresses are used. + If addrs is non-NULL, it is used for the addresses requested. If it is + null, the system standard addresses are used. - A succesful call will place the ticket in the credentials cache ccache - and fill in creds with the ticket information used/returned.. + A succesful call will place the ticket in the credentials cache ccache + and fill in creds with the ticket information used/returned.. - returns system errors, encryption errors + returns system errors, encryption errors - */ +*/ /* some typedef's for the function args to make things look a bit cleaner */ typedef krb5_error_code (*git_key_proc) (krb5_context, - krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **); + krb5_enctype, + krb5_data *, + krb5_const_pointer, + krb5_keyblock **); typedef krb5_error_code (*git_decrypt_proc) (krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ); + const krb5_keyblock *, + krb5_const_pointer, + krb5_kdc_rep * ); -static krb5_error_code make_preauth_list (krb5_context, - krb5_preauthtype *, - int, krb5_pa_data ***); +static krb5_error_code make_preauth_list (krb5_context, + krb5_preauthtype *, + int, krb5_pa_data ***); static krb5_error_code sort_krb5_padata_sequence(krb5_context context, - krb5_data *realm, - krb5_pa_data **padata); + krb5_data *realm, + krb5_pa_data **padata); /* * This function performs 32 bit bounded addition so we can generate @@ -105,7 +106,7 @@ static krb5_int32 krb5int_addint32 (krb5_int32 x, krb5_int32 y) /* sum will be less than KRB5_INT32_MIN */ return KRB5_INT32_MIN; } - + return x + y; } @@ -115,14 +116,14 @@ static krb5_int32 krb5int_addint32 (krb5_int32 x, krb5_int32 y) * just uses krb5_timeofday(); it should use a PRNG. Even more unfortunately this * value is used interchangeably with an explicit now_time throughout this module... */ -static krb5_error_code +static krb5_error_code gen_nonce(krb5_context context, krb5_int32 *nonce) { krb5_int32 time_now; krb5_error_code retval = krb5_timeofday(context, &time_now); if(retval) { - return retval; + return retval; } *nonce = time_now; return 0; @@ -136,16 +137,16 @@ gen_nonce(krb5_context context, * unexpected response, an error is returned. */ static krb5_error_code -send_as_request(krb5_context context, - krb5_data *packet, const krb5_data *realm, - krb5_error ** ret_err_reply, - krb5_kdc_rep ** ret_as_reply, - int *use_master) +send_as_request(krb5_context context, + krb5_data *packet, const krb5_data *realm, + krb5_error ** ret_err_reply, + krb5_kdc_rep ** ret_as_reply, + int *use_master) { krb5_kdc_rep *as_reply = 0; krb5_error_code retval; krb5_data reply; - char k4_version; /* same type as *(krb5_data::data) */ + char k4_version; /* same type as *(krb5_data::data) */ int tcp_only = 0; reply.data = 0; @@ -154,37 +155,37 @@ send_as_request(krb5_context context, k4_version = packet->data[0]; send_again: - retval = krb5_sendto_kdc(context, packet, - realm, - &reply, use_master, tcp_only); + retval = krb5_sendto_kdc(context, packet, + realm, + &reply, use_master, tcp_only); #if APPLE_PKINIT inTktDebug("krb5_sendto_kdc returned %d\n", (int)retval); #endif /* APPLE_PKINIT */ if (retval) - goto cleanup; + goto cleanup; /* now decode the reply...could be error or as_rep */ if (krb5_is_krb_error(&reply)) { - krb5_error *err_reply; - - if ((retval = decode_krb5_error(&reply, &err_reply))) - /* some other error code--??? */ - goto cleanup; - - if (ret_err_reply) { - if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG - && tcp_only == 0) { - tcp_only = 1; - krb5_free_error(context, err_reply); - free(reply.data); - reply.data = 0; - goto send_again; - } - *ret_err_reply = err_reply; - } else - krb5_free_error(context, err_reply); - goto cleanup; + krb5_error *err_reply; + + if ((retval = decode_krb5_error(&reply, &err_reply))) + /* some other error code--??? */ + goto cleanup; + + if (ret_err_reply) { + if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG + && tcp_only == 0) { + tcp_only = 1; + krb5_free_error(context, err_reply); + free(reply.data); + reply.data = 0; + goto send_again; + } + *ret_err_reply = err_reply; + } else + krb5_free_error(context, err_reply); + goto cleanup; } /* @@ -192,108 +193,108 @@ send_again: */ if (!krb5_is_as_rep(&reply)) { /* these are in <kerberosIV/prot.h> as well but it isn't worth including. */ -#define V4_KRB_PROT_VERSION 4 -#define V4_AUTH_MSG_ERR_REPLY (5<<1) - /* check here for V4 reply */ - unsigned int t_switch; - - /* From v4 g_in_tkt.c: This used to be - switch (pkt_msg_type(rpkt) & ~1) { - but SCO 3.2v4 cc compiled that incorrectly. */ - t_switch = reply.data[1]; - t_switch &= ~1; - - if (t_switch == V4_AUTH_MSG_ERR_REPLY - && (reply.data[0] == V4_KRB_PROT_VERSION - || reply.data[0] == k4_version)) { - retval = KRB5KRB_AP_ERR_V4_REPLY; - } else { - retval = KRB5KRB_AP_ERR_MSG_TYPE; - } - goto cleanup; +#define V4_KRB_PROT_VERSION 4 +#define V4_AUTH_MSG_ERR_REPLY (5<<1) + /* check here for V4 reply */ + unsigned int t_switch; + + /* From v4 g_in_tkt.c: This used to be + switch (pkt_msg_type(rpkt) & ~1) { + but SCO 3.2v4 cc compiled that incorrectly. */ + t_switch = reply.data[1]; + t_switch &= ~1; + + if (t_switch == V4_AUTH_MSG_ERR_REPLY + && (reply.data[0] == V4_KRB_PROT_VERSION + || reply.data[0] == k4_version)) { + retval = KRB5KRB_AP_ERR_V4_REPLY; + } else { + retval = KRB5KRB_AP_ERR_MSG_TYPE; + } + goto cleanup; } /* It must be a KRB_AS_REP message, or an bad returned packet */ if ((retval = decode_krb5_as_rep(&reply, &as_reply))) - /* some other error code ??? */ - goto cleanup; + /* some other error code ??? */ + goto cleanup; if (as_reply->msg_type != KRB5_AS_REP) { - retval = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_free_kdc_rep(context, as_reply); - goto cleanup; + retval = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_free_kdc_rep(context, as_reply); + goto cleanup; } if (ret_as_reply) - *ret_as_reply = as_reply; + *ret_as_reply = as_reply; else - krb5_free_kdc_rep(context, as_reply); + krb5_free_kdc_rep(context, as_reply); cleanup: if (reply.data) - free(reply.data); + free(reply.data); return retval; } static krb5_error_code -decrypt_as_reply(krb5_context context, - krb5_kdc_req *request, - krb5_kdc_rep *as_reply, - git_key_proc key_proc, - krb5_const_pointer keyseed, - krb5_keyblock * key, - git_decrypt_proc decrypt_proc, - krb5_const_pointer decryptarg) +decrypt_as_reply(krb5_context context, + krb5_kdc_req *request, + krb5_kdc_rep *as_reply, + git_key_proc key_proc, + krb5_const_pointer keyseed, + krb5_keyblock * key, + git_decrypt_proc decrypt_proc, + krb5_const_pointer decryptarg) { - krb5_error_code retval; - krb5_keyblock * decrypt_key = 0; - krb5_data salt; - + krb5_error_code retval; + krb5_keyblock * decrypt_key = 0; + krb5_data salt; + if (as_reply->enc_part2) - return 0; + return 0; if (key) - decrypt_key = key; + decrypt_key = key; else { - /* - * Use salt corresponding to the client principal supplied by - * the KDC, which may differ from the requested principal if - * canonicalization is in effect. We will check - * as_reply->client later in verify_as_reply. - */ - if ((retval = krb5_principal2salt(context, as_reply->client, &salt))) - return(retval); - - retval = (*key_proc)(context, as_reply->enc_part.enctype, - &salt, keyseed, &decrypt_key); - free(salt.data); - if (retval) - goto cleanup; + /* + * Use salt corresponding to the client principal supplied by + * the KDC, which may differ from the requested principal if + * canonicalization is in effect. We will check + * as_reply->client later in verify_as_reply. + */ + if ((retval = krb5_principal2salt(context, as_reply->client, &salt))) + return(retval); + + retval = (*key_proc)(context, as_reply->enc_part.enctype, + &salt, keyseed, &decrypt_key); + free(salt.data); + if (retval) + goto cleanup; } - + if ((retval = (*decrypt_proc)(context, decrypt_key, decryptarg, as_reply))) - goto cleanup; + goto cleanup; cleanup: if (!key && decrypt_key) - krb5_free_keyblock(context, decrypt_key); + krb5_free_keyblock(context, decrypt_key); return (retval); } static krb5_error_code -verify_as_reply(krb5_context context, - krb5_timestamp time_now, - krb5_kdc_req *request, - krb5_kdc_rep *as_reply) +verify_as_reply(krb5_context context, + krb5_timestamp time_now, + krb5_kdc_req *request, + krb5_kdc_rep *as_reply) { - krb5_error_code retval; - int canon_req; - int canon_ok; + krb5_error_code retval; + int canon_req; + int canon_ok; /* check the contents for sanity: */ if (!as_reply->enc_part2->times.starttime) - as_reply->enc_part2->times.starttime = - as_reply->enc_part2->times.authtime; + as_reply->enc_part2->times.starttime = + as_reply->enc_part2->times.authtime; /* * We only allow the AS-REP server name to be changed if the @@ -301,184 +302,184 @@ verify_as_reply(krb5_context context, * principal) and we requested (and received) a TGT. */ canon_req = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) || - (krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL); + (krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL); if (canon_req) { - canon_ok = IS_TGS_PRINC(context, request->server) && - IS_TGS_PRINC(context, as_reply->enc_part2->server); + canon_ok = IS_TGS_PRINC(context, request->server) && + IS_TGS_PRINC(context, as_reply->enc_part2->server); } else - canon_ok = 0; - + canon_ok = 0; + if ((!canon_ok && - (!krb5_principal_compare(context, as_reply->client, request->client) || - !krb5_principal_compare(context, as_reply->enc_part2->server, request->server))) - || !krb5_principal_compare(context, as_reply->enc_part2->server, as_reply->ticket->server) - || (request->nonce != as_reply->enc_part2->nonce) - /* XXX check for extraneous flags */ - /* XXX || (!krb5_addresses_compare(context, addrs, as_reply->enc_part2->caddrs)) */ - || ((request->kdc_options & KDC_OPT_POSTDATED) && - (request->from != 0) && - (request->from != as_reply->enc_part2->times.starttime)) - || ((request->till != 0) && - (as_reply->enc_part2->times.endtime > request->till)) - || ((request->kdc_options & KDC_OPT_RENEWABLE) && - (request->rtime != 0) && - (as_reply->enc_part2->times.renew_till > request->rtime)) - || ((request->kdc_options & KDC_OPT_RENEWABLE_OK) && - !(request->kdc_options & KDC_OPT_RENEWABLE) && - (as_reply->enc_part2->flags & KDC_OPT_RENEWABLE) && - (request->till != 0) && - (as_reply->enc_part2->times.renew_till > request->till)) - ) { + (!krb5_principal_compare(context, as_reply->client, request->client) || + !krb5_principal_compare(context, as_reply->enc_part2->server, request->server))) + || !krb5_principal_compare(context, as_reply->enc_part2->server, as_reply->ticket->server) + || (request->nonce != as_reply->enc_part2->nonce) + /* XXX check for extraneous flags */ + /* XXX || (!krb5_addresses_compare(context, addrs, as_reply->enc_part2->caddrs)) */ + || ((request->kdc_options & KDC_OPT_POSTDATED) && + (request->from != 0) && + (request->from != as_reply->enc_part2->times.starttime)) + || ((request->till != 0) && + (as_reply->enc_part2->times.endtime > request->till)) + || ((request->kdc_options & KDC_OPT_RENEWABLE) && + (request->rtime != 0) && + (as_reply->enc_part2->times.renew_till > request->rtime)) + || ((request->kdc_options & KDC_OPT_RENEWABLE_OK) && + !(request->kdc_options & KDC_OPT_RENEWABLE) && + (as_reply->enc_part2->flags & KDC_OPT_RENEWABLE) && + (request->till != 0) && + (as_reply->enc_part2->times.renew_till > request->till)) + ) { #if APPLE_PKINIT - inTktDebug("verify_as_reply: KDCREP_MODIFIED\n"); - #if IN_TKT_DEBUG - if(request->client->realm.length && request->client->data->length) - inTktDebug("request: name %s realm %s\n", - request->client->realm.data, request->client->data->data); - if(as_reply->client->realm.length && as_reply->client->data->length) - inTktDebug("reply : name %s realm %s\n", - as_reply->client->realm.data, as_reply->client->data->data); - #endif + inTktDebug("verify_as_reply: KDCREP_MODIFIED\n"); +#if IN_TKT_DEBUG + if(request->client->realm.length && request->client->data->length) + inTktDebug("request: name %s realm %s\n", + request->client->realm.data, request->client->data->data); + if(as_reply->client->realm.length && as_reply->client->data->length) + inTktDebug("reply : name %s realm %s\n", + as_reply->client->realm.data, as_reply->client->data->data); +#endif #endif /* APPLE_PKINIT */ - return KRB5_KDCREP_MODIFIED; + return KRB5_KDCREP_MODIFIED; } if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) { - retval = krb5_set_real_time(context, - as_reply->enc_part2->times.authtime, -1); - if (retval) - return retval; + retval = krb5_set_real_time(context, + as_reply->enc_part2->times.authtime, -1); + if (retval) + return retval; } else { - if ((request->from == 0) && - (labs(as_reply->enc_part2->times.starttime - time_now) - > context->clockskew)) - return (KRB5_KDCREP_SKEW); + if ((request->from == 0) && + (labs(as_reply->enc_part2->times.starttime - time_now) + > context->clockskew)) + return (KRB5_KDCREP_SKEW); } return 0; } static krb5_error_code -stash_as_reply(krb5_context context, - krb5_timestamp time_now, - krb5_kdc_req *request, - krb5_kdc_rep *as_reply, - krb5_creds * creds, - krb5_ccache ccache) +stash_as_reply(krb5_context context, + krb5_timestamp time_now, + krb5_kdc_req *request, + krb5_kdc_rep *as_reply, + krb5_creds * creds, + krb5_ccache ccache) { - krb5_error_code retval; - krb5_data * packet; - krb5_principal client; - krb5_principal server; + krb5_error_code retval; + krb5_data * packet; + krb5_principal client; + krb5_principal server; client = NULL; server = NULL; if (!creds->client) if ((retval = krb5_copy_principal(context, as_reply->client, &client))) - goto cleanup; + goto cleanup; if (!creds->server) - if ((retval = krb5_copy_principal(context, as_reply->enc_part2->server, - &server))) - goto cleanup; + if ((retval = krb5_copy_principal(context, as_reply->enc_part2->server, + &server))) + goto cleanup; /* fill in the credentials */ - if ((retval = krb5_copy_keyblock_contents(context, - as_reply->enc_part2->session, - &creds->keyblock))) - goto cleanup; + if ((retval = krb5_copy_keyblock_contents(context, + as_reply->enc_part2->session, + &creds->keyblock))) + goto cleanup; creds->times = as_reply->enc_part2->times; - creds->is_skey = FALSE; /* this is an AS_REQ, so cannot - be encrypted in skey */ + creds->is_skey = FALSE; /* this is an AS_REQ, so cannot + be encrypted in skey */ creds->ticket_flags = as_reply->enc_part2->flags; if ((retval = krb5_copy_addresses(context, as_reply->enc_part2->caddrs, - &creds->addresses))) - goto cleanup; + &creds->addresses))) + goto cleanup; creds->second_ticket.length = 0; creds->second_ticket.data = 0; if ((retval = encode_krb5_ticket(as_reply->ticket, &packet))) - goto cleanup; + goto cleanup; creds->ticket = *packet; free(packet); /* store it in the ccache! */ if (ccache) - if ((retval = krb5_cc_store_cred(context, ccache, creds))) - goto cleanup; + if ((retval = krb5_cc_store_cred(context, ccache, creds))) + goto cleanup; if (!creds->client) - creds->client = client; + creds->client = client; if (!creds->server) - creds->server = server; + creds->server = server; cleanup: if (retval) { - if (client) - krb5_free_principal(context, client); - if (server) - krb5_free_principal(context, server); - if (creds->keyblock.contents) { - memset(creds->keyblock.contents, 0, - creds->keyblock.length); - free(creds->keyblock.contents); - creds->keyblock.contents = 0; - creds->keyblock.length = 0; - } - if (creds->ticket.data) { - free(creds->ticket.data); - creds->ticket.data = 0; - } - if (creds->addresses) { - krb5_free_addresses(context, creds->addresses); - creds->addresses = 0; - } + if (client) + krb5_free_principal(context, client); + if (server) + krb5_free_principal(context, server); + if (creds->keyblock.contents) { + memset(creds->keyblock.contents, 0, + creds->keyblock.length); + free(creds->keyblock.contents); + creds->keyblock.contents = 0; + creds->keyblock.length = 0; + } + if (creds->ticket.data) { + free(creds->ticket.data); + creds->ticket.data = 0; + } + if (creds->addresses) { + krb5_free_addresses(context, creds->addresses); + creds->addresses = 0; + } } return (retval); } static krb5_error_code -make_preauth_list(krb5_context context, - krb5_preauthtype * ptypes, - int nptypes, - krb5_pa_data *** ret_list) +make_preauth_list(krb5_context context, + krb5_preauthtype * ptypes, + int nptypes, + krb5_pa_data *** ret_list) { - krb5_preauthtype * ptypep; - krb5_pa_data ** preauthp; - int i; + krb5_preauthtype * ptypep; + krb5_pa_data ** preauthp; + int i; if (nptypes < 0) { - for (nptypes=0, ptypep = ptypes; *ptypep; ptypep++, nptypes++) - ; + for (nptypes=0, ptypep = ptypes; *ptypep; ptypep++, nptypes++) + ; } - + /* allocate space for a NULL to terminate the list */ - + if ((preauthp = - (krb5_pa_data **) malloc((nptypes+1)*sizeof(krb5_pa_data *))) == NULL) - return(ENOMEM); - + (krb5_pa_data **) malloc((nptypes+1)*sizeof(krb5_pa_data *))) == NULL) + return(ENOMEM); + for (i=0; i<nptypes; i++) { - if ((preauthp[i] = - (krb5_pa_data *) malloc(sizeof(krb5_pa_data))) == NULL) { - for (; i>=0; i--) - free(preauthp[i]); - free(preauthp); - return (ENOMEM); - } - preauthp[i]->magic = KV5M_PA_DATA; - preauthp[i]->pa_type = ptypes[i]; - preauthp[i]->length = 0; - preauthp[i]->contents = 0; + if ((preauthp[i] = + (krb5_pa_data *) malloc(sizeof(krb5_pa_data))) == NULL) { + for (; i>=0; i--) + free(preauthp[i]); + free(preauthp); + return (ENOMEM); + } + preauthp[i]->magic = KV5M_PA_DATA; + preauthp[i]->pa_type = ptypes[i]; + preauthp[i]->length = 0; + preauthp[i]->contents = 0; } - + /* fill in the terminating NULL */ - + preauthp[nptypes] = NULL; - + *ret_list = preauthp; return 0; } @@ -495,10 +496,10 @@ static const krb5_enctype get_in_tkt_enctypes[] = { static krb5_error_code rewrite_server_realm(krb5_context context, - krb5_const_principal old_server, - const krb5_data *realm, - krb5_boolean tgs, - krb5_principal *server) + krb5_const_principal old_server, + const krb5_data *realm, + krb5_boolean tgs, + krb5_principal *server) { krb5_error_code retval; @@ -506,28 +507,28 @@ rewrite_server_realm(krb5_context context, retval = krb5_copy_principal(context, old_server, server); if (retval) - return retval; + return retval; krb5_free_data_contents(context, &(*server)->realm); (*server)->realm.data = NULL; retval = krb5int_copy_data_contents(context, realm, &(*server)->realm); if (retval) - goto cleanup; + goto cleanup; if (tgs) { - krb5_free_data_contents(context, &(*server)->data[1]); - (*server)->data[1].data = NULL; + krb5_free_data_contents(context, &(*server)->data[1]); + (*server)->data[1].data = NULL; - retval = krb5int_copy_data_contents(context, realm, &(*server)->data[1]); - if (retval) - goto cleanup; + retval = krb5int_copy_data_contents(context, realm, &(*server)->data[1]); + if (retval) + goto cleanup; } cleanup: if (retval) { - krb5_free_principal(context, *server); - *server = NULL; + krb5_free_principal(context, *server); + *server = NULL; } return retval; @@ -544,44 +545,44 @@ tgt_is_local_realm(krb5_creds *tgt) krb5_error_code KRB5_CALLCONV krb5_get_in_tkt(krb5_context context, - krb5_flags options, - krb5_address * const * addrs, - krb5_enctype * ktypes, - krb5_preauthtype * ptypes, - git_key_proc key_proc, - krb5_const_pointer keyseed, - git_decrypt_proc decrypt_proc, - krb5_const_pointer decryptarg, - krb5_creds * creds, - krb5_ccache ccache, - krb5_kdc_rep ** ret_as_reply) + krb5_flags options, + krb5_address * const * addrs, + krb5_enctype * ktypes, + krb5_preauthtype * ptypes, + git_key_proc key_proc, + krb5_const_pointer keyseed, + git_decrypt_proc decrypt_proc, + krb5_const_pointer decryptarg, + krb5_creds * creds, + krb5_ccache ccache, + krb5_kdc_rep ** ret_as_reply) { - krb5_error_code retval; - krb5_timestamp time_now; - krb5_keyblock * decrypt_key = 0; - krb5_kdc_req request; + krb5_error_code retval; + krb5_timestamp time_now; + krb5_keyblock * decrypt_key = 0; + krb5_kdc_req request; krb5_data *encoded_request; - krb5_error * err_reply; - krb5_kdc_rep * as_reply = 0; - krb5_pa_data ** preauth_to_use = 0; - int loopcount = 0; - krb5_int32 do_more = 0; - int canon_flag; + krb5_error * err_reply; + krb5_kdc_rep * as_reply = 0; + krb5_pa_data ** preauth_to_use = 0; + int loopcount = 0; + krb5_int32 do_more = 0; + int canon_flag; int use_master = 0; - int referral_count = 0; - krb5_principal_data referred_client; - krb5_principal referred_server = NULL; - krb5_boolean is_tgt_req; + int referral_count = 0; + krb5_principal_data referred_client; + krb5_principal referred_server = NULL; + krb5_boolean is_tgt_req; #if APPLE_PKINIT inTktDebug("krb5_get_in_tkt top\n"); #endif /* APPLE_PKINIT */ if (! krb5_realm_compare(context, creds->client, creds->server)) - return KRB5_IN_TKT_REALM_MISMATCH; + return KRB5_IN_TKT_REALM_MISMATCH; if (ret_as_reply) - *ret_as_reply = 0; + *ret_as_reply = 0; referred_client = *(creds->client); referred_client.realm.data = NULL; @@ -589,8 +590,8 @@ krb5_get_in_tkt(krb5_context context, /* per referrals draft, enterprise principals imply canonicalization */ canon_flag = ((options & KDC_OPT_CANONICALIZE) != 0) || - creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL; - + creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL; + /* * Set up the basic request structure */ @@ -600,10 +601,10 @@ krb5_get_in_tkt(krb5_context context, request.ktype = 0; request.padata = 0; if (addrs) - request.addresses = (krb5_address **) addrs; + request.addresses = (krb5_address **) addrs; else - if ((retval = krb5_os_localaddr(context, &request.addresses))) - goto cleanup; + if ((retval = krb5_os_localaddr(context, &request.addresses))) + goto cleanup; request.kdc_options = options; request.client = creds->client; request.server = creds->server; @@ -614,43 +615,43 @@ krb5_get_in_tkt(krb5_context context, #if APPLE_PKINIT retval = gen_nonce(context, (krb5_int32 *)&time_now); if(retval) { - goto cleanup; + goto cleanup; } request.nonce = time_now; #endif /* APPLE_PKINIT */ request.ktype = malloc (sizeof(get_in_tkt_enctypes)); if (request.ktype == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } memcpy(request.ktype, get_in_tkt_enctypes, sizeof(get_in_tkt_enctypes)); for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++); if (ktypes) { - int i, req, next = 0; - for (req = 0; ktypes[req]; req++) { - if (ktypes[req] == request.ktype[next]) { - next++; - continue; - } - for (i = next + 1; i < request.nktypes; i++) - if (ktypes[req] == request.ktype[i]) { - /* Found the enctype we want, but not in the - position we want. Move it, but keep the old - one from the desired slot around in case it's - later in our requested-ktypes list. */ - krb5_enctype t; - t = request.ktype[next]; - request.ktype[next] = request.ktype[i]; - request.ktype[i] = t; - next++; - break; - } - /* If we didn't find it, don't do anything special, just - drop it. */ - } - request.ktype[next] = 0; - request.nktypes = next; + int i, req, next = 0; + for (req = 0; ktypes[req]; req++) { + if (ktypes[req] == request.ktype[next]) { + next++; + continue; + } + for (i = next + 1; i < request.nktypes; i++) + if (ktypes[req] == request.ktype[i]) { + /* Found the enctype we want, but not in the + position we want. Move it, but keep the old + one from the desired slot around in case it's + later in our requested-ktypes list. */ + krb5_enctype t; + t = request.ktype[next]; + request.ktype[next] = request.ktype[i]; + request.ktype[i] = t; + next++; + break; + } + /* If we didn't find it, don't do anything special, just + drop it. */ + } + request.ktype[next] = 0; + request.nktypes = next; } request.authorization_data.ciphertext.length = 0; request.authorization_data.ciphertext.data = 0; @@ -662,153 +663,153 @@ krb5_get_in_tkt(krb5_context context, * preauth_to_use list. */ if (ptypes) { - retval = make_preauth_list(context, ptypes, -1, &preauth_to_use); - if (retval) - goto cleanup; + retval = make_preauth_list(context, ptypes, -1, &preauth_to_use); + if (retval) + goto cleanup; } - + is_tgt_req = tgt_is_local_realm(creds); while (1) { - if (loopcount++ > MAX_IN_TKT_LOOPS) { - retval = KRB5_GET_IN_TKT_LOOP; - goto cleanup; - } + if (loopcount++ > MAX_IN_TKT_LOOPS) { + retval = KRB5_GET_IN_TKT_LOOP; + goto cleanup; + } #if APPLE_PKINIT - inTktDebug("krb5_get_in_tkt calling krb5_obtain_padata\n"); + inTktDebug("krb5_get_in_tkt calling krb5_obtain_padata\n"); #endif /* APPLE_PKINIT */ - if ((retval = krb5_obtain_padata(context, preauth_to_use, key_proc, - keyseed, creds, &request)) != 0) - goto cleanup; - if (preauth_to_use) - krb5_free_pa_data(context, preauth_to_use); - preauth_to_use = 0; - - err_reply = 0; - as_reply = 0; + if ((retval = krb5_obtain_padata(context, preauth_to_use, key_proc, + keyseed, creds, &request)) != 0) + goto cleanup; + if (preauth_to_use) + krb5_free_pa_data(context, preauth_to_use); + preauth_to_use = 0; + + err_reply = 0; + as_reply = 0; if ((retval = krb5_timeofday(context, &time_now))) - goto cleanup; + goto cleanup; /* * XXX we know they are the same size... and we should do * something better than just the current time */ - request.nonce = (krb5_int32) time_now; - - if ((retval = encode_krb5_as_req(&request, &encoded_request)) != 0) - goto cleanup; - retval = send_as_request(context, encoded_request, - krb5_princ_realm(context, request.client), &err_reply, - &as_reply, &use_master); - krb5_free_data(context, encoded_request); - if (retval != 0) - goto cleanup; - - if (err_reply) { - if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED && - err_reply->e_data.length > 0) { - retval = decode_krb5_padata_sequence(&err_reply->e_data, - &preauth_to_use); - krb5_free_error(context, err_reply); - if (retval) - goto cleanup; + request.nonce = (krb5_int32) time_now; + + if ((retval = encode_krb5_as_req(&request, &encoded_request)) != 0) + goto cleanup; + retval = send_as_request(context, encoded_request, + krb5_princ_realm(context, request.client), &err_reply, + &as_reply, &use_master); + krb5_free_data(context, encoded_request); + if (retval != 0) + goto cleanup; + + if (err_reply) { + if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED && + err_reply->e_data.length > 0) { + retval = decode_krb5_padata_sequence(&err_reply->e_data, + &preauth_to_use); + krb5_free_error(context, err_reply); + if (retval) + goto cleanup; retval = sort_krb5_padata_sequence(context, - &request.server->realm, - preauth_to_use); - if (retval) - goto cleanup; - continue; - } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) { - if (++referral_count > KRB5_REFERRAL_MAXHOPS || - err_reply->client == NULL || - err_reply->client->realm.length == 0) { - retval = KRB5KDC_ERR_WRONG_REALM; - krb5_free_error(context, err_reply); - goto cleanup; - } - /* Rewrite request.client with realm from error reply */ - if (referred_client.realm.data) { - krb5_free_data_contents(context, &referred_client.realm); - referred_client.realm.data = NULL; - } - retval = krb5int_copy_data_contents(context, - &err_reply->client->realm, - &referred_client.realm); - krb5_free_error(context, err_reply); - if (retval) - goto cleanup; - request.client = &referred_client; - - if (referred_server != NULL) { - krb5_free_principal(context, referred_server); - referred_server = NULL; - } - - retval = rewrite_server_realm(context, - creds->server, - &referred_client.realm, - is_tgt_req, - &referred_server); - if (retval) - goto cleanup; - request.server = referred_server; - - continue; - } else { - retval = (krb5_error_code) err_reply->error - + ERROR_TABLE_BASE_krb5; - krb5_free_error(context, err_reply); - goto cleanup; - } - } else if (!as_reply) { - retval = KRB5KRB_AP_ERR_MSG_TYPE; - goto cleanup; - } - if ((retval = krb5_process_padata(context, &request, as_reply, - key_proc, keyseed, decrypt_proc, - &decrypt_key, creds, - &do_more)) != 0) - goto cleanup; - - if (!do_more) - break; + &request.server->realm, + preauth_to_use); + if (retval) + goto cleanup; + continue; + } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) { + if (++referral_count > KRB5_REFERRAL_MAXHOPS || + err_reply->client == NULL || + err_reply->client->realm.length == 0) { + retval = KRB5KDC_ERR_WRONG_REALM; + krb5_free_error(context, err_reply); + goto cleanup; + } + /* Rewrite request.client with realm from error reply */ + if (referred_client.realm.data) { + krb5_free_data_contents(context, &referred_client.realm); + referred_client.realm.data = NULL; + } + retval = krb5int_copy_data_contents(context, + &err_reply->client->realm, + &referred_client.realm); + krb5_free_error(context, err_reply); + if (retval) + goto cleanup; + request.client = &referred_client; + + if (referred_server != NULL) { + krb5_free_principal(context, referred_server); + referred_server = NULL; + } + + retval = rewrite_server_realm(context, + creds->server, + &referred_client.realm, + is_tgt_req, + &referred_server); + if (retval) + goto cleanup; + request.server = referred_server; + + continue; + } else { + retval = (krb5_error_code) err_reply->error + + ERROR_TABLE_BASE_krb5; + krb5_free_error(context, err_reply); + goto cleanup; + } + } else if (!as_reply) { + retval = KRB5KRB_AP_ERR_MSG_TYPE; + goto cleanup; + } + if ((retval = krb5_process_padata(context, &request, as_reply, + key_proc, keyseed, decrypt_proc, + &decrypt_key, creds, + &do_more)) != 0) + goto cleanup; + + if (!do_more) + break; } - + if ((retval = decrypt_as_reply(context, &request, as_reply, key_proc, - keyseed, decrypt_key, decrypt_proc, - decryptarg))) - goto cleanup; + keyseed, decrypt_key, decrypt_proc, + decryptarg))) + goto cleanup; if ((retval = verify_as_reply(context, time_now, &request, as_reply))) - goto cleanup; + goto cleanup; if ((retval = stash_as_reply(context, time_now, &request, as_reply, - creds, ccache))) - goto cleanup; + creds, ccache))) + goto cleanup; cleanup: if (request.ktype) - free(request.ktype); + free(request.ktype); if (!addrs && request.addresses) - krb5_free_addresses(context, request.addresses); + krb5_free_addresses(context, request.addresses); if (request.padata) - krb5_free_pa_data(context, request.padata); + krb5_free_pa_data(context, request.padata); if (preauth_to_use) - krb5_free_pa_data(context, preauth_to_use); + krb5_free_pa_data(context, preauth_to_use); if (decrypt_key) - krb5_free_keyblock(context, decrypt_key); + krb5_free_keyblock(context, decrypt_key); if (as_reply) { - if (ret_as_reply) - *ret_as_reply = as_reply; - else - krb5_free_kdc_rep(context, as_reply); + if (ret_as_reply) + *ret_as_reply = as_reply; + else + krb5_free_kdc_rep(context, as_reply); } if (referred_client.realm.data) - krb5_free_data_contents(context, &referred_client.realm); + krb5_free_data_contents(context, &referred_client.realm); if (referred_server) - krb5_free_principal(context, referred_server); + krb5_free_principal(context, referred_server); return (retval); } @@ -833,13 +834,13 @@ _krb5_conf_boolean(const char *s) const char *const *p; for(p=conf_yes; *p; p++) { - if (!strcasecmp(*p,s)) - return 1; + if (!strcasecmp(*p,s)) + return 1; } for(p=conf_no; *p; p++) { - if (!strcasecmp(*p,s)) - return 0; + if (!strcasecmp(*p,s)) + return 0; } /* Default to "no" */ @@ -848,7 +849,7 @@ _krb5_conf_boolean(const char *s) static krb5_error_code krb5_libdefault_string(krb5_context context, const krb5_data *realm, - const char *option, char **ret_value) + const char *option, char **ret_value) { profile_t profile; const char *names[5]; @@ -857,25 +858,25 @@ krb5_libdefault_string(krb5_context context, const krb5_data *realm, char realmstr[1024]; if (realm->length > sizeof(realmstr)-1) - return(EINVAL); + return(EINVAL); strncpy(realmstr, realm->data, realm->length); realmstr[realm->length] = '\0'; - if (!context || (context->magic != KV5M_CONTEXT)) - return KV5M_CONTEXT; + if (!context || (context->magic != KV5M_CONTEXT)) + return KV5M_CONTEXT; profile = context->profile; - + names[0] = KRB5_CONF_LIBDEFAULTS; /* * Try number one: * * [libdefaults] - * REALM = { - * option = <boolean> - * } + * REALM = { + * option = <boolean> + * } */ names[1] = realmstr; @@ -883,24 +884,24 @@ krb5_libdefault_string(krb5_context context, const krb5_data *realm, names[3] = 0; retval = profile_get_values(profile, names, &nameval); if (retval == 0 && nameval && nameval[0]) - goto goodbye; + goto goodbye; /* * Try number two: * * [libdefaults] - * option = <boolean> + * option = <boolean> */ - + names[1] = option; names[2] = 0; retval = profile_get_values(profile, names, &nameval); if (retval == 0 && nameval && nameval[0]) - goto goodbye; + goto goodbye; goodbye: - if (!nameval) - return(ENOENT); + if (!nameval) + return(ENOENT); if (!nameval[0]) { retval = ENOENT; @@ -920,7 +921,7 @@ goodbye: krb5_error_code krb5_libdefault_boolean(krb5_context context, const krb5_data *realm, - const char *option, int *ret_value) + const char *option, int *ret_value) { char *string = NULL; krb5_error_code retval; @@ -928,7 +929,7 @@ krb5_libdefault_boolean(krb5_context context, const krb5_data *realm, retval = krb5_libdefault_string(context, realm, option, &string); if (retval) - return(retval); + return(retval); *ret_value = _krb5_conf_boolean(string); free(string); @@ -940,7 +941,7 @@ krb5_libdefault_boolean(krb5_context context, const krb5_data *realm, * libdefaults entry are listed before any others. */ static krb5_error_code sort_krb5_padata_sequence(krb5_context context, krb5_data *realm, - krb5_pa_data **padata) + krb5_pa_data **padata) { int i, j, base; krb5_error_code ret; @@ -951,58 +952,58 @@ sort_krb5_padata_sequence(krb5_context context, krb5_data *realm, int need_free_string = 1; if ((padata == NULL) || (padata[0] == NULL)) { - return 0; + return 0; } ret = krb5_libdefault_string(context, realm, KRB5_CONF_PREFERRED_PREAUTH_TYPES, - &preauth_types); + &preauth_types); if ((ret != 0) || (preauth_types == NULL)) { - /* Try to use PKINIT first. */ - preauth_types = "17, 16, 15, 14"; - need_free_string = 0; + /* Try to use PKINIT first. */ + preauth_types = "17, 16, 15, 14"; + need_free_string = 0; } #ifdef DEBUG fprintf (stderr, "preauth data types before sorting:"); for (i = 0; padata[i]; i++) { - fprintf (stderr, " %d", padata[i]->pa_type); + fprintf (stderr, " %d", padata[i]->pa_type); } fprintf (stderr, "\n"); #endif base = 0; for (p = preauth_types; *p != '\0';) { - /* skip whitespace to find an entry */ - p += strspn(p, ", "); - if (*p != '\0') { - /* see if we can extract a number */ - l = strtol(p, &q, 10); - if ((q != NULL) && (q > p)) { - /* got a valid number; search for a matchin entry */ - for (i = base; padata[i] != NULL; i++) { - /* bubble the matching entry to the front of the list */ - if (padata[i]->pa_type == l) { - tmp = padata[i]; - for (j = i; j > base; j--) - padata[j] = padata[j - 1]; - padata[base] = tmp; - base++; - break; - } - } - p = q; - } else { - break; - } - } + /* skip whitespace to find an entry */ + p += strspn(p, ", "); + if (*p != '\0') { + /* see if we can extract a number */ + l = strtol(p, &q, 10); + if ((q != NULL) && (q > p)) { + /* got a valid number; search for a matchin entry */ + for (i = base; padata[i] != NULL; i++) { + /* bubble the matching entry to the front of the list */ + if (padata[i]->pa_type == l) { + tmp = padata[i]; + for (j = i; j > base; j--) + padata[j] = padata[j - 1]; + padata[base] = tmp; + base++; + break; + } + } + p = q; + } else { + break; + } + } } if (need_free_string) - free(preauth_types); + free(preauth_types); #ifdef DEBUG fprintf (stderr, "preauth data types after sorting:"); for (i = 0; padata[i]; i++) - fprintf (stderr, " %d", padata[i]->pa_type); + fprintf (stderr, " %d", padata[i]->pa_type); fprintf (stderr, "\n"); #endif @@ -1011,46 +1012,46 @@ sort_krb5_padata_sequence(krb5_context context, krb5_data *realm, static krb5_error_code build_in_tkt_name(krb5_context context, - char *in_tkt_service, - krb5_const_principal client, - krb5_principal *server) + char *in_tkt_service, + krb5_const_principal client, + krb5_principal *server) { krb5_error_code ret; *server = NULL; if (in_tkt_service) { - /* this is ugly, because so are the data structures involved. I'm - in the library, so I'm going to manipulate the data structures - directly, otherwise, it will be worse. */ + /* this is ugly, because so are the data structures involved. I'm + in the library, so I'm going to manipulate the data structures + directly, otherwise, it will be worse. */ if ((ret = krb5_parse_name(context, in_tkt_service, server))) - return ret; - - /* stuff the client realm into the server principal. - realloc if necessary */ - if ((*server)->realm.length < client->realm.length) { - char *p = realloc((*server)->realm.data, - client->realm.length); - if (p == NULL) { - krb5_free_principal(context, *server); - *server = NULL; - return ENOMEM; - } - (*server)->realm.data = p; - } - - (*server)->realm.length = client->realm.length; - memcpy((*server)->realm.data, client->realm.data, client->realm.length); + return ret; + + /* stuff the client realm into the server principal. + realloc if necessary */ + if ((*server)->realm.length < client->realm.length) { + char *p = realloc((*server)->realm.data, + client->realm.length); + if (p == NULL) { + krb5_free_principal(context, *server); + *server = NULL; + return ENOMEM; + } + (*server)->realm.data = p; + } + + (*server)->realm.length = client->realm.length; + memcpy((*server)->realm.data, client->realm.data, client->realm.length); } else { - ret = krb5_build_principal_ext(context, server, - client->realm.length, - client->realm.data, - KRB5_TGS_NAME_SIZE, - KRB5_TGS_NAME, - client->realm.length, - client->realm.data, - 0); + ret = krb5_build_principal_ext(context, server, + client->realm.length, + client->realm.data, + KRB5_TGS_NAME_SIZE, + KRB5_TGS_NAME, + client->realm.length, + client->realm.data, + 0); } return ret; } @@ -1067,22 +1068,22 @@ should_continue_preauth(krb5_ui_4 error, int loopcount) * currently it does not do so for built-in mechanisms. */ return (error == KDC_ERR_PREAUTH_REQUIRED || - (error == KDC_ERR_PREAUTH_FAILED && loopcount == 0)); + (error == KDC_ERR_PREAUTH_FAILED && loopcount == 0)); } krb5_error_code KRB5_CALLCONV krb5_get_init_creds(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_prompter_fct prompter, - void *prompter_data, - krb5_deltat start_time, - char *in_tkt_service, - krb5_gic_opt_ext *options, - krb5_gic_get_as_key_fct gak_fct, - void *gak_data, - int *use_master, - krb5_kdc_rep **as_reply) + krb5_creds *creds, + krb5_principal client, + krb5_prompter_fct prompter, + void *prompter_data, + krb5_deltat start_time, + char *in_tkt_service, + krb5_gic_opt_ext *options, + krb5_gic_get_as_key_fct gak_fct, + void *gak_data, + int *use_master, + krb5_kdc_rep **as_reply) { krb5_error_code ret; krb5_kdc_req request; @@ -1107,7 +1108,7 @@ krb5_get_init_creds(krb5_context context, krb5_boolean retry = 0; struct krb5int_fast_request_state *fast_state = NULL; krb5_pa_data **out_padata = NULL; - + /* initialize everything which will be freed at cleanup */ @@ -1124,14 +1125,14 @@ krb5_get_init_creds(krb5_context context, as_key.length = 0; encrypting_key.length = 0; encrypting_key.contents = NULL; - salt.length = 0; + salt.length = 0; salt.data = NULL; - local_as_reply = 0; + local_as_reply = 0; #if APPLE_PKINIT inTktDebug("krb5_get_init_creds top\n"); #endif /* APPLE_PKINIT */ - + err_reply = NULL; /* referred_client is used to rewrite the client realm for referrals */ @@ -1140,7 +1141,7 @@ krb5_get_init_creds(krb5_context context, referred_client.realm.length = 0; ret = krb5int_fast_make_state(context, &fast_state); if (ret) - goto cleanup; + goto cleanup; /* * Set up the basic request structure @@ -1158,137 +1159,137 @@ krb5_get_init_creds(krb5_context context, /* forwardable */ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)) - tempint = options->forwardable; + tempint = options->forwardable; else if ((ret = krb5_libdefault_boolean(context, &client->realm, - KRB5_CONF_FORWARDABLE, &tempint)) == 0) - ; + KRB5_CONF_FORWARDABLE, &tempint)) == 0) + ; else - tempint = 0; + tempint = 0; if (tempint) - request.kdc_options |= KDC_OPT_FORWARDABLE; + request.kdc_options |= KDC_OPT_FORWARDABLE; /* proxiable */ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)) - tempint = options->proxiable; + tempint = options->proxiable; else if ((ret = krb5_libdefault_boolean(context, &client->realm, - KRB5_CONF_PROXIABLE, &tempint)) == 0) - ; + KRB5_CONF_PROXIABLE, &tempint)) == 0) + ; else - tempint = 0; + tempint = 0; if (tempint) - request.kdc_options |= KDC_OPT_PROXIABLE; + request.kdc_options |= KDC_OPT_PROXIABLE; /* canonicalize */ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE)) - tempint = 1; + tempint = 1; else if ((ret = krb5_libdefault_boolean(context, &client->realm, - KRB5_CONF_CANONICALIZE, &tempint)) == 0) - ; + KRB5_CONF_CANONICALIZE, &tempint)) == 0) + ; else - tempint = 0; + tempint = 0; if (tempint) - request.kdc_options |= KDC_OPT_CANONICALIZE; + request.kdc_options |= KDC_OPT_CANONICALIZE; /* allow_postdate */ - + if (start_time > 0) - request.kdc_options |= (KDC_OPT_ALLOW_POSTDATE|KDC_OPT_POSTDATED); - + request.kdc_options |= (KDC_OPT_ALLOW_POSTDATE|KDC_OPT_POSTDATED); + /* ticket lifetime */ - + if ((ret = krb5_timeofday(context, &request.from))) - goto cleanup; + goto cleanup; request.from = krb5int_addint32(request.from, start_time); - + if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)) { tkt_life = options->tkt_life; } else if ((ret = krb5_libdefault_string(context, &client->realm, - KRB5_CONF_TICKET_LIFETIME, &tempstr)) - == 0) { - ret = krb5_string_to_deltat(tempstr, &tkt_life); - free(tempstr); - if (ret) { - goto cleanup; - } + KRB5_CONF_TICKET_LIFETIME, &tempstr)) + == 0) { + ret = krb5_string_to_deltat(tempstr, &tkt_life); + free(tempstr); + if (ret) { + goto cleanup; + } } else { - /* this used to be hardcoded in kinit.c */ - tkt_life = 24*60*60; + /* this used to be hardcoded in kinit.c */ + tkt_life = 24*60*60; } request.till = krb5int_addint32(request.from, tkt_life); - + /* renewable lifetime */ - + if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) { - renew_life = options->renew_life; + renew_life = options->renew_life; } else if ((ret = krb5_libdefault_string(context, &client->realm, - KRB5_CONF_RENEW_LIFETIME, &tempstr)) - == 0) { - ret = krb5_string_to_deltat(tempstr, &renew_life); - free(tempstr); - if (ret) { - goto cleanup; - } + KRB5_CONF_RENEW_LIFETIME, &tempstr)) + == 0) { + ret = krb5_string_to_deltat(tempstr, &renew_life); + free(tempstr); + if (ret) { + goto cleanup; + } } else { - renew_life = 0; + renew_life = 0; } if (renew_life > 0) - request.kdc_options |= KDC_OPT_RENEWABLE; - + request.kdc_options |= KDC_OPT_RENEWABLE; + if (renew_life > 0) { - request.rtime = krb5int_addint32(request.from, renew_life); + request.rtime = krb5int_addint32(request.from, renew_life); if (request.rtime < request.till) { /* don't ask for a smaller renewable time than the lifetime */ request.rtime = request.till; } /* we are already asking for renewable tickets so strip this option */ - request.kdc_options &= ~(KDC_OPT_RENEWABLE_OK); + request.kdc_options &= ~(KDC_OPT_RENEWABLE_OK); } else { - request.rtime = 0; + request.rtime = 0; } - + /* client */ request.client = client; /* per referrals draft, enterprise principals imply canonicalization */ canon_flag = ((request.kdc_options & KDC_OPT_CANONICALIZE) != 0) || - client->type == KRB5_NT_ENTERPRISE_PRINCIPAL; + client->type == KRB5_NT_ENTERPRISE_PRINCIPAL; /* service */ if ((ret = build_in_tkt_name(context, in_tkt_service, - request.client, &request.server))) - goto cleanup; + request.client, &request.server))) + goto cleanup; krb5_preauth_request_context_init(context); if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST)) { - request.ktype = options->etype_list; - request.nktypes = options->etype_list_length; + request.ktype = options->etype_list; + request.nktypes = options->etype_list_length; } else if ((ret = krb5_get_default_in_tkt_ktypes(context, - &request.ktype)) == 0) { - for (request.nktypes = 0; - request.ktype[request.nktypes]; - request.nktypes++) - ; + &request.ktype)) == 0) { + for (request.nktypes = 0; + request.ktype[request.nktypes]; + request.nktypes++) + ; } else { - /* there isn't any useful default here. ret is set from above */ - goto cleanup; + /* there isn't any useful default here. ret is set from above */ + goto cleanup; } if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST)) { - request.addresses = options->address_list; + request.addresses = options->address_list; } /* it would be nice if this parsed out an address list, but that would be work. */ else if (((ret = krb5_libdefault_boolean(context, &client->realm, - KRB5_CONF_NOADDRESSES, &tempint)) != 0) - || (tempint == 1)) { - ; + KRB5_CONF_NOADDRESSES, &tempint)) != 0) + || (tempint == 1)) { + ; } else { - if ((ret = krb5_os_localaddr(context, &request.addresses))) - goto cleanup; + if ((ret = krb5_os_localaddr(context, &request.addresses))) + goto cleanup; } request.authorization_data.ciphertext.length = 0; @@ -1299,228 +1300,228 @@ krb5_get_init_creds(krb5_context context, /* set up the other state. */ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)) { - if ((ret = make_preauth_list(context, options->preauth_list, - options->preauth_list_length, - &preauth_to_use))) - goto cleanup; + if ((ret = make_preauth_list(context, options->preauth_list, + options->preauth_list_length, + &preauth_to_use))) + goto cleanup; } /* the salt is allocated from somewhere, unless it is from the caller, then it is a reference */ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)) { - salt = *options->salt; + salt = *options->salt; } else { - salt.length = SALT_TYPE_AFS_LENGTH; - salt.data = NULL; + salt.length = SALT_TYPE_AFS_LENGTH; + salt.data = NULL; } /* set the request nonce */ if ((ret = krb5_timeofday(context, &time_now))) - goto cleanup; + goto cleanup; /* * XXX we know they are the same size... and we should do * something better than just the current time */ { - unsigned char random_buf[4]; - krb5_data random_data; - - random_data.length = 4; - random_data.data = (char *)random_buf; - if (krb5_c_random_make_octets(context, &random_data) == 0) - /* See RT ticket 3196 at MIT. If we set the high bit, we - may have compatibility problems with Heimdal, because - we (incorrectly) encode this value as signed. */ - request.nonce = 0x7fffffff & load_32_n(random_buf); - else - /* XXX Yuck. Old version. */ - request.nonce = (krb5_int32) time_now; + unsigned char random_buf[4]; + krb5_data random_data; + + random_data.length = 4; + random_data.data = (char *)random_buf; + if (krb5_c_random_make_octets(context, &random_data) == 0) + /* See RT ticket 3196 at MIT. If we set the high bit, we + may have compatibility problems with Heimdal, because + we (incorrectly) encode this value as signed. */ + request.nonce = 0x7fffffff & load_32_n(random_buf); + else + /* XXX Yuck. Old version. */ + request.nonce = (krb5_int32) time_now; } ret = krb5int_fast_as_armor(context, fast_state, options, &request); if (ret != 0) - goto cleanup; + goto cleanup; /* give the preauth plugins a chance to prep the request body */ krb5_preauth_prepare_request(context, options, &request); ret = krb5int_fast_prep_req_body(context, fast_state, - &request, &encoded_request_body); + &request, &encoded_request_body); if (ret) goto cleanup; get_data_rock.magic = CLIENT_ROCK_MAGIC; get_data_rock.etype = &etype; get_data_rock.fast_state = fast_state; - + /* now, loop processing preauth data and talking to the kdc */ for (loopcount = 0; loopcount < MAX_IN_TKT_LOOPS; loopcount++) { - if (request.padata) { - krb5_free_pa_data(context, request.padata); - request.padata = NULL; - } - if (!err_reply) { + if (request.padata) { + krb5_free_pa_data(context, request.padata); + request.padata = NULL; + } + if (!err_reply) { /* either our first attempt, or retrying after PREAUTH_NEEDED */ - if ((ret = krb5_do_preauth(context, - &request, - encoded_request_body, - encoded_previous_request, - preauth_to_use, &request.padata, - &salt, &s2kparams, &etype, &as_key, - prompter, prompter_data, - gak_fct, gak_data, - &get_data_rock, options))) - goto cleanup; - if (out_padata) { - krb5_free_pa_data(context, out_padata); - out_padata = NULL; - } - } else { - if (preauth_to_use != NULL) { - /* - * Retry after an error other than PREAUTH_NEEDED, - * using e-data to figure out what to change. - */ - ret = krb5_do_preauth_tryagain(context, - &request, - encoded_request_body, - encoded_previous_request, - preauth_to_use, &request.padata, - err_reply, - &salt, &s2kparams, &etype, - &as_key, - prompter, prompter_data, - gak_fct, gak_data, - &get_data_rock, options); - } else { - /* No preauth supplied, so can't query the plug-ins. */ - ret = KRB5KRB_ERR_GENERIC; - } - if (ret) { - /* couldn't come up with anything better */ - ret = err_reply->error + ERROR_TABLE_BASE_krb5; - } - krb5_free_error(context, err_reply); - err_reply = NULL; - if (ret) - goto cleanup; - } + if ((ret = krb5_do_preauth(context, + &request, + encoded_request_body, + encoded_previous_request, + preauth_to_use, &request.padata, + &salt, &s2kparams, &etype, &as_key, + prompter, prompter_data, + gak_fct, gak_data, + &get_data_rock, options))) + goto cleanup; + if (out_padata) { + krb5_free_pa_data(context, out_padata); + out_padata = NULL; + } + } else { + if (preauth_to_use != NULL) { + /* + * Retry after an error other than PREAUTH_NEEDED, + * using e-data to figure out what to change. + */ + ret = krb5_do_preauth_tryagain(context, + &request, + encoded_request_body, + encoded_previous_request, + preauth_to_use, &request.padata, + err_reply, + &salt, &s2kparams, &etype, + &as_key, + prompter, prompter_data, + gak_fct, gak_data, + &get_data_rock, options); + } else { + /* No preauth supplied, so can't query the plug-ins. */ + ret = KRB5KRB_ERR_GENERIC; + } + if (ret) { + /* couldn't come up with anything better */ + ret = err_reply->error + ERROR_TABLE_BASE_krb5; + } + krb5_free_error(context, err_reply); + err_reply = NULL; + if (ret) + goto cleanup; + } if (encoded_previous_request != NULL) { - krb5_free_data(context, encoded_previous_request); - encoded_previous_request = NULL; + krb5_free_data(context, encoded_previous_request); + encoded_previous_request = NULL; + } + ret = krb5int_fast_prep_req(context, fast_state, + &request, encoded_request_body, + encode_krb5_as_req, &encoded_previous_request); + if (ret) + goto cleanup; + + err_reply = 0; + local_as_reply = 0; + if ((ret = send_as_request(context, encoded_previous_request, + krb5_princ_realm(context, request.client), &err_reply, + &local_as_reply, use_master))) + goto cleanup; + + if (err_reply) { + ret = krb5int_fast_process_error(context, fast_state, &err_reply, + &out_padata, &retry); + if (ret !=0) + goto cleanup; + if (should_continue_preauth(err_reply->error, loopcount) && retry) { + /* reset the list of preauth types to try */ + if (preauth_to_use) { + krb5_free_pa_data(context, preauth_to_use); + preauth_to_use = NULL; + } + preauth_to_use = out_padata; + out_padata = NULL; + krb5_free_error(context, err_reply); + err_reply = NULL; + ret = sort_krb5_padata_sequence(context, + &request.server->realm, + preauth_to_use); + if (ret) + goto cleanup; + /* continue to next iteration */ + } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) { + if (err_reply->client == NULL || + err_reply->client->realm.length == 0) { + ret = KRB5KDC_ERR_WRONG_REALM; + krb5_free_error(context, err_reply); + goto cleanup; + } + /* Rewrite request.client with realm from error reply */ + if (referred_client.realm.data) { + krb5_free_data_contents(context, &referred_client.realm); + referred_client.realm.data = NULL; + } + ret = krb5int_copy_data_contents(context, + &err_reply->client->realm, + &referred_client.realm); + krb5_free_error(context, err_reply); + err_reply = NULL; + if (ret) + goto cleanup; + request.client = &referred_client; + + krb5_free_principal(context, request.server); + request.server = NULL; + + ret = build_in_tkt_name(context, in_tkt_service, + request.client, &request.server); + if (ret) + goto cleanup; + } else { + if (retry) { + /* continue to next iteration */ + } else { + /* error + no hints = give up */ + ret = (krb5_error_code) err_reply->error + + ERROR_TABLE_BASE_krb5; + krb5_free_error(context, err_reply); + goto cleanup; + } + } + } else if (local_as_reply) { + break; + } else { + ret = KRB5KRB_AP_ERR_MSG_TYPE; + goto cleanup; } - ret = krb5int_fast_prep_req(context, fast_state, - &request, encoded_request_body, - encode_krb5_as_req, &encoded_previous_request); - if (ret) - goto cleanup; - - err_reply = 0; - local_as_reply = 0; - if ((ret = send_as_request(context, encoded_previous_request, - krb5_princ_realm(context, request.client), &err_reply, - &local_as_reply, use_master))) - goto cleanup; - - if (err_reply) { - ret = krb5int_fast_process_error(context, fast_state, &err_reply, - &out_padata, &retry); - if (ret !=0) - goto cleanup; - if (should_continue_preauth(err_reply->error, loopcount) && retry) { - /* reset the list of preauth types to try */ - if (preauth_to_use) { - krb5_free_pa_data(context, preauth_to_use); - preauth_to_use = NULL; - } - preauth_to_use = out_padata; - out_padata = NULL; - krb5_free_error(context, err_reply); - err_reply = NULL; - ret = sort_krb5_padata_sequence(context, - &request.server->realm, - preauth_to_use); - if (ret) - goto cleanup; - /* continue to next iteration */ - } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) { - if (err_reply->client == NULL || - err_reply->client->realm.length == 0) { - ret = KRB5KDC_ERR_WRONG_REALM; - krb5_free_error(context, err_reply); - goto cleanup; - } - /* Rewrite request.client with realm from error reply */ - if (referred_client.realm.data) { - krb5_free_data_contents(context, &referred_client.realm); - referred_client.realm.data = NULL; - } - ret = krb5int_copy_data_contents(context, - &err_reply->client->realm, - &referred_client.realm); - krb5_free_error(context, err_reply); - err_reply = NULL; - if (ret) - goto cleanup; - request.client = &referred_client; - - krb5_free_principal(context, request.server); - request.server = NULL; - - ret = build_in_tkt_name(context, in_tkt_service, - request.client, &request.server); - if (ret) - goto cleanup; - } else { - if (retry) { - /* continue to next iteration */ - } else { - /* error + no hints = give up */ - ret = (krb5_error_code) err_reply->error - + ERROR_TABLE_BASE_krb5; - krb5_free_error(context, err_reply); - goto cleanup; - } - } - } else if (local_as_reply) { - break; - } else { - ret = KRB5KRB_AP_ERR_MSG_TYPE; - goto cleanup; - } } #if APPLE_PKINIT inTktDebug("krb5_get_init_creds done with send_as_request loop lc %d\n", - (int)loopcount); + (int)loopcount); #endif /* APPLE_PKINIT */ if (loopcount == MAX_IN_TKT_LOOPS) { - ret = KRB5_GET_IN_TKT_LOOP; - goto cleanup; + ret = KRB5_GET_IN_TKT_LOOP; + goto cleanup; } /* process any preauth data in the as_reply */ krb5_clear_preauth_context_use_counts(context); ret = krb5int_fast_process_response(context, fast_state, - local_as_reply, &strengthen_key); + local_as_reply, &strengthen_key); if (ret) - goto cleanup; + goto cleanup; if ((ret = sort_krb5_padata_sequence(context, &request.server->realm, - local_as_reply->padata))) - goto cleanup; + local_as_reply->padata))) + goto cleanup; etype = local_as_reply->enc_part.enctype; if ((ret = krb5_do_preauth(context, - &request, - encoded_request_body, encoded_previous_request, - local_as_reply->padata, &kdc_padata, - &salt, &s2kparams, &etype, &as_key, prompter, - prompter_data, gak_fct, gak_data, - &get_data_rock, options))) { + &request, + encoded_request_body, encoded_previous_request, + local_as_reply->padata, &kdc_padata, + &salt, &s2kparams, &etype, &as_key, prompter, + prompter_data, gak_fct, gak_data, + &get_data_rock, options))) { #if APPLE_PKINIT inTktDebug("krb5_get_init_creds krb5_do_preauth returned %d\n", (int)ret); #endif /* APPLE_PKINIT */ - goto cleanup; - } + goto cleanup; + } /* * If we haven't gotten a salt from another source yet, set up one @@ -1533,9 +1534,9 @@ krb5_get_init_creds(krb5_context context, * verify_as_reply. */ if (salt.length == SALT_TYPE_AFS_LENGTH && salt.data == NULL) { - ret = krb5_principal2salt(context, local_as_reply->client, &salt); - if (ret) - goto cleanup; + ret = krb5_principal2salt(context, local_as_reply->client, &salt); + if (ret) + goto cleanup; } /* XXX For 1.1.1 and prior KDC's, when SAM is used w/ USE_SAD_AS_KEY, @@ -1543,7 +1544,7 @@ krb5_get_init_creds(krb5_context context, instead of in the SAD. If there was a SAM preauth, there will be an as_key here which will be the SAD. If that fails, use the gak_fct to get the password, and try again. */ - + /* XXX because etypes are handled poorly (particularly wrt SAM, where the etype is fixed by the kdc), we may want to try decrypt_as_reply twice. If there's an as_key available, try @@ -1551,37 +1552,37 @@ krb5_get_init_creds(krb5_context context, as_key at all yet, then use the gak_fct to get one, and try again. */ if (as_key.length) { - ret = krb5int_fast_reply_key(context, strengthen_key, &as_key, - &encrypting_key); - if (ret) - goto cleanup; - ret = decrypt_as_reply(context, NULL, local_as_reply, NULL, - NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc, - NULL); + ret = krb5int_fast_reply_key(context, strengthen_key, &as_key, + &encrypting_key); + if (ret) + goto cleanup; + ret = decrypt_as_reply(context, NULL, local_as_reply, NULL, + NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc, + NULL); } else - ret = -1; - + ret = -1; + if (ret) { - /* if we haven't get gotten a key, get it now */ - - if ((ret = ((*gak_fct)(context, request.client, - local_as_reply->enc_part.enctype, - prompter, prompter_data, &salt, &s2kparams, - &as_key, gak_data)))) - goto cleanup; - - ret = krb5int_fast_reply_key(context, strengthen_key, &as_key, - &encrypting_key); - if (ret) - goto cleanup; - if ((ret = decrypt_as_reply(context, NULL, local_as_reply, NULL, - NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc, - NULL))) - goto cleanup; + /* if we haven't get gotten a key, get it now */ + + if ((ret = ((*gak_fct)(context, request.client, + local_as_reply->enc_part.enctype, + prompter, prompter_data, &salt, &s2kparams, + &as_key, gak_data)))) + goto cleanup; + + ret = krb5int_fast_reply_key(context, strengthen_key, &as_key, + &encrypting_key); + if (ret) + goto cleanup; + if ((ret = decrypt_as_reply(context, NULL, local_as_reply, NULL, + NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc, + NULL))) + goto cleanup; } if ((ret = verify_as_reply(context, time_now, &request, local_as_reply))) - goto cleanup; + goto cleanup; /* XXX this should be inside stash_as_reply, but as long as get_in_tkt is still around using that arg as an in/out, I can't @@ -1589,8 +1590,8 @@ krb5_get_init_creds(krb5_context context, memset(creds, 0, sizeof(*creds)); if ((ret = stash_as_reply(context, time_now, &request, local_as_reply, - creds, NULL))) - goto cleanup; + creds, NULL))) + goto cleanup; /* success */ @@ -1598,65 +1599,65 @@ krb5_get_init_creds(krb5_context context, cleanup: if (ret != 0) { - char *client_name; - /* See if we can produce a more detailed error message. */ - switch (ret) { - case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: - client_name = NULL; - if (krb5_unparse_name(context, client, &client_name) == 0) { - krb5_set_error_message(context, ret, - "Client '%s' not found in Kerberos database", - client_name); - free(client_name); - } - break; - default: - break; - } + char *client_name; + /* See if we can produce a more detailed error message. */ + switch (ret) { + case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: + client_name = NULL; + if (krb5_unparse_name(context, client, &client_name) == 0) { + krb5_set_error_message(context, ret, + "Client '%s' not found in Kerberos database", + client_name); + free(client_name); + } + break; + default: + break; + } } krb5_preauth_request_context_fini(context); - krb5_free_keyblock(context, strengthen_key); - if (encrypting_key.contents) - krb5_free_keyblock_contents(context, &encrypting_key); - if (fast_state) - krb5int_fast_free_state(context, fast_state); + krb5_free_keyblock(context, strengthen_key); + if (encrypting_key.contents) + krb5_free_keyblock_contents(context, &encrypting_key); + if (fast_state) + krb5int_fast_free_state(context, fast_state); if (out_padata) - krb5_free_pa_data(context, out_padata); + krb5_free_pa_data(context, out_padata); if (encoded_previous_request != NULL) { - krb5_free_data(context, encoded_previous_request); - encoded_previous_request = NULL; + krb5_free_data(context, encoded_previous_request); + encoded_previous_request = NULL; } if (encoded_request_body != NULL) { - krb5_free_data(context, encoded_request_body); - encoded_request_body = NULL; + krb5_free_data(context, encoded_request_body); + encoded_request_body = NULL; } if (request.server) - krb5_free_principal(context, request.server); + krb5_free_principal(context, request.server); if (request.ktype && - (!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST)))) - free(request.ktype); + (!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST)))) + free(request.ktype); if (request.addresses && - (!(options && - (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST)))) - krb5_free_addresses(context, request.addresses); + (!(options && + (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST)))) + krb5_free_addresses(context, request.addresses); if (preauth_to_use) - krb5_free_pa_data(context, preauth_to_use); + krb5_free_pa_data(context, preauth_to_use); if (kdc_padata) - krb5_free_pa_data(context, kdc_padata); + krb5_free_pa_data(context, kdc_padata); if (request.padata) - krb5_free_pa_data(context, request.padata); + krb5_free_pa_data(context, request.padata); if (as_key.length) - krb5_free_keyblock_contents(context, &as_key); + krb5_free_keyblock_contents(context, &as_key); if (salt.data && - (!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)))) - free(salt.data); + (!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)))) + free(salt.data); krb5_free_data_contents(context, &s2kparams); if (as_reply) - *as_reply = local_as_reply; + *as_reply = local_as_reply; else if (local_as_reply) - krb5_free_kdc_rep(context, local_as_reply); + krb5_free_kdc_rep(context, local_as_reply); if (referred_client.realm.data) - krb5_free_data_contents(context, &referred_client.realm); + krb5_free_data_contents(context, &referred_client.realm); return(ret); } diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index 33db552..ab064eb 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/gic_keytab.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -23,7 +24,7 @@ * this software for any purpose. It is provided "as is" without express * or implied warranty. */ -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT #include "k5-int.h" @@ -49,20 +50,20 @@ krb5_get_as_key_keytab( a new one. */ if (as_key->length) { - if (as_key->enctype == etype) - return(0); + if (as_key->enctype == etype) + return(0); - krb5_free_keyblock_contents(context, as_key); - as_key->length = 0; + krb5_free_keyblock_contents(context, as_key); + as_key->length = 0; } if (!krb5_c_valid_enctype(etype)) - return(KRB5_PROG_ETYPE_NOSUPP); + return(KRB5_PROG_ETYPE_NOSUPP); if ((ret = krb5_kt_get_entry(context, keytab, client, - 0, /* don't have vno available */ - etype, &kt_ent))) - return(ret); + 0, /* don't have vno available */ + etype, &kt_ent))) + return(ret); ret = krb5_copy_keyblock(context, &kt_ent.key, &kt_key); @@ -78,93 +79,93 @@ krb5_get_as_key_keytab( krb5_error_code KRB5_CALLCONV krb5_get_init_creds_keytab(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_keytab arg_keytab, - krb5_deltat start_time, - char *in_tkt_service, - krb5_get_init_creds_opt *options) + krb5_creds *creds, + krb5_principal client, + krb5_keytab arg_keytab, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *options) { - krb5_error_code ret, ret2; - int use_master; - krb5_keytab keytab; - krb5_gic_opt_ext *opte = NULL; + krb5_error_code ret, ret2; + int use_master; + krb5_keytab keytab; + krb5_gic_opt_ext *opte = NULL; + + if (arg_keytab == NULL) { + if ((ret = krb5_kt_default(context, &keytab))) + return ret; + } else { + keytab = arg_keytab; + } - if (arg_keytab == NULL) { - if ((ret = krb5_kt_default(context, &keytab))) - return ret; - } else { - keytab = arg_keytab; - } + ret = krb5int_gic_opt_to_opte(context, options, &opte, 1, + "krb5_get_init_creds_keytab"); + if (ret) + return ret; - ret = krb5int_gic_opt_to_opte(context, options, &opte, 1, - "krb5_get_init_creds_keytab"); - if (ret) - return ret; + use_master = 0; - use_master = 0; + /* first try: get the requested tkt from any kdc */ - /* first try: get the requested tkt from any kdc */ + ret = krb5_get_init_creds(context, creds, client, NULL, NULL, + start_time, in_tkt_service, opte, + krb5_get_as_key_keytab, (void *) keytab, + &use_master,NULL); - ret = krb5_get_init_creds(context, creds, client, NULL, NULL, - start_time, in_tkt_service, opte, - krb5_get_as_key_keytab, (void *) keytab, - &use_master,NULL); + /* check for success */ - /* check for success */ + if (ret == 0) + goto cleanup; - if (ret == 0) - goto cleanup; + /* If all the kdc's are unavailable fail */ - /* If all the kdc's are unavailable fail */ + if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE)) + goto cleanup; - if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE)) - goto cleanup; + /* if the reply did not come from the master kdc, try again with + the master kdc */ - /* if the reply did not come from the master kdc, try again with - the master kdc */ + if (!use_master) { + use_master = 1; - if (!use_master) { - use_master = 1; + ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL, + start_time, in_tkt_service, opte, + krb5_get_as_key_keytab, (void *) keytab, + &use_master, NULL); - ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL, - start_time, in_tkt_service, opte, - krb5_get_as_key_keytab, (void *) keytab, - &use_master, NULL); - - if (ret2 == 0) { - ret = 0; - goto cleanup; - } + if (ret2 == 0) { + ret = 0; + goto cleanup; + } - /* if the master is unreachable, return the error from the - slave we were able to contact */ + /* if the master is unreachable, return the error from the + slave we were able to contact */ - if ((ret2 == KRB5_KDC_UNREACH) || - (ret2 == KRB5_REALM_CANT_RESOLVE) || - (ret2 == KRB5_REALM_UNKNOWN)) - goto cleanup; + if ((ret2 == KRB5_KDC_UNREACH) || + (ret2 == KRB5_REALM_CANT_RESOLVE) || + (ret2 == KRB5_REALM_UNKNOWN)) + goto cleanup; - ret = ret2; - } + ret = ret2; + } - /* at this point, we have a response from the master. Since we don't - do any prompting or changing for keytabs, that's it. */ + /* at this point, we have a response from the master. Since we don't + do any prompting or changing for keytabs, that's it. */ cleanup: - if (opte && krb5_gic_opt_is_shadowed(opte)) - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); - if (arg_keytab == NULL) - krb5_kt_close(context, keytab); + if (opte && krb5_gic_opt_is_shadowed(opte)) + krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); + if (arg_keytab == NULL) + krb5_kt_close(context, keytab); - return(ret); + return(ret); } krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, - krb5_address *const *addrs, krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types, - krb5_keytab arg_keytab, krb5_ccache ccache, - krb5_creds *creds, krb5_kdc_rep **ret_as_reply) + krb5_address *const *addrs, krb5_enctype *ktypes, + krb5_preauthtype *pre_auth_types, + krb5_keytab arg_keytab, krb5_ccache ccache, + krb5_creds *creds, krb5_kdc_rep **ret_as_reply) { krb5_error_code retval; krb5_gic_opt_ext *opte; @@ -172,49 +173,48 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5_keytab keytab; krb5_principal client_princ, server_princ; int use_master = 0; - + retval = krb5int_populate_gic_opt(context, &opte, - options, addrs, ktypes, - pre_auth_types, creds); + options, addrs, ktypes, + pre_auth_types, creds); if (retval) - return retval; + return retval; if (arg_keytab == NULL) { - retval = krb5_kt_default(context, &keytab); - if (retval) - return retval; + retval = krb5_kt_default(context, &keytab); + if (retval) + return retval; } else keytab = arg_keytab; - + retval = krb5_unparse_name( context, creds->server, &server); if (retval) - goto cleanup; + goto cleanup; server_princ = creds->server; client_princ = creds->client; retval = krb5_get_init_creds (context, - creds, creds->client, - krb5_prompter_posix, NULL, - 0, server, opte, - krb5_get_as_key_keytab, (void *)keytab, - &use_master, ret_as_reply); + creds, creds->client, + krb5_prompter_posix, NULL, + 0, server, opte, + krb5_get_as_key_keytab, (void *)keytab, + &use_master, ret_as_reply); krb5_free_unparsed_name( context, server); krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); if (retval) { - goto cleanup; + goto cleanup; } krb5_free_principal(context, creds->server); krb5_free_principal(context, creds->client); - creds->client = client_princ; - creds->server = server_princ; - + creds->client = client_princ; + creds->server = server_princ; + /* store it in the ccache! */ if (ccache) - if ((retval = krb5_cc_store_cred(context, ccache, creds))) - goto cleanup; - cleanup: if (arg_keytab == NULL) - krb5_kt_close(context, keytab); + if ((retval = krb5_cc_store_cred(context, ccache, creds))) + goto cleanup; +cleanup: if (arg_keytab == NULL) + krb5_kt_close(context, keytab); return retval; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c index 72203f0..bff4539 100644 --- a/src/lib/krb5/krb/gic_opt.c +++ b/src/lib/krb5/krb/gic_opt.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" #include "int-proto.h" @@ -17,77 +18,77 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) void KRB5_CALLCONV krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, krb5_deltat tkt_life) { - opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE; - opt->tkt_life = tkt_life; + opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE; + opt->tkt_life = tkt_life; } void KRB5_CALLCONV krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, krb5_deltat renew_life) { - opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE; - opt->renew_life = renew_life; + opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE; + opt->renew_life = renew_life; } void KRB5_CALLCONV krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, int forwardable) { - opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE; - opt->forwardable = forwardable; + opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE; + opt->forwardable = forwardable; } void KRB5_CALLCONV krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, int proxiable) { - opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE; - opt->proxiable = proxiable; + opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE; + opt->proxiable = proxiable; } void KRB5_CALLCONV krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opt, int canonicalize) { if (canonicalize) - opt->flags |= KRB5_GET_INIT_CREDS_OPT_CANONICALIZE; + opt->flags |= KRB5_GET_INIT_CREDS_OPT_CANONICALIZE; else - opt->flags &= ~(KRB5_GET_INIT_CREDS_OPT_CANONICALIZE); + opt->flags &= ~(KRB5_GET_INIT_CREDS_OPT_CANONICALIZE); } void KRB5_CALLCONV krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length) { - opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST; - opt->etype_list = etype_list; - opt->etype_list_length = etype_list_length; + opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST; + opt->etype_list = etype_list; + opt->etype_list_length = etype_list_length; } void KRB5_CALLCONV krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, krb5_address **addresses) { - opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST; - opt->address_list = addresses; + opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST; + opt->address_list = addresses; } void KRB5_CALLCONV krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length) { - opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST; - opt->preauth_list = preauth_list; - opt->preauth_list_length = preauth_list_length; + opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST; + opt->preauth_list = preauth_list; + opt->preauth_list_length = preauth_list_length; } void KRB5_CALLCONV krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt) { - opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT; - opt->salt = salt; + opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT; + opt->salt = salt; } void KRB5_CALLCONV krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt, int prompt) { - if (prompt) - opt->flags |= KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT; - else - opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT; + if (prompt) + opt->flags |= KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT; + else + opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT; } /* @@ -109,7 +110,7 @@ krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt, * with the new krb5_get_init_creds_opt_alloc() function. * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended * structure is a shadow copy of an original krb5_get_init_creds_opt - * structure. + * structure. * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to * krb5int_gic_opt_to_opte(), the resulting extended structure should be * freed (using krb5_get_init_creds_free). Otherwise, the original @@ -119,17 +120,17 @@ krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt, /* Forward prototype */ static void free_gic_opt_ext_preauth_data(krb5_context context, - krb5_gic_opt_ext *opte); + krb5_gic_opt_ext *opte); static krb5_error_code krb5int_gic_opte_private_alloc(krb5_context context, krb5_gic_opt_ext *opte) { if (NULL == opte || !krb5_gic_opt_is_extended(opte)) - return EINVAL; + return EINVAL; opte->opt_private = calloc(1, sizeof(*opte->opt_private)); if (NULL == opte->opt_private) { - return ENOMEM; + return ENOMEM; } /* Allocate any private stuff */ opte->opt_private->num_preauth_data = 0; @@ -141,13 +142,13 @@ static krb5_error_code krb5int_gic_opte_private_free(krb5_context context, krb5_gic_opt_ext *opte) { if (NULL == opte || !krb5_gic_opt_is_extended(opte)) - return EINVAL; - + return EINVAL; + /* Free up any private stuff */ if (opte->opt_private->preauth_data != NULL) - free_gic_opt_ext_preauth_data(context, opte); + free_gic_opt_ext_preauth_data(context, opte); if (opte->opt_private->fast_ccache_name) - free(opte->opt_private->fast_ccache_name); + free(opte->opt_private->fast_ccache_name); free(opte->opt_private); opte->opt_private = NULL; return 0; @@ -161,27 +162,27 @@ krb5int_gic_opte_alloc(krb5_context context) opte = calloc(1, sizeof(*opte)); if (NULL == opte) - return NULL; + return NULL; opte->flags = KRB5_GET_INIT_CREDS_OPT_EXTENDED; code = krb5int_gic_opte_private_alloc(context, opte); if (code) { - krb5int_set_error(&context->err, code, - "krb5int_gic_opte_alloc: krb5int_gic_opte_private_alloc failed"); - free(opte); - return NULL; + krb5int_set_error(&context->err, code, + "krb5int_gic_opte_alloc: krb5int_gic_opte_private_alloc failed"); + free(opte); + return NULL; } return(opte); } krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_alloc(krb5_context context, - krb5_get_init_creds_opt **opt) + krb5_get_init_creds_opt **opt) { krb5_gic_opt_ext *opte; if (NULL == opt) - return EINVAL; + return EINVAL; *opt = NULL; /* @@ -189,7 +190,7 @@ krb5_get_init_creds_opt_alloc(krb5_context context, */ opte = krb5int_gic_opte_alloc(context); if (NULL == opte) - return ENOMEM; + return ENOMEM; *opt = (krb5_get_init_creds_opt *) opte; init_common(*opt); @@ -198,47 +199,47 @@ krb5_get_init_creds_opt_alloc(krb5_context context, void KRB5_CALLCONV krb5_get_init_creds_opt_free(krb5_context context, - krb5_get_init_creds_opt *opt) + krb5_get_init_creds_opt *opt) { krb5_gic_opt_ext *opte; if (NULL == opt) - return; + return; /* Don't touch it if we didn't allocate it */ if (!krb5_gic_opt_is_extended(opt)) - return; - + return; + opte = (krb5_gic_opt_ext *)opt; if (opte->opt_private) - krb5int_gic_opte_private_free(context, opte); + krb5int_gic_opte_private_free(context, opte); free(opte); } static krb5_error_code krb5int_gic_opte_copy(krb5_context context, - krb5_get_init_creds_opt *opt, - krb5_gic_opt_ext **opte) + krb5_get_init_creds_opt *opt, + krb5_gic_opt_ext **opte) { krb5_gic_opt_ext *oe; oe = krb5int_gic_opte_alloc(context); if (NULL == oe) - return ENOMEM; + return ENOMEM; if (opt) { - oe->flags = opt->flags; - oe->tkt_life = opt->tkt_life; - oe->renew_life = opt->renew_life; - oe->forwardable = opt->forwardable; - oe->proxiable = opt->proxiable; - oe->etype_list = opt->etype_list; - oe->etype_list_length = opt->etype_list_length; - oe->address_list = opt->address_list; - oe->preauth_list = opt->preauth_list; - oe->preauth_list_length = opt->preauth_list_length; - oe->salt = opt->salt; + oe->flags = opt->flags; + oe->tkt_life = opt->tkt_life; + oe->renew_life = opt->renew_life; + oe->forwardable = opt->forwardable; + oe->proxiable = opt->proxiable; + oe->etype_list = opt->etype_list; + oe->etype_list_length = opt->etype_list_length; + oe->address_list = opt->address_list; + oe->preauth_list = opt->preauth_list; + oe->preauth_list_length = opt->preauth_list_length; + oe->salt = opt->salt; } /* @@ -250,7 +251,7 @@ krb5int_gic_opte_copy(krb5_context context, * application is unaware of its existence. */ oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED | - KRB5_GET_INIT_CREDS_OPT_SHADOWED); + KRB5_GET_INIT_CREDS_OPT_SHADOWED); *opte = oe; return 0; @@ -268,20 +269,20 @@ krb5int_gic_opte_copy(krb5_context context, */ krb5_error_code krb5int_gic_opt_to_opte(krb5_context context, - krb5_get_init_creds_opt *opt, - krb5_gic_opt_ext **opte, - unsigned int force, - const char *where) + krb5_get_init_creds_opt *opt, + krb5_gic_opt_ext **opte, + unsigned int force, + const char *where) { if (!krb5_gic_opt_is_extended(opt)) { - if (force) { - return krb5int_gic_opte_copy(context, opt, opte); - } else { - krb5int_set_error(&context->err, EINVAL, - "%s: attempt to convert non-extended krb5_get_init_creds_opt", - where); - return EINVAL; - } + if (force) { + return krb5int_gic_opte_copy(context, opt, opte); + } else { + krb5int_set_error(&context->err, EINVAL, + "%s: attempt to convert non-extended krb5_get_init_creds_opt", + where); + return EINVAL; + } } /* If it is already extended, just return it */ *opte = (krb5_gic_opt_ext *)opt; @@ -290,20 +291,20 @@ krb5int_gic_opt_to_opte(krb5_context context, static void free_gic_opt_ext_preauth_data(krb5_context context, - krb5_gic_opt_ext *opte) + krb5_gic_opt_ext *opte) { int i; if (NULL == opte || !krb5_gic_opt_is_extended(opte)) - return; + return; if (NULL == opte->opt_private || NULL == opte->opt_private->preauth_data) - return; + return; for (i = 0; i < opte->opt_private->num_preauth_data; i++) { - if (opte->opt_private->preauth_data[i].attr != NULL) - free(opte->opt_private->preauth_data[i].attr); - if (opte->opt_private->preauth_data[i].value != NULL) - free(opte->opt_private->preauth_data[i].value); + if (opte->opt_private->preauth_data[i].attr != NULL) + free(opte->opt_private->preauth_data[i].attr); + if (opte->opt_private->preauth_data[i].value != NULL) + free(opte->opt_private->preauth_data[i].value); } free(opte->opt_private->preauth_data); opte->opt_private->preauth_data = NULL; @@ -312,9 +313,9 @@ free_gic_opt_ext_preauth_data(krb5_context context, static krb5_error_code add_gic_opt_ext_preauth_data(krb5_context context, - krb5_gic_opt_ext *opte, - const char *attr, - const char *value) + krb5_gic_opt_ext *opte, + const char *attr, + const char *value) { size_t newsize; int i; @@ -323,21 +324,21 @@ add_gic_opt_ext_preauth_data(krb5_context context, newsize = opte->opt_private->num_preauth_data + 1; newsize = newsize * sizeof(*opte->opt_private->preauth_data); if (opte->opt_private->preauth_data == NULL) - newpad = malloc(newsize); + newpad = malloc(newsize); else - newpad = realloc(opte->opt_private->preauth_data, newsize); + newpad = realloc(opte->opt_private->preauth_data, newsize); if (newpad == NULL) - return ENOMEM; + return ENOMEM; opte->opt_private->preauth_data = newpad; i = opte->opt_private->num_preauth_data; newpad[i].attr = strdup(attr); if (newpad[i].attr == NULL) - return ENOMEM; + return ENOMEM; newpad[i].value = strdup(value); if (newpad[i].value == NULL) { - free(newpad[i].attr); - return ENOMEM; + free(newpad[i].attr); + return ENOMEM; } opte->opt_private->num_preauth_data += 1; return 0; @@ -353,24 +354,24 @@ add_gic_opt_ext_preauth_data(krb5_context context, */ krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_set_pa(krb5_context context, - krb5_get_init_creds_opt *opt, - const char *attr, - const char *value) + krb5_get_init_creds_opt *opt, + const char *attr, + const char *value) { krb5_error_code retval; krb5_gic_opt_ext *opte; retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_set_pa"); + "krb5_get_init_creds_opt_set_pa"); if (retval) - return retval; + return retval; /* * Copy the option into the extended get_init_creds_opt structure */ retval = add_gic_opt_ext_preauth_data(context, opte, attr, value); if (retval) - return retval; + return retval; /* * Give the plugins a chance to look at the option now. @@ -389,9 +390,9 @@ krb5_get_init_creds_opt_set_pa(krb5_context context, */ krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_get_pa(krb5_context context, - krb5_get_init_creds_opt *opt, - int *num_preauth_data, - krb5_gic_opt_pa_data **preauth_data) + krb5_get_init_creds_opt *opt, + int *num_preauth_data, + krb5_gic_opt_pa_data **preauth_data) { krb5_error_code retval; krb5_gic_opt_ext *opte; @@ -400,70 +401,70 @@ krb5_get_init_creds_opt_get_pa(krb5_context context, size_t allocsize; retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_get_pa"); + "krb5_get_init_creds_opt_get_pa"); if (retval) - return retval; + return retval; if (num_preauth_data == NULL || preauth_data == NULL) - return EINVAL; + return EINVAL; *num_preauth_data = 0; *preauth_data = NULL; if (opte->opt_private->num_preauth_data == 0) - return 0; + return 0; allocsize = - opte->opt_private->num_preauth_data * sizeof(krb5_gic_opt_pa_data); + opte->opt_private->num_preauth_data * sizeof(krb5_gic_opt_pa_data); p = malloc(allocsize); if (p == NULL) - return ENOMEM; + return ENOMEM; /* Init these to make cleanup easier */ for (i = 0; i < opte->opt_private->num_preauth_data; i++) { - p[i].attr = NULL; - p[i].value = NULL; + p[i].attr = NULL; + p[i].value = NULL; } for (i = 0; i < opte->opt_private->num_preauth_data; i++) { - p[i].attr = strdup(opte->opt_private->preauth_data[i].attr); - p[i].value = strdup(opte->opt_private->preauth_data[i].value); - if (p[i].attr == NULL || p[i].value == NULL) - goto cleanup; + p[i].attr = strdup(opte->opt_private->preauth_data[i].attr); + p[i].value = strdup(opte->opt_private->preauth_data[i].value); + if (p[i].attr == NULL || p[i].value == NULL) + goto cleanup; } *num_preauth_data = i; *preauth_data = p; return 0; cleanup: for (i = 0; i < opte->opt_private->num_preauth_data; i++) { - if (p[i].attr != NULL) - free(p[i].attr); - if (p[i].value != NULL) - free(p[i].value); + if (p[i].attr != NULL) + free(p[i].attr); + if (p[i].value != NULL) + free(p[i].value); } free(p); return ENOMEM; } /* - * This function frees the preauth_data that was returned by + * This function frees the preauth_data that was returned by * krb5_get_init_creds_opt_get_pa(). */ void KRB5_CALLCONV krb5_get_init_creds_opt_free_pa(krb5_context context, - int num_preauth_data, - krb5_gic_opt_pa_data *preauth_data) + int num_preauth_data, + krb5_gic_opt_pa_data *preauth_data) { int i; if (num_preauth_data <= 0 || preauth_data == NULL) - return; + return; for (i = 0; i < num_preauth_data; i++) { - if (preauth_data[i].attr != NULL) - free(preauth_data[i].attr); - if (preauth_data[i].value != NULL) - free(preauth_data[i].value); + if (preauth_data[i].attr != NULL) + free(preauth_data[i].attr); + if (preauth_data[i].value != NULL) + free(preauth_data[i].value); } free(preauth_data); } @@ -474,14 +475,14 @@ krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_set_fast_ccache_name krb5_gic_opt_ext *opte; retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0, - "krb5_get_init_creds_opt_set_fast_ccache_name"); + "krb5_get_init_creds_opt_set_fast_ccache_name"); if (retval) - return retval; + return retval; if (opte->opt_private->fast_ccache_name) { - free(opte->opt_private->fast_ccache_name); + free(opte->opt_private->fast_ccache_name); } opte->opt_private->fast_ccache_name = strdup(ccache_name); if (opte->opt_private->fast_ccache_name == NULL) - retval = ENOMEM; + retval = ENOMEM; return retval; } diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 0109104..fa0c173 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" #include "com_err.h" @@ -32,168 +33,168 @@ krb5_get_as_key_password( cases? */ if (as_key->length) { - if (as_key->enctype != etype) { - krb5_free_keyblock_contents (context, as_key); - as_key->length = 0; - } + if (as_key->enctype != etype) { + krb5_free_keyblock_contents (context, as_key); + as_key->length = 0; + } } if (password->data[0] == '\0') { - if (prompter == NULL) - return(EIO); - - if ((ret = krb5_unparse_name(context, client, &clientstr))) - return(ret); - - snprintf(promptstr, sizeof(promptstr), "Password for %s", clientstr); - free(clientstr); - - prompt.prompt = promptstr; - prompt.hidden = 1; - prompt.reply = password; - prompt_type = KRB5_PROMPT_TYPE_PASSWORD; - - /* PROMPTER_INVOCATION */ - krb5int_set_prompt_types(context, &prompt_type); - if ((ret = (((*prompter)(context, prompter_data, NULL, NULL, - 1, &prompt))))) { - krb5int_set_prompt_types(context, 0); - return(ret); - } - krb5int_set_prompt_types(context, 0); + if (prompter == NULL) + return(EIO); + + if ((ret = krb5_unparse_name(context, client, &clientstr))) + return(ret); + + snprintf(promptstr, sizeof(promptstr), "Password for %s", clientstr); + free(clientstr); + + prompt.prompt = promptstr; + prompt.hidden = 1; + prompt.reply = password; + prompt_type = KRB5_PROMPT_TYPE_PASSWORD; + + /* PROMPTER_INVOCATION */ + krb5int_set_prompt_types(context, &prompt_type); + if ((ret = (((*prompter)(context, prompter_data, NULL, NULL, + 1, &prompt))))) { + krb5int_set_prompt_types(context, 0); + return(ret); + } + krb5int_set_prompt_types(context, 0); } if ((salt->length == -1 || salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) { - if ((ret = krb5_principal2salt(context, client, &defsalt))) - return(ret); + if ((ret = krb5_principal2salt(context, client, &defsalt))) + return(ret); - salt = &defsalt; + salt = &defsalt; } else { - defsalt.length = 0; + defsalt.length = 0; } ret = krb5_c_string_to_key_with_params(context, etype, password, salt, - params->data?params:NULL, as_key); + params->data?params:NULL, as_key); if (defsalt.length) - free(defsalt.data); + free(defsalt.data); return(ret); } krb5_error_code KRB5_CALLCONV krb5_get_init_creds_password(krb5_context context, - krb5_creds *creds, - krb5_principal client, - char *password, - krb5_prompter_fct prompter, - void *data, - krb5_deltat start_time, - char *in_tkt_service, - krb5_get_init_creds_opt *options) + krb5_creds *creds, + krb5_principal client, + char *password, + krb5_prompter_fct prompter, + void *data, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *options) { - krb5_error_code ret, ret2; - int use_master; - krb5_kdc_rep *as_reply; - int tries; - krb5_creds chpw_creds; - krb5_get_init_creds_opt *chpw_opts = NULL; - krb5_data pw0, pw1; - char banner[1024], pw0array[1024], pw1array[1024]; - krb5_prompt prompt[2]; - krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])]; - krb5_gic_opt_ext *opte = NULL; - krb5_gic_opt_ext *chpw_opte = NULL; - - use_master = 0; - as_reply = NULL; - memset(&chpw_creds, 0, sizeof(chpw_creds)); - - pw0.data = pw0array; - - if (password && password[0]) { - if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array)) { - ret = EINVAL; - goto cleanup; - } - pw0.length = strlen(password); - } else { - pw0.data[0] = '\0'; - pw0.length = sizeof(pw0array); - } - - pw1.data = pw1array; - pw1.data[0] = '\0'; - pw1.length = sizeof(pw1array); - - ret = krb5int_gic_opt_to_opte(context, options, &opte, 1, - "krb5_get_init_creds_password"); - if (ret) - goto cleanup; - - /* first try: get the requested tkt from any kdc */ - - ret = krb5_get_init_creds(context, creds, client, prompter, data, - start_time, in_tkt_service, opte, - krb5_get_as_key_password, (void *) &pw0, - &use_master, &as_reply); - - /* check for success */ - - if (ret == 0) - goto cleanup; - - /* If all the kdc's are unavailable, or if the error was due to a - user interrupt, fail */ - - if ((ret == KRB5_KDC_UNREACH) || - (ret == KRB5_LIBOS_PWDINTR) || - (ret == KRB5_REALM_CANT_RESOLVE)) - goto cleanup; - - /* if the reply did not come from the master kdc, try again with - the master kdc */ - - if (!use_master) { - use_master = 1; - - if (as_reply) { - krb5_free_kdc_rep( context, as_reply); - as_reply = NULL; - } - ret2 = krb5_get_init_creds(context, creds, client, prompter, data, - start_time, in_tkt_service, opte, - krb5_get_as_key_password, (void *) &pw0, - &use_master, &as_reply); - - if (ret2 == 0) { - ret = 0; - goto cleanup; - } - - /* if the master is unreachable, return the error from the - slave we were able to contact or reset the use_master flag */ - - if ((ret2 != KRB5_KDC_UNREACH) && - (ret2 != KRB5_REALM_CANT_RESOLVE) && - (ret2 != KRB5_REALM_UNKNOWN)) - ret = ret2; - else - use_master = 0; - } + krb5_error_code ret, ret2; + int use_master; + krb5_kdc_rep *as_reply; + int tries; + krb5_creds chpw_creds; + krb5_get_init_creds_opt *chpw_opts = NULL; + krb5_data pw0, pw1; + char banner[1024], pw0array[1024], pw1array[1024]; + krb5_prompt prompt[2]; + krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])]; + krb5_gic_opt_ext *opte = NULL; + krb5_gic_opt_ext *chpw_opte = NULL; + + use_master = 0; + as_reply = NULL; + memset(&chpw_creds, 0, sizeof(chpw_creds)); + + pw0.data = pw0array; + + if (password && password[0]) { + if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array)) { + ret = EINVAL; + goto cleanup; + } + pw0.length = strlen(password); + } else { + pw0.data[0] = '\0'; + pw0.length = sizeof(pw0array); + } + + pw1.data = pw1array; + pw1.data[0] = '\0'; + pw1.length = sizeof(pw1array); + + ret = krb5int_gic_opt_to_opte(context, options, &opte, 1, + "krb5_get_init_creds_password"); + if (ret) + goto cleanup; + + /* first try: get the requested tkt from any kdc */ + + ret = krb5_get_init_creds(context, creds, client, prompter, data, + start_time, in_tkt_service, opte, + krb5_get_as_key_password, (void *) &pw0, + &use_master, &as_reply); + + /* check for success */ + + if (ret == 0) + goto cleanup; + + /* If all the kdc's are unavailable, or if the error was due to a + user interrupt, fail */ + + if ((ret == KRB5_KDC_UNREACH) || + (ret == KRB5_LIBOS_PWDINTR) || + (ret == KRB5_REALM_CANT_RESOLVE)) + goto cleanup; + + /* if the reply did not come from the master kdc, try again with + the master kdc */ + + if (!use_master) { + use_master = 1; + + if (as_reply) { + krb5_free_kdc_rep( context, as_reply); + as_reply = NULL; + } + ret2 = krb5_get_init_creds(context, creds, client, prompter, data, + start_time, in_tkt_service, opte, + krb5_get_as_key_password, (void *) &pw0, + &use_master, &as_reply); + + if (ret2 == 0) { + ret = 0; + goto cleanup; + } + + /* if the master is unreachable, return the error from the + slave we were able to contact or reset the use_master flag */ + + if ((ret2 != KRB5_KDC_UNREACH) && + (ret2 != KRB5_REALM_CANT_RESOLVE) && + (ret2 != KRB5_REALM_UNKNOWN)) + ret = ret2; + else + use_master = 0; + } #ifdef USE_KIM - if (ret == KRB5KDC_ERR_KEY_EXP) - goto cleanup; /* Login library will deal appropriately with this error */ + if (ret == KRB5KDC_ERR_KEY_EXP) + goto cleanup; /* Login library will deal appropriately with this error */ #endif - /* at this point, we have an error from the master. if the error - is not password expired, or if it is but there's no prompter, - return this error */ + /* at this point, we have an error from the master. if the error + is not password expired, or if it is but there's no prompter, + return this error */ - if ((ret != KRB5KDC_ERR_KEY_EXP) || - (prompter == NULL)) - goto cleanup; + if ((ret != KRB5KDC_ERR_KEY_EXP) || + (prompter == NULL)) + goto cleanup; /* historically the default has been to prompt for password change. * if the change password prompt option has not been set, we continue @@ -201,253 +202,253 @@ krb5_get_init_creds_password(krb5_context context, * and the value has been set to false. */ if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT)) - goto cleanup; + goto cleanup; /* ok, we have an expired password. Give the user a few chances - to change it */ - - /* use a minimal set of options */ - - ret = krb5_get_init_creds_opt_alloc(context, &chpw_opts); - if (ret) - goto cleanup; - krb5_get_init_creds_opt_set_tkt_life(chpw_opts, 5*60); - krb5_get_init_creds_opt_set_renew_life(chpw_opts, 0); - krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0); - krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0); - ret = krb5int_gic_opt_to_opte(context, chpw_opts, &chpw_opte, 0, - "krb5_get_init_creds_password (changing password)"); - if (ret) - goto cleanup; - - if ((ret = krb5_get_init_creds(context, &chpw_creds, client, - prompter, data, - start_time, "kadmin/changepw", chpw_opte, - krb5_get_as_key_password, (void *) &pw0, - &use_master, NULL))) - goto cleanup; - - prompt[0].prompt = "Enter new password"; - prompt[0].hidden = 1; - prompt[0].reply = &pw0; - prompt_types[0] = KRB5_PROMPT_TYPE_NEW_PASSWORD; - - prompt[1].prompt = "Enter it again"; - prompt[1].hidden = 1; - prompt[1].reply = &pw1; - prompt_types[1] = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN; - - strlcpy(banner, "Password expired. You must change it now.", - sizeof(banner)); - - for (tries = 3; tries; tries--) { - pw0.length = sizeof(pw0array); - pw1.length = sizeof(pw1array); - - /* PROMPTER_INVOCATION */ - krb5int_set_prompt_types(context, prompt_types); - if ((ret = ((*prompter)(context, data, 0, banner, - sizeof(prompt)/sizeof(prompt[0]), prompt)))) - goto cleanup; - krb5int_set_prompt_types(context, 0); - - - if (strcmp(pw0.data, pw1.data) != 0) { - ret = KRB5_LIBOS_BADPWDMATCH; - snprintf(banner, sizeof(banner), - "%s. Please try again.", error_message(ret)); - } else if (pw0.length == 0) { - ret = KRB5_CHPW_PWDNULL; - snprintf(banner, sizeof(banner), - "%s. Please try again.", error_message(ret)); - } else { - int result_code; - krb5_data code_string; - krb5_data result_string; - - if ((ret = krb5_change_password(context, &chpw_creds, pw0array, - &result_code, &code_string, - &result_string))) - goto cleanup; - - /* the change succeeded. go on */ - - if (result_code == 0) { - free(result_string.data); - break; - } - - /* set this in case the retry loop falls through */ - - ret = KRB5_CHPW_FAIL; - - if (result_code != KRB5_KPASSWD_SOFTERROR) { - free(result_string.data); - goto cleanup; - } - - /* the error was soft, so try again */ - - /* 100 is I happen to know that no code_string will be longer - than 100 chars */ - - if (result_string.length > (sizeof(banner)-100)) - result_string.length = sizeof(banner)-100; - - snprintf(banner, sizeof(banner), "%.*s%s%.*s. Please try again.\n", - (int) code_string.length, code_string.data, - result_string.length ? ": " : "", - (int) result_string.length, - result_string.data ? result_string.data : ""); - - free(code_string.data); - free(result_string.data); - } - } - - if (ret) - goto cleanup; - - /* the password change was successful. Get an initial ticket - from the master. this is the last try. the return from this - is final. */ - - ret = krb5_get_init_creds(context, creds, client, prompter, data, - start_time, in_tkt_service, opte, - krb5_get_as_key_password, (void *) &pw0, - &use_master, &as_reply); + to change it */ + + /* use a minimal set of options */ + + ret = krb5_get_init_creds_opt_alloc(context, &chpw_opts); + if (ret) + goto cleanup; + krb5_get_init_creds_opt_set_tkt_life(chpw_opts, 5*60); + krb5_get_init_creds_opt_set_renew_life(chpw_opts, 0); + krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0); + krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0); + ret = krb5int_gic_opt_to_opte(context, chpw_opts, &chpw_opte, 0, + "krb5_get_init_creds_password (changing password)"); + if (ret) + goto cleanup; + + if ((ret = krb5_get_init_creds(context, &chpw_creds, client, + prompter, data, + start_time, "kadmin/changepw", chpw_opte, + krb5_get_as_key_password, (void *) &pw0, + &use_master, NULL))) + goto cleanup; + + prompt[0].prompt = "Enter new password"; + prompt[0].hidden = 1; + prompt[0].reply = &pw0; + prompt_types[0] = KRB5_PROMPT_TYPE_NEW_PASSWORD; + + prompt[1].prompt = "Enter it again"; + prompt[1].hidden = 1; + prompt[1].reply = &pw1; + prompt_types[1] = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN; + + strlcpy(banner, "Password expired. You must change it now.", + sizeof(banner)); + + for (tries = 3; tries; tries--) { + pw0.length = sizeof(pw0array); + pw1.length = sizeof(pw1array); + + /* PROMPTER_INVOCATION */ + krb5int_set_prompt_types(context, prompt_types); + if ((ret = ((*prompter)(context, data, 0, banner, + sizeof(prompt)/sizeof(prompt[0]), prompt)))) + goto cleanup; + krb5int_set_prompt_types(context, 0); + + + if (strcmp(pw0.data, pw1.data) != 0) { + ret = KRB5_LIBOS_BADPWDMATCH; + snprintf(banner, sizeof(banner), + "%s. Please try again.", error_message(ret)); + } else if (pw0.length == 0) { + ret = KRB5_CHPW_PWDNULL; + snprintf(banner, sizeof(banner), + "%s. Please try again.", error_message(ret)); + } else { + int result_code; + krb5_data code_string; + krb5_data result_string; + + if ((ret = krb5_change_password(context, &chpw_creds, pw0array, + &result_code, &code_string, + &result_string))) + goto cleanup; + + /* the change succeeded. go on */ + + if (result_code == 0) { + free(result_string.data); + break; + } + + /* set this in case the retry loop falls through */ + + ret = KRB5_CHPW_FAIL; + + if (result_code != KRB5_KPASSWD_SOFTERROR) { + free(result_string.data); + goto cleanup; + } + + /* the error was soft, so try again */ + + /* 100 is I happen to know that no code_string will be longer + than 100 chars */ + + if (result_string.length > (sizeof(banner)-100)) + result_string.length = sizeof(banner)-100; + + snprintf(banner, sizeof(banner), "%.*s%s%.*s. Please try again.\n", + (int) code_string.length, code_string.data, + result_string.length ? ": " : "", + (int) result_string.length, + result_string.data ? result_string.data : ""); + + free(code_string.data); + free(result_string.data); + } + } + + if (ret) + goto cleanup; + + /* the password change was successful. Get an initial ticket + from the master. this is the last try. the return from this + is final. */ + + ret = krb5_get_init_creds(context, creds, client, prompter, data, + start_time, in_tkt_service, opte, + krb5_get_as_key_password, (void *) &pw0, + &use_master, &as_reply); cleanup: - krb5int_set_prompt_types(context, 0); - /* if getting the password was successful, then check to see if the - password is about to expire, and warn if so */ - - if (ret == 0) { - krb5_timestamp now; - krb5_last_req_entry **last_req; - int hours; - - /* XXX 7 days should be configurable. This is all pretty ad hoc, - and could probably be improved if I was willing to screw around - with timezones, etc. */ - - if (prompter && - (!in_tkt_service || - (strcmp(in_tkt_service, "kadmin/changepw") != 0)) && - ((ret = krb5_timeofday(context, &now)) == 0) && - as_reply->enc_part2->key_exp && - ((hours = ((as_reply->enc_part2->key_exp-now)/(60*60))) <= 7*24) && - (hours >= 0)) { - if (hours < 1) - snprintf(banner, sizeof(banner), - "Warning: Your password will expire in less than one hour."); - else if (hours <= 48) - snprintf(banner, sizeof(banner), - "Warning: Your password will expire in %d hour%s.", - hours, (hours == 1)?"":"s"); - else - snprintf(banner, sizeof(banner), - "Warning: Your password will expire in %d days.", - hours/24); - - /* ignore an error here */ - /* PROMPTER_INVOCATION */ - (*prompter)(context, data, 0, banner, 0, 0); - } else if (prompter && - (!in_tkt_service || - (strcmp(in_tkt_service, "kadmin/changepw") != 0)) && - as_reply->enc_part2 && as_reply->enc_part2->last_req) { - /* - * Check the last_req fields - */ - - for (last_req = as_reply->enc_part2->last_req; *last_req; last_req++) - if ((*last_req)->lr_type == KRB5_LRQ_ALL_PW_EXPTIME || - (*last_req)->lr_type == KRB5_LRQ_ONE_PW_EXPTIME) { - krb5_deltat delta; - char ts[256]; - - if ((ret = krb5_timeofday(context, &now))) - break; - - if ((ret = krb5_timestamp_to_string((*last_req)->value, - ts, sizeof(ts)))) - break; - - delta = (*last_req)->value - now; - if (delta < 3600) - snprintf(banner, sizeof(banner), - "Warning: Your password will expire in less than one hour on %s", - ts); - else if (delta < 86400*2) - snprintf(banner, sizeof(banner), - "Warning: Your password will expire in %d hour%s on %s", - delta / 3600, delta < 7200 ? "" : "s", ts); - else - snprintf(banner, sizeof(banner), - "Warning: Your password will expire in %d days on %s", - delta / 86400, ts); - /* ignore an error here */ - /* PROMPTER_INVOCATION */ - (*prompter)(context, data, 0, banner, 0, 0); - } - } - } - - if (chpw_opts) - krb5_get_init_creds_opt_free(context, chpw_opts); - if (opte && krb5_gic_opt_is_shadowed(opte)) - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); - memset(pw0array, 0, sizeof(pw0array)); - memset(pw1array, 0, sizeof(pw1array)); - krb5_free_cred_contents(context, &chpw_creds); - if (as_reply) - krb5_free_kdc_rep(context, as_reply); - - return(ret); + krb5int_set_prompt_types(context, 0); + /* if getting the password was successful, then check to see if the + password is about to expire, and warn if so */ + + if (ret == 0) { + krb5_timestamp now; + krb5_last_req_entry **last_req; + int hours; + + /* XXX 7 days should be configurable. This is all pretty ad hoc, + and could probably be improved if I was willing to screw around + with timezones, etc. */ + + if (prompter && + (!in_tkt_service || + (strcmp(in_tkt_service, "kadmin/changepw") != 0)) && + ((ret = krb5_timeofday(context, &now)) == 0) && + as_reply->enc_part2->key_exp && + ((hours = ((as_reply->enc_part2->key_exp-now)/(60*60))) <= 7*24) && + (hours >= 0)) { + if (hours < 1) + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in less than one hour."); + else if (hours <= 48) + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in %d hour%s.", + hours, (hours == 1)?"":"s"); + else + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in %d days.", + hours/24); + + /* ignore an error here */ + /* PROMPTER_INVOCATION */ + (*prompter)(context, data, 0, banner, 0, 0); + } else if (prompter && + (!in_tkt_service || + (strcmp(in_tkt_service, "kadmin/changepw") != 0)) && + as_reply->enc_part2 && as_reply->enc_part2->last_req) { + /* + * Check the last_req fields + */ + + for (last_req = as_reply->enc_part2->last_req; *last_req; last_req++) + if ((*last_req)->lr_type == KRB5_LRQ_ALL_PW_EXPTIME || + (*last_req)->lr_type == KRB5_LRQ_ONE_PW_EXPTIME) { + krb5_deltat delta; + char ts[256]; + + if ((ret = krb5_timeofday(context, &now))) + break; + + if ((ret = krb5_timestamp_to_string((*last_req)->value, + ts, sizeof(ts)))) + break; + + delta = (*last_req)->value - now; + if (delta < 3600) + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in less than one hour on %s", + ts); + else if (delta < 86400*2) + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in %d hour%s on %s", + delta / 3600, delta < 7200 ? "" : "s", ts); + else + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in %d days on %s", + delta / 86400, ts); + /* ignore an error here */ + /* PROMPTER_INVOCATION */ + (*prompter)(context, data, 0, banner, 0, 0); + } + } + } + + if (chpw_opts) + krb5_get_init_creds_opt_free(context, chpw_opts); + if (opte && krb5_gic_opt_is_shadowed(opte)) + krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); + memset(pw0array, 0, sizeof(pw0array)); + memset(pw1array, 0, sizeof(pw1array)); + krb5_free_cred_contents(context, &chpw_creds); + if (as_reply) + krb5_free_kdc_rep(context, as_reply); + + return(ret); } krb5_error_code krb5int_populate_gic_opt ( krb5_context context, krb5_gic_opt_ext **opte, krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types, krb5_creds *creds) { - int i; - krb5_int32 starttime; - krb5_get_init_creds_opt *opt; - krb5_error_code retval; + int i; + krb5_int32 starttime; + krb5_get_init_creds_opt *opt; + krb5_error_code retval; *opte = NULL; retval = krb5_get_init_creds_opt_alloc(context, &opt); if (retval) - return(retval); + return(retval); if (addrs) - krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs); + krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs); if (ktypes) { - for (i=0; ktypes[i]; i++); - if (i) - krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i); + for (i=0; ktypes[i]; i++); + if (i) + krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i); } if (pre_auth_types) { - for (i=0; pre_auth_types[i]; i++); - if (i) - krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i); + for (i=0; pre_auth_types[i]; i++); + if (i) + krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i); } if (options&KDC_OPT_FORWARDABLE) - krb5_get_init_creds_opt_set_forwardable(opt, 1); + krb5_get_init_creds_opt_set_forwardable(opt, 1); else krb5_get_init_creds_opt_set_forwardable(opt, 0); if (options&KDC_OPT_PROXIABLE) - krb5_get_init_creds_opt_set_proxiable(opt, 1); + krb5_get_init_creds_opt_set_proxiable(opt, 1); else krb5_get_init_creds_opt_set_proxiable(opt, 0); if (creds && creds->times.endtime) { - retval = krb5_timeofday(context, &starttime); - if (retval) - goto cleanup; + retval = krb5_timeofday(context, &starttime); + if (retval) + goto cleanup; if (creds->times.starttime) starttime = creds->times.starttime; krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime); } return krb5int_gic_opt_to_opte(context, opt, opte, 0, - "krb5int_populate_gic_opt"); + "krb5int_populate_gic_opt"); cleanup: krb5_get_init_creds_opt_free(context, opt); return retval; @@ -455,30 +456,30 @@ cleanup: /* Rewrites get_in_tkt in terms of newer get_init_creds API. - Attempts to get an initial ticket for creds->client to use server - creds->server, (realm is taken from creds->client), with options - options, and using creds->times.starttime, creds->times.endtime, - creds->times.renew_till as from, till, and rtime. - creds->times.renew_till is ignored unless the RENEWABLE option is requested. + Attempts to get an initial ticket for creds->client to use server + creds->server, (realm is taken from creds->client), with options + options, and using creds->times.starttime, creds->times.endtime, + creds->times.renew_till as from, till, and rtime. + creds->times.renew_till is ignored unless the RENEWABLE option is requested. - If addrs is non-NULL, it is used for the addresses requested. If it is - null, the system standard addresses are used. + If addrs is non-NULL, it is used for the addresses requested. If it is + null, the system standard addresses are used. - If password is non-NULL, it is converted using the cryptosystem entry - point for a string conversion routine, seeded with the client's name. - If password is passed as NULL, the password is read from the terminal, - and then converted into a key. + If password is non-NULL, it is converted using the cryptosystem entry + point for a string conversion routine, seeded with the client's name. + If password is passed as NULL, the password is read from the terminal, + and then converted into a key. - A succesful call will place the ticket in the credentials cache ccache. + A succesful call will place the ticket in the credentials cache ccache. - returns system errors, encryption errors - */ + returns system errors, encryption errors +*/ krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, - krb5_address *const *addrs, krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types, - const char *password, krb5_ccache ccache, - krb5_creds *creds, krb5_kdc_rep **ret_as_reply) + krb5_address *const *addrs, krb5_enctype *ktypes, + krb5_preauthtype *pre_auth_types, + const char *password, krb5_ccache ccache, + krb5_creds *creds, krb5_kdc_rep **ret_as_reply) { krb5_error_code retval; krb5_data pw0; @@ -490,44 +491,43 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, pw0.data = pw0array; if (password && password[0]) { - if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array)) - return EINVAL; - pw0.length = strlen(password); + if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array)) + return EINVAL; + pw0.length = strlen(password); } else { - pw0.data[0] = '\0'; - pw0.length = sizeof(pw0array); + pw0.data[0] = '\0'; + pw0.length = sizeof(pw0array); } retval = krb5int_populate_gic_opt(context, &opte, - options, addrs, ktypes, - pre_auth_types, creds); + options, addrs, ktypes, + pre_auth_types, creds); if (retval) - return (retval); + return (retval); retval = krb5_unparse_name( context, creds->server, &server); if (retval) { - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); - return (retval); + krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); + return (retval); } server_princ = creds->server; client_princ = creds->client; - retval = krb5_get_init_creds (context, - creds, creds->client, - krb5_prompter_posix, NULL, - 0, server, opte, - krb5_get_as_key_password, &pw0, - &use_master, ret_as_reply); - krb5_free_unparsed_name( context, server); - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); - if (retval) { - return (retval); - } - krb5_free_principal( context, creds->server); - krb5_free_principal( context, creds->client); - creds->client = client_princ; - creds->server = server_princ; - /* store it in the ccache! */ - if (ccache) - if ((retval = krb5_cc_store_cred(context, ccache, creds))) - return (retval); - return retval; - } - + retval = krb5_get_init_creds (context, + creds, creds->client, + krb5_prompter_posix, NULL, + 0, server, opte, + krb5_get_as_key_password, &pw0, + &use_master, ret_as_reply); + krb5_free_unparsed_name( context, server); + krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); + if (retval) { + return (retval); + } + krb5_free_principal( context, creds->server); + krb5_free_principal( context, creds->client); + creds->client = client_princ; + creds->server = server_princ; + /* store it in the ccache! */ + if (ccache) + if ((retval = krb5_cc_store_cred(context, ccache, creds))) + return (retval); + return retval; +} diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c index d98411f..01c8905 100644 --- a/src/lib/krb5/krb/in_tkt_sky.c +++ b/src/lib/krb5/krb/in_tkt_sky.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/in_tkt_sky.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,17 +23,17 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_get_in_tkt_with_skey() - * + * */ #include "k5-int.h" struct skey_keyproc_arg { const krb5_keyblock *key; - krb5_principal client; /* it's a pointer, really! */ + krb5_principal client; /* it's a pointer, really! */ }; /* @@ -42,7 +43,7 @@ struct skey_keyproc_arg { */ static krb5_error_code skey_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt, - krb5_const_pointer keyseed, krb5_keyblock **key) + krb5_const_pointer keyseed, krb5_keyblock **key) { krb5_keyblock *realkey; krb5_error_code retval; @@ -51,57 +52,57 @@ skey_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt, keyblock = (const krb5_keyblock *)keyseed; if (!krb5_c_valid_enctype(type)) - return KRB5_PROG_ETYPE_NOSUPP; + return KRB5_PROG_ETYPE_NOSUPP; if ((retval = krb5_copy_keyblock(context, keyblock, &realkey))) - return retval; - + return retval; + if (realkey->enctype != type) { - krb5_free_keyblock(context, realkey); - return KRB5_PROG_ETYPE_NOSUPP; - } + krb5_free_keyblock(context, realkey); + return KRB5_PROG_ETYPE_NOSUPP; + } *key = realkey; return 0; } /* - Similar to krb5_get_in_tkt_with_password. + Similar to krb5_get_in_tkt_with_password. - Attempts to get an initial ticket for creds->client to use server - creds->server, (realm is taken from creds->client), with options - options, and using creds->times.starttime, creds->times.endtime, - creds->times.renew_till as from, till, and rtime. - creds->times.renew_till is ignored unless the RENEWABLE option is requested. + Attempts to get an initial ticket for creds->client to use server + creds->server, (realm is taken from creds->client), with options + options, and using creds->times.starttime, creds->times.endtime, + creds->times.renew_till as from, till, and rtime. + creds->times.renew_till is ignored unless the RENEWABLE option is requested. - If addrs is non-NULL, it is used for the addresses requested. If it is - null, the system standard addresses are used. + If addrs is non-NULL, it is used for the addresses requested. If it is + null, the system standard addresses are used. - If keyblock is NULL, an appropriate key for creds->client is retrieved - from the system key store (e.g. /etc/srvtab). If keyblock is non-NULL, - it is used as the decryption key. + If keyblock is NULL, an appropriate key for creds->client is retrieved + from the system key store (e.g. /etc/srvtab). If keyblock is non-NULL, + it is used as the decryption key. - A succesful call will place the ticket in the credentials cache ccache. + A succesful call will place the ticket in the credentials cache ccache. - returns system errors, encryption errors + returns system errors, encryption errors - */ +*/ krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options, - krb5_address *const *addrs, krb5_enctype *ktypes, - krb5_preauthtype *pre_auth_types, - const krb5_keyblock *key, krb5_ccache ccache, - krb5_creds *creds, krb5_kdc_rep **ret_as_reply) + krb5_address *const *addrs, krb5_enctype *ktypes, + krb5_preauthtype *pre_auth_types, + const krb5_keyblock *key, krb5_ccache ccache, + krb5_creds *creds, krb5_kdc_rep **ret_as_reply) { - if (key) - return krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, - skey_keyproc, (krb5_const_pointer)key, - krb5_kdc_rep_decrypt_proc, 0, creds, - ccache, ret_as_reply); -#ifndef LEAN_CLIENT - else - return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, - pre_auth_types, NULL, ccache, - creds, ret_as_reply); + if (key) + return krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, + skey_keyproc, (krb5_const_pointer)key, + krb5_kdc_rep_decrypt_proc, 0, creds, + ccache, ret_as_reply); +#ifndef LEAN_CLIENT + else + return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, + pre_auth_types, NULL, ccache, + creds, ret_as_reply); #endif /* LEAN_CLIENT */ } diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index ea78e0d..8667897 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/init_ctx.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -28,14 +29,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -46,7 +47,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -86,16 +87,16 @@ krb5_error_code KRB5_CALLCONV krb5_init_context(krb5_context *context) { - return init_common (context, FALSE, FALSE); + return init_common (context, FALSE, FALSE); } krb5_error_code KRB5_CALLCONV krb5_init_secure_context(krb5_context *context) { - /* This is to make gcc -Wall happy */ - if(0) krb5_brand[0] = krb5_brand[0]; - return init_common (context, TRUE, FALSE); + /* This is to make gcc -Wall happy */ + if(0) krb5_brand[0] = krb5_brand[0]; + return init_common (context, TRUE, FALSE); } krb5_error_code @@ -107,179 +108,179 @@ krb5int_init_context_kdc(krb5_context *context) static krb5_error_code init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc) { - krb5_context ctx = 0; - krb5_error_code retval; - struct { - krb5_int32 now, now_usec; - long pid; - } seed_data; - krb5_data seed; - int tmp; - - /* Verify some assumptions. If the assumptions hold and the - compiler is optimizing, this should result in no code being - executed. If we're guessing "unsigned long long" instead - of using uint64_t, the possibility does exist that we're - wrong. */ - { - krb5_ui_8 i64; - assert(sizeof(i64) == 8); - i64 = 0, i64--, i64 >>= 62; - assert(i64 == 3); - i64 = 1, i64 <<= 31, i64 <<= 31, i64 <<= 1; - assert(i64 != 0); - i64 <<= 1; - assert(i64 == 0); - } - - retval = krb5int_initialize_library(); - if (retval) - return retval; + krb5_context ctx = 0; + krb5_error_code retval; + struct { + krb5_int32 now, now_usec; + long pid; + } seed_data; + krb5_data seed; + int tmp; + + /* Verify some assumptions. If the assumptions hold and the + compiler is optimizing, this should result in no code being + executed. If we're guessing "unsigned long long" instead + of using uint64_t, the possibility does exist that we're + wrong. */ + { + krb5_ui_8 i64; + assert(sizeof(i64) == 8); + i64 = 0, i64--, i64 >>= 62; + assert(i64 == 3); + i64 = 1, i64 <<= 31, i64 <<= 31, i64 <<= 1; + assert(i64 != 0); + i64 <<= 1; + assert(i64 == 0); + } + + retval = krb5int_initialize_library(); + if (retval) + return retval; #if (defined(_WIN32)) - /* - * Load the krbcc32.dll if necessary. We do this here so that - * we know to use API: later on during initialization. - * The context being NULL is ok. - */ - krb5_win_ccdll_load(ctx); - - /* - * krb5_vercheck() is defined in win_glue.c, and this is - * where we handle the timebomb and version server checks. - */ - retval = krb5_vercheck(); - if (retval) - return retval; + /* + * Load the krbcc32.dll if necessary. We do this here so that + * we know to use API: later on during initialization. + * The context being NULL is ok. + */ + krb5_win_ccdll_load(ctx); + + /* + * krb5_vercheck() is defined in win_glue.c, and this is + * where we handle the timebomb and version server checks. + */ + retval = krb5_vercheck(); + if (retval) + return retval; #endif - *context = 0; + *context = 0; - ctx = calloc(1, sizeof(struct _krb5_context)); - if (!ctx) - return ENOMEM; - ctx->magic = KV5M_CONTEXT; + ctx = calloc(1, sizeof(struct _krb5_context)); + if (!ctx) + return ENOMEM; + ctx->magic = KV5M_CONTEXT; - ctx->profile_secure = secure; + ctx->profile_secure = secure; - /* Set the default encryption types, possible defined in krb5/conf */ - if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL))) - goto cleanup; + /* Set the default encryption types, possible defined in krb5/conf */ + if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL))) + goto cleanup; - if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL))) - goto cleanup; + if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL))) + goto cleanup; - if ((retval = krb5_os_init_context(ctx, kdc))) - goto cleanup; + if ((retval = krb5_os_init_context(ctx, kdc))) + goto cleanup; - retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 1, &tmp); - if (retval) - goto cleanup; - ctx->allow_weak_crypto = tmp; + retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 1, &tmp); + if (retval) + goto cleanup; + ctx->allow_weak_crypto = tmp; - /* initialize the prng (not well, but passable) */ - if ((retval = krb5_c_random_os_entropy( ctx, 0, NULL)) !=0) - goto cleanup; - if ((retval = krb5_crypto_us_timeofday(&seed_data.now, &seed_data.now_usec))) - goto cleanup; - seed_data.pid = getpid (); - seed.length = sizeof(seed_data); - seed.data = (char *) &seed_data; - if ((retval = krb5_c_random_add_entropy(ctx, KRB5_C_RANDSOURCE_TIMING, &seed))) - goto cleanup; + /* initialize the prng (not well, but passable) */ + if ((retval = krb5_c_random_os_entropy( ctx, 0, NULL)) !=0) + goto cleanup; + if ((retval = krb5_crypto_us_timeofday(&seed_data.now, &seed_data.now_usec))) + goto cleanup; + seed_data.pid = getpid (); + seed.length = sizeof(seed_data); + seed.data = (char *) &seed_data; + if ((retval = krb5_c_random_add_entropy(ctx, KRB5_C_RANDSOURCE_TIMING, &seed))) + goto cleanup; - ctx->default_realm = 0; - profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CLOCKSKEW, - 0, 5 * 60, &tmp); - ctx->clockskew = tmp; + ctx->default_realm = 0; + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CLOCKSKEW, + 0, 5 * 60, &tmp); + ctx->clockskew = tmp; #if 0 - /* Default ticket lifetime is currently not supported */ - profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, "tkt_lifetime", - 0, 10 * 60 * 60, &tmp); - ctx->tkt_lifetime = tmp; + /* Default ticket lifetime is currently not supported */ + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, "tkt_lifetime", + 0, 10 * 60 * 60, &tmp); + ctx->tkt_lifetime = tmp; #endif - /* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2) */ - /* DCE add kdc_req_checksum_type = 2 to krb5.conf */ - profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_KDC_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5, - &tmp); - ctx->kdc_req_sumtype = tmp; - - profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, 0, - &tmp); - ctx->default_ap_req_sumtype = tmp; - - profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_SAFE_CHECKSUM_TYPE, 0, - CKSUMTYPE_RSA_MD5_DES, &tmp); - ctx->default_safe_sumtype = tmp; - - profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_KDC_DEFAULT_OPTIONS, 0, - KDC_OPT_RENEWABLE_OK, &tmp); - ctx->kdc_default_options = tmp; + /* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2) */ + /* DCE add kdc_req_checksum_type = 2 to krb5.conf */ + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_KDC_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5, + &tmp); + ctx->kdc_req_sumtype = tmp; + + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, 0, + &tmp); + ctx->default_ap_req_sumtype = tmp; + + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_SAFE_CHECKSUM_TYPE, 0, + CKSUMTYPE_RSA_MD5_DES, &tmp); + ctx->default_safe_sumtype = tmp; + + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_KDC_DEFAULT_OPTIONS, 0, + KDC_OPT_RENEWABLE_OK, &tmp); + ctx->kdc_default_options = tmp; #define DEFAULT_KDC_TIMESYNC 1 - profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_KDC_TIMESYNC, 0, DEFAULT_KDC_TIMESYNC, - &tmp); - ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0; - - /* - * We use a default file credentials cache of 3. See - * lib/krb5/krb/ccache/file/fcc.h for a description of the - * credentials cache types. - * - * Note: DCE 1.0.3a only supports a cache type of 1 - * DCE 1.1 supports a cache type of 2. - */ + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_KDC_TIMESYNC, 0, DEFAULT_KDC_TIMESYNC, + &tmp); + ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0; + + /* + * We use a default file credentials cache of 3. See + * lib/krb5/krb/ccache/file/fcc.h for a description of the + * credentials cache types. + * + * Note: DCE 1.0.3a only supports a cache type of 1 + * DCE 1.1 supports a cache type of 2. + */ #define DEFAULT_CCACHE_TYPE 4 - profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CCACHE_TYPE, - 0, DEFAULT_CCACHE_TYPE, &tmp); - ctx->fcc_default_format = tmp + 0x0500; - ctx->prompt_types = 0; - ctx->use_conf_ktypes = 0; - - ctx->udp_pref_limit = -1; - *context = ctx; - return 0; + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CCACHE_TYPE, + 0, DEFAULT_CCACHE_TYPE, &tmp); + ctx->fcc_default_format = tmp + 0x0500; + ctx->prompt_types = 0; + ctx->use_conf_ktypes = 0; + + ctx->udp_pref_limit = -1; + *context = ctx; + return 0; cleanup: - krb5_free_context(ctx); - return retval; + krb5_free_context(ctx); + return retval; } void KRB5_CALLCONV krb5_free_context(krb5_context ctx) { - if (ctx == NULL) - return; - krb5_os_free_context(ctx); - - free(ctx->in_tkt_etypes); - ctx->in_tkt_etypes = NULL; - free(ctx->tgs_etypes); - ctx->tgs_etypes = NULL; - free(ctx->default_realm); - ctx->default_realm = 0; - if (ctx->ser_ctx_count && ctx->ser_ctx) { - free(ctx->ser_ctx); - ctx->ser_ctx = 0; - } - - krb5_clear_error_message(ctx); - - ctx->magic = 0; - free(ctx); + if (ctx == NULL) + return; + krb5_os_free_context(ctx); + + free(ctx->in_tkt_etypes); + ctx->in_tkt_etypes = NULL; + free(ctx->tgs_etypes); + ctx->tgs_etypes = NULL; + free(ctx->default_realm); + ctx->default_realm = 0; + if (ctx->ser_ctx_count && ctx->ser_ctx) { + free(ctx->ser_ctx); + ctx->ser_ctx = 0; + } + + krb5_clear_error_message(ctx); + + ctx->magic = 0; + free(ctx); } /* Copy the zero-terminated enctype list old_list into *new_list. */ static krb5_error_code copy_enctypes(krb5_context context, const krb5_enctype *old_list, - krb5_enctype **new_list) + krb5_enctype **new_list) { unsigned int count; krb5_enctype *list; @@ -288,7 +289,7 @@ copy_enctypes(krb5_context context, const krb5_enctype *old_list, for (count = 0; old_list[count]; count++); list = malloc(sizeof(krb5_enctype) * (count + 1)); if (list == NULL) - return ENOMEM; + return ENOMEM; memcpy(list, old_list, sizeof(krb5_enctype) * (count + 1)); *new_list = list; return 0; @@ -299,25 +300,25 @@ copy_enctypes(krb5_context context, const krb5_enctype *old_list, */ static krb5_error_code set_default_etype_var(krb5_context context, const krb5_enctype *etypes, - krb5_enctype **var) + krb5_enctype **var) { krb5_error_code code; krb5_enctype *list; int i; if (etypes) { - for (i = 0; etypes[i]; i++) { - if (!krb5_c_valid_enctype(etypes[i])) - return KRB5_PROG_ETYPE_NOSUPP; - if (!context->allow_weak_crypto && krb5int_c_weak_enctype(etypes[i])) - return KRB5_PROG_ETYPE_NOSUPP; - } - - code = copy_enctypes(context, etypes, &list); - if (code) - return code; + for (i = 0; etypes[i]; i++) { + if (!krb5_c_valid_enctype(etypes[i])) + return KRB5_PROG_ETYPE_NOSUPP; + if (!context->allow_weak_crypto && krb5int_c_weak_enctype(etypes[i])) + return KRB5_PROG_ETYPE_NOSUPP; + } + + code = copy_enctypes(context, etypes, &list); + if (code) + return code; } else { - list = NULL; + list = NULL; } free(*var); @@ -327,7 +328,7 @@ set_default_etype_var(krb5_context context, const krb5_enctype *etypes, krb5_error_code krb5_set_default_in_tkt_ktypes(krb5_context context, - const krb5_enctype *etypes) + const krb5_enctype *etypes) { return set_default_etype_var(context, etypes, &context->in_tkt_etypes); } @@ -352,26 +353,26 @@ krb5_set_default_tgs_ktypes(krb5_context context, const krb5_enctype *etypes) */ static void mod_list(krb5_enctype etype, krb5_boolean add, krb5_boolean allow_weak, - krb5_enctype *list, unsigned int *count) + krb5_enctype *list, unsigned int *count) { unsigned int i; assert(etype > 0 && etype <= MAX_ENCTYPE); if (!allow_weak && krb5int_c_weak_enctype(etype)) - return; + return; for (i = 0; i < *count; i++) { - if (list[i] == etype) { - if (!add) { - for (; i < *count - 1; i++) - list[i] = list[i + 1]; - (*count)--; - } - return; - } + if (list[i] == etype) { + if (!add) { + for (; i < *count - 1; i++) + list[i] = list[i + 1]; + (*count)--; + } + return; + } } if (add) { - assert(*count < MAX_ENCTYPE); - list[(*count)++] = etype; + assert(*count < MAX_ENCTYPE); + list[(*count)++] = etype; } } @@ -381,7 +382,7 @@ mod_list(krb5_enctype etype, krb5_boolean add, krb5_boolean allow_weak, */ krb5_error_code krb5int_parse_enctype_list(krb5_context context, char *profstr, - krb5_enctype *default_list, krb5_enctype **result) + krb5_enctype *default_list, krb5_enctype **result) { char *token, *delim = " \t\r\n,", *save = NULL; krb5_boolean sel, weak = context->allow_weak_crypto; @@ -392,31 +393,31 @@ krb5int_parse_enctype_list(krb5_context context, char *profstr, /* Walk through the words in profstr. */ for (token = strtok_r(profstr, delim, &save); token; - token = strtok_r(NULL, delim, &save)) { - /* Determine if we are adding or removing enctypes. */ - sel = TRUE; - if (*token == '+' || *token == '-') - sel = (*token++ == '+'); - - if (strcasecmp(token, "DEFAULT") == 0) { - /* Set all enctypes in the default list. */ - for (i = 0; default_list[i]; i++) - mod_list(default_list[i], sel, weak, list, &count); - } else if (strcasecmp(token, "des") == 0) { - mod_list(ENCTYPE_DES_CBC_CRC, sel, weak, list, &count); - mod_list(ENCTYPE_DES_CBC_MD5, sel, weak, list, &count); - mod_list(ENCTYPE_DES_CBC_MD4, sel, weak, list, &count); - } else if (strcasecmp(token, "des3") == 0) { - mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, list, &count); - } else if (strcasecmp(token, "aes") == 0) { - mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, list, &count); - mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, list, &count); - } else if (strcasecmp(token, "rc4") == 0) { - mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, list, &count); - } else if (krb5_string_to_enctype(token, &etype) == 0) { - /* Set a specific enctype. */ - mod_list(etype, sel, weak, list, &count); - } + token = strtok_r(NULL, delim, &save)) { + /* Determine if we are adding or removing enctypes. */ + sel = TRUE; + if (*token == '+' || *token == '-') + sel = (*token++ == '+'); + + if (strcasecmp(token, "DEFAULT") == 0) { + /* Set all enctypes in the default list. */ + for (i = 0; default_list[i]; i++) + mod_list(default_list[i], sel, weak, list, &count); + } else if (strcasecmp(token, "des") == 0) { + mod_list(ENCTYPE_DES_CBC_CRC, sel, weak, list, &count); + mod_list(ENCTYPE_DES_CBC_MD5, sel, weak, list, &count); + mod_list(ENCTYPE_DES_CBC_MD4, sel, weak, list, &count); + } else if (strcasecmp(token, "des3") == 0) { + mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, list, &count); + } else if (strcasecmp(token, "aes") == 0) { + mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, list, &count); + mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, list, &count); + } else if (strcasecmp(token, "rc4") == 0) { + mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, list, &count); + } else if (krb5_string_to_enctype(token, &etype) == 0) { + /* Set a specific enctype. */ + mod_list(etype, sel, weak, list, &count); + } } list[count] = 0; @@ -433,8 +434,8 @@ krb5int_parse_enctype_list(krb5_context context, char *profstr, */ static krb5_error_code get_profile_etype_list(krb5_context context, krb5_enctype **etypes_ptr, - char *profkey, krb5_enctype *ctx_list, - krb5_enctype *default_list) + char *profkey, krb5_enctype *ctx_list, + krb5_enctype *default_list) { krb5_enctype *etypes; krb5_error_code code; @@ -443,26 +444,26 @@ get_profile_etype_list(krb5_context context, krb5_enctype **etypes_ptr, *etypes_ptr = NULL; if (ctx_list) { - /* Use application defaults. */ - code = copy_enctypes(context, ctx_list, &etypes); - if (code) - return code; + /* Use application defaults. */ + code = copy_enctypes(context, ctx_list, &etypes); + if (code) + return code; } else { - /* Parse profile setting, or "DEFAULT" if not specified. */ - code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, - profkey, NULL, "DEFAULT", &profstr); - if (code) - return code; - code = krb5int_parse_enctype_list(context, profstr, default_list, - &etypes); - profile_release_string(profstr); - if (code) - return code; + /* Parse profile setting, or "DEFAULT" if not specified. */ + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, + profkey, NULL, "DEFAULT", &profstr); + if (code) + return code; + code = krb5int_parse_enctype_list(context, profstr, default_list, + &etypes); + profile_release_string(profstr); + if (code) + return code; } if (etypes[0] == 0) { - free(etypes); - return KRB5_CONFIG_ETYPE_NOSUPP; + free(etypes); + return KRB5_CONFIG_ETYPE_NOSUPP; } *etypes_ptr = etypes; @@ -473,9 +474,9 @@ krb5_error_code krb5_get_default_in_tkt_ktypes(krb5_context context, krb5_enctype **ktypes) { return get_profile_etype_list(context, ktypes, - KRB5_CONF_DEFAULT_TKT_ENCTYPES, - context->in_tkt_etypes, - default_enctype_list); + KRB5_CONF_DEFAULT_TKT_ENCTYPES, + context->in_tkt_etypes, + default_enctype_list); } void @@ -490,24 +491,24 @@ KRB5_CALLCONV krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ, krb5_enctype **ktypes) { if (context->use_conf_ktypes) - /* This one is set *only* by reading the config file; it's not - set by the application. */ - return get_profile_etype_list(context, ktypes, - KRB5_CONF_DEFAULT_TKT_ENCTYPES, NULL, - default_enctype_list); + /* This one is set *only* by reading the config file; it's not + set by the application. */ + return get_profile_etype_list(context, ktypes, + KRB5_CONF_DEFAULT_TKT_ENCTYPES, NULL, + default_enctype_list); else - return get_profile_etype_list(context, ktypes, - KRB5_CONF_DEFAULT_TGS_ENCTYPES, - context->tgs_etypes, - default_enctype_list); + return get_profile_etype_list(context, ktypes, + KRB5_CONF_DEFAULT_TGS_ENCTYPES, + context->tgs_etypes, + default_enctype_list); } krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes) { return get_profile_etype_list(context, ktypes, - KRB5_CONF_PERMITTED_ENCTYPES, - context->tgs_etypes, default_enctype_list); + KRB5_CONF_PERMITTED_ENCTYPES, + context->tgs_etypes, default_enctype_list); } krb5_boolean @@ -517,14 +518,14 @@ krb5_is_permitted_enctype(krb5_context context, krb5_enctype etype) krb5_boolean ret; if (krb5_get_permitted_enctypes(context, &list)) - return(0); + return(0); + - ret = 0; for (ptr = list; *ptr; ptr++) - if (*ptr == etype) - ret = 1; + if (*ptr == etype) + ret = 1; krb5_free_ktypes (context, list); @@ -571,11 +572,11 @@ krb5_copy_context(krb5_context ctx, krb5_context *nctx_out) *nctx_out = NULL; if (ctx == NULL) - return EINVAL; /* XXX */ + return EINVAL; /* XXX */ nctx = malloc(sizeof(*nctx)); if (nctx == NULL) - return ENOMEM; + return ENOMEM; *nctx = *ctx; @@ -600,28 +601,28 @@ krb5_copy_context(krb5_context ctx, krb5_context *nctx_out) ret = copy_enctypes(nctx, ctx->in_tkt_etypes, &nctx->in_tkt_etypes); if (ret) - goto errout; + goto errout; ret = copy_enctypes(nctx, ctx->tgs_etypes, &nctx->tgs_etypes); if (ret) - goto errout; + goto errout; if (ctx->os_context.default_ccname != NULL) { - nctx->os_context.default_ccname = - strdup(ctx->os_context.default_ccname); - if (nctx->os_context.default_ccname == NULL) { - ret = ENOMEM; - goto errout; - } + nctx->os_context.default_ccname = + strdup(ctx->os_context.default_ccname); + if (nctx->os_context.default_ccname == NULL) { + ret = ENOMEM; + goto errout; + } } ret = krb5_get_profile(ctx, &nctx->profile); if (ret) - goto errout; + goto errout; errout: if (ret) { - krb5_free_context(nctx); + krb5_free_context(nctx); } else { - *nctx_out = nctx; + *nctx_out = nctx; } return ret; } diff --git a/src/lib/krb5/krb/init_keyblock.c b/src/lib/krb5/krb/init_keyblock.c index 3be842a..baf7dab 100644 --- a/src/lib/krb5/krb/init_keyblock.c +++ b/src/lib/krb5/krb/init_keyblock.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/init_keyblock.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,10 +23,10 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * * - * krb5_init_keyblock- a function to set up + * + * + * krb5_init_keyblock- a function to set up * an empty keyblock */ @@ -34,8 +35,8 @@ #include <assert.h> krb5_error_code KRB5_CALLCONV krb5_init_keyblock - (krb5_context context, krb5_enctype enctype, - size_t length, krb5_keyblock **out) +(krb5_context context, krb5_enctype enctype, + size_t length, krb5_keyblock **out) { - return krb5int_c_init_keyblock (context, enctype, length, out); + return krb5int_c_init_keyblock (context, enctype, length, out); } diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h index 724e18b..081a8a3 100644 --- a/src/lib/krb5/krb/int-proto.h +++ b/src/lib/krb5/krb/int-proto.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/int-proto.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Function prototypes for Kerberos V5 library internal functions. */ @@ -32,14 +33,14 @@ #define KRB5_INT_FUNC_PROTO__ krb5_error_code krb5_tgtname - (krb5_context context, - const krb5_data *, - const krb5_data *, - krb5_principal *); +(krb5_context context, + const krb5_data *, + const krb5_data *, + krb5_principal *); krb5_error_code krb5_libdefault_boolean - (krb5_context, const krb5_data *, const char *, - int *); +(krb5_context, const krb5_data *, const char *, + int *); krb5_error_code krb5_ser_authdata_init (krb5_context); krb5_error_code krb5_ser_address_init (krb5_context); @@ -51,40 +52,39 @@ krb5_error_code krb5_ser_authdata_context_init (krb5_context); krb5_error_code krb5_preauth_supply_preauth_data(krb5_context context, - krb5_gic_opt_ext *opte, - const char *attr, - const char *value); + krb5_gic_opt_ext *opte, + const char *attr, + const char *value); krb5_error_code krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, - krb5_creds *in_cred, krb5_creds **out_cred, - krb5_creds ***tgts, int kdcopt); + krb5_creds *in_cred, krb5_creds **out_cred, + krb5_creds ***tgts, int kdcopt); krb5_error_code krb5int_construct_matching_creds(krb5_context context, krb5_flags options, - krb5_creds *in_creds, krb5_creds *mcreds, - krb5_flags *fields); + krb5_creds *in_creds, krb5_creds *mcreds, + krb5_flags *fields); #define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) -#define IS_TGS_PRINC(c, p) \ - (krb5_princ_size((c), (p)) == 2 && \ +#define IS_TGS_PRINC(c, p) \ + (krb5_princ_size((c), (p)) == 2 && \ data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) krb5_error_code krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt, - krb5_flags kdcoptions, krb5_address *const *address, - krb5_pa_data **in_padata, - krb5_creds *in_cred, - krb5_error_code (*gcvt_fct)(krb5_context, - krb5_keyblock *, - krb5_kdc_req *, - void *), - void *gcvt_data, - krb5_pa_data ***out_padata, - krb5_pa_data ***enc_padata, - krb5_creds **out_cred, - krb5_keyblock **out_subkey); + krb5_flags kdcoptions, krb5_address *const *address, + krb5_pa_data **in_padata, + krb5_creds *in_cred, + krb5_error_code (*gcvt_fct)(krb5_context, + krb5_keyblock *, + krb5_kdc_req *, + void *), + void *gcvt_data, + krb5_pa_data ***out_padata, + krb5_pa_data ***enc_padata, + krb5_creds **out_cred, + krb5_keyblock **out_subkey); #endif /* KRB5_INT_FUNC_PROTO__ */ - diff --git a/src/lib/krb5/krb/kdc_rep_dc.c b/src/lib/krb5/krb/kdc_rep_dc.c index 42559b2..dfd3ba2 100644 --- a/src/lib/krb5/krb/kdc_rep_dc.c +++ b/src/lib/krb5/krb/kdc_rep_dc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/kdc_rep_dc.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kdc_rep_decrypt_proc() */ @@ -45,34 +46,34 @@ krb5_kdc_rep_decrypt_proc(krb5_context context, const krb5_keyblock *key, krb5_c krb5_keyusage usage; if (decryptarg) { - usage = *(const krb5_keyusage *) decryptarg; + usage = *(const krb5_keyusage *) decryptarg; } else { - usage = KRB5_KEYUSAGE_AS_REP_ENCPART; + usage = KRB5_KEYUSAGE_AS_REP_ENCPART; } /* set up scratch decrypt/decode area */ scratch.length = dec_rep->enc_part.ciphertext.length; if (!(scratch.data = malloc(dec_rep->enc_part.ciphertext.length))) { - return(ENOMEM); + return(ENOMEM); } /*dec_rep->enc_part.enctype;*/ if ((retval = krb5_c_decrypt(context, key, usage, 0, &dec_rep->enc_part, - &scratch))) { - free(scratch.data); - return(retval); + &scratch))) { + free(scratch.data); + return(retval); } -#define clean_scratch() {memset(scratch.data, 0, scratch.length); \ -free(scratch.data);} +#define clean_scratch() {memset(scratch.data, 0, scratch.length); \ + free(scratch.data);} /* and do the decode */ retval = decode_krb5_enc_kdc_rep_part(&scratch, &local_encpart); clean_scratch(); if (retval) - return retval; + return retval; dec_rep->enc_part2 = local_encpart; diff --git a/src/lib/krb5/krb/kerrs.c b/src/lib/krb5/krb/kerrs.c index 51f1eca..7525e29 100644 --- a/src/lib/krb5/krb/kerrs.c +++ b/src/lib/krb5/krb/kerrs.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/kerrs.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -38,63 +39,63 @@ static int error_message_debug = 0; #undef krb5_set_error_message void KRB5_CALLCONV_C krb5_set_error_message (krb5_context ctx, krb5_error_code code, - const char *fmt, ...) + const char *fmt, ...) { va_list args; if (ctx == NULL) - return; + return; va_start (args, fmt); #ifdef DEBUG if (ERROR_MESSAGE_DEBUG()) - fprintf(stderr, - "krb5_set_error_message(ctx=%p/err=%p, code=%ld, ...)\n", - ctx, &ctx->err, (long) code); + fprintf(stderr, + "krb5_set_error_message(ctx=%p/err=%p, code=%ld, ...)\n", + ctx, &ctx->err, (long) code); #endif krb5int_vset_error (&ctx->err, code, fmt, args); #ifdef DEBUG if (ERROR_MESSAGE_DEBUG()) - fprintf(stderr, "->%s\n", ctx->err.msg); + fprintf(stderr, "->%s\n", ctx->err.msg); #endif va_end (args); } void KRB5_CALLCONV_C krb5_set_error_message_fl (krb5_context ctx, krb5_error_code code, - const char *file, int line, const char *fmt, ...) + const char *file, int line, const char *fmt, ...) { va_list args; if (ctx == NULL) - return; + return; va_start (args, fmt); #ifdef DEBUG if (ERROR_MESSAGE_DEBUG()) - fprintf(stderr, - "krb5_set_error_message(ctx=%p/err=%p, code=%ld, ...)\n", - ctx, &ctx->err, (long) code); + fprintf(stderr, + "krb5_set_error_message(ctx=%p/err=%p, code=%ld, ...)\n", + ctx, &ctx->err, (long) code); #endif krb5int_vset_error_fl (&ctx->err, code, file, line, fmt, args); #ifdef DEBUG if (ERROR_MESSAGE_DEBUG()) - fprintf(stderr, "->%s\n", ctx->err.msg); + fprintf(stderr, "->%s\n", ctx->err.msg); #endif va_end (args); } void KRB5_CALLCONV krb5_vset_error_message (krb5_context ctx, krb5_error_code code, - const char *fmt, va_list args) + const char *fmt, va_list args) { #ifdef DEBUG if (ERROR_MESSAGE_DEBUG()) - fprintf(stderr, "krb5_vset_error_message(ctx=%p, code=%ld, ...)\n", - ctx, (long) code); + fprintf(stderr, "krb5_vset_error_message(ctx=%p, code=%ld, ...)\n", + ctx, (long) code); #endif if (ctx == NULL) - return; + return; krb5int_vset_error (&ctx->err, code, fmt, args); #ifdef DEBUG if (ERROR_MESSAGE_DEBUG()) - fprintf(stderr, "->%s\n", ctx->err.msg); + fprintf(stderr, "->%s\n", ctx->err.msg); #endif } @@ -103,12 +104,12 @@ void KRB5_CALLCONV krb5_copy_error_message (krb5_context dest_ctx, krb5_context src_ctx) { if (dest_ctx == src_ctx) - return; + return; if (src_ctx->err.msg) { - krb5int_set_error(&dest_ctx->err, src_ctx->err.code, "%s", - src_ctx->err.msg); + krb5int_set_error(&dest_ctx->err, src_ctx->err.code, "%s", + src_ctx->err.msg); } else { - krb5int_clear_error(&dest_ctx->err); + krb5int_clear_error(&dest_ctx->err); } } @@ -117,10 +118,10 @@ krb5_get_error_message (krb5_context ctx, krb5_error_code code) { #ifdef DEBUG if (ERROR_MESSAGE_DEBUG()) - fprintf(stderr, "krb5_get_error_message(%p, %ld)\n", ctx, (long) code); + fprintf(stderr, "krb5_get_error_message(%p, %ld)\n", ctx, (long) code); #endif if (ctx == NULL) - return error_message(code); + return error_message(code); return krb5int_get_error (&ctx->err, code); } @@ -129,10 +130,10 @@ krb5_free_error_message (krb5_context ctx, const char *msg) { #ifdef DEBUG if (ERROR_MESSAGE_DEBUG()) - fprintf(stderr, "krb5_free_error_message(%p, %p)\n", ctx, msg); + fprintf(stderr, "krb5_free_error_message(%p, %p)\n", ctx, msg); #endif if (ctx == NULL) - return; + return; krb5int_free_error (&ctx->err, msg); } @@ -141,9 +142,9 @@ krb5_clear_error_message (krb5_context ctx) { #ifdef DEBUG if (ERROR_MESSAGE_DEBUG()) - fprintf(stderr, "krb5_clear_error_message(%p)\n", ctx); + fprintf(stderr, "krb5_clear_error_message(%p)\n", ctx); #endif if (ctx == NULL) - return; + return; krb5int_clear_error (&ctx->err); } diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 801eed0..c372e70 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/free/f_addr.c * @@ -7,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -21,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_free_address() */ @@ -60,7 +61,7 @@ void KRB5_CALLCONV krb5_free_address(krb5_context context, krb5_address *val) { if (val == NULL) - return; + return; free(val->contents); free(val); } @@ -71,10 +72,10 @@ krb5_free_addresses(krb5_context context, krb5_address **val) register krb5_address **temp; if (val == NULL) - return; + return; for (temp = val; *temp; temp++) { - free((*temp)->contents); - free(*temp); + free((*temp)->contents); + free(*temp); } free(val); } @@ -82,18 +83,18 @@ krb5_free_addresses(krb5_context context, krb5_address **val) void KRB5_CALLCONV krb5_free_alt_method(krb5_context context, - krb5_alt_method *alt) + krb5_alt_method *alt) { if (alt) { - free(alt->data); - free(alt); + free(alt->data); + free(alt); } } void KRB5_CALLCONV krb5_free_ap_rep(krb5_context context, register krb5_ap_rep *val) { if (val == NULL) - return; + return; free(val->enc_part.ciphertext.data); free(val); } @@ -102,7 +103,7 @@ void KRB5_CALLCONV krb5_free_ap_req(krb5_context context, register krb5_ap_req *val) { if (val == NULL) - return; + return; krb5_free_ticket(context, val->ticket); free(val->authenticator.ciphertext.data); free(val); @@ -112,7 +113,7 @@ void KRB5_CALLCONV krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part *val) { if (val == NULL) - return; + return; krb5_free_keyblock(context, val->subkey); free(val); } @@ -121,7 +122,7 @@ void KRB5_CALLCONV krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val) { if (val == NULL) - return; + return; krb5_free_checksum(context, val->checksum); val->checksum = 0; krb5_free_principal(context, val->client); @@ -138,10 +139,10 @@ krb5_free_authdata(krb5_context context, krb5_authdata **val) register krb5_authdata **temp; if (val == NULL) - return; + return; for (temp = val; *temp; temp++) { - free((*temp)->contents); - free(*temp); + free((*temp)->contents); + free(*temp); } free(val); } @@ -150,7 +151,7 @@ void KRB5_CALLCONV krb5_free_authenticator(krb5_context context, krb5_authenticator *val) { if (val == NULL) - return; + return; krb5_free_authenticator_contents(context, val); free(val); } @@ -159,7 +160,7 @@ void KRB5_CALLCONV krb5_free_checksum(krb5_context context, register krb5_checksum *val) { if (val == NULL) - return; + return; krb5_free_checksum_contents(context, val); free(val); } @@ -168,7 +169,7 @@ void KRB5_CALLCONV krb5_free_checksum_contents(krb5_context context, register krb5_checksum *val) { if (val == NULL) - return; + return; free(val->contents); val->contents = NULL; } @@ -177,7 +178,7 @@ void KRB5_CALLCONV krb5_free_cred(krb5_context context, register krb5_cred *val) { if (val == NULL) - return; + return; krb5_free_tickets(context, val->tickets); free(val->enc_part.ciphertext.data); free(val); @@ -185,14 +186,14 @@ krb5_free_cred(krb5_context context, register krb5_cred *val) /* * krb5_free_cred_contents zeros out the session key, and then frees - * the credentials structures + * the credentials structures */ void KRB5_CALLCONV krb5_free_cred_contents(krb5_context context, krb5_creds *val) { if (val == NULL) - return; + return; krb5_free_principal(context, val->client); val->client = 0; krb5_free_principal(context, val->server); @@ -208,28 +209,28 @@ krb5_free_cred_contents(krb5_context context, krb5_creds *val) val->authdata = 0; } -void KRB5_CALLCONV +void KRB5_CALLCONV krb5_free_cred_enc_part(krb5_context context, register krb5_cred_enc_part *val) { register krb5_cred_info **temp; - + if (val == NULL) - return; + return; krb5_free_address(context, val->r_address); val->r_address = 0; krb5_free_address(context, val->s_address); val->s_address = 0; if (val->ticket_info) { - for (temp = val->ticket_info; *temp; temp++) { - krb5_free_keyblock(context, (*temp)->session); - krb5_free_principal(context, (*temp)->client); - krb5_free_principal(context, (*temp)->server); - krb5_free_addresses(context, (*temp)->caddrs); - free(*temp); - } - free(val->ticket_info); - val->ticket_info = 0; + for (temp = val->ticket_info; *temp; temp++) { + krb5_free_keyblock(context, (*temp)->session); + krb5_free_principal(context, (*temp)->client); + krb5_free_principal(context, (*temp)->server); + krb5_free_addresses(context, (*temp)->caddrs); + free(*temp); + } + free(val->ticket_info); + val->ticket_info = 0; } } @@ -238,7 +239,7 @@ void KRB5_CALLCONV krb5_free_creds(krb5_context context, krb5_creds *val) { if (val == NULL) - return; + return; krb5_free_cred_contents(context, val); free(val); } @@ -248,7 +249,7 @@ void KRB5_CALLCONV krb5_free_data(krb5_context context, krb5_data *val) { if (val == NULL) - return; + return; free(val->data); free(val); } @@ -257,10 +258,10 @@ void KRB5_CALLCONV krb5_free_data_contents(krb5_context context, krb5_data *val) { if (val == NULL) - return; + return; if (val->data) { - free(val->data); - val->data = 0; + free(val->data); + val->data = 0; } } @@ -268,7 +269,7 @@ void KRB5_CALLCONV krb5_free_enc_data(krb5_context context, krb5_enc_data *val) { if (val == NULL) - return; + return; krb5_free_data_contents(context, &val->ciphertext); free(val); } @@ -278,21 +279,21 @@ void krb5_free_etype_info(krb5_context context, krb5_etype_info info) int i; if (info == NULL) - return; + return; for (i=0; info[i] != NULL; i++) { - free(info[i]->salt); - krb5_free_data_contents(context, &info[i]->s2kparams); - free(info[i]); + free(info[i]->salt); + krb5_free_data_contents(context, &info[i]->s2kparams); + free(info[i]); } free(info); } - + void KRB5_CALLCONV krb5_free_enc_kdc_rep_part(krb5_context context, register krb5_enc_kdc_rep_part *val) { if (val == NULL) - return; + return; krb5_free_keyblock(context, val->session); krb5_free_last_req(context, val->last_req); krb5_free_principal(context, val->server); @@ -305,7 +306,7 @@ void KRB5_CALLCONV krb5_free_enc_tkt_part(krb5_context context, krb5_enc_tkt_part *val) { if (val == NULL) - return; + return; krb5_free_keyblock(context, val->session); krb5_free_principal(context, val->client); free(val->transited.tr_contents.data); @@ -319,7 +320,7 @@ void KRB5_CALLCONV krb5_free_error(krb5_context context, register krb5_error *val) { if (val == NULL) - return; + return; krb5_free_principal(context, val->client); krb5_free_principal(context, val->server); free(val->text.data); @@ -331,7 +332,7 @@ void KRB5_CALLCONV krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *val) { if (val == NULL) - return; + return; krb5_free_pa_data(context, val->padata); krb5_free_principal(context, val->client); krb5_free_ticket(context, val->ticket); @@ -345,7 +346,7 @@ void KRB5_CALLCONV krb5_free_kdc_req(krb5_context context, krb5_kdc_req *val) { if (val == NULL) - return; + return; assert( val->kdc_state == NULL); krb5_free_pa_data(context, val->padata); krb5_free_principal(context, val->client); @@ -378,9 +379,9 @@ krb5_free_last_req(krb5_context context, krb5_last_req_entry **val) register krb5_last_req_entry **temp; if (val == NULL) - return; + return; for (temp = val; *temp; temp++) - free(*temp); + free(*temp); free(val); } @@ -390,10 +391,10 @@ krb5_free_pa_data(krb5_context context, krb5_pa_data **val) register krb5_pa_data **temp; if (val == NULL) - return; + return; for (temp = val; *temp; temp++) { - free((*temp)->contents); - free(*temp); + free((*temp)->contents); + free(*temp); } free(val); } @@ -404,13 +405,13 @@ krb5_free_principal(krb5_context context, krb5_principal val) register krb5_int32 i; if (!val) - return; - + return; + if (val->data) { - i = krb5_princ_size(context, val); - while(--i >= 0) - free(krb5_princ_component(context, val, i)->data); - free(val->data); + i = krb5_princ_size(context, val); + while(--i >= 0) + free(krb5_princ_component(context, val, i)->data); + free(val->data); } free(val->realm.data); free(val); @@ -420,7 +421,7 @@ void KRB5_CALLCONV krb5_free_priv(krb5_context context, register krb5_priv *val) { if (val == NULL) - return; + return; free(val->enc_part.ciphertext.data); free(val); } @@ -429,7 +430,7 @@ void KRB5_CALLCONV krb5_free_priv_enc_part(krb5_context context, register krb5_priv_enc_part *val) { if (val == NULL) - return; + return; free(val->user_data.data); krb5_free_address(context, val->r_address); krb5_free_address(context, val->s_address); @@ -440,7 +441,7 @@ void KRB5_CALLCONV krb5_free_pwd_data(krb5_context context, krb5_pwd_data *val) { if (val == NULL) - return; + return; krb5_free_pwd_sequences(context, val->element); free(val); } @@ -448,10 +449,10 @@ krb5_free_pwd_data(krb5_context context, krb5_pwd_data *val) void KRB5_CALLCONV krb5_free_passwd_phrase_element(krb5_context context, - passwd_phrase_element *val) + passwd_phrase_element *val) { if (val == NULL) - return; + return; krb5_free_data(context, val->passwd); val->passwd = NULL; krb5_free_data(context, val->phrase); @@ -466,9 +467,9 @@ krb5_free_pwd_sequences(krb5_context context, passwd_phrase_element **val) register passwd_phrase_element **temp; if (val == NULL) - return; + return; for (temp = val; *temp; temp++) - krb5_free_passwd_phrase_element(context, *temp); + krb5_free_passwd_phrase_element(context, *temp); free(val); } @@ -477,7 +478,7 @@ void KRB5_CALLCONV krb5_free_safe(krb5_context context, register krb5_safe *val) { if (val == NULL) - return; + return; free(val->user_data.data); krb5_free_address(context, val->r_address); krb5_free_address(context, val->s_address); @@ -490,7 +491,7 @@ void KRB5_CALLCONV krb5_free_ticket(krb5_context context, krb5_ticket *val) { if (val == NULL) - return; + return; krb5_free_principal(context, val->server); free(val->enc_part.ciphertext.data); krb5_free_enc_tkt_part(context, val->enc_part2); @@ -503,7 +504,7 @@ krb5_free_tickets(krb5_context context, krb5_ticket **val) register krb5_ticket **temp; if (val == NULL) - return; + return; for (temp = val; *temp; temp++) krb5_free_ticket(context, *temp); free(val); @@ -515,9 +516,9 @@ krb5_free_tgt_creds(krb5_context context, krb5_creds **tgts) { register krb5_creds **tgtpp; if (tgts == NULL) - return; + return; for (tgtpp = tgts; *tgtpp; tgtpp++) - krb5_free_creds(context, *tgtpp); + krb5_free_creds(context, *tgtpp); free(tgts); } @@ -525,7 +526,7 @@ void KRB5_CALLCONV krb5_free_tkt_authent(krb5_context context, krb5_tkt_authent *val) { if (val == NULL) - return; + return; krb5_free_ticket(context, val->ticket); krb5_free_authenticator(context, val->authenticator); free(val); @@ -535,14 +536,14 @@ void KRB5_CALLCONV krb5_free_unparsed_name(krb5_context context, char *val) { if (val != NULL) - free(val); + free(val); } void KRB5_CALLCONV krb5_free_sam_challenge(krb5_context ctx, krb5_sam_challenge *sc) { if (!sc) - return; + return; krb5_free_sam_challenge_contents(ctx, sc); free(sc); } @@ -551,7 +552,7 @@ void KRB5_CALLCONV krb5_free_sam_challenge_2(krb5_context ctx, krb5_sam_challenge_2 *sc2) { if (!sc2) - return; + return; krb5_free_sam_challenge_2_contents(ctx, sc2); free(sc2); } @@ -560,79 +561,79 @@ void KRB5_CALLCONV krb5_free_sam_challenge_contents(krb5_context ctx, krb5_sam_challenge *sc) { if (!sc) - return; + return; if (sc->sam_type_name.data) - krb5_free_data_contents(ctx, &sc->sam_type_name); + krb5_free_data_contents(ctx, &sc->sam_type_name); if (sc->sam_track_id.data) - krb5_free_data_contents(ctx, &sc->sam_track_id); + krb5_free_data_contents(ctx, &sc->sam_track_id); if (sc->sam_challenge_label.data) - krb5_free_data_contents(ctx, &sc->sam_challenge_label); + krb5_free_data_contents(ctx, &sc->sam_challenge_label); if (sc->sam_challenge.data) - krb5_free_data_contents(ctx, &sc->sam_challenge); + krb5_free_data_contents(ctx, &sc->sam_challenge); if (sc->sam_response_prompt.data) - krb5_free_data_contents(ctx, &sc->sam_response_prompt); + krb5_free_data_contents(ctx, &sc->sam_response_prompt); if (sc->sam_pk_for_sad.data) - krb5_free_data_contents(ctx, &sc->sam_pk_for_sad); + krb5_free_data_contents(ctx, &sc->sam_pk_for_sad); free(sc->sam_cksum.contents); sc->sam_cksum.contents = 0; } void KRB5_CALLCONV krb5_free_sam_challenge_2_contents(krb5_context ctx, - krb5_sam_challenge_2 *sc2) + krb5_sam_challenge_2 *sc2) { krb5_checksum **cksump; if (!sc2) - return; + return; if (sc2->sam_challenge_2_body.data) - krb5_free_data_contents(ctx, &sc2->sam_challenge_2_body); + krb5_free_data_contents(ctx, &sc2->sam_challenge_2_body); if (sc2->sam_cksum) { - cksump = sc2->sam_cksum; - while (*cksump) { - krb5_free_checksum(ctx, *cksump); - cksump++; - } - free(sc2->sam_cksum); - sc2->sam_cksum = 0; + cksump = sc2->sam_cksum; + while (*cksump) { + krb5_free_checksum(ctx, *cksump); + cksump++; + } + free(sc2->sam_cksum); + sc2->sam_cksum = 0; } } void KRB5_CALLCONV krb5_free_sam_challenge_2_body(krb5_context ctx, - krb5_sam_challenge_2_body *sc2) + krb5_sam_challenge_2_body *sc2) { if (!sc2) - return; + return; krb5_free_sam_challenge_2_body_contents(ctx, sc2); free(sc2); } void KRB5_CALLCONV krb5_free_sam_challenge_2_body_contents(krb5_context ctx, - krb5_sam_challenge_2_body *sc2) + krb5_sam_challenge_2_body *sc2) { if (!sc2) - return; - if (sc2->sam_type_name.data) - krb5_free_data_contents(ctx, &sc2->sam_type_name); + return; + if (sc2->sam_type_name.data) + krb5_free_data_contents(ctx, &sc2->sam_type_name); if (sc2->sam_track_id.data) - krb5_free_data_contents(ctx, &sc2->sam_track_id); + krb5_free_data_contents(ctx, &sc2->sam_track_id); if (sc2->sam_challenge_label.data) - krb5_free_data_contents(ctx, &sc2->sam_challenge_label); + krb5_free_data_contents(ctx, &sc2->sam_challenge_label); if (sc2->sam_challenge.data) - krb5_free_data_contents(ctx, &sc2->sam_challenge); + krb5_free_data_contents(ctx, &sc2->sam_challenge); if (sc2->sam_response_prompt.data) - krb5_free_data_contents(ctx, &sc2->sam_response_prompt); + krb5_free_data_contents(ctx, &sc2->sam_response_prompt); if (sc2->sam_pk_for_sad.data) - krb5_free_data_contents(ctx, &sc2->sam_pk_for_sad); + krb5_free_data_contents(ctx, &sc2->sam_pk_for_sad); } void KRB5_CALLCONV krb5_free_sam_response(krb5_context ctx, krb5_sam_response *sr) { if (!sr) - return; + return; krb5_free_sam_response_contents(ctx, sr); free(sr); } @@ -641,7 +642,7 @@ void KRB5_CALLCONV krb5_free_sam_response_2(krb5_context ctx, krb5_sam_response_2 *sr2) { if (!sr2) - return; + return; krb5_free_sam_response_2_contents(ctx, sr2); free(sr2); } @@ -650,95 +651,95 @@ void KRB5_CALLCONV krb5_free_sam_response_contents(krb5_context ctx, krb5_sam_response *sr) { if (!sr) - return; + return; if (sr->sam_track_id.data) - krb5_free_data_contents(ctx, &sr->sam_track_id); + krb5_free_data_contents(ctx, &sr->sam_track_id); if (sr->sam_enc_key.ciphertext.data) - krb5_free_data_contents(ctx, &sr->sam_enc_key.ciphertext); + krb5_free_data_contents(ctx, &sr->sam_enc_key.ciphertext); if (sr->sam_enc_nonce_or_ts.ciphertext.data) - krb5_free_data_contents(ctx, &sr->sam_enc_nonce_or_ts.ciphertext); + krb5_free_data_contents(ctx, &sr->sam_enc_nonce_or_ts.ciphertext); } void KRB5_CALLCONV krb5_free_sam_response_2_contents(krb5_context ctx, krb5_sam_response_2 *sr2) { if (!sr2) - return; + return; if (sr2->sam_track_id.data) - krb5_free_data_contents(ctx, &sr2->sam_track_id); + krb5_free_data_contents(ctx, &sr2->sam_track_id); if (sr2->sam_enc_nonce_or_sad.ciphertext.data) - krb5_free_data_contents(ctx, &sr2->sam_enc_nonce_or_sad.ciphertext); + krb5_free_data_contents(ctx, &sr2->sam_enc_nonce_or_sad.ciphertext); } void KRB5_CALLCONV krb5_free_predicted_sam_response(krb5_context ctx, - krb5_predicted_sam_response *psr) + krb5_predicted_sam_response *psr) { if (!psr) - return; + return; krb5_free_predicted_sam_response_contents(ctx, psr); free(psr); } void KRB5_CALLCONV krb5_free_predicted_sam_response_contents(krb5_context ctx, - krb5_predicted_sam_response *psr) + krb5_predicted_sam_response *psr) { if (!psr) - return; + return; if (psr->sam_key.contents) - krb5_free_keyblock_contents(ctx, &psr->sam_key); + krb5_free_keyblock_contents(ctx, &psr->sam_key); krb5_free_principal(ctx, psr->client); psr->client = 0; if (psr->msd.data) - krb5_free_data_contents(ctx, &psr->msd); + krb5_free_data_contents(ctx, &psr->msd); } void KRB5_CALLCONV krb5_free_enc_sam_response_enc(krb5_context ctx, - krb5_enc_sam_response_enc *esre) + krb5_enc_sam_response_enc *esre) { if (!esre) - return; + return; krb5_free_enc_sam_response_enc_contents(ctx, esre); free(esre); } -void KRB5_CALLCONV +void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2(krb5_context ctx, - krb5_enc_sam_response_enc_2 *esre2) + krb5_enc_sam_response_enc_2 *esre2) { if (!esre2) - return; + return; krb5_free_enc_sam_response_enc_2_contents(ctx, esre2); free(esre2); } void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents(krb5_context ctx, - krb5_enc_sam_response_enc *esre) + krb5_enc_sam_response_enc *esre) { if (!esre) - return; + return; if (esre->sam_sad.data) - krb5_free_data_contents(ctx, &esre->sam_sad); + krb5_free_data_contents(ctx, &esre->sam_sad); } void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents(krb5_context ctx, - krb5_enc_sam_response_enc_2 *esre2) + krb5_enc_sam_response_enc_2 *esre2) { if (!esre2) - return; + return; if (esre2->sam_sad.data) - krb5_free_data_contents(ctx, &esre2->sam_sad); + krb5_free_data_contents(ctx, &esre2->sam_sad); } void KRB5_CALLCONV krb5_free_pa_enc_ts(krb5_context ctx, krb5_pa_enc_ts *pa_enc_ts) { if (!pa_enc_ts) - return; + return; free(pa_enc_ts); } @@ -746,7 +747,7 @@ void KRB5_CALLCONV krb5_free_pa_for_user(krb5_context context, krb5_pa_for_user *req) { if (req == NULL) - return; + return; krb5_free_principal(context, req->user); req->user = NULL; krb5_free_checksum_contents(context, &req->cksum); @@ -758,7 +759,7 @@ void KRB5_CALLCONV krb5_free_s4u_userid_contents(krb5_context context, krb5_s4u_userid *user_id) { if (user_id == NULL) - return; + return; user_id->nonce = 0; krb5_free_principal(context, user_id->user); user_id->user = NULL; @@ -772,7 +773,7 @@ void KRB5_CALLCONV krb5_free_pa_s4u_x509_user(krb5_context context, krb5_pa_s4u_x509_user *req) { if (req == NULL) - return; + return; krb5_free_s4u_userid_contents(context, &req->user_id); krb5_free_checksum_contents(context, &req->cksum); free(req); @@ -780,26 +781,26 @@ krb5_free_pa_s4u_x509_user(krb5_context context, krb5_pa_s4u_x509_user *req) void KRB5_CALLCONV krb5_free_pa_server_referral_data(krb5_context context, - krb5_pa_server_referral_data *ref) + krb5_pa_server_referral_data *ref) { if (ref == NULL) - return; + return; krb5_free_data(context, ref->referred_realm); ref->referred_realm = NULL; krb5_free_principal(context, ref->true_principal_name); ref->true_principal_name = NULL; krb5_free_principal(context, ref->requested_principal_name); ref->requested_principal_name = NULL; - krb5_free_checksum_contents(context, &ref->rep_cksum); + krb5_free_checksum_contents(context, &ref->rep_cksum); free(ref); } void KRB5_CALLCONV krb5_free_pa_svr_referral_data(krb5_context context, - krb5_pa_svr_referral_data *ref) + krb5_pa_svr_referral_data *ref) { if (ref == NULL) - return; + return; krb5_free_principal(context, ref->principal); ref->principal = NULL; free(ref); @@ -807,79 +808,79 @@ krb5_free_pa_svr_referral_data(krb5_context context, void KRB5_CALLCONV krb5_free_pa_pac_req(krb5_context context, - krb5_pa_pac_req *req) + krb5_pa_pac_req *req) { free(req); } void KRB5_CALLCONV krb5_free_etype_list(krb5_context context, - krb5_etype_list *etypes) + krb5_etype_list *etypes) { if (etypes != NULL) { - free(etypes->etypes); - free(etypes); + free(etypes->etypes); + free(etypes); } } void krb5_free_fast_req(krb5_context context, krb5_fast_req *val) { - if (val == NULL) - return; - krb5_free_kdc_req(context, val->req_body); - free(val); + if (val == NULL) + return; + krb5_free_kdc_req(context, val->req_body); + free(val); } void krb5_free_fast_armor(krb5_context context, krb5_fast_armor *val) { - if (val == NULL) - return; - krb5_free_data_contents(context, &val->armor_value); - free(val); + if (val == NULL) + return; + krb5_free_data_contents(context, &val->armor_value); + free(val); } void krb5_free_fast_response(krb5_context context, krb5_fast_response *val) { - if (!val) - return; - krb5_free_pa_data(context, val->padata); - krb5_free_fast_finished(context, val->finished); - krb5_free_keyblock(context, val->strengthen_key); - free(val); + if (!val) + return; + krb5_free_pa_data(context, val->padata); + krb5_free_fast_finished(context, val->finished); + krb5_free_keyblock(context, val->strengthen_key); + free(val); } void krb5_free_fast_finished (krb5_context context, krb5_fast_finished *val) { - if (!val) - return; - krb5_free_principal(context, val->client); - krb5_free_checksum_contents(context, &val->ticket_checksum); - free(val); + if (!val) + return; + krb5_free_principal(context, val->client); + krb5_free_checksum_contents(context, &val->ticket_checksum); + free(val); } void krb5_free_typed_data(krb5_context context, krb5_typed_data **in) { - int i = 0; - if (in == NULL) return; - while (in[i] != NULL) { - if (in[i]->data != NULL) - free(in[i]->data); - free(in[i]); - i++; - } - free(in); + int i = 0; + if (in == NULL) return; + while (in[i] != NULL) { + if (in[i]->data != NULL) + free(in[i]->data); + free(in[i]); + i++; + } + free(in); } void krb5_free_fast_armored_req(krb5_context context, - krb5_fast_armored_req *val) + krb5_fast_armored_req *val) { if (val == NULL) - return; + return; if (val->armor) - krb5_free_fast_armor(context, val->armor); + krb5_free_fast_armor(context, val->armor); krb5_free_data_contents(context, &val->enc_part.ciphertext); if (val->req_checksum.contents) - krb5_free_checksum_contents(context, &val->req_checksum); + krb5_free_checksum_contents(context, &val->req_checksum); free(val); } @@ -908,4 +909,3 @@ krb5_free_ad_kdcissued(krb5_context context, krb5_ad_kdcissued *val) krb5_free_authdata(context, val->elements); free(val); } - diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c index 6ce0e35..4c95acc 100644 --- a/src/lib/krb5/krb/mk_cred.c +++ b/src/lib/krb5/krb/mk_cred.c @@ -1,7 +1,8 @@ -/* +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* * NAME * cred.c - * + * * DESCRIPTION * Provide an interface to assemble and disassemble krb5_cred * structures. @@ -20,41 +21,41 @@ /* * encrypt the enc_part of krb5_cred */ -static krb5_error_code +static krb5_error_code encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart, - krb5_key pkey, krb5_enc_data *pencdata) + krb5_key pkey, krb5_enc_data *pencdata) { - krb5_error_code retval; - krb5_data * scratch; + krb5_error_code retval; + krb5_data * scratch; /* start by encoding to-be-encrypted part of the message */ if ((retval = encode_krb5_enc_cred_part(pcredpart, &scratch))) - return retval; + return retval; /* * If the keyblock is NULL, just copy the data from the encoded * data to the ciphertext area. */ if (pkey == NULL) { - pencdata->ciphertext.data = scratch->data; - pencdata->ciphertext.length = scratch->length; - free(scratch); - return 0; + pencdata->ciphertext.data = scratch->data; + pencdata->ciphertext.length = scratch->length; + free(scratch); + return 0; } /* call the encryption routine */ retval = krb5_encrypt_keyhelper(context, pkey, - KRB5_KEYUSAGE_KRB_CRED_ENCPART, - scratch, pencdata); + KRB5_KEYUSAGE_KRB_CRED_ENCPART, + scratch, pencdata); if (retval) { - memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length); + memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length); free(pencdata->ciphertext.data); pencdata->ciphertext.length = 0; pencdata->ciphertext.data = 0; } - memset(scratch->data, 0, scratch->length); + memset(scratch->data, 0, scratch->length); krb5_free_data(context, scratch); return retval; @@ -64,15 +65,15 @@ encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart, static krb5_error_code krb5_mk_ncred_basic(krb5_context context, - krb5_creds **ppcreds, krb5_int32 nppcreds, - krb5_key key, krb5_replay_data *replaydata, - krb5_address *local_addr, krb5_address *remote_addr, - krb5_cred *pcred) + krb5_creds **ppcreds, krb5_int32 nppcreds, + krb5_key key, krb5_replay_data *replaydata, + krb5_address *local_addr, krb5_address *remote_addr, + krb5_cred *pcred) { - krb5_cred_enc_part credenc; - krb5_error_code retval; - size_t size; - int i; + krb5_cred_enc_part credenc; + krb5_error_code retval; + size_t size; + int i; credenc.magic = KV5M_CRED_ENC_PART; @@ -89,42 +90,42 @@ krb5_mk_ncred_basic(krb5_context context, size = sizeof(krb5_cred_info *) * (nppcreds + 1); credenc.ticket_info = (krb5_cred_info **) calloc(1, size); if (credenc.ticket_info == NULL) - return ENOMEM; + return ENOMEM; /* * For each credential in the list, initialize a cred info * structure and copy the ticket into the ticket list. */ for (i = 0; i < nppcreds; i++) { - credenc.ticket_info[i] = malloc(sizeof(krb5_cred_info)); - if (credenc.ticket_info[i] == NULL) { - retval = ENOMEM; - goto cleanup; - } - credenc.ticket_info[i+1] = NULL; - + credenc.ticket_info[i] = malloc(sizeof(krb5_cred_info)); + if (credenc.ticket_info[i] == NULL) { + retval = ENOMEM; + goto cleanup; + } + credenc.ticket_info[i+1] = NULL; + credenc.ticket_info[i]->magic = KV5M_CRED_INFO; credenc.ticket_info[i]->times = ppcreds[i]->times; credenc.ticket_info[i]->flags = ppcreds[i]->ticket_flags; - if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket, - &pcred->tickets[i]))) - goto cleanup; + if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket, + &pcred->tickets[i]))) + goto cleanup; - if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock, - &credenc.ticket_info[i]->session))) + if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock, + &credenc.ticket_info[i]->session))) goto cleanup; if ((retval = krb5_copy_principal(context, ppcreds[i]->client, - &credenc.ticket_info[i]->client))) + &credenc.ticket_info[i]->client))) goto cleanup; - if ((retval = krb5_copy_principal(context, ppcreds[i]->server, - &credenc.ticket_info[i]->server))) + if ((retval = krb5_copy_principal(context, ppcreds[i]->server, + &credenc.ticket_info[i]->server))) goto cleanup; - if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses, - &credenc.ticket_info[i]->caddrs))) + if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses, + &credenc.ticket_info[i]->caddrs))) goto cleanup; } @@ -149,18 +150,18 @@ cleanup: */ krb5_error_code KRB5_CALLCONV krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, - krb5_creds **ppcreds, krb5_data **ppdata, - krb5_replay_data *outdata) + krb5_creds **ppcreds, krb5_data **ppdata, + krb5_replay_data *outdata) { krb5_address * premote_fulladdr = NULL; krb5_address * plocal_fulladdr = NULL; krb5_address remote_fulladdr; krb5_address local_fulladdr; - krb5_error_code retval; - krb5_key key; + krb5_error_code retval; + krb5_key key; krb5_replay_data replaydata; - krb5_cred * pcred; - krb5_int32 ncred; + krb5_cred * pcred; + krb5_int32 ncred; krb5_boolean increased_sequence = FALSE; local_fulladdr.contents = 0; @@ -168,94 +169,94 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, memset(&replaydata, 0, sizeof(krb5_replay_data)); if (ppcreds == NULL) - return KRB5KRB_AP_ERR_BADADDR; + return KRB5KRB_AP_ERR_BADADDR; /* * Allocate memory for a NULL terminated list of tickets. */ for (ncred = 0; ppcreds[ncred]; ncred++) - ; + ; - if ((pcred = (krb5_cred *)calloc(1, sizeof(krb5_cred))) == NULL) + if ((pcred = (krb5_cred *)calloc(1, sizeof(krb5_cred))) == NULL) return ENOMEM; - if ((pcred->tickets - = (krb5_ticket **)calloc((size_t)ncred+1, - sizeof(krb5_ticket *))) == NULL) { - retval = ENOMEM; - goto error; + if ((pcred->tickets + = (krb5_ticket **)calloc((size_t)ncred+1, + sizeof(krb5_ticket *))) == NULL) { + retval = ENOMEM; + goto error; } /* Get keyblock */ if ((key = auth_context->send_subkey) == NULL) - key = auth_context->key; + key = auth_context->key; /* Get replay info */ if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && - (auth_context->rcache == NULL)) { - retval = KRB5_RC_REQUIRED; - goto error; + (auth_context->rcache == NULL)) { + retval = KRB5_RC_REQUIRED; + goto error; } if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) - && (outdata == NULL)) { + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) + && (outdata == NULL)) { /* Need a better error */ - retval = KRB5_RC_REQUIRED; - goto error; + retval = KRB5_RC_REQUIRED; + goto error; } if ((retval = krb5_us_timeofday(context, &replaydata.timestamp, - &replaydata.usec))) - goto error; + &replaydata.usec))) + goto error; if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) { - outdata->timestamp = replaydata.timestamp; - outdata->usec = replaydata.usec; + outdata->timestamp = replaydata.timestamp; + outdata->usec = replaydata.usec; } if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { replaydata.seq = auth_context->local_seq_number++; - increased_sequence = TRUE; + increased_sequence = TRUE; if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) outdata->seq = replaydata.seq; } if (auth_context->local_addr) { - if (auth_context->local_port) { + if (auth_context->local_port) { if ((retval = krb5_make_fulladdr(context, auth_context->local_addr, - auth_context->local_port, - &local_fulladdr))) - goto error; - plocal_fulladdr = &local_fulladdr; - } else { + auth_context->local_port, + &local_fulladdr))) + goto error; + plocal_fulladdr = &local_fulladdr; + } else { plocal_fulladdr = auth_context->local_addr; } } if (auth_context->remote_addr) { - if (auth_context->remote_port) { + if (auth_context->remote_port) { if ((retval = krb5_make_fulladdr(context,auth_context->remote_addr, - auth_context->remote_port, - &remote_fulladdr))) - goto error; - premote_fulladdr = &remote_fulladdr; - } else { + auth_context->remote_port, + &remote_fulladdr))) + goto error; + premote_fulladdr = &remote_fulladdr; + } else { premote_fulladdr = auth_context->remote_addr; } } /* Setup creds structure */ if ((retval = krb5_mk_ncred_basic(context, ppcreds, ncred, key, - &replaydata, plocal_fulladdr, - premote_fulladdr, pcred))) { - goto error; + &replaydata, plocal_fulladdr, + premote_fulladdr, pcred))) { + goto error; } if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) { krb5_donot_replay replay; if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, - "_forw", &replay.client))) + "_forw", &replay.client))) goto error; replay.server = ""; /* XXX */ @@ -279,7 +280,7 @@ error: krb5_free_cred(context, pcred); if (retval) { - if (increased_sequence) + if (increased_sequence) auth_context->local_seq_number--; } return retval; @@ -292,23 +293,22 @@ error: */ krb5_error_code KRB5_CALLCONV krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context, - krb5_creds *pcreds, krb5_data **ppdata, - krb5_replay_data *outdata) + krb5_creds *pcreds, krb5_data **ppdata, + krb5_replay_data *outdata) { krb5_error_code retval; krb5_creds **ppcreds; if ((ppcreds = (krb5_creds **)malloc(sizeof(*ppcreds) * 2)) == NULL) { - return ENOMEM; + return ENOMEM; } ppcreds[0] = pcreds; ppcreds[1] = NULL; retval = krb5_mk_ncred(context, auth_context, ppcreds, - ppdata, outdata); - + ppdata, outdata); + free(ppcreds); return retval; } - diff --git a/src/lib/krb5/krb/mk_error.c b/src/lib/krb5/krb/mk_error.c index 75cdc9b..44fd3b4 100644 --- a/src/lib/krb5/krb/mk_error.c +++ b/src/lib/krb5/krb/mk_error.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/mk_error.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_mk_error() routine. */ @@ -30,22 +31,22 @@ #include "k5-int.h" /* - formats the error structure *dec_err into an error buffer *enc_err. + formats the error structure *dec_err into an error buffer *enc_err. - The error buffer storage is allocated, and should be freed by the - caller when finished. + The error buffer storage is allocated, and should be freed by the + caller when finished. - returns system errors - */ + returns system errors +*/ krb5_error_code KRB5_CALLCONV krb5_mk_error(krb5_context context, const krb5_error *dec_err, - krb5_data *enc_err) + krb5_data *enc_err) { krb5_error_code retval; krb5_data *new_enc_err; if ((retval = encode_krb5_error(dec_err, &new_enc_err))) - return(retval); + return(retval); *enc_err = *new_enc_err; free(new_enc_err); return 0; diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c index 824bfd5..b3cb297 100644 --- a/src/lib/krb5/krb/mk_priv.c +++ b/src/lib/krb5/krb/mk_priv.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/mk_priv.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_mk_priv() */ @@ -33,18 +34,18 @@ static krb5_error_code krb5_mk_priv_basic(krb5_context context, const krb5_data *userdata, - krb5_key key, krb5_replay_data *replaydata, - krb5_address *local_addr, krb5_address *remote_addr, - krb5_pointer i_vector, krb5_data *outbuf) + krb5_key key, krb5_replay_data *replaydata, + krb5_address *local_addr, krb5_address *remote_addr, + krb5_pointer i_vector, krb5_data *outbuf) { - krb5_enctype enctype = krb5_k_key_enctype(context, key); - krb5_error_code retval; - krb5_priv privmsg; - krb5_priv_enc_part privmsg_enc_part; - krb5_data *scratch1, *scratch2, ivdata; - size_t blocksize, enclen; - - privmsg.enc_part.kvno = 0; /* XXX allow user-set? */ + krb5_enctype enctype = krb5_k_key_enctype(context, key); + krb5_error_code retval; + krb5_priv privmsg; + krb5_priv_enc_part privmsg_enc_part; + krb5_data *scratch1, *scratch2, ivdata; + size_t blocksize, enclen; + + privmsg.enc_part.kvno = 0; /* XXX allow user-set? */ privmsg.enc_part.enctype = enctype; privmsg_enc_part.user_data = *userdata; @@ -53,39 +54,39 @@ krb5_mk_priv_basic(krb5_context context, const krb5_data *userdata, /* We should check too make sure one exists. */ privmsg_enc_part.timestamp = replaydata->timestamp; - privmsg_enc_part.usec = replaydata->usec; + privmsg_enc_part.usec = replaydata->usec; privmsg_enc_part.seq_number = replaydata->seq; /* start by encoding to-be-encrypted part of the message */ if ((retval = encode_krb5_enc_priv_part(&privmsg_enc_part, &scratch1))) - return retval; + return retval; /* put together an eblock for this encryption */ if ((retval = krb5_c_encrypt_length(context, enctype, - scratch1->length, &enclen))) - goto clean_scratch; + scratch1->length, &enclen))) + goto clean_scratch; privmsg.enc_part.ciphertext.length = enclen; if (!(privmsg.enc_part.ciphertext.data = - malloc(privmsg.enc_part.ciphertext.length))) { + malloc(privmsg.enc_part.ciphertext.length))) { retval = ENOMEM; goto clean_scratch; } /* call the encryption routine */ if (i_vector) { - if ((retval = krb5_c_block_size(context, enctype, &blocksize))) - goto clean_encpart; + if ((retval = krb5_c_block_size(context, enctype, &blocksize))) + goto clean_encpart; - ivdata.length = blocksize; - ivdata.data = i_vector; + ivdata.length = blocksize; + ivdata.data = i_vector; } if ((retval = krb5_k_encrypt(context, key, - KRB5_KEYUSAGE_KRB_PRIV_ENCPART, - i_vector?&ivdata:0, - scratch1, &privmsg.enc_part))) - goto clean_encpart; + KRB5_KEYUSAGE_KRB_PRIV_ENCPART, + i_vector?&ivdata:0, + scratch1, &privmsg.enc_part))) + goto clean_encpart; if ((retval = encode_krb5_priv(&privmsg, &scratch2))) goto clean_encpart; @@ -95,15 +96,15 @@ krb5_mk_priv_basic(krb5_context context, const krb5_data *userdata, retval = 0; clean_encpart: - memset(privmsg.enc_part.ciphertext.data, 0, - privmsg.enc_part.ciphertext.length); - free(privmsg.enc_part.ciphertext.data); + memset(privmsg.enc_part.ciphertext.data, 0, + privmsg.enc_part.ciphertext.length); + free(privmsg.enc_part.ciphertext.data); privmsg.enc_part.ciphertext.length = 0; privmsg.enc_part.ciphertext.data = 0; clean_scratch: memset(scratch1->data, 0, scratch1->length); - krb5_free_data(context, scratch1); + krb5_free_data(context, scratch1); return retval; } @@ -111,10 +112,10 @@ clean_scratch: krb5_error_code KRB5_CALLCONV krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, - const krb5_data *userdata, krb5_data *outbuf, - krb5_replay_data *outdata) + const krb5_data *userdata, krb5_data *outbuf, + krb5_replay_data *outdata) { - krb5_error_code retval; + krb5_error_code retval; krb5_key key; krb5_replay_data replaydata; @@ -123,113 +124,112 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, /* Get keyblock */ if ((key = auth_context->send_subkey) == NULL) - key = auth_context->key; + key = auth_context->key; /* Get replay info */ if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && - (auth_context->rcache == NULL)) - return KRB5_RC_REQUIRED; + (auth_context->rcache == NULL)) + return KRB5_RC_REQUIRED; if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - (outdata == NULL)) - /* Need a better error */ - return KRB5_RC_REQUIRED; + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && + (outdata == NULL)) + /* Need a better error */ + return KRB5_RC_REQUIRED; if (!auth_context->local_addr) - return KRB5_LOCAL_ADDR_REQUIRED; + return KRB5_LOCAL_ADDR_REQUIRED; if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) { - if ((retval = krb5_us_timeofday(context, &replaydata.timestamp, - &replaydata.usec))) - return retval; - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) { - outdata->timestamp = replaydata.timestamp; - outdata->usec = replaydata.usec; - } + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) { + if ((retval = krb5_us_timeofday(context, &replaydata.timestamp, + &replaydata.usec))) + return retval; + if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) { + outdata->timestamp = replaydata.timestamp; + outdata->usec = replaydata.usec; + } } if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { - replaydata.seq = auth_context->local_seq_number++; - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) - outdata->seq = replaydata.seq; - } - -{ - krb5_address * premote_fulladdr = NULL; - krb5_address * plocal_fulladdr; - krb5_address remote_fulladdr; - krb5_address local_fulladdr; - CLEANUP_INIT(2); - - if (auth_context->local_port) { - if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr, - auth_context->local_port, - &local_fulladdr))) { - CLEANUP_PUSH(local_fulladdr.contents, free); - plocal_fulladdr = &local_fulladdr; - } else { - goto error; - } - } else { - plocal_fulladdr = auth_context->local_addr; - } - - if (auth_context->remote_addr) { - if (auth_context->remote_port) { - if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr, - auth_context->remote_port, - &remote_fulladdr))){ - CLEANUP_PUSH(remote_fulladdr.contents, free); - premote_fulladdr = &remote_fulladdr; - } else { - CLEANUP_DONE(); - goto error; - } - } else { - premote_fulladdr = auth_context->remote_addr; - } + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { + replaydata.seq = auth_context->local_seq_number++; + if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) + outdata->seq = replaydata.seq; } - if ((retval = krb5_mk_priv_basic(context, userdata, key, &replaydata, - plocal_fulladdr, premote_fulladdr, - auth_context->i_vector, outbuf))) { - CLEANUP_DONE(); - goto error; + { + krb5_address * premote_fulladdr = NULL; + krb5_address * plocal_fulladdr; + krb5_address remote_fulladdr; + krb5_address local_fulladdr; + CLEANUP_INIT(2); + + if (auth_context->local_port) { + if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr, + auth_context->local_port, + &local_fulladdr))) { + CLEANUP_PUSH(local_fulladdr.contents, free); + plocal_fulladdr = &local_fulladdr; + } else { + goto error; + } + } else { + plocal_fulladdr = auth_context->local_addr; + } + + if (auth_context->remote_addr) { + if (auth_context->remote_port) { + if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr, + auth_context->remote_port, + &remote_fulladdr))){ + CLEANUP_PUSH(remote_fulladdr.contents, free); + premote_fulladdr = &remote_fulladdr; + } else { + CLEANUP_DONE(); + goto error; + } + } else { + premote_fulladdr = auth_context->remote_addr; + } + } + + if ((retval = krb5_mk_priv_basic(context, userdata, key, &replaydata, + plocal_fulladdr, premote_fulladdr, + auth_context->i_vector, outbuf))) { + CLEANUP_DONE(); + goto error; + } + + CLEANUP_DONE(); } - CLEANUP_DONE(); -} - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) { - krb5_donot_replay replay; - - if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, - "_priv", &replay.client))) { - free(outbuf); - goto error; - } - - replay.server = ""; /* XXX */ - replay.msghash = NULL; - replay.cusec = replaydata.usec; - replay.ctime = replaydata.timestamp; - if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) { - /* should we really error out here? XXX */ - free(replay.client); - goto error; - } - free(replay.client); + krb5_donot_replay replay; + + if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, + "_priv", &replay.client))) { + free(outbuf); + goto error; + } + + replay.server = ""; /* XXX */ + replay.msghash = NULL; + replay.cusec = replaydata.usec; + replay.ctime = replaydata.timestamp; + if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) { + /* should we really error out here? XXX */ + free(replay.client); + goto error; + } + free(replay.client); } return 0; error: if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) - auth_context->local_seq_number--; + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) + auth_context->local_seq_number--; return retval; } - diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c index a4dbc46..b50c057 100644 --- a/src/lib/krb5/krb/mk_rep.c +++ b/src/lib/krb5/krb/mk_rep.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/mk_rep.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_mk_rep() */ @@ -58,81 +59,81 @@ #include "auth_con.h" /* - Formats a KRB_AP_REP message into outbuf. + Formats a KRB_AP_REP message into outbuf. - The outbuf buffer storage is allocated, and should be freed by the - caller when finished. + The outbuf buffer storage is allocated, and should be freed by the + caller when finished. - returns system errors + returns system errors */ static krb5_error_code k5_mk_rep(krb5_context context, krb5_auth_context auth_context, - krb5_data *outbuf, int dce_style) + krb5_data *outbuf, int dce_style) { - krb5_error_code retval; + krb5_error_code retval; krb5_ap_rep_enc_part repl; - krb5_ap_rep reply; - krb5_data * scratch; - krb5_data * toutbuf; + krb5_ap_rep reply; + krb5_data * scratch; + krb5_data * toutbuf; /* Make the reply */ if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - (auth_context->local_seq_number == 0)) { - if ((retval = krb5_generate_seq_number(context, - &auth_context->key->keyblock, - &auth_context->local_seq_number))) + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && + (auth_context->local_seq_number == 0)) { + if ((retval = krb5_generate_seq_number(context, + &auth_context->key->keyblock, + &auth_context->local_seq_number))) return(retval); } if (dce_style) { - krb5_us_timeofday(context, &repl.ctime, &repl.cusec); + krb5_us_timeofday(context, &repl.ctime, &repl.cusec); } else { - repl.ctime = auth_context->authentp->ctime; - repl.cusec = auth_context->authentp->cusec; + repl.ctime = auth_context->authentp->ctime; + repl.cusec = auth_context->authentp->cusec; } if (dce_style) - repl.subkey = NULL; + repl.subkey = NULL; else if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) { - assert(auth_context->negotiated_etype != ENCTYPE_NULL); - - retval = krb5int_generate_and_save_subkey (context, auth_context, - &auth_context->key->keyblock, - auth_context->negotiated_etype); - if (retval) - return retval; - repl.subkey = &auth_context->send_subkey->keyblock; + assert(auth_context->negotiated_etype != ENCTYPE_NULL); + + retval = krb5int_generate_and_save_subkey (context, auth_context, + &auth_context->key->keyblock, + auth_context->negotiated_etype); + if (retval) + return retval; + repl.subkey = &auth_context->send_subkey->keyblock; } else - repl.subkey = auth_context->authentp->subkey; + repl.subkey = auth_context->authentp->subkey; if (dce_style) - repl.seq_number = auth_context->remote_seq_number; + repl.seq_number = auth_context->remote_seq_number; else - repl.seq_number = auth_context->local_seq_number; + repl.seq_number = auth_context->local_seq_number; /* encode it before encrypting */ if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch))) - return retval; + return retval; if ((retval = krb5_encrypt_keyhelper(context, auth_context->key, - KRB5_KEYUSAGE_AP_REP_ENCPART, - scratch, &reply.enc_part))) - goto cleanup_scratch; + KRB5_KEYUSAGE_AP_REP_ENCPART, + scratch, &reply.enc_part))) + goto cleanup_scratch; if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) { - *outbuf = *toutbuf; - free(toutbuf); + *outbuf = *toutbuf; + free(toutbuf); } memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length); - free(reply.enc_part.ciphertext.data); - reply.enc_part.ciphertext.length = 0; + free(reply.enc_part.ciphertext.data); + reply.enc_part.ciphertext.length = 0; reply.enc_part.ciphertext.data = 0; cleanup_scratch: - memset(scratch->data, 0, scratch->length); + memset(scratch->data, 0, scratch->length); krb5_free_data(context, scratch); return retval; diff --git a/src/lib/krb5/krb/mk_req.c b/src/lib/krb5/krb/mk_req.c index 0fc1e72..ceb60cb 100644 --- a/src/lib/krb5/krb/mk_req.c +++ b/src/lib/krb5/krb/mk_req.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/mk_req.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_mk_req() routine. */ @@ -31,53 +32,53 @@ #include "auth_con.h" /* - Formats a KRB_AP_REQ message into outbuf. + Formats a KRB_AP_REQ message into outbuf. - server specifies the principal of the server to receive the message; if - credentials are not present in the credentials cache for this server, the - TGS request with default parameters is used in an attempt to obtain - such credentials, and they are stored in ccache. + server specifies the principal of the server to receive the message; if + credentials are not present in the credentials cache for this server, the + TGS request with default parameters is used in an attempt to obtain + such credentials, and they are stored in ccache. - kdc_options specifies the options requested for the - ap_req_options specifies the KRB_AP_REQ options desired. + kdc_options specifies the options requested for the + ap_req_options specifies the KRB_AP_REQ options desired. - checksum specifies the checksum to be used in the authenticator. + checksum specifies the checksum to be used in the authenticator. - The outbuf buffer storage is allocated, and should be freed by the - caller when finished. + The outbuf buffer storage is allocated, and should be freed by the + caller when finished. - returns system errors + returns system errors */ krb5_error_code KRB5_CALLCONV krb5_mk_req(krb5_context context, krb5_auth_context *auth_context, - krb5_flags ap_req_options, char *service, char *hostname, - krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf) + krb5_flags ap_req_options, char *service, char *hostname, + krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf) { - krb5_error_code retval; - krb5_principal server; - krb5_creds * credsp; - krb5_creds creds; + krb5_error_code retval; + krb5_principal server; + krb5_creds * credsp; + krb5_creds creds; - retval = krb5_sname_to_principal(context, hostname, service, - KRB5_NT_SRV_HST, &server); + retval = krb5_sname_to_principal(context, hostname, service, + KRB5_NT_SRV_HST, &server); if (retval) - return retval; + return retval; /* obtain ticket & session key */ memset(&creds, 0, sizeof(creds)); if ((retval = krb5_copy_principal(context, server, &creds.server))) - goto cleanup_princ; + goto cleanup_princ; if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) - goto cleanup_creds; + goto cleanup_creds; if ((retval = krb5_get_credentials(context, 0, - ccache, &creds, &credsp))) - goto cleanup_creds; + ccache, &creds, &credsp))) + goto cleanup_creds; - retval = krb5_mk_req_extended(context, auth_context, ap_req_options, - in_data, credsp, outbuf); + retval = krb5_mk_req_extended(context, auth_context, ap_req_options, + in_data, credsp, outbuf); krb5_free_creds(context, credsp); diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 4277f1e..95f04e9 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/mk_req_ext.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_mk_req_extended() */ @@ -32,90 +33,90 @@ #include "auth_con.h" /* - Formats a KRB_AP_REQ message into outbuf, with more complete options than - krb_mk_req. + Formats a KRB_AP_REQ message into outbuf, with more complete options than + krb_mk_req. - outbuf, ap_req_options, checksum, and ccache are used in the - same fashion as for krb5_mk_req. + outbuf, ap_req_options, checksum, and ccache are used in the + same fashion as for krb5_mk_req. - creds is used to supply the credentials (ticket and session key) needed - to form the request. + creds is used to supply the credentials (ticket and session key) needed + to form the request. - if creds->ticket has no data (length == 0), then a ticket is obtained - from either the cache or the TGS, passing creds to krb5_get_credentials(). - kdc_options specifies the options requested for the ticket to be used. - If a ticket with appropriate flags is not found in the cache, then these - options are passed on in a request to an appropriate KDC. + if creds->ticket has no data (length == 0), then a ticket is obtained + from either the cache or the TGS, passing creds to krb5_get_credentials(). + kdc_options specifies the options requested for the ticket to be used. + If a ticket with appropriate flags is not found in the cache, then these + options are passed on in a request to an appropriate KDC. - ap_req_options specifies the KRB_AP_REQ options desired. + ap_req_options specifies the KRB_AP_REQ options desired. - if ap_req_options specifies AP_OPTS_USE_SESSION_KEY, then creds->ticket - must contain the appropriate ENC-TKT-IN-SKEY ticket. + if ap_req_options specifies AP_OPTS_USE_SESSION_KEY, then creds->ticket + must contain the appropriate ENC-TKT-IN-SKEY ticket. - checksum specifies the checksum to be used in the authenticator. + checksum specifies the checksum to be used in the authenticator. - The outbuf buffer storage is allocated, and should be freed by the - caller when finished. + The outbuf buffer storage is allocated, and should be freed by the + caller when finished. - On an error return, the credentials pointed to by creds might have been - augmented with additional fields from the obtained credentials; the entire - credentials should be released by calling krb5_free_creds(). + On an error return, the credentials pointed to by creds might have been + augmented with additional fields from the obtained credentials; the entire + credentials should be released by calling krb5_free_creds(). - returns system errors + returns system errors */ static krb5_error_code make_etype_list(krb5_context context, - krb5_enctype *desired_etypes, - krb5_enctype tkt_enctype, - krb5_authdata ***authdata); + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype, + krb5_authdata ***authdata); -static krb5_error_code +static krb5_error_code krb5_generate_authenticator (krb5_context, - krb5_authenticator *, krb5_principal, - krb5_checksum *, krb5_key, - krb5_ui_4, krb5_authdata **, - krb5_authdata_context ad_context, - krb5_enctype *desired_etypes, - krb5_enctype tkt_enctype); + krb5_authenticator *, krb5_principal, + krb5_checksum *, krb5_key, + krb5_ui_4, krb5_authdata **, + krb5_authdata_context ad_context, + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype); krb5_error_code krb5int_generate_and_save_subkey (krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock *keyblock, - krb5_enctype enctype) + krb5_auth_context auth_context, + krb5_keyblock *keyblock, + krb5_enctype enctype) { /* Provide some more fodder for random number code. This isn't strong cryptographically; the point here is not to guarantee randomness, but to make it less likely that multiple sessions could pick the same subkey. */ struct { - krb5_int32 sec, usec; + krb5_int32 sec, usec; } rnd_data; krb5_data d; krb5_error_code retval; krb5_keyblock *kb = NULL; if (krb5_crypto_us_timeofday(&rnd_data.sec, &rnd_data.usec) == 0) { - d.length = sizeof(rnd_data); - d.data = (char *) &rnd_data; - krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d); + d.length = sizeof(rnd_data); + d.data = (char *) &rnd_data; + krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d); } retval = krb5_generate_subkey_extended(context, keyblock, enctype, &kb); if (retval) - return retval; + return retval; retval = krb5_auth_con_setsendsubkey(context, auth_context, kb); if (retval) - goto cleanup; + goto cleanup; retval = krb5_auth_con_setrecvsubkey(context, auth_context, kb); if (retval) - goto cleanup; + goto cleanup; cleanup: if (retval) { - (void) krb5_auth_con_setsendsubkey(context, auth_context, NULL); - (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL); + (void) krb5_auth_con_setsendsubkey(context, auth_context, NULL); + (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL); } krb5_free_keyblock(context, kb); return retval; @@ -123,14 +124,14 @@ cleanup: krb5_error_code KRB5_CALLCONV krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, - krb5_flags ap_req_options, krb5_data *in_data, - krb5_creds *in_creds, krb5_data *outbuf) + krb5_flags ap_req_options, krb5_data *in_data, + krb5_creds *in_creds, krb5_data *outbuf) { - krb5_error_code retval; - krb5_checksum checksum; - krb5_checksum *checksump = 0; - krb5_auth_context new_auth_context; - krb5_enctype *desired_etypes = NULL; + krb5_error_code retval; + krb5_checksum checksum; + krb5_checksum *checksump = 0; + krb5_auth_context new_auth_context; + krb5_enctype *desired_etypes = NULL; krb5_ap_req request; krb5_data *scratch = 0; @@ -139,134 +140,134 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, request.ap_options = ap_req_options & AP_OPTS_WIRE_MASK; request.authenticator.ciphertext.data = NULL; request.ticket = 0; - - if (!in_creds->ticket.length) - return(KRB5_NO_TKT_SUPPLIED); + + if (!in_creds->ticket.length) + return(KRB5_NO_TKT_SUPPLIED); if ((ap_req_options & AP_OPTS_ETYPE_NEGOTIATION) && - !(ap_req_options & AP_OPTS_MUTUAL_REQUIRED)) - return(EINVAL); + !(ap_req_options & AP_OPTS_MUTUAL_REQUIRED)) + return(EINVAL); /* we need a native ticket */ if ((retval = decode_krb5_ticket(&(in_creds)->ticket, &request.ticket))) - return(retval); - + return(retval); + /* verify that the ticket is not expired */ if ((retval = krb5_validate_times(context, &in_creds->times)) != 0) - goto cleanup; + goto cleanup; /* generate auth_context if needed */ if (*auth_context == NULL) { - if ((retval = krb5_auth_con_init(context, &new_auth_context))) - goto cleanup; - *auth_context = new_auth_context; + if ((retval = krb5_auth_con_init(context, &new_auth_context))) + goto cleanup; + *auth_context = new_auth_context; } if ((*auth_context)->key != NULL) { - krb5_k_free_key(context, (*auth_context)->key); - (*auth_context)->key = NULL; + krb5_k_free_key(context, (*auth_context)->key); + (*auth_context)->key = NULL; } /* set auth context keyblock */ if ((retval = krb5_k_create_key(context, &in_creds->keyblock, - &((*auth_context)->key)))) - goto cleanup; + &((*auth_context)->key)))) + goto cleanup; /* generate seq number if needed */ if ((((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) - || ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) - && ((*auth_context)->local_seq_number == 0)) - if ((retval = krb5_generate_seq_number(context, &in_creds->keyblock, - &(*auth_context)->local_seq_number))) - goto cleanup; - + || ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) + && ((*auth_context)->local_seq_number == 0)) + if ((retval = krb5_generate_seq_number(context, &in_creds->keyblock, + &(*auth_context)->local_seq_number))) + goto cleanup; + /* generate subkey if needed */ if (!in_data &&(*auth_context)->checksum_func) { - retval = (*auth_context)->checksum_func( context, - *auth_context, - (*auth_context)->checksum_func_data, - &in_data); - if (retval) - goto cleanup; + retval = (*auth_context)->checksum_func( context, + *auth_context, + (*auth_context)->checksum_func_data, + &in_data); + if (retval) + goto cleanup; } if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) { - retval = krb5int_generate_and_save_subkey (context, *auth_context, - &in_creds->keyblock, - in_creds->keyblock.enctype); - if (retval) - goto cleanup; + retval = krb5int_generate_and_save_subkey (context, *auth_context, + &in_creds->keyblock, + in_creds->keyblock.enctype); + if (retval) + goto cleanup; } if (in_data) { - if ((*auth_context)->req_cksumtype == 0x8003) { - /* XXX Special hack for GSSAPI */ - checksum.checksum_type = 0x8003; - checksum.length = in_data->length; - checksum.contents = (krb5_octet *) in_data->data; - } else { - krb5_enctype enctype = krb5_k_key_enctype(context, - (*auth_context)->key); - krb5_cksumtype cksumtype; - retval = krb5int_c_mandatory_cksumtype(context, enctype, - &cksumtype); - if (retval) - goto cleanup_cksum; - if ((*auth_context)->req_cksumtype) - cksumtype = (*auth_context)->req_cksumtype; - if ((retval = krb5_k_make_checksum(context, - cksumtype, - (*auth_context)->key, - KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, - in_data, &checksum))) - goto cleanup_cksum; - } - checksump = &checksum; + if ((*auth_context)->req_cksumtype == 0x8003) { + /* XXX Special hack for GSSAPI */ + checksum.checksum_type = 0x8003; + checksum.length = in_data->length; + checksum.contents = (krb5_octet *) in_data->data; + } else { + krb5_enctype enctype = krb5_k_key_enctype(context, + (*auth_context)->key); + krb5_cksumtype cksumtype; + retval = krb5int_c_mandatory_cksumtype(context, enctype, + &cksumtype); + if (retval) + goto cleanup_cksum; + if ((*auth_context)->req_cksumtype) + cksumtype = (*auth_context)->req_cksumtype; + if ((retval = krb5_k_make_checksum(context, + cksumtype, + (*auth_context)->key, + KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, + in_data, &checksum))) + goto cleanup_cksum; + } + checksump = &checksum; } /* Generate authenticator */ if (((*auth_context)->authentp = (krb5_authenticator *)malloc(sizeof( - krb5_authenticator))) == NULL) { - retval = ENOMEM; - goto cleanup_cksum; + krb5_authenticator))) == NULL) { + retval = ENOMEM; + goto cleanup_cksum; } if (ap_req_options & AP_OPTS_ETYPE_NEGOTIATION) { - if ((*auth_context)->permitted_etypes == NULL) { - retval = krb5_get_tgs_ktypes(context, in_creds->server, &desired_etypes); - if (retval) - goto cleanup_cksum; - } else - desired_etypes = (*auth_context)->permitted_etypes; + if ((*auth_context)->permitted_etypes == NULL) { + retval = krb5_get_tgs_ktypes(context, in_creds->server, &desired_etypes); + if (retval) + goto cleanup_cksum; + } else + desired_etypes = (*auth_context)->permitted_etypes; } if ((retval = krb5_generate_authenticator(context, - (*auth_context)->authentp, - in_creds->client, checksump, - (*auth_context)->send_subkey, - (*auth_context)->local_seq_number, - in_creds->authdata, - (*auth_context)->ad_context, - desired_etypes, - in_creds->keyblock.enctype))) - goto cleanup_cksum; - + (*auth_context)->authentp, + in_creds->client, checksump, + (*auth_context)->send_subkey, + (*auth_context)->local_seq_number, + in_creds->authdata, + (*auth_context)->ad_context, + desired_etypes, + in_creds->keyblock.enctype))) + goto cleanup_cksum; + /* encode the authenticator */ if ((retval = encode_krb5_authenticator((*auth_context)->authentp, - &scratch))) - goto cleanup_cksum; - + &scratch))) + goto cleanup_cksum; + /* call the encryption routine */ if ((retval = krb5_encrypt_helper(context, &in_creds->keyblock, - KRB5_KEYUSAGE_AP_REQ_AUTH, - scratch, &request.authenticator))) - goto cleanup_cksum; + KRB5_KEYUSAGE_AP_REQ_AUTH, + scratch, &request.authenticator))) + goto cleanup_cksum; if ((retval = encode_krb5_ap_req(&request, &toutbuf))) - goto cleanup_cksum; + goto cleanup_cksum; *outbuf = *toutbuf; free(toutbuf); @@ -276,39 +277,39 @@ cleanup_cksum: * they were supplied by the caller */ if ((*auth_context)->authentp != NULL) { - (*auth_context)->authentp->client = NULL; - (*auth_context)->authentp->checksum = NULL; + (*auth_context)->authentp->client = NULL; + (*auth_context)->authentp->checksum = NULL; } if (checksump && checksump->checksum_type != 0x8003) - free(checksump->contents); + free(checksump->contents); cleanup: if (desired_etypes && - desired_etypes != (*auth_context)->permitted_etypes) - free(desired_etypes); + desired_etypes != (*auth_context)->permitted_etypes) + free(desired_etypes); if (request.ticket) - krb5_free_ticket(context, request.ticket); + krb5_free_ticket(context, request.ticket); if (request.authenticator.ciphertext.data) { - (void) memset(request.authenticator.ciphertext.data, 0, - request.authenticator.ciphertext.length); - free(request.authenticator.ciphertext.data); + (void) memset(request.authenticator.ciphertext.data, 0, + request.authenticator.ciphertext.length); + free(request.authenticator.ciphertext.data); } if (scratch) { - memset(scratch->data, 0, scratch->length); + memset(scratch->data, 0, scratch->length); free(scratch->data); - free(scratch); + free(scratch); } return retval; } static krb5_error_code krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, - krb5_principal client, krb5_checksum *cksum, - krb5_key key, krb5_ui_4 seq_number, - krb5_authdata **authorization, - krb5_authdata_context ad_context, - krb5_enctype *desired_etypes, - krb5_enctype tkt_enctype) + krb5_principal client, krb5_checksum *cksum, + krb5_key key, krb5_ui_4 seq_number, + krb5_authdata **authorization, + krb5_authdata_context ad_context, + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype) { krb5_error_code retval; krb5_authdata **ext_authdata = NULL; @@ -316,41 +317,41 @@ krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, authent->client = client; authent->checksum = cksum; if (key) { - retval = krb5_k_key_keyblock(context, key, &authent->subkey); - if (retval) - return retval; + retval = krb5_k_key_keyblock(context, key, &authent->subkey); + if (retval) + return retval; } else - authent->subkey = 0; + authent->subkey = 0; authent->seq_number = seq_number; authent->authorization_data = NULL; if (ad_context != NULL) { - retval = krb5_authdata_export_authdata(context, - ad_context, - AD_USAGE_AP_REQ, - &ext_authdata); - if (retval) - return retval; + retval = krb5_authdata_export_authdata(context, + ad_context, + AD_USAGE_AP_REQ, + &ext_authdata); + if (retval) + return retval; } if (authorization != NULL || ext_authdata != NULL) { - retval = krb5_merge_authdata(context, - authorization, - ext_authdata, - &authent->authorization_data); - if (retval) { - krb5_free_authdata(context, ext_authdata); - return retval; - } - krb5_free_authdata(context, ext_authdata); + retval = krb5_merge_authdata(context, + authorization, + ext_authdata, + &authent->authorization_data); + if (retval) { + krb5_free_authdata(context, ext_authdata); + return retval; + } + krb5_free_authdata(context, ext_authdata); } - /* Only send EtypeList if we prefer another enctype to tkt_enctype */ + /* Only send EtypeList if we prefer another enctype to tkt_enctype */ if (desired_etypes != NULL && desired_etypes[0] != tkt_enctype) { - retval = make_etype_list(context, desired_etypes, tkt_enctype, - &authent->authorization_data); - if (retval) - return retval; + retval = make_etype_list(context, desired_etypes, tkt_enctype, + &authent->authorization_data); + if (retval) + return retval; } return(krb5_us_timeofday(context, &authent->ctime, &authent->cusec)); @@ -359,9 +360,9 @@ krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, /* RFC 4537 */ static krb5_error_code make_etype_list(krb5_context context, - krb5_enctype *desired_etypes, - krb5_enctype tkt_enctype, - krb5_authdata ***authdata) + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype, + krb5_authdata ***authdata) { krb5_error_code code; krb5_etype_list etypes; @@ -373,22 +374,22 @@ make_etype_list(krb5_context context, etypes.etypes = desired_etypes; for (etypes.length = 0; - etypes.etypes[etypes.length] != ENCTYPE_NULL; - etypes.length++) + etypes.etypes[etypes.length] != ENCTYPE_NULL; + etypes.length++) { - /* - * RFC 4537: - * - * If the enctype of the ticket session key is included in the enctype - * list sent by the client, it SHOULD be the last on the list; - */ - if (etypes.length && etypes.etypes[etypes.length - 1] == tkt_enctype) - break; + /* + * RFC 4537: + * + * If the enctype of the ticket session key is included in the enctype + * list sent by the client, it SHOULD be the last on the list; + */ + if (etypes.length && etypes.etypes[etypes.length - 1] == tkt_enctype) + break; } code = encode_krb5_etype_list(&etypes, &enc_etype_list); if (code) { - return code; + return code; } etype_adatum.magic = KV5M_AUTHDATA; @@ -402,33 +403,33 @@ make_etype_list(krb5_context context, /* Wrap in AD-IF-RELEVANT container */ code = encode_krb5_authdata(etype_adata, &ad_if_relevant); if (code) { - krb5_free_data(context, enc_etype_list); - return code; + krb5_free_data(context, enc_etype_list); + return code; } krb5_free_data(context, enc_etype_list); adata = *authdata; if (adata == NULL) { - adata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *)); - i = 0; + adata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *)); + i = 0; } else { - for (i = 0; adata[i] != NULL; i++) - ; + for (i = 0; adata[i] != NULL; i++) + ; - adata = (krb5_authdata **)realloc(*authdata, - (i + 2) * sizeof(krb5_authdata *)); + adata = (krb5_authdata **)realloc(*authdata, + (i + 2) * sizeof(krb5_authdata *)); } if (adata == NULL) { - krb5_free_data(context, ad_if_relevant); - return ENOMEM; + krb5_free_data(context, ad_if_relevant); + return ENOMEM; } *authdata = adata; adata[i] = (krb5_authdata *)malloc(sizeof(krb5_authdata)); if (adata[i] == NULL) { - krb5_free_data(context, ad_if_relevant); - return ENOMEM; + krb5_free_data(context, ad_if_relevant); + return ENOMEM; } adata[i]->magic = KV5M_AUTHDATA; adata[i]->ad_type = KRB5_AUTHDATA_IF_RELEVANT; @@ -440,4 +441,3 @@ make_etype_list(krb5_context context, return 0; } - diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c index f3bfde3..eaa3add 100644 --- a/src/lib/krb5/krb/mk_safe.c +++ b/src/lib/krb5/krb/mk_safe.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/mk_safe.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_mk_safe() */ @@ -32,25 +33,25 @@ #include "auth_con.h" /* - Formats a KRB_SAFE message into outbuf. + Formats a KRB_SAFE message into outbuf. - userdata is formatted as the user data in the message. - sumtype specifies the encryption type; key specifies the key which - might be used to seed the checksum; sender_addr and recv_addr specify - the full addresses (host and port) of the sender and receiver. - The host portion of sender_addr is used to form the addresses used in the - KRB_SAFE message. + userdata is formatted as the user data in the message. + sumtype specifies the encryption type; key specifies the key which + might be used to seed the checksum; sender_addr and recv_addr specify + the full addresses (host and port) of the sender and receiver. + The host portion of sender_addr is used to form the addresses used in the + KRB_SAFE message. - The outbuf buffer storage is allocated, and should be freed by the - caller when finished. + The outbuf buffer storage is allocated, and should be freed by the + caller when finished. - returns system errors + returns system errors */ static krb5_error_code krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata, - krb5_key key, krb5_replay_data *replaydata, - krb5_address *local_addr, krb5_address *remote_addr, - krb5_cksumtype sumtype, krb5_data *outbuf) + krb5_key key, krb5_replay_data *replaydata, + krb5_address *local_addr, krb5_address *remote_addr, + krb5_cksumtype sumtype, krb5_data *outbuf) { krb5_error_code retval; krb5_safe safemsg; @@ -59,10 +60,10 @@ krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata, krb5_data *scratch1, *scratch2; if (!krb5_c_valid_cksumtype(sumtype)) - return KRB5_PROG_SUMTYPE_NOSUPP; + return KRB5_PROG_SUMTYPE_NOSUPP; if (!krb5_c_is_coll_proof_cksum(sumtype) - || !krb5_c_is_keyed_cksum(sumtype)) - return KRB5KRB_AP_ERR_INAPP_CKSUM; + || !krb5_c_is_keyed_cksum(sumtype)) + return KRB5KRB_AP_ERR_INAPP_CKSUM; safemsg.user_data = *userdata; safemsg.s_address = (krb5_address *) local_addr; @@ -73,10 +74,10 @@ krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata, safemsg.usec = replaydata->usec; safemsg.seq_number = replaydata->seq; - /* + /* * To do the checksum stuff, we need to encode the message with a * zero-length zero-type checksum, then checksum the encoding, then - * re-encode with the checksum. + * re-encode with the checksum. */ safe_checksum.length = 0; @@ -86,16 +87,16 @@ krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata, safemsg.checksum = &safe_checksum; if ((retval = encode_krb5_safe(&safemsg, &scratch1))) - return retval; + return retval; if ((retval = krb5_k_make_checksum(context, sumtype, key, - KRB5_KEYUSAGE_KRB_SAFE_CKSUM, - scratch1, &safe_checksum))) - goto cleanup_checksum; + KRB5_KEYUSAGE_KRB_SAFE_CKSUM, + scratch1, &safe_checksum))) + goto cleanup_checksum; safemsg.checksum = &safe_checksum; if ((retval = encode_krb5_safe(&safemsg, &scratch2))) { - goto cleanup_checksum; + goto cleanup_checksum; } *outbuf = *scratch2; free(scratch2); @@ -104,17 +105,17 @@ krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata, cleanup_checksum: free(safe_checksum.contents); - memset(scratch1->data, 0, scratch1->length); + memset(scratch1->data, 0, scratch1->length); krb5_free_data(context, scratch1); return retval; } krb5_error_code KRB5_CALLCONV krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, - const krb5_data *userdata, krb5_data *outbuf, - krb5_replay_data *outdata) + const krb5_data *userdata, krb5_data *outbuf, + krb5_replay_data *outdata) { - krb5_error_code retval; + krb5_error_code retval; krb5_key key; krb5_replay_data replaydata; @@ -123,140 +124,139 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, /* Get key */ if ((key = auth_context->send_subkey) == NULL) - key = auth_context->key; + key = auth_context->key; /* Get replay info */ if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && - (auth_context->rcache == NULL)) - return KRB5_RC_REQUIRED; + (auth_context->rcache == NULL)) + return KRB5_RC_REQUIRED; if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - (outdata == NULL)) - /* Need a better error */ - return KRB5_RC_REQUIRED; + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && + (outdata == NULL)) + /* Need a better error */ + return KRB5_RC_REQUIRED; if (!auth_context->local_addr) - return KRB5_LOCAL_ADDR_REQUIRED; + return KRB5_LOCAL_ADDR_REQUIRED; if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) { - if ((retval = krb5_us_timeofday(context, &replaydata.timestamp, - &replaydata.usec))) - return retval; - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) { - outdata->timestamp = replaydata.timestamp; - outdata->usec = replaydata.usec; - } + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) { + if ((retval = krb5_us_timeofday(context, &replaydata.timestamp, + &replaydata.usec))) + return retval; + if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) { + outdata->timestamp = replaydata.timestamp; + outdata->usec = replaydata.usec; + } } if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { - replaydata.seq = auth_context->local_seq_number++; - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) - outdata->seq = replaydata.seq; - } - -{ - krb5_address * premote_fulladdr = NULL; - krb5_address * plocal_fulladdr; - krb5_address remote_fulladdr; - krb5_address local_fulladdr; - krb5_cksumtype sumtype; - - CLEANUP_INIT(2); - - if (auth_context->local_port) { - if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr, - auth_context->local_port, - &local_fulladdr))){ - CLEANUP_PUSH(local_fulladdr.contents, free); - plocal_fulladdr = &local_fulladdr; - } else { - goto error; - } - } else { - plocal_fulladdr = auth_context->local_addr; + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { + replaydata.seq = auth_context->local_seq_number++; + if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) + outdata->seq = replaydata.seq; } - if (auth_context->remote_addr) { - if (auth_context->remote_port) { - if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr, - auth_context->remote_port, - &remote_fulladdr))){ - CLEANUP_PUSH(remote_fulladdr.contents, free); - premote_fulladdr = &remote_fulladdr; + { + krb5_address * premote_fulladdr = NULL; + krb5_address * plocal_fulladdr; + krb5_address remote_fulladdr; + krb5_address local_fulladdr; + krb5_cksumtype sumtype; + + CLEANUP_INIT(2); + + if (auth_context->local_port) { + if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr, + auth_context->local_port, + &local_fulladdr))){ + CLEANUP_PUSH(local_fulladdr.contents, free); + plocal_fulladdr = &local_fulladdr; } else { - CLEANUP_DONE(); goto error; } - } else { - premote_fulladdr = auth_context->remote_addr; + } else { + plocal_fulladdr = auth_context->local_addr; } - } - { - krb5_enctype enctype = krb5_k_key_enctype(context, key); - unsigned int nsumtypes; - unsigned int i; - krb5_cksumtype *sumtypes; - retval = krb5_c_keyed_checksum_types (context, enctype, - &nsumtypes, &sumtypes); - if (retval) { - CLEANUP_DONE (); - goto error; - } - if (nsumtypes == 0) { - retval = KRB5_BAD_ENCTYPE; - krb5_free_cksumtypes (context, sumtypes); - CLEANUP_DONE (); - goto error; - } - for (i = 0; i < nsumtypes; i++) - if (auth_context->safe_cksumtype == sumtypes[i]) - break; - if (i == nsumtypes) - i = 0; - sumtype = sumtypes[i]; - krb5_free_cksumtypes (context, sumtypes); - } - if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata, - plocal_fulladdr, premote_fulladdr, - sumtype, outbuf))) { - CLEANUP_DONE(); - goto error; - } + if (auth_context->remote_addr) { + if (auth_context->remote_port) { + if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr, + auth_context->remote_port, + &remote_fulladdr))){ + CLEANUP_PUSH(remote_fulladdr.contents, free); + premote_fulladdr = &remote_fulladdr; + } else { + CLEANUP_DONE(); + goto error; + } + } else { + premote_fulladdr = auth_context->remote_addr; + } + } - CLEANUP_DONE(); -} + { + krb5_enctype enctype = krb5_k_key_enctype(context, key); + unsigned int nsumtypes; + unsigned int i; + krb5_cksumtype *sumtypes; + retval = krb5_c_keyed_checksum_types (context, enctype, + &nsumtypes, &sumtypes); + if (retval) { + CLEANUP_DONE (); + goto error; + } + if (nsumtypes == 0) { + retval = KRB5_BAD_ENCTYPE; + krb5_free_cksumtypes (context, sumtypes); + CLEANUP_DONE (); + goto error; + } + for (i = 0; i < nsumtypes; i++) + if (auth_context->safe_cksumtype == sumtypes[i]) + break; + if (i == nsumtypes) + i = 0; + sumtype = sumtypes[i]; + krb5_free_cksumtypes (context, sumtypes); + } + if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata, + plocal_fulladdr, premote_fulladdr, + sumtype, outbuf))) { + CLEANUP_DONE(); + goto error; + } + + CLEANUP_DONE(); + } if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) { - krb5_donot_replay replay; - - if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, - "_safe", &replay.client))) { - free(outbuf); - goto error; - } - - replay.server = ""; /* XXX */ - replay.msghash = NULL; - replay.cusec = replaydata.usec; - replay.ctime = replaydata.timestamp; - if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) { - /* should we really error out here? XXX */ - free(outbuf); - goto error; - } - free(replay.client); + krb5_donot_replay replay; + + if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, + "_safe", &replay.client))) { + free(outbuf); + goto error; + } + + replay.server = ""; /* XXX */ + replay.msghash = NULL; + replay.cusec = replaydata.usec; + replay.ctime = replaydata.timestamp; + if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) { + /* should we really error out here? XXX */ + free(outbuf); + goto error; + } + free(replay.client); } return 0; error: if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) - auth_context->local_seq_number--; + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) + auth_context->local_seq_number--; return retval; } - diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index 3fcdaea..cda09b2 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/pac.c * @@ -43,16 +44,16 @@ typedef struct _PAC_INFO_BUFFER { krb5_ui_8 Offset; } PAC_INFO_BUFFER; -#define PAC_INFO_BUFFER_LENGTH 16 +#define PAC_INFO_BUFFER_LENGTH 16 /* ulType */ -#define PAC_LOGON_INFO 1 -#define PAC_CREDENTIALS_INFO 2 -#define PAC_SERVER_CHECKSUM 6 -#define PAC_PRIVSVR_CHECKSUM 7 -#define PAC_CLIENT_INFO 10 -#define PAC_DELEGATION_INFO 11 -#define PAC_UPN_DNS_INFO 12 +#define PAC_LOGON_INFO 1 +#define PAC_CREDENTIALS_INFO 2 +#define PAC_SERVER_CHECKSUM 6 +#define PAC_PRIVSVR_CHECKSUM 7 +#define PAC_CLIENT_INFO 10 +#define PAC_DELEGATION_INFO 11 +#define PAC_UPN_DNS_INFO 12 typedef struct _PACTYPE { krb5_ui_4 cBuffers; @@ -60,35 +61,35 @@ typedef struct _PACTYPE { PAC_INFO_BUFFER Buffers[1]; } PACTYPE; -#define PAC_ALIGNMENT 8 -#define PACTYPE_LENGTH 8U +#define PAC_ALIGNMENT 8 +#define PACTYPE_LENGTH 8U #define PAC_SIGNATURE_DATA_LENGTH 4U -#define PAC_CLIENT_INFO_LENGTH 10U +#define PAC_CLIENT_INFO_LENGTH 10U -#define NT_TIME_EPOCH 11644473600LL +#define NT_TIME_EPOCH 11644473600LL struct krb5_pac_data { - PACTYPE *pac; /* PAC header + info buffer array */ - krb5_data data; /* PAC data (including uninitialised header) */ + PACTYPE *pac; /* PAC header + info buffer array */ + krb5_data data; /* PAC data (including uninitialised header) */ krb5_boolean verified; }; static krb5_error_code k5_pac_locate_buffer(krb5_context context, - const krb5_pac pac, - krb5_ui_4 type, - krb5_data *data); + const krb5_pac pac, + krb5_ui_4 type, + krb5_data *data); /* * Add a buffer to the provided PAC and update header. */ static krb5_error_code k5_pac_add_buffer(krb5_context context, - krb5_pac pac, - krb5_ui_4 type, - const krb5_data *data, - krb5_boolean zerofill, - krb5_data *out_data) + krb5_pac pac, + krb5_ui_4 type, + const krb5_data *data, + krb5_boolean zerofill, + krb5_data *out_data) { PACTYPE *header; size_t header_len, i, pad = 0; @@ -98,37 +99,37 @@ k5_pac_add_buffer(krb5_context context, /* Check there isn't already a buffer of this type */ if (k5_pac_locate_buffer(context, pac, type, NULL) == 0) { - return EEXIST; + return EEXIST; } header = (PACTYPE *)realloc(pac->pac, - sizeof(PACTYPE) + - (pac->pac->cBuffers * sizeof(PAC_INFO_BUFFER))); + sizeof(PACTYPE) + + (pac->pac->cBuffers * sizeof(PAC_INFO_BUFFER))); if (header == NULL) { - return ENOMEM; + return ENOMEM; } pac->pac = header; header_len = PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH); if (data->length % PAC_ALIGNMENT) - pad = PAC_ALIGNMENT - (data->length % PAC_ALIGNMENT); + pad = PAC_ALIGNMENT - (data->length % PAC_ALIGNMENT); pac_data = realloc(pac->data.data, - pac->data.length + PAC_INFO_BUFFER_LENGTH + data->length + pad); + pac->data.length + PAC_INFO_BUFFER_LENGTH + data->length + pad); if (pac_data == NULL) { - return ENOMEM; + return ENOMEM; } pac->data.data = pac_data; /* Update offsets of existing buffers */ for (i = 0; i < pac->pac->cBuffers; i++) - pac->pac->Buffers[i].Offset += PAC_INFO_BUFFER_LENGTH; + pac->pac->Buffers[i].Offset += PAC_INFO_BUFFER_LENGTH; /* Make room for new PAC_INFO_BUFFER */ memmove(pac->data.data + header_len + PAC_INFO_BUFFER_LENGTH, - pac->data.data + header_len, - pac->data.length - header_len); + pac->data.data + header_len, + pac->data.length - header_len); memset(pac->data.data + header_len, 0, PAC_INFO_BUFFER_LENGTH); /* Initialise new PAC_INFO_BUFFER */ @@ -139,9 +140,9 @@ k5_pac_add_buffer(krb5_context context, /* Copy in new PAC data and zero padding bytes */ if (zerofill) - memset(pac->data.data + pac->pac->Buffers[i].Offset, 0, data->length); + memset(pac->data.data + pac->pac->Buffers[i].Offset, 0, data->length); else - memcpy(pac->data.data + pac->pac->Buffers[i].Offset, data->data, data->length); + memcpy(pac->data.data + pac->pac->Buffers[i].Offset, data->data, data->length); memset(pac->data.data + pac->pac->Buffers[i].Offset + data->length, 0, pad); @@ -149,8 +150,8 @@ k5_pac_add_buffer(krb5_context context, pac->data.length += PAC_INFO_BUFFER_LENGTH + data->length + pad; if (out_data != NULL) { - out_data->data = pac->data.data + pac->pac->Buffers[i].Offset; - out_data->length = data->length; + out_data->data = pac->data.data + pac->pac->Buffers[i].Offset; + out_data->length = data->length; } pac->verified = FALSE; @@ -160,9 +161,9 @@ k5_pac_add_buffer(krb5_context context, krb5_error_code KRB5_CALLCONV krb5_pac_add_buffer(krb5_context context, - krb5_pac pac, - krb5_ui_4 type, - const krb5_data *data) + krb5_pac pac, + krb5_ui_4 type, + const krb5_data *data) { return k5_pac_add_buffer(context, pac, type, data, FALSE, NULL); } @@ -172,49 +173,49 @@ krb5_pac_add_buffer(krb5_context context, */ void KRB5_CALLCONV krb5_pac_free(krb5_context context, - krb5_pac pac) + krb5_pac pac) { if (pac != NULL) { - if (pac->data.data != NULL) { - memset(pac->data.data, 0, pac->data.length); - free(pac->data.data); - } - if (pac->pac != NULL) - free(pac->pac); - memset(pac, 0, sizeof(*pac)); - free(pac); + if (pac->data.data != NULL) { + memset(pac->data.data, 0, pac->data.length); + free(pac->data.data); + } + if (pac->pac != NULL) + free(pac->pac); + memset(pac, 0, sizeof(*pac)); + free(pac); } } static krb5_error_code k5_pac_locate_buffer(krb5_context context, - const krb5_pac pac, - krb5_ui_4 type, - krb5_data *data) + const krb5_pac pac, + krb5_ui_4 type, + krb5_data *data) { PAC_INFO_BUFFER *buffer = NULL; size_t i; if (pac == NULL) - return EINVAL; + return EINVAL; for (i = 0; i < pac->pac->cBuffers; i++) { - if (pac->pac->Buffers[i].ulType == type) { - if (buffer == NULL) - buffer = &pac->pac->Buffers[i]; - else - return EINVAL; - } + if (pac->pac->Buffers[i].ulType == type) { + if (buffer == NULL) + buffer = &pac->pac->Buffers[i]; + else + return EINVAL; + } } if (buffer == NULL) - return ENOENT; + return ENOENT; assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length); if (data != NULL) { - data->length = buffer->cbBufferSize; - data->data = pac->data.data + buffer->Offset; + data->length = buffer->cbBufferSize; + data->data = pac->data.data + buffer->Offset; } return 0; @@ -225,20 +226,20 @@ k5_pac_locate_buffer(krb5_context context, */ krb5_error_code KRB5_CALLCONV krb5_pac_get_buffer(krb5_context context, - krb5_pac pac, - krb5_ui_4 type, - krb5_data *data) + krb5_pac pac, + krb5_ui_4 type, + krb5_data *data) { krb5_data d; krb5_error_code ret; ret = k5_pac_locate_buffer(context, pac, type, &d); if (ret != 0) - return ret; + return ret; data->data = malloc(d.length); if (data->data == NULL) - return ENOMEM; + return ENOMEM; data->length = d.length; memcpy(data->data, d.data, d.length); @@ -251,20 +252,20 @@ krb5_pac_get_buffer(krb5_context context, */ krb5_error_code KRB5_CALLCONV krb5_pac_get_types(krb5_context context, - krb5_pac pac, - size_t *len, - krb5_ui_4 **types) + krb5_pac pac, + size_t *len, + krb5_ui_4 **types) { size_t i; *types = (krb5_ui_4 *)malloc(pac->pac->cBuffers * sizeof(krb5_ui_4)); if (*types == NULL) - return ENOMEM; + return ENOMEM; *len = pac->pac->cBuffers; for (i = 0; i < pac->pac->cBuffers; i++) - (*types)[i] = pac->pac->Buffers[i].ulType; + (*types)[i] = pac->pac->Buffers[i].ulType; return 0; } @@ -274,18 +275,18 @@ krb5_pac_get_types(krb5_context context, */ krb5_error_code KRB5_CALLCONV krb5_pac_init(krb5_context context, - krb5_pac *ppac) + krb5_pac *ppac) { krb5_pac pac; pac = (krb5_pac)malloc(sizeof(*pac)); if (pac == NULL) - return ENOMEM; + return ENOMEM; pac->pac = (PACTYPE *)malloc(sizeof(PACTYPE)); if (pac->pac == NULL) { - free(pac); - return ENOMEM; + free(pac); + return ENOMEM; } pac->pac->cBuffers = 0; @@ -294,8 +295,8 @@ krb5_pac_init(krb5_context context, pac->data.length = PACTYPE_LENGTH; pac->data.data = calloc(1, pac->data.length); if (pac->data.data == NULL) { - krb5_pac_free(context, pac); - return ENOMEM; + krb5_pac_free(context, pac); + return ENOMEM; } pac->verified = FALSE; @@ -307,8 +308,8 @@ krb5_pac_init(krb5_context context, static krb5_error_code k5_pac_copy(krb5_context context, - krb5_pac src, - krb5_pac *dst) + krb5_pac src, + krb5_pac *dst) { size_t header_len; krb5_ui_4 cbuffers; @@ -317,27 +318,27 @@ k5_pac_copy(krb5_context context, cbuffers = src->pac->cBuffers; if (cbuffers != 0) - cbuffers--; + cbuffers--; header_len = sizeof(PACTYPE) + cbuffers * sizeof(PAC_INFO_BUFFER); pac = (krb5_pac)malloc(sizeof(*pac)); if (pac == NULL) - return ENOMEM; + return ENOMEM; pac->pac = (PACTYPE *)malloc(header_len); if (pac->pac == NULL) { - free(pac); - return ENOMEM; + free(pac); + return ENOMEM; } memcpy(pac->pac, src->pac, header_len); code = krb5int_copy_data_contents(context, &src->data, &pac->data); if (code != 0) { - free(pac->pac); - free(pac); - return ENOMEM; + free(pac->pac); + free(pac); + return ENOMEM; } pac->verified = src->verified; @@ -351,9 +352,9 @@ k5_pac_copy(krb5_context context, */ krb5_error_code KRB5_CALLCONV krb5_pac_parse(krb5_context context, - const void *ptr, - size_t len, - krb5_pac *ppac) + const void *ptr, + size_t len, + krb5_pac *ppac) { krb5_error_code ret; size_t i; @@ -365,7 +366,7 @@ krb5_pac_parse(krb5_context context, *ppac = NULL; if (len < PACTYPE_LENGTH) - return ERANGE; + return ERANGE; cbuffers = load_32_le(p); p += 4; @@ -373,51 +374,51 @@ krb5_pac_parse(krb5_context context, p += 4; if (version != 0) - return EINVAL; + return EINVAL; header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH); if (len < header_len) - return ERANGE; + return ERANGE; ret = krb5_pac_init(context, &pac); if (ret != 0) - return ret; + return ret; pac->pac = (PACTYPE *)realloc(pac->pac, - sizeof(PACTYPE) + ((cbuffers - 1) * sizeof(PAC_INFO_BUFFER))); + sizeof(PACTYPE) + ((cbuffers - 1) * sizeof(PAC_INFO_BUFFER))); if (pac->pac == NULL) { - krb5_pac_free(context, pac); - return ENOMEM; + krb5_pac_free(context, pac); + return ENOMEM; } pac->pac->cBuffers = cbuffers; pac->pac->Version = version; for (i = 0; i < pac->pac->cBuffers; i++) { - PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i]; - - buffer->ulType = load_32_le(p); - p += 4; - buffer->cbBufferSize = load_32_le(p); - p += 4; - buffer->Offset = load_64_le(p); - p += 8; - - if (buffer->Offset % PAC_ALIGNMENT) { - krb5_pac_free(context, pac); - return EINVAL; - } - if (buffer->Offset < header_len || - buffer->Offset + buffer->cbBufferSize > len) { - krb5_pac_free(context, pac); - return ERANGE; - } + PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i]; + + buffer->ulType = load_32_le(p); + p += 4; + buffer->cbBufferSize = load_32_le(p); + p += 4; + buffer->Offset = load_64_le(p); + p += 8; + + if (buffer->Offset % PAC_ALIGNMENT) { + krb5_pac_free(context, pac); + return EINVAL; + } + if (buffer->Offset < header_len || + buffer->Offset + buffer->cbBufferSize > len) { + krb5_pac_free(context, pac); + return ERANGE; + } } pac->data.data = realloc(pac->data.data, len); if (pac->data.data == NULL) { - krb5_pac_free(context, pac); - return ENOMEM; + krb5_pac_free(context, pac); + return ENOMEM; } memcpy(pac->data.data, ptr, len); @@ -430,7 +431,7 @@ krb5_pac_parse(krb5_context context, static krb5_error_code k5_time_to_seconds_since_1970(krb5_int64 ntTime, - krb5_timestamp *elapsedSeconds) + krb5_timestamp *elapsedSeconds) { krb5_ui_8 abstime; @@ -439,7 +440,7 @@ k5_time_to_seconds_since_1970(krb5_int64 ntTime, abstime = ntTime > 0 ? ntTime - NT_TIME_EPOCH : -ntTime; if (abstime > KRB5_INT32_MAX) - return ERANGE; + return ERANGE; *elapsedSeconds = abstime; @@ -448,12 +449,12 @@ k5_time_to_seconds_since_1970(krb5_int64 ntTime, static krb5_error_code k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds, - krb5_ui_8 *ntTime) + krb5_ui_8 *ntTime) { *ntTime = elapsedSeconds; if (elapsedSeconds > 0) - *ntTime += NT_TIME_EPOCH; + *ntTime += NT_TIME_EPOCH; *ntTime *= 10000000; @@ -462,9 +463,9 @@ k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds, static krb5_error_code k5_pac_validate_client(krb5_context context, - const krb5_pac pac, - krb5_timestamp authtime, - krb5_const_principal principal) + const krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal) { krb5_error_code ret; krb5_data client_info; @@ -477,10 +478,10 @@ k5_pac_validate_client(krb5_context context, ret = k5_pac_locate_buffer(context, pac, PAC_CLIENT_INFO, &client_info); if (ret != 0) - return ret; + return ret; if (client_info.length < PAC_CLIENT_INFO_LENGTH) - return ERANGE; + return ERANGE; p = (unsigned char *)client_info.data; pac_nt_authtime = load_64_le(p); @@ -490,31 +491,31 @@ k5_pac_validate_client(krb5_context context, ret = k5_time_to_seconds_since_1970(pac_nt_authtime, &pac_authtime); if (ret != 0) - return ret; + return ret; if (client_info.length < PAC_CLIENT_INFO_LENGTH + pac_princname_length || - pac_princname_length % 2) - return ERANGE; + pac_princname_length % 2) + return ERANGE; ret = krb5int_ucs2lecs_to_utf8s(p, (size_t)pac_princname_length / 2, - &pac_princname, NULL); + &pac_princname, NULL); if (ret != 0) - return ret; + return ret; ret = krb5_parse_name_flags(context, pac_princname, 0, &pac_principal); if (ret != 0) { - free(pac_princname); - return ret; + free(pac_princname); + return ret; } free(pac_princname); if (pac_authtime != authtime || - !krb5_principal_compare_flags(context, - pac_principal, - principal, - KRB5_PRINCIPAL_COMPARE_IGNORE_REALM)) - ret = KRB5KRB_AP_WRONG_PRINC; + !krb5_principal_compare_flags(context, + pac_principal, + principal, + KRB5_PRINCIPAL_COMPARE_IGNORE_REALM)) + ret = KRB5KRB_AP_WRONG_PRINC; krb5_free_principal(context, pac_principal); @@ -523,9 +524,9 @@ k5_pac_validate_client(krb5_context context, static krb5_error_code k5_pac_zero_signature(krb5_context context, - const krb5_pac pac, - krb5_ui_4 type, - krb5_data *data) + const krb5_pac pac, + krb5_ui_4 type, + krb5_data *data) { PAC_INFO_BUFFER *buffer = NULL; size_t i; @@ -534,33 +535,33 @@ k5_pac_zero_signature(krb5_context context, assert(data->length >= pac->data.length); for (i = 0; i < pac->pac->cBuffers; i++) { - if (pac->pac->Buffers[i].ulType == type) { - buffer = &pac->pac->Buffers[i]; - break; - } + if (pac->pac->Buffers[i].ulType == type) { + buffer = &pac->pac->Buffers[i]; + break; + } } if (buffer == NULL) - return ENOENT; + return ENOENT; if (buffer->Offset + buffer->cbBufferSize > pac->data.length) - return ERANGE; + return ERANGE; if (buffer->cbBufferSize < PAC_SIGNATURE_DATA_LENGTH) - return KRB5_BAD_MSIZE; + return KRB5_BAD_MSIZE; /* Zero out the data portion of the checksum only */ memset(data->data + buffer->Offset + PAC_SIGNATURE_DATA_LENGTH, - 0, - buffer->cbBufferSize - PAC_SIGNATURE_DATA_LENGTH); + 0, + buffer->cbBufferSize - PAC_SIGNATURE_DATA_LENGTH); return 0; } static krb5_error_code k5_pac_verify_server_checksum(krb5_context context, - const krb5_pac pac, - const krb5_keyblock *server) + const krb5_pac pac, + const krb5_keyblock *server) { krb5_error_code ret; krb5_data pac_data; /* PAC with zeroed checksums */ @@ -570,12 +571,12 @@ k5_pac_verify_server_checksum(krb5_context context, krb5_octet *p; ret = k5_pac_locate_buffer(context, pac, - PAC_SERVER_CHECKSUM, &checksum_data); + PAC_SERVER_CHECKSUM, &checksum_data); if (ret != 0) - return ret; + return ret; if (checksum_data.length < PAC_SIGNATURE_DATA_LENGTH) - return KRB5_BAD_MSIZE; + return KRB5_BAD_MSIZE; p = (krb5_octet *)checksum_data.data; checksum.checksum_type = load_32_le(p); @@ -585,45 +586,45 @@ k5_pac_verify_server_checksum(krb5_context context, pac_data.length = pac->data.length; pac_data.data = malloc(pac->data.length); if (pac_data.data == NULL) - return ENOMEM; + return ENOMEM; memcpy(pac_data.data, pac->data.data, pac->data.length); /* Zero out both checksum buffers */ ret = k5_pac_zero_signature(context, pac, - PAC_SERVER_CHECKSUM, &pac_data); + PAC_SERVER_CHECKSUM, &pac_data); if (ret != 0) { - free(pac_data.data); - return ret; + free(pac_data.data); + return ret; } ret = k5_pac_zero_signature(context, pac, - PAC_PRIVSVR_CHECKSUM, &pac_data); + PAC_PRIVSVR_CHECKSUM, &pac_data); if (ret != 0) { - free(pac_data.data); - return ret; + free(pac_data.data); + return ret; } ret = krb5_c_verify_checksum(context, server, - KRB5_KEYUSAGE_APP_DATA_CKSUM, - &pac_data, &checksum, &valid); + KRB5_KEYUSAGE_APP_DATA_CKSUM, + &pac_data, &checksum, &valid); free(pac_data.data); if (ret != 0) { - return ret; + return ret; } if (valid == FALSE) - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; return ret; } static krb5_error_code k5_pac_verify_kdc_checksum(krb5_context context, - const krb5_pac pac, - const krb5_keyblock *privsvr) + const krb5_pac pac, + const krb5_keyblock *privsvr) { krb5_error_code ret; krb5_data server_checksum, privsvr_checksum; @@ -632,20 +633,20 @@ k5_pac_verify_kdc_checksum(krb5_context context, krb5_octet *p; ret = k5_pac_locate_buffer(context, pac, - PAC_PRIVSVR_CHECKSUM, &privsvr_checksum); + PAC_PRIVSVR_CHECKSUM, &privsvr_checksum); if (ret != 0) - return ret; + return ret; if (privsvr_checksum.length < PAC_SIGNATURE_DATA_LENGTH) - return KRB5_BAD_MSIZE; + return KRB5_BAD_MSIZE; ret = k5_pac_locate_buffer(context, pac, - PAC_SERVER_CHECKSUM, &server_checksum); + PAC_SERVER_CHECKSUM, &server_checksum); if (ret != 0) - return ret; + return ret; if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH) - return KRB5_BAD_MSIZE; + return KRB5_BAD_MSIZE; p = (krb5_octet *)privsvr_checksum.data; checksum.checksum_type = load_32_le(p); @@ -656,44 +657,44 @@ k5_pac_verify_kdc_checksum(krb5_context context, server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH; ret = krb5_c_verify_checksum(context, privsvr, - KRB5_KEYUSAGE_APP_DATA_CKSUM, - &server_checksum, &checksum, &valid); + KRB5_KEYUSAGE_APP_DATA_CKSUM, + &server_checksum, &checksum, &valid); if (ret != 0) - return ret; + return ret; if (valid == FALSE) - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; return ret; } krb5_error_code KRB5_CALLCONV krb5_pac_verify(krb5_context context, - const krb5_pac pac, - krb5_timestamp authtime, - krb5_const_principal principal, - const krb5_keyblock *server, - const krb5_keyblock *privsvr) + const krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal, + const krb5_keyblock *server, + const krb5_keyblock *privsvr) { krb5_error_code ret; if (server == NULL) - return EINVAL; + return EINVAL; ret = k5_pac_verify_server_checksum(context, pac, server); if (ret != 0) - return ret; + return ret; if (privsvr != NULL) { - ret = k5_pac_verify_kdc_checksum(context, pac, privsvr); - if (ret != 0) - return ret; + ret = k5_pac_verify_kdc_checksum(context, pac, privsvr); + if (ret != 0) + return ret; } if (principal != NULL) { - ret = k5_pac_validate_client(context, pac, authtime, principal); - if (ret != 0) - return ret; + ret = k5_pac_validate_client(context, pac, authtime, principal); + if (ret != 0) + return ret; } pac->verified = TRUE; @@ -703,9 +704,9 @@ krb5_pac_verify(krb5_context context, static krb5_error_code k5_insert_client_info(krb5_context context, - krb5_pac pac, - krb5_timestamp authtime, - krb5_const_principal principal) + krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal) { krb5_error_code ret; krb5_data client_info; @@ -716,29 +717,29 @@ k5_insert_client_info(krb5_context context, /* If we already have a CLIENT_INFO buffer, then just validate it */ if (k5_pac_locate_buffer(context, pac, - PAC_CLIENT_INFO, &client_info) == 0) { - return k5_pac_validate_client(context, pac, authtime, principal); + PAC_CLIENT_INFO, &client_info) == 0) { + return k5_pac_validate_client(context, pac, authtime, principal); } ret = krb5_unparse_name_flags(context, principal, - KRB5_PRINCIPAL_UNPARSE_NO_REALM, - &princ_name_utf8); + KRB5_PRINCIPAL_UNPARSE_NO_REALM, + &princ_name_utf8); if (ret != 0) - goto cleanup; + goto cleanup; ret = krb5int_utf8s_to_ucs2les(princ_name_utf8, - &princ_name_ucs2, - &princ_name_ucs2_len); + &princ_name_ucs2, + &princ_name_ucs2_len); if (ret != 0) - goto cleanup; + goto cleanup; client_info.length = PAC_CLIENT_INFO_LENGTH + princ_name_ucs2_len; client_info.data = NULL; ret = k5_pac_add_buffer(context, pac, PAC_CLIENT_INFO, - &client_info, TRUE, &client_info); + &client_info, TRUE, &client_info); if (ret != 0) - goto cleanup; + goto cleanup; p = (unsigned char *)client_info.data; @@ -756,7 +757,7 @@ k5_insert_client_info(krb5_context context, cleanup: if (princ_name_ucs2 != NULL) - free(princ_name_ucs2); + free(princ_name_ucs2); krb5_free_unparsed_name(context, princ_name_utf8); return ret; @@ -764,10 +765,10 @@ cleanup: static krb5_error_code k5_insert_checksum(krb5_context context, - krb5_pac pac, - krb5_ui_4 type, - const krb5_keyblock *key, - krb5_cksumtype *cksumtype) + krb5_pac pac, + krb5_ui_4 type, + const krb5_keyblock *key, + krb5_cksumtype *cksumtype) { krb5_error_code ret; size_t len; @@ -775,32 +776,32 @@ k5_insert_checksum(krb5_context context, ret = krb5int_c_mandatory_cksumtype(context, key->enctype, cksumtype); if (ret != 0) - return ret; + return ret; ret = krb5_c_checksum_length(context, *cksumtype, &len); if (ret != 0) - return ret; + return ret; ret = k5_pac_locate_buffer(context, pac, type, &cksumdata); if (ret == 0) { - /* - * If we're resigning PAC, make sure we can fit checksum - * into existing buffer - */ - if (cksumdata.length != PAC_SIGNATURE_DATA_LENGTH + len) - return ERANGE; - - memset(cksumdata.data, 0, cksumdata.length); + /* + * If we're resigning PAC, make sure we can fit checksum + * into existing buffer + */ + if (cksumdata.length != PAC_SIGNATURE_DATA_LENGTH + len) + return ERANGE; + + memset(cksumdata.data, 0, cksumdata.length); } else { - /* Add a zero filled buffer */ - cksumdata.length = PAC_SIGNATURE_DATA_LENGTH + len; - cksumdata.data = NULL; - - ret = k5_pac_add_buffer(context, pac, - type, &cksumdata, - TRUE, &cksumdata); - if (ret != 0) - return ret; + /* Add a zero filled buffer */ + cksumdata.length = PAC_SIGNATURE_DATA_LENGTH + len; + cksumdata.data = NULL; + + ret = k5_pac_add_buffer(context, pac, + type, &cksumdata, + TRUE, &cksumdata); + if (ret != 0) + return ret; } /* Encode checksum type into buffer */ @@ -818,7 +819,7 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac) size_t header_len; header_len = PACTYPE_LENGTH + - (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH); + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH); assert(pac->data.length >= header_len); p = (unsigned char *)pac->data.data; @@ -829,23 +830,23 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac) p += 4; for (i = 0; i < pac->pac->cBuffers; i++) { - PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i]; - - store_32_le(buffer->ulType, p); - p += 4; - store_32_le(buffer->cbBufferSize, p); - p += 4; - store_64_le(buffer->Offset, p); - p += 8; - - assert((buffer->Offset % PAC_ALIGNMENT) == 0); - assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length); - assert(buffer->Offset >= header_len); - - if (buffer->Offset % PAC_ALIGNMENT || - buffer->Offset + buffer->cbBufferSize > pac->data.length || - buffer->Offset < header_len) - return ERANGE; + PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i]; + + store_32_le(buffer->ulType, p); + p += 4; + store_32_le(buffer->cbBufferSize, p); + p += 4; + store_64_le(buffer->Offset, p); + p += 8; + + assert((buffer->Offset % PAC_ALIGNMENT) == 0); + assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length); + assert(buffer->Offset >= header_len); + + if (buffer->Offset % PAC_ALIGNMENT || + buffer->Offset + buffer->cbBufferSize > pac->data.length || + buffer->Offset < header_len) + return ERANGE; } return 0; @@ -853,12 +854,12 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac) krb5_error_code KRB5_CALLCONV krb5int_pac_sign(krb5_context context, - krb5_pac pac, - krb5_timestamp authtime, - krb5_const_principal principal, - const krb5_keyblock *server_key, - const krb5_keyblock *privsvr_key, - krb5_data *data) + krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal, + const krb5_keyblock *server_key, + const krb5_keyblock *privsvr_key, + krb5_data *data) { krb5_error_code ret; krb5_data server_cksum, privsvr_cksum; @@ -869,32 +870,32 @@ krb5int_pac_sign(krb5_context context, data->data = NULL; if (principal != NULL) { - ret = k5_insert_client_info(context, pac, authtime, principal); - if (ret != 0) - return ret; + ret = k5_insert_client_info(context, pac, authtime, principal); + if (ret != 0) + return ret; } /* Create zeroed buffers for both checksums */ ret = k5_insert_checksum(context, pac, PAC_SERVER_CHECKSUM, - server_key, &server_cksumtype); + server_key, &server_cksumtype); if (ret != 0) - return ret; + return ret; ret = k5_insert_checksum(context, pac, PAC_PRIVSVR_CHECKSUM, - privsvr_key, &privsvr_cksumtype); + privsvr_key, &privsvr_cksumtype); if (ret != 0) - return ret; + return ret; /* Now, encode the PAC header so that the checksums will include it */ ret = k5_pac_encode_header(context, pac); if (ret != 0) - return ret; + return ret; /* Generate the server checksum over the entire PAC */ ret = k5_pac_locate_buffer(context, pac, - PAC_SERVER_CHECKSUM, &server_cksum); + PAC_SERVER_CHECKSUM, &server_cksum); if (ret != 0) - return ret; + return ret; assert(server_cksum.length > PAC_SIGNATURE_DATA_LENGTH); @@ -906,16 +907,16 @@ krb5int_pac_sign(krb5_context context, iov[1].data.length = server_cksum.length - PAC_SIGNATURE_DATA_LENGTH; ret = krb5_c_make_checksum_iov(context, server_cksumtype, - server_key, KRB5_KEYUSAGE_APP_DATA_CKSUM, - iov, sizeof(iov)/sizeof(iov[0])); + server_key, KRB5_KEYUSAGE_APP_DATA_CKSUM, + iov, sizeof(iov)/sizeof(iov[0])); if (ret != 0) - return ret; + return ret; /* Generate the privsvr checksum over the server checksum buffer */ ret = k5_pac_locate_buffer(context, pac, - PAC_PRIVSVR_CHECKSUM, &privsvr_cksum); + PAC_PRIVSVR_CHECKSUM, &privsvr_cksum); if (ret != 0) - return ret; + return ret; assert(privsvr_cksum.length > PAC_SIGNATURE_DATA_LENGTH); @@ -928,20 +929,20 @@ krb5int_pac_sign(krb5_context context, iov[1].data.length = privsvr_cksum.length - PAC_SIGNATURE_DATA_LENGTH; ret = krb5_c_make_checksum_iov(context, privsvr_cksumtype, - privsvr_key, KRB5_KEYUSAGE_APP_DATA_CKSUM, - iov, sizeof(iov)/sizeof(iov[0])); + privsvr_key, KRB5_KEYUSAGE_APP_DATA_CKSUM, + iov, sizeof(iov)/sizeof(iov[0])); if (ret != 0) - return ret; + return ret; data->data = malloc(pac->data.length); if (data->data == NULL) - return ENOMEM; + return ENOMEM; data->length = pac->data.length; memcpy(data->data, pac->data.data, pac->data.length); memset(pac->data.data, 0, - PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH)); + PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH)); return 0; } @@ -962,9 +963,9 @@ mspac_init(krb5_context kcontext, void **plugin_context) static void mspac_flags(krb5_context kcontext, - void *plugin_context, - krb5_authdatatype ad_type, - krb5_flags *flags) + void *plugin_context, + krb5_authdatatype ad_type, + krb5_flags *flags) { *flags = AD_USAGE_KDC_ISSUED; } @@ -977,15 +978,15 @@ mspac_fini(krb5_context kcontext, void *plugin_context) static krb5_error_code mspac_request_init(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void **request_context) + krb5_authdata_context context, + void *plugin_context, + void **request_context) { struct mspac_context *pacctx; pacctx = (struct mspac_context *)malloc(sizeof(*pacctx)); if (pacctx == NULL) - return ENOMEM; + return ENOMEM; pacctx->pac = NULL; @@ -996,41 +997,41 @@ mspac_request_init(krb5_context kcontext, static krb5_error_code mspac_import_authdata(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - krb5_authdata **authdata, - krb5_boolean kdc_issued, - krb5_const_principal kdc_issuer) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + krb5_authdata **authdata, + krb5_boolean kdc_issued, + krb5_const_principal kdc_issuer) { krb5_error_code code; struct mspac_context *pacctx = (struct mspac_context *)request_context; if (kdc_issued) - return EINVAL; + return EINVAL; if (pacctx->pac != NULL) { - krb5_pac_free(kcontext, pacctx->pac); - pacctx->pac = NULL; + krb5_pac_free(kcontext, pacctx->pac); + pacctx->pac = NULL; } assert(authdata[0] != NULL); assert((authdata[0]->ad_type & AD_TYPE_FIELD_TYPE_MASK) == - KRB5_AUTHDATA_WIN2K_PAC); + KRB5_AUTHDATA_WIN2K_PAC); code = krb5_pac_parse(kcontext, authdata[0]->contents, - authdata[0]->length, &pacctx->pac); + authdata[0]->length, &pacctx->pac); return code; } static krb5_error_code mspac_export_authdata(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - krb5_flags usage, - krb5_authdata ***out_authdata) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + krb5_flags usage, + krb5_authdata ***out_authdata) { struct mspac_context *pacctx = (struct mspac_context *)request_context; krb5_error_code code; @@ -1038,23 +1039,23 @@ mspac_export_authdata(krb5_context kcontext, krb5_data data; if (pacctx->pac == NULL) - return 0; + return 0; authdata = calloc(2, sizeof(krb5_authdata *)); if (authdata == NULL) - return ENOMEM; + return ENOMEM; authdata[0] = calloc(1, sizeof(krb5_authdata)); if (authdata[0] == NULL) { - free(authdata); - return ENOMEM; + free(authdata); + return ENOMEM; } authdata[1] = NULL; code = krb5int_copy_data_contents(kcontext, &pacctx->pac->data, &data); if (code != 0) { - krb5_free_authdata(kcontext, authdata); - return code; + krb5_free_authdata(kcontext, authdata); + return code; } authdata[0]->magic = KV5M_AUTHDATA; @@ -1071,25 +1072,25 @@ mspac_export_authdata(krb5_context kcontext, static krb5_error_code mspac_verify(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - const krb5_auth_context *auth_context, - const krb5_keyblock *key, - const krb5_ap_req *req) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + const krb5_auth_context *auth_context, + const krb5_keyblock *key, + const krb5_ap_req *req) { krb5_error_code code; struct mspac_context *pacctx = (struct mspac_context *)request_context; if (pacctx->pac == NULL) - return EINVAL; + return EINVAL; code = krb5_pac_verify(kcontext, - pacctx->pac, - req->ticket->enc_part2->times.authtime, - req->ticket->enc_part2->client, - key, - NULL); + pacctx->pac, + req->ticket->enc_part2->times.authtime, + req->ticket->enc_part2->client, + key, + NULL); #if 0 /* @@ -1097,8 +1098,8 @@ mspac_verify(krb5_context kcontext, * Thoughts? */ if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) { - assert(pacctx->pac->verified == FALSE); - code = 0; + assert(pacctx->pac->verified == FALSE); + code = 0; } #endif @@ -1107,17 +1108,17 @@ mspac_verify(krb5_context kcontext, static void mspac_request_fini(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context) + krb5_authdata_context context, + void *plugin_context, + void *request_context) { struct mspac_context *pacctx = (struct mspac_context *)request_context; if (pacctx != NULL) { - if (pacctx->pac != NULL) - krb5_pac_free(kcontext, pacctx->pac); + if (pacctx->pac != NULL) + krb5_pac_free(kcontext, pacctx->pac); - free(pacctx); + free(pacctx); } } @@ -1127,17 +1128,17 @@ static struct { krb5_ui_4 type; krb5_data attribute; } mspac_attribute_types[] = { - { (krb5_ui_4)-1, { KV5M_DATA, STRLENOF("urn:mspac:"), "urn:mspac:" } }, - { PAC_LOGON_INFO, { KV5M_DATA, STRLENOF("urn:mspac:logon-info"), "urn:mspac:logon-info" } }, - { PAC_CREDENTIALS_INFO, { KV5M_DATA, STRLENOF("urn:mspac:credentials-info"), "urn:mspac:credentials-info" } }, - { PAC_SERVER_CHECKSUM, { KV5M_DATA, STRLENOF("urn:mspac:server-checksum"), "urn:mspac:server-checksum" } }, - { PAC_PRIVSVR_CHECKSUM, { KV5M_DATA, STRLENOF("urn:mspac:privsvr-checksum"), "urn:mspac:privsvr-checksum" } }, - { PAC_CLIENT_INFO, { KV5M_DATA, STRLENOF("urn:mspac:client-info"), "urn:mspac:client-info" } }, - { PAC_DELEGATION_INFO, { KV5M_DATA, STRLENOF("urn:mspac:delegation-info"), "urn:mspac:delegation-info" } }, - { PAC_UPN_DNS_INFO, { KV5M_DATA, STRLENOF("urn:mspac:upn-dns-info"), "urn:mspac:upn-dns-info" } }, + { (krb5_ui_4)-1, { KV5M_DATA, STRLENOF("urn:mspac:"), "urn:mspac:" } }, + { PAC_LOGON_INFO, { KV5M_DATA, STRLENOF("urn:mspac:logon-info"), "urn:mspac:logon-info" } }, + { PAC_CREDENTIALS_INFO, { KV5M_DATA, STRLENOF("urn:mspac:credentials-info"), "urn:mspac:credentials-info" } }, + { PAC_SERVER_CHECKSUM, { KV5M_DATA, STRLENOF("urn:mspac:server-checksum"), "urn:mspac:server-checksum" } }, + { PAC_PRIVSVR_CHECKSUM, { KV5M_DATA, STRLENOF("urn:mspac:privsvr-checksum"), "urn:mspac:privsvr-checksum" } }, + { PAC_CLIENT_INFO, { KV5M_DATA, STRLENOF("urn:mspac:client-info"), "urn:mspac:client-info" } }, + { PAC_DELEGATION_INFO, { KV5M_DATA, STRLENOF("urn:mspac:delegation-info"), "urn:mspac:delegation-info" } }, + { PAC_UPN_DNS_INFO, { KV5M_DATA, STRLENOF("urn:mspac:upn-dns-info"), "urn:mspac:upn-dns-info" } }, }; -#define MSPAC_ATTRIBUTE_COUNT (sizeof(mspac_attribute_types)/sizeof(mspac_attribute_types[0])) +#define MSPAC_ATTRIBUTE_COUNT (sizeof(mspac_attribute_types)/sizeof(mspac_attribute_types[0])) static krb5_error_code mspac_type2attr(krb5_ui_4 type, krb5_data *attr) @@ -1145,10 +1146,10 @@ mspac_type2attr(krb5_ui_4 type, krb5_data *attr) unsigned int i; for (i = 0; i < MSPAC_ATTRIBUTE_COUNT; i++) { - if (mspac_attribute_types[i].type == type) { - *attr = mspac_attribute_types[i].attribute; - return 0; - } + if (mspac_attribute_types[i].type == type) { + *attr = mspac_attribute_types[i].attribute; + return 0; + } } return ENOENT; @@ -1160,22 +1161,22 @@ mspac_attr2type(const krb5_data *attr, krb5_ui_4 *type) unsigned int i; for (i = 0; i < MSPAC_ATTRIBUTE_COUNT; i++) { - if (attr->length == mspac_attribute_types[i].attribute.length && - strncasecmp(attr->data, mspac_attribute_types[i].attribute.data, attr->length) == 0) { - *type = mspac_attribute_types[i].type; - return 0; - } + if (attr->length == mspac_attribute_types[i].attribute.length && + strncasecmp(attr->data, mspac_attribute_types[i].attribute.data, attr->length) == 0) { + *type = mspac_attribute_types[i].type; + return 0; + } } if (attr->length > STRLENOF("urn:mspac:") && - strncasecmp(attr->data, "urn:mspac:", STRLENOF("urn:mspac:")) == 0) + strncasecmp(attr->data, "urn:mspac:", STRLENOF("urn:mspac:")) == 0) { - char *p = &attr->data[STRLENOF("urn:mspac:")]; - char *endptr; + char *p = &attr->data[STRLENOF("urn:mspac:")]; + char *endptr; - *type = strtoul(p, &endptr, 10); - if (*type != 0 && *endptr == '\0') - return 0; + *type = strtoul(p, &endptr, 10); + if (*type != 0 && *endptr == '\0') + return 0; } return ENOENT; @@ -1183,10 +1184,10 @@ mspac_attr2type(const krb5_data *attr, krb5_ui_4 *type) static krb5_error_code mspac_get_attribute_types(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - krb5_data **out_attrs) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + krb5_data **out_attrs) { struct mspac_context *pacctx = (struct mspac_context *)request_context; unsigned int i, j; @@ -1194,45 +1195,45 @@ mspac_get_attribute_types(krb5_context kcontext, krb5_error_code code; if (pacctx->pac == NULL) - return ENOENT; + return ENOENT; attrs = calloc(1 + pacctx->pac->pac->cBuffers + 1, sizeof(krb5_data)); if (attrs == NULL) - return ENOMEM; + return ENOMEM; j = 0; /* The entire PAC */ code = krb5int_copy_data_contents(kcontext, - &mspac_attribute_types[0].attribute, - &attrs[j++]); + &mspac_attribute_types[0].attribute, + &attrs[j++]); if (code != 0) { - free(attrs); - return code; + free(attrs); + return code; } /* PAC buffers */ for (i = 0; i < pacctx->pac->pac->cBuffers; i++) { - krb5_data attr; - - code = mspac_type2attr(pacctx->pac->pac->Buffers[i].ulType, &attr); - if (code == 0) { - code = krb5int_copy_data_contents(kcontext, &attr, &attrs[j++]); - if (code != 0) { - krb5int_free_data_list(kcontext, attrs); - return code; - } - } else { - int length; - - length = asprintf(&attrs[j].data, "urn:mspac:%d", - pacctx->pac->pac->Buffers[i].ulType); - if (length < 0) { - krb5int_free_data_list(kcontext, attrs); - return ENOMEM; - } - attrs[j++].length = length; - } + krb5_data attr; + + code = mspac_type2attr(pacctx->pac->pac->Buffers[i].ulType, &attr); + if (code == 0) { + code = krb5int_copy_data_contents(kcontext, &attr, &attrs[j++]); + if (code != 0) { + krb5int_free_data_list(kcontext, attrs); + return code; + } + } else { + int length; + + length = asprintf(&attrs[j].data, "urn:mspac:%d", + pacctx->pac->pac->Buffers[i].ulType); + if (length < 0) { + krb5int_free_data_list(kcontext, attrs); + return ENOMEM; + } + attrs[j++].length = length; + } } attrs[j].data = NULL; attrs[j].length = 0; @@ -1244,49 +1245,49 @@ mspac_get_attribute_types(krb5_context kcontext, static krb5_error_code mspac_get_attribute(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - const krb5_data *attribute, - krb5_boolean *authenticated, - krb5_boolean *complete, - krb5_data *value, - krb5_data *display_value, - int *more) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + const krb5_data *attribute, + krb5_boolean *authenticated, + krb5_boolean *complete, + krb5_data *value, + krb5_data *display_value, + int *more) { struct mspac_context *pacctx = (struct mspac_context *)request_context; krb5_error_code code; krb5_ui_4 type; if (display_value != NULL) { - display_value->data = NULL; - display_value->length = 0; + display_value->data = NULL; + display_value->length = 0; } if (*more != -1 || pacctx->pac == NULL) - return ENOENT; + return ENOENT; code = mspac_attr2type(attribute, &type); if (code != 0) - return code; + return code; /* -1 is a magic type that refers to the entire PAC */ if (type == (krb5_ui_4)-1) { - if (value != NULL) - code = krb5int_copy_data_contents(kcontext, - &pacctx->pac->data, - value); - else - code = 0; + if (value != NULL) + code = krb5int_copy_data_contents(kcontext, + &pacctx->pac->data, + value); + else + code = 0; } else { - if (value != NULL) - code = krb5_pac_get_buffer(kcontext, pacctx->pac, type, value); - else - code = k5_pac_locate_buffer(kcontext, pacctx->pac, type, NULL); + if (value != NULL) + code = krb5_pac_get_buffer(kcontext, pacctx->pac, type, value); + else + code = k5_pac_locate_buffer(kcontext, pacctx->pac, type, NULL); } if (code == 0) { - *authenticated = pacctx->pac->verified; - *complete = TRUE; + *authenticated = pacctx->pac->verified; + *complete = TRUE; } *more = 0; @@ -1296,36 +1297,36 @@ mspac_get_attribute(krb5_context kcontext, static krb5_error_code mspac_set_attribute(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - krb5_boolean complete, - const krb5_data *attribute, - const krb5_data *value) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + krb5_boolean complete, + const krb5_data *attribute, + const krb5_data *value) { struct mspac_context *pacctx = (struct mspac_context *)request_context; krb5_error_code code; krb5_ui_4 type; if (pacctx->pac == NULL) - return ENOENT; + return ENOENT; code = mspac_attr2type(attribute, &type); if (code != 0) - return code; + return code; /* -1 is a magic type that refers to the entire PAC */ if (type == (krb5_ui_4)-1) { - krb5_pac newpac; + krb5_pac newpac; - code = krb5_pac_parse(kcontext, value->data, value->length, &newpac); - if (code != 0) - return code; + code = krb5_pac_parse(kcontext, value->data, value->length, &newpac); + if (code != 0) + return code; - krb5_pac_free(kcontext, pacctx->pac); - pacctx->pac = newpac; + krb5_pac_free(kcontext, pacctx->pac); + pacctx->pac = newpac; } else { - code = krb5_pac_add_buffer(kcontext, pacctx->pac, type, value); + code = krb5_pac_add_buffer(kcontext, pacctx->pac, type, value); } return code; @@ -1333,11 +1334,11 @@ mspac_set_attribute(krb5_context kcontext, static krb5_error_code mspac_export_internal(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - krb5_boolean restrict_authenticated, - void **ptr) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + krb5_boolean restrict_authenticated, + void **ptr) { struct mspac_context *pacctx = (struct mspac_context *)request_context; krb5_error_code code; @@ -1346,16 +1347,16 @@ mspac_export_internal(krb5_context kcontext, *ptr = NULL; if (pacctx->pac == NULL) - return 0; + return 0; if (restrict_authenticated && (pacctx->pac->verified) == FALSE) - return 0; + return 0; code = krb5_pac_parse(kcontext, pacctx->pac->data.data, - pacctx->pac->data.length, &pac); + pacctx->pac->data.length, &pac); if (code == 0) { - pac->verified = pacctx->pac->verified; - *ptr = pac; + pac->verified = pacctx->pac->verified; + *ptr = pac; } return code; @@ -1363,30 +1364,30 @@ mspac_export_internal(krb5_context kcontext, static void mspac_free_internal(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - void *ptr) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + void *ptr) { if (ptr != NULL) - krb5_pac_free(kcontext, (krb5_pac)ptr); + krb5_pac_free(kcontext, (krb5_pac)ptr); return; } static krb5_error_code mspac_size(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - size_t *sizep) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + size_t *sizep) { struct mspac_context *pacctx = (struct mspac_context *)request_context; *sizep += sizeof(krb5_int32); if (pacctx->pac != NULL) - *sizep += pacctx->pac->data.length; + *sizep += pacctx->pac->data.length; *sizep += sizeof(krb5_int32); @@ -1395,11 +1396,11 @@ mspac_size(krb5_context kcontext, static krb5_error_code mspac_externalize(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - krb5_octet **buffer, - size_t *lenremain) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + krb5_octet **buffer, + size_t *lenremain) { krb5_error_code code = 0; struct mspac_context *pacctx = (struct mspac_context *)request_context; @@ -1411,23 +1412,23 @@ mspac_externalize(krb5_context kcontext, remain = *lenremain; if (pacctx->pac != NULL) { - mspac_size(kcontext, context, plugin_context, - request_context, &required); - - if (required <= remain) { - krb5_ser_pack_int32((krb5_int32)pacctx->pac->data.length, - &bp, &remain); - krb5_ser_pack_bytes((krb5_octet *)pacctx->pac->data.data, - (size_t)pacctx->pac->data.length, - &bp, &remain); - krb5_ser_pack_int32((krb5_int32)pacctx->pac->verified, - &bp, &remain); - } else { - code = ENOMEM; - } + mspac_size(kcontext, context, plugin_context, + request_context, &required); + + if (required <= remain) { + krb5_ser_pack_int32((krb5_int32)pacctx->pac->data.length, + &bp, &remain); + krb5_ser_pack_bytes((krb5_octet *)pacctx->pac->data.data, + (size_t)pacctx->pac->data.length, + &bp, &remain); + krb5_ser_pack_int32((krb5_int32)pacctx->pac->verified, + &bp, &remain); + } else { + code = ENOMEM; + } } else { - krb5_ser_pack_int32(0, &bp, &remain); /* length */ - krb5_ser_pack_int32(0, &bp, &remain); /* verified */ + krb5_ser_pack_int32(0, &bp, &remain); /* length */ + krb5_ser_pack_int32(0, &bp, &remain); /* verified */ } *buffer = bp; @@ -1438,11 +1439,11 @@ mspac_externalize(krb5_context kcontext, static krb5_error_code mspac_internalize(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - krb5_octet **buffer, - size_t *lenremain) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + krb5_octet **buffer, + size_t *lenremain) { struct mspac_context *pacctx = (struct mspac_context *)request_context; krb5_error_code code; @@ -1457,30 +1458,30 @@ mspac_internalize(krb5_context kcontext, /* length */ code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) - return code; + return code; if (ibuf != 0) { - code = krb5_pac_parse(kcontext, bp, ibuf, &pac); - if (code != 0) - return code; + code = krb5_pac_parse(kcontext, bp, ibuf, &pac); + if (code != 0) + return code; - bp += ibuf; - remain -= ibuf; + bp += ibuf; + remain -= ibuf; } /* verified */ code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) { - krb5_pac_free(kcontext, pac); - return code; + krb5_pac_free(kcontext, pac); + return code; } if (pac != NULL) { - pac->verified = (ibuf != 0); + pac->verified = (ibuf != 0); } if (pacctx->pac != NULL) { - krb5_pac_free(kcontext, pacctx->pac); + krb5_pac_free(kcontext, pacctx->pac); } pacctx->pac = pac; @@ -1493,11 +1494,11 @@ mspac_internalize(krb5_context kcontext, static krb5_error_code mspac_copy(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - void *dst_plugin_context, - void *dst_request_context) + krb5_authdata_context context, + void *plugin_context, + void *request_context, + void *dst_plugin_context, + void *dst_request_context) { struct mspac_context *srcctx = (struct mspac_context *)request_context; struct mspac_context *dstctx = (struct mspac_context *)dst_request_context; @@ -1507,7 +1508,7 @@ mspac_copy(krb5_context kcontext, assert(dstctx->pac == NULL); if (srcctx->pac != NULL) - code = k5_pac_copy(kcontext, srcctx->pac, &dstctx->pac); + code = k5_pac_copy(kcontext, srcctx->pac, &dstctx->pac); return code; } @@ -1536,4 +1537,3 @@ krb5plugin_authdata_client_ftable_v0 krb5int_mspac_authdata_client_ftable = { mspac_internalize, mspac_copy }; - diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c index 5dd29fb..b78cc43 100644 --- a/src/lib/krb5/krb/parse.c +++ b/src/lib/krb5/krb/parse.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/parse.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_parse_name() routine. * @@ -37,27 +38,27 @@ * converts a single-string representation of the name to the * multi-part principal format used in the protocols. * - * principal will point to allocated storage which should be freed by + * principal will point to allocated storage which should be freed by * the caller (using krb5_free_principal) after use. - * + * * Conventions: / is used to separate components. If @ is present in the * string, then the rest of the string after it represents the realm name. * Otherwise the local realm name is used. - * + * * error return: - * KRB5_PARSE_MALFORMED badly formatted string + * KRB5_PARSE_MALFORMED badly formatted string * * also returns system errors: - * ENOMEM malloc failed/out of memory + * ENOMEM malloc failed/out of memory * * get_default_realm() is called; it may return other errors. */ -#define REALM_SEP '@' -#define COMPONENT_SEP '/' -#define QUOTECHAR '\\' +#define REALM_SEP '@' +#define COMPONENT_SEP '/' +#define QUOTECHAR '\\' -#define FCOMPNUM 10 +#define FCOMPNUM 10 /* * May the fleas of a thousand camels infest the ISO, they who think @@ -65,276 +66,276 @@ */ static krb5_error_code k5_parse_name(krb5_context context, const char *name, - int flags, krb5_principal *nprincipal) + int flags, krb5_principal *nprincipal) { - register const char *cp; - register char *q; - register int i,c,size; - int components = 0; - const char *parsed_realm = NULL; - int fcompsize[FCOMPNUM]; - unsigned int realmsize = 0; - char *default_realm = NULL; - int default_realm_size = 0; - char *tmpdata; - krb5_principal principal; - krb5_error_code retval; - unsigned int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE); - int first_at; + register const char *cp; + register char *q; + register int i,c,size; + int components = 0; + const char *parsed_realm = NULL; + int fcompsize[FCOMPNUM]; + unsigned int realmsize = 0; + char *default_realm = NULL; + int default_realm_size = 0; + char *tmpdata; + krb5_principal principal; + krb5_error_code retval; + unsigned int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE); + int first_at; - *nprincipal = NULL; + *nprincipal = NULL; - /* - * Pass 1. Find out how many components there are to the name, - * and get string sizes for the first FCOMPNUM components. For - * enterprise principal names (UPNs), there is only a single - * component. - */ - size = 0; - for (i=0,cp = name, first_at = 1; (c = *cp); cp++) { - if (c == QUOTECHAR) { - cp++; - if (!(c = *cp)) - /* - * QUOTECHAR can't be at the last - * character of the name! - */ - return(KRB5_PARSE_MALFORMED); - size++; - continue; - } else if (c == COMPONENT_SEP && !enterprise) { - if (parsed_realm) - /* - * Shouldn't see a component separator - * after we've parsed out the realm name! - */ - return(KRB5_PARSE_MALFORMED); - if (i < FCOMPNUM) { - fcompsize[i] = size; - } - size = 0; - i++; - } else if (c == REALM_SEP && (!enterprise || !first_at)) { - if (parsed_realm) - /* - * Multiple realm separaters - * not allowed; zero-length realms are. - */ - return(KRB5_PARSE_MALFORMED); - parsed_realm = cp + 1; - if (i < FCOMPNUM) { - fcompsize[i] = size; - } - size = 0; - } else { - if (c == REALM_SEP && enterprise && first_at) - first_at = 0; + /* + * Pass 1. Find out how many components there are to the name, + * and get string sizes for the first FCOMPNUM components. For + * enterprise principal names (UPNs), there is only a single + * component. + */ + size = 0; + for (i=0,cp = name, first_at = 1; (c = *cp); cp++) { + if (c == QUOTECHAR) { + cp++; + if (!(c = *cp)) + /* + * QUOTECHAR can't be at the last + * character of the name! + */ + return(KRB5_PARSE_MALFORMED); + size++; + continue; + } else if (c == COMPONENT_SEP && !enterprise) { + if (parsed_realm) + /* + * Shouldn't see a component separator + * after we've parsed out the realm name! + */ + return(KRB5_PARSE_MALFORMED); + if (i < FCOMPNUM) { + fcompsize[i] = size; + } + size = 0; + i++; + } else if (c == REALM_SEP && (!enterprise || !first_at)) { + if (parsed_realm) + /* + * Multiple realm separaters + * not allowed; zero-length realms are. + */ + return(KRB5_PARSE_MALFORMED); + parsed_realm = cp + 1; + if (i < FCOMPNUM) { + fcompsize[i] = size; + } + size = 0; + } else { + if (c == REALM_SEP && enterprise && first_at) + first_at = 0; - size++; - } - } - if (parsed_realm != NULL) - realmsize = size; - else if (i < FCOMPNUM) - fcompsize[i] = size; - components = i + 1; - /* - * Now, we allocate the principal structure and all of its - * component pieces - */ - principal = (krb5_principal)malloc(sizeof(krb5_principal_data)); - if (principal == NULL) { - return(ENOMEM); - } - principal->data = (krb5_data *) malloc(sizeof(krb5_data) * components); - if (principal->data == NULL) { - free(principal); - return ENOMEM; - } - principal->length = components; + size++; + } + } + if (parsed_realm != NULL) + realmsize = size; + else if (i < FCOMPNUM) + fcompsize[i] = size; + components = i + 1; + /* + * Now, we allocate the principal structure and all of its + * component pieces + */ + principal = (krb5_principal)malloc(sizeof(krb5_principal_data)); + if (principal == NULL) { + return(ENOMEM); + } + principal->data = (krb5_data *) malloc(sizeof(krb5_data) * components); + if (principal->data == NULL) { + free(principal); + return ENOMEM; + } + principal->length = components; - /* - * If a realm was not found, then use the default realm, unless - * KRB5_PRINCIPAL_PARSE_NO_REALM was specified in which case the - * realm will be empty. - */ - if (!parsed_realm) { - if (flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM) { - krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - "Principal %s is missing required realm", name); - free(principal->data); - free(principal); - return KRB5_PARSE_MALFORMED; - } - if (!default_realm && (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) == 0) { - retval = krb5_get_default_realm(context, &default_realm); - if (retval) { - free(principal->data); - free(principal); - return(retval); - } - default_realm_size = strlen(default_realm); - } - realmsize = default_realm_size; - } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { - krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - "Principal %s has realm present", name); - free(principal->data); - free(principal); - return KRB5_PARSE_MALFORMED; - } + /* + * If a realm was not found, then use the default realm, unless + * KRB5_PRINCIPAL_PARSE_NO_REALM was specified in which case the + * realm will be empty. + */ + if (!parsed_realm) { + if (flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM) { + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, + "Principal %s is missing required realm", name); + free(principal->data); + free(principal); + return KRB5_PARSE_MALFORMED; + } + if (!default_realm && (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) == 0) { + retval = krb5_get_default_realm(context, &default_realm); + if (retval) { + free(principal->data); + free(principal); + return(retval); + } + default_realm_size = strlen(default_realm); + } + realmsize = default_realm_size; + } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, + "Principal %s has realm present", name); + free(principal->data); + free(principal); + return KRB5_PARSE_MALFORMED; + } - /* - * Pass 2. Happens only if there were more than FCOMPNUM - * component; if this happens, someone should be shot - * immediately. Nevertheless, we will attempt to handle said - * case..... <martyred sigh> - */ - if (components >= FCOMPNUM) { - size = 0; - parsed_realm = NULL; - for (i=0,cp = name; (c = *cp); cp++) { - if (c == QUOTECHAR) { - cp++; - size++; - } else if (c == COMPONENT_SEP) { - if (krb5_princ_size(context, principal) > i) - krb5_princ_component(context, principal, i)->length = size; - size = 0; - i++; - } else if (c == REALM_SEP) { - if (krb5_princ_size(context, principal) > i) - krb5_princ_component(context, principal, i)->length = size; - size = 0; - parsed_realm = cp+1; - } else - size++; - } - if (parsed_realm) - krb5_princ_realm(context, principal)->length = size; - else - if (krb5_princ_size(context, principal) > i) - krb5_princ_component(context, principal, i)->length = size; - if (i + 1 != components) { + /* + * Pass 2. Happens only if there were more than FCOMPNUM + * component; if this happens, someone should be shot + * immediately. Nevertheless, we will attempt to handle said + * case..... <martyred sigh> + */ + if (components >= FCOMPNUM) { + size = 0; + parsed_realm = NULL; + for (i=0,cp = name; (c = *cp); cp++) { + if (c == QUOTECHAR) { + cp++; + size++; + } else if (c == COMPONENT_SEP) { + if (krb5_princ_size(context, principal) > i) + krb5_princ_component(context, principal, i)->length = size; + size = 0; + i++; + } else if (c == REALM_SEP) { + if (krb5_princ_size(context, principal) > i) + krb5_princ_component(context, principal, i)->length = size; + size = 0; + parsed_realm = cp+1; + } else + size++; + } + if (parsed_realm) + krb5_princ_realm(context, principal)->length = size; + else + if (krb5_princ_size(context, principal) > i) + krb5_princ_component(context, principal, i)->length = size; + if (i + 1 != components) { #if !defined(_WIN32) - fprintf(stderr, - "Programming error in krb5_parse_name!"); + fprintf(stderr, + "Programming error in krb5_parse_name!"); #endif - assert(i + 1 == components); - abort(); - } - } else { - /* - * If there were fewer than FCOMPSIZE components (the - * usual case), then just copy the sizes to the - * principal structure - */ - for (i=0; i < components; i++) - krb5_princ_component(context, principal, i)->length = fcompsize[i]; - } - /* - * Now, we need to allocate the space for the strings themselves..... - */ - tmpdata = malloc(realmsize + 1); - if (tmpdata == 0) { - free(principal->data); - free(principal); - free(default_realm); - return ENOMEM; - } - krb5_princ_set_realm_length(context, principal, realmsize); - krb5_princ_set_realm_data(context, principal, tmpdata); - for (i=0; i < components; i++) { - char *tmpdata2 = - malloc(krb5_princ_component(context, principal, i)->length + 1); - if (tmpdata2 == NULL) { - for (i--; i >= 0; i--) - free(krb5_princ_component(context, principal, i)->data); - free(krb5_princ_realm(context, principal)->data); - free(principal->data); - free(principal); - free(default_realm); - return(ENOMEM); - } - krb5_princ_component(context, principal, i)->data = tmpdata2; - krb5_princ_component(context, principal, i)->magic = KV5M_DATA; - } - - /* - * Pass 3. Now we go through the string a *third* time, this - * time filling in the krb5_principal structure which we just - * allocated. - */ - q = krb5_princ_component(context, principal, 0)->data; - for (i=0,cp = name, first_at = 1; (c = *cp); cp++) { - if (c == QUOTECHAR) { - cp++; - switch (c = *cp) { - case 'n': - *q++ = '\n'; - break; - case 't': - *q++ = '\t'; - break; - case 'b': - *q++ = '\b'; - break; - case '0': - *q++ = '\0'; - break; - default: - *q++ = c; - break; - } - } else if (c == COMPONENT_SEP && !enterprise) { - i++; - *q++ = '\0'; - q = krb5_princ_component(context, principal, i)->data; - } else if (c == REALM_SEP && (!enterprise || !first_at)) { - i++; - *q++ = '\0'; - q = krb5_princ_realm(context, principal)->data; - } else { - if (c == REALM_SEP && enterprise && first_at) - first_at = 0; + assert(i + 1 == components); + abort(); + } + } else { + /* + * If there were fewer than FCOMPSIZE components (the + * usual case), then just copy the sizes to the + * principal structure + */ + for (i=0; i < components; i++) + krb5_princ_component(context, principal, i)->length = fcompsize[i]; + } + /* + * Now, we need to allocate the space for the strings themselves..... + */ + tmpdata = malloc(realmsize + 1); + if (tmpdata == 0) { + free(principal->data); + free(principal); + free(default_realm); + return ENOMEM; + } + krb5_princ_set_realm_length(context, principal, realmsize); + krb5_princ_set_realm_data(context, principal, tmpdata); + for (i=0; i < components; i++) { + char *tmpdata2 = + malloc(krb5_princ_component(context, principal, i)->length + 1); + if (tmpdata2 == NULL) { + for (i--; i >= 0; i--) + free(krb5_princ_component(context, principal, i)->data); + free(krb5_princ_realm(context, principal)->data); + free(principal->data); + free(principal); + free(default_realm); + return(ENOMEM); + } + krb5_princ_component(context, principal, i)->data = tmpdata2; + krb5_princ_component(context, principal, i)->magic = KV5M_DATA; + } + + /* + * Pass 3. Now we go through the string a *third* time, this + * time filling in the krb5_principal structure which we just + * allocated. + */ + q = krb5_princ_component(context, principal, 0)->data; + for (i=0,cp = name, first_at = 1; (c = *cp); cp++) { + if (c == QUOTECHAR) { + cp++; + switch (c = *cp) { + case 'n': + *q++ = '\n'; + break; + case 't': + *q++ = '\t'; + break; + case 'b': + *q++ = '\b'; + break; + case '0': + *q++ = '\0'; + break; + default: + *q++ = c; + break; + } + } else if (c == COMPONENT_SEP && !enterprise) { + i++; + *q++ = '\0'; + q = krb5_princ_component(context, principal, i)->data; + } else if (c == REALM_SEP && (!enterprise || !first_at)) { + i++; + *q++ = '\0'; + q = krb5_princ_realm(context, principal)->data; + } else { + if (c == REALM_SEP && enterprise && first_at) + first_at = 0; - *q++ = c; - } - } - *q++ = '\0'; - if (!parsed_realm) { - if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) - (krb5_princ_realm(context, principal)->data)[0] = '\0'; - else - strlcpy(krb5_princ_realm(context, principal)->data, default_realm, realmsize+1); - } - /* - * Alright, we're done. Now stuff a pointer to this monstrosity - * into the return variable, and let's get out of here. - */ - if (enterprise) - krb5_princ_type(context, principal) = KRB5_NT_ENTERPRISE_PRINCIPAL; - else - krb5_princ_type(context, principal) = KRB5_NT_PRINCIPAL; - principal->magic = KV5M_PRINCIPAL; - principal->realm.magic = KV5M_DATA; - *nprincipal = principal; + *q++ = c; + } + } + *q++ = '\0'; + if (!parsed_realm) { + if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) + (krb5_princ_realm(context, principal)->data)[0] = '\0'; + else + strlcpy(krb5_princ_realm(context, principal)->data, default_realm, realmsize+1); + } + /* + * Alright, we're done. Now stuff a pointer to this monstrosity + * into the return variable, and let's get out of here. + */ + if (enterprise) + krb5_princ_type(context, principal) = KRB5_NT_ENTERPRISE_PRINCIPAL; + else + krb5_princ_type(context, principal) = KRB5_NT_PRINCIPAL; + principal->magic = KV5M_PRINCIPAL; + principal->realm.magic = KV5M_DATA; + *nprincipal = principal; - if (default_realm != NULL) - free(default_realm); + if (default_realm != NULL) + free(default_realm); - return(0); + return(0); } krb5_error_code KRB5_CALLCONV krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincipal) { - return k5_parse_name(context, name, 0, nprincipal); + return k5_parse_name(context, name, 0, nprincipal); } krb5_error_code KRB5_CALLCONV krb5_parse_name_flags(krb5_context context, const char *name, - int flags, krb5_principal *nprincipal) + int flags, krb5_principal *nprincipal) { - return k5_parse_name(context, name, flags, nprincipal); + return k5_parse_name(context, name, flags, nprincipal); } diff --git a/src/lib/krb5/krb/pkinit_apple_asn1.c b/src/lib/krb5/krb/pkinit_apple_asn1.c index 9082a31..12b5215 100644 --- a/src/lib/krb5/krb/pkinit_apple_asn1.c +++ b/src/lib/krb5/krb/pkinit_apple_asn1.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -60,32 +61,32 @@ static void **pkiNssNullArray( #pragma mark ----- pkAuthenticator ----- -/* +/* * There is a unique error code for "missing paChecksum", so we mark it here - * as optional so the decoder can process a pkAuthenticator without the + * as optional so the decoder can process a pkAuthenticator without the * checksum; caller must verify that paChecksum.Data != NULL. */ typedef struct { - CSSM_DATA cusec; /* INTEGER, microseconds */ - CSSM_DATA kctime; /* UTC time (with trailing 'Z') */ - CSSM_DATA nonce; /* INTEGER */ - CSSM_DATA paChecksum; /* OCTET STRING */ + CSSM_DATA cusec; /* INTEGER, microseconds */ + CSSM_DATA kctime; /* UTC time (with trailing 'Z') */ + CSSM_DATA nonce; /* INTEGER */ + CSSM_DATA paChecksum; /* OCTET STRING */ } KRB5_PKAuthenticator; static const SecAsn1Template KRB5_PKAuthenticatorTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_PKAuthenticator) }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0, - offsetof(KRB5_PKAuthenticator,cusec), + offsetof(KRB5_PKAuthenticator,cusec), kSecAsn1IntegerTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 1, - offsetof(KRB5_PKAuthenticator,kctime), + offsetof(KRB5_PKAuthenticator,kctime), kSecAsn1GeneralizedTimeTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 2, - offsetof(KRB5_PKAuthenticator,nonce), + offsetof(KRB5_PKAuthenticator,nonce), kSecAsn1IntegerTemplate }, - { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | - SEC_ASN1_OPTIONAL | 3, - offsetof(KRB5_PKAuthenticator,paChecksum), + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | + SEC_ASN1_OPTIONAL | 3, + offsetof(KRB5_PKAuthenticator,paChecksum), &kSecAsn1OctetStringTemplate }, { 0 } }; @@ -93,25 +94,25 @@ static const SecAsn1Template KRB5_PKAuthenticatorTemplate[] = { #pragma mark ----- AuthPack ----- typedef struct { - KRB5_PKAuthenticator pkAuth; - CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *pubKeyInfo; /* OPTIONAL */ - CSSM_X509_ALGORITHM_IDENTIFIER **supportedCMSTypes;/* OPTIONAL */ - CSSM_DATA *clientDHNonce; /* OPTIONAL */ + KRB5_PKAuthenticator pkAuth; + CSSM_X509_SUBJECT_PUBLIC_KEY_INFO *pubKeyInfo; /* OPTIONAL */ + CSSM_X509_ALGORITHM_IDENTIFIER **supportedCMSTypes;/* OPTIONAL */ + CSSM_DATA *clientDHNonce; /* OPTIONAL */ } KRB5_AuthPack; -/* +/* * These are copied from keyTemplates.c in the libsecurity_asn1 project; * they aren't public API. */ - + /* AlgorithmIdentifier : CSSM_X509_ALGORITHM_IDENTIFIER */ static const SecAsn1Template AlgorithmIDTemplate[] = { { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER) }, + 0, NULL, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER) }, { SEC_ASN1_OBJECT_ID, - offsetof(CSSM_X509_ALGORITHM_IDENTIFIER,algorithm), }, + offsetof(CSSM_X509_ALGORITHM_IDENTIFIER,algorithm), }, { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY, - offsetof(CSSM_X509_ALGORITHM_IDENTIFIER,parameters), }, + offsetof(CSSM_X509_ALGORITHM_IDENTIFIER,parameters), }, { 0, } }; @@ -119,12 +120,12 @@ static const SecAsn1Template AlgorithmIDTemplate[] = { /* SubjectPublicKeyInfo : CSSM_X509_SUBJECT_PUBLIC_KEY_INFO */ static const SecAsn1Template SubjectPublicKeyInfoTemplate[] = { { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO) }, + 0, NULL, sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO) }, { SEC_ASN1_INLINE, - offsetof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO,algorithm), - AlgorithmIDTemplate }, + offsetof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO,algorithm), + AlgorithmIDTemplate }, { SEC_ASN1_BIT_STRING, - offsetof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO,subjectPublicKey), }, + offsetof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO,subjectPublicKey), }, { 0, } }; @@ -137,34 +138,34 @@ static const SecAsn1Template kSecAsn1SequenceOfAlgIdTemplate[] = { static const SecAsn1Template KRB5_AuthPackTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_AuthPack) }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0, - offsetof(KRB5_AuthPack,pkAuth), + offsetof(KRB5_AuthPack,pkAuth), KRB5_PKAuthenticatorTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | - SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 1, - offsetof(KRB5_AuthPack,pubKeyInfo), + SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 1, + offsetof(KRB5_AuthPack,pubKeyInfo), SubjectPublicKeyInfoTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | - SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 2, - offsetof(KRB5_AuthPack,supportedCMSTypes), + SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 2, + offsetof(KRB5_AuthPack,supportedCMSTypes), kSecAsn1SequenceOfAlgIdTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | - SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 3, - offsetof(KRB5_AuthPack,clientDHNonce), + SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 3, + offsetof(KRB5_AuthPack,clientDHNonce), kSecAsn1OctetStringTemplate }, { 0 } }; -/* +/* * Encode AuthPack, public key version (no Diffie-Hellman components). */ krb5_error_code krb5int_pkinit_auth_pack_encode( - krb5_timestamp kctime, - krb5_int32 cusec, /* microseconds */ - krb5_ui_4 nonce, - const krb5_checksum *pa_checksum, - const krb5int_algorithm_id *cms_types, /* optional */ - krb5_ui_4 num_cms_types, - krb5_data *auth_pack) /* mallocd and RETURNED */ + krb5_timestamp kctime, + krb5_int32 cusec, /* microseconds */ + krb5_ui_4 nonce, + const krb5_checksum *pa_checksum, + const krb5int_algorithm_id *cms_types, /* optional */ + krb5_ui_4 num_cms_types, + krb5_data *auth_pack) /* mallocd and RETURNED */ { KRB5_AuthPack localAuthPack; SecAsn1CoderRef coder; @@ -173,65 +174,65 @@ krb5_error_code krb5int_pkinit_auth_pack_encode( CSSM_DATA ber = {0, NULL}; OSStatus ortn; char *timeStr = NULL; - + if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } memset(&localAuthPack, 0, sizeof(localAuthPack)); if(pkiKrbTimestampToStr(kctime, &timeStr)) { - ourRtn = -1; - goto errOut; + ourRtn = -1; + goto errOut; } localAuthPack.pkAuth.kctime.Data = (uint8 *)timeStr; localAuthPack.pkAuth.kctime.Length = strlen(timeStr); if(pkiIntToData(cusec, &localAuthPack.pkAuth.cusec, coder)) { - ourRtn = ENOMEM; - goto errOut; + ourRtn = ENOMEM; + goto errOut; } if(pkiIntToData(nonce, &localAuthPack.pkAuth.nonce, coder)) { - ourRtn = ENOMEM; - goto errOut; + ourRtn = ENOMEM; + goto errOut; } cksum->Data = (uint8 *)pa_checksum->contents; cksum->Length = pa_checksum->length; - + if((cms_types != NULL) && (num_cms_types != 0)) { - unsigned dex; - CSSM_X509_ALGORITHM_IDENTIFIER **algIds; - - /* build a NULL_terminated array of CSSM_X509_ALGORITHM_IDENTIFIERs */ - localAuthPack.supportedCMSTypes = (CSSM_X509_ALGORITHM_IDENTIFIER **) - SecAsn1Malloc(coder, - (num_cms_types + 1) * sizeof(CSSM_X509_ALGORITHM_IDENTIFIER *)); - algIds = localAuthPack.supportedCMSTypes; - for(dex=0; dex<num_cms_types; dex++) { - algIds[dex] = (CSSM_X509_ALGORITHM_IDENTIFIER *) - SecAsn1Malloc(coder, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER)); - pkiKrb5DataToCssm(&cms_types[dex].algorithm, - &algIds[dex]->algorithm, coder); - if(cms_types[dex].parameters.data != NULL) { - pkiKrb5DataToCssm(&cms_types[dex].parameters, - &algIds[dex]->parameters, coder); - } - else { - algIds[dex]->parameters.Data = NULL; - algIds[dex]->parameters.Length = 0; - } - } - algIds[num_cms_types] = NULL; + unsigned dex; + CSSM_X509_ALGORITHM_IDENTIFIER **algIds; + + /* build a NULL_terminated array of CSSM_X509_ALGORITHM_IDENTIFIERs */ + localAuthPack.supportedCMSTypes = (CSSM_X509_ALGORITHM_IDENTIFIER **) + SecAsn1Malloc(coder, + (num_cms_types + 1) * sizeof(CSSM_X509_ALGORITHM_IDENTIFIER *)); + algIds = localAuthPack.supportedCMSTypes; + for(dex=0; dex<num_cms_types; dex++) { + algIds[dex] = (CSSM_X509_ALGORITHM_IDENTIFIER *) + SecAsn1Malloc(coder, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER)); + pkiKrb5DataToCssm(&cms_types[dex].algorithm, + &algIds[dex]->algorithm, coder); + if(cms_types[dex].parameters.data != NULL) { + pkiKrb5DataToCssm(&cms_types[dex].parameters, + &algIds[dex]->parameters, coder); + } + else { + algIds[dex]->parameters.Data = NULL; + algIds[dex]->parameters.Length = 0; + } + } + algIds[num_cms_types] = NULL; } ortn = SecAsn1EncodeItem(coder, &localAuthPack, KRB5_AuthPackTemplate, &ber); if(ortn) { - ourRtn = ENOMEM; - goto errOut; + ourRtn = ENOMEM; + goto errOut; } - + if(pkiCssmDataToKrb5Data(&ber, auth_pack)) { - ourRtn = ENOMEM; + ourRtn = ENOMEM; } else { - auth_pack->magic = KV5M_AUTHENTICATOR; - ourRtn = 0; + auth_pack->magic = KV5M_AUTHENTICATOR; + ourRtn = 0; } errOut: SecAsn1CoderRelease(coder); @@ -242,102 +243,102 @@ errOut: * Decode AuthPack, public key version (no Diffie-Hellman components). */ krb5_error_code krb5int_pkinit_auth_pack_decode( - const krb5_data *auth_pack, /* DER encoded */ - krb5_timestamp *kctime, /* RETURNED */ - krb5_ui_4 *cusec, /* microseconds, RETURNED */ - krb5_ui_4 *nonce, /* RETURNED */ - krb5_checksum *pa_checksum, /* contents mallocd and RETURNED */ - krb5int_algorithm_id **cms_types, /* optionally mallocd and RETURNED */ - krb5_ui_4 *num_cms_types) /* optionally RETURNED */ + const krb5_data *auth_pack, /* DER encoded */ + krb5_timestamp *kctime, /* RETURNED */ + krb5_ui_4 *cusec, /* microseconds, RETURNED */ + krb5_ui_4 *nonce, /* RETURNED */ + krb5_checksum *pa_checksum, /* contents mallocd and RETURNED */ + krb5int_algorithm_id **cms_types, /* optionally mallocd and RETURNED */ + krb5_ui_4 *num_cms_types) /* optionally RETURNED */ { KRB5_AuthPack localAuthPack; SecAsn1CoderRef coder; CSSM_DATA der = {0, NULL}; krb5_error_code ourRtn = 0; CSSM_DATA *cksum = &localAuthPack.pkAuth.paChecksum; - + /* Decode --> localAuthPack */ if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } PKI_KRB_TO_CSSM_DATA(auth_pack, &der); memset(&localAuthPack, 0, sizeof(localAuthPack)); if(SecAsn1DecodeData(coder, &der, KRB5_AuthPackTemplate, &localAuthPack)) { - ourRtn = ASN1_BAD_FORMAT; - goto errOut; + ourRtn = ASN1_BAD_FORMAT; + goto errOut; } - + /* optionally Convert KRB5_AuthPack to caller's params */ if(kctime) { - if((ourRtn = pkiTimeStrToKrbTimestamp((char *)localAuthPack.pkAuth.kctime.Data, - localAuthPack.pkAuth.kctime.Length, kctime))) { - goto errOut; - } + if((ourRtn = pkiTimeStrToKrbTimestamp((char *)localAuthPack.pkAuth.kctime.Data, + localAuthPack.pkAuth.kctime.Length, kctime))) { + goto errOut; + } } if(cusec) { - if((ourRtn = pkiDataToInt(&localAuthPack.pkAuth.cusec, (krb5_int32 *)cusec))) { - goto errOut; - } + if((ourRtn = pkiDataToInt(&localAuthPack.pkAuth.cusec, (krb5_int32 *)cusec))) { + goto errOut; + } } if(nonce) { - if((ourRtn = pkiDataToInt(&localAuthPack.pkAuth.nonce, (krb5_int32 *)nonce))) { - goto errOut; - } + if((ourRtn = pkiDataToInt(&localAuthPack.pkAuth.nonce, (krb5_int32 *)nonce))) { + goto errOut; + } } if(pa_checksum) { - if(cksum->Length == 0) { - /* This is the unique error for "no paChecksum" */ - ourRtn = KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED; - goto errOut; - } - else { - pa_checksum->contents = (krb5_octet *)malloc(cksum->Length); - if(pa_checksum->contents == NULL) { - ourRtn = ENOMEM; - goto errOut; - } - pa_checksum->length = cksum->Length; - memmove(pa_checksum->contents, cksum->Data, pa_checksum->length); - pa_checksum->magic = KV5M_CHECKSUM; - /* This used to be encoded with the checksum but no more... */ - pa_checksum->checksum_type = CKSUMTYPE_NIST_SHA; - } + if(cksum->Length == 0) { + /* This is the unique error for "no paChecksum" */ + ourRtn = KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED; + goto errOut; + } + else { + pa_checksum->contents = (krb5_octet *)malloc(cksum->Length); + if(pa_checksum->contents == NULL) { + ourRtn = ENOMEM; + goto errOut; + } + pa_checksum->length = cksum->Length; + memmove(pa_checksum->contents, cksum->Data, pa_checksum->length); + pa_checksum->magic = KV5M_CHECKSUM; + /* This used to be encoded with the checksum but no more... */ + pa_checksum->checksum_type = CKSUMTYPE_NIST_SHA; + } } if(cms_types) { - if(localAuthPack.supportedCMSTypes == NULL) { - *cms_types = NULL; - *num_cms_types = 0; - } - else { - /* - * Convert NULL-terminated array of CSSM-style algIds to - * krb5int_algorithm_ids. - */ - unsigned dex; - unsigned num_types = 0; - CSSM_X509_ALGORITHM_IDENTIFIER **alg_ids; - krb5int_algorithm_id *kalg_ids; - - for(alg_ids=localAuthPack.supportedCMSTypes; - *alg_ids; - alg_ids++) { - num_types++; - } - *cms_types = kalg_ids = (krb5int_algorithm_id *)calloc(num_types, - sizeof(krb5int_algorithm_id)); - *num_cms_types = num_types; - alg_ids = localAuthPack.supportedCMSTypes; - for(dex=0; dex<num_types; dex++) { - if(alg_ids[dex]->algorithm.Data) { - pkiCssmDataToKrb5Data(&alg_ids[dex]->algorithm, - &kalg_ids[dex].algorithm); - } - if(alg_ids[dex]->parameters.Data) { - pkiCssmDataToKrb5Data(&alg_ids[dex]->parameters, - &kalg_ids[dex].parameters); - } - } - } + if(localAuthPack.supportedCMSTypes == NULL) { + *cms_types = NULL; + *num_cms_types = 0; + } + else { + /* + * Convert NULL-terminated array of CSSM-style algIds to + * krb5int_algorithm_ids. + */ + unsigned dex; + unsigned num_types = 0; + CSSM_X509_ALGORITHM_IDENTIFIER **alg_ids; + krb5int_algorithm_id *kalg_ids; + + for(alg_ids=localAuthPack.supportedCMSTypes; + *alg_ids; + alg_ids++) { + num_types++; + } + *cms_types = kalg_ids = (krb5int_algorithm_id *)calloc(num_types, + sizeof(krb5int_algorithm_id)); + *num_cms_types = num_types; + alg_ids = localAuthPack.supportedCMSTypes; + for(dex=0; dex<num_types; dex++) { + if(alg_ids[dex]->algorithm.Data) { + pkiCssmDataToKrb5Data(&alg_ids[dex]->algorithm, + &kalg_ids[dex].algorithm); + } + if(alg_ids[dex]->parameters.Data) { + pkiCssmDataToKrb5Data(&alg_ids[dex]->parameters, + &kalg_ids[dex].parameters); + } + } + } } ourRtn = 0; errOut: @@ -352,8 +353,8 @@ errOut: * CL in DER-encoded state. */ typedef struct { - CSSM_DATA derIssuer; - CSSM_DATA serialNumber; + CSSM_DATA derIssuer; + CSSM_DATA serialNumber; } KRB5_IssuerAndSerial; static const SecAsn1Template KRB5_IssuerAndSerialTemplate[] = { @@ -364,11 +365,11 @@ static const SecAsn1Template KRB5_IssuerAndSerialTemplate[] = { }; /* - * Given DER-encoded issuer and serial number, create an encoded + * Given DER-encoded issuer and serial number, create an encoded * IssuerAndSerialNumber. */ krb5_error_code krb5int_pkinit_issuer_serial_encode( - const krb5_data *issuer, /* DER encoded */ + const krb5_data *issuer, /* DER encoded */ const krb5_data *serial_num, krb5_data *issuer_and_serial) /* content mallocd and RETURNED */ { @@ -378,14 +379,14 @@ krb5_error_code krb5int_pkinit_issuer_serial_encode( OSStatus ortn; if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } PKI_KRB_TO_CSSM_DATA(issuer, &issuerSerial.derIssuer); PKI_KRB_TO_CSSM_DATA(serial_num, &issuerSerial.serialNumber); ortn = SecAsn1EncodeItem(coder, &issuerSerial, KRB5_IssuerAndSerialTemplate, &ber); if(ortn) { - ortn = ENOMEM; - goto errOut; + ortn = ENOMEM; + goto errOut; } ortn = pkiCssmDataToKrb5Data(&ber, issuer_and_serial); errOut: @@ -398,31 +399,31 @@ errOut: */ krb5_error_code krb5int_pkinit_issuer_serial_decode( const krb5_data *issuer_and_serial, /* DER encoded */ - krb5_data *issuer, /* DER encoded, RETURNED */ - krb5_data *serial_num) /* RETURNED */ + krb5_data *issuer, /* DER encoded, RETURNED */ + krb5_data *serial_num) /* RETURNED */ { KRB5_IssuerAndSerial issuerSerial; SecAsn1CoderRef coder; CSSM_DATA der = {issuer_and_serial->length, (uint8 *)issuer_and_serial->data}; krb5_error_code ourRtn = 0; - + /* Decode --> issuerSerial */ if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } memset(&issuerSerial, 0, sizeof(issuerSerial)); if(SecAsn1DecodeData(coder, &der, KRB5_IssuerAndSerialTemplate, &issuerSerial)) { - ourRtn = ASN1_BAD_FORMAT; - goto errOut; + ourRtn = ASN1_BAD_FORMAT; + goto errOut; } - + /* Convert KRB5_IssuerAndSerial to caller's params */ if((ourRtn = pkiCssmDataToKrb5Data(&issuerSerial.derIssuer, issuer))) { - goto errOut; + goto errOut; } if((ourRtn = pkiCssmDataToKrb5Data(&issuerSerial.serialNumber, serial_num))) { - ourRtn = ENOMEM; - goto errOut; + ourRtn = ENOMEM; + goto errOut; } errOut: @@ -432,29 +433,29 @@ errOut: #pragma mark ----- ExternalPrincipalIdentifier ----- -/* - * Shown here for completeness; this module only implements the - * issuerAndSerialNumber option. +/* + * Shown here for completeness; this module only implements the + * issuerAndSerialNumber option. */ typedef struct { - CSSM_DATA subjectName; /* [0] IMPLICIT OCTET STRING OPTIONAL */ - /* contents = encoded Name */ - CSSM_DATA issuerAndSerialNumber; /* [1] IMPLICIT OCTET STRING OPTIONAL */ - /* contents = encoded Issuer&Serial */ - CSSM_DATA subjectKeyIdentifier; /* [2] IMPLICIT OCTET STRING OPTIONAL */ - /* contents = encoded subjectKeyIdentifier extension */ + CSSM_DATA subjectName; /* [0] IMPLICIT OCTET STRING OPTIONAL */ + /* contents = encoded Name */ + CSSM_DATA issuerAndSerialNumber; /* [1] IMPLICIT OCTET STRING OPTIONAL */ + /* contents = encoded Issuer&Serial */ + CSSM_DATA subjectKeyIdentifier; /* [2] IMPLICIT OCTET STRING OPTIONAL */ + /* contents = encoded subjectKeyIdentifier extension */ } KRB5_ExternalPrincipalIdentifier; static const SecAsn1Template KRB5_ExternalPrincipalIdentifierTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_ExternalPrincipalIdentifier) }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 0, - offsetof(KRB5_ExternalPrincipalIdentifier, subjectName), + offsetof(KRB5_ExternalPrincipalIdentifier, subjectName), kSecAsn1OctetStringTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 1, - offsetof(KRB5_ExternalPrincipalIdentifier, issuerAndSerialNumber), + offsetof(KRB5_ExternalPrincipalIdentifier, issuerAndSerialNumber), kSecAsn1OctetStringTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 2, - offsetof(KRB5_ExternalPrincipalIdentifier, subjectKeyIdentifier), + offsetof(KRB5_ExternalPrincipalIdentifier, subjectKeyIdentifier), kSecAsn1OctetStringTemplate }, { 0 } }; @@ -466,30 +467,30 @@ static const SecAsn1Template KRB5_SequenceOfExternalPrincipalIdentifierTemplate[ #pragma mark ----- PA-PK-AS-REQ ----- /* - * Top-level PA-PK-AS-REQ. All fields except for trusted_CAs are pre-encoded - * before we encode this and are still DER-encoded after we decode. + * Top-level PA-PK-AS-REQ. All fields except for trusted_CAs are pre-encoded + * before we encode this and are still DER-encoded after we decode. * The signedAuthPack and kdcPkId fields are wrapped in OCTET STRINGs - * during encode; we strip off the OCTET STRING wrappers during decode. + * during encode; we strip off the OCTET STRING wrappers during decode. */ typedef struct { - CSSM_DATA signedAuthPack; /* ContentInfo, SignedData */ - /* Content is KRB5_AuthPack */ + CSSM_DATA signedAuthPack; /* ContentInfo, SignedData */ + /* Content is KRB5_AuthPack */ KRB5_ExternalPrincipalIdentifier - **trusted_CAs; /* optional */ - CSSM_DATA kdcPkId; /* optional */ + **trusted_CAs; /* optional */ + CSSM_DATA kdcPkId; /* optional */ } KRB5_PA_PK_AS_REQ; static const SecAsn1Template KRB5_PA_PK_AS_REQTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_PA_PK_AS_REQ) }, { SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(KRB5_PA_PK_AS_REQ, signedAuthPack), + offsetof(KRB5_PA_PK_AS_REQ, signedAuthPack), kSecAsn1OctetStringTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT | 1, - offsetof(KRB5_PA_PK_AS_REQ, trusted_CAs), + offsetof(KRB5_PA_PK_AS_REQ, trusted_CAs), KRB5_SequenceOfExternalPrincipalIdentifierTemplate }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 2, - offsetof(KRB5_PA_PK_AS_REQ, kdcPkId), + offsetof(KRB5_PA_PK_AS_REQ, kdcPkId), kSecAsn1AnyTemplate }, { 0 } }; @@ -499,58 +500,58 @@ static const SecAsn1Template KRB5_PA_PK_AS_REQTemplate[] = { */ krb5_error_code krb5int_pkinit_pa_pk_as_req_encode( const krb5_data *signed_auth_pack, /* DER encoded ContentInfo */ - const krb5_data *trusted_CAs, /* optional: trustedCertifiers. Contents are - * DER-encoded issuer/serialNumbers. */ - krb5_ui_4 num_trusted_CAs, - const krb5_data *kdc_cert, /* optional kdcPkId, DER encoded issuer/serial */ - krb5_data *pa_pk_as_req) /* mallocd and RETURNED */ + const krb5_data *trusted_CAs, /* optional: trustedCertifiers. Contents are + * DER-encoded issuer/serialNumbers. */ + krb5_ui_4 num_trusted_CAs, + const krb5_data *kdc_cert, /* optional kdcPkId, DER encoded issuer/serial */ + krb5_data *pa_pk_as_req) /* mallocd and RETURNED */ { KRB5_PA_PK_AS_REQ req; SecAsn1CoderRef coder; CSSM_DATA ber = {0, NULL}; OSStatus ortn; unsigned dex; - + assert(signed_auth_pack != NULL); assert(pa_pk_as_req != NULL); if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } - + /* krb5_data ==> CSSM format */ - + memset(&req, 0, sizeof(req)); PKI_KRB_TO_CSSM_DATA(signed_auth_pack, &req.signedAuthPack); if(num_trusted_CAs) { - /* - * Set up a NULL-terminated array of KRB5_ExternalPrincipalIdentifier - * pointers. We malloc the actual KRB5_ExternalPrincipalIdentifiers as - * a contiguous array; it's in temp SecAsn1CoderRef memory. The referents - * are just dropped in from the caller's krb5_datas. - */ - KRB5_ExternalPrincipalIdentifier *cas = - (KRB5_ExternalPrincipalIdentifier *)SecAsn1Malloc(coder, - num_trusted_CAs * sizeof(KRB5_ExternalPrincipalIdentifier)); - req.trusted_CAs = - (KRB5_ExternalPrincipalIdentifier **) - pkiNssNullArray(num_trusted_CAs, coder); - for(dex=0; dex<num_trusted_CAs; dex++) { - req.trusted_CAs[dex] = &cas[dex]; - memset(&cas[dex], 0, sizeof(KRB5_ExternalPrincipalIdentifier)); - PKI_KRB_TO_CSSM_DATA(&trusted_CAs[dex], - &cas[dex].issuerAndSerialNumber); - } + /* + * Set up a NULL-terminated array of KRB5_ExternalPrincipalIdentifier + * pointers. We malloc the actual KRB5_ExternalPrincipalIdentifiers as + * a contiguous array; it's in temp SecAsn1CoderRef memory. The referents + * are just dropped in from the caller's krb5_datas. + */ + KRB5_ExternalPrincipalIdentifier *cas = + (KRB5_ExternalPrincipalIdentifier *)SecAsn1Malloc(coder, + num_trusted_CAs * sizeof(KRB5_ExternalPrincipalIdentifier)); + req.trusted_CAs = + (KRB5_ExternalPrincipalIdentifier **) + pkiNssNullArray(num_trusted_CAs, coder); + for(dex=0; dex<num_trusted_CAs; dex++) { + req.trusted_CAs[dex] = &cas[dex]; + memset(&cas[dex], 0, sizeof(KRB5_ExternalPrincipalIdentifier)); + PKI_KRB_TO_CSSM_DATA(&trusted_CAs[dex], + &cas[dex].issuerAndSerialNumber); + } } if(kdc_cert) { - PKI_KRB_TO_CSSM_DATA(kdc_cert, &req.kdcPkId); + PKI_KRB_TO_CSSM_DATA(kdc_cert, &req.kdcPkId); } - + /* encode */ ortn = SecAsn1EncodeItem(coder, &req, KRB5_PA_PK_AS_REQTemplate, &ber); if(ortn) { - ortn = ENOMEM; - goto errOut; + ortn = ENOMEM; + goto errOut; } ortn = pkiCssmDataToKrb5Data(&ber, pa_pk_as_req); @@ -558,102 +559,102 @@ errOut: SecAsn1CoderRelease(coder); return ortn; } - + /* * Top-level decode for PA-PK-AS-REQ. */ krb5_error_code krb5int_pkinit_pa_pk_as_req_decode( const krb5_data *pa_pk_as_req, - krb5_data *signed_auth_pack, /* DER encoded ContentInfo, RETURNED */ - /* - * Remainder are optionally RETURNED (specify NULL for pointers to + krb5_data *signed_auth_pack, /* DER encoded ContentInfo, RETURNED */ + /* + * Remainder are optionally RETURNED (specify NULL for pointers to * items you're not interested in). */ krb5_ui_4 *num_trusted_CAs, /* sizeof trusted_CAs */ - krb5_data **trusted_CAs, /* mallocd array of DER-encoded TrustedCAs issuer/serial */ - krb5_data *kdc_cert) /* DER encoded issuer/serial */ + krb5_data **trusted_CAs, /* mallocd array of DER-encoded TrustedCAs issuer/serial */ + krb5_data *kdc_cert) /* DER encoded issuer/serial */ { KRB5_PA_PK_AS_REQ asReq; SecAsn1CoderRef coder; CSSM_DATA der; krb5_error_code ourRtn = 0; - + assert(pa_pk_as_req != NULL); - + /* Decode --> KRB5_PA_PK_AS_REQ */ if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } PKI_KRB_TO_CSSM_DATA(pa_pk_as_req, &der); memset(&asReq, 0, sizeof(asReq)); if(SecAsn1DecodeData(coder, &der, KRB5_PA_PK_AS_REQTemplate, &asReq)) { - ourRtn = ASN1_BAD_FORMAT; - goto errOut; + ourRtn = ASN1_BAD_FORMAT; + goto errOut; } /* Convert decoded results to caller's args; each is optional */ if(signed_auth_pack != NULL) { - if((ourRtn = pkiCssmDataToKrb5Data(&asReq.signedAuthPack, signed_auth_pack))) { - goto errOut; - } + if((ourRtn = pkiCssmDataToKrb5Data(&asReq.signedAuthPack, signed_auth_pack))) { + goto errOut; + } } if(asReq.trusted_CAs && (trusted_CAs != NULL)) { - /* NULL-terminated array of CSSM_DATA ptrs */ - unsigned numCas = pkiNssArraySize((const void **)asReq.trusted_CAs); - unsigned dex; - krb5_data *kdcCas; - - kdcCas = (krb5_data *)malloc(sizeof(krb5_data) * numCas); - if(kdcCas == NULL) { - ourRtn = ENOMEM; - goto errOut; - } - for(dex=0; dex<numCas; dex++) { - KRB5_ExternalPrincipalIdentifier *epi = asReq.trusted_CAs[dex]; - if(epi->issuerAndSerialNumber.Data) { - /* the only variant we support */ - pkiCssmDataToKrb5Data(&epi->issuerAndSerialNumber, &kdcCas[dex]); - } - } - *trusted_CAs = kdcCas; - *num_trusted_CAs = numCas; + /* NULL-terminated array of CSSM_DATA ptrs */ + unsigned numCas = pkiNssArraySize((const void **)asReq.trusted_CAs); + unsigned dex; + krb5_data *kdcCas; + + kdcCas = (krb5_data *)malloc(sizeof(krb5_data) * numCas); + if(kdcCas == NULL) { + ourRtn = ENOMEM; + goto errOut; + } + for(dex=0; dex<numCas; dex++) { + KRB5_ExternalPrincipalIdentifier *epi = asReq.trusted_CAs[dex]; + if(epi->issuerAndSerialNumber.Data) { + /* the only variant we support */ + pkiCssmDataToKrb5Data(&epi->issuerAndSerialNumber, &kdcCas[dex]); + } + } + *trusted_CAs = kdcCas; + *num_trusted_CAs = numCas; } if(asReq.kdcPkId.Data && kdc_cert) { - if((ourRtn = pkiCssmDataToKrb5Data(&asReq.kdcPkId, kdc_cert))) { - goto errOut; - } + if((ourRtn = pkiCssmDataToKrb5Data(&asReq.kdcPkId, kdc_cert))) { + goto errOut; + } } errOut: SecAsn1CoderRelease(coder); - return ourRtn; + return ourRtn; } #pragma mark ====== begin PA-PK-AS-REP components ====== typedef struct { CSSM_DATA subjectPublicKey; /* BIT STRING */ - CSSM_DATA nonce; /* from KRB5_PKAuthenticator.nonce */ - CSSM_DATA *expiration; /* optional UTC time */ + CSSM_DATA nonce; /* from KRB5_PKAuthenticator.nonce */ + CSSM_DATA *expiration; /* optional UTC time */ } KRB5_KDC_DHKeyInfo; typedef struct { - CSSM_DATA keyType; - CSSM_DATA keyValue; + CSSM_DATA keyType; + CSSM_DATA keyValue; } KRB5_EncryptionKey; static const SecAsn1Template KRB5_EncryptionKeyTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_EncryptionKey) }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0, - offsetof(KRB5_EncryptionKey, keyType), + offsetof(KRB5_EncryptionKey, keyType), kSecAsn1IntegerTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 1, - offsetof(KRB5_EncryptionKey, keyValue), + offsetof(KRB5_EncryptionKey, keyValue), kSecAsn1OctetStringTemplate }, { 0 } }; #pragma mark ----- Checksum ----- - + typedef struct { CSSM_DATA checksumType; CSSM_DATA checksum; @@ -662,37 +663,37 @@ typedef struct { static const SecAsn1Template KRB5_ChecksumTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_Checksum) }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0, - offsetof(KRB5_Checksum,checksumType), + offsetof(KRB5_Checksum,checksumType), kSecAsn1IntegerTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 1, - offsetof(KRB5_Checksum,checksum), + offsetof(KRB5_Checksum,checksum), kSecAsn1OctetStringTemplate }, { 0 } }; typedef struct { KRB5_EncryptionKey encryptionKey; - KRB5_Checksum asChecksum; + KRB5_Checksum asChecksum; } KRB5_ReplyKeyPack; static const SecAsn1Template KRB5_ReplyKeyPackTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_ReplyKeyPack) }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0, - offsetof(KRB5_ReplyKeyPack, encryptionKey), + offsetof(KRB5_ReplyKeyPack, encryptionKey), KRB5_EncryptionKeyTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 1, - offsetof(KRB5_ReplyKeyPack,asChecksum), + offsetof(KRB5_ReplyKeyPack,asChecksum), KRB5_ChecksumTemplate }, { 0 } }; -/* +/* * Encode a ReplyKeyPack. The result is used as the Content of a SignedData. */ krb5_error_code krb5int_pkinit_reply_key_pack_encode( const krb5_keyblock *key_block, const krb5_checksum *checksum, - krb5_data *reply_key_pack) /* mallocd and RETURNED */ + krb5_data *reply_key_pack) /* mallocd and RETURNED */ { KRB5_ReplyKeyPack repKeyPack; SecAsn1CoderRef coder; @@ -701,28 +702,28 @@ krb5_error_code krb5int_pkinit_reply_key_pack_encode( OSStatus ortn; KRB5_EncryptionKey *encryptKey = &repKeyPack.encryptionKey; KRB5_Checksum *cksum = &repKeyPack.asChecksum; - + if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } memset(&repKeyPack, 0, sizeof(repKeyPack)); - + if((ourRtn = pkiIntToData(key_block->enctype, &encryptKey->keyType, coder))) { - goto errOut; + goto errOut; } encryptKey->keyValue.Length = key_block->length, - encryptKey->keyValue.Data = (uint8 *)key_block->contents; - + encryptKey->keyValue.Data = (uint8 *)key_block->contents; + if((ourRtn = pkiIntToData(checksum->checksum_type, &cksum->checksumType, coder))) { - goto errOut; + goto errOut; } cksum->checksum.Data = (uint8 *)checksum->contents; cksum->checksum.Length = checksum->length; ortn = SecAsn1EncodeItem(coder, &repKeyPack, KRB5_ReplyKeyPackTemplate, &der); if(ortn) { - ourRtn = ENOMEM; - goto errOut; + ourRtn = ENOMEM; + goto errOut; } ourRtn = pkiCssmDataToKrb5Data(&der, reply_key_pack); errOut: @@ -730,13 +731,13 @@ errOut: return ourRtn; } -/* +/* * Decode a ReplyKeyPack. */ krb5_error_code krb5int_pkinit_reply_key_pack_decode( - const krb5_data *reply_key_pack, + const krb5_data *reply_key_pack, krb5_keyblock *key_block, /* RETURNED */ - krb5_checksum *checksum) /* contents mallocd and RETURNED */ + krb5_checksum *checksum) /* contents mallocd and RETURNED */ { KRB5_ReplyKeyPack repKeyPack; SecAsn1CoderRef coder; @@ -745,33 +746,33 @@ krb5_error_code krb5int_pkinit_reply_key_pack_decode( CSSM_DATA der = {reply_key_pack->length, (uint8 *)reply_key_pack->data}; krb5_data tmpData; KRB5_Checksum *cksum = &repKeyPack.asChecksum; - + /* Decode --> KRB5_ReplyKeyPack */ if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } memset(&repKeyPack, 0, sizeof(repKeyPack)); if(SecAsn1DecodeData(coder, &der, KRB5_ReplyKeyPackTemplate, &repKeyPack)) { - ourRtn = ASN1_BAD_FORMAT; - goto errOut; + ourRtn = ASN1_BAD_FORMAT; + goto errOut; } - + if((ourRtn = pkiDataToInt(&encryptKey->keyType, (krb5_int32 *)&key_block->enctype))) { - goto errOut; + goto errOut; } if((ourRtn = pkiCssmDataToKrb5Data(&encryptKey->keyValue, &tmpData))) { - goto errOut; + goto errOut; } key_block->contents = (krb5_octet *)tmpData.data; key_block->length = tmpData.length; - + if((ourRtn = pkiDataToInt(&cksum->checksumType, &checksum->checksum_type))) { - goto errOut; + goto errOut; } checksum->contents = (krb5_octet *)malloc(cksum->checksum.Length); if(checksum->contents == NULL) { - ourRtn = ENOMEM; - goto errOut; + ourRtn = ENOMEM; + goto errOut; } checksum->length = cksum->checksum.Length; memmove(checksum->contents, cksum->checksum.Data, checksum->length); @@ -788,58 +789,58 @@ errOut: * Top-level PA-PK-AS-REP. Exactly one of the optional fields must be present. */ typedef struct { - CSSM_DATA *dhSignedData; /* ContentInfo, SignedData */ - /* Content is KRB5_KDC_DHKeyInfo */ - CSSM_DATA *encKeyPack; /* ContentInfo, SignedData */ - /* Content is ReplyKeyPack */ + CSSM_DATA *dhSignedData; /* ContentInfo, SignedData */ + /* Content is KRB5_KDC_DHKeyInfo */ + CSSM_DATA *encKeyPack; /* ContentInfo, SignedData */ + /* Content is ReplyKeyPack */ } KRB5_PA_PK_AS_REP; - + static const SecAsn1Template KRB5_PA_PK_AS_REPTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_PA_PK_AS_REP) }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | 0, - offsetof(KRB5_PA_PK_AS_REP, dhSignedData), + offsetof(KRB5_PA_PK_AS_REP, dhSignedData), kSecAsn1PointerToAnyTemplate }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | 1, - offsetof(KRB5_PA_PK_AS_REP, encKeyPack), + offsetof(KRB5_PA_PK_AS_REP, encKeyPack), kSecAsn1PointerToAnyTemplate }, { 0 } }; -/* +/* * Encode a KRB5_PA_PK_AS_REP. */ krb5_error_code krb5int_pkinit_pa_pk_as_rep_encode( - const krb5_data *dh_signed_data, - const krb5_data *enc_key_pack, + const krb5_data *dh_signed_data, + const krb5_data *enc_key_pack, krb5_data *pa_pk_as_rep) /* mallocd and RETURNED */ { KRB5_PA_PK_AS_REP asRep; SecAsn1CoderRef coder; krb5_error_code ourRtn = 0; - CSSM_DATA der = {0, NULL}; - OSStatus ortn; - CSSM_DATA dhSignedData; - CSSM_DATA encKeyPack; - + CSSM_DATA der = {0, NULL}; + OSStatus ortn; + CSSM_DATA dhSignedData; + CSSM_DATA encKeyPack; + if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } memset(&asRep, 0, sizeof(asRep)); if(dh_signed_data) { - PKI_KRB_TO_CSSM_DATA(dh_signed_data, &dhSignedData); - asRep.dhSignedData = &dhSignedData; + PKI_KRB_TO_CSSM_DATA(dh_signed_data, &dhSignedData); + asRep.dhSignedData = &dhSignedData; } if(enc_key_pack) { - PKI_KRB_TO_CSSM_DATA(enc_key_pack, &encKeyPack); - asRep.encKeyPack = &encKeyPack; + PKI_KRB_TO_CSSM_DATA(enc_key_pack, &encKeyPack); + asRep.encKeyPack = &encKeyPack; } ortn = SecAsn1EncodeItem(coder, &asRep, KRB5_PA_PK_AS_REPTemplate, &der); if(ortn) { - ourRtn = ENOMEM; - goto errOut; + ourRtn = ENOMEM; + goto errOut; } ourRtn = pkiCssmDataToKrb5Data(&der, pa_pk_as_rep); @@ -848,38 +849,38 @@ errOut: return ourRtn; } -/* +/* * Decode a KRB5_PA_PK_AS_REP. */ krb5_error_code krb5int_pkinit_pa_pk_as_rep_decode( const krb5_data *pa_pk_as_rep, - krb5_data *dh_signed_data, + krb5_data *dh_signed_data, krb5_data *enc_key_pack) { KRB5_PA_PK_AS_REP asRep; SecAsn1CoderRef coder; CSSM_DATA der = {pa_pk_as_rep->length, (uint8 *)pa_pk_as_rep->data}; krb5_error_code ourRtn = 0; - + /* Decode --> KRB5_PA_PK_AS_REP */ if(SecAsn1CoderCreate(&coder)) { - return ENOMEM; + return ENOMEM; } memset(&asRep, 0, sizeof(asRep)); if(SecAsn1DecodeData(coder, &der, KRB5_PA_PK_AS_REPTemplate, &asRep)) { - ourRtn = ASN1_BAD_FORMAT; - goto errOut; + ourRtn = ASN1_BAD_FORMAT; + goto errOut; } - + if(asRep.dhSignedData) { - if((ourRtn = pkiCssmDataToKrb5Data(asRep.dhSignedData, dh_signed_data))) { - goto errOut; - } + if((ourRtn = pkiCssmDataToKrb5Data(asRep.dhSignedData, dh_signed_data))) { + goto errOut; + } } if(asRep.encKeyPack) { - ourRtn = pkiCssmDataToKrb5Data(asRep.encKeyPack, enc_key_pack); + ourRtn = pkiCssmDataToKrb5Data(asRep.encKeyPack, enc_key_pack); } - + errOut: SecAsn1CoderRelease(coder); return ourRtn; @@ -904,51 +905,51 @@ krb5_error_code krb5int_pkinit_get_issuer_serial( krb5_data krb_issuer; uint32 numFields; krb5_error_code ourRtn = 0; - + CSSM_CL_HANDLE clHand = pkiClStartup(); if(clHand == 0) { - return CSSMERR_CSSM_ADDIN_LOAD_FAILED; + return CSSMERR_CSSM_ADDIN_LOAD_FAILED; } /* subsequent errors to errOut: */ - + crtn = CSSM_CL_CertCache(clHand, &certData, &cacheHand); if(crtn) { - pkiCssmErr("CSSM_CL_CertCache", crtn); - ourRtn = ASN1_PARSE_ERROR; - goto errOut; + pkiCssmErr("CSSM_CL_CertCache", crtn); + ourRtn = ASN1_PARSE_ERROR; + goto errOut; } - + /* obtain the two fields; issuer is DER encoded */ crtn = CSSM_CL_CertGetFirstCachedFieldValue(clHand, cacheHand, - &CSSMOID_X509V1IssuerNameStd, &resultHand, &numFields, &derIssuer); + &CSSMOID_X509V1IssuerNameStd, &resultHand, &numFields, &derIssuer); if(crtn) { - pkiCssmErr("CSSM_CL_CertGetFirstCachedFieldValue(issuer)", crtn); - ourRtn = ASN1_PARSE_ERROR; - goto errOut; + pkiCssmErr("CSSM_CL_CertGetFirstCachedFieldValue(issuer)", crtn); + ourRtn = ASN1_PARSE_ERROR; + goto errOut; } crtn = CSSM_CL_CertGetFirstCachedFieldValue(clHand, cacheHand, - &CSSMOID_X509V1SerialNumber, &resultHand, &numFields, &serial); + &CSSMOID_X509V1SerialNumber, &resultHand, &numFields, &serial); if(crtn) { - pkiCssmErr("CSSM_CL_CertGetFirstCachedFieldValue(serial)", crtn); - ourRtn = ASN1_PARSE_ERROR; - goto errOut; + pkiCssmErr("CSSM_CL_CertGetFirstCachedFieldValue(serial)", crtn); + ourRtn = ASN1_PARSE_ERROR; + goto errOut; } PKI_CSSM_TO_KRB_DATA(derIssuer, &krb_issuer); PKI_CSSM_TO_KRB_DATA(serial, &krb_serial); ourRtn = krb5int_pkinit_issuer_serial_encode(&krb_issuer, &krb_serial, issuer_and_serial); - + errOut: if(derIssuer) { - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1IssuerNameStd, derIssuer); + CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1IssuerNameStd, derIssuer); } if(serial) { - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SerialNumber, serial); + CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SerialNumber, serial); } if(cacheHand) { - CSSM_CL_CertAbortCache(clHand, cacheHand); + CSSM_CL_CertAbortCache(clHand, cacheHand); } if(clHand) { - pkiClDetachUnload(clHand); + pkiClDetachUnload(clHand); } return ourRtn; } diff --git a/src/lib/krb5/krb/pkinit_apple_cert_store.c b/src/lib/krb5/krb/pkinit_apple_cert_store.c index 449f1cc..2bcbd44 100644 --- a/src/lib/krb5/krb/pkinit_apple_cert_store.c +++ b/src/lib/krb5/krb/pkinit_apple_cert_store.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -24,12 +25,12 @@ */ /* - * pkinit_apple_cert_store.c - PKINIT certificate storage/retrieval utilities, - * MAC OS X version + * pkinit_apple_cert_store.c - PKINIT certificate storage/retrieval utilities, + * MAC OS X version * * Created 26 May 2004 by Doug Mitchell at Apple. */ - + #if APPLE_PKINIT #include "pkinit_cert_store.h" @@ -49,24 +50,24 @@ * key = kPkinitClientCertKey * appID = kPkinitClientCertApp * username = kCFPreferencesCurrentUser - * hostname = kCFPreferencesAnyHost + * hostname = kCFPreferencesAnyHost * * The stored property list is a CFDictionary. Keys in the dictionary are - * principal names (e.g. foobar@REALM.LOCAL). + * principal names (e.g. foobar@REALM.LOCAL). * * Values in the dictionary are raw data containing the DER-encoded issuer and - * serial number of the certificate. + * serial number of the certificate. * * When obtaining a PKINIT cert, if an entry in the CFDictionary for the specified * principal is not found, the entry for the default will be used if it's there. */ -/* - * NOTE: ANSI C code requires an Apple-Custom -fconstant-cfstrings CFLAGS to - * use CFSTR in a const declaration so we just declare the C strings here. +/* + * NOTE: ANSI C code requires an Apple-Custom -fconstant-cfstrings CFLAGS to + * use CFSTR in a const declaration so we just declare the C strings here. */ -#define kPkinitClientCertKey "KRBClientCert" -#define kPkinitClientCertApp "edu.mit.Kerberos.pkinit" +#define kPkinitClientCertKey "KRBClientCert" +#define kPkinitClientCertApp "edu.mit.Kerberos.pkinit" /* * KDC cert stored in this keychain. It's linked to systemkeychain so that if @@ -74,43 +75,43 @@ */ #define KDC_KEYCHAIN "/var/db/krb5kdc/kdc.keychain" -/* +/* * Given a certificate, obtain the DER-encoded issuer and serial number. Result - * is mallocd and must be freed by caller. + * is mallocd and must be freed by caller. */ static OSStatus pkinit_get_cert_issuer_sn( - SecCertificateRef certRef, - CSSM_DATA *issuerSerial) /* mallocd and RETURNED */ + SecCertificateRef certRef, + CSSM_DATA *issuerSerial) /* mallocd and RETURNED */ { OSStatus ortn; CSSM_DATA certData; krb5_data INIT_KDATA(issuerSerialKrb); krb5_data certDataKrb; krb5_error_code krtn; - + assert(certRef != NULL); assert(issuerSerial != NULL); - + ortn = SecCertificateGetData(certRef, &certData); if(ortn) { - pkiCssmErr("SecCertificateGetData", ortn); - return ortn; + pkiCssmErr("SecCertificateGetData", ortn); + return ortn; } PKI_CSSM_TO_KRB_DATA(&certData, &certDataKrb); krtn = krb5int_pkinit_get_issuer_serial(&certDataKrb, &issuerSerialKrb); if(krtn) { - return CSSMERR_CL_INVALID_DATA; + return CSSMERR_CL_INVALID_DATA; } PKI_KRB_TO_CSSM_DATA(&issuerSerialKrb, issuerSerial); return noErr; } -/* +/* * Determine if specified identity's cert's issuer and serial number match the * provided issuer and serial number. Returns nonzero on match, else returns zero. */ static int pkinit_issuer_sn_match( - SecIdentityRef idRef, + SecIdentityRef idRef, const CSSM_DATA *matchIssuerSerial) { OSStatus ortn; @@ -120,87 +121,87 @@ static int pkinit_issuer_sn_match( assert(idRef != NULL); assert(matchIssuerSerial != NULL); - + /* Get this cert's issuer/serial number */ ortn = SecIdentityCopyCertificate(idRef, &certRef); if(ortn) { - pkiCssmErr("SecIdentityCopyCertificate", ortn); - return 0; + pkiCssmErr("SecIdentityCopyCertificate", ortn); + return 0; } /* subsequent errors to errOut: */ ortn = pkinit_get_cert_issuer_sn(certRef, &certIssuerSerial); if(ortn) { - pkiCssmErr("SecIdentityCopyCertificate", ortn); - goto errOut; + pkiCssmErr("SecIdentityCopyCertificate", ortn); + goto errOut; } ourRtn = pkiCompareCssmData(matchIssuerSerial, &certIssuerSerial) ? 1 : 0; errOut: if(certRef != NULL) { - CFRelease(certRef); + CFRelease(certRef); } if(certIssuerSerial.Data != NULL) { - free(certIssuerSerial.Data); + free(certIssuerSerial.Data); } return ourRtn; } /* * Search specified keychain/array/NULL (NULL meaning the default search list) for - * an Identity matching specified key usage and optional Issuer/Serial number. + * an Identity matching specified key usage and optional Issuer/Serial number. * If issuer/serial is specified and no identities match, or if no identities found * matching specified Key usage, errSecItemNotFound is returned. * - * Caller must CFRelease a non-NULL returned idRef. + * Caller must CFRelease a non-NULL returned idRef. */ static OSStatus pkinit_search_ident( - CFTypeRef keychainOrArray, - CSSM_KEYUSE keyUsage, + CFTypeRef keychainOrArray, + CSSM_KEYUSE keyUsage, const CSSM_DATA *issuerSerial, /* optional */ - SecIdentityRef *foundId) /* RETURNED */ + SecIdentityRef *foundId) /* RETURNED */ { OSStatus ortn; SecIdentityRef idRef = NULL; SecIdentitySearchRef srchRef = NULL; - + ortn = SecIdentitySearchCreate(keychainOrArray, keyUsage, &srchRef); if(ortn) { - pkiCssmErr("SecIdentitySearchCreate", ortn); - return ortn; + pkiCssmErr("SecIdentitySearchCreate", ortn); + return ortn; } do { - ortn = SecIdentitySearchCopyNext(srchRef, &idRef); - if(ortn != noErr) { - break; - } - if(issuerSerial == NULL) { - /* no match needed, we're done - this is the KDC cert case */ - break; - } - else if(pkinit_issuer_sn_match(idRef, issuerSerial)) { - /* match, we're done */ - break; - } - /* finished with this one */ - CFRelease(idRef); - idRef = NULL; + ortn = SecIdentitySearchCopyNext(srchRef, &idRef); + if(ortn != noErr) { + break; + } + if(issuerSerial == NULL) { + /* no match needed, we're done - this is the KDC cert case */ + break; + } + else if(pkinit_issuer_sn_match(idRef, issuerSerial)) { + /* match, we're done */ + break; + } + /* finished with this one */ + CFRelease(idRef); + idRef = NULL; } while(ortn == noErr); - + CFRelease(srchRef); if(idRef == NULL) { - return errSecItemNotFound; + return errSecItemNotFound; } else { - *foundId = idRef; - return noErr; + *foundId = idRef; + return noErr; } } /* - * In Mac OS terms, get the keychain on which a given identity resides. + * In Mac OS terms, get the keychain on which a given identity resides. */ static krb5_error_code pkinit_cert_to_db( krb5_pkinit_signing_cert_t idRef, - krb5_pkinit_cert_db_t *dbRef) + krb5_pkinit_cert_db_t *dbRef) { SecKeychainRef kcRef = NULL; SecKeyRef keyRef = NULL; @@ -209,38 +210,38 @@ static krb5_error_code pkinit_cert_to_db( /* that's an identity - get the associated key's keychain */ ortn = SecIdentityCopyPrivateKey((SecIdentityRef)idRef, &keyRef); if(ortn) { - pkiCssmErr("SecIdentityCopyPrivateKey", ortn); - return ortn; + pkiCssmErr("SecIdentityCopyPrivateKey", ortn); + return ortn; } ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef); if(ortn) { - pkiCssmErr("SecKeychainItemCopyKeychain", ortn); + pkiCssmErr("SecKeychainItemCopyKeychain", ortn); } else { - *dbRef = (krb5_pkinit_cert_db_t)kcRef; + *dbRef = (krb5_pkinit_cert_db_t)kcRef; } CFRelease(keyRef); return ortn; } -/* - * Obtain the CFDictionary representing this user's PKINIT client cert prefs, if it - * exists. Returns noErr or errSecItemNotFound as appropriate. +/* + * Obtain the CFDictionary representing this user's PKINIT client cert prefs, if it + * exists. Returns noErr or errSecItemNotFound as appropriate. */ static OSStatus pkinit_get_pref_dict( CFDictionaryRef *dict) { CFDictionaryRef theDict; theDict = (CFDictionaryRef)CFPreferencesCopyValue(CFSTR(kPkinitClientCertKey), - CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, kCFPreferencesAnyHost); if(theDict == NULL) { - pkiDebug("pkinit_get_pref_dict: no kPkinitClientCertKey\n"); - return errSecItemNotFound; + pkiDebug("pkinit_get_pref_dict: no kPkinitClientCertKey\n"); + return errSecItemNotFound; } if(CFGetTypeID(theDict) != CFDictionaryGetTypeID()) { - pkiDebug("pkinit_get_pref_dict: bad kPkinitClientCertKey pref\n"); - CFRelease(theDict); - return errSecItemNotFound; + pkiDebug("pkinit_get_pref_dict: bad kPkinitClientCertKey pref\n"); + CFRelease(theDict); + return errSecItemNotFound; } *dict = theDict; return noErr; @@ -249,12 +250,12 @@ static OSStatus pkinit_get_pref_dict( #pragma mark --- Public client side functions --- /* - * Obtain signing cert for specified principal. On successful return, + * Obtain signing cert for specified principal. On successful return, * caller must eventually release the cert with krb5_pkinit_release_cert(). */ krb5_error_code krb5_pkinit_get_client_cert( - const char *principal, /* full principal string */ - krb5_pkinit_signing_cert_t *client_cert) + const char *principal, /* full principal string */ + krb5_pkinit_signing_cert_t *client_cert) { CFDataRef issuerSerial = NULL; CSSM_DATA issuerSerialData; @@ -263,74 +264,74 @@ krb5_error_code krb5_pkinit_get_client_cert( CFDictionaryRef theDict = NULL; CFStringRef cfPrinc = NULL; krb5_error_code ourRtn = 0; - + if(principal == NULL) { - return KRB5_PRINC_NOMATCH; + return KRB5_PRINC_NOMATCH; } - + /* Is there a stored preference for PKINIT certs for this user? */ ortn = pkinit_get_pref_dict(&theDict); if(ortn) { - return KRB5_PRINC_NOMATCH; + return KRB5_PRINC_NOMATCH; } - + /* Entry in the dictionary for specified principal? */ - cfPrinc = CFStringCreateWithCString(NULL, principal, + cfPrinc = CFStringCreateWithCString(NULL, principal, kCFStringEncodingASCII); issuerSerial = (CFDataRef)CFDictionaryGetValue(theDict, cfPrinc); CFRelease(cfPrinc); if(issuerSerial == NULL) { - pkiDebug("krb5_pkinit_get_client_cert: no identity found\n"); - ourRtn = KRB5_PRINC_NOMATCH; - goto errOut; + pkiDebug("krb5_pkinit_get_client_cert: no identity found\n"); + ourRtn = KRB5_PRINC_NOMATCH; + goto errOut; } if(CFGetTypeID(issuerSerial) != CFDataGetTypeID()) { - pkiDebug("krb5_pkinit_get_client_cert: bad kPkinitClientCertKey value\n"); - ourRtn = KRB5_PRINC_NOMATCH; - goto errOut; + pkiDebug("krb5_pkinit_get_client_cert: bad kPkinitClientCertKey value\n"); + ourRtn = KRB5_PRINC_NOMATCH; + goto errOut; } - + issuerSerialData.Data = (uint8 *)CFDataGetBytePtr(issuerSerial); issuerSerialData.Length = CFDataGetLength(issuerSerial); - + /* find a cert with that issuer/serial number in default search list */ - ortn = pkinit_search_ident(NULL, CSSM_KEYUSE_SIGN | CSSM_KEYUSE_ENCRYPT, - &issuerSerialData, &idRef); + ortn = pkinit_search_ident(NULL, CSSM_KEYUSE_SIGN | CSSM_KEYUSE_ENCRYPT, + &issuerSerialData, &idRef); if(ortn) { - pkiDebug("krb5_pkinit_get_client_cert: no identity found!\n"); - pkiCssmErr("pkinit_search_ident", ortn); - ourRtn = KRB5_PRINC_NOMATCH; + pkiDebug("krb5_pkinit_get_client_cert: no identity found!\n"); + pkiCssmErr("pkinit_search_ident", ortn); + ourRtn = KRB5_PRINC_NOMATCH; } else { - *client_cert = (krb5_pkinit_signing_cert_t)idRef; + *client_cert = (krb5_pkinit_signing_cert_t)idRef; } errOut: if(theDict) { - CFRelease(theDict); + CFRelease(theDict); } return ourRtn; } -/* +/* * Determine if the specified client has a signing cert. Returns TRUE * if so, else returns FALSE. */ krb5_boolean krb5_pkinit_have_client_cert( - const char *principal) /* full principal string */ + const char *principal) /* full principal string */ { krb5_pkinit_signing_cert_t signing_cert = NULL; krb5_error_code krtn; - + krtn = krb5_pkinit_get_client_cert(principal, &signing_cert); if(krtn) { - return FALSE; + return FALSE; } if(signing_cert != NULL) { - krb5_pkinit_release_cert(signing_cert); - return TRUE; + krb5_pkinit_release_cert(signing_cert); + return TRUE; } else { - return FALSE; + return FALSE; } } @@ -341,8 +342,8 @@ krb5_boolean krb5_pkinit_have_client_cert( * in the cert storage. */ krb5_error_code krb5_pkinit_set_client_cert_from_signing_cert( - const char *principal, /* full principal string */ - krb5_pkinit_signing_cert_t client_cert) + const char *principal, /* full principal string */ + krb5_pkinit_signing_cert_t client_cert) { SecIdentityRef idRef = (SecIdentityRef)client_cert; SecCertificateRef certRef = NULL; @@ -350,22 +351,22 @@ krb5_error_code krb5_pkinit_set_client_cert_from_signing_cert( krb5_error_code ourRtn = 0; if (NULL != idRef) { - if (CFGetTypeID(idRef) != SecIdentityGetTypeID()) { - ourRtn = KRB5KRB_ERR_GENERIC; - goto fin; - } - /* Get the cert */ - ortn = SecIdentityCopyCertificate(idRef, &certRef); - if (ortn) { - pkiCssmErr("SecIdentityCopyCertificate", ortn); - ourRtn = KRB5KRB_ERR_GENERIC; - goto fin; - } + if (CFGetTypeID(idRef) != SecIdentityGetTypeID()) { + ourRtn = KRB5KRB_ERR_GENERIC; + goto fin; + } + /* Get the cert */ + ortn = SecIdentityCopyCertificate(idRef, &certRef); + if (ortn) { + pkiCssmErr("SecIdentityCopyCertificate", ortn); + ourRtn = KRB5KRB_ERR_GENERIC; + goto fin; + } } ourRtn = krb5_pkinit_set_client_cert(principal, (krb5_pkinit_cert_t)certRef); fin: if (certRef) - CFRelease(certRef); + CFRelease(certRef); return ourRtn; } @@ -377,8 +378,8 @@ fin: * in the cert storage. */ krb5_error_code krb5_pkinit_set_client_cert( - const char *principal, /* full principal string */ - krb5_pkinit_cert_t client_cert) + const char *principal, /* full principal string */ + krb5_pkinit_cert_t client_cert) { SecCertificateRef certRef = (SecCertificateRef)client_cert; OSStatus ortn; @@ -388,108 +389,108 @@ krb5_error_code krb5_pkinit_set_client_cert( CFMutableDictionaryRef newDict = NULL; CFStringRef keyStr = NULL; krb5_error_code ourRtn = 0; - + if(certRef != NULL) { - if(CFGetTypeID(certRef) != SecCertificateGetTypeID()) { - return KRB5KRB_ERR_GENERIC; - } - - /* Cook up DER-encoded issuer/serial number */ - ortn = pkinit_get_cert_issuer_sn(certRef, &issuerSerial); - if(ortn) { - ourRtn = KRB5KRB_ERR_GENERIC; - goto errOut; - } - } - - /* + if(CFGetTypeID(certRef) != SecCertificateGetTypeID()) { + return KRB5KRB_ERR_GENERIC; + } + + /* Cook up DER-encoded issuer/serial number */ + ortn = pkinit_get_cert_issuer_sn(certRef, &issuerSerial); + if(ortn) { + ourRtn = KRB5KRB_ERR_GENERIC; + goto errOut; + } + } + + /* * Obtain the existing pref for kPkinitClientCertKey as a CFDictionary, or - * cook up a new one. + * cook up a new one. */ ortn = pkinit_get_pref_dict(&existDict); if(ortn == noErr) { - /* dup to a mutable dictionary */ - newDict = CFDictionaryCreateMutableCopy(NULL, 0, existDict); + /* dup to a mutable dictionary */ + newDict = CFDictionaryCreateMutableCopy(NULL, 0, existDict); } else { - if(certRef == NULL) { - /* no existing entry, nothing to delete, we're done */ - return 0; - } - newDict = CFDictionaryCreateMutable(NULL, 0, - &kCFCopyStringDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + if(certRef == NULL) { + /* no existing entry, nothing to delete, we're done */ + return 0; + } + newDict = CFDictionaryCreateMutable(NULL, 0, + &kCFCopyStringDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); } if(newDict == NULL) { - ourRtn = ENOMEM; - goto errOut; + ourRtn = ENOMEM; + goto errOut; } /* issuer / serial number ==> that dictionary */ keyStr = CFStringCreateWithCString(NULL, principal, kCFStringEncodingASCII); if(certRef == NULL) { - CFDictionaryRemoveValue(newDict, keyStr); + CFDictionaryRemoveValue(newDict, keyStr); } else { - cfIssuerSerial = CFDataCreate(NULL, issuerSerial.Data, issuerSerial.Length); - CFDictionarySetValue(newDict, keyStr, cfIssuerSerial); + cfIssuerSerial = CFDataCreate(NULL, issuerSerial.Data, issuerSerial.Length); + CFDictionarySetValue(newDict, keyStr, cfIssuerSerial); } - + /* dictionary ==> prefs */ - CFPreferencesSetValue(CFSTR(kPkinitClientCertKey), newDict, - CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, kCFPreferencesAnyHost); - if(CFPreferencesSynchronize(CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, - kCFPreferencesAnyHost)) { - ourRtn = 0; + CFPreferencesSetValue(CFSTR(kPkinitClientCertKey), newDict, + CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + if(CFPreferencesSynchronize(CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, + kCFPreferencesAnyHost)) { + ourRtn = 0; } else { - ourRtn = EACCES; /* any better ideas? */ + ourRtn = EACCES; /* any better ideas? */ } errOut: if(cfIssuerSerial) { - CFRelease(cfIssuerSerial); + CFRelease(cfIssuerSerial); } if(issuerSerial.Data) { - free(issuerSerial.Data); + free(issuerSerial.Data); } if(existDict) { - CFRelease(existDict); + CFRelease(existDict); } if(newDict) { - CFRelease(newDict); + CFRelease(newDict); } if(keyStr) { - CFRelease(keyStr); + CFRelease(keyStr); } return ourRtn; } -/* +/* * Obtain a reference to the client's cert database. Specify either principal * name or client_cert as obtained from krb5_pkinit_get_client_cert(). */ krb5_error_code krb5_pkinit_get_client_cert_db( - const char *principal, /* full principal string */ - krb5_pkinit_signing_cert_t client_cert, /* optional, from krb5_pkinit_get_client_cert() */ - krb5_pkinit_cert_db_t *client_cert_db)/* RETURNED */ + const char *principal, /* full principal string */ + krb5_pkinit_signing_cert_t client_cert, /* optional, from krb5_pkinit_get_client_cert() */ + krb5_pkinit_cert_db_t *client_cert_db)/* RETURNED */ { krb5_error_code krtn; krb5_pkinit_signing_cert_t local_cert; - + assert((client_cert != NULL) || (principal != NULL)); if(client_cert == NULL) { - /* caller didn't provide, look it up */ - krtn = krb5_pkinit_get_client_cert(principal, &local_cert); - if(krtn) { - return krtn; - } + /* caller didn't provide, look it up */ + krtn = krb5_pkinit_get_client_cert(principal, &local_cert); + if(krtn) { + return krtn; + } } else { - /* easy case */ - local_cert = client_cert; + /* easy case */ + local_cert = client_cert; } krtn = pkinit_cert_to_db(local_cert, client_cert_db); if(client_cert == NULL) { - krb5_pkinit_release_cert(local_cert); + krb5_pkinit_release_cert(local_cert); } return krtn; } @@ -503,28 +504,28 @@ krb5_error_code krb5_pkinit_get_client_cert_db( * The client_spec argument is typically provided by the client as kdcPkId. */ krb5_error_code krb5_pkinit_get_kdc_cert( - krb5_ui_4 num_trusted_CAs, /* sizeof *trusted_CAs */ - krb5_data *trusted_CAs, /* optional */ - krb5_data *client_spec, /* optional */ + krb5_ui_4 num_trusted_CAs, /* sizeof *trusted_CAs */ + krb5_data *trusted_CAs, /* optional */ + krb5_data *client_spec, /* optional */ krb5_pkinit_signing_cert_t *kdc_cert) { SecIdentityRef idRef = NULL; OSStatus ortn; krb5_error_code ourRtn = 0; - + /* OS X: trusted_CAs and client_spec ignored */ - + ortn = SecIdentityCopySystemIdentity(kSecIdentityDomainKerberosKDC, - &idRef, NULL); + &idRef, NULL); if(ortn) { - pkiCssmErr("SecIdentityCopySystemIdentity", ortn); - return KRB5_PRINC_NOMATCH; + pkiCssmErr("SecIdentityCopySystemIdentity", ortn); + return KRB5_PRINC_NOMATCH; } *kdc_cert = (krb5_pkinit_signing_cert_t)idRef; return ourRtn; } -/* +/* * Obtain a reference to the KDC's cert database. */ krb5_error_code krb5_pkinit_get_kdc_cert_db( @@ -532,10 +533,10 @@ krb5_error_code krb5_pkinit_get_kdc_cert_db( { krb5_pkinit_signing_cert_t kdcCert = NULL; krb5_error_code krtn; - + krtn = krb5_pkinit_get_kdc_cert(0, NULL, NULL, &kdcCert); if(krtn) { - return krtn; + return krtn; } krtn = pkinit_cert_to_db(kdcCert, kdc_cert_db); krb5_pkinit_release_cert(kdcCert); @@ -550,7 +551,7 @@ void krb5_pkinit_release_cert( krb5_pkinit_signing_cert_t cert) { if(cert == NULL) { - return; + return; } CFRelease((CFTypeRef)cert); } @@ -560,18 +561,18 @@ void krb5_pkinit_release_cert( * krb5_pkinit_get_kdc_cert_db(). */ extern void krb5_pkinit_release_cert_db( - krb5_pkinit_cert_db_t cert_db) + krb5_pkinit_cert_db_t cert_db) { if(cert_db == NULL) { - return; + return; } CFRelease((CFTypeRef)cert_db); } -/* - * Obtain a mallocd C-string representation of a certificate's SHA1 digest. - * Only error is a NULL return indicating memory failure. +/* + * Obtain a mallocd C-string representation of a certificate's SHA1 digest. + * Only error is a NULL return indicating memory failure. * Caller must free the returned string. */ char *krb5_pkinit_cert_hash_str( @@ -582,37 +583,37 @@ char *krb5_pkinit_cert_hash_str( char *cpOut; unsigned char digest[CC_SHA1_DIGEST_LENGTH]; unsigned dex; - + assert(cert != NULL); CC_SHA1_Init(&ctx); CC_SHA1_Update(&ctx, cert->data, cert->length); CC_SHA1_Final(digest, &ctx); - + outstr = (char *)malloc((2 * CC_SHA1_DIGEST_LENGTH) + 1); if(outstr == NULL) { - return NULL; + return NULL; } cpOut = outstr; for(dex=0; dex<CC_SHA1_DIGEST_LENGTH; dex++) { - snprintf(cpOut, 3, "%02X", (unsigned)(digest[dex])); - cpOut += 2; + snprintf(cpOut, 3, "%02X", (unsigned)(digest[dex])); + cpOut += 2; } *cpOut = '\0'; return outstr; } -/* +/* * Obtain a client's optional list of trusted KDC CA certs (trustedCertifiers) - * and/or trusted KDC cert (kdcPkId) for a given client and server. - * All returned values are mallocd and must be freed by caller; the contents - * of the krb5_datas are DER-encoded certificates. + * and/or trusted KDC cert (kdcPkId) for a given client and server. + * All returned values are mallocd and must be freed by caller; the contents + * of the krb5_datas are DER-encoded certificates. */ krb5_error_code krb5_pkinit_get_server_certs( const char *client_principal, const char *server_principal, - krb5_data **trusted_CAs, /* RETURNED, though return value may be NULL */ - krb5_ui_4 *num_trusted_CAs, /* RETURNED */ - krb5_data *kdc_cert) /* RETURNED, though may be 0/NULL */ + krb5_data **trusted_CAs, /* RETURNED, though return value may be NULL */ + krb5_ui_4 *num_trusted_CAs, /* RETURNED */ + krb5_data *kdc_cert) /* RETURNED, though may be 0/NULL */ { /* nothing for now */ *trusted_CAs = NULL; diff --git a/src/lib/krb5/krb/pkinit_apple_client.c b/src/lib/krb5/krb/pkinit_apple_client.c index d98fc76..b2b6cb9 100644 --- a/src/lib/krb5/krb/pkinit_apple_client.c +++ b/src/lib/krb5/krb/pkinit_apple_client.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -45,131 +46,131 @@ * Create a PA-PK-AS-REQ message. */ krb5_error_code krb5int_pkinit_as_req_create( - krb5_context context, - krb5_timestamp kctime, - krb5_int32 cusec, /* microseconds */ - krb5_ui_4 nonce, - const krb5_checksum *cksum, - krb5_pkinit_signing_cert_t client_cert, /* required */ - const krb5_data *trusted_CAs, /* optional list of CA certs */ - krb5_ui_4 num_trusted_CAs, - const krb5_data *kdc_cert, /* optional KDC cert */ - krb5_data *as_req) /* mallocd and RETURNED */ + krb5_context context, + krb5_timestamp kctime, + krb5_int32 cusec, /* microseconds */ + krb5_ui_4 nonce, + const krb5_checksum *cksum, + krb5_pkinit_signing_cert_t client_cert, /* required */ + const krb5_data *trusted_CAs, /* optional list of CA certs */ + krb5_ui_4 num_trusted_CAs, + const krb5_data *kdc_cert, /* optional KDC cert */ + krb5_data *as_req) /* mallocd and RETURNED */ { krb5_data auth_pack = {0}; krb5_error_code krtn; krb5_data content_info = {0}; krb5int_algorithm_id *cms_types = NULL; krb5_ui_4 num_cms_types = 0; - + /* issuer/serial numbers for trusted_CAs and kdc_cert, if we have them */ - krb5_data *ca_issuer_sn = NULL; /* issuer/serial_num for trusted_CAs */ - krb5_data kdc_issuer_sn = {0}; /* issuer/serial_num for kdc_cert */ + krb5_data *ca_issuer_sn = NULL; /* issuer/serial_num for trusted_CAs */ + krb5_data kdc_issuer_sn = {0}; /* issuer/serial_num for kdc_cert */ krb5_data *kdc_issuer_sn_p = NULL; - + /* optional platform-dependent CMS algorithm preference */ krtn = krb5int_pkinit_get_cms_types(&cms_types, &num_cms_types); if(krtn) { - return krtn; + return krtn; } - + /* encode the core authPack */ - krtn = krb5int_pkinit_auth_pack_encode(kctime, cusec, nonce, cksum, - cms_types, num_cms_types, - &auth_pack); + krtn = krb5int_pkinit_auth_pack_encode(kctime, cusec, nonce, cksum, + cms_types, num_cms_types, + &auth_pack); if(krtn) { - goto errOut; + goto errOut; } /* package the AuthPack up in a SignedData inside a ContentInfo */ - krtn = krb5int_pkinit_create_cms_msg(&auth_pack, - client_cert, - NULL, /* recip_cert */ - ECT_PkAuthData, - 0, NULL, /* cms_types */ - &content_info); + krtn = krb5int_pkinit_create_cms_msg(&auth_pack, + client_cert, + NULL, /* recip_cert */ + ECT_PkAuthData, + 0, NULL, /* cms_types */ + &content_info); if(krtn) { - goto errOut; + goto errOut; } - + /* if we have trusted_CAs, get issuer/serials */ if(trusted_CAs) { - unsigned dex; - ca_issuer_sn = (krb5_data *)malloc(num_trusted_CAs * sizeof(krb5_data)); - if(ca_issuer_sn == NULL) { - krtn = ENOMEM; - goto errOut; - } - for(dex=0; dex<num_trusted_CAs; dex++) { - krtn = krb5int_pkinit_get_issuer_serial(&trusted_CAs[dex], - &ca_issuer_sn[dex]); - if(krtn) { - goto errOut; - } - } + unsigned dex; + ca_issuer_sn = (krb5_data *)malloc(num_trusted_CAs * sizeof(krb5_data)); + if(ca_issuer_sn == NULL) { + krtn = ENOMEM; + goto errOut; + } + for(dex=0; dex<num_trusted_CAs; dex++) { + krtn = krb5int_pkinit_get_issuer_serial(&trusted_CAs[dex], + &ca_issuer_sn[dex]); + if(krtn) { + goto errOut; + } + } } - + /* If we have a KDC cert, get its issuer/serial */ if(kdc_cert) { - krtn = krb5int_pkinit_get_issuer_serial(kdc_cert, &kdc_issuer_sn); - if(krtn) { - goto errOut; - } - kdc_issuer_sn_p = &kdc_issuer_sn; + krtn = krb5int_pkinit_get_issuer_serial(kdc_cert, &kdc_issuer_sn); + if(krtn) { + goto errOut; + } + kdc_issuer_sn_p = &kdc_issuer_sn; } - + /* cook up PA-PK-AS-REQ */ - krtn = krb5int_pkinit_pa_pk_as_req_encode(&content_info, - ca_issuer_sn, num_trusted_CAs, - kdc_issuer_sn_p, - as_req); - + krtn = krb5int_pkinit_pa_pk_as_req_encode(&content_info, + ca_issuer_sn, num_trusted_CAs, + kdc_issuer_sn_p, + as_req); + errOut: if(cms_types) { - krb5int_pkinit_free_cms_types(cms_types, num_cms_types); + krb5int_pkinit_free_cms_types(cms_types, num_cms_types); } if(auth_pack.data) { - free(auth_pack.data); + free(auth_pack.data); } if(content_info.data) { - free(content_info.data); + free(content_info.data); } if(trusted_CAs) { - unsigned dex; - for(dex=0; dex<num_trusted_CAs; dex++) { - free(ca_issuer_sn[dex].data); - } - free(ca_issuer_sn); + unsigned dex; + for(dex=0; dex<num_trusted_CAs; dex++) { + free(ca_issuer_sn[dex].data); + } + free(ca_issuer_sn); } if(kdc_cert) { - free(kdc_issuer_sn.data); + free(kdc_issuer_sn.data); } return krtn; } /* - * Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain. - * Optionally returns various components. + * Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain. + * Optionally returns various components. */ krb5_error_code krb5int_pkinit_as_rep_parse( - krb5_context context, - const krb5_data *as_rep, - krb5_pkinit_signing_cert_t client_cert, /* required */ - krb5_keyblock *key_block, /* RETURNED */ - krb5_checksum *checksum, /* checksum of corresponding AS-REQ */ - /* contents mallocd and RETURNED */ - krb5int_cert_sig_status *cert_status, /* RETURNED */ + krb5_context context, + const krb5_data *as_rep, + krb5_pkinit_signing_cert_t client_cert, /* required */ + krb5_keyblock *key_block, /* RETURNED */ + krb5_checksum *checksum, /* checksum of corresponding AS-REQ */ + /* contents mallocd and RETURNED */ + krb5int_cert_sig_status *cert_status, /* RETURNED */ /* * Cert fields, all optionally RETURNED. * * signer_cert is the full X.509 leaf cert from the incoming SignedData. * all_certs is an array of all of the certs in the incoming SignedData, - * in full X.509 form. + * in full X.509 form. */ - krb5_data *signer_cert, /* content mallocd */ - unsigned *num_all_certs, /* sizeof *all_certs */ - krb5_data **all_certs) /* krb5_data's and their content mallocd */ + krb5_data *signer_cert, /* content mallocd */ + unsigned *num_all_certs, /* sizeof *all_certs */ + krb5_data **all_certs) /* krb5_data's and their content mallocd */ { krb5_data reply_key_pack = {0, 0, NULL}; krb5_error_code krtn; @@ -179,83 +180,83 @@ krb5_error_code krb5int_pkinit_as_rep_parse( krb5_pkinit_cert_db_t cert_db = NULL; krb5_boolean is_signed; krb5_boolean is_encrypted; - - assert((as_rep != NULL) && (checksum != NULL) && + + assert((as_rep != NULL) && (checksum != NULL) && (key_block != NULL) && (cert_status != NULL)); - - /* + + /* * Decode the top-level PA-PK-AS-REP */ krtn = krb5int_pkinit_pa_pk_as_rep_decode(as_rep, &dh_signed_data, &enc_key_pack); if(krtn) { - pkiCssmErr("krb5int_pkinit_pa_pk_as_rep_decode", krtn); - return krtn; + pkiCssmErr("krb5int_pkinit_pa_pk_as_rep_decode", krtn); + return krtn; } if(dh_signed_data.data) { - /* not for this implementation... */ - pkiDebug("krb5int_pkinit_as_rep_parse: unexpected dh_signed_data\n"); - krtn = ASN1_BAD_FORMAT; - goto err_out; + /* not for this implementation... */ + pkiDebug("krb5int_pkinit_as_rep_parse: unexpected dh_signed_data\n"); + krtn = ASN1_BAD_FORMAT; + goto err_out; } if(enc_key_pack.data == NULL) { - /* REQUIRED for this implementation... */ - pkiDebug("krb5int_pkinit_as_rep_parse: no enc_key_pack\n"); - krtn = ASN1_BAD_FORMAT; - goto err_out; + /* REQUIRED for this implementation... */ + pkiDebug("krb5int_pkinit_as_rep_parse: no enc_key_pack\n"); + krtn = ASN1_BAD_FORMAT; + goto err_out; } - + krtn = krb5_pkinit_get_client_cert_db(NULL, client_cert, &cert_db); if(krtn) { - pkiDebug("krb5int_pkinit_as_rep_parse: error in krb5_pkinit_get_client_cert_db\n"); - goto err_out; + pkiDebug("krb5int_pkinit_as_rep_parse: error in krb5_pkinit_get_client_cert_db\n"); + goto err_out; } /* - * enc_key_pack is an EnvelopedData(SignedData(keyPack), encrypted - * with our cert (which krb5int_pkinit_parse_content_info() finds + * enc_key_pack is an EnvelopedData(SignedData(keyPack), encrypted + * with our cert (which krb5int_pkinit_parse_content_info() finds * implicitly). */ krtn = krb5int_pkinit_parse_cms_msg(&enc_key_pack, cert_db, FALSE, - &is_signed, &is_encrypted, - &reply_key_pack, &content_type, - signer_cert, cert_status, num_all_certs, all_certs); + &is_signed, &is_encrypted, + &reply_key_pack, &content_type, + signer_cert, cert_status, num_all_certs, all_certs); if(krtn) { - pkiDebug("krb5int_pkinit_as_rep_parse: error decoding EnvelopedData\n"); - goto err_out; + pkiDebug("krb5int_pkinit_as_rep_parse: error decoding EnvelopedData\n"); + goto err_out; } if(!is_encrypted || !is_signed) { - pkiDebug("krb5int_pkinit_as_rep_parse: not signed and encrypted!\n"); - krtn = KRB5_PARSE_MALFORMED; - goto err_out; + pkiDebug("krb5int_pkinit_as_rep_parse: not signed and encrypted!\n"); + krtn = KRB5_PARSE_MALFORMED; + goto err_out; } if(content_type != ECT_PkReplyKeyKata) { - pkiDebug("replyKeyPack eContentType %d!\n", (int)content_type); - krtn = KRB5_PARSE_MALFORMED; - goto err_out; + pkiDebug("replyKeyPack eContentType %d!\n", (int)content_type); + krtn = KRB5_PARSE_MALFORMED; + goto err_out; } - - /* + + /* * Finally, decode that inner content as the ReplyKeyPack which contains * the actual key and nonce */ krtn = krb5int_pkinit_reply_key_pack_decode(&reply_key_pack, key_block, checksum); if(krtn) { - pkiDebug("krb5int_pkinit_as_rep_parse: error decoding ReplyKeyPack\n"); + pkiDebug("krb5int_pkinit_as_rep_parse: error decoding ReplyKeyPack\n"); } - + err_out: /* free temp mallocd data that we didn't pass back to caller */ if(reply_key_pack.data) { - free(reply_key_pack.data); + free(reply_key_pack.data); } if(enc_key_pack.data) { - free(enc_key_pack.data); + free(enc_key_pack.data); } if(dh_signed_data.data) { - free(dh_signed_data.data); + free(dh_signed_data.data); } if(cert_db) { - krb5_pkinit_release_cert_db(cert_db); + krb5_pkinit_release_cert_db(cert_db); } return krtn; } diff --git a/src/lib/krb5/krb/pkinit_apple_cms.c b/src/lib/krb5/krb/pkinit_apple_cms.c index 353bcab..f11b4ee 100644 --- a/src/lib/krb5/krb/pkinit_apple_cms.c +++ b/src/lib/krb5/krb/pkinit_apple_cms.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -42,20 +43,20 @@ #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h> #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h> -/* - * Custom OIDS to specify as eContentType +/* + * Custom OIDS to specify as eContentType */ -#define OID_PKINIT 0x2B, 6, 1, 5, 2, 3 -#define OID_PKINIT_LEN 6 +#define OID_PKINIT 0x2B, 6, 1, 5, 2, 3 +#define OID_PKINIT_LEN 6 -static const uint8 OID_PKINIT_AUTH_DATA[] = {OID_PKINIT, 1}; -static const uint8 OID_PKINIT_RKEY_DATA[] = {OID_PKINIT, 3}; +static const uint8 OID_PKINIT_AUTH_DATA[] = {OID_PKINIT, 1}; +static const uint8 OID_PKINIT_RKEY_DATA[] = {OID_PKINIT, 3}; /* these may go public so keep these symbols private */ -static const CSSM_OID _CSSMOID_PKINIT_AUTH_DATA = - {OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_AUTH_DATA}; -static const CSSM_OID _CSSMOID_PKINIT_RKEY_DATA = - {OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_RKEY_DATA}; +static const CSSM_OID _CSSMOID_PKINIT_AUTH_DATA = +{OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_AUTH_DATA}; +static const CSSM_OID _CSSMOID_PKINIT_RKEY_DATA = +{OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_RKEY_DATA}; #pragma mark ----- CMS utilities ---- @@ -69,26 +70,26 @@ static krb5int_cert_sig_status pkiCertSigStatus( OSStatus certStatus) { switch(certStatus) { - case CSSM_OK: - return pki_cs_good; - case CSSMERR_CSP_VERIFY_FAILED: - return pki_cs_sig_verify_fail; - case CSSMERR_TP_NOT_TRUSTED: - return pki_cs_no_root; - case CSSMERR_TP_INVALID_ANCHOR_CERT: - return pki_cs_unknown_root; - case CSSMERR_TP_CERT_EXPIRED: - return pki_cs_expired; - case CSSMERR_TP_CERT_NOT_VALID_YET: - return pki_cs_not_valid_yet; - case CSSMERR_TP_CERT_REVOKED: - return pki_cs_revoked; - case KRB5_KDB_UNAUTH: - return pki_cs_untrusted; - case CSSMERR_TP_INVALID_CERTIFICATE: - return pki_cs_bad_leaf; - default: - return pki_cs_other_err; + case CSSM_OK: + return pki_cs_good; + case CSSMERR_CSP_VERIFY_FAILED: + return pki_cs_sig_verify_fail; + case CSSMERR_TP_NOT_TRUSTED: + return pki_cs_no_root; + case CSSMERR_TP_INVALID_ANCHOR_CERT: + return pki_cs_unknown_root; + case CSSMERR_TP_CERT_EXPIRED: + return pki_cs_expired; + case CSSMERR_TP_CERT_NOT_VALID_YET: + return pki_cs_not_valid_yet; + case CSSMERR_TP_CERT_REVOKED: + return pki_cs_revoked; + case KRB5_KDB_UNAUTH: + return pki_cs_untrusted; + case CSSMERR_TP_INVALID_CERTIFICATE: + return pki_cs_bad_leaf; + default: + return pki_cs_other_err; } } @@ -99,24 +100,24 @@ static krb5int_cert_sig_status pkiCertSigStatus( */ static krb5int_cert_sig_status pkiInferSigStatus( CMSSignerStatus cms_status, - OSStatus tp_status) + OSStatus tp_status) { switch(cms_status) { - case kCMSSignerUnsigned: - return pki_not_signed; - case kCMSSignerValid: - return pki_cs_good; - case kCMSSignerNeedsDetachedContent: - return pki_bad_cms; - case kCMSSignerInvalidSignature: - return pki_cs_sig_verify_fail; - case kCMSSignerInvalidCert: - /* proceed with TP status */ - break; - default: - return pki_cs_other_err; + case kCMSSignerUnsigned: + return pki_not_signed; + case kCMSSignerValid: + return pki_cs_good; + case kCMSSignerNeedsDetachedContent: + return pki_bad_cms; + case kCMSSignerInvalidSignature: + return pki_cs_sig_verify_fail; + case kCMSSignerInvalidCert: + /* proceed with TP status */ + break; + default: + return pki_cs_other_err; } - + /* signature good, infer end status from TP verify */ return pkiCertSigStatus(tp_status); } @@ -130,15 +131,15 @@ static OSStatus pkiKrb5DataToSecCert( { CSSM_DATA certData; OSStatus ortn; - + assert((rawCert != NULL) && (secCert != NULL)); - + certData.Data = (uint8 *)rawCert->data; certData.Length = rawCert->length; - ortn = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, - CSSM_CERT_ENCODING_DER, secCert); + ortn = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, + CSSM_CERT_ENCODING_DER, secCert); if(ortn) { - pkiCssmErr("SecCertificateCreateFromData", ortn); + pkiCssmErr("SecCertificateCreateFromData", ortn); } return ortn; } @@ -148,52 +149,52 @@ static OSStatus pkiKrb5DataToSecCert( */ static krb5_error_code pkiCertArrayToKrb5Data( CFArrayRef cf_certs, - unsigned *num_all_certs, - krb5_data **all_certs) + unsigned *num_all_certs, + krb5_data **all_certs) { CFIndex num_certs; krb5_data *allCerts = NULL; krb5_error_code krtn = 0; CFIndex dex; - + if(cf_certs == NULL) { - *all_certs = NULL; - return 0; + *all_certs = NULL; + return 0; } num_certs = CFArrayGetCount(cf_certs); *num_all_certs = (unsigned)num_certs; if(num_certs == 0) { - *all_certs = NULL; - return 0; + *all_certs = NULL; + return 0; } allCerts = (krb5_data *)malloc(sizeof(krb5_data) * num_certs); if(allCerts == NULL) { - return ENOMEM; + return ENOMEM; } - for(dex=0; dex<num_certs; dex++) { - CSSM_DATA cert_data; - OSStatus ortn; - SecCertificateRef sec_cert; - - sec_cert = (SecCertificateRef)CFArrayGetValueAtIndex(cf_certs, dex); - ortn = SecCertificateGetData(sec_cert, &cert_data); - if(ortn) { - pkiCssmErr("SecCertificateGetData", ortn); - krtn = KRB5_PARSE_MALFORMED; - break; - } - krtn = pkiCssmDataToKrb5Data(&cert_data, &allCerts[dex]); - if(krtn) { - break; - } + for(dex=0; dex<num_certs; dex++) { + CSSM_DATA cert_data; + OSStatus ortn; + SecCertificateRef sec_cert; + + sec_cert = (SecCertificateRef)CFArrayGetValueAtIndex(cf_certs, dex); + ortn = SecCertificateGetData(sec_cert, &cert_data); + if(ortn) { + pkiCssmErr("SecCertificateGetData", ortn); + krtn = KRB5_PARSE_MALFORMED; + break; + } + krtn = pkiCssmDataToKrb5Data(&cert_data, &allCerts[dex]); + if(krtn) { + break; + } } if(krtn) { - if(allCerts) { - free(allCerts); - } + if(allCerts) { + free(allCerts); + } } else { - *all_certs = allCerts; + *all_certs = allCerts; } return krtn; } @@ -201,78 +202,78 @@ static krb5_error_code pkiCertArrayToKrb5Data( #pragma mark ----- Create CMS message ----- /* - * Create a CMS message: either encrypted (EnvelopedData), signed + * Create a CMS message: either encrypted (EnvelopedData), signed * (SignedData), or both (EnvelopedData(SignedData(content)). * * The message is signed iff signing_cert is non-NULL. * The message is encrypted iff recip_cert is non-NULL. * * The content_type argument specifies to the eContentType - * for a SignedData's EncapsulatedContentInfo. + * for a SignedData's EncapsulatedContentInfo. */ krb5_error_code krb5int_pkinit_create_cms_msg( - const krb5_data *content, /* Content */ - krb5_pkinit_signing_cert_t signing_cert, /* optional: signed by this cert */ - const krb5_data *recip_cert, /* optional: encrypted with this cert */ - krb5int_cms_content_type content_type, /* OID for EncapsulatedData */ - krb5_ui_4 num_cms_types, /* optional, unused here */ - const krb5int_algorithm_id *cms_types, /* optional, unused here */ - krb5_data *content_info) /* contents mallocd and RETURNED */ + const krb5_data *content, /* Content */ + krb5_pkinit_signing_cert_t signing_cert, /* optional: signed by this cert */ + const krb5_data *recip_cert, /* optional: encrypted with this cert */ + krb5int_cms_content_type content_type, /* OID for EncapsulatedData */ + krb5_ui_4 num_cms_types, /* optional, unused here */ + const krb5int_algorithm_id *cms_types, /* optional, unused here */ + krb5_data *content_info) /* contents mallocd and RETURNED */ { krb5_error_code krtn; OSStatus ortn; SecCertificateRef sec_recip = NULL; CFDataRef cf_content = NULL; const CSSM_OID *eContentOid = NULL; - + if((signing_cert == NULL) && (recip_cert == NULL)) { - /* must have one or the other */ - pkiDebug("krb5int_pkinit_create_cms_msg: no signer or recipient\n"); - return KRB5_CRYPTO_INTERNAL; + /* must have one or the other */ + pkiDebug("krb5int_pkinit_create_cms_msg: no signer or recipient\n"); + return KRB5_CRYPTO_INTERNAL; } - - /* - * Optional signer cert. Note signing_cert, if present, is - * a SecIdentityRef. + + /* + * Optional signer cert. Note signing_cert, if present, is + * a SecIdentityRef. */ if(recip_cert) { - if(pkiKrb5DataToSecCert(recip_cert, &sec_recip)) { - krtn = ASN1_BAD_FORMAT; - goto errOut; - } + if(pkiKrb5DataToSecCert(recip_cert, &sec_recip)) { + krtn = ASN1_BAD_FORMAT; + goto errOut; + } } - + /* optional eContentType */ if(signing_cert) { - switch(content_type) { - case ECT_PkAuthData: - eContentOid = &_CSSMOID_PKINIT_AUTH_DATA; - break; - case ECT_PkReplyKeyKata: - eContentOid = &_CSSMOID_PKINIT_RKEY_DATA; - break; - case ECT_Data: - /* the only standard/default case we allow */ - break; - default: - /* others: no can do */ - pkiDebug("krb5int_pkinit_create_cms_msg: bad contentType\n"); - krtn = KRB5_CRYPTO_INTERNAL; - goto errOut; - } + switch(content_type) { + case ECT_PkAuthData: + eContentOid = &_CSSMOID_PKINIT_AUTH_DATA; + break; + case ECT_PkReplyKeyKata: + eContentOid = &_CSSMOID_PKINIT_RKEY_DATA; + break; + case ECT_Data: + /* the only standard/default case we allow */ + break; + default: + /* others: no can do */ + pkiDebug("krb5int_pkinit_create_cms_msg: bad contentType\n"); + krtn = KRB5_CRYPTO_INTERNAL; + goto errOut; + } } - + /* GO */ ortn = CMSEncode((SecIdentityRef)signing_cert, sec_recip, - eContentOid, - FALSE, /* detachedContent */ - kCMSAttrNone, /* no signed attributes that I know of */ - content->data, content->length, - &cf_content); + eContentOid, + FALSE, /* detachedContent */ + kCMSAttrNone, /* no signed attributes that I know of */ + content->data, content->length, + &cf_content); if(ortn) { - pkiCssmErr("CMSEncode", ortn); - krtn = KRB5_CRYPTO_INTERNAL; - goto errOut; + pkiCssmErr("CMSEncode", ortn); + krtn = KRB5_CRYPTO_INTERNAL; + goto errOut; } krtn = pkiCfDataToKrb5Data(cf_content, content_info); errOut: @@ -285,22 +286,22 @@ errOut: /* * Parse a ContentInfo as best we can. All return fields are optional. - * If signer_cert_status is NULL on entry, NO signature or cert evaluation - * will be performed. + * If signer_cert_status is NULL on entry, NO signature or cert evaluation + * will be performed. */ krb5_error_code krb5int_pkinit_parse_cms_msg( - const krb5_data *content_info, - krb5_pkinit_cert_db_t cert_db, /* may be required for SignedData */ - krb5_boolean is_client_msg, /* TRUE : msg is from client */ - krb5_boolean *is_signed, /* RETURNED */ - krb5_boolean *is_encrypted, /* RETURNED */ - krb5_data *raw_data, /* RETURNED */ + const krb5_data *content_info, + krb5_pkinit_cert_db_t cert_db, /* may be required for SignedData */ + krb5_boolean is_client_msg, /* TRUE : msg is from client */ + krb5_boolean *is_signed, /* RETURNED */ + krb5_boolean *is_encrypted, /* RETURNED */ + krb5_data *raw_data, /* RETURNED */ krb5int_cms_content_type *inner_content_type,/* Returned, ContentType of */ - /* EncapsulatedData */ - krb5_data *signer_cert, /* RETURNED */ + /* EncapsulatedData */ + krb5_data *signer_cert, /* RETURNED */ krb5int_cert_sig_status *signer_cert_status,/* RETURNED */ - unsigned *num_all_certs, /* size of *all_certs RETURNED */ - krb5_data **all_certs) /* entire cert chain RETURNED */ + unsigned *num_all_certs, /* size of *all_certs RETURNED */ + krb5_data **all_certs) /* entire cert chain RETURNED */ { SecPolicySearchRef policy_search = NULL; SecPolicyRef policy = NULL; @@ -312,219 +313,219 @@ krb5_error_code krb5int_pkinit_parse_cms_msg( OSStatus cert_verify_status; CFArrayRef cf_all_certs = NULL; int msg_is_signed = 0; - + if(content_info == NULL) { - pkiDebug("krb5int_pkinit_parse_cms_msg: no ContentInfo\n"); - return KRB5_CRYPTO_INTERNAL; + pkiDebug("krb5int_pkinit_parse_cms_msg: no ContentInfo\n"); + return KRB5_CRYPTO_INTERNAL; } - + ortn = CMSDecoderCreate(&decoder); if(ortn) { - return ENOMEM; + return ENOMEM; } ortn = CMSDecoderUpdateMessage(decoder, content_info->data, content_info->length); if(ortn) { - /* no verify yet, must be bad message */ - krtn = KRB5_PARSE_MALFORMED; - goto errOut; + /* no verify yet, must be bad message */ + krtn = KRB5_PARSE_MALFORMED; + goto errOut; } ortn = CMSDecoderFinalizeMessage(decoder); if(ortn) { - pkiCssmErr("CMSDecoderFinalizeMessage", ortn); - krtn = KRB5_PARSE_MALFORMED; - goto errOut; + pkiCssmErr("CMSDecoderFinalizeMessage", ortn); + krtn = KRB5_PARSE_MALFORMED; + goto errOut; } /* expect zero or one signers */ ortn = CMSDecoderGetNumSigners(decoder, &num_signers); switch(num_signers) { - case 0: - msg_is_signed = 0; - break; - case 1: - msg_is_signed = 1; - break; - default: - krtn = KRB5_PARSE_MALFORMED; - goto errOut; + case 0: + msg_is_signed = 0; + break; + case 1: + msg_is_signed = 1; + break; + default: + krtn = KRB5_PARSE_MALFORMED; + goto errOut; } /* - * We need a cert verify policy even if we're not actually evaluating + * We need a cert verify policy even if we're not actually evaluating * the cert due to requirements in libsecurity_smime. */ ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3, - is_client_msg ? &CSSMOID_APPLE_TP_PKINIT_CLIENT : &CSSMOID_APPLE_TP_PKINIT_SERVER, - NULL, &policy_search); + is_client_msg ? &CSSMOID_APPLE_TP_PKINIT_CLIENT : &CSSMOID_APPLE_TP_PKINIT_SERVER, + NULL, &policy_search); if(ortn) { - pkiCssmErr("SecPolicySearchCreate", ortn); - krtn = KRB5_CRYPTO_INTERNAL; - goto errOut; + pkiCssmErr("SecPolicySearchCreate", ortn); + krtn = KRB5_CRYPTO_INTERNAL; + goto errOut; } ortn = SecPolicySearchCopyNext(policy_search, &policy); if(ortn) { - pkiCssmErr("SecPolicySearchCopyNext", ortn); - krtn = KRB5_CRYPTO_INTERNAL; - goto errOut; + pkiCssmErr("SecPolicySearchCopyNext", ortn); + krtn = KRB5_CRYPTO_INTERNAL; + goto errOut; } - + /* get some basic status that doesn't need heavyweight evaluation */ if(msg_is_signed) { - if(is_signed) { - *is_signed = TRUE; - } - if(inner_content_type) { - CSSM_OID ec_oid = {0, NULL}; - CFDataRef ec_data = NULL; - - krb5int_cms_content_type ctype; - - ortn = CMSDecoderCopyEncapsulatedContentType(decoder, &ec_data); - if(ortn || (ec_data == NULL)) { - pkiCssmErr("CMSDecoderCopyEncapsulatedContentType", ortn); - krtn = KRB5_CRYPTO_INTERNAL; - goto errOut; - } - ec_oid.Data = (uint8 *)CFDataGetBytePtr(ec_data); - ec_oid.Length = CFDataGetLength(ec_data); - if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_Data)) { - ctype = ECT_Data; - } - else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_SignedData)) { - ctype = ECT_SignedData; - } - else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_EnvelopedData)) { - ctype = ECT_EnvelopedData; - } - else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_EncryptedData)) { - ctype = ECT_EncryptedData; - } - else if(pkiCompareCssmData(&ec_oid, &_CSSMOID_PKINIT_AUTH_DATA)) { - ctype = ECT_PkAuthData; - } - else if(pkiCompareCssmData(&ec_oid, &_CSSMOID_PKINIT_RKEY_DATA)) { - ctype = ECT_PkReplyKeyKata; - } - else { - ctype = ECT_Other; - } - *inner_content_type = ctype; - CFRelease(ec_data); - } - - /* - * Get SignedData's certs if the caller wants them - */ - if(all_certs) { - ortn = CMSDecoderCopyAllCerts(decoder, &cf_all_certs); - if(ortn) { - pkiCssmErr("CMSDecoderCopyAllCerts", ortn); - krtn = KRB5_CRYPTO_INTERNAL; - goto errOut; - } - krtn = pkiCertArrayToKrb5Data(cf_all_certs, num_all_certs, all_certs); - if(krtn) { - goto errOut; - } - } - - /* optional signer cert */ - if(signer_cert) { - SecCertificateRef sec_signer_cert = NULL; - CSSM_DATA cert_data; - - ortn = CMSDecoderCopySignerCert(decoder, 0, &sec_signer_cert); - if(ortn) { - /* should never happen if it's signed */ - pkiCssmErr("CMSDecoderCopySignerStatus", ortn); - krtn = KRB5_CRYPTO_INTERNAL; - goto errOut; - } - ortn = SecCertificateGetData(sec_signer_cert, &cert_data); - if(ortn) { - pkiCssmErr("SecCertificateGetData", ortn); - CFRelease(sec_signer_cert); - krtn = KRB5_CRYPTO_INTERNAL; - goto errOut; - } - krtn = pkiDataToKrb5Data(cert_data.Data, cert_data.Length, signer_cert); - CFRelease(sec_signer_cert); - if(krtn) { - goto errOut; - } - } + if(is_signed) { + *is_signed = TRUE; + } + if(inner_content_type) { + CSSM_OID ec_oid = {0, NULL}; + CFDataRef ec_data = NULL; + + krb5int_cms_content_type ctype; + + ortn = CMSDecoderCopyEncapsulatedContentType(decoder, &ec_data); + if(ortn || (ec_data == NULL)) { + pkiCssmErr("CMSDecoderCopyEncapsulatedContentType", ortn); + krtn = KRB5_CRYPTO_INTERNAL; + goto errOut; + } + ec_oid.Data = (uint8 *)CFDataGetBytePtr(ec_data); + ec_oid.Length = CFDataGetLength(ec_data); + if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_Data)) { + ctype = ECT_Data; + } + else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_SignedData)) { + ctype = ECT_SignedData; + } + else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_EnvelopedData)) { + ctype = ECT_EnvelopedData; + } + else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_EncryptedData)) { + ctype = ECT_EncryptedData; + } + else if(pkiCompareCssmData(&ec_oid, &_CSSMOID_PKINIT_AUTH_DATA)) { + ctype = ECT_PkAuthData; + } + else if(pkiCompareCssmData(&ec_oid, &_CSSMOID_PKINIT_RKEY_DATA)) { + ctype = ECT_PkReplyKeyKata; + } + else { + ctype = ECT_Other; + } + *inner_content_type = ctype; + CFRelease(ec_data); + } + + /* + * Get SignedData's certs if the caller wants them + */ + if(all_certs) { + ortn = CMSDecoderCopyAllCerts(decoder, &cf_all_certs); + if(ortn) { + pkiCssmErr("CMSDecoderCopyAllCerts", ortn); + krtn = KRB5_CRYPTO_INTERNAL; + goto errOut; + } + krtn = pkiCertArrayToKrb5Data(cf_all_certs, num_all_certs, all_certs); + if(krtn) { + goto errOut; + } + } + + /* optional signer cert */ + if(signer_cert) { + SecCertificateRef sec_signer_cert = NULL; + CSSM_DATA cert_data; + + ortn = CMSDecoderCopySignerCert(decoder, 0, &sec_signer_cert); + if(ortn) { + /* should never happen if it's signed */ + pkiCssmErr("CMSDecoderCopySignerStatus", ortn); + krtn = KRB5_CRYPTO_INTERNAL; + goto errOut; + } + ortn = SecCertificateGetData(sec_signer_cert, &cert_data); + if(ortn) { + pkiCssmErr("SecCertificateGetData", ortn); + CFRelease(sec_signer_cert); + krtn = KRB5_CRYPTO_INTERNAL; + goto errOut; + } + krtn = pkiDataToKrb5Data(cert_data.Data, cert_data.Length, signer_cert); + CFRelease(sec_signer_cert); + if(krtn) { + goto errOut; + } + } } else { - /* not signed */ - if(is_signed) { - *is_signed = FALSE; - } - if(inner_content_type) { - *inner_content_type = ECT_Other; - } - if(signer_cert) { - signer_cert->data = NULL; - signer_cert->length = 0; - } - if(signer_cert_status) { - *signer_cert_status = pki_not_signed; - } - if(num_all_certs) { - *num_all_certs = 0; - } - if(all_certs) { - *all_certs = NULL; - } + /* not signed */ + if(is_signed) { + *is_signed = FALSE; + } + if(inner_content_type) { + *inner_content_type = ECT_Other; + } + if(signer_cert) { + signer_cert->data = NULL; + signer_cert->length = 0; + } + if(signer_cert_status) { + *signer_cert_status = pki_not_signed; + } + if(num_all_certs) { + *num_all_certs = 0; + } + if(all_certs) { + *all_certs = NULL; + } } if(is_encrypted) { - Boolean bencr; - ortn = CMSDecoderIsContentEncrypted(decoder, &bencr); - if(ortn) { - pkiCssmErr("CMSDecoderCopySignerStatus", ortn); - krtn = KRB5_CRYPTO_INTERNAL; - goto errOut; - } - *is_encrypted = bencr ? TRUE : FALSE; + Boolean bencr; + ortn = CMSDecoderIsContentEncrypted(decoder, &bencr); + if(ortn) { + pkiCssmErr("CMSDecoderCopySignerStatus", ortn); + krtn = KRB5_CRYPTO_INTERNAL; + goto errOut; + } + *is_encrypted = bencr ? TRUE : FALSE; } - - /* + + /* * Verify signature and cert. The actual verify operation is optional, * per our signer_cert_status argument, but we do this anyway if we need * to get the signer cert. */ if((signer_cert_status != NULL) || (signer_cert != NULL)) { - - ortn = CMSDecoderCopySignerStatus(decoder, - 0, /* signerIndex */ - policy, - signer_cert_status ? TRUE : FALSE, /* evaluateSecTrust */ - &signer_status, - NULL, /* secTrust - not needed */ - &cert_verify_status); - if(ortn) { - /* gross error - subsequent processing impossible */ - pkiCssmErr("CMSDecoderCopySignerStatus", ortn); - krtn = KRB5_PARSE_MALFORMED; - goto errOut; - } + + ortn = CMSDecoderCopySignerStatus(decoder, + 0, /* signerIndex */ + policy, + signer_cert_status ? TRUE : FALSE, /* evaluateSecTrust */ + &signer_status, + NULL, /* secTrust - not needed */ + &cert_verify_status); + if(ortn) { + /* gross error - subsequent processing impossible */ + pkiCssmErr("CMSDecoderCopySignerStatus", ortn); + krtn = KRB5_PARSE_MALFORMED; + goto errOut; + } } /* obtain & return status */ if(signer_cert_status) { - *signer_cert_status = pkiInferSigStatus(signer_status, cert_verify_status); + *signer_cert_status = pkiInferSigStatus(signer_status, cert_verify_status); } - + /* finally, the payload */ if(raw_data) { - CFDataRef cf_content = NULL; - - ortn = CMSDecoderCopyContent(decoder, &cf_content); - if(ortn) { - pkiCssmErr("CMSDecoderCopyContent", ortn); - krtn = KRB5_PARSE_MALFORMED; - goto errOut; - } - krtn = pkiCfDataToKrb5Data(cf_content, raw_data); - CFRELEASE(cf_content); + CFDataRef cf_content = NULL; + + ortn = CMSDecoderCopyContent(decoder, &cf_content); + if(ortn) { + pkiCssmErr("CMSDecoderCopyContent", ortn); + krtn = KRB5_PARSE_MALFORMED; + goto errOut; + } + krtn = pkiCfDataToKrb5Data(cf_content, raw_data); + CFRELEASE(cf_content); } errOut: CFRELEASE(policy_search); @@ -535,8 +536,8 @@ errOut: } krb5_error_code krb5int_pkinit_get_cms_types( - krb5int_algorithm_id **supported_cms_types, /* RETURNED */ - krb5_ui_4 *num_supported_cms_types) /* RETURNED */ + krb5int_algorithm_id **supported_cms_types, /* RETURNED */ + krb5_ui_4 *num_supported_cms_types) /* RETURNED */ { /* no preference */ *supported_cms_types = NULL; @@ -546,12 +547,12 @@ krb5_error_code krb5int_pkinit_get_cms_types( krb5_error_code krb5int_pkinit_free_cms_types( krb5int_algorithm_id *supported_cms_types, - krb5_ui_4 num_supported_cms_types) + krb5_ui_4 num_supported_cms_types) { - /* + /* * We don't return anything from krb5int_pkinit_get_cms_types(), and * if we did, it would be a pointer to a statically declared array, - * so this is a nop. + * so this is a nop. */ return 0; } diff --git a/src/lib/krb5/krb/pkinit_apple_utils.c b/src/lib/krb5/krb/pkinit_apple_utils.c index f539693..83b5922 100644 --- a/src/lib/krb5/krb/pkinit_apple_utils.c +++ b/src/lib/krb5/krb/pkinit_apple_utils.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -28,7 +29,7 @@ * * Created 19 May 2004 by Doug Mitchell at Apple. */ - + #if APPLE_PKINIT #include "pkinit_apple_utils.h" @@ -41,7 +42,7 @@ #include <ctype.h> #include <Security/Security.h> -/* +/* * Cruft needed to attach to a module */ static CSSM_VERSION vers = {2, 0}; @@ -51,28 +52,28 @@ static const CSSM_GUID testGuid = { 0xFADE, 0, 0, { 1,2,3,4,5,6,7,0 }}; * Standard app-level memory functions required by CDSA. */ static void * cuAppMalloc (CSSM_SIZE size, void *allocRef) { - return( malloc(size) ); + return( malloc(size) ); } static void cuAppFree (void *mem_ptr, void *allocRef) { - free(mem_ptr); - return; + free(mem_ptr); + return; } static void * cuAppRealloc (void *ptr, CSSM_SIZE size, void *allocRef) { - return( realloc( ptr, size ) ); + return( realloc( ptr, size ) ); } static void * cuAppCalloc (uint32 num, CSSM_SIZE size, void *allocRef) { - return( calloc( num, size ) ); + return( calloc( num, size ) ); } static CSSM_API_MEMORY_FUNCS memFuncs = { - cuAppMalloc, - cuAppFree, - cuAppRealloc, - cuAppCalloc, - NULL + cuAppMalloc, + cuAppFree, + cuAppRealloc, + cuAppCalloc, + NULL }; /* @@ -84,23 +85,23 @@ static CSSM_BOOL cuCssmStartup() { CSSM_RETURN crtn; CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE; - + if(cssmInitd) { - return CSSM_TRUE; - } - crtn = CSSM_Init (&vers, - CSSM_PRIVILEGE_SCOPE_NONE, - &testGuid, - CSSM_KEY_HIERARCHY_NONE, - &pvcPolicy, - NULL /* reserved */); - if(crtn != CSSM_OK) + return CSSM_TRUE; + } + crtn = CSSM_Init (&vers, + CSSM_PRIVILEGE_SCOPE_NONE, + &testGuid, + CSSM_KEY_HIERARCHY_NONE, + &pvcPolicy, + NULL /* reserved */); + if(crtn != CSSM_OK) { - return CSSM_FALSE; + return CSSM_FALSE; } else { - cssmInitd = CSSM_TRUE; - return CSSM_TRUE; + cssmInitd = CSSM_TRUE; + return CSSM_TRUE; } } @@ -108,42 +109,42 @@ CSSM_CL_HANDLE pkiClStartup(void) { CSSM_CL_HANDLE clHand; CSSM_RETURN crtn; - + if(cuCssmStartup() == CSSM_FALSE) { - return 0; + return 0; } crtn = CSSM_ModuleLoad(&gGuidAppleX509CL, - CSSM_KEY_HIERARCHY_NONE, - NULL, /* eventHandler */ - NULL); /* AppNotifyCallbackCtx */ + CSSM_KEY_HIERARCHY_NONE, + NULL, /* eventHandler */ + NULL); /* AppNotifyCallbackCtx */ if(crtn) { - return 0; + return 0; } crtn = CSSM_ModuleAttach (&gGuidAppleX509CL, - &vers, - &memFuncs, /* memFuncs */ - 0, /* SubserviceID */ - CSSM_SERVICE_CL, /* SubserviceFlags - Where is this used? */ - 0, /* AttachFlags */ - CSSM_KEY_HIERARCHY_NONE, - NULL, /* FunctionTable */ - 0, /* NumFuncTable */ - NULL, /* reserved */ - &clHand); + &vers, + &memFuncs, /* memFuncs */ + 0, /* SubserviceID */ + CSSM_SERVICE_CL, /* SubserviceFlags - Where is this used? */ + 0, /* AttachFlags */ + CSSM_KEY_HIERARCHY_NONE, + NULL, /* FunctionTable */ + 0, /* NumFuncTable */ + NULL, /* reserved */ + &clHand); if(crtn) { - return 0; + return 0; } else { - return clHand; + return clHand; } } CSSM_RETURN pkiClDetachUnload( - CSSM_CL_HANDLE clHand) + CSSM_CL_HANDLE clHand) { CSSM_RETURN crtn = CSSM_ModuleDetach(clHand); if(crtn) { - return crtn; + return crtn; } return CSSM_ModuleUnload(&gGuidAppleX509CL, NULL, NULL); } @@ -152,33 +153,33 @@ CSSM_RETURN pkiClDetachUnload( * CSSM_DATA <--> krb5_ui_4 */ krb5_error_code pkiDataToInt( - const CSSM_DATA *cdata, - krb5_int32 *i) /* RETURNED */ + const CSSM_DATA *cdata, + krb5_int32 *i) /* RETURNED */ { krb5_ui_4 len; krb5_int32 rtn = 0; krb5_ui_4 dex; uint8 *cp = NULL; - + if((cdata->Length == 0) || (cdata->Data == NULL)) { - *i = 0; - return 0; + *i = 0; + return 0; } len = cdata->Length; if(len > sizeof(krb5_int32)) { - return ASN1_BAD_LENGTH; + return ASN1_BAD_LENGTH; } - + cp = cdata->Data; for(dex=0; dex<len; dex++) { - rtn = (rtn << 8) | *cp++; + rtn = (rtn << 8) | *cp++; } *i = rtn; return 0; } krb5_error_code pkiIntToData( - krb5_int32 num, + krb5_int32 num, CSSM_DATA *cdata, SecAsn1CoderRef coder) { @@ -186,26 +187,26 @@ krb5_error_code pkiIntToData( uint32 len = 0; uint8 *cp = NULL; unsigned i; - + if(unum < 0x100) { - len = 1; + len = 1; } else if(unum < 0x10000) { - len = 2; + len = 2; } else if(unum < 0x1000000) { - len = 3; + len = 3; } else { - len = 4; + len = 4; } if(SecAsn1AllocItem(coder, cdata, len)) { - return ENOMEM; + return ENOMEM; } cp = &cdata->Data[len - 1]; for(i=0; i<len; i++) { - *cp-- = unum & 0xff; - unum >>= 8; + *cp-- = unum & 0xff; + unum >>= 8; } return 0; } @@ -222,14 +223,14 @@ krb5_error_code pkiDataToKrb5Data( assert(kd != NULL); kd->data = (char *)malloc(dataLen); if(kd->data == NULL) { - return ENOMEM; + return ENOMEM; } kd->length = dataLen; memmove(kd->data, data, dataLen); return 0; } -/* +/* * CSSM_DATA <--> krb5_data * * CSSM_DATA data is managed by a SecAsn1CoderRef; krb5_data data is mallocd. @@ -237,7 +238,7 @@ krb5_error_code pkiDataToKrb5Data( * Both return nonzero on error. */ krb5_error_code pkiCssmDataToKrb5Data( - const CSSM_DATA *cd, + const CSSM_DATA *cd, krb5_data *kd) { assert(cd != NULL); @@ -251,20 +252,20 @@ krb5_error_code pkiKrb5DataToCssm( { assert((cd != NULL) && (kd != NULL)); if(SecAsn1AllocCopy(coder, kd->data, kd->length, cd)) { - return ENOMEM; + return ENOMEM; } return 0; } -/* +/* * CFDataRef --> krb5_data, mallocing the destination contents. */ krb5_error_code pkiCfDataToKrb5Data( - CFDataRef cfData, - krb5_data *kd) /* content mallocd and RETURNED */ + CFDataRef cfData, + krb5_data *kd) /* content mallocd and RETURNED */ { return pkiDataToKrb5Data(CFDataGetBytePtr(cfData), - CFDataGetLength(cfData), kd); + CFDataGetLength(cfData), kd); } krb5_boolean pkiCompareCssmData( @@ -272,79 +273,79 @@ krb5_boolean pkiCompareCssmData( const CSSM_DATA *d2) { if((d1 == NULL) || (d2 == NULL)) { - return FALSE; + return FALSE; } if(d1->Length != d2->Length) { - return FALSE; + return FALSE; } if(memcmp(d1->Data, d2->Data, d1->Length)) { - return FALSE; + return FALSE; } else { - return TRUE; + return TRUE; } } -/* +/* * krb5_timestamp --> a mallocd string in generalized format */ krb5_error_code pkiKrbTimestampToStr( krb5_timestamp kts, - char **str) /* mallocd and RETURNED */ + char **str) /* mallocd and RETURNED */ { char *outStr = NULL; time_t gmt_time = kts; struct tm *utc = gmtime(&gmt_time); if (utc == NULL || - utc->tm_year > 8099 || utc->tm_mon > 11 || - utc->tm_mday > 31 || utc->tm_hour > 23 || - utc->tm_min > 59 || utc->tm_sec > 59) { - return ASN1_BAD_GMTIME; + utc->tm_year > 8099 || utc->tm_mon > 11 || + utc->tm_mday > 31 || utc->tm_hour > 23 || + utc->tm_min > 59 || utc->tm_sec > 59) { + return ASN1_BAD_GMTIME; } if (asprintf(&outStr, "%04d%02d%02d%02d%02d%02dZ", - utc->tm_year + 1900, utc->tm_mon + 1, - utc->tm_mday, utc->tm_hour, utc->tm_min, utc->tm_sec) < 0) { - return ENOMEM; + utc->tm_year + 1900, utc->tm_mon + 1, + utc->tm_mday, utc->tm_hour, utc->tm_min, utc->tm_sec) < 0) { + return ENOMEM; } *str = outStr; return 0; } krb5_error_code pkiTimeStrToKrbTimestamp( - const char *str, - unsigned len, + const char *str, + unsigned len, krb5_timestamp *kts) /* RETURNED */ { - char szTemp[5]; - unsigned x; - unsigned i; - char *cp; - struct tm tmp; + char szTemp[5]; + unsigned x; + unsigned i; + char *cp; + struct tm tmp; time_t t; - + if(len != 15) { - return ASN1_BAD_LENGTH; + return ASN1_BAD_LENGTH; } if((str == NULL) || (kts == NULL)) { - return KRB5_CRYPTO_INTERNAL; + return KRB5_CRYPTO_INTERNAL; } - + cp = (char *)str; memset(&tmp, 0, sizeof(tmp)); - + /* check that all characters except last are digits */ for(i=0; i<(len - 1); i++) { - if ( !(isdigit(cp[i])) ) { - return ASN1_BAD_TIMEFORMAT; - } + if ( !(isdigit(cp[i])) ) { + return ASN1_BAD_TIMEFORMAT; + } } /* check last character is a 'Z' */ - if(cp[len - 1] != 'Z' ) { - return ASN1_BAD_TIMEFORMAT; + if(cp[len - 1] != 'Z' ) { + return ASN1_BAD_TIMEFORMAT; } - + /* YEAR */ szTemp[0] = *cp++; szTemp[1] = *cp++; @@ -362,7 +363,7 @@ krb5_error_code pkiTimeStrToKrbTimestamp( x = atoi( szTemp ); /* in the string, months are from 1 to 12 */ if((x > 12) || (x <= 0)) { - return ASN1_BAD_TIMEFORMAT; + return ASN1_BAD_TIMEFORMAT; } /* in a tm, 0 to 11 */ tmp.tm_mon = x - 1; @@ -374,7 +375,7 @@ krb5_error_code pkiTimeStrToKrbTimestamp( x = atoi( szTemp ); /* 1..31 */ if((x > 31) || (x <= 0)) { - return ASN1_BAD_TIMEFORMAT; + return ASN1_BAD_TIMEFORMAT; } tmp.tm_mday = x; @@ -384,7 +385,7 @@ krb5_error_code pkiTimeStrToKrbTimestamp( szTemp[2] = '\0'; x = atoi( szTemp ); if((x > 23) || (x < 0)) { - return ASN1_BAD_TIMEFORMAT; + return ASN1_BAD_TIMEFORMAT; } tmp.tm_hour = x; @@ -394,7 +395,7 @@ krb5_error_code pkiTimeStrToKrbTimestamp( szTemp[2] = '\0'; x = atoi( szTemp ); if((x > 59) || (x < 0)) { - return ASN1_BAD_TIMEFORMAT; + return ASN1_BAD_TIMEFORMAT; } tmp.tm_min = x; @@ -404,12 +405,12 @@ krb5_error_code pkiTimeStrToKrbTimestamp( szTemp[2] = '\0'; x = atoi( szTemp ); if((x > 59) || (x < 0)) { - return ASN1_BAD_TIMEFORMAT; + return ASN1_BAD_TIMEFORMAT; } tmp.tm_sec = x; t = timegm(&tmp); if(t == -1) { - return ASN1_BAD_TIMEFORMAT; + return ASN1_BAD_TIMEFORMAT; } *kts = t; return 0; @@ -423,9 +424,9 @@ unsigned pkiNssArraySize( { unsigned count = 0; if (array) { - while (*array++) { - count++; - } + while (*array++) { + count++; + } } return count; } diff --git a/src/lib/krb5/krb/pr_to_salt.c b/src/lib/krb5/krb/pr_to_salt.c index 545d86f..5d57bc5 100644 --- a/src/lib/krb5/krb/pr_to_salt.c +++ b/src/lib/krb5/krb/pr_to_salt.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/pr_to_salt.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_principal2salt() */ @@ -30,7 +31,7 @@ #include "k5-int.h" static krb5_error_code krb5_principal2salt_internal - (krb5_context, krb5_const_principal, krb5_data *ret, int); +(krb5_context, krb5_const_principal, krb5_data *ret, int); /* * Convert a krb5_principal into the default salt for that principal. @@ -43,32 +44,32 @@ krb5_principal2salt_internal(krb5_context context, register krb5_const_principal register int i; if (pr == 0) { - ret->length = 0; - ret->data = 0; - return 0; + ret->length = 0; + ret->data = 0; + return 0; } nelem = krb5_princ_size(context, pr); if (use_realm) - size += krb5_princ_realm(context, pr)->length; + size += krb5_princ_realm(context, pr)->length; for (i = 0; i < (int) nelem; i++) - size += krb5_princ_component(context, pr, i)->length; + size += krb5_princ_component(context, pr, i)->length; ret->length = size; if (!(ret->data = malloc (size))) - return ENOMEM; + return ENOMEM; if (use_realm) { - offset = krb5_princ_realm(context, pr)->length; - memcpy(ret->data, krb5_princ_realm(context, pr)->data, offset); + offset = krb5_princ_realm(context, pr)->length; + memcpy(ret->data, krb5_princ_realm(context, pr)->data, offset); } for (i = 0; i < (int) nelem; i++) { - memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data, - krb5_princ_component(context, pr, i)->length); - offset += krb5_princ_component(context, pr, i)->length; + memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data, + krb5_princ_component(context, pr, i)->length); + offset += krb5_princ_component(context, pr, i)->length; } return 0; } @@ -76,11 +77,11 @@ krb5_principal2salt_internal(krb5_context context, register krb5_const_principal krb5_error_code krb5_principal2salt(krb5_context context, register krb5_const_principal pr, krb5_data *ret) { - return krb5_principal2salt_internal(context, pr, ret, 1); + return krb5_principal2salt_internal(context, pr, ret, 1); } krb5_error_code krb5_principal2salt_norealm(krb5_context context, register krb5_const_principal pr, krb5_data *ret) { - return krb5_principal2salt_internal(context, pr, ret, 0); + return krb5_principal2salt_internal(context, pr, ret, 0); } diff --git a/src/lib/krb5/krb/preauth.c b/src/lib/krb5/krb/preauth.c index 06b2f50..9061aa9 100644 --- a/src/lib/krb5/krb/preauth.c +++ b/src/lib/krb5/krb/preauth.c @@ -25,7 +25,7 @@ /* * This file contains routines for establishing, verifying, and any other - * necessary functions, for utilizing the pre-authentication field of the + * necessary functions, for utilizing the pre-authentication field of the * kerberos kdc request, with various hardware/software verification devices. */ @@ -72,7 +72,7 @@ static krb5_error_code obtain_sam_padata (krb5_context, krb5_pa_data *, krb5_etype_info, - krb5_keyblock *, + krb5_keyblock *, krb5_error_code ( * )(krb5_context, const krb5_enctype, krb5_data *, @@ -179,24 +179,24 @@ krb5_error_code krb5_obtain_padata(krb5_context context, krb5_pa_data **preauth_ if (etype_info) { enctype = etype_info[0]->etype; salt.data = (char *) etype_info[0]->salt; - if(etype_info[0]->length == KRB5_ETYPE_NO_SALT) + if(etype_info[0]->length == KRB5_ETYPE_NO_SALT) salt.length = SALT_TYPE_NO_LENGTH; /* XXX */ - else + else salt.length = etype_info[0]->length; } if (salt.length == SALT_TYPE_NO_LENGTH) { /* - * This will set the salt length + * This will set the salt length */ if ((retval = krb5_principal2salt(context, request->client, &salt))) goto cleanup; f_salt = 1; } - + if ((retval = (*key_proc)(context, enctype, &salt, key_seed, &def_enc_key))) goto cleanup; - + for (pa = preauth_to_use; *pa; pa++) { if (find_pa_system((*pa)->pa_type, &ops)) @@ -204,7 +204,7 @@ krb5_error_code krb5_obtain_padata(krb5_context context, krb5_pa_data **preauth_ if (ops->obtain == 0) continue; - + retval = ((ops)->obtain)(context, *pa, etype_info, def_enc_key, key_proc, key_seed, creds, request, send_pa); @@ -233,7 +233,7 @@ cleanup: if (def_enc_key) krb5_free_keyblock(context, def_enc_key); return retval; - + } krb5_error_code @@ -243,7 +243,7 @@ krb5_process_padata(krb5_context context, krb5_kdc_req *request, krb5_kdc_rep *a const krb5_preauth_ops * ops; krb5_pa_data ** pa; krb5_int32 done = 0; - + *do_more = 0; /* By default, we don't need to repeat... */ if (as_reply->padata == 0) return 0; @@ -254,7 +254,7 @@ krb5_process_padata(krb5_context context, krb5_kdc_req *request, krb5_kdc_rep *a if (ops->process == 0) continue; - + retval = ((ops)->process)(context, *pa, request, as_reply, key_proc, keyseed, decrypt_proc, decrypt_key, creds, do_more, &done); @@ -298,7 +298,7 @@ obtain_enc_ts_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_i krb5_free_data(context, scratch); scratch = 0; - + if ((retval = encode_krb5_enc_data(&enc_data, &scratch)) != 0) goto cleanup; @@ -318,7 +318,7 @@ obtain_enc_ts_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_i scratch = 0; retval = 0; - + cleanup: if (scratch) krb5_free_data(context, scratch); @@ -332,14 +332,14 @@ process_pw_salt(krb5_context context, krb5_pa_data *padata, krb5_kdc_req *reques { krb5_error_code retval; krb5_data salt; - + if (*decrypt_key != 0) return 0; salt.data = (char *) padata->contents; - salt.length = + salt.length = (padata->pa_type == KRB5_PADATA_AFS3_SALT)?(SALT_TYPE_AFS_LENGTH):(padata->length); - + if ((retval = (*key_proc)(context, as_reply->enc_part.enctype, &salt, keyseed, decrypt_key))) { *decrypt_key = 0; @@ -348,19 +348,19 @@ process_pw_salt(krb5_context context, krb5_pa_data *padata, krb5_kdc_req *reques return 0; } - + static krb5_error_code find_pa_system(krb5_preauthtype type, const krb5_preauth_ops **preauth) { const krb5_preauth_ops *ap = preauth_systems; - + while ((ap->type != -1) && (ap->type != type)) ap++; if (ap->type == -1) return(KRB5_PREAUTH_BAD_TYPE); *preauth = ap; return 0; -} +} extern const char *krb5_default_pwd_prompt1; @@ -381,14 +381,14 @@ sam_get_pass_from_user(krb5_context context, krb5_etype_info etype_info, git_key krb5_data newpw; newpw.data = 0; newpw.length = 0; /* we don't keep the new password, just the key... */ - retval = (*key_proc)(context, enctype, 0, + retval = (*key_proc)(context, enctype, 0, (krb5_const_pointer)&newpw, new_enc_key); free(newpw.data); } krb5_default_pwd_prompt1 = oldprompt; return retval; } -static +static char *handle_sam_labels(krb5_sam_challenge *sc) { char *label = sc->sam_challenge_label.data; @@ -433,7 +433,7 @@ char *handle_sam_labels(krb5_sam_challenge *sc) /* example: Challenge for Digital Pathways mechanism: [134591] - Passcode: + Passcode: */ krb5int_buf_init_dynamic(&buf); if (challenge_len) { @@ -511,7 +511,7 @@ obtain_sam_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info retval = ENOMEM; goto cleanup; } - retval = sam_get_pass_from_user(context, etype_info, key_proc, + retval = sam_get_pass_from_user(context, etype_info, key_proc, key_seed, request, &sam_use_key, prompt); if (retval) @@ -524,15 +524,15 @@ obtain_sam_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info } /* so at this point, either sam_use_key is generated from the passcode - * or enc_sam_response_enc.sam_sad is set to it, and we use + * or enc_sam_response_enc.sam_sad is set to it, and we use * def_enc_key instead. */ /* encode the encoded part of the response */ if ((retval = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc, &scratch)) != 0) goto cleanup; - if ((retval = krb5_encrypt_data(context, - sam_use_key?sam_use_key:def_enc_key, + if ((retval = krb5_encrypt_data(context, + sam_use_key?sam_use_key:def_enc_key, 0, scratch, &sam_response.sam_enc_nonce_or_ts))) goto cleanup; @@ -552,7 +552,7 @@ obtain_sam_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info if ((retval = encode_krb5_sam_response(&sam_response, &scratch)) != 0) goto cleanup; - + if ((pa = malloc(sizeof(krb5_pa_data))) == NULL) { retval = ENOMEM; goto cleanup; @@ -567,7 +567,7 @@ obtain_sam_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info *out_padata = pa; retval = 0; - + cleanup: krb5_free_data(context, scratch); krb5_free_sam_challenge(context, sam_challenge); diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 996cbfd..7ee0860 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1995, 2003, 2008 by the Massachusetts Institute of Technology. All * Rights Reserved. @@ -25,7 +26,7 @@ /* * This file contains routines for establishing, verifying, and any other - * necessary functions, for utilizing the pre-authentication field of the + * necessary functions, for utilizing the pre-authentication field of the * kerberos kdc request, with various hardware/software verification devices. */ @@ -50,17 +51,17 @@ static const char *objdirs[] = { LIBDIR "/krb5/plugins/preauth", NULL }; #endif typedef krb5_error_code (*pa_function)(krb5_context, - krb5_kdc_req *request, - krb5_pa_data *in_padata, - krb5_pa_data **out_padata, - krb5_data *salt, krb5_data *s2kparams, - krb5_enctype *etype, - krb5_keyblock *as_key, - krb5_prompter_fct prompter_fct, - void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, - void *gak_data); - + krb5_kdc_req *request, + krb5_pa_data *in_padata, + krb5_pa_data **out_padata, + krb5_data *salt, krb5_data *s2kparams, + krb5_enctype *etype, + krb5_keyblock *as_key, + krb5_prompter_fct prompter_fct, + void *prompter_data, + krb5_gic_get_as_key_fct gak_fct, + void *gak_data); + typedef struct _pa_types_t { krb5_preauthtype type; pa_function fct; @@ -85,27 +86,27 @@ krb5_init_preauth_context(krb5_context kcontext) /* Only do this once for each krb5_context */ if (kcontext->preauth_context != NULL) - return; + return; /* load the plugins for the current context */ if (PLUGIN_DIR_OPEN(&kcontext->preauth_plugins) == 0) { - if (krb5int_open_plugin_dirs(objdirs, NULL, - &kcontext->preauth_plugins, - &kcontext->err) != 0) { - return; - } + if (krb5int_open_plugin_dirs(objdirs, NULL, + &kcontext->preauth_plugins, + &kcontext->err) != 0) { + return; + } } /* pull out the module function tables for all of the modules */ tables = NULL; if (krb5int_get_plugin_dir_data(&kcontext->preauth_plugins, - "preauthentication_client_1", - &tables, - &kcontext->err) != 0) { - return; + "preauthentication_client_1", + &tables, + &kcontext->err) != 0) { + return; } if (tables == NULL) { - return; + return; } /* count how many modules we ended up loading, and how many preauth @@ -114,23 +115,23 @@ krb5_init_preauth_context(krb5_context kcontext) for (n_tables = 0; (tables != NULL) && (tables[n_tables] != NULL); n_tables++) { - table = tables[n_tables]; - if ((table->pa_type_list != NULL) && (table->process != NULL)) { - for (j = 0; table->pa_type_list[j] > 0; j++) { - n_modules++; - } - } + table = tables[n_tables]; + if ((table->pa_type_list != NULL) && (table->process != NULL)) { + for (j = 0; table->pa_type_list[j] > 0; j++) { + n_modules++; + } + } } /* allocate the space we need */ context = malloc(sizeof(*context)); if (context == NULL) { - krb5int_free_plugin_dir_data(tables); + krb5int_free_plugin_dir_data(tables); return; } context->modules = calloc(n_modules, sizeof(context->modules[0])); if (context->modules == NULL) { - krb5int_free_plugin_dir_data(tables); + krb5int_free_plugin_dir_data(tables); free(context); return; } @@ -141,64 +142,64 @@ krb5_init_preauth_context(krb5_context kcontext) for (i = 0; i < n_tables; i++) { table = tables[i]; if ((table->pa_type_list != NULL) && (table->process != NULL)) { - plugin_context = NULL; - if ((table->init != NULL) && - ((*table->init)(kcontext, &plugin_context) != 0)) { + plugin_context = NULL; + if ((table->init != NULL) && + ((*table->init)(kcontext, &plugin_context) != 0)) { #ifdef DEBUG - fprintf (stderr, "init err, skipping module \"%s\"\n", - table->name); + fprintf (stderr, "init err, skipping module \"%s\"\n", + table->name); #endif - continue; - } - - rcpp = NULL; - for (j = 0; table->pa_type_list[j] > 0; j++) { - pa_type = table->pa_type_list[j]; - context->modules[k].pa_type = pa_type; - context->modules[k].enctypes = table->enctype_list; - context->modules[k].plugin_context = plugin_context; - /* Only call client_fini once per plugin */ - if (j == 0) - context->modules[k].client_fini = table->fini; - else - context->modules[k].client_fini = NULL; - context->modules[k].ftable = table; - context->modules[k].name = table->name; - context->modules[k].flags = (*table->flags)(kcontext, pa_type); - context->modules[k].use_count = 0; - context->modules[k].client_process = table->process; - context->modules[k].client_tryagain = table->tryagain; - if (j == 0) - context->modules[k].client_supply_gic_opts = table->gic_opts; - else - context->modules[k].client_supply_gic_opts = NULL; - context->modules[k].request_context = NULL; - /* - * Only call request_init and request_fini once per plugin. - * Only the first module within each plugin will ever - * have request_context filled in. Every module within - * the plugin will have its request_context_pp pointing - * to that entry's request_context. That way all the - * modules within the plugin share the same request_context - */ - if (j == 0) { - context->modules[k].client_req_init = table->request_init; - context->modules[k].client_req_fini = table->request_fini; - rcpp = &context->modules[k].request_context; - } else { - context->modules[k].client_req_init = NULL; - context->modules[k].client_req_fini = NULL; - } - context->modules[k].request_context_pp = rcpp; + continue; + } + + rcpp = NULL; + for (j = 0; table->pa_type_list[j] > 0; j++) { + pa_type = table->pa_type_list[j]; + context->modules[k].pa_type = pa_type; + context->modules[k].enctypes = table->enctype_list; + context->modules[k].plugin_context = plugin_context; + /* Only call client_fini once per plugin */ + if (j == 0) + context->modules[k].client_fini = table->fini; + else + context->modules[k].client_fini = NULL; + context->modules[k].ftable = table; + context->modules[k].name = table->name; + context->modules[k].flags = (*table->flags)(kcontext, pa_type); + context->modules[k].use_count = 0; + context->modules[k].client_process = table->process; + context->modules[k].client_tryagain = table->tryagain; + if (j == 0) + context->modules[k].client_supply_gic_opts = table->gic_opts; + else + context->modules[k].client_supply_gic_opts = NULL; + context->modules[k].request_context = NULL; + /* + * Only call request_init and request_fini once per plugin. + * Only the first module within each plugin will ever + * have request_context filled in. Every module within + * the plugin will have its request_context_pp pointing + * to that entry's request_context. That way all the + * modules within the plugin share the same request_context + */ + if (j == 0) { + context->modules[k].client_req_init = table->request_init; + context->modules[k].client_req_fini = table->request_fini; + rcpp = &context->modules[k].request_context; + } else { + context->modules[k].client_req_init = NULL; + context->modules[k].client_req_fini = NULL; + } + context->modules[k].request_context_pp = rcpp; #ifdef DEBUG - fprintf (stderr, "init module \"%s\", pa_type %d, flag %d\n", - context->modules[k].name, - context->modules[k].pa_type, - context->modules[k].flags); + fprintf (stderr, "init module \"%s\", pa_type %d, flag %d\n", + context->modules[k].name, + context->modules[k].pa_type, + context->modules[k].flags); #endif - k++; - } - } + k++; + } + } } krb5int_free_plugin_dir_data(tables); @@ -214,9 +215,9 @@ krb5_clear_preauth_context_use_counts(krb5_context context) { int i; if (context->preauth_context != NULL) { - for (i = 0; i < context->preauth_context->n_modules; i++) { - context->preauth_context->modules[i].use_count = 0; - } + for (i = 0; i < context->preauth_context->n_modules; i++) { + context->preauth_context->modules[i].use_count = 0; + } } } @@ -226,9 +227,9 @@ krb5_clear_preauth_context_use_counts(krb5_context context) */ krb5_error_code krb5_preauth_supply_preauth_data(krb5_context context, - krb5_gic_opt_ext *opte, - const char *attr, - const char *value) + krb5_gic_opt_ext *opte, + const char *attr, + const char *value) { krb5_error_code retval = 0; int i; @@ -236,13 +237,13 @@ krb5_preauth_supply_preauth_data(krb5_context context, const char *emsg = NULL; if (context->preauth_context == NULL) - krb5_init_preauth_context(context); + krb5_init_preauth_context(context); if (context->preauth_context == NULL) { - retval = EINVAL; - krb5int_set_error(&context->err, retval, - "krb5_preauth_supply_preauth_data: " - "Unable to initialize preauth context"); - return retval; + retval = EINVAL; + krb5int_set_error(&context->err, retval, + "krb5_preauth_supply_preauth_data: " + "Unable to initialize preauth context"); + return retval; } /* @@ -250,19 +251,19 @@ krb5_preauth_supply_preauth_data(krb5_context context, * attribute/value pair. */ for (i = 0; i < context->preauth_context->n_modules; i++) { - if (context->preauth_context->modules[i].client_supply_gic_opts == NULL) - continue; - pctx = context->preauth_context->modules[i].plugin_context; - retval = (*context->preauth_context->modules[i].client_supply_gic_opts) - (context, pctx, - (krb5_get_init_creds_opt *)opte, attr, value); - if (retval) { - emsg = krb5_get_error_message(context, retval); - krb5int_set_error(&context->err, retval, "Preauth plugin %s: %s", - context->preauth_context->modules[i].name, emsg); - krb5_free_error_message(context, emsg); - break; - } + if (context->preauth_context->modules[i].client_supply_gic_opts == NULL) + continue; + pctx = context->preauth_context->modules[i].plugin_context; + retval = (*context->preauth_context->modules[i].client_supply_gic_opts) + (context, pctx, + (krb5_get_init_creds_opt *)opte, attr, value); + if (retval) { + emsg = krb5_get_error_message(context, retval); + krb5int_set_error(&context->err, retval, "Preauth plugin %s: %s", + context->preauth_context->modules[i].name, emsg); + krb5_free_error_message(context, emsg); + break; + } } return retval; } @@ -276,20 +277,20 @@ krb5_free_preauth_context(krb5_context context) int i; void *pctx; if (context && context->preauth_context != NULL) { - for (i = 0; i < context->preauth_context->n_modules; i++) { - pctx = context->preauth_context->modules[i].plugin_context; - if (context->preauth_context->modules[i].client_fini != NULL) { - (*context->preauth_context->modules[i].client_fini)(context, pctx); - } - memset(&context->preauth_context->modules[i], 0, - sizeof(context->preauth_context->modules[i])); - } - if (context->preauth_context->modules != NULL) { - free(context->preauth_context->modules); - context->preauth_context->modules = NULL; - } - free(context->preauth_context); - context->preauth_context = NULL; + for (i = 0; i < context->preauth_context->n_modules; i++) { + pctx = context->preauth_context->modules[i].plugin_context; + if (context->preauth_context->modules[i].client_fini != NULL) { + (*context->preauth_context->modules[i].client_fini)(context, pctx); + } + memset(&context->preauth_context->modules[i], 0, + sizeof(context->preauth_context->modules[i])); + } + if (context->preauth_context->modules != NULL) { + free(context->preauth_context->modules); + context->preauth_context->modules = NULL; + } + free(context->preauth_context); + context->preauth_context = NULL; } } @@ -303,15 +304,15 @@ krb5_preauth_request_context_init(krb5_context context) /* Limit this to only one attempt per context? */ if (context->preauth_context == NULL) - krb5_init_preauth_context(context); + krb5_init_preauth_context(context); if (context->preauth_context != NULL) { - for (i = 0; i < context->preauth_context->n_modules; i++) { - pctx = context->preauth_context->modules[i].plugin_context; - if (context->preauth_context->modules[i].client_req_init != NULL) { - rctx = context->preauth_context->modules[i].request_context_pp; - (*context->preauth_context->modules[i].client_req_init) (context, pctx, rctx); - } - } + for (i = 0; i < context->preauth_context->n_modules; i++) { + pctx = context->preauth_context->modules[i].plugin_context; + if (context->preauth_context->modules[i].client_req_init != NULL) { + rctx = context->preauth_context->modules[i].request_context_pp; + (*context->preauth_context->modules[i].client_req_init) (context, pctx, rctx); + } + } } } @@ -323,16 +324,16 @@ krb5_preauth_request_context_fini(krb5_context context) int i; void *rctx, *pctx; if (context->preauth_context != NULL) { - for (i = 0; i < context->preauth_context->n_modules; i++) { - pctx = context->preauth_context->modules[i].plugin_context; - rctx = context->preauth_context->modules[i].request_context; - if (rctx != NULL) { - if (context->preauth_context->modules[i].client_req_fini != NULL) { - (*context->preauth_context->modules[i].client_req_fini)(context, pctx, rctx); - } - context->preauth_context->modules[i].request_context = NULL; - } - } + for (i = 0; i < context->preauth_context->n_modules; i++) { + pctx = context->preauth_context->modules[i].plugin_context; + rctx = context->preauth_context->modules[i].request_context; + if (rctx != NULL) { + if (context->preauth_context->modules[i].client_req_fini != NULL) { + (*context->preauth_context->modules[i].client_req_fini)(context, pctx, rctx); + } + context->preauth_context->modules[i].request_context = NULL; + } + } } } @@ -343,18 +344,18 @@ grow_ktypes(krb5_enctype **out_ktypes, int *out_nktypes, krb5_enctype ktype) int i; krb5_enctype *ktypes; for (i = 0; i < *out_nktypes; i++) { - if ((*out_ktypes)[i] == ktype) - return; + if ((*out_ktypes)[i] == ktype) + return; } ktypes = malloc((*out_nktypes + 2) * sizeof(ktype)); if (ktypes) { - for (i = 0; i < *out_nktypes; i++) - ktypes[i] = (*out_ktypes)[i]; - ktypes[i++] = ktype; - ktypes[i] = 0; - free(*out_ktypes); - *out_ktypes = ktypes; - *out_nktypes = i; + for (i = 0; i < *out_nktypes; i++) + ktypes[i] = (*out_ktypes)[i]; + ktypes[i++] = ktype; + ktypes[i] = 0; + free(*out_ktypes); + *out_ktypes = ktypes; + *out_nktypes = i; } } @@ -364,42 +365,42 @@ grow_ktypes(krb5_enctype **out_ktypes, int *out_nktypes, krb5_enctype ktype) */ static int grow_pa_list(krb5_pa_data ***out_pa_list, int *out_pa_list_size, - krb5_pa_data **addition, int num_addition) + krb5_pa_data **addition, int num_addition) { krb5_pa_data **pa_list; int i, j; if (out_pa_list == NULL || addition == NULL) { - return EINVAL; + return EINVAL; } if (*out_pa_list == NULL) { - /* Allocate room for the new additions and a NULL terminator. */ - pa_list = malloc((num_addition + 1) * sizeof(krb5_pa_data *)); - if (pa_list == NULL) - return ENOMEM; - for (i = 0; i < num_addition; i++) - pa_list[i] = addition[i]; - pa_list[i] = NULL; - *out_pa_list = pa_list; - *out_pa_list_size = num_addition; + /* Allocate room for the new additions and a NULL terminator. */ + pa_list = malloc((num_addition + 1) * sizeof(krb5_pa_data *)); + if (pa_list == NULL) + return ENOMEM; + for (i = 0; i < num_addition; i++) + pa_list[i] = addition[i]; + pa_list[i] = NULL; + *out_pa_list = pa_list; + *out_pa_list_size = num_addition; } else { - /* - * Allocate room for the existing entries plus - * the new additions and a NULL terminator. - */ - pa_list = malloc((*out_pa_list_size + num_addition + 1) - * sizeof(krb5_pa_data *)); - if (pa_list == NULL) - return ENOMEM; - for (i = 0; i < *out_pa_list_size; i++) - pa_list[i] = (*out_pa_list)[i]; - for (j = 0; j < num_addition;) - pa_list[i++] = addition[j++]; - pa_list[i] = NULL; - free(*out_pa_list); - *out_pa_list = pa_list; - *out_pa_list_size = i; + /* + * Allocate room for the existing entries plus + * the new additions and a NULL terminator. + */ + pa_list = malloc((*out_pa_list_size + num_addition + 1) + * sizeof(krb5_pa_data *)); + if (pa_list == NULL) + return ENOMEM; + for (i = 0; i < *out_pa_list_size; i++) + pa_list[i] = (*out_pa_list)[i]; + for (j = 0; j < num_addition;) + pa_list[i++] = addition[j++]; + pa_list[i] = NULL; + free(*out_pa_list); + *out_pa_list = pa_list; + *out_pa_list_size = i; } return 0; } @@ -416,81 +417,81 @@ grow_pa_list(krb5_pa_data ***out_pa_list, int *out_pa_list_size, static krb5_error_code client_data_proc(krb5_context kcontext, - krb5_preauth_client_rock *rock, - krb5_int32 request_type, - krb5_data **retdata) + krb5_preauth_client_rock *rock, + krb5_int32 request_type, + krb5_data **retdata) { krb5_data *ret; krb5_error_code retval; char *data; if (rock->magic != CLIENT_ROCK_MAGIC) - return EINVAL; + return EINVAL; if (retdata == NULL) - return EINVAL; + return EINVAL; switch (request_type) { case krb5plugin_preauth_client_get_etype: - { - krb5_enctype *eptr; - ret = malloc(sizeof(krb5_data)); - if (ret == NULL) - return ENOMEM; - data = malloc(sizeof(krb5_enctype)); - if (data == NULL) { - free(ret); - return ENOMEM; - } - ret->data = data; - ret->length = sizeof(krb5_enctype); - eptr = (krb5_enctype *)data; - *eptr = *rock->etype; - *retdata = ret; - return 0; - } - break; + { + krb5_enctype *eptr; + ret = malloc(sizeof(krb5_data)); + if (ret == NULL) + return ENOMEM; + data = malloc(sizeof(krb5_enctype)); + if (data == NULL) { + free(ret); + return ENOMEM; + } + ret->data = data; + ret->length = sizeof(krb5_enctype); + eptr = (krb5_enctype *)data; + *eptr = *rock->etype; + *retdata = ret; + return 0; + } + break; case krb5plugin_preauth_client_free_etype: - ret = *retdata; - if (ret == NULL) - return 0; - if (ret->data) - free(ret->data); - free(ret); - return 0; - break; + ret = *retdata; + if (ret == NULL) + return 0; + if (ret->data) + free(ret->data); + free(ret); + return 0; + break; case krb5plugin_preauth_client_fast_armor: { - krb5_keyblock *key = NULL; - ret = calloc(1, sizeof(krb5_data)); - if (ret == NULL) - return ENOMEM; - retval = 0; - if (rock->fast_state->armor_key) - retval = krb5_copy_keyblock(kcontext, rock->fast_state->armor_key, - &key); - if (retval == 0) { - ret->data = (char *) key; - ret->length = key?sizeof(krb5_keyblock):0; - key = NULL; - } - if (retval == 0) { - *retdata = ret; - ret = NULL; - } - if (ret) - free(ret); - return retval; + krb5_keyblock *key = NULL; + ret = calloc(1, sizeof(krb5_data)); + if (ret == NULL) + return ENOMEM; + retval = 0; + if (rock->fast_state->armor_key) + retval = krb5_copy_keyblock(kcontext, rock->fast_state->armor_key, + &key); + if (retval == 0) { + ret->data = (char *) key; + ret->length = key?sizeof(krb5_keyblock):0; + key = NULL; + } + if (retval == 0) { + *retdata = ret; + ret = NULL; + } + if (ret) + free(ret); + return retval; } case krb5plugin_preauth_client_free_fast_armor: - ret = *retdata; - if (ret) { - if (ret->data) - krb5_free_keyblock(kcontext, (krb5_keyblock *) ret->data); - free(ret); - *retdata = NULL; - } - return 0; - default: - return EINVAL; + ret = *retdata; + if (ret) { + if (ret->data) + krb5_free_keyblock(kcontext, (krb5_keyblock *) ret->data); + free(ret); + *retdata = NULL; + } + return 0; + default: + return EINVAL; } } @@ -499,25 +500,25 @@ client_data_proc(krb5_context kcontext, * involved things. */ void KRB5_CALLCONV krb5_preauth_prepare_request(krb5_context kcontext, - krb5_gic_opt_ext *opte, - krb5_kdc_req *request) + krb5_gic_opt_ext *opte, + krb5_kdc_req *request) { int i, j; if (kcontext->preauth_context == NULL) { - return; + return; } /* Add the module-specific enctype list to the request, but only if * it's something we can safely modify. */ if (!(opte && (opte->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST))) { - for (i = 0; i < kcontext->preauth_context->n_modules; i++) { - if (kcontext->preauth_context->modules[i].enctypes == NULL) - continue; - for (j = 0; kcontext->preauth_context->modules[i].enctypes[j] != 0; j++) { - grow_ktypes(&request->ktype, &request->nktypes, - kcontext->preauth_context->modules[i].enctypes[j]); - } - } + for (i = 0; i < kcontext->preauth_context->n_modules; i++) { + if (kcontext->preauth_context->modules[i].enctypes == NULL) + continue; + for (j = 0; kcontext->preauth_context->modules[i].enctypes[j] != 0; j++) { + grow_ktypes(&request->ktype, &request->nktypes, + kcontext->preauth_context->modules[i].enctypes[j]); + } + } } } @@ -526,24 +527,24 @@ krb5_preauth_prepare_request(krb5_context kcontext, * they don't generate preauth data), and run it. */ static krb5_error_code krb5_run_preauth_plugins(krb5_context kcontext, - int module_required_flags, - krb5_kdc_req *request, - krb5_data *encoded_request_body, - krb5_data *encoded_previous_request, - krb5_pa_data *in_padata, - krb5_prompter_fct prompter, - void *prompter_data, - preauth_get_as_key_proc gak_fct, - krb5_data *salt, - krb5_data *s2kparams, - void *gak_data, - krb5_preauth_client_rock *get_data_rock, - krb5_keyblock *as_key, - krb5_pa_data ***out_pa_list, - int *out_pa_list_size, - int *module_ret, - int *module_flags, - krb5_gic_opt_ext *opte) + int module_required_flags, + krb5_kdc_req *request, + krb5_data *encoded_request_body, + krb5_data *encoded_previous_request, + krb5_pa_data *in_padata, + krb5_prompter_fct prompter, + void *prompter_data, + preauth_get_as_key_proc gak_fct, + krb5_data *salt, + krb5_data *s2kparams, + void *gak_data, + krb5_preauth_client_rock *get_data_rock, + krb5_keyblock *as_key, + krb5_pa_data ***out_pa_list, + int *out_pa_list_size, + int *module_ret, + int *module_flags, + krb5_gic_opt_ext *opte) { int i; krb5_pa_data **out_pa_data; @@ -551,64 +552,64 @@ krb5_run_preauth_plugins(krb5_context kcontext, struct _krb5_preauth_context_module *module; if (kcontext->preauth_context == NULL) { - return ENOENT; + return ENOENT; } /* iterate over all loaded modules */ for (i = 0; i < kcontext->preauth_context->n_modules; i++) { - module = &kcontext->preauth_context->modules[i]; - /* skip over those which don't match the preauth type */ - if (module->pa_type != in_padata->pa_type) - continue; - /* skip over those which don't match the flags (INFO vs REAL, mainly) */ - if ((module->flags & module_required_flags) == 0) - continue; - /* if it's a REAL module, try to call it only once per library call */ - if (module_required_flags & PA_REAL) { - if (module->use_count > 0) { + module = &kcontext->preauth_context->modules[i]; + /* skip over those which don't match the preauth type */ + if (module->pa_type != in_padata->pa_type) + continue; + /* skip over those which don't match the flags (INFO vs REAL, mainly) */ + if ((module->flags & module_required_flags) == 0) + continue; + /* if it's a REAL module, try to call it only once per library call */ + if (module_required_flags & PA_REAL) { + if (module->use_count > 0) { #ifdef DEBUG - fprintf(stderr, "skipping already-used module \"%s\"(%d)\n", - module->name, module->pa_type); + fprintf(stderr, "skipping already-used module \"%s\"(%d)\n", + module->name, module->pa_type); #endif - continue; - } - module->use_count++; - } - /* run the module's callback function */ - out_pa_data = NULL; + continue; + } + module->use_count++; + } + /* run the module's callback function */ + out_pa_data = NULL; #ifdef DEBUG - fprintf(stderr, "using module \"%s\" (%d), flags = %d\n", - module->name, module->pa_type, module->flags); + fprintf(stderr, "using module \"%s\" (%d), flags = %d\n", + module->name, module->pa_type, module->flags); #endif - ret = module->client_process(kcontext, - module->plugin_context, - *module->request_context_pp, - (krb5_get_init_creds_opt *)opte, - client_data_proc, - get_data_rock, - request, - encoded_request_body, - encoded_previous_request, - in_padata, - prompter, prompter_data, - gak_fct, gak_data, salt, s2kparams, - as_key, - &out_pa_data); - /* Make note of the module's flags and status. */ - *module_flags = module->flags; - *module_ret = ret; - /* Save the new preauth data item. */ - if (out_pa_data != NULL) { - int j; - for (j = 0; out_pa_data[j] != NULL; j++); - ret = grow_pa_list(out_pa_list, out_pa_list_size, out_pa_data, j); - free(out_pa_data); - if (ret != 0) - return ret; - } - break; + ret = module->client_process(kcontext, + module->plugin_context, + *module->request_context_pp, + (krb5_get_init_creds_opt *)opte, + client_data_proc, + get_data_rock, + request, + encoded_request_body, + encoded_previous_request, + in_padata, + prompter, prompter_data, + gak_fct, gak_data, salt, s2kparams, + as_key, + &out_pa_data); + /* Make note of the module's flags and status. */ + *module_flags = module->flags; + *module_ret = ret; + /* Save the new preauth data item. */ + if (out_pa_data != NULL) { + int j; + for (j = 0; out_pa_data[j] != NULL; j++); + ret = grow_pa_list(out_pa_list, out_pa_list_size, out_pa_data, j); + free(out_pa_data); + if (ret != 0) + return ret; + } + break; } if (i >= kcontext->preauth_context->n_modules) { - return ENOENT; + return ENOENT; } return 0; } @@ -625,14 +626,14 @@ padata2data(krb5_pa_data p) static krb5_error_code pa_salt(krb5_context context, - krb5_kdc_req *request, - krb5_pa_data *in_padata, - krb5_pa_data **out_padata, - krb5_data *salt, krb5_data *s2kparams, - krb5_enctype *etype, - krb5_keyblock *as_key, - krb5_prompter_fct prompter, void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, void *gak_data) + krb5_kdc_req *request, + krb5_pa_data *in_padata, + krb5_pa_data **out_padata, + krb5_data *salt, krb5_data *s2kparams, + krb5_enctype *etype, + krb5_keyblock *as_key, + krb5_prompter_fct prompter, void *prompter_data, + krb5_gic_get_as_key_fct gak_fct, void *gak_data) { krb5_data tmp; krb5_error_code retval; @@ -641,36 +642,36 @@ krb5_error_code pa_salt(krb5_context context, krb5_free_data_contents(context, salt); retval = krb5int_copy_data_contents(context, &tmp, salt); if (retval) - return retval; + return retval; if (in_padata->pa_type == KRB5_PADATA_AFS3_SALT) - salt->length = SALT_TYPE_AFS_LENGTH; + salt->length = SALT_TYPE_AFS_LENGTH; return(0); } static krb5_error_code pa_fx_cookie(krb5_context context, - krb5_kdc_req *request, - krb5_pa_data *in_padata, - krb5_pa_data **out_padata, - krb5_data *salt, - krb5_data *s2kparams, - krb5_enctype *etype, - krb5_keyblock *as_key, - krb5_prompter_fct prompter, - void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, - void *gak_data) + krb5_kdc_req *request, + krb5_pa_data *in_padata, + krb5_pa_data **out_padata, + krb5_data *salt, + krb5_data *s2kparams, + krb5_enctype *etype, + krb5_keyblock *as_key, + krb5_prompter_fct prompter, + void *prompter_data, + krb5_gic_get_as_key_fct gak_fct, + void *gak_data) { krb5_pa_data *pa = calloc(1, sizeof(krb5_pa_data)); krb5_octet *contents; if (pa == NULL) - return ENOMEM; + return ENOMEM; contents = malloc(in_padata->length); if (contents == NULL) { - free(pa); - return ENOMEM; + free(pa); + return ENOMEM; } *pa = *in_padata; pa->contents = contents; @@ -681,68 +682,68 @@ krb5_error_code pa_fx_cookie(krb5_context context, static krb5_error_code pa_enc_timestamp(krb5_context context, - krb5_kdc_req *request, - krb5_pa_data *in_padata, - krb5_pa_data **out_padata, - krb5_data *salt, - krb5_data *s2kparams, - krb5_enctype *etype, - krb5_keyblock *as_key, - krb5_prompter_fct prompter, - void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, - void *gak_data) + krb5_kdc_req *request, + krb5_pa_data *in_padata, + krb5_pa_data **out_padata, + krb5_data *salt, + krb5_data *s2kparams, + krb5_enctype *etype, + krb5_keyblock *as_key, + krb5_prompter_fct prompter, + void *prompter_data, + krb5_gic_get_as_key_fct gak_fct, + void *gak_data) { krb5_error_code ret; krb5_pa_enc_ts pa_enc; krb5_data *tmp; krb5_enc_data enc_data; krb5_pa_data *pa; - + if (as_key->length == 0) { #ifdef DEBUG - fprintf (stderr, "%s:%d: salt len=%d", __FILE__, __LINE__, - salt->length); - if ((int) salt->length > 0) - fprintf (stderr, " '%.*s'", salt->length, salt->data); - fprintf (stderr, "; *etype=%d request->ktype[0]=%d\n", - *etype, request->ktype[0]); + fprintf (stderr, "%s:%d: salt len=%d", __FILE__, __LINE__, + salt->length); + if ((int) salt->length > 0) + fprintf (stderr, " '%.*s'", salt->length, salt->data); + fprintf (stderr, "; *etype=%d request->ktype[0]=%d\n", + *etype, request->ktype[0]); #endif - if ((ret = ((*gak_fct)(context, request->client, - *etype ? *etype : request->ktype[0], - prompter, prompter_data, - salt, s2kparams, as_key, gak_data)))) - return(ret); + if ((ret = ((*gak_fct)(context, request->client, + *etype ? *etype : request->ktype[0], + prompter, prompter_data, + salt, s2kparams, as_key, gak_data)))) + return(ret); } /* now get the time of day, and encrypt it accordingly */ if ((ret = krb5_us_timeofday(context, &pa_enc.patimestamp, &pa_enc.pausec))) - return(ret); + return(ret); if ((ret = encode_krb5_pa_enc_ts(&pa_enc, &tmp))) - return(ret); + return(ret); #ifdef DEBUG fprintf (stderr, "key type %d bytes %02x %02x ...\n", - as_key->enctype, - as_key->contents[0], as_key->contents[1]); + as_key->enctype, + as_key->contents[0], as_key->contents[1]); #endif ret = krb5_encrypt_helper(context, as_key, - KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS, - tmp, &enc_data); + KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS, + tmp, &enc_data); #ifdef DEBUG fprintf (stderr, "enc data { type=%d kvno=%d data=%02x %02x ... }\n", - enc_data.enctype, enc_data.kvno, - 0xff & enc_data.ciphertext.data[0], - 0xff & enc_data.ciphertext.data[1]); + enc_data.enctype, enc_data.kvno, + 0xff & enc_data.ciphertext.data[0], + 0xff & enc_data.ciphertext.data[1]); #endif krb5_free_data(context, tmp); if (ret) { - free(enc_data.ciphertext.data); - return(ret); + free(enc_data.ciphertext.data); + return(ret); } ret = encode_krb5_enc_data(&enc_data, &tmp); @@ -750,11 +751,11 @@ krb5_error_code pa_enc_timestamp(krb5_context context, free(enc_data.ciphertext.data); if (ret) - return(ret); + return(ret); if ((pa = (krb5_pa_data *) malloc(sizeof(krb5_pa_data))) == NULL) { - krb5_free_data(context, tmp); - return(ENOMEM); + krb5_free_data(context, tmp); + return(ENOMEM); } pa->magic = KV5M_PA_DATA; @@ -769,38 +770,38 @@ krb5_error_code pa_enc_timestamp(krb5_context context, return(0); } -static +static char *sam_challenge_banner(krb5_int32 sam_type) { char *label; switch (sam_type) { - case PA_SAM_TYPE_ENIGMA: /* Enigma Logic */ - label = "Challenge for Enigma Logic mechanism"; - break; + case PA_SAM_TYPE_ENIGMA: /* Enigma Logic */ + label = "Challenge for Enigma Logic mechanism"; + break; case PA_SAM_TYPE_DIGI_PATH: /* Digital Pathways */ case PA_SAM_TYPE_DIGI_PATH_HEX: /* Digital Pathways */ - label = "Challenge for Digital Pathways mechanism"; - break; + label = "Challenge for Digital Pathways mechanism"; + break; case PA_SAM_TYPE_ACTIVCARD_DEC: /* Digital Pathways */ case PA_SAM_TYPE_ACTIVCARD_HEX: /* Digital Pathways */ - label = "Challenge for Activcard mechanism"; - break; - case PA_SAM_TYPE_SKEY_K0: /* S/key where KDC has key 0 */ - label = "Challenge for Enhanced S/Key mechanism"; - break; - case PA_SAM_TYPE_SKEY: /* Traditional S/Key */ - label = "Challenge for Traditional S/Key mechanism"; - break; - case PA_SAM_TYPE_SECURID: /* Security Dynamics */ - label = "Challenge for Security Dynamics mechanism"; - break; - case PA_SAM_TYPE_SECURID_PREDICT: /* predictive Security Dynamics */ - label = "Challenge for Security Dynamics mechanism"; - break; + label = "Challenge for Activcard mechanism"; + break; + case PA_SAM_TYPE_SKEY_K0: /* S/key where KDC has key 0 */ + label = "Challenge for Enhanced S/Key mechanism"; + break; + case PA_SAM_TYPE_SKEY: /* Traditional S/Key */ + label = "Challenge for Traditional S/Key mechanism"; + break; + case PA_SAM_TYPE_SECURID: /* Security Dynamics */ + label = "Challenge for Security Dynamics mechanism"; + break; + case PA_SAM_TYPE_SECURID_PREDICT: /* predictive Security Dynamics */ + label = "Challenge for Security Dynamics mechanism"; + break; default: - label = "Challenge from authentication server"; - break; + label = "Challenge from authentication server"; + break; } return(label); @@ -808,12 +809,12 @@ char *sam_challenge_banner(krb5_int32 sam_type) /* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */ -#define SAMDATA(kdata, str, maxsize) \ - (int)((kdata.length)? \ - ((((kdata.length)<=(maxsize))?(kdata.length):strlen(str))): \ - strlen(str)), \ - (kdata.length)? \ - ((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str) +#define SAMDATA(kdata, str, maxsize) \ + (int)((kdata.length)? \ + ((((kdata.length)<=(maxsize))?(kdata.length):strlen(str))): \ + strlen(str)), \ + (kdata.length)? \ + ((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str) /* XXX Danger! This code is not in sync with the kerberos-password-02 draft. This draft cannot be implemented as written. This code is @@ -821,82 +822,82 @@ char *sam_challenge_banner(krb5_int32 sam_type) static krb5_error_code pa_sam(krb5_context context, - krb5_kdc_req *request, - krb5_pa_data *in_padata, - krb5_pa_data **out_padata, - krb5_data *salt, - krb5_data *s2kparams, - krb5_enctype *etype, - krb5_keyblock *as_key, - krb5_prompter_fct prompter, - void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, - void *gak_data) + krb5_kdc_req *request, + krb5_pa_data *in_padata, + krb5_pa_data **out_padata, + krb5_data *salt, + krb5_data *s2kparams, + krb5_enctype *etype, + krb5_keyblock *as_key, + krb5_prompter_fct prompter, + void *prompter_data, + krb5_gic_get_as_key_fct gak_fct, + void *gak_data) { - krb5_error_code ret; - krb5_data tmpsam; - char name[100], banner[100]; - char prompt[100], response[100]; - krb5_data response_data; - krb5_prompt kprompt; - krb5_prompt_type prompt_type; - krb5_data defsalt; - krb5_sam_challenge *sam_challenge = 0; - krb5_sam_response sam_response; + krb5_error_code ret; + krb5_data tmpsam; + char name[100], banner[100]; + char prompt[100], response[100]; + krb5_data response_data; + krb5_prompt kprompt; + krb5_prompt_type prompt_type; + krb5_data defsalt; + krb5_sam_challenge *sam_challenge = 0; + krb5_sam_response sam_response; /* these two get encrypted and stuffed in to sam_response */ - krb5_enc_sam_response_enc enc_sam_response_enc; - krb5_data * scratch; - krb5_pa_data * pa; + krb5_enc_sam_response_enc enc_sam_response_enc; + krb5_data * scratch; + krb5_pa_data * pa; if (prompter == NULL) - return EIO; + return EIO; tmpsam.length = in_padata->length; tmpsam.data = (char *) in_padata->contents; if ((ret = decode_krb5_sam_challenge(&tmpsam, &sam_challenge))) - return(ret); + return(ret); if (sam_challenge->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) { - krb5_free_sam_challenge(context, sam_challenge); - return(KRB5_SAM_UNSUPPORTED); + krb5_free_sam_challenge(context, sam_challenge); + return(KRB5_SAM_UNSUPPORTED); } - /* If we need the password from the user (USE_SAD_AS_KEY not set), */ - /* then get it here. Exception for "old" KDCs with CryptoCard */ - /* support which uses the USE_SAD_AS_KEY flag, but still needs pwd */ + /* If we need the password from the user (USE_SAD_AS_KEY not set), */ + /* then get it here. Exception for "old" KDCs with CryptoCard */ + /* support which uses the USE_SAD_AS_KEY flag, but still needs pwd */ if (!(sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) || - (sam_challenge->sam_type == PA_SAM_TYPE_CRYPTOCARD)) { + (sam_challenge->sam_type == PA_SAM_TYPE_CRYPTOCARD)) { - /* etype has either been set by caller or by KRB5_PADATA_ETYPE_INFO */ - /* message from the KDC. If it is not set, pick an enctype that we */ - /* think the KDC will have for us. */ + /* etype has either been set by caller or by KRB5_PADATA_ETYPE_INFO */ + /* message from the KDC. If it is not set, pick an enctype that we */ + /* think the KDC will have for us. */ - if (*etype == 0) - *etype = ENCTYPE_DES_CBC_CRC; + if (*etype == 0) + *etype = ENCTYPE_DES_CBC_CRC; - if ((ret = (gak_fct)(context, request->client, *etype, prompter, - prompter_data, salt, s2kparams, as_key, - gak_data))) { - krb5_free_sam_challenge(context, sam_challenge); - return(ret); - } + if ((ret = (gak_fct)(context, request->client, *etype, prompter, + prompter_data, salt, s2kparams, as_key, + gak_data))) { + krb5_free_sam_challenge(context, sam_challenge); + return(ret); + } } snprintf(name, sizeof(name), "%.*s", - SAMDATA(sam_challenge->sam_type_name, "SAM Authentication", - sizeof(name) - 1)); + SAMDATA(sam_challenge->sam_type_name, "SAM Authentication", + sizeof(name) - 1)); snprintf(banner, sizeof(banner), "%.*s", - SAMDATA(sam_challenge->sam_challenge_label, - sam_challenge_banner(sam_challenge->sam_type), - sizeof(banner)-1)); + SAMDATA(sam_challenge->sam_challenge_label, + sam_challenge_banner(sam_challenge->sam_type), + sizeof(banner)-1)); /* sprintf(prompt, "Challenge is [%s], %s: ", challenge, prompt); */ snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s", - sam_challenge->sam_challenge.length?"Challenge is [":"", - SAMDATA(sam_challenge->sam_challenge, "", 20), - sam_challenge->sam_challenge.length?"], ":"", - SAMDATA(sam_challenge->sam_response_prompt, "passcode", 55)); + sam_challenge->sam_challenge.length?"Challenge is [":"", + SAMDATA(sam_challenge->sam_challenge, "", 20), + sam_challenge->sam_challenge.length?"], ":"", + SAMDATA(sam_challenge->sam_response_prompt, "passcode", 55)); response_data.data = response; response_data.length = sizeof(response); @@ -909,115 +910,115 @@ krb5_error_code pa_sam(krb5_context context, /* PROMPTER_INVOCATION */ krb5int_set_prompt_types(context, &prompt_type); if ((ret = ((*prompter)(context, prompter_data, name, - banner, 1, &kprompt)))) { - krb5_free_sam_challenge(context, sam_challenge); - krb5int_set_prompt_types(context, 0); - return(ret); + banner, 1, &kprompt)))) { + krb5_free_sam_challenge(context, sam_challenge); + krb5int_set_prompt_types(context, 0); + return(ret); } krb5int_set_prompt_types(context, 0); enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce; if (sam_challenge->sam_nonce == 0) { - if ((ret = krb5_us_timeofday(context, - &enc_sam_response_enc.sam_timestamp, - &enc_sam_response_enc.sam_usec))) { - krb5_free_sam_challenge(context,sam_challenge); - return(ret); - } + if ((ret = krb5_us_timeofday(context, + &enc_sam_response_enc.sam_timestamp, + &enc_sam_response_enc.sam_usec))) { + krb5_free_sam_challenge(context,sam_challenge); + return(ret); + } - sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp; + sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp; } /* XXX What if more than one flag is set? */ if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) { - /* Most of this should be taken care of before we get here. We */ - /* will need the user's password and as_key to encrypt the SAD */ - /* and we want to preserve ordering of user prompts (first */ - /* password, then SAM data) so that user's won't be confused. */ + /* Most of this should be taken care of before we get here. We */ + /* will need the user's password and as_key to encrypt the SAD */ + /* and we want to preserve ordering of user prompts (first */ + /* password, then SAM data) so that user's won't be confused. */ - if (as_key->length) { - krb5_free_keyblock_contents(context, as_key); - as_key->length = 0; - } + if (as_key->length) { + krb5_free_keyblock_contents(context, as_key); + as_key->length = 0; + } - /* generate a salt using the requested principal */ + /* generate a salt using the requested principal */ - if ((salt->length == -1 || salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) { - if ((ret = krb5_principal2salt(context, request->client, - &defsalt))) { - krb5_free_sam_challenge(context, sam_challenge); - return(ret); - } + if ((salt->length == -1 || salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) { + if ((ret = krb5_principal2salt(context, request->client, + &defsalt))) { + krb5_free_sam_challenge(context, sam_challenge); + return(ret); + } - salt = &defsalt; - } else { - defsalt.length = 0; - } + salt = &defsalt; + } else { + defsalt.length = 0; + } - /* generate a key using the supplied password */ + /* generate a key using the supplied password */ - ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5, - (krb5_data *)gak_data, salt, as_key); + ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5, + (krb5_data *)gak_data, salt, as_key); - if (defsalt.length) - free(defsalt.data); + if (defsalt.length) + free(defsalt.data); - if (ret) { - krb5_free_sam_challenge(context, sam_challenge); - return(ret); - } + if (ret) { + krb5_free_sam_challenge(context, sam_challenge); + return(ret); + } - /* encrypt the passcode with the key from above */ + /* encrypt the passcode with the key from above */ - enc_sam_response_enc.sam_sad = response_data; + enc_sam_response_enc.sam_sad = response_data; } else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) { - /* process the key as password */ + /* process the key as password */ - if (as_key->length) { - krb5_free_keyblock_contents(context, as_key); - as_key->length = 0; - } + if (as_key->length) { + krb5_free_keyblock_contents(context, as_key); + as_key->length = 0; + } #if 0 - if ((salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) { - if (ret = krb5_principal2salt(context, request->client, - &defsalt)) { - krb5_free_sam_challenge(context, sam_challenge); - return(ret); - } - - salt = &defsalt; - } else { - defsalt.length = 0; - } + if ((salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) { + if (ret = krb5_principal2salt(context, request->client, + &defsalt)) { + krb5_free_sam_challenge(context, sam_challenge); + return(ret); + } + + salt = &defsalt; + } else { + defsalt.length = 0; + } #else - defsalt.length = 0; - salt = NULL; + defsalt.length = 0; + salt = NULL; #endif - - /* XXX As of the passwords-04 draft, no enctype is specified, - the server uses ENCTYPE_DES_CBC_MD5. In the future the - server should send a PA-SAM-ETYPE-INFO containing the enctype. */ - ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5, - &response_data, salt, as_key); + /* XXX As of the passwords-04 draft, no enctype is specified, + the server uses ENCTYPE_DES_CBC_MD5. In the future the + server should send a PA-SAM-ETYPE-INFO containing the enctype. */ + + ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5, + &response_data, salt, as_key); - if (defsalt.length) - free(defsalt.data); + if (defsalt.length) + free(defsalt.data); - if (ret) { - krb5_free_sam_challenge(context, sam_challenge); - return(ret); - } + if (ret) { + krb5_free_sam_challenge(context, sam_challenge); + return(ret); + } - enc_sam_response_enc.sam_sad.length = 0; + enc_sam_response_enc.sam_sad.length = 0; } else { - /* Eventually, combine SAD with long-term key to get - encryption key. */ - krb5_free_sam_challenge(context, sam_challenge); - return KRB5_PREAUTH_BAD_TYPE; + /* Eventually, combine SAD with long-term key to get + encryption key. */ + krb5_free_sam_challenge(context, sam_challenge); + return KRB5_PREAUTH_BAD_TYPE; } /* copy things from the challenge */ @@ -1031,26 +1032,26 @@ krb5_error_code pa_sam(krb5_context context, /* encode the encoded part of the response */ if ((ret = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc, - &scratch))) - return(ret); + &scratch))) + return(ret); ret = krb5_encrypt_data(context, as_key, 0, scratch, - &sam_response.sam_enc_nonce_or_ts); + &sam_response.sam_enc_nonce_or_ts); krb5_free_data(context, scratch); if (ret) - return(ret); + return(ret); /* sam_enc_key is reserved for future use */ sam_response.sam_enc_key.ciphertext.length = 0; if ((pa = malloc(sizeof(krb5_pa_data))) == NULL) - return(ENOMEM); + return(ENOMEM); if ((ret = encode_krb5_sam_response(&sam_response, &scratch))) { - free(pa); - return(ret); + free(pa); + return(ret); } pa->magic = KV5M_PA_DATA; @@ -1066,7 +1067,7 @@ krb5_error_code pa_sam(krb5_context context, } #if APPLE_PKINIT -/* +/* * PKINIT. One function to generate AS-REQ, one to parse AS-REP */ #define PKINIT_DEBUG 0 @@ -1081,32 +1082,32 @@ static krb5_error_code pa_pkinit_gen_req( krb5_kdc_req *request, krb5_pa_data *in_padata, krb5_pa_data **out_padata, - krb5_data *salt, + krb5_data *salt, krb5_data *s2kparams, krb5_enctype *etype, krb5_keyblock *as_key, - krb5_prompter_fct prompter, + krb5_prompter_fct prompter, void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, + krb5_gic_get_as_key_fct gak_fct, void *gak_data) { - krb5_error_code krtn; - krb5_data out_data = {0, 0, NULL}; - krb5_timestamp kctime = 0; - krb5_int32 cusec = 0; - krb5_ui_4 nonce = 0; - krb5_checksum cksum; - krb5_pkinit_signing_cert_t client_cert; - krb5_data *der_req = NULL; - char *client_principal = NULL; - char *server_principal = NULL; - unsigned char nonce_bytes[4]; - krb5_data nonce_data = {0, 4, (char *)nonce_bytes}; - int dex; - - /* + krb5_error_code krtn; + krb5_data out_data = {0, 0, NULL}; + krb5_timestamp kctime = 0; + krb5_int32 cusec = 0; + krb5_ui_4 nonce = 0; + krb5_checksum cksum; + krb5_pkinit_signing_cert_t client_cert; + krb5_data *der_req = NULL; + char *client_principal = NULL; + char *server_principal = NULL; + unsigned char nonce_bytes[4]; + krb5_data nonce_data = {0, 4, (char *)nonce_bytes}; + int dex; + + /* * Trusted CA list and specific KC cert optionally obtained via - * krb5_pkinit_get_server_certs(). All are DER-encoded certs. + * krb5_pkinit_get_server_certs(). All are DER-encoded certs. */ krb5_data *trusted_CAs = NULL; krb5_ui_4 num_trusted_CAs; @@ -1116,72 +1117,72 @@ static krb5_error_code pa_pkinit_gen_req( /* If we don't have a client cert, we're done */ if(request->client == NULL) { - kdcPkinitDebug("No request->client; aborting PKINIT\n"); - return KRB5KDC_ERR_PREAUTH_FAILED; + kdcPkinitDebug("No request->client; aborting PKINIT\n"); + return KRB5KDC_ERR_PREAUTH_FAILED; } krtn = krb5_unparse_name(context, request->client, &client_principal); if(krtn) { - return krtn; + return krtn; } krtn = krb5_pkinit_get_client_cert(client_principal, &client_cert); free(client_principal); if(krtn) { - kdcPkinitDebug("No client cert; aborting PKINIT\n"); - return krtn; + kdcPkinitDebug("No client cert; aborting PKINIT\n"); + return krtn; } - + /* optional platform-dependent CA list and KDC cert */ krtn = krb5_unparse_name(context, request->server, &server_principal); if(krtn) { - goto cleanup; + goto cleanup; } krtn = krb5_pkinit_get_server_certs(client_principal, server_principal, - &trusted_CAs, &num_trusted_CAs, &kdc_cert); + &trusted_CAs, &num_trusted_CAs, &kdc_cert); if(krtn) { - goto cleanup; + goto cleanup; } - + /* checksum of the encoded KDC-REQ-BODY */ krtn = encode_krb5_kdc_req_body(request, &der_req); if(krtn) { - kdcPkinitDebug("encode_krb5_kdc_req_body returned %d\n", (int)krtn); - goto cleanup; + kdcPkinitDebug("encode_krb5_kdc_req_body returned %d\n", (int)krtn); + goto cleanup; } krtn = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL, 0, der_req, &cksum); if(krtn) { - goto cleanup; + goto cleanup; } krtn = krb5_us_timeofday(context, &kctime, &cusec); if(krtn) { - goto cleanup; + goto cleanup; } - + /* cook up a random 4-byte nonce */ krtn = krb5_c_random_make_octets(context, &nonce_data); if(krtn) { - goto cleanup; + goto cleanup; } for(dex=0; dex<4; dex++) { - nonce <<= 8; - nonce |= nonce_bytes[dex]; + nonce <<= 8; + nonce |= nonce_bytes[dex]; } - krtn = krb5int_pkinit_as_req_create(context, - kctime, cusec, nonce, &cksum, - client_cert, - trusted_CAs, num_trusted_CAs, - (kdc_cert.data ? &kdc_cert : NULL), - &out_data); + krtn = krb5int_pkinit_as_req_create(context, + kctime, cusec, nonce, &cksum, + client_cert, + trusted_CAs, num_trusted_CAs, + (kdc_cert.data ? &kdc_cert : NULL), + &out_data); if(krtn) { - kdcPkinitDebug("error %d on pkinit_as_req_create; aborting PKINIT\n", (int)krtn); - goto cleanup; + kdcPkinitDebug("error %d on pkinit_as_req_create; aborting PKINIT\n", (int)krtn); + goto cleanup; } *out_padata = (krb5_pa_data *)malloc(sizeof(krb5_pa_data)); if(*out_padata == NULL) { - krtn = ENOMEM; - free(out_data.data); - goto cleanup; + krtn = ENOMEM; + free(out_data.data); + goto cleanup; } (*out_padata)->magic = KV5M_PA_DATA; (*out_padata)->pa_type = KRB5_PADATA_PK_AS_REQ; @@ -1190,27 +1191,27 @@ static krb5_error_code pa_pkinit_gen_req( krtn = 0; cleanup: if(client_cert) { - krb5_pkinit_release_cert(client_cert); + krb5_pkinit_release_cert(client_cert); } if(cksum.contents) { - free(cksum.contents); + free(cksum.contents); } if (der_req) { - krb5_free_data(context, der_req); + krb5_free_data(context, der_req); } if(server_principal) { - free(server_principal); + free(server_principal); } /* free data mallocd by krb5_pkinit_get_server_certs() */ if(trusted_CAs) { - unsigned udex; - for(udex=0; udex<num_trusted_CAs; udex++) { - free(trusted_CAs[udex].data); - } - free(trusted_CAs); + unsigned udex; + for(udex=0; udex<num_trusted_CAs; udex++) { + free(trusted_CAs[udex].data); + } + free(trusted_CAs); } if(kdc_cert.data) { - free(kdc_cert.data); + free(kdc_cert.data); } return krtn; @@ -1234,17 +1235,17 @@ static krb5_boolean local_kdc_cert_match( if (client->realm.length <= sizeof(lkdcprefix) || 0 != memcmp(lkdcprefix, client->realm.data, sizeof(lkdcprefix)-1)) - return match; + return match; realm_hash = &client->realm.data[sizeof(lkdcprefix)-1]; realm_hash_len = client->realm.length - sizeof(lkdcprefix) + 1; kdcPkinitDebug("checking realm versus certificate hash\n"); if (NULL != (cert_hash = krb5_pkinit_cert_hash_str(signer_cert))) { - kdcPkinitDebug("hash = %s\n", cert_hash); - cert_hash_len = strlen(cert_hash); - if (cert_hash_len == realm_hash_len && - 0 == memcmp(cert_hash, realm_hash, cert_hash_len)) - match = TRUE; - free(cert_hash); + kdcPkinitDebug("hash = %s\n", cert_hash); + cert_hash_len = strlen(cert_hash); + if (cert_hash_len == realm_hash_len && + 0 == memcmp(cert_hash, realm_hash, cert_hash_len)) + match = TRUE; + free(cert_hash); } kdcPkinitDebug("result: %s\n", match ? "matches" : "does not match"); return match; @@ -1255,125 +1256,125 @@ static krb5_error_code pa_pkinit_parse_rep( krb5_kdc_req *request, krb5_pa_data *in_padata, krb5_pa_data **out_padata, - krb5_data *salt, + krb5_data *salt, krb5_data *s2kparams, krb5_enctype *etype, krb5_keyblock *as_key, - krb5_prompter_fct prompter, + krb5_prompter_fct prompter, void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, + krb5_gic_get_as_key_fct gak_fct, void *gak_data) { - krb5int_cert_sig_status sig_status = (krb5int_cert_sig_status)-999; - krb5_error_code krtn; - krb5_data asRep; - krb5_keyblock local_key = {0}; - krb5_pkinit_signing_cert_t client_cert; - char *princ_name = NULL; - krb5_checksum as_req_checksum_rcd = {0}; /* received checksum */ - krb5_checksum as_req_checksum_gen = {0}; /* calculated checksum */ - krb5_data *encoded_as_req = NULL; - krb5_data signer_cert = {0}; + krb5int_cert_sig_status sig_status = (krb5int_cert_sig_status)-999; + krb5_error_code krtn; + krb5_data asRep; + krb5_keyblock local_key = {0}; + krb5_pkinit_signing_cert_t client_cert; + char *princ_name = NULL; + krb5_checksum as_req_checksum_rcd = {0}; /* received checksum */ + krb5_checksum as_req_checksum_gen = {0}; /* calculated checksum */ + krb5_data *encoded_as_req = NULL; + krb5_data signer_cert = {0}; *out_padata = NULL; kdcPkinitDebug("pa_pkinit_parse_rep\n"); if((in_padata == NULL) || (in_padata->length== 0)) { - kdcPkinitDebug("pa_pkinit_parse_rep: no in_padata\n"); - return KRB5KDC_ERR_PREAUTH_FAILED; + kdcPkinitDebug("pa_pkinit_parse_rep: no in_padata\n"); + return KRB5KDC_ERR_PREAUTH_FAILED; } /* If we don't have a client cert, we're done */ if(request->client == NULL) { - kdcPkinitDebug("No request->client; aborting PKINIT\n"); - return KRB5KDC_ERR_PREAUTH_FAILED; + kdcPkinitDebug("No request->client; aborting PKINIT\n"); + return KRB5KDC_ERR_PREAUTH_FAILED; } krtn = krb5_unparse_name(context, request->client, &princ_name); if(krtn) { - return krtn; + return krtn; } krtn = krb5_pkinit_get_client_cert(princ_name, &client_cert); free(princ_name); if(krtn) { - kdcPkinitDebug("No client cert; aborting PKINIT\n"); - return krtn; + kdcPkinitDebug("No client cert; aborting PKINIT\n"); + return krtn; } - + memset(&local_key, 0, sizeof(local_key)); asRep.data = (char *)in_padata->contents; asRep.length = in_padata->length; - krtn = krb5int_pkinit_as_rep_parse(context, &asRep, client_cert, - &local_key, &as_req_checksum_rcd, &sig_status, - &signer_cert, NULL, NULL); + krtn = krb5int_pkinit_as_rep_parse(context, &asRep, client_cert, + &local_key, &as_req_checksum_rcd, &sig_status, + &signer_cert, NULL, NULL); if(krtn) { - kdcPkinitDebug("pkinit_as_rep_parse returned %d\n", (int)krtn); - return krtn; + kdcPkinitDebug("pkinit_as_rep_parse returned %d\n", (int)krtn); + return krtn; } switch(sig_status) { - case pki_cs_good: - break; - case pki_cs_unknown_root: - if (local_kdc_cert_match(context, &signer_cert, request->client)) - break; - /* FALLTHROUGH */ - default: - kdcPkinitDebug("pa_pkinit_parse_rep: bad cert/sig status %d\n", - (int)sig_status); - krtn = KRB5KDC_ERR_PREAUTH_FAILED; - goto error_out; - } - - /* calculate checksum of incoming AS-REQ using the decryption key + case pki_cs_good: + break; + case pki_cs_unknown_root: + if (local_kdc_cert_match(context, &signer_cert, request->client)) + break; + /* FALLTHROUGH */ + default: + kdcPkinitDebug("pa_pkinit_parse_rep: bad cert/sig status %d\n", + (int)sig_status); + krtn = KRB5KDC_ERR_PREAUTH_FAILED; + goto error_out; + } + + /* calculate checksum of incoming AS-REQ using the decryption key * we just got from the ReplyKeyPack */ krtn = encode_krb5_as_req(request, &encoded_as_req); if(krtn) { - goto error_out; + goto error_out; } - krtn = krb5_c_make_checksum(context, context->kdc_req_sumtype, - &local_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, - encoded_as_req, &as_req_checksum_gen); + krtn = krb5_c_make_checksum(context, context->kdc_req_sumtype, + &local_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, + encoded_as_req, &as_req_checksum_gen); if(krtn) { - goto error_out; + goto error_out; } if((as_req_checksum_gen.length != as_req_checksum_rcd.length) || memcmp(as_req_checksum_gen.contents, - as_req_checksum_rcd.contents, - as_req_checksum_gen.length)) { - kdcPkinitDebug("pa_pkinit_parse_rep: checksum miscompare\n"); - krtn = KRB5KDC_ERR_PREAUTH_FAILED; - goto error_out; + as_req_checksum_rcd.contents, + as_req_checksum_gen.length)) { + kdcPkinitDebug("pa_pkinit_parse_rep: checksum miscompare\n"); + krtn = KRB5KDC_ERR_PREAUTH_FAILED; + goto error_out; } - + /* We have the key; transfer to caller */ if (as_key->length) { - krb5_free_keyblock_contents(context, as_key); + krb5_free_keyblock_contents(context, as_key); } *as_key = local_key; - - #if PKINIT_DEBUG + +#if PKINIT_DEBUG fprintf(stderr, "pa_pkinit_parse_rep: SUCCESS\n"); fprintf(stderr, "enctype %d keylen %d keydata %02x %02x %02x %02x...\n", - (int)as_key->enctype, (int)as_key->length, - as_key->contents[0], as_key->contents[1], - as_key->contents[2], as_key->contents[3]); - #endif - + (int)as_key->enctype, (int)as_key->length, + as_key->contents[0], as_key->contents[1], + as_key->contents[2], as_key->contents[3]); +#endif + krtn = 0; - + error_out: if (signer_cert.data) { - free(signer_cert.data); + free(signer_cert.data); } if(as_req_checksum_rcd.contents) { - free(as_req_checksum_rcd.contents); + free(as_req_checksum_rcd.contents); } if(as_req_checksum_gen.contents) { - free(as_req_checksum_gen.contents); + free(as_req_checksum_gen.contents); } if(encoded_as_req) { - krb5_free_data(context, encoded_as_req); + krb5_free_data(context, encoded_as_req); } if(krtn && (local_key.contents != NULL)) { - krb5_free_keyblock_contents(context, &local_key); + krb5_free_keyblock_contents(context, &local_key); } return krtn; } @@ -1381,329 +1382,329 @@ error_out: static krb5_error_code pa_sam_2(krb5_context context, - krb5_kdc_req *request, - krb5_pa_data *in_padata, - krb5_pa_data **out_padata, - krb5_data *salt, - krb5_data *s2kparams, - krb5_enctype *etype, - krb5_keyblock *as_key, - krb5_prompter_fct prompter, - void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, - void *gak_data) { - - krb5_error_code retval; - krb5_sam_challenge_2 *sc2 = NULL; - krb5_sam_challenge_2_body *sc2b = NULL; - krb5_data tmp_data; - krb5_data response_data; - char name[100], banner[100], prompt[100], response[100]; - krb5_prompt kprompt; - krb5_prompt_type prompt_type; - krb5_data defsalt; - krb5_checksum **cksum; - krb5_data *scratch = NULL; - krb5_boolean valid_cksum = 0; - krb5_enc_sam_response_enc_2 enc_sam_response_enc_2; - krb5_sam_response_2 sr2; - size_t ciph_len; - krb5_pa_data *sam_padata; - - if (prompter == NULL) - return KRB5_LIBOS_CANTREADPWD; - - tmp_data.length = in_padata->length; - tmp_data.data = (char *)in_padata->contents; - - if ((retval = decode_krb5_sam_challenge_2(&tmp_data, &sc2))) - return(retval); - - retval = decode_krb5_sam_challenge_2_body(&sc2->sam_challenge_2_body, &sc2b); - - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - return(retval); - } - - if (!sc2->sam_cksum || ! *sc2->sam_cksum) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - return(KRB5_SAM_NO_CHECKSUM); - } - - if (sc2b->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - return(KRB5_SAM_UNSUPPORTED); - } - - if (!krb5_c_valid_enctype(sc2b->sam_etype)) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - return(KRB5_SAM_INVALID_ETYPE); - } - - /* All of the above error checks are KDC-specific, that is, they */ - /* assume a failure in the KDC reply. By returning anything other */ - /* than KRB5_KDC_UNREACH, KRB5_PREAUTH_FAILED, */ - /* KRB5_LIBOS_PWDINTR, or KRB5_REALM_CANT_RESOLVE, the client will */ - /* most likely go on to try the AS_REQ against master KDC */ - - if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) { - /* We will need the password to obtain the key used for */ - /* the checksum, and encryption of the sam_response. */ - /* Go ahead and get it now, preserving the ordering of */ - /* prompts for the user. */ - - retval = (gak_fct)(context, request->client, - sc2b->sam_etype, prompter, - prompter_data, salt, s2kparams, as_key, gak_data); - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - return(retval); - } - } - - snprintf(name, sizeof(name), "%.*s", - SAMDATA(sc2b->sam_type_name, "SAM Authentication", - sizeof(name) - 1)); - - snprintf(banner, sizeof(banner), "%.*s", - SAMDATA(sc2b->sam_challenge_label, - sam_challenge_banner(sc2b->sam_type), - sizeof(banner)-1)); - - snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s", - sc2b->sam_challenge.length?"Challenge is [":"", - SAMDATA(sc2b->sam_challenge, "", 20), - sc2b->sam_challenge.length?"], ":"", - SAMDATA(sc2b->sam_response_prompt, "passcode", 55)); - - response_data.data = response; - response_data.length = sizeof(response); - kprompt.prompt = prompt; - kprompt.hidden = 1; - kprompt.reply = &response_data; - - prompt_type = KRB5_PROMPT_TYPE_PREAUTH; - krb5int_set_prompt_types(context, &prompt_type); - - if ((retval = ((*prompter)(context, prompter_data, name, - banner, 1, &kprompt)))) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - krb5int_set_prompt_types(context, 0); - return(retval); - } - - krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL); - - /* Generate salt used by string_to_key() */ - if ((salt->length == -1) && (salt->data == NULL)) { - if ((retval = - krb5_principal2salt(context, request->client, &defsalt))) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - return(retval); - } - salt = &defsalt; - } else { - defsalt.length = 0; - } - - /* Get encryption key to be used for checksum and sam_response */ - if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) { - /* as_key = string_to_key(password) */ - - if (as_key->length) { - krb5_free_keyblock_contents(context, as_key); - as_key->length = 0; - } - - /* generate a key using the supplied password */ - retval = krb5_c_string_to_key(context, sc2b->sam_etype, - (krb5_data *)gak_data, salt, as_key); + krb5_kdc_req *request, + krb5_pa_data *in_padata, + krb5_pa_data **out_padata, + krb5_data *salt, + krb5_data *s2kparams, + krb5_enctype *etype, + krb5_keyblock *as_key, + krb5_prompter_fct prompter, + void *prompter_data, + krb5_gic_get_as_key_fct gak_fct, + void *gak_data) { - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - if (defsalt.length) free(defsalt.data); - return(retval); - } - - if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) { - /* as_key = combine_key (as_key, string_to_key(SAD)) */ - krb5_keyblock tmp_kb; - - retval = krb5_c_string_to_key(context, sc2b->sam_etype, - &response_data, salt, &tmp_kb); - - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - if (defsalt.length) free(defsalt.data); - return(retval); - } - - /* This should be a call to the crypto library some day */ - /* key types should already match the sam_etype */ - retval = krb5int_c_combine_keys(context, as_key, &tmp_kb, as_key); - - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - if (defsalt.length) free(defsalt.data); - return(retval); - } - krb5_free_keyblock_contents(context, &tmp_kb); - } - - if (defsalt.length) - free(defsalt.data); - - } else { - /* as_key = string_to_key(SAD) */ - - if (as_key->length) { - krb5_free_keyblock_contents(context, as_key); - as_key->length = 0; - } - - /* generate a key using the supplied password */ - retval = krb5_c_string_to_key(context, sc2b->sam_etype, - &response_data, salt, as_key); - - if (defsalt.length) - free(defsalt.data); - - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - return(retval); - } - } - - /* Now we have a key, verify the checksum on the sam_challenge */ - - cksum = sc2->sam_cksum; - - while (*cksum) { - /* Check this cksum */ - retval = krb5_c_verify_checksum(context, as_key, - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM, - &sc2->sam_challenge_2_body, - *cksum, &valid_cksum); - if (retval) { - krb5_free_data(context, scratch); - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - return(retval); - } - if (valid_cksum) - break; - cksum++; - } - - if (!valid_cksum) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - /* - * Note: We return AP_ERR_BAD_INTEGRITY so upper-level applications - * can interpret that as "password incorrect", which is probably - * the best error we can return in this situation. - */ - return(KRB5KRB_AP_ERR_BAD_INTEGRITY); - } - - /* fill in enc_sam_response_enc_2 */ - enc_sam_response_enc_2.magic = KV5M_ENC_SAM_RESPONSE_ENC_2; - enc_sam_response_enc_2.sam_nonce = sc2b->sam_nonce; - if (sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) { - enc_sam_response_enc_2.sam_sad = response_data; - } else { - enc_sam_response_enc_2.sam_sad.data = NULL; - enc_sam_response_enc_2.sam_sad.length = 0; - } - - /* encode and encrypt enc_sam_response_enc_2 with as_key */ - retval = encode_krb5_enc_sam_response_enc_2(&enc_sam_response_enc_2, - &scratch); - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - return(retval); - } - - /* Fill in sam_response_2 */ - memset(&sr2, 0, sizeof(sr2)); - sr2.sam_type = sc2b->sam_type; - sr2.sam_flags = sc2b->sam_flags; - sr2.sam_track_id = sc2b->sam_track_id; - sr2.sam_nonce = sc2b->sam_nonce; - - /* Now take care of sr2.sam_enc_nonce_or_sad by encrypting encoded */ - /* enc_sam_response_enc_2 from above */ - - retval = krb5_c_encrypt_length(context, as_key->enctype, scratch->length, - &ciph_len); - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - krb5_free_data(context, scratch); - return(retval); - } - sr2.sam_enc_nonce_or_sad.ciphertext.length = ciph_len; - - sr2.sam_enc_nonce_or_sad.ciphertext.data = - (char *)malloc(sr2.sam_enc_nonce_or_sad.ciphertext.length); - - if (!sr2.sam_enc_nonce_or_sad.ciphertext.data) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - krb5_free_data(context, scratch); - return(ENOMEM); - } - - retval = krb5_c_encrypt(context, as_key, KRB5_KEYUSAGE_PA_SAM_RESPONSE, - NULL, scratch, &sr2.sam_enc_nonce_or_sad); - if (retval) { - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - krb5_free_data(context, scratch); - krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext); - return(retval); - } - krb5_free_data(context, scratch); - scratch = NULL; - - /* Encode the sam_response_2 */ - retval = encode_krb5_sam_response_2(&sr2, &scratch); - krb5_free_sam_challenge_2(context, sc2); - krb5_free_sam_challenge_2_body(context, sc2b); - krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext); - - if (retval) { - return (retval); - } - - /* Almost there, just need to make padata ! */ - sam_padata = malloc(sizeof(krb5_pa_data)); - if (sam_padata == NULL) { - krb5_free_data(context, scratch); - return(ENOMEM); - } - - sam_padata->magic = KV5M_PA_DATA; - sam_padata->pa_type = KRB5_PADATA_SAM_RESPONSE_2; - sam_padata->length = scratch->length; - sam_padata->contents = (krb5_octet *) scratch->data; - free(scratch); - - *out_padata = sam_padata; - - return(0); + krb5_error_code retval; + krb5_sam_challenge_2 *sc2 = NULL; + krb5_sam_challenge_2_body *sc2b = NULL; + krb5_data tmp_data; + krb5_data response_data; + char name[100], banner[100], prompt[100], response[100]; + krb5_prompt kprompt; + krb5_prompt_type prompt_type; + krb5_data defsalt; + krb5_checksum **cksum; + krb5_data *scratch = NULL; + krb5_boolean valid_cksum = 0; + krb5_enc_sam_response_enc_2 enc_sam_response_enc_2; + krb5_sam_response_2 sr2; + size_t ciph_len; + krb5_pa_data *sam_padata; + + if (prompter == NULL) + return KRB5_LIBOS_CANTREADPWD; + + tmp_data.length = in_padata->length; + tmp_data.data = (char *)in_padata->contents; + + if ((retval = decode_krb5_sam_challenge_2(&tmp_data, &sc2))) + return(retval); + + retval = decode_krb5_sam_challenge_2_body(&sc2->sam_challenge_2_body, &sc2b); + + if (retval) { + krb5_free_sam_challenge_2(context, sc2); + return(retval); + } + + if (!sc2->sam_cksum || ! *sc2->sam_cksum) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + return(KRB5_SAM_NO_CHECKSUM); + } + + if (sc2b->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + return(KRB5_SAM_UNSUPPORTED); + } + + if (!krb5_c_valid_enctype(sc2b->sam_etype)) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + return(KRB5_SAM_INVALID_ETYPE); + } + + /* All of the above error checks are KDC-specific, that is, they */ + /* assume a failure in the KDC reply. By returning anything other */ + /* than KRB5_KDC_UNREACH, KRB5_PREAUTH_FAILED, */ + /* KRB5_LIBOS_PWDINTR, or KRB5_REALM_CANT_RESOLVE, the client will */ + /* most likely go on to try the AS_REQ against master KDC */ + + if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) { + /* We will need the password to obtain the key used for */ + /* the checksum, and encryption of the sam_response. */ + /* Go ahead and get it now, preserving the ordering of */ + /* prompts for the user. */ + + retval = (gak_fct)(context, request->client, + sc2b->sam_etype, prompter, + prompter_data, salt, s2kparams, as_key, gak_data); + if (retval) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + return(retval); + } + } + + snprintf(name, sizeof(name), "%.*s", + SAMDATA(sc2b->sam_type_name, "SAM Authentication", + sizeof(name) - 1)); + + snprintf(banner, sizeof(banner), "%.*s", + SAMDATA(sc2b->sam_challenge_label, + sam_challenge_banner(sc2b->sam_type), + sizeof(banner)-1)); + + snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s", + sc2b->sam_challenge.length?"Challenge is [":"", + SAMDATA(sc2b->sam_challenge, "", 20), + sc2b->sam_challenge.length?"], ":"", + SAMDATA(sc2b->sam_response_prompt, "passcode", 55)); + + response_data.data = response; + response_data.length = sizeof(response); + kprompt.prompt = prompt; + kprompt.hidden = 1; + kprompt.reply = &response_data; + + prompt_type = KRB5_PROMPT_TYPE_PREAUTH; + krb5int_set_prompt_types(context, &prompt_type); + + if ((retval = ((*prompter)(context, prompter_data, name, + banner, 1, &kprompt)))) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + krb5int_set_prompt_types(context, 0); + return(retval); + } + + krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL); + + /* Generate salt used by string_to_key() */ + if ((salt->length == -1) && (salt->data == NULL)) { + if ((retval = + krb5_principal2salt(context, request->client, &defsalt))) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + return(retval); + } + salt = &defsalt; + } else { + defsalt.length = 0; + } + + /* Get encryption key to be used for checksum and sam_response */ + if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) { + /* as_key = string_to_key(password) */ + + if (as_key->length) { + krb5_free_keyblock_contents(context, as_key); + as_key->length = 0; + } + + /* generate a key using the supplied password */ + retval = krb5_c_string_to_key(context, sc2b->sam_etype, + (krb5_data *)gak_data, salt, as_key); + + if (retval) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + if (defsalt.length) free(defsalt.data); + return(retval); + } + + if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) { + /* as_key = combine_key (as_key, string_to_key(SAD)) */ + krb5_keyblock tmp_kb; + + retval = krb5_c_string_to_key(context, sc2b->sam_etype, + &response_data, salt, &tmp_kb); + + if (retval) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + if (defsalt.length) free(defsalt.data); + return(retval); + } + + /* This should be a call to the crypto library some day */ + /* key types should already match the sam_etype */ + retval = krb5int_c_combine_keys(context, as_key, &tmp_kb, as_key); + + if (retval) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + if (defsalt.length) free(defsalt.data); + return(retval); + } + krb5_free_keyblock_contents(context, &tmp_kb); + } + + if (defsalt.length) + free(defsalt.data); + + } else { + /* as_key = string_to_key(SAD) */ + + if (as_key->length) { + krb5_free_keyblock_contents(context, as_key); + as_key->length = 0; + } + + /* generate a key using the supplied password */ + retval = krb5_c_string_to_key(context, sc2b->sam_etype, + &response_data, salt, as_key); + + if (defsalt.length) + free(defsalt.data); + + if (retval) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + return(retval); + } + } + + /* Now we have a key, verify the checksum on the sam_challenge */ + + cksum = sc2->sam_cksum; + + while (*cksum) { + /* Check this cksum */ + retval = krb5_c_verify_checksum(context, as_key, + KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM, + &sc2->sam_challenge_2_body, + *cksum, &valid_cksum); + if (retval) { + krb5_free_data(context, scratch); + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + return(retval); + } + if (valid_cksum) + break; + cksum++; + } + + if (!valid_cksum) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + /* + * Note: We return AP_ERR_BAD_INTEGRITY so upper-level applications + * can interpret that as "password incorrect", which is probably + * the best error we can return in this situation. + */ + return(KRB5KRB_AP_ERR_BAD_INTEGRITY); + } + + /* fill in enc_sam_response_enc_2 */ + enc_sam_response_enc_2.magic = KV5M_ENC_SAM_RESPONSE_ENC_2; + enc_sam_response_enc_2.sam_nonce = sc2b->sam_nonce; + if (sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) { + enc_sam_response_enc_2.sam_sad = response_data; + } else { + enc_sam_response_enc_2.sam_sad.data = NULL; + enc_sam_response_enc_2.sam_sad.length = 0; + } + + /* encode and encrypt enc_sam_response_enc_2 with as_key */ + retval = encode_krb5_enc_sam_response_enc_2(&enc_sam_response_enc_2, + &scratch); + if (retval) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + return(retval); + } + + /* Fill in sam_response_2 */ + memset(&sr2, 0, sizeof(sr2)); + sr2.sam_type = sc2b->sam_type; + sr2.sam_flags = sc2b->sam_flags; + sr2.sam_track_id = sc2b->sam_track_id; + sr2.sam_nonce = sc2b->sam_nonce; + + /* Now take care of sr2.sam_enc_nonce_or_sad by encrypting encoded */ + /* enc_sam_response_enc_2 from above */ + + retval = krb5_c_encrypt_length(context, as_key->enctype, scratch->length, + &ciph_len); + if (retval) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + krb5_free_data(context, scratch); + return(retval); + } + sr2.sam_enc_nonce_or_sad.ciphertext.length = ciph_len; + + sr2.sam_enc_nonce_or_sad.ciphertext.data = + (char *)malloc(sr2.sam_enc_nonce_or_sad.ciphertext.length); + + if (!sr2.sam_enc_nonce_or_sad.ciphertext.data) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + krb5_free_data(context, scratch); + return(ENOMEM); + } + + retval = krb5_c_encrypt(context, as_key, KRB5_KEYUSAGE_PA_SAM_RESPONSE, + NULL, scratch, &sr2.sam_enc_nonce_or_sad); + if (retval) { + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + krb5_free_data(context, scratch); + krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext); + return(retval); + } + krb5_free_data(context, scratch); + scratch = NULL; + + /* Encode the sam_response_2 */ + retval = encode_krb5_sam_response_2(&sr2, &scratch); + krb5_free_sam_challenge_2(context, sc2); + krb5_free_sam_challenge_2_body(context, sc2b); + krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext); + + if (retval) { + return (retval); + } + + /* Almost there, just need to make padata ! */ + sam_padata = malloc(sizeof(krb5_pa_data)); + if (sam_padata == NULL) { + krb5_free_data(context, scratch); + return(ENOMEM); + } + + sam_padata->magic = KV5M_PA_DATA; + sam_padata->pa_type = KRB5_PADATA_SAM_RESPONSE_2; + sam_padata->length = scratch->length; + sam_padata->contents = (krb5_octet *) scratch->data; + free(scratch); + + *out_padata = sam_padata; + + return(0); } static krb5_error_code pa_s4u_x509_user( @@ -1728,32 +1729,32 @@ static krb5_error_code pa_s4u_x509_user( *out_padata = NULL; if (userid == NULL) - return EINVAL; + return EINVAL; code = krb5_copy_principal(context, request->client, &client); if (code != 0) - return code; + return code; if (userid->user != NULL) - krb5_free_principal(context, userid->user); + krb5_free_principal(context, userid->user); userid->user = client; if (userid->subject_cert.length != 0) { - s4u_padata = malloc(sizeof(*s4u_padata)); - if (s4u_padata == NULL) - return ENOMEM; + s4u_padata = malloc(sizeof(*s4u_padata)); + if (s4u_padata == NULL) + return ENOMEM; - s4u_padata->magic = KV5M_PA_DATA; - s4u_padata->pa_type = KRB5_PADATA_S4U_X509_USER; - s4u_padata->contents = malloc(userid->subject_cert.length); - if (s4u_padata->contents == NULL) { - free(s4u_padata); - return ENOMEM; - } - memcpy(s4u_padata->contents, userid->subject_cert.data, userid->subject_cert.length); - s4u_padata->length = userid->subject_cert.length; + s4u_padata->magic = KV5M_PA_DATA; + s4u_padata->pa_type = KRB5_PADATA_S4U_X509_USER; + s4u_padata->contents = malloc(userid->subject_cert.length); + if (s4u_padata->contents == NULL) { + free(s4u_padata); + return ENOMEM; + } + memcpy(s4u_padata->contents, userid->subject_cert.data, userid->subject_cert.length); + s4u_padata->length = userid->subject_cert.length; - *out_padata = s4u_padata; + *out_padata = s4u_padata; } return 0; @@ -1762,56 +1763,56 @@ static krb5_error_code pa_s4u_x509_user( /* FIXME - order significant? */ static const pa_types_t pa_types[] = { { - KRB5_PADATA_PW_SALT, - pa_salt, - PA_INFO, + KRB5_PADATA_PW_SALT, + pa_salt, + PA_INFO, }, { - KRB5_PADATA_AFS3_SALT, - pa_salt, - PA_INFO, + KRB5_PADATA_AFS3_SALT, + pa_salt, + PA_INFO, }, #if APPLE_PKINIT { - KRB5_PADATA_PK_AS_REQ, - pa_pkinit_gen_req, - PA_INFO, + KRB5_PADATA_PK_AS_REQ, + pa_pkinit_gen_req, + PA_INFO, }, { - KRB5_PADATA_PK_AS_REP, - pa_pkinit_parse_rep, - PA_REAL, + KRB5_PADATA_PK_AS_REP, + pa_pkinit_parse_rep, + PA_REAL, }, #endif /* APPLE_PKINIT */ { - KRB5_PADATA_ENC_TIMESTAMP, - pa_enc_timestamp, - PA_REAL, + KRB5_PADATA_ENC_TIMESTAMP, + pa_enc_timestamp, + PA_REAL, }, { - KRB5_PADATA_SAM_CHALLENGE_2, - pa_sam_2, - PA_REAL, + KRB5_PADATA_SAM_CHALLENGE_2, + pa_sam_2, + PA_REAL, }, { - KRB5_PADATA_SAM_CHALLENGE, - pa_sam, - PA_REAL, + KRB5_PADATA_SAM_CHALLENGE, + pa_sam, + PA_REAL, }, { - KRB5_PADATA_FX_COOKIE, - pa_fx_cookie, - PA_INFO, + KRB5_PADATA_FX_COOKIE, + pa_fx_cookie, + PA_INFO, }, { - KRB5_PADATA_S4U_X509_USER, - pa_s4u_x509_user, - PA_INFO, + KRB5_PADATA_S4U_X509_USER, + pa_s4u_x509_user, + PA_INFO, }, { - -1, - NULL, - 0, + -1, + NULL, + 0, }, }; @@ -1822,19 +1823,19 @@ static const pa_types_t pa_types[] = { */ krb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain(krb5_context kcontext, - krb5_kdc_req *request, - krb5_data *encoded_request_body, - krb5_data *encoded_previous_request, - krb5_pa_data **padata, - krb5_pa_data ***return_padata, - krb5_error *err_reply, - krb5_data *salt, krb5_data *s2kparams, - krb5_enctype *etype, - krb5_keyblock *as_key, - krb5_prompter_fct prompter, void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, void *gak_data, - krb5_preauth_client_rock *get_data_rock, - krb5_gic_opt_ext *opte) + krb5_kdc_req *request, + krb5_data *encoded_request_body, + krb5_data *encoded_previous_request, + krb5_pa_data **padata, + krb5_pa_data ***return_padata, + krb5_error *err_reply, + krb5_data *salt, krb5_data *s2kparams, + krb5_enctype *etype, + krb5_keyblock *as_key, + krb5_prompter_fct prompter, void *prompter_data, + krb5_gic_get_as_key_fct gak_fct, void *gak_data, + krb5_preauth_client_rock *get_data_rock, + krb5_gic_opt_ext *opte) { krb5_error_code ret; krb5_pa_data **out_padata; @@ -1845,65 +1846,65 @@ krb5_do_preauth_tryagain(krb5_context kcontext, ret = KRB5KRB_ERR_GENERIC; if (kcontext->preauth_context == NULL) { - return KRB5KRB_ERR_GENERIC; + return KRB5KRB_ERR_GENERIC; } context = kcontext->preauth_context; if (context == NULL) { - return KRB5KRB_ERR_GENERIC; + return KRB5KRB_ERR_GENERIC; } for (i = 0; padata[i] != NULL && padata[i]->pa_type != 0; i++) { - out_padata = NULL; - for (j = 0; j < context->n_modules; j++) { - module = &context->modules[j]; - if (module->pa_type != padata[i]->pa_type) { - continue; - } - if (module->client_tryagain == NULL) { - continue; - } - if ((*module->client_tryagain)(kcontext, - module->plugin_context, - *module->request_context_pp, - (krb5_get_init_creds_opt *)opte, - client_data_proc, - get_data_rock, - request, - encoded_request_body, - encoded_previous_request, - padata[i], - err_reply, - prompter, prompter_data, - gak_fct, gak_data, salt, s2kparams, - as_key, - &out_padata) == 0) { - if (out_padata != NULL) { - int k; - for (k = 0; out_padata[k] != NULL; k++); - grow_pa_list(return_padata, &out_pa_list_size, - out_padata, k); - free(out_padata); - return 0; - } - } - } + out_padata = NULL; + for (j = 0; j < context->n_modules; j++) { + module = &context->modules[j]; + if (module->pa_type != padata[i]->pa_type) { + continue; + } + if (module->client_tryagain == NULL) { + continue; + } + if ((*module->client_tryagain)(kcontext, + module->plugin_context, + *module->request_context_pp, + (krb5_get_init_creds_opt *)opte, + client_data_proc, + get_data_rock, + request, + encoded_request_body, + encoded_previous_request, + padata[i], + err_reply, + prompter, prompter_data, + gak_fct, gak_data, salt, s2kparams, + as_key, + &out_padata) == 0) { + if (out_padata != NULL) { + int k; + for (k = 0; out_padata[k] != NULL; k++); + grow_pa_list(return_padata, &out_pa_list_size, + out_padata, k); + free(out_padata); + return 0; + } + } + } } return ret; } krb5_error_code KRB5_CALLCONV krb5_do_preauth(krb5_context context, - krb5_kdc_req *request, - krb5_data *encoded_request_body, - krb5_data *encoded_previous_request, - krb5_pa_data **in_padata, krb5_pa_data ***out_padata, - krb5_data *salt, krb5_data *s2kparams, - krb5_enctype *etype, - krb5_keyblock *as_key, - krb5_prompter_fct prompter, void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, void *gak_data, - krb5_preauth_client_rock *get_data_rock, - krb5_gic_opt_ext *opte) + krb5_kdc_req *request, + krb5_data *encoded_request_body, + krb5_data *encoded_previous_request, + krb5_pa_data **in_padata, krb5_pa_data ***out_padata, + krb5_data *salt, krb5_data *s2kparams, + krb5_enctype *etype, + krb5_keyblock *as_key, + krb5_prompter_fct prompter, void *prompter_data, + krb5_gic_get_as_key_fct gak_fct, void *gak_data, + krb5_preauth_client_rock *get_data_rock, + krb5_gic_opt_ext *opte) { unsigned int h; int i, j, out_pa_list_size; @@ -1916,17 +1917,17 @@ krb5_do_preauth(krb5_context context, int realdone; if (in_padata == NULL) { - *out_padata = NULL; - return(0); + *out_padata = NULL; + return(0); } #ifdef DEBUG fprintf (stderr, "salt len=%d", (int) salt->length); if ((int) salt->length > 0) - fprintf (stderr, " '%.*s'", salt->length, salt->data); + fprintf (stderr, " '%.*s'", salt->length, salt->data); fprintf (stderr, "; preauth data types:"); for (i = 0; in_padata[i]; i++) { - fprintf (stderr, " %d", in_padata[i]->pa_type); + fprintf (stderr, " %d", in_padata[i]->pa_type); } fprintf (stderr, "\n"); #endif @@ -1937,202 +1938,202 @@ krb5_do_preauth(krb5_context context, /* first do all the informational preauths, then the first real one */ for (h=0; h<(sizeof(paorder)/sizeof(paorder[0])); h++) { - realdone = 0; - for (i=0; in_padata[i] && !realdone; i++) { - int k, l, etype_found, valid_etype_found; - /* - * This is really gross, but is necessary to prevent - * lossage when talking to a 1.0.x KDC, which returns an - * erroneous PA-PW-SALT when it returns a KRB-ERROR - * requiring additional preauth. - */ - switch (in_padata[i]->pa_type) { - case KRB5_PADATA_ETYPE_INFO: - case KRB5_PADATA_ETYPE_INFO2: - { - krb5_preauthtype pa_type = in_padata[i]->pa_type; - if (etype_info) { - if (seen_etype_info2 || pa_type != KRB5_PADATA_ETYPE_INFO2) - continue; - if (pa_type == KRB5_PADATA_ETYPE_INFO2) { - krb5_free_etype_info( context, etype_info); - etype_info = NULL; - } - } - - scratch.length = in_padata[i]->length; - scratch.data = (char *) in_padata[i]->contents; - if (pa_type == KRB5_PADATA_ETYPE_INFO2) { - seen_etype_info2++; - ret = decode_krb5_etype_info2(&scratch, &etype_info); - } - else ret = decode_krb5_etype_info(&scratch, &etype_info); - if (ret) { - ret = 0; /*Ignore error and etype_info element*/ - if (etype_info) - krb5_free_etype_info( context, etype_info); - etype_info = NULL; - continue; - } - if (etype_info[0] == NULL) { - krb5_free_etype_info(context, etype_info); - etype_info = NULL; - break; - } - /* - * Select first etype in our request which is also in - * etype-info (preferring client request ktype order). - */ - for (etype_found = 0, valid_etype_found = 0, k = 0; - !etype_found && k < request->nktypes; k++) { - for (l = 0; etype_info[l]; l++) { - if (etype_info[l]->etype == request->ktype[k]) { - etype_found++; - break; - } - /* check if program has support for this etype for more - * precise error reporting. - */ - if (krb5_c_valid_enctype(etype_info[l]->etype)) - valid_etype_found++; - } - } - if (!etype_found) { - if (valid_etype_found) { - /* supported enctype but not requested */ - ret = KRB5_CONFIG_ETYPE_NOSUPP; - goto cleanup; - } - else { - /* unsupported enctype */ - ret = KRB5_PROG_ETYPE_NOSUPP; - goto cleanup; - } - - } - scratch.data = (char *) etype_info[l]->salt; - scratch.length = etype_info[l]->length; - krb5_free_data_contents(context, salt); - if (scratch.length == KRB5_ETYPE_NO_SALT) - salt->data = NULL; - else - if ((ret = krb5int_copy_data_contents( context, &scratch, salt)) != 0) - goto cleanup; - *etype = etype_info[l]->etype; - krb5_free_data_contents(context, s2kparams); - if ((ret = krb5int_copy_data_contents(context, - &etype_info[l]->s2kparams, - s2kparams)) != 0) - goto cleanup; + realdone = 0; + for (i=0; in_padata[i] && !realdone; i++) { + int k, l, etype_found, valid_etype_found; + /* + * This is really gross, but is necessary to prevent + * lossage when talking to a 1.0.x KDC, which returns an + * erroneous PA-PW-SALT when it returns a KRB-ERROR + * requiring additional preauth. + */ + switch (in_padata[i]->pa_type) { + case KRB5_PADATA_ETYPE_INFO: + case KRB5_PADATA_ETYPE_INFO2: + { + krb5_preauthtype pa_type = in_padata[i]->pa_type; + if (etype_info) { + if (seen_etype_info2 || pa_type != KRB5_PADATA_ETYPE_INFO2) + continue; + if (pa_type == KRB5_PADATA_ETYPE_INFO2) { + krb5_free_etype_info( context, etype_info); + etype_info = NULL; + } + } + + scratch.length = in_padata[i]->length; + scratch.data = (char *) in_padata[i]->contents; + if (pa_type == KRB5_PADATA_ETYPE_INFO2) { + seen_etype_info2++; + ret = decode_krb5_etype_info2(&scratch, &etype_info); + } + else ret = decode_krb5_etype_info(&scratch, &etype_info); + if (ret) { + ret = 0; /*Ignore error and etype_info element*/ + if (etype_info) + krb5_free_etype_info( context, etype_info); + etype_info = NULL; + continue; + } + if (etype_info[0] == NULL) { + krb5_free_etype_info(context, etype_info); + etype_info = NULL; + break; + } + /* + * Select first etype in our request which is also in + * etype-info (preferring client request ktype order). + */ + for (etype_found = 0, valid_etype_found = 0, k = 0; + !etype_found && k < request->nktypes; k++) { + for (l = 0; etype_info[l]; l++) { + if (etype_info[l]->etype == request->ktype[k]) { + etype_found++; + break; + } + /* check if program has support for this etype for more + * precise error reporting. + */ + if (krb5_c_valid_enctype(etype_info[l]->etype)) + valid_etype_found++; + } + } + if (!etype_found) { + if (valid_etype_found) { + /* supported enctype but not requested */ + ret = KRB5_CONFIG_ETYPE_NOSUPP; + goto cleanup; + } + else { + /* unsupported enctype */ + ret = KRB5_PROG_ETYPE_NOSUPP; + goto cleanup; + } + + } + scratch.data = (char *) etype_info[l]->salt; + scratch.length = etype_info[l]->length; + krb5_free_data_contents(context, salt); + if (scratch.length == KRB5_ETYPE_NO_SALT) + salt->data = NULL; + else + if ((ret = krb5int_copy_data_contents( context, &scratch, salt)) != 0) + goto cleanup; + *etype = etype_info[l]->etype; + krb5_free_data_contents(context, s2kparams); + if ((ret = krb5int_copy_data_contents(context, + &etype_info[l]->s2kparams, + s2kparams)) != 0) + goto cleanup; #ifdef DEBUG - for (j = 0; etype_info[j]; j++) { - krb5_etype_info_entry *e = etype_info[j]; - fprintf (stderr, "etype info %d: etype %d salt len=%d", - j, e->etype, e->length); - if (e->length > 0 && e->length != KRB5_ETYPE_NO_SALT) - fprintf (stderr, " '%.*s'", e->length, e->salt); - fprintf (stderr, "\n"); - } + for (j = 0; etype_info[j]; j++) { + krb5_etype_info_entry *e = etype_info[j]; + fprintf (stderr, "etype info %d: etype %d salt len=%d", + j, e->etype, e->length); + if (e->length > 0 && e->length != KRB5_ETYPE_NO_SALT) + fprintf (stderr, " '%.*s'", e->length, e->salt); + fprintf (stderr, "\n"); + } #endif - break; - } - case KRB5_PADATA_PW_SALT: - case KRB5_PADATA_AFS3_SALT: - if (etype_info) - continue; - break; - default: - ; - } - /* Try the internally-provided preauth type list. */ - if (!realdone) for (j=0; pa_types[j].type >= 0; j++) { - if ((in_padata[i]->pa_type == pa_types[j].type) && - (pa_types[j].flags & paorder[h])) { + break; + } + case KRB5_PADATA_PW_SALT: + case KRB5_PADATA_AFS3_SALT: + if (etype_info) + continue; + break; + default: + ; + } + /* Try the internally-provided preauth type list. */ + if (!realdone) for (j=0; pa_types[j].type >= 0; j++) { + if ((in_padata[i]->pa_type == pa_types[j].type) && + (pa_types[j].flags & paorder[h])) { #ifdef DEBUG - fprintf (stderr, "calling internal function for pa_type " - "%d, flag %d\n", pa_types[j].type, paorder[h]); + fprintf (stderr, "calling internal function for pa_type " + "%d, flag %d\n", pa_types[j].type, paorder[h]); #endif - out_pa = NULL; - - if ((ret = ((*pa_types[j].fct)(context, request, - in_padata[i], &out_pa, - salt, s2kparams, etype, as_key, - prompter, prompter_data, - gak_fct, gak_data)))) { - if (paorder[h] == PA_INFO) { + out_pa = NULL; + + if ((ret = ((*pa_types[j].fct)(context, request, + in_padata[i], &out_pa, + salt, s2kparams, etype, as_key, + prompter, prompter_data, + gak_fct, gak_data)))) { + if (paorder[h] == PA_INFO) { #ifdef DEBUG - fprintf (stderr, - "internal function for type %d, flag %d " - "failed with err %d\n", - in_padata[i]->pa_type, paorder[h], ret); + fprintf (stderr, + "internal function for type %d, flag %d " + "failed with err %d\n", + in_padata[i]->pa_type, paorder[h], ret); #endif - ret = 0; - continue; /* PA_INFO type failed, ignore */ + ret = 0; + continue; /* PA_INFO type failed, ignore */ + } + + goto cleanup; } - - goto cleanup; - } - - ret = grow_pa_list(&out_pa_list, &out_pa_list_size, - &out_pa, 1); - if (ret != 0) { - goto cleanup; - } - if (paorder[h] == PA_REAL) - realdone = 1; - } - } - - /* Try to use plugins now. */ - if (!realdone) { - krb5_init_preauth_context(context); - if (context->preauth_context != NULL) { - int module_ret = 0, module_flags; + + ret = grow_pa_list(&out_pa_list, &out_pa_list_size, + &out_pa, 1); + if (ret != 0) { + goto cleanup; + } + if (paorder[h] == PA_REAL) + realdone = 1; + } + } + + /* Try to use plugins now. */ + if (!realdone) { + krb5_init_preauth_context(context); + if (context->preauth_context != NULL) { + int module_ret = 0, module_flags; #ifdef DEBUG - fprintf (stderr, "trying modules for pa_type %d, flag %d\n", - in_padata[i]->pa_type, paorder[h]); + fprintf (stderr, "trying modules for pa_type %d, flag %d\n", + in_padata[i]->pa_type, paorder[h]); #endif - ret = krb5_run_preauth_plugins(context, - paorder[h], - request, - encoded_request_body, - encoded_previous_request, - in_padata[i], - prompter, - prompter_data, - gak_fct, - salt, s2kparams, - gak_data, - get_data_rock, - as_key, - &out_pa_list, - &out_pa_list_size, - &module_ret, - &module_flags, - opte); - if (ret == 0) { - if (module_ret == 0) { - if (paorder[h] == PA_REAL) { - realdone = 1; - } - } - } - } - } - } + ret = krb5_run_preauth_plugins(context, + paorder[h], + request, + encoded_request_body, + encoded_previous_request, + in_padata[i], + prompter, + prompter_data, + gak_fct, + salt, s2kparams, + gak_data, + get_data_rock, + as_key, + &out_pa_list, + &out_pa_list_size, + &module_ret, + &module_flags, + opte); + if (ret == 0) { + if (module_ret == 0) { + if (paorder[h] == PA_REAL) { + realdone = 1; + } + } + } + } + } + } } *out_padata = out_pa_list; if (etype_info) - krb5_free_etype_info(context, etype_info); - + krb5_free_etype_info(context, etype_info); + return(0); - cleanup: +cleanup: if (out_pa_list) { - out_pa_list[out_pa_list_size++] = NULL; - krb5_free_pa_data(context, out_pa_list); + out_pa_list[out_pa_list_size++] = NULL; + krb5_free_pa_data(context, out_pa_list); } if (etype_info) - krb5_free_etype_info(context, etype_info); + krb5_free_etype_info(context, etype_info); return (ret); } diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c index 367c11e..3565f2c 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/princ_comp.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * compare two principals, returning a krb5_boolean true if equal, false if * not. @@ -33,19 +34,19 @@ static krb5_boolean realm_compare_flags(krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2, - int flags) + krb5_const_principal princ1, + krb5_const_principal princ2, + int flags) { const krb5_data *realm1 = krb5_princ_realm(context, princ1); const krb5_data *realm2 = krb5_princ_realm(context, princ2); if (realm1->length != realm2->length) - return FALSE; + return FALSE; return (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) ? - (strncasecmp(realm1->data, realm2->data, realm2->length) == 0) : - (memcmp(realm1->data, realm2->data, realm2->length) == 0); + (strncasecmp(realm1->data, realm2->data, realm2->length) == 0) : + (memcmp(realm1->data, realm2->data, realm2->length) == 0); } krb5_boolean KRB5_CALLCONV @@ -56,18 +57,18 @@ krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const static krb5_error_code upn_to_principal(krb5_context context, - krb5_const_principal princ, - krb5_principal *upn) + krb5_const_principal princ, + krb5_principal *upn) { char *unparsed_name; krb5_error_code code; code = krb5_unparse_name_flags(context, princ, - KRB5_PRINCIPAL_UNPARSE_NO_REALM, - &unparsed_name); + KRB5_PRINCIPAL_UNPARSE_NO_REALM, + &unparsed_name); if (code) { - *upn = NULL; - return code; + *upn = NULL; + return code; } code = krb5_parse_name(context, unparsed_name, upn); @@ -79,9 +80,9 @@ upn_to_principal(krb5_context context, krb5_boolean KRB5_CALLCONV krb5_principal_compare_flags(krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2, - int flags) + krb5_const_principal princ1, + krb5_const_principal princ2, + int flags) { register int i; krb5_int32 nelem; @@ -92,50 +93,50 @@ krb5_principal_compare_flags(krb5_context context, krb5_boolean ret = FALSE; if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) { - /* Treat UPNs as if they were real principals */ - if (krb5_princ_type(context, princ1) == KRB5_NT_ENTERPRISE_PRINCIPAL) { - if (upn_to_principal(context, princ1, &upn1) == 0) - princ1 = upn1; - } - if (krb5_princ_type(context, princ2) == KRB5_NT_ENTERPRISE_PRINCIPAL) { - if (upn_to_principal(context, princ2, &upn2) == 0) - princ2 = upn2; - } + /* Treat UPNs as if they were real principals */ + if (krb5_princ_type(context, princ1) == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (upn_to_principal(context, princ1, &upn1) == 0) + princ1 = upn1; + } + if (krb5_princ_type(context, princ2) == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (upn_to_principal(context, princ2, &upn2) == 0) + princ2 = upn2; + } } nelem = krb5_princ_size(context, princ1); if (nelem != krb5_princ_size(context, princ2)) - goto out; + goto out; if ((flags & KRB5_PRINCIPAL_COMPARE_IGNORE_REALM) == 0 && - !realm_compare_flags(context, princ1, princ2, flags)) - goto out; + !realm_compare_flags(context, princ1, princ2, flags)) + goto out; for (i = 0; i < (int) nelem; i++) { - const krb5_data *p1 = krb5_princ_component(context, princ1, i); - const krb5_data *p2 = krb5_princ_component(context, princ2, i); - krb5_boolean eq; - - if (casefold) { - if (utf8) - eq = (krb5int_utf8_normcmp(p1, p2, KRB5_UTF8_CASEFOLD) == 0); - else - eq = (p1->length == p2->length - && strncasecmp(p1->data, p2->data, p2->length) == 0); - } else - eq = data_eq(*p1, *p2); - - if (!eq) - goto out; + const krb5_data *p1 = krb5_princ_component(context, princ1, i); + const krb5_data *p2 = krb5_princ_component(context, princ2, i); + krb5_boolean eq; + + if (casefold) { + if (utf8) + eq = (krb5int_utf8_normcmp(p1, p2, KRB5_UTF8_CASEFOLD) == 0); + else + eq = (p1->length == p2->length + && strncasecmp(p1->data, p2->data, p2->length) == 0); + } else + eq = data_eq(*p1, *p2); + + if (!eq) + goto out; } ret = TRUE; out: if (upn1 != NULL) - krb5_free_principal(context, upn1); + krb5_free_principal(context, upn1); if (upn2 != NULL) - krb5_free_principal(context, upn2); + krb5_free_principal(context, upn2); return ret; } @@ -150,7 +151,7 @@ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r) #ifdef DEBUG_REFERRALS #if 0 printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n", - r->data,(r->length==0)?"true":"false"); + r->data,(r->length==0)?"true":"false"); #endif #endif assert(strlen(KRB5_REFERRAL_REALM)==0); @@ -162,17 +163,16 @@ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r) krb5_boolean KRB5_CALLCONV krb5_principal_compare(krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2) + krb5_const_principal princ1, + krb5_const_principal princ2) { return krb5_principal_compare_flags(context, princ1, princ2, 0); } krb5_boolean KRB5_CALLCONV krb5_principal_compare_any_realm(krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2) + krb5_const_principal princ1, + krb5_const_principal princ2) { return krb5_principal_compare_flags(context, princ1, princ2, KRB5_PRINCIPAL_COMPARE_IGNORE_REALM); } - diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c index a5d00dc..30ce425 100644 --- a/src/lib/krb5/krb/rd_cred.c +++ b/src/lib/krb5/krb/rd_cred.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" #include "cleanup.h" #include "auth_con.h" @@ -11,38 +12,38 @@ /* * decrypt the enc_part of a krb5_cred */ -static krb5_error_code +static krb5_error_code decrypt_credencdata(krb5_context context, krb5_cred *pcred, - krb5_key pkey, krb5_cred_enc_part *pcredenc) + krb5_key pkey, krb5_cred_enc_part *pcredenc) { krb5_cred_enc_part * ppart = NULL; - krb5_error_code retval; - krb5_data scratch; + krb5_error_code retval; + krb5_data scratch; scratch.length = pcred->enc_part.ciphertext.length; - if (!(scratch.data = (char *)malloc(scratch.length))) - return ENOMEM; + if (!(scratch.data = (char *)malloc(scratch.length))) + return ENOMEM; if (pkey != NULL) { - if ((retval = krb5_k_decrypt(context, pkey, - KRB5_KEYUSAGE_KRB_CRED_ENCPART, 0, - &pcred->enc_part, &scratch))) - goto cleanup; + if ((retval = krb5_k_decrypt(context, pkey, + KRB5_KEYUSAGE_KRB_CRED_ENCPART, 0, + &pcred->enc_part, &scratch))) + goto cleanup; } else { - memcpy(scratch.data, pcred->enc_part.ciphertext.data, scratch.length); + memcpy(scratch.data, pcred->enc_part.ciphertext.data, scratch.length); } /* now decode the decrypted stuff */ if ((retval = decode_krb5_enc_cred_part(&scratch, &ppart))) - goto cleanup; + goto cleanup; *pcredenc = *ppart; retval = 0; cleanup: if (ppart != NULL) { - memset(ppart, 0, sizeof(*ppart)); - free(ppart); + memset(ppart, 0, sizeof(*ppart)); + free(ppart); } memset(scratch.data, 0, scratch.length); free(scratch.data); @@ -51,40 +52,40 @@ cleanup: } /*----------------------- krb5_rd_cred_basic -----------------------*/ -static krb5_error_code +static krb5_error_code krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata, - krb5_key pkey, krb5_replay_data *replaydata, - krb5_creds ***pppcreds) + krb5_key pkey, krb5_replay_data *replaydata, + krb5_creds ***pppcreds) { krb5_error_code retval; - krb5_cred * pcred; - krb5_int32 ncreds; - krb5_int32 i = 0; - krb5_cred_enc_part encpart; + krb5_cred * pcred; + krb5_int32 ncreds; + krb5_int32 i = 0; + krb5_cred_enc_part encpart; /* decode cred message */ if ((retval = decode_krb5_cred(pcreddata, &pcred))) - return retval; + return retval; memset(&encpart, 0, sizeof(encpart)); if ((retval = decrypt_credencdata(context, pcred, pkey, &encpart))) - goto cleanup_cred; + goto cleanup_cred; replaydata->timestamp = encpart.timestamp; replaydata->usec = encpart.usec; replaydata->seq = encpart.nonce; - /* - * Allocate the list of creds. The memory is allocated so that - * krb5_free_tgt_creds can be used to free the list. - */ + /* + * Allocate the list of creds. The memory is allocated so that + * krb5_free_tgt_creds can be used to free the list. + */ for (ncreds = 0; pcred->tickets[ncreds]; ncreds++); - - if ((*pppcreds = - (krb5_creds **)malloc((size_t)(sizeof(krb5_creds *) * - (ncreds + 1)))) == NULL) { + + if ((*pppcreds = + (krb5_creds **)malloc((size_t)(sizeof(krb5_creds *) * + (ncreds + 1)))) == NULL) { retval = ENOMEM; goto cleanup_cred; } @@ -95,13 +96,13 @@ krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata, * credentials and copy the information. */ while (i < ncreds) { - krb5_cred_info * pinfo; - krb5_creds * pcur; - krb5_data * pdata; + krb5_cred_info * pinfo; + krb5_creds * pcur; + krb5_data * pdata; if ((pcur = (krb5_creds *)calloc(1, sizeof(krb5_creds))) == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } (*pppcreds)[i] = pcur; @@ -109,26 +110,26 @@ krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata, pinfo = encpart.ticket_info[i++]; if ((retval = krb5_copy_principal(context, pinfo->client, - &pcur->client))) - goto cleanup; + &pcur->client))) + goto cleanup; if ((retval = krb5_copy_principal(context, pinfo->server, - &pcur->server))) - goto cleanup; + &pcur->server))) + goto cleanup; - if ((retval = krb5_copy_keyblock_contents(context, pinfo->session, - &pcur->keyblock))) - goto cleanup; + if ((retval = krb5_copy_keyblock_contents(context, pinfo->session, + &pcur->keyblock))) + goto cleanup; - if ((retval = krb5_copy_addresses(context, pinfo->caddrs, - &pcur->addresses))) - goto cleanup; + if ((retval = krb5_copy_addresses(context, pinfo->caddrs, + &pcur->addresses))) + goto cleanup; if ((retval = encode_krb5_ticket(pcred->tickets[i - 1], &pdata))) - goto cleanup; + goto cleanup; - pcur->ticket = *pdata; - free(pdata); + pcur->ticket = *pdata; + free(pdata); pcur->is_skey = FALSE; @@ -146,7 +147,7 @@ krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata, cleanup: if (retval) - krb5_free_tgt_creds(context, *pppcreds); + krb5_free_tgt_creds(context, *pppcreds); cleanup_cred: krb5_free_cred(context, pcred); @@ -163,8 +164,8 @@ cleanup_cred: */ krb5_error_code KRB5_CALLCONV krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, - krb5_data *pcreddata, krb5_creds ***pppcreds, - krb5_replay_data *outdata) + krb5_data *pcreddata, krb5_creds ***pppcreds, + krb5_replay_data *outdata) { krb5_error_code retval; krb5_key key; @@ -172,16 +173,16 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, /* Get key */ if ((key = auth_context->recv_subkey) == NULL) - key = auth_context->key; + key = auth_context->key; if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - (outdata == NULL)) + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && + (outdata == NULL)) /* Need a better error */ return KRB5_RC_REQUIRED; if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && - (auth_context->rcache == NULL)) + (auth_context->rcache == NULL)) return KRB5_RC_REQUIRED; @@ -191,12 +192,12 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, * that. */ if ((retval = krb5_rd_cred_basic(context, pcreddata, key, - &replaydata, pppcreds))) { - if ((retval = krb5_rd_cred_basic(context, pcreddata, - auth_context->key, - &replaydata, pppcreds))) { - return retval; - } + &replaydata, pppcreds))) { + if ((retval = krb5_rd_cred_basic(context, pcreddata, + auth_context->key, + &replaydata, pppcreds))) { + return retval; + } } if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) { @@ -206,7 +207,7 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, goto error; if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr, - "_forw", &replay.client))) + "_forw", &replay.client))) goto error; replay.server = ""; /* XXX */ @@ -229,7 +230,7 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, } if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { outdata->timestamp = replaydata.timestamp; outdata->usec = replaydata.usec; outdata->seq = replaydata.seq; @@ -237,9 +238,8 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, error:; if (retval) { - krb5_free_tgt_creds(context, *pppcreds); - *pppcreds = NULL; + krb5_free_tgt_creds(context, *pppcreds); + *pppcreds = NULL; } return retval; } - diff --git a/src/lib/krb5/krb/rd_error.c b/src/lib/krb5/krb/rd_error.c index 2c61715..39d9acd 100644 --- a/src/lib/krb5/krb/rd_error.c +++ b/src/lib/krb5/krb/rd_error.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/rd_error.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_rd_error() routine */ @@ -35,16 +36,15 @@ * * Upon return dec_error will point to allocated storage which the * caller should free when finished. - * + * * returns system errors */ krb5_error_code KRB5_CALLCONV krb5_rd_error(krb5_context context, const krb5_data *enc_errbuf, - krb5_error **dec_error) + krb5_error **dec_error) { if (!krb5_is_krb_error(enc_errbuf)) - return KRB5KRB_AP_ERR_MSG_TYPE; + return KRB5KRB_AP_ERR_MSG_TYPE; return(decode_krb5_error(enc_errbuf, dec_error)); } - diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 9b84ad8..a6c7930 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/rd_priv.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_rd_priv() */ @@ -33,97 +34,97 @@ /* -Parses a KRB_PRIV message from inbuf, placing the confidential user -data in *outbuf. + Parses a KRB_PRIV message from inbuf, placing the confidential user + data in *outbuf. + + key specifies the key to be used for decryption of the message. -key specifies the key to be used for decryption of the message. - -remote_addr and local_addr specify the full -addresses (host and port) of the sender and receiver. + remote_addr and local_addr specify the full + addresses (host and port) of the sender and receiver. -outbuf points to allocated storage which the caller should -free when finished. + outbuf points to allocated storage which the caller should + free when finished. -i_vector is used as an initialization vector for the -encryption, and if non-NULL its contents are replaced with the last -block of the encrypted data upon exit. + i_vector is used as an initialization vector for the + encryption, and if non-NULL its contents are replaced with the last + block of the encrypted data upon exit. -Returns system errors, integrity errors. + Returns system errors, integrity errors. */ static krb5_error_code krb5_rd_priv_basic(krb5_context context, const krb5_data *inbuf, - const krb5_key key, const krb5_address *local_addr, - const krb5_address *remote_addr, krb5_pointer i_vector, - krb5_replay_data *replaydata, krb5_data *outbuf) + const krb5_key key, const krb5_address *local_addr, + const krb5_address *remote_addr, krb5_pointer i_vector, + krb5_replay_data *replaydata, krb5_data *outbuf) { - krb5_error_code retval; - krb5_priv * privmsg; - krb5_data scratch; + krb5_error_code retval; + krb5_priv * privmsg; + krb5_data scratch; krb5_priv_enc_part * privmsg_enc_part; - size_t blocksize; - krb5_data ivdata; - krb5_enctype enctype; + size_t blocksize; + krb5_data ivdata; + krb5_enctype enctype; if (!krb5_is_krb_priv(inbuf)) - return KRB5KRB_AP_ERR_MSG_TYPE; + return KRB5KRB_AP_ERR_MSG_TYPE; /* decode private message */ if ((retval = decode_krb5_priv(inbuf, &privmsg))) - return retval; - + return retval; + if (i_vector) { - enctype = krb5_k_key_enctype(context, key); - if ((retval = krb5_c_block_size(context, enctype, &blocksize))) - goto cleanup_privmsg; + enctype = krb5_k_key_enctype(context, key); + if ((retval = krb5_c_block_size(context, enctype, &blocksize))) + goto cleanup_privmsg; - ivdata.length = blocksize; - ivdata.data = i_vector; + ivdata.length = blocksize; + ivdata.data = i_vector; } scratch.length = privmsg->enc_part.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) { - retval = ENOMEM; - goto cleanup_privmsg; + retval = ENOMEM; + goto cleanup_privmsg; } if ((retval = krb5_k_decrypt(context, key, - KRB5_KEYUSAGE_KRB_PRIV_ENCPART, - i_vector?&ivdata:0, - &privmsg->enc_part, &scratch))) - goto cleanup_scratch; + KRB5_KEYUSAGE_KRB_PRIV_ENCPART, + i_vector?&ivdata:0, + &privmsg->enc_part, &scratch))) + goto cleanup_scratch; /* now decode the decrypted stuff */ if ((retval = decode_krb5_enc_priv_part(&scratch, &privmsg_enc_part))) goto cleanup_scratch; if (!krb5_address_compare(context,remote_addr,privmsg_enc_part->s_address)){ - retval = KRB5KRB_AP_ERR_BADADDR; - goto cleanup_data; + retval = KRB5KRB_AP_ERR_BADADDR; + goto cleanup_data; } - + if (privmsg_enc_part->r_address) { - if (local_addr) { - if (!krb5_address_compare(context, local_addr, - privmsg_enc_part->r_address)) { - retval = KRB5KRB_AP_ERR_BADADDR; - goto cleanup_data; - } - } else { - krb5_address **our_addrs; - - if ((retval = krb5_os_localaddr(context, &our_addrs))) { - goto cleanup_data; - } - if (!krb5_address_search(context, privmsg_enc_part->r_address, - our_addrs)) { - krb5_free_addresses(context, our_addrs); - retval = KRB5KRB_AP_ERR_BADADDR; - goto cleanup_data; - } - krb5_free_addresses(context, our_addrs); - } + if (local_addr) { + if (!krb5_address_compare(context, local_addr, + privmsg_enc_part->r_address)) { + retval = KRB5KRB_AP_ERR_BADADDR; + goto cleanup_data; + } + } else { + krb5_address **our_addrs; + + if ((retval = krb5_os_localaddr(context, &our_addrs))) { + goto cleanup_data; + } + if (!krb5_address_search(context, privmsg_enc_part->r_address, + our_addrs)) { + krb5_free_addresses(context, our_addrs); + retval = KRB5KRB_AP_ERR_BADADDR; + goto cleanup_data; + } + krb5_free_addresses(context, our_addrs); + } } replaydata->timestamp = privmsg_enc_part->timestamp; @@ -136,15 +137,15 @@ krb5_rd_priv_basic(krb5_context context, const krb5_data *inbuf, cleanup_data:; if (retval == 0) - privmsg_enc_part->user_data.data = 0; + privmsg_enc_part->user_data.data = 0; krb5_free_priv_enc_part(context, privmsg_enc_part); cleanup_scratch:; - memset(scratch.data, 0, scratch.length); + memset(scratch.data, 0, scratch.length); free(scratch.data); cleanup_privmsg:; - free(privmsg->enc_part.ciphertext.data); + free(privmsg->enc_part.ciphertext.data); free(privmsg); return retval; @@ -152,116 +153,116 @@ cleanup_privmsg:; krb5_error_code KRB5_CALLCONV krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, - const krb5_data *inbuf, krb5_data *outbuf, - krb5_replay_data *outdata) + const krb5_data *inbuf, krb5_data *outbuf, + krb5_replay_data *outdata) { - krb5_error_code retval; + krb5_error_code retval; krb5_key key; - krb5_replay_data replaydata; + krb5_replay_data replaydata; /* Get key */ if ((key = auth_context->recv_subkey) == NULL) - key = auth_context->key; + key = auth_context->key; if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - (outdata == NULL)) - /* Need a better error */ - return KRB5_RC_REQUIRED; + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && + (outdata == NULL)) + /* Need a better error */ + return KRB5_RC_REQUIRED; if (!auth_context->remote_addr) - return KRB5_REMOTE_ADDR_REQUIRED; + return KRB5_REMOTE_ADDR_REQUIRED; if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && - (auth_context->rcache == NULL)) - return KRB5_RC_REQUIRED; + (auth_context->rcache == NULL)) + return KRB5_RC_REQUIRED; + + { + krb5_address * premote_fulladdr; + krb5_address * plocal_fulladdr = NULL; + krb5_address remote_fulladdr; + krb5_address local_fulladdr; + CLEANUP_INIT(2); + + if (auth_context->local_addr) { + if (auth_context->local_port) { + if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr, + auth_context->local_port, + &local_fulladdr))){ + CLEANUP_PUSH(local_fulladdr.contents, free); + plocal_fulladdr = &local_fulladdr; + } else { + return retval; + } + } else { + plocal_fulladdr = auth_context->local_addr; + } + } -{ - krb5_address * premote_fulladdr; - krb5_address * plocal_fulladdr = NULL; - krb5_address remote_fulladdr; - krb5_address local_fulladdr; - CLEANUP_INIT(2); - - if (auth_context->local_addr) { - if (auth_context->local_port) { - if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr, - auth_context->local_port, - &local_fulladdr))){ - CLEANUP_PUSH(local_fulladdr.contents, free); - plocal_fulladdr = &local_fulladdr; + if (auth_context->remote_port) { + if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr, + auth_context->remote_port, + &remote_fulladdr))){ + CLEANUP_PUSH(remote_fulladdr.contents, free); + premote_fulladdr = &remote_fulladdr; } else { - return retval; + CLEANUP_DONE(); + return retval; } - } else { - plocal_fulladdr = auth_context->local_addr; + } else { + premote_fulladdr = auth_context->remote_addr; } - } - if (auth_context->remote_port) { - if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr, - auth_context->remote_port, - &remote_fulladdr))){ - CLEANUP_PUSH(remote_fulladdr.contents, free); - premote_fulladdr = &remote_fulladdr; - } else { - CLEANUP_DONE(); - return retval; - } - } else { - premote_fulladdr = auth_context->remote_addr; - } + memset(&replaydata, 0, sizeof(replaydata)); + if ((retval = krb5_rd_priv_basic(context, inbuf, key, + plocal_fulladdr, + premote_fulladdr, + auth_context->i_vector, + &replaydata, outbuf))) { + CLEANUP_DONE(); + return retval; + } - memset(&replaydata, 0, sizeof(replaydata)); - if ((retval = krb5_rd_priv_basic(context, inbuf, key, - plocal_fulladdr, - premote_fulladdr, - auth_context->i_vector, - &replaydata, outbuf))) { - CLEANUP_DONE(); - return retval; + CLEANUP_DONE(); } - CLEANUP_DONE(); -} - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) { - krb5_donot_replay replay; - - if ((retval = krb5int_check_clockskew(context, replaydata.timestamp))) - goto error; - - if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr, - "_priv", &replay.client))) - goto error; - - replay.server = ""; /* XXX */ - replay.msghash = NULL; - replay.cusec = replaydata.usec; - replay.ctime = replaydata.timestamp; - if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) { - free(replay.client); - goto error; - } - free(replay.client); + krb5_donot_replay replay; + + if ((retval = krb5int_check_clockskew(context, replaydata.timestamp))) + goto error; + + if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr, + "_priv", &replay.client))) + goto error; + + replay.server = ""; /* XXX */ + replay.msghash = NULL; + replay.cusec = replaydata.usec; + replay.ctime = replaydata.timestamp; + if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) { + free(replay.client); + goto error; + } + free(replay.client); } if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - if (!krb5int_auth_con_chkseqnum(context, auth_context, - replaydata.seq)) { - retval = KRB5KRB_AP_ERR_BADORDER; - goto error; - } - auth_context->remote_seq_number++; + if (!krb5int_auth_con_chkseqnum(context, auth_context, + replaydata.seq)) { + retval = KRB5KRB_AP_ERR_BADORDER; + goto error; + } + auth_context->remote_seq_number++; } if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { - outdata->timestamp = replaydata.timestamp; - outdata->usec = replaydata.usec; - outdata->seq = replaydata.seq; + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { + outdata->timestamp = replaydata.timestamp; + outdata->usec = replaydata.usec; + outdata->seq = replaydata.seq; } - + /* everything is ok - return data to the user */ return 0; @@ -272,4 +273,3 @@ error:; return retval; } - diff --git a/src/lib/krb5/krb/rd_rep.c b/src/lib/krb5/krb/rd_rep.c index 6e9cb08..45c9901 100644 --- a/src/lib/krb5/krb/rd_rep.c +++ b/src/lib/krb5/krb/rd_rep.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/rd_rep.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_rd_rep() */ @@ -59,74 +60,74 @@ /* * Parses a KRB_AP_REP message, returning its contents. - * + * * repl is filled in with with a pointer to allocated memory containing - * the fields from the encrypted response. - * + * the fields from the encrypted response. + * * the key in kblock is used to decrypt the message. - * + * * returns system errors, encryption errors, replay errors */ krb5_error_code KRB5_CALLCONV krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, - const krb5_data *inbuf, krb5_ap_rep_enc_part **repl) + const krb5_data *inbuf, krb5_ap_rep_enc_part **repl) { - krb5_error_code retval; - krb5_ap_rep *reply = NULL; + krb5_error_code retval; + krb5_ap_rep *reply = NULL; krb5_ap_rep_enc_part *enc = NULL; - krb5_data scratch; + krb5_data scratch; *repl = NULL; if (!krb5_is_ap_rep(inbuf)) - return KRB5KRB_AP_ERR_MSG_TYPE; + return KRB5KRB_AP_ERR_MSG_TYPE; /* Decode inbuf. */ retval = decode_krb5_ap_rep(inbuf, &reply); if (retval) - return retval; + return retval; /* Put together an eblock for this encryption. */ scratch.length = reply->enc_part.ciphertext.length; scratch.data = malloc(scratch.length); if (scratch.data == NULL) { - retval = ENOMEM; - goto clean_scratch; + retval = ENOMEM; + goto clean_scratch; } retval = krb5_k_decrypt(context, auth_context->key, - KRB5_KEYUSAGE_AP_REP_ENCPART, 0, - &reply->enc_part, &scratch); + KRB5_KEYUSAGE_AP_REP_ENCPART, 0, + &reply->enc_part, &scratch); if (retval) - goto clean_scratch; + goto clean_scratch; /* Now decode the decrypted stuff. */ retval = decode_krb5_ap_rep_enc_part(&scratch, &enc); if (retval) - goto clean_scratch; + goto clean_scratch; /* Check reply fields. */ if ((enc->ctime != auth_context->authentp->ctime) - || (enc->cusec != auth_context->authentp->cusec)) { - retval = KRB5_MUTUAL_FAILED; - goto clean_scratch; + || (enc->cusec != auth_context->authentp->cusec)) { + retval = KRB5_MUTUAL_FAILED; + goto clean_scratch; } /* Set auth subkey. */ if (enc->subkey) { - retval = krb5_auth_con_setrecvsubkey(context, auth_context, - enc->subkey); - if (retval) - goto clean_scratch; - retval = krb5_auth_con_setsendsubkey(context, auth_context, - enc->subkey); - if (retval) { - (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL); - goto clean_scratch; - } - /* Not used for anything yet. */ - auth_context->negotiated_etype = enc->subkey->enctype; + retval = krb5_auth_con_setrecvsubkey(context, auth_context, + enc->subkey); + if (retval) + goto clean_scratch; + retval = krb5_auth_con_setsendsubkey(context, auth_context, + enc->subkey); + if (retval) { + (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL); + goto clean_scratch; + } + /* Not used for anything yet. */ + auth_context->negotiated_etype = enc->subkey->enctype; } /* Get remote sequence number. */ @@ -137,7 +138,7 @@ krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, clean_scratch: if (scratch.data) - memset(scratch.data, 0, scratch.length); + memset(scratch.data, 0, scratch.length); free(scratch.data); krb5_free_ap_rep(context, reply); krb5_free_ap_rep_enc_part(context, enc); @@ -146,56 +147,56 @@ clean_scratch: krb5_error_code KRB5_CALLCONV krb5_rd_rep_dce(krb5_context context, krb5_auth_context auth_context, - const krb5_data *inbuf, krb5_ui_4 *nonce) + const krb5_data *inbuf, krb5_ui_4 *nonce) { - krb5_error_code retval; - krb5_ap_rep * reply; - krb5_data scratch; + krb5_error_code retval; + krb5_ap_rep * reply; + krb5_data scratch; krb5_ap_rep_enc_part *repl = NULL; if (!krb5_is_ap_rep(inbuf)) - return KRB5KRB_AP_ERR_MSG_TYPE; + return KRB5KRB_AP_ERR_MSG_TYPE; /* decode it */ if ((retval = decode_krb5_ap_rep(inbuf, &reply))) - return retval; + return retval; /* put together an eblock for this encryption */ scratch.length = reply->enc_part.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) { - krb5_free_ap_rep(context, reply); - return(ENOMEM); + krb5_free_ap_rep(context, reply); + return(ENOMEM); } if ((retval = krb5_k_decrypt(context, auth_context->key, - KRB5_KEYUSAGE_AP_REP_ENCPART, 0, - &reply->enc_part, &scratch))) - goto clean_scratch; + KRB5_KEYUSAGE_AP_REP_ENCPART, 0, + &reply->enc_part, &scratch))) + goto clean_scratch; /* now decode the decrypted stuff */ retval = decode_krb5_ap_rep_enc_part(&scratch, &repl); if (retval) - goto clean_scratch; + goto clean_scratch; *nonce = repl->seq_number; if (*nonce != auth_context->local_seq_number) { - retval = KRB5_MUTUAL_FAILED; - goto clean_scratch; + retval = KRB5_MUTUAL_FAILED; + goto clean_scratch; } /* Must be NULL to prevent echoing for client AP-REP */ if (repl->subkey != NULL) { - retval = KRB5_MUTUAL_FAILED; - goto clean_scratch; + retval = KRB5_MUTUAL_FAILED; + goto clean_scratch; } clean_scratch: - memset(scratch.data, 0, scratch.length); + memset(scratch.data, 0, scratch.length); if (repl != NULL) - krb5_free_ap_rep_enc_part(context, repl); + krb5_free_ap_rep_enc_part(context, repl); krb5_free_ap_rep(context, reply); free(scratch.data); return retval; diff --git a/src/lib/krb5/krb/rd_req.c b/src/lib/krb5/krb/rd_req.c index 50c3a90..4e12e5b 100644 --- a/src/lib/krb5/krb/rd_req.c +++ b/src/lib/krb5/krb/rd_req.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/rd_req.c * @@ -47,33 +48,33 @@ krb5_error_code KRB5_CALLCONV krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, - const krb5_data *inbuf, krb5_const_principal server, - krb5_keytab keytab, krb5_flags *ap_req_options, - krb5_ticket **ticket) + const krb5_data *inbuf, krb5_const_principal server, + krb5_keytab keytab, krb5_flags *ap_req_options, + krb5_ticket **ticket) { - krb5_error_code retval; - krb5_ap_req * request; - krb5_auth_context new_auth_context; + krb5_error_code retval; + krb5_ap_req * request; + krb5_auth_context new_auth_context; krb5_keytab new_keytab = NULL; if (!krb5_is_ap_req(inbuf)) - return KRB5KRB_AP_ERR_MSG_TYPE; + return KRB5KRB_AP_ERR_MSG_TYPE; #ifndef LEAN_CLIENT if ((retval = decode_krb5_ap_req(inbuf, &request))) { - switch (retval) { - case KRB5_BADMSGTYPE: - return KRB5KRB_AP_ERR_BADVERSION; - default: - return(retval); - } + switch (retval) { + case KRB5_BADMSGTYPE: + return KRB5KRB_AP_ERR_BADVERSION; + default: + return(retval); + } } #endif /* LEAN_CLIENT */ /* Get an auth context if necessary. */ new_auth_context = NULL; if (*auth_context == NULL) { - if ((retval = krb5_auth_con_init(context, &new_auth_context))) - goto cleanup_request; + if ((retval = krb5_auth_con_init(context, &new_auth_context))) + goto cleanup_request; *auth_context = new_auth_context; } @@ -81,14 +82,14 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, #ifndef LEAN_CLIENT /* Get a keytab if necessary. */ if (keytab == NULL) { - if ((retval = krb5_kt_default(context, &new_keytab))) - goto cleanup_auth_context; - keytab = new_keytab; + if ((retval = krb5_kt_default(context, &new_keytab))) + goto cleanup_auth_context; + keytab = new_keytab; } #endif /* LEAN_CLIENT */ retval = krb5_rd_req_decoded(context, auth_context, request, server, - keytab, ap_req_options, ticket); + keytab, ap_req_options, ticket); #ifndef LEAN_CLIENT if (new_keytab != NULL) @@ -97,12 +98,11 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, cleanup_auth_context: if (new_auth_context && retval) { - krb5_auth_con_free(context, new_auth_context); - *auth_context = NULL; + krb5_auth_con_free(context, new_auth_context); + *auth_context = NULL; } cleanup_request: krb5_free_ap_req(context, request); return retval; } - diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 8516c7e..adfa4de 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/rd_req_dec.c * @@ -9,7 +10,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -24,7 +25,7 @@ * CyberSAFE Corporation make any representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_rd_req_decoded() */ @@ -40,43 +41,43 @@ */ /* * Parses a KRB_AP_REQ message, returning its contents. - * + * * server specifies the expected server's name for the ticket; if NULL, then * any server will be accepted if the key can be found, and the caller should * verify that the principal is something it trusts. - * + * * rcache specifies a replay detection cache used to store authenticators and * server names - * + * * keyproc specifies a procedure to generate a decryption key for the * ticket. If keyproc is non-NULL, keyprocarg is passed to it, and the result * used as a decryption key. If keyproc is NULL, then fetchfrom is checked; * if it is non-NULL, it specifies a parameter name from which to retrieve the * decryption key. If fetchfrom is NULL, then the default key store is * consulted. - * + * * authdat is set to point at allocated storage structures; the caller - * should free them when finished. - * + * should free them when finished. + * * returns system errors, encryption errors, replay errors */ static krb5_error_code decrypt_authenticator - (krb5_context, const krb5_ap_req *, krb5_authenticator **, - int); +(krb5_context, const krb5_ap_req *, krb5_authenticator **, + int); static krb5_error_code decode_etype_list(krb5_context context, - const krb5_authenticator *authp, - krb5_enctype **desired_etypes, - int *desired_etypes_len); + const krb5_authenticator *authp, + krb5_enctype **desired_etypes, + int *desired_etypes_len); static krb5_error_code negotiate_etype(krb5_context context, - const krb5_enctype *desired_etypes, - int desired_etypes_len, - int mandatory_etypes_index, - const krb5_enctype *permitted_etypes, - int permitted_etypes_len, - krb5_enctype *negotiated_etype); + const krb5_enctype *desired_etypes, + int desired_etypes_len, + int mandatory_etypes_index, + const krb5_enctype *permitted_etypes, + int permitted_etypes_len, + krb5_enctype *negotiated_etype); krb5_error_code krb5int_check_clockskew(krb5_context context, krb5_timestamp date) @@ -86,86 +87,86 @@ krb5int_check_clockskew(krb5_context context, krb5_timestamp date) retval = krb5_timeofday(context, ¤ttime); if (retval) - return retval; + return retval; if (!(labs((date)-currenttime) < context->clockskew)) - return KRB5KRB_AP_ERR_SKEW; + return KRB5KRB_AP_ERR_SKEW; return 0; } static krb5_error_code krb5_rd_req_decrypt_tkt_part(krb5_context context, const krb5_ap_req *req, - krb5_const_principal server, krb5_keytab keytab, - krb5_keyblock *key) + krb5_const_principal server, krb5_keytab keytab, + krb5_keyblock *key) { - krb5_error_code retval; - krb5_keytab_entry ktent; + krb5_error_code retval; + krb5_keytab_entry ktent; retval = KRB5_KT_NOTFOUND; -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT if (server != NULL || keytab->ops->start_seq_get == NULL) { - retval = krb5_kt_get_entry(context, keytab, - server != NULL ? server : req->ticket->server, - req->ticket->enc_part.kvno, - req->ticket->enc_part.enctype, &ktent); - if (retval == 0) { - retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket); - if (retval == 0 && key != NULL) - retval = krb5_copy_keyblock_contents(context, &ktent.key, key); - - (void) krb5_free_keytab_entry_contents(context, &ktent); - } + retval = krb5_kt_get_entry(context, keytab, + server != NULL ? server : req->ticket->server, + req->ticket->enc_part.kvno, + req->ticket->enc_part.enctype, &ktent); + if (retval == 0) { + retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket); + if (retval == 0 && key != NULL) + retval = krb5_copy_keyblock_contents(context, &ktent.key, key); + + (void) krb5_free_keytab_entry_contents(context, &ktent); + } } else { - krb5_error_code code; - krb5_kt_cursor cursor; - - code = krb5_kt_start_seq_get(context, keytab, &cursor); - if (code != 0) { - retval = code; - goto map_error; - } - - while ((code = krb5_kt_next_entry(context, keytab, - &ktent, &cursor)) == 0) { - if (ktent.key.enctype != req->ticket->enc_part.enctype) - continue; - - retval = krb5_decrypt_tkt_part(context, &ktent.key, - req->ticket); - - if (retval == 0) { - krb5_principal tmp = NULL; - - /* - * We overwrite ticket->server to be the principal - * that we match in the keytab. The reason for doing - * this is that GSS-API and other consumers look at - * that principal to make authorization decisions - * about whether the appropriate server is contacted. - * It might be cleaner to create a new API and store - * the server in the auth_context, but doing so would - * probably miss existing uses of the server. Instead, - * perhaps an API should be created to retrieve the - * server as it appeared in the ticket. - */ - retval = krb5_copy_principal(context, ktent.principal, &tmp); - if (retval == 0 && key != NULL) - retval = krb5_copy_keyblock_contents(context, &ktent.key, key); - if (retval == 0) { - krb5_free_principal(context, req->ticket->server); - req->ticket->server = tmp; - } else { - krb5_free_principal(context, tmp); - } - (void) krb5_free_keytab_entry_contents(context, &ktent); - break; - } - (void) krb5_free_keytab_entry_contents(context, &ktent); - } - - code = krb5_kt_end_seq_get(context, keytab, &cursor); - if (code != 0) - retval = code; + krb5_error_code code; + krb5_kt_cursor cursor; + + code = krb5_kt_start_seq_get(context, keytab, &cursor); + if (code != 0) { + retval = code; + goto map_error; + } + + while ((code = krb5_kt_next_entry(context, keytab, + &ktent, &cursor)) == 0) { + if (ktent.key.enctype != req->ticket->enc_part.enctype) + continue; + + retval = krb5_decrypt_tkt_part(context, &ktent.key, + req->ticket); + + if (retval == 0) { + krb5_principal tmp = NULL; + + /* + * We overwrite ticket->server to be the principal + * that we match in the keytab. The reason for doing + * this is that GSS-API and other consumers look at + * that principal to make authorization decisions + * about whether the appropriate server is contacted. + * It might be cleaner to create a new API and store + * the server in the auth_context, but doing so would + * probably miss existing uses of the server. Instead, + * perhaps an API should be created to retrieve the + * server as it appeared in the ticket. + */ + retval = krb5_copy_principal(context, ktent.principal, &tmp); + if (retval == 0 && key != NULL) + retval = krb5_copy_keyblock_contents(context, &ktent.key, key); + if (retval == 0) { + krb5_free_principal(context, req->ticket->server); + req->ticket->server = tmp; + } else { + krb5_free_principal(context, tmp); + } + (void) krb5_free_keytab_entry_contents(context, &ktent); + break; + } + (void) krb5_free_keytab_entry_contents(context, &ktent); + } + + code = krb5_kt_end_seq_get(context, keytab, &cursor); + if (code != 0) + retval = code; } #endif /* LEAN_CLIENT */ @@ -174,10 +175,10 @@ map_error: case KRB5_KT_KVNONOTFOUND: case KRB5_KT_NOTFOUND: case KRB5KRB_AP_ERR_BAD_INTEGRITY: - retval = KRB5KRB_AP_WRONG_PRINC; - break; + retval = KRB5KRB_AP_WRONG_PRINC; + break; default: - break; + break; } return retval; @@ -189,16 +190,16 @@ static void debug_log_authz_data(const char *which, krb5_authdata **a) { if (a) { - syslog(LOG_ERR|LOG_DAEMON, "%s authz data:", which); - while (*a) { - syslog(LOG_ERR|LOG_DAEMON, " ad_type:%d length:%d '%.*s'", - (*a)->ad_type, (*a)->length, (*a)->length, - (char *) (*a)->contents); - a++; - } - syslog(LOG_ERR|LOG_DAEMON, " [end]"); + syslog(LOG_ERR|LOG_DAEMON, "%s authz data:", which); + while (*a) { + syslog(LOG_ERR|LOG_DAEMON, " ad_type:%d length:%d '%.*s'", + (*a)->ad_type, (*a)->length, (*a)->length, + (char *) (*a)->contents); + a++; + } + syslog(LOG_ERR|LOG_DAEMON, " [end]"); } else - syslog(LOG_ERR|LOG_DAEMON, "no %s authz data", which); + syslog(LOG_ERR|LOG_DAEMON, "no %s authz data", which); } #else static void @@ -209,91 +210,91 @@ debug_log_authz_data(const char *which, krb5_authdata **a) static krb5_error_code krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, - const krb5_ap_req *req, krb5_const_principal server, - krb5_keytab keytab, krb5_flags *ap_req_options, - krb5_ticket **ticket, int check_valid_flag) + const krb5_ap_req *req, krb5_const_principal server, + krb5_keytab keytab, krb5_flags *ap_req_options, + krb5_ticket **ticket, int check_valid_flag) { - krb5_error_code retval = 0; - krb5_principal_data princ_data; - krb5_enctype *desired_etypes = NULL; - int desired_etypes_len = 0; - int rfc4537_etypes_len = 0; - krb5_enctype *permitted_etypes = NULL; - int permitted_etypes_len = 0; - krb5_keyblock decrypt_key; + krb5_error_code retval = 0; + krb5_principal_data princ_data; + krb5_enctype *desired_etypes = NULL; + int desired_etypes_len = 0; + int rfc4537_etypes_len = 0; + krb5_enctype *permitted_etypes = NULL; + int permitted_etypes_len = 0; + krb5_keyblock decrypt_key; decrypt_key.enctype = ENCTYPE_NULL; decrypt_key.contents = NULL; - + req->ticket->enc_part2 = NULL; if (server && krb5_is_referral_realm(&server->realm)) { - char *realm; - princ_data = *server; - server = &princ_data; - retval = krb5_get_default_realm(context, &realm); - if (retval) - return retval; - princ_data.realm.data = realm; - princ_data.realm.length = strlen(realm); + char *realm; + princ_data = *server; + server = &princ_data; + retval = krb5_get_default_realm(context, &realm); + if (retval) + return retval; + princ_data.realm.data = realm; + princ_data.realm.length = strlen(realm); } /* if (req->ap_options & AP_OPTS_USE_SESSION_KEY) - do we need special processing here ? */ + do we need special processing here ? */ /* decrypt the ticket */ if ((*auth_context)->key) { /* User to User authentication */ - if ((retval = krb5_decrypt_tkt_part(context, - &(*auth_context)->key->keyblock, - req->ticket))) - goto cleanup; - if (check_valid_flag) { - decrypt_key = (*auth_context)->key->keyblock; - (*auth_context)->key->keyblock.contents = NULL; - } - krb5_k_free_key(context, (*auth_context)->key); - (*auth_context)->key = NULL; + if ((retval = krb5_decrypt_tkt_part(context, + &(*auth_context)->key->keyblock, + req->ticket))) + goto cleanup; + if (check_valid_flag) { + decrypt_key = (*auth_context)->key->keyblock; + (*auth_context)->key->keyblock.contents = NULL; + } + krb5_k_free_key(context, (*auth_context)->key); + (*auth_context)->key = NULL; } else { - if ((retval = krb5_rd_req_decrypt_tkt_part(context, req, - server, keytab, - check_valid_flag ? &decrypt_key : NULL))) - goto cleanup; + if ((retval = krb5_rd_req_decrypt_tkt_part(context, req, + server, keytab, + check_valid_flag ? &decrypt_key : NULL))) + goto cleanup; } - /* XXX this is an evil hack. check_valid_flag is set iff the call + /* XXX this is an evil hack. check_valid_flag is set iff the call is not from inside the kdc. we can use this to determine which key usage to use */ #ifndef LEAN_CLIENT - if ((retval = decrypt_authenticator(context, req, - &((*auth_context)->authentp), - check_valid_flag))) - goto cleanup; + if ((retval = decrypt_authenticator(context, req, + &((*auth_context)->authentp), + check_valid_flag))) + goto cleanup; #endif if (!krb5_principal_compare(context, (*auth_context)->authentp->client, - req->ticket->enc_part2->client)) { - retval = KRB5KRB_AP_ERR_BADMATCH; - goto cleanup; + req->ticket->enc_part2->client)) { + retval = KRB5KRB_AP_ERR_BADMATCH; + goto cleanup; } - if ((*auth_context)->remote_addr && - !krb5_address_search(context, (*auth_context)->remote_addr, - req->ticket->enc_part2->caddrs)) { - retval = KRB5KRB_AP_ERR_BADADDR; - goto cleanup; + if ((*auth_context)->remote_addr && + !krb5_address_search(context, (*auth_context)->remote_addr, + req->ticket->enc_part2->caddrs)) { + retval = KRB5KRB_AP_ERR_BADADDR; + goto cleanup; } if (!server) { - server = req->ticket->server; + server = req->ticket->server; } /* Get an rcache if necessary. */ if (((*auth_context)->rcache == NULL) - && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) - && server) { - if ((retval = krb5_get_server_rcache(context, - krb5_princ_component(context, - server,0), - &(*auth_context)->rcache))) - goto cleanup; + && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) + && server) { + if ((retval = krb5_get_server_rcache(context, + krb5_princ_component(context, + server,0), + &(*auth_context)->rcache))) + goto cleanup; } /* okay, now check cross-realm policy */ @@ -301,60 +302,60 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, /* Single hop cross-realm tickets only */ - { - krb5_transited *trans = &(req->ticket->enc_part2->transited); + { + krb5_transited *trans = &(req->ticket->enc_part2->transited); - /* If the transited list is empty, then we have at most one hop */ - if (trans->tr_contents.data && trans->tr_contents.data[0]) - retval = KRB5KRB_AP_ERR_ILL_CR_TKT; + /* If the transited list is empty, then we have at most one hop */ + if (trans->tr_contents.data && trans->tr_contents.data[0]) + retval = KRB5KRB_AP_ERR_ILL_CR_TKT; } #elif defined(_NO_CROSS_REALM) /* No cross-realm tickets */ - { - char * lrealm; - krb5_data * realm; - krb5_transited * trans; - - realm = krb5_princ_realm(context, req->ticket->enc_part2->client); - trans = &(req->ticket->enc_part2->transited); - - /* - * If the transited list is empty, then we have at most one hop - * So we also have to check that the client's realm is the local one - */ - krb5_get_default_realm(context, &lrealm); - if ((trans->tr_contents.data && trans->tr_contents.data[0]) || - !data_eq_string(*realm, lrealm)) { - retval = KRB5KRB_AP_ERR_ILL_CR_TKT; - } - free(lrealm); + { + char * lrealm; + krb5_data * realm; + krb5_transited * trans; + + realm = krb5_princ_realm(context, req->ticket->enc_part2->client); + trans = &(req->ticket->enc_part2->transited); + + /* + * If the transited list is empty, then we have at most one hop + * So we also have to check that the client's realm is the local one + */ + krb5_get_default_realm(context, &lrealm); + if ((trans->tr_contents.data && trans->tr_contents.data[0]) || + !data_eq_string(*realm, lrealm)) { + retval = KRB5KRB_AP_ERR_ILL_CR_TKT; + } + free(lrealm); } #else /* Hierarchical Cross-Realm */ - + { - krb5_data * realm; - krb5_transited * trans; - - realm = krb5_princ_realm(context, req->ticket->enc_part2->client); - trans = &(req->ticket->enc_part2->transited); - - /* - * If the transited list is not empty, then check that all realms - * transited are within the hierarchy between the client's realm - * and the local realm. - */ - if (trans->tr_contents.data && trans->tr_contents.data[0]) { - retval = krb5_check_transited_list(context, &(trans->tr_contents), - realm, - krb5_princ_realm (context, - server)); - } + krb5_data * realm; + krb5_transited * trans; + + realm = krb5_princ_realm(context, req->ticket->enc_part2->client); + trans = &(req->ticket->enc_part2->transited); + + /* + * If the transited list is not empty, then check that all realms + * transited are within the hierarchy between the client's realm + * and the local realm. + */ + if (trans->tr_contents.data && trans->tr_contents.data[0]) { + retval = krb5_check_transited_list(context, &(trans->tr_contents), + realm, + krb5_princ_realm (context, + server)); + } } #endif @@ -365,69 +366,69 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, may not be able to use replay caches (such as datagram servers) */ if ((*auth_context)->rcache) { - krb5_donot_replay rep; - krb5_tkt_authent tktauthent; - - tktauthent.ticket = req->ticket; - tktauthent.authenticator = (*auth_context)->authentp; - if (!(retval = krb5_auth_to_rep(context, &tktauthent, &rep))) { - retval = krb5_rc_hash_message(context, - &req->authenticator.ciphertext, - &rep.msghash); - if (!retval) { - retval = krb5_rc_store(context, (*auth_context)->rcache, &rep); - free(rep.msghash); - } - free(rep.server); - free(rep.client); - } - - if (retval) - goto cleanup; + krb5_donot_replay rep; + krb5_tkt_authent tktauthent; + + tktauthent.ticket = req->ticket; + tktauthent.authenticator = (*auth_context)->authentp; + if (!(retval = krb5_auth_to_rep(context, &tktauthent, &rep))) { + retval = krb5_rc_hash_message(context, + &req->authenticator.ciphertext, + &rep.msghash); + if (!retval) { + retval = krb5_rc_store(context, (*auth_context)->rcache, &rep); + free(rep.msghash); + } + free(rep.server); + free(rep.client); + } + + if (retval) + goto cleanup; } retval = krb5_validate_times(context, &req->ticket->enc_part2->times); if (retval != 0) - goto cleanup; + goto cleanup; if ((retval = krb5int_check_clockskew(context, (*auth_context)->authentp->ctime))) - goto cleanup; + goto cleanup; if (check_valid_flag) { - if (req->ticket->enc_part2->flags & TKT_FLG_INVALID) { - retval = KRB5KRB_AP_ERR_TKT_INVALID; - goto cleanup; - } - - if ((retval = krb5_authdata_context_init(context, - &(*auth_context)->ad_context))) - goto cleanup; - if ((retval = krb5int_authdata_verify(context, - (*auth_context)->ad_context, - AD_USAGE_MASK, - auth_context, - &decrypt_key, - req))) - goto cleanup; + if (req->ticket->enc_part2->flags & TKT_FLG_INVALID) { + retval = KRB5KRB_AP_ERR_TKT_INVALID; + goto cleanup; + } + + if ((retval = krb5_authdata_context_init(context, + &(*auth_context)->ad_context))) + goto cleanup; + if ((retval = krb5int_authdata_verify(context, + (*auth_context)->ad_context, + AD_USAGE_MASK, + auth_context, + &decrypt_key, + req))) + goto cleanup; } /* read RFC 4537 etype list from sender */ retval = decode_etype_list(context, - (*auth_context)->authentp, - &desired_etypes, - &rfc4537_etypes_len); + (*auth_context)->authentp, + &desired_etypes, + &rfc4537_etypes_len); if (retval != 0) - goto cleanup; + goto cleanup; if (desired_etypes == NULL) - desired_etypes = (krb5_enctype *)calloc(4, sizeof(krb5_enctype)); + desired_etypes = (krb5_enctype *)calloc(4, sizeof(krb5_enctype)); else - desired_etypes = (krb5_enctype *)realloc(desired_etypes, - (rfc4537_etypes_len + 4) * - sizeof(krb5_enctype)); + desired_etypes = (krb5_enctype *)realloc(desired_etypes, + (rfc4537_etypes_len + 4) * + sizeof(krb5_enctype)); if (desired_etypes == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } desired_etypes_len = rfc4537_etypes_len; @@ -457,105 +458,105 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, */ if ((*auth_context)->authentp->subkey != NULL) { - desired_etypes[desired_etypes_len++] = (*auth_context)->authentp->subkey->enctype; + desired_etypes[desired_etypes_len++] = (*auth_context)->authentp->subkey->enctype; } desired_etypes[desired_etypes_len++] = req->ticket->enc_part2->session->enctype; desired_etypes[desired_etypes_len] = ENCTYPE_NULL; if (((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_PERMIT_ALL) == 0) { - if ((*auth_context)->permitted_etypes != NULL) { - permitted_etypes = (*auth_context)->permitted_etypes; - } else { - retval = krb5_get_permitted_enctypes(context, &permitted_etypes); - if (retval != 0) - goto cleanup; - } - for (permitted_etypes_len = 0; - permitted_etypes[permitted_etypes_len] != ENCTYPE_NULL; - permitted_etypes_len++) - ; + if ((*auth_context)->permitted_etypes != NULL) { + permitted_etypes = (*auth_context)->permitted_etypes; + } else { + retval = krb5_get_permitted_enctypes(context, &permitted_etypes); + if (retval != 0) + goto cleanup; + } + for (permitted_etypes_len = 0; + permitted_etypes[permitted_etypes_len] != ENCTYPE_NULL; + permitted_etypes_len++) + ; } else { - permitted_etypes = NULL; - permitted_etypes_len = 0; + permitted_etypes = NULL; + permitted_etypes_len = 0; } /* check if the various etypes are permitted */ retval = negotiate_etype(context, - desired_etypes, desired_etypes_len, - rfc4537_etypes_len, - permitted_etypes, permitted_etypes_len, - &(*auth_context)->negotiated_etype); + desired_etypes, desired_etypes_len, + rfc4537_etypes_len, + permitted_etypes, permitted_etypes_len, + &(*auth_context)->negotiated_etype); if (retval != 0) - goto cleanup; + goto cleanup; assert((*auth_context)->negotiated_etype != ENCTYPE_NULL); (*auth_context)->remote_seq_number = (*auth_context)->authentp->seq_number; if ((*auth_context)->authentp->subkey) { - if ((retval = krb5_k_create_key(context, - (*auth_context)->authentp->subkey, - &((*auth_context)->recv_subkey)))) - goto cleanup; - retval = krb5_k_create_key(context, (*auth_context)->authentp->subkey, - &((*auth_context)->send_subkey)); - if (retval) { - krb5_k_free_key(context, (*auth_context)->recv_subkey); - (*auth_context)->recv_subkey = NULL; - goto cleanup; - } + if ((retval = krb5_k_create_key(context, + (*auth_context)->authentp->subkey, + &((*auth_context)->recv_subkey)))) + goto cleanup; + retval = krb5_k_create_key(context, (*auth_context)->authentp->subkey, + &((*auth_context)->send_subkey)); + if (retval) { + krb5_k_free_key(context, (*auth_context)->recv_subkey); + (*auth_context)->recv_subkey = NULL; + goto cleanup; + } } else { - (*auth_context)->recv_subkey = 0; - (*auth_context)->send_subkey = 0; + (*auth_context)->recv_subkey = 0; + (*auth_context)->send_subkey = 0; } if ((retval = krb5_k_create_key(context, req->ticket->enc_part2->session, - &((*auth_context)->key)))) - goto cleanup; + &((*auth_context)->key)))) + goto cleanup; debug_log_authz_data("ticket", req->ticket->enc_part2->authorization_data); /* - * If not AP_OPTS_MUTUAL_REQUIRED then and sequence numbers are used + * If not AP_OPTS_MUTUAL_REQUIRED then and sequence numbers are used * then the default sequence number is the one's complement of the * sequence number sent ot us. */ - if ((!(req->ap_options & AP_OPTS_MUTUAL_REQUIRED)) && - (*auth_context)->remote_seq_number) { - (*auth_context)->local_seq_number ^= - (*auth_context)->remote_seq_number; + if ((!(req->ap_options & AP_OPTS_MUTUAL_REQUIRED)) && + (*auth_context)->remote_seq_number) { + (*auth_context)->local_seq_number ^= + (*auth_context)->remote_seq_number; } if (ticket) - if ((retval = krb5_copy_ticket(context, req->ticket, ticket))) - goto cleanup; + if ((retval = krb5_copy_ticket(context, req->ticket, ticket))) + goto cleanup; if (ap_req_options) { - *ap_req_options = req->ap_options & AP_OPTS_WIRE_MASK; - if (rfc4537_etypes_len != 0) - *ap_req_options |= AP_OPTS_ETYPE_NEGOTIATION; - if ((*auth_context)->negotiated_etype != - krb5_k_key_enctype(context, (*auth_context)->key)) - *ap_req_options |= AP_OPTS_USE_SUBKEY; + *ap_req_options = req->ap_options & AP_OPTS_WIRE_MASK; + if (rfc4537_etypes_len != 0) + *ap_req_options |= AP_OPTS_ETYPE_NEGOTIATION; + if ((*auth_context)->negotiated_etype != + krb5_k_key_enctype(context, (*auth_context)->key)) + *ap_req_options |= AP_OPTS_USE_SUBKEY; } retval = 0; - + cleanup: if (desired_etypes != NULL) - free(desired_etypes); + free(desired_etypes); if (permitted_etypes != NULL && - permitted_etypes != (*auth_context)->permitted_etypes) - free(permitted_etypes); + permitted_etypes != (*auth_context)->permitted_etypes) + free(permitted_etypes); if (server == &princ_data) - krb5_free_default_realm(context, princ_data.realm.data); + krb5_free_default_realm(context, princ_data.realm.data); if (retval) { - /* only free if we're erroring out...otherwise some - applications will need the output. */ - if (req->ticket->enc_part2) - krb5_free_enc_tkt_part(context, req->ticket->enc_part2); - req->ticket->enc_part2 = NULL; + /* only free if we're erroring out...otherwise some + applications will need the output. */ + if (req->ticket->enc_part2) + krb5_free_enc_tkt_part(context, req->ticket->enc_part2); + req->ticket->enc_part2 = NULL; } if (check_valid_flag) - krb5_free_keyblock_contents(context, &decrypt_key); + krb5_free_keyblock_contents(context, &decrypt_key); return retval; } @@ -566,12 +567,12 @@ krb5_rd_req_decoded(krb5_context context, krb5_auth_context *auth_context, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket) { - krb5_error_code retval; - retval = krb5_rd_req_decoded_opt(context, auth_context, - req, server, keytab, - ap_req_options, ticket, - 1); /* check_valid_flag */ - return retval; + krb5_error_code retval; + retval = krb5_rd_req_decoded_opt(context, auth_context, + req, server, keytab, + ap_req_options, ticket, + 1); /* check_valid_flag */ + return retval; } krb5_error_code @@ -581,18 +582,18 @@ krb5_rd_req_decoded_anyflag(krb5_context context, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket) { - krb5_error_code retval; - retval = krb5_rd_req_decoded_opt(context, auth_context, - req, server, keytab, - ap_req_options, ticket, - 0); /* don't check_valid_flag */ - return retval; + krb5_error_code retval; + retval = krb5_rd_req_decoded_opt(context, auth_context, + req, server, keytab, + ap_req_options, ticket, + 0); /* don't check_valid_flag */ + return retval; } #ifndef LEAN_CLIENT static krb5_error_code decrypt_authenticator(krb5_context context, const krb5_ap_req *request, - krb5_authenticator **authpp, int is_ap_req) + krb5_authenticator **authpp, int is_ap_req) { krb5_authenticator *local_auth; krb5_error_code retval; @@ -603,23 +604,23 @@ decrypt_authenticator(krb5_context context, const krb5_ap_req *request, scratch.length = request->authenticator.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) - return(ENOMEM); + return(ENOMEM); if ((retval = krb5_c_decrypt(context, sesskey, - is_ap_req?KRB5_KEYUSAGE_AP_REQ_AUTH: - KRB5_KEYUSAGE_TGS_REQ_AUTH, 0, - &request->authenticator, &scratch))) { - free(scratch.data); - return(retval); + is_ap_req?KRB5_KEYUSAGE_AP_REQ_AUTH: + KRB5_KEYUSAGE_TGS_REQ_AUTH, 0, + &request->authenticator, &scratch))) { + free(scratch.data); + return(retval); } -#define clean_scratch() {memset(scratch.data, 0, scratch.length); \ -free(scratch.data);} +#define clean_scratch() {memset(scratch.data, 0, scratch.length); \ + free(scratch.data);} /* now decode the decrypted stuff */ if (!(retval = decode_krb5_authenticator(&scratch, &local_auth))) { - *authpp = local_auth; - debug_log_authz_data("authenticator", local_auth->authorization_data); + *authpp = local_auth; + debug_log_authz_data("authenticator", local_auth->authorization_data); } clean_scratch(); return retval; @@ -628,12 +629,12 @@ free(scratch.data);} static krb5_error_code negotiate_etype(krb5_context context, - const krb5_enctype *desired_etypes, - int desired_etypes_len, - int mandatory_etypes_index, - const krb5_enctype *permitted_etypes, - int permitted_etypes_len, - krb5_enctype *negotiated_etype) + const krb5_enctype *desired_etypes, + int desired_etypes_len, + int mandatory_etypes_index, + const krb5_enctype *permitted_etypes, + int permitted_etypes_len, + krb5_enctype *negotiated_etype) { int i, j; @@ -641,26 +642,26 @@ negotiate_etype(krb5_context context, /* mandatory segment of desired_etypes must be permitted */ for (i = mandatory_etypes_index; i < desired_etypes_len; i++) { - krb5_boolean permitted = FALSE; - - for (j = 0; j < permitted_etypes_len; j++) { - if (desired_etypes[i] == permitted_etypes[j]) { - permitted = TRUE; - break; - } - } - - if (permitted == FALSE) { - char enctype_name[30]; - - if (krb5_enctype_to_string(desired_etypes[i], - enctype_name, - sizeof(enctype_name)) == 0) - krb5_set_error_message(context, KRB5_NOPERM_ETYPE, - "Encryption type %s not permitted", - enctype_name); - return KRB5_NOPERM_ETYPE; - } + krb5_boolean permitted = FALSE; + + for (j = 0; j < permitted_etypes_len; j++) { + if (desired_etypes[i] == permitted_etypes[j]) { + permitted = TRUE; + break; + } + } + + if (permitted == FALSE) { + char enctype_name[30]; + + if (krb5_enctype_to_string(desired_etypes[i], + enctype_name, + sizeof(enctype_name)) == 0) + krb5_set_error_message(context, KRB5_NOPERM_ETYPE, + "Encryption type %s not permitted", + enctype_name); + return KRB5_NOPERM_ETYPE; + } } /* @@ -668,12 +669,12 @@ negotiate_etype(krb5_context context, * find first desired_etype that matches. */ for (j = 0; j < permitted_etypes_len; j++) { - for (i = 0; i < desired_etypes_len; i++) { - if (desired_etypes[i] == permitted_etypes[j]) { - *negotiated_etype = permitted_etypes[j]; - return 0; - } - } + for (i = 0; i < desired_etypes_len; i++) { + if (desired_etypes[i] == permitted_etypes[j]) { + *negotiated_etype = permitted_etypes[j]; + return 0; + } + } } /*NOTREACHED*/ @@ -682,9 +683,9 @@ negotiate_etype(krb5_context context, static krb5_error_code decode_etype_list(krb5_context context, - const krb5_authenticator *authp, - krb5_enctype **desired_etypes, - int *desired_etypes_len) + const krb5_authenticator *authp, + krb5_enctype **desired_etypes, + int *desired_etypes_len) { krb5_error_code code; krb5_authdata **ad_if_relevant = NULL; @@ -696,59 +697,58 @@ decode_etype_list(krb5_context context, *desired_etypes = NULL; if (authp->authorization_data == NULL) - return 0; + return 0; /* * RFC 4537 says that ETYPE_NEGOTIATION auth data should be wrapped * in AD_IF_RELEVANT, but we handle the case where it is mandatory. */ for (i = 0; authp->authorization_data[i] != NULL; i++) { - switch (authp->authorization_data[i]->ad_type) { - case KRB5_AUTHDATA_IF_RELEVANT: - code = krb5_decode_authdata_container(context, - KRB5_AUTHDATA_IF_RELEVANT, - authp->authorization_data[i], - &ad_if_relevant); - if (code != 0) - continue; - - for (j = 0; ad_if_relevant[j] != NULL; j++) { - if (ad_if_relevant[j]->ad_type == KRB5_AUTHDATA_ETYPE_NEGOTIATION) { - etype_adata = ad_if_relevant[j]; - break; - } - } - if (etype_adata == NULL) { - krb5_free_authdata(context, ad_if_relevant); - ad_if_relevant = NULL; - } - break; - case KRB5_AUTHDATA_ETYPE_NEGOTIATION: - etype_adata = authp->authorization_data[i]; - break; - default: - break; - } - if (etype_adata != NULL) - break; + switch (authp->authorization_data[i]->ad_type) { + case KRB5_AUTHDATA_IF_RELEVANT: + code = krb5_decode_authdata_container(context, + KRB5_AUTHDATA_IF_RELEVANT, + authp->authorization_data[i], + &ad_if_relevant); + if (code != 0) + continue; + + for (j = 0; ad_if_relevant[j] != NULL; j++) { + if (ad_if_relevant[j]->ad_type == KRB5_AUTHDATA_ETYPE_NEGOTIATION) { + etype_adata = ad_if_relevant[j]; + break; + } + } + if (etype_adata == NULL) { + krb5_free_authdata(context, ad_if_relevant); + ad_if_relevant = NULL; + } + break; + case KRB5_AUTHDATA_ETYPE_NEGOTIATION: + etype_adata = authp->authorization_data[i]; + break; + default: + break; + } + if (etype_adata != NULL) + break; } if (etype_adata == NULL) - return 0; + return 0; data.data = (char *)etype_adata->contents; data.length = etype_adata->length; code = decode_krb5_etype_list(&data, &etype_list); if (code == 0) { - *desired_etypes = etype_list->etypes; - *desired_etypes_len = etype_list->length; - free(etype_list); + *desired_etypes = etype_list->etypes; + *desired_etypes_len = etype_list->length; + free(etype_list); } if (ad_if_relevant != NULL) - krb5_free_authdata(context, ad_if_relevant); + krb5_free_authdata(context, ad_if_relevant); return code; } - diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index 68c1331..924cb9f 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/rd_safe.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_rd_safe() */ @@ -32,27 +33,27 @@ #include "auth_con.h" /* - parses a KRB_SAFE message from inbuf, placing the integrity-protected user - data in *outbuf. + parses a KRB_SAFE message from inbuf, placing the integrity-protected user + data in *outbuf. - key specifies the key to be used for decryption of the message. - - sender_addr and recv_addr specify the full addresses (host and port) of - the sender and receiver. + key specifies the key to be used for decryption of the message. - outbuf points to allocated storage which the caller should free when finished. + sender_addr and recv_addr specify the full addresses (host and port) of + the sender and receiver. - returns system errors, integrity errors - */ + outbuf points to allocated storage which the caller should free when finished. + + returns system errors, integrity errors +*/ static krb5_error_code krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, - krb5_key key, - const krb5_address *recv_addr, - const krb5_address *sender_addr, - krb5_replay_data *replaydata, krb5_data *outbuf) + krb5_key key, + const krb5_address *recv_addr, + const krb5_address *sender_addr, + krb5_replay_data *replaydata, krb5_data *outbuf) { - krb5_error_code retval; - krb5_safe * message; + krb5_error_code retval; + krb5_safe * message; krb5_data safe_body; krb5_checksum our_cksum, *his_cksum; krb5_octet zero_octet = 0; @@ -61,45 +62,45 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, struct krb5_safe_with_body swb; if (!krb5_is_krb_safe(inbuf)) - return KRB5KRB_AP_ERR_MSG_TYPE; + return KRB5KRB_AP_ERR_MSG_TYPE; if ((retval = decode_krb5_safe_with_body(inbuf, &message, &safe_body))) - return retval; + return retval; if (!krb5_c_valid_cksumtype(message->checksum->checksum_type)) { - retval = KRB5_PROG_SUMTYPE_NOSUPP; - goto cleanup; + retval = KRB5_PROG_SUMTYPE_NOSUPP; + goto cleanup; } if (!krb5_c_is_coll_proof_cksum(message->checksum->checksum_type) || - !krb5_c_is_keyed_cksum(message->checksum->checksum_type)) { - retval = KRB5KRB_AP_ERR_INAPP_CKSUM; - goto cleanup; + !krb5_c_is_keyed_cksum(message->checksum->checksum_type)) { + retval = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto cleanup; } if (!krb5_address_compare(context, sender_addr, message->s_address)) { - retval = KRB5KRB_AP_ERR_BADADDR; - goto cleanup; + retval = KRB5KRB_AP_ERR_BADADDR; + goto cleanup; } if (message->r_address) { - if (recv_addr) { - if (!krb5_address_compare(context, recv_addr, message->r_address)) { - retval = KRB5KRB_AP_ERR_BADADDR; - goto cleanup; - } - } else { - krb5_address **our_addrs; - - if ((retval = krb5_os_localaddr(context, &our_addrs))) - goto cleanup; - - if (!krb5_address_search(context, message->r_address, our_addrs)) { - krb5_free_addresses(context, our_addrs); - retval = KRB5KRB_AP_ERR_BADADDR; - goto cleanup; - } - krb5_free_addresses(context, our_addrs); - } + if (recv_addr) { + if (!krb5_address_compare(context, recv_addr, message->r_address)) { + retval = KRB5KRB_AP_ERR_BADADDR; + goto cleanup; + } + } else { + krb5_address **our_addrs; + + if ((retval = krb5_os_localaddr(context, &our_addrs))) + goto cleanup; + + if (!krb5_address_search(context, message->r_address, our_addrs)) { + krb5_free_addresses(context, our_addrs); + retval = KRB5KRB_AP_ERR_BADADDR; + goto cleanup; + } + krb5_free_addresses(context, our_addrs); + } } /* verify the checksum */ @@ -122,27 +123,27 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, retval = encode_krb5_safe_with_body(&swb, &scratch); message->checksum = his_cksum; if (retval) - goto cleanup; + goto cleanup; retval = krb5_k_verify_checksum(context, key, - KRB5_KEYUSAGE_KRB_SAFE_CKSUM, - scratch, his_cksum, &valid); + KRB5_KEYUSAGE_KRB_SAFE_CKSUM, + scratch, his_cksum, &valid); (void) memset(scratch->data, 0, scratch->length); krb5_free_data(context, scratch); - + if (!valid) { - /* - * Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in - * case someone actually implements it correctly. - */ - retval = krb5_k_verify_checksum(context, key, - KRB5_KEYUSAGE_KRB_SAFE_CKSUM, - &safe_body, his_cksum, &valid); - if (!valid) { - retval = KRB5KRB_AP_ERR_MODIFIED; - goto cleanup; - } + /* + * Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in + * case someone actually implements it correctly. + */ + retval = krb5_k_verify_checksum(context, key, + KRB5_KEYUSAGE_KRB_SAFE_CKSUM, + &safe_body, his_cksum, &valid); + if (!valid) { + retval = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; + } } replaydata->timestamp = message->timestamp; @@ -152,7 +153,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, *outbuf = message->user_data; message->user_data.data = NULL; retval = 0; - + cleanup: krb5_free_safe(context, message); return retval; @@ -160,114 +161,114 @@ cleanup: krb5_error_code KRB5_CALLCONV krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, - const krb5_data *inbuf, krb5_data *outbuf, - krb5_replay_data *outdata) + const krb5_data *inbuf, krb5_data *outbuf, + krb5_replay_data *outdata) { - krb5_error_code retval; - krb5_key key; - krb5_replay_data replaydata; + krb5_error_code retval; + krb5_key key; + krb5_replay_data replaydata; if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - (outdata == NULL)) - /* Need a better error */ - return KRB5_RC_REQUIRED; + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && + (outdata == NULL)) + /* Need a better error */ + return KRB5_RC_REQUIRED; if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) && - (auth_context->rcache == NULL)) - return KRB5_RC_REQUIRED; + (auth_context->rcache == NULL)) + return KRB5_RC_REQUIRED; if (!auth_context->remote_addr) - return KRB5_REMOTE_ADDR_REQUIRED; + return KRB5_REMOTE_ADDR_REQUIRED; /* Get key */ if ((key = auth_context->recv_subkey) == NULL) - key = auth_context->key; + key = auth_context->key; + + { + krb5_address * premote_fulladdr; + krb5_address * plocal_fulladdr = NULL; + krb5_address remote_fulladdr; + krb5_address local_fulladdr; + CLEANUP_INIT(2); + + if (auth_context->local_addr) { + if (auth_context->local_port) { + if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr, + auth_context->local_port, + &local_fulladdr))){ + CLEANUP_PUSH(local_fulladdr.contents, free); + plocal_fulladdr = &local_fulladdr; + } else { + return retval; + } + } else { + plocal_fulladdr = auth_context->local_addr; + } + } -{ - krb5_address * premote_fulladdr; - krb5_address * plocal_fulladdr = NULL; - krb5_address remote_fulladdr; - krb5_address local_fulladdr; - CLEANUP_INIT(2); - - if (auth_context->local_addr) { - if (auth_context->local_port) { - if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr, - auth_context->local_port, - &local_fulladdr))){ - CLEANUP_PUSH(local_fulladdr.contents, free); - plocal_fulladdr = &local_fulladdr; + if (auth_context->remote_port) { + if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr, + auth_context->remote_port, + &remote_fulladdr))){ + CLEANUP_PUSH(remote_fulladdr.contents, free); + premote_fulladdr = &remote_fulladdr; } else { - return retval; + return retval; } - } else { - plocal_fulladdr = auth_context->local_addr; + } else { + premote_fulladdr = auth_context->remote_addr; } - } - if (auth_context->remote_port) { - if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr, - auth_context->remote_port, - &remote_fulladdr))){ - CLEANUP_PUSH(remote_fulladdr.contents, free); - premote_fulladdr = &remote_fulladdr; - } else { - return retval; - } - } else { - premote_fulladdr = auth_context->remote_addr; - } + memset(&replaydata, 0, sizeof(replaydata)); + if ((retval = krb5_rd_safe_basic(context, inbuf, key, + plocal_fulladdr, premote_fulladdr, + &replaydata, outbuf))) { + CLEANUP_DONE(); + return retval; + } - memset(&replaydata, 0, sizeof(replaydata)); - if ((retval = krb5_rd_safe_basic(context, inbuf, key, - plocal_fulladdr, premote_fulladdr, - &replaydata, outbuf))) { - CLEANUP_DONE(); - return retval; + CLEANUP_DONE(); } - CLEANUP_DONE(); -} - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) { - krb5_donot_replay replay; - - if ((retval = krb5int_check_clockskew(context, replaydata.timestamp))) - goto error; - - if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr, - "_safe", &replay.client))) - goto error; - - replay.server = ""; /* XXX */ - replay.msghash = NULL; - replay.cusec = replaydata.usec; - replay.ctime = replaydata.timestamp; - if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) { - free(replay.client); - goto error; - } - free(replay.client); + krb5_donot_replay replay; + + if ((retval = krb5int_check_clockskew(context, replaydata.timestamp))) + goto error; + + if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr, + "_safe", &replay.client))) + goto error; + + replay.server = ""; /* XXX */ + replay.msghash = NULL; + replay.cusec = replaydata.usec; + replay.ctime = replaydata.timestamp; + if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) { + free(replay.client); + goto error; + } + free(replay.client); } if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - if (!krb5int_auth_con_chkseqnum(context, auth_context, - replaydata.seq)) { - retval = KRB5KRB_AP_ERR_BADORDER; - goto error; - } - auth_context->remote_seq_number++; + if (!krb5int_auth_con_chkseqnum(context, auth_context, + replaydata.seq)) { + retval = KRB5KRB_AP_ERR_BADORDER; + goto error; + } + auth_context->remote_seq_number++; } if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) || - (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { - outdata->timestamp = replaydata.timestamp; - outdata->usec = replaydata.usec; - outdata->seq = replaydata.seq; + (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) { + outdata->timestamp = replaydata.timestamp; + outdata->usec = replaydata.usec; + outdata->seq = replaydata.seq; } - + /* everything is ok - return data to the user */ return 0; @@ -276,4 +277,3 @@ error: return retval; } - diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index 611546a..90746ba 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/recvauth.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * convenience sendauth/recvauth functions */ @@ -38,79 +39,79 @@ static const char sendauth_version[] = "KRB5_SENDAUTH_V1.0"; static krb5_error_code recvauth_common(krb5_context context, - krb5_auth_context * auth_context, - /* IN */ - krb5_pointer fd, - char *appl_version, - krb5_principal server, - krb5_int32 flags, - krb5_keytab keytab, - /* OUT */ - krb5_ticket ** ticket, - krb5_data *version) + krb5_auth_context * auth_context, + /* IN */ + krb5_pointer fd, + char *appl_version, + krb5_principal server, + krb5_int32 flags, + krb5_keytab keytab, + /* OUT */ + krb5_ticket ** ticket, + krb5_data *version) { - krb5_auth_context new_auth_context; - krb5_flags ap_option = 0; - krb5_error_code retval, problem; - krb5_data inbuf; - krb5_data outbuf; - krb5_rcache rcache = 0; - krb5_octet response; - krb5_data null_server; + krb5_auth_context new_auth_context; + krb5_flags ap_option = 0; + krb5_error_code retval, problem; + krb5_data inbuf; + krb5_data outbuf; + krb5_rcache rcache = 0; + krb5_octet response; + krb5_data null_server; int need_error_free = 0; - int local_rcache = 0, local_authcon = 0; - - /* - * Zero out problem variable. If problem is set at the end of - * the intial version negotiation section, it means that we - * need to send an error code back to the client application - * and exit. - */ - problem = 0; - response = 0; - - if (!(flags & KRB5_RECVAUTH_SKIP_VERSION)) { - /* - * First read the sendauth version string and check it. - */ - if ((retval = krb5_read_message(context, fd, &inbuf))) - return(retval); - if (strcmp(inbuf.data, sendauth_version)) { - problem = KRB5_SENDAUTH_BADAUTHVERS; - response = 1; - } - free(inbuf.data); - } - if (flags & KRB5_RECVAUTH_BADAUTHVERS) { - problem = KRB5_SENDAUTH_BADAUTHVERS; - response = 1; - } - - /* - * Do the same thing for the application version string. - */ - if ((retval = krb5_read_message(context, fd, &inbuf))) - return(retval); - if (appl_version && strcmp(inbuf.data, appl_version)) { - if (!problem) { - problem = KRB5_SENDAUTH_BADAPPLVERS; - response = 2; - } - } - if (version && !problem) - *version = inbuf; - else - free(inbuf.data); - - /* - * Now we actually write the response. If the response is non-zero, - * exit with a return value of problem - */ - if ((krb5_net_write(context, *((int *)fd), (char *)&response, 1)) < 0) { - return(problem); /* We'll return the top-level problem */ - } - if (problem) - return(problem); + int local_rcache = 0, local_authcon = 0; + + /* + * Zero out problem variable. If problem is set at the end of + * the intial version negotiation section, it means that we + * need to send an error code back to the client application + * and exit. + */ + problem = 0; + response = 0; + + if (!(flags & KRB5_RECVAUTH_SKIP_VERSION)) { + /* + * First read the sendauth version string and check it. + */ + if ((retval = krb5_read_message(context, fd, &inbuf))) + return(retval); + if (strcmp(inbuf.data, sendauth_version)) { + problem = KRB5_SENDAUTH_BADAUTHVERS; + response = 1; + } + free(inbuf.data); + } + if (flags & KRB5_RECVAUTH_BADAUTHVERS) { + problem = KRB5_SENDAUTH_BADAUTHVERS; + response = 1; + } + + /* + * Do the same thing for the application version string. + */ + if ((retval = krb5_read_message(context, fd, &inbuf))) + return(retval); + if (appl_version && strcmp(inbuf.data, appl_version)) { + if (!problem) { + problem = KRB5_SENDAUTH_BADAPPLVERS; + response = 2; + } + } + if (version && !problem) + *version = inbuf; + else + free(inbuf.data); + + /* + * Now we actually write the response. If the response is non-zero, + * exit with a return value of problem + */ + if ((krb5_net_write(context, *((int *)fd), (char *)&response, 1)) < 0) { + return(problem); /* We'll return the top-level problem */ + } + if (problem) + return(problem); /* We are clear of errors here */ @@ -121,9 +122,9 @@ recvauth_common(krb5_context context, return retval; if (*auth_context == NULL) { - problem = krb5_auth_con_init(context, &new_auth_context); - *auth_context = new_auth_context; - local_authcon = 1; + problem = krb5_auth_con_init(context, &new_auth_context); + *auth_context = new_auth_context; + local_authcon = 1; } krb5_auth_con_getrcache(context, *auth_context, &rcache); if ((!problem) && rcache == NULL) { @@ -131,93 +132,93 @@ recvauth_common(krb5_context context, * Setup the replay cache. */ if (server) { - problem = krb5_get_server_rcache(context, - krb5_princ_component(context, server, 0), &rcache); + problem = krb5_get_server_rcache(context, + krb5_princ_component(context, server, 0), &rcache); } else { - null_server.length = 7; - null_server.data = "default"; - problem = krb5_get_server_rcache(context, &null_server, &rcache); + null_server.length = 7; + null_server.data = "default"; + problem = krb5_get_server_rcache(context, &null_server, &rcache); } - if (!problem) - problem = krb5_auth_con_setrcache(context, *auth_context, rcache); - local_rcache = 1; + if (!problem) + problem = krb5_auth_con_setrcache(context, *auth_context, rcache); + local_rcache = 1; } if (!problem) { - problem = krb5_rd_req(context, auth_context, &inbuf, server, - keytab, &ap_option, ticket); - free(inbuf.data); + problem = krb5_rd_req(context, auth_context, &inbuf, server, + keytab, &ap_option, ticket); + free(inbuf.data); } - + /* * If there was a problem, send back a krb5_error message, * preceeded by the length of the krb5_error message. If * everything's ok, send back 0 for the length. */ if (problem) { - krb5_error error; - const char *message; - - memset(&error, 0, sizeof(error)); - krb5_us_timeofday(context, &error.stime, &error.susec); - if(server) - error.server = server; - else { - /* If this fails - ie. ENOMEM we are hosed - we cannot even send the error if we wanted to... */ - (void) krb5_parse_name(context, "????", &error.server); - need_error_free = 1; - } - - error.error = problem - ERROR_TABLE_BASE_krb5; - if (error.error > 127) - error.error = KRB_ERR_GENERIC; - message = error_message(problem); - error.text.length = strlen(message) + 1; - error.text.data = strdup(message); - if (!error.text.data) { - retval = ENOMEM; - goto cleanup; - } - if ((retval = krb5_mk_error(context, &error, &outbuf))) { - free(error.text.data); - goto cleanup; - } - free(error.text.data); - if(need_error_free) - krb5_free_principal(context, error.server); + krb5_error error; + const char *message; + + memset(&error, 0, sizeof(error)); + krb5_us_timeofday(context, &error.stime, &error.susec); + if(server) + error.server = server; + else { + /* If this fails - ie. ENOMEM we are hosed + we cannot even send the error if we wanted to... */ + (void) krb5_parse_name(context, "????", &error.server); + need_error_free = 1; + } + + error.error = problem - ERROR_TABLE_BASE_krb5; + if (error.error > 127) + error.error = KRB_ERR_GENERIC; + message = error_message(problem); + error.text.length = strlen(message) + 1; + error.text.data = strdup(message); + if (!error.text.data) { + retval = ENOMEM; + goto cleanup; + } + if ((retval = krb5_mk_error(context, &error, &outbuf))) { + free(error.text.data); + goto cleanup; + } + free(error.text.data); + if(need_error_free) + krb5_free_principal(context, error.server); } else { - outbuf.length = 0; - outbuf.data = 0; + outbuf.length = 0; + outbuf.data = 0; } retval = krb5_write_message(context, fd, &outbuf); if (outbuf.data) { - free(outbuf.data); - /* We sent back an error, we need cleanup then return */ - retval = problem; - goto cleanup; + free(outbuf.data); + /* We sent back an error, we need cleanup then return */ + retval = problem; + goto cleanup; } if (retval) - goto cleanup; + goto cleanup; /* Here lies the mutual authentication stuff... */ if ((ap_option & AP_OPTS_MUTUAL_REQUIRED)) { - if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) { - return(retval); - } - retval = krb5_write_message(context, fd, &outbuf); - free(outbuf.data); + if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) { + return(retval); + } + retval = krb5_write_message(context, fd, &outbuf); + free(outbuf.data); } cleanup:; if (retval) { - if (local_authcon) { - krb5_auth_con_free(context, *auth_context); - } else if (local_rcache && rcache != NULL) { - krb5_rc_close(context, rcache); - krb5_auth_con_setrcache(context, *auth_context, NULL); - } + if (local_authcon) { + krb5_auth_con_free(context, *auth_context); + } else if (local_rcache && rcache != NULL) { + krb5_rc_close(context, rcache); + krb5_auth_con_setrcache(context, *auth_context, NULL); + } } return retval; } @@ -226,21 +227,21 @@ krb5_error_code KRB5_CALLCONV krb5_recvauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer fd, char *appl_version, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket **ticket) { return recvauth_common (context, auth_context, fd, appl_version, - server, flags, keytab, ticket, 0); + server, flags, keytab, ticket, 0); } krb5_error_code KRB5_CALLCONV krb5_recvauth_version(krb5_context context, - krb5_auth_context *auth_context, - /* IN */ - krb5_pointer fd, - krb5_principal server, - krb5_int32 flags, - krb5_keytab keytab, - /* OUT */ - krb5_ticket **ticket, - krb5_data *version) + krb5_auth_context *auth_context, + /* IN */ + krb5_pointer fd, + krb5_principal server, + krb5_int32 flags, + krb5_keytab keytab, + /* OUT */ + krb5_ticket **ticket, + krb5_data *version) { return recvauth_common (context, auth_context, fd, 0, - server, flags, keytab, ticket, version); + server, flags, keytab, ticket, version); } diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index a7e5199..4733865 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/s4u_creds.c * @@ -79,7 +79,7 @@ s4u_identify_user(krb5_context context, if (in_creds->client != NULL && krb5_princ_type(context, in_creds->client) != - KRB5_NT_ENTERPRISE_PRINCIPAL) + KRB5_NT_ENTERPRISE_PRINCIPAL) /* we already know the realm of the user */ return krb5_copy_principal(context, in_creds->client, canon_user); @@ -420,7 +420,7 @@ verify_s4u2self_reply(krb5_context context, if (not_newer) { if (enc_s4u_padata == NULL) { if (rep_s4u_user->user_id.options & - KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE) { + KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE) { code = KRB5_KDCREP_MODIFIED; goto cleanup; } diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c index eee47ed..3988550 100644 --- a/src/lib/krb5/krb/send_tgs.c +++ b/src/lib/krb5/krb/send_tgs.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/send_tgs.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_send_tgs() */ @@ -30,27 +31,27 @@ #include "k5-int.h" /* -Constructs a TGS request - options is used for the options in the KRB_TGS_REQ. - timestruct values are used for from, till, rtime " " " - enctype is used for enctype " " ", and to encrypt the authorization data, - sname is used for sname " " " - addrs, if non-NULL, is used for addresses " " " - authorization_dat, if non-NULL, is used for authorization_dat " " " - second_ticket, if required by options, is used for the 2nd ticket in the req. - in_cred is used for the ticket & session key in the KRB_AP_REQ header " " " - (the KDC realm is extracted from in_cred->server's realm) - - The response is placed into *rep. - rep->response.data is set to point at allocated storage which should be - freed by the caller when finished. - - returns system errors - */ -static krb5_error_code + Constructs a TGS request + options is used for the options in the KRB_TGS_REQ. + timestruct values are used for from, till, rtime " " " + enctype is used for enctype " " ", and to encrypt the authorization data, + sname is used for sname " " " + addrs, if non-NULL, is used for addresses " " " + authorization_dat, if non-NULL, is used for authorization_dat " " " + second_ticket, if required by options, is used for the 2nd ticket in the req. + in_cred is used for the ticket & session key in the KRB_AP_REQ header " " " + (the KDC realm is extracted from in_cred->server's realm) + + The response is placed into *rep. + rep->response.data is set to point at allocated storage which should be + freed by the caller when finished. + + returns system errors +*/ +static krb5_error_code tgs_construct_tgsreq(krb5_context context, krb5_data *in_data, - krb5_creds *in_cred, krb5_data *outbuf, krb5_keyblock *subkey) -{ + krb5_creds *in_cred, krb5_data *outbuf, krb5_keyblock *subkey) +{ krb5_cksumtype cksumtype; krb5_error_code retval; krb5_checksum checksum; @@ -70,19 +71,19 @@ tgs_construct_tgsreq(krb5_context context, krb5_data *in_data, case ENCTYPE_DES_CBC_MD5: case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP: - cksumtype = context->kdc_req_sumtype; - break; + cksumtype = context->kdc_req_sumtype; + break; default: - retval = krb5int_c_mandatory_cksumtype(context, in_cred->keyblock.enctype, &cksumtype); - if (retval) - goto cleanup; + retval = krb5int_c_mandatory_cksumtype(context, in_cred->keyblock.enctype, &cksumtype); + if (retval) + goto cleanup; } /* Generate checksum */ if ((retval = krb5_c_make_checksum(context, cksumtype, - &in_cred->keyblock, - KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, - in_data, &checksum))) { + &in_cred->keyblock, + KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, + in_data, &checksum))) { free(checksum.contents); goto cleanup; } @@ -94,7 +95,7 @@ tgs_construct_tgsreq(krb5_context context, krb5_data *in_data, authent.client = in_cred->client; authent.authorization_data = in_cred->authdata; if ((retval = krb5_us_timeofday(context, &authent.ctime, - &authent.cusec))) + &authent.cusec))) goto cleanup; @@ -110,10 +111,10 @@ tgs_construct_tgsreq(krb5_context context, krb5_data *in_data, /* Cleanup scratch and scratch data */ goto cleanup; - /* call the encryption routine */ + /* call the encryption routine */ if ((retval = krb5_encrypt_helper(context, &in_cred->keyblock, - KRB5_KEYUSAGE_TGS_REQ_AUTH, - scratch, &request.authenticator))) + KRB5_KEYUSAGE_TGS_REQ_AUTH, + scratch, &request.authenticator))) goto cleanup; if (!(retval = encode_krb5_ap_req(&request, &toutbuf))) { @@ -132,7 +133,7 @@ cleanup: if (request.ticket) krb5_free_ticket(context, request.ticket); - if (scratch != NULL && scratch->data != NULL) { + if (scratch != NULL && scratch->data != NULL) { zap(scratch->data, scratch->length); free(scratch->data); } @@ -148,17 +149,17 @@ cleanup: */ krb5_error_code krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions, - const krb5_ticket_times *timestruct, const krb5_enctype *ktypes, - krb5_const_principal sname, krb5_address *const *addrs, - krb5_authdata *const *authorization_data, - krb5_pa_data *const *padata, const krb5_data *second_ticket, - krb5_creds *in_cred, - krb5_error_code (*pacb_fct)(krb5_context, - krb5_keyblock *, - krb5_kdc_req *, - void *), - void *pacb_data, - krb5_response *rep, krb5_keyblock **subkey) + const krb5_ticket_times *timestruct, const krb5_enctype *ktypes, + krb5_const_principal sname, krb5_address *const *addrs, + krb5_authdata *const *authorization_data, + krb5_pa_data *const *padata, const krb5_data *second_ticket, + krb5_creds *in_cred, + krb5_error_code (*pacb_fct)(krb5_context, + krb5_keyblock *, + krb5_kdc_req *, + void *), + void *pacb_data, + krb5_response *rep, krb5_keyblock **subkey) { krb5_error_code retval; krb5_kdc_req tgsreq; @@ -174,7 +175,7 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions, assert (subkey != NULL); *subkey = NULL; - /* + /* * in_creds MUST be a valid credential NOT just a partially filled in * place holder for us to get credentials for the caller. */ @@ -196,31 +197,31 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions, rep->expected_nonce = tgsreq.nonce = (krb5_int32) time_now; rep->request_time = time_now; rep->message_type = KRB5_ERROR; /*caller only uses the response - * element on successful return*/ + * element on successful return*/ tgsreq.addresses = (krb5_address **) addrs; /* Generate subkey*/ if ((retval = krb5_generate_subkey( context, &in_cred->keyblock, - &local_subkey)) != 0) + &local_subkey)) != 0) return retval; if (authorization_data) { - /* need to encrypt it in the request */ + /* need to encrypt it in the request */ - if ((retval = encode_krb5_authdata(authorization_data, &scratch))) - goto send_tgs_error_1; + if ((retval = encode_krb5_authdata(authorization_data, &scratch))) + goto send_tgs_error_1; - if ((retval = krb5_encrypt_helper(context, local_subkey, - KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY, - scratch, - &tgsreq.authorization_data))) { - free(tgsreq.authorization_data.ciphertext.data); - krb5_free_data(context, scratch); - goto send_tgs_error_1; - } + if ((retval = krb5_encrypt_helper(context, local_subkey, + KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY, + scratch, + &tgsreq.authorization_data))) { + free(tgsreq.authorization_data.ciphertext.data); + krb5_free_data(context, scratch); + goto send_tgs_error_1; + } - krb5_free_data(context, scratch); + krb5_free_data(context, scratch); } /* Get the encryption types list */ @@ -255,7 +256,7 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions, /* * Get an ap_req. */ - if ((retval = tgs_construct_tgsreq(context, scratch, in_cred, + if ((retval = tgs_construct_tgsreq(context, scratch, in_cred, &scratch2, local_subkey))) { krb5_free_data(context, scratch); goto send_tgs_error_2; @@ -332,41 +333,41 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions, send_again: use_master = 0; - retval = krb5_sendto_kdc(context, scratch, - krb5_princ_realm(context, sname), - &rep->response, &use_master, tcp_only); + retval = krb5_sendto_kdc(context, scratch, + krb5_princ_realm(context, sname), + &rep->response, &use_master, tcp_only); if (retval == 0) { if (krb5_is_krb_error(&rep->response)) { if (!tcp_only) { krb5_error *err_reply; retval = decode_krb5_error(&rep->response, &err_reply); - if (retval) - goto send_tgs_error_3; - if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) { - tcp_only = 1; + if (retval) + goto send_tgs_error_3; + if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) { + tcp_only = 1; + krb5_free_error(context, err_reply); + free(rep->response.data); + rep->response.data = NULL; + goto send_again; + } krb5_free_error(context, err_reply); - free(rep->response.data); - rep->response.data = NULL; - goto send_again; - } - krb5_free_error(context, err_reply); send_tgs_error_3: ; - } - rep->message_type = KRB5_ERROR; - } else if (krb5_is_tgs_rep(&rep->response)) { - rep->message_type = KRB5_TGS_REP; - *subkey = local_subkey; - } else /* XXX: assume it's an error */ - rep->message_type = KRB5_ERROR; + } + rep->message_type = KRB5_ERROR; + } else if (krb5_is_tgs_rep(&rep->response)) { + rep->message_type = KRB5_TGS_REP; + *subkey = local_subkey; + } else /* XXX: assume it's an error */ + rep->message_type = KRB5_ERROR; } krb5_free_data(context, scratch); - + send_tgs_error_2:; if (tgsreq.padata) krb5_free_pa_data(context, tgsreq.padata); - if (sec_ticket) + if (sec_ticket) krb5_free_ticket(context, sec_ticket); send_tgs_error_1:; @@ -374,13 +375,12 @@ send_tgs_error_1:; free(tgsreq.ktype); if (tgsreq.authorization_data.ciphertext.data) { memset(tgsreq.authorization_data.ciphertext.data, 0, - tgsreq.authorization_data.ciphertext.length); + tgsreq.authorization_data.ciphertext.length); free(tgsreq.authorization_data.ciphertext.data); } if (rep->message_type != KRB5_TGS_REP && local_subkey){ krb5_free_keyblock(context, *subkey); - } + } return retval; } - diff --git a/src/lib/krb5/krb/sendauth.c b/src/lib/krb5/krb/sendauth.c index 67b9add..30b72b9 100644 --- a/src/lib/krb5/krb/sendauth.c +++ b/src/lib/krb5/krb/sendauth.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/sendauth.c * diff --git a/src/lib/krb5/krb/ser_actx.c b/src/lib/krb5/krb/ser_actx.c index 65b7e27..ccd1e2d 100644 --- a/src/lib/krb5/krb/ser_actx.c +++ b/src/lib/krb5/krb/ser_actx.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/ser_actx.c * @@ -32,26 +33,26 @@ #include "int-proto.h" #include "auth_con.h" -#define TOKEN_RADDR 950916 -#define TOKEN_RPORT 950917 -#define TOKEN_LADDR 950918 -#define TOKEN_LPORT 950919 -#define TOKEN_KEYBLOCK 950920 -#define TOKEN_LSKBLOCK 950921 -#define TOKEN_RSKBLOCK 950922 +#define TOKEN_RADDR 950916 +#define TOKEN_RPORT 950917 +#define TOKEN_LADDR 950918 +#define TOKEN_LPORT 950919 +#define TOKEN_KEYBLOCK 950920 +#define TOKEN_LSKBLOCK 950921 +#define TOKEN_RSKBLOCK 950922 /* * Routines to deal with externalizing the krb5_auth_context: - * krb5_auth_context_size(); - * krb5_auth_context_externalize(); - * krb5_auth_context_internalize(); + * krb5_auth_context_size(); + * krb5_auth_context_externalize(); + * krb5_auth_context_internalize(); */ static krb5_error_code krb5_auth_context_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_auth_context_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_auth_context_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* * Other metadata serialization initializers. @@ -59,289 +60,289 @@ static krb5_error_code krb5_auth_context_internalize /* Local data */ static const krb5_ser_entry krb5_auth_context_ser_entry = { - KV5M_AUTH_CONTEXT, /* Type */ - krb5_auth_context_size, /* Sizer routine */ - krb5_auth_context_externalize, /* Externalize routine */ - krb5_auth_context_internalize /* Internalize routine */ + KV5M_AUTH_CONTEXT, /* Type */ + krb5_auth_context_size, /* Sizer routine */ + krb5_auth_context_externalize, /* Externalize routine */ + krb5_auth_context_internalize /* Internalize routine */ }; /* - * krb5_auth_context_size() - Determine the size required to externalize - * the krb5_auth_context. + * krb5_auth_context_size() - Determine the size required to externalize + * the krb5_auth_context. */ static krb5_error_code krb5_auth_context_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_auth_context auth_context; - size_t required; - krb5_enctype enctype; + krb5_error_code kret; + krb5_auth_context auth_context; + size_t required; + krb5_enctype enctype; /* * krb5_auth_context requires at minimum: - * krb5_int32 for KV5M_AUTH_CONTEXT - * krb5_int32 for auth_context_flags - * krb5_int32 for remote_seq_number - * krb5_int32 for local_seq_number - * krb5_int32 for req_cksumtype - * krb5_int32 for safe_cksumtype - * krb5_int32 for size of i_vector - * krb5_int32 for KV5M_AUTH_CONTEXT + * krb5_int32 for KV5M_AUTH_CONTEXT + * krb5_int32 for auth_context_flags + * krb5_int32 for remote_seq_number + * krb5_int32 for local_seq_number + * krb5_int32 for req_cksumtype + * krb5_int32 for safe_cksumtype + * krb5_int32 for size of i_vector + * krb5_int32 for KV5M_AUTH_CONTEXT */ kret = EINVAL; if ((auth_context = (krb5_auth_context) arg)) { - kret = 0; - - /* Calculate size required by i_vector - ptooey */ - if (auth_context->i_vector && auth_context->key) { - enctype = krb5_k_key_enctype(kcontext, auth_context->key); - kret = krb5_c_block_size(kcontext, enctype, &required); - } else { - required = 0; - } - - required += sizeof(krb5_int32)*8; - - /* Calculate size required by remote_addr, if appropriate */ - if (!kret && auth_context->remote_addr) { - kret = krb5_size_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer) auth_context->remote_addr, - &required); - if (!kret) - required += sizeof(krb5_int32); - } - - /* Calculate size required by remote_port, if appropriate */ - if (!kret && auth_context->remote_port) { - kret = krb5_size_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer) auth_context->remote_port, - &required); - if (!kret) - required += sizeof(krb5_int32); - } - - /* Calculate size required by local_addr, if appropriate */ - if (!kret && auth_context->local_addr) { - kret = krb5_size_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer) auth_context->local_addr, - &required); - if (!kret) - required += sizeof(krb5_int32); - } - - /* Calculate size required by local_port, if appropriate */ - if (!kret && auth_context->local_port) { - kret = krb5_size_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer) auth_context->local_port, - &required); - if (!kret) - required += sizeof(krb5_int32); - } - - /* Calculate size required by key, if appropriate */ - if (!kret && auth_context->key) { - kret = krb5_size_opaque(kcontext, - KV5M_KEYBLOCK, (krb5_pointer) - &auth_context->key->keyblock, - &required); - if (!kret) - required += sizeof(krb5_int32); - } - - /* Calculate size required by send_subkey, if appropriate */ - if (!kret && auth_context->send_subkey) { - kret = krb5_size_opaque(kcontext, - KV5M_KEYBLOCK, (krb5_pointer) - &auth_context->send_subkey->keyblock, - &required); - if (!kret) - required += sizeof(krb5_int32); - } - - /* Calculate size required by recv_subkey, if appropriate */ - if (!kret && auth_context->recv_subkey) { - kret = krb5_size_opaque(kcontext, - KV5M_KEYBLOCK, (krb5_pointer) - &auth_context->recv_subkey->keyblock, - &required); - if (!kret) - required += sizeof(krb5_int32); - } - - /* Calculate size required by authentp, if appropriate */ - if (!kret && auth_context->authentp) - kret = krb5_size_opaque(kcontext, - KV5M_AUTHENTICATOR, - (krb5_pointer) auth_context->authentp, - &required); + kret = 0; + + /* Calculate size required by i_vector - ptooey */ + if (auth_context->i_vector && auth_context->key) { + enctype = krb5_k_key_enctype(kcontext, auth_context->key); + kret = krb5_c_block_size(kcontext, enctype, &required); + } else { + required = 0; + } + + required += sizeof(krb5_int32)*8; + + /* Calculate size required by remote_addr, if appropriate */ + if (!kret && auth_context->remote_addr) { + kret = krb5_size_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer) auth_context->remote_addr, + &required); + if (!kret) + required += sizeof(krb5_int32); + } + + /* Calculate size required by remote_port, if appropriate */ + if (!kret && auth_context->remote_port) { + kret = krb5_size_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer) auth_context->remote_port, + &required); + if (!kret) + required += sizeof(krb5_int32); + } + + /* Calculate size required by local_addr, if appropriate */ + if (!kret && auth_context->local_addr) { + kret = krb5_size_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer) auth_context->local_addr, + &required); + if (!kret) + required += sizeof(krb5_int32); + } + + /* Calculate size required by local_port, if appropriate */ + if (!kret && auth_context->local_port) { + kret = krb5_size_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer) auth_context->local_port, + &required); + if (!kret) + required += sizeof(krb5_int32); + } + + /* Calculate size required by key, if appropriate */ + if (!kret && auth_context->key) { + kret = krb5_size_opaque(kcontext, + KV5M_KEYBLOCK, (krb5_pointer) + &auth_context->key->keyblock, + &required); + if (!kret) + required += sizeof(krb5_int32); + } + + /* Calculate size required by send_subkey, if appropriate */ + if (!kret && auth_context->send_subkey) { + kret = krb5_size_opaque(kcontext, + KV5M_KEYBLOCK, (krb5_pointer) + &auth_context->send_subkey->keyblock, + &required); + if (!kret) + required += sizeof(krb5_int32); + } + + /* Calculate size required by recv_subkey, if appropriate */ + if (!kret && auth_context->recv_subkey) { + kret = krb5_size_opaque(kcontext, + KV5M_KEYBLOCK, (krb5_pointer) + &auth_context->recv_subkey->keyblock, + &required); + if (!kret) + required += sizeof(krb5_int32); + } + + /* Calculate size required by authentp, if appropriate */ + if (!kret && auth_context->authentp) + kret = krb5_size_opaque(kcontext, + KV5M_AUTHENTICATOR, + (krb5_pointer) auth_context->authentp, + &required); } if (!kret) - *sizep += required; + *sizep += required; return(kret); } /* - * krb5_auth_context_externalize() - Externalize the krb5_auth_context. + * krb5_auth_context_externalize() - Externalize the krb5_auth_context. */ static krb5_error_code krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_auth_context auth_context; - size_t required; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_auth_context auth_context; + size_t required; + krb5_octet *bp; + size_t remain; size_t obuf; - krb5_int32 obuf32; - krb5_enctype enctype; + krb5_int32 obuf32; + krb5_enctype enctype; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((auth_context = (krb5_auth_context) arg)) { - kret = ENOMEM; - if (!krb5_auth_context_size(kcontext, arg, &required) && - (required <= remain)) { - - /* Write fixed portion */ - (void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain); - (void) krb5_ser_pack_int32(auth_context->auth_context_flags, - &bp, &remain); - (void) krb5_ser_pack_int32(auth_context->remote_seq_number, - &bp, &remain); - (void) krb5_ser_pack_int32(auth_context->local_seq_number, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype, - &bp, &remain); - - kret = 0; - - /* Now figure out the number of bytes for i_vector and write it */ - if (auth_context->i_vector) { - enctype = krb5_k_key_enctype(kcontext, auth_context->key); - kret = krb5_c_block_size(kcontext, enctype, &obuf); - } else { - obuf = 0; - } - - /* Convert to signed 32 bit integer */ - obuf32 = obuf; - if (kret == 0 && obuf != obuf32) - kret = EINVAL; - if (!kret) - (void) krb5_ser_pack_int32(obuf32, &bp, &remain); - - /* Now copy i_vector */ - if (!kret && auth_context->i_vector) - (void) krb5_ser_pack_bytes(auth_context->i_vector, - obuf, - &bp, &remain); - - /* Now handle remote_addr, if appropriate */ - if (!kret && auth_context->remote_addr) { - (void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain); - kret = krb5_externalize_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer) - auth_context->remote_addr, - &bp, - &remain); - } - - /* Now handle remote_port, if appropriate */ - if (!kret && auth_context->remote_port) { - (void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain); - kret = krb5_externalize_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer) - auth_context->remote_addr, - &bp, - &remain); - } - - /* Now handle local_addr, if appropriate */ - if (!kret && auth_context->local_addr) { - (void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain); - kret = krb5_externalize_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer) - auth_context->local_addr, - &bp, - &remain); - } - - /* Now handle local_port, if appropriate */ - if (!kret && auth_context->local_port) { - (void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain); - kret = krb5_externalize_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer) - auth_context->local_addr, - &bp, - &remain); - } - - /* Now handle keyblock, if appropriate */ - if (!kret && auth_context->key) { - (void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain); - kret = krb5_externalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) - &auth_context->key->keyblock, - &bp, - &remain); - } - - /* Now handle subkey, if appropriate */ - if (!kret && auth_context->send_subkey) { - (void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain); - kret = krb5_externalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) &auth_context-> - send_subkey->keyblock, - &bp, - &remain); - } - - /* Now handle subkey, if appropriate */ - if (!kret && auth_context->recv_subkey) { - (void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain); - kret = krb5_externalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) &auth_context-> - recv_subkey->keyblock, - &bp, - &remain); - } - - /* Now handle authentp, if appropriate */ - if (!kret && auth_context->authentp) - kret = krb5_externalize_opaque(kcontext, - KV5M_AUTHENTICATOR, - (krb5_pointer) - auth_context->authentp, - &bp, - &remain); - - /* - * If we were successful, write trailer then update the pointer and - * remaining length; - */ - if (!kret) { - /* Write our trailer */ - (void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain); - *buffer = bp; - *lenremain = remain; - } - } + kret = ENOMEM; + if (!krb5_auth_context_size(kcontext, arg, &required) && + (required <= remain)) { + + /* Write fixed portion */ + (void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain); + (void) krb5_ser_pack_int32(auth_context->auth_context_flags, + &bp, &remain); + (void) krb5_ser_pack_int32(auth_context->remote_seq_number, + &bp, &remain); + (void) krb5_ser_pack_int32(auth_context->local_seq_number, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype, + &bp, &remain); + + kret = 0; + + /* Now figure out the number of bytes for i_vector and write it */ + if (auth_context->i_vector) { + enctype = krb5_k_key_enctype(kcontext, auth_context->key); + kret = krb5_c_block_size(kcontext, enctype, &obuf); + } else { + obuf = 0; + } + + /* Convert to signed 32 bit integer */ + obuf32 = obuf; + if (kret == 0 && obuf != obuf32) + kret = EINVAL; + if (!kret) + (void) krb5_ser_pack_int32(obuf32, &bp, &remain); + + /* Now copy i_vector */ + if (!kret && auth_context->i_vector) + (void) krb5_ser_pack_bytes(auth_context->i_vector, + obuf, + &bp, &remain); + + /* Now handle remote_addr, if appropriate */ + if (!kret && auth_context->remote_addr) { + (void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain); + kret = krb5_externalize_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer) + auth_context->remote_addr, + &bp, + &remain); + } + + /* Now handle remote_port, if appropriate */ + if (!kret && auth_context->remote_port) { + (void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain); + kret = krb5_externalize_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer) + auth_context->remote_addr, + &bp, + &remain); + } + + /* Now handle local_addr, if appropriate */ + if (!kret && auth_context->local_addr) { + (void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain); + kret = krb5_externalize_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer) + auth_context->local_addr, + &bp, + &remain); + } + + /* Now handle local_port, if appropriate */ + if (!kret && auth_context->local_port) { + (void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain); + kret = krb5_externalize_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer) + auth_context->local_addr, + &bp, + &remain); + } + + /* Now handle keyblock, if appropriate */ + if (!kret && auth_context->key) { + (void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain); + kret = krb5_externalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) + &auth_context->key->keyblock, + &bp, + &remain); + } + + /* Now handle subkey, if appropriate */ + if (!kret && auth_context->send_subkey) { + (void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain); + kret = krb5_externalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) &auth_context-> + send_subkey->keyblock, + &bp, + &remain); + } + + /* Now handle subkey, if appropriate */ + if (!kret && auth_context->recv_subkey) { + (void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain); + kret = krb5_externalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) &auth_context-> + recv_subkey->keyblock, + &bp, + &remain); + } + + /* Now handle authentp, if appropriate */ + if (!kret && auth_context->authentp) + kret = krb5_externalize_opaque(kcontext, + KV5M_AUTHENTICATOR, + (krb5_pointer) + auth_context->authentp, + &bp, + &remain); + + /* + * If we were successful, write trailer then update the pointer and + * remaining length; + */ + if (!kret) { + /* Write our trailer */ + (void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain); + *buffer = bp; + *lenremain = remain; + } + } } return(kret); } @@ -354,195 +355,195 @@ intern_key(krb5_context ctx, krb5_key *key, krb5_octet **bp, size_t *sp) krb5_error_code ret; ret = krb5_internalize_opaque(ctx, KV5M_KEYBLOCK, - (krb5_pointer *) &keyblock, bp, sp); + (krb5_pointer *) &keyblock, bp, sp); if (ret != 0) - return ret; + return ret; ret = krb5_k_create_key(ctx, keyblock, key); krb5_free_keyblock(ctx, keyblock); return ret; } /* - * krb5_auth_context_internalize() - Internalize the krb5_auth_context. + * krb5_auth_context_internalize() - Internalize the krb5_auth_context. */ static krb5_error_code krb5_auth_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_auth_context auth_context; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - krb5_int32 ivlen; - krb5_int32 tag; + krb5_error_code kret; + krb5_auth_context auth_context; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + krb5_int32 ivlen; + krb5_int32 tag; bp = *buffer; remain = *lenremain; kret = EINVAL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KV5M_AUTH_CONTEXT) { - kret = ENOMEM; - - /* Get memory for the auth_context */ - if ((remain >= (5*sizeof(krb5_int32))) && - (auth_context = (krb5_auth_context) - calloc(1, sizeof(struct _krb5_auth_context)))) { - - /* Get auth_context_flags */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - auth_context->auth_context_flags = ibuf; - - /* Get remote_seq_number */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - auth_context->remote_seq_number = ibuf; - - /* Get local_seq_number */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - auth_context->local_seq_number = ibuf; - - /* Get req_cksumtype */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - auth_context->req_cksumtype = (krb5_cksumtype) ibuf; - - /* Get safe_cksumtype */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - auth_context->safe_cksumtype = (krb5_cksumtype) ibuf; - - /* Get length of i_vector */ - (void) krb5_ser_unpack_int32(&ivlen, &bp, &remain); - - if (ivlen) { - if ((auth_context->i_vector = - (krb5_pointer) malloc((size_t)ivlen))) - kret = krb5_ser_unpack_bytes(auth_context->i_vector, - (size_t) ivlen, - &bp, - &remain); - else - kret = ENOMEM; - } - else - kret = 0; - - /* Peek at next token */ - tag = 0; - if (!kret) - kret = krb5_ser_unpack_int32(&tag, &bp, &remain); - - /* This is the remote_addr */ - if (!kret && (tag == TOKEN_RADDR)) { - if (!(kret = krb5_internalize_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer *) - &auth_context-> - remote_addr, - &bp, - &remain))) - kret = krb5_ser_unpack_int32(&tag, &bp, &remain); - } - - /* This is the remote_port */ - if (!kret && (tag == TOKEN_RPORT)) { - if (!(kret = krb5_internalize_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer *) - &auth_context-> - remote_port, - &bp, - &remain))) - kret = krb5_ser_unpack_int32(&tag, &bp, &remain); - } - - /* This is the local_addr */ - if (!kret && (tag == TOKEN_LADDR)) { - if (!(kret = krb5_internalize_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer *) - &auth_context-> - local_addr, - &bp, - &remain))) - kret = krb5_ser_unpack_int32(&tag, &bp, &remain); - } - - /* This is the local_port */ - if (!kret && (tag == TOKEN_LPORT)) { - if (!(kret = krb5_internalize_opaque(kcontext, - KV5M_ADDRESS, - (krb5_pointer *) - &auth_context-> - local_port, - &bp, - &remain))) - kret = krb5_ser_unpack_int32(&tag, &bp, &remain); - } - - /* This is the keyblock */ - if (!kret && (tag == TOKEN_KEYBLOCK)) { - if (!(kret = intern_key(kcontext, - &auth_context->key, - &bp, - &remain))) - kret = krb5_ser_unpack_int32(&tag, &bp, &remain); - } - - /* This is the send_subkey */ - if (!kret && (tag == TOKEN_LSKBLOCK)) { - if (!(kret = intern_key(kcontext, - &auth_context->send_subkey, - &bp, - &remain))) - kret = krb5_ser_unpack_int32(&tag, &bp, &remain); - } - - /* This is the recv_subkey */ - if (!kret) { - if (tag == TOKEN_RSKBLOCK) { - kret = intern_key(kcontext, - &auth_context->recv_subkey, - &bp, - &remain); - } - else { - /* - * We read the next tag, but it's not of any use here, so - * we effectively 'unget' it here. - */ - bp -= sizeof(krb5_int32); - remain += sizeof(krb5_int32); - } - } - - /* Now find the authentp */ - if (!kret) { - if ((kret = krb5_internalize_opaque(kcontext, - KV5M_AUTHENTICATOR, - (krb5_pointer *) - &auth_context->authentp, - &bp, - &remain))) { - if (kret == EINVAL) - kret = 0; - } - } - - /* Finally, find the trailer */ - if (!kret) { - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - if (!kret && (ibuf != KV5M_AUTH_CONTEXT)) - kret = EINVAL; - } - if (!kret) { - *buffer = bp; - *lenremain = remain; - auth_context->magic = KV5M_AUTH_CONTEXT; - *argp = (krb5_pointer) auth_context; - } - else - krb5_auth_con_free(kcontext, auth_context); - } + kret = ENOMEM; + + /* Get memory for the auth_context */ + if ((remain >= (5*sizeof(krb5_int32))) && + (auth_context = (krb5_auth_context) + calloc(1, sizeof(struct _krb5_auth_context)))) { + + /* Get auth_context_flags */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + auth_context->auth_context_flags = ibuf; + + /* Get remote_seq_number */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + auth_context->remote_seq_number = ibuf; + + /* Get local_seq_number */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + auth_context->local_seq_number = ibuf; + + /* Get req_cksumtype */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + auth_context->req_cksumtype = (krb5_cksumtype) ibuf; + + /* Get safe_cksumtype */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + auth_context->safe_cksumtype = (krb5_cksumtype) ibuf; + + /* Get length of i_vector */ + (void) krb5_ser_unpack_int32(&ivlen, &bp, &remain); + + if (ivlen) { + if ((auth_context->i_vector = + (krb5_pointer) malloc((size_t)ivlen))) + kret = krb5_ser_unpack_bytes(auth_context->i_vector, + (size_t) ivlen, + &bp, + &remain); + else + kret = ENOMEM; + } + else + kret = 0; + + /* Peek at next token */ + tag = 0; + if (!kret) + kret = krb5_ser_unpack_int32(&tag, &bp, &remain); + + /* This is the remote_addr */ + if (!kret && (tag == TOKEN_RADDR)) { + if (!(kret = krb5_internalize_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer *) + &auth_context-> + remote_addr, + &bp, + &remain))) + kret = krb5_ser_unpack_int32(&tag, &bp, &remain); + } + + /* This is the remote_port */ + if (!kret && (tag == TOKEN_RPORT)) { + if (!(kret = krb5_internalize_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer *) + &auth_context-> + remote_port, + &bp, + &remain))) + kret = krb5_ser_unpack_int32(&tag, &bp, &remain); + } + + /* This is the local_addr */ + if (!kret && (tag == TOKEN_LADDR)) { + if (!(kret = krb5_internalize_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer *) + &auth_context-> + local_addr, + &bp, + &remain))) + kret = krb5_ser_unpack_int32(&tag, &bp, &remain); + } + + /* This is the local_port */ + if (!kret && (tag == TOKEN_LPORT)) { + if (!(kret = krb5_internalize_opaque(kcontext, + KV5M_ADDRESS, + (krb5_pointer *) + &auth_context-> + local_port, + &bp, + &remain))) + kret = krb5_ser_unpack_int32(&tag, &bp, &remain); + } + + /* This is the keyblock */ + if (!kret && (tag == TOKEN_KEYBLOCK)) { + if (!(kret = intern_key(kcontext, + &auth_context->key, + &bp, + &remain))) + kret = krb5_ser_unpack_int32(&tag, &bp, &remain); + } + + /* This is the send_subkey */ + if (!kret && (tag == TOKEN_LSKBLOCK)) { + if (!(kret = intern_key(kcontext, + &auth_context->send_subkey, + &bp, + &remain))) + kret = krb5_ser_unpack_int32(&tag, &bp, &remain); + } + + /* This is the recv_subkey */ + if (!kret) { + if (tag == TOKEN_RSKBLOCK) { + kret = intern_key(kcontext, + &auth_context->recv_subkey, + &bp, + &remain); + } + else { + /* + * We read the next tag, but it's not of any use here, so + * we effectively 'unget' it here. + */ + bp -= sizeof(krb5_int32); + remain += sizeof(krb5_int32); + } + } + + /* Now find the authentp */ + if (!kret) { + if ((kret = krb5_internalize_opaque(kcontext, + KV5M_AUTHENTICATOR, + (krb5_pointer *) + &auth_context->authentp, + &bp, + &remain))) { + if (kret == EINVAL) + kret = 0; + } + } + + /* Finally, find the trailer */ + if (!kret) { + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (!kret && (ibuf != KV5M_AUTH_CONTEXT)) + kret = EINVAL; + } + if (!kret) { + *buffer = bp; + *lenremain = remain; + auth_context->magic = KV5M_AUTH_CONTEXT; + *argp = (krb5_pointer) auth_context; + } + else + krb5_auth_con_free(kcontext, auth_context); + } } return(kret); } @@ -553,23 +554,23 @@ krb5_auth_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_oc krb5_error_code KRB5_CALLCONV krb5_ser_auth_context_init(krb5_context kcontext) { - krb5_error_code kret; + krb5_error_code kret; kret = krb5_register_serializer(kcontext, &krb5_auth_context_ser_entry); if (!kret) - kret = krb5_ser_authdata_init(kcontext); + kret = krb5_ser_authdata_init(kcontext); if (!kret) - kret = krb5_ser_address_init(kcontext); + kret = krb5_ser_address_init(kcontext); #ifndef LEAN_CLIENT if (!kret) - kret = krb5_ser_authenticator_init(kcontext); + kret = krb5_ser_authenticator_init(kcontext); #endif if (!kret) - kret = krb5_ser_checksum_init(kcontext); + kret = krb5_ser_checksum_init(kcontext); if (!kret) - kret = krb5_ser_keyblock_init(kcontext); + kret = krb5_ser_keyblock_init(kcontext); if (!kret) - kret = krb5_ser_principal_init(kcontext); + kret = krb5_ser_principal_init(kcontext); if (!kret) - kret = krb5_ser_authdata_context_init(kcontext); + kret = krb5_ser_authdata_context_init(kcontext); return(kret); } diff --git a/src/lib/krb5/krb/ser_adata.c b/src/lib/krb5/krb/ser_adata.c index 82d04dc..77a76fd 100644 --- a/src/lib/krb5/krb/ser_adata.c +++ b/src/lib/krb5/krb/ser_adata.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/ser_adata.c * @@ -33,157 +34,157 @@ /* * Routines to deal with externalizing the krb5_authdata: - * krb5_authdata_size(); - * krb5_authdata_externalize(); - * krb5_authdata_internalize(); + * krb5_authdata_size(); + * krb5_authdata_externalize(); + * krb5_authdata_internalize(); */ static krb5_error_code krb5_authdata_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_authdata_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_authdata_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* Local data */ static const krb5_ser_entry krb5_authdata_ser_entry = { - KV5M_AUTHDATA, /* Type */ - krb5_authdata_size, /* Sizer routine */ - krb5_authdata_externalize, /* Externalize routine */ - krb5_authdata_internalize /* Internalize routine */ + KV5M_AUTHDATA, /* Type */ + krb5_authdata_size, /* Sizer routine */ + krb5_authdata_externalize, /* Externalize routine */ + krb5_authdata_internalize /* Internalize routine */ }; /* - * krb5_authdata_esize() - Determine the size required to externalize - * the krb5_authdata. + * krb5_authdata_esize() - Determine the size required to externalize + * the krb5_authdata. */ static krb5_error_code krb5_authdata_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_authdata *authdata; + krb5_error_code kret; + krb5_authdata *authdata; /* * krb5_authdata requires: - * krb5_int32 for KV5M_AUTHDATA - * krb5_int32 for ad_type - * krb5_int32 for length - * authdata->length for contents - * krb5_int32 for KV5M_AUTHDATA + * krb5_int32 for KV5M_AUTHDATA + * krb5_int32 for ad_type + * krb5_int32 for length + * authdata->length for contents + * krb5_int32 for KV5M_AUTHDATA */ kret = EINVAL; if ((authdata = (krb5_authdata *) arg)) { - *sizep += (sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - (size_t) authdata->length); - kret = 0; + *sizep += (sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + (size_t) authdata->length); + kret = 0; } return(kret); } /* - * krb5_authdata_externalize() - Externalize the krb5_authdata. + * krb5_authdata_externalize() - Externalize the krb5_authdata. */ static krb5_error_code krb5_authdata_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_authdata *authdata; - size_t required; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_authdata *authdata; + size_t required; + krb5_octet *bp; + size_t remain; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((authdata = (krb5_authdata *) arg)) { - kret = ENOMEM; - if (!krb5_authdata_size(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain); - - /* Our ad_type */ - (void) krb5_ser_pack_int32((krb5_int32) authdata->ad_type, - &bp, &remain); + kret = ENOMEM; + if (!krb5_authdata_size(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain); - /* Our length */ - (void) krb5_ser_pack_int32((krb5_int32) authdata->length, - &bp, &remain); + /* Our ad_type */ + (void) krb5_ser_pack_int32((krb5_int32) authdata->ad_type, + &bp, &remain); - /* Our contents */ - (void) krb5_ser_pack_bytes(authdata->contents, - (size_t) authdata->length, - &bp, &remain); + /* Our length */ + (void) krb5_ser_pack_int32((krb5_int32) authdata->length, + &bp, &remain); - /* Finally, our trailer */ - (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain); - kret = 0; - *buffer = bp; - *lenremain = remain; - } + /* Our contents */ + (void) krb5_ser_pack_bytes(authdata->contents, + (size_t) authdata->length, + &bp, &remain); + + /* Finally, our trailer */ + (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain); + kret = 0; + *buffer = bp; + *lenremain = remain; + } } return(kret); } /* - * krb5_authdata_internalize() - Internalize the krb5_authdata. + * krb5_authdata_internalize() - Internalize the krb5_authdata. */ static krb5_error_code krb5_authdata_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_authdata *authdata; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_authdata *authdata; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; bp = *buffer; remain = *lenremain; kret = EINVAL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KV5M_AUTHDATA) { - kret = ENOMEM; + kret = ENOMEM; - /* Get a authdata */ - if ((remain >= (2*sizeof(krb5_int32))) && - (authdata = (krb5_authdata *) calloc(1, sizeof(krb5_authdata)))) { + /* Get a authdata */ + if ((remain >= (2*sizeof(krb5_int32))) && + (authdata = (krb5_authdata *) calloc(1, sizeof(krb5_authdata)))) { - /* Get the ad_type */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - authdata->ad_type = (krb5_authdatatype) ibuf; + /* Get the ad_type */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + authdata->ad_type = (krb5_authdatatype) ibuf; - /* Get the length */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - authdata->length = (int) ibuf; + /* Get the length */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + authdata->length = (int) ibuf; - /* Get the string */ - if ((authdata->contents = (krb5_octet *) - malloc((size_t) (ibuf))) && - !(kret = krb5_ser_unpack_bytes(authdata->contents, - (size_t) ibuf, - &bp, &remain))) { - if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - ibuf = 0; - if (ibuf == KV5M_AUTHDATA) { - authdata->magic = KV5M_AUTHDATA; - *buffer = bp; - *lenremain = remain; - *argp = (krb5_pointer) authdata; - } - else - kret = EINVAL; - } - if (kret) { - if (authdata->contents) - free(authdata->contents); - free(authdata); - } - } + /* Get the string */ + if ((authdata->contents = (krb5_octet *) + malloc((size_t) (ibuf))) && + !(kret = krb5_ser_unpack_bytes(authdata->contents, + (size_t) ibuf, + &bp, &remain))) { + if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) + ibuf = 0; + if (ibuf == KV5M_AUTHDATA) { + authdata->magic = KV5M_AUTHDATA; + *buffer = bp; + *lenremain = remain; + *argp = (krb5_pointer) authdata; + } + else + kret = EINVAL; + } + if (kret) { + if (authdata->contents) + free(authdata->contents); + free(authdata); + } + } } return(kret); } diff --git a/src/lib/krb5/krb/ser_addr.c b/src/lib/krb5/krb/ser_addr.c index 11b7f6a..e7b6421 100644 --- a/src/lib/krb5/krb/ser_addr.c +++ b/src/lib/krb5/krb/ser_addr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/ser_addr.c * @@ -33,161 +34,161 @@ /* * Routines to deal with externalizing the krb5_address: - * krb5_address_size(); - * krb5_address_externalize(); - * krb5_address_internalize(); + * krb5_address_size(); + * krb5_address_externalize(); + * krb5_address_internalize(); */ static krb5_error_code krb5_address_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_address_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_address_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* Local data */ static const krb5_ser_entry krb5_address_ser_entry = { - KV5M_ADDRESS, /* Type */ - krb5_address_size, /* Sizer routine */ - krb5_address_externalize, /* Externalize routine */ - krb5_address_internalize /* Internalize routine */ + KV5M_ADDRESS, /* Type */ + krb5_address_size, /* Sizer routine */ + krb5_address_externalize, /* Externalize routine */ + krb5_address_internalize /* Internalize routine */ }; /* - * krb5_address_size() - Determine the size required to externalize - * the krb5_address. + * krb5_address_size() - Determine the size required to externalize + * the krb5_address. */ static krb5_error_code krb5_address_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_address *address; + krb5_error_code kret; + krb5_address *address; /* * krb5_address requires: - * krb5_int32 for KV5M_ADDRESS - * krb5_int32 for addrtype - * krb5_int32 for length - * address->length for contents - * krb5_int32 for KV5M_ADDRESS + * krb5_int32 for KV5M_ADDRESS + * krb5_int32 for addrtype + * krb5_int32 for length + * address->length for contents + * krb5_int32 for KV5M_ADDRESS */ kret = EINVAL; if ((address = (krb5_address *) arg)) { - *sizep += (sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - (size_t) address->length); - kret = 0; + *sizep += (sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + (size_t) address->length); + kret = 0; } return(kret); } /* - * krb5_address_externalize() - Externalize the krb5_address. + * krb5_address_externalize() - Externalize the krb5_address. */ static krb5_error_code krb5_address_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_address *address; - size_t required; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_address *address; + size_t required; + krb5_octet *bp; + size_t remain; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((address = (krb5_address *) arg)) { - kret = ENOMEM; - if (!krb5_address_size(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain); - - /* Our addrtype */ - (void) krb5_ser_pack_int32((krb5_int32) address->addrtype, - &bp, &remain); - - /* Our length */ - (void) krb5_ser_pack_int32((krb5_int32) address->length, - &bp, &remain); - - /* Our contents */ - (void) krb5_ser_pack_bytes(address->contents, - (size_t) address->length, - &bp, &remain); - - /* Finally, our trailer */ - (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain); - - kret = 0; - *buffer = bp; - *lenremain = remain; - } + kret = ENOMEM; + if (!krb5_address_size(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain); + + /* Our addrtype */ + (void) krb5_ser_pack_int32((krb5_int32) address->addrtype, + &bp, &remain); + + /* Our length */ + (void) krb5_ser_pack_int32((krb5_int32) address->length, + &bp, &remain); + + /* Our contents */ + (void) krb5_ser_pack_bytes(address->contents, + (size_t) address->length, + &bp, &remain); + + /* Finally, our trailer */ + (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain); + + kret = 0; + *buffer = bp; + *lenremain = remain; + } } return(kret); } /* - * krb5_address_internalize() - Internalize the krb5_address. + * krb5_address_internalize() - Internalize the krb5_address. */ static krb5_error_code krb5_address_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_address *address; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_address *address; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; bp = *buffer; remain = *lenremain; kret = EINVAL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KV5M_ADDRESS) { - kret = ENOMEM; - - /* Get a address */ - if ((remain >= (2*sizeof(krb5_int32))) && - (address = (krb5_address *) calloc(1, sizeof(krb5_address)))) { - - address->magic = KV5M_ADDRESS; - - /* Get the addrtype */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - address->addrtype = (krb5_addrtype) ibuf; - - /* Get the length */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - address->length = (int) ibuf; - - /* Get the string */ - if ((address->contents = (krb5_octet *) malloc((size_t) (ibuf))) && - !(kret = krb5_ser_unpack_bytes(address->contents, - (size_t) ibuf, - &bp, &remain))) { - /* Get the trailer */ - if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - ibuf = 0; - - if (!kret && (ibuf == KV5M_ADDRESS)) { - address->magic = KV5M_ADDRESS; - *buffer = bp; - *lenremain = remain; - *argp = (krb5_pointer) address; - } - else - kret = EINVAL; - } - if (kret) { - if (address->contents) - free(address->contents); - free(address); - } - } + kret = ENOMEM; + + /* Get a address */ + if ((remain >= (2*sizeof(krb5_int32))) && + (address = (krb5_address *) calloc(1, sizeof(krb5_address)))) { + + address->magic = KV5M_ADDRESS; + + /* Get the addrtype */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + address->addrtype = (krb5_addrtype) ibuf; + + /* Get the length */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + address->length = (int) ibuf; + + /* Get the string */ + if ((address->contents = (krb5_octet *) malloc((size_t) (ibuf))) && + !(kret = krb5_ser_unpack_bytes(address->contents, + (size_t) ibuf, + &bp, &remain))) { + /* Get the trailer */ + if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) + ibuf = 0; + + if (!kret && (ibuf == KV5M_ADDRESS)) { + address->magic = KV5M_ADDRESS; + *buffer = bp; + *lenremain = remain; + *argp = (krb5_pointer) address; + } + else + kret = EINVAL; + } + if (kret) { + if (address->contents) + free(address->contents); + free(address); + } + } } return(kret); } diff --git a/src/lib/krb5/krb/ser_auth.c b/src/lib/krb5/krb/ser_auth.c index 6951f92..23b9b57 100644 --- a/src/lib/krb5/krb/ser_auth.c +++ b/src/lib/krb5/krb/ser_auth.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/ser_auth.c * @@ -36,305 +37,305 @@ /* * Routines to deal with externalizing the krb5_authenticator: - * krb5_authenticator_size(); - * krb5_authenticator_externalize(); - * krb5_authenticator_internalize(); + * krb5_authenticator_size(); + * krb5_authenticator_externalize(); + * krb5_authenticator_internalize(); */ static krb5_error_code krb5_authenticator_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_authenticator_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_authenticator_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* Local data */ static const krb5_ser_entry krb5_authenticator_ser_entry = { - KV5M_AUTHENTICATOR, /* Type */ - krb5_authenticator_size, /* Sizer routine */ - krb5_authenticator_externalize, /* Externalize routine */ - krb5_authenticator_internalize /* Internalize routine */ + KV5M_AUTHENTICATOR, /* Type */ + krb5_authenticator_size, /* Sizer routine */ + krb5_authenticator_externalize, /* Externalize routine */ + krb5_authenticator_internalize /* Internalize routine */ }; /* - * krb5_authenticator_size() - Determine the size required to externalize - * the krb5_authenticator. + * krb5_authenticator_size() - Determine the size required to externalize + * the krb5_authenticator. */ static krb5_error_code krb5_authenticator_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_authenticator *authenticator; - size_t required; + krb5_error_code kret; + krb5_authenticator *authenticator; + size_t required; /* * krb5_authenticator requires at minimum: - * krb5_int32 for KV5M_AUTHENTICATOR - * krb5_int32 for seconds - * krb5_int32 for cusec - * krb5_int32 for seq_number - * krb5_int32 for number in authorization_data array. - * krb5_int32 for KV5M_AUTHENTICATOR + * krb5_int32 for KV5M_AUTHENTICATOR + * krb5_int32 for seconds + * krb5_int32 for cusec + * krb5_int32 for seq_number + * krb5_int32 for number in authorization_data array. + * krb5_int32 for KV5M_AUTHENTICATOR */ kret = EINVAL; if ((authenticator = (krb5_authenticator *) arg)) { - required = sizeof(krb5_int32)*6; - - /* Calculate size required by client, if appropriate */ - if (authenticator->client) - kret = krb5_size_opaque(kcontext, - KV5M_PRINCIPAL, - (krb5_pointer) authenticator->client, - &required); - else - kret = 0; - - /* Calculate size required by checksum, if appropriate */ - if (!kret && authenticator->checksum) - kret = krb5_size_opaque(kcontext, - KV5M_CHECKSUM, - (krb5_pointer) authenticator->checksum, - &required); - - /* Calculate size required by subkey, if appropriate */ - if (!kret && authenticator->subkey) - kret = krb5_size_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) authenticator->subkey, - &required); - - /* Calculate size required by authorization_data, if appropriate */ - if (!kret && authenticator->authorization_data) { - int i; - - for (i=0; !kret && authenticator->authorization_data[i]; i++) { - kret = krb5_size_opaque(kcontext, - KV5M_AUTHDATA, - (krb5_pointer) authenticator-> - authorization_data[i], - &required); - } - } + required = sizeof(krb5_int32)*6; + + /* Calculate size required by client, if appropriate */ + if (authenticator->client) + kret = krb5_size_opaque(kcontext, + KV5M_PRINCIPAL, + (krb5_pointer) authenticator->client, + &required); + else + kret = 0; + + /* Calculate size required by checksum, if appropriate */ + if (!kret && authenticator->checksum) + kret = krb5_size_opaque(kcontext, + KV5M_CHECKSUM, + (krb5_pointer) authenticator->checksum, + &required); + + /* Calculate size required by subkey, if appropriate */ + if (!kret && authenticator->subkey) + kret = krb5_size_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) authenticator->subkey, + &required); + + /* Calculate size required by authorization_data, if appropriate */ + if (!kret && authenticator->authorization_data) { + int i; + + for (i=0; !kret && authenticator->authorization_data[i]; i++) { + kret = krb5_size_opaque(kcontext, + KV5M_AUTHDATA, + (krb5_pointer) authenticator-> + authorization_data[i], + &required); + } + } } if (!kret) - *sizep += required; + *sizep += required; return(kret); } /* - * krb5_authenticator_externalize() - Externalize the krb5_authenticator. + * krb5_authenticator_externalize() - Externalize the krb5_authenticator. */ static krb5_error_code krb5_authenticator_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_authenticator *authenticator; - size_t required; - krb5_octet *bp; - size_t remain; - int i; + krb5_error_code kret; + krb5_authenticator *authenticator; + size_t required; + krb5_octet *bp; + size_t remain; + int i; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((authenticator = (krb5_authenticator *) arg)) { - kret = ENOMEM; - if (!krb5_authenticator_size(kcontext, arg, &required) && - (required <= remain)) { - /* First write our magic number */ - (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain); - - /* Now ctime */ - (void) krb5_ser_pack_int32((krb5_int32) authenticator->ctime, - &bp, &remain); - - /* Now cusec */ - (void) krb5_ser_pack_int32((krb5_int32) authenticator->cusec, - &bp, &remain); - - /* Now seq_number */ - (void) krb5_ser_pack_int32(authenticator->seq_number, - &bp, &remain); - - /* Now handle client, if appropriate */ - if (authenticator->client) - kret = krb5_externalize_opaque(kcontext, - KV5M_PRINCIPAL, - (krb5_pointer) - authenticator->client, - &bp, - &remain); - else - kret = 0; - - /* Now handle checksum, if appropriate */ - if (!kret && authenticator->checksum) - kret = krb5_externalize_opaque(kcontext, - KV5M_CHECKSUM, - (krb5_pointer) - authenticator->checksum, - &bp, - &remain); - - /* Now handle subkey, if appropriate */ - if (!kret && authenticator->subkey) - kret = krb5_externalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) - authenticator->subkey, - &bp, - &remain); - - /* Now handle authorization_data, if appropriate */ - if (!kret) { - if (authenticator->authorization_data) - for (i=0; authenticator->authorization_data[i]; i++); - else - i = 0; - (void) krb5_ser_pack_int32((krb5_int32) i, &bp, &remain); - - /* Now pound out the authorization_data */ - if (authenticator->authorization_data) { - for (i=0; !kret && authenticator->authorization_data[i]; - i++) - kret = krb5_externalize_opaque(kcontext, - KV5M_AUTHDATA, - (krb5_pointer) - authenticator-> - authorization_data[i], - &bp, - &remain); - } - } - - /* - * If we were successful, write trailer then update the pointer and - * remaining length; - */ - if (!kret) { - /* Write our trailer */ - (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain); - *buffer = bp; - *lenremain = remain; - } - } + kret = ENOMEM; + if (!krb5_authenticator_size(kcontext, arg, &required) && + (required <= remain)) { + /* First write our magic number */ + (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain); + + /* Now ctime */ + (void) krb5_ser_pack_int32((krb5_int32) authenticator->ctime, + &bp, &remain); + + /* Now cusec */ + (void) krb5_ser_pack_int32((krb5_int32) authenticator->cusec, + &bp, &remain); + + /* Now seq_number */ + (void) krb5_ser_pack_int32(authenticator->seq_number, + &bp, &remain); + + /* Now handle client, if appropriate */ + if (authenticator->client) + kret = krb5_externalize_opaque(kcontext, + KV5M_PRINCIPAL, + (krb5_pointer) + authenticator->client, + &bp, + &remain); + else + kret = 0; + + /* Now handle checksum, if appropriate */ + if (!kret && authenticator->checksum) + kret = krb5_externalize_opaque(kcontext, + KV5M_CHECKSUM, + (krb5_pointer) + authenticator->checksum, + &bp, + &remain); + + /* Now handle subkey, if appropriate */ + if (!kret && authenticator->subkey) + kret = krb5_externalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) + authenticator->subkey, + &bp, + &remain); + + /* Now handle authorization_data, if appropriate */ + if (!kret) { + if (authenticator->authorization_data) + for (i=0; authenticator->authorization_data[i]; i++); + else + i = 0; + (void) krb5_ser_pack_int32((krb5_int32) i, &bp, &remain); + + /* Now pound out the authorization_data */ + if (authenticator->authorization_data) { + for (i=0; !kret && authenticator->authorization_data[i]; + i++) + kret = krb5_externalize_opaque(kcontext, + KV5M_AUTHDATA, + (krb5_pointer) + authenticator-> + authorization_data[i], + &bp, + &remain); + } + } + + /* + * If we were successful, write trailer then update the pointer and + * remaining length; + */ + if (!kret) { + /* Write our trailer */ + (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain); + *buffer = bp; + *lenremain = remain; + } + } } return(kret); } /* - * krb5_authenticator_internalize() - Internalize the krb5_authenticator. + * krb5_authenticator_internalize() - Internalize the krb5_authenticator. */ static krb5_error_code krb5_authenticator_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_authenticator *authenticator; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - int i; - krb5_int32 nadata; - size_t len; + krb5_error_code kret; + krb5_authenticator *authenticator; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + int i; + krb5_int32 nadata; + size_t len; bp = *buffer; remain = *lenremain; kret = EINVAL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KV5M_AUTHENTICATOR) { - kret = ENOMEM; - - /* Get memory for the authenticator */ - if ((remain >= (3*sizeof(krb5_int32))) && - (authenticator = (krb5_authenticator *) - calloc(1, sizeof(krb5_authenticator)))) { - - /* Get ctime */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - authenticator->ctime = (krb5_timestamp) ibuf; - - /* Get cusec */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - authenticator->cusec = ibuf; - - /* Get seq_number */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - authenticator->seq_number = ibuf; - - kret = 0; - - /* Attempt to read in the client */ - kret = krb5_internalize_opaque(kcontext, - KV5M_PRINCIPAL, - (krb5_pointer *) - &authenticator->client, - &bp, - &remain); - if (kret == EINVAL) - kret = 0; - - /* Attempt to read in the checksum */ - if (!kret) { - kret = krb5_internalize_opaque(kcontext, - KV5M_CHECKSUM, - (krb5_pointer *) - &authenticator->checksum, - &bp, - &remain); - if (kret == EINVAL) - kret = 0; - } - - /* Attempt to read in the subkey */ - if (!kret) { - kret = krb5_internalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer *) - &authenticator->subkey, - &bp, - &remain); - if (kret == EINVAL) - kret = 0; - } - - /* Attempt to read in the authorization data count */ - if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) { - nadata = ibuf; - len = (size_t) (nadata + 1); - - /* Get memory for the authorization data pointers */ - if ((authenticator->authorization_data = (krb5_authdata **) - calloc(len, sizeof(krb5_authdata *)))) { - for (i=0; !kret && (i<nadata); i++) { - kret = krb5_internalize_opaque(kcontext, - KV5M_AUTHDATA, - (krb5_pointer *) - &authenticator-> - authorization_data[i], - &bp, - &remain); - } - - /* Finally, find the trailer */ - if (!kret) { - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - if (!kret && (ibuf == KV5M_AUTHENTICATOR)) - authenticator->magic = KV5M_AUTHENTICATOR; - else - kret = EINVAL; - } - } - } - if (!kret) { - *buffer = bp; - *lenremain = remain; - *argp = (krb5_pointer) authenticator; - } - else - krb5_free_authenticator(kcontext, authenticator); - } + kret = ENOMEM; + + /* Get memory for the authenticator */ + if ((remain >= (3*sizeof(krb5_int32))) && + (authenticator = (krb5_authenticator *) + calloc(1, sizeof(krb5_authenticator)))) { + + /* Get ctime */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + authenticator->ctime = (krb5_timestamp) ibuf; + + /* Get cusec */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + authenticator->cusec = ibuf; + + /* Get seq_number */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + authenticator->seq_number = ibuf; + + kret = 0; + + /* Attempt to read in the client */ + kret = krb5_internalize_opaque(kcontext, + KV5M_PRINCIPAL, + (krb5_pointer *) + &authenticator->client, + &bp, + &remain); + if (kret == EINVAL) + kret = 0; + + /* Attempt to read in the checksum */ + if (!kret) { + kret = krb5_internalize_opaque(kcontext, + KV5M_CHECKSUM, + (krb5_pointer *) + &authenticator->checksum, + &bp, + &remain); + if (kret == EINVAL) + kret = 0; + } + + /* Attempt to read in the subkey */ + if (!kret) { + kret = krb5_internalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer *) + &authenticator->subkey, + &bp, + &remain); + if (kret == EINVAL) + kret = 0; + } + + /* Attempt to read in the authorization data count */ + if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) { + nadata = ibuf; + len = (size_t) (nadata + 1); + + /* Get memory for the authorization data pointers */ + if ((authenticator->authorization_data = (krb5_authdata **) + calloc(len, sizeof(krb5_authdata *)))) { + for (i=0; !kret && (i<nadata); i++) { + kret = krb5_internalize_opaque(kcontext, + KV5M_AUTHDATA, + (krb5_pointer *) + &authenticator-> + authorization_data[i], + &bp, + &remain); + } + + /* Finally, find the trailer */ + if (!kret) { + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (!kret && (ibuf == KV5M_AUTHENTICATOR)) + authenticator->magic = KV5M_AUTHENTICATOR; + else + kret = EINVAL; + } + } + } + if (!kret) { + *buffer = bp; + *lenremain = remain; + *argp = (krb5_pointer) authenticator; + } + else + krb5_free_authenticator(kcontext, authenticator); + } } return(kret); } diff --git a/src/lib/krb5/krb/ser_cksum.c b/src/lib/krb5/krb/ser_cksum.c index 8d28702..4d194c7 100644 --- a/src/lib/krb5/krb/ser_cksum.c +++ b/src/lib/krb5/krb/ser_cksum.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/ser_cksum.c * @@ -33,159 +34,159 @@ /* * Routines to deal with externalizing the krb5_checksum: - * krb5_checksum_esize(); - * krb5_checksum_externalize(); - * krb5_checksum_internalize(); + * krb5_checksum_esize(); + * krb5_checksum_externalize(); + * krb5_checksum_internalize(); */ static krb5_error_code krb5_checksum_esize - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_checksum_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_checksum_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* Local data */ static const krb5_ser_entry krb5_checksum_ser_entry = { - KV5M_CHECKSUM, /* Type */ - krb5_checksum_esize, /* Sizer routine */ - krb5_checksum_externalize, /* Externalize routine */ - krb5_checksum_internalize /* Internalize routine */ + KV5M_CHECKSUM, /* Type */ + krb5_checksum_esize, /* Sizer routine */ + krb5_checksum_externalize, /* Externalize routine */ + krb5_checksum_internalize /* Internalize routine */ }; /* - * krb5_checksum_esize() - Determine the size required to externalize - * the krb5_checksum. + * krb5_checksum_esize() - Determine the size required to externalize + * the krb5_checksum. */ static krb5_error_code krb5_checksum_esize(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_checksum *checksum; + krb5_error_code kret; + krb5_checksum *checksum; /* * krb5_checksum requires: - * krb5_int32 for KV5M_CHECKSUM - * krb5_int32 for checksum_type - * krb5_int32 for length - * krb5_int32 for KV5M_CHECKSUM - * checksum->length for contents + * krb5_int32 for KV5M_CHECKSUM + * krb5_int32 for checksum_type + * krb5_int32 for length + * krb5_int32 for KV5M_CHECKSUM + * checksum->length for contents */ kret = EINVAL; if ((checksum = (krb5_checksum *) arg)) { - *sizep += (sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - (size_t) checksum->length); - kret = 0; + *sizep += (sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + (size_t) checksum->length); + kret = 0; } return(kret); } /* - * krb5_checksum_externalize() - Externalize the krb5_checksum. + * krb5_checksum_externalize() - Externalize the krb5_checksum. */ static krb5_error_code krb5_checksum_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_checksum *checksum; - size_t required; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_checksum *checksum; + size_t required; + krb5_octet *bp; + size_t remain; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((checksum = (krb5_checksum *) arg)) { - kret = ENOMEM; - if (!krb5_checksum_esize(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain); - - /* Our checksum_type */ - (void) krb5_ser_pack_int32((krb5_int32) checksum->checksum_type, - &bp, &remain); + kret = ENOMEM; + if (!krb5_checksum_esize(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain); - /* Our length */ - (void) krb5_ser_pack_int32((krb5_int32) checksum->length, - &bp, &remain); + /* Our checksum_type */ + (void) krb5_ser_pack_int32((krb5_int32) checksum->checksum_type, + &bp, &remain); - /* Our contents */ - (void) krb5_ser_pack_bytes(checksum->contents, - (size_t) checksum->length, - &bp, &remain); + /* Our length */ + (void) krb5_ser_pack_int32((krb5_int32) checksum->length, + &bp, &remain); - /* Finally, our trailer */ - (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain); + /* Our contents */ + (void) krb5_ser_pack_bytes(checksum->contents, + (size_t) checksum->length, + &bp, &remain); - kret = 0; - *buffer = bp; - *lenremain = remain; - } + /* Finally, our trailer */ + (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain); + + kret = 0; + *buffer = bp; + *lenremain = remain; + } } return(kret); } /* - * krb5_checksum_internalize() - Internalize the krb5_checksum. + * krb5_checksum_internalize() - Internalize the krb5_checksum. */ static krb5_error_code krb5_checksum_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_checksum *checksum; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_checksum *checksum; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; bp = *buffer; remain = *lenremain; kret = EINVAL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KV5M_CHECKSUM) { - kret = ENOMEM; + kret = ENOMEM; - /* Get a checksum */ - if ((remain >= (2*sizeof(krb5_int32))) && - (checksum = (krb5_checksum *) calloc(1, sizeof(krb5_checksum)))) { - /* Get the checksum_type */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - checksum->checksum_type = (krb5_cksumtype) ibuf; + /* Get a checksum */ + if ((remain >= (2*sizeof(krb5_int32))) && + (checksum = (krb5_checksum *) calloc(1, sizeof(krb5_checksum)))) { + /* Get the checksum_type */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + checksum->checksum_type = (krb5_cksumtype) ibuf; - /* Get the length */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - checksum->length = (int) ibuf; + /* Get the length */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + checksum->length = (int) ibuf; - /* Get the string */ - if (!ibuf || - ((checksum->contents = (krb5_octet *) - malloc((size_t) (ibuf))) && - !(kret = krb5_ser_unpack_bytes(checksum->contents, - (size_t) ibuf, - &bp, &remain)))) { + /* Get the string */ + if (!ibuf || + ((checksum->contents = (krb5_octet *) + malloc((size_t) (ibuf))) && + !(kret = krb5_ser_unpack_bytes(checksum->contents, + (size_t) ibuf, + &bp, &remain)))) { - /* Get the trailer */ - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - if (!kret && (ibuf == KV5M_CHECKSUM)) { - checksum->magic = KV5M_CHECKSUM; - *buffer = bp; - *lenremain = remain; - *argp = (krb5_pointer) checksum; - } - else - kret = EINVAL; - } - if (kret) { - if (checksum->contents) - free(checksum->contents); - free(checksum); - } - } + /* Get the trailer */ + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (!kret && (ibuf == KV5M_CHECKSUM)) { + checksum->magic = KV5M_CHECKSUM; + *buffer = bp; + *lenremain = remain; + *argp = (krb5_pointer) checksum; + } + else + kret = EINVAL; + } + if (kret) { + if (checksum->contents) + free(checksum->contents); + free(checksum); + } + } } return(kret); } diff --git a/src/lib/krb5/krb/ser_ctx.c b/src/lib/krb5/krb/ser_ctx.c index c8f673b..b632ff0 100644 --- a/src/lib/krb5/krb/ser_ctx.c +++ b/src/lib/krb5/krb/ser_ctx.c @@ -36,7 +36,7 @@ * krb5_context_size(); * krb5_context_externalize(); * krb5_context_internalize(); - * + * * Routines to deal with externalizing the krb5_os_context: * krb5_oscontext_size(); * krb5_oscontext_externalize(); @@ -197,23 +197,23 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b if (required > remain) return (ENOMEM); - + /* First write our magic number */ kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain); if (kret) return (kret); - + /* Now sizeof default realm */ kret = krb5_ser_pack_int32((context->default_realm) ? (krb5_int32) strlen(context->default_realm) : 0, &bp, &remain); if (kret) return (kret); - + /* Now default_realm bytes */ if (context->default_realm) { kret = krb5_ser_pack_bytes((krb5_octet *) context->default_realm, - strlen(context->default_realm), + strlen(context->default_realm), &bp, &remain); if (kret) return (kret); @@ -239,7 +239,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b kret = krb5_ser_pack_int32(etypes_len(context->tgs_etypes), &bp, &remain); if (kret) return (kret); - + /* Now serialize ktypes */ if (context->tgs_etypes) { for (i = 0; context->tgs_etypes[i]; i++) { @@ -248,19 +248,19 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b return (kret); } } - + /* Now allowable clockskew */ kret = krb5_ser_pack_int32((krb5_int32) context->clockskew, &bp, &remain); if (kret) return (kret); - + /* Now kdc_req_sumtype */ kret = krb5_ser_pack_int32((krb5_int32) context->kdc_req_sumtype, &bp, &remain); if (kret) return (kret); - + /* Now default ap_req_sumtype */ kret = krb5_ser_pack_int32((krb5_int32) context->default_ap_req_sumtype, &bp, &remain); @@ -284,7 +284,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b &bp, &remain); if (kret) return (kret); - + /* Now profile_secure */ kret = krb5_ser_pack_int32((krb5_int32) context->profile_secure, &bp, &remain); @@ -321,7 +321,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b if (kret) return (kret); } - + /* * If we were successful, write trailer then update the pointer and * remaining length; @@ -329,7 +329,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain); if (kret) return (kret); - + *buffer = bp; *lenremain = remain; @@ -379,10 +379,10 @@ krb5_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet * (size_t) ibuf, &bp, &remain); if (kret) goto cleanup; - + context->default_realm[ibuf] = '\0'; } - + /* Get the in_tkt_etypes */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) goto cleanup; @@ -425,17 +425,17 @@ krb5_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet * if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) goto cleanup; context->clockskew = (krb5_deltat) ibuf; - + /* kdc_req_sumtype */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) goto cleanup; context->kdc_req_sumtype = (krb5_cksumtype) ibuf; - + /* default ap_req_sumtype */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) goto cleanup; context->default_ap_req_sumtype = (krb5_cksumtype) ibuf; - + /* default_safe_sumtype */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) goto cleanup; @@ -484,14 +484,14 @@ krb5_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet * &bp, &remain); if (kret && (kret != EINVAL) && (kret != ENOENT)) goto cleanup; - + /* Attempt to read in the profile */ kret = krb5_internalize_opaque(kcontext, PROF_MAGIC_PROFILE, (krb5_pointer *) &context->profile, &bp, &remain); if (kret && (kret != EINVAL) && (kret != ENOENT)) goto cleanup; - + /* Finally, find the trailer */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) goto cleanup; @@ -590,7 +590,7 @@ krb5_oscontext_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet kret = ENOMEM; /* Get memory for the context */ - if ((os_ctx = (krb5_os_context) + if ((os_ctx = (krb5_os_context) calloc(1, sizeof(struct _krb5_os_context))) && (remain >= 4*sizeof(krb5_int32))) { os_ctx->magic = KV5M_OS_CONTEXT; diff --git a/src/lib/krb5/krb/ser_eblk.c b/src/lib/krb5/krb/ser_eblk.c index 8bce41c..894a43e 100644 --- a/src/lib/krb5/krb/ser_eblk.c +++ b/src/lib/krb5/krb/ser_eblk.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/ser_eblk.c * @@ -34,211 +35,211 @@ /* * Routines to deal with externalizing the krb5_encrypt_block: - * krb5_encrypt_block_size(); - * krb5_encrypt_block_externalize(); - * krb5_encrypt_block_internalize(); + * krb5_encrypt_block_size(); + * krb5_encrypt_block_externalize(); + * krb5_encrypt_block_internalize(); */ static krb5_error_code krb5_encrypt_block_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_encrypt_block_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_encrypt_block_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* Local data */ static const krb5_ser_entry krb5_encrypt_block_ser_entry = { - KV5M_ENCRYPT_BLOCK, /* Type */ - krb5_encrypt_block_size, /* Sizer routine */ - krb5_encrypt_block_externalize, /* Externalize routine */ - krb5_encrypt_block_internalize /* Internalize routine */ + KV5M_ENCRYPT_BLOCK, /* Type */ + krb5_encrypt_block_size, /* Sizer routine */ + krb5_encrypt_block_externalize, /* Externalize routine */ + krb5_encrypt_block_internalize /* Internalize routine */ }; /* - * krb5_encrypt_block_size() - Determine the size required to externalize - * the krb5_encrypt_block. + * krb5_encrypt_block_size() - Determine the size required to externalize + * the krb5_encrypt_block. */ static krb5_error_code krb5_encrypt_block_size(kcontext, arg, sizep) - krb5_context kcontext; - krb5_pointer arg; - size_t *sizep; + krb5_context kcontext; + krb5_pointer arg; + size_t *sizep; { - krb5_error_code kret; - krb5_encrypt_block *encrypt_block; - size_t required; + krb5_error_code kret; + krb5_encrypt_block *encrypt_block; + size_t required; /* * NOTE: This ASSuMES that enctype are sufficient to recreate * the _krb5_cryptosystem_entry. If this is not true, then something else * had better be encoded here. - * + * * krb5_encrypt_block base requirements: - * krb5_int32 for KV5M_ENCRYPT_BLOCK - * krb5_int32 for enctype - * krb5_int32 for private length - * encrypt_block->priv_size for private contents - * krb5_int32 for KV5M_ENCRYPT_BLOCK + * krb5_int32 for KV5M_ENCRYPT_BLOCK + * krb5_int32 for enctype + * krb5_int32 for private length + * encrypt_block->priv_size for private contents + * krb5_int32 for KV5M_ENCRYPT_BLOCK */ kret = EINVAL; if ((encrypt_block = (krb5_encrypt_block *) arg)) { - required = (sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - (size_t) encrypt_block->priv_size); - if (encrypt_block->key) - kret = krb5_size_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) encrypt_block->key, - &required); - else - kret = 0; - if (!kret) - *sizep += required; + required = (sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + (size_t) encrypt_block->priv_size); + if (encrypt_block->key) + kret = krb5_size_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) encrypt_block->key, + &required); + else + kret = 0; + if (!kret) + *sizep += required; } return(kret); } /* - * krb5_encrypt_block_externalize() - Externalize the krb5_encrypt_block. + * krb5_encrypt_block_externalize() - Externalize the krb5_encrypt_block. */ static krb5_error_code krb5_encrypt_block_externalize(kcontext, arg, buffer, lenremain) - krb5_context kcontext; - krb5_pointer arg; - krb5_octet **buffer; - size_t *lenremain; + krb5_context kcontext; + krb5_pointer arg; + krb5_octet **buffer; + size_t *lenremain; { - krb5_error_code kret; - krb5_encrypt_block *encrypt_block; - size_t required; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_encrypt_block *encrypt_block; + size_t required; + krb5_octet *bp; + size_t remain; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((encrypt_block = (krb5_encrypt_block *) arg)) { - kret = ENOMEM; - if (!krb5_encrypt_block_size(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain); - - /* Our enctype */ - (void) krb5_ser_pack_int32((krb5_int32) encrypt_block-> - crypto_entry->proto_enctype, - &bp, &remain); + kret = ENOMEM; + if (!krb5_encrypt_block_size(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain); - /* Our length */ - (void) krb5_ser_pack_int32((krb5_int32) encrypt_block->priv_size, - &bp, &remain); + /* Our enctype */ + (void) krb5_ser_pack_int32((krb5_int32) encrypt_block-> + crypto_entry->proto_enctype, + &bp, &remain); - /* Our private data */ - (void) krb5_ser_pack_bytes(encrypt_block->priv, - (size_t) encrypt_block->priv_size, - &bp, &remain); + /* Our length */ + (void) krb5_ser_pack_int32((krb5_int32) encrypt_block->priv_size, + &bp, &remain); - /* Finally, the key data */ - if (encrypt_block->key) - kret = krb5_externalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) - encrypt_block->key, - &bp, - &remain); - else - kret = 0; + /* Our private data */ + (void) krb5_ser_pack_bytes(encrypt_block->priv, + (size_t) encrypt_block->priv_size, + &bp, &remain); - if (!kret) { - /* Write trailer */ - (void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain); - *buffer = bp; - *lenremain = remain; - } - } + /* Finally, the key data */ + if (encrypt_block->key) + kret = krb5_externalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) + encrypt_block->key, + &bp, + &remain); + else + kret = 0; + + if (!kret) { + /* Write trailer */ + (void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain); + *buffer = bp; + *lenremain = remain; + } + } } return(kret); } /* - * krb5_encrypt_block_internalize() - Internalize the krb5_encrypt_block. + * krb5_encrypt_block_internalize() - Internalize the krb5_encrypt_block. */ static krb5_error_code krb5_encrypt_block_internalize(kcontext, argp, buffer, lenremain) - krb5_context kcontext; - krb5_pointer *argp; - krb5_octet **buffer; - size_t *lenremain; + krb5_context kcontext; + krb5_pointer *argp; + krb5_octet **buffer; + size_t *lenremain; { - krb5_error_code kret; - krb5_encrypt_block *encrypt_block; - krb5_int32 ibuf; - krb5_enctype ktype; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_encrypt_block *encrypt_block; + krb5_int32 ibuf; + krb5_enctype ktype; + krb5_octet *bp; + size_t remain; bp = *buffer; remain = *lenremain; kret = EINVAL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KV5M_ENCRYPT_BLOCK) { - kret = ENOMEM; + kret = ENOMEM; - /* Get an encrypt_block */ - if ((remain >= (3*sizeof(krb5_int32))) && - (encrypt_block = (krb5_encrypt_block *) - calloc(1, sizeof(krb5_encrypt_block)))) { - /* Get the enctype */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ktype = (krb5_enctype) ibuf; + /* Get an encrypt_block */ + if ((remain >= (3*sizeof(krb5_int32))) && + (encrypt_block = (krb5_encrypt_block *) + calloc(1, sizeof(krb5_encrypt_block)))) { + /* Get the enctype */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ktype = (krb5_enctype) ibuf; - /* Use the ktype to determine the crypto_system entry. */ - krb5_use_enctype(kcontext, encrypt_block, ktype); + /* Use the ktype to determine the crypto_system entry. */ + krb5_use_enctype(kcontext, encrypt_block, ktype); - /* Get the length */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - encrypt_block->priv_size = (int) ibuf; + /* Get the length */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + encrypt_block->priv_size = (int) ibuf; - /* Get the string */ - if (!ibuf || - ((encrypt_block->priv = (void *) malloc((size_t) (ibuf))) && - !(kret = krb5_ser_unpack_bytes((krb5_octet *) - encrypt_block->priv, - (size_t) - encrypt_block->priv_size, - &bp, &remain)))) { - kret = krb5_internalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer *) - &encrypt_block->key, - &bp, - &remain); - if (kret == EINVAL) - kret = 0; + /* Get the string */ + if (!ibuf || + ((encrypt_block->priv = (void *) malloc((size_t) (ibuf))) && + !(kret = krb5_ser_unpack_bytes((krb5_octet *) + encrypt_block->priv, + (size_t) + encrypt_block->priv_size, + &bp, &remain)))) { + kret = krb5_internalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer *) + &encrypt_block->key, + &bp, + &remain); + if (kret == EINVAL) + kret = 0; - if (!kret) { - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - if (!kret && (ibuf == KV5M_ENCRYPT_BLOCK)) { - *buffer = bp; - *lenremain = remain; - encrypt_block->magic = KV5M_ENCRYPT_BLOCK; - *argp = (krb5_pointer) encrypt_block; - } - else - kret = EINVAL; - } - } - if (kret) { - if (encrypt_block->priv) - free(encrypt_block->priv); - free(encrypt_block); - } - } + if (!kret) { + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (!kret && (ibuf == KV5M_ENCRYPT_BLOCK)) { + *buffer = bp; + *lenremain = remain; + encrypt_block->magic = KV5M_ENCRYPT_BLOCK; + *argp = (krb5_pointer) encrypt_block; + } + else + kret = EINVAL; + } + } + if (kret) { + if (encrypt_block->priv) + free(encrypt_block->priv); + free(encrypt_block); + } + } } return(kret); } @@ -248,7 +249,7 @@ krb5_encrypt_block_internalize(kcontext, argp, buffer, lenremain) */ krb5_error_code krb5_ser_encrypt_block_init(kcontext) - krb5_context kcontext; + krb5_context kcontext; { return(krb5_register_serializer(kcontext, &krb5_encrypt_block_ser_entry)); } diff --git a/src/lib/krb5/krb/ser_key.c b/src/lib/krb5/krb/ser_key.c index 25522de..f441e98 100644 --- a/src/lib/krb5/krb/ser_key.c +++ b/src/lib/krb5/krb/ser_key.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/ser_key.c * @@ -33,157 +34,157 @@ /* * Routines to deal with externalizing the krb5_keyblock: - * krb5_keyblock_size(); - * krb5_keyblock_externalize(); - * krb5_keyblock_internalize(); + * krb5_keyblock_size(); + * krb5_keyblock_externalize(); + * krb5_keyblock_internalize(); */ static krb5_error_code krb5_keyblock_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_keyblock_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_keyblock_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* Local data */ static const krb5_ser_entry krb5_keyblock_ser_entry = { - KV5M_KEYBLOCK, /* Type */ - krb5_keyblock_size, /* Sizer routine */ - krb5_keyblock_externalize, /* Externalize routine */ - krb5_keyblock_internalize /* Internalize routine */ + KV5M_KEYBLOCK, /* Type */ + krb5_keyblock_size, /* Sizer routine */ + krb5_keyblock_externalize, /* Externalize routine */ + krb5_keyblock_internalize /* Internalize routine */ }; /* - * krb5_keyblock_size() - Determine the size required to externalize - * the krb5_keyblock. + * krb5_keyblock_size() - Determine the size required to externalize + * the krb5_keyblock. */ static krb5_error_code krb5_keyblock_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_keyblock *keyblock; + krb5_error_code kret; + krb5_keyblock *keyblock; /* * krb5_keyblock requires: - * krb5_int32 for KV5M_KEYBLOCK - * krb5_int32 for enctype - * krb5_int32 for length - * keyblock->length for contents - * krb5_int32 for KV5M_KEYBLOCK + * krb5_int32 for KV5M_KEYBLOCK + * krb5_int32 for enctype + * krb5_int32 for length + * keyblock->length for contents + * krb5_int32 for KV5M_KEYBLOCK */ kret = EINVAL; if ((keyblock = (krb5_keyblock *) arg)) { - *sizep += (sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - sizeof(krb5_int32) + - (size_t) keyblock->length); - kret = 0; + *sizep += (sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + sizeof(krb5_int32) + + (size_t) keyblock->length); + kret = 0; } return(kret); } /* - * krb5_keyblock_externalize() - Externalize the krb5_keyblock. + * krb5_keyblock_externalize() - Externalize the krb5_keyblock. */ static krb5_error_code krb5_keyblock_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_keyblock *keyblock; - size_t required; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_keyblock *keyblock; + size_t required; + krb5_octet *bp; + size_t remain; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((keyblock = (krb5_keyblock *) arg)) { - kret = ENOMEM; - if (!krb5_keyblock_size(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain); - - /* Our enctype */ - (void) krb5_ser_pack_int32((krb5_int32) keyblock->enctype, - &bp, &remain); + kret = ENOMEM; + if (!krb5_keyblock_size(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain); - /* Our length */ - (void) krb5_ser_pack_int32((krb5_int32) keyblock->length, - &bp, &remain); + /* Our enctype */ + (void) krb5_ser_pack_int32((krb5_int32) keyblock->enctype, + &bp, &remain); - /* Our contents */ - (void) krb5_ser_pack_bytes(keyblock->contents, - (size_t) keyblock->length, - &bp, &remain); + /* Our length */ + (void) krb5_ser_pack_int32((krb5_int32) keyblock->length, + &bp, &remain); - /* Finally, our trailer */ - (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain); + /* Our contents */ + (void) krb5_ser_pack_bytes(keyblock->contents, + (size_t) keyblock->length, + &bp, &remain); - kret = 0; - *buffer = bp; - *lenremain = remain; - } + /* Finally, our trailer */ + (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain); + + kret = 0; + *buffer = bp; + *lenremain = remain; + } } return(kret); } /* - * krb5_keyblock_internalize() - Internalize the krb5_keyblock. + * krb5_keyblock_internalize() - Internalize the krb5_keyblock. */ static krb5_error_code krb5_keyblock_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_keyblock *keyblock; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_keyblock *keyblock; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; bp = *buffer; remain = *lenremain; kret = EINVAL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KV5M_KEYBLOCK) { - kret = ENOMEM; + kret = ENOMEM; - /* Get a keyblock */ - if ((remain >= (3*sizeof(krb5_int32))) && - (keyblock = (krb5_keyblock *) calloc(1, sizeof(krb5_keyblock)))) { - /* Get the enctype */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - keyblock->enctype = (krb5_enctype) ibuf; + /* Get a keyblock */ + if ((remain >= (3*sizeof(krb5_int32))) && + (keyblock = (krb5_keyblock *) calloc(1, sizeof(krb5_keyblock)))) { + /* Get the enctype */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + keyblock->enctype = (krb5_enctype) ibuf; - /* Get the length */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - keyblock->length = (int) ibuf; + /* Get the length */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + keyblock->length = (int) ibuf; - /* Get the string */ - if ((keyblock->contents = (krb5_octet *) malloc((size_t) (ibuf)))&& - !(kret = krb5_ser_unpack_bytes(keyblock->contents, - (size_t) ibuf, - &bp, &remain))) { - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - if (!kret && (ibuf == KV5M_KEYBLOCK)) { - kret = 0; - *buffer = bp; - *lenremain = remain; - keyblock->magic = KV5M_KEYBLOCK; - *argp = (krb5_pointer) keyblock; - } - else - kret = EINVAL; - } - if (kret) { - if (keyblock->contents) - free(keyblock->contents); - free(keyblock); - } - } + /* Get the string */ + if ((keyblock->contents = (krb5_octet *) malloc((size_t) (ibuf)))&& + !(kret = krb5_ser_unpack_bytes(keyblock->contents, + (size_t) ibuf, + &bp, &remain))) { + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (!kret && (ibuf == KV5M_KEYBLOCK)) { + kret = 0; + *buffer = bp; + *lenremain = remain; + keyblock->magic = KV5M_KEYBLOCK; + *argp = (krb5_pointer) keyblock; + } + else + kret = EINVAL; + } + if (kret) { + if (keyblock->contents) + free(keyblock->contents); + free(keyblock); + } + } } return(kret); } diff --git a/src/lib/krb5/krb/ser_princ.c b/src/lib/krb5/krb/ser_princ.c index cb90154..d93fbbe 100644 --- a/src/lib/krb5/krb/ser_princ.c +++ b/src/lib/krb5/krb/ser_princ.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/ser_princ.c * @@ -33,103 +34,103 @@ /* * Routines to deal with externalizing the krb5_principal: - * krb5_principal_size(); - * krb5_principal_externalize(); - * krb5_principal_internalize(); + * krb5_principal_size(); + * krb5_principal_externalize(); + * krb5_principal_internalize(); */ static krb5_error_code krb5_principal_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_principal_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_principal_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* Local data */ static const krb5_ser_entry krb5_principal_ser_entry = { - KV5M_PRINCIPAL, /* Type */ - krb5_principal_size, /* Sizer routine */ - krb5_principal_externalize, /* Externalize routine */ - krb5_principal_internalize /* Internalize routine */ + KV5M_PRINCIPAL, /* Type */ + krb5_principal_size, /* Sizer routine */ + krb5_principal_externalize, /* Externalize routine */ + krb5_principal_internalize /* Internalize routine */ }; /* - * krb5_principal_size() - Determine the size required to externalize - * the krb5_principal. + * krb5_principal_size() - Determine the size required to externalize + * the krb5_principal. */ static krb5_error_code krb5_principal_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_principal principal; - char *fname; + krb5_error_code kret; + krb5_principal principal; + char *fname; /* * krb5_principal requires: - * krb5_int32 for KV5M_PRINCIPAL - * krb5_int32 for flattened name size - * strlen(name) for name. - * krb5_int32 for KV5M_PRINCIPAL + * krb5_int32 for KV5M_PRINCIPAL + * krb5_int32 for flattened name size + * strlen(name) for name. + * krb5_int32 for KV5M_PRINCIPAL */ kret = EINVAL; if ((principal = (krb5_principal) arg) && - !(kret = krb5_unparse_name(kcontext, principal, &fname))) { - *sizep += (3*sizeof(krb5_int32)) + strlen(fname); - free(fname); + !(kret = krb5_unparse_name(kcontext, principal, &fname))) { + *sizep += (3*sizeof(krb5_int32)) + strlen(fname); + free(fname); } return(kret); } /* - * krb5_principal_externalize() - Externalize the krb5_principal. + * krb5_principal_externalize() - Externalize the krb5_principal. */ static krb5_error_code krb5_principal_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_principal principal; - size_t required; - krb5_octet *bp; - size_t remain; - char *fname; + krb5_error_code kret; + krb5_principal principal; + size_t required; + krb5_octet *bp; + size_t remain; + char *fname; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((principal = (krb5_principal) arg)) { - kret = ENOMEM; - if (!krb5_principal_size(kcontext, arg, &required) && - (required <= remain)) { - if (!(kret = krb5_unparse_name(kcontext, principal, &fname))) { + kret = ENOMEM; + if (!krb5_principal_size(kcontext, arg, &required) && + (required <= remain)) { + if (!(kret = krb5_unparse_name(kcontext, principal, &fname))) { - (void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) strlen(fname), - &bp, &remain); - (void) krb5_ser_pack_bytes((krb5_octet *) fname, - strlen(fname), &bp, &remain); - (void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain); - *buffer = bp; - *lenremain = remain; + (void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) strlen(fname), + &bp, &remain); + (void) krb5_ser_pack_bytes((krb5_octet *) fname, + strlen(fname), &bp, &remain); + (void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain); + *buffer = bp; + *lenremain = remain; - free(fname); - } - } + free(fname); + } + } } return(kret); } /* - * krb5_principal_internalize() - Internalize the krb5_principal. + * krb5_principal_internalize() - Internalize the krb5_principal. */ static krb5_error_code krb5_principal_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_principal principal = NULL; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - char *tmpname = NULL; + krb5_error_code kret; + krb5_principal principal = NULL; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + char *tmpname = NULL; *argp = NULL; bp = *buffer; @@ -137,28 +138,28 @@ krb5_principal_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) || ibuf != KV5M_PRINCIPAL) - return EINVAL; + return EINVAL; /* Read the principal name */ kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (kret) - return kret; + return kret; tmpname = malloc(ibuf + 1); kret = krb5_ser_unpack_bytes((krb5_octet *) tmpname, (size_t) ibuf, - &bp, &remain); + &bp, &remain); if (kret) - goto cleanup; + goto cleanup; tmpname[ibuf] = '\0'; /* Parse the name to a principal structure */ kret = krb5_parse_name(kcontext, tmpname, &principal); if (kret) - goto cleanup; + goto cleanup; /* Read the trailing magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) || ibuf != KV5M_PRINCIPAL) { - kret = EINVAL; - goto cleanup; + kret = EINVAL; + goto cleanup; } *buffer = bp; @@ -166,7 +167,7 @@ krb5_principal_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet *argp = principal; cleanup: if (kret) - krb5_free_principal(kcontext, principal); + krb5_free_principal(kcontext, principal); free(tmpname); return kret; } diff --git a/src/lib/krb5/krb/serialize.c b/src/lib/krb5/krb/serialize.c index d1edcf2..4e08aa9 100644 --- a/src/lib/krb5/krb/serialize.c +++ b/src/lib/krb5/krb/serialize.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/serialize.c * @@ -31,94 +32,94 @@ #include "k5-int.h" /* - * krb5_find_serializer() - See if a particular type is registered. + * krb5_find_serializer() - See if a particular type is registered. */ krb5_ser_handle krb5_find_serializer(krb5_context kcontext, krb5_magic odtype) { - krb5_ser_handle res; - krb5_ser_handle sctx; - int i; + krb5_ser_handle res; + krb5_ser_handle sctx; + int i; res = (krb5_ser_handle) NULL; sctx = (krb5_ser_handle) kcontext->ser_ctx; for (i=0; i<kcontext->ser_ctx_count; i++) { - if (sctx[i].odtype == odtype) { - res = &sctx[i]; - break; - } + if (sctx[i].odtype == odtype) { + res = &sctx[i]; + break; + } } return(res); } /* - * krb5_register_serializer() - Register a particular serializer. + * krb5_register_serializer() - Register a particular serializer. */ krb5_error_code krb5_register_serializer(krb5_context kcontext, const krb5_ser_entry *entry) { - krb5_error_code kret; - krb5_ser_entry * stable; + krb5_error_code kret; + krb5_ser_entry * stable; kret = 0; /* See if it's already there, if so, we're good to go. */ if (!(stable = (krb5_ser_entry *)krb5_find_serializer(kcontext, - entry->odtype))) { - /* - * Can't find our type. Create a new entry. - */ - if ((stable = (krb5_ser_entry *) malloc(sizeof(krb5_ser_entry) * - (kcontext->ser_ctx_count+1)))) { - /* Copy in old table */ - if (kcontext->ser_ctx_count) - memcpy(stable, kcontext->ser_ctx, - sizeof(krb5_ser_entry) * kcontext->ser_ctx_count); - /* Copy in new entry */ - memcpy(&stable[kcontext->ser_ctx_count], entry, - sizeof(krb5_ser_entry)); - if (kcontext->ser_ctx) free(kcontext->ser_ctx); - kcontext->ser_ctx = (void *) stable; - kcontext->ser_ctx_count++; - } - else - kret = ENOMEM; + entry->odtype))) { + /* + * Can't find our type. Create a new entry. + */ + if ((stable = (krb5_ser_entry *) malloc(sizeof(krb5_ser_entry) * + (kcontext->ser_ctx_count+1)))) { + /* Copy in old table */ + if (kcontext->ser_ctx_count) + memcpy(stable, kcontext->ser_ctx, + sizeof(krb5_ser_entry) * kcontext->ser_ctx_count); + /* Copy in new entry */ + memcpy(&stable[kcontext->ser_ctx_count], entry, + sizeof(krb5_ser_entry)); + if (kcontext->ser_ctx) free(kcontext->ser_ctx); + kcontext->ser_ctx = (void *) stable; + kcontext->ser_ctx_count++; + } + else + kret = ENOMEM; } else - *stable = *entry; + *stable = *entry; return(kret); } /* - * krb5_size_opaque() - Determine the size necessary to serialize a given - * piece of opaque data. + * krb5_size_opaque() - Determine the size necessary to serialize a given + * piece of opaque data. */ krb5_error_code KRB5_CALLCONV krb5_size_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_ser_handle shandle; + krb5_error_code kret; + krb5_ser_handle shandle; kret = ENOENT; /* See if the type is supported, if so, do it */ if ((shandle = krb5_find_serializer(kcontext, odtype))) - kret = (shandle->sizer) ? (*shandle->sizer)(kcontext, arg, sizep) : 0; + kret = (shandle->sizer) ? (*shandle->sizer)(kcontext, arg, sizep) : 0; return(kret); } /* - * krb5_externalize_opaque() - Externalize a piece of opaque data. + * krb5_externalize_opaque() - Externalize a piece of opaque data. */ krb5_error_code KRB5_CALLCONV krb5_externalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer arg, krb5_octet **bufpp, size_t *sizep) { - krb5_error_code kret; - krb5_ser_handle shandle; + krb5_error_code kret; + krb5_ser_handle shandle; kret = ENOENT; /* See if the type is supported, if so, do it */ if ((shandle = krb5_find_serializer(kcontext, odtype))) - kret = (shandle->externalizer) ? - (*shandle->externalizer)(kcontext, arg, bufpp, sizep) : 0; + kret = (shandle->externalizer) ? + (*shandle->externalizer)(kcontext, arg, bufpp, sizep) : 0; return(kret); } @@ -128,146 +129,146 @@ krb5_externalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer a krb5_error_code krb5_externalize_data(krb5_context kcontext, krb5_pointer arg, krb5_octet **bufpp, size_t *sizep) { - krb5_error_code kret; - krb5_magic *mp; - krb5_octet *buffer, *bp; - size_t bufsize, bsize; + krb5_error_code kret; + krb5_magic *mp; + krb5_octet *buffer, *bp; + size_t bufsize, bsize; mp = (krb5_magic *) arg; bufsize = 0; if (!(kret = krb5_size_opaque(kcontext, *mp, arg, &bufsize))) { - if ((buffer = (krb5_octet *) malloc(bufsize))) { - bp = buffer; - bsize = bufsize; - if (!(kret = krb5_externalize_opaque(kcontext, - *mp, - arg, - &bp, - &bsize))) { - if (bsize != 0) - bufsize -= bsize; - *bufpp = buffer; - *sizep = bufsize; - } - } - else - kret = ENOMEM; + if ((buffer = (krb5_octet *) malloc(bufsize))) { + bp = buffer; + bsize = bufsize; + if (!(kret = krb5_externalize_opaque(kcontext, + *mp, + arg, + &bp, + &bsize))) { + if (bsize != 0) + bufsize -= bsize; + *bufpp = buffer; + *sizep = bufsize; + } + } + else + kret = ENOMEM; } return(kret); } /* - * krb5_internalize_opaque() - Convert external representation into a data - * structure. + * krb5_internalize_opaque() - Convert external representation into a data + * structure. */ krb5_error_code KRB5_CALLCONV krb5_internalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer *argp, krb5_octet **bufpp, size_t *sizep) { - krb5_error_code kret; - krb5_ser_handle shandle; + krb5_error_code kret; + krb5_ser_handle shandle; kret = ENOENT; /* See if the type is supported, if so, do it */ if ((shandle = krb5_find_serializer(kcontext, odtype))) - kret = (shandle->internalizer) ? - (*shandle->internalizer)(kcontext, argp, bufpp, sizep) : 0; + kret = (shandle->internalizer) ? + (*shandle->internalizer)(kcontext, argp, bufpp, sizep) : 0; return(kret); } /* - * krb5_ser_pack_int32() - Pack a 4-byte integer if space is available. - * Update buffer pointer and remaining space. + * krb5_ser_pack_int32() - Pack a 4-byte integer if space is available. + * Update buffer pointer and remaining space. */ krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32(krb5_int32 iarg, krb5_octet **bufp, size_t *remainp) { if (*remainp >= sizeof(krb5_int32)) { - store_32_be(iarg, *bufp); - *bufp += sizeof(krb5_int32); - *remainp -= sizeof(krb5_int32); - return(0); + store_32_be(iarg, *bufp); + *bufp += sizeof(krb5_int32); + *remainp -= sizeof(krb5_int32); + return(0); } else - return(ENOMEM); + return(ENOMEM); } /* - * krb5_ser_pack_int64() - Pack an 8-byte integer if space is available. - * Update buffer pointer and remaining space. + * krb5_ser_pack_int64() - Pack an 8-byte integer if space is available. + * Update buffer pointer and remaining space. */ krb5_error_code KRB5_CALLCONV krb5_ser_pack_int64(krb5_int64 iarg, krb5_octet **bufp, size_t *remainp) { if (*remainp >= sizeof(krb5_int64)) { - store_64_be(iarg, (unsigned char *)*bufp); - *bufp += sizeof(krb5_int64); - *remainp -= sizeof(krb5_int64); - return(0); + store_64_be(iarg, (unsigned char *)*bufp); + *bufp += sizeof(krb5_int64); + *remainp -= sizeof(krb5_int64); + return(0); } else - return(ENOMEM); + return(ENOMEM); } /* - * krb5_ser_pack_bytes() - Pack a string of bytes. + * krb5_ser_pack_bytes() - Pack a string of bytes. */ krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes(krb5_octet *ostring, size_t osize, krb5_octet **bufp, size_t *remainp) { if (*remainp >= osize) { - memcpy(*bufp, ostring, osize); - *bufp += osize; - *remainp -= osize; - return(0); + memcpy(*bufp, ostring, osize); + *bufp += osize; + *remainp -= osize; + return(0); } else - return(ENOMEM); + return(ENOMEM); } /* - * krb5_ser_unpack_int32() - Unpack a 4-byte integer if it's there. + * krb5_ser_unpack_int32() - Unpack a 4-byte integer if it's there. */ krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32(krb5_int32 *intp, krb5_octet **bufp, size_t *remainp) { if (*remainp >= sizeof(krb5_int32)) { - *intp = load_32_be(*bufp); - *bufp += sizeof(krb5_int32); - *remainp -= sizeof(krb5_int32); - return(0); + *intp = load_32_be(*bufp); + *bufp += sizeof(krb5_int32); + *remainp -= sizeof(krb5_int32); + return(0); } else - return(ENOMEM); + return(ENOMEM); } /* - * krb5_ser_unpack_int64() - Unpack an 8-byte integer if it's there. + * krb5_ser_unpack_int64() - Unpack an 8-byte integer if it's there. */ krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int64(krb5_int64 *intp, krb5_octet **bufp, size_t *remainp) { if (*remainp >= sizeof(krb5_int64)) { - *intp = load_64_be((unsigned char *)*bufp); - *bufp += sizeof(krb5_int64); - *remainp -= sizeof(krb5_int64); - return(0); + *intp = load_64_be((unsigned char *)*bufp); + *bufp += sizeof(krb5_int64); + *remainp -= sizeof(krb5_int64); + return(0); } else - return(ENOMEM); + return(ENOMEM); } /* - * krb5_ser_unpack_bytes() - Unpack a byte string if it's there. + * krb5_ser_unpack_bytes() - Unpack a byte string if it's there. */ krb5_error_code KRB5_CALLCONV krb5_ser_unpack_bytes(krb5_octet *istring, size_t isize, krb5_octet **bufp, size_t *remainp) { if (*remainp >= isize) { - memcpy(istring, *bufp, isize); - *bufp += isize; - *remainp -= isize; - return(0); + memcpy(istring, *bufp, isize); + *bufp += isize; + *remainp -= isize; + return(0); } else - return(ENOMEM); + return(ENOMEM); } diff --git a/src/lib/krb5/krb/set_realm.c b/src/lib/krb5/krb/set_realm.c index 9a96cd1..0128f6c 100644 --- a/src/lib/krb5/krb/set_realm.c +++ b/src/lib/krb5/krb/set_realm.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/set_realm.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -29,23 +30,21 @@ krb5_error_code KRB5_CALLCONV krb5_set_principal_realm(krb5_context context, krb5_principal principal, const char *realm) { - size_t length; - char *newrealm; - - if (!realm || !*realm) - return -EINVAL; + size_t length; + char *newrealm; - length = strlen(realm); - newrealm = strdup(realm); - if (!newrealm) - return -ENOMEM; - - (void) free(krb5_princ_realm(context,principal)->data); + if (!realm || !*realm) + return -EINVAL; - krb5_princ_realm(context, principal)->length = length; - krb5_princ_realm(context, principal)->data = newrealm; + length = strlen(realm); + newrealm = strdup(realm); + if (!newrealm) + return -ENOMEM; - return 0; -} + (void) free(krb5_princ_realm(context,principal)->data); + krb5_princ_realm(context, principal)->length = length; + krb5_princ_realm(context, principal)->data = newrealm; + return 0; +} diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c index 0934e27..f266fa5 100644 --- a/src/lib/krb5/krb/srv_dec_tkt.c +++ b/src/lib/krb5/krb/srv_dec_tkt.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/srv_dec_tkt.c * @@ -24,7 +25,7 @@ * or implied warranty. * * - * Server decrypt ticket via keytab or keyblock. + * Server decrypt ticket via keytab or keyblock. * * Different from krb5_rd_req_decoded. (krb5/src/lib/krb5/krb/rd_req_dec.c) * - No krb5_principal_compare or KRB5KRB_AP_ERR_BADMATCH error. @@ -33,94 +34,94 @@ * - No address checking or KRB5KRB_AP_ERR_BADADDR error. * - No time validation. * - No permitted enctype validation or KRB5_NOPERM_ETYPE error. - * - Does not free ticket->enc_part2 on error. + * - Does not free ticket->enc_part2 on error. */ #include <k5-int.h> -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT krb5_error_code KRB5_CALLCONV krb5int_server_decrypt_ticket_keyblock(krb5_context context, - const krb5_keyblock *key, - krb5_ticket *ticket) + const krb5_keyblock *key, + krb5_ticket *ticket) { krb5_error_code retval; krb5_data *realm; krb5_transited *trans; retval = krb5_decrypt_tkt_part(context, key, ticket); - if (retval) - goto done; + if (retval) + goto done; trans = &ticket->enc_part2->transited; realm = &ticket->enc_part2->client->realm; if (trans->tr_contents.data && *trans->tr_contents.data) { - retval = krb5_check_transited_list(context, &trans->tr_contents, - realm, &ticket->server->realm); - goto done; + retval = krb5_check_transited_list(context, &trans->tr_contents, + realm, &ticket->server->realm); + goto done; } - if (ticket->enc_part2->flags & TKT_FLG_INVALID) { /* ie, KDC_OPT_POSTDATED */ - retval = KRB5KRB_AP_ERR_TKT_INVALID; - goto done; + if (ticket->enc_part2->flags & TKT_FLG_INVALID) { /* ie, KDC_OPT_POSTDATED */ + retval = KRB5KRB_AP_ERR_TKT_INVALID; + goto done; } - done: +done: return retval; } krb5_error_code KRB5_CALLCONV krb5_server_decrypt_ticket_keytab(krb5_context context, - const krb5_keytab keytab, - krb5_ticket *ticket) + const krb5_keytab keytab, + krb5_ticket *ticket) { - krb5_error_code retval; - krb5_keytab_entry ktent; + krb5_error_code retval; + krb5_keytab_entry ktent; retval = KRB5_KT_NOTFOUND; if (keytab->ops->start_seq_get == NULL) { - retval = krb5_kt_get_entry(context, keytab, - ticket->server, - ticket->enc_part.kvno, - ticket->enc_part.enctype, &ktent); - if (retval == 0) { - retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket); - - (void) krb5_free_keytab_entry_contents(context, &ktent); - } + retval = krb5_kt_get_entry(context, keytab, + ticket->server, + ticket->enc_part.kvno, + ticket->enc_part.enctype, &ktent); + if (retval == 0) { + retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket); + + (void) krb5_free_keytab_entry_contents(context, &ktent); + } } else { - krb5_error_code code; - krb5_kt_cursor cursor; - - retval = krb5_kt_start_seq_get(context, keytab, &cursor); - if (retval != 0) - goto map_error; - - while ((code = krb5_kt_next_entry(context, keytab, - &ktent, &cursor)) == 0) { - if (ktent.key.enctype != ticket->enc_part.enctype) - continue; - - retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket); - if (retval == 0) { - krb5_principal tmp; - - retval = krb5_copy_principal(context, ktent.principal, &tmp); - if (retval == 0) { - krb5_free_principal(context, ticket->server); - ticket->server = tmp; - } - (void) krb5_free_keytab_entry_contents(context, &ktent); - break; - } - (void) krb5_free_keytab_entry_contents(context, &ktent); - } - - code = krb5_kt_end_seq_get(context, keytab, &cursor); - if (code != 0) - retval = code; + krb5_error_code code; + krb5_kt_cursor cursor; + + retval = krb5_kt_start_seq_get(context, keytab, &cursor); + if (retval != 0) + goto map_error; + + while ((code = krb5_kt_next_entry(context, keytab, + &ktent, &cursor)) == 0) { + if (ktent.key.enctype != ticket->enc_part.enctype) + continue; + + retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket); + if (retval == 0) { + krb5_principal tmp; + + retval = krb5_copy_principal(context, ktent.principal, &tmp); + if (retval == 0) { + krb5_free_principal(context, ticket->server); + ticket->server = tmp; + } + (void) krb5_free_keytab_entry_contents(context, &ktent); + break; + } + (void) krb5_free_keytab_entry_contents(context, &ktent); + } + + code = krb5_kt_end_seq_get(context, keytab, &cursor); + if (code != 0) + retval = code; } map_error: @@ -128,13 +129,12 @@ map_error: case KRB5_KT_KVNONOTFOUND: case KRB5_KT_NOTFOUND: case KRB5KRB_AP_ERR_BAD_INTEGRITY: - retval = KRB5KRB_AP_WRONG_PRINC; - break; + retval = KRB5KRB_AP_WRONG_PRINC; + break; default: - break; + break; } return retval; } #endif /* LEAN_CLIENT */ - diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c index 7d6b68a..6730748 100644 --- a/src/lib/krb5/krb/srv_rcache.c +++ b/src/lib/krb5/krb/srv_rcache.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/srv_rcache.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Allocate & prepare a default replay cache for a server. */ @@ -35,7 +36,7 @@ #define isvalidrcname(x) ((!ispunct(x))&&isgraph(x)) krb5_error_code KRB5_CALLCONV krb5_get_server_rcache(krb5_context context, const krb5_data *piece, - krb5_rcache *rcptr) + krb5_rcache *rcptr) { krb5_rcache rcache = 0; char *cachename = 0, *cachetype; @@ -45,22 +46,22 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, #ifdef HAVE_GETEUID unsigned long uid = geteuid(); #endif - + if (piece == NULL) - return ENOMEM; - + return ENOMEM; + cachetype = krb5_rc_default_type(context); krb5int_buf_init_dynamic(&buf); krb5int_buf_add(&buf, cachetype); krb5int_buf_add(&buf, ":"); for (i = 0; i < piece->length; i++) { - if (piece->data[i] == '-') - krb5int_buf_add(&buf, "--"); - else if (!isvalidrcname((int) piece->data[i])) - krb5int_buf_add_fmt(&buf, "-%03o", piece->data[i]); - else - krb5int_buf_add_len(&buf, &piece->data[i], 1); + if (piece->data[i] == '-') + krb5int_buf_add(&buf, "--"); + else if (!isvalidrcname((int) piece->data[i])) + krb5int_buf_add_fmt(&buf, "-%03o", piece->data[i]); + else + krb5int_buf_add_len(&buf, &piece->data[i], 1); } #ifdef HAVE_GETEUID krb5int_buf_add_fmt(&buf, "_%lu", uid); @@ -68,16 +69,16 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, cachename = krb5int_buf_data(&buf); if (cachename == NULL) - return ENOMEM; + return ENOMEM; retval = krb5_rc_resolve_full(context, &rcache, cachename); if (retval) - goto cleanup; + goto cleanup; retval = krb5_rc_recover_or_initialize(context, rcache, - context->clockskew); + context->clockskew); if (retval) - goto cleanup; + goto cleanup; *rcptr = rcache; rcache = 0; @@ -85,8 +86,8 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, cleanup: if (rcache) - krb5_rc_close(context, rcache); + krb5_rc_close(context, rcache); if (cachename) - free(cachename); + free(cachename); return retval; } diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c index 531eba1..1f2edcc 100644 --- a/src/lib/krb5/krb/str_conv.c +++ b/src/lib/krb5/krb/str_conv.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/kadm/str_conv.c * @@ -34,16 +35,16 @@ * * String decoding: * ---------------- - * krb5_string_to_salttype() - Convert string to salttype (krb5_int32) - * krb5_string_to_timestamp() - Convert string to krb5_timestamp. - * krb5_string_to_deltat() - Convert string to krb5_deltat. + * krb5_string_to_salttype() - Convert string to salttype (krb5_int32) + * krb5_string_to_timestamp() - Convert string to krb5_timestamp. + * krb5_string_to_deltat() - Convert string to krb5_deltat. * * String encoding: * ---------------- - * krb5_salttype_to_string() - Convert salttype (krb5_int32) to string. - * krb5_timestamp_to_string() - Convert krb5_timestamp to string. - * krb5_timestamp_to_sfstring() - Convert krb5_timestamp to short filled string - * krb5_deltat_to_string() - Convert krb5_deltat to string. + * krb5_salttype_to_string() - Convert salttype (krb5_int32) to string. + * krb5_timestamp_to_string() - Convert krb5_timestamp to string. + * krb5_timestamp_to_sfstring() - Convert krb5_timestamp to short filled string + * krb5_deltat_to_string() - Convert krb5_deltat to string. */ #include "k5-int.h" @@ -55,9 +56,9 @@ * Local data structures. */ struct salttype_lookup_entry { - krb5_int32 stt_enctype; /* Salt type */ - const char * stt_specifier; /* How to recognize it */ - const char * stt_output; /* How to spit it out */ + krb5_int32 stt_enctype; /* Salt type */ + const char * stt_specifier; /* How to recognize it */ + const char * stt_output; /* How to spit it out */ }; /* @@ -66,20 +67,20 @@ struct salttype_lookup_entry { #include "kdb.h" static const struct salttype_lookup_entry salttype_table[] = { -/* salt type input specifier output string */ -/*----------------------------- --------------- ---------------*/ -{ KRB5_KDB_SALTTYPE_NORMAL, "normal", "Version 5" }, -{ KRB5_KDB_SALTTYPE_V4, "v4", "Version 4" }, -{ KRB5_KDB_SALTTYPE_NOREALM, "norealm", "Version 5 - No Realm" }, -{ KRB5_KDB_SALTTYPE_ONLYREALM, "onlyrealm", "Version 5 - Realm Only" }, -{ KRB5_KDB_SALTTYPE_SPECIAL, "special", "Special" }, -{ KRB5_KDB_SALTTYPE_AFS3, "afs3", "AFS version 3" }, +/* salt type input specifier output string */ +/*----------------------------- --------------- ---------------*/ + { KRB5_KDB_SALTTYPE_NORMAL, "normal", "Version 5" }, + { KRB5_KDB_SALTTYPE_V4, "v4", "Version 4" }, + { KRB5_KDB_SALTTYPE_NOREALM, "norealm", "Version 5 - No Realm" }, + { KRB5_KDB_SALTTYPE_ONLYREALM, "onlyrealm", "Version 5 - Realm Only" }, + { KRB5_KDB_SALTTYPE_SPECIAL, "special", "Special" }, + { KRB5_KDB_SALTTYPE_AFS3, "afs3", "AFS version 3" }, #if PKINIT_APPLE -{ KRB5_KDB_SALTTYPE_CERTHASH, "certhash", "PKINIT Cert Hash" } + { KRB5_KDB_SALTTYPE_CERTHASH, "certhash", "PKINIT Cert Hash" } #endif /* PKINIT_APPLE */ }; static const int salttype_table_nents = sizeof(salttype_table)/ - sizeof(salttype_table[0]); + sizeof(salttype_table[0]); krb5_error_code KRB5_CALLCONV krb5_string_to_salttype(char *string, krb5_int32 *salttypep) @@ -89,11 +90,11 @@ krb5_string_to_salttype(char *string, krb5_int32 *salttypep) found = 0; for (i=0; i<salttype_table_nents; i++) { - if (!strcasecmp(string, salttype_table[i].stt_specifier)) { - found = 1; - *salttypep = salttype_table[i].stt_enctype; - break; - } + if (!strcasecmp(string, salttype_table[i].stt_specifier)) { + found = 1; + *salttypep = salttype_table[i].stt_enctype; + break; + } } return((found) ? 0 : EINVAL); } @@ -112,18 +113,18 @@ krb5_salttype_to_string(krb5_int32 salttype, char *buffer, size_t buflen) out = (char *) NULL; for (i=0; i<salttype_table_nents; i++) { - if (salttype == salttype_table[i].stt_enctype) { - out = salttype_table[i].stt_output; - break; - } + if (salttype == salttype_table[i].stt_enctype) { + out = salttype_table[i].stt_output; + break; + } } if (out) { - if (strlcpy(buffer, out, buflen) >= buflen) - return(ENOMEM); - return(0); + if (strlcpy(buffer, out, buflen) >= buflen) + return(ENOMEM); + return(0); } else - return(EINVAL); + return(EINVAL); } /* (absolute) time conversions */ @@ -137,7 +138,7 @@ static size_t strftime (char *, size_t, const char *, const struct tm *); #ifdef HAVE_STRPTIME #ifdef NEED_STRPTIME_PROTO extern char *strptime (const char *, const char *, - struct tm *) + struct tm *) #ifdef __cplusplus throw() #endif @@ -155,7 +156,7 @@ localtime_r(const time_t *t, struct tm *buf) { struct tm *tm = localtime(t); if (tm == NULL) - return NULL; + return NULL; *buf = *tm; return buf; } @@ -169,47 +170,47 @@ krb5_string_to_timestamp(char *string, krb5_timestamp *timestampp) time_t now, ret_time; char *s; static const char * const atime_format_table[] = { - "%Y%m%d%H%M%S", /* yyyymmddhhmmss */ - "%Y.%m.%d.%H.%M.%S", /* yyyy.mm.dd.hh.mm.ss */ - "%y%m%d%H%M%S", /* yymmddhhmmss */ - "%y.%m.%d.%H.%M.%S", /* yy.mm.dd.hh.mm.ss */ - "%y%m%d%H%M", /* yymmddhhmm */ - "%H%M%S", /* hhmmss */ - "%H%M", /* hhmm */ - "%T", /* hh:mm:ss */ - "%R", /* hh:mm */ - /* The following not really supported unless native strptime present */ - "%x:%X", /* locale-dependent short format */ - "%d-%b-%Y:%T", /* dd-month-yyyy:hh:mm:ss */ - "%d-%b-%Y:%R" /* dd-month-yyyy:hh:mm */ + "%Y%m%d%H%M%S", /* yyyymmddhhmmss */ + "%Y.%m.%d.%H.%M.%S", /* yyyy.mm.dd.hh.mm.ss */ + "%y%m%d%H%M%S", /* yymmddhhmmss */ + "%y.%m.%d.%H.%M.%S", /* yy.mm.dd.hh.mm.ss */ + "%y%m%d%H%M", /* yymmddhhmm */ + "%H%M%S", /* hhmmss */ + "%H%M", /* hhmm */ + "%T", /* hh:mm:ss */ + "%R", /* hh:mm */ + /* The following not really supported unless native strptime present */ + "%x:%X", /* locale-dependent short format */ + "%d-%b-%Y:%T", /* dd-month-yyyy:hh:mm:ss */ + "%d-%b-%Y:%R" /* dd-month-yyyy:hh:mm */ }; static const int atime_format_table_nents = - sizeof(atime_format_table)/sizeof(atime_format_table[0]); + sizeof(atime_format_table)/sizeof(atime_format_table[0]); now = time((time_t *) NULL); if (localtime_r(&now, &timebuf2) == NULL) - return EINVAL; + return EINVAL; for (i=0; i<atime_format_table_nents; i++) { /* We reset every time throughout the loop as the manual page - * indicated that no guarantees are made as to preserving timebuf - * when parsing fails - */ - timebuf = timebuf2; - if ((s = strptime(string, atime_format_table[i], &timebuf)) - && (s != string)) { - /* See if at end of buffer - otherwise partial processing */ - while(*s != 0 && isspace((int) *s)) s++; - if (*s != 0) - continue; - if (timebuf.tm_year <= 0) - continue; /* clearly confused */ - ret_time = mktime(&timebuf); - if (ret_time == (time_t) -1) - continue; /* clearly confused */ - *timestampp = (krb5_timestamp) ret_time; - return 0; - } + * indicated that no guarantees are made as to preserving timebuf + * when parsing fails + */ + timebuf = timebuf2; + if ((s = strptime(string, atime_format_table[i], &timebuf)) + && (s != string)) { + /* See if at end of buffer - otherwise partial processing */ + while(*s != 0 && isspace((int) *s)) s++; + if (*s != 0) + continue; + if (timebuf.tm_year <= 0) + continue; /* clearly confused */ + ret_time = mktime(&timebuf); + if (ret_time == (time_t) -1) + continue; /* clearly confused */ + *timestampp = (krb5_timestamp) ret_time; + return 0; + } } return(EINVAL); } @@ -220,8 +221,8 @@ krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen) size_t ret; time_t timestamp2 = timestamp; struct tm tmbuf; - const char *fmt = "%c"; /* This is to get around gcc -Wall warning that - the year returned might be two digits */ + const char *fmt = "%c"; /* This is to get around gcc -Wall warning that + the year returned might be two digits */ #ifdef HAVE_LOCALTIME_R (void) localtime_r(×tamp2, &tmbuf); @@ -230,27 +231,27 @@ krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen) #endif ret = strftime(buffer, buflen, fmt, &tmbuf); if (ret == 0 || ret == buflen) - return(ENOMEM); + return(ENOMEM); return(0); } krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen, char *pad) { - struct tm *tmp; + struct tm *tmp; size_t i; - size_t ndone; + size_t ndone; time_t timestamp2 = timestamp; struct tm tmbuf; static const char * const sftime_format_table[] = { - "%c", /* Default locale-dependent date and time */ - "%d %b %Y %T", /* dd mon yyyy hh:mm:ss */ - "%x %X", /* locale-dependent short format */ - "%d/%m/%Y %R" /* dd/mm/yyyy hh:mm */ + "%c", /* Default locale-dependent date and time */ + "%d %b %Y %T", /* dd mon yyyy hh:mm:ss */ + "%x %X", /* locale-dependent short format */ + "%d/%m/%Y %R" /* dd/mm/yyyy hh:mm */ }; static const unsigned int sftime_format_table_nents = - sizeof(sftime_format_table)/sizeof(sftime_format_table[0]); + sizeof(sftime_format_table)/sizeof(sftime_format_table[0]); #ifdef HAVE_LOCALTIME_R tmp = localtime_r(×tamp2, &tmbuf); @@ -259,22 +260,22 @@ krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen #endif ndone = 0; for (i=0; i<sftime_format_table_nents; i++) { - if ((ndone = strftime(buffer, buflen, sftime_format_table[i], tmp))) - break; + if ((ndone = strftime(buffer, buflen, sftime_format_table[i], tmp))) + break; } if (!ndone) { -#define sftime_default_len 2+1+2+1+4+1+2+1+2+1 - if (buflen >= sftime_default_len) { - snprintf(buffer, buflen, "%02d/%02d/%4d %02d:%02d", - tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year, - tmp->tm_hour, tmp->tm_min); - ndone = strlen(buffer); - } +#define sftime_default_len 2+1+2+1+4+1+2+1+2+1 + if (buflen >= sftime_default_len) { + snprintf(buffer, buflen, "%02d/%02d/%4d %02d:%02d", + tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year, + tmp->tm_hour, tmp->tm_min); + ndone = strlen(buffer); + } } if (ndone && pad) { - for (i=ndone; i<buflen-1; i++) - buffer[i] = *pad; - buffer[buflen-1] = '\0'; + for (i=ndone; i<buflen-1; i++) + buffer[i] = *pad; + buffer[buflen-1] = '\0'; } return((ndone) ? 0 : ENOMEM); } @@ -286,8 +287,8 @@ krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen krb5_error_code KRB5_CALLCONV krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen) { - int days, hours, minutes, seconds; - krb5_deltat dt; + int days, hours, minutes, seconds; + krb5_deltat dt; /* * We want something like ceil(log10(2**(nbits-1))) + 1. That log @@ -298,7 +299,7 @@ krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen) * * This will break if bytes are more than 8 bits. */ -#define MAX_CHARS_FOR_INT_TYPE(TYPE) ((int) (2 + 2.408241 * sizeof (TYPE))) +#define MAX_CHARS_FOR_INT_TYPE(TYPE) ((int) (2 + 2.408241 * sizeof (TYPE))) char tmpbuf[MAX_CHARS_FOR_INT_TYPE(int) * 4 + 8]; days = (int) (deltat / (24*3600L)); @@ -310,22 +311,22 @@ krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen) memset (tmpbuf, 0, sizeof (tmpbuf)); if (days == 0) - snprintf(buffer, buflen, "%d:%02d:%02d", hours, minutes, seconds); + snprintf(buffer, buflen, "%d:%02d:%02d", hours, minutes, seconds); else if (hours || minutes || seconds) - snprintf(buffer, buflen, "%d %s %02d:%02d:%02d", days, - (days > 1) ? "days" : "day", - hours, minutes, seconds); + snprintf(buffer, buflen, "%d %s %02d:%02d:%02d", days, + (days > 1) ? "days" : "day", + hours, minutes, seconds); else - snprintf(buffer, buflen, "%d %s", days, - (days > 1) ? "days" : "day"); + snprintf(buffer, buflen, "%d %s", days, + (days > 1) ? "days" : "day"); if (tmpbuf[sizeof(tmpbuf)-1] != 0) - /* Something must be very wrong with my math above, or the - assumptions going into it... */ - abort (); + /* Something must be very wrong with my math above, or the + assumptions going into it... */ + abort (); if (strlen (tmpbuf) > buflen) - return ENOMEM; + return ENOMEM; else - strncpy (buffer, tmpbuf, buflen); + strncpy (buffer, tmpbuf, buflen); return 0; } @@ -348,10 +349,10 @@ struct dummy_locale_info_t { char am_pm[2][3]; }; static const struct dummy_locale_info_t dummy_locale_info = { - "%a %b %d %X %Y", /* %c */ - "%I:%M:%S %p", /* %r */ - "%H:%M:%S", /* %X */ - "%m/%d/%y", /* %x */ + "%a %b %d %X %Y", /* %c */ + "%I:%M:%S %p", /* %r */ + "%H:%M:%S", /* %X */ + "%m/%d/%y", /* %x */ { "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday" }, { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" }, @@ -373,7 +374,7 @@ static const struct dummy_locale_info_t dummy_locale_info = { #undef DAYSPERWEEK #define DAYSPERWEEK 7 #undef isleap -#define isleap(N) ((N % 4) == 0 && (N % 100 != 0 || N % 400 == 0)) +#define isleap(N) ((N % 4) == 0 && (N % 100 != 0 || N % 400 == 0)) #undef tzname #define tzname my_tzname static const char *const tzname[2] = { 0, 0 }; diff --git a/src/lib/krb5/krb/strptime.c b/src/lib/krb5/krb/strptime.c index ac52d5c..ffe90d4 100644 --- a/src/lib/krb5/krb/strptime.c +++ b/src/lib/krb5/krb/strptime.c @@ -82,7 +82,7 @@ strptime(buf, fmt, tm) fmt++; continue; } - + if ((c = *fmt++) != '%') goto literal; @@ -107,7 +107,7 @@ literal: LEGAL_ALT(0); alt_format |= ALT_O; goto again; - + /* * "Complex" conversion rules, implemented through recursion. */ diff --git a/src/lib/krb5/krb/t_ad_fx_armor.c b/src/lib/krb5/krb/t_ad_fx_armor.c index 74d7e5f..73dbb3a 100644 --- a/src/lib/krb5/krb/t_ad_fx_armor.c +++ b/src/lib/krb5/krb/t_ad_fx_armor.c @@ -1,13 +1,14 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <memory.h> #include <stdio.h> #include <krb5/krb5.h> -#define test(x) do {retval = (x); \ - if(retval != 0) { \ - const char *errmsg = krb5_get_error_message(context, retval); \ - fprintf(stderr, "Error message: %s\n", errmsg); \ - abort(); } \ - } while(0); +#define test(x) do {retval = (x); \ + if(retval != 0) { \ + const char *errmsg = krb5_get_error_message(context, retval); \ + fprintf(stderr, "Error message: %s\n", errmsg); \ + abort(); } \ + } while(0); krb5_authdata ad_fx_armor = {0, KRB5_AUTHDATA_FX_ARMOR, 1, ""}; krb5_authdata *array[] = {&ad_fx_armor, NULL}; @@ -32,5 +33,5 @@ int main( int argc, char **argv) test(krb5_cc_store_cred(context, ccache, out_creds)); test(krb5_cc_close(context,ccache)); return 0; - -} + +} diff --git a/src/lib/krb5/krb/t_authdata.c b/src/lib/krb5/krb/t_authdata.c index 86838ce..ed847df 100644 --- a/src/lib/krb5/krb/t_authdata.c +++ b/src/lib/krb5/krb/t_authdata.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/t_authdata.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +23,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * * Test authorization data search */ @@ -34,25 +35,25 @@ #include <memory.h> krb5_authdata ad1 = { - KV5M_AUTHDATA, - 22, - 4, - (unsigned char *) "abcd"}; + KV5M_AUTHDATA, + 22, + 4, + (unsigned char *) "abcd"}; krb5_authdata ad2 = { - KV5M_AUTHDATA, - 23, - 5, - (unsigned char *) "abcde" + KV5M_AUTHDATA, + 23, + 5, + (unsigned char *) "abcde" }; krb5_authdata ad3= { - KV5M_AUTHDATA, - 22, - 3, - (unsigned char *) "ab" + KV5M_AUTHDATA, + 22, + 3, + (unsigned char *) "ab" }; /* we want three results in the return from krb5int_find_authdata so -it has to grow its list. + it has to grow its list. */ krb5_authdata ad4 = { KV5M_AUTHDATA, @@ -73,12 +74,12 @@ krb5_keyblock key = { }; static void compare_authdata(const krb5_authdata *adc1, krb5_authdata *adc2) { - assert(adc1->ad_type == adc2->ad_type); - assert(adc1->length == adc2->length); - assert(memcmp(adc1->contents, adc2->contents, adc1->length) == 0); + assert(adc1->ad_type == adc2->ad_type); + assert(adc1->length == adc2->length); + assert(memcmp(adc1->contents, adc2->contents, adc1->length) == 0); } -int main() +int main() { krb5_context context; krb5_authdata **results; @@ -98,7 +99,7 @@ int main() container[1] = NULL; assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0); assert(krb5int_find_authdata(context, - adseq1, container_out, 22, &results) == 0); + adseq1, container_out, 22, &results) == 0); compare_authdata(&ad1, results[0]); compare_authdata( results[1], &ad4); compare_authdata( results[2], &ad3); diff --git a/src/lib/krb5/krb/t_deltat.c b/src/lib/krb5/krb/t_deltat.c index a07ba42..dcf14af 100644 --- a/src/lib/krb5/krb/t_deltat.c +++ b/src/lib/krb5/krb/t_deltat.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/t_deltat.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #include "k5-int.h" @@ -31,9 +32,9 @@ int main (void) { struct { - char *string; - krb5_deltat expected; - int is_error; + char *string; + krb5_deltat expected; + int is_error; #define GOOD(STR,VAL) { STR, VAL, 0 } #define BAD(STR) { STR, 0, 1 } #define DAY (24 * 3600) @@ -43,116 +44,116 @@ main (void) #endif #define MIN 60 } values[] = { - /* d-h-m-s patterns */ - GOOD ("3d", 3*DAY), - GOOD ("3h", 3*HOUR), - GOOD ("3m", 3*MIN), - GOOD ("3s", 3), - BAD ("3dd"), - GOOD ("3d4m 42s", 3 * DAY + 4 * MIN + 42), - GOOD ("3d-1h", 3 * DAY - 1 * HOUR), - GOOD ("3d -1h", 3 * DAY - HOUR), - GOOD ("3d4h5m6s", 3 * DAY + 4 * HOUR + 5 * MIN + 6), - BAD ("3d4m5h"), - GOOD ("12345s", 12345), - GOOD ("1m 12345s", MIN + 12345), - GOOD ("1m12345s", MIN + 12345), - GOOD ("3d 0m", 3 * DAY), - GOOD ("3d 0m ", 3 * DAY), - GOOD ("3d \n\t 0m ", 3 * DAY), - /* colon patterns */ - GOOD ("42-13:42:47", 42 * DAY + 13 * HOUR + 42 * MIN + 47), - BAD ("3: 4"), - BAD ("13:0003"), - GOOD ("12:34", 12 * HOUR + 34 * MIN), - GOOD ("1:02:03", 1 * HOUR + 2 * MIN + 3), - BAD ("3:-4"), - /* XX We might want to require exactly two digits after a colon? */ - GOOD ("3:4", 3 * HOUR + 4 * MIN), - /* misc */ - GOOD ("42", 42), - BAD ("1-2"), - /* Test overflow limitations */ - GOOD ("2147483647s", 2147483647), - BAD ("2147483648s"), - GOOD ("24855d", 24855 * DAY), - BAD ("24856d"), - BAD ("24855d 100000000h"), - GOOD ("24855d 3h", 24855 * DAY + 3 * HOUR), - BAD ("24855d 4h"), - GOOD ("24855d 11647s", 24855 * DAY + 11647), - BAD ("24855d 11648s"), - GOOD ("24855d 194m 7s", 24855 * DAY + 194 * MIN + 7), - BAD ("24855d 194m 8s"), - BAD ("24855d 195m"), - BAD ("24855d 19500000000m"), - GOOD ("24855d 3h 14m 7s", 24855 * DAY + 3 * HOUR + 14 * MIN + 7), - BAD ("24855d 3h 14m 8s"), - GOOD ("596523h", 596523 * HOUR), - BAD ("596524h"), - GOOD ("596523h 847s", 596523 * HOUR + 847), - BAD ("596523h 848s"), - GOOD ("596523h 14m 7s", 596523 * HOUR + 14 * MIN + 7), - BAD ("596523h 14m 8s"), - GOOD ("35791394m", 35791394 * MIN), - GOOD ("35791394m7s", 35791394 * MIN + 7), - BAD ("35791394m8s"), - /* Test underflow */ - GOOD ("-2147483647s", -2147483647), - /* This should be valid, but isn't */ - /*BAD ("-2147483648s"),*/ - GOOD ("-24855d", -24855 * DAY), - BAD ("-24856d"), - BAD ("-24855d -100000000h"), - GOOD ("-24855d -3h", -24855 * DAY - 3 * HOUR), - BAD ("-24855d -4h"), - GOOD ("-24855d -11647s", -24855 * DAY - 11647), - BAD ("-24855d -11649s"), - GOOD ("-24855d -194m -7s", -24855 * DAY - 194 * MIN - 7), - BAD ("-24855d -194m -9s"), - BAD ("-24855d -195m"), - BAD ("-24855d -19500000000m"), - GOOD ("-24855d -3h -14m -7s", -24855 * DAY - 3 * HOUR - 14 * MIN - 7), - BAD ("-24855d -3h -14m -9s"), - GOOD ("-596523h", -596523 * HOUR), - BAD ("-596524h"), - GOOD ("-596523h -847s", -596523 * HOUR - 847), - GOOD ("-596523h -848s", -596523 * HOUR - 848), - BAD ("-596523h -849s"), - GOOD ("-596523h -14m -8s", -596523 * HOUR - 14 * MIN - 8), - BAD ("-596523h -14m -9s"), - GOOD ("-35791394m", -35791394 * MIN), - GOOD ("-35791394m7s", -35791394 * MIN + 7), - BAD ("-35791394m-9s"), - + /* d-h-m-s patterns */ + GOOD ("3d", 3*DAY), + GOOD ("3h", 3*HOUR), + GOOD ("3m", 3*MIN), + GOOD ("3s", 3), + BAD ("3dd"), + GOOD ("3d4m 42s", 3 * DAY + 4 * MIN + 42), + GOOD ("3d-1h", 3 * DAY - 1 * HOUR), + GOOD ("3d -1h", 3 * DAY - HOUR), + GOOD ("3d4h5m6s", 3 * DAY + 4 * HOUR + 5 * MIN + 6), + BAD ("3d4m5h"), + GOOD ("12345s", 12345), + GOOD ("1m 12345s", MIN + 12345), + GOOD ("1m12345s", MIN + 12345), + GOOD ("3d 0m", 3 * DAY), + GOOD ("3d 0m ", 3 * DAY), + GOOD ("3d \n\t 0m ", 3 * DAY), + /* colon patterns */ + GOOD ("42-13:42:47", 42 * DAY + 13 * HOUR + 42 * MIN + 47), + BAD ("3: 4"), + BAD ("13:0003"), + GOOD ("12:34", 12 * HOUR + 34 * MIN), + GOOD ("1:02:03", 1 * HOUR + 2 * MIN + 3), + BAD ("3:-4"), + /* XX We might want to require exactly two digits after a colon? */ + GOOD ("3:4", 3 * HOUR + 4 * MIN), + /* misc */ + GOOD ("42", 42), + BAD ("1-2"), + /* Test overflow limitations */ + GOOD ("2147483647s", 2147483647), + BAD ("2147483648s"), + GOOD ("24855d", 24855 * DAY), + BAD ("24856d"), + BAD ("24855d 100000000h"), + GOOD ("24855d 3h", 24855 * DAY + 3 * HOUR), + BAD ("24855d 4h"), + GOOD ("24855d 11647s", 24855 * DAY + 11647), + BAD ("24855d 11648s"), + GOOD ("24855d 194m 7s", 24855 * DAY + 194 * MIN + 7), + BAD ("24855d 194m 8s"), + BAD ("24855d 195m"), + BAD ("24855d 19500000000m"), + GOOD ("24855d 3h 14m 7s", 24855 * DAY + 3 * HOUR + 14 * MIN + 7), + BAD ("24855d 3h 14m 8s"), + GOOD ("596523h", 596523 * HOUR), + BAD ("596524h"), + GOOD ("596523h 847s", 596523 * HOUR + 847), + BAD ("596523h 848s"), + GOOD ("596523h 14m 7s", 596523 * HOUR + 14 * MIN + 7), + BAD ("596523h 14m 8s"), + GOOD ("35791394m", 35791394 * MIN), + GOOD ("35791394m7s", 35791394 * MIN + 7), + BAD ("35791394m8s"), + /* Test underflow */ + GOOD ("-2147483647s", -2147483647), + /* This should be valid, but isn't */ + /*BAD ("-2147483648s"),*/ + GOOD ("-24855d", -24855 * DAY), + BAD ("-24856d"), + BAD ("-24855d -100000000h"), + GOOD ("-24855d -3h", -24855 * DAY - 3 * HOUR), + BAD ("-24855d -4h"), + GOOD ("-24855d -11647s", -24855 * DAY - 11647), + BAD ("-24855d -11649s"), + GOOD ("-24855d -194m -7s", -24855 * DAY - 194 * MIN - 7), + BAD ("-24855d -194m -9s"), + BAD ("-24855d -195m"), + BAD ("-24855d -19500000000m"), + GOOD ("-24855d -3h -14m -7s", -24855 * DAY - 3 * HOUR - 14 * MIN - 7), + BAD ("-24855d -3h -14m -9s"), + GOOD ("-596523h", -596523 * HOUR), + BAD ("-596524h"), + GOOD ("-596523h -847s", -596523 * HOUR - 847), + GOOD ("-596523h -848s", -596523 * HOUR - 848), + BAD ("-596523h -849s"), + GOOD ("-596523h -14m -8s", -596523 * HOUR - 14 * MIN - 8), + BAD ("-596523h -14m -9s"), + GOOD ("-35791394m", -35791394 * MIN), + GOOD ("-35791394m7s", -35791394 * MIN + 7), + BAD ("-35791394m-9s"), + }; int fail = 0; int i; for (i = 0; i < sizeof(values)/sizeof(values[0]); i++) { - krb5_deltat result; - krb5_error_code code; + krb5_deltat result; + krb5_error_code code; - code = krb5_string_to_deltat (values[i].string, &result); - if (code && !values[i].is_error) { - fprintf (stderr, "unexpected error for `%s'\n", values[i].string); - fail++; - } else if (!code && values[i].is_error) { - fprintf (stderr, "expected but didn't get error for `%s'\n", - values[i].string); - fail++; - } else if (code && values[i].is_error) { - /* do nothing */ - } else if (result != values[i].expected) { - fprintf (stderr, "got %ld instead of expected %ld for `%s'\n", - (long) result, (long) values[i].expected, - values[i].string); - fail++; - } + code = krb5_string_to_deltat (values[i].string, &result); + if (code && !values[i].is_error) { + fprintf (stderr, "unexpected error for `%s'\n", values[i].string); + fail++; + } else if (!code && values[i].is_error) { + fprintf (stderr, "expected but didn't get error for `%s'\n", + values[i].string); + fail++; + } else if (code && values[i].is_error) { + /* do nothing */ + } else if (result != values[i].expected) { + fprintf (stderr, "got %ld instead of expected %ld for `%s'\n", + (long) result, (long) values[i].expected, + values[i].string); + fail++; + } } if (fail == 0) - printf ("Passed all %d tests.\n", i); + printf ("Passed all %d tests.\n", i); else - printf ("Failed %d of %d tests.\n", fail, i); + printf ("Failed %d of %d tests.\n", fail, i); return fail; } diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c index 0d89fd0..4af7918 100644 --- a/src/lib/krb5/krb/t_etypes.c +++ b/src/lib/krb5/krb/t_etypes.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * t_etypes.c -- test program for krb5int_parse_enctype_list * @@ -201,4 +201,3 @@ main(int argc, char **argv) return 0; } - diff --git a/src/lib/krb5/krb/t_expand.c b/src/lib/krb5/krb/t_expand.c index a8b2757..b108e4b 100644 --- a/src/lib/krb5/krb/t_expand.c +++ b/src/lib/krb5/krb/t_expand.c @@ -1,2 +1,3 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #define TEST #include "chk_trans.c" diff --git a/src/lib/krb5/krb/t_kerb.c b/src/lib/krb5/krb/t_kerb.c index 8627922..4652825 100644 --- a/src/lib/krb5/krb/t_kerb.c +++ b/src/lib/krb5/krb/t_kerb.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * This driver routine is used to test many of the standard Kerberos library * routines. @@ -26,14 +27,14 @@ void usage (char *); void test_string_to_timestamp(krb5_context ctx, char *ktime) { - krb5_timestamp timestamp; - time_t t; - krb5_error_code retval; + krb5_timestamp timestamp; + time_t t; + krb5_error_code retval; retval = krb5_string_to_timestamp(ktime, ×tamp); if (retval) { - com_err("krb5_string_to_timestamp", retval, 0); - return; + com_err("krb5_string_to_timestamp", retval, 0); + return; } t = (time_t) timestamp; printf("Parsed time was %s", ctime(&t)); @@ -41,22 +42,22 @@ void test_string_to_timestamp(krb5_context ctx, char *ktime) void test_425_conv_principal(krb5_context ctx, char *name, char *inst, char *realm) { - krb5_error_code retval; - krb5_principal princ; - char *out_name; + krb5_error_code retval; + krb5_principal princ; + char *out_name; retval = krb5_425_conv_principal(ctx, name, inst, realm, &princ); if (retval) { - com_err("krb5_425_conv_principal", retval, 0); - return; + com_err("krb5_425_conv_principal", retval, 0); + return; } retval = krb5_unparse_name(ctx, princ, &out_name); if (retval) { - com_err("krb5_unparse_name", retval, 0); - return; + com_err("krb5_unparse_name", retval, 0); + return; } printf("425_converted principal(%s, %s, %s): '%s'\n", - name, inst, realm, out_name); + name, inst, realm, out_name); free(out_name); krb5_free_principal(ctx, princ); } @@ -73,98 +74,98 @@ void test_524_conv_principal(krb5_context ctx, char *name) aname[ANAME_SZ] = inst[INST_SZ] = realm[REALM_SZ] = 0; retval = krb5_parse_name(ctx, name, &princ); if (retval) { - com_err("krb5_parse_name", retval, 0); - goto fail; + com_err("krb5_parse_name", retval, 0); + goto fail; } retval = krb5_524_conv_principal(ctx, princ, aname, inst, realm); if (retval) { - com_err("krb5_524_conv_principal", retval, 0); - goto fail; + com_err("krb5_524_conv_principal", retval, 0); + goto fail; } printf("524_converted_principal(%s): '%s' '%s' '%s'\n", - name, aname, inst, realm); - fail: + name, aname, inst, realm); +fail: if (princ) - krb5_free_principal (ctx, princ); + krb5_free_principal (ctx, princ); } void test_parse_name(krb5_context ctx, const char *name) { - krb5_error_code retval; - krb5_principal princ = 0, princ2 = 0; - char *outname = 0; - - retval = krb5_parse_name(ctx, name, &princ); - if (retval) { - com_err("krb5_parse_name", retval, 0); - goto fail; - } - retval = krb5_copy_principal(ctx, princ, &princ2); - if (retval) { - com_err("krb5_copy_principal", retval, 0); - goto fail; - } - retval = krb5_unparse_name(ctx, princ2, &outname); - if (retval) { - com_err("krb5_unparse_name", retval, 0); - goto fail; - } - printf("parsed (and unparsed) principal(%s): ", name); - if (strcmp(name, outname) == 0) - printf("MATCH\n"); - else - printf("'%s'\n", outname); + krb5_error_code retval; + krb5_principal princ = 0, princ2 = 0; + char *outname = 0; + + retval = krb5_parse_name(ctx, name, &princ); + if (retval) { + com_err("krb5_parse_name", retval, 0); + goto fail; + } + retval = krb5_copy_principal(ctx, princ, &princ2); + if (retval) { + com_err("krb5_copy_principal", retval, 0); + goto fail; + } + retval = krb5_unparse_name(ctx, princ2, &outname); + if (retval) { + com_err("krb5_unparse_name", retval, 0); + goto fail; + } + printf("parsed (and unparsed) principal(%s): ", name); + if (strcmp(name, outname) == 0) + printf("MATCH\n"); + else + printf("'%s'\n", outname); fail: - if (outname) - free(outname); - if (princ) - krb5_free_principal(ctx, princ); - if (princ2) - krb5_free_principal(ctx, princ2); + if (outname) + free(outname); + if (princ) + krb5_free_principal(ctx, princ); + if (princ2) + krb5_free_principal(ctx, princ2); } void test_set_realm(krb5_context ctx, const char *name, const char *realm) { - krb5_error_code retval; - krb5_principal princ = 0; - char *outname = 0; - - retval = krb5_parse_name(ctx, name, &princ); - if (retval) { - com_err("krb5_parse_name", retval, 0); - goto fail; - } - retval = krb5_set_principal_realm(ctx, princ, realm); - if (retval) { - com_err("krb5_set_principal_realm", retval, 0); - goto fail; - } - retval = krb5_unparse_name(ctx, princ, &outname); - if (retval) { - com_err("krb5_unparse_name", retval, 0); - goto fail; - } - printf("old principal: %s, modified principal: %s\n", name, - outname); + krb5_error_code retval; + krb5_principal princ = 0; + char *outname = 0; + + retval = krb5_parse_name(ctx, name, &princ); + if (retval) { + com_err("krb5_parse_name", retval, 0); + goto fail; + } + retval = krb5_set_principal_realm(ctx, princ, realm); + if (retval) { + com_err("krb5_set_principal_realm", retval, 0); + goto fail; + } + retval = krb5_unparse_name(ctx, princ, &outname); + if (retval) { + com_err("krb5_unparse_name", retval, 0); + goto fail; + } + printf("old principal: %s, modified principal: %s\n", name, + outname); fail: - if (outname) - free(outname); - if (princ) - krb5_free_principal(ctx, princ); + if (outname) + free(outname); + if (princ) + krb5_free_principal(ctx, princ); } void usage(char *progname) { - fprintf(stderr, "%s: Usage: %s 425_conv_principal <name> <inst> <realm\n", - progname, progname); - fprintf(stderr, "\t%s 524_conv_principal <name>\n", progname); - fprintf(stderr, "\t%s parse_name <name>\n", progname); - fprintf(stderr, "\t%s set_realm <name> <realm>\n", progname); - fprintf(stderr, "\t%s string_to_timestamp <time>\n", progname); - exit(1); + fprintf(stderr, "%s: Usage: %s 425_conv_principal <name> <inst> <realm\n", + progname, progname); + fprintf(stderr, "\t%s 524_conv_principal <name>\n", progname); + fprintf(stderr, "\t%s parse_name <name>\n", progname); + fprintf(stderr, "\t%s set_realm <name> <realm>\n", progname); + fprintf(stderr, "\t%s string_to_timestamp <time>\n", progname); + exit(1); } -int +int main(int argc, char **argv) { krb5_context ctx; @@ -174,52 +175,52 @@ main(int argc, char **argv) retval = krb5_init_context(&ctx); if (retval) { - fprintf(stderr, "krb5_init_context returned error %ld\n", - (long) retval); - exit(1); + fprintf(stderr, "krb5_init_context returned error %ld\n", + (long) retval); + exit(1); } progname = argv[0]; - /* Parse arguments. */ - argc--; argv++; - while (argc) { - if (strcmp(*argv, "425_conv_principal") == 0) { - argc--; argv++; - if (!argc) usage(progname); - name = *argv; - argc--; argv++; - if (!argc) usage(progname); - inst = *argv; - argc--; argv++; - if (!argc) usage(progname); - realm = *argv; - test_425_conv_principal(ctx, name, inst, realm); - } else if (strcmp(*argv, "parse_name") == 0) { - argc--; argv++; - if (!argc) usage(progname); - name = *argv; - test_parse_name(ctx, name); - } else if (strcmp(*argv, "set_realm") == 0) { - argc--; argv++; - if (!argc) usage(progname); - name = *argv; - argc--; argv++; - if (!argc) usage(progname); - realm = *argv; - test_set_realm(ctx, name, realm); - } else if (strcmp(*argv, "string_to_timestamp") == 0) { - argc--; argv++; - if (!argc) usage(progname); - test_string_to_timestamp(ctx, *argv); - } else if (strcmp(*argv, "524_conv_principal") == 0) { - argc--; argv++; - if (!argc) usage(progname); - test_524_conv_principal(ctx, *argv); - } - else - usage(progname); - argc--; argv++; - } + /* Parse arguments. */ + argc--; argv++; + while (argc) { + if (strcmp(*argv, "425_conv_principal") == 0) { + argc--; argv++; + if (!argc) usage(progname); + name = *argv; + argc--; argv++; + if (!argc) usage(progname); + inst = *argv; + argc--; argv++; + if (!argc) usage(progname); + realm = *argv; + test_425_conv_principal(ctx, name, inst, realm); + } else if (strcmp(*argv, "parse_name") == 0) { + argc--; argv++; + if (!argc) usage(progname); + name = *argv; + test_parse_name(ctx, name); + } else if (strcmp(*argv, "set_realm") == 0) { + argc--; argv++; + if (!argc) usage(progname); + name = *argv; + argc--; argv++; + if (!argc) usage(progname); + realm = *argv; + test_set_realm(ctx, name, realm); + } else if (strcmp(*argv, "string_to_timestamp") == 0) { + argc--; argv++; + if (!argc) usage(progname); + test_string_to_timestamp(ctx, *argv); + } else if (strcmp(*argv, "524_conv_principal") == 0) { + argc--; argv++; + if (!argc) usage(progname); + test_524_conv_principal(ctx, *argv); + } + else + usage(progname); + argc--; argv++; + } krb5_free_context(ctx); diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c index 503d778..9e96b69 100644 --- a/src/lib/krb5/krb/t_pac.c +++ b/src/lib/krb5/krb/t_pac.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). @@ -40,45 +40,45 @@ */ static const unsigned char saved_pac[] = { - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00, - 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, - 0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, - 0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, - 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, - 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb, - 0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59, - 0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00, - 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00, - 0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00, - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00, - 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, - 0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, - 0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, - 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00, - 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00, - 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00, - 0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00, - 0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, - 0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc, - 0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00, - 0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00, - 0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a, - 0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe, - 0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00 + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00, + 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, + 0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, + 0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, + 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, + 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb, + 0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59, + 0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00, + 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00, + 0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00, + 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00, + 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, + 0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, + 0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, + 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00, + 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00, + 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00, + 0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00, + 0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, + 0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc, + 0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00, + 0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00, + 0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a, + 0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe, + 0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00 }; static unsigned int type_1_length = 472; @@ -145,12 +145,12 @@ main(int argc, char **argv) err(context, ret, "krb5_pac_parse"); ret = krb5_pac_verify(context, pac, authtime, p, - &member_keyblock, &kdc_keyblock); + &member_keyblock, &kdc_keyblock); if (ret) err(context, ret, "krb5_pac_verify"); ret = krb5int_pac_sign(context, pac, authtime, p, - &member_keyblock, &kdc_keyblock, &data); + &member_keyblock, &kdc_keyblock, &data); if (ret) err(context, ret, "krb5int_pac_sign"); @@ -162,7 +162,7 @@ main(int argc, char **argv) err(context, ret, "krb5_pac_parse 2"); ret = krb5_pac_verify(context, pac, authtime, p, - &member_keyblock, &kdc_keyblock); + &member_keyblock, &kdc_keyblock); if (ret) err(context, ret, "krb5_pac_verify 2"); @@ -203,23 +203,23 @@ main(int argc, char **argv) krb5_free_data_contents(context, &data); } free(list); - + ret = krb5int_pac_sign(context, pac2, authtime, p, &member_keyblock, &kdc_keyblock, &data); if (ret) err(context, ret, "krb5int_pac_sign 4"); - + krb5_pac_free(context, pac2); ret = krb5_pac_parse(context, data.data, data.length, &pac2); if (ret) err(context, ret, "krb5_pac_parse 4"); - + ret = krb5_pac_verify(context, pac2, authtime, p, &member_keyblock, &kdc_keyblock); if (ret) err(context, ret, "krb5_pac_verify 4"); - + krb5_free_data_contents(context, &data); krb5_pac_free(context, pac2); @@ -296,7 +296,7 @@ main(int argc, char **argv) err(context, ret, "krb5_pac_parse 3"); ret = krb5_pac_verify(context, pac, authtime, p, - &member_keyblock, &kdc_keyblock); + &member_keyblock, &kdc_keyblock); if (ret) err(context, ret, "krb5_pac_verify 3"); diff --git a/src/lib/krb5/krb/t_princ.c b/src/lib/krb5/krb/t_princ.c index 6883317..6664a75 100644 --- a/src/lib/krb5/krb/t_princ.c +++ b/src/lib/krb5/krb/t_princ.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). @@ -209,7 +209,7 @@ test_princ(krb5_context context) &p2); if (!ret) err(context, ret, "Should have failed to parse %s a " - "short name", princ); + "short name", princ); ret = krb5_parse_name_flags(context, princ_short, KRB5_PRINCIPAL_PARSE_NO_REALM, @@ -233,7 +233,7 @@ test_princ(krb5_context context) &p2); if (!ret) err(context, ret, "Should have failed to parse %s " - "because it lacked a realm", princ_short); + "because it lacked a realm", princ_short); ret = krb5_parse_name_flags(context, princ, KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, @@ -372,7 +372,7 @@ test_enterprise(krb5_context context) err(context, ret, "krb5_parse_name_flags"); ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_NO_REALM, - &unparsed); + &unparsed); if (ret) err(context, ret, "krb5_unparse_name"); diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index c92ce50..daad0c7 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/t_ser.c * @@ -48,26 +49,26 @@ print_erep(krb5_octet *erep, size_t elen) int i, j; for (i=0; i<elen; ) { - printf("%08d: ", i); - for (j=0; j<15; j++) { - if ((i+j) < elen) - printf("%02x ", erep[i+j]); - else - printf("-- "); - } - printf("\t"); - for (j=0; j<15; j++) { - if ((i+j) < elen) { - if (isprint(erep[i+j]) && (erep[i+j] != '\n')) - printf("%c", erep[i+j]); - else - printf("."); - } - else - printf("-"); - } - printf("\n"); - i += 15; + printf("%08d: ", i); + for (j=0; j<15; j++) { + if ((i+j) < elen) + printf("%02x ", erep[i+j]); + else + printf("-- "); + } + printf("\t"); + for (j=0; j<15; j++) { + if ((i+j) < elen) { + if (isprint(erep[i+j]) && (erep[i+j] != '\n')) + printf("%c", erep[i+j]); + else + printf("."); + } + else + printf("-"); + } + printf("\n"); + i += 15; } } @@ -77,17 +78,17 @@ print_erep(krb5_octet *erep, size_t elen) static krb5_error_code ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype) { - krb5_error_code kret; - krb5_context ser_ctx; - krb5_pointer nctx; - krb5_octet *outrep, *ibuf, *outrep2; - size_t outlen, ilen, outlen2; + krb5_error_code kret; + krb5_context ser_ctx; + krb5_pointer nctx; + krb5_octet *outrep, *ibuf, *outrep2; + size_t outlen, ilen, outlen2; /* Initialize context and initialize all Kerberos serializers */ if ((kret = krb5_init_context(&ser_ctx))) { - printf("Couldn't initialize krb5 library: %s\n", - error_message(kret)); - exit(1); + printf("Couldn't initialize krb5 library: %s\n", + error_message(kret)); + exit(1); } krb5_ser_context_init(ser_ctx); krb5_ser_auth_context_init(ser_ctx); @@ -98,96 +99,96 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype) /* Externalize the data */ kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen); if (!kret) { - if (verbose) { - printf("%s: externalized in %d bytes\n", msg, outlen); - print_erep(outrep, outlen); - } - - /* Now attempt to re-constitute it */ - ibuf = outrep; - ilen = outlen; - kret = krb5_internalize_opaque(ser_ctx, - dtype, - (krb5_pointer *) &nctx, - &ibuf, - &ilen); - if (!kret) { - if (ilen) - printf("%s: %d bytes left over after internalize\n", - msg, ilen); - /* Now attempt to re-externalize it */ - kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2); - if (!kret) { - /* Compare the results. */ - if ((outlen2 != outlen) || - memcmp(outrep, outrep2, outlen)) { - printf("%s: comparison failed\n", msg); - print_erep(outrep2, outlen2); - } - else { - if (verbose) - printf("%s: compare succeeded\n", msg); - } - free(outrep2); - } - else - printf("%s: second externalize returned %d\n", msg, kret); - - /* Free the data */ - switch (dtype) { - case KV5M_CONTEXT: - krb5_free_context((krb5_context) nctx); - break; - case KV5M_AUTH_CONTEXT: - if (nctx) { - krb5_auth_context actx; - - actx = (krb5_auth_context) nctx; - if (actx->i_vector) - free(actx->i_vector); - } - krb5_auth_con_free(ser_ctx, (krb5_auth_context) nctx); - break; - case KV5M_CCACHE: - krb5_cc_close(ser_ctx, (krb5_ccache) nctx); - break; - case KV5M_RCACHE: - krb5_rc_close(ser_ctx, (krb5_rcache) nctx); - break; - case KV5M_KEYTAB: - krb5_kt_close(ser_ctx, (krb5_keytab) nctx); - break; - case KV5M_ENCRYPT_BLOCK: - if (nctx) { - krb5_encrypt_block *eblock; - - eblock = (krb5_encrypt_block *) nctx; + if (verbose) { + printf("%s: externalized in %d bytes\n", msg, outlen); + print_erep(outrep, outlen); + } + + /* Now attempt to re-constitute it */ + ibuf = outrep; + ilen = outlen; + kret = krb5_internalize_opaque(ser_ctx, + dtype, + (krb5_pointer *) &nctx, + &ibuf, + &ilen); + if (!kret) { + if (ilen) + printf("%s: %d bytes left over after internalize\n", + msg, ilen); + /* Now attempt to re-externalize it */ + kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2); + if (!kret) { + /* Compare the results. */ + if ((outlen2 != outlen) || + memcmp(outrep, outrep2, outlen)) { + printf("%s: comparison failed\n", msg); + print_erep(outrep2, outlen2); + } + else { + if (verbose) + printf("%s: compare succeeded\n", msg); + } + free(outrep2); + } + else + printf("%s: second externalize returned %d\n", msg, kret); + + /* Free the data */ + switch (dtype) { + case KV5M_CONTEXT: + krb5_free_context((krb5_context) nctx); + break; + case KV5M_AUTH_CONTEXT: + if (nctx) { + krb5_auth_context actx; + + actx = (krb5_auth_context) nctx; + if (actx->i_vector) + free(actx->i_vector); + } + krb5_auth_con_free(ser_ctx, (krb5_auth_context) nctx); + break; + case KV5M_CCACHE: + krb5_cc_close(ser_ctx, (krb5_ccache) nctx); + break; + case KV5M_RCACHE: + krb5_rc_close(ser_ctx, (krb5_rcache) nctx); + break; + case KV5M_KEYTAB: + krb5_kt_close(ser_ctx, (krb5_keytab) nctx); + break; + case KV5M_ENCRYPT_BLOCK: + if (nctx) { + krb5_encrypt_block *eblock; + + eblock = (krb5_encrypt_block *) nctx; #if 0 - if (eblock->priv && eblock->priv_size) - free(eblock->priv); + if (eblock->priv && eblock->priv_size) + free(eblock->priv); #endif - if (eblock->key) - krb5_free_keyblock(ser_ctx, eblock->key); - free(eblock); - } - break; - case KV5M_PRINCIPAL: - krb5_free_principal(ser_ctx, (krb5_principal) nctx); - break; - case KV5M_CHECKSUM: - krb5_free_checksum(ser_ctx, (krb5_checksum *) nctx); - break; - default: - printf("don't know how to free %d\n", dtype); - break; - } - } - else - printf("%s: internalize returned %d\n", msg, kret); - free(outrep); + if (eblock->key) + krb5_free_keyblock(ser_ctx, eblock->key); + free(eblock); + } + break; + case KV5M_PRINCIPAL: + krb5_free_principal(ser_ctx, (krb5_principal) nctx); + break; + case KV5M_CHECKSUM: + krb5_free_checksum(ser_ctx, (krb5_checksum *) nctx); + break; + default: + printf("don't know how to free %d\n", dtype); + break; + } + } + else + printf("%s: internalize returned %d\n", msg, kret); + free(outrep); } else - printf("%s: externalize_data returned %d\n", msg, kret); + printf("%s: externalize_data returned %d\n", msg, kret); krb5_free_context(ser_ctx); return(kret); } @@ -198,161 +199,161 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype) static krb5_error_code ser_kcontext_test(krb5_context kcontext, int verbose) { - krb5_error_code kret; - profile_t sprofile; - char dbname[128]; + krb5_error_code kret; + profile_t sprofile; + char dbname[128]; snprintf(dbname, sizeof(dbname), "temp_%d", (int) getpid()); sprofile = kcontext->profile; kcontext->profile = (profile_t) NULL; if (!(kret = ser_data(verbose, "> Context with no profile", - (krb5_pointer) kcontext, - KV5M_CONTEXT))) { - kcontext->profile = sprofile; - if (!(kret = ser_data(verbose, "> Context with no realm", - (krb5_pointer) kcontext, - KV5M_CONTEXT)) && - !(kret = krb5_set_default_realm(kcontext, "this.is.a.test"))) { - if (!(kret = ser_data(verbose, "> Context with default realm", - (krb5_pointer) kcontext, - KV5M_CONTEXT))) { - if (verbose) - printf("* krb5_context test succeeded\n"); - } - } + (krb5_pointer) kcontext, + KV5M_CONTEXT))) { + kcontext->profile = sprofile; + if (!(kret = ser_data(verbose, "> Context with no realm", + (krb5_pointer) kcontext, + KV5M_CONTEXT)) && + !(kret = krb5_set_default_realm(kcontext, "this.is.a.test"))) { + if (!(kret = ser_data(verbose, "> Context with default realm", + (krb5_pointer) kcontext, + KV5M_CONTEXT))) { + if (verbose) + printf("* krb5_context test succeeded\n"); + } + } } if (kret) - printf("* krb5_context test failed\n"); + printf("* krb5_context test failed\n"); return(kret); } -/* +/* * Serialize krb5_auth_context. */ static krb5_error_code ser_acontext_test(krb5_context kcontext, int verbose) { - krb5_error_code kret; - krb5_auth_context actx; - krb5_address local_address; - krb5_address remote_address; - krb5_octet laddr_bytes[16]; - krb5_octet raddr_bytes[16]; - krb5_keyblock ukeyblock; - krb5_octet keydata[8]; - krb5_authenticator aent; - char clname[128]; - krb5_authdata *adatalist[3]; - krb5_authdata adataent; + krb5_error_code kret; + krb5_auth_context actx; + krb5_address local_address; + krb5_address remote_address; + krb5_octet laddr_bytes[16]; + krb5_octet raddr_bytes[16]; + krb5_keyblock ukeyblock; + krb5_octet keydata[8]; + krb5_authenticator aent; + char clname[128]; + krb5_authdata *adatalist[3]; + krb5_authdata adataent; actx = (krb5_auth_context) NULL; if (!(kret = krb5_auth_con_init(kcontext, &actx)) && - !(kret = ser_data(verbose, "> Vanilla auth context", - (krb5_pointer) actx, - KV5M_AUTH_CONTEXT))) { - memset(&local_address, 0, sizeof(local_address)); - memset(&remote_address, 0, sizeof(remote_address)); - memset(laddr_bytes, 0, sizeof(laddr_bytes)); - memset(raddr_bytes, 0, sizeof(raddr_bytes)); - local_address.addrtype = ADDRTYPE_INET; - local_address.length = sizeof(laddr_bytes); - local_address.contents = laddr_bytes; - laddr_bytes[0] = 6; - laddr_bytes[1] = 2; - laddr_bytes[2] = 69; - laddr_bytes[3] = 16; - laddr_bytes[4] = 1; - laddr_bytes[5] = 0; - laddr_bytes[6] = 0; - laddr_bytes[7] = 127; - remote_address.addrtype = ADDRTYPE_INET; - remote_address.length = sizeof(raddr_bytes); - remote_address.contents = raddr_bytes; - raddr_bytes[0] = 6; - raddr_bytes[1] = 2; - raddr_bytes[2] = 70; - raddr_bytes[3] = 16; - raddr_bytes[4] = 1; - raddr_bytes[5] = 0; - raddr_bytes[6] = 0; - raddr_bytes[7] = 127; - if (!(kret = krb5_auth_con_setaddrs(kcontext, actx, - &local_address, - &remote_address)) && - !(kret = krb5_auth_con_setports(kcontext, actx, - &local_address, - &remote_address)) && - !(kret = ser_data(verbose, "> Auth context with addrs/ports", - (krb5_pointer) actx, - KV5M_AUTH_CONTEXT))) { - memset(&ukeyblock, 0, sizeof(ukeyblock)); - memset(keydata, 0, sizeof(keydata)); - ukeyblock.enctype = ENCTYPE_DES_CBC_MD5; - ukeyblock.length = sizeof(keydata); - ukeyblock.contents = keydata; - keydata[0] = 0xde; - keydata[1] = 0xad; - keydata[2] = 0xbe; - keydata[3] = 0xef; - keydata[4] = 0xfe; - keydata[5] = 0xed; - keydata[6] = 0xf0; - keydata[7] = 0xd; - if (!(kret = krb5_auth_con_setuseruserkey(kcontext, actx, - &ukeyblock)) && - !(kret = ser_data(verbose, "> Auth context with user key", - (krb5_pointer) actx, - KV5M_AUTH_CONTEXT)) && - !(kret = krb5_auth_con_initivector(kcontext, actx)) && - !(kret = ser_data(verbose, "> Auth context with new vector", - (krb5_pointer) actx, - KV5M_AUTH_CONTEXT)) && - (free(actx->i_vector), actx->i_vector) && - !(kret = krb5_auth_con_setivector(kcontext, actx, - (krb5_pointer) print_erep) - ) && - !(kret = ser_data(verbose, "> Auth context with set vector", - (krb5_pointer) actx, - KV5M_AUTH_CONTEXT))) { - /* - * Finally, add an authenticator. - */ - memset(&aent, 0, sizeof(aent)); - aent.magic = KV5M_AUTHENTICATOR; - snprintf(clname, sizeof(clname), - "help/me/%d@this.is.a.test", (int) getpid()); - actx->authentp = &aent; - if (!(kret = krb5_parse_name(kcontext, clname, - &aent.client)) && - !(kret = ser_data(verbose, - "> Auth context with authenticator", - (krb5_pointer) actx, - KV5M_AUTH_CONTEXT))) { - adataent.magic = KV5M_AUTHDATA; - adataent.ad_type = 123; - adataent.length = 128; - adataent.contents = (krb5_octet *) stuff; - adatalist[0] = &adataent; - adatalist[1] = &adataent; - adatalist[2] = (krb5_authdata *) NULL; - aent.authorization_data = adatalist; - if (!(kret = ser_data(verbose, - "> Auth context with full auth", - (krb5_pointer) actx, - KV5M_AUTH_CONTEXT))) { - if (verbose) - printf("* krb5_auth_context test succeeded\n"); - } - krb5_free_principal(kcontext, aent.client); - } - actx->authentp = (krb5_authenticator *) NULL; - } - } + !(kret = ser_data(verbose, "> Vanilla auth context", + (krb5_pointer) actx, + KV5M_AUTH_CONTEXT))) { + memset(&local_address, 0, sizeof(local_address)); + memset(&remote_address, 0, sizeof(remote_address)); + memset(laddr_bytes, 0, sizeof(laddr_bytes)); + memset(raddr_bytes, 0, sizeof(raddr_bytes)); + local_address.addrtype = ADDRTYPE_INET; + local_address.length = sizeof(laddr_bytes); + local_address.contents = laddr_bytes; + laddr_bytes[0] = 6; + laddr_bytes[1] = 2; + laddr_bytes[2] = 69; + laddr_bytes[3] = 16; + laddr_bytes[4] = 1; + laddr_bytes[5] = 0; + laddr_bytes[6] = 0; + laddr_bytes[7] = 127; + remote_address.addrtype = ADDRTYPE_INET; + remote_address.length = sizeof(raddr_bytes); + remote_address.contents = raddr_bytes; + raddr_bytes[0] = 6; + raddr_bytes[1] = 2; + raddr_bytes[2] = 70; + raddr_bytes[3] = 16; + raddr_bytes[4] = 1; + raddr_bytes[5] = 0; + raddr_bytes[6] = 0; + raddr_bytes[7] = 127; + if (!(kret = krb5_auth_con_setaddrs(kcontext, actx, + &local_address, + &remote_address)) && + !(kret = krb5_auth_con_setports(kcontext, actx, + &local_address, + &remote_address)) && + !(kret = ser_data(verbose, "> Auth context with addrs/ports", + (krb5_pointer) actx, + KV5M_AUTH_CONTEXT))) { + memset(&ukeyblock, 0, sizeof(ukeyblock)); + memset(keydata, 0, sizeof(keydata)); + ukeyblock.enctype = ENCTYPE_DES_CBC_MD5; + ukeyblock.length = sizeof(keydata); + ukeyblock.contents = keydata; + keydata[0] = 0xde; + keydata[1] = 0xad; + keydata[2] = 0xbe; + keydata[3] = 0xef; + keydata[4] = 0xfe; + keydata[5] = 0xed; + keydata[6] = 0xf0; + keydata[7] = 0xd; + if (!(kret = krb5_auth_con_setuseruserkey(kcontext, actx, + &ukeyblock)) && + !(kret = ser_data(verbose, "> Auth context with user key", + (krb5_pointer) actx, + KV5M_AUTH_CONTEXT)) && + !(kret = krb5_auth_con_initivector(kcontext, actx)) && + !(kret = ser_data(verbose, "> Auth context with new vector", + (krb5_pointer) actx, + KV5M_AUTH_CONTEXT)) && + (free(actx->i_vector), actx->i_vector) && + !(kret = krb5_auth_con_setivector(kcontext, actx, + (krb5_pointer) print_erep) + ) && + !(kret = ser_data(verbose, "> Auth context with set vector", + (krb5_pointer) actx, + KV5M_AUTH_CONTEXT))) { + /* + * Finally, add an authenticator. + */ + memset(&aent, 0, sizeof(aent)); + aent.magic = KV5M_AUTHENTICATOR; + snprintf(clname, sizeof(clname), + "help/me/%d@this.is.a.test", (int) getpid()); + actx->authentp = &aent; + if (!(kret = krb5_parse_name(kcontext, clname, + &aent.client)) && + !(kret = ser_data(verbose, + "> Auth context with authenticator", + (krb5_pointer) actx, + KV5M_AUTH_CONTEXT))) { + adataent.magic = KV5M_AUTHDATA; + adataent.ad_type = 123; + adataent.length = 128; + adataent.contents = (krb5_octet *) stuff; + adatalist[0] = &adataent; + adatalist[1] = &adataent; + adatalist[2] = (krb5_authdata *) NULL; + aent.authorization_data = adatalist; + if (!(kret = ser_data(verbose, + "> Auth context with full auth", + (krb5_pointer) actx, + KV5M_AUTH_CONTEXT))) { + if (verbose) + printf("* krb5_auth_context test succeeded\n"); + } + krb5_free_principal(kcontext, aent.client); + } + actx->authentp = (krb5_authenticator *) NULL; + } + } } if (actx) - krb5_auth_con_free(kcontext, actx); + krb5_auth_con_free(kcontext, actx); if (kret) - printf("* krb5_auth_context test failed\n"); + printf("* krb5_auth_context test failed\n"); return(kret); } @@ -362,44 +363,44 @@ ser_acontext_test(krb5_context kcontext, int verbose) static krb5_error_code ser_ccache_test(krb5_context kcontext, int verbose) { - krb5_error_code kret; - char ccname[128]; - char princname[256]; - krb5_ccache ccache; - krb5_principal principal; + krb5_error_code kret; + char ccname[128]; + char princname[256]; + krb5_ccache ccache; + krb5_principal principal; snprintf(ccname, sizeof(ccname), "temp_cc_%d", (int) getpid()); snprintf(princname, sizeof(princname), - "zowie%d/instance%d@this.is.a.test", - (int) getpid(), (int) getpid()); + "zowie%d/instance%d@this.is.a.test", + (int) getpid(), (int) getpid()); if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) && - !(kret = ser_data(verbose, "> Resolved default ccache", - (krb5_pointer) ccache, KV5M_CCACHE)) && - !(kret = krb5_parse_name(kcontext, princname, &principal)) && - !(kret = krb5_cc_initialize(kcontext, ccache, principal)) && - !(kret = ser_data(verbose, "> Initialized default ccache", - (krb5_pointer) ccache, KV5M_CCACHE)) && - !(kret = krb5_cc_destroy(kcontext, ccache))) { - krb5_free_principal(kcontext, principal); - snprintf(ccname, sizeof(ccname), "FILE:temp_cc_%d", (int) getpid()); - snprintf(princname, sizeof(princname), "xxx%d/i%d@this.is.a.test", - (int) getpid(), (int) getpid()); - if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) && - !(kret = ser_data(verbose, "> Resolved FILE ccache", - (krb5_pointer) ccache, KV5M_CCACHE)) && - !(kret = krb5_parse_name(kcontext, princname, &principal)) && - !(kret = krb5_cc_initialize(kcontext, ccache, principal)) && - !(kret = ser_data(verbose, "> Initialized FILE ccache", - (krb5_pointer) ccache, KV5M_CCACHE)) && - !(kret = krb5_cc_destroy(kcontext, ccache))) { - krb5_free_principal(kcontext, principal); - - if (verbose) - printf("* ccache test succeeded\n"); - } + !(kret = ser_data(verbose, "> Resolved default ccache", + (krb5_pointer) ccache, KV5M_CCACHE)) && + !(kret = krb5_parse_name(kcontext, princname, &principal)) && + !(kret = krb5_cc_initialize(kcontext, ccache, principal)) && + !(kret = ser_data(verbose, "> Initialized default ccache", + (krb5_pointer) ccache, KV5M_CCACHE)) && + !(kret = krb5_cc_destroy(kcontext, ccache))) { + krb5_free_principal(kcontext, principal); + snprintf(ccname, sizeof(ccname), "FILE:temp_cc_%d", (int) getpid()); + snprintf(princname, sizeof(princname), "xxx%d/i%d@this.is.a.test", + (int) getpid(), (int) getpid()); + if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) && + !(kret = ser_data(verbose, "> Resolved FILE ccache", + (krb5_pointer) ccache, KV5M_CCACHE)) && + !(kret = krb5_parse_name(kcontext, princname, &principal)) && + !(kret = krb5_cc_initialize(kcontext, ccache, principal)) && + !(kret = ser_data(verbose, "> Initialized FILE ccache", + (krb5_pointer) ccache, KV5M_CCACHE)) && + !(kret = krb5_cc_destroy(kcontext, ccache))) { + krb5_free_principal(kcontext, principal); + + if (verbose) + printf("* ccache test succeeded\n"); + } } if (kret) - printf("* krb5_ccache test failed\n"); + printf("* krb5_ccache test failed\n"); return(kret); } @@ -409,33 +410,33 @@ ser_ccache_test(krb5_context kcontext, int verbose) static krb5_error_code ser_keytab_test(krb5_context kcontext, int verbose) { - krb5_error_code kret; - char ccname[128]; - krb5_keytab keytab; + krb5_error_code kret; + char ccname[128]; + krb5_keytab keytab; snprintf(ccname, sizeof(ccname), "temp_kt_%d", (int) getpid()); if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && - !(kret = ser_data(verbose, "> Resolved default keytab", - (krb5_pointer) keytab, KV5M_KEYTAB)) && - !(kret = krb5_kt_close(kcontext, keytab))) { - snprintf(ccname, sizeof(ccname), "FILE:temp_kt_%d", (int) getpid()); - if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && - !(kret = ser_data(verbose, "> Resolved FILE keytab", - (krb5_pointer) keytab, KV5M_KEYTAB)) && - !(kret = krb5_kt_close(kcontext, keytab))) { - snprintf(ccname, sizeof(ccname), - "WRFILE:temp_kt_%d", (int) getpid()); - if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && - !(kret = ser_data(verbose, "> Resolved WRFILE keytab", - (krb5_pointer) keytab, KV5M_KEYTAB)) && - !(kret = krb5_kt_close(kcontext, keytab))) { - if (verbose) - printf("* keytab test succeeded\n"); - } - } + !(kret = ser_data(verbose, "> Resolved default keytab", + (krb5_pointer) keytab, KV5M_KEYTAB)) && + !(kret = krb5_kt_close(kcontext, keytab))) { + snprintf(ccname, sizeof(ccname), "FILE:temp_kt_%d", (int) getpid()); + if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && + !(kret = ser_data(verbose, "> Resolved FILE keytab", + (krb5_pointer) keytab, KV5M_KEYTAB)) && + !(kret = krb5_kt_close(kcontext, keytab))) { + snprintf(ccname, sizeof(ccname), + "WRFILE:temp_kt_%d", (int) getpid()); + if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && + !(kret = ser_data(verbose, "> Resolved WRFILE keytab", + (krb5_pointer) keytab, KV5M_KEYTAB)) && + !(kret = krb5_kt_close(kcontext, keytab))) { + if (verbose) + printf("* keytab test succeeded\n"); + } + } } if (kret) - printf("* krb5_keytab test failed\n"); + printf("* krb5_keytab test failed\n"); return(kret); } @@ -445,23 +446,23 @@ ser_keytab_test(krb5_context kcontext, int verbose) static krb5_error_code ser_rcache_test(krb5_context kcontext, int verbose) { - krb5_error_code kret; - char rcname[128]; - krb5_rcache rcache; + krb5_error_code kret; + char rcname[128]; + krb5_rcache rcache; snprintf(rcname, sizeof(rcname), "dfl:temp_rc_%d", (int) getpid()); if (!(kret = krb5_rc_resolve_full(kcontext, &rcache, rcname)) && - !(kret = ser_data(verbose, "> Resolved FILE rcache", - (krb5_pointer) rcache, KV5M_RCACHE)) && - !(kret = krb5_rc_initialize(kcontext, rcache, 3600*24)) && - !(kret = ser_data(verbose, "> Initialized FILE rcache", - (krb5_pointer) rcache, KV5M_RCACHE)) && - !(kret = krb5_rc_destroy(kcontext, rcache))) { - if (verbose) - printf("* rcache test succeeded\n"); + !(kret = ser_data(verbose, "> Resolved FILE rcache", + (krb5_pointer) rcache, KV5M_RCACHE)) && + !(kret = krb5_rc_initialize(kcontext, rcache, 3600*24)) && + !(kret = ser_data(verbose, "> Initialized FILE rcache", + (krb5_pointer) rcache, KV5M_RCACHE)) && + !(kret = krb5_rc_destroy(kcontext, rcache))) { + if (verbose) + printf("* rcache test succeeded\n"); } if (kret) - printf("* krb5_rcache test failed\n"); + printf("* krb5_rcache test failed\n"); return(kret); } @@ -471,50 +472,50 @@ ser_rcache_test(krb5_context kcontext, int verbose) */ static krb5_error_code ser_eblock_test(kcontext, verbose) - krb5_context kcontext; - int verbose; + krb5_context kcontext; + int verbose; { - krb5_error_code kret; - krb5_encrypt_block eblock; - krb5_keyblock ukeyblock; - krb5_octet keydata[8]; + krb5_error_code kret; + krb5_encrypt_block eblock; + krb5_keyblock ukeyblock; + krb5_octet keydata[8]; memset(&eblock, 0, sizeof(krb5_encrypt_block)); eblock.magic = KV5M_ENCRYPT_BLOCK; krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE); if (!(kret = ser_data(verbose, "> NULL eblock", - (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) { + (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) { #if 0 - eblock.priv = (krb5_pointer) stuff; - eblock.priv_size = 8; + eblock.priv = (krb5_pointer) stuff; + eblock.priv_size = 8; #endif - if (!(kret = ser_data(verbose, "> eblock with private data", - (krb5_pointer) &eblock, - KV5M_ENCRYPT_BLOCK))) { - memset(&ukeyblock, 0, sizeof(ukeyblock)); - memset(keydata, 0, sizeof(keydata)); - ukeyblock.enctype = ENCTYPE_DES_CBC_MD5; - ukeyblock.length = sizeof(keydata); - ukeyblock.contents = keydata; - keydata[0] = 0xde; - keydata[1] = 0xad; - keydata[2] = 0xbe; - keydata[3] = 0xef; - keydata[4] = 0xfe; - keydata[5] = 0xed; - keydata[6] = 0xf0; - keydata[7] = 0xd; - eblock.key = &ukeyblock; - if (!(kret = ser_data(verbose, "> eblock with private key", - (krb5_pointer) &eblock, - KV5M_ENCRYPT_BLOCK))) { - if (verbose) - printf("* eblock test succeeded\n"); - } - } + if (!(kret = ser_data(verbose, "> eblock with private data", + (krb5_pointer) &eblock, + KV5M_ENCRYPT_BLOCK))) { + memset(&ukeyblock, 0, sizeof(ukeyblock)); + memset(keydata, 0, sizeof(keydata)); + ukeyblock.enctype = ENCTYPE_DES_CBC_MD5; + ukeyblock.length = sizeof(keydata); + ukeyblock.contents = keydata; + keydata[0] = 0xde; + keydata[1] = 0xad; + keydata[2] = 0xbe; + keydata[3] = 0xef; + keydata[4] = 0xfe; + keydata[5] = 0xed; + keydata[6] = 0xf0; + keydata[7] = 0xd; + eblock.key = &ukeyblock; + if (!(kret = ser_data(verbose, "> eblock with private key", + (krb5_pointer) &eblock, + KV5M_ENCRYPT_BLOCK))) { + if (verbose) + printf("* eblock test succeeded\n"); + } + } } if (kret) - printf("* eblock test failed\n"); + printf("* eblock test failed\n"); return(kret); } #endif @@ -525,23 +526,23 @@ ser_eblock_test(kcontext, verbose) static krb5_error_code ser_princ_test(krb5_context kcontext, int verbose) { - krb5_error_code kret; - krb5_principal princ; - char pname[1024]; + krb5_error_code kret; + krb5_principal princ; + char pname[1024]; snprintf(pname, sizeof(pname), - "the/quick/brown/fox/jumped/over/the/lazy/dog/%d@this.is.a.test", - (int) getpid()); + "the/quick/brown/fox/jumped/over/the/lazy/dog/%d@this.is.a.test", + (int) getpid()); if (!(kret = krb5_parse_name(kcontext, pname, &princ))) { - if (!(kret = ser_data(verbose, "> Principal", - (krb5_pointer) princ, KV5M_PRINCIPAL))) { - if (verbose) - printf("* principal test succeeded\n"); - } - krb5_free_principal(kcontext, princ); + if (!(kret = ser_data(verbose, "> Principal", + (krb5_pointer) princ, KV5M_PRINCIPAL))) { + if (verbose) + printf("* principal test succeeded\n"); + } + krb5_free_principal(kcontext, princ); } if (kret) - printf("* principal test failed\n"); + printf("* principal test failed\n"); return(kret); } @@ -551,26 +552,26 @@ ser_princ_test(krb5_context kcontext, int verbose) static krb5_error_code ser_cksum_test(krb5_context kcontext, int verbose) { - krb5_error_code kret; - krb5_checksum checksum; - krb5_octet ckdata[24]; + krb5_error_code kret; + krb5_checksum checksum; + krb5_octet ckdata[24]; memset(&checksum, 0, sizeof(krb5_checksum)); checksum.magic = KV5M_CHECKSUM; if (!(kret = ser_data(verbose, "> NULL checksum", - (krb5_pointer) &checksum, KV5M_CHECKSUM))) { - checksum.checksum_type = 123; - checksum.length = sizeof(ckdata); - checksum.contents = ckdata; - memcpy(ckdata, &stuff, sizeof(ckdata)); - if (!(kret = ser_data(verbose, "> checksum with data", - (krb5_pointer) &checksum, KV5M_CHECKSUM))) { - if (verbose) - printf("* checksum test succeeded\n"); - } + (krb5_pointer) &checksum, KV5M_CHECKSUM))) { + checksum.checksum_type = 123; + checksum.length = sizeof(ckdata); + checksum.contents = ckdata; + memcpy(ckdata, &stuff, sizeof(ckdata)); + if (!(kret = ser_data(verbose, "> checksum with data", + (krb5_pointer) &checksum, KV5M_CHECKSUM))) { + if (verbose) + printf("* checksum test succeeded\n"); + } } if (kret) - printf("* checksum test failed\n"); + printf("* checksum test failed\n"); return(kret); } @@ -580,14 +581,14 @@ ser_cksum_test(krb5_context kcontext, int verbose) int main(int argc, char **argv) { - krb5_error_code kret; - krb5_context kcontext; - int do_atest, do_ctest, do_ktest, do_rtest, do_xtest; - int do_etest, do_ptest, do_stest; - int verbose; - int option; - extern char *optarg; - char ch_err; + krb5_error_code kret; + krb5_context kcontext; + int do_atest, do_ctest, do_ktest, do_rtest, do_xtest; + int do_etest, do_ptest, do_stest; + int verbose; + int option; + extern char *optarg; + char ch_err; kret = 0; verbose = 0; @@ -600,125 +601,125 @@ main(int argc, char **argv) do_rtest = 1; do_stest = 1; while ((option = getopt(argc, argv, "acekprsxvACEKPRSX")) != -1) { - switch (option) { - case 'a': - do_atest = 0; - break; - case 'c': - do_ctest = 0; - break; - case 'e': - do_etest = 0; - break; - case 'k': - do_ktest = 0; - break; - case 'p': - do_ptest = 0; - break; - case 'r': - do_rtest = 0; - break; - case 's': - do_stest = 0; - break; - case 'x': - do_xtest = 0; - break; - case 'v': - verbose = 1; - break; - case 'A': - do_atest = 1; - break; - case 'C': - do_ctest = 1; - break; + switch (option) { + case 'a': + do_atest = 0; + break; + case 'c': + do_ctest = 0; + break; + case 'e': + do_etest = 0; + break; + case 'k': + do_ktest = 0; + break; + case 'p': + do_ptest = 0; + break; + case 'r': + do_rtest = 0; + break; + case 's': + do_stest = 0; + break; + case 'x': + do_xtest = 0; + break; + case 'v': + verbose = 1; + break; + case 'A': + do_atest = 1; + break; + case 'C': + do_ctest = 1; + break; #if 0 - case 'E': - do_etest = 1; - break; + case 'E': + do_etest = 1; + break; #endif - case 'K': - do_ktest = 1; - break; - case 'P': - do_ptest = 1; - break; - case 'R': - do_rtest = 1; - break; - case 'S': - do_stest = 1; - break; - case 'X': - do_xtest = 1; - break; - default: - fprintf(stderr, - "%s: usage is %s [-acekprsxvACEKPRSX]\n", - argv[0], argv[0]); - exit(1); - break; - } + case 'K': + do_ktest = 1; + break; + case 'P': + do_ptest = 1; + break; + case 'R': + do_rtest = 1; + break; + case 'S': + do_stest = 1; + break; + case 'X': + do_xtest = 1; + break; + default: + fprintf(stderr, + "%s: usage is %s [-acekprsxvACEKPRSX]\n", + argv[0], argv[0]); + exit(1); + break; + } } if ((kret = krb5_init_context(&kcontext))) { - com_err(argv[0], kret, "while initializing krb5"); - exit(1); + com_err(argv[0], kret, "while initializing krb5"); + exit(1); } - + if (do_xtest) { - ch_err = 'x'; - kret = ser_kcontext_test(kcontext, verbose); - if (kret) - goto fail; + ch_err = 'x'; + kret = ser_kcontext_test(kcontext, verbose); + if (kret) + goto fail; } if (do_atest) { - ch_err = 'a'; - kret = ser_acontext_test(kcontext, verbose); - if (kret) - goto fail; + ch_err = 'a'; + kret = ser_acontext_test(kcontext, verbose); + if (kret) + goto fail; } if (do_ctest) { - ch_err = 'c'; - kret = ser_ccache_test(kcontext, verbose); - if (kret) - goto fail; + ch_err = 'c'; + kret = ser_ccache_test(kcontext, verbose); + if (kret) + goto fail; } if (do_ktest) { - ch_err = 'k'; - kret = ser_keytab_test(kcontext, verbose); - if (kret) - goto fail; + ch_err = 'k'; + kret = ser_keytab_test(kcontext, verbose); + if (kret) + goto fail; } if (do_rtest) { - ch_err = 'r'; - kret = ser_rcache_test(kcontext, verbose); - if (kret) - goto fail; + ch_err = 'r'; + kret = ser_rcache_test(kcontext, verbose); + if (kret) + goto fail; } #if 0 /* code to be tested is currently disabled */ if (do_etest) { - ch_err = 'e'; - kret = ser_eblock_test(kcontext, verbose); - if (kret) - goto fail; + ch_err = 'e'; + kret = ser_eblock_test(kcontext, verbose); + if (kret) + goto fail; } #endif if (do_ptest) { - ch_err = 'p'; - kret = ser_princ_test(kcontext, verbose); - if (kret) - goto fail; + ch_err = 'p'; + kret = ser_princ_test(kcontext, verbose); + if (kret) + goto fail; } if (do_stest) { - ch_err = 's'; - kret = ser_cksum_test(kcontext, verbose); - if (kret) - goto fail; + ch_err = 's'; + kret = ser_cksum_test(kcontext, verbose); + if (kret) + goto fail; } krb5_free_context(kcontext); - + exit(0); fail: com_err(argv[0], kret, "--- test %cfailed", ch_err); diff --git a/src/lib/krb5/krb/t_walk_rtree.c b/src/lib/krb5/krb/t_walk_rtree.c index 4661186..09e71af 100644 --- a/src/lib/krb5/krb/t_walk_rtree.c +++ b/src/lib/krb5/krb/t_walk_rtree.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * t_walk_rtree.c --- test krb5_walk_realm_tree */ @@ -9,50 +10,49 @@ int main(int argc, char **argv) { - krb5_data client, server; - char realm_branch_char = '.'; - krb5_principal *tree, *p; - char *name; - krb5_error_code retval; - krb5_context context; - - krb5_init_context(&context); - - if (argc < 3 || argc > 4) { - fprintf(stderr, - "Usage: %s client-realm server-realm [sep_char]\n", - argv[0]); - exit(99); - } - client.data = argv[1]; - client.length = strlen(client.data); - - server.data = argv[2]; - server.length = strlen(server.data); - - if (argc == 4) - realm_branch_char = argv[3][0]; - - retval = krb5_walk_realm_tree(context, &client, &server, &tree, - realm_branch_char); - if (retval) { - com_err("krb5_walk_realm_tree", retval, " "); - exit(1); - } - - for (p = tree; *p; p++) { - retval = krb5_unparse_name(context, *p, &name); - if (retval) { - com_err("krb5_unprase_name", retval, " "); - exit(2); - } - printf("%s\n", name); - free(name); - } - - krb5_free_realm_tree(context, tree); - krb5_free_context(context); - - exit(0); + krb5_data client, server; + char realm_branch_char = '.'; + krb5_principal *tree, *p; + char *name; + krb5_error_code retval; + krb5_context context; + + krb5_init_context(&context); + + if (argc < 3 || argc > 4) { + fprintf(stderr, + "Usage: %s client-realm server-realm [sep_char]\n", + argv[0]); + exit(99); + } + client.data = argv[1]; + client.length = strlen(client.data); + + server.data = argv[2]; + server.length = strlen(server.data); + + if (argc == 4) + realm_branch_char = argv[3][0]; + + retval = krb5_walk_realm_tree(context, &client, &server, &tree, + realm_branch_char); + if (retval) { + com_err("krb5_walk_realm_tree", retval, " "); + exit(1); + } + + for (p = tree; *p; p++) { + retval = krb5_unparse_name(context, *p, &name); + if (retval) { + com_err("krb5_unprase_name", retval, " "); + exit(2); + } + printf("%s\n", name); + free(name); + } + + krb5_free_realm_tree(context, tree); + krb5_free_context(context); + + exit(0); } - diff --git a/src/lib/krb5/krb/tgtname.c b/src/lib/krb5/krb/tgtname.c index 4ca2416..cfd01cb 100644 --- a/src/lib/krb5/krb/tgtname.c +++ b/src/lib/krb5/krb/tgtname.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/tgtname.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_tgtname() */ @@ -36,7 +37,7 @@ krb5_error_code krb5_tgtname(krb5_context context, const krb5_data *server, const krb5_data *client, krb5_principal *tgtprinc) { return krb5_build_principal_ext(context, tgtprinc, client->length, client->data, - KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, - server->length, server->data, - 0); + KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, + server->length, server->data, + 0); } diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index ec0976f..cb36242 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/unparse.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_unparse_name() routine * @@ -37,8 +38,8 @@ /* * converts the multi-part principal format used in the protocols to a - * single-string representation of the name. - * + * single-string representation of the name. + * * The name returned is in allocated storage and should be freed by * the caller when finished. * @@ -48,14 +49,14 @@ * backslash encoding. ("\/", "\@", or '\0', respectively) * * returns error - * KRB_PARSE_MALFORMED principal is invalid (does not contain - * at least 2 components) + * KRB_PARSE_MALFORMED principal is invalid (does not contain + * at least 2 components) * also returns system errors - * ENOMEM unable to allocate memory for string + * ENOMEM unable to allocate memory for string */ -#define REALM_SEP '@' -#define COMPONENT_SEP '/' +#define REALM_SEP '@' +#define COMPONENT_SEP '/' static int component_length_quoted(const krb5_data *src, int flags) @@ -66,15 +67,15 @@ component_length_quoted(const krb5_data *src, int flags) int size = length; if ((flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) == 0) { - int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && - !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); - - for (j = 0; j < length; j++,cp++) - if ((!no_realm && *cp == REALM_SEP) || - *cp == COMPONENT_SEP || - *cp == '\0' || *cp == '\\' || *cp == '\t' || - *cp == '\n' || *cp == '\b') - size++; + int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && + !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); + + for (j = 0; j < length; j++,cp++) + if ((!no_realm && *cp == REALM_SEP) || + *cp == COMPONENT_SEP || + *cp == '\0' || *cp == '\\' || *cp == '\t' || + *cp == '\n' || *cp == '\b') + size++; } return size; @@ -89,181 +90,180 @@ copy_component_quoting(char *dest, const krb5_data *src, int flags) int length = src->length; if (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) { - memcpy(dest, src->data, src->length); - return src->length; + memcpy(dest, src->data, src->length); + return src->length; } for (j=0; j < length; j++,cp++) { - int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && - !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); - - switch (*cp) { - case REALM_SEP: - if (no_realm) { - *q++ = *cp; - break; - } - case COMPONENT_SEP: - case '\\': - *q++ = '\\'; - *q++ = *cp; - break; - case '\t': - *q++ = '\\'; - *q++ = 't'; - break; - case '\n': - *q++ = '\\'; - *q++ = 'n'; - break; - case '\b': - *q++ = '\\'; - *q++ = 'b'; - break; + int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && + !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); + + switch (*cp) { + case REALM_SEP: + if (no_realm) { + *q++ = *cp; + break; + } + case COMPONENT_SEP: + case '\\': + *q++ = '\\'; + *q++ = *cp; + break; + case '\t': + *q++ = '\\'; + *q++ = 't'; + break; + case '\n': + *q++ = '\\'; + *q++ = 'n'; + break; + case '\b': + *q++ = '\\'; + *q++ = 'b'; + break; #if 0 - /* Heimdal escapes spaces in principal names upon unparsing */ - case ' ': - *q++ = '\\'; - *q++ = ' '; - break; + /* Heimdal escapes spaces in principal names upon unparsing */ + case ' ': + *q++ = '\\'; + *q++ = ' '; + break; #endif - case '\0': - *q++ = '\\'; - *q++ = '0'; - break; - default: - *q++ = *cp; - } + case '\0': + *q++ = '\\'; + *q++ = '0'; + break; + default: + *q++ = *cp; + } } return q - dest; } static krb5_error_code k5_unparse_name(krb5_context context, krb5_const_principal principal, - int flags, char **name, unsigned int *size) + int flags, char **name, unsigned int *size) { - char *cp, *q; - int i; - int length; - krb5_int32 nelem; - unsigned int totalsize = 0; - char *default_realm = NULL; - krb5_error_code ret = 0; - - if (!principal || !name) - return KRB5_PARSE_MALFORMED; - - if (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) { - /* omit realm if local realm */ - krb5_principal_data p; - - ret = krb5_get_default_realm(context, &default_realm); - if (ret != 0) - goto cleanup; - - krb5_princ_realm(context, &p)->length = strlen(default_realm); - krb5_princ_realm(context, &p)->data = default_realm; - - if (krb5_realm_compare(context, &p, principal)) - flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM; - } - - if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { - totalsize += component_length_quoted(krb5_princ_realm(context, - principal), - flags); - totalsize++; /* This is for the separator */ - } - - nelem = krb5_princ_size(context, principal); - for (i = 0; i < (int) nelem; i++) { - cp = krb5_princ_component(context, principal, i)->data; - totalsize += component_length_quoted(krb5_princ_component(context, principal, i), flags); - totalsize++; /* This is for the separator */ - } - if (nelem == 0) - totalsize++; - - /* - * Allocate space for the ascii string; if space has been - * provided, use it, realloc'ing it if necessary. - * - * We need only n-1 seperators for n components, but we need - * an extra byte for the NUL at the end. - */ - if (size) { - if (*name && (*size < totalsize)) { - *name = realloc(*name, totalsize); - } else { - *name = malloc(totalsize); - } - *size = totalsize; + char *cp, *q; + int i; + int length; + krb5_int32 nelem; + unsigned int totalsize = 0; + char *default_realm = NULL; + krb5_error_code ret = 0; + + if (!principal || !name) + return KRB5_PARSE_MALFORMED; + + if (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) { + /* omit realm if local realm */ + krb5_principal_data p; + + ret = krb5_get_default_realm(context, &default_realm); + if (ret != 0) + goto cleanup; + + krb5_princ_realm(context, &p)->length = strlen(default_realm); + krb5_princ_realm(context, &p)->data = default_realm; + + if (krb5_realm_compare(context, &p, principal)) + flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM; + } + + if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { + totalsize += component_length_quoted(krb5_princ_realm(context, + principal), + flags); + totalsize++; /* This is for the separator */ + } + + nelem = krb5_princ_size(context, principal); + for (i = 0; i < (int) nelem; i++) { + cp = krb5_princ_component(context, principal, i)->data; + totalsize += component_length_quoted(krb5_princ_component(context, principal, i), flags); + totalsize++; /* This is for the separator */ + } + if (nelem == 0) + totalsize++; + + /* + * Allocate space for the ascii string; if space has been + * provided, use it, realloc'ing it if necessary. + * + * We need only n-1 seperators for n components, but we need + * an extra byte for the NUL at the end. + */ + if (size) { + if (*name && (*size < totalsize)) { + *name = realloc(*name, totalsize); } else { *name = malloc(totalsize); } + *size = totalsize; + } else { + *name = malloc(totalsize); + } - if (!*name) { - ret = ENOMEM; - goto cleanup; - } - - q = *name; - - for (i = 0; i < (int) nelem; i++) { - cp = krb5_princ_component(context, principal, i)->data; - length = krb5_princ_component(context, principal, i)->length; - q += copy_component_quoting(q, - krb5_princ_component(context, - principal, - i), - flags); - *q++ = COMPONENT_SEP; - } - - if (i > 0) - q--; /* Back up last component separator */ - if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { - *q++ = REALM_SEP; - q += copy_component_quoting(q, krb5_princ_realm(context, principal), flags); - } - *q++ = '\0'; + if (!*name) { + ret = ENOMEM; + goto cleanup; + } + + q = *name; + + for (i = 0; i < (int) nelem; i++) { + cp = krb5_princ_component(context, principal, i)->data; + length = krb5_princ_component(context, principal, i)->length; + q += copy_component_quoting(q, + krb5_princ_component(context, + principal, + i), + flags); + *q++ = COMPONENT_SEP; + } + + if (i > 0) + q--; /* Back up last component separator */ + if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { + *q++ = REALM_SEP; + q += copy_component_quoting(q, krb5_princ_realm(context, principal), flags); + } + *q++ = '\0'; cleanup: - if (default_realm != NULL) - krb5_free_default_realm(context, default_realm); + if (default_realm != NULL) + krb5_free_default_realm(context, default_realm); - return ret; + return ret; } krb5_error_code KRB5_CALLCONV krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char **name) { if (name != NULL) /* name == NULL will return error from _ext */ - *name = NULL; + *name = NULL; return k5_unparse_name(context, principal, 0, name, NULL); } krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, - char **name, unsigned int *size) + char **name, unsigned int *size) { return k5_unparse_name(context, principal, 0, name, size); } krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, - int flags, char **name) + int flags, char **name) { if (name != NULL) - *name = NULL; + *name = NULL; return k5_unparse_name(context, principal, flags, name, NULL); } krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags_ext(krb5_context context, krb5_const_principal principal, - int flags, char **name, unsigned int *size) + int flags, char **name, unsigned int *size) { return k5_unparse_name(context, principal, flags, name, size); } - diff --git a/src/lib/krb5/krb/valid_times.c b/src/lib/krb5/krb/valid_times.c index febbc36..72304ef 100644 --- a/src/lib/krb5/krb/valid_times.c +++ b/src/lib/krb5/krb/valid_times.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/valid_times.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_validate_times() */ @@ -37,26 +38,23 @@ krb5_error_code krb5_validate_times(krb5_context context, krb5_ticket_times *times) { - krb5_timestamp currenttime, starttime; - krb5_error_code retval; + krb5_timestamp currenttime, starttime; + krb5_error_code retval; - if ((retval = krb5_timeofday(context, ¤ttime))) - return retval; + if ((retval = krb5_timeofday(context, ¤ttime))) + return retval; - /* if starttime is not in ticket, then treat it as authtime */ - if (times->starttime != 0) - starttime = times->starttime; - else - starttime = times->authtime; + /* if starttime is not in ticket, then treat it as authtime */ + if (times->starttime != 0) + starttime = times->starttime; + else + starttime = times->authtime; - if (starttime - currenttime > context->clockskew) - return KRB5KRB_AP_ERR_TKT_NYV; /* ticket not yet valid */ + if (starttime - currenttime > context->clockskew) + return KRB5KRB_AP_ERR_TKT_NYV; /* ticket not yet valid */ - if ((currenttime - times->endtime) > context->clockskew) - return KRB5KRB_AP_ERR_TKT_EXPIRED; /* ticket expired */ + if ((currenttime - times->endtime) > context->clockskew) + return KRB5KRB_AP_ERR_TKT_EXPIRED; /* ticket expired */ - return 0; + return 0; } - - - diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c index 6f53f57..2b9beeb 100644 --- a/src/lib/krb5/krb/vfy_increds.c +++ b/src/lib/krb5/krb/vfy_increds.c @@ -1,232 +1,233 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" #include "int-proto.h" static krb5_error_code krb5_cc_copy_creds_except(krb5_context context, krb5_ccache incc, krb5_ccache outcc, krb5_principal princ) { - krb5_error_code code; - krb5_flags flags; - krb5_cc_cursor cur; - krb5_creds creds; + krb5_error_code code; + krb5_flags flags; + krb5_cc_cursor cur; + krb5_creds creds; - flags = 0; /* turns off OPENCLOSE mode */ - if ((code = krb5_cc_set_flags(context, incc, flags))) - return(code); - if ((code = krb5_cc_set_flags(context, outcc, flags))) - return(code); + flags = 0; /* turns off OPENCLOSE mode */ + if ((code = krb5_cc_set_flags(context, incc, flags))) + return(code); + if ((code = krb5_cc_set_flags(context, outcc, flags))) + return(code); - if ((code = krb5_cc_start_seq_get(context, incc, &cur))) - goto cleanup; + if ((code = krb5_cc_start_seq_get(context, incc, &cur))) + goto cleanup; - while (!(code = krb5_cc_next_cred(context, incc, &cur, &creds))) { - if (krb5_principal_compare(context, princ, creds.server)) - continue; + while (!(code = krb5_cc_next_cred(context, incc, &cur, &creds))) { + if (krb5_principal_compare(context, princ, creds.server)) + continue; - code = krb5_cc_store_cred(context, outcc, &creds); - krb5_free_cred_contents(context, &creds); - if (code) - goto cleanup; - } + code = krb5_cc_store_cred(context, outcc, &creds); + krb5_free_cred_contents(context, &creds); + if (code) + goto cleanup; + } - if (code != KRB5_CC_END) - goto cleanup; + if (code != KRB5_CC_END) + goto cleanup; - code = 0; + code = 0; cleanup: - flags = KRB5_TC_OPENCLOSE; + flags = KRB5_TC_OPENCLOSE; - if (code) - krb5_cc_set_flags(context, incc, flags); - else - code = krb5_cc_set_flags(context, incc, flags); + if (code) + krb5_cc_set_flags(context, incc, flags); + else + code = krb5_cc_set_flags(context, incc, flags); - if (code) - krb5_cc_set_flags(context, outcc, flags); - else - code = krb5_cc_set_flags(context, outcc, flags); + if (code) + krb5_cc_set_flags(context, outcc, flags); + else + code = krb5_cc_set_flags(context, outcc, flags); - return(code); + return(code); } krb5_error_code KRB5_CALLCONV krb5_verify_init_creds(krb5_context context, - krb5_creds *creds, - krb5_principal server_arg, - krb5_keytab keytab_arg, - krb5_ccache *ccache_arg, - krb5_verify_init_creds_opt *options) + krb5_creds *creds, + krb5_principal server_arg, + krb5_keytab keytab_arg, + krb5_ccache *ccache_arg, + krb5_verify_init_creds_opt *options) { - krb5_error_code ret; - krb5_principal server; - krb5_keytab keytab; - krb5_ccache ccache; - krb5_keytab_entry kte; - krb5_creds in_creds, *out_creds; - krb5_auth_context authcon; - krb5_data ap_req; - - /* KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN */ - - server = NULL; - keytab = NULL; - ccache = NULL; - out_creds = NULL; - authcon = NULL; - ap_req.data = NULL; - - if (server_arg) { - ret = krb5_copy_principal(context, server_arg, &server); - if (ret) - goto cleanup; - } else { - if ((ret = krb5_sname_to_principal(context, NULL, NULL, - KRB5_NT_SRV_HST, &server))) - goto cleanup; - } - - /* first, check if the server is in the keytab. If not, there's - no reason to continue. rd_req does all this, but there's - no way to know that a given error is caused by a missing - keytab or key, and not by some other problem. */ - - if (keytab_arg) { - keytab = keytab_arg; - } else { - if ((ret = krb5_kt_default(context, &keytab))) - goto cleanup; - } - if (krb5_is_referral_realm(&server->realm)) { - krb5_free_data_contents(context, &server->realm); - ret = krb5_get_default_realm(context, &server->realm.data); - if (ret) goto cleanup; - server->realm.length = strlen(server->realm.data); - } - - if ((ret = krb5_kt_get_entry(context, keytab, server, 0, 0, &kte))) { - /* this means there is no keying material. This is ok, as long as - it is not prohibited by the configuration */ - - int nofail; - - if (options && - (options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL)) { - if (options->ap_req_nofail) - goto cleanup; - } else if (krb5_libdefault_boolean(context, - &creds->client->realm, - KRB5_CONF_VERIFY_AP_REQ_NOFAIL, - &nofail) - == 0) { - if (nofail) - goto cleanup; - } - - ret = 0; - goto cleanup; - } - - krb5_kt_free_entry(context, &kte); - - /* If the creds are for the server principal, we're set, just do - a mk_req. Otherwise, do a get_credentials first. */ - - if (krb5_principal_compare(context, server, creds->server)) { - /* make an ap_req */ - if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, creds, - &ap_req))) - goto cleanup; - } else { - /* this is unclean, but it's the easiest way without ripping the - library into very small pieces. store the client's initial cred - in a memory ccache, then call the library. Later, we'll copy - everything except the initial cred into the ccache we return to - the user. A clean implementation would involve library - internals with a coherent idea of "in" and "out". */ - - /* insert the initial cred into the ccache */ - - if ((ret = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache))) { - ccache = NULL; - goto cleanup; - } - - if ((ret = krb5_cc_initialize(context, ccache, creds->client))) - goto cleanup; - - if ((ret = krb5_cc_store_cred(context, ccache, creds))) - goto cleanup; - - /* set up for get_creds */ - memset(&in_creds, 0, sizeof(in_creds)); - in_creds.client = creds->client; - in_creds.server = server; - if ((ret = krb5_timeofday(context, &in_creds.times.endtime))) - goto cleanup; - in_creds.times.endtime += 5*60; - - if ((ret = krb5_get_credentials(context, 0, ccache, &in_creds, - &out_creds))) - goto cleanup; - - /* make an ap_req */ - if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, out_creds, - &ap_req))) - goto cleanup; - } - - /* wipe the auth context for mk_req */ - if (authcon) { - krb5_auth_con_free(context, authcon); - authcon = NULL; - } - - /* verify the ap_req */ - - if ((ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab, - NULL, NULL))) - goto cleanup; - - /* if we get this far, then the verification succeeded. We can - still fail if the library stuff here fails, but that's it */ - - if (ccache_arg && ccache) { - if (*ccache_arg == NULL) { - krb5_ccache retcc; - - retcc = NULL; - - if ((ret = krb5_cc_resolve(context, "MEMORY:rd_req2", &retcc)) || - (ret = krb5_cc_initialize(context, retcc, creds->client)) || - (ret = krb5_cc_copy_creds_except(context, ccache, retcc, - creds->server))) { - if (retcc) - krb5_cc_destroy(context, retcc); - } else { - *ccache_arg = retcc; - } - } else { - ret = krb5_cc_copy_creds_except(context, ccache, *ccache_arg, - server); - } - } - - /* if any of the above paths returned an errors, then ret is set - accordingly. either that, or it's zero, which is fine, too */ + krb5_error_code ret; + krb5_principal server; + krb5_keytab keytab; + krb5_ccache ccache; + krb5_keytab_entry kte; + krb5_creds in_creds, *out_creds; + krb5_auth_context authcon; + krb5_data ap_req; + + /* KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN */ + + server = NULL; + keytab = NULL; + ccache = NULL; + out_creds = NULL; + authcon = NULL; + ap_req.data = NULL; + + if (server_arg) { + ret = krb5_copy_principal(context, server_arg, &server); + if (ret) + goto cleanup; + } else { + if ((ret = krb5_sname_to_principal(context, NULL, NULL, + KRB5_NT_SRV_HST, &server))) + goto cleanup; + } + + /* first, check if the server is in the keytab. If not, there's + no reason to continue. rd_req does all this, but there's + no way to know that a given error is caused by a missing + keytab or key, and not by some other problem. */ + + if (keytab_arg) { + keytab = keytab_arg; + } else { + if ((ret = krb5_kt_default(context, &keytab))) + goto cleanup; + } + if (krb5_is_referral_realm(&server->realm)) { + krb5_free_data_contents(context, &server->realm); + ret = krb5_get_default_realm(context, &server->realm.data); + if (ret) goto cleanup; + server->realm.length = strlen(server->realm.data); + } + + if ((ret = krb5_kt_get_entry(context, keytab, server, 0, 0, &kte))) { + /* this means there is no keying material. This is ok, as long as + it is not prohibited by the configuration */ + + int nofail; + + if (options && + (options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL)) { + if (options->ap_req_nofail) + goto cleanup; + } else if (krb5_libdefault_boolean(context, + &creds->client->realm, + KRB5_CONF_VERIFY_AP_REQ_NOFAIL, + &nofail) + == 0) { + if (nofail) + goto cleanup; + } + + ret = 0; + goto cleanup; + } + + krb5_kt_free_entry(context, &kte); + + /* If the creds are for the server principal, we're set, just do + a mk_req. Otherwise, do a get_credentials first. */ + + if (krb5_principal_compare(context, server, creds->server)) { + /* make an ap_req */ + if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, creds, + &ap_req))) + goto cleanup; + } else { + /* this is unclean, but it's the easiest way without ripping the + library into very small pieces. store the client's initial cred + in a memory ccache, then call the library. Later, we'll copy + everything except the initial cred into the ccache we return to + the user. A clean implementation would involve library + internals with a coherent idea of "in" and "out". */ + + /* insert the initial cred into the ccache */ + + if ((ret = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache))) { + ccache = NULL; + goto cleanup; + } + + if ((ret = krb5_cc_initialize(context, ccache, creds->client))) + goto cleanup; + + if ((ret = krb5_cc_store_cred(context, ccache, creds))) + goto cleanup; + + /* set up for get_creds */ + memset(&in_creds, 0, sizeof(in_creds)); + in_creds.client = creds->client; + in_creds.server = server; + if ((ret = krb5_timeofday(context, &in_creds.times.endtime))) + goto cleanup; + in_creds.times.endtime += 5*60; + + if ((ret = krb5_get_credentials(context, 0, ccache, &in_creds, + &out_creds))) + goto cleanup; + + /* make an ap_req */ + if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, out_creds, + &ap_req))) + goto cleanup; + } + + /* wipe the auth context for mk_req */ + if (authcon) { + krb5_auth_con_free(context, authcon); + authcon = NULL; + } + + /* verify the ap_req */ + + if ((ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab, + NULL, NULL))) + goto cleanup; + + /* if we get this far, then the verification succeeded. We can + still fail if the library stuff here fails, but that's it */ + + if (ccache_arg && ccache) { + if (*ccache_arg == NULL) { + krb5_ccache retcc; + + retcc = NULL; + + if ((ret = krb5_cc_resolve(context, "MEMORY:rd_req2", &retcc)) || + (ret = krb5_cc_initialize(context, retcc, creds->client)) || + (ret = krb5_cc_copy_creds_except(context, ccache, retcc, + creds->server))) { + if (retcc) + krb5_cc_destroy(context, retcc); + } else { + *ccache_arg = retcc; + } + } else { + ret = krb5_cc_copy_creds_except(context, ccache, *ccache_arg, + server); + } + } + + /* if any of the above paths returned an errors, then ret is set + accordingly. either that, or it's zero, which is fine, too */ cleanup: - if ( server) - krb5_free_principal(context, server); - if (!keytab_arg && keytab) - krb5_kt_close(context, keytab); - if (ccache) - krb5_cc_destroy(context, ccache); - if (out_creds) - krb5_free_creds(context, out_creds); - if (authcon) - krb5_auth_con_free(context, authcon); - if (ap_req.data) - free(ap_req.data); - - return(ret); + if ( server) + krb5_free_principal(context, server); + if (!keytab_arg && keytab) + krb5_kt_close(context, keytab); + if (ccache) + krb5_cc_destroy(context, ccache); + if (out_creds) + krb5_free_creds(context, out_creds); + if (authcon) + krb5_auth_con_free(context, authcon); + if (ap_req.data) + free(ap_req.data); + + return(ret); } diff --git a/src/lib/krb5/krb/vic_opt.c b/src/lib/krb5/krb/vic_opt.c index acdf494..dfe21e0 100644 --- a/src/lib/krb5/krb/vic_opt.c +++ b/src/lib/krb5/krb/vic_opt.c @@ -1,14 +1,15 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" void KRB5_CALLCONV krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *opt) { - opt->flags = 0; + opt->flags = 0; } void KRB5_CALLCONV krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *opt, int ap_req_nofail) { - opt->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL; - opt->ap_req_nofail = ap_req_nofail; + opt->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL; + opt->ap_req_nofail = ap_req_nofail; } diff --git a/src/lib/krb5/krb/walk_rtree.c b/src/lib/krb5/krb/walk_rtree.c index a22f586..d1be227 100644 --- a/src/lib/krb5/krb/walk_rtree.c +++ b/src/lib/krb5/krb/walk_rtree.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/walk_rtree.c * @@ -107,19 +108,19 @@ krb5_walk_realm_tree( char **capvals; if (client->data == NULL || server->data == NULL) - return KRB5_NO_TKT_IN_RLM; + return KRB5_NO_TKT_IN_RLM; if (client->length == server->length && - memcmp(client->data, server->data, server->length) == 0) { - return KRB5_NO_TKT_IN_RLM; + memcmp(client->data, server->data, server->length) == 0) { + return KRB5_NO_TKT_IN_RLM; } retval = rtree_capath_vals(context, client, server, &capvals); if (retval) - return retval; + return retval; if (capvals != NULL) { - retval = rtree_capath_tree(context, client, server, capvals, tree); - return retval; + retval = rtree_capath_tree(context, client, server, capvals, tree); + return retval; } retval = rtree_hier_tree(context, client, server, tree, realm_sep); @@ -148,24 +149,24 @@ krb5_walk_realm_tree( * * [capaths] * ANL.GOV = { - * NERSC.GOV = ES.NET - * PNL.GOV = ES.NET - * ES.NET = . - * HAL.COM = K5.MOON - * HAL.COM = K5.JUPITER + * NERSC.GOV = ES.NET + * PNL.GOV = ES.NET + * ES.NET = . + * HAL.COM = K5.MOON + * HAL.COM = K5.JUPITER * } * NERSC.GOV = { - * ANL.GOV = ES.NET + * ANL.GOV = ES.NET * } * PNL.GOV = { - * ANL.GOV = ES.NET + * ANL.GOV = ES.NET * } * ES.NET = { - * ANL.GOV = . + * ANL.GOV = . * } * HAL.COM = { - * ANL.GOV = K5.JUPITER - * ANL.GOV = K5.MOON + * ANL.GOV = K5.JUPITER + * ANL.GOV = K5.MOON * } * * In the above a "." is used to mean directly connected since the @@ -202,20 +203,20 @@ rtree_capath_tree( *rettree = NULL; tree = pprinc = NULL; for (nvals = 0; vals[nvals] != NULL; nvals++) - ; + ; if (vals[0] != NULL && *vals[0] == '.') { - nlinks = 0; + nlinks = 0; } else { - nlinks = nvals; + nlinks = nvals; } nprincs = nlinks + 2; tree = calloc(nprincs + 1, sizeof(krb5_principal)); if (tree == NULL) { - retval = ENOMEM; - goto error; + retval = ENOMEM; + goto error; } for (i = 0; i < nprincs + 1; i++) - tree[i] = NULL; + tree[i] = NULL; /* Invariant: PPRINC points one past end of list. */ pprinc = &tree[0]; /* Local TGS name */ @@ -223,11 +224,11 @@ rtree_capath_tree( if (retval) goto error; srcrealm = *client; for (i = 0; i < nlinks; i++) { - dstrealm.data = vals[i]; - dstrealm.length = strcspn(vals[i], "\t "); - retval = krb5_tgtname(context, &dstrealm, &srcrealm, pprinc++); - if (retval) goto error; - srcrealm = dstrealm; + dstrealm.data = vals[i]; + dstrealm.length = strcspn(vals[i], "\t "); + retval = krb5_tgtname(context, &dstrealm, &srcrealm, pprinc++); + if (retval) goto error; + srcrealm = dstrealm; } retval = krb5_tgtname(context, server, &srcrealm, pprinc++); if (retval) goto error; @@ -236,12 +237,12 @@ rtree_capath_tree( error: profile_free_list(vals); if (retval) { - while (pprinc != NULL && pprinc > &tree[0]) { - /* krb5_free_principal() correctly handles null input */ - krb5_free_principal(context, *--pprinc); - *pprinc = NULL; - } - free(tree); + while (pprinc != NULL && pprinc > &tree[0]) { + /* krb5_free_principal() correctly handles null input */ + krb5_free_principal(context, *--pprinc); + *pprinc = NULL; + } + free(tree); } return retval; } @@ -267,15 +268,15 @@ rtree_capath_vals( clientz = calloc(client->length + 1, 1); if (clientz == NULL) { - retval = ENOMEM; - goto error; + retval = ENOMEM; + goto error; } memcpy(clientz, client->data, client->length); serverz = calloc(server->length + 1, 1); if (serverz == NULL) { - retval = ENOMEM; - goto error; + retval = ENOMEM; + goto error; } memcpy(serverz, server->data, server->length); @@ -287,13 +288,13 @@ rtree_capath_vals( switch (retval) { case PROF_NO_SECTION: case PROF_NO_RELATION: - /* - * Not found; don't return an error. - */ - retval = 0; - break; + /* + * Not found; don't return an error. + */ + retval = 0; + break; default: - break; + break; } error: free(clientz); @@ -320,31 +321,31 @@ rtree_hier_tree( *rettree = NULL; retval = rtree_hier_realms(context, client, server, - &realms, &nrealms, sep); + &realms, &nrealms, sep); if (retval) - return retval; + return retval; nprincs = nrealms; pprinc = tree = calloc(nprincs + 1, sizeof(krb5_principal)); if (tree == NULL) { - retval = ENOMEM; - goto error; + retval = ENOMEM; + goto error; } for (i = 0; i < nrealms; i++) - tree[i] = NULL; + tree[i] = NULL; srcrealm = client; for (i = 0; i < nrealms; i++) { - dstrealm = &realms[i]; - retval = krb5_tgtname(context, dstrealm, srcrealm, pprinc++); - if (retval) goto error; - srcrealm = dstrealm; + dstrealm = &realms[i]; + retval = krb5_tgtname(context, dstrealm, srcrealm, pprinc++); + if (retval) goto error; + srcrealm = dstrealm; } *rettree = tree; free_realmlist(context, realms, nrealms); return 0; error: while (pprinc != NULL && pprinc > tree) { - krb5_free_principal(context, *--pprinc); - *pprinc = NULL; + krb5_free_principal(context, *--pprinc); + *pprinc = NULL; } free_realmlist(context, realms, nrealms); free(tree); @@ -389,27 +390,27 @@ rtree_hier_realms( rp = r = calloc(nctween + nstween, sizeof(krb5_data)); if (r == NULL) { - retval = ENOMEM; - goto error; + retval = ENOMEM; + goto error; } /* Copy client realm "tweens" forward. */ for (twp = ctweens; twp < &ctweens[nctween]; twp++) { - retval = krb5int_copy_data_contents(context, twp, rp); - if (retval) goto error; - rp++; + retval = krb5int_copy_data_contents(context, twp, rp); + if (retval) goto error; + rp++; } /* Copy server realm "tweens" backward. */ for (twp = &stweens[nstween]; twp-- > stweens;) { - retval = krb5int_copy_data_contents(context, twp, rp); - if (retval) goto error; - rp++; + retval = krb5int_copy_data_contents(context, twp, rp); + if (retval) goto error; + rp++; } error: free(ctweens); free(stweens); if (retval) { - free_realmlist(context, r, rp - r); - return retval; + free_realmlist(context, r, rp - r); + return retval; } *realms = r; *nrealms = rp - r; @@ -425,7 +426,7 @@ free_realmlist( size_t i; for (i = 0; i < nrealms; i++) - krb5_free_data_contents(context, &realms[i]); + krb5_free_data_contents(context, &realms[i]); free(realms); } @@ -457,22 +458,22 @@ rtree_hier_tweens( *ntweens = n = 0; for (lp = p = r; p < &r[rlen]; p++) { - if (*p != sep && &p[1] != &r[rlen]) - continue; - if (lp == rtail && !dotail) - break; - ntws = realloc(tws, (n + 1) * sizeof(krb5_data)); - if (ntws == NULL) { - free(tws); - return ENOMEM; - } - tws = ntws; - tws[n].data = lp; - tws[n].length = &r[rlen] - lp; - n++; - if (lp == rtail) - break; - lp = &p[1]; + if (*p != sep && &p[1] != &r[rlen]) + continue; + if (lp == rtail && !dotail) + break; + ntws = realloc(tws, (n + 1) * sizeof(krb5_data)); + if (ntws == NULL) { + free(tws); + return ENOMEM; + } + tws = ntws; + tws[n].data = lp; + tws[n].length = &r[rlen] - lp; + n++; + if (lp == rtail) + break; + lp = &p[1]; } *tweens = tws; *ntweens = n; @@ -493,7 +494,7 @@ adjtail(struct hstate *c, struct hstate *s, int sep) cp = c->tail; sp = s->tail; if (cp == NULL || sp == NULL) - return; + return; /* * Is it a full component? Yes, if it's the beginning of the * string or there's a separator to the left. @@ -507,18 +508,18 @@ adjtail(struct hstate *c, struct hstate *s, int sep) * If they're both full components, we're done. */ if (cfull && sfull) { - return; + return; } else if (c->dot != NULL && s->dot != NULL) { - cp = c->dot + 1; - sp = s->dot + 1; - /* - * Out of bounds? Can only happen if there are trailing dots. - */ - if (cp >= &c->str[c->len] || sp >= &s->str[s->len]) { - cp = sp = NULL; - } + cp = c->dot + 1; + sp = s->dot + 1; + /* + * Out of bounds? Can only happen if there are trailing dots. + */ + if (cp >= &c->str[c->len] || sp >= &s->str[s->len]) { + cp = sp = NULL; + } } else { - cp = sp = NULL; + cp = sp = NULL; } c->tail = cp; s->tail = sp; @@ -538,7 +539,7 @@ comtail(struct hstate *c, struct hstate *s, int sep) char *cp, *sp, *cdot, *sdot; if (c->len == 0 || s->len == 0) - return; + return; cdot = sdot = NULL; /* @@ -553,26 +554,26 @@ comtail(struct hstate *c, struct hstate *s, int sep) * style realm), keep pointers to the latest pair. */ while (cp > c->str && sp > s->str) { - if (*--cp != *--sp) { - /* - * Didn't match, so most recent match is one byte to the - * right (or not at all). - */ - cp++; - sp++; - break; - } - /* - * Keep track of matching dots. - */ - if (*cp == sep) { - cdot = cp; - sdot = sp; - } + if (*--cp != *--sp) { + /* + * Didn't match, so most recent match is one byte to the + * right (or not at all). + */ + cp++; + sp++; + break; + } + /* + * Keep track of matching dots. + */ + if (*cp == sep) { + cdot = cp; + sdot = sp; + } } /* No match found at all. */ if (cp == &c->str[c->len]) - return; + return; c->tail = cp; s->tail = sp; c->dot = cdot; diff --git a/src/lib/krb5/krb5_libinit.c b/src/lib/krb5/krb5_libinit.c index c154da8..1948b72 100644 --- a/src/lib/krb5/krb5_libinit.c +++ b/src/lib/krb5/krb5_libinit.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <assert.h> #include "autoconf.h" @@ -41,18 +42,18 @@ int krb5int_lib_init(void) err = krb5int_rc_finish_init(); if (err) - return err; + return err; #ifndef LEAN_CLIENT err = krb5int_kt_initialize(); if (err) - return err; + return err; #endif /* LEAN_CLIENT */ err = krb5int_cc_initialize(); if (err) - return err; + return err; err = k5_mutex_finish_init(&krb5int_us_time_mutex); if (err) - return err; + return err; return 0; } @@ -71,9 +72,9 @@ void krb5int_lib_fini(void) { if (!INITIALIZER_RAN(krb5int_lib_init) || PROGRAM_EXITING()) { #ifdef SHOW_INITFINI_FUNCS - printf("krb5int_lib_fini: skipping\n"); + printf("krb5int_lib_fini: skipping\n"); #endif - return; + return; } #ifdef SHOW_INITFINI_FUNCS diff --git a/src/lib/krb5/krb5_libinit.h b/src/lib/krb5/krb5_libinit.h index 11d7248..ff8e5d6 100644 --- a/src/lib/krb5/krb5_libinit.h +++ b/src/lib/krb5/krb5_libinit.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #ifndef KRB5_LIBINIT_H #define KRB5_LIBINIT_H diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c index a051736..20fb30d 100644 --- a/src/lib/krb5/os/accessor.c +++ b/src/lib/krb5/os/accessor.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/accessor.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,19 +23,19 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * -*/ + * + */ #include "k5-int.h" #include "os-proto.h" /* If this trick gets used elsewhere, move it to k5-platform.h. */ #ifndef DESIGNATED_INITIALIZERS -#define DESIGNATED_INITIALIZERS \ - /* ANSI/ISO C 1999 supports this... */ \ - (__STDC_VERSION__ >= 199901L \ - /* ...as does GCC, since version 2.something. */ \ - || (!defined __cplusplus && __GNUC__ >= 3)) +#define DESIGNATED_INITIALIZERS \ + /* ANSI/ISO C 1999 supports this... */ \ + (__STDC_VERSION__ >= 199901L \ + /* ...as does GCC, since version 2.something. */ \ + || (!defined __cplusplus && __GNUC__ >= 3)) #endif krb5_error_code KRB5_CALLCONV @@ -44,105 +45,105 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) #if DESIGNATED_INITIALIZERS #define S(FIELD, VAL) .FIELD = VAL #if defined __GNUC__ && __STDC_VERSION__ < 199901L - __extension__ + __extension__ #endif - static const krb5int_access internals_temp = { + static const krb5int_access internals_temp = { #else #define S(FIELD, VAL) internals_temp.FIELD = VAL - krb5int_access internals_temp; + krb5int_access internals_temp; #endif - S (free_addrlist, krb5int_free_addrlist), - S (hmac, krb5int_hmac_keyblock), - S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype), - S (md5_hash_provider, &krb5int_hash_md5), - S (arcfour_enc_provider, &krb5int_enc_arcfour), - S (sendto_udp, &krb5int_sendto), - S (add_host_to_list, krb5int_add_host_to_list), + S (free_addrlist, krb5int_free_addrlist), + S (hmac, krb5int_hmac_keyblock), + S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype), + S (md5_hash_provider, &krb5int_hash_md5), + S (arcfour_enc_provider, &krb5int_enc_arcfour), + S (sendto_udp, &krb5int_sendto), + S (add_host_to_list, krb5int_add_host_to_list), #ifdef KRB5_DNS_LOOKUP -#define SC(FIELD, VAL) S(FIELD, VAL) +#define SC(FIELD, VAL) S(FIELD, VAL) #else /* disable */ -#define SC(FIELD, VAL) S(FIELD, 0) +#define SC(FIELD, VAL) S(FIELD, 0) #endif - SC (make_srv_query_realm, krb5int_make_srv_query_realm), - SC (free_srv_dns_data, krb5int_free_srv_dns_data), - SC (use_dns_kdc, _krb5_use_dns_kdc), + SC (make_srv_query_realm, krb5int_make_srv_query_realm), + SC (free_srv_dns_data, krb5int_free_srv_dns_data), + SC (use_dns_kdc, _krb5_use_dns_kdc), #undef SC - S (clean_hostname, krb5int_clean_hostname), + S (clean_hostname, krb5int_clean_hostname), - S (mandatory_cksumtype, krb5int_c_mandatory_cksumtype), + S (mandatory_cksumtype, krb5int_c_mandatory_cksumtype), #ifndef LEAN_CLIENT -#define SC(FIELD, VAL) S(FIELD, VAL) +#define SC(FIELD, VAL) S(FIELD, VAL) #else /* disable */ -#define SC(FIELD, VAL) S(FIELD, 0) +#define SC(FIELD, VAL) S(FIELD, 0) #endif - SC (ser_pack_int64, krb5_ser_pack_int64), - SC (ser_unpack_int64, krb5_ser_unpack_int64), + SC (ser_pack_int64, krb5_ser_pack_int64), + SC (ser_unpack_int64, krb5_ser_unpack_int64), #undef SC #ifdef ENABLE_LDAP -#define SC(FIELD, VAL) S(FIELD, VAL) +#define SC(FIELD, VAL) S(FIELD, VAL) #else -#define SC(FIELD, VAL) S(FIELD, 0) +#define SC(FIELD, VAL) S(FIELD, 0) #endif - SC (asn1_ldap_encode_sequence_of_keys, krb5int_ldap_encode_sequence_of_keys), - SC (asn1_ldap_decode_sequence_of_keys, krb5int_ldap_decode_sequence_of_keys), + SC (asn1_ldap_encode_sequence_of_keys, krb5int_ldap_encode_sequence_of_keys), + SC (asn1_ldap_decode_sequence_of_keys, krb5int_ldap_decode_sequence_of_keys), #undef SC #ifndef DISABLE_PKINIT -#define SC(FIELD, VAL) S(FIELD, VAL) +#define SC(FIELD, VAL) S(FIELD, VAL) #else /* disable */ -#define SC(FIELD, VAL) S(FIELD, 0) +#define SC(FIELD, VAL) S(FIELD, 0) #endif - SC (encode_krb5_pa_pk_as_req, encode_krb5_pa_pk_as_req), - SC (encode_krb5_pa_pk_as_req_draft9, encode_krb5_pa_pk_as_req_draft9), + SC (encode_krb5_pa_pk_as_req, encode_krb5_pa_pk_as_req), + SC (encode_krb5_pa_pk_as_req_draft9, encode_krb5_pa_pk_as_req_draft9), SC (encode_krb5_pa_pk_as_rep, encode_krb5_pa_pk_as_rep), - SC (encode_krb5_pa_pk_as_rep_draft9, encode_krb5_pa_pk_as_rep_draft9), - SC (encode_krb5_auth_pack, encode_krb5_auth_pack), - SC (encode_krb5_auth_pack_draft9, encode_krb5_auth_pack_draft9), - SC (encode_krb5_kdc_dh_key_info, encode_krb5_kdc_dh_key_info), - SC (encode_krb5_reply_key_pack, encode_krb5_reply_key_pack), - SC (encode_krb5_reply_key_pack_draft9, encode_krb5_reply_key_pack_draft9), - SC (encode_krb5_typed_data, encode_krb5_typed_data), - SC (encode_krb5_td_trusted_certifiers, encode_krb5_td_trusted_certifiers), - SC (encode_krb5_td_dh_parameters, encode_krb5_td_dh_parameters), - SC (decode_krb5_pa_pk_as_req, decode_krb5_pa_pk_as_req), - SC (decode_krb5_pa_pk_as_req_draft9, decode_krb5_pa_pk_as_req_draft9), - SC (decode_krb5_pa_pk_as_rep, decode_krb5_pa_pk_as_rep), - SC (decode_krb5_pa_pk_as_rep_draft9, decode_krb5_pa_pk_as_rep_draft9), - SC (decode_krb5_auth_pack, decode_krb5_auth_pack), - SC (decode_krb5_auth_pack_draft9, decode_krb5_auth_pack_draft9), - SC (decode_krb5_kdc_dh_key_info, decode_krb5_kdc_dh_key_info), - SC (decode_krb5_principal_name, decode_krb5_principal_name), - SC (decode_krb5_reply_key_pack, decode_krb5_reply_key_pack), - SC (decode_krb5_reply_key_pack_draft9, decode_krb5_reply_key_pack_draft9), - SC (decode_krb5_typed_data, decode_krb5_typed_data), - SC (decode_krb5_td_trusted_certifiers, decode_krb5_td_trusted_certifiers), - SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters), - SC (decode_krb5_as_req, decode_krb5_as_req), - SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body), - SC (free_kdc_req, krb5_free_kdc_req), - SC (set_prompt_types, krb5int_set_prompt_types), - SC (encode_krb5_authdata_elt, encode_krb5_authdata_elt), + SC (encode_krb5_pa_pk_as_rep_draft9, encode_krb5_pa_pk_as_rep_draft9), + SC (encode_krb5_auth_pack, encode_krb5_auth_pack), + SC (encode_krb5_auth_pack_draft9, encode_krb5_auth_pack_draft9), + SC (encode_krb5_kdc_dh_key_info, encode_krb5_kdc_dh_key_info), + SC (encode_krb5_reply_key_pack, encode_krb5_reply_key_pack), + SC (encode_krb5_reply_key_pack_draft9, encode_krb5_reply_key_pack_draft9), + SC (encode_krb5_typed_data, encode_krb5_typed_data), + SC (encode_krb5_td_trusted_certifiers, encode_krb5_td_trusted_certifiers), + SC (encode_krb5_td_dh_parameters, encode_krb5_td_dh_parameters), + SC (decode_krb5_pa_pk_as_req, decode_krb5_pa_pk_as_req), + SC (decode_krb5_pa_pk_as_req_draft9, decode_krb5_pa_pk_as_req_draft9), + SC (decode_krb5_pa_pk_as_rep, decode_krb5_pa_pk_as_rep), + SC (decode_krb5_pa_pk_as_rep_draft9, decode_krb5_pa_pk_as_rep_draft9), + SC (decode_krb5_auth_pack, decode_krb5_auth_pack), + SC (decode_krb5_auth_pack_draft9, decode_krb5_auth_pack_draft9), + SC (decode_krb5_kdc_dh_key_info, decode_krb5_kdc_dh_key_info), + SC (decode_krb5_principal_name, decode_krb5_principal_name), + SC (decode_krb5_reply_key_pack, decode_krb5_reply_key_pack), + SC (decode_krb5_reply_key_pack_draft9, decode_krb5_reply_key_pack_draft9), + SC (decode_krb5_typed_data, decode_krb5_typed_data), + SC (decode_krb5_td_trusted_certifiers, decode_krb5_td_trusted_certifiers), + SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters), + SC (decode_krb5_as_req, decode_krb5_as_req), + SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body), + SC (free_kdc_req, krb5_free_kdc_req), + SC (set_prompt_types, krb5int_set_prompt_types), + SC (encode_krb5_authdata_elt, encode_krb5_authdata_elt), #undef SC - S (encode_krb5_sam_response_2, encode_krb5_sam_response_2), - S (encode_krb5_enc_sam_response_enc_2, encode_krb5_enc_sam_response_enc_2), - S (encode_enc_ts, encode_krb5_pa_enc_ts), - S (decode_enc_ts, decode_krb5_pa_enc_ts), - S (encode_enc_data, encode_krb5_enc_data), - S(decode_enc_data, decode_krb5_enc_data), - S(free_enc_ts, krb5_free_pa_enc_ts), - S(free_enc_data, krb5_free_enc_data), - S(encrypt_helper, krb5_encrypt_helper), + S (encode_krb5_sam_response_2, encode_krb5_sam_response_2), + S (encode_krb5_enc_sam_response_enc_2, encode_krb5_enc_sam_response_enc_2), + S (encode_enc_ts, encode_krb5_pa_enc_ts), + S (decode_enc_ts, decode_krb5_pa_enc_ts), + S (encode_enc_data, encode_krb5_enc_data), + S(decode_enc_data, decode_krb5_enc_data), + S(free_enc_ts, krb5_free_pa_enc_ts), + S(free_enc_data, krb5_free_enc_data), + S(encrypt_helper, krb5_encrypt_helper), #if DESIGNATED_INITIALIZERS - }; + }; #else - 0; + 0; #endif - *internals = internals_temp; - return 0; + *internals = internals_temp; + return 0; } return KRB5_OBSOLETE_FN; } diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c index 731b76b..b5ec3a6 100644 --- a/src/lib/krb5/os/an_to_ln.c +++ b/src/lib/krb5/os/an_to_ln.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/an_to_ln.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_aname_to_localname() */ @@ -35,29 +36,29 @@ #include "k5-int.h" #include <ctype.h> -#if HAVE_REGEX_H +#if HAVE_REGEX_H #include <regex.h> -#endif /* HAVE_REGEX_H */ +#endif /* HAVE_REGEX_H */ #include <string.h> /* * Use compile(3) if no regcomp present. */ -#if !defined(HAVE_REGCOMP) && defined(HAVE_REGEXPR_H) && defined(HAVE_COMPILE) -#define RE_BUF_SIZE 1024 +#if !defined(HAVE_REGCOMP) && defined(HAVE_REGEXPR_H) && defined(HAVE_COMPILE) +#define RE_BUF_SIZE 1024 #include <regexpr.h> -#endif /* !HAVE_REGCOMP && HAVE_REGEXP_H && HAVE_COMPILE */ +#endif /* !HAVE_REGCOMP && HAVE_REGEXP_H && HAVE_COMPILE */ -#define MAX_FORMAT_BUFFER ((size_t)1024) -#ifndef min -#define min(a,b) ((a>b) ? b : a) -#endif /* min */ +#define MAX_FORMAT_BUFFER ((size_t)1024) +#ifndef min +#define min(a,b) ((a>b) ? b : a) +#endif /* min */ #ifdef ANAME_DB /* * Use standard DBM code. */ -#define KDBM_OPEN(db, fl, mo) dbm_open(db, fl, mo) -#define KDBM_CLOSE(db) dbm_close(db) -#define KDBM_FETCH(db, key) dbm_fetch(db, key) +#define KDBM_OPEN(db, fl, mo) dbm_open(db, fl, mo) +#define KDBM_CLOSE(db) dbm_close(db) +#define KDBM_FETCH(db, key) dbm_fetch(db, key) #endif /*ANAME_DB*/ /* @@ -66,21 +67,21 @@ static char * aname_full_to_mapping_name(char *fprincname) { - char *atp; - size_t mlen; - char *mname; + char *atp; + size_t mlen; + char *mname; mname = (char *) NULL; if (fprincname) { - atp = strrchr(fprincname, '@'); - if (!atp) - atp = &fprincname[strlen(fprincname)]; - mlen = (size_t) (atp - fprincname); - - if ((mname = (char *) malloc(mlen+1))) { - strncpy(mname, fprincname, mlen); - mname[mlen] = '\0'; - } + atp = strrchr(fprincname, '@'); + if (!atp) + atp = &fprincname[strlen(fprincname)]; + mlen = (size_t) (atp - fprincname); + + if ((mname = (char *) malloc(mlen+1))) { + strncpy(mname, fprincname, mlen); + mname[mlen] = '\0'; + } } return(mname); } @@ -108,15 +109,15 @@ db_an_to_ln(context, dbname, aname, lnsize, lname) char *princ_name; if ((retval = krb5_unparse_name(context, aname, &princ_name))) - return(retval); + return(retval); key.dptr = princ_name; - key.dsize = strlen(princ_name)+1; /* need to store the NULL for - decoding */ + key.dsize = strlen(princ_name)+1; /* need to store the NULL for + decoding */ db = KDBM_OPEN(dbname, O_RDONLY, 0600); if (!db) { - free(princ_name); - return KRB5_LNAME_CANTOPEN; + free(princ_name); + return KRB5_LNAME_CANTOPEN; } contents = KDBM_FETCH(db, key); @@ -124,30 +125,30 @@ db_an_to_ln(context, dbname, aname, lnsize, lname) free(princ_name); if (contents.dptr == NULL) { - retval = KRB5_LNAME_NOTRANS; + retval = KRB5_LNAME_NOTRANS; } else { - strncpy(lname, contents.dptr, lnsize); - if (lnsize < contents.dsize) - retval = KRB5_CONFIG_NOTENUFSPACE; - else if (lname[contents.dsize-1] != '\0') - retval = KRB5_LNAME_BADFORMAT; - else - retval = 0; + strncpy(lname, contents.dptr, lnsize); + if (lnsize < contents.dsize) + retval = KRB5_CONFIG_NOTENUFSPACE; + else if (lname[contents.dsize-1] != '\0') + retval = KRB5_LNAME_BADFORMAT; + else + retval = 0; } /* can't close until we copy the contents. */ (void) KDBM_CLOSE(db); return retval; -#else /* !_WIN32 && !MACINTOSH */ +#else /* !_WIN32 && !MACINTOSH */ /* * If we don't have support for a database mechanism, then we can't * translate this now, can we? */ return KRB5_LNAME_NOTRANS; -#endif /* !_WIN32 && !MACINTOSH */ +#endif /* !_WIN32 && !MACINTOSH */ } #endif /*ANAME_DB*/ -#ifdef AN_TO_LN_RULES +#ifdef AN_TO_LN_RULES /* * Format and transform a principal name to a local name. This is particularly * useful when Kerberos principals and local user names are formatted to @@ -157,31 +158,31 @@ db_an_to_ln(context, dbname, aname, lnsize, lname) * First part - formulate the string to perform operations on: If not present * then the string defaults to the fully flattened principal minus the realm * name. Otherwise the syntax is as follows: - * "[" <ncomps> ":" <format> "]" - * Where: - * <ncomps> is the number of expected components for this - * rule. If the particular principal does not have this - * many components, then this rule does not apply. + * "[" <ncomps> ":" <format> "]" + * Where: + * <ncomps> is the number of expected components for this + * rule. If the particular principal does not have this + * many components, then this rule does not apply. * - * <format> is a string of <component> or verbatim - * characters to be inserted. + * <format> is a string of <component> or verbatim + * characters to be inserted. * - * <component> is of the form "$"<number> to select the - * <number>th component. <number> begins from 1. + * <component> is of the form "$"<number> to select the + * <number>th component. <number> begins from 1. * * Second part - select rule validity: If not present, then this rule may * apply to all selections. Otherwise the syntax is as follows: - * "(" <regexp> ")" - * Where: <regexp> is a selector regular expression. If this - * regular expression matches the whole pattern generated - * from the first part, then this rule still applies. + * "(" <regexp> ")" + * Where: <regexp> is a selector regular expression. If this + * regular expression matches the whole pattern generated + * from the first part, then this rule still applies. * * Last part - Transform rule: If not present, then the selection string * is passed verbatim and is matched. Otherwise, the syntax is as follows: - * <rule> ... - * Where: <rule> is of the form: - * "s/" <regexp> "/" <text> "/" ["g"] - * + * <rule> ... + * Where: <rule> is of the form: + * "s/" <regexp> "/" <text> "/" ["g"] + * * In order to be able to select rule validity, the native system must support * one of compile(3), re_comp(3) or regcomp(3). In order to be able to * transform (e.g. substitute), the native system must support regcomp(3) or @@ -189,208 +190,208 @@ db_an_to_ln(context, dbname, aname, lnsize, lname) */ /* - * aname_do_match() - Does our name match the parenthesized regular - * expression? - * + * aname_do_match() - Does our name match the parenthesized regular + * expression? + * * Chew up the match portion of the regular expression and update *contextp. * If no re_comp() or regcomp(), then always return a match. */ static krb5_error_code aname_do_match(char *string, char **contextp) { - krb5_error_code kret; - char *regexp, *startp, *endp = 0; - size_t regexlen; -#if HAVE_REGCOMP - regex_t match_exp; - regmatch_t match_match; -#elif HAVE_REGEXPR_H - char regexp_buffer[RE_BUF_SIZE]; -#endif /* HAVE_REGEXP_H */ + krb5_error_code kret; + char *regexp, *startp, *endp = 0; + size_t regexlen; +#if HAVE_REGCOMP + regex_t match_exp; + regmatch_t match_match; +#elif HAVE_REGEXPR_H + char regexp_buffer[RE_BUF_SIZE]; +#endif /* HAVE_REGEXP_H */ kret = 0; /* * Is this a match expression? */ if (**contextp == '(') { - kret = KRB5_CONFIG_BADFORMAT; - startp = (*contextp) + 1; - endp = strchr(startp, ')'); - /* Find the end of the match expression. */ - if (endp) { - regexlen = (size_t) (endp - startp); - regexp = (char *) malloc((size_t) regexlen+1); - kret = ENOMEM; - if (regexp) { - strncpy(regexp, startp, regexlen); - regexp[regexlen] = '\0'; - kret = KRB5_LNAME_NOTRANS; - /* - * Perform the match. - */ -#if HAVE_REGCOMP - if (!regcomp(&match_exp, regexp, REG_EXTENDED) && - !regexec(&match_exp, string, 1, &match_match, 0)) { - if ((match_match.rm_so == 0) && - (match_match.rm_eo == strlen(string))) - kret = 0; - } - regfree(&match_exp); -#elif HAVE_REGEXPR_H - compile(regexp, - regexp_buffer, - ®exp_buffer[RE_BUF_SIZE]); - if (step(string, regexp_buffer)) { - if ((loc1 == string) && - (loc2 == &string[strlen(string)])) - kret = 0; - } -#elif HAVE_RE_COMP - if (!re_comp(regexp) && re_exec(string)) - kret = 0; -#else /* HAVE_RE_COMP */ - kret = 0; -#endif /* HAVE_RE_COMP */ - free(regexp); - } - endp++; - } - else - endp = startp; + kret = KRB5_CONFIG_BADFORMAT; + startp = (*contextp) + 1; + endp = strchr(startp, ')'); + /* Find the end of the match expression. */ + if (endp) { + regexlen = (size_t) (endp - startp); + regexp = (char *) malloc((size_t) regexlen+1); + kret = ENOMEM; + if (regexp) { + strncpy(regexp, startp, regexlen); + regexp[regexlen] = '\0'; + kret = KRB5_LNAME_NOTRANS; + /* + * Perform the match. + */ +#if HAVE_REGCOMP + if (!regcomp(&match_exp, regexp, REG_EXTENDED) && + !regexec(&match_exp, string, 1, &match_match, 0)) { + if ((match_match.rm_so == 0) && + (match_match.rm_eo == strlen(string))) + kret = 0; + } + regfree(&match_exp); +#elif HAVE_REGEXPR_H + compile(regexp, + regexp_buffer, + ®exp_buffer[RE_BUF_SIZE]); + if (step(string, regexp_buffer)) { + if ((loc1 == string) && + (loc2 == &string[strlen(string)])) + kret = 0; + } +#elif HAVE_RE_COMP + if (!re_comp(regexp) && re_exec(string)) + kret = 0; +#else /* HAVE_RE_COMP */ + kret = 0; +#endif /* HAVE_RE_COMP */ + free(regexp); + } + endp++; + } + else + endp = startp; } *contextp = endp; return(kret); } /* - * do_replacement() - Replace the regular expression with the specified - * replacement. + * do_replacement() - Replace the regular expression with the specified + * replacement. * * If "doall" is set, it's a global replacement, otherwise, just a oneshot * deal. * If no regcomp() then just return the input string verbatim in the output * string. */ -#define use_bytes(x) \ - out_used += (x); \ +#define use_bytes(x) \ + out_used += (x); \ if (out_used > MAX_FORMAT_BUFFER) goto mem_err static int do_replacement(char *regexp, char *repl, int doall, char *in, char *out) { size_t out_used = 0; -#if HAVE_REGCOMP - regex_t match_exp; - regmatch_t match_match; - int matched; - char *cp; - char *op; +#if HAVE_REGCOMP + regex_t match_exp; + regmatch_t match_match; + int matched; + char *cp; + char *op; if (!regcomp(&match_exp, regexp, REG_EXTENDED)) { - cp = in; - op = out; - matched = 0; - do { - if (!regexec(&match_exp, cp, 1, &match_match, 0)) { - if (match_match.rm_so) { - use_bytes(match_match.rm_so); - strncpy(op, cp, match_match.rm_so); - op += match_match.rm_so; - } - use_bytes(strlen(repl)); - strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); - op += strlen(op); - cp += match_match.rm_eo; - if (!doall) { - use_bytes(strlen(cp)); - strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); - } - matched = 1; - } - else { - use_bytes(strlen(cp)); - strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); - matched = 0; - } - } while (doall && matched); - regfree(&match_exp); + cp = in; + op = out; + matched = 0; + do { + if (!regexec(&match_exp, cp, 1, &match_match, 0)) { + if (match_match.rm_so) { + use_bytes(match_match.rm_so); + strncpy(op, cp, match_match.rm_so); + op += match_match.rm_so; + } + use_bytes(strlen(repl)); + strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); + op += strlen(op); + cp += match_match.rm_eo; + if (!doall) { + use_bytes(strlen(cp)); + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + } + matched = 1; + } + else { + use_bytes(strlen(cp)); + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + matched = 0; + } + } while (doall && matched); + regfree(&match_exp); } -#elif HAVE_REGEXPR_H - int matched; - char *cp; - char *op; - char regexp_buffer[RE_BUF_SIZE]; - size_t sdispl, edispl; +#elif HAVE_REGEXPR_H + int matched; + char *cp; + char *op; + char regexp_buffer[RE_BUF_SIZE]; + size_t sdispl, edispl; compile(regexp, - regexp_buffer, - ®exp_buffer[RE_BUF_SIZE]); + regexp_buffer, + ®exp_buffer[RE_BUF_SIZE]); cp = in; op = out; matched = 0; do { - if (step(cp, regexp_buffer)) { - sdispl = (size_t) (loc1 - cp); - edispl = (size_t) (loc2 - cp); - if (sdispl) { - use_bytes(sdispl); - strncpy(op, cp, sdispl); - op += sdispl; - } - use_bytes(strlen(repl)); - strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); - op += strlen(repl); - cp += edispl; - if (!doall) { - use_bytes(strlen(cp)); - strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); - } - matched = 1; - } - else { - use_bytes(strlen(cp)); - strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); - matched = 0; - } + if (step(cp, regexp_buffer)) { + sdispl = (size_t) (loc1 - cp); + edispl = (size_t) (loc2 - cp); + if (sdispl) { + use_bytes(sdispl); + strncpy(op, cp, sdispl); + op += sdispl; + } + use_bytes(strlen(repl)); + strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); + op += strlen(repl); + cp += edispl; + if (!doall) { + use_bytes(strlen(cp)); + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + } + matched = 1; + } + else { + use_bytes(strlen(cp)); + strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + matched = 0; + } } while (doall && matched); -#else /* HAVE_REGEXP_H */ +#else /* HAVE_REGEXP_H */ memcpy(out, in, MAX_FORMAT_BUFFER); -#endif /* HAVE_REGCOMP */ +#endif /* HAVE_REGCOMP */ return 1; - mem_err: +mem_err: #ifdef HAVE_REGCMP - regfree(&match_exp); + regfree(&match_exp); #endif - return 0; - + return 0; + } #undef use_bytes /* - * aname_replacer() - Perform the specified substitutions on the input - * string and return the result. + * aname_replacer() - Perform the specified substitutions on the input + * string and return the result. * * This routine enforces the "s/<pattern>/<replacement>/[g]" syntax. */ static krb5_error_code aname_replacer(char *string, char **contextp, char **result) { - krb5_error_code kret; - char *in = NULL, *out = NULL, *rule = NULL, *repl = NULL; - char *cp, *ep, *tp; - size_t rule_size, repl_size; - int doglobal; + krb5_error_code kret; + char *in = NULL, *out = NULL, *rule = NULL, *repl = NULL; + char *cp, *ep, *tp; + size_t rule_size, repl_size; + int doglobal; *result = NULL; /* Allocate the formatting buffers */ in = malloc(MAX_FORMAT_BUFFER); if (!in) - return ENOMEM; + return ENOMEM; out = malloc(MAX_FORMAT_BUFFER); if (!out) { - kret = ENOMEM; - goto cleanup; + kret = ENOMEM; + goto cleanup; } /* @@ -404,70 +405,70 @@ aname_replacer(char *string, char **contextp, char **result) * Pound through the expression until we're done. */ for (cp = *contextp; *cp; ) { - /* Skip leading whitespace */ - while (isspace((int) (*cp))) - cp++; - - /* - * Find our separators. First two characters must be "s/" - * We must also find another "/" followed by another "/". - */ - if (!((cp[0] == 's') && - (cp[1] == '/') && - (ep = strchr(&cp[2], '/')) && - (tp = strchr(&ep[1], '/')))) { - /* Bad syntax */ - kret = KRB5_CONFIG_BADFORMAT; - goto cleanup; - } - - /* Figure out sizes of strings and allocate them */ - rule_size = (size_t) (ep - &cp[2]); - repl_size = (size_t) (tp - &ep[1]); - rule = malloc(rule_size + 1); - if (!rule) { - kret = ENOMEM; - goto cleanup; - } - repl = malloc(repl_size + 1); - if (!repl) { - kret = ENOMEM; - goto cleanup; - } - - /* Copy the strings */ - memcpy(rule, &cp[2], rule_size); - memcpy(repl, &ep[1], repl_size); - rule[rule_size] = repl[repl_size] = '\0'; - - /* Check for trailing "g" */ - doglobal = (tp[1] == 'g') ? 1 : 0; - if (doglobal) - tp++; - - /* Swap previous in and out buffers */ - ep = in; - in = out; - out = ep; - - /* Do the replacemenbt */ - memset(out, '\0', MAX_FORMAT_BUFFER); - if (!do_replacement(rule, repl, doglobal, in, out)) { - kret = KRB5_LNAME_NOTRANS; - goto cleanup; - } - free(rule); - free(repl); - rule = repl = NULL; - - /* If we have no output buffer left, this can't be good */ - if (strlen(out) == 0) { - kret = KRB5_LNAME_NOTRANS; - goto cleanup; - } - - /* Advance past trailer */ - cp = &tp[1]; + /* Skip leading whitespace */ + while (isspace((int) (*cp))) + cp++; + + /* + * Find our separators. First two characters must be "s/" + * We must also find another "/" followed by another "/". + */ + if (!((cp[0] == 's') && + (cp[1] == '/') && + (ep = strchr(&cp[2], '/')) && + (tp = strchr(&ep[1], '/')))) { + /* Bad syntax */ + kret = KRB5_CONFIG_BADFORMAT; + goto cleanup; + } + + /* Figure out sizes of strings and allocate them */ + rule_size = (size_t) (ep - &cp[2]); + repl_size = (size_t) (tp - &ep[1]); + rule = malloc(rule_size + 1); + if (!rule) { + kret = ENOMEM; + goto cleanup; + } + repl = malloc(repl_size + 1); + if (!repl) { + kret = ENOMEM; + goto cleanup; + } + + /* Copy the strings */ + memcpy(rule, &cp[2], rule_size); + memcpy(repl, &ep[1], repl_size); + rule[rule_size] = repl[repl_size] = '\0'; + + /* Check for trailing "g" */ + doglobal = (tp[1] == 'g') ? 1 : 0; + if (doglobal) + tp++; + + /* Swap previous in and out buffers */ + ep = in; + in = out; + out = ep; + + /* Do the replacemenbt */ + memset(out, '\0', MAX_FORMAT_BUFFER); + if (!do_replacement(rule, repl, doglobal, in, out)) { + kret = KRB5_LNAME_NOTRANS; + goto cleanup; + } + free(rule); + free(repl); + rule = repl = NULL; + + /* If we have no output buffer left, this can't be good */ + if (strlen(out) == 0) { + kret = KRB5_LNAME_NOTRANS; + goto cleanup; + } + + /* Advance past trailer */ + cp = &tp[1]; } free(in); *result = out; @@ -488,7 +489,7 @@ cleanup: */ static krb5_error_code aname_get_selstring(krb5_context context, krb5_const_principal aname, - char **contextp, char **result) + char **contextp, char **result) { krb5_error_code kret; char *fprincname, *current, *str; @@ -499,16 +500,16 @@ aname_get_selstring(krb5_context context, krb5_const_principal aname, *result = NULL; if (**contextp != '[') { - /* No selstring part; use the full flattened principal name. */ - kret = krb5_unparse_name(context, aname, &fprincname); - if (kret) - return kret; - str = aname_full_to_mapping_name(fprincname); - free(fprincname); - if (!str) - return ENOMEM; - *result = str; - return 0; + /* No selstring part; use the full flattened principal name. */ + kret = krb5_unparse_name(context, aname, &fprincname); + if (kret) + return kret; + str = aname_full_to_mapping_name(fprincname); + free(fprincname); + if (!str) + return ENOMEM; + *result = str; + return 0; } /* Advance past the '[' and read the number of components. */ @@ -516,42 +517,42 @@ aname_get_selstring(krb5_context context, krb5_const_principal aname, errno = 0; num_comps = strtol(current, ¤t, 10); if (errno != 0 || num_comps < 0 || *current != ':') - return KRB5_CONFIG_BADFORMAT; + return KRB5_CONFIG_BADFORMAT; if (num_comps != aname->length) - return KRB5_LNAME_NOTRANS; + return KRB5_LNAME_NOTRANS; current++; krb5int_buf_init_dynamic(&selstring); while (1) { - /* Copy in literal characters up to the next $ or ]. */ - nlit = strcspn(current, "$]"); - krb5int_buf_add_len(&selstring, current, nlit); - current += nlit; - if (*current != '$') - break; - - /* Expand $ substitution to a principal component. */ - errno = 0; - compind = strtol(current + 1, ¤t, 10); - if (errno || compind > num_comps) - break; - datap = (compind > 0) - ? krb5_princ_component(context, aname, compind - 1) - : krb5_princ_realm(context, aname); - if (!datap) - break; - krb5int_buf_add_len(&selstring, datap->data, datap->length); + /* Copy in literal characters up to the next $ or ]. */ + nlit = strcspn(current, "$]"); + krb5int_buf_add_len(&selstring, current, nlit); + current += nlit; + if (*current != '$') + break; + + /* Expand $ substitution to a principal component. */ + errno = 0; + compind = strtol(current + 1, ¤t, 10); + if (errno || compind > num_comps) + break; + datap = (compind > 0) + ? krb5_princ_component(context, aname, compind - 1) + : krb5_princ_realm(context, aname); + if (!datap) + break; + krb5int_buf_add_len(&selstring, datap->data, datap->length); } /* Check that we hit a ']' and not the end of the string. */ if (*current != ']') { - krb5int_free_buf(&selstring); - return KRB5_CONFIG_BADFORMAT; + krb5int_free_buf(&selstring); + return KRB5_CONFIG_BADFORMAT; } str = krb5int_buf_data(&selstring); if (str == NULL) - return ENOMEM; + return ENOMEM; *contextp = current + 1; *result = str; @@ -561,7 +562,7 @@ aname_get_selstring(krb5_context context, krb5_const_principal aname, /* Handle aname to lname translations for RULE rules. */ static krb5_error_code rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname, - const unsigned int lnsize, char *lname) + const unsigned int lnsize, char *lname) { krb5_error_code kret; char *current, *selstring = 0, *outstring = 0; @@ -570,31 +571,31 @@ rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname, current = rule; kret = aname_get_selstring(context, aname, ¤t, &selstring); if (kret) - return kret; + return kret; /* Check the selection string against the regexp, if present. */ if (*current == '(') { - kret = aname_do_match(selstring, ¤t); - if (kret) - goto cleanup; + kret = aname_do_match(selstring, ¤t); + if (kret) + goto cleanup; } /* Perform the substitution. */ outstring = NULL; kret = aname_replacer(selstring, ¤t, &outstring); if (kret) - goto cleanup; + goto cleanup; /* Copy out the value if there's enough room. */ if (strlcpy(lname, outstring, lnsize) >= lnsize) - kret = KRB5_CONFIG_NOTENUFSPACE; + kret = KRB5_CONFIG_NOTENUFSPACE; cleanup: free(selstring); free(outstring); return kret; } -#endif /* AN_TO_LN_RULES */ +#endif /* AN_TO_LN_RULES */ /* * Implementation: This version checks the realm to see if it is the local @@ -609,9 +610,9 @@ default_an_to_ln(krb5_context context, krb5_const_principal aname, const unsigne unsigned int realm_length; realm_length = krb5_princ_realm(context, aname)->length; - + if ((retval = krb5_get_default_realm(context, &def_realm))) { - return(retval); + return(retval); } if (!data_eq_string(*krb5_princ_realm(context, aname), def_realm)) { free(def_realm); @@ -620,58 +621,58 @@ default_an_to_ln(krb5_context context, krb5_const_principal aname, const unsigne if (krb5_princ_size(context, aname) != 1) { if (krb5_princ_size(context, aname) == 2 ) { - /* Check to see if 2nd component is the local realm. */ - if ( strncmp(krb5_princ_component(context, aname,1)->data,def_realm, - realm_length) || - realm_length != krb5_princ_component(context, aname,1)->length) + /* Check to see if 2nd component is the local realm. */ + if ( strncmp(krb5_princ_component(context, aname,1)->data,def_realm, + realm_length) || + realm_length != krb5_princ_component(context, aname,1)->length) return KRB5_LNAME_NOTRANS; } else - /* no components or more than one component to non-realm part of name - --no translation. */ + /* no components or more than one component to non-realm part of name + --no translation. */ return KRB5_LNAME_NOTRANS; } free(def_realm); - strncpy(lname, krb5_princ_component(context, aname,0)->data, - min(krb5_princ_component(context, aname,0)->length,lnsize)); + strncpy(lname, krb5_princ_component(context, aname,0)->data, + min(krb5_princ_component(context, aname,0)->length,lnsize)); if (lnsize <= krb5_princ_component(context, aname,0)->length ) { - retval = KRB5_CONFIG_NOTENUFSPACE; + retval = KRB5_CONFIG_NOTENUFSPACE; } else { - lname[krb5_princ_component(context, aname,0)->length] = '\0'; - retval = 0; + lname[krb5_princ_component(context, aname,0)->length] = '\0'; + retval = 0; } return retval; } /* - Converts an authentication name to a local name suitable for use by - programs wishing a translation to an environment-specific name (e.g. - user account name). + Converts an authentication name to a local name suitable for use by + programs wishing a translation to an environment-specific name (e.g. + user account name). - lnsize specifies the maximum length name that is to be filled into - lname. - The translation will be null terminated in all non-error returns. + lnsize specifies the maximum length name that is to be filled into + lname. + The translation will be null terminated in all non-error returns. - returns system errors, NOT_ENOUGH_SPACE + returns system errors, NOT_ENOUGH_SPACE */ krb5_error_code KRB5_CALLCONV krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int lnsize_in, char *lname) { - krb5_error_code kret; - char *realm; - char *pname; - char *mname; - const char *hierarchy[5]; - char **mapping_values; - int i, nvalid; - char *cp, *s; - char *typep, *argp; + krb5_error_code kret; + char *realm; + char *pname; + char *mname; + const char *hierarchy[5]; + char **mapping_values; + int i, nvalid; + char *cp, *s; + char *typep, *argp; unsigned int lnsize; if (lnsize_in < 0) - return KRB5_CONFIG_NOTENUFSPACE; + return KRB5_CONFIG_NOTENUFSPACE; lnsize = lnsize_in; /* Unsigned */ @@ -679,134 +680,133 @@ krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int ln * First get the default realm. */ if (!(kret = krb5_get_default_realm(context, &realm))) { - /* Flatten the name */ - if (!(kret = krb5_unparse_name(context, aname, &pname))) { - if ((mname = aname_full_to_mapping_name(pname))) { - /* - * Search first for explicit mappings of the form: - * - * [realms]->realm->"auth_to_local_names"->mapping_name - */ - hierarchy[0] = KRB5_CONF_REALMS; - hierarchy[1] = realm; - hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL_NAMES; - hierarchy[3] = mname; - hierarchy[4] = (char *) NULL; - if (!(kret = profile_get_values(context->profile, - hierarchy, - &mapping_values))) { - /* We found one or more explicit mappings. */ - for (nvalid=0; mapping_values[nvalid]; nvalid++); - - /* Just use the last one. */ - /* Trim the value. */ - s = mapping_values[nvalid-1]; - cp = s + strlen(s); - while (cp > s) { - cp--; - if (!isspace((int)(*cp))) - break; - *cp = '\0'; - } - - /* Copy out the value if there's enough room */ - if (strlcpy(lname, mapping_values[nvalid-1], - lnsize) >= lnsize) - kret = KRB5_CONFIG_NOTENUFSPACE; - - /* Free residue */ - profile_free_list(mapping_values); - } - else { - /* - * OK - There's no explicit mapping. Now check for - * general auth_to_local rules of the form: - * - * [realms]->realm->"auth_to_local" - * - * This can have one or more of the following kinds of - * values: - * DB:<filename> - Look up principal in aname database. - * RULE:<sed-exp> - Formulate lname from sed-exp. - * DEFAULT - Use default rule. - * The first rule to find a match is used. - */ - hierarchy[0] = KRB5_CONF_REALMS; - hierarchy[1] = realm; - hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL; - hierarchy[3] = (char *) NULL; - if (!(kret = profile_get_values(context->profile, - hierarchy, - &mapping_values))) { - /* - * Loop through all the mapping values. - */ - for (i=0; mapping_values[i]; i++) { - typep = mapping_values[i]; - argp = strchr(typep, ':'); - if (argp) { - *argp = '\0'; - argp++; - } + /* Flatten the name */ + if (!(kret = krb5_unparse_name(context, aname, &pname))) { + if ((mname = aname_full_to_mapping_name(pname))) { + /* + * Search first for explicit mappings of the form: + * + * [realms]->realm->"auth_to_local_names"->mapping_name + */ + hierarchy[0] = KRB5_CONF_REALMS; + hierarchy[1] = realm; + hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL_NAMES; + hierarchy[3] = mname; + hierarchy[4] = (char *) NULL; + if (!(kret = profile_get_values(context->profile, + hierarchy, + &mapping_values))) { + /* We found one or more explicit mappings. */ + for (nvalid=0; mapping_values[nvalid]; nvalid++); + + /* Just use the last one. */ + /* Trim the value. */ + s = mapping_values[nvalid-1]; + cp = s + strlen(s); + while (cp > s) { + cp--; + if (!isspace((int)(*cp))) + break; + *cp = '\0'; + } + + /* Copy out the value if there's enough room */ + if (strlcpy(lname, mapping_values[nvalid-1], + lnsize) >= lnsize) + kret = KRB5_CONFIG_NOTENUFSPACE; + + /* Free residue */ + profile_free_list(mapping_values); + } + else { + /* + * OK - There's no explicit mapping. Now check for + * general auth_to_local rules of the form: + * + * [realms]->realm->"auth_to_local" + * + * This can have one or more of the following kinds of + * values: + * DB:<filename> - Look up principal in aname database. + * RULE:<sed-exp> - Formulate lname from sed-exp. + * DEFAULT - Use default rule. + * The first rule to find a match is used. + */ + hierarchy[0] = KRB5_CONF_REALMS; + hierarchy[1] = realm; + hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL; + hierarchy[3] = (char *) NULL; + if (!(kret = profile_get_values(context->profile, + hierarchy, + &mapping_values))) { + /* + * Loop through all the mapping values. + */ + for (i=0; mapping_values[i]; i++) { + typep = mapping_values[i]; + argp = strchr(typep, ':'); + if (argp) { + *argp = '\0'; + argp++; + } #ifdef ANAME_DB - if (!strcmp(typep, "DB") && argp) { - kret = db_an_to_ln(context, - argp, - aname, - lnsize, - lname); - if (kret != KRB5_LNAME_NOTRANS) - break; - } - else + if (!strcmp(typep, "DB") && argp) { + kret = db_an_to_ln(context, + argp, + aname, + lnsize, + lname); + if (kret != KRB5_LNAME_NOTRANS) + break; + } + else #endif -#ifdef AN_TO_LN_RULES - if (!strcmp(typep, "RULE") && argp) { - kret = rule_an_to_ln(context, - argp, - aname, - lnsize, - lname); - if (kret != KRB5_LNAME_NOTRANS) - break; - } - else -#endif /* AN_TO_LN_RULES */ - if (!strcmp(typep, "DEFAULT") && !argp) { - kret = default_an_to_ln(context, - aname, - lnsize, - lname); - if (kret != KRB5_LNAME_NOTRANS) - break; - } - else { - kret = KRB5_CONFIG_BADFORMAT; - break; - } - } - - /* We're done, clean up the droppings. */ - profile_free_list(mapping_values); - } - else { - /* - * No profile relation found, try default mapping. - */ - kret = default_an_to_ln(context, - aname, - lnsize, - lname); - } - } - free(mname); - } - else - kret = ENOMEM; - free(pname); - } - free(realm); +#ifdef AN_TO_LN_RULES + if (!strcmp(typep, "RULE") && argp) { + kret = rule_an_to_ln(context, + argp, + aname, + lnsize, + lname); + if (kret != KRB5_LNAME_NOTRANS) + break; + } + else +#endif /* AN_TO_LN_RULES */ + if (!strcmp(typep, "DEFAULT") && !argp) { + kret = default_an_to_ln(context, + aname, + lnsize, + lname); + if (kret != KRB5_LNAME_NOTRANS) + break; + } + else { + kret = KRB5_CONFIG_BADFORMAT; + break; + } + } + + /* We're done, clean up the droppings. */ + profile_free_list(mapping_values); + } + else { + /* + * No profile relation found, try default mapping. + */ + kret = default_an_to_ln(context, + aname, + lnsize, + lname); + } + } + free(mname); + } + else + kret = ENOMEM; + free(pname); + } + free(realm); } return(kret); } - diff --git a/src/lib/krb5/os/c_ustime.c b/src/lib/krb5/os/c_ustime.c index fbb6d61..1bfdac4 100644 --- a/src/lib/krb5/os/c_ustime.c +++ b/src/lib/krb5/os/c_ustime.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/crypto/os/c_ustime.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,11 +23,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_mstimeofday for BSD 4.3 */ - + #include "k5-int.h" #include "k5-thread.h" @@ -36,8 +37,8 @@ struct time_now { krb5_int32 sec, usec; }; #if defined(_WIN32) - /* Microsoft Windows NT and 95 (32bit) */ - /* This one works for WOW (Windows on Windows, ntvdm on Win-NT) */ +/* Microsoft Windows NT and 95 (32bit) */ +/* This one works for WOW (Windows on Windows, ntvdm on Win-NT) */ #include <time.h> #include <sys/timeb.h> @@ -64,7 +65,7 @@ get_time_now(struct time_now *n) struct timeval tv; if (gettimeofday(&tv, (struct timezone *)0) == -1) - return errno; + return errno; n->sec = tv.tv_sec; n->usec = tv.tv_usec; @@ -84,11 +85,11 @@ krb5_crypto_us_timeofday(krb5_int32 *seconds, krb5_int32 *microseconds) now.sec = now.usec = 0; err = get_time_now(&now); if (err) - return err; + return err; err = k5_mutex_lock(&krb5int_us_time_mutex); if (err) - return err; + return err; /* Just guessing: If the number of seconds hasn't changed, yet the microseconds are moving backwards, we probably just got a third instance of returning the same clock value from the system, so @@ -98,17 +99,17 @@ krb5_crypto_us_timeofday(krb5_int32 *seconds, krb5_int32 *microseconds) quite likely. On UNIX, it appears that we always get new microsecond values, so this case should never trigger. */ if ((now.sec == last_time.sec) && (now.usec <= last_time.usec)) { - /* Same as last time??? */ - now.usec = ++last_time.usec; - if (now.usec >= 1000000) { - ++now.sec; - now.usec = 0; - } - /* For now, we're not worrying about the case of enough - returns of the same value that we roll over now.sec, and - the next call still gets the previous now.sec value. */ + /* Same as last time??? */ + now.usec = ++last_time.usec; + if (now.usec >= 1000000) { + ++now.sec; + now.usec = 0; + } + /* For now, we're not worrying about the case of enough + returns of the same value that we roll over now.sec, and + the next call still gets the previous now.sec value. */ } - last_time.sec = now.sec; /* Remember for next time */ + last_time.sec = now.sec; /* Remember for next time */ last_time.usec = now.usec; k5_mutex_unlock(&krb5int_us_time_mutex); diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c index 7587cb0..0686e72 100644 --- a/src/lib/krb5/os/ccdefname.c +++ b/src/lib/krb5/os/ccdefname.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/ccdefname.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Return default cred. cache name. */ @@ -38,50 +39,50 @@ #if defined(_WIN32) static int get_from_registry_indirect(char *name_buf, int name_size) { - /* If the RegKRB5CCNAME variable is set, it will point to - * the registry key that has the name of the cache to use. - * The Gradient PC-DCE sets the registry key - * [HKEY_CURRENT_USER\Software\Gradient\DCE\Default\KRB5CCNAME] - * to point at the cache file name (including the FILE: prefix). - * By indirecting with the RegKRB5CCNAME entry in kerberos.ini, - * we can accomodate other versions that might set a registry - * variable. - */ - char newkey[256]; - - LONG name_buf_size; - HKEY hkey; - int found = 0; - char *cp; - - newkey[0] = 0; - GetPrivateProfileString(INI_FILES, "RegKRB5CCNAME", "", - newkey, sizeof(newkey), KERBEROS_INI); - if (!newkey[0]) - return 0; - - newkey[sizeof(newkey)-1] = 0; - cp = strrchr(newkey,'\\'); - if (cp) { - *cp = '\0'; /* split the string */ - cp++; - } else - cp = ""; - - if (RegOpenKeyEx(HKEY_CURRENT_USER, newkey, 0, - KEY_QUERY_VALUE, &hkey) != ERROR_SUCCESS) - return 0; - - name_buf_size = name_size; - if (RegQueryValueEx(hkey, cp, 0, 0, - name_buf, &name_buf_size) != ERROR_SUCCESS) - { - RegCloseKey(hkey); - return 0; - } - - RegCloseKey(hkey); - return 1; + /* If the RegKRB5CCNAME variable is set, it will point to + * the registry key that has the name of the cache to use. + * The Gradient PC-DCE sets the registry key + * [HKEY_CURRENT_USER\Software\Gradient\DCE\Default\KRB5CCNAME] + * to point at the cache file name (including the FILE: prefix). + * By indirecting with the RegKRB5CCNAME entry in kerberos.ini, + * we can accomodate other versions that might set a registry + * variable. + */ + char newkey[256]; + + LONG name_buf_size; + HKEY hkey; + int found = 0; + char *cp; + + newkey[0] = 0; + GetPrivateProfileString(INI_FILES, "RegKRB5CCNAME", "", + newkey, sizeof(newkey), KERBEROS_INI); + if (!newkey[0]) + return 0; + + newkey[sizeof(newkey)-1] = 0; + cp = strrchr(newkey,'\\'); + if (cp) { + *cp = '\0'; /* split the string */ + cp++; + } else + cp = ""; + + if (RegOpenKeyEx(HKEY_CURRENT_USER, newkey, 0, + KEY_QUERY_VALUE, &hkey) != ERROR_SUCCESS) + return 0; + + name_buf_size = name_size; + if (RegQueryValueEx(hkey, cp, 0, 0, + name_buf, &name_buf_size) != ERROR_SUCCESS) + { + RegCloseKey(hkey); + return 0; + } + + RegCloseKey(hkey); + return 1; } /* @@ -94,19 +95,19 @@ static int get_from_registry_indirect(char *name_buf, int name_size) static int get_from_registry( HKEY hBaseKey, - char *name_buf, + char *name_buf, int name_size - ) +) { HKEY hKey; DWORD name_buf_size = (DWORD)name_size; const char *key_path = "Software\\MIT\\Kerberos5"; const char *value_name = "ccname"; - if (RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE, + if (RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS) return 0; - if (RegQueryValueEx(hKey, value_name, 0, 0, + if (RegQueryValueEx(hKey, value_name, 0, 0, name_buf, &name_buf_size) != ERROR_SUCCESS) { RegCloseKey(hKey); @@ -123,7 +124,7 @@ try_dir( char* dir, char* buffer, int buf_len - ) +) { struct _stat s; if (!dir) @@ -145,53 +146,53 @@ try_dir( #if defined(_WIN32) static krb5_error_code get_from_os(char *name_buf, unsigned int name_size) { - char *prefix = krb5_cc_dfl_ops->prefix; - int size; - char *p; - DWORD gle; - - SetLastError(0); - GetEnvironmentVariable(KRB5_ENV_CCNAME, name_buf, name_size); - gle = GetLastError(); - if (gle == 0) - return 0; - else if (gle != ERROR_ENVVAR_NOT_FOUND) - return ENOMEM; - - if (get_from_registry(HKEY_CURRENT_USER, - name_buf, name_size) != 0) - return 0; - - if (get_from_registry(HKEY_LOCAL_MACHINE, - name_buf, name_size) != 0) - return 0; - - if (get_from_registry_indirect(name_buf, name_size) != 0) - return 0; - - strncpy(name_buf, prefix, name_size - 1); - name_buf[name_size - 1] = 0; - size = name_size - strlen(prefix); - if (size > 0) - strcat(name_buf, ":"); - size--; - p = name_buf + name_size - size; - if (!strcmp(prefix, "API")) { - strncpy(p, "krb5cc", size); - } else if (!strcmp(prefix, "FILE") || !strcmp(prefix, "STDIO")) { - if (!try_dir(getenv("TEMP"), p, size) && - !try_dir(getenv("TMP"), p, size)) - { - int len = GetWindowsDirectory(p, size); - name_buf[name_size - 1] = 0; - if (len < size - sizeof(APPEND_KRB5CC)) - strcat(p, APPEND_KRB5CC); - } - } else { - strncpy(p, "default_cache_name", size); - } - name_buf[name_size - 1] = 0; - return 0; + char *prefix = krb5_cc_dfl_ops->prefix; + int size; + char *p; + DWORD gle; + + SetLastError(0); + GetEnvironmentVariable(KRB5_ENV_CCNAME, name_buf, name_size); + gle = GetLastError(); + if (gle == 0) + return 0; + else if (gle != ERROR_ENVVAR_NOT_FOUND) + return ENOMEM; + + if (get_from_registry(HKEY_CURRENT_USER, + name_buf, name_size) != 0) + return 0; + + if (get_from_registry(HKEY_LOCAL_MACHINE, + name_buf, name_size) != 0) + return 0; + + if (get_from_registry_indirect(name_buf, name_size) != 0) + return 0; + + strncpy(name_buf, prefix, name_size - 1); + name_buf[name_size - 1] = 0; + size = name_size - strlen(prefix); + if (size > 0) + strcat(name_buf, ":"); + size--; + p = name_buf + name_size - size; + if (!strcmp(prefix, "API")) { + strncpy(p, "krb5cc", size); + } else if (!strcmp(prefix, "FILE") || !strcmp(prefix, "STDIO")) { + if (!try_dir(getenv("TEMP"), p, size) && + !try_dir(getenv("TMP"), p, size)) + { + int len = GetWindowsDirectory(p, size); + name_buf[name_size - 1] = 0; + if (len < size - sizeof(APPEND_KRB5CC)) + strcat(p, APPEND_KRB5CC); + } + } else { + strncpy(p, "default_cache_name", size); + } + name_buf[name_size - 1] = 0; + return 0; } #endif @@ -199,35 +200,35 @@ static krb5_error_code get_from_os(char *name_buf, unsigned int name_size) static krb5_error_code get_from_os(char *name_buf, unsigned int name_size) { - krb5_error_code result = 0; - cc_context_t cc_context = NULL; - cc_string_t default_name = NULL; - - cc_int32 ccerr = cc_initialize (&cc_context, ccapi_version_3, NULL, NULL); - if (ccerr == ccNoError) { - ccerr = cc_context_get_default_ccache_name (cc_context, &default_name); - } - - if (ccerr == ccNoError) { - if (strlen (default_name -> data) + 5 > name_size) { - result = ENOMEM; - goto cleanup; - } else { - snprintf (name_buf, name_size, "API:%s", - default_name -> data); - } - } - + krb5_error_code result = 0; + cc_context_t cc_context = NULL; + cc_string_t default_name = NULL; + + cc_int32 ccerr = cc_initialize (&cc_context, ccapi_version_3, NULL, NULL); + if (ccerr == ccNoError) { + ccerr = cc_context_get_default_ccache_name (cc_context, &default_name); + } + + if (ccerr == ccNoError) { + if (strlen (default_name -> data) + 5 > name_size) { + result = ENOMEM; + goto cleanup; + } else { + snprintf (name_buf, name_size, "API:%s", + default_name -> data); + } + } + cleanup: - if (cc_context != NULL) { - cc_context_release (cc_context); - } - - if (default_name != NULL) { - cc_string_release (default_name); - } - - return result; + if (cc_context != NULL) { + cc_context_release (cc_context); + } + + if (default_name != NULL) { + cc_string_release (default_name); + } + + return result; } #else @@ -245,9 +246,9 @@ krb5_cc_set_default_name(krb5_context context, const char *name) { krb5_error_code err = 0; char *new_ccname = NULL; - + if (!context || context->magic != KV5M_CONTEXT) { err = KV5M_CONTEXT; } - + if (name != NULL) { if (!err) { /* If the name isn't NULL, make a copy of it */ @@ -255,7 +256,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name) if (new_ccname == NULL) { err = ENOMEM; } } } - + if (!err) { /* free the old ccname and store the new one */ krb5_os_context os_ctx = &context->os_context; @@ -263,42 +264,42 @@ krb5_cc_set_default_name(krb5_context context, const char *name) os_ctx->default_ccname = new_ccname; new_ccname = NULL; /* don't free */ } - + return err; } - + const char * KRB5_CALLCONV krb5_cc_default_name(krb5_context context) { krb5_error_code err = 0; krb5_os_context os_ctx = NULL; - + if (!context || context->magic != KV5M_CONTEXT) { err = KV5M_CONTEXT; } - + if (!err) { os_ctx = &context->os_context; - + if (os_ctx->default_ccname == NULL) { /* Default ccache name has not been set yet */ char *new_ccname = NULL; char new_ccbuf[1024]; - + /* try the environment variable first */ new_ccname = getenv(KRB5_ENV_CCNAME); - + if (new_ccname == NULL) { /* fall back on the default ccache name for the OS */ new_ccname = new_ccbuf; err = get_from_os (new_ccbuf, sizeof (new_ccbuf)); } - + if (!err) { err = krb5_cc_set_default_name (context, new_ccname); } } } - + return err ? NULL : os_ctx->default_ccname; } @@ -314,7 +315,7 @@ krb5int_cc_os_default_name(krb5_context context, char **name) *name = NULL; tmpname = malloc(BUFSIZ); if (tmpname == NULL) - return ENOMEM; + return ENOMEM; retval = get_from_os(tmpname, BUFSIZ); *name = tmpname; diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c index 7811387..10a54d2 100644 --- a/src/lib/krb5/os/changepw.c +++ b/src/lib/krb5/os/changepw.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/changepw.c * @@ -44,11 +45,11 @@ #endif struct sendto_callback_context { - krb5_context context; - krb5_auth_context auth_context; - krb5_principal set_password_for; - char *newpw; - krb5_data ap_req; + krb5_context context; + krb5_auth_context auth_context; + krb5_principal set_password_for; + char *newpw; + krb5_data ap_req; krb5_ui_4 remote_seq_num, local_seq_num; }; @@ -58,30 +59,30 @@ struct sendto_callback_context { static krb5_error_code krb5_locate_kpasswd(krb5_context context, const krb5_data *realm, - struct addrlist *addrlist, krb5_boolean useTcp) + struct addrlist *addrlist, krb5_boolean useTcp) { krb5_error_code code; int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM); code = krb5int_locate_server (context, realm, addrlist, - locate_service_kpasswd, sockType, AF_INET); + locate_service_kpasswd, sockType, AF_INET); if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) { - code = krb5int_locate_server (context, realm, addrlist, - locate_service_kadmin, SOCK_STREAM, - AF_INET); - if (!code) { - /* Success with admin_server but now we need to change the - port number to use DEFAULT_KPASSWD_PORT and the socktype. */ - int i; - for (i=0; i<addrlist->naddrs; i++) { - struct addrinfo *a = addrlist->addrs[i].ai; - if (a->ai_family == AF_INET) - sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); - if (sockType != SOCK_STREAM) - a->ai_socktype = sockType; - } - } + code = krb5int_locate_server (context, realm, addrlist, + locate_service_kadmin, SOCK_STREAM, + AF_INET); + if (!code) { + /* Success with admin_server but now we need to change the + port number to use DEFAULT_KPASSWD_PORT and the socktype. */ + int i; + for (i=0; i<addrlist->naddrs; i++) { + struct addrinfo *a = addrlist->addrs[i].ai; + if (a->ai_family == AF_INET) + sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); + if (sockType != SOCK_STREAM) + a->ai_socktype = sockType; + } + } } return (code); } @@ -91,24 +92,24 @@ krb5_locate_kpasswd(krb5_context context, const krb5_data *realm, * This routine is used for a callback in sendto_kdc.c code. Simply * put, we need the client addr to build the krb_priv portion of the * password request. - */ + */ static void kpasswd_sendto_msg_cleanup (void* callback_context, krb5_data* message) { struct sendto_callback_context *ctx = callback_context; - krb5_free_data_contents(ctx->context, message); + krb5_free_data_contents(ctx->context, message); } - + static int kpasswd_sendto_msg_callback(struct conn_state *conn, void *callback_context, krb5_data* message) { - krb5_error_code code = 0; - struct sockaddr_storage local_addr; - krb5_address local_kaddr; - struct sendto_callback_context *ctx = callback_context; - GETSOCKNAME_ARG3_TYPE addrlen; - krb5_data output; + krb5_error_code code = 0; + struct sockaddr_storage local_addr; + krb5_address local_kaddr; + struct sendto_callback_context *ctx = callback_context; + GETSOCKNAME_ARG3_TYPE addrlen; + krb5_data output; memset (message, 0, sizeof(krb5_data)); @@ -118,37 +119,37 @@ static int kpasswd_sendto_msg_callback(struct conn_state *conn, void *callback_c addrlen = sizeof(local_addr); if (getsockname(conn->fd, ss2sa(&local_addr), &addrlen) < 0) { - code = SOCKET_ERRNO; - goto cleanup; + code = SOCKET_ERRNO; + goto cleanup; } /* some brain-dead OS's don't return useful information from * the getsockname call. Namely, windows and solaris. */ if (ss2sin(&local_addr)->sin_addr.s_addr != 0) { - local_kaddr.addrtype = ADDRTYPE_INET; - local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr); - local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr; + local_kaddr.addrtype = ADDRTYPE_INET; + local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr); + local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr; } else { - krb5_address **addrs; - - code = krb5_os_localaddr(ctx->context, &addrs); - if (code) - goto cleanup; - - local_kaddr.magic = addrs[0]->magic; - local_kaddr.addrtype = addrs[0]->addrtype; - local_kaddr.length = addrs[0]->length; - local_kaddr.contents = malloc(addrs[0]->length); - if (local_kaddr.contents == NULL && addrs[0]->length != 0) { - code = ENOMEM; - krb5_free_addresses(ctx->context, addrs); - goto cleanup; - } - if (addrs[0]->length) - memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length); - - krb5_free_addresses(ctx->context, addrs); + krb5_address **addrs; + + code = krb5_os_localaddr(ctx->context, &addrs); + if (code) + goto cleanup; + + local_kaddr.magic = addrs[0]->magic; + local_kaddr.addrtype = addrs[0]->addrtype; + local_kaddr.length = addrs[0]->length; + local_kaddr.contents = malloc(addrs[0]->length); + if (local_kaddr.contents == NULL && addrs[0]->length != 0) { + code = ENOMEM; + krb5_free_addresses(ctx->context, addrs); + goto cleanup; + } + if (addrs[0]->length) + memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length); + + krb5_free_addresses(ctx->context, addrs); } @@ -159,27 +160,27 @@ static int kpasswd_sendto_msg_callback(struct conn_state *conn, void *callback_c if ((code = krb5_auth_con_setaddrs(ctx->context, ctx->auth_context, - &local_kaddr, NULL))) - goto cleanup; + &local_kaddr, NULL))) + goto cleanup; ctx->auth_context->remote_seq_number = ctx->remote_seq_num; ctx->auth_context->local_seq_number = ctx->local_seq_num; if (ctx->set_password_for) - code = krb5int_mk_setpw_req(ctx->context, - ctx->auth_context, - &ctx->ap_req, - ctx->set_password_for, - ctx->newpw, - &output); + code = krb5int_mk_setpw_req(ctx->context, + ctx->auth_context, + &ctx->ap_req, + ctx->set_password_for, + ctx->newpw, + &output); else - code = krb5int_mk_chpw_req(ctx->context, - ctx->auth_context, - &ctx->ap_req, - ctx->newpw, - &output); + code = krb5int_mk_chpw_req(ctx->context, + ctx->auth_context, + &ctx->ap_req, + ctx->newpw, + &output); if (code) - goto cleanup; + goto cleanup; message->length = output.length; message->data = output.data; @@ -191,28 +192,28 @@ cleanup: /* ** The logic for setting and changing a password is mostly the same -** krb5_change_set_password handles both cases -** if set_password_for is NULL, then a password change is performed, +** krb5_change_set_password handles both cases +** if set_password_for is NULL, then a password change is performed, ** otherwise, the password is set for the principal indicated in set_password_for */ static krb5_error_code KRB5_CALLCONV krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw, - krb5_principal set_password_for, - int *result_code, krb5_data *result_code_string, - krb5_data *result_string) + krb5_principal set_password_for, + int *result_code, krb5_data *result_code_string, + krb5_data *result_string) { - krb5_data chpw_rep; - krb5_address remote_kaddr; - krb5_boolean useTcp = 0; - GETSOCKNAME_ARG3_TYPE addrlen; - krb5_error_code code = 0; - char *code_string; - int local_result_code; - + krb5_data chpw_rep; + krb5_address remote_kaddr; + krb5_boolean useTcp = 0; + GETSOCKNAME_ARG3_TYPE addrlen; + krb5_error_code code = 0; + char *code_string; + int local_result_code; + struct sendto_callback_context callback_ctx; - struct sendto_callback_info callback_info; - struct sockaddr_storage remote_addr; - struct addrlist al = ADDRLIST_INIT; + struct sendto_callback_info callback_info; + struct sockaddr_storage remote_addr; + struct addrlist al = ADDRLIST_INIT; memset(&chpw_rep, 0, sizeof(krb5_data)); memset( &callback_ctx, 0, sizeof(struct sendto_callback_context)); @@ -220,123 +221,123 @@ krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw, callback_ctx.newpw = newpw; callback_ctx.set_password_for = set_password_for; - if ((code = krb5_auth_con_init(callback_ctx.context, - &callback_ctx.auth_context))) - goto cleanup; + if ((code = krb5_auth_con_init(callback_ctx.context, + &callback_ctx.auth_context))) + goto cleanup; - if ((code = krb5_mk_req_extended(callback_ctx.context, - &callback_ctx.auth_context, - AP_OPTS_USE_SUBKEY, - NULL, - creds, - &callback_ctx.ap_req))) - goto cleanup; + if ((code = krb5_mk_req_extended(callback_ctx.context, + &callback_ctx.auth_context, + AP_OPTS_USE_SUBKEY, + NULL, + creds, + &callback_ctx.ap_req))) + goto cleanup; callback_ctx.remote_seq_num = callback_ctx.auth_context->remote_seq_number; callback_ctx.local_seq_num = callback_ctx.auth_context->local_seq_number; do { - if ((code = krb5_locate_kpasswd(callback_ctx.context, - krb5_princ_realm(callback_ctx.context, - creds->server), - &al, useTcp))) - break; - - addrlen = sizeof(remote_addr); - - callback_info.context = (void*) &callback_ctx; - callback_info.pfn_callback = kpasswd_sendto_msg_callback; - callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup; - - if ((code = krb5int_sendto(callback_ctx.context, - NULL, - &al, - &callback_info, - &chpw_rep, - NULL, - NULL, - ss2sa(&remote_addr), + if ((code = krb5_locate_kpasswd(callback_ctx.context, + krb5_princ_realm(callback_ctx.context, + creds->server), + &al, useTcp))) + break; + + addrlen = sizeof(remote_addr); + + callback_info.context = (void*) &callback_ctx; + callback_info.pfn_callback = kpasswd_sendto_msg_callback; + callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup; + + if ((code = krb5int_sendto(callback_ctx.context, + NULL, + &al, + &callback_info, + &chpw_rep, + NULL, + NULL, + ss2sa(&remote_addr), &addrlen, - NULL, - NULL, - NULL - ))) { - - /* - * Here we may want to switch to TCP on some errors. - * right? - */ - break; - } - - remote_kaddr.addrtype = ADDRTYPE_INET; - remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr); - remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr; - - if ((code = krb5_auth_con_setaddrs(callback_ctx.context, - callback_ctx.auth_context, - NULL, - &remote_kaddr))) - break; - - if (set_password_for) - code = krb5int_rd_setpw_rep(callback_ctx.context, - callback_ctx.auth_context, - &chpw_rep, - &local_result_code, - result_string); - else - code = krb5int_rd_chpw_rep(callback_ctx.context, - callback_ctx.auth_context, - &chpw_rep, - &local_result_code, - result_string); - - if (code) { - if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) { - krb5int_free_addrlist (&al); - useTcp = 1; - continue; - } - - break; - } - - if (result_code) - *result_code = local_result_code; - - if (result_code_string) { - if (set_password_for) - code = krb5int_setpw_result_code_string(callback_ctx.context, - local_result_code, - (const char **)&code_string); - else - code = krb5_chpw_result_code_string(callback_ctx.context, - local_result_code, - &code_string); - if(code) - goto cleanup; - - result_code_string->length = strlen(code_string); - result_code_string->data = malloc(result_code_string->length); - if (result_code_string->data == NULL) { - code = ENOMEM; - goto cleanup; - } - strncpy(result_code_string->data, code_string, result_code_string->length); - } - - if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) { - krb5int_free_addrlist (&al); - useTcp = 1; + NULL, + NULL, + NULL + ))) { + + /* + * Here we may want to switch to TCP on some errors. + * right? + */ + break; + } + + remote_kaddr.addrtype = ADDRTYPE_INET; + remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr); + remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr; + + if ((code = krb5_auth_con_setaddrs(callback_ctx.context, + callback_ctx.auth_context, + NULL, + &remote_kaddr))) + break; + + if (set_password_for) + code = krb5int_rd_setpw_rep(callback_ctx.context, + callback_ctx.auth_context, + &chpw_rep, + &local_result_code, + result_string); + else + code = krb5int_rd_chpw_rep(callback_ctx.context, + callback_ctx.auth_context, + &chpw_rep, + &local_result_code, + result_string); + + if (code) { + if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) { + krb5int_free_addrlist (&al); + useTcp = 1; + continue; + } + + break; + } + + if (result_code) + *result_code = local_result_code; + + if (result_code_string) { + if (set_password_for) + code = krb5int_setpw_result_code_string(callback_ctx.context, + local_result_code, + (const char **)&code_string); + else + code = krb5_chpw_result_code_string(callback_ctx.context, + local_result_code, + &code_string); + if(code) + goto cleanup; + + result_code_string->length = strlen(code_string); + result_code_string->data = malloc(result_code_string->length); + if (result_code_string->data == NULL) { + code = ENOMEM; + goto cleanup; + } + strncpy(result_code_string->data, code_string, result_code_string->length); + } + + if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) { + krb5int_free_addrlist (&al); + useTcp = 1; } else { - break; - } + break; + } } while (TRUE); cleanup: if (callback_ctx.auth_context != NULL) - krb5_auth_con_free(callback_ctx.context, callback_ctx.auth_context); + krb5_auth_con_free(callback_ctx.context, callback_ctx.auth_context); krb5int_free_addrlist (&al); krb5_free_data_contents(callback_ctx.context, &callback_ctx.ap_req); @@ -348,8 +349,8 @@ cleanup: krb5_error_code KRB5_CALLCONV krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) { - return krb5_change_set_password( - context, creds, newpw, NULL, result_code, result_code_string, result_string ); + return krb5_change_set_password( + context, creds, newpw, NULL, result_code, result_code_string, result_string ); } /* @@ -359,29 +360,29 @@ krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int * krb5_error_code KRB5_CALLCONV krb5_set_password( - krb5_context context, - krb5_creds *creds, - char *newpw, - krb5_principal change_password_for, - int *result_code, krb5_data *result_code_string, krb5_data *result_string - ) + krb5_context context, + krb5_creds *creds, + char *newpw, + krb5_principal change_password_for, + int *result_code, krb5_data *result_code_string, krb5_data *result_string +) { - return krb5_change_set_password( - context, creds, newpw, change_password_for, result_code, result_code_string, result_string ); + return krb5_change_set_password( + context, creds, newpw, change_password_for, result_code, result_code_string, result_string ); } krb5_error_code KRB5_CALLCONV krb5_set_password_using_ccache( - krb5_context context, - krb5_ccache ccache, - char *newpw, - krb5_principal change_password_for, - int *result_code, krb5_data *result_code_string, krb5_data *result_string - ) + krb5_context context, + krb5_ccache ccache, + char *newpw, + krb5_principal change_password_for, + int *result_code, krb5_data *result_code_string, krb5_data *result_string +) { - krb5_creds creds; - krb5_creds *credsp; - krb5_error_code code; + krb5_creds creds; + krb5_creds *credsp; + krb5_error_code code; /* ** get the proper creds for use with krb5_set_password - @@ -392,20 +393,20 @@ krb5_set_password_using_ccache( */ code = krb5_cc_get_principal (context, ccache, &creds.client); if (!code) { - code = krb5_build_principal(context, &creds.server, - krb5_princ_realm(context, change_password_for)->length, - krb5_princ_realm(context, change_password_for)->data, - "kadmin", "changepw", NULL); - if (!code) { - code = krb5_get_credentials(context, 0, ccache, &creds, &credsp); - if (!code) { - code = krb5_set_password(context, credsp, newpw, change_password_for, - result_code, result_code_string, - result_string); - krb5_free_creds(context, credsp); - } - } - krb5_free_cred_contents(context, &creds); + code = krb5_build_principal(context, &creds.server, + krb5_princ_realm(context, change_password_for)->length, + krb5_princ_realm(context, change_password_for)->data, + "kadmin", "changepw", NULL); + if (!code) { + code = krb5_get_credentials(context, 0, ccache, &creds, &credsp); + if (!code) { + code = krb5_set_password(context, credsp, newpw, change_password_for, + result_code, result_code_string, + result_string); + krb5_free_creds(context, credsp); + } + } + krb5_free_cred_contents(context, &creds); } return code; } diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c index 998e555..5b6f88d 100644 --- a/src/lib/krb5/os/def_realm.c +++ b/src/lib/krb5/os/def_realm.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/def_realm.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_get_default_realm(), krb5_set_default_realm(), * krb5_free_default_realm() functions. @@ -32,7 +33,7 @@ #include "os-proto.h" #include <stdio.h> -#ifdef KRB5_DNS_LOOKUP +#ifdef KRB5_DNS_LOOKUP #ifdef WSHELPER #include <wshelper.h> #else /* WSHELPER */ @@ -58,9 +59,9 @@ * Retrieves the default realm to be used if no user-specified realm is * available. [e.g. to interpret a user-typed principal name with the * realm omitted for convenience] - * + * * returns system errors, NOT_ENOUGH_SPACE, KV5M_CONTEXT -*/ + */ /* * Implementation: the default realm is stored in a configuration file, @@ -74,8 +75,8 @@ krb5_get_default_realm(krb5_context context, char **lrealm) char *realm = 0; krb5_error_code retval; - if (!context || (context->magic != KV5M_CONTEXT)) - return KV5M_CONTEXT; + if (!context || (context->magic != KV5M_CONTEXT)) + return KV5M_CONTEXT; if (!context->default_realm) { /* @@ -98,7 +99,7 @@ krb5_get_default_realm(krb5_context context, char **lrealm) } } #ifndef KRB5_DNS_LOOKUP - else + else return KRB5_CONFIG_CANTOPEN; #else /* KRB5_DNS_LOOKUP */ if (context->default_realm == 0) { @@ -121,7 +122,7 @@ krb5_get_default_realm(krb5_context context, char **lrealm) if ( localhost[0] ) { p = localhost; do { - retval = krb5_try_realm_txt_rr("_kerberos", p, + retval = krb5_try_realm_txt_rr("_kerberos", p, &context->default_realm); p = strchr(p,'.'); if (p) @@ -129,10 +130,10 @@ krb5_get_default_realm(krb5_context context, char **lrealm) } while (retval && p && p[0]); if (retval) - retval = krb5_try_realm_txt_rr("_kerberos", "", + retval = krb5_try_realm_txt_rr("_kerberos", "", &context->default_realm); } else { - retval = krb5_try_realm_txt_rr("_kerberos", "", + retval = krb5_try_realm_txt_rr("_kerberos", "", &context->default_realm); } if (retval) { @@ -152,7 +153,7 @@ krb5_get_default_realm(krb5_context context, char **lrealm) } realm = context->default_realm; - + if (!(*lrealm = strdup(realm))) return ENOMEM; return(0); @@ -161,22 +162,22 @@ krb5_get_default_realm(krb5_context context, char **lrealm) krb5_error_code KRB5_CALLCONV krb5_set_default_realm(krb5_context context, const char *lrealm) { - if (!context || (context->magic != KV5M_CONTEXT)) - return KV5M_CONTEXT; + if (!context || (context->magic != KV5M_CONTEXT)) + return KV5M_CONTEXT; if (context->default_realm) { - free(context->default_realm); - context->default_realm = 0; + free(context->default_realm); + context->default_realm = 0; } - /* Allow the user to clear the default realm setting by passing in + /* Allow the user to clear the default realm setting by passing in NULL */ if (!lrealm) return 0; context->default_realm = strdup(lrealm); if (!context->default_realm) - return ENOMEM; + return ENOMEM; return(0); @@ -201,10 +202,10 @@ krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char ** if (retval) return retval; /* - Search for the best match for the host or domain. - Example: Given a host a.b.c.d, try to match on: - 1) a.b.c.d 2) .b.c.d. 3) b.c.d 4) .c.d 5) c.d 6) .d 7) d - */ + Search for the best match for the host or domain. + Example: Given a host a.b.c.d, try to match on: + 1) a.b.c.d 2) .b.c.d. 3) b.c.d 4) .c.d 5) c.d 6) .d 7) d + */ cp = temp_host; realm = (char *)NULL; @@ -216,7 +217,7 @@ krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char ** return retval; if (temp_realm != (char *)NULL) break; /* Match found */ - + /* Setup for another test */ if (*cp == '.') { cp++; @@ -244,4 +245,3 @@ krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char ** *realmsp = retrealms; return 0; } - diff --git a/src/lib/krb5/os/dnsglue.c b/src/lib/krb5/os/dnsglue.c index 55e1cd9..f07f821 100644 --- a/src/lib/krb5/os/dnsglue.c +++ b/src/lib/krb5/os/dnsglue.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/dnsglue.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #include "autoconf.h" #ifdef KRB5_DNS_LOOKUP @@ -72,7 +73,7 @@ static int initparse(struct krb5int_dns_state *); */ int krb5int_dns_init(struct krb5int_dns_state **dsp, - char *host, int nclass, int ntype) + char *host, int nclass, int ntype) { #if USE_RES_NINIT struct __res_state statbuf; @@ -84,7 +85,7 @@ krb5int_dns_init(struct krb5int_dns_state **dsp, *dsp = ds = malloc(sizeof(*ds)); if (ds == NULL) - return -1; + return -1; ret = -1; ds->nclass = nclass; @@ -106,36 +107,36 @@ krb5int_dns_init(struct krb5int_dns_state **dsp, ret = res_init(); #endif if (ret < 0) - return -1; + return -1; do { - p = (ds->ansp == NULL) - ? malloc(nextincr) : realloc(ds->ansp, nextincr); + p = (ds->ansp == NULL) + ? malloc(nextincr) : realloc(ds->ansp, nextincr); - if (p == NULL) { - ret = -1; - goto errout; - } - ds->ansp = p; - ds->ansmax = nextincr; + if (p == NULL) { + ret = -1; + goto errout; + } + ds->ansp = p; + ds->ansmax = nextincr; #if USE_RES_NINIT - len = res_nsearch(&statbuf, host, ds->nclass, ds->ntype, - ds->ansp, ds->ansmax); + len = res_nsearch(&statbuf, host, ds->nclass, ds->ntype, + ds->ansp, ds->ansmax); #else - len = res_search(host, ds->nclass, ds->ntype, - ds->ansp, ds->ansmax); + len = res_search(host, ds->nclass, ds->ntype, + ds->ansp, ds->ansmax); #endif - if (len > maxincr) { - ret = -1; - goto errout; - } - while (nextincr < len) - nextincr *= 2; - if (len < 0 || nextincr > maxincr) { - ret = -1; - goto errout; - } + if (len > maxincr) { + ret = -1; + goto errout; + } + while (nextincr < len) + nextincr *= 2; + if (len < 0 || nextincr > maxincr) { + ret = -1; + goto errout; + } } while (len > ds->ansmax); ds->anslen = len; @@ -145,7 +146,7 @@ krb5int_dns_init(struct krb5int_dns_state **dsp, ret = initparse(ds); #endif if (ret < 0) - goto errout; + goto errout; ret = 0; @@ -154,10 +155,10 @@ errout: res_ndestroy(&statbuf); #endif if (ret < 0) { - if (ds->ansp != NULL) { - free(ds->ansp); - ds->ansp = NULL; - } + if (ds->ansp != NULL) { + free(ds->ansp); + ds->ansp = NULL; + } } return ret; @@ -172,7 +173,7 @@ errout: */ int krb5int_dns_nextans(struct krb5int_dns_state *ds, - const unsigned char **pp, int *lenp) + const unsigned char **pp, int *lenp) { int len; ns_rr rr; @@ -180,16 +181,16 @@ krb5int_dns_nextans(struct krb5int_dns_state *ds, *pp = NULL; *lenp = 0; while (ds->cur_ans < ns_msg_count(ds->msg, ns_s_an)) { - len = ns_parserr(&ds->msg, ns_s_an, ds->cur_ans, &rr); - if (len < 0) - return -1; - ds->cur_ans++; - if (ds->nclass == ns_rr_class(rr) - && ds->ntype == ns_rr_type(rr)) { - *pp = ns_rr_rdata(rr); - *lenp = ns_rr_rdlen(rr); - return 0; - } + len = ns_parserr(&ds->msg, ns_s_an, ds->cur_ans, &rr); + if (len < 0) + return -1; + ds->cur_ans++; + if (ds->nclass == ns_rr_class(rr) + && ds->ntype == ns_rr_type(rr)) { + *pp = ns_rr_rdata(rr); + *lenp = ns_rr_rdlen(rr); + return 0; + } } return 0; } @@ -199,18 +200,18 @@ krb5int_dns_nextans(struct krb5int_dns_state *ds, * krb5int_dns_expand - wrapper for dn_expand() */ int krb5int_dns_expand(struct krb5int_dns_state *ds, - const unsigned char *p, - char *buf, int len) + const unsigned char *p, + char *buf, int len) { #if HAVE_NS_NAME_UNCOMPRESS return ns_name_uncompress(ds->ansp, - (unsigned char *)ds->ansp + ds->anslen, - p, buf, (size_t)len); + (unsigned char *)ds->ansp + ds->anslen, + p, buf, (size_t)len); #else return dn_expand(ds->ansp, - (unsigned char *)ds->ansp + ds->anslen, - p, buf, len); + (unsigned char *)ds->ansp + ds->anslen, + p, buf, len); #endif } @@ -221,9 +222,9 @@ void krb5int_dns_fini(struct krb5int_dns_state *ds) { if (ds == NULL) - return; + return; if (ds->ansp != NULL) - free(ds->ansp); + free(ds->ansp); free(ds); } @@ -251,7 +252,7 @@ initparse(struct krb5int_dns_state *ds) #endif if (ds->anslen < sizeof(HEADER)) - return -1; + return -1; hdr = (HEADER *)ds->ansp; p = ds->ansp; @@ -264,14 +265,14 @@ initparse(struct krb5int_dns_state *ds) */ while (nqueries--) { #if HAVE_DN_SKIPNAME - len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen); + len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen); #else - len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen, - p, host, sizeof(host)); + len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen, + p, host, sizeof(host)); #endif - if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len + 4)) - return -1; - p += len + 4; + if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len + 4)) + return -1; + p += len + 4; } ds->ptr = p; ds->nanswers = nanswers; @@ -285,7 +286,7 @@ initparse(struct krb5int_dns_state *ds) */ int krb5int_dns_nextans(struct krb5int_dns_state *ds, - const unsigned char **pp, int *lenp) + const unsigned char **pp, int *lenp) { int len; unsigned char *p; @@ -300,30 +301,30 @@ krb5int_dns_nextans(struct krb5int_dns_state *ds, while (ds->nanswers--) { #if HAVE_DN_SKIPNAME - len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen); + len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen); #else - len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen, - p, host, sizeof(host)); + len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen, + p, host, sizeof(host)); #endif - if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len)) - return -1; - p += len; - SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, ntype, out); - /* Also skip 4 bytes of TTL */ - SAFE_GETUINT16(ds->ansp, ds->anslen, p, 6, nclass, out); - SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, rdlen, out); - - if (!INCR_OK(ds->ansp, ds->anslen, p, rdlen)) - return -1; - if (rdlen > INT_MAX) - return -1; - if (nclass == ds->nclass && ntype == ds->ntype) { - *pp = p; - *lenp = rdlen; - ds->ptr = p + rdlen; - return 0; - } - p += rdlen; + if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len)) + return -1; + p += len; + SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, ntype, out); + /* Also skip 4 bytes of TTL */ + SAFE_GETUINT16(ds->ansp, ds->anslen, p, 6, nclass, out); + SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, rdlen, out); + + if (!INCR_OK(ds->ansp, ds->anslen, p, rdlen)) + return -1; + if (rdlen > INT_MAX) + return -1; + if (nclass == ds->nclass && ntype == ds->ntype) { + *pp = p; + *lenp = rdlen; + ds->ptr = p + rdlen; + return 0; + } + p += rdlen; } return 0; out: diff --git a/src/lib/krb5/os/dnsglue.h b/src/lib/krb5/os/dnsglue.h index c73a433..d829886 100644 --- a/src/lib/krb5/os/dnsglue.h +++ b/src/lib/krb5/os/dnsglue.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/dnsglue.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -59,11 +60,11 @@ #endif /* WSHELPER */ #if HAVE_SYS_PARAM_H -#include <sys/param.h> /* for MAXHOSTNAMELEN */ +#include <sys/param.h> /* for MAXHOSTNAMELEN */ #endif #ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 64 /* if we can't find it elswhere */ +#define MAXHOSTNAMELEN 64 /* if we can't find it elswhere */ #endif #ifndef MAXDNAME @@ -124,9 +125,9 @@ * Given moving pointer PTR offset from BASE, return true if adding * INCR to PTR doesn't move it PTR than MAX bytes from BASE. */ -#define INCR_OK(base, max, ptr, incr) \ - ((incr) <= (max) - ((const unsigned char *)(ptr) \ - - (const unsigned char *)(base))) +#define INCR_OK(base, max, ptr, incr) \ + ((incr) <= (max) - ((const unsigned char *)(ptr) \ + - (const unsigned char *)(base))) /* * SAFE_GETUINT16 @@ -136,21 +137,21 @@ * failure, goto LABEL. */ -#define SAFE_GETUINT16(base, max, ptr, incr, s, label) \ - do { \ - if (!INCR_OK(base, max, ptr, incr)) goto label; \ - (s) = (unsigned short)(p)[0] << 8 \ - | (unsigned short)(p)[1]; \ - (p) += (incr); \ +#define SAFE_GETUINT16(base, max, ptr, incr, s, label) \ + do { \ + if (!INCR_OK(base, max, ptr, incr)) goto label; \ + (s) = (unsigned short)(p)[0] << 8 \ + | (unsigned short)(p)[1]; \ + (p) += (incr); \ } while (0) struct krb5int_dns_state; int krb5int_dns_init(struct krb5int_dns_state **, char *, int, int); int krb5int_dns_nextans(struct krb5int_dns_state *, - const unsigned char **, int *); + const unsigned char **, int *); int krb5int_dns_expand(struct krb5int_dns_state *, - const unsigned char *, char *, int); + const unsigned char *, char *, int); void krb5int_dns_fini(struct krb5int_dns_state *); #endif /* KRB5_DNS_LOOKUP */ diff --git a/src/lib/krb5/os/dnssrv.c b/src/lib/krb5/os/dnssrv.c index 4dcd57c..31239f4 100644 --- a/src/lib/krb5/os/dnssrv.c +++ b/src/lib/krb5/os/dnssrv.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/dnssrv.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * do DNS SRV RR queries */ @@ -40,10 +41,10 @@ void krb5int_free_srv_dns_data (struct srv_dns_entry *p) { struct srv_dns_entry *next; while (p) { - next = p->next; - free(p->host); - free(p); - p = next; + next = p->next; + free(p->host); + free(p); + p = next; } } @@ -55,9 +56,9 @@ void krb5int_free_srv_dns_data (struct srv_dns_entry *p) krb5_error_code krb5int_make_srv_query_realm(const krb5_data *realm, - const char *service, - const char *protocol, - struct srv_dns_entry **answers) + const char *service, + const char *protocol, + struct srv_dns_entry **answers) { const unsigned char *p = NULL, *base = NULL; char host[MAXDNAME]; @@ -81,7 +82,7 @@ krb5int_make_srv_query_realm(const krb5_data *realm, */ if (memchr(realm->data, 0, realm->length)) - return 0; + return 0; krb5int_buf_init_fixed(&buf, host, sizeof(host)); krb5int_buf_add_fmt(&buf, "%s.%s.", service, protocol); krb5int_buf_add_len(&buf, realm->data, realm->length); @@ -89,7 +90,7 @@ krb5int_make_srv_query_realm(const krb5_data *realm, /* Realm names don't (normally) end with ".", but if the query doesn't end with "." and doesn't get an answer as is, the resolv code will try appending the local domain. Since the - realm names are absolutes, let's stop that. + realm names are absolutes, let's stop that. But only if a name has been specified. If we are performing a search on the prefix alone then the intention is to allow @@ -97,10 +98,10 @@ krb5int_make_srv_query_realm(const krb5_data *realm, len = krb5int_buf_len(&buf); if (len > 0 && host[len - 1] != '.') - krb5int_buf_add(&buf, "."); + krb5int_buf_add(&buf, "."); if (krb5int_buf_data(&buf) == NULL) - return 0; + return 0; #ifdef TEST fprintf (stderr, "sending DNS SRV query for %s\n", host); @@ -108,75 +109,75 @@ krb5int_make_srv_query_realm(const krb5_data *realm, size = krb5int_dns_init(&ds, host, C_IN, T_SRV); if (size < 0) - goto out; + goto out; for (;;) { - ret = krb5int_dns_nextans(ds, &base, &rdlen); - if (ret < 0 || base == NULL) - goto out; - - p = base; - - SAFE_GETUINT16(base, rdlen, p, 2, priority, out); - SAFE_GETUINT16(base, rdlen, p, 2, weight, out); - SAFE_GETUINT16(base, rdlen, p, 2, port, out); - - /* - * RFC 2782 says the target is never compressed in the reply; - * do we believe that? We need to flatten it anyway, though. - */ - nlen = krb5int_dns_expand(ds, p, host, sizeof(host)); - if (nlen < 0 || !INCR_OK(base, rdlen, p, nlen)) - goto out; - - /* - * We got everything! Insert it into our list, but make sure - * it's in the right order. Right now we don't do anything - * with the weight field - */ - - srv = (struct srv_dns_entry *) malloc(sizeof(struct srv_dns_entry)); - if (srv == NULL) - goto out; - - srv->priority = priority; - srv->weight = weight; - srv->port = port; - /* The returned names are fully qualified. Don't let the - local resolver code do domain search path stuff. */ - if (asprintf(&srv->host, "%s.", host) < 0) { - free(srv); - goto out; - } - - if (head == NULL || head->priority > srv->priority) { - srv->next = head; - head = srv; - } else { - /* - * This is confusing. Only insert an entry into this - * spot if: - * The next person has a higher priority (lower priorities - * are preferred). - * Or - * There is no next entry (we're at the end) - */ - for (entry = head; entry != NULL; entry = entry->next) { - if ((entry->next && - entry->next->priority > srv->priority) || - entry->next == NULL) { - srv->next = entry->next; - entry->next = srv; - break; - } - } - } + ret = krb5int_dns_nextans(ds, &base, &rdlen); + if (ret < 0 || base == NULL) + goto out; + + p = base; + + SAFE_GETUINT16(base, rdlen, p, 2, priority, out); + SAFE_GETUINT16(base, rdlen, p, 2, weight, out); + SAFE_GETUINT16(base, rdlen, p, 2, port, out); + + /* + * RFC 2782 says the target is never compressed in the reply; + * do we believe that? We need to flatten it anyway, though. + */ + nlen = krb5int_dns_expand(ds, p, host, sizeof(host)); + if (nlen < 0 || !INCR_OK(base, rdlen, p, nlen)) + goto out; + + /* + * We got everything! Insert it into our list, but make sure + * it's in the right order. Right now we don't do anything + * with the weight field + */ + + srv = (struct srv_dns_entry *) malloc(sizeof(struct srv_dns_entry)); + if (srv == NULL) + goto out; + + srv->priority = priority; + srv->weight = weight; + srv->port = port; + /* The returned names are fully qualified. Don't let the + local resolver code do domain search path stuff. */ + if (asprintf(&srv->host, "%s.", host) < 0) { + free(srv); + goto out; + } + + if (head == NULL || head->priority > srv->priority) { + srv->next = head; + head = srv; + } else { + /* + * This is confusing. Only insert an entry into this + * spot if: + * The next person has a higher priority (lower priorities + * are preferred). + * Or + * There is no next entry (we're at the end) + */ + for (entry = head; entry != NULL; entry = entry->next) { + if ((entry->next && + entry->next->priority > srv->priority) || + entry->next == NULL) { + srv->next = entry->next; + entry->next = srv; + break; + } + } + } } out: if (ds != NULL) { - krb5int_dns_fini(ds); - ds = NULL; + krb5int_dns_fini(ds); + ds = NULL; } *answers = head; return 0; diff --git a/src/lib/krb5/os/free_hstrl.c b/src/lib/krb5/os/free_hstrl.c index 4900fce..58222a6 100644 --- a/src/lib/krb5/os/free_hstrl.c +++ b/src/lib/krb5/os/free_hstrl.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/free_hstrl.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_free_host_realm() */ @@ -31,8 +32,8 @@ #include <stdio.h> /* - Frees the storage taken by a realm list returned by krb5_get_host_realm. - */ + Frees the storage taken by a realm list returned by krb5_get_host_realm. +*/ krb5_error_code KRB5_CALLCONV krb5_free_host_realm(krb5_context context, char *const *realmlist) diff --git a/src/lib/krb5/os/free_krbhs.c b/src/lib/krb5/os/free_krbhs.c index d7776b4..ddbbc3b 100644 --- a/src/lib/krb5/os/free_krbhs.c +++ b/src/lib/krb5/os/free_krbhs.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/free_krbhs.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_free_krbhst() function */ @@ -30,8 +31,8 @@ #include "k5-int.h" /* - Frees the storage taken by a host list returned by krb5_get_krbhst. - */ + Frees the storage taken by a host list returned by krb5_get_krbhst. +*/ krb5_error_code krb5_free_krbhst(krb5_context context, char *const *hostlist) @@ -39,9 +40,9 @@ krb5_free_krbhst(krb5_context context, char *const *hostlist) register char * const *cp; if (hostlist == NULL) - return 0; + return 0; for (cp = hostlist; *cp; cp++) - free(*cp); + free(*cp); free((char *)hostlist); return 0; } diff --git a/src/lib/krb5/os/full_ipadr.c b/src/lib/krb5/os/full_ipadr.c index 795ce1e..213e426 100644 --- a/src/lib/krb5/os/full_ipadr.c +++ b/src/lib/krb5/os/full_ipadr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/full_ipadr.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Take an IP addr & port and generate a full IP address. */ @@ -35,7 +36,7 @@ krb5_error_code krb5_make_full_ipaddr(krb5_context context, krb5_int32 adr, - /*krb5_int16*/int port, krb5_address **outaddr) + /*krb5_int16*/int port, krb5_address **outaddr) { unsigned long smushaddr = (unsigned long) adr; /* already in net order */ unsigned short smushport = (unsigned short) port; /* ditto */ @@ -45,16 +46,16 @@ krb5_make_full_ipaddr(krb5_context context, krb5_int32 adr, krb5_int32 templength; if (!(retaddr = (krb5_address *)malloc(sizeof(*retaddr)))) { - return ENOMEM; + return ENOMEM; } retaddr->magic = KV5M_ADDRESS; retaddr->addrtype = ADDRTYPE_ADDRPORT; retaddr->length = sizeof(smushaddr)+ sizeof(smushport) + - 2*sizeof(temptype) + 2*sizeof(templength); + 2*sizeof(temptype) + 2*sizeof(templength); if (!(retaddr->contents = (krb5_octet *)malloc(retaddr->length))) { - free(retaddr); - return ENOMEM; + free(retaddr); + return ENOMEM; } marshal = retaddr->contents; diff --git a/src/lib/krb5/os/gen_port.c b/src/lib/krb5/os/gen_port.c index 681928a..a887408 100644 --- a/src/lib/krb5/os/gen_port.c +++ b/src/lib/krb5/os/gen_port.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/gen_port.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Take an IP addr & port and generate a full IP address. */ @@ -38,9 +39,9 @@ krb5_gen_portaddr(krb5_context context, const krb5_address *addr, krb5_const_poi krb5_int16 port; if (addr->addrtype != ADDRTYPE_INET) - return KRB5_PROG_ATYPE_NOSUPP; + return KRB5_PROG_ATYPE_NOSUPP; port = *(const krb5_int16 *)ptr; - + memcpy(&adr, addr->contents, sizeof(adr)); return krb5_make_full_ipaddr(context, adr, port, outaddr); #else diff --git a/src/lib/krb5/os/gen_rname.c b/src/lib/krb5/os/gen_rname.c index a8a07d9..1d87c2b 100644 --- a/src/lib/krb5/os/gen_rname.c +++ b/src/lib/krb5/os/gen_rname.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/gen_rname.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * take a port-style address and unique string, and return * a replay cache tag string. @@ -40,13 +41,13 @@ krb5_gen_replay_name(krb5_context context, const krb5_address *address, const ch len = strlen(uniq) + (address->length * 2) + 1; if ((*string = malloc(len)) == NULL) - return ENOMEM; + return ENOMEM; snprintf(*string, len, "%s", uniq); tmp = *string + strlen(uniq); for (i = 0; i < address->length; i++) { - snprintf(tmp, len - (tmp-*string), "%.2x", address->contents[i] & 0xff); - tmp += 2; + snprintf(tmp, len - (tmp-*string), "%.2x", address->contents[i] & 0xff); + tmp += 2; } return 0; } diff --git a/src/lib/krb5/os/genaddrs.c b/src/lib/krb5/os/genaddrs.c index f3e86a5..d9028e4 100644 --- a/src/lib/krb5/os/genaddrs.c +++ b/src/lib/krb5/os/genaddrs.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/genaddrs.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Take an IP addr & port and generate a full IP address. */ @@ -38,43 +39,43 @@ struct addrpair { krb5_address addr, port; }; -#define SET(TARG, THING, TYPE) \ - ((TARG).contents = (krb5_octet *) &(THING), \ - (TARG).length = sizeof (THING), \ - (TARG).addrtype = (TYPE)) +#define SET(TARG, THING, TYPE) \ + ((TARG).contents = (krb5_octet *) &(THING), \ + (TARG).length = sizeof (THING), \ + (TARG).addrtype = (TYPE)) static void *cvtaddr (struct sockaddr_storage *a, struct addrpair *ap) { switch (ss2sa(a)->sa_family) { case AF_INET: - SET (ap->port, ss2sin(a)->sin_port, ADDRTYPE_IPPORT); - SET (ap->addr, ss2sin(a)->sin_addr, ADDRTYPE_INET); - return a; + SET (ap->port, ss2sin(a)->sin_port, ADDRTYPE_IPPORT); + SET (ap->addr, ss2sin(a)->sin_addr, ADDRTYPE_INET); + return a; #ifdef KRB5_USE_INET6 case AF_INET6: - SET (ap->port, ss2sin6(a)->sin6_port, ADDRTYPE_IPPORT); - if (IN6_IS_ADDR_V4MAPPED (&ss2sin6(a)->sin6_addr)) { - ap->addr.addrtype = ADDRTYPE_INET; - ap->addr.contents = 12 + (krb5_octet *) &ss2sin6(a)->sin6_addr; - ap->addr.length = 4; - } else - SET (ap->addr, ss2sin6(a)->sin6_addr, ADDRTYPE_INET6); - return a; + SET (ap->port, ss2sin6(a)->sin6_port, ADDRTYPE_IPPORT); + if (IN6_IS_ADDR_V4MAPPED (&ss2sin6(a)->sin6_addr)) { + ap->addr.addrtype = ADDRTYPE_INET; + ap->addr.contents = 12 + (krb5_octet *) &ss2sin6(a)->sin6_addr; + ap->addr.length = 4; + } else + SET (ap->addr, ss2sin6(a)->sin6_addr, ADDRTYPE_INET6); + return a; #endif default: - return 0; + return 0; } } krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, int infd, int flags) { - krb5_error_code retval; - krb5_address * laddr; - krb5_address * lport; - krb5_address * raddr; - krb5_address * rport; - SOCKET fd = (SOCKET) infd; + krb5_error_code retval; + krb5_address * laddr; + krb5_address * lport; + krb5_address * raddr; + krb5_address * rport; + SOCKET fd = (SOCKET) infd; struct addrpair laddrs, raddrs; #ifdef HAVE_NETINET_IN_H @@ -83,46 +84,46 @@ krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, int ssize = sizeof(struct sockaddr_storage); if ((flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) || - (flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR)) { - if ((retval = getsockname(fd, (GETSOCKNAME_ARG2_TYPE *) &lsaddr, - &ssize))) - return retval; + (flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR)) { + if ((retval = getsockname(fd, (GETSOCKNAME_ARG2_TYPE *) &lsaddr, + &ssize))) + return retval; - if (cvtaddr (&lsaddr, &laddrs)) { - laddr = &laddrs.addr; - if (flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) - lport = &laddrs.port; - else - lport = 0; - } else - return KRB5_PROG_ATYPE_NOSUPP; + if (cvtaddr (&lsaddr, &laddrs)) { + laddr = &laddrs.addr; + if (flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) + lport = &laddrs.port; + else + lport = 0; + } else + return KRB5_PROG_ATYPE_NOSUPP; } else { - laddr = NULL; - lport = NULL; + laddr = NULL; + lport = NULL; } ssize = sizeof(struct sockaddr_storage); if ((flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) || - (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR)) { - if ((retval = getpeername(fd, (GETPEERNAME_ARG2_TYPE *) &rsaddr, - &ssize))) - return errno; + (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR)) { + if ((retval = getpeername(fd, (GETPEERNAME_ARG2_TYPE *) &rsaddr, + &ssize))) + return errno; - if (cvtaddr (&rsaddr, &raddrs)) { - raddr = &raddrs.addr; - if (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) - rport = &raddrs.port; - else - rport = 0; - } else - return KRB5_PROG_ATYPE_NOSUPP; + if (cvtaddr (&rsaddr, &raddrs)) { + raddr = &raddrs.addr; + if (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) + rport = &raddrs.port; + else + rport = 0; + } else + return KRB5_PROG_ATYPE_NOSUPP; } else { - raddr = NULL; - rport = NULL; + raddr = NULL; + rport = NULL; } if (!(retval = krb5_auth_con_setaddrs(context, auth_context, laddr, raddr))) - return (krb5_auth_con_setports(context, auth_context, lport, rport)); + return (krb5_auth_con_setports(context, auth_context, lport, rport)); return retval; #else return KRB5_PROG_ATYPE_NOSUPP; diff --git a/src/lib/krb5/os/get_krbhst.c b/src/lib/krb5/os/get_krbhst.c index 1cac751..fe28778 100644 --- a/src/lib/krb5/os/get_krbhst.c +++ b/src/lib/krb5/os/get_krbhst.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/get_krbhst.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_get_krbhst() function. */ @@ -32,23 +33,23 @@ #include <ctype.h> /* - Figures out the Kerberos server names for the given realm, filling in a - pointer to an argv[] style list of names, terminated with a null pointer. - - If the realm is unknown, the filled-in pointer is set to NULL. + Figures out the Kerberos server names for the given realm, filling in a + pointer to an argv[] style list of names, terminated with a null pointer. - The pointer array and strings pointed to are all in allocated storage, - and should be freed by the caller when finished. + If the realm is unknown, the filled-in pointer is set to NULL. - returns system errors + The pointer array and strings pointed to are all in allocated storage, + and should be freed by the caller when finished. + + returns system errors */ /* * Implementation: the server names for given realms are stored in a - * configuration file, + * configuration file, * named by krb5_config_file; the first token (on the first line) in * this file is taken as the default local realm name. - * + * * Each succeeding line has a realm name as the first token, and a server name * as a second token. Additional tokens may be present on the line, but * are ignored by this function. @@ -60,10 +61,10 @@ krb5_error_code krb5_get_krbhst(krb5_context context, const krb5_data *realm, char ***hostlist) { - char **values, **cpp, *cp; - const char *realm_kdc_names[4]; - krb5_error_code retval; - int i, count; + char **values, **cpp, *cp; + const char *realm_kdc_names[4]; + krb5_error_code retval; + int i, count; char **rethosts; rethosts = 0; @@ -74,30 +75,30 @@ krb5_get_krbhst(krb5_context context, const krb5_data *realm, char ***hostlist) realm_kdc_names[3] = 0; if (context->profile == 0) - return KRB5_CONFIG_CANTOPEN; + return KRB5_CONFIG_CANTOPEN; retval = profile_get_values(context->profile, realm_kdc_names, &values); if (retval == PROF_NO_SECTION) - return KRB5_REALM_UNKNOWN; + return KRB5_REALM_UNKNOWN; if (retval == PROF_NO_RELATION) - return KRB5_CONFIG_BADFORMAT; + return KRB5_CONFIG_BADFORMAT; if (retval) - return retval; + return retval; /* * Do cleanup over the list. We allow for some extra field to be * added to the kdc line later (maybe the port number) */ for (cpp = values; *cpp; cpp++) { - cp = strchr(*cpp, ' '); - if (cp) - *cp = 0; - cp = strchr(*cpp, '\t'); - if (cp) - *cp = 0; - cp = strchr(*cpp, ':'); - if (cp) - *cp = 0; + cp = strchr(*cpp, ' '); + if (cp) + *cp = 0; + cp = strchr(*cpp, '\t'); + if (cp) + *cp = 0; + cp = strchr(*cpp, ':'); + if (cp) + *cp = 0; } count = cpp - values; rethosts = malloc(sizeof(char *) * (count + 1)); @@ -106,21 +107,21 @@ krb5_get_krbhst(krb5_context context, const krb5_data *realm, char ***hostlist) goto cleanup; } for (i = 0; i < count; i++) { - unsigned int len = strlen (values[i]) + 1; + unsigned int len = strlen (values[i]) + 1; rethosts[i] = malloc(len); if (!rethosts[i]) { retval = ENOMEM; goto cleanup; } - memcpy (rethosts[i], values[i], len); + memcpy (rethosts[i], values[i], len); } rethosts[count] = 0; - cleanup: +cleanup: if (retval && rethosts) { for (cpp = rethosts; *cpp; cpp++) free(*cpp); free(rethosts); - rethosts = 0; + rethosts = 0; } profile_free_list(values); *hostlist = rethosts; diff --git a/src/lib/krb5/os/hostaddr.c b/src/lib/krb5/os/hostaddr.c index eaef098..2f4c387 100644 --- a/src/lib/krb5/os/hostaddr.c +++ b/src/lib/krb5/os/hostaddr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/hostaddr.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * This routine returns a list of krb5 addresses given a hostname. * */ @@ -34,13 +35,13 @@ krb5_error_code krb5_os_hostaddr(krb5_context context, const char *name, krb5_address ***ret_addrs) { - krb5_error_code retval; - krb5_address **addrs; - int i, j, r; + krb5_error_code retval; + krb5_address **addrs; + int i, j, r; struct addrinfo hints, *ai, *aip; if (!name) - return KRB5_ERR_BAD_HOSTNAME; + return KRB5_ERR_BAD_HOSTNAME; memset (&hints, 0, sizeof (hints)); hints.ai_flags = AI_NUMERICHOST; @@ -52,86 +53,85 @@ krb5_os_hostaddr(krb5_context context, const char *name, krb5_address ***ret_add r = getaddrinfo (name, 0, &hints, &ai); if (r && AI_NUMERICHOST != 0) { - hints.ai_flags &= ~AI_NUMERICHOST; - r = getaddrinfo (name, 0, &hints, &ai); + hints.ai_flags &= ~AI_NUMERICHOST; + r = getaddrinfo (name, 0, &hints, &ai); } if (r) - return KRB5_ERR_BAD_HOSTNAME; + return KRB5_ERR_BAD_HOSTNAME; for (i = 0, aip = ai; aip; aip = aip->ai_next) { - switch (aip->ai_addr->sa_family) { - case AF_INET: + switch (aip->ai_addr->sa_family) { + case AF_INET: #ifdef KRB5_USE_INET6 - case AF_INET6: + case AF_INET6: #endif - i++; - default: - /* Ignore addresses of unknown families. */ - ; - } + i++; + default: + /* Ignore addresses of unknown families. */ + ; + } } addrs = malloc ((i+1) * sizeof(*addrs)); if (!addrs) - return ENOMEM; + return ENOMEM; for (j = 0; j < i + 1; j++) - addrs[j] = 0; + addrs[j] = 0; for (i = 0, aip = ai; aip; aip = aip->ai_next) { - void *ptr; - size_t addrlen; - int atype; + void *ptr; + size_t addrlen; + int atype; - switch (aip->ai_addr->sa_family) { - case AF_INET: - addrlen = sizeof (struct in_addr); - ptr = &((struct sockaddr_in *)aip->ai_addr)->sin_addr; - atype = ADDRTYPE_INET; - break; + switch (aip->ai_addr->sa_family) { + case AF_INET: + addrlen = sizeof (struct in_addr); + ptr = &((struct sockaddr_in *)aip->ai_addr)->sin_addr; + atype = ADDRTYPE_INET; + break; #ifdef KRB5_USE_INET6 - case AF_INET6: - addrlen = sizeof (struct in6_addr); - ptr = &((struct sockaddr_in6 *)aip->ai_addr)->sin6_addr; - atype = ADDRTYPE_INET6; - break; + case AF_INET6: + addrlen = sizeof (struct in6_addr); + ptr = &((struct sockaddr_in6 *)aip->ai_addr)->sin6_addr; + atype = ADDRTYPE_INET6; + break; #endif - default: - continue; - } - addrs[i] = (krb5_address *) malloc(sizeof(krb5_address)); - if (!addrs[i]) { - retval = ENOMEM; - goto errout; - } - addrs[i]->magic = KV5M_ADDRESS; - addrs[i]->addrtype = atype; - addrs[i]->length = addrlen; - addrs[i]->contents = malloc(addrs[i]->length); - if (!addrs[i]->contents) { - retval = ENOMEM; - goto errout; - } - memcpy (addrs[i]->contents, ptr, addrs[i]->length); - i++; + default: + continue; + } + addrs[i] = (krb5_address *) malloc(sizeof(krb5_address)); + if (!addrs[i]) { + retval = ENOMEM; + goto errout; + } + addrs[i]->magic = KV5M_ADDRESS; + addrs[i]->addrtype = atype; + addrs[i]->length = addrlen; + addrs[i]->contents = malloc(addrs[i]->length); + if (!addrs[i]->contents) { + retval = ENOMEM; + goto errout; + } + memcpy (addrs[i]->contents, ptr, addrs[i]->length); + i++; } *ret_addrs = addrs; if (ai) - freeaddrinfo(ai); + freeaddrinfo(ai); return 0; errout: if (addrs) { - for (i = 0; addrs[i]; i++) { - free (addrs[i]->contents); - free (addrs[i]); - } - krb5_free_addresses(context, addrs); + for (i = 0; addrs[i]; i++) { + free (addrs[i]->contents); + free (addrs[i]); + } + krb5_free_addresses(context, addrs); } if (ai) - freeaddrinfo(ai); + freeaddrinfo(ai); return retval; - -} +} diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index 380e5ea..208b932 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/hst_realm.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,25 +23,25 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_get_host_realm() */ /* - Figures out the Kerberos realm names for host, filling in a - pointer to an argv[] style list of names, terminated with a null pointer. - - If host is NULL, the local host's realms are determined. + Figures out the Kerberos realm names for host, filling in a + pointer to an argv[] style list of names, terminated with a null pointer. - If there are no known realms for the host, the filled-in pointer is set - to NULL. + If host is NULL, the local host's realms are determined. - The pointer array and strings pointed to are all in allocated storage, - and should be freed by the caller when finished. + If there are no known realms for the host, the filled-in pointer is set + to NULL. - returns system errors + The pointer array and strings pointed to are all in allocated storage, + and should be freed by the caller when finished. + + returns system errors */ /* @@ -80,7 +81,7 @@ static krb5_error_code domain_heuristic(krb5_context context, const char *domain, - char **realm, int limit); + char **realm, int limit); #ifdef KRB5_DNS_LOOKUP @@ -105,54 +106,54 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm) krb5int_buf_init_fixed(&buf, host, sizeof(host)); if (name == NULL || name[0] == '\0') { - krb5int_buf_add(&buf, prefix); + krb5int_buf_add(&buf, prefix); } else { - krb5int_buf_add_fmt(&buf, "%s.%s", prefix, name); + krb5int_buf_add_fmt(&buf, "%s.%s", prefix, name); /* Realm names don't (normally) end with ".", but if the query doesn't end with "." and doesn't get an answer as is, the resolv code will try appending the local domain. Since the - realm names are absolutes, let's stop that. + realm names are absolutes, let's stop that. But only if a name has been specified. If we are performing a search on the prefix alone then the intention is to allow the local domain or domain search lists to be expanded. */ - len = krb5int_buf_len(&buf); - if (len > 0 && host[len - 1] != '.') - krb5int_buf_add(&buf, "."); + len = krb5int_buf_len(&buf); + if (len > 0 && host[len - 1] != '.') + krb5int_buf_add(&buf, "."); } if (krb5int_buf_data(&buf) == NULL) - return KRB5_ERR_HOST_REALM_UNKNOWN; + return KRB5_ERR_HOST_REALM_UNKNOWN; ret = krb5int_dns_init(&ds, host, C_IN, T_TXT); if (ret < 0) - goto errout; + goto errout; ret = krb5int_dns_nextans(ds, &base, &rdlen); if (ret < 0 || base == NULL) - goto errout; + goto errout; p = base; if (!INCR_OK(base, rdlen, p, 1)) - goto errout; + goto errout; len = *p++; *realm = malloc((size_t)len + 1); if (*realm == NULL) { - retval = ENOMEM; - goto errout; + retval = ENOMEM; + goto errout; } strncpy(*realm, (const char *)p, (size_t)len); (*realm)[len] = '\0'; /* Avoid a common error. */ if ( (*realm)[len-1] == '.' ) - (*realm)[len-1] = '\0'; + (*realm)[len-1] = '\0'; retval = 0; errout: if (ds != NULL) { - krb5int_dns_fini(ds); - ds = NULL; + krb5int_dns_fini(ds); + ds = NULL; } return retval; } @@ -174,9 +175,9 @@ krb5int_get_fq_hostname (char *buf, size_t bufsize, const char *name) hints.ai_flags = AI_CANONNAME; err = getaddrinfo (name, 0, &hints, &ai); if (err) - return krb5int_translate_gai_error (err); + return krb5int_translate_gai_error (err); if (ai->ai_canonname == 0) - return KRB5_EAI_FAIL; + return KRB5_EAI_FAIL; strncpy (buf, ai->ai_canonname, bufsize); buf[bufsize-1] = 0; freeaddrinfo (ai); @@ -191,7 +192,7 @@ krb5int_get_fq_local_hostname (char *buf, size_t bufsiz) { buf[0] = 0; if (gethostname (buf, bufsiz) == -1) - return SOCKET_ERRNO; + return SOCKET_ERRNO; buf[bufsiz - 1] = 0; return krb5int_get_fq_hostname (buf, bufsiz, buf); } @@ -213,16 +214,16 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) return retval; /* - Search for the best match for the host or domain. - Example: Given a host a.b.c.d, try to match on: - 1) A.B.C.D - 2) .B.C.D - 3) B.C.D - 4) .C.D - 5) C.D - 6) .D - 7) D - */ + Search for the best match for the host or domain. + Example: Given a host a.b.c.d, try to match on: + 1) A.B.C.D + 2) .B.C.D + 3) B.C.D + 4) .C.D + 5) C.D + 6) .D + 7) D + */ cp = local_host; #ifdef DEBUG_REFERRALS @@ -234,26 +235,26 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) #ifdef DEBUG_REFERRALS printf(" trying to look up %s in the domain_realm map\n",cp); #endif - retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp, - 0, (char *)NULL, &temp_realm); - if (retval) - return retval; - if (temp_realm != (char *)NULL) - break; /* Match found */ - - /* Setup for another test */ - if (*cp == '.') { - cp++; - } else { - cp = strchr(cp, '.'); - } + retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp, + 0, (char *)NULL, &temp_realm); + if (retval) + return retval; + if (temp_realm != (char *)NULL) + break; /* Match found */ + + /* Setup for another test */ + if (*cp == '.') { + cp++; + } else { + cp = strchr(cp, '.'); + } } #ifdef DEBUG_REFERRALS printf(" done searching the domain_realm map\n"); #endif if (temp_realm) { #ifdef DEBUG_REFERRALS - printf(" temp_realm is %s\n",temp_realm); + printf(" temp_realm is %s\n",temp_realm); #endif realm = strdup(temp_realm); if (!realm) { @@ -265,19 +266,19 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) if (realm == (char *)NULL) { if (!(cp = strdup(KRB5_REFERRAL_REALM))) - return ENOMEM; - realm = cp; + return ENOMEM; + realm = cp; } - + if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) { - if (realm != (char *)NULL) - free(realm); - return ENOMEM; + if (realm != (char *)NULL) + free(realm); + return ENOMEM; } retrealms[0] = realm; retrealms[1] = 0; - + *realmsp = retrealms; return 0; } @@ -294,35 +295,35 @@ krb5int_translate_gai_error (int num) switch (num) { #ifdef EAI_ADDRFAMILY case EAI_ADDRFAMILY: - return EAFNOSUPPORT; + return EAFNOSUPPORT; #endif case EAI_AGAIN: - return EAGAIN; + return EAGAIN; case EAI_BADFLAGS: - return EINVAL; + return EINVAL; case EAI_FAIL: - return KRB5_EAI_FAIL; + return KRB5_EAI_FAIL; case EAI_FAMILY: - return EAFNOSUPPORT; + return EAFNOSUPPORT; case EAI_MEMORY: - return ENOMEM; + return ENOMEM; #if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME case EAI_NODATA: - return KRB5_EAI_NODATA; + return KRB5_EAI_NODATA; #endif case EAI_NONAME: - return KRB5_EAI_NONAME; + return KRB5_EAI_NONAME; #if defined(EAI_OVERFLOW) case EAI_OVERFLOW: - return EINVAL; /* XXX */ + return EINVAL; /* XXX */ #endif case EAI_SERVICE: - return KRB5_EAI_SERVICE; + return KRB5_EAI_SERVICE; case EAI_SOCKTYPE: - return EINVAL; + return EINVAL; #ifdef EAI_SYSTEM case EAI_SYSTEM: - return errno; + return errno; #endif } abort (); @@ -365,13 +366,13 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea realm = (char *)NULL; #ifdef KRB5_DNS_LOOKUP if (_krb5_use_dns_realm(context)) { - cp = local_host; - do { - retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm); - cp = strchr(cp,'.'); - if (cp) - cp++; - } while (retval && cp && cp[0]); + cp = local_host; + do { + retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm); + cp = strchr(cp,'.'); + if (cp) + cp++; + } while (retval && cp && cp[0]); } #endif /* KRB5_DNS_LOOKUP */ @@ -382,16 +383,16 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea * control which domain component is used as the realm for a host. */ if (realm == (char *)NULL) { - int limit; - errcode_t code; - - code = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit); - if (code == 0) { - retval = domain_heuristic(context, local_host, &realm, limit); - if (retval) - return retval; - } + int limit; + errcode_t code; + + code = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit); + if (code == 0) { + retval = domain_heuristic(context, local_host, &realm, limit); + if (retval) + return retval; + } } /* @@ -401,14 +402,14 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea * realm. */ if (realm == (char *)NULL) { - cp = strchr(local_host, '.'); - if (cp) { - if (!(realm = strdup(cp + 1))) - return ENOMEM; + cp = strchr(local_host, '.'); + if (cp) { + if (!(realm = strdup(cp + 1))) + return ENOMEM; for (cp = realm; *cp; cp++) if (islower((int) (*cp))) *cp = toupper((int) *cp); - } + } } /* @@ -416,20 +417,20 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea * only one component--is to use the local default realm. */ if (realm == (char *)NULL) { - retval = krb5_get_default_realm(context, &realm); - if (retval) - return retval; + retval = krb5_get_default_realm(context, &realm); + if (retval) + return retval; } if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) { - if (realm != (char *)NULL) - free(realm); - return ENOMEM; + if (realm != (char *)NULL) + free(realm); + return ENOMEM; } retrealms[0] = realm; retrealms[1] = 0; - + *realmsp = retrealms; return 0; } @@ -450,46 +451,46 @@ krb5int_clean_hostname(krb5_context context, const char *host, char *local_host, printf("krb5int_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); #endif if (host) { - /* Filter out numeric addresses if the caller utterly failed to - convert them to names. */ - /* IPv4 - dotted quads only */ - if (strspn(host, "01234567890.") == strlen(host)) { - /* All numbers and dots... if it's three dots, it's an - IP address, and we reject it. But "12345" could be - a local hostname, couldn't it? We'll just assume - that a name with three dots is not meant to be an - all-numeric hostname three all-numeric domains down - from the current domain. */ - int ndots = 0; - const char *p; - for (p = host; *p; p++) - if (*p == '.') - ndots++; - if (ndots == 3) - return KRB5_ERR_NUMERIC_REALM; - } - if (strchr(host, ':')) - /* IPv6 numeric address form? Bye bye. */ - return KRB5_ERR_NUMERIC_REALM; - - /* Should probably error out if strlen(host) > MAXDNAME. */ - strncpy(local_host, host, lhsize); - local_host[lhsize - 1] = '\0'; + /* Filter out numeric addresses if the caller utterly failed to + convert them to names. */ + /* IPv4 - dotted quads only */ + if (strspn(host, "01234567890.") == strlen(host)) { + /* All numbers and dots... if it's three dots, it's an + IP address, and we reject it. But "12345" could be + a local hostname, couldn't it? We'll just assume + that a name with three dots is not meant to be an + all-numeric hostname three all-numeric domains down + from the current domain. */ + int ndots = 0; + const char *p; + for (p = host; *p; p++) + if (*p == '.') + ndots++; + if (ndots == 3) + return KRB5_ERR_NUMERIC_REALM; + } + if (strchr(host, ':')) + /* IPv6 numeric address form? Bye bye. */ + return KRB5_ERR_NUMERIC_REALM; + + /* Should probably error out if strlen(host) > MAXDNAME. */ + strncpy(local_host, host, lhsize); + local_host[lhsize - 1] = '\0'; } else { retval = krb5int_get_fq_local_hostname (local_host, lhsize); - if (retval) - return retval; + if (retval) + return retval; } /* fold to lowercase */ for (cp = local_host; *cp; cp++) { - if (isupper((unsigned char) (*cp))) - *cp = tolower((unsigned char) *cp); + if (isupper((unsigned char) (*cp))) + *cp = tolower((unsigned char) *cp); } l = strlen(local_host); /* strip off trailing dot */ if (l && local_host[l-1] == '.') - local_host[l-1] = 0; + local_host[l-1] = 0; #ifdef DEBUG_REFERRALS printf("krb5int_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize); @@ -513,7 +514,7 @@ krb5int_clean_hostname(krb5_context context, const char *host, char *local_host, */ static krb5_error_code domain_heuristic(krb5_context context, const char *domain, - char **realm, int limit) + char **realm, int limit) { krb5_error_code retval = 0, r; struct addrlist alist; @@ -522,41 +523,41 @@ domain_heuristic(krb5_context context, const char *domain, *realm = NULL; if (limit < 0) - return 0; + return 0; memset(&drealm, 0, sizeof (drealm)); fqdn = strdup(domain); if (!fqdn) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } /* Upper case the domain (for use as a realm) */ for (cp = fqdn; *cp; cp++) { - if (islower((int)(*cp))) - *cp = toupper((int)*cp); + if (islower((int)(*cp))) + *cp = toupper((int)*cp); } /* Search up to limit parents, as long as we have multiple labels. */ cp = fqdn; while (limit-- >= 0 && (dot = strchr(cp, '.')) != NULL) { - drealm.length = strlen(cp); - drealm.data = cp; - - /* Find a kdc based on this part of the domain name. */ - r = krb5_locate_kdc(context, &drealm, &alist, 0, SOCK_DGRAM, 0); - if (!r) { /* Found a KDC! */ - krb5int_free_addrlist(&alist); - *realm = strdup(cp); - if (!*realm) { - retval = ENOMEM; - goto cleanup; - } - break; - } - - cp = dot + 1; + drealm.length = strlen(cp); + drealm.data = cp; + + /* Find a kdc based on this part of the domain name. */ + r = krb5_locate_kdc(context, &drealm, &alist, 0, SOCK_DGRAM, 0); + if (!r) { /* Found a KDC! */ + krb5int_free_addrlist(&alist); + *realm = strdup(cp); + if (!*realm) { + retval = ENOMEM; + goto cleanup; + } + break; + } + + cp = dot + 1; } cleanup: diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c index ffc8d93..7f2110f 100644 --- a/src/lib/krb5/os/init_os_ctx.c +++ b/src/lib/krb5/os/init_os_ctx.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/init_ctx.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -42,7 +43,7 @@ static krb5_error_code get_from_windows_dir( char **pname - ) +) { UINT size = GetWindowsDirectory(0, 0); *pname = malloc(size + strlen(DEFAULT_PROFILE_FILENAME) + 2); @@ -59,7 +60,7 @@ get_from_windows_dir( static krb5_error_code get_from_module_dir( char **pname - ) +) { const DWORD size = 1024; /* fixed buffer */ int found = 0; @@ -85,7 +86,7 @@ get_from_module_dir( name[size - 1] = 0; found = !_stat(name, &s); - cleanup: +cleanup: if (found) *pname = name; else @@ -99,14 +100,14 @@ get_from_module_dir( * This will find a profile in the registry. *pbuffer != 0 if we * found something. Make sure to free(*pbuffer) when done. It will * return an error code if there is an error the user should know - * about. We maintain the invariant: return value != 0 => + * about. We maintain the invariant: return value != 0 => * *pbuffer == 0. */ static krb5_error_code get_from_registry( char** pbuffer, HKEY hBaseKey - ) +) { HKEY hKey = 0; LONG rc = 0; @@ -124,7 +125,7 @@ get_from_registry( } *pbuffer = 0; - if ((rc = RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE, + if ((rc = RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE, &hKey)) != ERROR_SUCCESS) { /* not a real error */ goto cleanup; @@ -139,7 +140,7 @@ get_from_registry( retval = ENOMEM; goto cleanup; } - if ((rc = RegQueryValueEx(hKey, value_name, 0, 0, *pbuffer, &size)) != + if ((rc = RegQueryValueEx(hKey, value_name, 0, 0, *pbuffer, &size)) != ERROR_SUCCESS) { /* * Let's not call it a real error in case it disappears, but @@ -149,7 +150,7 @@ get_from_registry( *pbuffer = 0; goto cleanup; } - cleanup: +cleanup: if (hKey) RegCloseKey(hKey); if (retval && *pbuffer) { @@ -169,13 +170,13 @@ free_filespecs(profile_filespec_t *files) if (files == 0) return; - + for (cp = files; *cp; cp++) free(*cp); free(files); } -/* This function is needed by KfM's KerberosPreferences API +/* This function is needed by KfM's KerberosPreferences API * because it needs to be able to specify "secure" */ krb5_error_code os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure) @@ -215,7 +216,7 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure) return retval; if (!name) return KRB5_CONFIG_CANTOPEN; /* should never happen */ - + files = malloc(2 * sizeof(char *)); if (!files) return ENOMEM; @@ -229,14 +230,14 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure) #ifdef USE_KIM /* If kim_library_allow_home_directory_access() == FALSE, we are probably - * trying to authenticate to a fileserver for the user's homedir. + * trying to authenticate to a fileserver for the user's homedir. */ if (!kim_library_allow_home_directory_access ()) secure = 1; #endif if (secure) { filepath = DEFAULT_SECURE_PROFILE_PATH; - } else { + } else { filepath = getenv("KRB5_CONFIG"); if (!filepath) filepath = DEFAULT_PROFILE_PATH; } @@ -327,8 +328,8 @@ os_init_paths(krb5_context ctx, krb5_boolean kdc) retval = add_kdc_config_file(&files); if (!retval) { - retval = profile_init((const_profile_filespec_t *) files, - &ctx->profile); + retval = profile_init((const_profile_filespec_t *) files, + &ctx->profile); #ifdef KRB5_DNS_LOOKUP /* if none of the filenames can be opened use an empty profile */ @@ -336,7 +337,7 @@ os_init_paths(krb5_context ctx, krb5_boolean kdc) retval = profile_init(NULL, &ctx->profile); if (!retval) ctx->profile_in_memory = 1; - } + } #endif /* KRB5_DNS_LOOKUP */ } @@ -386,12 +387,12 @@ krb5_os_init_context(krb5_context ctx, krb5_boolean kdc) * If there's an error in the profile, return an error. Just * ignoring the error is a Bad Thing (tm). */ - + if (!retval) { krb5_cc_set_default_name(ctx, NULL); #ifdef _WIN32 - /* We initialize winsock to version 1.1 but + /* We initialize winsock to version 1.1 but * we do not care if we succeed or fail. */ wVersionRequested = 0x0101; @@ -405,14 +406,14 @@ krb5_error_code KRB5_CALLCONV krb5_get_profile (krb5_context ctx, profile_t *profile) { return profile_copy (ctx->profile, profile); -} +} krb5_error_code krb5_set_config_files(krb5_context ctx, const char **filenames) { krb5_error_code retval = 0; profile_t profile; - + retval = profile_init(filenames, &profile); if (retval) return retval; @@ -444,10 +445,10 @@ krb5_secure_config_files(krb5_context ctx) { /* Obsolete interface; always return an error. * This function should be removed next time a major version - * number change happens. + * number change happens. */ krb5_error_code retval = 0; - + if (ctx->profile) { profile_release(ctx->profile); ctx->profile = 0; @@ -467,7 +468,7 @@ krb5_os_free_context(krb5_context ctx) krb5_os_context os_ctx; os_ctx = &ctx->os_context; - + if (os_ctx->default_ccname) { free(os_ctx->default_ccname); os_ctx->default_ccname = 0; @@ -488,6 +489,6 @@ krb5_os_free_context(krb5_context ctx) krb5int_close_plugin_dirs (&ctx->libkrb5_plugins); #ifdef _WIN32 - WSACleanup(); + WSACleanup(); #endif /* _WIN32 */ } diff --git a/src/lib/krb5/os/krbfileio.c b/src/lib/krb5/os/krbfileio.c index 6ef16eb..99703aa 100644 --- a/src/lib/krb5/os/krbfileio.c +++ b/src/lib/krb5/os/krbfileio.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/krbfileio.c * @@ -12,7 +13,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -26,14 +27,14 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_create_secure_file * krb5_sync_disk_file */ #ifdef MODULE_VERSION_ID -static char *VersionID = "@(#)krbfileio.c 2 - 08/22/91"; +static char *VersionID = "@(#)krbfileio.c 2 - 08/22/91"; #endif @@ -63,7 +64,7 @@ krb5_create_secure_file(krb5_context context, const char *pathname) #ifdef OPEN_MODE_NOT_TRUSTWORTHY /* - * Some systems that support default acl inheritance do not + * Some systems that support default acl inheritance do not * apply ownership information from the process - force the file * to have the proper info. */ @@ -100,4 +101,3 @@ krb5_sync_disk_file(krb5_context context, FILE *fp) return 0; } - diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c index 91f6585..ce28e30 100644 --- a/src/lib/krb5/os/ktdefname.c +++ b/src/lib/krb5/os/ktdefname.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/ktdefname.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Return default keytab file name. */ @@ -44,37 +45,36 @@ krb5_kt_default_name(krb5_context context, char *name, int name_size) unsigned int namesize = (name_size < 0 ? 0 : name_size); if (krb5_overridekeyname) { - if (strlcpy(name, krb5_overridekeyname, namesize) >= namesize) - return KRB5_CONFIG_NOTENUFSPACE; + if (strlcpy(name, krb5_overridekeyname, namesize) >= namesize) + return KRB5_CONFIG_NOTENUFSPACE; } else if ((context->profile_secure == FALSE) && - (cp = getenv("KRB5_KTNAME"))) { - if (strlcpy(name, cp, namesize) >= namesize) - return KRB5_CONFIG_NOTENUFSPACE; + (cp = getenv("KRB5_KTNAME"))) { + if (strlcpy(name, cp, namesize) >= namesize) + return KRB5_CONFIG_NOTENUFSPACE; } else if ((profile_get_string(context->profile, - KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_DEFAULT_KEYTAB_NAME, NULL, - NULL, &retval) == 0) && - retval) { - if (strlcpy(name, retval, namesize) >= namesize) - return KRB5_CONFIG_NOTENUFSPACE; - profile_release_string(retval); + KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_DEFAULT_KEYTAB_NAME, NULL, + NULL, &retval) == 0) && + retval) { + if (strlcpy(name, retval, namesize) >= namesize) + return KRB5_CONFIG_NOTENUFSPACE; + profile_release_string(retval); } else { #if defined(_WIN32) - { - char defname[160]; - int len; + { + char defname[160]; + int len; - len= GetWindowsDirectory( defname, sizeof(defname)-2 ); - defname[len]= '\0'; - if ( (len + strlen(krb5_defkeyname) + 1) > namesize ) - return KRB5_CONFIG_NOTENUFSPACE; - snprintf(name, namesize, krb5_defkeyname, defname); - } + len= GetWindowsDirectory( defname, sizeof(defname)-2 ); + defname[len]= '\0'; + if ( (len + strlen(krb5_defkeyname) + 1) > namesize ) + return KRB5_CONFIG_NOTENUFSPACE; + snprintf(name, namesize, krb5_defkeyname, defname); + } #else - if (strlcpy(name, krb5_defkeyname, namesize) >= namesize) - return KRB5_CONFIG_NOTENUFSPACE; + if (strlcpy(name, krb5_defkeyname, namesize) >= namesize) + return KRB5_CONFIG_NOTENUFSPACE; #endif } return 0; } - diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c index f76010d..1bc7505 100644 --- a/src/lib/krb5/os/kuserok.c +++ b/src/lib/krb5/os/kuserok.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/kuserok.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,13 +23,13 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_kuserok() */ #include "k5-int.h" -#if !defined(_WIN32) /* Not yet for Windows */ +#if !defined(_WIN32) /* Not yet for Windows */ #include <stdio.h> #include <pwd.h> @@ -41,7 +42,7 @@ #define MAX_USERNAME 65 #if defined(__APPLE__) && defined(__MACH__) -#include <hfs/hfs_mount.h> /* XXX */ +#include <hfs/hfs_mount.h> /* XXX */ #define FILE_OWNER_OK(UID) ((UID) == 0 || (UID) == UNKNOWNUID) #else #define FILE_OWNER_OK(UID) ((UID) == 0) @@ -85,31 +86,31 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) /* no account => no access */ if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0) - return(FALSE); + return(FALSE); result = snprintf(pbuf, sizeof(pbuf), "%s/.k5login", pwd->pw_dir); if (SNPRINTF_OVERFLOW(result, sizeof(pbuf))) - return(FALSE); + return(FALSE); - if (access(pbuf, F_OK)) { /* not accessible */ - /* - * if he's trying to log in as himself, and there is no .k5login file, - * let him. To find out, call - * krb5_aname_to_localname to convert the principal to a name - * which we can string compare. - */ - if (!(krb5_aname_to_localname(context, principal, - sizeof(kuser), kuser)) - && (strcmp(kuser, luser) == 0)) { - return(TRUE); - } + if (access(pbuf, F_OK)) { /* not accessible */ + /* + * if he's trying to log in as himself, and there is no .k5login file, + * let him. To find out, call + * krb5_aname_to_localname to convert the principal to a name + * which we can string compare. + */ + if (!(krb5_aname_to_localname(context, principal, + sizeof(kuser), kuser)) + && (strcmp(kuser, luser) == 0)) { + return(TRUE); + } } if (krb5_unparse_name(context, principal, &princname)) - return(FALSE); /* no hope of matching */ + return(FALSE); /* no hope of matching */ /* open ~/.k5login */ if ((fp = fopen(pbuf, "r")) == NULL) { - free(princname); - return(FALSE); + free(princname); + return(FALSE); } set_cloexec_file(fp); /* @@ -117,31 +118,31 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) * the user himself, or by root. Otherwise, don't grant access. */ if (fstat(fileno(fp), &sbuf)) { - fclose(fp); - free(princname); - return(FALSE); + fclose(fp); + free(princname); + return(FALSE); } if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) { - fclose(fp); - free(princname); - return(FALSE); + fclose(fp); + free(princname); + return(FALSE); } /* check each line */ while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) { - /* null-terminate the input string */ - linebuf[BUFSIZ-1] = '\0'; - newline = NULL; - /* nuke the newline if it exists */ - if ((newline = strchr(linebuf, '\n'))) - *newline = '\0'; - if (!strcmp(linebuf, princname)) { - isok = TRUE; - continue; - } - /* clean up the rest of the line if necessary */ - if (!newline) - while (((gobble = getc(fp)) != EOF) && gobble != '\n'); + /* null-terminate the input string */ + linebuf[BUFSIZ-1] = '\0'; + newline = NULL; + /* nuke the newline if it exists */ + if ((newline = strchr(linebuf, '\n'))) + *newline = '\0'; + if (!strcmp(linebuf, princname)) { + isok = TRUE; + continue; + } + /* clean up the rest of the line if necessary */ + if (!newline) + while (((gobble = getc(fp)) != EOF) && gobble != '\n'); } free(princname); fclose(fp); @@ -166,7 +167,7 @@ krb5_kuserok(context, principal, luser) return FALSE; if (strcmp(kuser, luser) == 0) - return TRUE; + return TRUE; return FALSE; } diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index 2507906..dd8110c 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/localaddr.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Return the protocol addresses supported by this host. * Exports from this file: @@ -105,7 +106,7 @@ #ifndef USE_AF #define USE_AF AF_NS #define USE_TYPE SOCK_DGRAM -#define USE_PROTO 0 /* guess */ +#define USE_PROTO 0 /* guess */ #endif #endif /* @@ -133,15 +134,15 @@ /* * BSD 4.4 defines the size of an ifreq to be * max(sizeof(ifreq), sizeof(ifreq.ifr_name)+ifreq.ifr_addr.sa_len - * However, under earlier systems, sa_len isn't present, so the size is + * However, under earlier systems, sa_len isn't present, so the size is * just sizeof(struct ifreq). */ #ifdef HAVE_SA_LEN #ifndef max #define max(a,b) ((a) > (b) ? (a) : (b)) #endif -#define ifreq_size(i) max(sizeof(struct ifreq),\ - sizeof((i).ifr_name)+(i).ifr_addr.sa_len) +#define ifreq_size(i) max(sizeof(struct ifreq), \ + sizeof((i).ifr_name)+(i).ifr_addr.sa_len) #else #define ifreq_size(i) sizeof(struct ifreq) #endif /* HAVE_SA_LEN*/ @@ -156,20 +157,20 @@ void printaddr (struct sockaddr *); void printaddr (struct sockaddr *sa) - /*@modifies fileSystem@*/ +/*@modifies fileSystem@*/ { char buf[NI_MAXHOST]; int err; printf ("%p ", (void *) sa); err = getnameinfo (sa, socklen (sa), buf, sizeof (buf), 0, 0, - NI_NUMERICHOST); + NI_NUMERICHOST); if (err) - printf ("<getnameinfo error %d: %s> family=%d", - err, gai_strerror (err), - sa->sa_family); + printf ("<getnameinfo error %d: %s> family=%d", + err, gai_strerror (err), + sa->sa_family); else - printf ("%s", buf); + printf ("%s", buf); } #endif @@ -178,15 +179,15 @@ is_loopback_address(struct sockaddr *sa) { switch (sa->sa_family) { case AF_INET: { - struct sockaddr_in *s4 = (struct sockaddr_in *)sa; - return s4->sin_addr.s_addr == htonl(INADDR_LOOPBACK); + struct sockaddr_in *s4 = (struct sockaddr_in *)sa; + return s4->sin_addr.s_addr == htonl(INADDR_LOOPBACK); } case AF_INET6: { - struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)sa; - return IN6_IS_ADDR_LOOPBACK(&s6->sin6_addr); + struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)sa; + return IN6_IS_ADDR_LOOPBACK(&s6->sin6_addr); } default: - return 0; + return 0; } } @@ -201,32 +202,32 @@ void printifaddr (struct ifaddrs *ifp) printf ("\tname=%s\n", ifp->ifa_name); printf ("\tflags="); { - int ch, flags = ifp->ifa_flags; - printf ("%x", flags); - ch = '<'; + int ch, flags = ifp->ifa_flags; + printf ("%x", flags); + ch = '<'; #define X(F) if (flags & IFF_##F) { printf ("%c%s", ch, #F); flags &= ~IFF_##F; ch = ','; } - X (UP); X (BROADCAST); X (DEBUG); X (LOOPBACK); X (POINTOPOINT); - X (NOTRAILERS); X (RUNNING); X (NOARP); X (PROMISC); X (ALLMULTI); + X (UP); X (BROADCAST); X (DEBUG); X (LOOPBACK); X (POINTOPOINT); + X (NOTRAILERS); X (RUNNING); X (NOARP); X (PROMISC); X (ALLMULTI); #ifdef IFF_OACTIVE - X (OACTIVE); + X (OACTIVE); #endif #ifdef IFF_SIMPLE - X (SIMPLEX); + X (SIMPLEX); #endif - X (MULTICAST); - printf (">"); + X (MULTICAST); + printf (">"); #undef X } if (ifp->ifa_addr) - printf ("\n\taddr="), printaddr (ifp->ifa_addr); + printf ("\n\taddr="), printaddr (ifp->ifa_addr); if (ifp->ifa_netmask) - printf ("\n\tnetmask="), printaddr (ifp->ifa_netmask); + printf ("\n\tnetmask="), printaddr (ifp->ifa_netmask); if (ifp->ifa_broadaddr) - printf ("\n\tbroadaddr="), printaddr (ifp->ifa_broadaddr); + printf ("\n\tbroadaddr="), printaddr (ifp->ifa_broadaddr); if (ifp->ifa_dstaddr) - printf ("\n\tdstaddr="), printaddr (ifp->ifa_dstaddr); + printf ("\n\tdstaddr="), printaddr (ifp->ifa_dstaddr); if (ifp->ifa_data) - printf ("\n\tdata=%p", ifp->ifa_data); + printf ("\n\tdata=%p", ifp->ifa_data); printf ("\n}\n"); } #endif /* DEBUG */ @@ -238,21 +239,21 @@ static int addr_eq (const struct sockaddr *s1, const struct sockaddr *s2) { if (s1->sa_family != s2->sa_family) - return 0; + return 0; #ifdef HAVE_SA_LEN if (s1->sa_len != s2->sa_len) - return 0; + return 0; return !memcmp (s1, s2, s1->sa_len); #else #define CMPTYPE(T,F) (!memcmp(&((const T*)s1)->F,&((const T*)s2)->F,sizeof(((const T*)s1)->F))) switch (s1->sa_family) { case AF_INET: - return CMPTYPE (struct sockaddr_in, sin_addr); + return CMPTYPE (struct sockaddr_in, sin_addr); case AF_INET6: - return CMPTYPE (struct sockaddr_in6, sin6_addr); + return CMPTYPE (struct sockaddr_in6, sin6_addr); default: - /* Err on side of duplicate listings. */ - return 0; + /* Err on side of duplicate listings. */ + return 0; } #endif } @@ -262,13 +263,13 @@ addr_eq (const struct sockaddr *s1, const struct sockaddr *s2) /*@-usereleased@*/ /* lclint doesn't understand realloc */ static /*@null@*/ void * grow_or_free (/*@only@*/ void *ptr, size_t newsize) - /*@*/ +/*@*/ { void *newptr; newptr = realloc (ptr, newsize); if (newptr == NULL && newsize != 0) { - free (ptr); /* lclint complains but this is right */ - return NULL; + free (ptr); /* lclint complains but this is right */ + return NULL; } return newptr; } @@ -276,7 +277,7 @@ grow_or_free (/*@only@*/ void *ptr, size_t newsize) static int get_ifconf (int s, size_t *lenp, /*@out@*/ char *buf) - /*@modifies *buf,*lenp@*/ +/*@modifies *buf,*lenp@*/ { int ret; struct ifconf ifc; @@ -304,7 +305,7 @@ get_ifconf (int s, size_t *lenp, /*@out@*/ char *buf) #if defined(SIOCGLIFCONF) && defined(HAVE_STRUCT_LIFCONF) static int get_lifconf (int af, int s, size_t *lenp, /*@out@*/ char *buf) - /*@modifies *buf,*lenp@*/ +/*@modifies *buf,*lenp@*/ { int ret; struct lifconf lifc; @@ -319,7 +320,7 @@ get_lifconf (int af, int s, size_t *lenp, /*@out@*/ char *buf) /*@-moduncon@*/ ret = ioctl (s, SIOCGLIFCONF, (char *)&lifc); if (ret) - Tperror ("SIOCGLIFCONF"); + Tperror ("SIOCGLIFCONF"); /*@=moduncon@*/ /*@+matchanyintegral@*/ *lenp = lifc.lifc_len; @@ -332,7 +333,7 @@ get_lifconf (int af, int s, size_t *lenp, /*@out@*/ char *buf) /* #include <net/if6.h> */ static int get_if_laddrconf (int af, int s, size_t *lenp, /*@out@*/ char *buf) - /*@modifies *buf,*lenp@*/ +/*@modifies *buf,*lenp@*/ { int ret; struct if_laddrconf iflc; @@ -345,7 +346,7 @@ get_if_laddrconf (int af, int s, size_t *lenp, /*@out@*/ char *buf) /*@-moduncon@*/ ret = ioctl (s, SIOCGLIFCONF, (char *)&iflc); if (ret) - Tperror ("SIOCGLIFCONF"); + Tperror ("SIOCGLIFCONF"); /*@=moduncon@*/ /*@+matchanyintegral@*/ *lenp = iflc.iflc_len; @@ -372,51 +373,51 @@ get_linux_ipv6_addrs () /* _PATH_PROCNET_IFINET6 */ f = fopen("/proc/net/if_inet6", "r"); if (f) { - char ifname[21]; - unsigned int idx, pfxlen, scope, dadstat; - struct in6_addr a6; - struct linux_ipv6_addr_list *nw; - int i; - unsigned int addrbyte[16]; - - set_cloexec_file(f); - while (fscanf(f, - "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x" - " %2x %2x %2x %2x %20s\n", - &addrbyte[0], &addrbyte[1], &addrbyte[2], &addrbyte[3], - &addrbyte[4], &addrbyte[5], &addrbyte[6], &addrbyte[7], - &addrbyte[8], &addrbyte[9], &addrbyte[10], &addrbyte[11], - &addrbyte[12], &addrbyte[13], &addrbyte[14], - &addrbyte[15], - &idx, &pfxlen, &scope, &dadstat, ifname) != EOF) { - for (i = 0; i < 16; i++) - a6.s6_addr[i] = addrbyte[i]; - if (scope != 0) - continue; + char ifname[21]; + unsigned int idx, pfxlen, scope, dadstat; + struct in6_addr a6; + struct linux_ipv6_addr_list *nw; + int i; + unsigned int addrbyte[16]; + + set_cloexec_file(f); + while (fscanf(f, + "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x" + " %2x %2x %2x %2x %20s\n", + &addrbyte[0], &addrbyte[1], &addrbyte[2], &addrbyte[3], + &addrbyte[4], &addrbyte[5], &addrbyte[6], &addrbyte[7], + &addrbyte[8], &addrbyte[9], &addrbyte[10], &addrbyte[11], + &addrbyte[12], &addrbyte[13], &addrbyte[14], + &addrbyte[15], + &idx, &pfxlen, &scope, &dadstat, ifname) != EOF) { + for (i = 0; i < 16; i++) + a6.s6_addr[i] = addrbyte[i]; + if (scope != 0) + continue; #if 0 /* These symbol names are as used by ifconfig, but none of the - system header files export them. Dig up the kernel versions - someday and see if they're exported. */ - switch (scope) { - case 0: - default: - break; - case IPV6_ADDR_LINKLOCAL: - case IPV6_ADDR_SITELOCAL: - case IPV6_ADDR_COMPATv4: - case IPV6_ADDR_LOOPBACK: - continue; - } + system header files export them. Dig up the kernel versions + someday and see if they're exported. */ + switch (scope) { + case 0: + default: + break; + case IPV6_ADDR_LINKLOCAL: + case IPV6_ADDR_SITELOCAL: + case IPV6_ADDR_COMPATv4: + case IPV6_ADDR_LOOPBACK: + continue; + } #endif - nw = calloc (1, sizeof (struct linux_ipv6_addr_list)); - if (nw == 0) - continue; - nw->addr.sin6_addr = a6; - nw->addr.sin6_family = AF_INET6; - /* Ignore other fields, we don't actually use them here. */ - nw->next = lst; - lst = nw; - } - fclose (f); + nw = calloc (1, sizeof (struct linux_ipv6_addr_list)); + if (nw == 0) + continue; + nw->addr.sin6_addr = a6; + nw->addr.sin6_family = AF_INET6; + /* Ignore other fields, we don't actually use them here. */ + nw->next = lst; + lst = nw; + } + fclose (f); } return lst; } @@ -433,68 +434,68 @@ get_linux_ipv6_addrs () int foreach_localaddr (/*@null@*/ void *data, - int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/, - /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, - /*@null@*/ int (*pass2fn) (/*@null@*/ void *, - struct sockaddr *) /*@*/) + int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/, + /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, + /*@null@*/ int (*pass2fn) (/*@null@*/ void *, + struct sockaddr *) /*@*/) #if defined(DEBUG) || defined(TEST) - /*@modifies fileSystem@*/ +/*@modifies fileSystem@*/ #endif { struct ifaddrs *ifp_head, *ifp, *ifp2; int match; if (getifaddrs (&ifp_head) < 0) - return errno; + return errno; for (ifp = ifp_head; ifp; ifp = ifp->ifa_next) { #ifdef DEBUG - printifaddr (ifp); + printifaddr (ifp); #endif - if ((ifp->ifa_flags & IFF_UP) == 0) - continue; - if (ifp->ifa_addr == NULL) { - /* Can't use an interface without an address. Linux - apparently does this sometimes. [RT ticket 1770 from - Maurice Massar, also Debian bug 206851, shows the - problem with a PPP link on a newer kernel than I'm - running.] - - Pretend it's not up, so the second pass will skip - it. */ - ifp->ifa_flags &= ~IFF_UP; - continue; - } - if (is_loopback_address(ifp->ifa_addr)) { - /* Pretend it's not up, so the second pass will skip - it. */ - ifp->ifa_flags &= ~IFF_UP; - continue; - } - /* If this address is a duplicate, punt. */ - match = 0; - for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { - if ((ifp2->ifa_flags & IFF_UP) == 0) - continue; - if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) { - match = 1; - ifp->ifa_flags &= ~IFF_UP; - break; - } - } - if (match) - continue; - if ((*pass1fn) (data, ifp->ifa_addr)) - goto punt; + if ((ifp->ifa_flags & IFF_UP) == 0) + continue; + if (ifp->ifa_addr == NULL) { + /* Can't use an interface without an address. Linux + apparently does this sometimes. [RT ticket 1770 from + Maurice Massar, also Debian bug 206851, shows the + problem with a PPP link on a newer kernel than I'm + running.] + + Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } + if (is_loopback_address(ifp->ifa_addr)) { + /* Pretend it's not up, so the second pass will skip + it. */ + ifp->ifa_flags &= ~IFF_UP; + continue; + } + /* If this address is a duplicate, punt. */ + match = 0; + for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) { + if ((ifp2->ifa_flags & IFF_UP) == 0) + continue; + if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) { + match = 1; + ifp->ifa_flags &= ~IFF_UP; + break; + } + } + if (match) + continue; + if ((*pass1fn) (data, ifp->ifa_addr)) + goto punt; } if (betweenfn && (*betweenfn)(data)) - goto punt; + goto punt; if (pass2fn) - for (ifp = ifp_head; ifp; ifp = ifp->ifa_next) { - if (ifp->ifa_flags & IFF_UP) - if ((*pass2fn) (data, ifp->ifa_addr)) - goto punt; - } - punt: + for (ifp = ifp_head; ifp; ifp = ifp->ifa_next) { + if (ifp->ifa_flags & IFF_UP) + if ((*pass2fn) (data, ifp->ifa_addr)) + goto punt; + } +punt: freeifaddrs (ifp_head); return 0; } @@ -503,12 +504,12 @@ foreach_localaddr (/*@null@*/ void *data, int foreach_localaddr (/*@null@*/ void *data, - int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/, - /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, - /*@null@*/ int (*pass2fn) (/*@null@*/ void *, - struct sockaddr *) /*@*/) + int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/, + /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, + /*@null@*/ int (*pass2fn) (/*@null@*/ void *, + struct sockaddr *) /*@*/) #if defined(DEBUG) || defined(TEST) - /*@modifies fileSystem@*/ +/*@modifies fileSystem@*/ #endif { /* Okay, this is kind of odd. We have to use each of the address @@ -527,11 +528,11 @@ foreach_localaddr (/*@null@*/ void *data, static const int afs[] = { AF_INET, AF_NS, AF_INET6 }; #define N_AFS (sizeof (afs) / sizeof (afs[0])) struct { - int af; - int sock; - void *buf; - size_t buf_size; - struct lifnum lifnum; + int af; + int sock; + void *buf; + size_t buf_size; + struct lifnum lifnum; } afp[N_AFS]; int code, i, j; int retval = 0, afidx; @@ -543,131 +544,131 @@ foreach_localaddr (/*@null@*/ void *data, /* init */ FOREACH_AF () { - P.af = afs[afidx]; - P.sock = -1; - P.buf = 0; + P.af = afs[afidx]; + P.sock = -1; + P.buf = 0; } /* first pass: get raw data, discard uninteresting addresses, callback */ FOREACH_AF () { - Tprintf (("trying af %d...\n", P.af)); - P.sock = socket (P.af, USE_TYPE, USE_PROTO); - if (P.sock < 0) { - sock_err = SOCKET_ERROR; - Tperror ("socket"); - continue; - } - set_cloexec_fd(P.sock); - - P.lifnum.lifn_family = P.af; - P.lifnum.lifn_flags = 0; - P.lifnum.lifn_count = 0; - code = ioctl (P.sock, SIOCGLIFNUM, &P.lifnum); - if (code) { - Tperror ("ioctl(SIOCGLIFNUM)"); - retval = errno; - goto punt; - } - - P.buf_size = P.lifnum.lifn_count * sizeof (struct lifreq) * 2; - P.buf = malloc (P.buf_size); - if (P.buf == NULL) { - retval = ENOMEM; - goto punt; - } - - code = get_lifconf (P.af, P.sock, &P.buf_size, P.buf); - if (code < 0) { - retval = errno; - goto punt; - } - - for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) { - lifr = (struct lifreq *)((caddr_t) P.buf+i); - - strncpy(lifreq.lifr_name, lifr->lifr_name, - sizeof (lifreq.lifr_name)); - Tprintf (("interface %s\n", lifreq.lifr_name)); - /*@-moduncon@*/ /* ioctl unknown to lclint */ - if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) { - Tperror ("ioctl(SIOCGLIFFLAGS)"); - skip: - /* mark for next pass */ - lifr->lifr_name[0] = '\0'; - continue; - } - /*@=moduncon@*/ - - /* None of the current callers want loopback addresses. */ - if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { - Tprintf ((" loopback\n")); - goto skip; - } - /* Ignore interfaces that are down. */ - if ((lifreq.lifr_flags & IFF_UP) == 0) { - Tprintf ((" down\n")); - goto skip; - } - - /* Make sure we didn't process this address already. */ - for (j = 0; j < i; j += sizeof (*lifr2)) { - lifr2 = (struct lifreq *)((caddr_t) P.buf+j); - if (lifr2->lifr_name[0] == '\0') - continue; - if (lifr2->lifr_addr.ss_family == lifr->lifr_addr.ss_family - /* Compare address info. If this isn't good enough -- - i.e., if random padding bytes turn out to differ - when the addresses are the same -- then we'll have - to do it on a per address family basis. */ - && !memcmp (&lifr2->lifr_addr, &lifr->lifr_addr, - sizeof (*lifr))) { - Tprintf ((" duplicate addr\n")); - goto skip; - } - } - - /*@-moduncon@*/ - if ((*pass1fn) (data, ss2sa (&lifr->lifr_addr))) - goto punt; - /*@=moduncon@*/ - } + Tprintf (("trying af %d...\n", P.af)); + P.sock = socket (P.af, USE_TYPE, USE_PROTO); + if (P.sock < 0) { + sock_err = SOCKET_ERROR; + Tperror ("socket"); + continue; + } + set_cloexec_fd(P.sock); + + P.lifnum.lifn_family = P.af; + P.lifnum.lifn_flags = 0; + P.lifnum.lifn_count = 0; + code = ioctl (P.sock, SIOCGLIFNUM, &P.lifnum); + if (code) { + Tperror ("ioctl(SIOCGLIFNUM)"); + retval = errno; + goto punt; + } + + P.buf_size = P.lifnum.lifn_count * sizeof (struct lifreq) * 2; + P.buf = malloc (P.buf_size); + if (P.buf == NULL) { + retval = ENOMEM; + goto punt; + } + + code = get_lifconf (P.af, P.sock, &P.buf_size, P.buf); + if (code < 0) { + retval = errno; + goto punt; + } + + for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) { + lifr = (struct lifreq *)((caddr_t) P.buf+i); + + strncpy(lifreq.lifr_name, lifr->lifr_name, + sizeof (lifreq.lifr_name)); + Tprintf (("interface %s\n", lifreq.lifr_name)); + /*@-moduncon@*/ /* ioctl unknown to lclint */ + if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) { + Tperror ("ioctl(SIOCGLIFFLAGS)"); + skip: + /* mark for next pass */ + lifr->lifr_name[0] = '\0'; + continue; + } + /*@=moduncon@*/ + + /* None of the current callers want loopback addresses. */ + if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } + /* Ignore interfaces that are down. */ + if ((lifreq.lifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); + goto skip; + } + + /* Make sure we didn't process this address already. */ + for (j = 0; j < i; j += sizeof (*lifr2)) { + lifr2 = (struct lifreq *)((caddr_t) P.buf+j); + if (lifr2->lifr_name[0] == '\0') + continue; + if (lifr2->lifr_addr.ss_family == lifr->lifr_addr.ss_family + /* Compare address info. If this isn't good enough -- + i.e., if random padding bytes turn out to differ + when the addresses are the same -- then we'll have + to do it on a per address family basis. */ + && !memcmp (&lifr2->lifr_addr, &lifr->lifr_addr, + sizeof (*lifr))) { + Tprintf ((" duplicate addr\n")); + goto skip; + } + } + + /*@-moduncon@*/ + if ((*pass1fn) (data, ss2sa (&lifr->lifr_addr))) + goto punt; + /*@=moduncon@*/ + } } /* Did we actually get any working sockets? */ FOREACH_AF () - if (P.sock != -1) - goto have_working_socket; + if (P.sock != -1) + goto have_working_socket; retval = sock_err; goto punt; have_working_socket: /*@-moduncon@*/ if (betweenfn != NULL && (*betweenfn)(data)) - goto punt; + goto punt; /*@=moduncon@*/ if (pass2fn) - FOREACH_AF () - if (P.sock >= 0) { - for (i = 0; i + sizeof (*lifr) <= P.buf_size; i+= sizeof (*lifr)) { - lifr = (struct lifreq *)((caddr_t) P.buf+i); - - if (lifr->lifr_name[0] == '\0') - /* Marked in first pass to be ignored. */ - continue; - - /*@-moduncon@*/ - if ((*pass2fn) (data, ss2sa (&lifr->lifr_addr))) - goto punt; - /*@=moduncon@*/ - } - } + FOREACH_AF () + if (P.sock >= 0) { + for (i = 0; i + sizeof (*lifr) <= P.buf_size; i+= sizeof (*lifr)) { + lifr = (struct lifreq *)((caddr_t) P.buf+i); + + if (lifr->lifr_name[0] == '\0') + /* Marked in first pass to be ignored. */ + continue; + + /*@-moduncon@*/ + if ((*pass2fn) (data, ss2sa (&lifr->lifr_addr))) + goto punt; + /*@=moduncon@*/ + } + } punt: FOREACH_AF () { - /*@-moduncon@*/ - closesocket(P.sock); - /*@=moduncon@*/ - free (P.buf); + /*@-moduncon@*/ + closesocket(P.sock); + /*@=moduncon@*/ + free (P.buf); } return retval; @@ -677,12 +678,12 @@ punt: int foreach_localaddr (/*@null@*/ void *data, - int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/, - /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, - /*@null@*/ int (*pass2fn) (/*@null@*/ void *, - struct sockaddr *) /*@*/) + int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/, + /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, + /*@null@*/ int (*pass2fn) (/*@null@*/ void *, + struct sockaddr *) /*@*/) #if defined(DEBUG) || defined(TEST) - /*@modifies fileSystem@*/ +/*@modifies fileSystem@*/ #endif { /* Okay, this is kind of odd. We have to use each of the address @@ -701,11 +702,11 @@ foreach_localaddr (/*@null@*/ void *data, static const int afs[] = { AF_INET, AF_NS, AF_INET6 }; #define N_AFS (sizeof (afs) / sizeof (afs[0])) struct { - int af; - int sock; - void *buf; - size_t buf_size; - int if_num; + int af; + int sock; + void *buf; + size_t buf_size; + int if_num; } afp[N_AFS]; int code, i, j; int retval = 0, afidx; @@ -717,128 +718,128 @@ foreach_localaddr (/*@null@*/ void *data, /* init */ FOREACH_AF () { - P.af = afs[afidx]; - P.sock = -1; - P.buf = 0; + P.af = afs[afidx]; + P.sock = -1; + P.buf = 0; } /* first pass: get raw data, discard uninteresting addresses, callback */ FOREACH_AF () { - Tprintf (("trying af %d...\n", P.af)); - P.sock = socket (P.af, USE_TYPE, USE_PROTO); - if (P.sock < 0) { - sock_err = SOCKET_ERROR; - Tperror ("socket"); - continue; - } - set_cloexec_fd(P.sock); - - code = ioctl (P.sock, SIOCGLIFNUM, &P.if_num); - if (code) { - Tperror ("ioctl(SIOCGLIFNUM)"); - retval = errno; - goto punt; - } - - P.buf_size = P.if_num * sizeof (struct if_laddrreq) * 2; - P.buf = malloc (P.buf_size); - if (P.buf == NULL) { - retval = ENOMEM; - goto punt; - } - - code = get_if_laddrconf (P.af, P.sock, &P.buf_size, P.buf); - if (code < 0) { - retval = errno; - goto punt; - } - - for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) { - lifr = (struct if_laddrreq *)((caddr_t) P.buf+i); - - strncpy(lifreq.iflr_name, lifr->iflr_name, - sizeof (lifreq.iflr_name)); - Tprintf (("interface %s\n", lifreq.iflr_name)); - /*@-moduncon@*/ /* ioctl unknown to lclint */ - if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) { - Tperror ("ioctl(SIOCGLIFFLAGS)"); - skip: - /* mark for next pass */ - lifr->iflr_name[0] = '\0'; - continue; - } - /*@=moduncon@*/ - - /* None of the current callers want loopback addresses. */ - if (is_loopback_address(&lifr->iflr_addr)) { - Tprintf ((" loopback\n")); - goto skip; - } - /* Ignore interfaces that are down. */ - if ((lifreq.iflr_flags & IFF_UP) == 0) { - Tprintf ((" down\n")); - goto skip; - } - - /* Make sure we didn't process this address already. */ - for (j = 0; j < i; j += sizeof (*lifr2)) { - lifr2 = (struct if_laddrreq *)((caddr_t) P.buf+j); - if (lifr2->iflr_name[0] == '\0') - continue; - if (lifr2->iflr_addr.sa_family == lifr->iflr_addr.sa_family - /* Compare address info. If this isn't good enough -- - i.e., if random padding bytes turn out to differ - when the addresses are the same -- then we'll have - to do it on a per address family basis. */ - && !memcmp (&lifr2->iflr_addr, &lifr->iflr_addr, - sizeof (*lifr))) { - Tprintf ((" duplicate addr\n")); - goto skip; - } - } - - /*@-moduncon@*/ - if ((*pass1fn) (data, ss2sa (&lifr->iflr_addr))) - goto punt; - /*@=moduncon@*/ - } + Tprintf (("trying af %d...\n", P.af)); + P.sock = socket (P.af, USE_TYPE, USE_PROTO); + if (P.sock < 0) { + sock_err = SOCKET_ERROR; + Tperror ("socket"); + continue; + } + set_cloexec_fd(P.sock); + + code = ioctl (P.sock, SIOCGLIFNUM, &P.if_num); + if (code) { + Tperror ("ioctl(SIOCGLIFNUM)"); + retval = errno; + goto punt; + } + + P.buf_size = P.if_num * sizeof (struct if_laddrreq) * 2; + P.buf = malloc (P.buf_size); + if (P.buf == NULL) { + retval = ENOMEM; + goto punt; + } + + code = get_if_laddrconf (P.af, P.sock, &P.buf_size, P.buf); + if (code < 0) { + retval = errno; + goto punt; + } + + for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) { + lifr = (struct if_laddrreq *)((caddr_t) P.buf+i); + + strncpy(lifreq.iflr_name, lifr->iflr_name, + sizeof (lifreq.iflr_name)); + Tprintf (("interface %s\n", lifreq.iflr_name)); + /*@-moduncon@*/ /* ioctl unknown to lclint */ + if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) { + Tperror ("ioctl(SIOCGLIFFLAGS)"); + skip: + /* mark for next pass */ + lifr->iflr_name[0] = '\0'; + continue; + } + /*@=moduncon@*/ + + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&lifr->iflr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } + /* Ignore interfaces that are down. */ + if ((lifreq.iflr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); + goto skip; + } + + /* Make sure we didn't process this address already. */ + for (j = 0; j < i; j += sizeof (*lifr2)) { + lifr2 = (struct if_laddrreq *)((caddr_t) P.buf+j); + if (lifr2->iflr_name[0] == '\0') + continue; + if (lifr2->iflr_addr.sa_family == lifr->iflr_addr.sa_family + /* Compare address info. If this isn't good enough -- + i.e., if random padding bytes turn out to differ + when the addresses are the same -- then we'll have + to do it on a per address family basis. */ + && !memcmp (&lifr2->iflr_addr, &lifr->iflr_addr, + sizeof (*lifr))) { + Tprintf ((" duplicate addr\n")); + goto skip; + } + } + + /*@-moduncon@*/ + if ((*pass1fn) (data, ss2sa (&lifr->iflr_addr))) + goto punt; + /*@=moduncon@*/ + } } /* Did we actually get any working sockets? */ FOREACH_AF () - if (P.sock != -1) - goto have_working_socket; + if (P.sock != -1) + goto have_working_socket; retval = sock_err; goto punt; have_working_socket: /*@-moduncon@*/ if (betweenfn != NULL && (*betweenfn)(data)) - goto punt; + goto punt; /*@=moduncon@*/ if (pass2fn) - FOREACH_AF () - if (P.sock >= 0) { - for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) { - lifr = (struct if_laddrreq *)((caddr_t) P.buf+i); - - if (lifr->iflr_name[0] == '\0') - /* Marked in first pass to be ignored. */ - continue; - - /*@-moduncon@*/ - if ((*pass2fn) (data, ss2sa (&lifr->iflr_addr))) - goto punt; - /*@=moduncon@*/ - } - } + FOREACH_AF () + if (P.sock >= 0) { + for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) { + lifr = (struct if_laddrreq *)((caddr_t) P.buf+i); + + if (lifr->iflr_name[0] == '\0') + /* Marked in first pass to be ignored. */ + continue; + + /*@-moduncon@*/ + if ((*pass2fn) (data, ss2sa (&lifr->iflr_addr))) + goto punt; + /*@=moduncon@*/ + } + } punt: FOREACH_AF () { - /*@-moduncon@*/ - closesocket(P.sock); - /*@=moduncon@*/ - free (P.buf); + /*@-moduncon@*/ + closesocket(P.sock); + /*@=moduncon@*/ + free (P.buf); } return retval; @@ -870,27 +871,27 @@ get_ifreq_array(char **bufp, size_t *np, int s) #ifdef SIOCGSIZIFCONF code = ioctl (s, SIOCGSIZIFCONF, &ifconfsize); if (!code) { - current_buf_size = ifconfsize; - est_if_count = ifconfsize / est_ifreq_size; + current_buf_size = ifconfsize; + est_if_count = ifconfsize / est_ifreq_size; } #elif defined (SIOCGIFNUM) code = ioctl (s, SIOCGIFNUM, &numifs); if (!code && numifs > 0) - est_if_count = numifs; + est_if_count = numifs; #endif if (current_buf_size == 0) - current_buf_size = est_ifreq_size * est_if_count + SLOP; + current_buf_size = est_ifreq_size * est_if_count + SLOP; buf = malloc (current_buf_size); if (buf == NULL) - return ENOMEM; + return ENOMEM; ask_again: size = current_buf_size; code = get_ifconf (s, &size, buf); if (code < 0) { - code = errno; - free (buf); - return code; + code = errno; + free (buf); + return code; } /* Test that the buffer was big enough that another ifreq could've fit easily, if the OS wanted to provide one. That seems to be @@ -899,29 +900,29 @@ ask_again: bigger than the size of an ifreq. */ if (current_buf_size - size < SLOP #ifdef SIOCGSIZIFCONF - /* Unless we hear SIOCGSIZIFCONF is broken somewhere, let's - trust the value it returns. */ - && ifconfsize <= 0 + /* Unless we hear SIOCGSIZIFCONF is broken somewhere, let's + trust the value it returns. */ + && ifconfsize <= 0 #elif defined (SIOCGIFNUM) - && numifs <= 0 + && numifs <= 0 #endif - /* And we need *some* sort of bounds. */ - && current_buf_size <= 100000 - ) { - size_t new_size; - - est_if_count *= 2; - new_size = est_ifreq_size * est_if_count + SLOP; - buf = grow_or_free (buf, new_size); - if (buf == 0) - return ENOMEM; - current_buf_size = new_size; - goto ask_again; + /* And we need *some* sort of bounds. */ + && current_buf_size <= 100000 + ) { + size_t new_size; + + est_if_count *= 2; + new_size = est_ifreq_size * est_if_count + SLOP; + buf = grow_or_free (buf, new_size); + if (buf == 0) + return ENOMEM; + current_buf_size = new_size; + goto ask_again; } n = size; if (n > current_buf_size) - n = current_buf_size; + n = current_buf_size; *bufp = buf; *np = n; @@ -930,12 +931,12 @@ ask_again: int foreach_localaddr (/*@null@*/ void *data, - int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/, - /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, - /*@null@*/ int (*pass2fn) (/*@null@*/ void *, - struct sockaddr *) /*@*/) + int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/, + /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/, + /*@null@*/ int (*pass2fn) (/*@null@*/ void *, + struct sockaddr *) /*@*/) #if defined(DEBUG) || defined(TEST) - /*@modifies fileSystem@*/ +/*@modifies fileSystem@*/ #endif { struct ifreq *ifr, ifreq, *ifr2; @@ -950,15 +951,15 @@ foreach_localaddr (/*@null@*/ void *data, s = socket (USE_AF, USE_TYPE, USE_PROTO); if (s < 0) - return SOCKET_ERRNO; + return SOCKET_ERRNO; set_cloexec_fd(s); retval = get_ifreq_array(&buf, &n, s); if (retval) { - /*@-moduncon@*/ /* close() unknown to lclint */ - closesocket(s); - /*@=moduncon@*/ - return retval; + /*@-moduncon@*/ /* close() unknown to lclint */ + closesocket(s); + /*@=moduncon@*/ + return retval; } /* Note: Apparently some systems put the size (used or wanted?) @@ -968,98 +969,98 @@ foreach_localaddr (/*@null@*/ void *data, size on these systems: *-fujitsu-uxp* *-ncr-sysv4* *-univel-sysv*. */ for (i = 0; i + sizeof(struct ifreq) <= n; i+= ifreq_size(*ifr) ) { - ifr = (struct ifreq *)((caddr_t) buf+i); - /* In case ifreq_size is more than sizeof(). */ - if (i + ifreq_size(*ifr) > n) - break; - - strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name)); - Tprintf (("interface %s\n", ifreq.ifr_name)); - /*@-moduncon@*/ /* ioctl unknown to lclint */ - if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0) { - skip: - /* mark for next pass */ - ifr->ifr_name[0] = '\0'; - continue; - } - /*@=moduncon@*/ - - /* None of the current callers want loopback addresses. */ - if (is_loopback_address(&ifreq.ifr_addr)) { - Tprintf ((" loopback\n")); - goto skip; - } - /* Ignore interfaces that are down. */ - if ((ifreq.ifr_flags & IFF_UP) == 0) { - Tprintf ((" down\n")); - goto skip; - } - - /* Make sure we didn't process this address already. */ - for (j = 0; j < i; j += ifreq_size(*ifr2)) { - ifr2 = (struct ifreq *)((caddr_t) buf+j); - if (ifr2->ifr_name[0] == '\0') - continue; - if (ifr2->ifr_addr.sa_family == ifr->ifr_addr.sa_family - && ifreq_size (*ifr) == ifreq_size (*ifr2) - /* Compare address info. If this isn't good enough -- - i.e., if random padding bytes turn out to differ - when the addresses are the same -- then we'll have - to do it on a per address family basis. */ - && !memcmp (&ifr2->ifr_addr.sa_data, &ifr->ifr_addr.sa_data, - (ifreq_size (*ifr) - - offsetof (struct ifreq, ifr_addr.sa_data)))) { - Tprintf ((" duplicate addr\n")); - goto skip; - } - } - - /*@-moduncon@*/ - if ((*pass1fn) (data, &ifr->ifr_addr)) - goto punt; - /*@=moduncon@*/ + ifr = (struct ifreq *)((caddr_t) buf+i); + /* In case ifreq_size is more than sizeof(). */ + if (i + ifreq_size(*ifr) > n) + break; + + strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name)); + Tprintf (("interface %s\n", ifreq.ifr_name)); + /*@-moduncon@*/ /* ioctl unknown to lclint */ + if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0) { + skip: + /* mark for next pass */ + ifr->ifr_name[0] = '\0'; + continue; + } + /*@=moduncon@*/ + + /* None of the current callers want loopback addresses. */ + if (is_loopback_address(&ifreq.ifr_addr)) { + Tprintf ((" loopback\n")); + goto skip; + } + /* Ignore interfaces that are down. */ + if ((ifreq.ifr_flags & IFF_UP) == 0) { + Tprintf ((" down\n")); + goto skip; + } + + /* Make sure we didn't process this address already. */ + for (j = 0; j < i; j += ifreq_size(*ifr2)) { + ifr2 = (struct ifreq *)((caddr_t) buf+j); + if (ifr2->ifr_name[0] == '\0') + continue; + if (ifr2->ifr_addr.sa_family == ifr->ifr_addr.sa_family + && ifreq_size (*ifr) == ifreq_size (*ifr2) + /* Compare address info. If this isn't good enough -- + i.e., if random padding bytes turn out to differ + when the addresses are the same -- then we'll have + to do it on a per address family basis. */ + && !memcmp (&ifr2->ifr_addr.sa_data, &ifr->ifr_addr.sa_data, + (ifreq_size (*ifr) + - offsetof (struct ifreq, ifr_addr.sa_data)))) { + Tprintf ((" duplicate addr\n")); + goto skip; + } + } + + /*@-moduncon@*/ + if ((*pass1fn) (data, &ifr->ifr_addr)) + goto punt; + /*@=moduncon@*/ } #ifdef LINUX_IPV6_HACK for (lx_v6 = linux_ipv6_addrs; lx_v6; lx_v6 = lx_v6->next) - if ((*pass1fn) (data, (struct sockaddr *) &lx_v6->addr)) - goto punt; + if ((*pass1fn) (data, (struct sockaddr *) &lx_v6->addr)) + goto punt; #endif /*@-moduncon@*/ if (betweenfn != NULL && (*betweenfn)(data)) - goto punt; + goto punt; /*@=moduncon@*/ if (pass2fn) { - for (i = 0; i + sizeof(struct ifreq) <= n; i+= ifreq_size(*ifr) ) { - ifr = (struct ifreq *)((caddr_t) buf+i); - - if (ifr->ifr_name[0] == '\0') - /* Marked in first pass to be ignored. */ - continue; - - /*@-moduncon@*/ - if ((*pass2fn) (data, &ifr->ifr_addr)) - goto punt; - /*@=moduncon@*/ - } + for (i = 0; i + sizeof(struct ifreq) <= n; i+= ifreq_size(*ifr) ) { + ifr = (struct ifreq *)((caddr_t) buf+i); + + if (ifr->ifr_name[0] == '\0') + /* Marked in first pass to be ignored. */ + continue; + + /*@-moduncon@*/ + if ((*pass2fn) (data, &ifr->ifr_addr)) + goto punt; + /*@=moduncon@*/ + } #ifdef LINUX_IPV6_HACK - for (lx_v6 = linux_ipv6_addrs; lx_v6; lx_v6 = lx_v6->next) - if ((*pass2fn) (data, (struct sockaddr *) &lx_v6->addr)) - goto punt; + for (lx_v6 = linux_ipv6_addrs; lx_v6; lx_v6 = lx_v6->next) + if ((*pass2fn) (data, (struct sockaddr *) &lx_v6->addr)) + goto punt; #endif } - punt: +punt: /*@-moduncon@*/ closesocket(s); /*@=moduncon@*/ free (buf); #ifdef LINUX_IPV6_HACK while (linux_ipv6_addrs) { - lx_v6 = linux_ipv6_addrs->next; - free (linux_ipv6_addrs); - linux_ipv6_addrs = lx_v6; + lx_v6 = linux_ipv6_addrs->next; + free (linux_ipv6_addrs); + linux_ipv6_addrs = lx_v6; } #endif @@ -1074,7 +1075,7 @@ get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile); #ifdef TEST static int print_addr (/*@unused@*/ void *dataptr, struct sockaddr *sa) - /*@modifies fileSystem@*/ +/*@modifies fileSystem@*/ { char hostbuf[NI_MAXHOST]; int err; @@ -1083,14 +1084,14 @@ static int print_addr (/*@unused@*/ void *dataptr, struct sockaddr *sa) printf (" --> family %2d ", sa->sa_family); len = socklen (sa); err = getnameinfo (sa, len, hostbuf, (socklen_t) sizeof (hostbuf), - (char *) NULL, 0, NI_NUMERICHOST); + (char *) NULL, 0, NI_NUMERICHOST); if (err) { - int e = errno; - printf ("<getnameinfo error %d: %s>\n", err, gai_strerror (err)); - if (err == EAI_SYSTEM) - printf ("\t\t<errno is %d: %s>\n", e, strerror(e)); + int e = errno; + printf ("<getnameinfo error %d: %s>\n", err, gai_strerror (err)); + if (err == EAI_SYSTEM) + printf ("\t\t<errno is %d: %s>\n", e, strerror(e)); } else - printf ("addr %s\n", hostbuf); + printf ("addr %s\n", hostbuf); return 0; } @@ -1113,7 +1114,7 @@ struct localaddr_data { static int count_addrs (void *P_data, struct sockaddr *a) - /*@*/ +/*@*/ { struct localaddr_data *data = P_data; switch (a->sa_family) { @@ -1124,49 +1125,49 @@ count_addrs (void *P_data, struct sockaddr *a) #ifdef KRB5_USE_NS case AF_XNS: #endif - data->count++; - break; + data->count++; + break; default: - break; + break; } return 0; } static int allocate (void *P_data) - /*@*/ +/*@*/ { struct localaddr_data *data = P_data; int i; void *n; n = realloc (data->addr_temp, - (1 + data->count + data->cur_idx) * sizeof (krb5_address *)); + (1 + data->count + data->cur_idx) * sizeof (krb5_address *)); if (n == 0) { - data->mem_err++; - return 1; + data->mem_err++; + return 1; } data->addr_temp = n; data->cur_size = 1 + data->count + data->cur_idx; for (i = data->cur_idx; i <= data->count + data->cur_idx; i++) - data->addr_temp[i] = 0; + data->addr_temp[i] = 0; return 0; } static /*@null@*/ krb5_address * make_addr (int type, size_t length, const void *contents) - /*@*/ +/*@*/ { krb5_address *a; void *data; data = malloc (length); if (data == NULL) - return NULL; + return NULL; a = malloc (sizeof (krb5_address)); if (a == NULL) { - free (data); - return NULL; + free (data); + return NULL; } memcpy (data, contents, length); a->magic = KV5M_ADDRESS; @@ -1178,7 +1179,7 @@ make_addr (int type, size_t length, const void *contents) static int add_addr (void *P_data, struct sockaddr *a) - /*@modifies *P_data@*/ +/*@modifies *P_data@*/ { struct localaddr_data *data = P_data; /*@null@*/ krb5_address *address = 0; @@ -1186,57 +1187,57 @@ add_addr (void *P_data, struct sockaddr *a) switch (a->sa_family) { #ifdef HAVE_NETINET_IN_H case AF_INET: - address = make_addr (ADDRTYPE_INET, sizeof (struct in_addr), - &((const struct sockaddr_in *) a)->sin_addr); - if (address == NULL) - data->mem_err++; - break; + address = make_addr (ADDRTYPE_INET, sizeof (struct in_addr), + &((const struct sockaddr_in *) a)->sin_addr); + if (address == NULL) + data->mem_err++; + break; #ifdef KRB5_USE_INET6 case AF_INET6: { - const struct sockaddr_in6 *in = (const struct sockaddr_in6 *) a; - - if (IN6_IS_ADDR_LINKLOCAL (&in->sin6_addr)) - break; - - address = make_addr (ADDRTYPE_INET6, sizeof (struct in6_addr), - &in->sin6_addr); - if (address == NULL) - data->mem_err++; - break; + const struct sockaddr_in6 *in = (const struct sockaddr_in6 *) a; + + if (IN6_IS_ADDR_LINKLOCAL (&in->sin6_addr)) + break; + + address = make_addr (ADDRTYPE_INET6, sizeof (struct in6_addr), + &in->sin6_addr); + if (address == NULL) + data->mem_err++; + break; } #endif /* KRB5_USE_INET6 */ #endif /* netinet/in.h */ #ifdef KRB5_USE_NS case AF_XNS: - address = make_addr (ADDRTYPE_XNS, sizeof (struct ns_addr), - &((const struct sockaddr_ns *)a)->sns_addr); - if (address == NULL) - data->mem_err++; - break; + address = make_addr (ADDRTYPE_XNS, sizeof (struct ns_addr), + &((const struct sockaddr_ns *)a)->sns_addr); + if (address == NULL) + data->mem_err++; + break; #endif #ifdef AF_LINK - /* Some BSD-based systems (e.g. NetBSD 1.5) and AIX will - include the ethernet address, but we don't want that, at - least for now. */ + /* Some BSD-based systems (e.g. NetBSD 1.5) and AIX will + include the ethernet address, but we don't want that, at + least for now. */ case AF_LINK: - break; + break; #endif - /* - * Add more address families here.. - */ + /* + * Add more address families here.. + */ default: - break; + break; } #ifdef __LCLINT__ /* Redundant but unconditional store un-confuses lclint. */ data->addr_temp[data->cur_idx] = address; #endif if (address) { - data->addr_temp[data->cur_idx++] = address; + data->addr_temp[data->cur_idx++] = address; } return data->mem_err; @@ -1247,7 +1248,7 @@ krb5_os_localaddr_profile (krb5_context context, struct localaddr_data *datap) { krb5_error_code err; static const char *const profile_name[] = { - KRB5_CONF_LIBDEFAULTS, KRB5_CONF_EXTRA_ADDRESSES, 0 + KRB5_CONF_LIBDEFAULTS, KRB5_CONF_EXTRA_ADDRESSES, 0 }; char **values; char **iter; @@ -1260,69 +1261,69 @@ krb5_os_localaddr_profile (krb5_context context, struct localaddr_data *datap) err = profile_get_values (context->profile, profile_name, &values); /* Ignore all errors for now? */ if (err) - return 0; + return 0; for (iter = values; *iter; iter++) { - char *cp = *iter, *next, *current; - int i, count; + char *cp = *iter, *next, *current; + int i, count; #ifdef DEBUG - fprintf (stderr, " found line: '%s'\n", cp); + fprintf (stderr, " found line: '%s'\n", cp); #endif - for (cp = *iter, next = 0; *cp; cp = next) { - while (isspace ((int) *cp) || *cp == ',') - cp++; - if (*cp == 0) - break; - /* Start of an address. */ + for (cp = *iter, next = 0; *cp; cp = next) { + while (isspace ((int) *cp) || *cp == ',') + cp++; + if (*cp == 0) + break; + /* Start of an address. */ #ifdef DEBUG - fprintf (stderr, " addr found in '%s'\n", cp); + fprintf (stderr, " addr found in '%s'\n", cp); #endif - current = cp; - while (*cp != 0 && !isspace((int) *cp) && *cp != ',') - cp++; - if (*cp != 0) { - next = cp + 1; - *cp = 0; - } else - next = cp; - /* Got a single address, process it. */ + current = cp; + while (*cp != 0 && !isspace((int) *cp) && *cp != ',') + cp++; + if (*cp != 0) { + next = cp + 1; + *cp = 0; + } else + next = cp; + /* Got a single address, process it. */ #ifdef DEBUG - fprintf (stderr, " processing '%s'\n", current); + fprintf (stderr, " processing '%s'\n", current); #endif - newaddrs = 0; - err = krb5_os_hostaddr (context, current, &newaddrs); - if (err) - continue; - for (i = 0; newaddrs[i]; i++) { + newaddrs = 0; + err = krb5_os_hostaddr (context, current, &newaddrs); + if (err) + continue; + for (i = 0; newaddrs[i]; i++) { #ifdef DEBUG - fprintf (stderr, " %d: family %d", i, - newaddrs[i]->addrtype); - fprintf (stderr, "\n"); + fprintf (stderr, " %d: family %d", i, + newaddrs[i]->addrtype); + fprintf (stderr, "\n"); #endif - } - count = i; + } + count = i; #ifdef DEBUG - fprintf (stderr, " %d addresses\n", count); + fprintf (stderr, " %d addresses\n", count); #endif - if (datap->cur_idx + count >= datap->cur_size) { - krb5_address **bigger; - bigger = realloc (datap->addr_temp, - sizeof (krb5_address *) * (datap->cur_idx + count)); - if (bigger) { - datap->addr_temp = bigger; - datap->cur_size = datap->cur_idx + count; - } - } - for (i = 0; i < count; i++) { - if (datap->cur_idx < datap->cur_size) - datap->addr_temp[datap->cur_idx++] = newaddrs[i]; - else - free (newaddrs[i]->contents), free (newaddrs[i]); - } - free (newaddrs); - } + if (datap->cur_idx + count >= datap->cur_size) { + krb5_address **bigger; + bigger = realloc (datap->addr_temp, + sizeof (krb5_address *) * (datap->cur_idx + count)); + if (bigger) { + datap->addr_temp = bigger; + datap->cur_size = datap->cur_idx + count; + } + } + for (i = 0; i < count; i++) { + if (datap->cur_idx < datap->cur_size) + datap->addr_temp[datap->cur_idx++] = newaddrs[i]; + else + free (newaddrs[i]->contents), free (newaddrs[i]); + } + free (newaddrs); + } } return 0; } @@ -1349,92 +1350,92 @@ get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile) krb5_error_code err; if (use_profile) { - err = krb5_os_localaddr_profile (context, &data); - /* ignore err for now */ + err = krb5_os_localaddr_profile (context, &data); + /* ignore err for now */ } r = foreach_localaddr (&data, count_addrs, allocate, add_addr); if (r != 0) { - int i; - if (data.addr_temp) { - for (i = 0; i < data.count; i++) - free (data.addr_temp[i]); - free (data.addr_temp); - } - if (data.mem_err) - return ENOMEM; - else - return r; + int i; + if (data.addr_temp) { + for (i = 0; i < data.count; i++) + free (data.addr_temp[i]); + free (data.addr_temp); + } + if (data.mem_err) + return ENOMEM; + else + return r; } data.cur_idx++; /* null termination */ if (data.mem_err) - return ENOMEM; + return ENOMEM; else if (data.cur_idx == data.count) - *addr = data.addr_temp; + *addr = data.addr_temp; else { - /* This can easily happen if we have IPv6 link-local - addresses. Just shorten the array. */ - *addr = (krb5_address **) realloc (data.addr_temp, - (sizeof (krb5_address *) - * data.cur_idx)); - if (*addr == 0) - /* Okay, shortening failed, but the original should still - be intact. */ - *addr = data.addr_temp; + /* This can easily happen if we have IPv6 link-local + addresses. Just shorten the array. */ + *addr = (krb5_address **) realloc (data.addr_temp, + (sizeof (krb5_address *) + * data.cur_idx)); + if (*addr == 0) + /* Okay, shortening failed, but the original should still + be intact. */ + *addr = data.addr_temp; } #ifdef DEBUG { - int j; - fprintf (stderr, "addresses:\n"); - for (j = 0; addr[0][j]; j++) { - struct sockaddr_storage ss; - int err2; - char namebuf[NI_MAXHOST]; - void *addrp = 0; - - fprintf (stderr, "%2d: ", j); - fprintf (stderr, "addrtype %2d, length %2d", addr[0][j]->addrtype, - addr[0][j]->length); - memset (&ss, 0, sizeof (ss)); - switch (addr[0][j]->addrtype) { - case ADDRTYPE_INET: - { - struct sockaddr_in *sinp = ss2sin (&ss); - sinp->sin_family = AF_INET; - addrp = &sinp->sin_addr; + int j; + fprintf (stderr, "addresses:\n"); + for (j = 0; addr[0][j]; j++) { + struct sockaddr_storage ss; + int err2; + char namebuf[NI_MAXHOST]; + void *addrp = 0; + + fprintf (stderr, "%2d: ", j); + fprintf (stderr, "addrtype %2d, length %2d", addr[0][j]->addrtype, + addr[0][j]->length); + memset (&ss, 0, sizeof (ss)); + switch (addr[0][j]->addrtype) { + case ADDRTYPE_INET: + { + struct sockaddr_in *sinp = ss2sin (&ss); + sinp->sin_family = AF_INET; + addrp = &sinp->sin_addr; #ifdef HAVE_SA_LEN - sinp->sin_len = sizeof (struct sockaddr_in); + sinp->sin_len = sizeof (struct sockaddr_in); #endif - break; - } + break; + } #ifdef KRB5_USE_INET6 - case ADDRTYPE_INET6: - { - struct sockaddr_in6 *sin6p = ss2sin6 (&ss); - sin6p->sin6_family = AF_INET6; - addrp = &sin6p->sin6_addr; + case ADDRTYPE_INET6: + { + struct sockaddr_in6 *sin6p = ss2sin6 (&ss); + sin6p->sin6_family = AF_INET6; + addrp = &sin6p->sin6_addr; #ifdef HAVE_SA_LEN - sin6p->sin6_len = sizeof (struct sockaddr_in6); + sin6p->sin6_len = sizeof (struct sockaddr_in6); #endif - break; - } + break; + } #endif - default: - ss2sa(&ss)->sa_family = 0; - break; - } - if (addrp) - memcpy (addrp, addr[0][j]->contents, addr[0][j]->length); - err2 = getnameinfo (ss2sa(&ss), socklen (ss2sa (&ss)), - namebuf, sizeof (namebuf), 0, 0, - NI_NUMERICHOST); - if (err2 == 0) - fprintf (stderr, ": addr %s\n", namebuf); - else - fprintf (stderr, ": getnameinfo error %d\n", err2); - } + default: + ss2sa(&ss)->sa_family = 0; + break; + } + if (addrp) + memcpy (addrp, addr[0][j]->contents, addr[0][j]->length); + err2 = getnameinfo (ss2sa(&ss), socklen (ss2sa (&ss)), + namebuf, sizeof (namebuf), 0, 0, + NI_NUMERICHOST); + if (err2 == 0) + fprintf (stderr, ": addr %s\n", namebuf); + else + fprintf (stderr, ": getnameinfo error %d\n", err2); + } } #endif @@ -1453,47 +1454,47 @@ get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile) #if defined(_WIN32) static struct hostent *local_addr_fallback_kludge() { - static struct hostent host; - static SOCKADDR_IN addr; - static char * ip_ptrs[2]; - SOCKET sock; - int size = sizeof(SOCKADDR); - int err; - - sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock == INVALID_SOCKET) - return NULL; - set_cloexec_fd(sock); - - /* connect to arbitrary port and address (NOT loopback) */ - addr.sin_family = AF_INET; - addr.sin_port = htons(IPPORT_ECHO); - addr.sin_addr.s_addr = inet_addr("204.137.220.51"); - - err = connect(sock, (LPSOCKADDR) &addr, sizeof(SOCKADDR)); - if (err == SOCKET_ERROR) - return NULL; - - err = getsockname(sock, (LPSOCKADDR) &addr, (int *) size); - if (err == SOCKET_ERROR) - return NULL; - - closesocket(sock); - - host.h_name = 0; - host.h_aliases = 0; - host.h_addrtype = AF_INET; - host.h_length = 4; - host.h_addr_list = ip_ptrs; - ip_ptrs[0] = (char *) &addr.sin_addr.s_addr; - ip_ptrs[1] = NULL; - - return &host; + static struct hostent host; + static SOCKADDR_IN addr; + static char * ip_ptrs[2]; + SOCKET sock; + int size = sizeof(SOCKADDR); + int err; + + sock = socket(AF_INET, SOCK_DGRAM, 0); + if (sock == INVALID_SOCKET) + return NULL; + set_cloexec_fd(sock); + + /* connect to arbitrary port and address (NOT loopback) */ + addr.sin_family = AF_INET; + addr.sin_port = htons(IPPORT_ECHO); + addr.sin_addr.s_addr = inet_addr("204.137.220.51"); + + err = connect(sock, (LPSOCKADDR) &addr, sizeof(SOCKADDR)); + if (err == SOCKET_ERROR) + return NULL; + + err = getsockname(sock, (LPSOCKADDR) &addr, (int *) size); + if (err == SOCKET_ERROR) + return NULL; + + closesocket(sock); + + host.h_name = 0; + host.h_aliases = 0; + host.h_addrtype = AF_INET; + host.h_length = 4; + host.h_addr_list = ip_ptrs; + ip_ptrs[0] = (char *) &addr.sin_addr.s_addr; + ip_ptrs[1] = NULL; + + return &host; } #endif -/* No ioctls in winsock so we just assume there is only one networking - * card per machine, so gethostent is good enough. +/* No ioctls in winsock so we just assume there is only one networking + * card per machine, so gethostent is good enough. */ krb5_error_code KRB5_CALLCONV krb5_os_localaddr (krb5_context context, krb5_address ***addr) { @@ -1505,24 +1506,24 @@ krb5_os_localaddr (krb5_context context, krb5_address ***addr) { *addr = 0; paddr = 0; err = 0; - + if (gethostname (host, sizeof(host))) { err = SOCKET_ERRNO; } if (!err) { - hostrec = gethostbyname (host); - if (hostrec == NULL) { - err = SOCKET_ERRNO; - } + hostrec = gethostbyname (host); + if (hostrec == NULL) { + err = SOCKET_ERRNO; + } } if (err) { - hostrec = local_addr_fallback_kludge(); - if (!hostrec) - return err; - else - err = 0; /* otherwise we will die at cleanup */ + hostrec = local_addr_fallback_kludge(); + if (!hostrec) + return err; + else + err = 0; /* otherwise we will die at cleanup */ } for (count = 0; hostrec->h_addr_list[count]; count++); @@ -1554,7 +1555,7 @@ krb5_os_localaddr (krb5_context context, krb5_address ***addr) { paddr[i]->length); } - cleanup: +cleanup: if (err) { if (paddr) { for (i = 0; i < count; i++) diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 4383fab..df246ef 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/locate_kdc.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * get socket addresses for KDC. */ @@ -73,13 +74,13 @@ maybe_use_dns (krb5_context context, const char *name, int defalt) code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, name, 0, 0, &value); if (value == 0 && code == 0) - code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_DNS_FALLBACK, 0, 0, &value); + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_DNS_FALLBACK, 0, 0, &value); if (code) return defalt; if (value == 0) - return defalt; + return defalt; use_dns = _krb5_conf_boolean(value); profile_release_string(value); @@ -110,12 +111,12 @@ krb5int_grow_addrlist (struct addrlist *lp, int nmore) newaddrs = realloc (lp->addrs, newsize); if (newaddrs == NULL) - return ENOMEM; + return ENOMEM; lp->addrs = newaddrs; for (i = lp->space; i < newspace; i++) { - lp->addrs[i].ai = NULL; - lp->addrs[i].freefn = NULL; - lp->addrs[i].data = NULL; + lp->addrs[i].ai = NULL; + lp->addrs[i].freefn = NULL; + lp->addrs[i].data = NULL; } lp->space = newspace; return 0; @@ -129,8 +130,8 @@ krb5int_free_addrlist (struct addrlist *lp) { int i; for (i = 0; i < lp->naddrs; i++) - if (lp->addrs[i].freefn) - (lp->addrs[i].freefn)(lp->addrs[i].data); + if (lp->addrs[i].freefn) + (lp->addrs[i].freefn)(lp->addrs[i].data); free (lp->addrs); lp->addrs = NULL; lp->naddrs = lp->space = 0; @@ -141,19 +142,19 @@ static int translate_ai_error (int err) { switch (err) { case 0: - return 0; + return 0; case EAI_BADFLAGS: case EAI_FAMILY: case EAI_SOCKTYPE: case EAI_SERVICE: - /* All of these indicate bad inputs to getaddrinfo. */ - return EINVAL; + /* All of these indicate bad inputs to getaddrinfo. */ + return EINVAL; case EAI_AGAIN: - /* Translate to standard errno code. */ - return EAGAIN; + /* Translate to standard errno code. */ + return EAGAIN; case EAI_MEMORY: - /* Translate to standard errno code. */ - return ENOMEM; + /* Translate to standard errno code. */ + return ENOMEM; #ifdef EAI_ADDRFAMILY case EAI_ADDRFAMILY: #endif @@ -161,22 +162,22 @@ static int translate_ai_error (int err) case EAI_NODATA: #endif case EAI_NONAME: - /* Name not known or no address data, but no error. Do - nothing more. */ - return 0; + /* Name not known or no address data, but no error. Do + nothing more. */ + return 0; #ifdef EAI_OVERFLOW case EAI_OVERFLOW: - /* An argument buffer overflowed. */ - return EINVAL; /* XXX */ + /* An argument buffer overflowed. */ + return EINVAL; /* XXX */ #endif #ifdef EAI_SYSTEM case EAI_SYSTEM: - /* System error, obviously. */ - return errno; + /* System error, obviously. */ + return errno; #endif default: - /* An error code we haven't handled? */ - return EINVAL; + /* An error code we haven't handled? */ + return EINVAL; } } @@ -202,19 +203,19 @@ static inline void print_addrlist(const struct addrlist *a) { } #endif static int add_addrinfo_to_list (struct addrlist *lp, struct addrinfo *a, - void (*freefn)(void *), void *data) + void (*freefn)(void *), void *data) { int err; dprint("\tadding %p=%A to %p (naddrs=%d space=%d)\n", a, a, lp, - lp->naddrs, lp->space); + lp->naddrs, lp->space); if (lp->naddrs == lp->space) { - err = grow_list (lp, 1); - if (err) { - Tprintf ("grow_list failed %d\n", err); - return err; - } + err = grow_list (lp, 1); + if (err) { + Tprintf ("grow_list failed %d\n", err); + return err; + } } Tprintf("setting element %d\n", lp->naddrs); lp->addrs[lp->naddrs].ai = a; @@ -239,8 +240,8 @@ static void call_freeaddrinfo(void *data) int krb5int_add_host_to_list (struct addrlist *lp, const char *hostname, - int port, int secport, - int socktype, int family) + int port, int secport, + int socktype, int family) { struct addrinfo *addrs, *a, *anext, hint; int err; @@ -248,8 +249,8 @@ krb5int_add_host_to_list (struct addrlist *lp, const char *hostname, void (*freefn)(void *); Tprintf ("adding hostname %s, ports %d,%d, family %d, socktype %d\n", - hostname, ntohs (port), ntohs (secport), - family, socktype); + hostname, ntohs (port), ntohs (secport), + family, socktype); memset(&hint, 0, sizeof(hint)); hint.ai_family = family; @@ -258,38 +259,38 @@ krb5int_add_host_to_list (struct addrlist *lp, const char *hostname, hint.ai_flags = AI_NUMERICSERV; #endif if (snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)) >= sizeof(portbuf)) - /* XXX */ - return EINVAL; + /* XXX */ + return EINVAL; if (snprintf(secportbuf, sizeof(secportbuf), "%d", ntohs(secport)) >= sizeof(secportbuf)) - return EINVAL; + return EINVAL; err = getaddrinfo (hostname, portbuf, &hint, &addrs); if (err) { - Tprintf ("\tgetaddrinfo(\"%s\", \"%s\", ...)\n\treturns %d: %s\n", - hostname, portbuf, err, gai_strerror (err)); - return translate_ai_error (err); + Tprintf ("\tgetaddrinfo(\"%s\", \"%s\", ...)\n\treturns %d: %s\n", + hostname, portbuf, err, gai_strerror (err)); + return translate_ai_error (err); } freefn = call_freeaddrinfo; anext = 0; for (a = addrs; a != 0 && err == 0; a = anext, freefn = 0) { - anext = a->ai_next; - err = add_addrinfo_to_list (lp, a, freefn, a); + anext = a->ai_next; + err = add_addrinfo_to_list (lp, a, freefn, a); } if (err || secport == 0) - goto egress; + goto egress; if (socktype == 0) - socktype = SOCK_DGRAM; + socktype = SOCK_DGRAM; else if (socktype != SOCK_DGRAM) - goto egress; + goto egress; hint.ai_family = AF_INET; err = getaddrinfo (hostname, secportbuf, &hint, &addrs); if (err) { - err = translate_ai_error (err); - goto egress; + err = translate_ai_error (err); + goto egress; } freefn = call_freeaddrinfo; for (a = addrs; a != 0 && err == 0; a = anext, freefn = 0) { - anext = a->ai_next; - err = add_addrinfo_to_list (lp, a, freefn, a); + anext = a->ai_next; + err = add_addrinfo_to_list (lp, a, freefn, a); } egress: /* XXX Memory leaks possible here if add_addrinfo_to_list fails. */ @@ -304,20 +305,20 @@ egress: static krb5_error_code krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm, - const char * name, struct addrlist *addrlist, - int get_masters, int socktype, - int udpport, int sec_udpport, int family) + const char * name, struct addrlist *addrlist, + int get_masters, int socktype, + int udpport, int sec_udpport, int family) { - const char *realm_srv_names[4]; + const char *realm_srv_names[4]; char **masterlist, **hostlist, *host, *port, *cp; krb5_error_code code; int i, j, count, ismaster; Tprintf ("looking in krb5.conf for realm %s entry %s; ports %d,%d\n", - realm->data, name, ntohs (udpport), ntohs (sec_udpport)); + realm->data, name, ntohs (udpport), ntohs (sec_udpport)); - if ((host = malloc(realm->length + 1)) == NULL) - return ENOMEM; + if ((host = malloc(realm->length + 1)) == NULL) + return ENOMEM; strncpy(host, realm->data, realm->length); host[realm->length] = '\0'; @@ -333,57 +334,57 @@ krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm, code = profile_get_values(context->profile, realm_srv_names, &hostlist); if (code) { - Tprintf ("config file lookup failed: %s\n", - error_message(code)); + Tprintf ("config file lookup failed: %s\n", + error_message(code)); if (code == PROF_NO_SECTION || code == PROF_NO_RELATION) - code = KRB5_REALM_UNKNOWN; - free(host); - return code; - } + code = KRB5_REALM_UNKNOWN; + free(host); + return code; + } count = 0; while (hostlist && hostlist[count]) - count++; + count++; Tprintf ("found %d entries under 'kdc'\n", count); - + if (count == 0) { profile_free_list(hostlist); - free(host); - addrlist->naddrs = 0; - return 0; + free(host); + addrlist->naddrs = 0; + return 0; } - + if (get_masters) { - realm_srv_names[0] = KRB5_CONF_REALMS; - realm_srv_names[1] = host; - realm_srv_names[2] = KRB5_CONF_ADMIN_SERVER; - realm_srv_names[3] = 0; - - code = profile_get_values(context->profile, realm_srv_names, - &masterlist); - - free(host); - - if (code == 0) { - for (i=0; masterlist[i]; i++) { - host = masterlist[i]; - - /* - * Strip off excess whitespace - */ - cp = strchr(host, ' '); - if (cp) - *cp = 0; - cp = strchr(host, '\t'); - if (cp) - *cp = 0; - cp = strchr(host, ':'); - if (cp) - *cp = 0; - } - } + realm_srv_names[0] = KRB5_CONF_REALMS; + realm_srv_names[1] = host; + realm_srv_names[2] = KRB5_CONF_ADMIN_SERVER; + realm_srv_names[3] = 0; + + code = profile_get_values(context->profile, realm_srv_names, + &masterlist); + + free(host); + + if (code == 0) { + for (i=0; masterlist[i]; i++) { + host = masterlist[i]; + + /* + * Strip off excess whitespace + */ + cp = strchr(host, ' '); + if (cp) + *cp = 0; + cp = strchr(host, '\t'); + if (cp) + *cp = 0; + cp = strchr(host, ':'); + if (cp) + *cp = 0; + } + } } else { - free(host); + free(host); } /* at this point, if master is non-NULL, then either the master kdc @@ -392,80 +393,80 @@ krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm, #ifdef HAVE_NETINET_IN_H if (sec_udpport) - count = count * 2; + count = count * 2; #endif for (i=0; hostlist[i]; i++) { - int p1, p2; - - host = hostlist[i]; - Tprintf ("entry %d is '%s'\n", i, host); - /* - * Strip off excess whitespace - */ - cp = strchr(host, ' '); - if (cp) - *cp = 0; - cp = strchr(host, '\t'); - if (cp) - *cp = 0; - port = strchr(host, ':'); - if (port) { - *port = 0; - port++; - } - - ismaster = 0; - if (masterlist) { - for (j=0; masterlist[j]; j++) { - if (strcasecmp(hostlist[i], masterlist[j]) == 0) { - ismaster = 1; - } - } - } - - if (get_masters && !ismaster) - continue; - - if (port) { - unsigned long l; + int p1, p2; + + host = hostlist[i]; + Tprintf ("entry %d is '%s'\n", i, host); + /* + * Strip off excess whitespace + */ + cp = strchr(host, ' '); + if (cp) + *cp = 0; + cp = strchr(host, '\t'); + if (cp) + *cp = 0; + port = strchr(host, ':'); + if (port) { + *port = 0; + port++; + } + + ismaster = 0; + if (masterlist) { + for (j=0; masterlist[j]; j++) { + if (strcasecmp(hostlist[i], masterlist[j]) == 0) { + ismaster = 1; + } + } + } + + if (get_masters && !ismaster) + continue; + + if (port) { + unsigned long l; #ifdef HAVE_STROUL - char *endptr; - l = strtoul (port, &endptr, 10); - if (endptr == NULL || *endptr != 0) - return EINVAL; + char *endptr; + l = strtoul (port, &endptr, 10); + if (endptr == NULL || *endptr != 0) + return EINVAL; #else - l = atoi (port); + l = atoi (port); #endif - /* L is unsigned, don't need to check <0. */ - if (l > 65535) - return EINVAL; - p1 = htons (l); - p2 = 0; - } else { - p1 = udpport; - p2 = sec_udpport; - } - - if (socktype != 0) - code = add_host_to_list (addrlist, hostlist[i], p1, p2, - socktype, family); - else { - code = add_host_to_list (addrlist, hostlist[i], p1, p2, - SOCK_DGRAM, family); - if (code == 0) - code = add_host_to_list (addrlist, hostlist[i], p1, p2, - SOCK_STREAM, family); - } - if (code) { - Tprintf ("error %d (%s) returned from add_host_to_list\n", code, - error_message (code)); - if (hostlist) - profile_free_list (hostlist); - if (masterlist) - profile_free_list (masterlist); - return code; - } + /* L is unsigned, don't need to check <0. */ + if (l > 65535) + return EINVAL; + p1 = htons (l); + p2 = 0; + } else { + p1 = udpport; + p2 = sec_udpport; + } + + if (socktype != 0) + code = add_host_to_list (addrlist, hostlist[i], p1, p2, + socktype, family); + else { + code = add_host_to_list (addrlist, hostlist[i], p1, p2, + SOCK_DGRAM, family); + if (code == 0) + code = add_host_to_list (addrlist, hostlist[i], p1, p2, + SOCK_STREAM, family); + } + if (code) { + Tprintf ("error %d (%s) returned from add_host_to_list\n", code, + error_message (code)); + if (hostlist) + profile_free_list (hostlist); + if (masterlist) + profile_free_list (masterlist); + return code; + } } if (hostlist) @@ -479,17 +480,17 @@ krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm, #ifdef TEST static krb5_error_code krb5_locate_srv_conf(krb5_context context, const krb5_data *realm, - const char *name, struct addrlist *al, int get_masters, - int udpport, int sec_udpport) + const char *name, struct addrlist *al, int get_masters, + int udpport, int sec_udpport) { krb5_error_code ret; ret = krb5_locate_srv_conf_1 (context, realm, name, al, - get_masters, 0, udpport, sec_udpport, 0); + get_masters, 0, udpport, sec_udpport, 0); if (ret) - return ret; - if (al->naddrs == 0) /* Couldn't resolve any KDC names */ - return KRB5_REALM_CANT_RESOLVE; + return ret; + if (al->naddrs == 0) /* Couldn't resolve any KDC names */ + return KRB5_REALM_CANT_RESOLVE; return 0; } #endif @@ -497,10 +498,10 @@ krb5_locate_srv_conf(krb5_context context, const krb5_data *realm, #ifdef KRB5_DNS_LOOKUP static krb5_error_code krb5_locate_srv_dns_1 (const krb5_data *realm, - const char *service, - const char *protocol, - struct addrlist *addrlist, - int family) + const char *service, + const char *protocol, + struct addrlist *addrlist, + int family) { struct srv_dns_entry *head = NULL; struct srv_dns_entry *entry = NULL, *next; @@ -508,7 +509,7 @@ krb5_locate_srv_dns_1 (const krb5_data *realm, code = krb5int_make_srv_query_realm(realm, service, protocol, &head); if (code) - return 0; + return 0; /* * Okay! Now we've got a linked list of entries sorted by @@ -517,32 +518,32 @@ krb5_locate_srv_dns_1 (const krb5_data *realm, */ if (head == NULL) - return 0; + return 0; /* Check for the "." case indicating no support. */ if (head->next == 0 && head->host[0] == 0) { - free(head->host); - free(head); - return KRB5_ERR_NO_SERVICE; + free(head->host); + free(head); + return KRB5_ERR_NO_SERVICE; } Tprintf ("walking answer list:\n"); for (entry = head; entry != NULL; entry = next) { - Tprintf ("\tport=%d host=%s\n", entry->port, entry->host); - next = entry->next; - code = add_host_to_list (addrlist, entry->host, htons (entry->port), 0, - (strcmp("_tcp", protocol) - ? SOCK_DGRAM - : SOCK_STREAM), family); - if (code) { - break; - } - if (entry == head) { - free(entry->host); - free(entry); - head = next; - entry = 0; - } + Tprintf ("\tport=%d host=%s\n", entry->port, entry->host); + next = entry->next; + code = add_host_to_list (addrlist, entry->host, htons (entry->port), 0, + (strcmp("_tcp", protocol) + ? SOCK_DGRAM + : SOCK_STREAM), family); + if (code) { + break; + } + if (entry == head) { + free(entry->host); + free(entry); + head = next; + entry = 0; + } } Tprintf ("[end]\n"); @@ -569,59 +570,59 @@ module_callback (void *cbdata, int socktype, struct sockaddr *sa) { struct module_callback_data *d = cbdata; struct { - struct addrinfo ai; - union { - struct sockaddr_in sin; + struct addrinfo ai; + union { + struct sockaddr_in sin; #ifdef KRB5_USE_INET6 - struct sockaddr_in6 sin6; + struct sockaddr_in6 sin6; #endif - } u; + } u; } *x; if (socktype != SOCK_STREAM && socktype != SOCK_DGRAM) - return 0; + return 0; if (sa->sa_family != AF_INET #ifdef KRB5_USE_INET6 - && sa->sa_family != AF_INET6 + && sa->sa_family != AF_INET6 #endif - ) - return 0; + ) + return 0; x = calloc (1, sizeof (*x)); if (x == 0) { - d->out_of_mem = 1; - return 1; + d->out_of_mem = 1; + return 1; } x->ai.ai_addr = (struct sockaddr *) &x->u; x->ai.ai_socktype = socktype; x->ai.ai_family = sa->sa_family; if (sa->sa_family == AF_INET) { - x->u.sin = *(struct sockaddr_in *)sa; - x->ai.ai_addrlen = sizeof(struct sockaddr_in); + x->u.sin = *(struct sockaddr_in *)sa; + x->ai.ai_addrlen = sizeof(struct sockaddr_in); } #ifdef KRB5_USE_INET6 if (sa->sa_family == AF_INET6) { - x->u.sin6 = *(struct sockaddr_in6 *)sa; - x->ai.ai_addrlen = sizeof(struct sockaddr_in6); + x->u.sin6 = *(struct sockaddr_in6 *)sa; + x->ai.ai_addrlen = sizeof(struct sockaddr_in6); } #endif if (add_addrinfo_to_list (d->lp, &x->ai, free, x) != 0) { - /* Assumes only error is ENOMEM. */ - d->out_of_mem = 1; - return 1; + /* Assumes only error is ENOMEM. */ + d->out_of_mem = 1; + return 1; } return 0; } static krb5_error_code module_locate_server (krb5_context ctx, const krb5_data *realm, - struct addrlist *addrlist, - enum locate_service_type svc, int socktype, int family) + struct addrlist *addrlist, + enum locate_service_type svc, int socktype, int family) { struct krb5plugin_service_locate_result *res = NULL; krb5_error_code code; struct krb5plugin_service_locate_ftable *vtbl = NULL; void **ptrs; - char *realmz; /* NUL-terminated realm */ + char *realmz; /* NUL-terminated realm */ int i; struct module_callback_data cbdata = { 0, }; const char *msg; @@ -629,69 +630,69 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, Tprintf("in module_locate_server\n"); cbdata.lp = addrlist; if (!PLUGIN_DIR_OPEN (&ctx->libkrb5_plugins)) { - - code = krb5int_open_plugin_dirs (objdirs, NULL, &ctx->libkrb5_plugins, - &ctx->err); - if (code) - return KRB5_PLUGIN_NO_HANDLE; + + code = krb5int_open_plugin_dirs (objdirs, NULL, &ctx->libkrb5_plugins, + &ctx->err); + if (code) + return KRB5_PLUGIN_NO_HANDLE; } code = krb5int_get_plugin_dir_data (&ctx->libkrb5_plugins, - "service_locator", &ptrs, &ctx->err); + "service_locator", &ptrs, &ctx->err); if (code) { - Tprintf("error looking up plugin symbols: %s\n", - (msg = krb5_get_error_message(ctx, code))); - krb5_free_error_message(ctx, msg); - return KRB5_PLUGIN_NO_HANDLE; + Tprintf("error looking up plugin symbols: %s\n", + (msg = krb5_get_error_message(ctx, code))); + krb5_free_error_message(ctx, msg); + return KRB5_PLUGIN_NO_HANDLE; } if (realm->length >= UINT_MAX) { - krb5int_free_plugin_dir_data(ptrs); - return ENOMEM; + krb5int_free_plugin_dir_data(ptrs); + return ENOMEM; } realmz = malloc(realm->length + 1); if (realmz == NULL) { - krb5int_free_plugin_dir_data(ptrs); - return ENOMEM; + krb5int_free_plugin_dir_data(ptrs); + return ENOMEM; } memcpy(realmz, realm->data, realm->length); realmz[realm->length] = '\0'; for (i = 0; ptrs[i]; i++) { - void *blob; - - vtbl = ptrs[i]; - Tprintf("element %d is %p\n", i, ptrs[i]); - - /* For now, don't keep the plugin data alive. For long-lived - contexts, it may be desirable to change that later. */ - code = vtbl->init(ctx, &blob); - if (code) - continue; - - code = vtbl->lookup(blob, svc, realmz, socktype, family, - module_callback, &cbdata); - vtbl->fini(blob); - if (code == KRB5_PLUGIN_NO_HANDLE) { - /* Module passes, keep going. */ - /* XXX */ - Tprintf("plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)\n"); - continue; - } - if (code != 0) { - /* Module encountered an actual error. */ - Tprintf("plugin lookup routine returned error %d: %s\n", - code, error_message(code)); - free(realmz); - krb5int_free_plugin_dir_data (ptrs); - return code; - } - break; + void *blob; + + vtbl = ptrs[i]; + Tprintf("element %d is %p\n", i, ptrs[i]); + + /* For now, don't keep the plugin data alive. For long-lived + contexts, it may be desirable to change that later. */ + code = vtbl->init(ctx, &blob); + if (code) + continue; + + code = vtbl->lookup(blob, svc, realmz, socktype, family, + module_callback, &cbdata); + vtbl->fini(blob); + if (code == KRB5_PLUGIN_NO_HANDLE) { + /* Module passes, keep going. */ + /* XXX */ + Tprintf("plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)\n"); + continue; + } + if (code != 0) { + /* Module encountered an actual error. */ + Tprintf("plugin lookup routine returned error %d: %s\n", + code, error_message(code)); + free(realmz); + krb5int_free_plugin_dir_data (ptrs); + return code; + } + break; } if (ptrs[i] == NULL) { - Tprintf("ran off end of plugin list\n"); - free(realmz); - krb5int_free_plugin_dir_data (ptrs); - return KRB5_PLUGIN_NO_HANDLE; + Tprintf("ran off end of plugin list\n"); + free(realmz); + krb5int_free_plugin_dir_data (ptrs); + return KRB5_PLUGIN_NO_HANDLE; } Tprintf("stopped with plugin #%d, res=%p\n", i, res); @@ -705,8 +706,8 @@ module_locate_server (krb5_context ctx, const krb5_data *realm, static krb5_error_code prof_locate_server (krb5_context context, const krb5_data *realm, - struct addrlist *addrlist, - enum locate_service_type svc, int socktype, int family) + struct addrlist *addrlist, + enum locate_service_type svc, int socktype, int family) { const char *profname; int dflport1, dflport2 = 0; @@ -714,81 +715,81 @@ prof_locate_server (krb5_context context, const krb5_data *realm, switch (svc) { case locate_service_kdc: - profname = KRB5_CONF_KDC; - /* We used to use /etc/services for these, but enough systems - have old, crufty, wrong settings that this is probably - better. */ + profname = KRB5_CONF_KDC; + /* We used to use /etc/services for these, but enough systems + have old, crufty, wrong settings that this is probably + better. */ kdc_ports: - dflport1 = htons(KRB5_DEFAULT_PORT); - dflport2 = htons(KRB5_DEFAULT_SEC_PORT); - break; + dflport1 = htons(KRB5_DEFAULT_PORT); + dflport2 = htons(KRB5_DEFAULT_SEC_PORT); + break; case locate_service_master_kdc: - profname = KRB5_CONF_MASTER_KDC; - goto kdc_ports; + profname = KRB5_CONF_MASTER_KDC; + goto kdc_ports; case locate_service_kadmin: - profname = KRB5_CONF_ADMIN_SERVER; - dflport1 = htons(DEFAULT_KADM5_PORT); - break; + profname = KRB5_CONF_ADMIN_SERVER; + dflport1 = htons(DEFAULT_KADM5_PORT); + break; case locate_service_krb524: - profname = KRB5_CONF_KRB524_SERVER; - serv = getservbyname(KRB524_SERVICE, "udp"); - dflport1 = serv ? serv->s_port : htons (KRB524_PORT); - break; + profname = KRB5_CONF_KRB524_SERVER; + serv = getservbyname(KRB524_SERVICE, "udp"); + dflport1 = serv ? serv->s_port : htons (KRB524_PORT); + break; case locate_service_kpasswd: - profname = KRB5_CONF_KPASSWD_SERVER; - dflport1 = htons(DEFAULT_KPASSWD_PORT); - break; + profname = KRB5_CONF_KPASSWD_SERVER; + dflport1 = htons(DEFAULT_KPASSWD_PORT); + break; default: - return EBUSY; /* XXX */ + return EBUSY; /* XXX */ } return krb5_locate_srv_conf_1 (context, realm, profname, addrlist, - 0, socktype, - dflport1, dflport2, family); + 0, socktype, + dflport1, dflport2, family); } static krb5_error_code dns_locate_server (krb5_context context, const krb5_data *realm, - struct addrlist *addrlist, - enum locate_service_type svc, int socktype, int family) + struct addrlist *addrlist, + enum locate_service_type svc, int socktype, int family) { const char *dnsname; int use_dns = _krb5_use_dns_kdc(context); krb5_error_code code; if (!use_dns) - return KRB5_PLUGIN_NO_HANDLE; + return KRB5_PLUGIN_NO_HANDLE; switch (svc) { case locate_service_kdc: - dnsname = "_kerberos"; - break; + dnsname = "_kerberos"; + break; case locate_service_master_kdc: - dnsname = "_kerberos-master"; - break; + dnsname = "_kerberos-master"; + break; case locate_service_kadmin: - dnsname = "_kerberos-adm"; - break; + dnsname = "_kerberos-adm"; + break; case locate_service_krb524: - dnsname = "_krb524"; - break; + dnsname = "_krb524"; + break; case locate_service_kpasswd: - dnsname = "_kpasswd"; - break; + dnsname = "_kpasswd"; + break; default: - return KRB5_PLUGIN_NO_HANDLE; + return KRB5_PLUGIN_NO_HANDLE; } code = 0; if (socktype == SOCK_DGRAM || socktype == 0) { - code = krb5_locate_srv_dns_1(realm, dnsname, "_udp", addrlist, family); - if (code) - Tprintf("dns udp lookup returned error %d\n", code); + code = krb5_locate_srv_dns_1(realm, dnsname, "_udp", addrlist, family); + if (code) + Tprintf("dns udp lookup returned error %d\n", code); } if ((socktype == SOCK_STREAM || socktype == 0) && code == 0) { - code = krb5_locate_srv_dns_1(realm, dnsname, "_tcp", addrlist, family); - if (code) - Tprintf("dns tcp lookup returned error %d\n", code); + code = krb5_locate_srv_dns_1(realm, dnsname, "_tcp", addrlist, family); + if (code) + Tprintf("dns tcp lookup returned error %d\n", code); } return code; } @@ -799,9 +800,9 @@ dns_locate_server (krb5_context context, const krb5_data *realm, krb5_error_code krb5int_locate_server (krb5_context context, const krb5_data *realm, - struct addrlist *addrlist, - enum locate_service_type svc, - int socktype, int family) + struct addrlist *addrlist, + enum locate_service_type svc, + int socktype, int family) { krb5_error_code code; struct addrlist al = ADDRLIST_INIT; @@ -809,54 +810,54 @@ krb5int_locate_server (krb5_context context, const krb5_data *realm, *addrlist = al; if (realm == NULL || realm->data == NULL || realm->data[0] == 0) { - krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE, - "Cannot find KDC for invalid realm name \"\""); - return KRB5_REALM_CANT_RESOLVE; + krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE, + "Cannot find KDC for invalid realm name \"\""); + return KRB5_REALM_CANT_RESOLVE; } code = module_locate_server(context, realm, &al, svc, socktype, family); Tprintf("module_locate_server returns %d\n", code); if (code == KRB5_PLUGIN_NO_HANDLE) { - /* - * We always try the local file before DNS. Note that there - * is no way to indicate "service not available" via the - * config file. - */ + /* + * We always try the local file before DNS. Note that there + * is no way to indicate "service not available" via the + * config file. + */ - code = prof_locate_server(context, realm, &al, svc, socktype, family); + code = prof_locate_server(context, realm, &al, svc, socktype, family); #ifdef KRB5_DNS_LOOKUP - if (code) { /* Try DNS for all profile errors? */ - krb5_error_code code2; - code2 = dns_locate_server(context, realm, &al, svc, socktype, - family); - if (code2 != KRB5_PLUGIN_NO_HANDLE) - code = code2; - } + if (code) { /* Try DNS for all profile errors? */ + krb5_error_code code2; + code2 = dns_locate_server(context, realm, &al, svc, socktype, + family); + if (code2 != KRB5_PLUGIN_NO_HANDLE) + code = code2; + } #endif /* KRB5_DNS_LOOKUP */ - /* We could put more heuristics here, like looking up a hostname - of "kerberos."+REALM, etc. */ + /* We could put more heuristics here, like looking up a hostname + of "kerberos."+REALM, etc. */ } if (code == 0) - Tprintf ("krb5int_locate_server found %d addresses\n", - al.naddrs); + Tprintf ("krb5int_locate_server found %d addresses\n", + al.naddrs); else - Tprintf ("krb5int_locate_server returning error code %d/%s\n", - code, error_message(code)); + Tprintf ("krb5int_locate_server returning error code %d/%s\n", + code, error_message(code)); if (code != 0) { - if (al.space) - free_list (&al); - return code; + if (al.space) + free_list (&al); + return code; } - if (al.naddrs == 0) { /* No good servers */ - if (al.space) - free_list (&al); - krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE, - "Cannot resolve network address for KDC in realm \"%.*s\"", - realm->length, realm->data); - - return KRB5_REALM_CANT_RESOLVE; + if (al.naddrs == 0) { /* No good servers */ + if (al.space) + free_list (&al); + krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE, + "Cannot resolve network address for KDC in realm \"%.*s\"", + realm->length, realm->data); + + return KRB5_REALM_CANT_RESOLVE; } *addrlist = al; return 0; @@ -864,12 +865,12 @@ krb5int_locate_server (krb5_context context, const krb5_data *realm, krb5_error_code krb5_locate_kdc(krb5_context context, const krb5_data *realm, - struct addrlist *addrlist, - int get_masters, int socktype, int family) + struct addrlist *addrlist, + int get_masters, int socktype, int family) { return krb5int_locate_server(context, realm, addrlist, - (get_masters - ? locate_service_master_kdc - : locate_service_kdc), - socktype, family); + (get_masters + ? locate_service_master_kdc + : locate_service_kdc), + socktype, family); } diff --git a/src/lib/krb5/os/lock_file.c b/src/lib/krb5/os/lock_file.c index 7bbd3e9..6565470 100644 --- a/src/lib/krb5/os/lock_file.c +++ b/src/lib/krb5/os/lock_file.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/lock_file.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * libos: krb5_lock_file routine */ @@ -64,8 +65,8 @@ krb5_error_code krb5_lock_file(krb5_context context, int fd, int mode) { - int lock_flag = -1; - krb5_error_code retval = 0; + int lock_flag = -1; + krb5_error_code retval = 0; #ifdef POSIX_FILE_LOCKS int lock_cmd = F_SETLKW; struct flock lock_arg = { 0 }; @@ -74,33 +75,33 @@ krb5_lock_file(krb5_context context, int fd, int mode) switch (mode & ~KRB5_LOCKMODE_DONTBLOCK) { case KRB5_LOCKMODE_SHARED: #ifdef POSIX_FILE_LOCKS - lock_arg.l_type = F_RDLCK; + lock_arg.l_type = F_RDLCK; #endif - lock_flag = LOCK_SH; - break; + lock_flag = LOCK_SH; + break; case KRB5_LOCKMODE_EXCLUSIVE: #ifdef POSIX_FILE_LOCKS - lock_arg.l_type = F_WRLCK; + lock_arg.l_type = F_WRLCK; #endif - lock_flag = LOCK_EX; - break; + lock_flag = LOCK_EX; + break; case KRB5_LOCKMODE_UNLOCK: #ifdef POSIX_FILE_LOCKS - lock_arg.l_type = F_UNLCK; + lock_arg.l_type = F_UNLCK; #endif - lock_flag = LOCK_UN; - break; + lock_flag = LOCK_UN; + break; } if (lock_flag == -1) - return(KRB5_LIBOS_BADLOCKFLAG); + return(KRB5_LIBOS_BADLOCKFLAG); if (mode & KRB5_LOCKMODE_DONTBLOCK) { #ifdef POSIX_FILE_LOCKS - lock_cmd = F_SETLK; + lock_cmd = F_SETLK; #endif #ifdef HAVE_FLOCK - lock_flag |= LOCK_NB; + lock_flag |= LOCK_NB; #endif } @@ -109,21 +110,21 @@ krb5_lock_file(krb5_context context, int fd, int mode) lock_arg.l_start = 0; lock_arg.l_len = 0; if (fcntl(fd, lock_cmd, &lock_arg) == -1) { - if (errno == EACCES || errno == EAGAIN) /* see POSIX/IEEE 1003.1-1988, - 6.5.2.4 */ - return(EAGAIN); - if (errno != EINVAL) /* Fall back to flock if we get EINVAL */ - return(errno); - retval = errno; + if (errno == EACCES || errno == EAGAIN) /* see POSIX/IEEE 1003.1-1988, + 6.5.2.4 */ + return(EAGAIN); + if (errno != EINVAL) /* Fall back to flock if we get EINVAL */ + return(errno); + retval = errno; } else - return 0; /* We succeeded. Yay. */ + return 0; /* We succeeded. Yay. */ #endif - + #ifdef HAVE_FLOCK if (flock(fd, lock_flag) == -1) - retval = errno; + retval = errno; #endif - + return retval; } #else /* Windows or Macintosh */ diff --git a/src/lib/krb5/os/mk_faddr.c b/src/lib/krb5/os/mk_faddr.c index d084ded..26fb99c 100644 --- a/src/lib/krb5/os/mk_faddr.c +++ b/src/lib/krb5/os/mk_faddr.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/full_ipadr.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Take an IP addr & port and generate a full IP address. */ @@ -30,7 +31,7 @@ #include "k5-int.h" #ifdef HAVE_NETINET_IN_H - + #include "os-proto.h" #if !defined(_WINSOCKAPI_) @@ -44,12 +45,12 @@ krb5_make_fulladdr(krb5_context context, krb5_address *kaddr, krb5_address *kpor krb5_int32 tmp32; krb5_int16 tmp16; - if ((kport == NULL) || (kport == NULL)) - return EINVAL; + if ((kport == NULL) || (kport == NULL)) + return EINVAL; raddr->length = kaddr->length + kport->length + (4 * sizeof(krb5_int32)); if (!(raddr->contents = (krb5_octet *)malloc(raddr->length))) - return ENOMEM; + return ENOMEM; raddr->addrtype = ADDRTYPE_ADDRPORT; marshal = raddr->contents; diff --git a/src/lib/krb5/os/net_read.c b/src/lib/krb5/os/net_read.c index 1d07a95..fe84192 100644 --- a/src/lib/krb5/os/net_read.c +++ b/src/lib/krb5/os/net_read.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/net_read.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #include "k5-int.h" @@ -43,23 +44,23 @@ krb5_net_read(krb5_context context, int fd, register char *buf, register int len int cc, len2 = 0; do { - cc = SOCKET_READ((SOCKET)fd, buf, len); - if (cc < 0) { - if (SOCKET_ERRNO == SOCKET_EINTR) - continue; - - /* XXX this interface sucks! */ - errno = SOCKET_ERRNO; - - return(cc); /* errno is already set */ - } - else if (cc == 0) { - return(len2); - } else { - buf += cc; - len2 += cc; - len -= cc; - } + cc = SOCKET_READ((SOCKET)fd, buf, len); + if (cc < 0) { + if (SOCKET_ERRNO == SOCKET_EINTR) + continue; + + /* XXX this interface sucks! */ + errno = SOCKET_ERRNO; + + return(cc); /* errno is already set */ + } + else if (cc == 0) { + return(len2); + } else { + buf += cc; + len2 += cc; + len -= cc; + } } while (len > 0); return(len2); } diff --git a/src/lib/krb5/os/net_write.c b/src/lib/krb5/os/net_write.c index 35765fb..d4bcc14 100644 --- a/src/lib/krb5/os/net_write.c +++ b/src/lib/krb5/os/net_write.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/net_write.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #include "k5-int.h" @@ -52,31 +53,31 @@ krb5int_net_writev(krb5_context context, int fd, sg_buf *sgp, int nsg) SOCKET_WRITEV_TEMP tmp; while (nsg > 0) { - /* Skip any empty data blocks. */ - if (SG_LEN(sgp) == 0) { - sgp++, nsg--; - continue; - } - cc = SOCKET_WRITEV((SOCKET)fd, sgp, nsg, tmp); - if (cc < 0) { - if (SOCKET_ERRNO == SOCKET_EINTR) - continue; + /* Skip any empty data blocks. */ + if (SG_LEN(sgp) == 0) { + sgp++, nsg--; + continue; + } + cc = SOCKET_WRITEV((SOCKET)fd, sgp, nsg, tmp); + if (cc < 0) { + if (SOCKET_ERRNO == SOCKET_EINTR) + continue; - /* XXX this interface sucks! */ - errno = SOCKET_ERRNO; - return -1; - } - len += cc; - while (cc > 0) { - if ((unsigned)cc < SG_LEN(sgp)) { - SG_ADVANCE(sgp, (unsigned)cc); - cc = 0; - } else { - cc -= SG_LEN(sgp); - sgp++, nsg--; - assert(nsg > 0 || cc == 0); - } - } + /* XXX this interface sucks! */ + errno = SOCKET_ERRNO; + return -1; + } + len += cc; + while (cc > 0) { + if ((unsigned)cc < SG_LEN(sgp)) { + SG_ADVANCE(sgp, (unsigned)cc); + cc = 0; + } else { + cc -= SG_LEN(sgp); + sgp++, nsg--; + assert(nsg > 0 || cc == 0); + } + } } return len; } diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h index bb2e00e..477ffac 100644 --- a/src/lib/krb5/os/os-proto.h +++ b/src/lib/krb5/os/os-proto.h @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/os-proto.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * LIBOS internal function prototypes. */ @@ -32,26 +33,26 @@ struct addrlist; krb5_error_code krb5_locate_kdc - (krb5_context, const krb5_data *, struct addrlist *, int, int, int); +(krb5_context, const krb5_data *, struct addrlist *, int, int, int); #ifdef HAVE_NETINET_IN_H krb5_error_code krb5_unpack_full_ipaddr - (krb5_context, - const krb5_address *, - krb5_int32 *, - krb5_int16 *); +(krb5_context, + const krb5_address *, + krb5_int32 *, + krb5_int16 *); krb5_error_code krb5_make_full_ipaddr - (krb5_context, - krb5_int32, - int, /* unsigned short promotes to signed - int */ - krb5_address **); +(krb5_context, + krb5_int32, + int, /* unsigned short promotes to signed + int */ + krb5_address **); #endif /* HAVE_NETINET_IN_H */ -krb5_error_code krb5_try_realm_txt_rr(const char *, const char *, - char **realm); +krb5_error_code krb5_try_realm_txt_rr(const char *, const char *, + char **realm); /* Obsolete interface - leave prototype here until code removed */ krb5_error_code krb5_secure_config_files(krb5_context ctx); diff --git a/src/lib/krb5/os/osconfig.c b/src/lib/krb5/os/osconfig.c index 2fe973d..d04e95b 100644 --- a/src/lib/krb5/os/osconfig.c +++ b/src/lib/krb5/os/osconfig.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/osconfig.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Definition of default configuration parameters. * @@ -43,4 +44,3 @@ unsigned int krb5_skdc_timeout_1 = SKDC_TIMEOUT_1; const char *krb5_default_pwd_prompt1 = DEFAULT_PWD_STRING1; const char *krb5_default_pwd_prompt2 = DEFAULT_PWD_STRING2; - diff --git a/src/lib/krb5/os/port2ip.c b/src/lib/krb5/os/port2ip.c index 984e65f..d4184db 100644 --- a/src/lib/krb5/os/port2ip.c +++ b/src/lib/krb5/os/port2ip.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/port2ip.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Take an ADDRPORT address and split into IP addr & port. */ @@ -42,23 +43,23 @@ krb5_unpack_full_ipaddr(krb5_context context, const krb5_address *inaddr, krb5_i krb5_ui_4 templength; if (inaddr->addrtype != ADDRTYPE_ADDRPORT) - return KRB5_PROG_ATYPE_NOSUPP; + return KRB5_PROG_ATYPE_NOSUPP; if (inaddr->length != sizeof(smushaddr)+ sizeof(smushport) + - 2*sizeof(temptype) + 2*sizeof(templength)) - return KRB5_PROG_ATYPE_NOSUPP; + 2*sizeof(temptype) + 2*sizeof(templength)) + return KRB5_PROG_ATYPE_NOSUPP; marshal = inaddr->contents; (void) memcpy(&temptype, marshal, sizeof(temptype)); marshal += sizeof(temptype); if (temptype != htons(ADDRTYPE_INET)) - return KRB5_PROG_ATYPE_NOSUPP; + return KRB5_PROG_ATYPE_NOSUPP; (void) memcpy(&templength, marshal, sizeof(templength)); marshal += sizeof(templength); if (templength != htonl(sizeof(smushaddr))) - return KRB5_PROG_ATYPE_NOSUPP; + return KRB5_PROG_ATYPE_NOSUPP; (void) memcpy(&smushaddr, marshal, sizeof(smushaddr)); /* leave in net order */ @@ -67,12 +68,12 @@ krb5_unpack_full_ipaddr(krb5_context context, const krb5_address *inaddr, krb5_i (void) memcpy(&temptype, marshal, sizeof(temptype)); marshal += sizeof(temptype); if (temptype != htons(ADDRTYPE_IPPORT)) - return KRB5_PROG_ATYPE_NOSUPP; + return KRB5_PROG_ATYPE_NOSUPP; (void) memcpy(&templength, marshal, sizeof(templength)); marshal += sizeof(templength); if (templength != htonl(sizeof(smushport))) - return KRB5_PROG_ATYPE_NOSUPP; + return KRB5_PROG_ATYPE_NOSUPP; (void) memcpy(&smushport, marshal, sizeof(smushport)); /* leave in net order */ diff --git a/src/lib/krb5/os/prompter.c b/src/lib/krb5/os/prompter.c index 36803ec..e604035 100644 --- a/src/lib/krb5/os/prompter.c +++ b/src/lib/krb5/os/prompter.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "k5-int.h" #if !defined(_WIN32) || (defined(_WIN32) && defined(__CYGWIN32__)) #include <stdio.h> @@ -17,40 +18,40 @@ typedef struct sigaction osiginfo; typedef struct krb5_sigtype (*osiginfo)(); #endif -static void catch_signals(osiginfo *); -static void restore_signals(osiginfo *); -static krb5_sigtype intrfunc(int sig); +static void catch_signals(osiginfo *); +static void restore_signals(osiginfo *); +static krb5_sigtype intrfunc(int sig); -static krb5_error_code setup_tty(FILE*, int, struct termios *, osiginfo *); -static krb5_error_code restore_tty(FILE*, struct termios *, osiginfo *); +static krb5_error_code setup_tty(FILE*, int, struct termios *, osiginfo *); +static krb5_error_code restore_tty(FILE*, struct termios *, osiginfo *); -static volatile int got_int; /* should be sig_atomic_t */ +static volatile int got_int; /* should be sig_atomic_t */ krb5_error_code KRB5_CALLCONV krb5_prompter_posix( - krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]) + krb5_context context, + void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]) { - int fd, i, scratchchar; - FILE *fp; - char *retp; - krb5_error_code errcode; + int fd, i, scratchchar; + FILE *fp; + char *retp; + krb5_error_code errcode; struct termios saveparm; osiginfo osigint; errcode = KRB5_LIBOS_CANTREADPWD; if (name) { - fputs(name, stdout); - fputs("\n", stdout); + fputs(name, stdout); + fputs("\n", stdout); } if (banner) { - fputs(banner, stdout); - fputs("\n", stdout); + fputs(banner, stdout); + fputs("\n", stdout); } /* @@ -59,65 +60,65 @@ krb5_prompter_posix( fp = NULL; fd = dup(STDIN_FILENO); if (fd < 0) - return KRB5_LIBOS_CANTREADPWD; + return KRB5_LIBOS_CANTREADPWD; set_cloexec_fd(fd); fp = fdopen(fd, "r"); if (fp == NULL) - goto cleanup; + goto cleanup; if (setvbuf(fp, NULL, _IONBF, 0)) - goto cleanup; + goto cleanup; for (i = 0; i < num_prompts; i++) { - errcode = KRB5_LIBOS_CANTREADPWD; - /* fgets() takes int, but krb5_data.length is unsigned. */ - if (prompts[i].reply->length > INT_MAX) - goto cleanup; - - errcode = setup_tty(fp, prompts[i].hidden, &saveparm, &osigint); - if (errcode) - break; - - /* put out the prompt */ - (void)fputs(prompts[i].prompt, stdout); - (void)fputs(": ", stdout); - (void)fflush(stdout); - (void)memset(prompts[i].reply->data, 0, prompts[i].reply->length); - - got_int = 0; - retp = fgets(prompts[i].reply->data, (int)prompts[i].reply->length, - fp); - if (prompts[i].hidden) - putchar('\n'); - if (retp == NULL) { - if (got_int) - errcode = KRB5_LIBOS_PWDINTR; - else - errcode = KRB5_LIBOS_CANTREADPWD; - restore_tty(fp, &saveparm, &osigint); - break; - } - - /* replace newline with null */ - retp = strchr(prompts[i].reply->data, '\n'); - if (retp != NULL) - *retp = '\0'; - else { - /* flush rest of input line */ - do { - scratchchar = getc(fp); - } while (scratchchar != EOF && scratchchar != '\n'); - } - - errcode = restore_tty(fp, &saveparm, &osigint); - if (errcode) - break; - prompts[i].reply->length = strlen(prompts[i].reply->data); + errcode = KRB5_LIBOS_CANTREADPWD; + /* fgets() takes int, but krb5_data.length is unsigned. */ + if (prompts[i].reply->length > INT_MAX) + goto cleanup; + + errcode = setup_tty(fp, prompts[i].hidden, &saveparm, &osigint); + if (errcode) + break; + + /* put out the prompt */ + (void)fputs(prompts[i].prompt, stdout); + (void)fputs(": ", stdout); + (void)fflush(stdout); + (void)memset(prompts[i].reply->data, 0, prompts[i].reply->length); + + got_int = 0; + retp = fgets(prompts[i].reply->data, (int)prompts[i].reply->length, + fp); + if (prompts[i].hidden) + putchar('\n'); + if (retp == NULL) { + if (got_int) + errcode = KRB5_LIBOS_PWDINTR; + else + errcode = KRB5_LIBOS_CANTREADPWD; + restore_tty(fp, &saveparm, &osigint); + break; + } + + /* replace newline with null */ + retp = strchr(prompts[i].reply->data, '\n'); + if (retp != NULL) + *retp = '\0'; + else { + /* flush rest of input line */ + do { + scratchchar = getc(fp); + } while (scratchchar != EOF && scratchchar != '\n'); + } + + errcode = restore_tty(fp, &saveparm, &osigint); + if (errcode) + break; + prompts[i].reply->length = strlen(prompts[i].reply->data); } cleanup: if (fp != NULL) - fclose(fp); + fclose(fp); else if (fd >= 0) - close(fd); + close(fd); return errcode; } @@ -155,33 +156,33 @@ restore_signals(osiginfo *osigint) static krb5_error_code setup_tty(FILE *fp, int hidden, struct termios *saveparm, osiginfo *osigint) { - krb5_error_code ret; - int fd; - struct termios tparm; + krb5_error_code ret; + int fd; + struct termios tparm; ret = KRB5_LIBOS_CANTREADPWD; catch_signals(osigint); fd = fileno(fp); do { - if (!isatty(fd)) { - ret = 0; - break; - } - if (tcgetattr(fd, &tparm) < 0) - break; - *saveparm = tparm; + if (!isatty(fd)) { + ret = 0; + break; + } + if (tcgetattr(fd, &tparm) < 0) + break; + *saveparm = tparm; #ifndef ECHO_PASSWORD - if (hidden) - tparm.c_lflag &= ~(ECHO|ECHONL); + if (hidden) + tparm.c_lflag &= ~(ECHO|ECHONL); #endif - tparm.c_lflag |= ISIG|ICANON; - if (tcsetattr(STDIN_FILENO, TCSANOW, &tparm) < 0) - break; - ret = 0; + tparm.c_lflag |= ISIG|ICANON; + if (tcsetattr(STDIN_FILENO, TCSANOW, &tparm) < 0) + break; + ret = 0; } while (0); /* If we're losing, restore signal handlers. */ if (ret) - restore_signals(osigint); + restore_signals(osigint); return ret; } @@ -193,11 +194,11 @@ restore_tty(FILE* fp, struct termios *saveparm, osiginfo *osigint) ret = 0; fd = fileno(fp); if (isatty(fd)) { - ret = tcsetattr(fd, TCSANOW, saveparm); - if (ret < 0) - ret = KRB5_LIBOS_CANTREADPWD; - else - ret = 0; + ret = tcsetattr(fd, TCSANOW, saveparm); + if (ret < 0) + ret = KRB5_LIBOS_CANTREADPWD; + else + ret = 0; } restore_signals(osigint); return ret; @@ -211,90 +212,90 @@ restore_tty(FILE* fp, struct termios *saveparm, osiginfo *osigint) krb5_error_code KRB5_CALLCONV krb5_prompter_posix(krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]) + void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]) { - HANDLE handle; - DWORD old_mode, new_mode; - char *ptr; - int scratchchar; - krb5_error_code errcode = 0; - int i; + HANDLE handle; + DWORD old_mode, new_mode; + char *ptr; + int scratchchar; + krb5_error_code errcode = 0; + int i; handle = GetStdHandle(STD_INPUT_HANDLE); if (handle == INVALID_HANDLE_VALUE) - return ENOTTY; + return ENOTTY; if (!GetConsoleMode(handle, &old_mode)) - return ENOTTY; + return ENOTTY; new_mode = old_mode; new_mode |= ( ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT ); new_mode &= ~( ENABLE_ECHO_INPUT ); if (!SetConsoleMode(handle, new_mode)) - return ENOTTY; + return ENOTTY; if (!SetConsoleMode(handle, old_mode)) - return ENOTTY; + return ENOTTY; if (name) { - fputs(name, stdout); - fputs("\n", stdout); + fputs(name, stdout); + fputs("\n", stdout); } if (banner) { - fputs(banner, stdout); - fputs("\n", stdout); + fputs(banner, stdout); + fputs("\n", stdout); } for (i = 0; i < num_prompts; i++) { - if (prompts[i].hidden) { - if (!SetConsoleMode(handle, new_mode)) { - errcode = ENOTTY; - goto cleanup; - } - } - - fputs(prompts[i].prompt,stdout); - fputs(": ", stdout); - fflush(stdout); - memset(prompts[i].reply->data, 0, prompts[i].reply->length); - - if (fgets(prompts[i].reply->data, prompts[i].reply->length, stdin) - == NULL) { - if (prompts[i].hidden) - putchar('\n'); - errcode = KRB5_LIBOS_CANTREADPWD; - goto cleanup; - } - if (prompts[i].hidden) - putchar('\n'); - /* fgets always null-terminates the returned string */ - - /* replace newline with null */ - if ((ptr = strchr(prompts[i].reply->data, '\n'))) - *ptr = '\0'; - else /* flush rest of input line */ - do { - scratchchar = getchar(); - } while (scratchchar != EOF && scratchchar != '\n'); - - prompts[i].reply->length = strlen(prompts[i].reply->data); - - if (!SetConsoleMode(handle, old_mode)) { - errcode = ENOTTY; - goto cleanup; - } + if (prompts[i].hidden) { + if (!SetConsoleMode(handle, new_mode)) { + errcode = ENOTTY; + goto cleanup; + } + } + + fputs(prompts[i].prompt,stdout); + fputs(": ", stdout); + fflush(stdout); + memset(prompts[i].reply->data, 0, prompts[i].reply->length); + + if (fgets(prompts[i].reply->data, prompts[i].reply->length, stdin) + == NULL) { + if (prompts[i].hidden) + putchar('\n'); + errcode = KRB5_LIBOS_CANTREADPWD; + goto cleanup; + } + if (prompts[i].hidden) + putchar('\n'); + /* fgets always null-terminates the returned string */ + + /* replace newline with null */ + if ((ptr = strchr(prompts[i].reply->data, '\n'))) + *ptr = '\0'; + else /* flush rest of input line */ + do { + scratchchar = getchar(); + } while (scratchchar != EOF && scratchchar != '\n'); + + prompts[i].reply->length = strlen(prompts[i].reply->data); + + if (!SetConsoleMode(handle, old_mode)) { + errcode = ENOTTY; + goto cleanup; + } } - cleanup: +cleanup: if (errcode) { - for (i = 0; i < num_prompts; i++) { - memset(prompts[i].reply->data, 0, prompts[i].reply->length); - } + for (i = 0; i < num_prompts; i++) { + memset(prompts[i].reply->data, 0, prompts[i].reply->length); + } } return errcode; } @@ -303,11 +304,11 @@ krb5_prompter_posix(krb5_context context, krb5_error_code KRB5_CALLCONV krb5_prompter_posix(krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]) + void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]) { return(EINVAL); } diff --git a/src/lib/krb5/os/read_msg.c b/src/lib/krb5/os/read_msg.c index 82a2573..8d3dfe3 100644 --- a/src/lib/krb5/os/read_msg.c +++ b/src/lib/krb5/os/read_msg.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/read_msg.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Write a message to the network */ @@ -33,34 +34,34 @@ krb5_error_code krb5_read_message(krb5_context context, krb5_pointer fdp, krb5_data *inbuf) { - krb5_int32 len; - int len2, ilen; - char *buf = NULL; - int fd = *( (int *) fdp); + krb5_int32 len; + int len2, ilen; + char *buf = NULL; + int fd = *( (int *) fdp); - inbuf->data = NULL; - inbuf->length = 0; + inbuf->data = NULL; + inbuf->length = 0; - if ((len2 = krb5_net_read(context, fd, (char *)&len, 4)) != 4) - return((len2 < 0) ? errno : ECONNABORTED); - len = ntohl(len); + if ((len2 = krb5_net_read(context, fd, (char *)&len, 4)) != 4) + return((len2 < 0) ? errno : ECONNABORTED); + len = ntohl(len); - if ((len & VALID_UINT_BITS) != len) /* Overflow size_t??? */ - return ENOMEM; + if ((len & VALID_UINT_BITS) != len) /* Overflow size_t??? */ + return ENOMEM; - inbuf->length = ilen = (int) len; - if (ilen) { - /* - * We may want to include a sanity check here someday.... - */ - if (!(buf = malloc(inbuf->length))) { - return(ENOMEM); - } - if ((len2 = krb5_net_read(context, fd, buf, ilen)) != ilen) { - free(buf); - return((len2 < 0) ? errno : ECONNABORTED); - } - } - inbuf->data = buf; - return(0); + inbuf->length = ilen = (int) len; + if (ilen) { + /* + * We may want to include a sanity check here someday.... + */ + if (!(buf = malloc(inbuf->length))) { + return(ENOMEM); + } + if ((len2 = krb5_net_read(context, fd, buf, ilen)) != ilen) { + free(buf); + return((len2 < 0) ? errno : ECONNABORTED); + } + } + inbuf->data = buf; + return(0); } diff --git a/src/lib/krb5/os/read_pwd.c b/src/lib/krb5/os/read_pwd.c index 6f2868d..3c88a46 100644 --- a/src/lib/krb5/os/read_pwd.c +++ b/src/lib/krb5/os/read_pwd.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/read_pwd.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * libos: krb5_read_password for BSD 4.3 */ @@ -43,7 +44,7 @@ krb5_error_code krb5_read_password(krb5_context context, const char *prompt, const char *prompt2, char *return_pwd, unsigned int *size_return) { - krb5_data reply_data; + krb5_data reply_data; krb5_prompt k5prompt; krb5_error_code retval; reply_data.length = *size_return; /* NB: size_return is also an input */ @@ -52,29 +53,29 @@ krb5_read_password(krb5_context context, const char *prompt, const char *prompt2 k5prompt.hidden = 1; k5prompt.reply = &reply_data; retval = krb5_prompter_posix(NULL, - NULL, NULL, NULL, 1, &k5prompt); + NULL, NULL, NULL, 1, &k5prompt); if ((retval==0) && prompt2) { - krb5_data verify_data; - verify_data.data = malloc(*size_return); - verify_data.length = *size_return; - k5prompt.prompt = (char *)prompt2; - k5prompt.reply = &verify_data; - if (!verify_data.data) - return ENOMEM; - retval = krb5_prompter_posix(NULL, - NULL,NULL, NULL, 1, &k5prompt); - if (retval == 0) { - /* compare */ - if (strncmp(return_pwd, (char *)verify_data.data, *size_return)) - retval = KRB5_LIBOS_BADPWDMATCH; - } - free(verify_data.data); + krb5_data verify_data; + verify_data.data = malloc(*size_return); + verify_data.length = *size_return; + k5prompt.prompt = (char *)prompt2; + k5prompt.reply = &verify_data; + if (!verify_data.data) + return ENOMEM; + retval = krb5_prompter_posix(NULL, + NULL,NULL, NULL, 1, &k5prompt); + if (retval == 0) { + /* compare */ + if (strncmp(return_pwd, (char *)verify_data.data, *size_return)) + retval = KRB5_LIBOS_BADPWDMATCH; + } + free(verify_data.data); } if (!retval) - *size_return = k5prompt.reply->length; + *size_return = k5prompt.reply->length; else - memset(return_pwd, 0, *size_return); + memset(return_pwd, 0, *size_return); return retval; } #endif @@ -97,10 +98,10 @@ void center_dialog(HWND hwnd) int dlgwidth, dlgheight; RECT r; HDC hdc; - + if (hwnd == NULL) - return; - + return; + GetWindowRect(hwnd, &r); dlgwidth = r.right - r.left; dlgheight = r.bottom - r.top ; @@ -116,87 +117,87 @@ void center_dialog(HWND hwnd) #ifdef _WIN32 static krb5_error_code read_console_password( - krb5_context context, - const char * prompt, - const char * prompt2, - char * password, - int * pwsize) + krb5_context context, + const char * prompt, + const char * prompt2, + char * password, + int * pwsize) { - HANDLE handle; - DWORD old_mode, new_mode; - char *tmpstr = 0; - char *ptr; - int scratchchar; - krb5_error_code errcode = 0; + HANDLE handle; + DWORD old_mode, new_mode; + char *tmpstr = 0; + char *ptr; + int scratchchar; + krb5_error_code errcode = 0; handle = GetStdHandle(STD_INPUT_HANDLE); if (handle == INVALID_HANDLE_VALUE) - return ENOTTY; + return ENOTTY; if (!GetConsoleMode(handle, &old_mode)) - return ENOTTY; + return ENOTTY; new_mode = old_mode; new_mode |= ( ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT ); new_mode &= ~( ENABLE_ECHO_INPUT ); if (!SetConsoleMode(handle, new_mode)) - return ENOTTY; + return ENOTTY; (void) fputs(prompt, stdout); (void) fflush(stdout); (void) memset(password, 0, *pwsize); if (fgets(password, *pwsize, stdin) == NULL) { - (void) putchar('\n'); - errcode = KRB5_LIBOS_CANTREADPWD; - goto cleanup; + (void) putchar('\n'); + errcode = KRB5_LIBOS_CANTREADPWD; + goto cleanup; } (void) putchar('\n'); if ((ptr = strchr(password, '\n'))) - *ptr = '\0'; + *ptr = '\0'; else /* need to flush */ - do { - scratchchar = getchar(); - } while (scratchchar != EOF && scratchchar != '\n'); + do { + scratchchar = getchar(); + } while (scratchchar != EOF && scratchchar != '\n'); if (prompt2) { - if (! (tmpstr = (char *)malloc(*pwsize))) { - errcode = ENOMEM; - goto cleanup; - } - (void) fputs(prompt2, stdout); - (void) fflush(stdout); - if (fgets(tmpstr, *pwsize, stdin) == NULL) { - (void) putchar('\n'); - errcode = KRB5_LIBOS_CANTREADPWD; - goto cleanup; - } - (void) putchar('\n'); - - if ((ptr = strchr(tmpstr, '\n'))) - *ptr = '\0'; - else /* need to flush */ - do { - scratchchar = getchar(); - } while (scratchchar != EOF && scratchchar != '\n'); - - if (strncmp(password, tmpstr, *pwsize)) { - errcode = KRB5_LIBOS_BADPWDMATCH; - goto cleanup; - } + if (! (tmpstr = (char *)malloc(*pwsize))) { + errcode = ENOMEM; + goto cleanup; + } + (void) fputs(prompt2, stdout); + (void) fflush(stdout); + if (fgets(tmpstr, *pwsize, stdin) == NULL) { + (void) putchar('\n'); + errcode = KRB5_LIBOS_CANTREADPWD; + goto cleanup; + } + (void) putchar('\n'); + + if ((ptr = strchr(tmpstr, '\n'))) + *ptr = '\0'; + else /* need to flush */ + do { + scratchchar = getchar(); + } while (scratchchar != EOF && scratchchar != '\n'); + + if (strncmp(password, tmpstr, *pwsize)) { + errcode = KRB5_LIBOS_BADPWDMATCH; + goto cleanup; + } } cleanup: (void) SetConsoleMode(handle, old_mode); if (tmpstr) { - (void) memset(tmpstr, 0, *pwsize); - (void) free(tmpstr); + (void) memset(tmpstr, 0, *pwsize); + (void) free(tmpstr); } if (errcode) - (void) memset(password, 0, *pwsize); + (void) memset(password, 0, *pwsize); else - *pwsize = strlen(password); + *pwsize = strlen(password); return errcode; } #endif @@ -205,35 +206,35 @@ static int CALLBACK read_pwd_proc(HWND hdlg, UINT msg, WPARAM wParam, LPARAM lParam) { pwd_params *dp; - + switch(msg) { case WM_INITDIALOG: - dp = (pwd_params *) lParam; - SetWindowLongPtr(hdlg, DWLP_USER, lParam); - SetDlgItemText(hdlg, ID_READ_PWD_PROMPT, dp->pwd_prompt); - SetDlgItemText(hdlg, ID_READ_PWD_PROMPT2, dp->pwd_prompt2); - SetDlgItemText(hdlg, ID_READ_PWD_PWD, ""); - center_dialog(hdlg); - return TRUE; + dp = (pwd_params *) lParam; + SetWindowLongPtr(hdlg, DWLP_USER, lParam); + SetDlgItemText(hdlg, ID_READ_PWD_PROMPT, dp->pwd_prompt); + SetDlgItemText(hdlg, ID_READ_PWD_PROMPT2, dp->pwd_prompt2); + SetDlgItemText(hdlg, ID_READ_PWD_PWD, ""); + center_dialog(hdlg); + return TRUE; case WM_COMMAND: - dp = (pwd_params *) GetWindowLongPtr(hdlg, DWLP_USER); + dp = (pwd_params *) GetWindowLongPtr(hdlg, DWLP_USER); switch (wParam) { - case IDOK: - *(dp->pwd_size_return) = - GetDlgItemText(hdlg, ID_READ_PWD_PWD, - dp->pwd_return_pwd, *(dp->pwd_size_return)); - EndDialog(hdlg, TRUE); - break; - - case IDCANCEL: - memset(dp->pwd_return_pwd, 0 , *(dp->pwd_size_return)); - *(dp->pwd_size_return) = 0; - EndDialog(hdlg, FALSE); - break; + case IDOK: + *(dp->pwd_size_return) = + GetDlgItemText(hdlg, ID_READ_PWD_PWD, + dp->pwd_return_pwd, *(dp->pwd_size_return)); + EndDialog(hdlg, TRUE); + break; + + case IDCANCEL: + memset(dp->pwd_return_pwd, 0 , *(dp->pwd_size_return)); + *(dp->pwd_size_return) = 0; + EndDialog(hdlg, FALSE); + break; } return TRUE; - + default: return FALSE; } @@ -254,8 +255,8 @@ krb5_read_password(context, prompt, prompt2, return_pwd, size_return) #ifdef _WIN32 if (_isatty(_fileno(stdin))) - return(read_console_password - (context, prompt, prompt2, return_pwd, size_return)); + return(read_console_password + (context, prompt, prompt2, return_pwd, size_return)); #endif dps.pwd_prompt = prompt; @@ -270,7 +271,7 @@ krb5_read_password(context, prompt, prompt2, return_pwd, size_return) dlgproc = (FARPROC) MakeProcInstance(read_pwd_proc, hinst); #endif rc = DialogBoxParam(hinst, MAKEINTRESOURCE(ID_READ_PWD_DIALOG), 0, - dlgproc, (LPARAM) &dps); + dlgproc, (LPARAM) &dps); #ifndef _WIN32 FreeProcInstance ((FARPROC) dlgproc); #endif @@ -291,7 +292,7 @@ krb5_read_password(context, prompt, prompt2, return_pwd, size_return) char *return_pwd; int *size_return; { - *size_return = 0; - return KRB5_LIBOS_CANTREADPWD; + *size_return = 0; + return KRB5_LIBOS_CANTREADPWD; } #endif diff --git a/src/lib/krb5/os/realm_dom.c b/src/lib/krb5/os/realm_dom.c index ed44e9d..8f25caf 100644 --- a/src/lib/krb5/os/realm_dom.c +++ b/src/lib/krb5/os/realm_dom.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/realm_dom.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_get_realm_domain() */ @@ -52,7 +53,7 @@ krb5_get_realm_domain(krb5_context context, const char *realm, char **domain) char *temp_domain = 0; retval = profile_get_string(context->profile, KRB5_CONF_REALMS, realm, - KRB5_CONF_DEFAULT_DOMAIN, realm, &temp_domain); + KRB5_CONF_DEFAULT_DOMAIN, realm, &temp_domain); if (!retval && temp_domain) { *domain = strdup(temp_domain); diff --git a/src/lib/krb5/os/realm_iter.c b/src/lib/krb5/os/realm_iter.c index 0beaa2f..cfc9e39 100644 --- a/src/lib/krb5/os/realm_iter.c +++ b/src/lib/krb5/os/realm_iter.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/realm_init.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * krb5_realm_iterate() */ @@ -34,11 +35,11 @@ krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create(krb5_context context, void **iter_p) { static const char *const names[] = { "realms", 0 }; - + return profile_iterator_create(context->profile, names, - PROFILE_ITER_LIST_SECTION | - PROFILE_ITER_SECTIONS_ONLY, - iter_p); + PROFILE_ITER_LIST_SECTION | + PROFILE_ITER_SECTIONS_ONLY, + iter_p); } krb5_error_code KRB5_CALLCONV diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index dcf08d9..f12be79 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/sendto_kdc.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Send packet to KDC for realm; wait for response, retransmitting * as necessary. @@ -53,9 +54,9 @@ #endif #endif -#define MAX_PASS 3 -#define DEFAULT_UDP_PREF_LIMIT 1465 -#define HARD_UDP_LIMIT 32700 /* could probably do 64K-epsilon ? */ +#define MAX_PASS 3 +#define DEFAULT_UDP_PREF_LIMIT 1465 +#define HARD_UDP_LIMIT 32700 /* could probably do 64K-epsilon ? */ #undef DEBUG @@ -68,10 +69,10 @@ static void default_debug_handler (const void *data, size_t len) #if 0 static FILE *logfile; if (logfile == NULL) { - logfile = fopen("/tmp/sendto_kdc.log", "a"); - if (logfile == NULL) - return; - setbuf(logfile, NULL); + logfile = fopen("/tmp/sendto_kdc.log", "a"); + if (logfile == NULL) + return; + setbuf(logfile, NULL); } fwrite(data, 1, len, logfile); #else @@ -95,7 +96,7 @@ void (*krb5int_sendtokdc_debug_handler) (const void *, size_t) = 0; #endif #define dprint krb5int_debug_fprint - void +void krb5int_debug_fprint (const char *fmt, ...) { #ifdef DEBUG @@ -119,131 +120,131 @@ krb5int_debug_fprint (const char *fmt, ...) struct k5buf buf; if (!krb5int_debug_sendto_kdc) - return; + return; va_start(args, fmt); -#define putf(FMT,X) (snprintf(tmpbuf,sizeof(tmpbuf),FMT,X),putstr(tmpbuf)) +#define putf(FMT,X) (snprintf(tmpbuf,sizeof(tmpbuf),FMT,X),putstr(tmpbuf)) for (; *fmt; fmt++) { - if (*fmt != '%') { - const char *fmt2; - size_t len; - for (fmt2 = fmt+1; *fmt2; fmt2++) - if (*fmt2 == '%') - break; - len = fmt2 - fmt; - put(fmt, len); - fmt += len - 1; /* then fmt++ in loop header */ - continue; - } - /* After this, always processing a '%' sequence. */ - fmt++; - switch (*fmt) { - case 0: - default: - abort(); - case 'E': - /* %E => krb5_error_code */ - kerr = va_arg(args, krb5_error_code); - snprintf(tmpbuf, sizeof(tmpbuf), "%lu/", (unsigned long) kerr); - putstr(tmpbuf); - p = error_message(kerr); - putstr(p); - break; - case 'm': - /* %m => errno value (int) */ - /* Like syslog's %m except the errno value is passed in - rather than the current value. */ - err = va_arg(args, int); - putf("%d/", err); - p = NULL; + if (*fmt != '%') { + const char *fmt2; + size_t len; + for (fmt2 = fmt+1; *fmt2; fmt2++) + if (*fmt2 == '%') + break; + len = fmt2 - fmt; + put(fmt, len); + fmt += len - 1; /* then fmt++ in loop header */ + continue; + } + /* After this, always processing a '%' sequence. */ + fmt++; + switch (*fmt) { + case 0: + default: + abort(); + case 'E': + /* %E => krb5_error_code */ + kerr = va_arg(args, krb5_error_code); + snprintf(tmpbuf, sizeof(tmpbuf), "%lu/", (unsigned long) kerr); + putstr(tmpbuf); + p = error_message(kerr); + putstr(p); + break; + case 'm': + /* %m => errno value (int) */ + /* Like syslog's %m except the errno value is passed in + rather than the current value. */ + err = va_arg(args, int); + putf("%d/", err); + p = NULL; #ifdef HAVE_STRERROR_R - if (strerror_r(err, tmpbuf, sizeof(tmpbuf)) == 0) - p = tmpbuf; + if (strerror_r(err, tmpbuf, sizeof(tmpbuf)) == 0) + p = tmpbuf; #endif - if (p == NULL) - p = strerror(err); - putstr(p); - break; - case 'F': - /* %F => fd_set *, fd_set *, fd_set *, int */ - rfds = va_arg(args, fd_set *); - wfds = va_arg(args, fd_set *); - xfds = va_arg(args, fd_set *); - maxfd = va_arg(args, int); - - for (i = 0; i < maxfd; i++) { - int r = FD_ISSET(i, rfds); - int w = wfds && FD_ISSET(i, wfds); - int x = xfds && FD_ISSET(i, xfds); - if (r || w || x) { - putf(" %d", i); - if (r) - putstr("r"); - if (w) - putstr("w"); - if (x) - putstr("x"); - } - } - putstr(" "); - break; - case 's': - /* %s => char * */ - p = va_arg(args, const char *); - putstr(p); - break; - case 't': - /* %t => struct timeval * */ - tv = va_arg(args, struct timeval *); - if (tv) { - snprintf(tmpbuf, sizeof(tmpbuf), "%ld.%06ld", - (long) tv->tv_sec, (long) tv->tv_usec); - putstr(tmpbuf); - } else - putstr("never"); - break; - case 'd': - /* %d => int */ - putf("%d", va_arg(args, int)); - break; - case 'p': - /* %p => pointer */ - putf("%p", va_arg(args, void*)); - break; - case 'A': - /* %A => addrinfo */ - ai = va_arg(args, struct addrinfo *); - krb5int_buf_init_dynamic(&buf); - if (ai->ai_socktype == SOCK_DGRAM) - krb5int_buf_add(&buf, "dgram"); - else if (ai->ai_socktype == SOCK_STREAM) - krb5int_buf_add(&buf, "stream"); - else - krb5int_buf_add_fmt(&buf, "socktype%d", ai->ai_socktype); - - if (0 != getnameinfo (ai->ai_addr, ai->ai_addrlen, - addrbuf, sizeof (addrbuf), - portbuf, sizeof (portbuf), - NI_NUMERICHOST | NI_NUMERICSERV)) { - if (ai->ai_addr->sa_family == AF_UNSPEC) - krb5int_buf_add(&buf, " AF_UNSPEC"); - else - krb5int_buf_add_fmt(&buf, " af%d", ai->ai_addr->sa_family); - } else - krb5int_buf_add_fmt(&buf, " %s.%s", addrbuf, portbuf); - if (krb5int_buf_data(&buf)) - putstr(krb5int_buf_data(&buf)); - krb5int_free_buf(&buf); - break; - case 'D': - /* %D => krb5_data * */ - d = va_arg(args, krb5_data *); - /* may not be nul-terminated */ - put(d->data, d->length); - break; - } + if (p == NULL) + p = strerror(err); + putstr(p); + break; + case 'F': + /* %F => fd_set *, fd_set *, fd_set *, int */ + rfds = va_arg(args, fd_set *); + wfds = va_arg(args, fd_set *); + xfds = va_arg(args, fd_set *); + maxfd = va_arg(args, int); + + for (i = 0; i < maxfd; i++) { + int r = FD_ISSET(i, rfds); + int w = wfds && FD_ISSET(i, wfds); + int x = xfds && FD_ISSET(i, xfds); + if (r || w || x) { + putf(" %d", i); + if (r) + putstr("r"); + if (w) + putstr("w"); + if (x) + putstr("x"); + } + } + putstr(" "); + break; + case 's': + /* %s => char * */ + p = va_arg(args, const char *); + putstr(p); + break; + case 't': + /* %t => struct timeval * */ + tv = va_arg(args, struct timeval *); + if (tv) { + snprintf(tmpbuf, sizeof(tmpbuf), "%ld.%06ld", + (long) tv->tv_sec, (long) tv->tv_usec); + putstr(tmpbuf); + } else + putstr("never"); + break; + case 'd': + /* %d => int */ + putf("%d", va_arg(args, int)); + break; + case 'p': + /* %p => pointer */ + putf("%p", va_arg(args, void*)); + break; + case 'A': + /* %A => addrinfo */ + ai = va_arg(args, struct addrinfo *); + krb5int_buf_init_dynamic(&buf); + if (ai->ai_socktype == SOCK_DGRAM) + krb5int_buf_add(&buf, "dgram"); + else if (ai->ai_socktype == SOCK_STREAM) + krb5int_buf_add(&buf, "stream"); + else + krb5int_buf_add_fmt(&buf, "socktype%d", ai->ai_socktype); + + if (0 != getnameinfo (ai->ai_addr, ai->ai_addrlen, + addrbuf, sizeof (addrbuf), + portbuf, sizeof (portbuf), + NI_NUMERICHOST | NI_NUMERICSERV)) { + if (ai->ai_addr->sa_family == AF_UNSPEC) + krb5int_buf_add(&buf, " AF_UNSPEC"); + else + krb5int_buf_add_fmt(&buf, " af%d", ai->ai_addr->sa_family); + } else + krb5int_buf_add_fmt(&buf, " %s.%s", addrbuf, portbuf); + if (krb5int_buf_data(&buf)) + putstr(krb5int_buf_data(&buf)); + krb5int_free_buf(&buf); + break; + case 'D': + /* %D => krb5_data * */ + d = va_arg(args, krb5_data *); + /* may not be nul-terminated */ + put(d->data, d->length); + break; + } } va_end(args); #endif @@ -256,7 +257,7 @@ print_addrlist (const struct addrlist *a) int i; dprint("%d{", a->naddrs); for (i = 0; i < a->naddrs; i++) - dprint("%s%p=%A", i ? "," : "", (void*)a->addrs[i].ai, a->addrs[i].ai); + dprint("%s%p=%A", i ? "," : "", (void*)a->addrs[i].ai, a->addrs[i].ai); dprint("}"); } @@ -269,26 +270,26 @@ merge_addrlists (struct addrlist *dest, struct addrlist *src) dprint("merging addrlists:\n\tlist1: "); for (i = 0; i < dest->naddrs; i++) - dprint(" %A", dest->addrs[i].ai); + dprint(" %A", dest->addrs[i].ai); dprint("\n\tlist2: "); for (i = 0; i < src->naddrs; i++) - dprint(" %A", src->addrs[i].ai); + dprint(" %A", src->addrs[i].ai); dprint("\n"); err = krb5int_grow_addrlist (dest, src->naddrs); if (err) - return err; + return err; for (i = 0; i < src->naddrs; i++) { - dest->addrs[dest->naddrs + i] = src->addrs[i]; - src->addrs[i].ai = 0; - src->addrs[i].freefn = 0; + dest->addrs[dest->naddrs + i] = src->addrs[i]; + src->addrs[i].ai = 0; + src->addrs[i].freefn = 0; } dest->naddrs += i; src->naddrs = 0; dprint("\tout: "); for (i = 0; i < dest->naddrs; i++) - dprint(" %A", dest->addrs[i].ai); + dprint(" %A", dest->addrs[i].ai); dprint("\n"); return 0; @@ -299,33 +300,33 @@ in_addrlist (struct addrinfo *thisaddr, struct addrlist *list) { int i; for (i = 0; i < list->naddrs; i++) { - if (thisaddr->ai_addrlen == list->addrs[i].ai->ai_addrlen - && !memcmp(thisaddr->ai_addr, list->addrs[i].ai->ai_addr, - thisaddr->ai_addrlen)) - return 1; + if (thisaddr->ai_addrlen == list->addrs[i].ai->ai_addrlen + && !memcmp(thisaddr->ai_addr, list->addrs[i].ai->ai_addr, + thisaddr->ai_addrlen)) + return 1; } return 0; } static int check_for_svc_unavailable (krb5_context context, - const krb5_data *reply, - void *msg_handler_data) + const krb5_data *reply, + void *msg_handler_data) { krb5_error_code *retval = (krb5_error_code *)msg_handler_data; *retval = 0; if (krb5_is_krb_error(reply)) { - krb5_error *err_reply; + krb5_error *err_reply; - if (decode_krb5_error(reply, &err_reply) == 0) { - *retval = err_reply->error; - krb5_free_error(context, err_reply); + if (decode_krb5_error(reply, &err_reply) == 0) { + *retval = err_reply->error; + krb5_free_error(context, err_reply); - /* Returning 0 means continue to next KDC */ - return (*retval != KDC_ERR_SVC_UNAVAILABLE); - } + /* Returning 0 means continue to next KDC */ + return (*retval != KDC_ERR_SVC_UNAVAILABLE); + } } return 1; @@ -344,8 +345,8 @@ check_for_svc_unavailable (krb5_context context, krb5_error_code krb5_sendto_kdc (krb5_context context, const krb5_data *message, - const krb5_data *realm, krb5_data *reply, - int *use_master, int tcp_only) + const krb5_data *realm, krb5_data *reply, + int *use_master, int tcp_only) { krb5_error_code retval, retval2; struct addrlist addrs; @@ -365,94 +366,94 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message, */ dprint("krb5_sendto_kdc(%d@%p, \"%D\", use_master=%d, tcp_only=%d)\n", - message->length, message->data, realm, *use_master, tcp_only); + message->length, message->data, realm, *use_master, tcp_only); if (!tcp_only && context->udp_pref_limit < 0) { - int tmp; - retval = profile_get_integer(context->profile, - KRB5_CONF_LIBDEFAULTS, KRB5_CONF_UDP_PREFERENCE_LIMIT, 0, - DEFAULT_UDP_PREF_LIMIT, &tmp); - if (retval) - return retval; - if (tmp < 0) - tmp = DEFAULT_UDP_PREF_LIMIT; - else if (tmp > HARD_UDP_LIMIT) - /* In the unlikely case that a *really* big value is - given, let 'em use as big as we think we can - support. */ - tmp = HARD_UDP_LIMIT; - context->udp_pref_limit = tmp; + int tmp; + retval = profile_get_integer(context->profile, + KRB5_CONF_LIBDEFAULTS, KRB5_CONF_UDP_PREFERENCE_LIMIT, 0, + DEFAULT_UDP_PREF_LIMIT, &tmp); + if (retval) + return retval; + if (tmp < 0) + tmp = DEFAULT_UDP_PREF_LIMIT; + else if (tmp > HARD_UDP_LIMIT) + /* In the unlikely case that a *really* big value is + given, let 'em use as big as we think we can + support. */ + tmp = HARD_UDP_LIMIT; + context->udp_pref_limit = tmp; } retval = (*use_master ? KRB5_KDC_UNREACH : KRB5_REALM_UNKNOWN); if (tcp_only) - socktype1 = SOCK_STREAM, socktype2 = 0; + socktype1 = SOCK_STREAM, socktype2 = 0; else if (message->length <= context->udp_pref_limit) - socktype1 = SOCK_DGRAM, socktype2 = SOCK_STREAM; + socktype1 = SOCK_DGRAM, socktype2 = SOCK_STREAM; else - socktype1 = SOCK_STREAM, socktype2 = SOCK_DGRAM; + socktype1 = SOCK_STREAM, socktype2 = SOCK_DGRAM; retval = krb5_locate_kdc(context, realm, &addrs, *use_master, socktype1, 0); if (socktype2) { - struct addrlist addrs2; + struct addrlist addrs2; - retval2 = krb5_locate_kdc(context, realm, &addrs2, *use_master, - socktype2, 0); + retval2 = krb5_locate_kdc(context, realm, &addrs2, *use_master, + socktype2, 0); #if 0 - if (retval2 == 0) { - (void) merge_addrlists(&addrs, &addrs2); - krb5int_free_addrlist(&addrs2); - retval = 0; - } else if (retval == KRB5_REALM_CANT_RESOLVE) { - retval = retval2; - } + if (retval2 == 0) { + (void) merge_addrlists(&addrs, &addrs2); + krb5int_free_addrlist(&addrs2); + retval = 0; + } else if (retval == KRB5_REALM_CANT_RESOLVE) { + retval = retval2; + } #else - retval = retval2; - if (retval == 0) { - (void) merge_addrlists(&addrs, &addrs2); - krb5int_free_addrlist(&addrs2); - } + retval = retval2; + if (retval == 0) { + (void) merge_addrlists(&addrs, &addrs2); + krb5int_free_addrlist(&addrs2); + } #endif } if (addrs.naddrs > 0) { - krb5_error_code err = 0; + krb5_error_code err = 0; retval = krb5int_sendto (context, message, &addrs, 0, reply, 0, 0, - 0, 0, &addr_used, check_for_svc_unavailable, &err); - switch (retval) { - case 0: + 0, 0, &addr_used, check_for_svc_unavailable, &err); + switch (retval) { + case 0: /* * Set use_master to 1 if we ended up talking to a master when * we didn't explicitly request to */ if (*use_master == 0) { struct addrlist addrs3; - retval = krb5_locate_kdc(context, realm, &addrs3, 1, + retval = krb5_locate_kdc(context, realm, &addrs3, 1, addrs.addrs[addr_used].ai->ai_socktype, addrs.addrs[addr_used].ai->ai_family); if (retval == 0) { - if (in_addrlist(addrs.addrs[addr_used].ai, &addrs3)) - *use_master = 1; + if (in_addrlist(addrs.addrs[addr_used].ai, &addrs3)) + *use_master = 1; krb5int_free_addrlist (&addrs3); } } krb5int_free_addrlist (&addrs); return 0; - default: - break; - /* Cases here are for constructing useful error messages. */ - case KRB5_KDC_UNREACH: - if (err == KDC_ERR_SVC_UNAVAILABLE) { - retval = KRB5KDC_ERR_SVC_UNAVAILABLE; - } else { - krb5_set_error_message(context, retval, - "Cannot contact any KDC for realm '%.*s'", - realm->length, realm->data); - } - break; - } + default: + break; + /* Cases here are for constructing useful error messages. */ + case KRB5_KDC_UNREACH: + if (err == KDC_ERR_SVC_UNAVAILABLE) { + retval = KRB5KDC_ERR_SVC_UNAVAILABLE; + } else { + krb5_set_error_message(context, retval, + "Cannot contact any KDC for realm '%.*s'", + realm->length, realm->data); + } + break; + } krb5int_free_addrlist (&addrs); } return retval; @@ -461,10 +462,10 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message, #ifdef DEBUG #ifdef _WIN32 -#define dperror(MSG) \ - dprint("%s: an error occurred ... " \ - "\tline=%d errno=%m socketerrno=%m\n", \ - (MSG), __LINE__, errno, SOCKET_ERRNO) +#define dperror(MSG) \ + dprint("%s: an error occurred ... " \ + "\tline=%d errno=%m socketerrno=%m\n", \ + (MSG), __LINE__, errno, SOCKET_ERRNO) #else #define dperror(MSG) dprint("%s: %m\n", MSG, errno) #endif @@ -510,8 +511,8 @@ static int getcurtime (struct timeval *tvp) return 0; #else if (gettimeofday(tvp, 0)) { - dperror("gettimeofday"); - return errno; + dperror("gettimeofday"); + return errno; } return 0; #endif @@ -525,7 +526,7 @@ static int getcurtime (struct timeval *tvp) */ krb5_error_code krb5int_cm_call_select (const struct select_state *in, - struct select_state *out, int *sret) + struct select_state *out, int *sret) { struct timeval now, *timo; krb5_error_code e; @@ -533,65 +534,65 @@ krb5int_cm_call_select (const struct select_state *in, *out = *in; e = getcurtime(&now); if (e) - return e; + return e; if (out->end_time.tv_sec == 0) - timo = 0; + timo = 0; else { - timo = &out->end_time; - out->end_time.tv_sec -= now.tv_sec; - out->end_time.tv_usec -= now.tv_usec; - if (out->end_time.tv_usec < 0) { - out->end_time.tv_usec += 1000000; - out->end_time.tv_sec--; - } - if (out->end_time.tv_sec < 0) { - *sret = 0; - return 0; - } + timo = &out->end_time; + out->end_time.tv_sec -= now.tv_sec; + out->end_time.tv_usec -= now.tv_usec; + if (out->end_time.tv_usec < 0) { + out->end_time.tv_usec += 1000000; + out->end_time.tv_sec--; + } + if (out->end_time.tv_sec < 0) { + *sret = 0; + return 0; + } } dprint("selecting on max=%d sockets [%F] timeout %t\n", - out->max, - &out->rfds, &out->wfds, &out->xfds, out->max, - timo); + out->max, + &out->rfds, &out->wfds, &out->xfds, out->max, + timo); *sret = select(out->max, &out->rfds, &out->wfds, &out->xfds, timo); e = SOCKET_ERRNO; dprint("select returns %d", *sret); if (*sret < 0) - dprint(", error = %E\n", e); + dprint(", error = %E\n", e); else if (*sret == 0) - dprint(" (timeout)\n"); + dprint(" (timeout)\n"); else - dprint(":%F\n", &out->rfds, &out->wfds, &out->xfds, out->max); + dprint(":%F\n", &out->rfds, &out->wfds, &out->xfds, out->max); if (*sret < 0) - return e; + return e; return 0; } static int service_tcp_fd (struct conn_state *conn, - struct select_state *selstate, int ssflags); + struct select_state *selstate, int ssflags); static int service_udp_fd (struct conn_state *conn, - struct select_state *selstate, int ssflags); + struct select_state *selstate, int ssflags); static void set_conn_state_msg_length (struct conn_state *state, const krb5_data *message) { - if (!message || message->length == 0) - return; + if (!message || message->length == 0) + return; if (!state->is_udp) { - store_32_be(message->length, state->x.out.msg_len_buf); - SG_SET(&state->x.out.sgbuf[0], state->x.out.msg_len_buf, 4); - SG_SET(&state->x.out.sgbuf[1], message->data, message->length); - state->x.out.sg_count = 2; + store_32_be(message->length, state->x.out.msg_len_buf); + SG_SET(&state->x.out.sgbuf[0], state->x.out.msg_len_buf, 4); + SG_SET(&state->x.out.sgbuf[1], message->data, message->length); + state->x.out.sg_count = 2; } else { - SG_SET(&state->x.out.sgbuf[0], message->data, message->length); - SG_SET(&state->x.out.sgbuf[1], 0, 0); - state->x.out.sg_count = 1; + SG_SET(&state->x.out.sgbuf[0], message->data, message->length); + SG_SET(&state->x.out.sgbuf[1], 0, 0); + state->x.out.sg_count = 1; } } @@ -600,7 +601,7 @@ set_conn_state_msg_length (struct conn_state *state, const krb5_data *message) static void setup_connection (struct conn_state *state, struct addrinfo *ai, - const krb5_data *message, char **udpbufp) + const krb5_data *message, char **udpbufp) { state->state = INITIALIZING; state->err = 0; @@ -609,103 +610,103 @@ setup_connection (struct conn_state *state, struct addrinfo *ai, state->fd = INVALID_SOCKET; SG_SET(&state->x.out.sgbuf[1], 0, 0); if (ai->ai_socktype == SOCK_STREAM) { - /* - SG_SET(&state->x.out.sgbuf[0], message_len_buf, 4); - SG_SET(&state->x.out.sgbuf[1], message->data, message->length); - state->x.out.sg_count = 2; - */ - - state->is_udp = 0; - state->service = service_tcp_fd; - set_conn_state_msg_length (state, message); + /* + SG_SET(&state->x.out.sgbuf[0], message_len_buf, 4); + SG_SET(&state->x.out.sgbuf[1], message->data, message->length); + state->x.out.sg_count = 2; + */ + + state->is_udp = 0; + state->service = service_tcp_fd; + set_conn_state_msg_length (state, message); } else { - /* - SG_SET(&state->x.out.sgbuf[0], message->data, message->length); - SG_SET(&state->x.out.sgbuf[1], 0, 0); - state->x.out.sg_count = 1; - */ - - state->is_udp = 1; - state->service = service_udp_fd; - set_conn_state_msg_length (state, message); - - if (*udpbufp == 0) { - *udpbufp = malloc(krb5_max_dgram_size); - if (*udpbufp == 0) { - dperror("malloc(krb5_max_dgram_size)"); - state->state = FAILED; - return; - } - } - state->x.in.buf = *udpbufp; - state->x.in.bufsize = krb5_max_dgram_size; + /* + SG_SET(&state->x.out.sgbuf[0], message->data, message->length); + SG_SET(&state->x.out.sgbuf[1], 0, 0); + state->x.out.sg_count = 1; + */ + + state->is_udp = 1; + state->service = service_udp_fd; + set_conn_state_msg_length (state, message); + + if (*udpbufp == 0) { + *udpbufp = malloc(krb5_max_dgram_size); + if (*udpbufp == 0) { + dperror("malloc(krb5_max_dgram_size)"); + state->state = FAILED; + return; + } + } + state->x.in.buf = *udpbufp; + state->x.in.bufsize = krb5_max_dgram_size; } } static int -start_connection (struct conn_state *state, - struct select_state *selstate, - struct sendto_callback_info* callback_info, +start_connection (struct conn_state *state, + struct select_state *selstate, + struct sendto_callback_info* callback_info, krb5_data* callback_buffer) { int fd, e; struct addrinfo *ai = state->addr; dprint("start_connection(@%p)\ngetting %s socket in family %d...", state, - ai->ai_socktype == SOCK_STREAM ? "stream" : "dgram", ai->ai_family); + ai->ai_socktype == SOCK_STREAM ? "stream" : "dgram", ai->ai_family); fd = socket(ai->ai_family, ai->ai_socktype, 0); if (fd == INVALID_SOCKET) { - state->err = SOCKET_ERRNO; - dprint("socket: %m creating with af %d\n", state->err, ai->ai_family); - return -1; /* try other hosts */ + state->err = SOCKET_ERRNO; + dprint("socket: %m creating with af %d\n", state->err, ai->ai_family); + return -1; /* try other hosts */ } #ifndef _WIN32 /* On Windows FD_SETSIZE is a count, not a max value. */ if (fd >= FD_SETSIZE) { - closesocket(fd); - state->err = EMFILE; - dprint("socket: fd %d too high\n", fd); - return -1; + closesocket(fd); + state->err = EMFILE; + dprint("socket: fd %d too high\n", fd); + return -1; } #endif set_cloexec_fd(fd); /* Make it non-blocking. */ if (ai->ai_socktype == SOCK_STREAM) { - static const int one = 1; - static const struct linger lopt = { 0, 0 }; + static const int one = 1; + static const struct linger lopt = { 0, 0 }; - if (ioctlsocket(fd, FIONBIO, (const void *) &one)) - dperror("sendto_kdc: ioctl(FIONBIO)"); - if (setsockopt(fd, SOL_SOCKET, SO_LINGER, &lopt, sizeof(lopt))) - dperror("sendto_kdc: setsockopt(SO_LINGER)"); + if (ioctlsocket(fd, FIONBIO, (const void *) &one)) + dperror("sendto_kdc: ioctl(FIONBIO)"); + if (setsockopt(fd, SOL_SOCKET, SO_LINGER, &lopt, sizeof(lopt))) + dperror("sendto_kdc: setsockopt(SO_LINGER)"); } /* Start connecting to KDC. */ dprint(" fd %d; connecting to %A...\n", fd, ai); e = connect(fd, ai->ai_addr, ai->ai_addrlen); if (e != 0) { - /* - * This is the path that should be followed for non-blocking - * connections. - */ - if (SOCKET_ERRNO == EINPROGRESS || SOCKET_ERRNO == EWOULDBLOCK) { - state->state = CONNECTING; - state->fd = fd; - } else { - dprint("connect failed: %m\n", SOCKET_ERRNO); - (void) closesocket(fd); - state->err = SOCKET_ERRNO; - state->state = FAILED; - return -2; - } + /* + * This is the path that should be followed for non-blocking + * connections. + */ + if (SOCKET_ERRNO == EINPROGRESS || SOCKET_ERRNO == EWOULDBLOCK) { + state->state = CONNECTING; + state->fd = fd; + } else { + dprint("connect failed: %m\n", SOCKET_ERRNO); + (void) closesocket(fd); + state->err = SOCKET_ERRNO; + state->state = FAILED; + return -2; + } } else { - /* - * Connect returned zero even though we tried to make it - * non-blocking, which should have caused it to return before - * finishing the connection. Oh well. Someone's network - * stack is broken, but if they gave us a connection, use it. - */ - state->state = WRITING; - state->fd = fd; + /* + * Connect returned zero even though we tried to make it + * non-blocking, which should have caused it to return before + * finishing the connection. Oh well. Someone's network + * stack is broken, but if they gave us a connection, use it. + */ + state->state = WRITING; + state->fd = fd; } dprint("new state = %s\n", state_strings[state->state]); @@ -716,68 +717,68 @@ start_connection (struct conn_state *state, */ if (callback_info) { - e = callback_info->pfn_callback(state, - callback_info->context, - callback_buffer); - if (e != 0) { - dprint("callback failed: %m\n", e); - (void) closesocket(fd); - state->err = e; - state->fd = INVALID_SOCKET; - state->state = FAILED; - return -3; - } - - dprint("callback %p (message=%d@%p)\n", - state, - callback_buffer->length, - callback_buffer->data); - - set_conn_state_msg_length( state, callback_buffer ); + e = callback_info->pfn_callback(state, + callback_info->context, + callback_buffer); + if (e != 0) { + dprint("callback failed: %m\n", e); + (void) closesocket(fd); + state->err = e; + state->fd = INVALID_SOCKET; + state->state = FAILED; + return -3; + } + + dprint("callback %p (message=%d@%p)\n", + state, + callback_buffer->length, + callback_buffer->data); + + set_conn_state_msg_length( state, callback_buffer ); } if (ai->ai_socktype == SOCK_DGRAM) { - /* Send it now. */ - int ret; - sg_buf *sg = &state->x.out.sgbuf[0]; - - dprint("sending %d bytes on fd %d\n", SG_LEN(sg), state->fd); - ret = send(state->fd, SG_BUF(sg), SG_LEN(sg), 0); - if (ret != SG_LEN(sg)) { - dperror("sendto"); - (void) closesocket(state->fd); - state->fd = INVALID_SOCKET; - state->state = FAILED; - return -4; - } else { - state->state = READING; - } + /* Send it now. */ + int ret; + sg_buf *sg = &state->x.out.sgbuf[0]; + + dprint("sending %d bytes on fd %d\n", SG_LEN(sg), state->fd); + ret = send(state->fd, SG_BUF(sg), SG_LEN(sg), 0); + if (ret != SG_LEN(sg)) { + dperror("sendto"); + (void) closesocket(state->fd); + state->fd = INVALID_SOCKET; + state->state = FAILED; + return -4; + } else { + state->state = READING; + } } #ifdef DEBUG if (debug) { - struct sockaddr_storage ss; - socklen_t sslen = sizeof(ss); - if (getsockname(state->fd, (struct sockaddr *)&ss, &sslen) == 0) { - struct addrinfo hack_ai; - memset(&hack_ai, 0, sizeof(hack_ai)); - hack_ai.ai_addr = (struct sockaddr *) &ss; - hack_ai.ai_addrlen = sslen; - hack_ai.ai_socktype = SOCK_DGRAM; - hack_ai.ai_family = ai->ai_family; - dprint("local socket address is %A\n", &hack_ai); - } + struct sockaddr_storage ss; + socklen_t sslen = sizeof(ss); + if (getsockname(state->fd, (struct sockaddr *)&ss, &sslen) == 0) { + struct addrinfo hack_ai; + memset(&hack_ai, 0, sizeof(hack_ai)); + hack_ai.ai_addr = (struct sockaddr *) &ss; + hack_ai.ai_addrlen = sslen; + hack_ai.ai_socktype = SOCK_DGRAM; + hack_ai.ai_family = ai->ai_family; + dprint("local socket address is %A\n", &hack_ai); + } } #endif FD_SET(state->fd, &selstate->rfds); if (state->state == CONNECTING || state->state == WRITING) - FD_SET(state->fd, &selstate->wfds); + FD_SET(state->fd, &selstate->wfds); FD_SET(state->fd, &selstate->xfds); if (selstate->max <= state->fd) - selstate->max = state->fd + 1; + selstate->max = state->fd + 1; selstate->nfds++; dprint("new select vectors: %F\n", - &selstate->rfds, &selstate->wfds, &selstate->xfds, selstate->max); + &selstate->rfds, &selstate->wfds, &selstate->xfds, selstate->max); return 0; } @@ -787,30 +788,30 @@ start_connection (struct conn_state *state, Otherwise, the caller should immediately move on to process the next connection. */ static int -maybe_send (struct conn_state *conn, - struct select_state *selstate, - struct sendto_callback_info* callback_info, - krb5_data* callback_buffer) +maybe_send (struct conn_state *conn, + struct select_state *selstate, + struct sendto_callback_info* callback_info, + krb5_data* callback_buffer) { sg_buf *sg; dprint("maybe_send(@%p) state=%s type=%s\n", conn, - state_strings[conn->state], - conn->is_udp ? "udp" : "tcp"); + state_strings[conn->state], + conn->is_udp ? "udp" : "tcp"); if (conn->state == INITIALIZING) - return start_connection(conn, selstate, callback_info, callback_buffer); + return start_connection(conn, selstate, callback_info, callback_buffer); /* Did we already shut down this channel? */ if (conn->state == FAILED) { - dprint("connection already closed\n"); - return -1; + dprint("connection already closed\n"); + return -1; } if (conn->addr->ai_socktype == SOCK_STREAM) { - dprint("skipping stream socket\n"); - /* The select callback will handle flushing any data we - haven't written yet, and we only write it once. */ - return -1; + dprint("skipping stream socket\n"); + /* The select callback will handle flushing any data we + haven't written yet, and we only write it once. */ + return -1; } /* UDP - Send message, possibly for the first time, possibly a @@ -818,12 +819,12 @@ maybe_send (struct conn_state *conn, sg = &conn->x.out.sgbuf[0]; dprint("sending %d bytes on fd %d\n", SG_LEN(sg), conn->fd); if (send(conn->fd, SG_BUF(sg), SG_LEN(sg), 0) != SG_LEN(sg)) { - dperror("send"); - /* Keep connection alive, we'll try again next pass. + dperror("send"); + /* Keep connection alive, we'll try again next pass. - Is this likely to catch any errors we didn't get from the - select callbacks? */ - return -1; + Is this likely to catch any errors we didn't get from the + select callbacks? */ + return -1; } /* Yay, it worked. */ return 0; @@ -841,12 +842,12 @@ kill_conn(struct conn_state *conn, struct select_state *selstate, int err) dprint("abandoning connection %d: %m\n", conn->fd, err); /* Fix up max fd for next select call. */ if (selstate->max == 1 + conn->fd) { - while (selstate->max > 0 - && ! FD_ISSET(selstate->max-1, &selstate->rfds) - && ! FD_ISSET(selstate->max-1, &selstate->wfds) - && ! FD_ISSET(selstate->max-1, &selstate->xfds)) - selstate->max--; - dprint("new max_fd + 1 is %d\n", selstate->max); + while (selstate->max > 0 + && ! FD_ISSET(selstate->max-1, &selstate->rfds) + && ! FD_ISSET(selstate->max-1, &selstate->wfds) + && ! FD_ISSET(selstate->max-1, &selstate->xfds)) + selstate->max--; + dprint("new max_fd + 1 is %d\n", selstate->max); } selstate->nfds--; } @@ -862,10 +863,10 @@ get_so_error(int fd) sockerrlen = sizeof(sockerr); e = getsockopt(fd, SOL_SOCKET, SO_ERROR, &sockerr, &sockerrlen); if (e != 0) { - /* What to do now? */ - e = SOCKET_ERRNO; - dprint("getsockopt(SO_ERROR) on fd failed: %m\n", e); - return e; + /* What to do now? */ + e = SOCKET_ERRNO; + dprint("getsockopt(SO_ERROR) on fd failed: %m\n", e); + return e; } return sockerr; } @@ -876,188 +877,188 @@ get_so_error(int fd) static int service_tcp_fd (struct conn_state *conn, struct select_state *selstate, - int ssflags) + int ssflags) { krb5_error_code e = 0; int nwritten, nread; if (!(ssflags & (SSF_READ|SSF_WRITE|SSF_EXCEPTION))) - abort(); + abort(); switch (conn->state) { - SOCKET_WRITEV_TEMP tmp; + SOCKET_WRITEV_TEMP tmp; case CONNECTING: - if (ssflags & SSF_READ) { - /* Bad -- the KDC shouldn't be sending to us first. */ - e = EINVAL /* ?? */; - kill_conn: - kill_conn(conn, selstate, e); - if (e == EINVAL) { - closesocket(conn->fd); - conn->fd = INVALID_SOCKET; - } - return e == 0; - } - if (ssflags & SSF_EXCEPTION) { - handle_exception: - e = get_so_error(conn->fd); - if (e) - dprint("socket error on exception fd: %m", e); - else - dprint("no socket error info available on exception fd"); - goto kill_conn; - } - - /* - * Connect finished -- but did it succeed or fail? - * UNIX sets can_write if failed. - * Call getsockopt to see if error pending. - * - * (For most UNIX systems it works to just try writing the - * first time and detect an error. But Bill Dodd at IBM - * reports that some version of AIX, SIGPIPE can result.) - */ - e = get_so_error(conn->fd); - if (e) { - dprint("socket error on write fd: %m", e); - goto kill_conn; - } - conn->state = WRITING; - goto try_writing; + if (ssflags & SSF_READ) { + /* Bad -- the KDC shouldn't be sending to us first. */ + e = EINVAL /* ?? */; + kill_conn: + kill_conn(conn, selstate, e); + if (e == EINVAL) { + closesocket(conn->fd); + conn->fd = INVALID_SOCKET; + } + return e == 0; + } + if (ssflags & SSF_EXCEPTION) { + handle_exception: + e = get_so_error(conn->fd); + if (e) + dprint("socket error on exception fd: %m", e); + else + dprint("no socket error info available on exception fd"); + goto kill_conn; + } + + /* + * Connect finished -- but did it succeed or fail? + * UNIX sets can_write if failed. + * Call getsockopt to see if error pending. + * + * (For most UNIX systems it works to just try writing the + * first time and detect an error. But Bill Dodd at IBM + * reports that some version of AIX, SIGPIPE can result.) + */ + e = get_so_error(conn->fd); + if (e) { + dprint("socket error on write fd: %m", e); + goto kill_conn; + } + conn->state = WRITING; + goto try_writing; case WRITING: - if (ssflags & SSF_READ) { - e = E2BIG; - /* Bad -- the KDC shouldn't be sending anything yet. */ - goto kill_conn; - } - if (ssflags & SSF_EXCEPTION) - goto handle_exception; + if (ssflags & SSF_READ) { + e = E2BIG; + /* Bad -- the KDC shouldn't be sending anything yet. */ + goto kill_conn; + } + if (ssflags & SSF_EXCEPTION) + goto handle_exception; try_writing: - dprint("trying to writev %d (%d bytes) to fd %d\n", - conn->x.out.sg_count, - ((conn->x.out.sg_count == 2 ? SG_LEN(&conn->x.out.sgp[1]) : 0) - + SG_LEN(&conn->x.out.sgp[0])), - conn->fd); - nwritten = SOCKET_WRITEV(conn->fd, conn->x.out.sgp, - conn->x.out.sg_count, tmp); - if (nwritten < 0) { - e = SOCKET_ERRNO; - dprint("failed: %m\n", e); - goto kill_conn; - } - dprint("wrote %d bytes\n", nwritten); - while (nwritten) { - sg_buf *sgp = conn->x.out.sgp; - if (nwritten < SG_LEN(sgp)) { - SG_ADVANCE(sgp, nwritten); - nwritten = 0; - } else { - nwritten -= SG_LEN(conn->x.out.sgp); - conn->x.out.sgp++; - conn->x.out.sg_count--; - if (conn->x.out.sg_count == 0 && nwritten != 0) - /* Wrote more than we wanted to? */ - abort(); - } - } - if (conn->x.out.sg_count == 0) { - /* Done writing, switch to reading. */ - /* Don't call shutdown at this point because - * some implementations cannot deal with half-closed connections.*/ - FD_CLR(conn->fd, &selstate->wfds); - /* Q: How do we detect failures to send the remaining data - to the remote side, since we're in non-blocking mode? - Will we always get errors on the reading side? */ - dprint("switching fd %d to READING\n", conn->fd); - conn->state = READING; - conn->x.in.bufsizebytes_read = 0; - conn->x.in.bufsize = 0; - conn->x.in.buf = 0; - conn->x.in.pos = 0; - conn->x.in.n_left = 0; - } - return 0; + dprint("trying to writev %d (%d bytes) to fd %d\n", + conn->x.out.sg_count, + ((conn->x.out.sg_count == 2 ? SG_LEN(&conn->x.out.sgp[1]) : 0) + + SG_LEN(&conn->x.out.sgp[0])), + conn->fd); + nwritten = SOCKET_WRITEV(conn->fd, conn->x.out.sgp, + conn->x.out.sg_count, tmp); + if (nwritten < 0) { + e = SOCKET_ERRNO; + dprint("failed: %m\n", e); + goto kill_conn; + } + dprint("wrote %d bytes\n", nwritten); + while (nwritten) { + sg_buf *sgp = conn->x.out.sgp; + if (nwritten < SG_LEN(sgp)) { + SG_ADVANCE(sgp, nwritten); + nwritten = 0; + } else { + nwritten -= SG_LEN(conn->x.out.sgp); + conn->x.out.sgp++; + conn->x.out.sg_count--; + if (conn->x.out.sg_count == 0 && nwritten != 0) + /* Wrote more than we wanted to? */ + abort(); + } + } + if (conn->x.out.sg_count == 0) { + /* Done writing, switch to reading. */ + /* Don't call shutdown at this point because + * some implementations cannot deal with half-closed connections.*/ + FD_CLR(conn->fd, &selstate->wfds); + /* Q: How do we detect failures to send the remaining data + to the remote side, since we're in non-blocking mode? + Will we always get errors on the reading side? */ + dprint("switching fd %d to READING\n", conn->fd); + conn->state = READING; + conn->x.in.bufsizebytes_read = 0; + conn->x.in.bufsize = 0; + conn->x.in.buf = 0; + conn->x.in.pos = 0; + conn->x.in.n_left = 0; + } + return 0; case READING: - if (ssflags & SSF_EXCEPTION) { - if (conn->x.in.buf) { - free(conn->x.in.buf); - conn->x.in.buf = 0; - } - goto handle_exception; - } - - if (conn->x.in.bufsizebytes_read == 4) { - /* Reading data. */ - dprint("reading %d bytes of data from fd %d\n", - (int) conn->x.in.n_left, conn->fd); - nread = SOCKET_READ(conn->fd, conn->x.in.pos, conn->x.in.n_left); - if (nread <= 0) { - e = nread ? SOCKET_ERRNO : ECONNRESET; - free(conn->x.in.buf); - conn->x.in.buf = 0; - goto kill_conn; - } - conn->x.in.n_left -= nread; - conn->x.in.pos += nread; - if (conn->x.in.n_left <= 0) { - /* We win! */ - return 1; - } - } else { - /* Reading length. */ - nread = SOCKET_READ(conn->fd, - conn->x.in.bufsizebytes + conn->x.in.bufsizebytes_read, - 4 - conn->x.in.bufsizebytes_read); - if (nread < 0) { - e = SOCKET_ERRNO; - goto kill_conn; - } - conn->x.in.bufsizebytes_read += nread; - if (conn->x.in.bufsizebytes_read == 4) { - unsigned long len = load_32_be (conn->x.in.bufsizebytes); - dprint("received length on fd %d is %d\n", conn->fd, (int)len); - /* Arbitrary 1M cap. */ - if (len > 1 * 1024 * 1024) { - e = E2BIG; - goto kill_conn; - } - conn->x.in.bufsize = conn->x.in.n_left = len; - conn->x.in.buf = conn->x.in.pos = malloc(len); - dprint("allocated %d byte buffer at %p\n", (int) len, - conn->x.in.buf); - if (conn->x.in.buf == 0) { - /* allocation failure */ - e = ENOMEM; - goto kill_conn; - } - } - } - break; + if (ssflags & SSF_EXCEPTION) { + if (conn->x.in.buf) { + free(conn->x.in.buf); + conn->x.in.buf = 0; + } + goto handle_exception; + } + + if (conn->x.in.bufsizebytes_read == 4) { + /* Reading data. */ + dprint("reading %d bytes of data from fd %d\n", + (int) conn->x.in.n_left, conn->fd); + nread = SOCKET_READ(conn->fd, conn->x.in.pos, conn->x.in.n_left); + if (nread <= 0) { + e = nread ? SOCKET_ERRNO : ECONNRESET; + free(conn->x.in.buf); + conn->x.in.buf = 0; + goto kill_conn; + } + conn->x.in.n_left -= nread; + conn->x.in.pos += nread; + if (conn->x.in.n_left <= 0) { + /* We win! */ + return 1; + } + } else { + /* Reading length. */ + nread = SOCKET_READ(conn->fd, + conn->x.in.bufsizebytes + conn->x.in.bufsizebytes_read, + 4 - conn->x.in.bufsizebytes_read); + if (nread < 0) { + e = SOCKET_ERRNO; + goto kill_conn; + } + conn->x.in.bufsizebytes_read += nread; + if (conn->x.in.bufsizebytes_read == 4) { + unsigned long len = load_32_be (conn->x.in.bufsizebytes); + dprint("received length on fd %d is %d\n", conn->fd, (int)len); + /* Arbitrary 1M cap. */ + if (len > 1 * 1024 * 1024) { + e = E2BIG; + goto kill_conn; + } + conn->x.in.bufsize = conn->x.in.n_left = len; + conn->x.in.buf = conn->x.in.pos = malloc(len); + dprint("allocated %d byte buffer at %p\n", (int) len, + conn->x.in.buf); + if (conn->x.in.buf == 0) { + /* allocation failure */ + e = ENOMEM; + goto kill_conn; + } + } + } + break; default: - abort(); + abort(); } return 0; } static int service_udp_fd(struct conn_state *conn, struct select_state *selstate, - int ssflags) + int ssflags) { int nread; if (!(ssflags & (SSF_READ|SSF_EXCEPTION))) - abort(); + abort(); if (conn->state != READING) - abort(); + abort(); nread = recv(conn->fd, conn->x.in.buf, conn->x.in.bufsize, 0); if (nread < 0) { - kill_conn(conn, selstate, SOCKET_ERRNO); - return 0; + kill_conn(conn, selstate, SOCKET_ERRNO); + return 0; } conn->x.in.pos = conn->x.in.buf + nread; return 1; @@ -1065,77 +1066,77 @@ service_udp_fd(struct conn_state *conn, struct select_state *selstate, static int service_fds (krb5_context context, - struct select_state *selstate, - struct conn_state *conns, size_t n_conns, int *winning_conn, - struct select_state *seltemp, - int (*msg_handler)(krb5_context, const krb5_data *, void *), - void *msg_handler_data) + struct select_state *selstate, + struct conn_state *conns, size_t n_conns, int *winning_conn, + struct select_state *seltemp, + int (*msg_handler)(krb5_context, const krb5_data *, void *), + void *msg_handler_data) { int e, selret; e = 0; while (selstate->nfds > 0) { - unsigned int i; - - e = krb5int_cm_call_select(selstate, seltemp, &selret); - if (e == EINTR) - continue; - if (e != 0) - break; - - dprint("service_fds examining results, selret=%d\n", selret); - - if (selret == 0) - /* Timeout, return to caller. */ - return 0; - - /* Got something on a socket, process it. */ - for (i = 0; i <= (unsigned int)selstate->max && selret > 0 && i < n_conns; i++) { - int ssflags; - - if (conns[i].fd == INVALID_SOCKET) - continue; - ssflags = 0; - if (FD_ISSET(conns[i].fd, &seltemp->rfds)) - ssflags |= SSF_READ, selret--; - if (FD_ISSET(conns[i].fd, &seltemp->wfds)) - ssflags |= SSF_WRITE, selret--; - if (FD_ISSET(conns[i].fd, &seltemp->xfds)) - ssflags |= SSF_EXCEPTION, selret--; - if (!ssflags) - continue; - - dprint("handling flags '%s%s%s' on fd %d (%A) in state %s\n", - (ssflags & SSF_READ) ? "r" : "", - (ssflags & SSF_WRITE) ? "w" : "", - (ssflags & SSF_EXCEPTION) ? "x" : "", - conns[i].fd, conns[i].addr, - state_strings[(int) conns[i].state]); - - if (conns[i].service (&conns[i], selstate, ssflags)) { - int stop = 1; - - if (msg_handler != NULL) { - krb5_data reply; - - reply.data = conns[i].x.in.buf; - reply.length = conns[i].x.in.pos - conns[i].x.in.buf; - - stop = (msg_handler(context, &reply, msg_handler_data) != 0); - } - - if (stop) { - dprint("fd service routine says we're done\n"); - *winning_conn = i; - return 1; - } - } - } + unsigned int i; + + e = krb5int_cm_call_select(selstate, seltemp, &selret); + if (e == EINTR) + continue; + if (e != 0) + break; + + dprint("service_fds examining results, selret=%d\n", selret); + + if (selret == 0) + /* Timeout, return to caller. */ + return 0; + + /* Got something on a socket, process it. */ + for (i = 0; i <= (unsigned int)selstate->max && selret > 0 && i < n_conns; i++) { + int ssflags; + + if (conns[i].fd == INVALID_SOCKET) + continue; + ssflags = 0; + if (FD_ISSET(conns[i].fd, &seltemp->rfds)) + ssflags |= SSF_READ, selret--; + if (FD_ISSET(conns[i].fd, &seltemp->wfds)) + ssflags |= SSF_WRITE, selret--; + if (FD_ISSET(conns[i].fd, &seltemp->xfds)) + ssflags |= SSF_EXCEPTION, selret--; + if (!ssflags) + continue; + + dprint("handling flags '%s%s%s' on fd %d (%A) in state %s\n", + (ssflags & SSF_READ) ? "r" : "", + (ssflags & SSF_WRITE) ? "w" : "", + (ssflags & SSF_EXCEPTION) ? "x" : "", + conns[i].fd, conns[i].addr, + state_strings[(int) conns[i].state]); + + if (conns[i].service (&conns[i], selstate, ssflags)) { + int stop = 1; + + if (msg_handler != NULL) { + krb5_data reply; + + reply.data = conns[i].x.in.buf; + reply.length = conns[i].x.in.pos - conns[i].x.in.buf; + + stop = (msg_handler(context, &reply, msg_handler_data) != 0); + } + + if (stop) { + dprint("fd service routine says we're done\n"); + *winning_conn = i; + return 1; + } + } + } } if (e != 0) { - dprint("select returned %m\n", e); - *winning_conn = -1; - return 1; + dprint("select returned %m\n", e); + *winning_conn = -1; + return 1; } return 0; } @@ -1165,13 +1166,13 @@ service_fds (krb5_context context, krb5_error_code krb5int_sendto (krb5_context context, const krb5_data *message, const struct addrlist *addrs, - struct sendto_callback_info* callback_info, krb5_data *reply, - struct sockaddr *localaddr, socklen_t *localaddrlen, + struct sendto_callback_info* callback_info, krb5_data *reply, + struct sockaddr *localaddr, socklen_t *localaddrlen, struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, - int *addr_used, - /* return 0 -> keep going, 1 -> quit */ - int (*msg_handler)(krb5_context, const krb5_data *, void *), - void *msg_handler_data) + int *addr_used, + /* return 0 -> keep going, 1 -> quit */ + int (*msg_handler)(krb5_context, const krb5_data *, void *), + void *msg_handler_data) { unsigned int i; int pass; @@ -1186,9 +1187,9 @@ krb5int_sendto (krb5_context context, const krb5_data *message, char *udpbuf = NULL; if (message) - dprint("krb5int_sendto(message=%d@%p, addrlist=", message->length, message->data); + dprint("krb5int_sendto(message=%d@%p, addrlist=", message->length, message->data); else - dprint("krb5int_sendto(callback=%p, addrlist=", callback_info); + dprint("krb5int_sendto(callback=%p, addrlist=", callback_info); print_addrlist(addrs); dprint(")\n"); @@ -1197,25 +1198,25 @@ krb5int_sendto (krb5_context context, const krb5_data *message, conns = calloc(addrs->naddrs, sizeof(struct conn_state)); if (conns == NULL) - return ENOMEM; + return ENOMEM; if (callback_info) { - callback_data = calloc(addrs->naddrs, sizeof(krb5_data)); - if (callback_data == NULL) { - retval = ENOMEM; - goto egress; - } + callback_data = calloc(addrs->naddrs, sizeof(krb5_data)); + if (callback_data == NULL) { + retval = ENOMEM; + goto egress; + } } for (i = 0; i < addrs->naddrs; i++) - conns[i].fd = INVALID_SOCKET; + conns[i].fd = INVALID_SOCKET; /* One for use here, listing all our fds in use, and one for temporary use in service_fds, for the fds of interest. */ sel_state = malloc(2 * sizeof(*sel_state)); if (sel_state == NULL) { - retval = ENOMEM; - goto egress; + retval = ENOMEM; + goto egress; } sel_state->max = 0; sel_state->nfds = 0; @@ -1227,100 +1228,100 @@ krb5int_sendto (krb5_context context, const krb5_data *message, /* Set up connections. */ for (host = 0; host < addrs->naddrs; host++) { - setup_connection(&conns[host], addrs->addrs[host].ai, message, - &udpbuf); + setup_connection(&conns[host], addrs->addrs[host].ai, message, + &udpbuf); } n_conns = addrs->naddrs; for (pass = 0; pass < MAX_PASS; pass++) { - /* Possible optimization: Make only one pass if TCP only. - Stop making passes if all UDP ports are closed down. */ - dprint("pass %d delay=%d\n", pass, delay_this_pass); - for (host = 0; host < n_conns; host++) { - dprint("host %d\n", host); - - /* Send to the host, wait for a response, then move on. */ - if (maybe_send(&conns[host], - sel_state, - callback_info, - (callback_info ? &callback_data[host] : NULL))) - continue; - - retval = getcurtime(&now); - if (retval) - goto egress; - sel_state->end_time = now; - sel_state->end_time.tv_sec += 1; - e = service_fds(context, sel_state, conns, host+1, &winning_conn, - sel_state+1, msg_handler, msg_handler_data); - if (e) - break; - if (pass > 0 && sel_state->nfds == 0) - /* - * After the first pass, if we close all fds, break - * out right away. During the first pass, it's okay, - * we're probably about to open another connection. - */ - break; - } - if (e) - break; - retval = getcurtime(&now); - if (retval) - goto egress; - /* Possible optimization: Find a way to integrate this select - call with the last one from the above loop, if the loop - actually calls select. */ - sel_state->end_time.tv_sec += delay_this_pass; - e = service_fds(context, sel_state, conns, host+1, &winning_conn, - sel_state+1, msg_handler, msg_handler_data); - if (e) - break; - if (sel_state->nfds == 0) - break; - delay_this_pass *= 2; + /* Possible optimization: Make only one pass if TCP only. + Stop making passes if all UDP ports are closed down. */ + dprint("pass %d delay=%d\n", pass, delay_this_pass); + for (host = 0; host < n_conns; host++) { + dprint("host %d\n", host); + + /* Send to the host, wait for a response, then move on. */ + if (maybe_send(&conns[host], + sel_state, + callback_info, + (callback_info ? &callback_data[host] : NULL))) + continue; + + retval = getcurtime(&now); + if (retval) + goto egress; + sel_state->end_time = now; + sel_state->end_time.tv_sec += 1; + e = service_fds(context, sel_state, conns, host+1, &winning_conn, + sel_state+1, msg_handler, msg_handler_data); + if (e) + break; + if (pass > 0 && sel_state->nfds == 0) + /* + * After the first pass, if we close all fds, break + * out right away. During the first pass, it's okay, + * we're probably about to open another connection. + */ + break; + } + if (e) + break; + retval = getcurtime(&now); + if (retval) + goto egress; + /* Possible optimization: Find a way to integrate this select + call with the last one from the above loop, if the loop + actually calls select. */ + sel_state->end_time.tv_sec += delay_this_pass; + e = service_fds(context, sel_state, conns, host+1, &winning_conn, + sel_state+1, msg_handler, msg_handler_data); + if (e) + break; + if (sel_state->nfds == 0) + break; + delay_this_pass *= 2; } if (sel_state->nfds == 0) { - /* No addresses? */ - retval = KRB5_KDC_UNREACH; - goto egress; + /* No addresses? */ + retval = KRB5_KDC_UNREACH; + goto egress; } if (e == 0 || winning_conn < 0) { - retval = KRB5_KDC_UNREACH; - goto egress; + retval = KRB5_KDC_UNREACH; + goto egress; } /* Success! */ reply->data = conns[winning_conn].x.in.buf; reply->length = (conns[winning_conn].x.in.pos - - conns[winning_conn].x.in.buf); + - conns[winning_conn].x.in.buf); dprint("returning %d bytes in buffer %p\n", - (int) reply->length, reply->data); + (int) reply->length, reply->data); retval = 0; conns[winning_conn].x.in.buf = 0; if (addr_used) *addr_used = winning_conn; if (localaddr != 0 && localaddrlen != 0 && *localaddrlen > 0) - (void) getsockname(conns[winning_conn].fd, localaddr, localaddrlen); + (void) getsockname(conns[winning_conn].fd, localaddr, localaddrlen); - if (remoteaddr != 0 && remoteaddrlen != 0 && *remoteaddrlen > 0) - (void) getpeername(conns[winning_conn].fd, remoteaddr, remoteaddrlen); + if (remoteaddr != 0 && remoteaddrlen != 0 && *remoteaddrlen > 0) + (void) getpeername(conns[winning_conn].fd, remoteaddr, remoteaddrlen); egress: for (i = 0; i < n_conns; i++) { - if (conns[i].fd != INVALID_SOCKET) - closesocket(conns[i].fd); - if (conns[i].state == READING && conns[i].x.in.buf != udpbuf) - free(conns[i].x.in.buf); - if (callback_info) { - callback_info->pfn_cleanup(callback_info->context, - &callback_data[i]); - } + if (conns[i].fd != INVALID_SOCKET) + closesocket(conns[i].fd); + if (conns[i].state == READING && conns[i].x.in.buf != udpbuf) + free(conns[i].x.in.buf); + if (callback_info) { + callback_info->pfn_cleanup(callback_info->context, + &callback_data[i]); + } } free(callback_data); free(conns); if (reply->data != udpbuf) - free(udpbuf); + free(udpbuf); free(sel_state); return retval; } diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index ee4f3bc..8bd8230 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/sn2princ.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Convert a hostname and service name to a principal in the "standard" * form. @@ -53,7 +54,7 @@ maybe_use_reverse_dns (krb5_context context, int defalt) return defalt; if (value == 0) - return defalt; + return defalt; use_rdns = _krb5_conf_boolean(value); profile_release_string(value); @@ -75,57 +76,57 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * #endif if ((type == KRB5_NT_UNKNOWN) || - (type == KRB5_NT_SRV_HST)) { - - /* if hostname is NULL, use local hostname */ - if (! hostname) { - if (gethostname(localname, MAXHOSTNAMELEN)) - return SOCKET_ERRNO; - hostname = localname; - } - - /* if sname is NULL, use "host" */ - if (! sname) - sname = "host"; - - /* copy the hostname into non-volatile storage */ - - if (type == KRB5_NT_SRV_HST) { - struct addrinfo *ai, hints; - int err; - char hnamebuf[NI_MAXHOST]; - - /* Note that the old code would accept numeric addresses, - and if the gethostbyaddr step could convert them to - real hostnames, you could actually get reasonable - results. If the mapping failed, you'd get dotted - triples as realm names. *sigh* - - The latter has been fixed in hst_realm.c, but we should - keep supporting numeric addresses if they do have - hostnames associated. */ - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_INET; - hints.ai_flags = AI_CANONNAME; - try_getaddrinfo_again: - err = getaddrinfo(hostname, 0, &hints, &ai); - if (err) { + (type == KRB5_NT_SRV_HST)) { + + /* if hostname is NULL, use local hostname */ + if (! hostname) { + if (gethostname(localname, MAXHOSTNAMELEN)) + return SOCKET_ERRNO; + hostname = localname; + } + + /* if sname is NULL, use "host" */ + if (! sname) + sname = "host"; + + /* copy the hostname into non-volatile storage */ + + if (type == KRB5_NT_SRV_HST) { + struct addrinfo *ai, hints; + int err; + char hnamebuf[NI_MAXHOST]; + + /* Note that the old code would accept numeric addresses, + and if the gethostbyaddr step could convert them to + real hostnames, you could actually get reasonable + results. If the mapping failed, you'd get dotted + triples as realm names. *sigh* + + The latter has been fixed in hst_realm.c, but we should + keep supporting numeric addresses if they do have + hostnames associated. */ + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_INET; + hints.ai_flags = AI_CANONNAME; + try_getaddrinfo_again: + err = getaddrinfo(hostname, 0, &hints, &ai); + if (err) { #ifdef DEBUG_REFERRALS - printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname); + printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname); #endif - if (hints.ai_family == AF_INET) { - /* Just in case it's an IPv6-only name. */ - hints.ai_family = 0; - goto try_getaddrinfo_again; - } - return KRB5_ERR_BAD_HOSTNAME; - } - remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname); - if (!remote_host) { - freeaddrinfo(ai); - return ENOMEM; - } + if (hints.ai_family == AF_INET) { + /* Just in case it's an IPv6-only name. */ + hints.ai_family = 0; + goto try_getaddrinfo_again; + } + return KRB5_ERR_BAD_HOSTNAME; + } + remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname); + if (!remote_host) { + freeaddrinfo(ai); + return ENOMEM; + } if (maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) { /* @@ -140,7 +141,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * preserve the current behavior and only shake things up once when it comes time to fix this lossage. */ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, - hnamebuf, sizeof(hnamebuf), 0, 0, NI_NAMEREQD); + hnamebuf, sizeof(hnamebuf), 0, 0, NI_NAMEREQD); freeaddrinfo(ai); if (err == 0) { free(remote_host); @@ -149,68 +150,67 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * return ENOMEM; } } else - freeaddrinfo(ai); - } else /* type == KRB5_NT_UNKNOWN */ { - remote_host = strdup(hostname); - } - if (!remote_host) - return ENOMEM; + freeaddrinfo(ai); + } else /* type == KRB5_NT_UNKNOWN */ { + remote_host = strdup(hostname); + } + if (!remote_host) + return ENOMEM; #ifdef DEBUG_REFERRALS - printf("sname_to_princ: hostname <%s> after rdns processing\n",remote_host); + printf("sname_to_princ: hostname <%s> after rdns processing\n",remote_host); #endif - if (type == KRB5_NT_SRV_HST) - for (cp = remote_host; *cp; cp++) - if (isupper((unsigned char) (*cp))) - *cp = tolower((unsigned char) (*cp)); - - /* - * Windows NT5's broken resolver gratuitously tacks on a - * trailing period to the hostname (at least it does in - * Beta2). Find and remove it. - */ - if (remote_host[0]) { - cp = remote_host + strlen(remote_host)-1; - if (*cp == '.') - *cp = 0; - } - - - if ((retval = krb5_get_host_realm(context, remote_host, &hrealms))) { - free(remote_host); - return retval; - } + if (type == KRB5_NT_SRV_HST) + for (cp = remote_host; *cp; cp++) + if (isupper((unsigned char) (*cp))) + *cp = tolower((unsigned char) (*cp)); + + /* + * Windows NT5's broken resolver gratuitously tacks on a + * trailing period to the hostname (at least it does in + * Beta2). Find and remove it. + */ + if (remote_host[0]) { + cp = remote_host + strlen(remote_host)-1; + if (*cp == '.') + *cp = 0; + } + + + if ((retval = krb5_get_host_realm(context, remote_host, &hrealms))) { + free(remote_host); + return retval; + } #ifdef DEBUG_REFERRALS - printf("sname_to_princ: realm <%s> after krb5_get_host_realm\n",hrealms[0]); + printf("sname_to_princ: realm <%s> after krb5_get_host_realm\n",hrealms[0]); #endif - if (!hrealms[0]) { - free(remote_host); - free(hrealms); - return KRB5_ERR_HOST_REALM_UNKNOWN; - } - realm = hrealms[0]; + if (!hrealms[0]) { + free(remote_host); + free(hrealms); + return KRB5_ERR_HOST_REALM_UNKNOWN; + } + realm = hrealms[0]; - retval = krb5_build_principal(context, ret_princ, strlen(realm), - realm, sname, remote_host, - (char *)0); + retval = krb5_build_principal(context, ret_princ, strlen(realm), + realm, sname, remote_host, + (char *)0); - krb5_princ_type(context, *ret_princ) = type; + krb5_princ_type(context, *ret_princ) = type; #ifdef DEBUG_REFERRALS - printf("krb5_sname_to_principal returning\n"); - printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n", - realm,sname,remote_host); - krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ); + printf("krb5_sname_to_principal returning\n"); + printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n", + realm,sname,remote_host); + krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ); #endif - free(remote_host); + free(remote_host); - krb5_free_host_realm(context, hrealms); - return retval; + krb5_free_host_realm(context, hrealms); + return retval; } else { - return KRB5_SNAME_UNSUPP_NAMETYPE; + return KRB5_SNAME_UNSUPP_NAMETYPE; } } - diff --git a/src/lib/krb5/os/t_an_to_ln.c b/src/lib/krb5/os/t_an_to_ln.c index 93933a4..99ec590 100644 --- a/src/lib/krb5/os/t_an_to_ln.c +++ b/src/lib/krb5/os/t_an_to_ln.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "krb5.h" #include <stdio.h> @@ -5,36 +6,36 @@ int main(int argc, char **argv) { - krb5_error_code kret; - krb5_context kcontext; - krb5_principal principal; - char *programname; - int i; - char sbuf[1024]; + krb5_error_code kret; + krb5_context kcontext; + krb5_principal principal; + char *programname; + int i; + char sbuf[1024]; programname = argv[0]; krb5_init_context(&kcontext); for (i=1; i < argc; i++) { - if (!(kret = krb5_parse_name(kcontext, argv[i], &principal))) { - if (!(kret = krb5_aname_to_localname(kcontext, - principal, - 1024, - sbuf))) { - printf("%s: aname_to_lname maps %s -> <%s>\n", - programname, argv[i], sbuf); - } - else { - printf("%s: aname to lname returns %s for %s\n", programname, - error_message(kret), argv[i]); - } - krb5_free_principal(kcontext, principal); - } - else { - printf("%s: parse_name returns %s\n", programname, - error_message(kret)); - } - if (kret) - break; + if (!(kret = krb5_parse_name(kcontext, argv[i], &principal))) { + if (!(kret = krb5_aname_to_localname(kcontext, + principal, + 1024, + sbuf))) { + printf("%s: aname_to_lname maps %s -> <%s>\n", + programname, argv[i], sbuf); + } + else { + printf("%s: aname to lname returns %s for %s\n", programname, + error_message(kret), argv[i]); + } + krb5_free_principal(kcontext, principal); + } + else { + printf("%s: parse_name returns %s\n", programname, + error_message(kret)); + } + if (kret) + break; } krb5_free_context(kcontext); return((kret) ? 1 : 0); diff --git a/src/lib/krb5/os/t_gifconf.c b/src/lib/krb5/os/t_gifconf.c index b0d9b7d..6ae4b85 100644 --- a/src/lib/krb5/os/t_gifconf.c +++ b/src/lib/krb5/os/t_gifconf.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* SIOCGIFCONF: The behavior of this ioctl varies across systems. @@ -84,49 +85,49 @@ int main (void) { sock = socket (AF_INET, SOCK_DGRAM, 0); if (sock < 0) { - perror ("socket"); - exit (1); + perror ("socket"); + exit (1); } printf ("sizeof(struct if_req)=%d\n", sizeof (struct ifreq)); for (t = 0; t < sizeof (buffer); t++) { - ifc.ifc_len = t; - ifc.ifc_buf = buffer; - memset (buffer, INIT, sizeof (buffer)); - i = ioctl (sock, SIOCGIFCONF, (char *) &ifc); - if (i < 0) { - /* Solaris returns "Invalid argument" if the buffer is too - small. AIX and Linux return no error indication. */ - int e = errno; - snprintf (buffer, sizeof(buffer), "SIOCGIFCONF(%d)", t); - errno = e; - perror (buffer); - if (e == EINVAL) - continue; - fprintf (stderr, "exiting on unexpected error\n"); - exit (1); - } - i = sizeof (buffer) - 1; - while (buffer[i] == ((char)INIT) && i >= 0) - i--; - if (omod != i) { - /* Okay... the gap computed on the *last* iteration is the - largest for that particular size of returned data. - Save it, and then start computing gaps for the next - bigger size of returned data. If we never get anything - bigger back, we discard the newer value and only keep - LASTGAP because all we care about is how much slop we - need to "prove" that there really weren't any more - entries to be returned. */ - if (gap > lastgap) - lastgap = gap; - } - gap = t - i - 1; - if (olen != ifc.ifc_len || omod != i) { - printf ("ifc_len in = %4d, ifc_len out = %4d, last mod = %4d\n", - t, ifc.ifc_len, i); - olen = ifc.ifc_len; - omod = i; - } + ifc.ifc_len = t; + ifc.ifc_buf = buffer; + memset (buffer, INIT, sizeof (buffer)); + i = ioctl (sock, SIOCGIFCONF, (char *) &ifc); + if (i < 0) { + /* Solaris returns "Invalid argument" if the buffer is too + small. AIX and Linux return no error indication. */ + int e = errno; + snprintf (buffer, sizeof(buffer), "SIOCGIFCONF(%d)", t); + errno = e; + perror (buffer); + if (e == EINVAL) + continue; + fprintf (stderr, "exiting on unexpected error\n"); + exit (1); + } + i = sizeof (buffer) - 1; + while (buffer[i] == ((char)INIT) && i >= 0) + i--; + if (omod != i) { + /* Okay... the gap computed on the *last* iteration is the + largest for that particular size of returned data. + Save it, and then start computing gaps for the next + bigger size of returned data. If we never get anything + bigger back, we discard the newer value and only keep + LASTGAP because all we care about is how much slop we + need to "prove" that there really weren't any more + entries to be returned. */ + if (gap > lastgap) + lastgap = gap; + } + gap = t - i - 1; + if (olen != ifc.ifc_len || omod != i) { + printf ("ifc_len in = %4d, ifc_len out = %4d, last mod = %4d\n", + t, ifc.ifc_len, i); + olen = ifc.ifc_len; + omod = i; + } } printf ("finished at ifc_len %d\n", t); printf ("largest gap = %d\n", lastgap); diff --git a/src/lib/krb5/os/t_locate_kdc.c b/src/lib/krb5/os/t_locate_kdc.c index 9cc845a..45fad01 100644 --- a/src/lib/krb5/os/t_locate_kdc.c +++ b/src/lib/krb5/os/t_locate_kdc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include <stdio.h> #include <string.h> #include <sys/types.h> @@ -31,14 +32,14 @@ static const char *stypename (int stype) static char buf[20]; switch (stype) { case SOCK_STREAM: - return "stream"; + return "stream"; case SOCK_DGRAM: - return "dgram"; + return "dgram"; case SOCK_RAW: - return "raw"; + return "raw"; default: - snprintf(buf, sizeof(buf), "?%d", stype); - return buf; + snprintf(buf, sizeof(buf), "?%d", stype); + return buf; } } @@ -50,19 +51,19 @@ static void print_addrs (void) printf ("%d addresses:\n", naddrs); for (i = 0; i < naddrs; i++) { - int err; - struct addrinfo *ai = al.addrs[i].ai; - char hostbuf[NI_MAXHOST], srvbuf[NI_MAXSERV]; - err = getnameinfo (ai->ai_addr, ai->ai_addrlen, - hostbuf, sizeof (hostbuf), - srvbuf, sizeof (srvbuf), - NI_NUMERICHOST | NI_NUMERICSERV); - if (err) - printf ("%2d: getnameinfo returns error %d=%s\n", - i, err, gai_strerror (err)); - else - printf ("%2d: address %s\t%s\tport %s\n", i, hostbuf, - stypename (ai->ai_socktype), srvbuf); + int err; + struct addrinfo *ai = al.addrs[i].ai; + char hostbuf[NI_MAXHOST], srvbuf[NI_MAXSERV]; + err = getnameinfo (ai->ai_addr, ai->ai_addrlen, + hostbuf, sizeof (hostbuf), + srvbuf, sizeof (srvbuf), + NI_NUMERICHOST | NI_NUMERICSERV); + if (err) + printf ("%2d: getnameinfo returns error %d=%s\n", + i, err, gai_strerror (err)); + else + printf ("%2d: address %s\t%s\tport %s\n", i, hostbuf, + stypename (ai->ai_socktype), srvbuf); } } @@ -76,52 +77,52 @@ int main (int argc, char *argv[]) p = strrchr (argv[0], '/'); if (p) - prog = p+1; + prog = p+1; else - prog = argv[0]; + prog = argv[0]; switch (argc) { case 2: - /* foo $realm */ - realmname = argv[1]; - break; + /* foo $realm */ + realmname = argv[1]; + break; case 3: - if (!strcmp (argv[1], "-c")) - how = LOOKUP_CONF; - else if (!strcmp (argv[1], "-d")) - how = LOOKUP_DNS; - else if (!strcmp (argv[1], "-m")) - master = 1; - else - goto usage; - realmname = argv[2]; - break; + if (!strcmp (argv[1], "-c")) + how = LOOKUP_CONF; + else if (!strcmp (argv[1], "-d")) + how = LOOKUP_DNS; + else if (!strcmp (argv[1], "-m")) + master = 1; + else + goto usage; + realmname = argv[2]; + break; default: usage: - fprintf (stderr, "%s: usage: %s [-c | -d | -m] realm\n", prog, prog); - return 1; + fprintf (stderr, "%s: usage: %s [-c | -d | -m] realm\n", prog, prog); + return 1; } err = krb5_init_context (&ctx); if (err) - kfatal (err); + kfatal (err); realm.data = realmname; realm.length = strlen (realmname); switch (how) { case LOOKUP_CONF: - err = krb5_locate_srv_conf (ctx, &realm, "kdc", &al, 0, - htons (88), htons (750)); - break; + err = krb5_locate_srv_conf (ctx, &realm, "kdc", &al, 0, + htons (88), htons (750)); + break; case LOOKUP_DNS: - err = krb5_locate_srv_dns_1 (&realm, "_kerberos", "_udp", &al, 0); - break; + err = krb5_locate_srv_dns_1 (&realm, "_kerberos", "_udp", &al, 0); + break; case LOOKUP_WHATEVER: - err = krb5_locate_kdc (ctx, &realm, &al, master, 0, 0); - break; + err = krb5_locate_kdc (ctx, &realm, &al, master, 0, 0); + break; } if (err) kfatal (err); print_addrs (); diff --git a/src/lib/krb5/os/t_realm_iter.c b/src/lib/krb5/os/t_realm_iter.c index b396935..3978269 100644 --- a/src/lib/krb5/os/t_realm_iter.c +++ b/src/lib/krb5/os/t_realm_iter.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #include "krb5.h" #include <stdio.h> @@ -9,19 +10,19 @@ void test_realm_iterator(int ctx) void *iter; if ((retval = krb5_realm_iterator_create(ctx, &iter))) { - com_err("krb5_realm_iterator_create", retval, 0); - return; + com_err("krb5_realm_iterator_create", retval, 0); + return; } while (iter) { - if ((retval = krb5_realm_iterator(ctx, &iter, &realm))) { - com_err("krb5_realm_iterator", retval, 0); - krb5_realm_iterator_free(ctx, &iter); - return; - } - if (realm) { - printf("Realm: '%s'\n", realm); - krb5_free_realm_string(ctx, realm); - } + if ((retval = krb5_realm_iterator(ctx, &iter, &realm))) { + com_err("krb5_realm_iterator", retval, 0); + krb5_realm_iterator_free(ctx, &iter); + return; + } + if (realm) { + printf("Realm: '%s'\n", realm); + krb5_free_realm_string(ctx, realm); + } } } @@ -32,9 +33,9 @@ int main(int argc, char **argv) retval = krb5_init_context(&ctx); if (retval) { - fprintf(stderr, "krb5_init_context returned error %ld\n", - retval); - exit(1); + fprintf(stderr, "krb5_init_context returned error %ld\n", + retval); + exit(1); } test_realm_iterator(ctx); diff --git a/src/lib/krb5/os/t_std_conf.c b/src/lib/krb5/os/t_std_conf.c index 04b75d7..a3bd795 100644 --- a/src/lib/krb5/os/t_std_conf.c +++ b/src/lib/krb5/os/t_std_conf.c @@ -1,6 +1,7 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* - * t_std_conf.c --- This program tests standard Krb5 routines which pull - * values from the krb5 config file(s). + * t_std_conf.c --- This program tests standard Krb5 routines which pull + * values from the krb5 config file(s). */ #include "fake-addrinfo.h" @@ -19,229 +20,229 @@ static void test_get_default_realm(krb5_context ctx) { - char *realm; - krb5_error_code retval; - - retval = krb5_get_default_realm(ctx, &realm); - if (retval) { - com_err("krb5_get_default_realm", retval, 0); - return; - } - printf("krb5_get_default_realm() returned '%s'\n", realm); - free(realm); + char *realm; + krb5_error_code retval; + + retval = krb5_get_default_realm(ctx, &realm); + if (retval) { + com_err("krb5_get_default_realm", retval, 0); + return; + } + printf("krb5_get_default_realm() returned '%s'\n", realm); + free(realm); } static void test_set_default_realm(krb5_context ctx, char *realm) { - krb5_error_code retval; - - retval = krb5_set_default_realm(ctx, realm); - if (retval) { - com_err("krb5_set_default_realm", retval, 0); - return; - } - printf("krb5_set_default_realm(%s)\n", realm); + krb5_error_code retval; + + retval = krb5_set_default_realm(ctx, realm); + if (retval) { + com_err("krb5_set_default_realm", retval, 0); + return; + } + printf("krb5_set_default_realm(%s)\n", realm); } static void test_get_default_ccname(krb5_context ctx) { - const char *ccname; + const char *ccname; - ccname = krb5_cc_default_name(ctx); - if (ccname) - printf("krb5_cc_default_name() returned '%s'\n", ccname); - else - printf("krb5_cc_default_name() returned NULL\n"); + ccname = krb5_cc_default_name(ctx); + if (ccname) + printf("krb5_cc_default_name() returned '%s'\n", ccname); + else + printf("krb5_cc_default_name() returned NULL\n"); } static void test_set_default_ccname(krb5_context ctx, char *ccname) { - krb5_error_code retval; - - retval = krb5_cc_set_default_name(ctx, ccname); - if (retval) { - com_err("krb5_set_default_ccname", retval, 0); - return; - } - printf("krb5_set_default_ccname(%s)\n", ccname); + krb5_error_code retval; + + retval = krb5_cc_set_default_name(ctx, ccname); + if (retval) { + com_err("krb5_set_default_ccname", retval, 0); + return; + } + printf("krb5_set_default_ccname(%s)\n", ccname); } static void test_get_krbhst(krb5_context ctx, char *realm) { - char **hostlist, **cpp; - krb5_data rlm; - krb5_error_code retval; - - rlm.data = realm; - rlm.length = strlen(realm); - retval = krb5_get_krbhst(ctx, &rlm, &hostlist); - if (retval) { - com_err("krb5_get_krbhst", retval, 0); - return; - } - printf("krb_get_krbhst(%s) returned:", realm); - if (hostlist == 0) { - printf(" (null)\n"); - return; - } - if (hostlist[0] == 0) { - printf(" (none)\n"); - krb5_free_krbhst(ctx, hostlist); - return; - } - for (cpp = hostlist; *cpp; cpp++) { - printf(" '%s'", *cpp); - } - krb5_free_krbhst(ctx, hostlist); - printf("\n"); + char **hostlist, **cpp; + krb5_data rlm; + krb5_error_code retval; + + rlm.data = realm; + rlm.length = strlen(realm); + retval = krb5_get_krbhst(ctx, &rlm, &hostlist); + if (retval) { + com_err("krb5_get_krbhst", retval, 0); + return; + } + printf("krb_get_krbhst(%s) returned:", realm); + if (hostlist == 0) { + printf(" (null)\n"); + return; + } + if (hostlist[0] == 0) { + printf(" (none)\n"); + krb5_free_krbhst(ctx, hostlist); + return; + } + for (cpp = hostlist; *cpp; cpp++) { + printf(" '%s'", *cpp); + } + krb5_free_krbhst(ctx, hostlist); + printf("\n"); } static void test_locate_kdc(krb5_context ctx, char *realm) { - struct addrlist addrs; - int i; - int get_masters=0; - krb5_data rlm; - krb5_error_code retval; - - rlm.data = realm; - rlm.length = strlen(realm); - retval = krb5_locate_kdc(ctx, &rlm, &addrs, get_masters, 0, 0); - if (retval) { - com_err("krb5_locate_kdc", retval, 0); - return; - } - printf("krb_locate_kdc(%s) returned:", realm); - for (i=0; i < addrs.naddrs; i++) { - struct addrinfo *ai = addrs.addrs[i].ai; - switch (ai->ai_family) { - case AF_INET: - { - struct sockaddr_in *s_sin; - s_sin = (struct sockaddr_in *) ai->ai_addr; - printf(" inet:%s/%d", inet_ntoa(s_sin->sin_addr), - ntohs(s_sin->sin_port)); - } - break; + struct addrlist addrs; + int i; + int get_masters=0; + krb5_data rlm; + krb5_error_code retval; + + rlm.data = realm; + rlm.length = strlen(realm); + retval = krb5_locate_kdc(ctx, &rlm, &addrs, get_masters, 0, 0); + if (retval) { + com_err("krb5_locate_kdc", retval, 0); + return; + } + printf("krb_locate_kdc(%s) returned:", realm); + for (i=0; i < addrs.naddrs; i++) { + struct addrinfo *ai = addrs.addrs[i].ai; + switch (ai->ai_family) { + case AF_INET: + { + struct sockaddr_in *s_sin; + s_sin = (struct sockaddr_in *) ai->ai_addr; + printf(" inet:%s/%d", inet_ntoa(s_sin->sin_addr), + ntohs(s_sin->sin_port)); + } + break; #ifdef KRB5_USE_INET6 - case AF_INET6: - { - struct sockaddr_in6 *s_sin6; - int j; - s_sin6 = (struct sockaddr_in6 *) ai->ai_addr; - printf(" inet6"); - for (j = 0; j < 8; j++) - printf(":%x", - (s_sin6->sin6_addr.s6_addr[2*j] * 256 - + s_sin6->sin6_addr.s6_addr[2*j+1])); - printf("/%d", ntohs(s_sin6->sin6_port)); - break; - } + case AF_INET6: + { + struct sockaddr_in6 *s_sin6; + int j; + s_sin6 = (struct sockaddr_in6 *) ai->ai_addr; + printf(" inet6"); + for (j = 0; j < 8; j++) + printf(":%x", + (s_sin6->sin6_addr.s6_addr[2*j] * 256 + + s_sin6->sin6_addr.s6_addr[2*j+1])); + printf("/%d", ntohs(s_sin6->sin6_port)); + break; + } #endif - default: - printf(" unknown-af-%d", ai->ai_family); - break; - } - } - krb5int_free_addrlist(&addrs); - printf("\n"); + default: + printf(" unknown-af-%d", ai->ai_family); + break; + } + } + krb5int_free_addrlist(&addrs); + printf("\n"); } static void test_get_host_realm(krb5_context ctx, char *host) { - char **realms, **cpp; - krb5_error_code retval; - - retval = krb5_get_host_realm(ctx, host, &realms); - if (retval) { - com_err("krb5_get_host_realm", retval, 0); - return; - } - printf("krb_get_host_realm(%s) returned:", host); - if (realms == 0) { - printf(" (null)\n"); - return; - } - if (realms[0] == 0) { - printf(" (none)\n"); - free(realms); - return; - } - for (cpp = realms; *cpp; cpp++) { - printf(" '%s'", *cpp); - free(*cpp); - } - free(realms); - printf("\n"); + char **realms, **cpp; + krb5_error_code retval; + + retval = krb5_get_host_realm(ctx, host, &realms); + if (retval) { + com_err("krb5_get_host_realm", retval, 0); + return; + } + printf("krb_get_host_realm(%s) returned:", host); + if (realms == 0) { + printf(" (null)\n"); + return; + } + if (realms[0] == 0) { + printf(" (none)\n"); + free(realms); + return; + } + for (cpp = realms; *cpp; cpp++) { + printf(" '%s'", *cpp); + free(*cpp); + } + free(realms); + printf("\n"); } static void test_get_realm_domain(krb5_context ctx, char *realm) { - krb5_error_code retval; - char *domain; - - retval = krb5_get_realm_domain(ctx, realm, &domain); - if (retval) { - com_err("krb5_get_realm_domain", retval, 0); - return; - } - printf("krb5_get_realm_domain(%s) returned '%s'\n", realm, domain); - free(domain); + krb5_error_code retval; + char *domain; + + retval = krb5_get_realm_domain(ctx, realm, &domain); + if (retval) { + com_err("krb5_get_realm_domain", retval, 0); + return; + } + printf("krb5_get_realm_domain(%s) returned '%s'\n", realm, domain); + free(domain); } static void usage(char *progname) { - fprintf(stderr, "%s: Usage: %s [-dc] [-k realm] [-r host] [-C ccname] [-D realm]\n", - progname, progname); - exit(1); + fprintf(stderr, "%s: Usage: %s [-dc] [-k realm] [-r host] [-C ccname] [-D realm]\n", + progname, progname); + exit(1); } int main(int argc, char **argv) { - int c; - krb5_context ctx; - krb5_error_code retval; - extern char *optarg; - - retval = krb5_init_context(&ctx); - if (retval) { - fprintf(stderr, "krb5_init_context returned error %u\n", - retval); - exit(1); - } - - while ((c = getopt(argc, argv, "cdk:r:C:D:l:s:")) != -1) { - switch (c) { - case 'c': /* Get default ccname */ - test_get_default_ccname(ctx); - break; - case 'd': /* Get default realm */ - test_get_default_realm(ctx); - break; - case 'k': /* Get list of KDC's */ - test_get_krbhst(ctx, optarg); - break; - case 'l': - test_locate_kdc(ctx, optarg); - break; - case 'r': - test_get_host_realm(ctx, optarg); - break; - case 's': - test_set_default_realm(ctx, optarg); - break; - case 'C': - test_set_default_ccname(ctx, optarg); - break; - case 'D': - test_get_realm_domain(ctx, optarg); - break; - default: - usage(argv[0]); - } - } - - - krb5_free_context(ctx); - exit(0); + int c; + krb5_context ctx; + krb5_error_code retval; + extern char *optarg; + + retval = krb5_init_context(&ctx); + if (retval) { + fprintf(stderr, "krb5_init_context returned error %u\n", + retval); + exit(1); + } + + while ((c = getopt(argc, argv, "cdk:r:C:D:l:s:")) != -1) { + switch (c) { + case 'c': /* Get default ccname */ + test_get_default_ccname(ctx); + break; + case 'd': /* Get default realm */ + test_get_default_realm(ctx); + break; + case 'k': /* Get list of KDC's */ + test_get_krbhst(ctx, optarg); + break; + case 'l': + test_locate_kdc(ctx, optarg); + break; + case 'r': + test_get_host_realm(ctx, optarg); + break; + case 's': + test_set_default_realm(ctx, optarg); + break; + case 'C': + test_set_default_ccname(ctx, optarg); + break; + case 'D': + test_get_realm_domain(ctx, optarg); + break; + default: + usage(argv[0]); + } + } + + + krb5_free_context(ctx); + exit(0); } diff --git a/src/lib/krb5/os/thread_safe.c b/src/lib/krb5/os/thread_safe.c index faac234..acd88ce 100644 --- a/src/lib/krb5/os/thread_safe.c +++ b/src/lib/krb5/os/thread_safe.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/thread_safec * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * krb5_is_thread_safe() function. */ diff --git a/src/lib/krb5/os/timeofday.c b/src/lib/krb5/os/timeofday.c index 31d803e..a711b04 100644 --- a/src/lib/krb5/os/timeofday.c +++ b/src/lib/krb5/os/timeofday.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/timeofday.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,9 +23,9 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * * - * libos: krb5_timeofday function for BSD 4.3 + * + * libos: krb5_timeofday function for BSD 4.3 */ @@ -39,18 +40,18 @@ krb5_timeofday(krb5_context context, register krb5_timestamp *timeret) time_t tval; if (context == NULL) - return EINVAL; + return EINVAL; os_ctx = &context->os_context; if (os_ctx->os_flags & KRB5_OS_TOFFSET_TIME) { - *timeret = os_ctx->time_offset; - return 0; + *timeret = os_ctx->time_offset; + return 0; } tval = time(0); if (tval == (time_t) -1) - return (krb5_error_code) errno; + return (krb5_error_code) errno; if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) - tval += os_ctx->time_offset; + tval += os_ctx->time_offset; *timeret = tval; return 0; } diff --git a/src/lib/krb5/os/toffset.c b/src/lib/krb5/os/toffset.c index 40bc108..a9faec5 100644 --- a/src/lib/krb5/os/toffset.c +++ b/src/lib/krb5/os/toffset.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/toffset.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,13 +48,13 @@ krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 micr retval = krb5_crypto_us_timeofday(&sec, &usec); if (retval) - return retval; + return retval; os_ctx->time_offset = seconds - sec; os_ctx->usec_offset = (microseconds > -1) ? microseconds - usec : 0; os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | - KRB5_OS_TOFFSET_VALID); + KRB5_OS_TOFFSET_VALID); return 0; } @@ -62,7 +63,7 @@ krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 micr * the seconds and microseconds value as input to this function. This * is useful for running the krb5 routines through test suites */ -krb5_error_code +krb5_error_code krb5_set_debugging_time(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds) { krb5_os_context os_ctx = &context->os_context; @@ -70,7 +71,7 @@ krb5_set_debugging_time(krb5_context context, krb5_timestamp seconds, krb5_int32 os_ctx->time_offset = seconds; os_ctx->usec_offset = microseconds; os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_VALID) | - KRB5_OS_TOFFSET_TIME); + KRB5_OS_TOFFSET_TIME); return 0; } @@ -78,7 +79,7 @@ krb5_set_debugging_time(krb5_context context, krb5_timestamp seconds, krb5_int32 * This routine turns off the time correction fields, so that the krb5 * routines return the "natural" time. */ -krb5_error_code +krb5_error_code krb5_use_natural_time(krb5_context context) { krb5_os_context os_ctx = &context->os_context; @@ -97,9 +98,9 @@ krb5_get_time_offsets(krb5_context context, krb5_timestamp *seconds, krb5_int32 krb5_os_context os_ctx = &context->os_context; if (seconds) - *seconds = os_ctx->time_offset; + *seconds = os_ctx->time_offset; if (microseconds) - *microseconds = os_ctx->usec_offset; + *microseconds = os_ctx->usec_offset; return 0; } @@ -107,7 +108,7 @@ krb5_get_time_offsets(krb5_context context, krb5_timestamp *seconds, krb5_int32 /* * This routine sets the time offsets directly. */ -krb5_error_code +krb5_error_code krb5_set_time_offsets(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds) { krb5_os_context os_ctx = &context->os_context; @@ -115,6 +116,6 @@ krb5_set_time_offsets(krb5_context context, krb5_timestamp seconds, krb5_int32 m os_ctx->time_offset = seconds; os_ctx->usec_offset = microseconds; os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | - KRB5_OS_TOFFSET_VALID); + KRB5_OS_TOFFSET_VALID); return 0; } diff --git a/src/lib/krb5/os/unlck_file.c b/src/lib/krb5/os/unlck_file.c index 0bbf7ce..37233a3 100644 --- a/src/lib/krb5/os/unlck_file.c +++ b/src/lib/krb5/os/unlck_file.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/unlck_file.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * libos: krb5_lock_file routine */ diff --git a/src/lib/krb5/os/ustime.c b/src/lib/krb5/os/ustime.c index bb34c22..34c2fa0 100644 --- a/src/lib/krb5/os/ustime.c +++ b/src/lib/krb5/os/ustime.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/ustime.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * krb5_crypto_us_timeofday() does all of the real work; however, we * handle the time offset adjustment here, since this is context * specific, and the crypto version of this call doesn't have access @@ -39,26 +40,26 @@ krb5_us_timeofday(krb5_context context, krb5_timestamp *seconds, krb5_int32 *mic krb5_os_context os_ctx = &context->os_context; krb5_int32 sec, usec; krb5_error_code retval; - + if (os_ctx->os_flags & KRB5_OS_TOFFSET_TIME) { - *seconds = os_ctx->time_offset; - *microseconds = os_ctx->usec_offset; - return 0; + *seconds = os_ctx->time_offset; + *microseconds = os_ctx->usec_offset; + return 0; } retval = krb5_crypto_us_timeofday(&sec, &usec); if (retval) - return retval; + return retval; if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) { - usec += os_ctx->usec_offset; - if (usec > 1000000) { - usec -= 1000000; - sec++; - } - if (usec < 0) { - usec += 1000000; - sec--; - } - sec += os_ctx->time_offset; + usec += os_ctx->usec_offset; + if (usec > 1000000) { + usec -= 1000000; + sec++; + } + if (usec < 0) { + usec += 1000000; + sec--; + } + sec += os_ctx->time_offset; } *seconds = sec; *microseconds = usec; diff --git a/src/lib/krb5/os/write_msg.c b/src/lib/krb5/os/write_msg.c index e6001e8..6a57b1e 100644 --- a/src/lib/krb5/os/write_msg.c +++ b/src/lib/krb5/os/write_msg.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/os/write_msg.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * convenience sendauth/recvauth functions */ @@ -42,29 +43,29 @@ krb5int_write_messages(krb5_context context, krb5_pointer fdp, krb5_data *outbuf int fd = *( (int *) fdp); while (nbufs) { - int nbufs1; - sg_buf sg[4]; - krb5_int32 len[2]; + int nbufs1; + sg_buf sg[4]; + krb5_int32 len[2]; - if (nbufs > 1) - nbufs1 = 2; - else - nbufs1 = 1; - len[0] = htonl(outbuf[0].length); - SG_SET(&sg[0], &len[0], 4); - SG_SET(&sg[1], outbuf[0].length ? outbuf[0].data : NULL, - outbuf[0].length); - if (nbufs1 == 2) { - len[1] = htonl(outbuf[1].length); - SG_SET(&sg[2], &len[1], 4); - SG_SET(&sg[3], outbuf[1].length ? outbuf[1].data : NULL, - outbuf[1].length); - } - if (krb5int_net_writev(context, fd, sg, nbufs1 * 2) < 0) { - return errno; - } - outbuf += nbufs1; - nbufs -= nbufs1; + if (nbufs > 1) + nbufs1 = 2; + else + nbufs1 = 1; + len[0] = htonl(outbuf[0].length); + SG_SET(&sg[0], &len[0], 4); + SG_SET(&sg[1], outbuf[0].length ? outbuf[0].data : NULL, + outbuf[0].length); + if (nbufs1 == 2) { + len[1] = htonl(outbuf[1].length); + SG_SET(&sg[2], &len[1], 4); + SG_SET(&sg[3], outbuf[1].length ? outbuf[1].data : NULL, + outbuf[1].length); + } + if (krb5int_net_writev(context, fd, sg, nbufs1 * 2) < 0) { + return errno; + } + outbuf += nbufs1; + nbufs -= nbufs1; } return(0); } diff --git a/src/lib/krb5/posix/syslog.c b/src/lib/krb5/posix/syslog.c index e131893..418e811 100644 --- a/src/lib/krb5/posix/syslog.c +++ b/src/lib/krb5/posix/syslog.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #if defined(_WIN32) /* Windows doesn't have the concept of a system log, so just ** do nothing here. @@ -5,6 +6,6 @@ void syslog(int pri, const char *fmt, ...) { - return; + return; } #endif diff --git a/src/lib/krb5/rcache/rc-int.h b/src/lib/krb5/rcache/rc-int.h index 5d91d3c..3030f0e 100644 --- a/src/lib/krb5/rcache/rc-int.h +++ b/src/lib/krb5/rcache/rc-int.h @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/rc-int.h * @@ -47,25 +47,25 @@ struct _krb5_rc_ops { krb5_magic magic; char *type; krb5_error_code (KRB5_CALLCONV *init) - (krb5_context, krb5_rcache,krb5_deltat); /* create */ + (krb5_context, krb5_rcache,krb5_deltat); /* create */ krb5_error_code (KRB5_CALLCONV *recover) - (krb5_context, krb5_rcache); /* open */ + (krb5_context, krb5_rcache); /* open */ krb5_error_code (KRB5_CALLCONV *recover_or_init) - (krb5_context, krb5_rcache,krb5_deltat); + (krb5_context, krb5_rcache,krb5_deltat); krb5_error_code (KRB5_CALLCONV *destroy) - (krb5_context, krb5_rcache); + (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *close) - (krb5_context, krb5_rcache); + (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *store) - (krb5_context, krb5_rcache,krb5_donot_replay *); + (krb5_context, krb5_rcache,krb5_donot_replay *); krb5_error_code (KRB5_CALLCONV *expunge) - (krb5_context, krb5_rcache); + (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *get_span) - (krb5_context, krb5_rcache,krb5_deltat *); + (krb5_context, krb5_rcache,krb5_deltat *); char *(KRB5_CALLCONV *get_name) - (krb5_context, krb5_rcache); + (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *resolve) - (krb5_context, krb5_rcache, char *); + (krb5_context, krb5_rcache, char *); }; typedef struct _krb5_rc_ops krb5_rc_ops; diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c index 43b901f..a7c7dd8 100644 --- a/src/lib/krb5/rcache/rc_base.c +++ b/src/lib/krb5/rcache/rc_base.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_base.c * diff --git a/src/lib/krb5/rcache/rc_base.h b/src/lib/krb5/rcache/rc_base.h index b8687f2..1e0f83a 100644 --- a/src/lib/krb5/rcache/rc_base.h +++ b/src/lib/krb5/rcache/rc_base.h @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_base.h * diff --git a/src/lib/krb5/rcache/rc_conv.c b/src/lib/krb5/rcache/rc_conv.c index cda9c91..aa4b56a 100644 --- a/src/lib/krb5/rcache/rc_conv.c +++ b/src/lib/krb5/rcache/rc_conv.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_conv.c * diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c index c831ba0..f19f1cb 100644 --- a/src/lib/krb5/rcache/rc_dfl.c +++ b/src/lib/krb5/rcache/rc_dfl.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_dfl.c * diff --git a/src/lib/krb5/rcache/rc_dfl.h b/src/lib/krb5/rcache/rc_dfl.h index 4a6bada..d1dd153 100644 --- a/src/lib/krb5/rcache/rc_dfl.h +++ b/src/lib/krb5/rcache/rc_dfl.h @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_dfl.h * @@ -15,42 +15,42 @@ #define KRB5_RC_DFL_H krb5_error_code KRB5_CALLCONV krb5_rc_dfl_init - (krb5_context, - krb5_rcache, - krb5_deltat); +(krb5_context, + krb5_rcache, + krb5_deltat); krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover - (krb5_context, - krb5_rcache); +(krb5_context, + krb5_rcache); krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover_or_init - (krb5_context, krb5_rcache, krb5_deltat); +(krb5_context, krb5_rcache, krb5_deltat); krb5_error_code KRB5_CALLCONV krb5_rc_dfl_destroy - (krb5_context, - krb5_rcache); +(krb5_context, + krb5_rcache); krb5_error_code KRB5_CALLCONV krb5_rc_dfl_close - (krb5_context, - krb5_rcache); +(krb5_context, + krb5_rcache); krb5_error_code KRB5_CALLCONV krb5_rc_dfl_store - (krb5_context, - krb5_rcache, - krb5_donot_replay *); +(krb5_context, + krb5_rcache, + krb5_donot_replay *); krb5_error_code KRB5_CALLCONV krb5_rc_dfl_expunge - (krb5_context, - krb5_rcache); +(krb5_context, + krb5_rcache); krb5_error_code KRB5_CALLCONV krb5_rc_dfl_get_span - (krb5_context, - krb5_rcache, - krb5_deltat *); +(krb5_context, + krb5_rcache, + krb5_deltat *); char * KRB5_CALLCONV krb5_rc_dfl_get_name - (krb5_context, - krb5_rcache); +(krb5_context, + krb5_rcache); krb5_error_code KRB5_CALLCONV krb5_rc_dfl_resolve - (krb5_context, - krb5_rcache, - char *); +(krb5_context, + krb5_rcache, + char *); krb5_error_code krb5_rc_dfl_close_no_free - (krb5_context, - krb5_rcache); +(krb5_context, + krb5_rcache); void krb5_rc_free_entry - (krb5_context, - krb5_donot_replay **); +(krb5_context, + krb5_donot_replay **); #endif diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index 8d7d986..872b5fd 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_io.c * @@ -262,12 +262,12 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn, /* check if someone was playing with symlinks */ if ((sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) || (sb1.st_mode & S_IFMT) != S_IFREG) - { - retval = KRB5_RC_IO_PERM; - krb5_set_error_message(context, retval, - "rcache not a file %s", d->fn); - goto cleanup; - } + { + retval = KRB5_RC_IO_PERM; + krb5_set_error_message(context, retval, + "rcache not a file %s", d->fn); + goto cleanup; + } /* check that non other can read/write/execute the file */ if (sb1.st_mode & 077) { krb5_set_error_message(context, retval, "Insecure file mode " diff --git a/src/lib/krb5/rcache/rc_io.h b/src/lib/krb5/rcache/rc_io.h index a2e13bc..e58d850 100644 --- a/src/lib/krb5/rcache/rc_io.h +++ b/src/lib/krb5/rcache/rc_io.h @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_io.h * @@ -15,57 +15,57 @@ #define KRB5_RC_IO_H typedef struct krb5_rc_iostuff - { - int fd; +{ + int fd; #ifdef MSDOS_FILESYSTEM - long mark; + long mark; #else - off_t mark; /* on newer systems, should be pos_t */ + off_t mark; /* on newer systems, should be pos_t */ #endif - char *fn; - } -krb5_rc_iostuff; + char *fn; +} + krb5_rc_iostuff; /* first argument is always iostuff for result file */ krb5_error_code krb5_rc_io_creat - (krb5_context, - krb5_rc_iostuff *, - char **); +(krb5_context, + krb5_rc_iostuff *, + char **); krb5_error_code krb5_rc_io_open - (krb5_context, - krb5_rc_iostuff *, - char *); +(krb5_context, + krb5_rc_iostuff *, + char *); krb5_error_code krb5_rc_io_move - (krb5_context, - krb5_rc_iostuff *, - krb5_rc_iostuff *); +(krb5_context, + krb5_rc_iostuff *, + krb5_rc_iostuff *); krb5_error_code krb5_rc_io_write - (krb5_context, - krb5_rc_iostuff *, - krb5_pointer, - unsigned int); +(krb5_context, + krb5_rc_iostuff *, + krb5_pointer, + unsigned int); krb5_error_code krb5_rc_io_read - (krb5_context, - krb5_rc_iostuff *, - krb5_pointer, - unsigned int); +(krb5_context, + krb5_rc_iostuff *, + krb5_pointer, + unsigned int); krb5_error_code krb5_rc_io_close - (krb5_context, - krb5_rc_iostuff *); +(krb5_context, + krb5_rc_iostuff *); krb5_error_code krb5_rc_io_destroy - (krb5_context, - krb5_rc_iostuff *); +(krb5_context, + krb5_rc_iostuff *); krb5_error_code krb5_rc_io_mark - (krb5_context, - krb5_rc_iostuff *); +(krb5_context, + krb5_rc_iostuff *); krb5_error_code krb5_rc_io_unmark - (krb5_context, - krb5_rc_iostuff *); +(krb5_context, + krb5_rc_iostuff *); krb5_error_code krb5_rc_io_sync - (krb5_context, - krb5_rc_iostuff *); +(krb5_context, + krb5_rc_iostuff *); long krb5_rc_io_size - (krb5_context, - krb5_rc_iostuff *); +(krb5_context, + krb5_rc_iostuff *); #endif diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c index a0ffed3..77ca837 100644 --- a/src/lib/krb5/rcache/rc_none.c +++ b/src/lib/krb5/rcache/rc_none.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_none.c * diff --git a/src/lib/krb5/rcache/rcdef.c b/src/lib/krb5/rcache/rcdef.c index 5b860f1..c4657b3 100644 --- a/src/lib/krb5/rcache/rcdef.c +++ b/src/lib/krb5/rcache/rcdef.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rcdef.c * diff --git a/src/lib/krb5/rcache/rcfns.c b/src/lib/krb5/rcache/rcfns.c index 6794af6..52dec49 100644 --- a/src/lib/krb5/rcache/rcfns.c +++ b/src/lib/krb5/rcache/rcfns.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rcfns.c * diff --git a/src/lib/krb5/rcache/ser_rc.c b/src/lib/krb5/rcache/ser_rc.c index 72bad88..04b9698 100644 --- a/src/lib/krb5/rcache/ser_rc.c +++ b/src/lib/krb5/rcache/ser_rc.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/ser_rc.c * @@ -39,11 +39,11 @@ * krb5_rcache_internalize(); */ static krb5_error_code krb5_rcache_size - (krb5_context, krb5_pointer, size_t *); +(krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_rcache_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); +(krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_rcache_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +(krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* * Serialization entry for this type. diff --git a/src/lib/krb5/rcache/t_replay.c b/src/lib/krb5/rcache/t_replay.c index d32d654..50928c5 100644 --- a/src/lib/krb5/rcache/t_replay.c +++ b/src/lib/krb5/rcache/t_replay.c @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * test/threads/t_replay.c * diff --git a/src/lib/krb5/unicode/ucdata/ucdata.c b/src/lib/krb5/unicode/ucdata/ucdata.c index 590ad2f..1e46744 100644 --- a/src/lib/krb5/unicode/ucdata/ucdata.c +++ b/src/lib/krb5/unicode/ucdata/ucdata.c @@ -59,7 +59,7 @@ typedef struct { krb5_ui_2 cnt; union { krb5_ui_4 bytes; - krb5_ui_2 len[2]; + krb5_ui_2 len[2]; } size; } _ucheader_t; @@ -618,7 +618,7 @@ uccomp_hangul(krb5_ui_4 *str, int len) LCount = 19, VCount = 21, TCount = 28, NCount = VCount * TCount, /* 588 */ SCount = LCount * NCount; /* 11172 */ - + int i, rlen; krb5_ui_4 ch, last, lindex, sindex; @@ -638,7 +638,7 @@ uccomp_hangul(krb5_ui_4 *str, int len) continue; } } - + /* check if two current characters are LV and T */ sindex = last - SBase; if (sindex < (krb5_ui_4) SCount @@ -671,7 +671,7 @@ uccanoncomp(krb5_ui_4 *str, int len) stpos = 0; copos = 1; prevcl = uccombining_class(st) == 0 ? 0 : 256; - + for (i = 1; i < len; i++) { ch = str[i]; cl = uccombining_class(ch); @@ -885,7 +885,7 @@ uckdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp) if (code < _uckdcmp_nodes[0]) { return 0; } - + l = 0; r = _uckdcmp_nodes[_uckdcmp_size] - 1; diff --git a/src/lib/krb5/unicode/ucdata/ucdata.h b/src/lib/krb5/unicode/ucdata/ucdata.h index ff3bb34..00ece35 100644 --- a/src/lib/krb5/unicode/ucdata/ucdata.h +++ b/src/lib/krb5/unicode/ucdata/ucdata.h @@ -261,7 +261,7 @@ int uckdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp); */ int ucdecomp_hangul(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 decomp[]); -/* +/* * This routine does canonical decomposition of the string in of length * inlen, and returns the decomposed string in out with length outlen. * The memory for out is allocated by this routine. It returns the length @@ -269,14 +269,14 @@ int ucdecomp_hangul(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 decomp[]); */ int uccanondecomp (const krb5_ui_4 *in, int inlen, krb5_ui_4 **out, int *outlen); - -/* + +/* * Equivalent to uccanondecomp() except that it includes compatibility * decompositions. */ int uccompatdecomp(const krb5_ui_4 *in, int inlen, krb5_ui_4 **out, int *outlen); - + /************************************************************************** * * Functions for getting combining classes. diff --git a/src/lib/krb5/unicode/ucdata/ucgendat.c b/src/lib/krb5/unicode/ucdata/ucgendat.c index 42b0ecd..a6d38fb 100644 --- a/src/lib/krb5/unicode/ucdata/ucgendat.c +++ b/src/lib/krb5/unicode/ucdata/ucgendat.c @@ -449,7 +449,7 @@ add_decomp(krb5_ui_4 code, short compat) pdecomps_used = &decomps_used; pdecomps_size = &decomps_size; } - + /* * Add the code to the composite property. */ @@ -953,7 +953,7 @@ read_cdata(FILE *in) i++; } for (e = s; *e && *e != ';'; e++) ; - + ordered_range_insert(code, s, e - s); /* @@ -1125,7 +1125,7 @@ find_decomp(krb5_ui_4 code, short compat) { long l, r, m; _decomp_t *decs; - + l = 0; r = (compat ? kdecomps_used : decomps_used) - 1; decs = compat ? kdecomps : decomps; @@ -1479,12 +1479,12 @@ write_cdata(char *opath) * Generate the composition data. * *****************************************************************/ - + /* * Create compositions from decomposition data */ create_comps(); - + #if HARDCODE_DATA fprintf(out, PREF "krb5_ui_4 _uccomp_size = %ld;\n\n", comps_used * 4L); @@ -1512,28 +1512,28 @@ write_cdata(char *opath) snprintf(path, sizeof path, "%s" LDAP_DIRSEP "comp.dat", opath); if ((out = fopen(path, "wb")) == 0) return; - + /* * Write the header. */ hdr[1] = (krb5_ui_2) comps_used * 4; fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out); - + /* * Write out the byte count to maintain header size. */ bytes = comps_used * sizeof(_comp_t); fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out); - + /* * Now, if comps exist, write them out. */ if (comps_used > 0) fwrite((char *) comps, sizeof(_comp_t), comps_used, out); - + fclose(out); #endif - + /***************************************************************** * * Generate the decomposition data. diff --git a/src/lib/krb5/unicode/ucdata/uctable.h b/src/lib/krb5/unicode/ucdata/uctable.h index 19d334b..98a8745 100644 --- a/src/lib/krb5/unicode/ucdata/uctable.h +++ b/src/lib/krb5/unicode/ucdata/uctable.h @@ -14303,4 +14303,3 @@ static const short _ucnum_vals[] = { 0x002a, 0x0001, 0x002b, 0x0001, 0x002c, 0x0001, 0x002d, 0x0001, 0x002e, 0x0001, 0x002f, 0x0001, 0x0030, 0x0001, 0x0031, 0x0001 }; - diff --git a/src/lib/krb5/unicode/ucstr.c b/src/lib/krb5/unicode/ucstr.c index ec23688..fa6796f 100644 --- a/src/lib/krb5/unicode/ucstr.c +++ b/src/lib/krb5/unicode/ucstr.c @@ -4,13 +4,13 @@ */ /* * This work is part of OpenLDAP Software <http://www.openldap.org/>. - * + * * Copyright 1998-2008 The OpenLDAP Foundation. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted only as authorized by the OpenLDAP Public * License. - * + * * A copy of this license is available in file LICENSE in the top-level * directory of the distribution or, alternatively, at * <http://www.OpenLDAP.org/license.html>. @@ -23,7 +23,7 @@ #include <ctype.h> -int +int krb5int_ucstrncmp( const krb5_unicode * u1, const krb5_unicode * u2, @@ -40,7 +40,7 @@ krb5int_ucstrncmp( return 0; } -int +int krb5int_ucstrncasecmp( const krb5_unicode * u1, const krb5_unicode * u2, @@ -91,7 +91,7 @@ krb5int_ucstrncasechr( return NULL; } -void +void krb5int_ucstr2upper( krb5_unicode * u, size_t n) @@ -309,7 +309,7 @@ cleanup: /* compare UTF8-strings, optionally ignore casing */ /* slow, should be optimized */ -int +int krb5int_utf8_normcmp( const krb5_data * data1, const krb5_data * data2, diff --git a/src/lib/krb5/unicode/utbm/utbmstub.c b/src/lib/krb5/unicode/utbm/utbmstub.c index 8666328..51fa673 100644 --- a/src/lib/krb5/unicode/utbm/utbmstub.c +++ b/src/lib/krb5/unicode/utbm/utbmstub.c @@ -55,7 +55,7 @@ _utbm_isspace(ucs4_t c, int compress) c == 0x2028 || c == 0x2029 || _platform_isspace(c)) ? 1 : 0; return _platform_isspace(c); - + } /* diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c index 1debd4d..1d6837e 100644 --- a/src/lib/rpc/auth_gss.c +++ b/src/lib/rpc/auth_gss.c @@ -2,7 +2,7 @@ auth_gss.c RPCSEC_GSS client routines. - + Copyright (c) 2000 The Regents of the University of Michigan. All rights reserved. @@ -144,7 +144,7 @@ print_rpc_gss_sec(struct rpc_gss_sec *ptr) struct rpc_gss_data { bool_t established; /* context established */ bool_t inprogress; - gss_buffer_desc gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier + gss_buffer_desc gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier * to process at end of context negotiation*/ CLIENT *clnt; /* client handle */ gss_name_t name; /* service name */ @@ -166,9 +166,9 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec) OM_uint32 min_stat = 0; log_debug("in authgss_create()"); - + memset(&rpc_createerr, 0, sizeof(rpc_createerr)); - + if ((auth = calloc(sizeof(*auth), 1)) == NULL) { rpc_createerr.cf_stat = RPC_SYSTEMERROR; rpc_createerr.cf_error.re_errno = ENOMEM; @@ -200,18 +200,18 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec) gd->gc.gc_v = RPCSEC_GSS_VERSION; gd->gc.gc_proc = RPCSEC_GSS_INIT; gd->gc.gc_svc = gd->sec.svc; - + auth->ah_ops = &authgss_ops; auth->ah_private = (caddr_t)gd; - + save_auth = clnt->cl_auth; clnt->cl_auth = auth; if (!authgss_refresh(auth, NULL)) auth = NULL; - + clnt->cl_auth = save_auth; - + log_debug("authgss_create returning auth 0x%08x", auth); return (auth); } @@ -225,11 +225,11 @@ authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec) gss_name_t name; log_debug("in authgss_create_default()"); - + sname.value = service; sname.length = strlen(service); - + maj_stat = gss_import_name(&min_stat, &sname, (gss_OID)gss_nt_service_name, &name); @@ -241,10 +241,10 @@ authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec) } auth = authgss_create(clnt, name, sec); - + if (name != GSS_C_NO_NAME) gss_release_name(&min_stat, &name); - + log_debug("authgss_create_default returning auth 0x%08x", auth); return (auth); } @@ -287,16 +287,16 @@ authgss_marshal(AUTH *auth, XDR *xdrs) gss_buffer_desc rpcbuf, checksum; OM_uint32 maj_stat, min_stat; bool_t xdr_stat; - + log_debug("in authgss_marshal()"); - + gd = AUTH_PRIVATE(auth); if (gd->established) gd->gc.gc_seq++; - + xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE); - + if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gc)) { XDR_DESTROY(&tmpxdrs); return (FALSE); @@ -304,12 +304,12 @@ authgss_marshal(AUTH *auth, XDR *xdrs) auth->ah_cred.oa_flavor = RPCSEC_GSS; auth->ah_cred.oa_base = tmp; auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs); - + XDR_DESTROY(&tmpxdrs); - + if (!xdr_opaque_auth(xdrs, &auth->ah_cred)) return (FALSE); - + if (gd->gc.gc_proc == RPCSEC_GSS_INIT || gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) { return (xdr_opaque_auth(xdrs, &gssrpc__null_auth)); @@ -318,7 +318,7 @@ authgss_marshal(AUTH *auth, XDR *xdrs) rpcbuf.length = XDR_GETPOS(xdrs); XDR_SETPOS(xdrs, 0); rpcbuf.value = XDR_INLINE(xdrs, (int)rpcbuf.length); - + maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop, &rpcbuf, &checksum); @@ -333,10 +333,10 @@ authgss_marshal(AUTH *auth, XDR *xdrs) auth->ah_verf.oa_flavor = RPCSEC_GSS; auth->ah_verf.oa_base = checksum.value; auth->ah_verf.oa_length = checksum.length; - + xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf); gss_release_buffer(&min_stat, &checksum); - + return (xdr_stat); } @@ -350,13 +350,13 @@ authgss_validate(AUTH *auth, struct opaque_auth *verf) OM_uint32 maj_stat, min_stat; log_debug("in authgss_validate()"); - + gd = AUTH_PRIVATE(auth); if (gd->established == FALSE) { /* would like to do this only on NULL rpc - gc->established is good enough. * save the on the wire verifier to validate last INIT phase packet - * after decode if the major status is GSS_S_COMPLETE + * after decode if the major status is GSS_S_COMPLETE */ if ((gd->gc_wire_verf.value = mem_alloc(verf->oa_length)) == NULL) { fprintf(stderr, "gss_validate: out of memory\n"); @@ -372,13 +372,13 @@ authgss_validate(AUTH *auth, struct opaque_auth *verf) num = htonl(gd->win); } else num = htonl(gd->gc.gc_seq); - + signbuf.value = # signbuf.length = sizeof(num); - + checksum.value = verf->oa_base; checksum.length = verf->oa_length; - + maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf, &checksum, &qop_state); if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) { @@ -401,16 +401,16 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) OM_uint32 maj_stat, min_stat, call_stat, ret_flags; log_debug("in authgss_refresh()"); - + gd = AUTH_PRIVATE(auth); - + if (gd->established || gd->inprogress) return (TRUE); - + /* GSS context establishment loop. */ memset(&gr, 0, sizeof(gr)); recv_tokenp = GSS_C_NO_BUFFER; - + #ifdef DEBUG print_rpc_gss_sec(&gd->sec); #endif /*DEBUG*/ @@ -424,13 +424,13 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) gd->sec.mech, gd->sec.req_flags, 0, /* time req */ - GSS_C_NO_CHANNEL_BINDINGS, + GSS_C_NO_CHANNEL_BINDINGS, recv_tokenp, NULL, /* used mech */ &send_token, &ret_flags, NULL); /* time rec */ - + log_status("gss_init_sec_context", maj_stat, min_stat); if (recv_tokenp != GSS_C_NO_BUFFER) { gss_release_buffer(&min_stat, &gr.gr_token); @@ -443,13 +443,13 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) } if (send_token.length != 0) { memset(&gr, 0, sizeof(gr)); - + call_stat = clnt_call(gd->clnt, NULLPROC, xdr_rpc_gss_init_args, &send_token, xdr_rpc_gss_init_res, (caddr_t)&gr, AUTH_TIMEOUT); - + gss_release_buffer(&min_stat, &send_token); log_debug("authgss_refresh: call_stat=%d", call_stat); @@ -458,7 +458,7 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) (gr.gr_major != GSS_S_COMPLETE && gr.gr_major != GSS_S_CONTINUE_NEEDED)) break; - + if (gr.gr_ctx.length != 0) { if (gd->gc.gc_ctx.value) gss_release_buffer(&min_stat, @@ -472,7 +472,7 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) } gd->gc.gc_proc = RPCSEC_GSS_CONTINUE_INIT; } - + /* GSS_S_COMPLETE => check gss header verifier, usually checked in * gss_validate */ @@ -516,11 +516,11 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) log_debug("authgss_refresh: returning ERROR (gc_proc %d)", gd->gc.gc_proc); if (gr.gr_token.length != 0) gss_release_buffer(&min_stat, &gr.gr_token); - + authgss_destroy(auth); auth = NULL; rpc_createerr.cf_stat = RPC_AUTHERROR; - + return (FALSE); } log_debug("authgss_refresh: returning SUCCESS"); @@ -552,9 +552,9 @@ authgss_destroy_context(AUTH *auth) enum clnt_stat callstat; log_debug("in authgss_destroy_context()"); - + gd = AUTH_PRIVATE(auth); - + if (gd->gc.gc_ctx.length != 0) { if (gd->established) { gd->gc.gc_proc = RPCSEC_GSS_DESTROY; @@ -584,13 +584,13 @@ authgss_destroy(AUTH *auth) { struct rpc_gss_data *gd; OM_uint32 min_stat; - + log_debug("in authgss_destroy()"); - + gd = AUTH_PRIVATE(auth); - + authgss_destroy_context(auth); - + if (gd->name != GSS_C_NO_NAME) gss_release_name(&min_stat, &gd->name); @@ -604,7 +604,7 @@ authgss_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) struct rpc_gss_data *gd; log_debug("in authgss_wrap()"); - + gd = AUTH_PRIVATE(auth); if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { @@ -621,9 +621,9 @@ authgss_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) struct rpc_gss_data *gd; log_debug("in authgss_unwrap()"); - + gd = AUTH_PRIVATE(auth); - + if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { return ((*xdr_func)(xdrs, xdr_ptr)); } diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c index 69a4fd1..e7a1f8b 100644 --- a/src/lib/rpc/auth_gssapi.c +++ b/src/lib/rpc/auth_gssapi.c @@ -34,7 +34,7 @@ extern void gssrpcint_printf(const char *format, ...); #define L_PRINTF(l, args) #define AUTH_GSSAPI_DISPLAY_STATUS(args) #endif - + static void auth_gssapi_nextverf(AUTH *); static bool_t auth_gssapi_marshall(AUTH *, XDR *); static bool_t auth_gssapi_validate(AUTH *, struct opaque_auth *); @@ -42,7 +42,7 @@ static bool_t auth_gssapi_refresh(AUTH *, struct rpc_msg *); static bool_t auth_gssapi_wrap(AUTH *, XDR *, xdrproc_t, caddr_t); static bool_t auth_gssapi_unwrap(AUTH *, XDR *, xdrproc_t, caddr_t); static void auth_gssapi_destroy(AUTH *); - + static bool_t marshall_new_creds(AUTH *, bool_t, gss_buffer_t); static struct auth_ops auth_gssapi_ops = { @@ -65,7 +65,7 @@ struct auth_gssapi_data { gss_buffer_desc client_handle; uint32_t seq_num; int def_cred; - + /* pre-serialized ah_cred */ unsigned char cred_buf[MAX_AUTH_BYTES]; uint32_t cred_len; @@ -86,11 +86,11 @@ AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name) OM_uint32 gssstat, minor_stat; gss_buffer_desc input_name; gss_name_t target_name; - + input_name.value = service_name; input_name.length = strlen(service_name) + 1; - - gssstat = gss_import_name(&minor_stat, &input_name, + + gssstat = gss_import_name(&minor_stat, &input_name, gss_nt_service_name, &target_name); if (gssstat != GSS_S_COMPLETE) { AUTH_GSSAPI_DISPLAY_STATUS(("parsing name", gssstat, @@ -99,7 +99,7 @@ AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name) rpc_createerr.cf_error.re_errno = ENOMEM; return NULL; } - + auth = auth_gssapi_create(clnt, &gssstat, &minor_stat, @@ -111,7 +111,7 @@ AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name) NULL, NULL, NULL); - + gss_release_name(&minor_stat, &target_name); return auth; } @@ -145,22 +145,22 @@ AUTH *auth_gssapi_create( struct timeval timeout; int bindings_failed; rpcproc_t init_func; - + auth_gssapi_init_arg call_arg; auth_gssapi_init_res call_res; gss_buffer_desc *input_token, isn_buf; - + memset(&rpc_createerr, 0, sizeof(rpc_createerr)); - + /* this timeout is only used if clnt_control(clnt, CLSET_TIMEOUT) */ /* has not already been called.. therefore, we can just pick */ /* something reasonable-sounding.. */ timeout.tv_sec = 30; timeout.tv_usec = 0; - + auth = NULL; pdata = NULL; - + /* don't assume the caller will want to change clnt->cl_auth */ save_auth = clnt->cl_auth; @@ -178,23 +178,23 @@ AUTH *auth_gssapi_create( } memset(auth, 0, sizeof(*auth)); memset(pdata, 0, sizeof(*pdata)); - + auth->ah_ops = &auth_gssapi_ops; auth->ah_private = (caddr_t) pdata; - + /* initial creds are auth_msg TRUE and no handle */ marshall_new_creds(auth, TRUE, NULL); - + /* initial verifier is empty */ auth->ah_verf.oa_flavor = AUTH_GSSAPI; auth->ah_verf.oa_base = NULL; auth->ah_verf.oa_length = 0; - + AUTH_PRIVATE(auth)->established = FALSE; AUTH_PRIVATE(auth)->clnt = clnt; AUTH_PRIVATE(auth)->def_cred = (claimant_cred_handle == GSS_C_NO_CREDENTIAL); - + clnt->cl_auth = auth; /* start by trying latest version */ @@ -237,7 +237,7 @@ try_new_version: bindings.initiator_addrtype = GSS_C_AF_INET; bindings.initiator_address.length = 4; bindings.initiator_address.value = &laddr.sin_addr.s_addr; - + bindings.acceptor_addrtype = GSS_C_AF_INET; bindings.acceptor_address.length = 4; bindings.acceptor_address.value = &raddr.sin_addr.s_addr; @@ -245,9 +245,9 @@ try_new_version: } else { bindp = NULL; } - + memset(&call_res, 0, sizeof(call_res)); - + next_token: *gssstat = gss_init_sec_context(minor_stat, claimant_cred_handle, @@ -262,16 +262,16 @@ next_token: &call_arg.token, ret_flags, time_rec); - + if (*gssstat != GSS_S_COMPLETE && *gssstat != GSS_S_CONTINUE_NEEDED) { AUTH_GSSAPI_DISPLAY_STATUS(("initializing context", *gssstat, *minor_stat)); goto cleanup; } - + /* if we got a token, pass it on */ if (call_arg.token.length != 0) { - + /* * sanity check: if we received a signed isn in the last * response then there *cannot* be another token to send @@ -280,16 +280,16 @@ next_token: PRINTF(("gssapi_create: unexpected token from init_sec\n")); goto cleanup; } - + PRINTF(("gssapi_create: calling GSSAPI_INIT (%d)\n", init_func)); - + memset(&call_res, 0, sizeof(call_res)); callstat = clnt_call(clnt, init_func, xdr_authgssapi_init_arg, &call_arg, xdr_authgssapi_init_res, &call_res, timeout); gss_release_buffer(minor_stat, &call_arg.token); - + if (callstat != RPC_SUCCESS) { struct rpc_err err; @@ -306,7 +306,7 @@ next_token: PRINTF(("gssapi_create: GSSAPI_INIT (%d) failed, stat %d\n", init_func, callstat)); } - + goto cleanup; } else if (call_res.version != call_arg.version && !(call_arg.version == 2 && call_res.version == 1)) { @@ -332,10 +332,10 @@ next_token: call_res.gss_minor)); goto cleanup; } - + PRINTF(("gssapi_create: GSSAPI_INIT (%d) succeeded\n", init_func)); init_func = AUTH_GSSAPI_CONTINUE_INIT; - + /* check for client_handle */ if (AUTH_PRIVATE(auth)->client_handle.length == 0) { if (call_res.client_handle.length == 0) { @@ -344,20 +344,20 @@ next_token: } else { PRINTF(("gssapi_create: got client_handle %d\n", *((uint32_t *)call_res.client_handle.value))); - + GSS_DUP_BUFFER(AUTH_PRIVATE(auth)->client_handle, call_res.client_handle); - + /* auth_msg is TRUE; there may be more tokens */ marshall_new_creds(auth, TRUE, - &AUTH_PRIVATE(auth)->client_handle); + &AUTH_PRIVATE(auth)->client_handle); } } else if (!GSS_BUFFERS_EQUAL(AUTH_PRIVATE(auth)->client_handle, call_res.client_handle)) { PRINTF(("gssapi_create: got different client_handle\n")); goto cleanup; } - + /* check for token */ if (call_res.token.length==0 && *gssstat==GSS_S_CONTINUE_NEEDED) { PRINTF(("gssapi_create: expected token\n")); @@ -373,7 +373,7 @@ next_token: } } } - + /* check for isn */ if (*gssstat == GSS_S_COMPLETE) { if (call_res.signed_isn.length == 0) { @@ -381,67 +381,67 @@ next_token: goto cleanup; } else { PRINTF(("gssapi_create: processing signed isn\n")); - + /* don't check conf (integ only) or qop (accpet default) */ *gssstat = gss_unseal(minor_stat, AUTH_PRIVATE(auth)->context, &call_res.signed_isn, &isn_buf, NULL, NULL); - + if (*gssstat != GSS_S_COMPLETE) { AUTH_GSSAPI_DISPLAY_STATUS(("unsealing isn", - *gssstat, *minor_stat)); + *gssstat, *minor_stat)); goto cleanup; } else if (isn_buf.length != sizeof(uint32_t)) { PRINTF(("gssapi_create: gss_unseal gave %d bytes\n", (int) isn_buf.length)); goto cleanup; } - + AUTH_PRIVATE(auth)->seq_num = (uint32_t) - ntohl(*((uint32_t*)isn_buf.value)); + ntohl(*((uint32_t*)isn_buf.value)); *gssstat = gss_release_buffer(minor_stat, &isn_buf); if (*gssstat != GSS_S_COMPLETE) { AUTH_GSSAPI_DISPLAY_STATUS(("releasing unsealed isn", *gssstat, *minor_stat)); goto cleanup; } - + PRINTF(("gssapi_create: isn is %d\n", AUTH_PRIVATE(auth)->seq_num)); - + /* we no longer need these results.. */ xdr_free(xdr_authgssapi_init_res, &call_res); } } else if (call_res.signed_isn.length != 0) { PRINTF(("gssapi_create: got signed isn, can't check yet\n")); } - + /* results were okay.. continue if necessary */ if (*gssstat == GSS_S_CONTINUE_NEEDED) { PRINTF(("gssapi_create: not done, continuing\n")); goto next_token; } - + /* * Done! Context is established, we have client_handle and isn. */ AUTH_PRIVATE(auth)->established = TRUE; - + marshall_new_creds(auth, FALSE, - &AUTH_PRIVATE(auth)->client_handle); - + &AUTH_PRIVATE(auth)->client_handle); + PRINTF(("gssapi_create: done. client_handle %#x, isn %d\n\n", *((uint32_t *)AUTH_PRIVATE(auth)->client_handle.value), AUTH_PRIVATE(auth)->seq_num)); - + /* don't assume the caller will want to change clnt->cl_auth */ clnt->cl_auth = save_auth; - + return auth; - + /******************************************************************/ - + cleanup: PRINTF(("gssapi_create: bailing\n\n")); @@ -452,13 +452,13 @@ cleanup: free(auth); auth = NULL; } - + /* don't assume the caller will want to change clnt->cl_auth */ clnt->cl_auth = save_auth; - + if (rpc_createerr.cf_stat == 0) rpc_createerr.cf_stat = RPC_AUTHERROR; - + return auth; } @@ -480,7 +480,7 @@ cleanup: * Requires: auth must point to a valid GSS-API auth structure, auth_msg * must be TRUE or FALSE, client_handle must be a gss_buffer_t with a valid * value and length field or NULL. - * + * * Effects: auth->ah_cred is set to the serialized auth_gssapi_creds * version 2 structure (stored in the cred_buf field of private data) * containing version, auth_msg and client_handle. @@ -496,11 +496,11 @@ static bool_t marshall_new_creds( { auth_gssapi_creds creds; XDR xdrs; - + PRINTF(("marshall_new_creds: starting\n")); creds.version = 2; - + creds.auth_msg = auth_msg; if (client_handle) GSS_COPY_BUFFER(creds.client_handle, *client_handle) @@ -508,7 +508,7 @@ static bool_t marshall_new_creds( creds.client_handle.length = 0; creds.client_handle.value = NULL; } - + xdrmem_create(&xdrs, (caddr_t) AUTH_PRIVATE(auth)->cred_buf, MAX_AUTH_BYTES, XDR_ENCODE); if (! xdr_authgssapi_creds(&xdrs, &creds)) { @@ -518,16 +518,16 @@ static bool_t marshall_new_creds( } AUTH_PRIVATE(auth)->cred_len = xdr_getpos(&xdrs); XDR_DESTROY(&xdrs); - + PRINTF(("marshall_new_creds: auth_gssapi_creds is %d bytes\n", AUTH_PRIVATE(auth)->cred_len)); - + auth->ah_cred.oa_flavor = AUTH_GSSAPI; auth->ah_cred.oa_base = (char *) AUTH_PRIVATE(auth)->cred_buf; auth->ah_cred.oa_length = AUTH_PRIVATE(auth)->cred_len; - + PRINTF(("marshall_new_creds: succeeding\n")); - + return TRUE; } @@ -556,13 +556,13 @@ static void auth_gssapi_nextverf(AUTH *auth) * Returns: boolean indicating success/failure * * Effects: - * + * * The pre-serialized credentials in cred_buf are serialized. If the * context is established, the sealed sequence number is serialized as * the verifier. If the context is not established, an empty verifier * is serialized. The sequence number is *not* incremented, because * this function is called multiple times if retransmission is required. - * + * * If this took all the header fields as arguments, it could sign * them. */ @@ -573,22 +573,22 @@ static bool_t auth_gssapi_marshall( OM_uint32 minor_stat; gss_buffer_desc out_buf; uint32_t seq_num; - + if (AUTH_PRIVATE(auth)->established == TRUE) { PRINTF(("gssapi_marshall: starting\n")); - + seq_num = AUTH_PRIVATE(auth)->seq_num + 1; - + PRINTF(("gssapi_marshall: sending seq_num %d\n", seq_num)); - + if (auth_gssapi_seal_seq(AUTH_PRIVATE(auth)->context, seq_num, &out_buf) == FALSE) { PRINTF(("gssapi_marhshall: seal failed\n")); } - + auth->ah_verf.oa_base = out_buf.value; auth->ah_verf.oa_length = out_buf.length; - + if (! xdr_opaque_auth(xdrs, &auth->ah_cred) || ! xdr_opaque_auth(xdrs, &auth->ah_verf)) { (void) gss_release_buffer(&minor_stat, &out_buf); @@ -597,16 +597,16 @@ static bool_t auth_gssapi_marshall( (void) gss_release_buffer(&minor_stat, &out_buf); } else { PRINTF(("gssapi_marshall: not established, sending null verf\n")); - + auth->ah_verf.oa_base = NULL; auth->ah_verf.oa_length = 0; - + if (! xdr_opaque_auth(xdrs, &auth->ah_cred) || ! xdr_opaque_auth(xdrs, &auth->ah_verf)) { return FALSE; } } - + return TRUE; } @@ -623,14 +623,14 @@ static bool_t auth_gssapi_validate( { gss_buffer_desc in_buf; uint32_t seq_num; - + if (AUTH_PRIVATE(auth)->established == FALSE) { PRINTF(("gssapi_validate: not established, noop\n")); return TRUE; } - + PRINTF(("gssapi_validate: starting\n")); - + in_buf.length = verf->oa_length; in_buf.value = verf->oa_base; if (auth_gssapi_unseal_seq(AUTH_PRIVATE(auth)->context, &in_buf, @@ -638,7 +638,7 @@ static bool_t auth_gssapi_validate( PRINTF(("gssapi_validate: failed unsealing verifier\n")); return FALSE; } - + /* we sent seq_num+1, so we should get back seq_num+2 */ if (AUTH_PRIVATE(auth)->seq_num+2 != seq_num) { PRINTF(("gssapi_validate: expecting seq_num %d, got %d (%#x)\n", @@ -646,12 +646,12 @@ static bool_t auth_gssapi_validate( return FALSE; } PRINTF(("gssapi_validate: seq_num %d okay\n", seq_num)); - + /* +1 for successful transmission, +1 for successful validation */ AUTH_PRIVATE(auth)->seq_num += 2; - + PRINTF(("gssapi_validate: succeeding\n")); - + return TRUE; } @@ -661,7 +661,7 @@ static bool_t auth_gssapi_validate( * Purpose: Attempts to resyncrhonize the sequence number. * * Effects: - * + * * When the server receives a properly authenticated RPC call, it * increments the sequence number it is expecting from the client. * But if the server's response is lost for any reason, the client @@ -706,18 +706,18 @@ static void auth_gssapi_destroy(AUTH *auth) OM_uint32 gssstat, minor_stat; gss_cred_id_t cred; int callstat; - + if (AUTH_PRIVATE(auth)->client_handle.length == 0) { PRINTF(("gssapi_destroy: no client_handle, not calling destroy\n")); goto skip_call; } - + PRINTF(("gssapi_destroy: marshalling new creds\n")); if (!marshall_new_creds(auth, TRUE, &AUTH_PRIVATE(auth)->client_handle)) { PRINTF(("gssapi_destroy: marshall_new_creds failed\n")); goto skip_call; } - + PRINTF(("gssapi_destroy: calling GSSAPI_DESTROY\n")); timeout.tv_sec = 1; timeout.tv_usec = 0; @@ -726,7 +726,7 @@ static void auth_gssapi_destroy(AUTH *auth) if (callstat != RPC_SUCCESS) clnt_sperror(AUTH_PRIVATE(auth)->clnt, "gssapi_destroy: GSSAPI_DESTROY failed"); - + skip_call: PRINTF(("gssapi_destroy: deleting context\n")); gssstat = gss_delete_sec_context(&minor_stat, @@ -742,18 +742,18 @@ skip_call: AUTH_GSSAPI_DISPLAY_STATUS(("deleting default credential", gssstat, minor_stat)); } - + if (AUTH_PRIVATE(auth)->client_handle.length != 0) gss_release_buffer(&minor_stat, &AUTH_PRIVATE(auth)->client_handle); - + #if 0 PRINTF(("gssapi_destroy: calling GSSAPI_EXIT\n")); AUTH_PRIVATE(auth)->established = FALSE; callstat = clnt_call(AUTH_PRIVATE(auth)->clnt, AUTH_GSSAPI_EXIT, xdr_void, NULL, xdr_void, NULL, timeout); #endif - + free(auth->ah_private); free(auth); PRINTF(("gssapi_destroy: done\n")); @@ -774,7 +774,7 @@ static bool_t auth_gssapi_wrap( caddr_t xdr_ptr) { OM_uint32 gssstat, minor_stat; - + if (! AUTH_PRIVATE(auth)->established) { PRINTF(("gssapi_wrap: context not established, noop\n")); return (*xdr_func)(out_xdrs, xdr_ptr); @@ -805,7 +805,7 @@ static bool_t auth_gssapi_unwrap( caddr_t xdr_ptr) { OM_uint32 gssstat, minor_stat; - + if (! AUTH_PRIVATE(auth)->established) { PRINTF(("gssapi_unwrap: context not established, noop\n")); return (*xdr_func)(in_xdrs, xdr_ptr); diff --git a/src/lib/rpc/auth_gssapi_misc.c b/src/lib/rpc/auth_gssapi_misc.c index 908ac0c..e1f9205 100644 --- a/src/lib/rpc/auth_gssapi_misc.c +++ b/src/lib/rpc/auth_gssapi_misc.c @@ -27,10 +27,10 @@ extern void gssrpcint_printf(const char *, ...); #define L_PRINTF(l, args) #define AUTH_GSSAPI_DISPLAY_STATUS(args) #endif - + static void auth_gssapi_display_status_1 (char *, OM_uint32, int, int); - + bool_t xdr_gss_buf( XDR *xdrs, gss_buffer_t buf) @@ -95,9 +95,9 @@ bool_t auth_gssapi_seal_seq( gss_buffer_desc in_buf; OM_uint32 gssstat, minor_stat; uint32_t nl_seq_num; - + nl_seq_num = htonl(seq_num); - + in_buf.length = sizeof(uint32_t); in_buf.value = (char *) &nl_seq_num; gssstat = gss_seal(&minor_stat, context, 0, GSS_C_QOP_DEFAULT, @@ -119,13 +119,13 @@ bool_t auth_gssapi_unseal_seq( gss_buffer_desc out_buf; OM_uint32 gssstat, minor_stat; uint32_t nl_seq_num; - + gssstat = gss_unseal(&minor_stat, context, in_buf, &out_buf, NULL, NULL); if (gssstat != GSS_S_COMPLETE) { PRINTF(("gssapi_unseal_seq: failed\n")); AUTH_GSSAPI_DISPLAY_STATUS(("unsealing sequence number", - gssstat, minor_stat)); + gssstat, minor_stat)); return FALSE; } else if (out_buf.length != sizeof(uint32_t)) { PRINTF(("gssapi_unseal_seq: unseal gave %d bytes\n", @@ -133,11 +133,11 @@ bool_t auth_gssapi_unseal_seq( gss_release_buffer(&minor_stat, &out_buf); return FALSE; } - + nl_seq_num = *((uint32_t *) out_buf.value); *seq_num = (uint32_t) ntohl(nl_seq_num); gss_release_buffer(&minor_stat, &out_buf); - + return TRUE; } @@ -159,7 +159,7 @@ static void auth_gssapi_display_status_1( OM_uint32 gssstat, minor_stat; gss_buffer_desc msg; OM_uint32 msg_ctx; - + msg_ctx = 0; while (1) { gssstat = gss_display_status(&minor_stat, code, @@ -167,7 +167,7 @@ static void auth_gssapi_display_status_1( &msg_ctx, &msg); if (gssstat != GSS_S_COMPLETE) { if (!rec) { - auth_gssapi_display_status_1(m,gssstat,GSS_C_GSS_CODE,1); + auth_gssapi_display_status_1(m,gssstat,GSS_C_GSS_CODE,1); auth_gssapi_display_status_1(m, minor_stat, GSS_C_MECH_CODE, 1); } else { @@ -185,7 +185,7 @@ static void auth_gssapi_display_status_1( gssrpcint_printf("GSS-API authentication error %s: %*s\n", m, msg.length, (char *) msg.value); (void) gss_release_buffer(&minor_stat, &msg); - + if (!msg_ctx) break; } @@ -204,14 +204,14 @@ bool_t auth_gssapi_wrap_data( XDR temp_xdrs; int conf_state; unsigned int length; - + PRINTF(("gssapi_wrap_data: starting\n")); - + *major = GSS_S_COMPLETE; *minor = 0; /* assumption */ - + xdralloc_create(&temp_xdrs, XDR_ENCODE); - + /* serialize the sequence number into local memory */ PRINTF(("gssapi_wrap_data: encoding seq_num %d\n", seq_num)); if (! xdr_u_int32(&temp_xdrs, &seq_num)) { @@ -219,17 +219,17 @@ bool_t auth_gssapi_wrap_data( XDR_DESTROY(&temp_xdrs); return FALSE; } - + /* serialize the arguments into local memory */ if (!(*xdr_func)(&temp_xdrs, xdr_ptr)) { PRINTF(("gssapi_wrap_data: serializing arguments failed\n")); XDR_DESTROY(&temp_xdrs); return FALSE; } - + in_buf.length = xdr_getpos(&temp_xdrs); in_buf.value = xdralloc_getdata(&temp_xdrs); - + *major = gss_seal(minor, context, 1, GSS_C_QOP_DEFAULT, &in_buf, &conf_state, &out_buf); @@ -237,22 +237,22 @@ bool_t auth_gssapi_wrap_data( XDR_DESTROY(&temp_xdrs); return FALSE; } - + PRINTF(("gssapi_wrap_data: %d bytes data, %d bytes sealed\n", (int) in_buf.length, (int) out_buf.length)); - + /* write the token */ length = out_buf.length; - if (! xdr_bytes(out_xdrs, (char **) &out_buf.value, + if (! xdr_bytes(out_xdrs, (char **) &out_buf.value, (unsigned int *) &length, out_buf.length)) { PRINTF(("gssapi_wrap_data: serializing encrypted data failed\n")); XDR_DESTROY(&temp_xdrs); return FALSE; } - + *major = gss_release_buffer(minor, &out_buf); - + PRINTF(("gssapi_wrap_data: succeeding\n\n")); XDR_DESTROY(&temp_xdrs); return TRUE; @@ -272,12 +272,12 @@ bool_t auth_gssapi_unwrap_data( uint32_t verf_seq_num; int conf, qop; unsigned int length; - + PRINTF(("gssapi_unwrap_data: starting\n")); - + *major = GSS_S_COMPLETE; *minor = 0; /* assumption */ - + in_buf.value = NULL; out_buf.value = NULL; if (! xdr_bytes(in_xdrs, (char **) &in_buf.value, @@ -289,18 +289,18 @@ bool_t auth_gssapi_unwrap_data( return FALSE; } in_buf.length = length; - + *major = gss_unseal(minor, context, &in_buf, &out_buf, &conf, &qop); free(in_buf.value); if (*major != GSS_S_COMPLETE) return FALSE; - + PRINTF(("gssapi_unwrap_data: %d bytes data, %d bytes sealed\n", out_buf.length, in_buf.length)); - + xdrmem_create(&temp_xdrs, out_buf.value, out_buf.length, XDR_DECODE); - + /* deserialize the sequence number */ if (! xdr_u_int32(&temp_xdrs, &verf_seq_num)) { PRINTF(("gssapi_unwrap_data: deserializing verf_seq_num failed\n")); @@ -316,7 +316,7 @@ bool_t auth_gssapi_unwrap_data( return FALSE; } PRINTF(("gssapi_unwrap_data: unwrap seq_num %d okay\n", verf_seq_num)); - + /* deserialize the arguments into xdr_ptr */ if (! (*xdr_func)(&temp_xdrs, xdr_ptr)) { PRINTF(("gssapi_unwrap_data: deserializing arguments failed\n")); @@ -325,9 +325,9 @@ bool_t auth_gssapi_unwrap_data( XDR_DESTROY(&temp_xdrs); return FALSE; } - + PRINTF(("gssapi_unwrap_data: succeeding\n\n")); - + gss_release_buffer(minor, &out_buf); XDR_DESTROY(&temp_xdrs); return TRUE; diff --git a/src/lib/rpc/auth_none.c b/src/lib/rpc/auth_none.c index f4869aa..2e17622 100644 --- a/src/lib/rpc/auth_none.c +++ b/src/lib/rpc/auth_none.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -33,10 +33,10 @@ static char sccsid[] = "@(#)auth_none.c 1.19 87/08/11 Copyr 1984 Sun Micro"; /* * auth_none.c - * Creates a client authentication handle for passing "null" - * credentials and verifiers to remote systems. - * - * Copyright (C) 1984, Sun Microsystems, Inc. + * Creates a client authentication handle for passing "null" + * credentials and verifiers to remote systems. + * + * Copyright (C) 1984, Sun Microsystems, Inc. */ #include <gssrpc/types.h> @@ -111,7 +111,7 @@ authnone_marshal(AUTH *client, XDR *xdrs) } /*ARGSUSED*/ -static void +static void authnone_verf(AUTH *auth) { } diff --git a/src/lib/rpc/auth_unix.c b/src/lib/rpc/auth_unix.c index eaa8427..ad7b505 100644 --- a/src/lib/rpc/auth_unix.c +++ b/src/lib/rpc/auth_unix.c @@ -6,11 +6,11 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. @@ -18,11 +18,11 @@ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -32,8 +32,8 @@ static char sccsid[] = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro"; #endif /* - * auth_unix.c, Implements UNIX style authentication parameters. - * + * auth_unix.c, Implements UNIX style authentication parameters. + * * Copyright (C) 1984, Sun Microsystems, Inc. * * The system is very weak. The client uses no encryption for it's @@ -145,7 +145,7 @@ authunix_create( * Serialize the parameters into origcred */ xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE); - if (! xdr_authunix_parms(&xdrs, &aup)) + if (! xdr_authunix_parms(&xdrs, &aup)) abort(); au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs); au->au_origcred.oa_flavor = AUTH_UNIX; @@ -261,7 +261,7 @@ authunix_refresh(register AUTH *auth, struct rpc_msg *msg) xdrmem_create(&xdrs, au->au_origcred.oa_base, au->au_origcred.oa_length, XDR_DECODE); stat = xdr_authunix_parms(&xdrs, &aup); - if (! stat) + if (! stat) goto done; /* update the time and serialize in place */ diff --git a/src/lib/rpc/authgss_prot.c b/src/lib/rpc/authgss_prot.c index ab6e7fe..31a8dda 100644 --- a/src/lib/rpc/authgss_prot.c +++ b/src/lib/rpc/authgss_prot.c @@ -1,12 +1,12 @@ /* authgss_prot.c - + Copyright (c) 2000 The Regents of the University of Michigan. All rights reserved. - + Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>. All rights reserved, all wrongs reversed. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -98,7 +98,7 @@ xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p) (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode", (xdr_stat == TRUE) ? "success" : "failure", p->value, p->length); - + return (xdr_stat); } @@ -120,7 +120,7 @@ xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p) p->gr_ctx.value, p->gr_ctx.length, p->gr_major, p->gr_minor, p->gr_win, p->gr_token.value, p->gr_token.length); - + return (xdr_stat); } @@ -138,7 +138,7 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, xdralloc_create(&tmpxdrs, XDR_ENCODE); xdr_stat = FALSE; - + /* Marshal rpc_gss_data_t (sequence number + arguments). */ if (!xdr_u_int32(&tmpxdrs, &seq) || !(*xdr_func)(&tmpxdrs, xdr_ptr)) goto errout; @@ -161,7 +161,7 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, /* Marshal checksum. */ xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1); gss_release_buffer(&min_stat, &wrapbuf); - } + } else if (svc == RPCSEC_GSS_SVC_PRIVACY) { /* Encrypt rpc_gss_data_t. */ maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf, @@ -194,10 +194,10 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, if (xdr_func == xdr_void || xdr_ptr == NULL) return (TRUE); - + memset(&databuf, 0, sizeof(databuf)); memset(&wrapbuf, 0, sizeof(wrapbuf)); - + if (svc == RPCSEC_GSS_SVC_INTEGRITY) { /* Decode databody_integ. */ if (!xdr_rpc_gss_buf(xdrs, &databuf, (unsigned int)-1)) { @@ -214,7 +214,7 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, maj_stat = gss_verify_mic(&min_stat, ctx, &databuf, &wrapbuf, &qop_state); gss_release_buffer(&min_stat, &wrapbuf); - + if (maj_stat != GSS_S_COMPLETE || qop_state != qop) { gss_release_buffer(&min_stat, &databuf); log_status("gss_verify_mic", maj_stat, min_stat); @@ -230,9 +230,9 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, /* Decrypt databody. */ maj_stat = gss_unwrap(&min_stat, ctx, &wrapbuf, &databuf, &conf_state, &qop_state); - + gss_release_buffer(&min_stat, &wrapbuf); - + /* Verify encryption and QOP. */ if (maj_stat != GSS_S_COMPLETE || qop_state != qop || conf_state != TRUE) { @@ -247,7 +247,7 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, (*xdr_func)(&tmpxdrs, xdr_ptr)); XDR_DESTROY(&tmpxdrs); gss_release_buffer(&min_stat, &databuf); - + /* Verify sequence number. */ if (xdr_stat == TRUE && seq_num != seq) { log_debug("wrong sequence number in databody"); @@ -262,7 +262,7 @@ xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, rpc_gss_svc_t svc, uint32_t seq) { switch (xdrs->x_op) { - + case XDR_ENCODE: return (xdr_rpc_gss_wrap_data(xdrs, xdr_func, xdr_ptr, ctx, qop, svc, seq)); @@ -316,13 +316,13 @@ log_hexdump(const u_char *buf, int len, int offset) { u_int i, j, jm; int c; - + fprintf(stderr, "\n"); for (i = 0; i < len; i += 0x10) { fprintf(stderr, " %04x: ", (u_int)(i + offset)); jm = len - i; jm = jm > 16 ? 16 : jm; - + for (j = 0; j < jm; j++) { if ((j % 2) == 1) fprintf(stderr, "%02x ", (u_int) buf[i+j]); @@ -334,7 +334,7 @@ log_hexdump(const u_char *buf, int len, int offset) else fprintf(stderr, " "); } fprintf(stderr, " "); - + for (j = 0; j < jm; j++) { c = buf[i+j]; c = isprint(c) ? c : '.'; @@ -362,5 +362,3 @@ log_hexdump(const u_char *buf, int len, int offset) } #endif - - diff --git a/src/lib/rpc/authunix_prot.c b/src/lib/rpc/authunix_prot.c index 7eb47a4..4d20b01 100644 --- a/src/lib/rpc/authunix_prot.c +++ b/src/lib/rpc/authunix_prot.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -61,4 +61,3 @@ xdr_authunix_parms(register XDR *xdrs, register struct authunix_parms *p) } return (FALSE); } - diff --git a/src/lib/rpc/bindresvport.c b/src/lib/rpc/bindresvport.c index d1ec654..62cc529 100644 --- a/src/lib/rpc/bindresvport.c +++ b/src/lib/rpc/bindresvport.c @@ -8,23 +8,23 @@ static char sccsid[] = "@(#)bindresvport.c 2.2 88/07/29 4.0 RPCSRC 1.8 88/02/08 * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/clnt_generic.c b/src/lib/rpc/clnt_generic.c index 696e5a2..880b0df 100644 --- a/src/lib/rpc/clnt_generic.c +++ b/src/lib/rpc/clnt_generic.c @@ -6,11 +6,11 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. @@ -18,11 +18,11 @@ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -42,7 +42,7 @@ static char sccsid[] = "@(#)clnt_generic.c 1.4 87/08/11 (C) 1987 SMI"; /* * Generic client creation: takes (hostname, program-number, protocol) and - * returns client handle. Default options are set, which the user can + * returns client handle. Default options are set, which the user can * change using the rpc equivalent of ioctl()'s. */ CLIENT * @@ -69,7 +69,7 @@ clnt_create( * Only support INET for now */ rpc_createerr.cf_stat = RPC_SYSTEMERROR; - rpc_createerr.cf_error.re_errno = EAFNOSUPPORT; + rpc_createerr.cf_error.re_errno = EAFNOSUPPORT; return (NULL); } memset(&sockin, 0, sizeof(sockin)); @@ -82,7 +82,7 @@ clnt_create( p = getprotobyname(proto); if (p == NULL) { rpc_createerr.cf_stat = RPC_UNKNOWNPROTO; - rpc_createerr.cf_error.re_errno = EPFNOSUPPORT; + rpc_createerr.cf_error.re_errno = EPFNOSUPPORT; return (NULL); } sock = RPC_ANYSOCK; @@ -108,7 +108,7 @@ clnt_create( break; default: rpc_createerr.cf_stat = RPC_SYSTEMERROR; - rpc_createerr.cf_error.re_errno = EPFNOSUPPORT; + rpc_createerr.cf_error.re_errno = EPFNOSUPPORT; return (NULL); } return (client); diff --git a/src/lib/rpc/clnt_perror.c b/src/lib/rpc/clnt_perror.c index 09b4322..7a469fb 100644 --- a/src/lib/rpc/clnt_perror.c +++ b/src/lib/rpc/clnt_perror.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -100,7 +100,7 @@ clnt_sperror(CLIENT *rpch, char *s) case RPC_SUCCESS: case RPC_CANTENCODEARGS: case RPC_CANTDECODERES: - case RPC_TIMEDOUT: + case RPC_TIMEDOUT: case RPC_PROGUNAVAIL: case RPC_PROCUNAVAIL: case RPC_CANTDECODEARGS: @@ -117,7 +117,7 @@ clnt_sperror(CLIENT *rpch, char *s) /* 10 for the string */ if (str - bufstart + 10 + strlen(strerror(e.re_errno)) < BUFSIZ) (void) snprintf(str, strend-str, "; errno = %s", - strerror(e.re_errno)); + strerror(e.re_errno)); str += strlen(str); break; @@ -125,7 +125,7 @@ clnt_sperror(CLIENT *rpch, char *s) /* 33 for the string, 22 for the numbers */ if(str - bufstart + 33 + 22 < BUFSIZ) (void) snprintf(str, strend-str, - "; low version = %lu, high version = %lu", + "; low version = %lu, high version = %lu", (u_long) e.re_vers.low, (u_long) e.re_vers.high); str += strlen(str); @@ -188,41 +188,41 @@ struct rpc_errtab { }; static struct rpc_errtab rpc_errlist[] = { - { RPC_SUCCESS, - "RPC: Success" }, - { RPC_CANTENCODEARGS, + { RPC_SUCCESS, + "RPC: Success" }, + { RPC_CANTENCODEARGS, "RPC: Can't encode arguments" }, - { RPC_CANTDECODERES, + { RPC_CANTDECODERES, "RPC: Can't decode result" }, - { RPC_CANTSEND, + { RPC_CANTSEND, "RPC: Unable to send" }, - { RPC_CANTRECV, + { RPC_CANTRECV, "RPC: Unable to receive" }, - { RPC_TIMEDOUT, + { RPC_TIMEDOUT, "RPC: Timed out" }, - { RPC_VERSMISMATCH, + { RPC_VERSMISMATCH, "RPC: Incompatible versions of RPC" }, - { RPC_AUTHERROR, + { RPC_AUTHERROR, "RPC: Authentication error" }, - { RPC_PROGUNAVAIL, + { RPC_PROGUNAVAIL, "RPC: Program unavailable" }, - { RPC_PROGVERSMISMATCH, + { RPC_PROGVERSMISMATCH, "RPC: Program/version mismatch" }, - { RPC_PROCUNAVAIL, + { RPC_PROCUNAVAIL, "RPC: Procedure unavailable" }, - { RPC_CANTDECODEARGS, + { RPC_CANTDECODEARGS, "RPC: Server can't decode arguments" }, - { RPC_SYSTEMERROR, + { RPC_SYSTEMERROR, "RPC: Remote system error" }, - { RPC_UNKNOWNHOST, + { RPC_UNKNOWNHOST, "RPC: Unknown host" }, { RPC_UNKNOWNPROTO, "RPC: Unknown protocol" }, - { RPC_PMAPFAILURE, + { RPC_PMAPFAILURE, "RPC: Port mapper failure" }, - { RPC_PROGNOTREGISTERED, + { RPC_PROGNOTREGISTERED, "RPC: Program not registered"}, - { RPC_FAILED, + { RPC_FAILED, "RPC: Failed (unspecified error)"} }; @@ -313,7 +313,7 @@ clnt_pcreateerror(char *s) } struct auth_errtab { - enum auth_stat status; + enum auth_stat status; char *message; }; diff --git a/src/lib/rpc/clnt_raw.c b/src/lib/rpc/clnt_raw.c index 06b078e..e2fdc35 100644 --- a/src/lib/rpc/clnt_raw.c +++ b/src/lib/rpc/clnt_raw.c @@ -6,11 +6,11 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. @@ -18,11 +18,11 @@ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -60,8 +60,8 @@ static struct clntraw_private { u_int mcnt; } *clntraw_private; -static enum clnt_stat clntraw_call(CLIENT *, rpcproc_t, xdrproc_t, - void *, xdrproc_t, void *, +static enum clnt_stat clntraw_call(CLIENT *, rpcproc_t, xdrproc_t, + void *, xdrproc_t, void *, struct timeval); static void clntraw_abort(CLIENT *); static void clntraw_geterr(CLIENT *, struct rpc_err *); @@ -106,7 +106,7 @@ clntraw_create( call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION; call_msg.rm_call.cb_prog = prog; call_msg.rm_call.cb_vers = vers; - xdrmem_create(xdrs, clp->u.mashl_callmsg, MCALL_MSG_SIZE, XDR_ENCODE); + xdrmem_create(xdrs, clp->u.mashl_callmsg, MCALL_MSG_SIZE, XDR_ENCODE); if (! xdr_callhdr(xdrs, &call_msg)) { perror("clnt_raw.c - Fatal header serialization error."); } @@ -126,7 +126,7 @@ clntraw_create( return (client); } -static enum clnt_stat +static enum clnt_stat clntraw_call( CLIENT *h, rpcproc_t proc, diff --git a/src/lib/rpc/clnt_simple.c b/src/lib/rpc/clnt_simple.c index 3649c80..d5dbb5a 100644 --- a/src/lib/rpc/clnt_simple.c +++ b/src/lib/rpc/clnt_simple.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -31,7 +31,7 @@ static char sccsid[] = "@(#)clnt_simple.c 1.35 87/08/11 Copyr 1984 Sun Micro"; #endif -/* +/* * clnt_simple.c * Simplified front end to rpc. * @@ -89,7 +89,7 @@ callrpc( } if (crp->valid && crp->oldprognum == prognum && crp->oldversnum == versnum && strcmp(crp->oldhost, host) == 0) { - /* reuse old client */ + /* reuse old client */ } else { crp->valid = 0; (void)closesocket(crp->socket); @@ -103,7 +103,7 @@ callrpc( timeout.tv_usec = 0; timeout.tv_sec = 5; memset(&server_addr, 0, sizeof(server_addr)); - memmove((char *)&server_addr.sin_addr, hp->h_addr, + memmove((char *)&server_addr.sin_addr, hp->h_addr, sizeof(server_addr.sin_addr)); #if HAVE_STRUCT_SOCKADDR_IN_SIN_LEN server_addr.sin_len = sizeof(server_addr); @@ -123,7 +123,7 @@ callrpc( tottimeout.tv_usec = 0; clnt_stat = clnt_call(crp->client, procnum, inproc, in, outproc, out, tottimeout); - /* + /* * if call failed, empty cache */ if (clnt_stat != RPC_SUCCESS) diff --git a/src/lib/rpc/clnt_tcp.c b/src/lib/rpc/clnt_tcp.c index 7168493..0eb8f45 100644 --- a/src/lib/rpc/clnt_tcp.c +++ b/src/lib/rpc/clnt_tcp.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -30,7 +30,7 @@ #if !defined(lint) && defined(SCCSIDS) static char sccsid[] = "@(#)clnt_tcp.c 1.37 87/10/05 Copyr 1984 Sun Micro"; #endif - + /* * clnt_tcp.c, Implements a TCP/IP based, client side RPC. * @@ -90,7 +90,7 @@ struct ct_data { bool_t ct_closeit; struct timeval ct_wait; bool_t ct_waitset; /* wait set by clnt_control? */ - struct sockaddr_in ct_addr; + struct sockaddr_in ct_addr; struct rpc_err ct_error; union { char ct_mcall[MCALL_MSG_SIZE]; /* marshalled callmsg */ @@ -377,7 +377,7 @@ clnttcp_control( { register struct ct_data *ct = (struct ct_data *)cl->cl_private; GETSOCKNAME_ARG3_TYPE len; - + switch (request) { case CLSET_TIMEOUT: ct->ct_wait = *(struct timeval *)info; diff --git a/src/lib/rpc/clnt_udp.c b/src/lib/rpc/clnt_udp.c index 25474b9..a3876a7 100644 --- a/src/lib/rpc/clnt_udp.c +++ b/src/lib/rpc/clnt_udp.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -76,7 +76,7 @@ static struct clnt_ops udp_ops = { clntudp_control }; -/* +/* * Private data kept per client handle */ struct cu_data { @@ -197,7 +197,7 @@ clntudp_bufcreate( cu->cu_llen = sizeof(cu->cu_laddr); if (getsockname(*sockp, (struct sockaddr *)&cu->cu_laddr, &cu->cu_llen) < 0) goto fooy; - + cu->cu_sock = *sockp; cl->cl_auth = authnone_create(); return (cl); @@ -222,7 +222,7 @@ clntudp_create( UDPMSGSIZE, UDPMSGSIZE)); } -static enum clnt_stat +static enum clnt_stat clntudp_call( register CLIENT *cl, /* client handle */ rpcproc_t proc, /* procedure number */ @@ -306,7 +306,7 @@ send_again: for (;;) { readfds = mask; seltimeout = cu->cu_wait; - switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL, + switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL, (fd_set *)NULL, &seltimeout)) { case 0: @@ -319,7 +319,7 @@ send_again: if ((time_waited.tv_sec < timeout.tv_sec) || ((time_waited.tv_sec == timeout.tv_sec) && (time_waited.tv_usec < timeout.tv_usec))) - goto send_again; + goto send_again; return (cu->cu_error.re_status = RPC_TIMEDOUT); /* @@ -328,28 +328,28 @@ send_again: */ case -1: if (errno == EINTR) - continue; + continue; cu->cu_error.re_errno = errno; return (cu->cu_error.re_status = RPC_CANTRECV); } do { fromlen = sizeof(struct sockaddr); - inlen = recvfrom(cu->cu_sock, cu->cu_inbuf, + inlen = recvfrom(cu->cu_sock, cu->cu_inbuf, cu->cu_recvsz, 0, (struct sockaddr *)&from, &fromlen); } while (inlen < 0 && errno == EINTR); if (inlen < 0) { if (errno == EWOULDBLOCK) - continue; + continue; cu->cu_error.re_errno = errno; return (cu->cu_error.re_status = RPC_CANTRECV); } if (inlen < sizeof(uint32_t)) - continue; + continue; /* see if reply transaction id matches sent id */ - if (*((uint32_t *)(void *)(cu->cu_inbuf)) != + if (*((uint32_t *)(void *)(cu->cu_inbuf)) != *((uint32_t *)(void *)(cu->cu_outbuf))) - continue; + continue; /* we now assume we have the proper reply */ break; } @@ -387,7 +387,7 @@ send_again: xdrs->x_op = XDR_FREE; (void)xdr_opaque_auth(xdrs, &(reply_msg.acpted_rply.ar_verf)); - } + } } /* end of valid reply message */ else { /* @@ -435,7 +435,7 @@ clntudp_freeres( /*ARGSUSED*/ -static void +static void clntudp_abort(CLIENT *h) { } @@ -447,7 +447,7 @@ clntudp_control( void *info) { register struct cu_data *cu = (struct cu_data *)cl->cl_private; - + switch (request) { case CLSET_TIMEOUT: cu->cu_total = *(struct timeval *)info; @@ -472,7 +472,7 @@ clntudp_control( } return (TRUE); } - + static void clntudp_destroy(CLIENT *cl) { diff --git a/src/lib/rpc/dyn.c b/src/lib/rpc/dyn.c index 192095c..bce1fd2 100644 --- a/src/lib/rpc/dyn.c +++ b/src/lib/rpc/dyn.c @@ -81,7 +81,7 @@ DynObjectP DynCopy(obj) DynObjectP obj; { DynObjectP obj1; - + obj1 = (DynObjectP) malloc(sizeof(DynObjectRecP)); if (obj1 == NULL) return NULL; @@ -98,7 +98,7 @@ DynObjectP DynCopy(obj) free(obj1); return NULL; } - memcpy(obj1->array, obj->array, + memcpy(obj1->array, obj->array, (size_t) (obj1->el_size * obj1->size)); return obj1; @@ -154,7 +154,7 @@ int DynDebug(obj, state) /* * Checkers! Get away from that "hard disk erase" button! * (Stupid dog. He almost did it to me again ...) - */ + */ int DynDelete(obj, idx) DynObjectP obj; int idx; @@ -164,7 +164,7 @@ int DynDelete(obj, idx) fprintf(stderr, "dyn: delete: bad index %d\n", idx); return DYN_BADINDEX; } - + if (idx >= obj->num_el) { if (obj->debug) fprintf(stderr, "dyn: delete: Highest index is %d.\n", @@ -182,14 +182,14 @@ int DynDelete(obj, idx) if (obj->debug) fprintf(stderr, "dyn: delete: last element, punting.\n"); } - } + } else { if (obj->debug) fprintf(stderr, "dyn: delete: copying %d bytes from %p + %d to + %d.\n", obj->el_size*(obj->num_el - idx), obj->array, (idx+1)*obj->el_size, idx*obj->el_size); - + memmove(obj->array + idx*obj->el_size, obj->array + (idx+1)*obj->el_size, (size_t) obj->el_size*(obj->num_el - idx)); @@ -203,9 +203,9 @@ int DynDelete(obj, idx) (size_t) obj->el_size); } } - + --obj->num_el; - + if (obj->debug) fprintf(stderr, "dyn: delete: done.\n"); @@ -244,7 +244,7 @@ int DynInsert(obj, idx, els_in, num) { DynPtr els = (DynPtr) els_in; int ret; - + if (idx < 0 || idx > obj->num_el) { if (obj->debug) fprintf(stderr, "dyn: insert: index %d is not in [0,%d]\n", @@ -327,18 +327,18 @@ DynPtr DynGet(obj, num) fprintf(stderr, "dyn: get: bad index %d\n", num); return NULL; } - + if (num >= obj->num_el) { if (obj->debug) fprintf(stderr, "dyn: get: highest element is %d.\n", obj->num_el); return NULL; } - + if (obj->debug) fprintf(stderr, "dyn: get: Returning address %p + %d.\n", obj->array, obj->el_size*num); - + return (DynPtr) obj->array + obj->el_size*num; } @@ -347,7 +347,7 @@ int DynAdd(obj, el) void *el; { int ret; - + ret = DynPut(obj, el, obj->num_el); if (ret != DYN_OK) return ret; @@ -371,7 +371,7 @@ int DynPut(obj, el_in, idx) { DynPtr el = (DynPtr) el_in; int ret; - + if (obj->debug) fprintf(stderr, "dyn: put: Writing %d bytes from %p to %p + %d\n", obj->el_size, el, obj->array, idx*obj->el_size); @@ -383,7 +383,7 @@ int DynPut(obj, el_in, idx) if (obj->debug) fprintf(stderr, "dyn: put: done.\n"); - + return DYN_OK; } @@ -402,7 +402,7 @@ int _DynResize(obj, req) int req; { int size; - + if (obj->size > req) return DYN_OK; else if (obj->inc > 0) @@ -410,9 +410,9 @@ int _DynResize(obj, req) else { if (obj->size == 0) size = -obj->inc; - else + else size = obj->size; - + /*@-shiftsigned@*/ while (size <= req) size <<= 1; @@ -426,7 +426,7 @@ int _DynResize(obj, req) * Resize the array by num_incs units. If obj->inc is positive, this * means make it obj->inc*num_incs elements larger. If obj->inc is * negative, this means make the array num_incs elements long. - * + * * Ideally, this function should not be called from outside the * library. However, nothing will break if it is. */ @@ -441,13 +441,13 @@ int _DynRealloc(obj, num_incs) new_size_in_bytes = obj->el_size*(obj->size + obj->inc*num_incs); else new_size_in_bytes = obj->el_size*num_incs; - + if (obj->debug) fprintf(stderr, "dyn: alloc: Increasing object by %d bytes (%d incs).\n", new_size_in_bytes - obj->el_size*obj->size, num_incs); - + temp = (DynPtr) realloc(obj->array, (size_t) new_size_in_bytes); if (temp == NULL) { if (obj->debug) @@ -464,7 +464,7 @@ int _DynRealloc(obj, num_incs) if (obj->debug) fprintf(stderr, "dyn: alloc: done.\n"); - + return DYN_OK; } @@ -546,7 +546,7 @@ Sat Dec 6 22:50:03 1997 Ezra Peisach <epeisach@mit.edu> Mon Jul 22 21:37:52 1996 Ezra Peisach <epeisach@mit.edu> * dyn.h: If __STDC__ is not defined, generate prototypes implying - functions and not variables. + functions and not variables. Mon Jul 22 04:20:48 1996 Marc Horowitz <marc@mit.edu> diff --git a/src/lib/rpc/dyn.h b/src/lib/rpc/dyn.h index a888b1d..2e3f3e5 100644 --- a/src/lib/rpc/dyn.h +++ b/src/lib/rpc/dyn.h @@ -39,7 +39,7 @@ typedef struct _DynObject { #define DYN_NOMEM -1001 #define DYN_BADINDEX -1002 #define DYN_BADVALUE -1003 - + #define DynCreate gssrpcint_DynCreate #define DynDestroy gssrpcint_DynDestroy #define DynRelease gssrpcint_DynRelease diff --git a/src/lib/rpc/dynP.h b/src/lib/rpc/dynP.h index f2e1c3e..462ce18 100644 --- a/src/lib/rpc/dynP.h +++ b/src/lib/rpc/dynP.h @@ -41,7 +41,7 @@ typedef struct _DynObject DynObjectRecP, *DynObjectP; #define _DynResize gssrpcint_DynResize /* Internal functions */ -int _DynRealloc (DynObjectP obj, int req), +int _DynRealloc (DynObjectP obj, int req), _DynResize (DynObjectP obj, int req); #undef P diff --git a/src/lib/rpc/dyntest.c b/src/lib/rpc/dyntest.c index 2a80b4f..5e68f61 100644 --- a/src/lib/rpc/dyntest.c +++ b/src/lib/rpc/dyntest.c @@ -50,7 +50,7 @@ main(argc, argv) dbmallopt(MALLOC_REUSE, &arg); o_size = malloc_inuse(&hist1); -#endif +#endif /*@+matchanyintegral@*/ obj = DynCreate(sizeof(char), -8); @@ -58,7 +58,7 @@ main(argc, argv) fprintf(stderr, "test: create failed.\n"); exit(1); } - + if(DynDebug(obj, 1) != DYN_OK) { fprintf(stderr, "test: setting paranoid failed.\n"); exit(1); @@ -67,9 +67,9 @@ main(argc, argv) fprintf(stderr, "test: setting paranoid failed.\n"); exit(1); } - - if ((DynGet(obj, -5) != NULL) || + + if ((DynGet(obj, -5) != NULL) || (DynGet(obj, 0) != NULL) || (DynGet(obj, 1000) != NULL)) { fprintf(stderr, "test: Get did not fail when it should have.\n"); exit(1); @@ -96,7 +96,7 @@ main(argc, argv) fprintf(stderr, "test: appending array failed.\n"); exit(1); } - + if (DynDelete(obj, DynHigh(obj) / 2) != DYN_OK) { fprintf(stderr, "test: deleting element failed.\n"); exit(1); @@ -153,17 +153,17 @@ main(argc, argv) 1) != DYN_OK) { fprintf(stderr, "DynInsert to end failed.\n"); exit(1); - } + } if (DynInsert(obj, 19, insert2, strlen(insert2)) != DYN_OK) { fprintf(stderr, "DynInsert to middle failed.\n"); exit(1); } - + if (DynInsert(obj, 0, insert1, strlen(insert1)+1) != DYN_OK) { fprintf(stderr, "DynInsert to start failed.\n"); exit(1); - } + } data = DynGet(obj, 14 + strlen(insert1) + 1); if (data == NULL) { @@ -194,7 +194,7 @@ main(argc, argv) malloc_list(2, hist1, hist2); } #endif - + printf("All tests pass\n"); return 0; diff --git a/src/lib/rpc/get_myaddress.c b/src/lib/rpc/get_myaddress.c index 6ec0170..caaa87f 100644 --- a/src/lib/rpc/get_myaddress.c +++ b/src/lib/rpc/get_myaddress.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -46,7 +46,7 @@ static char sccsid[] = "@(#)get_myaddress.c 1.4 87/08/11 Copyr 1984 Sun Micro"; #include <sys/socket.h> #include <netinet/in.h> #include <krb5.h> -/* +/* * don't use gethostbyname, which would invoke yellow pages */ int @@ -75,7 +75,7 @@ get_myaddress(struct sockaddr_in *addr) #include <arpa/inet.h> #include <netinet/in.h> -/* +/* * don't use gethostbyname, which would invoke yellow pages */ get_myaddress(struct sockaddr_in *addr) diff --git a/src/lib/rpc/getrpcent.c b/src/lib/rpc/getrpcent.c index 0654039..a30c01d 100644 --- a/src/lib/rpc/getrpcent.c +++ b/src/lib/rpc/getrpcent.c @@ -10,23 +10,23 @@ static char sccsid[] = "@(#)getrpcent.c 1.9 87/08/11 Copyr 1984 Sun Micro"; * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/getrpcport.c b/src/lib/rpc/getrpcport.c index 8688df2..e8398b9 100644 --- a/src/lib/rpc/getrpcport.c +++ b/src/lib/rpc/getrpcport.c @@ -9,23 +9,23 @@ static char sccsid[] = "@(#)getrpcport.c 1.3 87/08/11 SMI"; * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/gssrpcint.h b/src/lib/rpc/gssrpcint.h index c9f03d8..8110596 100644 --- a/src/lib/rpc/gssrpcint.h +++ b/src/lib/rpc/gssrpcint.h @@ -8,7 +8,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +22,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * <<< Description >>> */ diff --git a/src/lib/rpc/pmap_clnt.c b/src/lib/rpc/pmap_clnt.c index affac9f..eeb5019 100644 --- a/src/lib/rpc/pmap_clnt.c +++ b/src/lib/rpc/pmap_clnt.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/pmap_getmaps.c b/src/lib/rpc/pmap_getmaps.c index 36997c2..e961ac9 100644 --- a/src/lib/rpc/pmap_getmaps.c +++ b/src/lib/rpc/pmap_getmaps.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/pmap_getport.c b/src/lib/rpc/pmap_getport.c index 998a081..147bbec 100644 --- a/src/lib/rpc/pmap_getport.c +++ b/src/lib/rpc/pmap_getport.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/pmap_prot.c b/src/lib/rpc/pmap_prot.c index 0f39f91..46fcfd6 100644 --- a/src/lib/rpc/pmap_prot.c +++ b/src/lib/rpc/pmap_prot.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -47,8 +47,8 @@ bool_t xdr_pmap(XDR *xdrs, struct pmap *regs) { - if (xdr_rpcprog(xdrs, ®s->pm_prog) && - xdr_rpcvers(xdrs, ®s->pm_vers) && + if (xdr_rpcprog(xdrs, ®s->pm_prog) && + xdr_rpcvers(xdrs, ®s->pm_vers) && xdr_rpcprot(xdrs, ®s->pm_prot)) return (xdr_rpcport(xdrs, ®s->pm_port)); return (FALSE); diff --git a/src/lib/rpc/pmap_prot2.c b/src/lib/rpc/pmap_prot2.c index 13dc1af..491dc40 100644 --- a/src/lib/rpc/pmap_prot2.c +++ b/src/lib/rpc/pmap_prot2.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -43,7 +43,7 @@ static char sccsid[] = "@(#)pmap_prot2.c 1.3 87/08/11 Copyr 1984 Sun Micro"; #include <gssrpc/pmap_prot.h> -/* +/* * What is going on with linked lists? (!) * First recall the link list declaration from pmap_prot.h: * @@ -52,11 +52,11 @@ static char sccsid[] = "@(#)pmap_prot2.c 1.3 87/08/11 Copyr 1984 Sun Micro"; * struct pmaplist *pml_map; * }; * - * Compare that declaration with a corresponding xdr declaration that + * Compare that declaration with a corresponding xdr declaration that * is (a) pointer-less, and (b) recursive: * * typedef union switch (bool_t) { - * + * * case TRUE: struct { * struct pmap; * pmaplist_t foo; @@ -69,8 +69,8 @@ static char sccsid[] = "@(#)pmap_prot2.c 1.3 87/08/11 Copyr 1984 Sun Micro"; * the C declaration has no bool_t variable. The bool_t can be * interpreted as ``more data follows me''; if FALSE then nothing * follows this bool_t; if TRUE then the bool_t is followed by - * an actual struct pmap, and then (recursively) by the - * xdr union, pamplist_t. + * an actual struct pmap, and then (recursively) by the + * xdr union, pamplist_t. * * This could be implemented via the xdr_union primitive, though this * would cause a one recursive call per element in the list. Rather than do @@ -105,7 +105,7 @@ xdr_pmaplist(register XDR *xdrs, register struct pmaplist **rp) * before we free the current object ... */ if (freeing) - next = &((*rp)->pml_next); + next = &((*rp)->pml_next); if (! xdr_reference(xdrs, (caddr_t *)rp, (u_int)sizeof(struct pmaplist), xdr_pmap)) return (FALSE); diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c index dbe597d..ee630d2 100644 --- a/src/lib/rpc/pmap_rmt.c +++ b/src/lib/rpc/pmap_rmt.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -171,7 +171,7 @@ xdr_rmtcallres( /* * The following is kludged-up support for simple rpc broadcasts. - * Someday a large, complicated system will replace these trivial + * Someday a large, complicated system will replace these trivial * routines which only support udp/ip . */ @@ -216,7 +216,7 @@ getbroadcastnets( (sockin->sin_addr), #else /* hpux or solaris */ (sockin->sin_addr.s_addr), -#endif +#endif INADDR_ANY); #endif } else { @@ -232,7 +232,7 @@ getbroadcastnets( return (i); } -enum clnt_stat +enum clnt_stat clnt_broadcast( rpcprog_t prog, /* program number */ rpcvers_t vers, /* version number */ @@ -268,7 +268,7 @@ clnt_broadcast( struct rmtcallargs a; struct rmtcallres r; struct rpc_msg msg; - struct timeval t, t2; + struct timeval t, t2; char outbuf[MAX_BROADCAST_SIZE]; #ifndef MAX #define MAX(A,B) ((A)<(B)?(B):(A)) @@ -355,7 +355,7 @@ clnt_broadcast( msg.acpted_rply.ar_results.proc = xdr_rmtcallres; readfds = mask; t2 = t; - switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL, + switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL, (fd_set *)NULL, &t2)) { case 0: /* timed out */ @@ -421,4 +421,3 @@ done_broad: AUTH_DESTROY(unix_auth); return (stat); } - diff --git a/src/lib/rpc/rpc_callmsg.c b/src/lib/rpc/rpc_callmsg.c index 2e4789a..233fc7d 100644 --- a/src/lib/rpc/rpc_callmsg.c +++ b/src/lib/rpc/rpc_callmsg.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -131,7 +131,7 @@ xdr_callmsg(register XDR *xdrs, register struct rpc_msg *cmsg) return (FALSE); } } else { - memmove(oa->oa_base, (caddr_t)buf, + memmove(oa->oa_base, (caddr_t)buf, oa->oa_length); /* no real need.... buf += RNDUP(oa->oa_length) / @@ -167,7 +167,7 @@ xdr_callmsg(register XDR *xdrs, register struct rpc_msg *cmsg) return (FALSE); } } else { - memmove(oa->oa_base, (caddr_t) buf, + memmove(oa->oa_base, (caddr_t) buf, oa->oa_length); /* no real need... buf += RNDUP(oa->oa_length) / @@ -191,4 +191,3 @@ xdr_callmsg(register XDR *xdrs, register struct rpc_msg *cmsg) return (xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_verf))); return (FALSE); } - diff --git a/src/lib/rpc/rpc_commondata.c b/src/lib/rpc/rpc_commondata.c index 882b6a4..6da7ac8 100644 --- a/src/lib/rpc/rpc_commondata.c +++ b/src/lib/rpc/rpc_commondata.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/rpc_dtablesize.c b/src/lib/rpc/rpc_dtablesize.c index c7d2329..a933e8e 100644 --- a/src/lib/rpc/rpc_dtablesize.c +++ b/src/lib/rpc/rpc_dtablesize.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -38,17 +38,17 @@ static char sccsid[] = "@(#)rpc_dtablesize.c 1.2 87/08/11 Copyr 1987 Sun Micro"; * Cache the result of getdtablesize(), so we don't have to do an * expensive system call every time. */ -int +int gssrpc__rpc_dtablesize(void) { static int size; - + if (size == 0) { #ifdef _SC_OPEN_MAX size = (int) sysconf(_SC_OPEN_MAX); -#else +#else size = getdtablesize(); -#endif +#endif /* sysconf() can return a number larger than what will fit in an fd_set. we can't use fd's larger than this, anyway. */ diff --git a/src/lib/rpc/rpc_prot.c b/src/lib/rpc/rpc_prot.c index 17e26b1..b66d666 100644 --- a/src/lib/rpc/rpc_prot.c +++ b/src/lib/rpc/rpc_prot.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -78,7 +78,7 @@ xdr_des_block(XDR *xdrs, des_block *blkp) /* * XDR the MSG_ACCEPTED part of a reply message union */ -bool_t +bool_t xdr_accepted_reply(XDR *xdrs, struct accepted_reply *ar) { @@ -109,7 +109,7 @@ xdr_accepted_reply(XDR *xdrs, struct accepted_reply *ar) /* * XDR the MSG_DENIED part of a reply message union */ -bool_t +bool_t xdr_rejected_reply(XDR *xdrs, struct rejected_reply *rr) { @@ -141,7 +141,7 @@ bool_t xdr_replymsg(XDR *xdrs, struct rpc_msg *rmsg) { if ( - xdr_u_int32(xdrs, &(rmsg->rm_xid)) && + xdr_u_int32(xdrs, &(rmsg->rm_xid)) && xdr_enum(xdrs, (enum_t *)&(rmsg->rm_direction)) && (rmsg->rm_direction == REPLY) ) return (xdr_union(xdrs, (enum_t *)&(rmsg->rm_reply.rp_stat), @@ -209,7 +209,7 @@ accepted(enum accept_stat acpt_stat, struct rpc_err *error) error->re_lb.s2 = (int32_t)acpt_stat; } -static void +static void rejected(enum reject_stat rjct_stat, struct rpc_err *error) { diff --git a/src/lib/rpc/svc.c b/src/lib/rpc/svc.c index 25b13f6..86179c6 100644 --- a/src/lib/rpc/svc.c +++ b/src/lib/rpc/svc.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -123,11 +123,11 @@ xprt_register(SVCXPRT *xprt) } /* - * De-activate a transport handle. + * De-activate a transport handle. */ void xprt_unregister(SVCXPRT *xprt) -{ +{ register int sock = xprt->xp_sock; #ifdef FD_SETSIZE @@ -246,15 +246,15 @@ svc_sendreply( xdrproc_t xdr_results, caddr_t xdr_location) { - struct rpc_msg rply; + struct rpc_msg rply; - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; - rply.acpted_rply.ar_verf = xprt->xp_verf; + rply.rm_direction = REPLY; + rply.rm_reply.rp_stat = MSG_ACCEPTED; + rply.acpted_rply.ar_verf = xprt->xp_verf; rply.acpted_rply.ar_stat = SUCCESS; rply.acpted_rply.ar_results.where = xdr_location; rply.acpted_rply.ar_results.proc = xdr_results; - return (SVC_REPLY(xprt, &rply)); + return (SVC_REPLY(xprt, &rply)); } /* @@ -278,13 +278,13 @@ svcerr_noproc(register SVCXPRT *xprt) void svcerr_decode(register SVCXPRT *xprt) { - struct rpc_msg rply; + struct rpc_msg rply; - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; + rply.rm_direction = REPLY; + rply.rm_reply.rp_stat = MSG_ACCEPTED; rply.acpted_rply.ar_verf = xprt->xp_verf; rply.acpted_rply.ar_stat = GARBAGE_ARGS; - SVC_REPLY(xprt, &rply); + SVC_REPLY(xprt, &rply); } /* @@ -293,13 +293,13 @@ svcerr_decode(register SVCXPRT *xprt) void svcerr_systemerr(register SVCXPRT *xprt) { - struct rpc_msg rply; + struct rpc_msg rply; - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; + rply.rm_direction = REPLY; + rply.rm_reply.rp_stat = MSG_ACCEPTED; rply.acpted_rply.ar_verf = xprt->xp_verf; rply.acpted_rply.ar_stat = SYSTEM_ERR; - SVC_REPLY(xprt, &rply); + SVC_REPLY(xprt, &rply); } /* @@ -332,14 +332,14 @@ svcerr_weakauth(SVCXPRT *xprt) /* * Program unavailable error reply */ -void +void svcerr_noprog(register SVCXPRT *xprt) { - struct rpc_msg rply; + struct rpc_msg rply; - rply.rm_direction = REPLY; - rply.rm_reply.rp_stat = MSG_ACCEPTED; - rply.acpted_rply.ar_verf = xprt->xp_verf; + rply.rm_direction = REPLY; + rply.rm_reply.rp_stat = MSG_ACCEPTED; + rply.acpted_rply.ar_verf = xprt->xp_verf; rply.acpted_rply.ar_stat = PROG_UNAVAIL; SVC_REPLY(xprt, &rply); } @@ -347,7 +347,7 @@ svcerr_noprog(register SVCXPRT *xprt) /* * Program version mismatch error reply */ -void +void svcerr_progvers( register SVCXPRT *xprt, rpcvers_t low_vers, @@ -374,9 +374,9 @@ svcerr_progvers( * the "raw" parameters (msg.rm_call.cb_cred and msg.rm_call.cb_verf) and * the "cooked" credentials (rqst->rq_clntcred). * However, this function does not know the structure of the cooked - * credentials, so it make the following assumptions: + * credentials, so it make the following assumptions: * a) the structure is contiguous (no pointers), and - * b) the cred structure size does not exceed RQCRED_SIZE bytes. + * b) the cred structure size does not exceed RQCRED_SIZE bytes. * In all events, all three parameters are freed upon exit from this routine. * The storage is trivially management on the call stack in user land, but * is mallocated in kernel land. diff --git a/src/lib/rpc/svc_auth.c b/src/lib/rpc/svc_auth.c index 8732619..de77e4d 100644 --- a/src/lib/rpc/svc_auth.c +++ b/src/lib/rpc/svc_auth.c @@ -8,11 +8,11 @@ static char sccsid[] = "@(#)svc_auth.c 2.1 88/08/07 4.0 RPCSRC; from 1.19 87/08/ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. @@ -42,12 +42,12 @@ static char sccsid[] = "@(#)svc_auth.c 2.1 88/08/07 4.0 RPCSRC; from 1.19 87/08/ /* * Server side authenticators are called from authenticate by * using the client auth struct flavor field to index into svcauthsw. - * The server auth flavors must implement a routine that looks - * like: - * + * The server auth flavors must implement a routine that looks + * like: + * * enum auth_stat * flavorx_auth(rqst, msg) - * register struct svc_req *rqst; + * register struct svc_req *rqst; * register struct rpc_msg *msg; * */ @@ -104,6 +104,6 @@ gssrpc__authenticate( no_dispatch)); } } - + return (AUTH_REJECTEDCRED); } diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c index 990e7fa..cac5702 100644 --- a/src/lib/rpc/svc_auth_gss.c +++ b/src/lib/rpc/svc_auth_gss.c @@ -1,6 +1,6 @@ /* svc_auth_gss.c - + Copyright (c) 2000 The Regents of the University of Michigan. All rights reserved. @@ -160,7 +160,7 @@ svcauth_gss_acquire_cred(void) maj_stat = gss_acquire_cred(&min_stat, svcauth_gss_name, 0, GSS_C_NULL_OID_SET, GSS_C_ACCEPT, &svcauth_gss_creds, NULL, NULL); - + if (maj_stat != GSS_S_COMPLETE) { log_status("gss_acquire_cred", maj_stat, min_stat); return (FALSE); @@ -172,18 +172,18 @@ static bool_t svcauth_gss_release_cred(void) { OM_uint32 maj_stat, min_stat; - + log_debug("in svcauth_gss_release_cred()"); - + maj_stat = gss_release_cred(&min_stat, &svcauth_gss_creds); - + if (maj_stat != GSS_S_COMPLETE) { log_status("gss_release_cred", maj_stat, min_stat); return (FALSE); } - + svcauth_gss_creds = NULL; - + return (TRUE); } @@ -198,14 +198,14 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq; log_debug("in svcauth_gss_accept_context()"); - + gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); gc = (struct rpc_gss_cred *)rqst->rq_clntcred; memset(gr, 0, sizeof(*gr)); /* Deserialize arguments. */ memset(&recv_tok, 0, sizeof(recv_tok)); - + if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args, (caddr_t)&recv_tok)) return (FALSE); @@ -237,7 +237,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, goto errout; } /* - * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers, + * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers, * one to the mechanism oid, one to the internal_ctx_id */ if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) { @@ -249,7 +249,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, /* gr->gr_win = 0x00000005; ANDROS: for debugging linux kernel version... */ gr->gr_win = sizeof(gd->seqmask) * 8; - + /* Save client info. */ gd->sec.mech = mech; gd->sec.qop = GSS_C_QOP_DEFAULT; @@ -265,7 +265,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, maj_stat = gss_display_name(&min_stat, gd->client_name, &gd->cname, &gd->sec.mech); #ifdef SPKM - } + } #endif if (maj_stat != GSS_S_COMPLETE) { log_status("display_name", maj_stat, min_stat); @@ -282,7 +282,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, gss_buffer_desc mechname; gss_oid_to_str(&min_stat, mech, &mechname); - + log_debug("accepted context for %.*s with " "<mech %.*s, qop %d, svc %d>", gd->cname.length, (char *)gd->cname.value, @@ -304,8 +304,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, if (maj_stat != GSS_S_COMPLETE) { goto errout; } - - + + rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; rqst->rq_xprt->xp_verf.oa_base = gd->checksum.value; rqst->rq_xprt->xp_verf.oa_length = gd->checksum.length; @@ -326,7 +326,7 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r int32_t *buf; log_debug("in svcauth_gss_validate()"); - + memset(rpchdr, 0, sizeof(rpchdr)); /* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */ @@ -357,10 +357,10 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r checksum.value = msg->rm_call.cb_verf.oa_base; checksum.length = msg->rm_call.cb_verf.oa_length; - + maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum, &qop_state); - + if (maj_stat != GSS_S_COMPLETE) { log_status("gss_verify_mic", maj_stat, min_stat); if (log_badverf != NULL) @@ -383,7 +383,7 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) if (rqst->rq_xprt->xp_auth == NULL) return (FALSE); - + gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); gss_release_buffer(&min_stat, &gd->checksum); @@ -401,7 +401,7 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; rqst->rq_xprt->xp_verf.oa_base = (caddr_t)gd->checksum.value; rqst->rq_xprt->xp_verf.oa_length = (u_int)gd->checksum.length; - + return (TRUE); } @@ -419,7 +419,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, OM_uint32 min_stat; log_debug("in svcauth_gss()"); - + /* Initialize reply. */ rqst->rq_xprt->xp_verf = gssrpc__null_auth; @@ -445,7 +445,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, /* Deserialize client credentials. */ if (rqst->rq_cred.oa_length <= 0) return (AUTH_BADCRED); - + gc = (struct rpc_gss_cred *)rqst->rq_clntcred; memset(gc, 0, sizeof(*gc)); @@ -455,7 +455,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, xdrmem_create(&xdrs, rqst->rq_cred.oa_base, rqst->rq_cred.oa_length, XDR_DECODE); log_debug("xdrmem_create() returned"); - + if (!xdr_rpc_gss_cred(&xdrs, gc)) { log_debug("xdr_rpc_gss_cred() failed"); XDR_DESTROY(&xdrs); @@ -495,7 +495,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, gd->seq = gc->gc_seq; gd->seqmask |= (1 << offset); } - + if (gd->established) { rqst->rq_clntname = (char *)gd->client_name; rqst->rq_svccred = (char *)gd->ctx; @@ -511,7 +511,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, if (!svcauth_gss_acquire_cred()) ret_freegc (AUTH_FAILED); - + if (!svcauth_gss_accept_sec_context(rqst, &gr)) ret_freegc (AUTH_REJECTEDCRED); @@ -522,7 +522,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, ret_freegc (AUTH_FAILED); } *no_dispatch = TRUE; - + call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res, (caddr_t)&gr); @@ -534,24 +534,24 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, if (gr.gr_major == GSS_S_COMPLETE) gd->established = TRUE; - + break; - + case RPCSEC_GSS_DATA: if (!svcauth_gss_validate(rqst, gd, msg)) ret_freegc (RPCSEC_GSS_CREDPROBLEM); - + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) ret_freegc (AUTH_FAILED); break; - + case RPCSEC_GSS_DESTROY: if (rqst->rq_proc != NULLPROC) ret_freegc (AUTH_FAILED); /* XXX ? */ if (!svcauth_gss_validate(rqst, gd, msg)) ret_freegc (RPCSEC_GSS_CREDPROBLEM); - + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) ret_freegc (AUTH_FAILED); @@ -564,7 +564,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, if (!svcauth_gss_release_cred()) ret_freegc (AUTH_FAILED); - + SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth); rqst->rq_xprt->xp_auth = &svc_auth_none; @@ -588,9 +588,9 @@ svcauth_gss_destroy(SVCAUTH *auth) OM_uint32 min_stat; log_debug("in svcauth_gss_destroy()"); - + gd = SVCAUTH_PRIVATE(auth); - + gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER); gss_release_buffer(&min_stat, &gd->cname); gss_release_buffer(&min_stat, &gd->checksum); @@ -600,7 +600,7 @@ svcauth_gss_destroy(SVCAUTH *auth) mem_free(gd, sizeof(*gd)); mem_free(auth, sizeof(*auth)); - + return (TRUE); } @@ -608,11 +608,11 @@ static bool_t svcauth_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr) { struct svc_rpc_gss_data *gd; - + log_debug("in svcauth_gss_wrap()"); gd = SVCAUTH_PRIVATE(auth); - + if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { return ((*xdr_func)(xdrs, xdr_ptr)); } @@ -627,7 +627,7 @@ svcauth_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr struct svc_rpc_gss_data *gd; log_debug("in svcauth_gss_unwrap()"); - + gd = SVCAUTH_PRIVATE(auth); if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) { diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c index e14a581..9688b8c 100644 --- a/src/lib/rpc/svc_auth_gssapi.c +++ b/src/lib/rpc/svc_auth_gssapi.c @@ -162,20 +162,20 @@ enum auth_stat gssrpc__svcauth_gssapi( uint32_t seq_num; PRINTF(("svcauth_gssapi: starting\n")); - + /* clean up expired entries */ clean_client(); /* use AUTH_NONE until there is a client_handle */ rqst->rq_xprt->xp_auth = &svc_auth_none; - + memset(&call_res, 0, sizeof(call_res)); creds.client_handle.length = 0; creds.client_handle.value = NULL; - + cred = &msg->rm_call.cb_cred; verf = &msg->rm_call.cb_verf; - + if (cred->oa_length == 0) { PRINTF(("svcauth_gssapi: empty creds, failing\n")); LOG_MISCERR("empty client credentials"); @@ -184,7 +184,7 @@ enum auth_stat gssrpc__svcauth_gssapi( } PRINTF(("svcauth_gssapi: decoding credentials\n")); - xdrmem_create(&xdrs, cred->oa_base, cred->oa_length, XDR_DECODE); + xdrmem_create(&xdrs, cred->oa_base, cred->oa_length, XDR_DECODE); memset(&creds, 0, sizeof(creds)); if (! xdr_authgssapi_creds(&xdrs, &creds)) { PRINTF(("svcauth_gssapi: failed decoding creds\n")); @@ -217,7 +217,7 @@ enum auth_stat gssrpc__svcauth_gssapi( } } #endif - + /* * If this is an auth_msg and proc is GSSAPI_INIT, then create a * client handle for this client. Otherwise, look up the @@ -230,9 +230,9 @@ enum auth_stat gssrpc__svcauth_gssapi( ret = AUTH_FAILED; goto error; } - + PRINTF(("svcauth_gssapi: GSSAPI_INIT, creating client.\n")); - + client_data = create_client(); if (client_data == NULL) { PRINTF(("svcauth_gssapi: create_client failed\n")); @@ -247,8 +247,8 @@ enum auth_stat gssrpc__svcauth_gssapi( ret = AUTH_FAILED; goto error; } - - PRINTF(("svcauth_gssapi: incoming client_handle %d, len %d\n", + + PRINTF(("svcauth_gssapi: incoming client_handle %d, len %d\n", *((uint32_t *) creds.client_handle.value), (int) creds.client_handle.length)); @@ -265,7 +265,7 @@ enum auth_stat gssrpc__svcauth_gssapi( /* any response we send will use client_handle, so set it now */ call_res.client_handle.length = sizeof(client_data->key); call_res.client_handle.value = (char *) &client_data->key; - + /* mark this call as using AUTH_GSSAPI via client_data's SVCAUTH */ rqst->rq_xprt->xp_auth = &client_data->svcauth; @@ -304,7 +304,7 @@ enum auth_stat gssrpc__svcauth_gssapi( /* * Process the call arg version number. - * + * * Set the krb5_gss backwards-compatibility mode based on client * version. This controls whether the AP_REP message is * encrypted with the session key (version 2+, correct) or the @@ -369,7 +369,7 @@ enum auth_stat gssrpc__svcauth_gssapi( * If accept_sec_context returns something other than * success and GSS_S_FAILURE, then assume different * credentials won't help and stop looping. - * + * * Note that there are really two cases here: (1) the client * has a server_creds already, and (2) it does not. They * are both written in the same loop so that there is only @@ -384,7 +384,7 @@ enum auth_stat gssrpc__svcauth_gssapi( PRINTF(("svcauth_gssapi: trying creds %d\n", i)); server_creds = server_creds_list[i]; } - + /* Free previous output_token from loop */ if(i != 0) gss_release_buffer(&minor_stat, &output_token); @@ -428,7 +428,7 @@ enum auth_stat gssrpc__svcauth_gssapi( break; } } - + gssstat = call_res.gss_major; minor_stat = call_res.gss_minor; @@ -448,7 +448,7 @@ enum auth_stat gssrpc__svcauth_gssapi( call_res.gss_minor, &rqst->rq_xprt->xp_raddr, log_badauth_data); - + gss_release_buffer(&minor_stat, &output_token); svc_sendreply(rqst->rq_xprt, xdr_authgssapi_init_res, (caddr_t) &call_res); @@ -456,7 +456,7 @@ enum auth_stat gssrpc__svcauth_gssapi( ret = AUTH_OK; goto error; } - + if (output_token.length != 0) { PRINTF(("svcauth_gssapi: got new output token\n")); GSS_COPY_BUFFER(call_res.token, output_token); @@ -468,7 +468,7 @@ enum auth_stat gssrpc__svcauth_gssapi( (time_rec == GSS_C_INDEFINITE ? INDEF_EXPIRE : time_rec) + time(0)); - PRINTF(("svcauth_gssapi: context established, isn %d\n", + PRINTF(("svcauth_gssapi: context established, isn %d\n", client_data->seq_num)); if (auth_gssapi_seal_seq(client_data->context, @@ -503,17 +503,17 @@ enum auth_stat gssrpc__svcauth_gssapi( /* check the verifier */ PRINTF(("svcauth_gssapi: checking verifier, len %d\n", verf->oa_length)); - + in_buf.length = verf->oa_length; in_buf.value = verf->oa_base; - + if (auth_gssapi_unseal_seq(client_data->context, &in_buf, &seq_num) == FALSE) { ret = AUTH_BADVERF; LOG_MISCERR("internal error unsealing sequence number"); goto error; } - + if (seq_num != client_data->seq_num + 1) { PRINTF(("svcauth_gssapi: expected isn %d, got %d\n", client_data->seq_num + 1, seq_num)); @@ -521,12 +521,12 @@ enum auth_stat gssrpc__svcauth_gssapi( (*log_badverf)(client_data->client_name, client_data->server_name, rqst, msg, log_badverf_data); - + ret = AUTH_REJECTEDVERF; goto error; } client_data->seq_num++; - + PRINTF(("svcauth_gssapi: seq_num %d okay\n", seq_num)); /* free previous response verifier, if any */ @@ -534,7 +534,7 @@ enum auth_stat gssrpc__svcauth_gssapi( gss_release_buffer(&minor_stat, &client_data->prev_verf); client_data->prev_verf.length = 0; } - + /* prepare response verifier */ seq_num = client_data->seq_num + 1; if (auth_gssapi_seal_seq(client_data->context, seq_num, @@ -543,17 +543,17 @@ enum auth_stat gssrpc__svcauth_gssapi( LOG_MISCERR("internal error sealing sequence number"); goto error; } - + client_data->seq_num++; - + PRINTF(("svcauth_gssapi; response seq_num %d\n", seq_num)); - + rqst->rq_xprt->xp_verf.oa_flavor = AUTH_GSSAPI; - rqst->rq_xprt->xp_verf.oa_base = out_buf.value; + rqst->rq_xprt->xp_verf.oa_base = out_buf.value; rqst->rq_xprt->xp_verf.oa_length = out_buf.length; /* save verifier so it can be freed next time */ - client_data->prev_verf.value = out_buf.value; + client_data->prev_verf.value = out_buf.value; client_data->prev_verf.length = out_buf.length; /* @@ -590,7 +590,7 @@ enum auth_stat gssrpc__svcauth_gssapi( /* done with call args */ xdr_free(xdr_authgssapi_init_arg, &call_arg); - + if (gssstat != GSS_S_COMPLETE) { AUTH_GSSAPI_DISPLAY_STATUS(("processing token", gssstat, minor_stat)); @@ -604,7 +604,7 @@ enum auth_stat gssrpc__svcauth_gssapi( case AUTH_GSSAPI_DESTROY: PRINTF(("svcauth_gssapi: GSSAPI_DESTROY\n")); - + PRINTF(("svcauth_gssapi: sending reply\n")); svc_sendreply(rqst->rq_xprt, xdr_void, NULL); *no_dispatch = TRUE; @@ -634,7 +634,7 @@ enum auth_stat gssrpc__svcauth_gssapi( (int) creds.client_handle.length)); xdr_free(xdr_authgssapi_creds, &creds); } - + PRINTF(("\n")); return AUTH_OK; @@ -644,7 +644,7 @@ error: (int) creds.client_handle.length)); xdr_free(xdr_authgssapi_creds, &creds); } - + PRINTF(("\n")); return ret; } @@ -664,7 +664,7 @@ static void cleanup(void) } exit(0); -} +} /* * Function: create_client @@ -675,7 +675,7 @@ static void cleanup(void) * Returns: the new client_data structure, or NULL on failure. * * Effects: - * + * * A new client_data is created and stored in the hash table and * b-tree. A new key that is unique in the current database is * chosen; this key should be used as the client's client_handle. @@ -685,41 +685,41 @@ static svc_auth_gssapi_data *create_client(void) client_list *c; svc_auth_gssapi_data *client_data; static int client_key = 1; - + PRINTF(("svcauth_gssapi: empty creds, creating\n")); client_data = (svc_auth_gssapi_data *) malloc(sizeof(*client_data)); if (client_data == NULL) return NULL; memset(client_data, 0, sizeof(*client_data)); - L_PRINTF(2, ("create_client: new client_data = %p\n", + L_PRINTF(2, ("create_client: new client_data = %p\n", (void *) client_data)); - + /* set up client data structure */ client_data->established = 0; client_data->context = GSS_C_NO_CONTEXT; client_data->expiration = time(0) + INITIATION_TIMEOUT; - + /* set up psycho-recursive SVCAUTH hack */ client_data->svcauth.svc_ah_ops = &svc_auth_gssapi_ops; client_data->svcauth.svc_ah_private = (caddr_t) client_data; client_data->key = client_key++; - + c = (client_list *) malloc(sizeof(client_list)); if (c == NULL) return NULL; c->client = client_data; c->next = NULL; - - + + if (clients == NULL) clients = c; else { c->next = clients; clients = c; } - + PRINTF(("svcauth_gssapi: new handle %d\n", client_data->key)); L_PRINTF(2, ("create_client: done\n")); @@ -773,18 +773,18 @@ static svc_auth_gssapi_data *get_client(gss_buffer_t client_handle) { client_list *c; uint32_t handle; - + memcpy(&handle, client_handle->value, 4); - + L_PRINTF(2, ("get_client: looking for client %d\n", handle)); - + c = clients; while (c) { if (c->client->key == handle) return c->client; c = c->next; } - + L_PRINTF(2, ("get_client: client_handle lookup failed\n")); return NULL; } @@ -825,7 +825,7 @@ static void destroy_client(svc_auth_gssapi_data *client_data) if (gssstat != GSS_S_COMPLETE) AUTH_GSSAPI_DISPLAY_STATUS(("deleting context", gssstat, minor_stat)); - + gss_release_buffer(&minor_stat, &out_buf); gss_release_name(&minor_stat, &client_data->client_name); if (client_data->prev_verf.length != 0) @@ -854,13 +854,13 @@ static void destroy_client(svc_auth_gssapi_data *client_data) PRINTF(("destroy_client: client_handle delete failed\n")); abort(); } - + done: - + L_PRINTF(2, ("destroy_client: client %d destroyed\n", client_data->key)); - + free(client_data); - + #if 0 /*ifdef PURIFY*/ purify_watch_n(client_data, sizeof(*client_data), "rw"); #endif @@ -894,10 +894,10 @@ static void clean_client(void) c = clients; while (c) { client_data = c->client; - + L_PRINTF(2, ("clean_client: client_data = %p\n", (void *) client_data)); - + if (client_data->expiration < time(0)) { PRINTF(("clean_client: client %d expired\n", client_data->key)); @@ -926,28 +926,28 @@ bool_t svcauth_gssapi_set_names( OM_uint32 gssstat, minor_stat; gss_buffer_desc in_buf; int i; - + if (num == 0) for (; names[num].name != NULL; num++) ; server_creds_list = NULL; server_name_list = NULL; - + server_creds_list = (gss_cred_id_t *) malloc(num*sizeof(gss_cred_id_t)); if (server_creds_list == NULL) goto fail; server_name_list = (gss_name_t *) malloc(num*sizeof(gss_name_t)); if (server_name_list == NULL) goto fail; - + for (i = 0; i < num; i++) { server_name_list[i] = 0; server_creds_list[i] = 0; } server_creds_count = num; - + for (i = 0; i < num; i++) { in_buf.value = names[i].name; in_buf.length = strlen(in_buf.value) + 1; @@ -955,8 +955,8 @@ bool_t svcauth_gssapi_set_names( PRINTF(("svcauth_gssapi_set_names: importing %s\n", names[i].name)); gssstat = gss_import_name(&minor_stat, &in_buf, names[i].type, - &server_name_list[i]); - + &server_name_list[i]); + if (gssstat != GSS_S_COMPLETE) { AUTH_GSSAPI_DISPLAY_STATUS(("importing name", gssstat, minor_stat)); diff --git a/src/lib/rpc/svc_auth_none.c b/src/lib/rpc/svc_auth_none.c index 2df9580..ab9942e 100644 --- a/src/lib/rpc/svc_auth_none.c +++ b/src/lib/rpc/svc_auth_none.c @@ -1,6 +1,6 @@ /* svc_auth_none.c - + Copyright (c) 2000 The Regents of the University of Michigan. All rights reserved. @@ -70,6 +70,6 @@ gssrpc__svcauth_none(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) { rqst->rq_xprt->xp_auth = &svc_auth_none; - + return (AUTH_OK); } diff --git a/src/lib/rpc/svc_auth_unix.c b/src/lib/rpc/svc_auth_unix.c index 016644b..160188e 100644 --- a/src/lib/rpc/svc_auth_unix.c +++ b/src/lib/rpc/svc_auth_unix.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -68,7 +68,7 @@ gssrpc__svcauth_unix( register int i; rqst->rq_xprt->xp_auth = &svc_auth_none; - + area = (struct area *) rqst->rq_clntcred; aup = &area->area_aup; aup->aup_machname = area->area_machname; @@ -130,7 +130,7 @@ done: * Looks up longhand in a cache. */ /*ARGSUSED*/ -enum auth_stat +enum auth_stat gssrpc__svcauth_short( struct svc_req *rqst, struct rpc_msg *msg, diff --git a/src/lib/rpc/svc_raw.c b/src/lib/rpc/svc_raw.c index d2507ae..8ca65cb 100644 --- a/src/lib/rpc/svc_raw.c +++ b/src/lib/rpc/svc_raw.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -143,7 +143,7 @@ svcraw_getargs(SVCXPRT *xprt, xdrproc_t xdr_args, void *args_ptr) static bool_t svcraw_freeargs(SVCXPRT *xprt, xdrproc_t xdr_args, void *args_ptr) -{ +{ register struct svcraw_private *srp = svcraw_private; register XDR *xdrs; @@ -152,7 +152,7 @@ svcraw_freeargs(SVCXPRT *xprt, xdrproc_t xdr_args, void *args_ptr) xdrs = &srp->xdr_stream; xdrs->x_op = XDR_FREE; return ((*xdr_args)(xdrs, args_ptr)); -} +} static void svcraw_destroy(SVCXPRT *xprt) diff --git a/src/lib/rpc/svc_run.c b/src/lib/rpc/svc_run.c index b661f88..43d6f05 100644 --- a/src/lib/rpc/svc_run.c +++ b/src/lib/rpc/svc_run.c @@ -10,23 +10,23 @@ static char sccsid[] = "@(#)svc_run.c 1.1 87/10/13 Copyr 1984 Sun Micro"; * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/svc_simple.c b/src/lib/rpc/svc_simple.c index 6ae85ce..64e720c 100644 --- a/src/lib/rpc/svc_simple.c +++ b/src/lib/rpc/svc_simple.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -31,7 +31,7 @@ static char sccsid[] = "@(#)svc_simple.c 1.18 87/08/11 Copyr 1984 Sun Micro"; #endif -/* +/* * svc_simple.c * Simplified front end to rpc. * @@ -65,7 +65,7 @@ registerrpc( xdrproc_t outproc) { struct proglst *pl; - + if (procnum == NULLPROC) { (void) fprintf(stderr, "can't reassign procedure number %d\n", NULLPROC); @@ -109,7 +109,7 @@ universal( char xdrbuf[UDPMSGSIZE]; struct proglst *pl; - /* + /* * enforce "procnum 0 is echo" convention */ if (rqstp->rq_proc == NULLPROC) { @@ -146,4 +146,3 @@ universal( (void) fprintf(stderr, "never registered prog %d\n", prog); exit(1); } - diff --git a/src/lib/rpc/svc_tcp.c b/src/lib/rpc/svc_tcp.c index 46c207a..796627f 100644 --- a/src/lib/rpc/svc_tcp.c +++ b/src/lib/rpc/svc_tcp.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -32,7 +32,7 @@ static char sccsid[] = "@(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro"; #endif /* - * svc_tcp.c, Server side for TCP/IP based RPC. + * svc_tcp.c, Server side for TCP/IP based RPC. * * Copyright (C) 1984, Sun Microsystems, Inc. * @@ -223,7 +223,7 @@ makefd_xprt( { register SVCXPRT *xprt; register struct tcp_conn *cd; - + #ifdef FD_SETSIZE if (fd >= FD_SETSIZE) { (void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n"); @@ -288,7 +288,7 @@ rendezvous_request( set_cloexec_fd(sock); if (getsockname(sock, (struct sockaddr *) &laddr, &llen) < 0) return (FALSE); - + /* * make a new transporter (re-uses xprt) */ @@ -477,7 +477,7 @@ static bool_t svctcp_reply( (struct tcp_conn *)(xprt->xp_p1); register XDR *xdrs = &(cd->xdrs); register bool_t stat; - + xdrproc_t xdr_results; caddr_t xdr_location; bool_t has_args; @@ -487,12 +487,12 @@ static bool_t svctcp_reply( has_args = TRUE; xdr_results = msg->acpted_rply.ar_results.proc; xdr_location = msg->acpted_rply.ar_results.where; - + msg->acpted_rply.ar_results.proc = xdr_void; msg->acpted_rply.ar_results.where = NULL; } else has_args = FALSE; - + xdrs->x_op = XDR_ENCODE; msg->rm_xid = cd->x_id; stat = FALSE; @@ -530,4 +530,3 @@ static bool_t abortx_freeargs( { return abortx(); } - diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c index 232872d..a85bf9a 100644 --- a/src/lib/rpc/svc_udp.c +++ b/src/lib/rpc/svc_udp.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -177,7 +177,7 @@ static enum xprt_stat svcudp_stat(SVCXPRT *xprt) { - return (XPRT_IDLE); + return (XPRT_IDLE); } static bool_t @@ -208,7 +208,7 @@ svcudp_recv( else return (FALSE); } - + xprt->xp_addrlen = sizeof(struct sockaddr_in); rlen = recvfrom(xprt->xp_sock, rpc_buffer(xprt), (int) su->su_iosz, 0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen)); @@ -239,7 +239,7 @@ static bool_t svcudp_reply( register XDR *xdrs = &(su->su_xdrs); register int slen; register bool_t stat = FALSE; - + xdrproc_t xdr_results; caddr_t xdr_location; bool_t has_args; @@ -249,12 +249,12 @@ static bool_t svcudp_reply( has_args = TRUE; xdr_results = msg->acpted_rply.ar_results.proc; xdr_location = msg->acpted_rply.ar_results.where; - + msg->acpted_rply.ar_results.proc = xdr_void; msg->acpted_rply.ar_results.where = NULL; } else has_args = FALSE; - + xdrs->x_op = XDR_ENCODE; XDR_SETPOS(xdrs, 0); msg->rm_xid = su->su_xid; @@ -337,7 +337,7 @@ svcudp_destroy(register SVCXPRT *xprt) (type *) mem_alloc((unsigned) (sizeof(type) * (size))) #define BZERO(addr, type, size) \ - memset(addr, 0, sizeof(type) * (int) (size)) + memset(addr, 0, sizeof(type) * (int) (size)) /* * An entry in the cache @@ -360,7 +360,7 @@ struct cache_node { /* * Next node on the list, if there is a collision */ - cache_ptr cache_next; + cache_ptr cache_next; }; @@ -384,11 +384,11 @@ struct udp_cache { * the hashing function */ #define CACHE_LOC(transp, xid) \ - (xid % (SPARSENESS*((struct udp_cache *) su_data(transp)->su_cache)->uc_size)) + (xid % (SPARSENESS*((struct udp_cache *) su_data(transp)->su_cache)->uc_size)) /* - * Enable use of the cache. + * Enable use of the cache. * Note: there is no disable. */ int @@ -401,7 +401,7 @@ svcudp_enablecache( if (su->su_cache != NULL) { CACHE_PERROR("enablecache: cache already enabled"); - return(0); + return(0); } uc = ALLOC(struct udp_cache, 1); if (uc == NULL) { @@ -435,7 +435,7 @@ cache_set( SVCXPRT *xprt, uint32_t replylen) { - register cache_ptr victim; + register cache_ptr victim; register cache_ptr *vicp; register struct svcudp_data *su = su_data(xprt); struct udp_cache *uc = (struct udp_cache *) su->su_cache; @@ -449,9 +449,9 @@ cache_set( victim = uc->uc_fifo[uc->uc_nextvictim]; if (victim != NULL) { loc = CACHE_LOC(xprt, victim->cache_xid); - for (vicp = &uc->uc_entries[loc]; - *vicp != NULL && *vicp != victim; - vicp = &(*vicp)->cache_next) + for (vicp = &uc->uc_entries[loc]; + *vicp != NULL && *vicp != victim; + vicp = &(*vicp)->cache_next) ; if (*vicp == NULL) { CACHE_PERROR("cache_set: victim not found"); @@ -485,7 +485,7 @@ cache_set( victim->cache_prog = uc->uc_prog; victim->cache_addr = uc->uc_addr; loc = CACHE_LOC(xprt, victim->cache_xid); - victim->cache_next = uc->uc_entries[loc]; + victim->cache_next = uc->uc_entries[loc]; uc->uc_entries[loc] = victim; uc->uc_fifo[uc->uc_nextvictim++] = victim; uc->uc_nextvictim %= uc->uc_size; @@ -531,4 +531,3 @@ cache_get( uc->uc_addr = xprt->xp_raddr; return(0); } - diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c index 662a8c5..df7144a 100644 --- a/src/lib/rpc/unit-test/client.c +++ b/src/lib/rpc/unit-test/client.c @@ -74,7 +74,7 @@ main(argc, argv) count = 1026; auth_once = 0; prot = NULL; - + while ((c = getopt(argc, argv, "a:m:os:tu")) != -1) { switch (c) { case 'a': @@ -120,20 +120,20 @@ main(argc, argv) default: usage(); } - + /* client handle to rstat */ clnt = clnt_create(host, RPC_TEST_PROG, RPC_TEST_VERS_1, prot); if (clnt == NULL) { clnt_pcreateerror(whoami); exit(1); } - + clnt->cl_auth = auth_gssapi_create_default(clnt, target); if (clnt->cl_auth == NULL) { clnt_pcreateerror(whoami); exit(2); } - + /* * Call the echo service multiple times. */ @@ -183,7 +183,7 @@ main(argc, argv) echo_resp = rpc_test_echo_1(&echo_arg, clnt); if (echo_resp == NULL) clnt_perror(clnt, "Sequence number improperly reset"); - + /* * Now simulate a lost server response, and see if * auth_gssapi_refresh recovers. @@ -193,7 +193,7 @@ main(argc, argv) echo_resp = rpc_test_echo_1(&echo_arg, clnt); if (echo_resp == NULL) clnt_perror(clnt, "Auto-resynchronization failed"); - + /* * Now make sure auto-resyncrhonization actually worked */ @@ -207,7 +207,7 @@ main(argc, argv) * unique. Create another context from the same credentials; it * should have the same expiration time and will cause the server * to abort if the clients are not differentiated. - * + * * Test fix for secure-rpc/586, part 2: btree keys cannot be * mutated in place. To test this: a second client, *with a * later expiration time*, must be run. The second client should @@ -238,7 +238,7 @@ main(argc, argv) AUTH_DESTROY(clnt->cl_auth); clnt->cl_auth = tmp_auth; } - + /* * Try RPC calls with argument/result lengths [0, 1025]. Do * this last, since it takes a while.. @@ -258,7 +258,7 @@ main(argc, argv) "RPC_TEST_LENGTHS call %d response wrong\n", i); gssrpc_xdr_free(xdr_wrapstring, echo_resp); } - + /* cycle from 1 to 255 */ buf[i] = (i % 255) + 1; @@ -273,4 +273,3 @@ main(argc, argv) CLNT_DESTROY(clnt); exit(0); } - diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c index e373a33..ee54465 100644 --- a/src/lib/rpc/unit-test/server.c +++ b/src/lib/rpc/unit-test/server.c @@ -68,7 +68,7 @@ main(int argc, char **argv) extern int optind; #ifdef POSIX_SIGNALS struct sigaction sa; -#endif +#endif names[0].name = SERVICE_NAME; names[0].type = (gss_OID) gss_nt_service_name; @@ -118,13 +118,13 @@ main(int argc, char **argv) exit(1); } if (!svc_register(transp, RPC_TEST_PROG, RPC_TEST_VERS_1, - rpc_test_prog_1_svc, prot)) { + rpc_test_prog_1_svc, prot)) { fprintf(stderr, "unable to register (RPC_TEST_PROG, RPC_TEST_VERS_1, %s).", prot == IPPROTO_TCP ? "tcp" : "udp"); exit(1); } - + if (svcauth_gssapi_set_names(names, 0) == FALSE) { fprintf(stderr, "unable to set gssapi names\n"); exit(1); @@ -147,7 +147,7 @@ main(int argc, char **argv) signal(SIGTERM, handlesig); #endif printf("running\n"); - + svc_run(); fprintf(stderr, "svc_run returned"); exit(1); @@ -177,7 +177,7 @@ static void rpc_test_badverf(gss_name_t client, gss_name_t server, printf("rpc_test server: bad verifier from %.*s at %s:%d for %.*s\n", (int) client_name.length, (char *) client_name.value, - inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr), + inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr), ntohs(rqst->rq_xprt->xp_raddr.sin_port), (int) server_name.length, (char *) server_name.value); @@ -205,7 +205,7 @@ void rpc_test_badauth(OM_uint32 major, OM_uint32 minor, struct sockaddr_in *addr, caddr_t data) { char *a; - + /* Authentication attempt failed: <IP address>, <GSS-API error */ /* strings> */ @@ -220,7 +220,7 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, char *error, char *data) { char *a; - + a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr); printf("Miscellaneous RPC error: %s, %s\n", a, error); } @@ -243,19 +243,19 @@ void log_badauth_display_status_1(OM_uint32 code, int type, int rec) &msg_ctx, &msg); if (gssstat != GSS_S_COMPLETE) { if (!rec) { - log_badauth_display_status_1(gssstat,GSS_C_GSS_CODE,1); + log_badauth_display_status_1(gssstat,GSS_C_GSS_CODE,1); log_badauth_display_status_1(minor_stat, GSS_C_MECH_CODE, 1); } else printf("GSS-API authentication error %.*s: " - "recursive failure!\n", (int) msg.length, + "recursive failure!\n", (int) msg.length, (char *)msg.value); return; } - - printf(", %.*s", (int) msg.length, (char *)msg.value); + + printf(", %.*s", (int) msg.length, (char *)msg.value); (void) gss_release_buffer(&minor_stat, &msg); - + if (!msg_ctx) break; } diff --git a/src/lib/rpc/xdr.c b/src/lib/rpc/xdr.c index 5eb6eaa..ff67e90 100644 --- a/src/lib/rpc/xdr.c +++ b/src/lib/rpc/xdr.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -74,7 +74,7 @@ void xdr_free(xdrproc_t proc, void *objp) { XDR x; - + x.x_op = XDR_FREE; (*proc)(&x, objp); } @@ -501,7 +501,7 @@ xdr_int32(XDR *xdrs, int32_t *ip) case XDR_ENCODE: VALGRIND_CHECK_DEFINED(*ip); l = *ip; - return (xdr_long(xdrs, &l)); + return (xdr_long(xdrs, &l)); case XDR_DECODE: if (!xdr_long(xdrs, &l)) { @@ -511,7 +511,7 @@ xdr_int32(XDR *xdrs, int32_t *ip) return (TRUE); case XDR_FREE: - return (TRUE); + return (TRUE); } return (FALSE); } @@ -526,7 +526,7 @@ xdr_u_int32(XDR *xdrs, uint32_t *up) case XDR_ENCODE: VALGRIND_CHECK_DEFINED(*up); ul = *up; - return (xdr_u_long(xdrs, &ul)); + return (xdr_u_long(xdrs, &ul)); case XDR_DECODE: if (!xdr_u_long(xdrs, &ul)) { @@ -536,7 +536,7 @@ xdr_u_int32(XDR *xdrs, uint32_t *up) return (TRUE); case XDR_FREE: - return (TRUE); + return (TRUE); } return (FALSE); } @@ -661,8 +661,8 @@ xdr_string(XDR *xdrs, char **cpp, u_int maxsize) return (FALSE); } -/* - * Wrapper for xdr_string that can be called directly from +/* + * Wrapper for xdr_string that can be called directly from * routines like clnt_call */ bool_t diff --git a/src/lib/rpc/xdr_alloc.c b/src/lib/rpc/xdr_alloc.c index b0aa032..cbba857 100644 --- a/src/lib/rpc/xdr_alloc.c +++ b/src/lib/rpc/xdr_alloc.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -61,7 +61,7 @@ static struct xdr_ops xdralloc_ops = { /* * The procedure xdralloc_create initializes a stream descriptor for a - * memory buffer. + * memory buffer. */ void xdralloc_create(XDR *xdrs, enum xdr_op op) { diff --git a/src/lib/rpc/xdr_array.c b/src/lib/rpc/xdr_array.c index 7d5745d..18dfac6 100644 --- a/src/lib/rpc/xdr_array.c +++ b/src/lib/rpc/xdr_array.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -93,7 +93,7 @@ xdr_array( return (TRUE); *addrp = target = mem_alloc(nodesize); if (target == NULL) { - (void) fprintf(stderr, + (void) fprintf(stderr, "xdr_array: out of memory\n"); return (FALSE); } @@ -106,7 +106,7 @@ xdr_array( case XDR_ENCODE: break; } - + /* * now we xdr each element of array */ @@ -153,6 +153,5 @@ xdr_vector( } elptr += elemsize; } - return(TRUE); + return(TRUE); } - diff --git a/src/lib/rpc/xdr_float.c b/src/lib/rpc/xdr_float.c index 3e4805d..73faa72 100644 --- a/src/lib/rpc/xdr_float.c +++ b/src/lib/rpc/xdr_float.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/xdr_mem.c b/src/lib/rpc/xdr_mem.c index 6908aa8..f54bb88 100644 --- a/src/lib/rpc/xdr_mem.c +++ b/src/lib/rpc/xdr_mem.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -72,7 +72,7 @@ static struct xdr_ops xdrmem_ops = { /* * The procedure xdrmem_create initializes a stream descriptor for a - * memory buffer. + * memory buffer. */ void xdrmem_create( diff --git a/src/lib/rpc/xdr_rec.c b/src/lib/rpc/xdr_rec.c index 05e42e9..1a203d0 100644 --- a/src/lib/rpc/xdr_rec.c +++ b/src/lib/rpc/xdr_rec.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -44,7 +44,7 @@ static char sccsid[] = "@(#)xdr_rec.c 1.21 87/08/11 Copyr 1984 Sun Micro"; * by n bytes of data, where n is contained in the header. The header * is represented as a htonl(uint32_t). Thegh order bit encodes * whether or not the fragment is the last fragment of the record - * (1 => fragment is last, 0 => more fragments to follow. + * (1 => fragment is last, 0 => more fragments to follow. * The other 31 bits encode the byte length of the fragment. */ @@ -147,8 +147,8 @@ xdrrec_create( if (rstrm == NULL) { (void)fprintf(stderr, "xdrrec_create: out of memory\n"); - /* - * This is bad. Should rework xdrrec_create to + /* + * This is bad. Should rework xdrrec_create to * return a handle, and in this case return NULL */ return; @@ -256,7 +256,7 @@ xdrrec_getbytes(XDR *xdrs, caddr_t addr, u_int len) current = (len < current) ? len : current; if (! get_input_bytes(rstrm, addr, current)) return (FALSE); - addr += current; + addr += current; rstrm->fbtbc -= current; len -= current; } @@ -270,7 +270,7 @@ xdrrec_putbytes(XDR *xdrs, caddr_t addr, u_int len) register size_t current; while (len > 0) { - current = (size_t) ((long)rstrm->out_boundry - + current = (size_t) ((long)rstrm->out_boundry - (long)rstrm->out_finger); current = (len < current) ? len : current; memmove(rstrm->out_finger, addr, current); @@ -418,7 +418,7 @@ xdrrec_skiprecord(XDR *xdrs) /* * Look ahead fuction. - * Returns TRUE iff there is no more input in the buffer + * Returns TRUE iff there is no more input in the buffer * after consuming the rest of the current record. */ bool_t @@ -472,7 +472,7 @@ static bool_t flush_out(RECSTREAM *rstrm, bool_t eor) { register uint32_t eormask = (eor == TRUE) ? LAST_FRAG : 0; - register uint32_t len = (u_long)(rstrm->out_finger) - + register uint32_t len = (u_long)(rstrm->out_finger) - (u_long)(rstrm->frag_header) - BYTES_PER_XDR_UNIT; *(rstrm->frag_header) = htonl(len | eormask); @@ -510,7 +510,7 @@ get_input_bytes(RECSTREAM *rstrm, caddr_t addr, int len) register size_t current; while (len > 0) { - current = (size_t)((long)rstrm->in_boundry - + current = (size_t)((long)rstrm->in_boundry - (long)rstrm->in_finger); if (current == 0) { if (! fill_input_buf(rstrm)) @@ -546,7 +546,7 @@ skip_input_bytes(RECSTREAM *rstrm, int32_t cnt) register int current; while (cnt > 0) { - current = (int)((long)rstrm->in_boundry - + current = (int)((long)rstrm->in_boundry - (long)rstrm->in_finger); if (current == 0) { if (! fill_input_buf(rstrm)) diff --git a/src/lib/rpc/xdr_reference.c b/src/lib/rpc/xdr_reference.c index 50a4fe4..323de5e 100644 --- a/src/lib/rpc/xdr_reference.c +++ b/src/lib/rpc/xdr_reference.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/xdr_sizeof.c b/src/lib/rpc/xdr_sizeof.c index 3a1c1e1..85e394d 100644 --- a/src/lib/rpc/xdr_sizeof.c +++ b/src/lib/rpc/xdr_sizeof.c @@ -5,23 +5,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 diff --git a/src/lib/rpc/xdr_stdio.c b/src/lib/rpc/xdr_stdio.c index 471d9f2..9b2a590 100644 --- a/src/lib/rpc/xdr_stdio.c +++ b/src/lib/rpc/xdr_stdio.c @@ -6,23 +6,23 @@ * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. - * + * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * + * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. - * + * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. - * + * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. - * + * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 @@ -122,7 +122,7 @@ static bool_t xdrstdio_getbytes(XDR *xdrs, caddr_t addr, u_int len) { - if ((len != 0) && (fread(addr, (size_t)len, 1, + if ((len != 0) && (fread(addr, (size_t)len, 1, (FILE *)xdrs->x_private) != 1)) return (FALSE); return (TRUE); @@ -132,7 +132,7 @@ static bool_t xdrstdio_putbytes(XDR *xdrs, caddr_t addr, u_int len) { - if ((len != 0) && (fwrite(addr, (size_t)len, 1, + if ((len != 0) && (fwrite(addr, (size_t)len, 1, (FILE *)xdrs->x_private) != 1)) return (FALSE); return (TRUE); @@ -147,7 +147,7 @@ xdrstdio_getpos(XDR *xdrs) static bool_t xdrstdio_setpos(XDR *xdrs, u_int pos) -{ +{ return ((fseek((FILE *)xdrs->x_private, (long)pos, 0) < 0) ? FALSE : TRUE); diff --git a/src/lib/win_glue.c b/src/lib/win_glue.c index 3b2cbc5..b18178e 100644 --- a/src/lib/win_glue.c +++ b/src/lib/win_glue.c @@ -137,7 +137,7 @@ void GetCallingAppVerInfo( char *AppTitle, char *AppVer, char *AppIni, wsprintf(szVerQ, "\\StringFileInfo\\%04x%04x\\", LOWORD(*lpLangInfo), HIWORD(*lpLangInfo)); - + cp = szVerQ + lstrlen(szVerQ); lstrcpy(cp, "ProductName"); @@ -227,12 +227,12 @@ static int CallVersionServer(app_title, app_version, app_ini, code_cover) vstatus = VSProcessRequest(vrequest); /* * Only complain periodically, if the test tracker isn't - * working... + * working... */ if (v_complain(vstatus, app_ini)) { - WinVSReportRequest(vrequest, NULL, + WinVSReportRequest(vrequest, NULL, "Version Server Status Report"); - } + } if (vstatus == V_REQUIRED) { SetCursor(LoadCursor(NULL, IDC_WAIT)); VSDestroyRequest(vrequest); @@ -240,7 +240,7 @@ static int CallVersionServer(app_title, app_version, app_ini, code_cover) } VSDestroyRequest(vrequest); return (0); -} +} #endif #ifdef TIMEBOMB @@ -320,7 +320,7 @@ krb5_error_code krb5_vercheck() return KRB5_APPL_EXPIRED; } #endif - + } #endif verchecked = 1; @@ -375,7 +375,7 @@ control(int mode) break; } #elif defined KRB4 - switch (mode){ + switch (mode){ case DLL_STARTUP: add_error_table(&et_krb_error_table); add_error_table(&et_kadm_error_table); @@ -456,7 +456,7 @@ BOOL WINAPI DllMain (HANDLE hModule, DWORD fdwReason, LPVOID lpReserved) default: return FALSE; } - + return TRUE; // successful DLL_PROCESS_ATTACH } @@ -472,7 +472,7 @@ LPSTR CmdLine; hlibinstance = hInst; if (control(DLL_STARTUP)) return 0; - else + else return 1; } |