From tlyu at MIT.EDU Sun Nov 1 00:35:20 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Sun, 1 Nov 2009 00:35:20 -0400 Subject: svn rev #23113: trunk/src/util/ Message-ID: <200911010435.nA14ZKse007925@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23113 Commit By: tlyu Log Message: Rework in an attempt to deal with variant Emacs versions. Changed Files: U trunk/src/util/krb5-batch-reindent.el Modified: trunk/src/util/krb5-batch-reindent.el =================================================================== --- trunk/src/util/krb5-batch-reindent.el 2009-11-01 02:47:58 UTC (rev 23112) +++ trunk/src/util/krb5-batch-reindent.el 2009-11-01 04:35:20 UTC (rev 23113) @@ -11,6 +11,35 @@ (message "Tab found @%s." tab-found) (message "No tabs found.")))) +(defun whitespace-new () + ;; Sometimes whitespace-cleanup gets its internals confused + ;; when whitespace-mode hasn't been activated on the buffer. + (let ((whitespace-indent-tabs-mode indent-tabs-mode) + (whitespace-style '(empty trailing))) + ;; Only clean up tab issues if indent-tabs-mode is explicitly + ;; set in the file local variables. + (if (local-variable-p 'indent-tabs-mode) + (progn + (message "Enabling tab cleanups.") + (add-to-list 'whitespace-style 'indentation) + (add-to-list 'whitespace-style 'space-before-tab) + (add-to-list 'whitespace-style 'space-after-tab))) +;; (message "indent-tabs-mode=%s" indent-tabs-mode) + (message "Cleaning whitespace...") + (whitespace-cleanup))) + +;; Old style whitespace.el uses different variables. +(defun whitespace-old () + (let (whitespace-check-indent-whitespace + whitespace-check-spacetab-whitespace) + (if (local-variable-p 'indent-tabs-mode) + (progn + (message "Enabling tab cleanups.") + (setq whitespace-check-indent-whitespace indent-tabs-mode) + (setq whitespace-check-spacetab-whitespace t))) + (message "Cleaning whitespace...") + (whitespace-cleanup))) + (while command-line-args-left (let ((filename (car command-line-args-left)) ;; No backup files; we have version control. @@ -30,22 +59,9 @@ (if (equal c-indentation-style "krb5") (c-indent-region (point-min) (point-max))) - ;; Sometimes whitespace-cleanup gets its internals confused - ;; when whitespace-mode hasn't been activated on the buffer. - (let ((whitespace-indent-tabs-mode indent-tabs-mode) - (whitespace-style '(empty trailing))) - ;; Only clean up tab issues if indent-tabs-mode is explicitly - ;; set in the file local variables. - (if (local-variable-p 'indent-tabs-mode) - (progn - (message "Enabling tab cleanups.") - (add-to-list 'whitespace-style 'indentation) - (add-to-list 'whitespace-style 'space-before-tab) - (add-to-list 'whitespace-style 'space-after-tab))) -;; (message "indent-tabs-mode=%s" indent-tabs-mode) - (setq tab-found (search-forward "\t" nil t)) - (message "Cleaning whitespace...") - (whitespace-cleanup)) + (if (custom-variable-p 'whitespace-style) + (whitespace-new) + (whitespace-old)) (save-buffer) (kill-buffer nil) From ghudson at MIT.EDU Sun Nov 1 09:13:32 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 1 Nov 2009 09:13:32 -0500 Subject: svn rev #23114: trunk/src/lib/krb5/krb/ Message-ID: <200911011413.nA1EDWBX002064@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23114 Commit By: ghudson Log Message: Memory leak fix: in obtain_sam_padata, after claiming the contents of the scratch data object, free the outer structure before nulling the pointer to it. Changed Files: U trunk/src/lib/krb5/krb/preauth.c Modified: trunk/src/lib/krb5/krb/preauth.c =================================================================== --- trunk/src/lib/krb5/krb/preauth.c 2009-11-01 04:35:20 UTC (rev 23113) +++ trunk/src/lib/krb5/krb/preauth.c 2009-11-01 14:13:32 UTC (rev 23114) @@ -562,7 +562,8 @@ pa->pa_type = KRB5_PADATA_SAM_RESPONSE; pa->length = scratch->length; pa->contents = (krb5_octet *) scratch->data; - scratch = 0; /* so we don't free it! */ + free(scratch); + scratch = NULL; *out_padata = pa; From ghudson at MIT.EDU Sun Nov 1 10:55:44 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 1 Nov 2009 10:55:44 -0500 Subject: svn rev #23115: trunk/src/include/ Message-ID: <200911011555.nA1Fti1B009218@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23115 Commit By: ghudson Log Message: In k5-int.h, fix make_data to work with C++. Changed Files: U trunk/src/include/k5-int.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-01 14:13:32 UTC (rev 23114) +++ trunk/src/include/k5-int.h 2009-11-01 15:55:44 UTC (rev 23115) @@ -2942,7 +2942,7 @@ krb5_data d; d.magic = KV5M_DATA; - d.data = data; + d.data = (char *) data; d.length = len; return d; } From ghudson at MIT.EDU Sun Nov 1 16:51:26 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 1 Nov 2009 16:51:26 -0500 Subject: svn rev #23116: trunk/src/include/ Message-ID: <200911012151.nA1LpQKI001666@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23116 Commit By: ghudson Log Message: Un-constify struct errinfo's msg field because it is the owner of that memory (even though the memory is intended to be immutable during its lifetime). Changed Files: U trunk/src/include/k5-err.h Modified: trunk/src/include/k5-err.h =================================================================== --- trunk/src/include/k5-err.h 2009-11-01 15:55:44 UTC (rev 23115) +++ trunk/src/include/k5-err.h 2009-11-01 21:51:26 UTC (rev 23116) @@ -46,7 +46,7 @@ struct errinfo { long code; - const char *msg; + char *msg; char scratch_buf[1024]; }; From ghudson at MIT.EDU Sun Nov 1 17:14:26 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 1 Nov 2009 17:14:26 -0500 Subject: svn rev #23117: trunk/src/util/support/ Message-ID: <200911012214.nA1MEQXH003373@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23117 Commit By: ghudson Log Message: Be a little more const-correct in krb5int_vset_error_fl. Changed Files: U trunk/src/util/support/errors.c Modified: trunk/src/util/support/errors.c =================================================================== --- trunk/src/util/support/errors.c 2009-11-01 21:51:26 UTC (rev 23116) +++ trunk/src/util/support/errors.c 2009-11-01 22:14:25 UTC (rev 23117) @@ -68,20 +68,17 @@ { va_list args2; char *str = NULL, *str2, *slash; - const char *loc_fmt = NULL; - #ifdef USE_KIM + kim_string loc_fmt = NULL; + /* Try to localize the format string */ - if (kim_os_string_create_localized(&loc_fmt, fmt) != KIM_NO_ERROR) { - loc_fmt = fmt; - } -#else - loc_fmt = fmt; + if (kim_os_string_create_localized(&loc_fmt, fmt) == KIM_NO_ERROR) + fmt = loc_fmt; #endif /* try vasprintf first */ va_copy(args2, args); - if (vasprintf(&str, loc_fmt, args2) < 0) { + if (vasprintf(&str, fmt, args2) < 0) { str = NULL; } va_end(args2); @@ -99,22 +96,20 @@ /* If that failed, try using scratch_buf */ if (str == NULL) { - vsnprintf(ep->scratch_buf, sizeof(ep->scratch_buf), loc_fmt, args); + vsnprintf(ep->scratch_buf, sizeof(ep->scratch_buf), fmt, args); str = strdup(ep->scratch_buf); /* try allocating again */ } /* free old string before setting new one */ if (ep->msg && ep->msg != ep->scratch_buf) { - free ((char *) ep->msg); + krb5int_free_error (ep, ep->msg); ep->msg = NULL; } ep->code = code; ep->msg = str ? str : ep->scratch_buf; #ifdef USE_KIM - if (loc_fmt != fmt) { kim_string_free(&loc_fmt); } -#else - if (loc_fmt != fmt) { free((char *) loc_fmt); } + kim_string_free(&loc_fmt); #endif } From ghudson at MIT.EDU Sun Nov 1 17:32:47 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 1 Nov 2009 17:32:47 -0500 Subject: svn rev #23118: trunk/src/util/support/ Message-ID: <200911012232.nA1MWlCd004759@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23118 Commit By: ghudson Log Message: Simplify krb5int_get_error (and fix a cast-qual warning) by not worrying so much about system errors longer than 1K. Changed Files: U trunk/src/util/support/errors.c Modified: trunk/src/util/support/errors.c =================================================================== --- trunk/src/util/support/errors.c 2009-11-01 22:14:25 UTC (rev 23117) +++ trunk/src/util/support/errors.c 2009-11-01 22:32:47 UTC (rev 23118) @@ -116,7 +116,7 @@ const char * krb5int_get_error (struct errinfo *ep, long code) { - char *r, *r2; + const char *r, *r2; if (code == ep->code && ep->msg) { r = strdup(ep->msg); if (r == NULL) { @@ -153,41 +153,24 @@ if (code < 0) goto format_number; #ifdef HAVE_STRERROR_R - if (strerror_r (code, ep->scratch_buf, sizeof(ep->scratch_buf)) == 0) { + if (strerror_r(code, ep->scratch_buf, sizeof(ep->scratch_buf)) == 0) { char *p = strdup(ep->scratch_buf); if (p) return p; return ep->scratch_buf; } - /* If strerror_r didn't work with the 1K buffer, we can try a - really big one. This seems kind of gratuitous though. */ -#define BIG_ERR_BUFSIZ 8192 - r = malloc(BIG_ERR_BUFSIZ); - if (r) { - if (strerror_r (code, r, BIG_ERR_BUFSIZ) == 0) { - r2 = realloc (r, 1 + strlen(r)); - if (r2) - return r2; - return r; - } - free (r); - } #endif - r = strerror (code); + r = strerror(code); if (r) { - if (strlen (r) < sizeof (ep->scratch_buf) - || (r2 = strdup (r)) == NULL) { - strncpy (ep->scratch_buf, r, sizeof(ep->scratch_buf)); - return ep->scratch_buf; - } else - return r2; + strlcpy(ep->scratch_buf, r, sizeof(ep->scratch_buf)); + return ep->scratch_buf; } format_number: snprintf (ep->scratch_buf, sizeof(ep->scratch_buf), _("error %ld"), code); return ep->scratch_buf; } - r = (char *) fptr(code); + r = fptr(code); if (r == NULL) { unlock(); goto format_number; @@ -195,7 +178,7 @@ r2 = strdup(r); if (r2 == NULL) { - strncpy(ep->scratch_buf, r, sizeof(ep->scratch_buf)); + strlcpy(ep->scratch_buf, r, sizeof(ep->scratch_buf)); unlock(); return ep->scratch_buf; } else { From tlyu at MIT.EDU Mon Nov 2 14:19:02 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 2 Nov 2009 14:19:02 -0500 Subject: svn rev #23121: trunk/src/util/ Message-ID: <200911021919.nA2JJ2Jk026674@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23121 Commit By: tlyu Log Message: Emacs 21 doesn't have custom-variable-p. Also, adjust to use the correct controlling variables for older incarnations of whitespace-mode. Changed Files: U trunk/src/util/krb5-batch-reindent.el Modified: trunk/src/util/krb5-batch-reindent.el =================================================================== --- trunk/src/util/krb5-batch-reindent.el 2009-11-02 18:00:40 UTC (rev 23120) +++ trunk/src/util/krb5-batch-reindent.el 2009-11-02 19:19:02 UTC (rev 23121) @@ -30,13 +30,13 @@ ;; Old style whitespace.el uses different variables. (defun whitespace-old () - (let (whitespace-check-indent-whitespace - whitespace-check-spacetab-whitespace) + (let (whitespace-check-buffer-indent + whitespace-check-buffer-spacetab) (if (local-variable-p 'indent-tabs-mode) (progn (message "Enabling tab cleanups.") - (setq whitespace-check-indent-whitespace indent-tabs-mode) - (setq whitespace-check-spacetab-whitespace t))) + (setq whitespace-check-buffer-indent indent-tabs-mode) + (setq whitespace-check-buffer-spacetab t))) (message "Cleaning whitespace...") (whitespace-cleanup))) @@ -59,7 +59,7 @@ (if (equal c-indentation-style "krb5") (c-indent-region (point-min) (point-max))) - (if (custom-variable-p 'whitespace-style) + (if (fboundp 'whitespace-newline-mode) (whitespace-new) (whitespace-old)) From ghudson at MIT.EDU Mon Nov 2 13:00:41 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 2 Nov 2009 13:00:41 -0500 Subject: svn rev #23120: trunk/src/ include/ lib/crypto/builtin/ lib/crypto/krb/yarrow/ ... Message-ID: <200911021800.nA2I0fW5020856@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23120 Commit By: ghudson Log Message: Clean up a bunch of signed/unsigned comparison warnings. Changed Files: U trunk/src/include/k5-int.h U trunk/src/lib/crypto/builtin/yhash.h U trunk/src/lib/crypto/krb/yarrow/yarrow.c U trunk/src/lib/crypto/krb/yarrow/yarrow.h U trunk/src/lib/gssapi/generic/util_buffer_set.c U trunk/src/lib/krb5/ccache/cc_file.c U trunk/src/lib/krb5/ccache/ser_cc.c U trunk/src/lib/krb5/os/an_to_ln.c U trunk/src/lib/krb5/os/changepw.c U trunk/src/lib/krb5/os/dnsglue.c U trunk/src/lib/krb5/os/locate_kdc.c U trunk/src/lib/krb5/os/read_msg.c U trunk/src/lib/krb5/os/sendto_kdc.c U trunk/src/lib/krb5/unicode/ucstr.c U trunk/src/lib/rpc/clnt_udp.c U trunk/src/lib/rpc/pmap_rmt.c U trunk/src/lib/rpc/svc_auth.c U trunk/src/util/et/error_message.c U trunk/src/util/t_array.pm Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/include/k5-int.h 2009-11-02 18:00:40 UTC (rev 23120) @@ -620,8 +620,8 @@ void (*freefn)(void *); void *data; } *addrs; - int naddrs; - int space; + size_t naddrs; + size_t space; }; #define ADDRLIST_INIT { 0, 0, 0 } extern void krb5int_free_addrlist (struct addrlist *); Modified: trunk/src/lib/crypto/builtin/yhash.h =================================================================== --- trunk/src/lib/crypto/builtin/yhash.h 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/crypto/builtin/yhash.h 2009-11-02 18:00:40 UTC (rev 23120) @@ -15,7 +15,7 @@ #define HASH_Init(x) shsInit(x) #define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz) #define HASH_Final(x, tdigest) do { \ - int loopvar; \ + size_t loopvar; \ unsigned char *out2 = (void *)(tdigest); \ HASH_CTX *ctx = (x); \ shsFinal(ctx); \ Modified: trunk/src/lib/crypto/krb/yarrow/yarrow.c =================================================================== --- trunk/src/lib/crypto/krb/yarrow/yarrow.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/crypto/krb/yarrow/yarrow.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -462,7 +462,7 @@ EXCEP_DECL; int num = y->slow_k_of_n_thresh; int source = -1; - int emax = y->slow_thresh; + size_t emax = y->slow_thresh; size_t entropy = 0; unsigned i; @@ -929,7 +929,8 @@ const char* krb5int_yarrow_str_error( int err ) { err = 1-err; - if ( err < 0 || err >= sizeof( yarrow_str_error ) / sizeof( char* ) ) + if ( err < 0 || + (unsigned int) err >= sizeof( yarrow_str_error ) / sizeof( char* ) ) { err = 1-YARROW_FAIL; } Modified: trunk/src/lib/crypto/krb/yarrow/yarrow.h =================================================================== --- trunk/src/lib/crypto/krb/yarrow/yarrow.h 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/crypto/krb/yarrow/yarrow.h 2009-11-02 18:00:40 UTC (rev 23120) @@ -121,8 +121,8 @@ int slow_k_of_n; /* current thresholds */ - int slow_thresh; - int fast_thresh; + size_t slow_thresh; + size_t fast_thresh; int slow_k_of_n_thresh; } Yarrow_CTX; Modified: trunk/src/lib/gssapi/generic/util_buffer_set.c =================================================================== --- trunk/src/lib/gssapi/generic/util_buffer_set.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/gssapi/generic/util_buffer_set.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -98,7 +98,7 @@ (OM_uint32 * minor_status, gss_buffer_set_t *buffer_set) { - int i; + size_t i; OM_uint32 minor; *minor_status = 0; Modified: trunk/src/lib/krb5/ccache/cc_file.c =================================================================== --- trunk/src/lib/krb5/ccache/cc_file.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/krb5/ccache/cc_file.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -294,8 +294,8 @@ We used to have a stdio option, but we get more precise control by using the POSIX I/O functions. */ #define FCC_BUFSIZ 1024 - int valid_bytes; - int cur_offset; + size_t valid_bytes; + size_t cur_offset; char buf[FCC_BUFSIZ]; } krb5_fcc_data; @@ -309,7 +309,6 @@ /* If we read some extra data in advance, and then want to know or use our "current" position, we need to back up a little. */ if (whence == SEEK_CUR && data->valid_bytes) { - assert(data->valid_bytes > 0); assert(data->cur_offset > 0); assert(data->cur_offset <= data->valid_bytes); offset -= (data->valid_bytes - data->cur_offset); @@ -402,7 +401,6 @@ int nread, e; size_t ncopied; - assert (data->valid_bytes >= 0); if (data->valid_bytes > 0) assert(data->cur_offset <= data->valid_bytes); if (data->valid_bytes == 0 @@ -500,7 +498,7 @@ return KRB5_CC_NOMEM; if (length) { size_t msize = length; - if (msize != length) { + if (msize != (krb5_ui_4) length) { free(tmpprinc); return KRB5_CC_NOMEM; } @@ -557,7 +555,7 @@ */ msize = length; msize += 1; - if (msize == 0 || msize - 1 != length || length < 0) + if (msize == 0 || msize - 1 != (krb5_ui_4) length || length < 0) return KRB5_CC_NOMEM; *addrs = ALLOC (msize, krb5_address *); if (*addrs == NULL) @@ -613,11 +611,11 @@ return KRB5_CC_NOMEM; keyblock->length = int32; /* Overflow check. */ - if (keyblock->length != int32) + if (keyblock->length != (krb5_ui_4) int32) return KRB5_CC_NOMEM; if ( keyblock->length == 0 ) return KRB5_OK; - keyblock->contents = ALLOC (keyblock->length, krb5_octet); + keyblock->contents = malloc(keyblock->length); if (keyblock->contents == NULL) return KRB5_CC_NOMEM; @@ -650,7 +648,7 @@ if (len < 0) return KRB5_CC_NOMEM; data->length = len; - if (data->length != len || data->length + 1 == 0) + if (data->length != (krb5_ui_4) len || data->length + 1 == 0) return KRB5_CC_NOMEM; if (data->length == 0) { @@ -698,7 +696,7 @@ addr->length = int32; /* Length field is "unsigned int", which may be smaller than 32 bits. */ - if (addr->length != int32) + if (addr->length != (krb5_ui_4) int32) return KRB5_CC_NOMEM; /* XXX */ if (addr->length == 0) @@ -828,7 +826,7 @@ */ msize = length; msize += 1; - if (msize == 0 || msize - 1 != length || length < 0) + if (msize == 0 || msize - 1 != (krb5_ui_4) length || length < 0) return KRB5_CC_NOMEM; *a = ALLOC (msize, krb5_authdata *); if (*a == NULL) @@ -877,7 +875,7 @@ a->length = int32; /* Value could have gotten truncated if int is smaller than 32 bits. */ - if (a->length != int32) + if (a->length != (krb5_ui_4) int32) return KRB5_CC_NOMEM; /* XXX */ if (a->length == 0 ) @@ -924,7 +922,7 @@ ret = write(((krb5_fcc_data *)id->data)->file, (char *) buf, len); if (ret < 0) return krb5_fcc_interpret(context, errno); - if (ret != len) + if ((unsigned int) ret != len) return KRB5_CC_WRITE; return KRB5_OK; } Modified: trunk/src/lib/krb5/ccache/ser_cc.c =================================================================== --- trunk/src/lib/krb5/ccache/ser_cc.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/krb5/ccache/ser_cc.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -173,7 +173,7 @@ kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (kret) return kret; - if (ibuf < 0 || ibuf > remain) + if (ibuf < 0 || (krb5_ui_4) ibuf > remain) return EINVAL; /* Allocate and unpack the name. */ Modified: trunk/src/lib/krb5/os/an_to_ln.c =================================================================== --- trunk/src/lib/krb5/os/an_to_ln.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/krb5/os/an_to_ln.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -233,7 +233,7 @@ if (!regcomp(&match_exp, regexp, REG_EXTENDED) && !regexec(&match_exp, string, 1, &match_match, 0)) { if ((match_match.rm_so == 0) && - (match_match.rm_eo == strlen(string))) + ((unsigned int) match_match.rm_eo == strlen(string))) kret = 0; } regfree(&match_exp); Modified: trunk/src/lib/krb5/os/changepw.c =================================================================== --- trunk/src/lib/krb5/os/changepw.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/krb5/os/changepw.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -74,7 +74,7 @@ if (!code) { /* Success with admin_server but now we need to change the port number to use DEFAULT_KPASSWD_PORT and the socktype. */ - int i; + size_t i; for (i=0; inaddrs; i++) { struct addrinfo *a = addrlist->addrs[i].ai; if (a->ai_family == AF_INET) Modified: trunk/src/lib/krb5/os/dnsglue.c =================================================================== --- trunk/src/lib/krb5/os/dnsglue.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/krb5/os/dnsglue.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -127,11 +127,11 @@ len = res_search(host, ds->nclass, ds->ntype, ds->ansp, ds->ansmax); #endif - if (len > maxincr) { + if ((size_t) len > maxincr) { ret = -1; goto errout; } - while (nextincr < len) + while (nextincr < (size_t) len) nextincr *= 2; if (len < 0 || nextincr > maxincr) { ret = -1; @@ -251,7 +251,7 @@ char host[MAXDNAME]; #endif - if (ds->anslen < sizeof(HEADER)) + if ((size_t) ds->anslen < sizeof(HEADER)) return -1; hdr = (HEADER *)ds->ansp; Modified: trunk/src/lib/krb5/os/locate_kdc.c =================================================================== --- trunk/src/lib/krb5/os/locate_kdc.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/krb5/os/locate_kdc.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -104,8 +104,8 @@ int krb5int_grow_addrlist (struct addrlist *lp, int nmore) { - int i; - int newspace = lp->space + nmore; + size_t i; + size_t newspace = lp->space + nmore; size_t newsize = newspace * sizeof (*lp->addrs); void *newaddrs; @@ -128,7 +128,7 @@ void krb5int_free_addrlist (struct addrlist *lp) { - int i; + size_t i; for (i = 0; i < lp->naddrs; i++) if (lp->addrs[i].freefn) (lp->addrs[i].freefn)(lp->addrs[i].data); @@ -225,7 +225,7 @@ lp->addrs[lp->naddrs].freefn = freefn; lp->addrs[lp->naddrs].data = data; lp->naddrs++; - Tprintf ("\tcount is now %d: ", lp->naddrs); + Tprintf ("\tcount is now %lu: ", (unsigned long) lp->naddrs); print_addrlist(lp); Tprintf("\n"); return 0; @@ -248,7 +248,7 @@ int socktype, int family) { struct addrinfo *addrs, *a, *anext, hint; - int err; + int err, result; char portbuf[10], secportbuf[10]; void (*freefn)(void *); @@ -262,10 +262,12 @@ #ifdef AI_NUMERICSERV hint.ai_flags = AI_NUMERICSERV; #endif - if (snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)) >= sizeof(portbuf)) + result = snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)); + if (SNPRINTF_OVERFLOW(result, sizeof(portbuf))) /* XXX */ return EINVAL; - if (snprintf(secportbuf, sizeof(secportbuf), "%d", ntohs(secport)) >= sizeof(secportbuf)) + result = snprintf(secportbuf, sizeof(secportbuf), "%d", ntohs(secport)); + if (SNPRINTF_OVERFLOW(result, sizeof(secportbuf))) return EINVAL; err = getaddrinfo (hostname, portbuf, &hint, &addrs); if (err) { @@ -701,7 +703,8 @@ Tprintf("stopped with plugin #%d, res=%p\n", i, res); /* Got something back, yippee. */ - Tprintf("now have %d addrs in list %p\n", addrlist->naddrs, addrlist); + Tprintf("now have %lu addrs in list %p\n", + (unsigned long) addrlist->naddrs, addrlist); print_addrlist(addrlist); free(realmz); krb5int_free_plugin_dir_data (ptrs); Modified: trunk/src/lib/krb5/os/read_msg.c =================================================================== --- trunk/src/lib/krb5/os/read_msg.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/krb5/os/read_msg.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -46,7 +46,7 @@ return((len2 < 0) ? errno : ECONNABORTED); len = ntohl(len); - if ((len & VALID_UINT_BITS) != len) /* Overflow size_t??? */ + if ((len & VALID_UINT_BITS) != (krb5_ui_4) len) /* Overflow size_t??? */ return ENOMEM; inbuf->length = ilen = (int) len; Modified: trunk/src/lib/krb5/os/sendto_kdc.c =================================================================== --- trunk/src/lib/krb5/os/sendto_kdc.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/krb5/os/sendto_kdc.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -257,7 +257,7 @@ static void print_addrlist (const struct addrlist *a) { - int i; + size_t i; dprint("%d{", a->naddrs); for (i = 0; i < a->naddrs; i++) dprint("%s%p=%A", i ? "," : "", (void*)a->addrs[i].ai, a->addrs[i].ai); @@ -269,7 +269,8 @@ { /* Wouldn't it be nice if we could filter out duplicates? The alloc/free handling makes that pretty difficult though. */ - int err, i; + int err; + size_t i; dprint("merging addrlists:\n\tlist1: "); for (i = 0; i < dest->naddrs; i++) @@ -301,7 +302,7 @@ static int in_addrlist (struct addrinfo *thisaddr, struct addrlist *list) { - int i; + size_t i; for (i = 0; i < list->naddrs; i++) { if (thisaddr->ai_addrlen == list->addrs[i].ai->ai_addrlen && !memcmp(thisaddr->ai_addr, list->addrs[i].ai->ai_addr, @@ -392,7 +393,7 @@ if (tcp_only) socktype1 = SOCK_STREAM, socktype2 = 0; - else if (message->length <= context->udp_pref_limit) + else if (message->length <= (unsigned int) context->udp_pref_limit) socktype1 = SOCK_DGRAM, socktype2 = SOCK_STREAM; else socktype1 = SOCK_STREAM, socktype2 = SOCK_DGRAM; @@ -743,12 +744,12 @@ if (ai->ai_socktype == SOCK_DGRAM) { /* Send it now. */ - int ret; + ssize_t ret; sg_buf *sg = &state->x.out.sgbuf[0]; dprint("sending %d bytes on fd %d\n", SG_LEN(sg), state->fd); ret = send(state->fd, SG_BUF(sg), SG_LEN(sg), 0); - if (ret != SG_LEN(sg)) { + if (ret < 0 || (size_t) ret != SG_LEN(sg)) { dperror("sendto"); (void) closesocket(state->fd); state->fd = INVALID_SOCKET; @@ -798,6 +799,7 @@ krb5_data* callback_buffer) { sg_buf *sg; + ssize_t ret; dprint("maybe_send(@%p) state=%s type=%s\n", conn, state_strings[conn->state], @@ -822,7 +824,8 @@ retransmit if a previous attempt timed out. */ sg = &conn->x.out.sgbuf[0]; dprint("sending %d bytes on fd %d\n", SG_LEN(sg), conn->fd); - if (send(conn->fd, SG_BUF(sg), SG_LEN(sg), 0) != SG_LEN(sg)) { + ret = send(conn->fd, SG_BUF(sg), SG_LEN(sg), 0); + if (ret < 0 || (size_t) ret != SG_LEN(sg)) { dperror("send"); /* Keep connection alive, we'll try again next pass. @@ -884,7 +887,7 @@ int ssflags) { krb5_error_code e = 0; - int nwritten, nread; + ssize_t nwritten, nread; if (!(ssflags & (SSF_READ|SSF_WRITE|SSF_EXCEPTION))) abort(); @@ -955,11 +958,11 @@ dprint("wrote %d bytes\n", nwritten); while (nwritten) { sg_buf *sgp = conn->x.out.sgp; - if (nwritten < SG_LEN(sgp)) { - SG_ADVANCE(sgp, nwritten); + if ((size_t) nwritten < SG_LEN(sgp)) { + SG_ADVANCE(sgp, (size_t) nwritten); nwritten = 0; } else { - nwritten -= SG_LEN(conn->x.out.sgp); + nwritten -= SG_LEN(sgp); conn->x.out.sgp++; conn->x.out.sg_count--; if (conn->x.out.sg_count == 0 && nwritten != 0) @@ -1178,13 +1181,12 @@ int (*msg_handler)(krb5_context, const krb5_data *, void *), void *msg_handler_data) { - unsigned int i; int pass; int delay_this_pass = 2; krb5_error_code retval; struct conn_state *conns = NULL; krb5_data *callback_data = NULL; - size_t n_conns = 0, host; + size_t i, n_conns = 0, host; struct select_state *sel_state = NULL; struct timeval now; int winning_conn = -1, e = 0; Modified: trunk/src/lib/krb5/unicode/ucstr.c =================================================================== --- trunk/src/lib/krb5/unicode/ucstr.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/krb5/unicode/ucstr.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -83,7 +83,7 @@ { c = uctolower(c); for (; 0 < n; ++u, --n) { - if (uctolower(*u) == c) { + if ((krb5_unicode) uctolower(*u) == c) { return (krb5_unicode *) u; } } Modified: trunk/src/lib/rpc/clnt_udp.c =================================================================== --- trunk/src/lib/rpc/clnt_udp.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/rpc/clnt_udp.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -237,7 +237,7 @@ register struct cu_data *cu = (struct cu_data *)cl->cl_private; register XDR *xdrs; register int outlen; - register int inlen; + register ssize_t inlen; GETSOCKNAME_ARG3_TYPE fromlen; /* Assumes recvfrom uses same type */ #ifdef FD_SETSIZE fd_set readfds; @@ -344,7 +344,7 @@ cu->cu_error.re_errno = errno; return (cu->cu_error.re_status = RPC_CANTRECV); } - if (inlen < sizeof(uint32_t)) + if ((size_t)inlen < sizeof(uint32_t)) continue; /* see if reply transaction id matches sent id */ if (*((uint32_t *)(void *)(cu->cu_inbuf)) != Modified: trunk/src/lib/rpc/pmap_rmt.c =================================================================== --- trunk/src/lib/rpc/pmap_rmt.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/rpc/pmap_rmt.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -248,7 +248,8 @@ AUTH *unix_auth = authunix_create_default(); XDR xdr_stream; register XDR *xdrs = &xdr_stream; - int outlen, inlen, nets; + int outlen, nets; + ssize_t inlen; GETSOCKNAME_ARG3_TYPE fromlen; SOCKET sock; int on = 1; @@ -381,7 +382,7 @@ stat = RPC_CANTRECV; goto done_broad; } - if (inlen < sizeof(uint32_t)) + if ((size_t)inlen < sizeof(uint32_t)) goto recv_again; /* * see if reply transaction id matches sent id. Modified: trunk/src/lib/rpc/svc_auth.c =================================================================== --- trunk/src/lib/rpc/svc_auth.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/lib/rpc/svc_auth.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -53,7 +53,7 @@ */ static struct svcauthsw_type { - u_int flavor; + enum_t flavor; enum auth_stat (*authenticator)(struct svc_req *, struct rpc_msg *, bool_t *); } svcauthsw[] = { Modified: trunk/src/util/et/error_message.c =================================================================== --- trunk/src/util/et/error_message.c 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/util/et/error_message.c 2009-11-02 18:00:40 UTC (rev 23120) @@ -141,7 +141,7 @@ goto oops; /* This could trip if int is 16 bits. */ - if ((unsigned long)(int)code != code) + if ((unsigned long)(int)code != (unsigned long)code) abort (); #ifdef HAVE_STRERROR_R cp = get_thread_buffer(); Modified: trunk/src/util/t_array.pm =================================================================== --- trunk/src/util/t_array.pm 2009-11-02 10:57:38 UTC (rev 23119) +++ trunk/src/util/t_array.pm 2009-11-02 18:00:40 UTC (rev 23120) @@ -67,15 +67,15 @@ return arr->allocated; } -static inline long +static inline unsigned long _max_size( *arr) { size_t upper_bound; upper_bound = SIZE_MAX / sizeof(*arr->elts); - if (upper_bound > LONG_MAX) - upper_bound = LONG_MAX; - return (long) upper_bound; + if (upper_bound > ULONG_MAX) + upper_bound = ULONG_MAX; + return (unsigned long) upper_bound; } static inline int @@ -105,7 +105,7 @@ static inline * _getaddr ( *arr, long idx) { - if (idx < 0 || idx >= arr->allocated) + if (idx < 0 || (unsigned long) idx >= arr->allocated) abort(); return arr->elts + idx; } From tlyu at MIT.EDU Mon Nov 2 22:14:41 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 2 Nov 2009 22:14:41 -0500 Subject: svn rev #23122: trunk/src/util/ Message-ID: <200911030314.nA33EfAx032196@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23122 Commit By: tlyu Log Message: Monkey patch for the cc-mode that comes with emacs-23.x; that version of cc-mode has a bug that causes incorrect indentation of case labels containing character constants. Already fixed upstream in unreleased cc-mode sources. Changed Files: U trunk/src/util/krb5-c-style.el A trunk/src/util/krb5-hack-cc-mode-caselabel.el Modified: trunk/src/util/krb5-c-style.el =================================================================== --- trunk/src/util/krb5-c-style.el 2009-11-02 19:19:02 UTC (rev 23121) +++ trunk/src/util/krb5-c-style.el 2009-11-03 03:14:41 UTC (rev 23122) @@ -45,3 +45,11 @@ ;; Use hack-local-variables-hook because the c-mode hooks run before ;; hack-local-variables runs. (add-hook 'hack-local-variables-hook 'krb5-c-mode-hook) + +;; emacs-23.x has a buggy cc-mode that incorrectly deals with case +;; labels with character constants. +(if (and (string-match "^23\." emacs-version) + (require 'cc-defs) + (string-match "5.31.[0-7]" c-version)) + (let ((load-path (cons (file-name-directory load-file-name) load-path))) + (load "krb5-hack-cc-mode-caselabel"))) Added: trunk/src/util/krb5-hack-cc-mode-caselabel.el =================================================================== --- trunk/src/util/krb5-hack-cc-mode-caselabel.el (rev 0) +++ trunk/src/util/krb5-hack-cc-mode-caselabel.el 2009-11-03 03:14:41 UTC (rev 23122) @@ -0,0 +1,44 @@ +;;; -*- mode: emacs-lisp; indent-tabs-mode: nil -*- + +;; emacs-23.x has a bug in cc-mode that that incorrectly deals with +;; case labels with character constants. + +(require 'cl) +(require 'cc-defs) +(require 'cc-vars) +(require 'cc-langs) + +;; Hack load-in-progress to silence the c-lang-defconst error. For +;; some reason, load-in-progress is nil at some times when it +;; shouldn't be, at least on released emacs-23.1.1. +(let ((load-in-progress t)) + + ;; Updated c-nonlabel-token-key based on cc-langs.el 5.267.2.22, to + ;; allow character constants in case labels. + (c-lang-defconst c-nonlabel-token-key + "Regexp matching things that can't occur in generic colon labels, +neither in a statement nor in a declaration context. The regexp is +tested at the beginning of every sexp in a suspected label, +i.e. before \":\". Only used if `c-recognize-colon-labels' is set." + t (concat + ;; Don't allow string literals. + "\"\\|" + ;; All keywords except `c-label-kwds' and `c-protection-kwds'. + (c-make-keywords-re t + (set-difference (c-lang-const c-keywords) + (append (c-lang-const c-label-kwds) + (c-lang-const c-protection-kwds)) + :test 'string-equal))) + ;; Also check for open parens in C++, to catch member init lists in + ;; constructors. We normally allow it so that macros with arguments + ;; work in labels. + c++ (concat "\\s\(\\|" (c-lang-const c-nonlabel-token-key))) + (c-lang-defvar c-nonlabel-token-key (c-lang-const c-nonlabel-token-key)) + + ;; Monkey-patch by way of c-mode-common-hook, as the byte-compiled + ;; version of c-init-language-vars will have the old value. This + ;; avoids finding some way to re-evaluate the defun for + ;; c-init-language-vars. + (defun krb5-c-monkey-patch-caselabel () + (setq c-nonlabel-token-key (c-lang-const c-nonlabel-token-key))) + (add-hook 'c-mode-common-hook 'krb5-c-monkey-patch-caselabel)) From tlyu at MIT.EDU Mon Nov 2 22:27:56 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 2 Nov 2009 22:27:56 -0500 Subject: svn rev #23123: trunk/src/ clients/kcpytkt/ clients/kdeltkt/ clients/kdestroy/ ... Message-ID: <200911030327.nA33Ru5A000683@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23123 Commit By: tlyu Log Message: Reindent after making fixes for emacs-23. Changed Files: U trunk/src/clients/kcpytkt/kcpytkt.c U trunk/src/clients/kdeltkt/kdeltkt.c U trunk/src/clients/kdestroy/kdestroy.c U trunk/src/clients/ksu/main.c U trunk/src/kadmin/dbutil/kdb5_create.c U trunk/src/kadmin/dbutil/kdb5_destroy.c U trunk/src/kadmin/dbutil/kdb5_mkey.c U trunk/src/kadmin/dbutil/kdb5_stash.c U trunk/src/kdc/main.c U trunk/src/lib/kadm5/srv/svr_iters.c U trunk/src/lib/krb5/krb/unparse.c U trunk/src/prototype/getopt.c Modified: trunk/src/clients/kcpytkt/kcpytkt.c =================================================================== --- trunk/src/clients/kcpytkt/kcpytkt.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/clients/kcpytkt/kcpytkt.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -50,7 +50,7 @@ case 'h': default: xusage(); - break; + break; } } Modified: trunk/src/clients/kdeltkt/kdeltkt.c =================================================================== --- trunk/src/clients/kdeltkt/kdeltkt.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/clients/kdeltkt/kdeltkt.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -50,7 +50,7 @@ case 'h': default: xusage(); - break; + break; } } Modified: trunk/src/clients/kdestroy/kdestroy.c =================================================================== --- trunk/src/clients/kdestroy/kdestroy.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/clients/kdestroy/kdestroy.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -103,7 +103,7 @@ case '?': default: errflg++; - break; + break; } } Modified: trunk/src/clients/ksu/main.c =================================================================== --- trunk/src/clients/ksu/main.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/clients/ksu/main.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -299,7 +299,7 @@ case '?': default: errflg++; - break; + break; } } @@ -450,8 +450,8 @@ } /* - Only when proper authentication and authorization - takes place, the target user becomes the owner of the cache. + Only when proper authentication and authorization + takes place, the target user becomes the owner of the cache. */ /* we continue to run as source uid until Modified: trunk/src/kadmin/dbutil/kdb5_create.c =================================================================== --- trunk/src/kadmin/dbutil/kdb5_create.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/kadmin/dbutil/kdb5_create.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -187,7 +187,7 @@ case '?': default: usage(); - return; + return; } } Modified: trunk/src/kadmin/dbutil/kdb5_destroy.c =================================================================== --- trunk/src/kadmin/dbutil/kdb5_destroy.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/kadmin/dbutil/kdb5_destroy.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -82,8 +82,8 @@ case '?': default: usage(); - return; - /*NOTREACHED*/ + return; + /*NOTREACHED*/ } } if (!force) { Modified: trunk/src/kadmin/dbutil/kdb5_mkey.c =================================================================== --- trunk/src/kadmin/dbutil/kdb5_mkey.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/kadmin/dbutil/kdb5_mkey.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -234,7 +234,7 @@ case '?': default: usage(); - return; + return; } } @@ -806,8 +806,8 @@ case '^': case '$': *p++ = '\\'; - *p++ = *glob; - break; + *p++ = *glob; + break; case '\\': *p++ = '\\'; *p++ = *++glob; @@ -1189,7 +1189,7 @@ case '?': default: usage(); - return; + return; } } Modified: trunk/src/kadmin/dbutil/kdb5_stash.c =================================================================== --- trunk/src/kadmin/dbutil/kdb5_stash.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/kadmin/dbutil/kdb5_stash.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -112,7 +112,7 @@ case '?': default: usage(); - return; + return; } } Modified: trunk/src/kdc/main.c =================================================================== --- trunk/src/kdc/main.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/kdc/main.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -730,7 +730,7 @@ case '?': default: usage(argv[0]); - exit(1); + exit(1); } } Modified: trunk/src/lib/kadm5/srv/svr_iters.c =================================================================== --- trunk/src/lib/kadm5/srv/svr_iters.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/lib/kadm5/srv/svr_iters.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -107,8 +107,8 @@ case '^': case '$': *p++ = '\\'; - *p++ = *glob; - break; + *p++ = *glob; + break; case '\\': *p++ = '\\'; *p++ = *++glob; Modified: trunk/src/lib/krb5/krb/unparse.c =================================================================== --- trunk/src/lib/krb5/krb/unparse.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/lib/krb5/krb/unparse.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -107,8 +107,8 @@ case COMPONENT_SEP: case '\\': *q++ = '\\'; - *q++ = *cp; - break; + *q++ = *cp; + break; case '\t': *q++ = '\\'; *q++ = 't'; Modified: trunk/src/prototype/getopt.c =================================================================== --- trunk/src/prototype/getopt.c 2009-11-03 03:14:41 UTC (rev 23122) +++ trunk/src/prototype/getopt.c 2009-11-03 03:27:56 UTC (rev 23123) @@ -18,7 +18,7 @@ case '?': default: errflg++; - break; + break; } } if (errflg) { From tlyu at MIT.EDU Tue Nov 3 19:21:35 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 3 Nov 2009 19:21:35 -0500 Subject: svn rev #23125: trunk/src/ util/ Message-ID: <200911040021.nA40LZks031366@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23125 Commit By: tlyu Log Message: Correct regexps for matching emacs and cc-mode versions. In reindent targets, chdir to SRCTOP to avoid excessive references to $(SRCTOP) in the find script. Define new variables to avoid errors when creating exception lists for find scripts. Use a python script instead of elisp to mark files. Changed Files: U trunk/src/Makefile.in U trunk/src/util/krb5-c-style.el A trunk/src/util/krb5-mark-cstyle.py Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-11-03 18:52:01 UTC (rev 23124) +++ trunk/src/Makefile.in 2009-11-04 00:21:35 UTC (rev 23125) @@ -658,41 +658,53 @@ FIND = find XARGS = xargs EMACS = emacs +PYTHON = python +BSDFILES = \ + kadmin/cli/strftime.c \ + kadmin/server/ipropd_svc.c \ + kadmin/server/kadm_rpc_svc.c \ + lib/kadm5/admin_xdr.h \ + lib/kadm5/clnt/client_rpc.c \ + lib/kadm5/kadm_rpc.h \ + lib/kadm5/kadm_rpc_xdr.c \ + lib/kadm5/srv/adb_xdr.c \ + lib/krb5/krb/strftime.c \ + lib/krb5/krb/strptime.c + +OTHEREXCLUDES = \ + lib/krb5/asn.1 \ + lib/krb5/krb/deltat.c \ + lib/krb5/krb/preauth.c \ + lib/krb5/krb/ser_ctx.c \ + lib/krb5/unicode + +EXCLUDES = `for i in $(BSDFILES) $(OTHEREXCLUDES); do echo $$i; done | $(AWK) '{ print "-path", $$1, "-o" }'` -path /dev/null + reindent:: - $(FIND) $(SRCTOP) \ + (cd $(SRCTOP) && \ + $(FIND) . \ \( -name '*.[ch]' -o -name '*.hin' -o -name '*.[ch].in' \) \ -print0 | $(XARGS) -0 $(EMACS) -q -batch \ - -l $(SRCTOP)/util/krb5-c-style.el \ - -l $(SRCTOP)/util/krb5-batch-reindent.el + -l util/krb5-c-style.el \ + -l util/krb5-batch-reindent.el) -mark-cstyle:: +mark-cstyle:: mark-cstyle-krb5 mark-cstyle-bsd + +mark-cstyle-krb5:: + (cd $(SRCTOP) && \ $(FIND) \ - $(SRCTOP)/clients \ - $(SRCTOP)/lib/kadm5 \ - $(SRCTOP)/lib/kdb \ - $(SRCTOP)/lib/krb5 \ - $(SRCTOP)/kadmin \ - $(SRCTOP)/kdc \ - \( \ - -path $(SRCTOP)/kadmin/cli/strftime.c -o \ - -path $(SRCTOP)/kadmin/server/ipropd_svc.c -o \ - -path $(SRCTOP)/kadmin/server/kadm_rpc_svc.c -o \ - -path $(SRCTOP)/lib/kadm5/admin_xdr.h -o \ - -path $(SRCTOP)/lib/kadm5/client/client_rpc.c -o \ - -path $(SRCTOP)/lib/kadm5/kadm_rpc.h -o \ - -path $(SRCTOP)/lib/kadm5/kadm_rpc_xdr.c -o \ - -path $(SRCTOP)/lib/kadm5/srv/adm_xdr.c -o \ - -path $(SRCTOP)/lib/krb5/asn.1 -o \ - -path $(SRCTOP)/lib/krb5/ccche/cc_file.c -o \ - -path $(SRCTOP)/lib/krb5/krb/deltat.c -o \ - -path $(SRCTOP)/lib/krb5/krb/preauth.c -o \ - -path $(SRCTOP)/lib/krb5/krb/ser_ctx.c -o \ - -path $(SRCTOP)/lib/krb5/krb/strftime.c -o \ - -path $(SRCTOP)/lib/krb5/krb/strptime.c -o \ - -path $(SRCTOP)/lib/krb5/unicode \ - \) -prune -o \ + clients \ + lib/kadm5 \ + lib/kdb \ + lib/krb5 \ + kadmin \ + kdc \ + \( $(EXCLUDES) \) -prune -o \ -name '*.[ch]' \ - -print0 | $(XARGS) -0 $(EMACS) -q -batch \ - -l $(SRCTOP)/util/krb5-c-style.el \ - -l $(SRCTOP)/util/krb5-mark-cstyle.el -cstyle-krb5 + -print0 | $(XARGS) -0 $(PYTHON) util/krb5-mark-cstyle.py \ + --cstyle=krb5) + +mark-cstyle-bsd:: + (cd $(SRCTOP) && \ + $(PYTHON) util/krb5-mark-cstyle.py --cstyle=bsd $(BSDFILES)) Modified: trunk/src/util/krb5-c-style.el =================================================================== --- trunk/src/util/krb5-c-style.el 2009-11-03 18:52:01 UTC (rev 23124) +++ trunk/src/util/krb5-c-style.el 2009-11-04 00:21:35 UTC (rev 23125) @@ -48,8 +48,8 @@ ;; emacs-23.x has a buggy cc-mode that incorrectly deals with case ;; labels with character constants. -(if (and (string-match "^23\." emacs-version) +(if (and (string-match "^23\\." emacs-version) (require 'cc-defs) - (string-match "5.31.[0-7]" c-version)) + (string-match "5\\.31\\.[0-7]" c-version)) (let ((load-path (cons (file-name-directory load-file-name) load-path))) (load "krb5-hack-cc-mode-caselabel"))) Added: trunk/src/util/krb5-mark-cstyle.py =================================================================== --- trunk/src/util/krb5-mark-cstyle.py (rev 0) +++ trunk/src/util/krb5-mark-cstyle.py 2009-11-04 00:21:35 UTC (rev 23125) @@ -0,0 +1,47 @@ +from optparse import OptionParser +import os +import re +import sys + +styles = { + "bsd": + "/* -*- mode: c; c-file-style: \"bsd\"; indent-tabs-mode: t -*- */\n", + "krb5": + "/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */\n" + } + +def dofile(fname, style): + changed = False + newname = fname + ".new" + infile = open(fname) + outfile = open(newname, "w") + first = infile.next() + if (first != style): + changed = True + outfile.write(style) + if re.match(r"""\s*/\*\s*-\*-.*-\*-\s*\*/""", first): + # Replace first line if it was already a local variables line. + pass + else: + outfile.write(first) + + # Simply copy remaining lines. + for line in infile: + outfile.write(line) + + infile.close() + outfile.close() + + if changed: + os.rename(newname, fname) + else: + os.remove(newname) + +parser = OptionParser() +parser.add_option("--cstyle", action="store", dest="style", + choices=("bsd", "krb5"), default="krb5") +(options, args) = parser.parse_args() + +for fname in args: + print fname + dofile(fname, styles[options.style]) From tlyu at MIT.EDU Tue Nov 3 23:28:24 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 3 Nov 2009 23:28:24 -0500 Subject: svn rev #23127: trunk/src/util/ Message-ID: <200911040428.nA44SOJx016229@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23127 Commit By: tlyu Log Message: Delete obsolete krb5-mark-cstyle.el. (replaced by a python script) Changed Files: D trunk/src/util/krb5-mark-cstyle.el From tlyu at MIT.EDU Tue Nov 3 23:28:17 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 3 Nov 2009 23:28:17 -0500 Subject: svn rev #23126: trunk/src/ kadmin/cli/ kadmin/server/ lib/kadm5/ lib/kadm5/clnt/ ... Message-ID: <200911040428.nA44SHdX016187@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23126 Commit By: tlyu Log Message: Reindent and manually restore some BSD-style files that were previously incorrectly marked as krb5-style. Changed Files: U trunk/src/kadmin/cli/strftime.c U trunk/src/kadmin/server/ipropd_svc.c U trunk/src/kadmin/server/kadm_rpc_svc.c U trunk/src/lib/kadm5/admin_xdr.h U trunk/src/lib/kadm5/clnt/client_rpc.c U trunk/src/lib/kadm5/kadm_rpc.h U trunk/src/lib/kadm5/kadm_rpc_xdr.c U trunk/src/lib/kadm5/srv/adb_xdr.c U trunk/src/lib/krb5/krb/strftime.c U trunk/src/lib/krb5/krb/strptime.c Modified: trunk/src/kadmin/cli/strftime.c =================================================================== --- trunk/src/kadmin/cli/strftime.c 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/kadmin/cli/strftime.c 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ /* $NetBSD: strftime.c,v 1.8 1999/02/07 17:33:30 augustss Exp $ */ /* Modified: trunk/src/kadmin/server/ipropd_svc.c =================================================================== --- trunk/src/kadmin/server/ipropd_svc.c 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/kadmin/server/ipropd_svc.c 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ /* * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. Modified: trunk/src/kadmin/server/kadm_rpc_svc.c =================================================================== --- trunk/src/kadmin/server/kadm_rpc_svc.c 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/kadmin/server/kadm_rpc_svc.c 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. * @@ -36,7 +37,7 @@ * rqstp (input) rpc request structure * transp (input) rpc transport structure * (input/output) - * + * * * Requires: * Effects: Modified: trunk/src/lib/kadm5/admin_xdr.h =================================================================== --- trunk/src/lib/kadm5/admin_xdr.h 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/lib/kadm5/admin_xdr.h 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * Modified: trunk/src/lib/kadm5/clnt/client_rpc.c =================================================================== --- trunk/src/lib/kadm5/clnt/client_rpc.c 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/lib/kadm5/clnt/client_rpc.c 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,4 +1,4 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ #include #include #include @@ -15,314 +15,314 @@ generic_ret * create_principal_2(cprinc_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CREATE_PRINCIPAL, - (xdrproc_t) xdr_cprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CREATE_PRINCIPAL, + (xdrproc_t) xdr_cprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * create_principal3_2(cprinc3_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CREATE_PRINCIPAL3, - (xdrproc_t) xdr_cprinc3_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CREATE_PRINCIPAL3, + (xdrproc_t) xdr_cprinc3_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * delete_principal_2(dprinc_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, DELETE_PRINCIPAL, - (xdrproc_t) xdr_dprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, DELETE_PRINCIPAL, + (xdrproc_t) xdr_dprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * modify_principal_2(mprinc_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, MODIFY_PRINCIPAL, - (xdrproc_t) xdr_mprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, MODIFY_PRINCIPAL, + (xdrproc_t) xdr_mprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * rename_principal_2(rprinc_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, RENAME_PRINCIPAL, - (xdrproc_t) xdr_rprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, RENAME_PRINCIPAL, + (xdrproc_t) xdr_rprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } gprinc_ret * get_principal_2(gprinc_arg *argp, CLIENT *clnt) { - static gprinc_ret clnt_res; + static gprinc_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_PRINCIPAL, - (xdrproc_t) xdr_gprinc_arg, (caddr_t) argp, - (xdrproc_t) xdr_gprinc_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_PRINCIPAL, + (xdrproc_t) xdr_gprinc_arg, (caddr_t) argp, + (xdrproc_t) xdr_gprinc_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } gprincs_ret * get_princs_2(gprincs_arg *argp, CLIENT *clnt) { - static gprincs_ret clnt_res; + static gprincs_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_PRINCS, - (xdrproc_t) xdr_gprincs_arg, (caddr_t) argp, - (xdrproc_t) xdr_gprincs_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_PRINCS, + (xdrproc_t) xdr_gprincs_arg, (caddr_t) argp, + (xdrproc_t) xdr_gprincs_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * chpass_principal_2(chpass_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CHPASS_PRINCIPAL, - (xdrproc_t) xdr_chpass_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CHPASS_PRINCIPAL, + (xdrproc_t) xdr_chpass_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * chpass_principal3_2(chpass3_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CHPASS_PRINCIPAL3, - (xdrproc_t) xdr_chpass3_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CHPASS_PRINCIPAL3, + (xdrproc_t) xdr_chpass3_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * setv4key_principal_2(setv4key_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, SETV4KEY_PRINCIPAL, - (xdrproc_t) xdr_setv4key_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, SETV4KEY_PRINCIPAL, + (xdrproc_t) xdr_setv4key_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * setkey_principal_2(setkey_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, SETKEY_PRINCIPAL, - (xdrproc_t) xdr_setkey_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, SETKEY_PRINCIPAL, + (xdrproc_t) xdr_setkey_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * setkey_principal3_2(setkey3_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, SETKEY_PRINCIPAL3, - (xdrproc_t) xdr_setkey3_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, SETKEY_PRINCIPAL3, + (xdrproc_t) xdr_setkey3_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } chrand_ret * chrand_principal_2(chrand_arg *argp, CLIENT *clnt) { - static chrand_ret clnt_res; + static chrand_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CHRAND_PRINCIPAL, - (xdrproc_t) xdr_chrand_arg, (caddr_t) argp, - (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CHRAND_PRINCIPAL, + (xdrproc_t) xdr_chrand_arg, (caddr_t) argp, + (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } chrand_ret * chrand_principal3_2(chrand3_arg *argp, CLIENT *clnt) { - static chrand_ret clnt_res; + static chrand_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CHRAND_PRINCIPAL3, - (xdrproc_t) xdr_chrand3_arg, (caddr_t) argp, - (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CHRAND_PRINCIPAL3, + (xdrproc_t) xdr_chrand3_arg, (caddr_t) argp, + (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * create_policy_2(cpol_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, CREATE_POLICY, - (xdrproc_t) xdr_cpol_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, CREATE_POLICY, + (xdrproc_t) xdr_cpol_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * delete_policy_2(dpol_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, DELETE_POLICY, - (xdrproc_t) xdr_dpol_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, DELETE_POLICY, + (xdrproc_t) xdr_dpol_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * modify_policy_2(mpol_arg *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, MODIFY_POLICY, - (xdrproc_t) xdr_mpol_arg, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, MODIFY_POLICY, + (xdrproc_t) xdr_mpol_arg, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } gpol_ret * get_policy_2(gpol_arg *argp, CLIENT *clnt) { - static gpol_ret clnt_res; + static gpol_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_POLICY, - (xdrproc_t) xdr_gpol_arg, (caddr_t) argp, - (xdrproc_t) xdr_gpol_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_POLICY, + (xdrproc_t) xdr_gpol_arg, (caddr_t) argp, + (xdrproc_t) xdr_gpol_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } gpols_ret * get_pols_2(gpols_arg *argp, CLIENT *clnt) { - static gpols_ret clnt_res; + static gpols_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_POLS, - (xdrproc_t) xdr_gpols_arg, (caddr_t) argp, - (xdrproc_t) xdr_gpols_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_POLS, + (xdrproc_t) xdr_gpols_arg, (caddr_t) argp, + (xdrproc_t) xdr_gpols_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } getprivs_ret * get_privs_2(void *argp, CLIENT *clnt) { - static getprivs_ret clnt_res; + static getprivs_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, GET_PRIVS, - (xdrproc_t) xdr_u_int32, (caddr_t) argp, - (xdrproc_t) xdr_getprivs_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, GET_PRIVS, + (xdrproc_t) xdr_u_int32, (caddr_t) argp, + (xdrproc_t) xdr_getprivs_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } generic_ret * init_2(void *argp, CLIENT *clnt) { - static generic_ret clnt_res; + static generic_ret clnt_res; - memset(&clnt_res, 0, sizeof(clnt_res)); - if (clnt_call(clnt, INIT, - (xdrproc_t) xdr_u_int32, (caddr_t) argp, - (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, - TIMEOUT) != RPC_SUCCESS) { - return (NULL); - } - return (&clnt_res); + memset(&clnt_res, 0, sizeof(clnt_res)); + if (clnt_call(clnt, INIT, + (xdrproc_t) xdr_u_int32, (caddr_t) argp, + (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, + TIMEOUT) != RPC_SUCCESS) { + return (NULL); + } + return (&clnt_res); } Modified: trunk/src/lib/kadm5/kadm_rpc.h =================================================================== --- trunk/src/lib/kadm5/kadm_rpc.h 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/lib/kadm5/kadm_rpc.h 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ #ifndef __KADM_RPC_H__ #define __KADM_RPC_H__ @@ -51,13 +52,13 @@ typedef struct rprinc_arg rprinc_arg; struct gprincs_arg { - krb5_ui_4 api_version; + krb5_ui_4 api_version; char *exp; }; typedef struct gprincs_arg gprincs_arg; struct gprincs_ret { - krb5_ui_4 api_version; + krb5_ui_4 api_version; kadm5_ret_t code; char **princs; int count; @@ -84,15 +85,15 @@ struct setv4key_arg { krb5_ui_4 api_version; krb5_principal princ; - krb5_keyblock *keyblock; + krb5_keyblock *keyblock; }; typedef struct setv4key_arg setv4key_arg; struct setkey_arg { krb5_ui_4 api_version; krb5_principal princ; - krb5_keyblock *keyblocks; - int n_keys; + krb5_keyblock *keyblocks; + int n_keys; }; typedef struct setkey_arg setkey_arg; @@ -102,8 +103,8 @@ krb5_boolean keepold; int n_ks_tuple; krb5_key_salt_tuple *ks_tuple; - krb5_keyblock *keyblocks; - int n_keys; + krb5_keyblock *keyblocks; + int n_keys; }; typedef struct setkey3_arg setkey3_arg; @@ -179,13 +180,13 @@ typedef struct gpol_ret gpol_ret; struct gpols_arg { - krb5_ui_4 api_version; + krb5_ui_4 api_version; char *exp; }; typedef struct gpols_arg gpols_arg; struct gpols_ret { - krb5_ui_4 api_version; + krb5_ui_4 api_version; kadm5_ret_t code; char **pols; int count; Modified: trunk/src/lib/kadm5/kadm_rpc_xdr.c =================================================================== --- trunk/src/lib/kadm5/kadm_rpc_xdr.c 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/lib/kadm5/kadm_rpc_xdr.c 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved */ @@ -700,7 +701,7 @@ if (!xdr_array(xdrs, (caddr_t *) &objp->keyblock, &n_keys, ~0, sizeof(krb5_keyblock), xdr_krb5_keyblock)) { - return (FALSE); + return (FALSE); } return (TRUE); } @@ -717,7 +718,7 @@ if (!xdr_array(xdrs, (caddr_t *) &objp->keyblocks, (unsigned int *) &objp->n_keys, ~0, sizeof(krb5_keyblock), xdr_krb5_keyblock)) { - return (FALSE); + return (FALSE); } return (TRUE); } Modified: trunk/src/lib/kadm5/srv/adb_xdr.c =================================================================== --- trunk/src/lib/kadm5/srv/adb_xdr.c 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/lib/kadm5/srv/adb_xdr.c 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,4 +1,4 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ /* * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved * @@ -12,7 +12,7 @@ #include #include #include -#include "server_internal.h" +#include "server_internal.h" #include "admin_xdr.h" #ifdef HAVE_MEMORY_H #include @@ -24,27 +24,27 @@ unsigned int tmp; if (!xdr_krb5_int16(xdrs, &objp->key_data_ver)) - return(FALSE); + return(FALSE); if (!xdr_krb5_int16(xdrs, &objp->key_data_kvno)) - return(FALSE); + return(FALSE); if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0])) - return(FALSE); + return(FALSE); if (!xdr_krb5_int16(xdrs, &objp->key_data_type[1])) - return(FALSE); + return(FALSE); if (!xdr_krb5_ui_2(xdrs, &objp->key_data_length[0])) - return(FALSE); + return(FALSE); if (!xdr_krb5_ui_2(xdrs, &objp->key_data_length[1])) - return(FALSE); + return(FALSE); tmp = (unsigned int) objp->key_data_length[0]; if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0], - &tmp, ~0)) - return FALSE; + &tmp, ~0)) + return FALSE; tmp = (unsigned int) objp->key_data_length[1]; if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1], - &tmp, ~0)) - return FALSE; + &tmp, ~0)) + return FALSE; /* don't need to copy tmp out, since key_data_length will be set by the above encoding. */ @@ -56,10 +56,10 @@ xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp) { if (!xdr_array(xdrs, (caddr_t *) &objp->key_data, - (u_int *) &objp->n_key_data, ~0, - sizeof(krb5_key_data), - xdr_krb5_key_data)) - return (FALSE); + (u_int *) &objp->n_key_data, ~0, + sizeof(krb5_key_data), + xdr_krb5_key_data)) + return (FALSE); return (TRUE); } @@ -68,33 +68,33 @@ { switch (xdrs->x_op) { case XDR_ENCODE: - objp->version = OSA_ADB_PRINC_VERSION_1; - /* fall through */ + objp->version = OSA_ADB_PRINC_VERSION_1; + /* fall through */ case XDR_FREE: - if (!xdr_int(xdrs, &objp->version)) - return FALSE; - break; + if (!xdr_int(xdrs, &objp->version)) + return FALSE; + break; case XDR_DECODE: - if (!xdr_int(xdrs, &objp->version)) - return FALSE; - if (objp->version != OSA_ADB_PRINC_VERSION_1) - return FALSE; - break; + if (!xdr_int(xdrs, &objp->version)) + return FALSE; + if (objp->version != OSA_ADB_PRINC_VERSION_1) + return FALSE; + break; } if (!xdr_nullstring(xdrs, &objp->policy)) - return (FALSE); + return (FALSE); if (!xdr_long(xdrs, &objp->aux_attributes)) - return (FALSE); + return (FALSE); if (!xdr_u_int(xdrs, &objp->old_key_next)) - return (FALSE); + return (FALSE); if (!xdr_krb5_kvno(xdrs, &objp->admin_history_kvno)) - return (FALSE); + return (FALSE); if (!xdr_array(xdrs, (caddr_t *) &objp->old_keys, - (unsigned int *) &objp->old_key_len, ~0, - sizeof(osa_pw_hist_ent), - xdr_osa_pw_hist_ent)) - return (FALSE); + (unsigned int *) &objp->old_key_len, ~0, + sizeof(osa_pw_hist_ent), + xdr_osa_pw_hist_ent)) + return (FALSE); return (TRUE); } Modified: trunk/src/lib/krb5/krb/strftime.c =================================================================== --- trunk/src/lib/krb5/krb/strftime.c 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/lib/krb5/krb/strftime.c 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ /* $NetBSD: strftime.c,v 1.8 1999/02/07 17:33:30 augustss Exp $ */ /* Modified: trunk/src/lib/krb5/krb/strptime.c =================================================================== --- trunk/src/lib/krb5/krb/strptime.c 2009-11-04 00:21:35 UTC (rev 23125) +++ trunk/src/lib/krb5/krb/strptime.c 2009-11-04 04:28:17 UTC (rev 23126) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ /* $NetBSD: strptime.c,v 1.18 1999/04/29 02:58:30 tv Exp $ */ /*- From ghudson at MIT.EDU Wed Nov 4 11:31:41 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 4 Nov 2009 11:31:41 -0500 Subject: svn rev #23128: trunk/src/lib/krb5/krb/ Message-ID: <200911041631.nA4GVfwA001864@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23128 Commit By: ghudson Log Message: Restore the krb5 1.6 behavior of not retrying AS requests after PREAUTH_FAILED errors. Among other things, this change causes krb5_get_init_creds_opt_set_pa to act (mostly) as a constraint rather than simply as an optimistic set of preauth types, which is the behavior apps had been seeing prior to 1.7. Changed Files: U trunk/src/lib/krb5/krb/get_in_tkt.c Modified: trunk/src/lib/krb5/krb/get_in_tkt.c =================================================================== --- trunk/src/lib/krb5/krb/get_in_tkt.c 2009-11-04 04:28:24 UTC (rev 23127) +++ trunk/src/lib/krb5/krb/get_in_tkt.c 2009-11-04 16:31:41 UTC (rev 23128) @@ -1057,21 +1057,6 @@ return ret; } -/* Decide whether to continue trying AS-REQ preauthentication. */ -static krb5_boolean -should_continue_preauth(krb5_ui_4 error, int loopcount) -{ - /* - * Continue on PREAUTH_FAILED only on the first iteration, which - * would imply that we did optimistic preauth unsuccessfully. We - * could continue on later iterations if the preauth framework - * reliably remembered what mechanisms had been tried, but - * currently it does not do so for built-in mechanisms. - */ - return (error == KDC_ERR_PREAUTH_REQUIRED || - (error == KDC_ERR_PREAUTH_FAILED && loopcount == 0)); -} - krb5_error_code KRB5_CALLCONV krb5_get_init_creds(krb5_context context, krb5_creds *creds, @@ -1429,7 +1414,7 @@ &out_padata, &retry); if (ret !=0) goto cleanup; - if (should_continue_preauth(err_reply->error, loopcount) && retry) { + if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED && retry) { /* reset the list of preauth types to try */ if (preauth_to_use) { krb5_free_pa_data(context, preauth_to_use); From raeburn at MIT.EDU Wed Nov 4 13:11:51 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 4 Nov 2009 13:11:51 -0500 Subject: svn rev #23129: trunk/src/ kadmin/server/ kdc/ Message-ID: <200911041811.nA4IBpNu009796@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23129 Commit By: raeburn Log Message: Use "unsigned short" instead of "u_short" in argument to SET macro; the Emacs cc-mode indentation code seems to get confused by the one-word case. Reindent. Changed Files: U trunk/src/kadmin/server/network.c U trunk/src/kdc/network.c Modified: trunk/src/kadmin/server/network.c =================================================================== --- trunk/src/kadmin/server/network.c 2009-11-04 16:31:41 UTC (rev 23128) +++ trunk/src/kadmin/server/network.c 2009-11-04 18:11:51 UTC (rev 23129) @@ -260,14 +260,19 @@ #define conns connections.data /* Set udp_port_data, tcp_port_data; */ -static SET(u_short) udp_port_data, tcp_port_data; +/* + * N.B.: The Emacs cc-mode indentation code seems to get confused if + * the macro argument here is one word only. So use "unsigned short" + * instead of the "u_short" we were using before. + */ +static SET(unsigned short) udp_port_data, tcp_port_data; - struct rpc_svc_data { - u_short port; - u_long prognum; - u_long versnum; - void (*dispatch)(); - }; +struct rpc_svc_data { + u_short port; + u_long prognum; + u_long versnum; + void (*dispatch)(); +}; static SET(struct rpc_svc_data) rpc_svc_data; Modified: trunk/src/kdc/network.c =================================================================== --- trunk/src/kdc/network.c 2009-11-04 16:31:41 UTC (rev 23128) +++ trunk/src/kdc/network.c 2009-11-04 18:11:51 UTC (rev 23129) @@ -250,13 +250,18 @@ #define conns connections.data /* Set udp_port_data, tcp_port_data; */ -static SET(u_short) udp_port_data, tcp_port_data; +/* + * N.B.: The Emacs cc-mode indentation code seems to get confused if + * the macro argument here is one word only. So use "unsigned short" + * instead of the "u_short" we were using before. + */ +static SET(unsigned short) udp_port_data, tcp_port_data; #include "cm.h" - static struct select_state sstate; +static struct select_state sstate; - static krb5_error_code add_udp_port(int port) +static krb5_error_code add_udp_port(int port) { int i; void *tmp; From ghudson at MIT.EDU Wed Nov 4 15:16:13 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 4 Nov 2009 15:16:13 -0500 Subject: svn rev #23130: trunk/src/ Message-ID: <200911042016.nA4KGDbs025659@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23130 Commit By: ghudson Log Message: Remove cast-qual from the gcc warnings set; it is too common for us to have to explicitly override const in order to implement strchr-like functions or place pointers into read-only krb5_data objects. Changed Files: U trunk/src/aclocal.m4 Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-11-04 18:11:51 UTC (rev 23129) +++ trunk/src/aclocal.m4 2009-11-04 20:16:13 UTC (rev 23130) @@ -551,7 +551,7 @@ AC_DEFINE(CONFIG_SMALL,1,[Define to reduce code size even if it means more cpu usage]) fi # -Wno-long-long, if needed, for k5-platform.h without inttypes.h etc. -extra_gcc_warn_opts="-Wall -Wcast-qual -Wcast-align -Wshadow" +extra_gcc_warn_opts="-Wall -Wcast-align -Wshadow" # -Wmissing-prototypes if test "$GCC" = yes ; then # Putting this here means we get -Os after -O2, which works. From tlyu at MIT.EDU Wed Nov 4 22:26:26 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 4 Nov 2009 22:26:26 -0500 Subject: svn rev #23131: trunk/src/ lib/krb5/krb/ Message-ID: <200911050326.nA53QQUe024046@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23131 Commit By: tlyu Log Message: Deal with some open paren formatting issues, and reindent. Make preauth.c use the function pointer typdefs in the prototypes as well. Changed Files: U trunk/src/Makefile.in U trunk/src/lib/krb5/krb/preauth.c U trunk/src/lib/krb5/krb/ser_ctx.c Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-11-04 20:16:13 UTC (rev 23130) +++ trunk/src/Makefile.in 2009-11-05 03:26:25 UTC (rev 23131) @@ -675,8 +675,6 @@ OTHEREXCLUDES = \ lib/krb5/asn.1 \ lib/krb5/krb/deltat.c \ - lib/krb5/krb/preauth.c \ - lib/krb5/krb/ser_ctx.c \ lib/krb5/unicode EXCLUDES = `for i in $(BSDFILES) $(OTHEREXCLUDES); do echo $$i; done | $(AWK) '{ print "-path", $$1, "-o" }'` -path /dev/null Modified: trunk/src/lib/krb5/krb/preauth.c =================================================================== --- trunk/src/lib/krb5/krb/preauth.c 2009-11-04 20:16:13 UTC (rev 23130) +++ trunk/src/lib/krb5/krb/preauth.c 2009-11-05 03:26:25 UTC (rev 23131) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1995 by the Massachusetts Institute of Technology. All * Rights Reserved. @@ -33,81 +34,81 @@ #include #include -static krb5_error_code obtain_enc_ts_padata - (krb5_context, - krb5_pa_data *, - krb5_etype_info, - krb5_keyblock *, - krb5_error_code ( * )(krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_creds *, - krb5_kdc_req *, - krb5_pa_data **); +/* some typedefs for the function args to make things look a bit cleaner */ -static krb5_error_code process_pw_salt - (krb5_context, - krb5_pa_data *, - krb5_kdc_req *, - krb5_kdc_rep *, - krb5_error_code ( * )(krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_error_code ( * )(krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ), - krb5_keyblock **, - krb5_creds *, - krb5_int32 *, - krb5_int32 *); +typedef krb5_error_code (*git_key_proc)( + krb5_context, + const krb5_enctype, + krb5_data *, + krb5_const_pointer, + krb5_keyblock **); -static krb5_error_code obtain_sam_padata - (krb5_context, - krb5_pa_data *, - krb5_etype_info, - krb5_keyblock *, - krb5_error_code ( * )(krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_creds *, - krb5_kdc_req *, - krb5_pa_data **); +typedef krb5_error_code (*git_decrypt_proc)( + krb5_context, + const krb5_keyblock *, + krb5_const_pointer, + krb5_kdc_rep *); +static krb5_error_code obtain_enc_ts_padata( + krb5_context, + krb5_pa_data *, + krb5_etype_info, + krb5_keyblock *, + git_key_proc, + krb5_const_pointer, + krb5_creds *, + krb5_kdc_req *, + krb5_pa_data **); + +static krb5_error_code process_pw_salt( + krb5_context, + krb5_pa_data *, + krb5_kdc_req *, + krb5_kdc_rep *, + git_key_proc, + krb5_const_pointer, + git_decrypt_proc, + krb5_keyblock **, + krb5_creds *, + krb5_int32 *, + krb5_int32 *); + +static krb5_error_code obtain_sam_padata( + krb5_context, + krb5_pa_data *, + krb5_etype_info, + krb5_keyblock *, + git_key_proc, + krb5_const_pointer, + krb5_creds *, + krb5_kdc_req *, + krb5_pa_data **); + static const krb5_preauth_ops preauth_systems[] = { { - KV5M_PREAUTH_OPS, - KRB5_PADATA_ENC_TIMESTAMP, + KV5M_PREAUTH_OPS, + KRB5_PADATA_ENC_TIMESTAMP, 0, obtain_enc_ts_padata, 0, }, { - KV5M_PREAUTH_OPS, - KRB5_PADATA_PW_SALT, + KV5M_PREAUTH_OPS, + KRB5_PADATA_PW_SALT, 0, 0, process_pw_salt, }, { - KV5M_PREAUTH_OPS, - KRB5_PADATA_AFS3_SALT, + KV5M_PREAUTH_OPS, + KRB5_PADATA_AFS3_SALT, 0, 0, process_pw_salt, }, { - KV5M_PREAUTH_OPS, - KRB5_PADATA_SAM_CHALLENGE, + KV5M_PREAUTH_OPS, + KRB5_PADATA_SAM_CHALLENGE, 0, obtain_sam_padata, 0, @@ -115,60 +116,47 @@ { KV5M_PREAUTH_OPS, -1 } }; -static krb5_error_code find_pa_system - (krb5_preauthtype type, const krb5_preauth_ops **Preauth_proc); +static krb5_error_code +find_pa_system(krb5_preauthtype type, const krb5_preauth_ops **Preauth_proc); -/* some typedef's for the function args to make things look a bit cleaner */ - -typedef krb5_error_code (*git_key_proc) (krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **); - -typedef krb5_error_code (*git_decrypt_proc) (krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep *); - krb5_error_code krb5_obtain_padata(krb5_context context, krb5_pa_data **preauth_to_use, git_key_proc key_proc, krb5_const_pointer key_seed, krb5_creds *creds, krb5_kdc_req *request) { - krb5_error_code retval; - krb5_etype_info etype_info = 0; - krb5_pa_data ** pa; - krb5_pa_data ** send_pa_list; - krb5_pa_data ** send_pa; - const krb5_preauth_ops *ops; - krb5_keyblock * def_enc_key = 0; - krb5_enctype enctype; - krb5_data salt; - krb5_data scratch; - int size; - int f_salt = 0; + krb5_error_code retval; + krb5_etype_info etype_info = 0; + krb5_pa_data ** pa; + krb5_pa_data ** send_pa_list; + krb5_pa_data ** send_pa; + const krb5_preauth_ops *ops; + krb5_keyblock * def_enc_key = 0; + krb5_enctype enctype; + krb5_data salt; + krb5_data scratch; + int size; + int f_salt = 0; if (preauth_to_use == NULL) - return 0; + return 0; for (pa = preauth_to_use, size=0; *pa; pa++, size++) { - if ((*pa)->pa_type == KRB5_PADATA_ETYPE_INFO) { - /* XXX use the first one. Is there another way to disambiguate? */ - if (etype_info) - continue; + if ((*pa)->pa_type == KRB5_PADATA_ETYPE_INFO) { + /* XXX use the first one. Is there another way to disambiguate? */ + if (etype_info) + continue; - scratch.length = (*pa)->length; - scratch.data = (char *) (*pa)->contents; - retval = decode_krb5_etype_info(&scratch, &etype_info); - if (retval) - return retval; - if (etype_info[0] == NULL) { - krb5_free_etype_info(context, etype_info); - etype_info = NULL; - } - } + scratch.length = (*pa)->length; + scratch.data = (char *) (*pa)->contents; + retval = decode_krb5_etype_info(&scratch, &etype_info); + if (retval) + return retval; + if (etype_info[0] == NULL) { + krb5_free_etype_info(context, etype_info); + etype_info = NULL; + } + } } if ((send_pa_list = malloc((size+1) * sizeof(krb5_pa_data *))) == NULL) - return ENOMEM; + return ENOMEM; send_pa = send_pa_list; *send_pa = 0; @@ -177,61 +165,61 @@ salt.data = 0; salt.length = SALT_TYPE_NO_LENGTH; if (etype_info) { - enctype = etype_info[0]->etype; - salt.data = (char *) etype_info[0]->salt; - if(etype_info[0]->length == KRB5_ETYPE_NO_SALT) - salt.length = SALT_TYPE_NO_LENGTH; /* XXX */ - else - salt.length = etype_info[0]->length; + enctype = etype_info[0]->etype; + salt.data = (char *) etype_info[0]->salt; + if(etype_info[0]->length == KRB5_ETYPE_NO_SALT) + salt.length = SALT_TYPE_NO_LENGTH; /* XXX */ + else + salt.length = etype_info[0]->length; } if (salt.length == SALT_TYPE_NO_LENGTH) { /* - * This will set the salt length - */ - if ((retval = krb5_principal2salt(context, request->client, &salt))) - goto cleanup; - f_salt = 1; + * This will set the salt length + */ + if ((retval = krb5_principal2salt(context, request->client, &salt))) + goto cleanup; + f_salt = 1; } if ((retval = (*key_proc)(context, enctype, &salt, key_seed, - &def_enc_key))) - goto cleanup; + &def_enc_key))) + goto cleanup; for (pa = preauth_to_use; *pa; pa++) { - if (find_pa_system((*pa)->pa_type, &ops)) - continue; + if (find_pa_system((*pa)->pa_type, &ops)) + continue; - if (ops->obtain == 0) - continue; + if (ops->obtain == 0) + continue; - retval = ((ops)->obtain)(context, *pa, etype_info, def_enc_key, - key_proc, key_seed, creds, - request, send_pa); - if (retval) - goto cleanup; + retval = ((ops)->obtain)(context, *pa, etype_info, def_enc_key, + key_proc, key_seed, creds, + request, send_pa); + if (retval) + goto cleanup; - if (*send_pa) - send_pa++; - *send_pa = 0; + if (*send_pa) + send_pa++; + *send_pa = 0; } retval = 0; if (send_pa_list[0]) { - request->padata = send_pa_list; - send_pa_list = 0; + request->padata = send_pa_list; + send_pa_list = 0; } cleanup: if (etype_info) - krb5_free_etype_info(context, etype_info); + krb5_free_etype_info(context, etype_info); if (f_salt) - free(salt.data); + free(salt.data); if (send_pa_list) - krb5_free_pa_data(context, send_pa_list); + krb5_free_pa_data(context, send_pa_list); if (def_enc_key) - krb5_free_keyblock(context, def_enc_key); + krb5_free_keyblock(context, def_enc_key); return retval; } @@ -239,29 +227,29 @@ krb5_error_code krb5_process_padata(krb5_context context, krb5_kdc_req *request, krb5_kdc_rep *as_reply, git_key_proc key_proc, krb5_const_pointer keyseed, git_decrypt_proc decrypt_proc, krb5_keyblock **decrypt_key, krb5_creds *creds, krb5_int32 *do_more) { - krb5_error_code retval = 0; - const krb5_preauth_ops * ops; - krb5_pa_data ** pa; - krb5_int32 done = 0; + krb5_error_code retval = 0; + const krb5_preauth_ops * ops; + krb5_pa_data ** pa; + krb5_int32 done = 0; - *do_more = 0; /* By default, we don't need to repeat... */ + *do_more = 0; /* By default, we don't need to repeat... */ if (as_reply->padata == 0) - return 0; + return 0; for (pa = as_reply->padata; *pa; pa++) { - if (find_pa_system((*pa)->pa_type, &ops)) - continue; + if (find_pa_system((*pa)->pa_type, &ops)) + continue; - if (ops->process == 0) - continue; + if (ops->process == 0) + continue; - retval = ((ops)->process)(context, *pa, request, as_reply, - key_proc, keyseed, decrypt_proc, - decrypt_key, creds, do_more, &done); - if (retval) - goto cleanup; - if (done) - break; + retval = ((ops)->process)(context, *pa, request, as_reply, + key_proc, keyseed, decrypt_proc, + decrypt_key, creds, do_more, &done); + if (retval) + goto cleanup; + if (done) + break; } cleanup: @@ -276,35 +264,35 @@ static krb5_error_code obtain_enc_ts_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info etype_info, krb5_keyblock *def_enc_key, git_key_proc key_proc, krb5_const_pointer key_seed, krb5_creds *creds, krb5_kdc_req *request, krb5_pa_data **out_padata) { - krb5_pa_enc_ts pa_enc; - krb5_error_code retval; - krb5_data * scratch; - krb5_enc_data enc_data; - krb5_pa_data * pa; + krb5_pa_enc_ts pa_enc; + krb5_error_code retval; + krb5_data * scratch; + krb5_enc_data enc_data; + krb5_pa_data * pa; retval = krb5_us_timeofday(context, &pa_enc.patimestamp, &pa_enc.pausec); if (retval) - return retval; + return retval; if ((retval = encode_krb5_pa_enc_ts(&pa_enc, &scratch)) != 0) - return retval; + return retval; enc_data.ciphertext.data = 0; if ((retval = krb5_encrypt_helper(context, def_enc_key, - KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS, - scratch, &enc_data))) - goto cleanup; + KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS, + scratch, &enc_data))) + goto cleanup; krb5_free_data(context, scratch); scratch = 0; if ((retval = encode_krb5_enc_data(&enc_data, &scratch)) != 0) - goto cleanup; + goto cleanup; if ((pa = malloc(sizeof(krb5_pa_data))) == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } pa->magic = KV5M_PA_DATA; @@ -321,29 +309,29 @@ cleanup: if (scratch) - krb5_free_data(context, scratch); + krb5_free_data(context, scratch); if (enc_data.ciphertext.data) - free(enc_data.ciphertext.data); + free(enc_data.ciphertext.data); return retval; } static krb5_error_code process_pw_salt(krb5_context context, krb5_pa_data *padata, krb5_kdc_req *request, krb5_kdc_rep *as_reply, git_key_proc key_proc, krb5_const_pointer keyseed, git_decrypt_proc decrypt_proc, krb5_keyblock **decrypt_key, krb5_creds *creds, krb5_int32 *do_more, krb5_int32 *done) { - krb5_error_code retval; - krb5_data salt; + krb5_error_code retval; + krb5_data salt; if (*decrypt_key != 0) - return 0; + return 0; salt.data = (char *) padata->contents; salt.length = - (padata->pa_type == KRB5_PADATA_AFS3_SALT)?(SALT_TYPE_AFS_LENGTH):(padata->length); + (padata->pa_type == KRB5_PADATA_AFS3_SALT)?(SALT_TYPE_AFS_LENGTH):(padata->length); if ((retval = (*key_proc)(context, as_reply->enc_part.enctype, - &salt, keyseed, decrypt_key))) { - *decrypt_key = 0; - return retval; + &salt, keyseed, decrypt_key))) { + *decrypt_key = 0; + return retval; } return 0; @@ -355,9 +343,9 @@ const krb5_preauth_ops *ap = preauth_systems; while ((ap->type != -1) && (ap->type != type)) - ap++; + ap++; if (ap->type == -1) - return(KRB5_PREAUTH_BAD_TYPE); + return(KRB5_PREAUTH_BAD_TYPE); *preauth = ap; return 0; } @@ -368,8 +356,8 @@ static krb5_error_code sam_get_pass_from_user(krb5_context context, krb5_etype_info etype_info, git_key_proc key_proc, krb5_const_pointer key_seed, krb5_kdc_req *request, krb5_keyblock **new_enc_key, const char *prompt) { - krb5_enctype enctype; - krb5_error_code retval; + krb5_enctype enctype; + krb5_error_code retval; const char *oldprompt; /* enctype = request->ktype[0]; */ @@ -378,12 +366,12 @@ oldprompt = krb5_default_pwd_prompt1; krb5_default_pwd_prompt1 = prompt; { - krb5_data newpw; - newpw.data = 0; newpw.length = 0; - /* we don't keep the new password, just the key... */ - retval = (*key_proc)(context, enctype, 0, - (krb5_const_pointer)&newpw, new_enc_key); - free(newpw.data); + krb5_data newpw; + newpw.data = 0; newpw.length = 0; + /* we don't keep the new password, just the key... */ + retval = (*key_proc)(context, enctype, 0, + (krb5_const_pointer)&newpw, new_enc_key); + free(newpw.data); } krb5_default_pwd_prompt1 = oldprompt; return retval; @@ -400,47 +388,47 @@ struct k5buf buf; if (sc->sam_cksum.length == 0) { - /* or invalid -- but lets just handle presence now XXX */ - switch (sc->sam_type) { - case PA_SAM_TYPE_ENIGMA: /* Enigma Logic */ - label = "Challenge for Enigma Logic mechanism"; - break; - case PA_SAM_TYPE_DIGI_PATH: /* Digital Pathways */ - case PA_SAM_TYPE_DIGI_PATH_HEX: /* Digital Pathways */ - label = "Challenge for Digital Pathways mechanism"; - break; - case PA_SAM_TYPE_ACTIVCARD_DEC: /* Digital Pathways */ - case PA_SAM_TYPE_ACTIVCARD_HEX: /* Digital Pathways */ - label = "Challenge for Activcard mechanism"; - break; - case PA_SAM_TYPE_SKEY_K0: /* S/key where KDC has key 0 */ - label = "Challenge for Enhanced S/Key mechanism"; - break; - case PA_SAM_TYPE_SKEY: /* Traditional S/Key */ - label = "Challenge for Traditional S/Key mechanism"; - break; - case PA_SAM_TYPE_SECURID: /* Security Dynamics */ - label = "Challenge for Security Dynamics mechanism"; - break; - case PA_SAM_TYPE_SECURID_PREDICT: /* predictive Security Dynamics */ - label = "Challenge for Security Dynamics mechanism"; - break; - } - prompt = "Passcode"; - label_len = strlen(label); - prompt_len = strlen(prompt); + /* or invalid -- but lets just handle presence now XXX */ + switch (sc->sam_type) { + case PA_SAM_TYPE_ENIGMA: /* Enigma Logic */ + label = "Challenge for Enigma Logic mechanism"; + break; + case PA_SAM_TYPE_DIGI_PATH: /* Digital Pathways */ + case PA_SAM_TYPE_DIGI_PATH_HEX: /* Digital Pathways */ + label = "Challenge for Digital Pathways mechanism"; + break; + case PA_SAM_TYPE_ACTIVCARD_DEC: /* Digital Pathways */ + case PA_SAM_TYPE_ACTIVCARD_HEX: /* Digital Pathways */ + label = "Challenge for Activcard mechanism"; + break; + case PA_SAM_TYPE_SKEY_K0: /* S/key where KDC has key 0 */ + label = "Challenge for Enhanced S/Key mechanism"; + break; + case PA_SAM_TYPE_SKEY: /* Traditional S/Key */ + label = "Challenge for Traditional S/Key mechanism"; + break; + case PA_SAM_TYPE_SECURID: /* Security Dynamics */ + label = "Challenge for Security Dynamics mechanism"; + break; + case PA_SAM_TYPE_SECURID_PREDICT: /* predictive Security Dynamics */ + label = "Challenge for Security Dynamics mechanism"; + break; + } + prompt = "Passcode"; + label_len = strlen(label); + prompt_len = strlen(prompt); } /* example: Challenge for Digital Pathways mechanism: [134591] Passcode: - */ + */ krb5int_buf_init_dynamic(&buf); if (challenge_len) { - krb5int_buf_add_len(&buf, label, label_len); - krb5int_buf_add(&buf, ": ["); - krb5int_buf_add_len(&buf, challenge, challenge_len); - krb5int_buf_add(&buf, "]\n"); + krb5int_buf_add_len(&buf, label, label_len); + krb5int_buf_add(&buf, ": ["); + krb5int_buf_add_len(&buf, challenge, challenge_len); + krb5int_buf_add(&buf, "]\n"); } krb5int_buf_add_len(&buf, prompt, prompt_len); krb5int_buf_add(&buf, ": "); @@ -454,15 +442,15 @@ static krb5_error_code obtain_sam_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info etype_info, krb5_keyblock *def_enc_key, git_key_proc key_proc, krb5_const_pointer key_seed, krb5_creds *creds, krb5_kdc_req *request, krb5_pa_data **out_padata) { - krb5_error_code retval; - krb5_data * scratch = 0; - krb5_data tmpsam; - krb5_pa_data * pa; - krb5_sam_challenge *sam_challenge = 0; - krb5_sam_response sam_response; + krb5_error_code retval; + krb5_data * scratch = 0; + krb5_data tmpsam; + krb5_pa_data * pa; + krb5_sam_challenge *sam_challenge = 0; + krb5_sam_response sam_response; /* these two get encrypted and stuffed in to sam_response */ - krb5_enc_sam_response_enc enc_sam_response_enc; - krb5_keyblock * sam_use_key = 0; + krb5_enc_sam_response_enc enc_sam_response_enc; + krb5_keyblock * sam_use_key = 0; char *prompt = 0, *passcode = 0; sam_response.sam_enc_nonce_or_ts.ciphertext.data = 0; @@ -471,56 +459,56 @@ tmpsam.data = (char *) in_padata->contents; retval = decode_krb5_sam_challenge(&tmpsam, &sam_challenge); if (retval) - return retval; + return retval; if (sam_challenge->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) { - retval = KRB5_SAM_UNSUPPORTED; - goto cleanup; + retval = KRB5_SAM_UNSUPPORTED; + goto cleanup; } enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce; if (!sam_challenge->sam_nonce) { - retval = krb5_us_timeofday(context, - &enc_sam_response_enc.sam_timestamp, - &enc_sam_response_enc.sam_usec); - if (retval) - goto cleanup; - sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp; + retval = krb5_us_timeofday(context, + &enc_sam_response_enc.sam_timestamp, + &enc_sam_response_enc.sam_usec); + if (retval) + goto cleanup; + sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp; } if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) { - /* encrypt passcode in key by stuffing it here */ - unsigned int pcsize = 256; - passcode = malloc(pcsize + 1); - if (passcode == NULL) { - retval = ENOMEM; - goto cleanup; - } - prompt = handle_sam_labels(sam_challenge); - if (prompt == NULL) { - retval = ENOMEM; - goto cleanup; - } - retval = krb5_read_password(context, prompt, 0, passcode, &pcsize); - if (retval) - goto cleanup; - enc_sam_response_enc.sam_sad.data = passcode; - enc_sam_response_enc.sam_sad.length = pcsize; + /* encrypt passcode in key by stuffing it here */ + unsigned int pcsize = 256; + passcode = malloc(pcsize + 1); + if (passcode == NULL) { + retval = ENOMEM; + goto cleanup; + } + prompt = handle_sam_labels(sam_challenge); + if (prompt == NULL) { + retval = ENOMEM; + goto cleanup; + } + retval = krb5_read_password(context, prompt, 0, passcode, &pcsize); + if (retval) + goto cleanup; + enc_sam_response_enc.sam_sad.data = passcode; + enc_sam_response_enc.sam_sad.length = pcsize; } else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) { - prompt = handle_sam_labels(sam_challenge); - if (prompt == NULL) { - retval = ENOMEM; - goto cleanup; - } - retval = sam_get_pass_from_user(context, etype_info, key_proc, - key_seed, request, &sam_use_key, - prompt); - if (retval) - goto cleanup; - enc_sam_response_enc.sam_sad.length = 0; + prompt = handle_sam_labels(sam_challenge); + if (prompt == NULL) { + retval = ENOMEM; + goto cleanup; + } + retval = sam_get_pass_from_user(context, etype_info, key_proc, + key_seed, request, &sam_use_key, + prompt); + if (retval) + goto cleanup; + enc_sam_response_enc.sam_sad.length = 0; } else { - /* what *was* it? */ - retval = KRB5_SAM_UNSUPPORTED; - goto cleanup; + /* what *was* it? */ + retval = KRB5_SAM_UNSUPPORTED; + goto cleanup; } /* so at this point, either sam_use_key is generated from the passcode @@ -528,14 +516,14 @@ * def_enc_key instead. */ /* encode the encoded part of the response */ if ((retval = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc, - &scratch)) != 0) - goto cleanup; + &scratch)) != 0) + goto cleanup; if ((retval = krb5_encrypt_helper(context, - sam_use_key?sam_use_key:def_enc_key, - 0, scratch, - &sam_response.sam_enc_nonce_or_ts))) - goto cleanup; + sam_use_key?sam_use_key:def_enc_key, + 0, scratch, + &sam_response.sam_enc_nonce_or_ts))) + goto cleanup; krb5_free_data(context, scratch); scratch = 0; @@ -551,11 +539,11 @@ sam_response.magic = KV5M_SAM_RESPONSE; if ((retval = encode_krb5_sam_response(&sam_response, &scratch)) != 0) - goto cleanup; + goto cleanup; if ((pa = malloc(sizeof(krb5_pa_data))) == NULL) { - retval = ENOMEM; - goto cleanup; + retval = ENOMEM; + goto cleanup; } pa->magic = KV5M_PA_DATA; Modified: trunk/src/lib/krb5/krb/ser_ctx.c =================================================================== --- trunk/src/lib/krb5/krb/ser_ctx.c 2009-11-04 20:16:13 UTC (rev 23130) +++ trunk/src/lib/krb5/krb/ser_ctx.c 2009-11-05 03:26:25 UTC (rev 23131) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/ser_ctx.c * @@ -26,70 +27,78 @@ */ /* - * ser_ctx.c - Routines to deal with serializing the krb5_context and - * krb5_os_context structures. + * ser_ctx.c - Routines to deal with serializing the krb5_context and + * krb5_os_context structures. */ #include "k5-int.h" /* * Routines to deal with externalizing the krb5_context: - * krb5_context_size(); - * krb5_context_externalize(); - * krb5_context_internalize(); + * krb5_context_size(); + * krb5_context_externalize(); + * krb5_context_internalize(); * * Routines to deal with externalizing the krb5_os_context: - * krb5_oscontext_size(); - * krb5_oscontext_externalize(); - * krb5_oscontext_internalize(); + * krb5_oscontext_size(); + * krb5_oscontext_externalize(); + * krb5_oscontext_internalize(); * * Routines to deal with externalizing the profile. - * profile_ser_size(); - * profile_ser_externalize(); - * profile_ser_internalize(); + * profile_ser_size(); + * profile_ser_externalize(); + * profile_ser_internalize(); * * Interface to initialize serializing of krb5_context and krb5_os_context: - * krb5_ser_context_init(); + * krb5_ser_context_init(); */ -static krb5_error_code krb5_context_size - (krb5_context, krb5_pointer, size_t *); -static krb5_error_code krb5_context_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); -static krb5_error_code krb5_context_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); -static krb5_error_code krb5_oscontext_size - (krb5_context, krb5_pointer, size_t *); -static krb5_error_code krb5_oscontext_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); -static krb5_error_code krb5_oscontext_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +static krb5_error_code +krb5_context_size(krb5_context, krb5_pointer, size_t *); + +static krb5_error_code +krb5_context_externalize(krb5_context, krb5_pointer, krb5_octet **, size_t *); + +static krb5_error_code +krb5_context_internalize(krb5_context, krb5_pointer *, krb5_octet **, size_t *); + +static krb5_error_code +krb5_oscontext_size(krb5_context, krb5_pointer, size_t *); + +static krb5_error_code +krb5_oscontext_externalize(krb5_context, krb5_pointer, krb5_octet **, size_t *); + +static krb5_error_code +krb5_oscontext_internalize(krb5_context, krb5_pointer *, + krb5_octet **, size_t *); + #ifndef LEAN_CLIENT -krb5_error_code profile_ser_size - (krb5_context, krb5_pointer, size_t *); -krb5_error_code profile_ser_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); -krb5_error_code profile_ser_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); +krb5_error_code profile_ser_size(krb5_context, krb5_pointer, size_t *); + +krb5_error_code profile_ser_externalize(krb5_context, krb5_pointer, + krb5_octet **, size_t *); + +krb5_error_code profile_ser_internalize(krb5_context, krb5_pointer *, + krb5_octet **, size_t *); #endif /* LEAN_CLIENT */ /* Local data */ static const krb5_ser_entry krb5_context_ser_entry = { - KV5M_CONTEXT, /* Type */ - krb5_context_size, /* Sizer routine */ - krb5_context_externalize, /* Externalize routine */ - krb5_context_internalize /* Internalize routine */ + KV5M_CONTEXT, /* Type */ + krb5_context_size, /* Sizer routine */ + krb5_context_externalize, /* Externalize routine */ + krb5_context_internalize /* Internalize routine */ }; static const krb5_ser_entry krb5_oscontext_ser_entry = { - KV5M_OS_CONTEXT, /* Type */ - krb5_oscontext_size, /* Sizer routine */ - krb5_oscontext_externalize, /* Externalize routine */ - krb5_oscontext_internalize /* Internalize routine */ + KV5M_OS_CONTEXT, /* Type */ + krb5_oscontext_size, /* Sizer routine */ + krb5_oscontext_externalize, /* Externalize routine */ + krb5_oscontext_internalize /* Internalize routine */ }; #ifndef LEAN_CLIENT static const krb5_ser_entry krb5_profile_ser_entry = { - PROF_MAGIC_PROFILE, /* Type */ - profile_ser_size, /* Sizer routine */ - profile_ser_externalize, /* Externalize routine */ - profile_ser_internalize /* Internalize routine */ + PROF_MAGIC_PROFILE, /* Type */ + profile_ser_size, /* Sizer routine */ + profile_ser_externalize, /* Externalize routine */ + profile_ser_internalize /* Internalize routine */ }; #endif /* LEAN_CLIENT */ @@ -99,227 +108,227 @@ unsigned int i; if (list == NULL) - return 0; + return 0; for (i = 0; list[i]; i++); return i; } /* - * krb5_context_size() - Determine the size required to externalize the - * krb5_context. + * krb5_context_size() - Determine the size required to externalize the + * krb5_context. */ static krb5_error_code krb5_context_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - size_t required; - krb5_context context; + krb5_error_code kret; + size_t required; + krb5_context context; /* * The KRB5 context itself requires: - * krb5_int32 for KV5M_CONTEXT - * krb5_int32 for sizeof(default_realm) - * strlen(default_realm) for default_realm. - * krb5_int32 for n_in_tkt_etypes*sizeof(krb5_int32) - * nktypes*sizeof(krb5_int32) for in_tkt_etypes. - * krb5_int32 for n_tgs_etypes*sizeof(krb5_int32) - * nktypes*sizeof(krb5_int32) for tgs_etypes. - * krb5_int32 for clockskew - * krb5_int32 for kdc_req_sumtype - * krb5_int32 for ap_req_sumtype - * krb5_int32 for safe_sumtype - * krb5_int32 for kdc_default_options - * krb5_int32 for library_options - * krb5_int32 for profile_secure - * krb5_int32 for fcc_default_format - * <> for os_context - * <> for db_context - * <> for profile - * krb5_int32 for trailer. + * krb5_int32 for KV5M_CONTEXT + * krb5_int32 for sizeof(default_realm) + * strlen(default_realm) for default_realm. + * krb5_int32 for n_in_tkt_etypes*sizeof(krb5_int32) + * nktypes*sizeof(krb5_int32) for in_tkt_etypes. + * krb5_int32 for n_tgs_etypes*sizeof(krb5_int32) + * nktypes*sizeof(krb5_int32) for tgs_etypes. + * krb5_int32 for clockskew + * krb5_int32 for kdc_req_sumtype + * krb5_int32 for ap_req_sumtype + * krb5_int32 for safe_sumtype + * krb5_int32 for kdc_default_options + * krb5_int32 for library_options + * krb5_int32 for profile_secure + * krb5_int32 for fcc_default_format + * <> for os_context + * <> for db_context + * <> for profile + * krb5_int32 for trailer. */ kret = EINVAL; if ((context = (krb5_context) arg)) { - /* Calculate base length */ - required = (14 * sizeof(krb5_int32) + - (etypes_len(context->in_tkt_etypes) * sizeof(krb5_int32)) + - (etypes_len(context->tgs_etypes) * sizeof(krb5_int32))); + /* Calculate base length */ + required = (14 * sizeof(krb5_int32) + + (etypes_len(context->in_tkt_etypes) * sizeof(krb5_int32)) + + (etypes_len(context->tgs_etypes) * sizeof(krb5_int32))); - if (context->default_realm) - required += strlen(context->default_realm); - /* Calculate size required by os_context, if appropriate */ - kret = krb5_size_opaque(kcontext, - KV5M_OS_CONTEXT, - (krb5_pointer) &context->os_context, - &required); + if (context->default_realm) + required += strlen(context->default_realm); + /* Calculate size required by os_context, if appropriate */ + kret = krb5_size_opaque(kcontext, + KV5M_OS_CONTEXT, + (krb5_pointer) &context->os_context, + &required); - /* Calculate size required by db_context, if appropriate */ - if (!kret && context->dal_handle) - kret = krb5_size_opaque(kcontext, - KV5M_DB_CONTEXT, - (krb5_pointer) context->dal_handle, - &required); + /* Calculate size required by db_context, if appropriate */ + if (!kret && context->dal_handle) + kret = krb5_size_opaque(kcontext, + KV5M_DB_CONTEXT, + (krb5_pointer) context->dal_handle, + &required); - /* Finally, calculate size required by profile, if appropriate */ - if (!kret && context->profile) - kret = krb5_size_opaque(kcontext, - PROF_MAGIC_PROFILE, - (krb5_pointer) context->profile, - &required); + /* Finally, calculate size required by profile, if appropriate */ + if (!kret && context->profile) + kret = krb5_size_opaque(kcontext, + PROF_MAGIC_PROFILE, + (krb5_pointer) context->profile, + &required); } if (!kret) - *sizep += required; + *sizep += required; return(kret); } /* - * krb5_context_externalize() - Externalize the krb5_context. + * krb5_context_externalize() - Externalize the krb5_context. */ static krb5_error_code krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_context context; - size_t required; - krb5_octet *bp; - size_t remain; - unsigned int i; + krb5_error_code kret; + krb5_context context; + size_t required; + krb5_octet *bp; + size_t remain; + unsigned int i; required = 0; bp = *buffer; remain = *lenremain; context = (krb5_context) arg; if (!context) - return (EINVAL); + return (EINVAL); KRB5_VERIFY_MAGIC(context, KV5M_CONTEXT); if ((kret = krb5_context_size(kcontext, arg, &required))) - return (kret); + return (kret); if (required > remain) - return (ENOMEM); + return (ENOMEM); /* First write our magic number */ kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain); if (kret) - return (kret); + return (kret); /* Now sizeof default realm */ kret = krb5_ser_pack_int32((context->default_realm) ? - (krb5_int32) strlen(context->default_realm) : 0, - &bp, &remain); + (krb5_int32) strlen(context->default_realm) : 0, + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now default_realm bytes */ if (context->default_realm) { - kret = krb5_ser_pack_bytes((krb5_octet *) context->default_realm, - strlen(context->default_realm), - &bp, &remain); - if (kret) - return (kret); + kret = krb5_ser_pack_bytes((krb5_octet *) context->default_realm, + strlen(context->default_realm), + &bp, &remain); + if (kret) + return (kret); } /* Now number of initial ticket ktypes */ kret = krb5_ser_pack_int32(etypes_len(context->in_tkt_etypes), - &bp, &remain); + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now serialize ktypes */ if (context->in_tkt_etypes) { - for (i = 0; context->in_tkt_etypes[i]; i++) { - kret = krb5_ser_pack_int32(context->in_tkt_etypes[i], - &bp, &remain); - if (kret) - return (kret); - } + for (i = 0; context->in_tkt_etypes[i]; i++) { + kret = krb5_ser_pack_int32(context->in_tkt_etypes[i], + &bp, &remain); + if (kret) + return (kret); + } } /* Now number of default ktypes */ kret = krb5_ser_pack_int32(etypes_len(context->tgs_etypes), &bp, &remain); if (kret) - return (kret); + return (kret); /* Now serialize ktypes */ if (context->tgs_etypes) { - for (i = 0; context->tgs_etypes[i]; i++) { - kret = krb5_ser_pack_int32(context->tgs_etypes[i], &bp, &remain); - if (kret) - return (kret); - } + for (i = 0; context->tgs_etypes[i]; i++) { + kret = krb5_ser_pack_int32(context->tgs_etypes[i], &bp, &remain); + if (kret) + return (kret); + } } /* Now allowable clockskew */ kret = krb5_ser_pack_int32((krb5_int32) context->clockskew, - &bp, &remain); + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now kdc_req_sumtype */ kret = krb5_ser_pack_int32((krb5_int32) context->kdc_req_sumtype, - &bp, &remain); + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now default ap_req_sumtype */ kret = krb5_ser_pack_int32((krb5_int32) context->default_ap_req_sumtype, - &bp, &remain); + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now default safe_sumtype */ kret = krb5_ser_pack_int32((krb5_int32) context->default_safe_sumtype, - &bp, &remain); + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now kdc_default_options */ kret = krb5_ser_pack_int32((krb5_int32) context->kdc_default_options, - &bp, &remain); + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now library_options */ kret = krb5_ser_pack_int32((krb5_int32) context->library_options, - &bp, &remain); + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now profile_secure */ kret = krb5_ser_pack_int32((krb5_int32) context->profile_secure, - &bp, &remain); + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now fcc_default_format */ kret = krb5_ser_pack_int32((krb5_int32) context->fcc_default_format, - &bp, &remain); + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now handle os_context, if appropriate */ kret = krb5_externalize_opaque(kcontext, KV5M_OS_CONTEXT, - (krb5_pointer) &context->os_context, - &bp, &remain); + (krb5_pointer) &context->os_context, + &bp, &remain); if (kret) - return (kret); + return (kret); /* Now handle database context, if appropriate */ if (context->dal_handle) { - kret = krb5_externalize_opaque(kcontext, KV5M_DB_CONTEXT, - (krb5_pointer) context->dal_handle, - &bp, &remain); - if (kret) - return (kret); + kret = krb5_externalize_opaque(kcontext, KV5M_DB_CONTEXT, + (krb5_pointer) context->dal_handle, + &bp, &remain); + if (kret) + return (kret); } /* Finally, handle profile, if appropriate */ if (context->profile) { - kret = krb5_externalize_opaque(kcontext, PROF_MAGIC_PROFILE, - (krb5_pointer) context->profile, - &bp, &remain); - if (kret) - return (kret); + kret = krb5_externalize_opaque(kcontext, PROF_MAGIC_PROFILE, + (krb5_pointer) context->profile, + &bp, &remain); + if (kret) + return (kret); } /* @@ -328,7 +337,7 @@ */ kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain); if (kret) - return (kret); + return (kret); *buffer = bp; *lenremain = remain; @@ -337,168 +346,168 @@ } /* - * krb5_context_internalize() - Internalize the krb5_context. + * krb5_context_internalize() - Internalize the krb5_context. */ static krb5_error_code krb5_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_context context; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - unsigned int i, count; + krb5_error_code kret; + krb5_context context; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + unsigned int i, count; bp = *buffer; remain = *lenremain; /* Read our magic number */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - return (EINVAL); + return (EINVAL); if (ibuf != KV5M_CONTEXT) - return (EINVAL); + return (EINVAL); /* Get memory for the context */ context = (krb5_context) calloc(1, sizeof(struct _krb5_context)); if (!context) - return (ENOMEM); + return (ENOMEM); /* Get the size of the default realm */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; if (ibuf) { - context->default_realm = (char *) malloc((size_t) ibuf+1); - if (!context->default_realm) { - kret = ENOMEM; - goto cleanup; - } + context->default_realm = (char *) malloc((size_t) ibuf+1); + if (!context->default_realm) { + kret = ENOMEM; + goto cleanup; + } - kret = krb5_ser_unpack_bytes((krb5_octet *) context->default_realm, - (size_t) ibuf, &bp, &remain); - if (kret) - goto cleanup; + kret = krb5_ser_unpack_bytes((krb5_octet *) context->default_realm, + (size_t) ibuf, &bp, &remain); + if (kret) + goto cleanup; - context->default_realm[ibuf] = '\0'; + context->default_realm[ibuf] = '\0'; } /* Get the in_tkt_etypes */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; count = ibuf; if (count > 0) { - context->in_tkt_etypes = calloc(count + 1, sizeof(krb5_enctype)); - if (!context->in_tkt_etypes) { - kret = ENOMEM; - goto cleanup; - } - for (i = 0; i < count; i++) { - if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; - context->in_tkt_etypes[i] = ibuf; - } - context->in_tkt_etypes[count] = 0; + context->in_tkt_etypes = calloc(count + 1, sizeof(krb5_enctype)); + if (!context->in_tkt_etypes) { + kret = ENOMEM; + goto cleanup; + } + for (i = 0; i < count; i++) { + if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) + goto cleanup; + context->in_tkt_etypes[i] = ibuf; + } + context->in_tkt_etypes[count] = 0; } else - context->in_tkt_etypes = NULL; + context->in_tkt_etypes = NULL; /* Get the tgs_etypes */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; count = ibuf; if (count > 0) { - context->tgs_etypes = calloc(count + 1, sizeof(krb5_enctype)); - if (!context->tgs_etypes) { - kret = ENOMEM; - goto cleanup; - } - for (i = 0; i < count; i++) { - if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; - context->tgs_etypes[i] = ibuf; - } - context->tgs_etypes[count] = 0; + context->tgs_etypes = calloc(count + 1, sizeof(krb5_enctype)); + if (!context->tgs_etypes) { + kret = ENOMEM; + goto cleanup; + } + for (i = 0; i < count; i++) { + if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) + goto cleanup; + context->tgs_etypes[i] = ibuf; + } + context->tgs_etypes[count] = 0; } else - context->tgs_etypes = NULL; + context->tgs_etypes = NULL; /* Allowable checksum */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; context->clockskew = (krb5_deltat) ibuf; /* kdc_req_sumtype */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; context->kdc_req_sumtype = (krb5_cksumtype) ibuf; /* default ap_req_sumtype */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; context->default_ap_req_sumtype = (krb5_cksumtype) ibuf; /* default_safe_sumtype */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; context->default_safe_sumtype = (krb5_cksumtype) ibuf; /* kdc_default_options */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; context->kdc_default_options = (krb5_flags) ibuf; /* library_options */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; context->library_options = (krb5_flags) ibuf; /* profile_secure */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; context->profile_secure = (krb5_boolean) ibuf; /* fcc_default_format */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; context->fcc_default_format = (int) ibuf; /* Attempt to read in the os_context. It's an array now, but we still treat it in most places as a separate object with a pointer. */ { - krb5_os_context osp = 0; - kret = krb5_internalize_opaque(kcontext, KV5M_OS_CONTEXT, - (krb5_pointer *) &osp, - &bp, &remain); - if (kret && (kret != EINVAL) && (kret != ENOENT)) - goto cleanup; - /* Put the newly allocated data into the krb5_context - structure where we're really keeping it these days. */ - if (osp) - context->os_context = *osp; - free(osp); + krb5_os_context osp = 0; + kret = krb5_internalize_opaque(kcontext, KV5M_OS_CONTEXT, + (krb5_pointer *) &osp, + &bp, &remain); + if (kret && (kret != EINVAL) && (kret != ENOENT)) + goto cleanup; + /* Put the newly allocated data into the krb5_context + structure where we're really keeping it these days. */ + if (osp) + context->os_context = *osp; + free(osp); } /* Attempt to read in the db_context */ kret = krb5_internalize_opaque(kcontext, KV5M_DB_CONTEXT, - (krb5_pointer *) &context->dal_handle, - &bp, &remain); + (krb5_pointer *) &context->dal_handle, + &bp, &remain); if (kret && (kret != EINVAL) && (kret != ENOENT)) - goto cleanup; + goto cleanup; /* Attempt to read in the profile */ kret = krb5_internalize_opaque(kcontext, PROF_MAGIC_PROFILE, - (krb5_pointer *) &context->profile, - &bp, &remain); + (krb5_pointer *) &context->profile, + &bp, &remain); if (kret && (kret != EINVAL) && (kret != ENOENT)) - goto cleanup; + goto cleanup; /* Finally, find the trailer */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; + goto cleanup; if (ibuf != KV5M_CONTEXT) { - kret = EINVAL; - goto cleanup; + kret = EINVAL; + goto cleanup; } context->magic = KV5M_CONTEXT; @@ -510,74 +519,74 @@ cleanup: if (context) - krb5_free_context(context); + krb5_free_context(context); return(kret); } /* - * krb5_oscontext_size() - Determine the size required to externalize - * the krb5_os_context. + * krb5_oscontext_size() - Determine the size required to externalize + * the krb5_os_context. */ static krb5_error_code krb5_oscontext_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { /* * We need five 32-bit integers: - * two for header and trailer - * one each for time_offset, usec_offset and os_flags + * two for header and trailer + * one each for time_offset, usec_offset and os_flags */ *sizep += (5*sizeof(krb5_int32)); return(0); } /* - * krb5_oscontext_externalize() - Externalize the krb5_os_context. + * krb5_oscontext_externalize() - Externalize the krb5_os_context. */ static krb5_error_code krb5_oscontext_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_os_context os_ctx; - size_t required; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_os_context os_ctx; + size_t required; + krb5_octet *bp; + size_t remain; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((os_ctx = (krb5_os_context) arg)) { - kret = ENOMEM; - if (!krb5_oscontext_size(kcontext, arg, &required) && - (required <= remain)) { - (void) krb5_ser_pack_int32(KV5M_OS_CONTEXT, &bp, &remain); - (void) krb5_ser_pack_int32(os_ctx->time_offset, &bp, &remain); - (void) krb5_ser_pack_int32(os_ctx->usec_offset, &bp, &remain); - (void) krb5_ser_pack_int32(os_ctx->os_flags, &bp, &remain); - (void) krb5_ser_pack_int32(KV5M_OS_CONTEXT, &bp, &remain); + kret = ENOMEM; + if (!krb5_oscontext_size(kcontext, arg, &required) && + (required <= remain)) { + (void) krb5_ser_pack_int32(KV5M_OS_CONTEXT, &bp, &remain); + (void) krb5_ser_pack_int32(os_ctx->time_offset, &bp, &remain); + (void) krb5_ser_pack_int32(os_ctx->usec_offset, &bp, &remain); + (void) krb5_ser_pack_int32(os_ctx->os_flags, &bp, &remain); + (void) krb5_ser_pack_int32(KV5M_OS_CONTEXT, &bp, &remain); - /* Handle any other OS context here */ - kret = 0; - if (!kret) { - *buffer = bp; - *lenremain = remain; - } - } + /* Handle any other OS context here */ + kret = 0; + if (!kret) { + *buffer = bp; + *lenremain = remain; + } + } } return(kret); } /* - * krb5_oscontext_internalize() - Internalize the krb5_os_context. + * krb5_oscontext_internalize() - Internalize the krb5_os_context. */ static krb5_error_code krb5_oscontext_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_os_context os_ctx; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_os_context os_ctx; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; bp = *buffer; remain = *lenremain; @@ -585,37 +594,37 @@ os_ctx = (krb5_os_context) NULL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KV5M_OS_CONTEXT) { - kret = ENOMEM; + kret = ENOMEM; - /* Get memory for the context */ - if ((os_ctx = (krb5_os_context) - calloc(1, sizeof(struct _krb5_os_context))) && - (remain >= 4*sizeof(krb5_int32))) { - os_ctx->magic = KV5M_OS_CONTEXT; + /* Get memory for the context */ + if ((os_ctx = (krb5_os_context) + calloc(1, sizeof(struct _krb5_os_context))) && + (remain >= 4*sizeof(krb5_int32))) { + os_ctx->magic = KV5M_OS_CONTEXT; - /* Read out our context */ - (void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain); - (void) krb5_ser_unpack_int32(&os_ctx->usec_offset, &bp, &remain); - (void) krb5_ser_unpack_int32(&os_ctx->os_flags, &bp, &remain); - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + /* Read out our context */ + (void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain); + (void) krb5_ser_unpack_int32(&os_ctx->usec_offset, &bp, &remain); + (void) krb5_ser_unpack_int32(&os_ctx->os_flags, &bp, &remain); + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - if (ibuf == KV5M_OS_CONTEXT) { - os_ctx->magic = KV5M_OS_CONTEXT; - kret = 0; - *buffer = bp; - *lenremain = remain; - } else - kret = EINVAL; - } + if (ibuf == KV5M_OS_CONTEXT) { + os_ctx->magic = KV5M_OS_CONTEXT; + kret = 0; + *buffer = bp; + *lenremain = remain; + } else + kret = EINVAL; + } } if (!kret) { - *argp = (krb5_pointer) os_ctx; + *argp = (krb5_pointer) os_ctx; } else { - if (os_ctx) - free(os_ctx); + if (os_ctx) + free(os_ctx); } return(kret); } @@ -626,13 +635,13 @@ krb5_error_code KRB5_CALLCONV krb5_ser_context_init(krb5_context kcontext) { - krb5_error_code kret; + krb5_error_code kret; kret = krb5_register_serializer(kcontext, &krb5_context_ser_entry); if (!kret) - kret = krb5_register_serializer(kcontext, &krb5_oscontext_ser_entry); + kret = krb5_register_serializer(kcontext, &krb5_oscontext_ser_entry); #ifndef LEAN_CLIENT if (!kret) - kret = krb5_register_serializer(kcontext, &krb5_profile_ser_entry); + kret = krb5_register_serializer(kcontext, &krb5_profile_ser_entry); #endif /* LEAN_CLIENT */ return(kret); } From tlyu at MIT.EDU Wed Nov 4 23:39:48 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 4 Nov 2009 23:39:48 -0500 Subject: svn rev #23132: trunk/src/ lib/krb5/asn.1/ Message-ID: <200911050439.nA54dmq9029178@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23132 Commit By: tlyu Log Message: Reformat some block comments. Refine lib/krb5/asn.1 reindent exclusion into individual file exclusions. Changed Files: U trunk/src/Makefile.in U trunk/src/lib/krb5/asn.1/asn1_encode.c U trunk/src/lib/krb5/asn.1/asn1_get.h U trunk/src/lib/krb5/asn.1/asn1_k_decode.h U trunk/src/lib/krb5/asn.1/asn1_k_encode.h U trunk/src/lib/krb5/asn.1/asn1_misc.h U trunk/src/lib/krb5/asn.1/asn1buf.c U trunk/src/lib/krb5/asn.1/krb5_encode.c U trunk/src/lib/krb5/asn.1/ldap_key_seq.c Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-11-05 03:26:25 UTC (rev 23131) +++ trunk/src/Makefile.in 2009-11-05 04:39:48 UTC (rev 23132) @@ -673,7 +673,12 @@ lib/krb5/krb/strptime.c OTHEREXCLUDES = \ - lib/krb5/asn.1 \ + lib/krb5/asn.1/asn1_decode.h \ + lib/krb5/asn.1/asn1_encode.h \ + lib/krb5/asn.1/asn1_k_encode.c \ + lib/krb5/asn.1/asn1_make.h \ + lib/krb5/asn.1/asn1buf.h \ + lib/krb5/asn.1/krb5_decode.c \ lib/krb5/krb/deltat.c \ lib/krb5/unicode Modified: trunk/src/lib/krb5/asn.1/asn1_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_encode.c 2009-11-05 03:26:25 UTC (rev 23131) +++ trunk/src/lib/krb5/asn.1/asn1_encode.c 2009-11-05 04:39:48 UTC (rev 23132) @@ -312,16 +312,18 @@ return 0; } -/* ASN.1 constructed type encoder engine +/* + * ASN.1 constructed type encoder engine + * + * Two entry points here: + * + * krb5int_asn1_encode_a_thing: Incrementally adds the partial + * encoding of an object to an already-initialized asn1buf. + * + * krb5int_asn1_do_full_encode: Returns a completed encoding, in the + * correct byte order, in an allocated krb5_data. + */ - Two entry points here: - - krb5int_asn1_encode_a_thing: Incrementally adds the partial - encoding of an object to an already-initialized asn1buf. - - krb5int_asn1_do_full_encode: Returns a completed encoding, in the - correct byte order, in an allocated krb5_data. */ - #ifdef POINTERS_ARE_ALL_THE_SAME #define LOADPTR(PTR,TYPE) \ (assert((TYPE)->loadptr != NULL), (TYPE)->loadptr(PTR)) @@ -458,9 +460,11 @@ unsigned int length; const struct atype_info *a; - /* The field holds a pointer to the array of objects. So the - address we compute is a pointer-to-pointer, and that's what - field->atype must help us dereference. */ + /* + * The field holds a pointer to the array of objects. So the + * address we compute is a pointer-to-pointer, and that's what + * field->atype must help us dereference. + */ dataptr = (const char *)val + field->dataoff; lenptr = (const char *)val + field->lenoff; assert(field->atype->type == atype_ptr); @@ -547,8 +551,10 @@ return EINVAL; if (dataptr == NULL && slen != 0) return ASN1_MISSING_FIELD; - /* Currently our string encoders want "unsigned int" for - lengths. */ + /* + * Currently our string encoders want "unsigned int" for + * lengths. + */ if (slen != (unsigned int) slen) return EINVAL; assert(a->enclen != NULL); @@ -622,8 +628,10 @@ if (seq->optional) optional = seq->optional(val); else - /* In this case, none of the field descriptors should indicate - that we examine any bits of this value. */ + /* + * In this case, none of the field descriptors should indicate + * that we examine any bits of this value. + */ optional = 0; { unsigned int length; Modified: trunk/src/lib/krb5/asn.1/asn1_get.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_get.h 2009-11-05 03:26:25 UTC (rev 23131) +++ trunk/src/lib/krb5/asn.1/asn1_get.h 2009-11-05 04:39:48 UTC (rev 23132) @@ -35,10 +35,13 @@ #include "asn1buf.h" typedef struct { -#if 1 /* Smaller run-time storage, and on x86 the compiler can use - byte loads, stores, and compares, but on other platforms the - compiler may need to load and widen before comparing... see - how this works out. */ +#if 1 + /* + * Smaller run-time storage, and on x86 the compiler can use byte + * loads, stores, and compares, but on other platforms the compiler + * may need to load and widen before comparing... see how this works + * out. + */ unsigned int asn1class : 8, construction : 8; #else asn1_class asn1class; @@ -63,21 +66,27 @@ asn1_construction *construction, asn1_tagnum *tagnum, unsigned int *retlen); -/* requires *buf is allocated - effects Decodes the tag in *buf. If class != NULL, returns - the class in *Class. Similarly, the construction, - tag number, and length are returned in *construction, - *tagnum, and *retlen, respectively. - If *buf is empty to begin with, - *tagnum is set to ASN1_TAGNUM_CEILING. - Returns ASN1_OVERRUN if *buf is exhausted during the parse. */ +/* + * requires *buf is allocated + * effects Decodes the tag in *buf. If class != NULL, returns + * the class in *Class. Similarly, the construction, + * tag number, and length are returned in *construction, + * *tagnum, and *retlen, respectively. + * + * If *buf is empty to begin with, *tagnum is set to + * ASN1_TAGNUM_CEILING. + * + * Returns ASN1_OVERRUN if *buf is exhausted during the + * parse. + */ #endif asn1_error_code asn1_get_sequence(asn1buf *buf, unsigned int *retlen, int *indef); -/* requires *buf is allocated - effects Decodes a tag from *buf and returns ASN1_BAD_ID if it - doesn't have a sequence ID. If retlen != NULL, the - associated length is returned in *retlen. */ - +/* + * requires *buf is allocated + * effects Decodes a tag from *buf and returns ASN1_BAD_ID if it + * doesn't have a sequence ID. If retlen != NULL, the + * associated length is returned in *retlen. + */ #endif Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2009-11-05 03:26:25 UTC (rev 23131) +++ trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2009-11-05 04:39:48 UTC (rev 23132) @@ -33,39 +33,57 @@ #include "asn1buf.h" /* asn1_error_code asn1_decode_scalar_type(asn1buf *buf, krb5_scalar *val); */ -/* requires *buf is allocated, *buf's current position points to the - beginning of an encoding ( ), - *val is allocated - effects Decodes the encoding in *buf, returning the result in *val. - Returns ASN1_BAD_ID if the encoded id does not - indicate the proper type. - Returns ASN1_OVERRUN if the encoded length exceeds - the bounds of *buf */ +/* + * requires *buf is allocated, *buf's current position points to the + * beginning of an encoding ( ), + * *val is allocated + * + * effects Decodes the encoding in *buf, returning the result in *val. + * + * Returns ASN1_BAD_ID if the encoded id does not indicate + * the proper type. + * + * Returns ASN1_OVERRUN if the encoded length exceeds + * the bounds of *buf + */ -/* asn1_error_code asn1_decode_structure_type(asn1buf *buf, - krb5_structure *val); */ -/* requires *buf is allocated, *buf's current position points to the - beginning of an encoding ( ), - *val is allocated - Assumes that *val is a freshly-allocated structure (i.e. - does not attempt to clean up or free *val). - effects Decodes the encoding in *buf, returning the result in *val. - Returns ASN1_BAD_ID if the encoded id does not - indicate the proper type. - Returns ASN1_OVERRUN if the encoded length exceeds - the bounds of *buf */ +/* + * asn1_error_code asn1_decode_structure_type(asn1buf *buf, + * krb5_structure *val); + */ +/* + * requires *buf is allocated, *buf's current position points to the + * beginning of an encoding ( ), + * *val is allocated + * + * Assumes that *val is a freshly-allocated structure (i.e. + * does not attempt to clean up or free *val). + * effects Decodes the encoding in *buf, returning the result in *val. + * + * Returns ASN1_BAD_ID if the encoded id does not indicate + * the proper type. + * + * Returns ASN1_OVERRUN if the encoded length exceeds the + * bounds of *buf + */ /* asn1_error_code asn1_decode_array_type(asn1buf *buf, krb5_scalar ***val); */ -/* requires *buf is allocated, *buf's current position points to the - beginning of an encoding ( ) - Assumes that *val is empty (i.e. does not attempt to - clean up or free *val). - effects Decodes the encoding in *buf, returning the result in *val. - Returns ASN1_BAD_ID if the encoded id does not - indicate the proper type. - Returns ASN1_OVERRUN if the encoded length exceeds - the bounds of *buf */ +/* + * requires *buf is allocated, *buf's current position points to the + * beginning of an encoding ( ) + * + * Assumes that *val is empty (i.e. does not attempt to + * clean up or free *val). + * + * effects Decodes the encoding in *buf, returning the result in *val. + * + * Returns ASN1_BAD_ID if the encoded id does not indicate + * the proper type. + * + * Returns ASN1_OVERRUN if the encoded length exceeds the + * bounds of *buf + */ /* scalars */ asn1_error_code asn1_decode_int(asn1buf *buf, int *val); Modified: trunk/src/lib/krb5/asn.1/asn1_k_encode.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_encode.h 2009-11-05 03:26:25 UTC (rev 23131) +++ trunk/src/lib/krb5/asn.1/asn1_k_encode.h 2009-11-05 04:39:48 UTC (rev 23132) @@ -33,38 +33,38 @@ #include "asn1buf.h" /* -**** for simple val's **** -asn1_error_code asn1_encode_asn1_type(asn1buf *buf, - const krb5_type val, - int *retlen); - requires *buf is allocated - effects Inserts the encoding of val into *buf and - returns the length of this encoding in *retlen. - Returns ASN1_MISSING_FIELD if a required field is empty in val. - Returns ENOMEM if memory runs out. + * **** for simple val's **** + * asn1_error_code asn1_encode_asn1_type(asn1buf *buf, + * const krb5_type val, + * int *retlen); + * requires *buf is allocated + * effects Inserts the encoding of val into *buf and + * returns the length of this encoding in *retlen. + * Returns ASN1_MISSING_FIELD if a required field is empty in val. + * Returns ENOMEM if memory runs out. + * + * **** for struct val's **** + * asn1_error_code asn1_encode_asn1_type(asn1buf *buf, + * const krb5_type *val, + * int *retlen); + * requires *buf is allocated + * effects Inserts the encoding of *val into *buf and + * returns the length of this encoding in *retlen. + * Returns ASN1_MISSING_FIELD if a required field is empty in val. + * Returns ENOMEM if memory runs out. + * + * **** for array val's **** + * asn1_error_code asn1_encode_asn1_type(asn1buf *buf, + * const krb5_type **val, + * int *retlen); + * requires *buf is allocated, **val != NULL, *val[0] != NULL, + * **val is a NULL-terminated array of pointers to krb5_type + * effects Inserts the encoding of **val into *buf and + * returns the length of this encoding in *retlen. + * Returns ASN1_MISSING_FIELD if a required field is empty in val. + * Returns ENOMEM if memory runs out. + */ -**** for struct val's **** -asn1_error_code asn1_encode_asn1_type(asn1buf *buf, - const krb5_type *val, - int *retlen); - requires *buf is allocated - effects Inserts the encoding of *val into *buf and - returns the length of this encoding in *retlen. - Returns ASN1_MISSING_FIELD if a required field is empty in val. - Returns ENOMEM if memory runs out. - -**** for array val's **** -asn1_error_code asn1_encode_asn1_type(asn1buf *buf, - const krb5_type **val, - int *retlen); - requires *buf is allocated, **val != NULL, *val[0] != NULL, - **val is a NULL-terminated array of pointers to krb5_type - effects Inserts the encoding of **val into *buf and - returns the length of this encoding in *retlen. - Returns ASN1_MISSING_FIELD if a required field is empty in val. - Returns ENOMEM if memory runs out. -*/ - /* PKINIT */ asn1_error_code asn1_encode_pk_authenticator(asn1buf *buf, Modified: trunk/src/lib/krb5/asn.1/asn1_misc.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_misc.h 2009-11-05 03:26:25 UTC (rev 23131) +++ trunk/src/lib/krb5/asn.1/asn1_misc.h 2009-11-05 04:39:48 UTC (rev 23132) @@ -33,8 +33,10 @@ asn1_error_code asn1_krb5_realm_copy(krb5_principal target, krb5_principal source); -/* requires target, source, and source->realm are allocated - effects Copies source->realm into target->realm. - Returns ENOMEM if memory is exhausted. */ +/* + * requires target, source, and source->realm are allocated + * effects Copies source->realm into target->realm. + * Returns ENOMEM if memory is exhausted. + */ #endif Modified: trunk/src/lib/krb5/asn.1/asn1buf.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1buf.c 2009-11-05 03:26:25 UTC (rev 23131) +++ trunk/src/lib/krb5/asn.1/asn1buf.c 2009-11-05 04:39:48 UTC (rev 23132) @@ -2,54 +2,58 @@ /* Coding Buffer Implementation */ /* - Implementation + * Implementation + * + * Encoding mode + * + * The encoding buffer is filled from bottom (lowest address) to top + * (highest address). This makes it easier to expand the buffer, + * since realloc preserves the existing portion of the buffer. + * + * Note: Since ASN.1 encoding must be done in reverse, this means + * that you can't simply memcpy out the buffer data, since it will be + * backwards. You need to reverse-iterate through it, instead. + * + * ***This decision may have been a mistake. In practice, the + * implementation will probably be tuned such that reallocation is + * rarely necessary. Also, the realloc probably has recopy the + * buffer itself, so we don't really gain that much by avoiding an + * explicit copy of the buffer. --Keep this in mind for future reference. + * + * + * Decoding mode + * + * The decoding buffer is in normal order and is created by wrapping + * an asn1buf around a krb5_data structure. + */ - Encoding mode +/* + * Abstraction Function + * + * Programs should use just pointers to asn1buf's (e.g. asn1buf *mybuf). + * These pointers must always point to a valid, allocated asn1buf + * structure or be NULL. + * + * The contents of the asn1buf represent an octet string. This string + * begins at base and continues to the octet immediately preceding next. + * If next == base or mybuf == NULL, then the asn1buf represents an empty + * octet string. + */ - The encoding buffer is filled from bottom (lowest address) to top - (highest address). This makes it easier to expand the buffer, - since realloc preserves the existing portion of the buffer. +/* + * Representation Invariant + * + * Pointers to asn1buf's must always point to a valid, allocated + * asn1buf structure or be NULL. + * + * base points to a valid, allocated octet array or is NULL + * bound, if non-NULL, points to the last valid octet + * next >= base + * next <= bound+2 (i.e. next should be able to step just past the bound, + * but no further. (The bound should move out in response + * to being crossed by next.)) + */ - Note: Since ASN.1 encoding must be done in reverse, this means - that you can't simply memcpy out the buffer data, since it will be - backwards. You need to reverse-iterate through it, instead. - - ***This decision may have been a mistake. In practice, the - implementation will probably be tuned such that reallocation is - rarely necessary. Also, the realloc probably has recopy the - buffer itself, so we don't really gain that much by avoiding an - explicit copy of the buffer. --Keep this in mind for future reference. - - - Decoding mode - - The decoding buffer is in normal order and is created by wrapping - an asn1buf around a krb5_data structure. - */ - -/* Abstraction Function - - Programs should use just pointers to asn1buf's (e.g. asn1buf *mybuf). - These pointers must always point to a valid, allocated asn1buf - structure or be NULL. - - The contents of the asn1buf represent an octet string. This string - begins at base and continues to the octet immediately preceding next. - If next == base or mybuf == NULL, then the asn1buf represents an empty - octet string. */ - -/* Representation Invariant - - Pointers to asn1buf's must always point to a valid, allocated - asn1buf structure or be NULL. - - base points to a valid, allocated octet array or is NULL - bound, if non-NULL, points to the last valid octet - next >= base - next <= bound+2 (i.e. next should be able to step just past the bound, - but no further. (The bound should move out in response - to being crossed by next.)) */ - #define ASN1BUF_OMIT_INLINE_FUNCS #include "asn1buf.h" #include @@ -62,8 +66,10 @@ #endif #if !defined(__GNUC__) || defined(CONFIG_SMALL) -/* Declare private procedures as static if they're not used for inline - expansion of other stuff elsewhere. */ +/* + * Declare private procedures as static if they're not used for inline + * expansion of other stuff elsewhere. + */ static unsigned int asn1buf_free(const asn1buf *); static asn1_error_code asn1buf_ensure_space(asn1buf *, unsigned int); static asn1_error_code asn1buf_expand(asn1buf *, unsigned int); @@ -278,8 +284,11 @@ -/* These parse and unparse procedures should be moved out. They're - useful only for debugging and superfluous in the production version. */ +/* + * These parse and unparse procedures should be moved out. They're + * useful only for debugging and superfluous in the production + * version. + */ asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s) { Modified: trunk/src/lib/krb5/asn.1/krb5_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/krb5_encode.c 2009-11-05 03:26:25 UTC (rev 23131) +++ trunk/src/lib/krb5/asn.1/krb5_encode.c 2009-11-05 04:39:48 UTC (rev 23132) @@ -34,11 +34,13 @@ /**************** Macros (these save a lot of typing) ****************/ -/* setup() -- create and initialize bookkeeping variables - retval: stores error codes returned from subroutines - buf: the coding buffer - length: length of the most-recently produced encoding - sum: cumulative length of the entire encoding */ +/* + * setup() -- create and initialize bookkeeping variables + * retval: stores error codes returned from subroutines + * buf: the coding buffer + * length: length of the most-recently produced encoding + * sum: cumulative length of the entire encoding + */ #define krb5_setup()\ asn1_error_code retval;\ unsigned int length, sum = 0;\ Modified: trunk/src/lib/krb5/asn.1/ldap_key_seq.c =================================================================== --- trunk/src/lib/krb5/asn.1/ldap_key_seq.c 2009-11-05 03:26:25 UTC (rev 23131) +++ trunk/src/lib/krb5/asn.1/ldap_key_seq.c 2009-11-05 04:39:48 UTC (rev 23132) @@ -1,34 +1,35 @@ /* -*- mode: c; indent-tabs-mode: nil -*- */ /* ... copyright ... */ -/* Novell key-format scheme: - - KrbKeySet ::= SEQUENCE { - attribute-major-vno [0] UInt16, - attribute-minor-vno [1] UInt16, - kvno [2] UInt32, - mkvno [3] UInt32 OPTIONAL, - keys [4] SEQUENCE OF KrbKey, - ... - } - - KrbKey ::= SEQUENCE { - salt [0] KrbSalt OPTIONAL, - key [1] EncryptionKey, - s2kparams [2] OCTET STRING OPTIONAL, - ... - } - - KrbSalt ::= SEQUENCE { - type [0] Int32, - salt [1] OCTET STRING OPTIONAL - } - - EncryptionKey ::= SEQUENCE { - keytype [0] Int32, - keyvalue [1] OCTET STRING - } - +/* + * Novell key-format scheme: + * + * KrbKeySet ::= SEQUENCE { + * attribute-major-vno [0] UInt16, + * attribute-minor-vno [1] UInt16, + * kvno [2] UInt32, + * mkvno [3] UInt32 OPTIONAL, + * keys [4] SEQUENCE OF KrbKey, + * ... + * } + * + * KrbKey ::= SEQUENCE { + * salt [0] KrbSalt OPTIONAL, + * key [1] EncryptionKey, + * s2kparams [2] OCTET STRING OPTIONAL, + * ... + * } + * + * KrbSalt ::= SEQUENCE { + * type [0] Int32, + * salt [1] OCTET STRING OPTIONAL + * } + * + * EncryptionKey ::= SEQUENCE { + * keytype [0] Int32, + * keyvalue [1] OCTET STRING + * } + * */ #include @@ -47,8 +48,10 @@ /* Encode the Principal's keys */ /************************************************************************/ -/* Imports from asn1_k_encode.c. - XXX Must be manually synchronized for now. */ +/* + * Imports from asn1_k_encode.c. + * XXX Must be manually synchronized for now. + */ IMPORT_TYPE(octetstring, unsigned char *); IMPORT_TYPE(int32, krb5_int32); From tlyu at MIT.EDU Wed Nov 4 23:39:54 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 4 Nov 2009 23:39:54 -0500 Subject: svn rev #23133: trunk/src/lib/krb5/asn.1/ Message-ID: <200911050439.nA54dspd029235@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23133 Commit By: tlyu Log Message: make mark-cstyle; make reindent Changed Files: U trunk/src/lib/krb5/asn.1/asn1_decode.c U trunk/src/lib/krb5/asn.1/asn1_encode.c U trunk/src/lib/krb5/asn.1/asn1_get.c U trunk/src/lib/krb5/asn.1/asn1_get.h U trunk/src/lib/krb5/asn.1/asn1_k_decode.c U trunk/src/lib/krb5/asn.1/asn1_k_decode.h U trunk/src/lib/krb5/asn.1/asn1_k_encode.h U trunk/src/lib/krb5/asn.1/asn1_make.c U trunk/src/lib/krb5/asn.1/asn1_misc.c U trunk/src/lib/krb5/asn.1/asn1_misc.h U trunk/src/lib/krb5/asn.1/asn1buf.c U trunk/src/lib/krb5/asn.1/asn1glue.h U trunk/src/lib/krb5/asn.1/krb5_encode.c U trunk/src/lib/krb5/asn.1/krbasn1.h U trunk/src/lib/krb5/asn.1/ldap_key_seq.c Modified: trunk/src/lib/krb5/asn.1/asn1_decode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_decode.c 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_decode.c 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_decode.c * @@ -39,23 +39,23 @@ #include #endif -#define setup()\ -asn1_error_code retval;\ -taginfo tinfo +#define setup() \ + asn1_error_code retval; \ + taginfo tinfo #define asn1class (tinfo.asn1class) #define construction (tinfo.construction) #define tagnum (tinfo.tagnum) #define length (tinfo.length) -#define tag(type)\ -retval = asn1_get_tag_2(buf,&tinfo);\ -if (retval) return retval;\ -if (asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != type)\ - return ASN1_BAD_ID +#define tag(type) \ + retval = asn1_get_tag_2(buf,&tinfo); \ + if (retval) return retval; \ + if (asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != type) \ + return ASN1_BAD_ID -#define cleanup()\ -return 0 +#define cleanup() \ + return 0 asn1_error_code asn1_decode_integer(asn1buf *buf, long int *val) Modified: trunk/src/lib/krb5/asn.1/asn1_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_encode.c 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_encode.c 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_encode.c * @@ -325,10 +325,10 @@ */ #ifdef POINTERS_ARE_ALL_THE_SAME -#define LOADPTR(PTR,TYPE) \ +#define LOADPTR(PTR,TYPE) \ (assert((TYPE)->loadptr != NULL), (TYPE)->loadptr(PTR)) #else -#define LOADPTR(PTR,TYPE) \ +#define LOADPTR(PTR,TYPE) \ (*(const void *const *)(PTR)) #endif Modified: trunk/src/lib/krb5/asn.1/asn1_get.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_get.c 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_get.c 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_get.c * Modified: trunk/src/lib/krb5/asn.1/asn1_get.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_get.h 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_get.h 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_get.h * @@ -36,12 +36,12 @@ typedef struct { #if 1 - /* - * Smaller run-time storage, and on x86 the compiler can use byte - * loads, stores, and compares, but on other platforms the compiler - * may need to load and widen before comparing... see how this works - * out. - */ + /* + * Smaller run-time storage, and on x86 the compiler can use byte + * loads, stores, and compares, but on other platforms the compiler + * may need to load and widen before comparing... see how this works + * out. + */ unsigned int asn1class : 8, construction : 8; #else asn1_class asn1class; Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_k_decode.c * @@ -34,26 +34,26 @@ /* Declare useful decoder variables. */ #define setup() \ - asn1_error_code retval; \ - asn1_class asn1class; \ - asn1_construction construction; \ - asn1_tagnum tagnum; \ - unsigned int length, taglen + asn1_error_code retval; \ + asn1_class asn1class; \ + asn1_construction construction; \ + asn1_tagnum tagnum; \ + unsigned int length, taglen #define unused_var(x) if (0) { x = 0; x = x - x; } /* This is used for prefetch of next tag in sequence. */ -#define next_tag() \ -{ taginfo t2; \ - retval = asn1_get_tag_2(&subbuf, &t2); \ - if (retval) clean_return(retval); \ - /* Copy out to match previous functionality, until better integrated. */ \ - asn1class = t2.asn1class; \ - construction = t2.construction; \ - tagnum = t2.tagnum; \ - taglen = t2.length; \ - indef = t2.indef; \ -} +#define next_tag() \ + { taginfo t2; \ + retval = asn1_get_tag_2(&subbuf, &t2); \ + if (retval) clean_return(retval); \ + /* Copy out to match previous functionality, until better integrated. */ \ + asn1class = t2.asn1class; \ + construction = t2.construction; \ + tagnum = t2.tagnum; \ + taglen = t2.length; \ + indef = t2.indef; \ + } static asn1_error_code asn1_get_eoc_tag (asn1buf *buf) @@ -77,40 +77,40 @@ } #define alloc_field(var) \ - var = calloc(1, sizeof(*var)); \ - if ((var) == NULL) clean_return(ENOMEM) + var = calloc(1, sizeof(*var)); \ + if ((var) == NULL) clean_return(ENOMEM) /* * Allocate a principal and initialize enough fields for * krb5_free_principal to have defined behavior. */ #define alloc_principal(var) \ - alloc_field(var); \ - var->realm.data = NULL; \ - var->data = NULL + alloc_field(var); \ + var->realm.data = NULL; \ + var->data = NULL /* * Allocate a data structure and initialize enough fields for * krb5_free_data to have defined behavior. */ #define alloc_data(var) \ - alloc_field(var); \ - var->data = NULL + alloc_field(var); \ + var->data = NULL /* Fetch an expected APPLICATION class tag and verify. */ -#define apptag(tagexpect) \ - { \ - taginfo t1; \ - retval = asn1_get_tag_2(buf, &t1); \ - if (retval) clean_return(retval); \ - if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED || \ - t1.tagnum != (tagexpect)) clean_return(ASN1_BAD_ID); \ - /* Copy out to match previous functionality, until better integrated. */ \ - asn1class = t1.asn1class; \ - construction = t1.construction; \ - tagnum = t1.tagnum; \ - applen = t1.length; \ - } +#define apptag(tagexpect) \ + { \ + taginfo t1; \ + retval = asn1_get_tag_2(buf, &t1); \ + if (retval) clean_return(retval); \ + if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED || \ + t1.tagnum != (tagexpect)) clean_return(ASN1_BAD_ID); \ + /* Copy out to match previous functionality, until better integrated. */ \ + asn1class = t1.asn1class; \ + construction = t1.construction; \ + tagnum = t1.tagnum; \ + applen = t1.length; \ + } /**** normal fields ****/ @@ -122,10 +122,10 @@ * enclosed in a context-specific tag. */ #define get_field_body(var, decoder) \ - retval = decoder(&subbuf, &(var)); \ - if (retval) clean_return(retval); \ - if (!taglen && indef) { get_eoc(); } \ - next_tag() + retval = decoder(&subbuf, &(var)); \ + if (retval) clean_return(retval); \ + if (!taglen && indef) { get_eoc(); } \ + next_tag() /* * error_if_bad_tag @@ -133,8 +133,8 @@ * Checks that the next tag is the expected one; returns with an error * if not. */ -#define error_if_bad_tag(tagexpect) \ - if (tagnum != (tagexpect)) { clean_return((tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD); } +#define error_if_bad_tag(tagexpect) \ + if (tagnum != (tagexpect)) { clean_return((tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD); } /* * get_field @@ -144,11 +144,11 @@ * verification of tag numbers. */ #define get_field(var, tagexpect, decoder) \ - error_if_bad_tag(tagexpect); \ - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - && (tagnum || taglen || asn1class != UNIVERSAL)) \ - clean_return(ASN1_BAD_ID); \ - get_field_body(var,decoder) + error_if_bad_tag(tagexpect); \ + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + && (tagnum || taglen || asn1class != UNIVERSAL)) \ + clean_return(ASN1_BAD_ID); \ + get_field_body(var,decoder) /* * opt_field @@ -159,59 +159,59 @@ * values that happen to have the value of OPTVAL. */ #define opt_field(var, tagexpect, decoder, optvalue) \ - if (asn1buf_remains(&subbuf, seqindef)) { \ - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - && (tagnum || taglen || asn1class != UNIVERSAL)) \ - clean_return(ASN1_BAD_ID); \ - if (tagnum == (tagexpect)) { \ - get_field_body(var, decoder); \ - } else var = optvalue; \ - } + if (asn1buf_remains(&subbuf, seqindef)) { \ + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + && (tagnum || taglen || asn1class != UNIVERSAL)) \ + clean_return(ASN1_BAD_ID); \ + if (tagnum == (tagexpect)) { \ + get_field_body(var, decoder); \ + } else var = optvalue; \ + } /**** fields w/ length ****/ /* similar to get_field_body */ #define get_lenfield_body(len, var, decoder) \ - retval = decoder(&subbuf, &(len), &(var)); \ - if (retval) clean_return(retval); \ - if (!taglen && indef) { get_eoc(); } \ - next_tag() + retval = decoder(&subbuf, &(len), &(var)); \ + if (retval) clean_return(retval); \ + if (!taglen && indef) { get_eoc(); } \ + next_tag() /* similar to get_field_body */ #define get_lenfield(len, var, tagexpect, decoder) \ - error_if_bad_tag(tagexpect); \ - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - && (tagnum || taglen || asn1class != UNIVERSAL)) \ - clean_return(ASN1_BAD_ID); \ - get_lenfield_body(len, var, decoder) + error_if_bad_tag(tagexpect); \ + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + && (tagnum || taglen || asn1class != UNIVERSAL)) \ + clean_return(ASN1_BAD_ID); \ + get_lenfield_body(len, var, decoder) /* similar to opt_field */ #define opt_lenfield(len, var, tagexpect, decoder) \ - if (tagnum == (tagexpect)) { \ - get_lenfield_body(len, var, decoder); \ - } else { len = 0; var = 0; } + if (tagnum == (tagexpect)) { \ + get_lenfield_body(len, var, decoder); \ + } else { len = 0; var = 0; } /* * Deal with implicitly tagged fields */ -#define get_implicit_octet_string(len, var, tagexpect) \ - if (tagnum != (tagexpect)) clean_return(ASN1_MISSING_FIELD); \ - if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ - clean_return(ASN1_BAD_ID); \ - retval = asn1buf_remove_octetstring(&subbuf, taglen, &(var)); \ - if (retval) clean_return(retval); \ - (len) = taglen; \ - next_tag() +#define get_implicit_octet_string(len, var, tagexpect) \ + if (tagnum != (tagexpect)) clean_return(ASN1_MISSING_FIELD); \ + if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ + clean_return(ASN1_BAD_ID); \ + retval = asn1buf_remove_octetstring(&subbuf, taglen, &(var)); \ + if (retval) clean_return(retval); \ + (len) = taglen; \ + next_tag() -#define opt_implicit_octet_string(len, var, tagexpect) \ - if (tagnum == (tagexpect)) { \ - if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ - clean_return(ASN1_BAD_ID); \ - retval = asn1buf_remove_octetstring(&subbuf, taglen, &(var)); \ - if (retval) clean_return(retval); \ - (len) = taglen; \ - next_tag(); \ - } else { (len) = 0; (var) = NULL; } +#define opt_implicit_octet_string(len, var, tagexpect) \ + if (tagnum == (tagexpect)) { \ + if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ + clean_return(ASN1_BAD_ID); \ + retval = asn1buf_remove_octetstring(&subbuf, taglen, &(var)); \ + if (retval) clean_return(retval); \ + (len) = taglen; \ + next_tag(); \ + } else { (len) = 0; (var) = NULL; } /* * begin_structure @@ -221,14 +221,14 @@ * end_structure(). */ #define begin_structure() \ - asn1buf subbuf; \ - int seqindef; \ - int indef; \ - retval = asn1_get_sequence(buf, &length, &seqindef); \ - if (retval) clean_return(retval); \ - retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) clean_return(retval); \ - next_tag() + asn1buf subbuf; \ + int seqindef; \ + int indef; \ + retval = asn1_get_sequence(buf, &length, &seqindef); \ + if (retval) clean_return(retval); \ + retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ + if (retval) clean_return(retval); \ + next_tag() /* * This is used for structures which have no tagging. @@ -236,19 +236,19 @@ * is not called. */ #define begin_structure_no_tag() \ - asn1buf subbuf; \ - int seqindef; \ - int indef; \ - retval = asn1_get_sequence(buf, &length, &seqindef); \ - if (retval) clean_return(retval); \ - retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) clean_return(retval) + asn1buf subbuf; \ + int seqindef; \ + int indef; \ + retval = asn1_get_sequence(buf, &length, &seqindef); \ + if (retval) clean_return(retval); \ + retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ + if (retval) clean_return(retval) /* skip trailing garbage */ #define end_structure() \ - retval = asn1buf_sync(buf, &subbuf, asn1class, tagnum, \ - length, indef, seqindef); \ - if (retval) clean_return(retval) + retval = asn1buf_sync(buf, &subbuf, asn1class, tagnum, \ + length, indef, seqindef); \ + if (retval) clean_return(retval) /* * begin_choice @@ -258,28 +258,28 @@ * end_choice(). */ #define begin_choice() \ - asn1buf subbuf; \ - int seqindef; \ - int indef; \ - taginfo t; \ - retval = asn1_get_tag_2(buf, &t); \ - if (retval) clean_return(retval); \ - tagnum = t.tagnum; \ - taglen = t.length; \ - indef = t.indef; \ - length = t.length; \ - seqindef = t.indef; \ - asn1class = t.asn1class; \ - construction = t.construction; \ - retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) clean_return(retval) + asn1buf subbuf; \ + int seqindef; \ + int indef; \ + taginfo t; \ + retval = asn1_get_tag_2(buf, &t); \ + if (retval) clean_return(retval); \ + tagnum = t.tagnum; \ + taglen = t.length; \ + indef = t.indef; \ + length = t.length; \ + seqindef = t.indef; \ + asn1class = t.asn1class; \ + construction = t.construction; \ + retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ + if (retval) clean_return(retval) /* skip trailing garbage */ #define end_choice() \ - length -= t.length; \ - retval = asn1buf_sync(buf, &subbuf, t.asn1class, t.tagnum, \ - length, t.indef, seqindef); \ - if (retval) clean_return(retval) + length -= t.length; \ + retval = asn1buf_sync(buf, &subbuf, t.asn1class, t.tagnum, \ + length, t.indef, seqindef); \ + if (retval) clean_return(retval) /* * sequence_of @@ -289,12 +289,12 @@ * end_sequence_of(). */ #define sequence_of(buf) \ - unsigned int length, taglen; \ - asn1_class asn1class; \ - asn1_construction construction; \ - asn1_tagnum tagnum; \ - int indef; \ - sequence_of_common(buf) + unsigned int length, taglen; \ + asn1_class asn1class; \ + asn1_construction construction; \ + asn1_tagnum tagnum; \ + int indef; \ + sequence_of_common(buf) /* * sequence_of_no_tagvars @@ -304,7 +304,7 @@ * than does sequence_of() to avoid shadowing. */ #define sequence_of_no_tagvars(buf) \ - sequence_of_common(buf) + sequence_of_common(buf) /* * sequence_of_common @@ -314,12 +314,12 @@ * does not prefetch the next tag. */ #define sequence_of_common(buf) \ - asn1buf seqbuf; \ - int seqofindef; \ - retval = asn1_get_sequence(buf, &length, &seqofindef); \ - if (retval) clean_return(retval); \ - retval = asn1buf_imbed(&seqbuf, buf, length, seqofindef); \ - if (retval) clean_return(retval) + asn1buf seqbuf; \ + int seqofindef; \ + retval = asn1_get_sequence(buf, &length, &seqofindef); \ + if (retval) clean_return(retval); \ + retval = asn1buf_imbed(&seqbuf, buf, length, seqofindef); \ + if (retval) clean_return(retval) /* * end_sequence_of @@ -327,21 +327,21 @@ * Attempts to fetch an EOC tag, if any, and to sync over trailing * garbage, if any. */ -#define end_sequence_of(buf) \ - { \ - taginfo t4; \ - retval = asn1_get_tag_2(&seqbuf, &t4); \ - if (retval) clean_return(retval); \ - /* Copy out to match previous functionality, until better integrated. */ \ - asn1class = t4.asn1class; \ - construction = t4.construction; \ - tagnum = t4.tagnum; \ - taglen = t4.length; \ - indef = t4.indef; \ - } \ - retval = asn1buf_sync(buf, &seqbuf, asn1class, tagnum, \ - length, indef, seqofindef); \ - if (retval) clean_return(retval); +#define end_sequence_of(buf) \ + { \ + taginfo t4; \ + retval = asn1_get_tag_2(&seqbuf, &t4); \ + if (retval) clean_return(retval); \ + /* Copy out to match previous functionality, until better integrated. */ \ + asn1class = t4.asn1class; \ + construction = t4.construction; \ + tagnum = t4.tagnum; \ + taglen = t4.length; \ + indef = t4.indef; \ + } \ + retval = asn1buf_sync(buf, &seqbuf, asn1class, tagnum, \ + length, indef, seqofindef); \ + if (retval) clean_return(retval); /* * end_sequence_of_no_tagvars @@ -363,7 +363,7 @@ t.length, t.indef, seqofindef); return retval; } -#define end_sequence_of_no_tagvars(buf) \ +#define end_sequence_of_no_tagvars(buf) \ retval = end_sequence_of_no_tagvars_helper(buf, &seqbuf, seqofindef); \ if (retval) clean_return(retval) @@ -374,20 +374,20 @@ * error) or a valid constructed structure, making cleanup easier on * callers. */ -#define decode_ptr(type, structure_decoder) \ - type val; \ - asn1_error_code retval; \ -\ - *valptr = NULL; \ - val = calloc(1, sizeof(*val)); \ - if (!val) \ - return ENOMEM; \ - retval = structure_decoder(buf, val); \ - if (retval) { \ - free(val); \ - return retval; \ - } \ - *valptr = val; \ +#define decode_ptr(type, structure_decoder) \ + type val; \ + asn1_error_code retval; \ + \ + *valptr = NULL; \ + val = calloc(1, sizeof(*val)); \ + if (!val) \ + return ENOMEM; \ + retval = structure_decoder(buf, val); \ + if (retval) { \ + free(val); \ + return retval; \ + } \ + *valptr = val; \ return 0; /* scalars */ @@ -405,26 +405,26 @@ return 0; } -#define integer_convert(fname,ktype)\ -asn1_error_code fname(asn1buf * buf, ktype * val)\ -{\ - asn1_error_code retval;\ - long n;\ - retval = asn1_decode_integer(buf,&n);\ - if (retval) return retval;\ - *val = (ktype)n;\ - return 0;\ -} -#define unsigned_integer_convert(fname,ktype)\ -asn1_error_code fname(asn1buf * buf, ktype * val)\ -{\ - asn1_error_code retval;\ - unsigned long n;\ - retval = asn1_decode_unsigned_integer(buf,&n);\ - if (retval) return retval;\ - *val = (ktype)n;\ - return 0;\ -} +#define integer_convert(fname,ktype) \ + asn1_error_code fname(asn1buf * buf, ktype * val) \ + { \ + asn1_error_code retval; \ + long n; \ + retval = asn1_decode_integer(buf,&n); \ + if (retval) return retval; \ + *val = (ktype)n; \ + return 0; \ + } +#define unsigned_integer_convert(fname,ktype) \ + asn1_error_code fname(asn1buf * buf, ktype * val) \ + { \ + asn1_error_code retval; \ + unsigned long n; \ + retval = asn1_decode_unsigned_integer(buf,&n); \ + if (retval) return retval; \ + *val = (ktype)n; \ + return 0; \ + } integer_convert(asn1_decode_int,int) integer_convert(asn1_decode_int32,krb5_int32) integer_convert(asn1_decode_kvno,krb5_kvno) @@ -915,9 +915,9 @@ /* arrays */ -#define get_element(element,decoder)\ -retval = decoder(&seqbuf,&element);\ -if (retval) clean_return(retval) +#define get_element(element,decoder) \ + retval = decoder(&seqbuf,&element); \ + if (retval) clean_return(retval) static void * array_expand (void *array, int n_elts, size_t elt_size) @@ -936,44 +936,44 @@ return realloc(array, new_size); } -#define array_append(array,size,element,type)\ - {\ - void *new_array = array_expand(*(array), (size)+2, sizeof(type*));\ - if (new_array == NULL) clean_return(ENOMEM);\ - *(array) = new_array;\ - (*(array))[(size)++] = elt;\ - } +#define array_append(array,size,element,type) \ + { \ + void *new_array = array_expand(*(array), (size)+2, sizeof(type*)); \ + if (new_array == NULL) clean_return(ENOMEM); \ + *(array) = new_array; \ + (*(array))[(size)++] = elt; \ + } /* * Function body for array decoders. freefn is expected to look like * a krb5_free_ function, so we pass a null first argument. */ -#define decode_array_body(type,decoder,freefn)\ - asn1_error_code retval;\ - type *elt = NULL, **array;\ - int size = 0, i; \ -\ - array = *val = NULL;\ - { sequence_of(buf);\ - while (asn1buf_remains(&seqbuf,seqofindef) > 0) {\ - get_element(elt,decoder);\ - array_append(&array,size,elt,type);\ - elt = NULL;\ - }\ - if (array == NULL)\ - array = malloc(sizeof(type*));\ - array[size] = NULL;\ - end_sequence_of(buf);\ - }\ - *val = array;\ - return 0;\ -error_out:\ - if (elt)\ - freefn(NULL,elt);\ - for (i = 0; i < size; i++)\ - freefn(NULL,array[i]);\ - free(array);\ - return retval +#define decode_array_body(type,decoder,freefn) \ + asn1_error_code retval; \ + type *elt = NULL, **array; \ + int size = 0, i; \ + \ + array = *val = NULL; \ + { sequence_of(buf); \ + while (asn1buf_remains(&seqbuf,seqofindef) > 0) { \ + get_element(elt,decoder); \ + array_append(&array,size,elt,type); \ + elt = NULL; \ + } \ + if (array == NULL) \ + array = malloc(sizeof(type*)); \ + array[size] = NULL; \ + end_sequence_of(buf); \ + } \ + *val = array; \ + return 0; \ +error_out: \ +if (elt) \ + freefn(NULL,elt); \ +for (i = 0; i < size; i++) \ + freefn(NULL,array[i]); \ +free(array); \ +return retval static void free_authdata_elt(void *dummy, krb5_authdata *val) @@ -1394,10 +1394,10 @@ } #define opt_string(val,n,fn) opt_lenfield((val).length,(val).data,n,fn) -#define opt_cksum(var,tagexpect,decoder)\ -if (tagnum == (tagexpect)) {\ - get_field_body(var,decoder); }\ -else var.length = 0 +#define opt_cksum(var,tagexpect,decoder) \ + if (tagnum == (tagexpect)) { \ + get_field_body(var,decoder); } \ + else var.length = 0 asn1_error_code asn1_decode_sam_challenge(asn1buf *buf, krb5_sam_challenge *val) @@ -1548,15 +1548,15 @@ return retval; } -#define opt_encfield(fld,tag,fn) \ - if (tagnum == tag) { \ - get_field(fld,tag,fn); } \ - else {\ - fld.magic = 0;\ - fld.enctype = 0;\ - fld.kvno = 0;\ - fld.ciphertext.data = NULL;\ - fld.ciphertext.length = 0;\ +#define opt_encfield(fld,tag,fn) \ + if (tagnum == tag) { \ + get_field(fld,tag,fn); } \ + else { \ + fld.magic = 0; \ + fld.enctype = 0; \ + fld.kvno = 0; \ + fld.ciphertext.data = NULL; \ + fld.ciphertext.length = 0; \ } asn1_error_code @@ -1743,13 +1743,13 @@ setup(); val->armor_value.data = NULL; {begin_structure(); - get_field(val->armor_type, 0, asn1_decode_int32); - get_lenfield(val->armor_value.length, val->armor_value.data, - 1, asn1_decode_charstring); - end_structure(); + get_field(val->armor_type, 0, asn1_decode_int32); + get_lenfield(val->armor_value.length, val->armor_value.data, + 1, asn1_decode_charstring); + end_structure(); } return 0; - error_out: +error_out: krb5_free_data_contents( NULL, &val->armor_value); return retval; } @@ -1767,16 +1767,16 @@ val->client = NULL; val->ticket_checksum.contents = NULL; {begin_structure(); - get_field(val->timestamp, 0, asn1_decode_kerberos_time); - get_field(val->usec, 1, asn1_decode_int32); - alloc_field(val->client); - get_field(val->client, 2, asn1_decode_realm); - get_field(val->client, 3, asn1_decode_principal_name); - get_field(val->ticket_checksum, 4, asn1_decode_checksum); - end_structure(); + get_field(val->timestamp, 0, asn1_decode_kerberos_time); + get_field(val->usec, 1, asn1_decode_int32); + alloc_field(val->client); + get_field(val->client, 2, asn1_decode_realm); + get_field(val->client, 3, asn1_decode_principal_name); + get_field(val->ticket_checksum, 4, asn1_decode_checksum); + end_structure(); } return 0; - error_out: +error_out: krb5_free_principal(NULL, val->client); krb5_free_checksum_contents( NULL, &val->ticket_checksum); return retval; @@ -1795,15 +1795,15 @@ val->i_principal = NULL; val->elements = NULL; {begin_structure(); - get_field(val->ad_checksum, 0, asn1_decode_checksum); - if (tagnum == 1) { - alloc_principal(val->i_principal); - opt_field(val->i_principal, 1, asn1_decode_realm, 0); - opt_field(val->i_principal, 2, asn1_decode_principal_name, 0); + get_field(val->ad_checksum, 0, asn1_decode_checksum); + if (tagnum == 1) { + alloc_principal(val->i_principal); + opt_field(val->i_principal, 1, asn1_decode_realm, 0); + opt_field(val->i_principal, 2, asn1_decode_principal_name, 0); + } + get_field(val->elements, 3, asn1_decode_authorization_data); + end_structure(); } - get_field(val->elements, 3, asn1_decode_authorization_data); - end_structure(); - } return 0; error_out: krb5_free_checksum_contents(NULL, &val->ad_checksum); Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_k_decode.h * Modified: trunk/src/lib/krb5/asn.1/asn1_k_encode.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_encode.h 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_k_encode.h 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_k_encode.h * Modified: trunk/src/lib/krb5/asn.1/asn1_make.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_make.c 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_make.c 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_make.c * Modified: trunk/src/lib/krb5/asn.1/asn1_misc.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_misc.c 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_misc.c 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_misc.c * Modified: trunk/src/lib/krb5/asn.1/asn1_misc.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_misc.h 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1_misc.h 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_misc.h * Modified: trunk/src/lib/krb5/asn.1/asn1buf.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1buf.c 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1buf.c 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* Coding Buffer Implementation */ /* @@ -75,8 +75,8 @@ static asn1_error_code asn1buf_expand(asn1buf *, unsigned int); #endif -#define asn1_is_eoc(class, num, indef) \ -((class) == UNIVERSAL && !(num) && !(indef)) +#define asn1_is_eoc(class, num, indef) \ + ((class) == UNIVERSAL && !(num) && !(indef)) asn1_error_code asn1buf_create(asn1buf **buf) { Modified: trunk/src/lib/krb5/asn.1/asn1glue.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1glue.h 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/asn1glue.h 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/asn.1/asn1glue.h * Modified: trunk/src/lib/krb5/asn.1/krb5_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/krb5_encode.c 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/krb5_encode.c 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/krb5_encode.c * @@ -41,28 +41,28 @@ * length: length of the most-recently produced encoding * sum: cumulative length of the entire encoding */ -#define krb5_setup()\ - asn1_error_code retval;\ - unsigned int length, sum = 0;\ - asn1buf *buf=NULL;\ - krb5_data *tmpcode;\ -\ - *code = NULL;\ -\ - if (rep == NULL) return ASN1_MISSING_FIELD;\ -\ - retval = asn1buf_create(&buf);\ - if (retval) return retval +#define krb5_setup() \ + asn1_error_code retval; \ + unsigned int length, sum = 0; \ + asn1buf *buf=NULL; \ + krb5_data *tmpcode; \ + \ + *code = NULL; \ + \ + if (rep == NULL) return ASN1_MISSING_FIELD; \ + \ + retval = asn1buf_create(&buf); \ + if (retval) return retval /* produce the final output and clean up the workspace */ -#define krb5_cleanup()\ - retval = asn12krb5_buf(buf,&tmpcode);\ -error:\ - asn1buf_destroy(&buf);\ - if (retval)\ - return retval;\ - *code = tmpcode;\ - return 0 +#define krb5_cleanup() \ + retval = asn12krb5_buf(buf,&tmpcode); \ +error: \ +asn1buf_destroy(&buf); \ +if (retval) \ + return retval; \ +*code = tmpcode; \ +return 0 #ifndef DISABLE_PKINIT krb5_error_code Modified: trunk/src/lib/krb5/asn.1/krbasn1.h =================================================================== --- trunk/src/lib/krb5/asn.1/krbasn1.h 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/krbasn1.h 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ #ifndef __KRBASN1_H__ #define __KRBASN1_H__ @@ -33,7 +33,7 @@ typedef enum { PRIMITIVE = 0x00, CONSTRUCTED = 0x20 } asn1_construction; typedef enum { UNIVERSAL = 0x00, APPLICATION = 0x40, - CONTEXT_SPECIFIC = 0x80, PRIVATE = 0xC0 } asn1_class; + CONTEXT_SPECIFIC = 0x80, PRIVATE = 0xC0 } asn1_class; typedef INT64_TYPE asn1_intmax; typedef UINT64_TYPE asn1_uintmax; Modified: trunk/src/lib/krb5/asn.1/ldap_key_seq.c =================================================================== --- trunk/src/lib/krb5/asn.1/ldap_key_seq.c 2009-11-05 04:39:48 UTC (rev 23132) +++ trunk/src/lib/krb5/asn.1/ldap_key_seq.c 2009-11-05 04:39:54 UTC (rev 23133) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* ... copyright ... */ /* @@ -113,21 +113,21 @@ /* Decode the Principal's keys */ /************************************************************************/ -#define cleanup(err) \ - { \ - ret = err; \ - goto last; \ - } +#define cleanup(err) \ + { \ + ret = err; \ + goto last; \ + } -#define checkerr \ - if (ret != 0) \ - goto last +#define checkerr \ + if (ret != 0) \ + goto last -#define safe_syncbuf(outer,inner,buflen) \ - if (! ((inner)->next == (inner)->bound + 1 && \ - (inner)->next == (outer)->next + buflen)) \ - cleanup (ASN1_BAD_LENGTH); \ - asn1buf_sync((outer), (inner), 0, 0, 0, 0, 0); +#define safe_syncbuf(outer,inner,buflen) \ + if (! ((inner)->next == (inner)->bound + 1 && \ + (inner)->next == (outer)->next + buflen)) \ + cleanup (ASN1_BAD_LENGTH); \ + asn1buf_sync((outer), (inner), 0, 0, 0, 0, 0); static asn1_error_code decode_tagged_integer (asn1buf *buf, asn1_tagnum expectedtag, long *val) From tlyu at MIT.EDU Fri Nov 6 13:53:31 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 6 Nov 2009 13:53:31 -0500 Subject: svn rev #23134: trunk/src/ Message-ID: <200911061853.nA6IrVCW023398@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23134 Commit By: tlyu Log Message: Move more reindent settings into variables. Changed Files: U trunk/src/Makefile.in Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-11-05 04:39:54 UTC (rev 23133) +++ trunk/src/Makefile.in 2009-11-06 18:53:31 UTC (rev 23134) @@ -660,6 +660,14 @@ EMACS = emacs PYTHON = python +INDENTDIRS = \ + clients \ + kadmin \ + kdc \ + lib/kadm5 \ + lib/kdb \ + lib/krb5 + BSDFILES = \ kadmin/cli/strftime.c \ kadmin/server/ipropd_svc.c \ @@ -696,18 +704,11 @@ mark-cstyle-krb5:: (cd $(SRCTOP) && \ - $(FIND) \ - clients \ - lib/kadm5 \ - lib/kdb \ - lib/krb5 \ - kadmin \ - kdc \ - \( $(EXCLUDES) \) -prune -o \ + $(FIND) $(INDENTDIRS) \( $(EXCLUDES) \) -prune -o \ -name '*.[ch]' \ -print0 | $(XARGS) -0 $(PYTHON) util/krb5-mark-cstyle.py \ --cstyle=krb5) mark-cstyle-bsd:: - (cd $(SRCTOP) && \ - $(PYTHON) util/krb5-mark-cstyle.py --cstyle=bsd $(BSDFILES)) + (cd $(SRCTOP) && $(FIND) $(BSDFILES) -print0 | $(XARGS) -0 \ + $(PYTHON) util/krb5-mark-cstyle.py --cstyle=bsd) From tlyu at MIT.EDU Fri Nov 6 14:45:25 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 6 Nov 2009 14:45:25 -0500 Subject: svn rev #23135: trunk/src/ Message-ID: <200911061945.nA6JjPfC027864@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23135 Commit By: tlyu Log Message: Add slave/ to INDENTDIRS, with some exclusions. Changed Files: U trunk/src/Makefile.in Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-11-06 18:53:31 UTC (rev 23134) +++ trunk/src/Makefile.in 2009-11-06 19:45:25 UTC (rev 23135) @@ -666,7 +666,9 @@ kdc \ lib/kadm5 \ lib/kdb \ - lib/krb5 + lib/krb5 \ + prototype \ + slave BSDFILES = \ kadmin/cli/strftime.c \ @@ -678,7 +680,8 @@ lib/kadm5/kadm_rpc_xdr.c \ lib/kadm5/srv/adb_xdr.c \ lib/krb5/krb/strftime.c \ - lib/krb5/krb/strptime.c + lib/krb5/krb/strptime.c \ + slave/kpropd_rpc.c OTHEREXCLUDES = \ lib/krb5/asn.1/asn1_decode.h \ @@ -688,7 +691,9 @@ lib/krb5/asn.1/asn1buf.h \ lib/krb5/asn.1/krb5_decode.c \ lib/krb5/krb/deltat.c \ - lib/krb5/unicode + lib/krb5/unicode \ + slave/kprop.c \ + slave/kpropd.c EXCLUDES = `for i in $(BSDFILES) $(OTHEREXCLUDES); do echo $$i; done | $(AWK) '{ print "-path", $$1, "-o" }'` -path /dev/null From tlyu at MIT.EDU Fri Nov 6 14:45:29 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 6 Nov 2009 14:45:29 -0500 Subject: svn rev #23136: trunk/src/slave/ Message-ID: <200911061945.nA6JjTHO027909@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23136 Commit By: tlyu Log Message: make mark-cstyle; make reindent Changed Files: U trunk/src/slave/kprop.h U trunk/src/slave/kpropd_rpc.c U trunk/src/slave/kproplog.c Modified: trunk/src/slave/kprop.h =================================================================== --- trunk/src/slave/kprop.h 2009-11-06 19:45:25 UTC (rev 23135) +++ trunk/src/slave/kprop.h 2009-11-06 19:45:29 UTC (rev 23136) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * slave/kprop.h * Modified: trunk/src/slave/kpropd_rpc.c =================================================================== --- trunk/src/slave/kpropd_rpc.c 2009-11-06 19:45:25 UTC (rev 23135) +++ trunk/src/slave/kpropd_rpc.c 2009-11-06 19:45:29 UTC (rev 23136) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ /* * Please do not edit this file. * It was generated using rpcgen. Modified: trunk/src/slave/kproplog.c =================================================================== --- trunk/src/slave/kproplog.c 2009-11-06 19:45:25 UTC (rev 23135) +++ trunk/src/slave/kproplog.c 2009-11-06 19:45:29 UTC (rev 23136) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. @@ -3,5 +4,5 @@ */ -/* #pragma ident "@(#)kproplog.c 1.4 04/03/19 SMI" */ +/* #pragma ident "@(#)kproplog.c 1.4 04/03/19 SMI" */ /* @@ -23,13 +24,13 @@ #define textdomain(X) 0 #endif -static char *progname; +static char *progname; static void usage() { (void) fprintf(stderr, _("\nUsage: %s [-h] [-v] [-v] [-e num]\n\n"), - progname); + progname); exit(1); } @@ -41,35 +42,35 @@ { unsigned int i; static char *prflags[] = { - "DISALLOW_POSTDATED", /* 0x00000001 */ - "DISALLOW_FORWARDABLE", /* 0x00000002 */ - "DISALLOW_TGT_BASED", /* 0x00000004 */ - "DISALLOW_RENEWABLE", /* 0x00000008 */ - "DISALLOW_PROXIABLE", /* 0x00000010 */ - "DISALLOW_DUP_SKEY", /* 0x00000020 */ - "DISALLOW_ALL_TIX", /* 0x00000040 */ - "REQUIRES_PRE_AUTH", /* 0x00000080 */ - "REQUIRES_HW_AUTH", /* 0x00000100 */ - "REQUIRES_PWCHANGE", /* 0x00000200 */ - "UNKNOWN_0x00000400", /* 0x00000400 */ - "UNKNOWN_0x00000800", /* 0x00000800 */ - "DISALLOW_SVR", /* 0x00001000 */ - "PWCHANGE_SERVICE", /* 0x00002000 */ - "SUPPORT_DESMD5", /* 0x00004000 */ - "NEW_PRINC", /* 0x00008000 */ - "UNKNOWN_0x00010000", /* 0x00010000 */ - "UNKNOWN_0x00020000", /* 0x00020000 */ - "UNKNOWN_0x00040000", /* 0x00040000 */ - "UNKNOWN_0x00080000", /* 0x00080000 */ - "OK_AS_DELEGATE", /* 0x00100000 */ - "OK_TO_AUTH_AS_DELEGATE", /* 0x00200000 */ - "NO_AUTH_DATA_REQUIRED", /* 0x00400000 */ + "DISALLOW_POSTDATED", /* 0x00000001 */ + "DISALLOW_FORWARDABLE", /* 0x00000002 */ + "DISALLOW_TGT_BASED", /* 0x00000004 */ + "DISALLOW_RENEWABLE", /* 0x00000008 */ + "DISALLOW_PROXIABLE", /* 0x00000010 */ + "DISALLOW_DUP_SKEY", /* 0x00000020 */ + "DISALLOW_ALL_TIX", /* 0x00000040 */ + "REQUIRES_PRE_AUTH", /* 0x00000080 */ + "REQUIRES_HW_AUTH", /* 0x00000100 */ + "REQUIRES_PWCHANGE", /* 0x00000200 */ + "UNKNOWN_0x00000400", /* 0x00000400 */ + "UNKNOWN_0x00000800", /* 0x00000800 */ + "DISALLOW_SVR", /* 0x00001000 */ + "PWCHANGE_SERVICE", /* 0x00002000 */ + "SUPPORT_DESMD5", /* 0x00004000 */ + "NEW_PRINC", /* 0x00008000 */ + "UNKNOWN_0x00010000", /* 0x00010000 */ + "UNKNOWN_0x00020000", /* 0x00020000 */ + "UNKNOWN_0x00040000", /* 0x00040000 */ + "UNKNOWN_0x00080000", /* 0x00080000 */ + "OK_AS_DELEGATE", /* 0x00100000 */ + "OK_TO_AUTH_AS_DELEGATE", /* 0x00200000 */ + "NO_AUTH_DATA_REQUIRED", /* 0x00400000 */ }; for (i = 0; i < sizeof (prflags) / sizeof (char *); i++) { - if (flags & (krb5_flags) 1 << i) - printf("\t\t\t%s\n", prflags[i]); + if (flags & (krb5_flags) 1 << i) + printf("\t\t\t%s\n", prflags[i]); } } @@ -80,10 +81,10 @@ print_time(unsigned int *timep) { if (*timep == 0L) - printf("\t\t\tNone\n"); + printf("\t\t\tNone\n"); else { - time_t ltime = *timep; - printf("\t\t\t%s", ctime(<ime)); + time_t ltime = *timep; + printf("\t\t\t%s", ctime(<ime)); } } @@ -100,7 +101,7 @@ (void) printf("\t\t\t%s(%d): 0x", tag, len); for (i = 0; i < len; i++) { - printf("%02x", (krb5_octet) str->utf8str_t_val[i]); + printf("%02x", (krb5_octet) str->utf8str_t_val[i]); } (void) printf("\n"); } @@ -119,8 +120,8 @@ dis = (char *) malloc(len); if (!dis) { - (void) fprintf(stderr, _("\nCouldn't allocate memory")); - exit(1); + (void) fprintf(stderr, _("\nCouldn't allocate memory")); + exit(1); } (void) snprintf(dis, len, "%s", str->utf8str_t_val); @@ -158,7 +159,7 @@ for (i = 0; i < len; i++, data++) { - print_data("princ", data); + print_data("princ", data); } } @@ -176,13 +177,13 @@ printf("\t\t\tkvno: %d\n", k->k_kvno); for (i = 0; i < k->k_enctype.k_enctype_len; i++) { - printf("\t\t\tenc type: 0x%x\n", - k->k_enctype.k_enctype_val[i]); + printf("\t\t\tenc type: 0x%x\n", + k->k_enctype.k_enctype_val[i]); } str = k->k_contents.k_contents_val; for (i = 0; i < k->k_contents.k_contents_len; i++, str++) { - print_hex("key", str); + print_hex("key", str); } } @@ -195,7 +196,7 @@ unsigned int i; for (i = 0; i < len; i++, keys++) { - print_key(keys); + print_key(keys); } } @@ -213,7 +214,7 @@ printf("\t\t\tvalue(%d): 0x", len); for (i = 0; i < len; i++) { - printf("%02x", (krb5_octet) tl->tl_data.tl_data_val[i]); + printf("%02x", (krb5_octet) tl->tl_data.tl_data_val[i]); } printf("\n"); } @@ -229,7 +230,7 @@ printf("\t\t\titems: %d\n", len); for (i = 0; i < len; i++, tldata++) { - print_tl(tldata); + print_tl(tldata); } } @@ -242,135 +243,135 @@ { switch (val->av_type) { case AT_ATTRFLAGS: - (void) printf(_("\t\tAttribute flags\n")); - if (vverbose) { - print_flags(val->kdbe_val_t_u.av_attrflags); - } - break; + (void) printf(_("\t\tAttribute flags\n")); + if (vverbose) { + print_flags(val->kdbe_val_t_u.av_attrflags); + } + break; case AT_MAX_LIFE: - (void) printf(_("\t\tMaximum ticket life\n")); - if (vverbose) { - print_time(&val->kdbe_val_t_u.av_max_life); - } - break; + (void) printf(_("\t\tMaximum ticket life\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_max_life); + } + break; case AT_MAX_RENEW_LIFE: - (void) printf(_("\t\tMaximum renewable life\n")); - if (vverbose) { - print_time(&val->kdbe_val_t_u.av_max_renew_life); - } - break; + (void) printf(_("\t\tMaximum renewable life\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_max_renew_life); + } + break; case AT_EXP: - (void) printf(_("\t\tPrincipal expiration\n")); - if (vverbose) { - print_time(&val->kdbe_val_t_u.av_exp); - } - break; + (void) printf(_("\t\tPrincipal expiration\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_exp); + } + break; case AT_PW_EXP: - (void) printf(_("\t\tPassword expiration\n")); - if (vverbose) { - print_time(&val->kdbe_val_t_u.av_pw_exp); - } - break; + (void) printf(_("\t\tPassword expiration\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_pw_exp); + } + break; case AT_LAST_SUCCESS: - (void) printf(_("\t\tLast successful auth\n")); - if (vverbose) { - print_time(&val->kdbe_val_t_u.av_last_success); - } - break; + (void) printf(_("\t\tLast successful auth\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_last_success); + } + break; case AT_LAST_FAILED: - (void) printf(_("\t\tLast failed auth\n")); - if (vverbose) { - print_time(&val->kdbe_val_t_u.av_last_failed); - } - break; + (void) printf(_("\t\tLast failed auth\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_last_failed); + } + break; case AT_FAIL_AUTH_COUNT: - (void) printf(_("\t\tFailed passwd attempt\n")); - if (vverbose) { - (void) printf("\t\t\t%d\n", - val->kdbe_val_t_u.av_fail_auth_count); - } - break; + (void) printf(_("\t\tFailed passwd attempt\n")); + if (vverbose) { + (void) printf("\t\t\t%d\n", + val->kdbe_val_t_u.av_fail_auth_count); + } + break; case AT_PRINC: - (void) printf(_("\t\tPrincipal\n")); - if (vverbose) { - print_princ(&val->kdbe_val_t_u.av_princ); - } - break; + (void) printf(_("\t\tPrincipal\n")); + if (vverbose) { + print_princ(&val->kdbe_val_t_u.av_princ); + } + break; case AT_KEYDATA: - (void) printf(_("\t\tKey data\n")); - if (vverbose) { - print_keydata( - val->kdbe_val_t_u.av_keydata.av_keydata_val, - val->kdbe_val_t_u.av_keydata.av_keydata_len); - } - break; + (void) printf(_("\t\tKey data\n")); + if (vverbose) { + print_keydata( + val->kdbe_val_t_u.av_keydata.av_keydata_val, + val->kdbe_val_t_u.av_keydata.av_keydata_len); + } + break; case AT_TL_DATA: - (void) printf(_("\t\tTL data\n")); - if (vverbose) { - print_tldata( - val->kdbe_val_t_u.av_tldata.av_tldata_val, - val->kdbe_val_t_u.av_tldata.av_tldata_len); - } - break; + (void) printf(_("\t\tTL data\n")); + if (vverbose) { + print_tldata( + val->kdbe_val_t_u.av_tldata.av_tldata_val, + val->kdbe_val_t_u.av_tldata.av_tldata_len); + } + break; case AT_LEN: - (void) printf(_("\t\tLength\n")); - if (vverbose) { - (void) printf("\t\t\t%d\n", - val->kdbe_val_t_u.av_len); - } - break; + (void) printf(_("\t\tLength\n")); + if (vverbose) { + (void) printf("\t\t\t%d\n", + val->kdbe_val_t_u.av_len); + } + break; case AT_PW_LAST_CHANGE: - (void) printf(_("\t\tPassword last changed\n")); - if (vverbose) { - print_time(&val->kdbe_val_t_u.av_pw_last_change); - } - break; + (void) printf(_("\t\tPassword last changed\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_pw_last_change); + } + break; case AT_MOD_PRINC: - (void) printf(_("\t\tModifying principal\n")); - if (vverbose) { - print_princ(&val->kdbe_val_t_u.av_mod_princ); - } - break; + (void) printf(_("\t\tModifying principal\n")); + if (vverbose) { + print_princ(&val->kdbe_val_t_u.av_mod_princ); + } + break; case AT_MOD_TIME: - (void) printf(_("\t\tModification time\n")); - if (vverbose) { - print_time(&val->kdbe_val_t_u.av_mod_time); - } - break; + (void) printf(_("\t\tModification time\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_mod_time); + } + break; case AT_MOD_WHERE: - (void) printf(_("\t\tModified where\n")); - if (vverbose) { - print_str("where", - &val->kdbe_val_t_u.av_mod_where); - } - break; + (void) printf(_("\t\tModified where\n")); + if (vverbose) { + print_str("where", + &val->kdbe_val_t_u.av_mod_where); + } + break; case AT_PW_POLICY: - (void) printf(_("\t\tPassword policy\n")); - if (vverbose) { - print_str("policy", - &val->kdbe_val_t_u.av_pw_policy); - } - break; + (void) printf(_("\t\tPassword policy\n")); + if (vverbose) { + print_str("policy", + &val->kdbe_val_t_u.av_pw_policy); + } + break; case AT_PW_POLICY_SWITCH: - (void) printf(_("\t\tPassword policy switch\n")); - if (vverbose) { - (void) printf("\t\t\t%d\n", - val->kdbe_val_t_u.av_pw_policy_switch); - } - break; + (void) printf(_("\t\tPassword policy switch\n")); + if (vverbose) { + (void) printf("\t\t\t%d\n", + val->kdbe_val_t_u.av_pw_policy_switch); + } + break; case AT_PW_HIST_KVNO: - (void) printf(_("\t\tPassword history KVNO\n")); - if (vverbose) { - (void) printf("\t\t\t%d\n", - val->kdbe_val_t_u.av_pw_hist_kvno); - } - break; + (void) printf(_("\t\tPassword history KVNO\n")); + if (vverbose) { + (void) printf("\t\t\t%d\n", + val->kdbe_val_t_u.av_pw_hist_kvno); + } + break; case AT_PW_HIST: - (void) printf(_("\t\tPassword history\n")); - if (vverbose) { - (void) printf("\t\t\tPW history elided\n"); - } - break; + (void) printf(_("\t\tPassword history\n")); + if (vverbose) { + (void) printf("\t\t\tPW history elided\n"); + } + break; } /* switch */ } @@ -380,104 +381,104 @@ static void print_update(kdb_hlog_t *ulog, uint32_t entry, unsigned int verbose) { - XDR xdrs; - uint32_t start_sno, i, j, indx; - char *dbprinc; - kdb_ent_header_t *indx_log; - kdb_incr_update_t upd; + XDR xdrs; + uint32_t start_sno, i, j, indx; + char *dbprinc; + kdb_ent_header_t *indx_log; + kdb_incr_update_t upd; if (entry && (entry < ulog->kdb_num)) - start_sno = ulog->kdb_last_sno - entry; + start_sno = ulog->kdb_last_sno - entry; else - start_sno = ulog->kdb_first_sno - 1; + start_sno = ulog->kdb_first_sno - 1; for (i = start_sno; i < ulog->kdb_last_sno; i++) { - indx = i % ulog->kdb_num; + indx = i % ulog->kdb_num; - indx_log = (kdb_ent_header_t *)INDEX(ulog, indx); + indx_log = (kdb_ent_header_t *)INDEX(ulog, indx); - /* - * Check for corrupt update entry - */ - if (indx_log->kdb_umagic != KDB_ULOG_MAGIC) { - (void) fprintf(stderr, - _("Corrupt update entry\n\n")); - exit(1); - } + /* + * Check for corrupt update entry + */ + if (indx_log->kdb_umagic != KDB_ULOG_MAGIC) { + (void) fprintf(stderr, + _("Corrupt update entry\n\n")); + exit(1); + } - (void) memset(&upd, 0, sizeof (kdb_incr_update_t)); - xdrmem_create(&xdrs, (char *)indx_log->entry_data, - indx_log->kdb_entry_size, XDR_DECODE); - if (!xdr_kdb_incr_update_t(&xdrs, &upd)) { - (void) printf(_("Entry data decode failure\n\n")); - exit(1); - } + (void) memset(&upd, 0, sizeof (kdb_incr_update_t)); + xdrmem_create(&xdrs, (char *)indx_log->entry_data, + indx_log->kdb_entry_size, XDR_DECODE); + if (!xdr_kdb_incr_update_t(&xdrs, &upd)) { + (void) printf(_("Entry data decode failure\n\n")); + exit(1); + } - (void) printf("---\n"); - (void) printf(_("Update Entry\n")); + (void) printf("---\n"); + (void) printf(_("Update Entry\n")); - (void) printf(_("\tUpdate serial # : %u\n"), - indx_log->kdb_entry_sno); + (void) printf(_("\tUpdate serial # : %u\n"), + indx_log->kdb_entry_sno); - (void) printf(_("\tUpdate operation : ")); - if (upd.kdb_deleted) - (void) printf(_("Delete\n")); - else - (void) printf(_("Add\n")); + (void) printf(_("\tUpdate operation : ")); + if (upd.kdb_deleted) + (void) printf(_("Delete\n")); + else + (void) printf(_("Add\n")); - dbprinc = malloc(upd.kdb_princ_name.utf8str_t_len + 1); - if (dbprinc == NULL) { - (void) printf(_("Could not allocate " - "principal name\n\n")); - exit(1); - } - (void) strncpy(dbprinc, upd.kdb_princ_name.utf8str_t_val, - upd.kdb_princ_name.utf8str_t_len); - dbprinc[upd.kdb_princ_name.utf8str_t_len] = 0; - (void) printf(_("\tUpdate principal : %s\n"), dbprinc); + dbprinc = malloc(upd.kdb_princ_name.utf8str_t_len + 1); + if (dbprinc == NULL) { + (void) printf(_("Could not allocate " + "principal name\n\n")); + exit(1); + } + (void) strncpy(dbprinc, upd.kdb_princ_name.utf8str_t_val, + upd.kdb_princ_name.utf8str_t_len); + dbprinc[upd.kdb_princ_name.utf8str_t_len] = 0; + (void) printf(_("\tUpdate principal : %s\n"), dbprinc); - (void) printf(_("\tUpdate size : %u\n"), - indx_log->kdb_entry_size); + (void) printf(_("\tUpdate size : %u\n"), + indx_log->kdb_entry_size); - (void) printf(_("\tUpdate committed : %s\n"), - indx_log->kdb_commit ? "True" : "False"); + (void) printf(_("\tUpdate committed : %s\n"), + indx_log->kdb_commit ? "True" : "False"); - if (indx_log->kdb_time.seconds == 0L) - (void) printf(_("\tUpdate time stamp : None\n")); - else - (void) printf(_("\tUpdate time stamp : %s"), - ctime((time_t *)&(indx_log->kdb_time.seconds))); + if (indx_log->kdb_time.seconds == 0L) + (void) printf(_("\tUpdate time stamp : None\n")); + else + (void) printf(_("\tUpdate time stamp : %s"), + ctime((time_t *)&(indx_log->kdb_time.seconds))); - (void) printf(_("\tAttributes changed : %d\n"), - upd.kdb_update.kdbe_t_len); + (void) printf(_("\tAttributes changed : %d\n"), + upd.kdb_update.kdbe_t_len); - if (verbose) - for (j = 0; j < upd.kdb_update.kdbe_t_len; j++) - print_attr(&upd.kdb_update.kdbe_t_val[j], - verbose > 1 ? 1 : 0); + if (verbose) + for (j = 0; j < upd.kdb_update.kdbe_t_len; j++) + print_attr(&upd.kdb_update.kdbe_t_val[j], + verbose > 1 ? 1 : 0); - xdr_free(xdr_kdb_incr_update_t, (char *)&upd); - free(dbprinc); + xdr_free(xdr_kdb_incr_update_t, (char *)&upd); + free(dbprinc); } /* for */ } int main(int argc, char **argv) { - int c; - unsigned int verbose = 0; - bool_t headeronly = FALSE; - uint32_t entry = 0; - krb5_context context; - kadm5_config_params params; - kdb_log_context *log_ctx; - kdb_hlog_t *ulog = NULL; - char **db_args = NULL; /* XXX */ + int c; + unsigned int verbose = 0; + bool_t headeronly = FALSE; + uint32_t entry = 0; + krb5_context context; + kadm5_config_params params; + kdb_log_context *log_ctx; + kdb_hlog_t *ulog = NULL; + char **db_args = NULL; /* XXX */ (void) setlocale(LC_ALL, ""); #if !defined(TEXT_DOMAIN) -#define TEXT_DOMAIN "SYS_TEST" +#define TEXT_DOMAIN "SYS_TEST" #endif /* TEXT_DOMAIN */ (void) textdomain(TEXT_DOMAIN); @@ -485,57 +486,57 @@ progname = argv[0]; while ((c = getopt(argc, argv, "vhe:")) != -1) { - switch (c) { - case 'h': - headeronly = TRUE; - break; - case 'e': - entry = atoi(optarg); - break; - case 'v': - verbose++; - break; - default: - usage(); - } + switch (c) { + case 'h': + headeronly = TRUE; + break; + case 'e': + entry = atoi(optarg); + break; + case 'v': + verbose++; + break; + default: + usage(); + } } if (krb5_init_context(&context)) { - (void) fprintf(stderr, - _("Unable to initialize Kerberos\n\n")); - exit(1); + (void) fprintf(stderr, + _("Unable to initialize Kerberos\n\n")); + exit(1); } (void) memset(¶ms, 0, sizeof (params)); if (kadm5_get_config_params(context, 1, ¶ms, ¶ms)) { - (void) fprintf(stderr, - _("Couldn't read database_name\n\n")); - exit(1); + (void) fprintf(stderr, + _("Couldn't read database_name\n\n")); + exit(1); } (void) printf(_("\nKerberos update log (%s)\n"), - params.iprop_logfile); + params.iprop_logfile); if (ulog_map(context, params.iprop_logfile, 0, FKPROPLOG, db_args)) { - (void) fprintf(stderr, _("Unable to map log file %s\n\n"), - params.iprop_logfile); - exit(1); + (void) fprintf(stderr, _("Unable to map log file %s\n\n"), + params.iprop_logfile); + exit(1); } log_ctx = context->kdblog_context; if (log_ctx) - ulog = log_ctx->ulog; + ulog = log_ctx->ulog; else { - (void) fprintf(stderr, _("Unable to map log file %s\n\n"), - params.iprop_logfile); - exit(1); + (void) fprintf(stderr, _("Unable to map log file %s\n\n"), + params.iprop_logfile); + exit(1); } if (ulog->kdb_hmagic != KDB_ULOG_HDR_MAGIC) { - (void) fprintf(stderr, - _("Corrupt header log, exiting\n\n")); - exit(1); + (void) fprintf(stderr, + _("Corrupt header log, exiting\n\n")); + exit(1); } (void) printf(_("Update log dump :\n")); @@ -543,53 +544,53 @@ (void) printf(_("\tLog state : ")); switch (ulog->kdb_state) { case KDB_STABLE: - (void) printf(_("Stable\n")); - break; + (void) printf(_("Stable\n")); + break; case KDB_UNSTABLE: - (void) printf(_("Unstable\n")); - break; + (void) printf(_("Unstable\n")); + break; case KDB_CORRUPT: - (void) printf(_("Corrupt\n")); - break; + (void) printf(_("Corrupt\n")); + break; default: - (void) printf(_("Unknown state: %d\n"), - ulog->kdb_state); - break; + (void) printf(_("Unknown state: %d\n"), + ulog->kdb_state); + break; } (void) printf(_("\tEntry block size : %u\n"), ulog->kdb_block); (void) printf(_("\tNumber of entries : %u\n"), ulog->kdb_num); if (ulog->kdb_last_sno == 0) - (void) printf(_("\tLast serial # : None\n")); + (void) printf(_("\tLast serial # : None\n")); else { - if (ulog->kdb_first_sno == 0) - (void) printf(_("\tFirst serial # : None\n")); - else { - (void) printf(_("\tFirst serial # : ")); - (void) printf("%u\n", ulog->kdb_first_sno); - } + if (ulog->kdb_first_sno == 0) + (void) printf(_("\tFirst serial # : None\n")); + else { + (void) printf(_("\tFirst serial # : ")); + (void) printf("%u\n", ulog->kdb_first_sno); + } - (void) printf(_("\tLast serial # : ")); - (void) printf("%u\n", ulog->kdb_last_sno); + (void) printf(_("\tLast serial # : ")); + (void) printf("%u\n", ulog->kdb_last_sno); } if (ulog->kdb_last_time.seconds == 0L) { - (void) printf(_("\tLast time stamp : None\n")); + (void) printf(_("\tLast time stamp : None\n")); } else { - if (ulog->kdb_first_time.seconds == 0L) - (void) printf(_("\tFirst time stamp : None\n")); - else { - (void) printf(_("\tFirst time stamp : %s"), - ctime((time_t *) - &(ulog->kdb_first_time.seconds))); - } + if (ulog->kdb_first_time.seconds == 0L) + (void) printf(_("\tFirst time stamp : None\n")); + else { + (void) printf(_("\tFirst time stamp : %s"), + ctime((time_t *) + &(ulog->kdb_first_time.seconds))); + } - (void) printf(_("\tLast time stamp : %s\n"), - ctime((time_t *)&(ulog->kdb_last_time.seconds))); + (void) printf(_("\tLast time stamp : %s\n"), + ctime((time_t *)&(ulog->kdb_last_time.seconds))); } if ((!headeronly) && ulog->kdb_num) { - print_update(ulog, entry, verbose); + print_update(ulog, entry, verbose); } (void) printf("\n"); From raeburn at MIT.EDU Fri Nov 6 15:16:53 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 6 Nov 2009 15:16:53 -0500 Subject: svn rev #23137: trunk/src/tests/threads/ Message-ID: <200911062016.nA6KGrNp030675@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23137 Commit By: raeburn Log Message: Use krb5_get_error_message for reporting if krb5_get_server_rcache fails. Changed Files: U trunk/src/tests/threads/t_rcache.c Modified: trunk/src/tests/threads/t_rcache.c =================================================================== --- trunk/src/tests/threads/t_rcache.c 2009-11-06 19:45:29 UTC (rev 23136) +++ trunk/src/tests/threads/t_rcache.c 2009-11-06 20:16:53 UTC (rev 23137) @@ -78,7 +78,9 @@ #ifndef INIT_ONCE err = krb5_get_server_rcache(ctx, &piece, &my_rcache); if (err) { - com_err(prog, err, "getting replay cache"); + const char *msg = krb5_get_error_message(ctx, err); + fprintf(stderr, "%s while initializing replay cache\n", msg); + krb5_free_error_message(ctx, msg); exit(1); } #else @@ -134,7 +136,9 @@ #ifdef INIT_ONCE err = krb5_get_server_rcache(ctx, &piece, &rcache); if (err) { - com_err(prog, err, "getting replay cache"); + const char *msg = krb5_get_error_message(ctx, err); + fprintf(stderr, "%s: %s while initializing replay cache\n", prog, msg); + krb5_free_error_message(ctx, msg); return 1; } #endif From raeburn at MIT.EDU Fri Nov 6 15:17:00 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 6 Nov 2009 15:17:00 -0500 Subject: svn rev #23139: trunk/src/tests/threads/ Message-ID: <200911062017.nA6KH0De030761@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23139 Commit By: raeburn Log Message: Change INIT_ONCE compile-time flag into a run-time option. Delete DIRECT support; always create threads. Allow setting of test interval and number of threads via run-time options. Changed Files: U trunk/src/tests/threads/t_rcache.c Modified: trunk/src/tests/threads/t_rcache.c =================================================================== --- trunk/src/tests/threads/t_rcache.c 2009-11-06 20:16:57 UTC (rev 23138) +++ trunk/src/tests/threads/t_rcache.c 2009-11-06 20:17:00 UTC (rev 23139) @@ -49,7 +49,9 @@ int idx; }; -#undef INIT_ONCE +int init_once = 0; +int n_threads = 2; +int interval = 20 /* 5 * 60 */; static void try_one (struct tinfo *t) { @@ -75,25 +77,23 @@ t->my_cusec++; r.ctime = t->my_ctime; r.cusec = t->my_cusec; -#ifndef INIT_ONCE - err = krb5_get_server_rcache(ctx, &piece, &my_rcache); - if (err) { - const char *msg = krb5_get_error_message(ctx, err); - fprintf(stderr, "%s: %s while initializing replay cache\n", prog, msg); - krb5_free_error_message(ctx, msg); - exit(1); - } -#else - my_rcache = rcache; -#endif + if (!init_once) { + err = krb5_get_server_rcache(ctx, &piece, &my_rcache); + if (err) { + const char *msg = krb5_get_error_message(ctx, err); + fprintf(stderr, "%s: %s while initializing replay cache\n", prog, msg); + krb5_free_error_message(ctx, msg); + exit(1); + } + } else + my_rcache = rcache; err = krb5_rc_store(ctx, my_rcache, &r); if (err) { com_err(prog, err, "storing in replay cache"); exit(1); } -#ifndef INIT_ONCE - krb5_rc_close(ctx, my_rcache); -#endif + if (!init_once) + krb5_rc_close(ctx, my_rcache); } static void *run_a_loop (void *x) @@ -118,14 +118,52 @@ return 0; } +static void usage(void) +{ + fprintf (stderr, "usage: %s [ options ]\n", prog); + fprintf (stderr, "options:\n"); + fprintf (stderr, "\t-1\tcreate one rcache handle for process\n"); + fprintf (stderr, "\t-t N\tnumber of threads to create\n"); + fprintf (stderr, "\t-i N\tinterval to run test over, in seconds\n"); + exit(1); +} + +static const char optstring[] = "1t:i:"; + +static void process_options (int argc, char *argv[]) +{ + int c; + + prog = argv[0]; + while ((c = getopt(argc, argv, optstring)) != -1) { + switch (c) { + case '?': + case ':': + default: + usage (); + case '1': + init_once = 1; + break; + case 't': + n_threads = atoi (optarg); + if (n_threads < 1 || n_threads > 10000) + usage (); + break; + case 'i': + interval = atoi (optarg); + if (interval < 2 || n_threads > 100000) + usage (); + break; + } + } +} + int main (int argc, char *argv[]) { - int n; krb5_error_code err; - int interval = 20 /* 5 * 60 */; + int i, *ip; - prog = argv[0]; - n = 2; + process_options (argc, argv); err = krb5_init_context(&ctx); if (err) { com_err(prog, err, "initializing context"); @@ -155,55 +193,44 @@ } rcache = NULL; -#ifdef INIT_ONCE - err = krb5_get_server_rcache(ctx, &piece, &rcache); - if (err) { - const char *msg = krb5_get_error_message(ctx, err); - fprintf(stderr, "%s: %s while initializing new replay cache\n", - prog, msg); - krb5_free_error_message(ctx, msg); - return 1; + if (init_once) { + err = krb5_get_server_rcache(ctx, &piece, &rcache); + if (err) { + const char *msg = krb5_get_error_message(ctx, err); + fprintf(stderr, "%s: %s while initializing new replay cache\n", + prog, msg); + krb5_free_error_message(ctx, msg); + return 1; + } } -#endif end_time = time(0) + interval; -#undef DIRECT -#ifdef DIRECT - { - int zero = 0; - run_a_loop(&zero); + + ip = malloc(sizeof(int) * n_threads); + if (ip == 0 && n_threads > 0) { + perror("malloc"); + exit(1); } -#else - { - int i, *ip; + for (i = 0; i < n_threads; i++) + ip[i] = i; - ip = malloc(sizeof(int) * n); - if (ip == 0 && n > 0) { - perror("malloc"); + for (i = 0; i < n_threads; i++) { + pthread_t new_thread; + int perr; + perr = pthread_create(&new_thread, 0, run_a_loop, &ip[i]); + if (perr) { + errno = perr; + perror("pthread_create"); exit(1); } - for (i = 0; i < n; i++) - ip[i] = i; + } + while (time(0) < end_time + 1) + sleep(1); + for (i = 0; i < n_threads; i++) + printf("thread %d total %5d\n", i, ip[i]); + free(ip); - for (i = 0; i < n; i++) { - pthread_t new_thread; - int perr; - perr = pthread_create(&new_thread, 0, run_a_loop, &ip[i]); - if (perr) { - errno = perr; - perror("pthread_create"); - exit(1); - } - } - while (time(0) < end_time + 1) - sleep(1); - for (i = 0; i < n; i++) - printf("thread %d total %5d\n", i, ip[i]); - free(ip); - } -#endif -#ifdef INIT_ONCE - krb5_rc_close(ctx, rcache); -#endif + if (init_once) + krb5_rc_close(ctx, rcache); krb5_free_context(ctx); return 0; } From raeburn at MIT.EDU Fri Nov 6 15:16:57 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 6 Nov 2009 15:16:57 -0500 Subject: svn rev #23138: trunk/src/tests/threads/ Message-ID: <200911062016.nA6KGvXa030718@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23138 Commit By: raeburn Log Message: Don't start by attempting to unlink replay caches by guessing pathnames specific to my uid on MIT Athena systems. Instead, create a replay cache object and then destroy it through the library. Tweak the rcache-init-error messages to be specific to the instance that failed. Changed Files: U trunk/src/tests/threads/t_rcache.c Modified: trunk/src/tests/threads/t_rcache.c =================================================================== --- trunk/src/tests/threads/t_rcache.c 2009-11-06 20:16:53 UTC (rev 23137) +++ trunk/src/tests/threads/t_rcache.c 2009-11-06 20:16:57 UTC (rev 23138) @@ -79,7 +79,7 @@ err = krb5_get_server_rcache(ctx, &piece, &my_rcache); if (err) { const char *msg = krb5_get_error_message(ctx, err); - fprintf(stderr, "%s while initializing replay cache\n", msg); + fprintf(stderr, "%s: %s while initializing replay cache\n", prog, msg); krb5_free_error_message(ctx, msg); exit(1); } @@ -125,15 +125,19 @@ int interval = 20 /* 5 * 60 */; prog = argv[0]; - unlink("/var/tmp/rc_hello_7882"); - unlink("/var/tmp/hello_7882"); n = 2; err = krb5_init_context(&ctx); if (err) { com_err(prog, err, "initializing context"); return 1; } -#ifdef INIT_ONCE + + /* + * For consistency, run the tests without an existing replay + * cache. Since there isn't a way to ask the library for the + * pathname that would be used for the rcache, we create an rcache + * object and then destroy it. + */ err = krb5_get_server_rcache(ctx, &piece, &rcache); if (err) { const char *msg = krb5_get_error_message(ctx, err); @@ -141,6 +145,25 @@ krb5_free_error_message(ctx, msg); return 1; } + err = krb5_rc_destroy(ctx, rcache); + if (err) { + const char *msg = krb5_get_error_message(ctx, err); + fprintf(stderr, "%s: %s while destroying old replay cache\n", + prog, msg); + krb5_free_error_message(ctx, msg); + return 1; + } + rcache = NULL; + +#ifdef INIT_ONCE + err = krb5_get_server_rcache(ctx, &piece, &rcache); + if (err) { + const char *msg = krb5_get_error_message(ctx, err); + fprintf(stderr, "%s: %s while initializing new replay cache\n", + prog, msg); + krb5_free_error_message(ctx, msg); + return 1; + } #endif end_time = time(0) + interval; #undef DIRECT From tlyu at MIT.EDU Fri Nov 6 18:29:12 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 6 Nov 2009 18:29:12 -0500 Subject: svn rev #23140: trunk/src/ slave/ Message-ID: <200911062329.nA6NTCCs013799@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23140 Commit By: tlyu Log Message: Reformat some open-paren issues. Remove kprop.c and kpropd.c from exclusions. Changed Files: U trunk/src/Makefile.in U trunk/src/slave/kprop.c U trunk/src/slave/kpropd.c Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-11-06 20:17:00 UTC (rev 23139) +++ trunk/src/Makefile.in 2009-11-06 23:29:12 UTC (rev 23140) @@ -691,9 +691,7 @@ lib/krb5/asn.1/asn1buf.h \ lib/krb5/asn.1/krb5_decode.c \ lib/krb5/krb/deltat.c \ - lib/krb5/unicode \ - slave/kprop.c \ - slave/kpropd.c + lib/krb5/unicode EXCLUDES = `for i in $(BSDFILES) $(OTHEREXCLUDES); do echo $$i; done | $(AWK) '{ print "-path", $$1, "-o" }'` -path /dev/null Modified: trunk/src/slave/kprop.c =================================================================== --- trunk/src/slave/kprop.c 2009-11-06 20:17:00 UTC (rev 23139) +++ trunk/src/slave/kprop.c 2009-11-06 23:29:12 UTC (rev 23140) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * slave/kprop.c * @@ -52,395 +53,385 @@ static char *kprop_version = KPROP_PROT_VERSION; -char *progname = 0; +char *progname = 0; int debug = 0; -char *srvtab = 0; -char *slave_host; -char *realm = 0; -char *file = KPROP_DEFAULT_FILE; -short port = 0; +char *srvtab = 0; +char *slave_host; +char *realm = 0; +char *file = KPROP_DEFAULT_FILE; +short port = 0; -krb5_principal my_principal; /* The Kerberos principal we'll be */ - /* running under, initialized in */ - /* get_tickets() */ -krb5_ccache ccache; /* Credentials cache which we'll be using */ -krb5_creds creds; -krb5_address sender_addr; -krb5_address receiver_addr; +krb5_principal my_principal; /* The Kerberos principal we'll be */ +/* running under, initialized in */ +/* get_tickets() */ +krb5_ccache ccache; /* Credentials cache which we'll be using */ +krb5_creds creds; +krb5_address sender_addr; +krb5_address receiver_addr; -void PRS - (int, char **); -void get_tickets - (krb5_context); -static void usage - (void); -krb5_error_code open_connection - (char *, int *, char *, unsigned int); -void kerberos_authenticate - (krb5_context, krb5_auth_context *, - int, krb5_principal, krb5_creds **); -int open_database - (krb5_context, char *, int *); -void close_database - (krb5_context, int); -void xmit_database - (krb5_context, krb5_auth_context, krb5_creds *, - int, int, int); -void send_error - (krb5_context, krb5_creds *, int, char *, krb5_error_code); -void update_last_prop_file - (char *, char *); +void PRS(int, char **); +void get_tickets(krb5_context); +static void usage(void); +krb5_error_code open_connection(char *, int *, char *, unsigned int); +void kerberos_authenticate(krb5_context, krb5_auth_context *, + int, krb5_principal, krb5_creds **); +int open_database(krb5_context, char *, int *); +void close_database(krb5_context, int); +void xmit_database(krb5_context, krb5_auth_context, krb5_creds *, + int, int, int); +void send_error(krb5_context, krb5_creds *, int, char *, krb5_error_code); +void update_last_prop_file(char *, char *); static void usage() { - fprintf(stderr, "\nUsage: %s [-r realm] [-f file] [-d] [-P port] [-s srvtab] slave_host\n\n", - progname); - exit(1); + fprintf(stderr, "\nUsage: %s [-r realm] [-f file] [-d] [-P port] [-s srvtab] slave_host\n\n", + progname); + exit(1); } int main(argc, argv) - int argc; - char **argv; + int argc; + char **argv; { - int fd, database_fd, database_size; - krb5_error_code retval; - krb5_context context; - krb5_creds *my_creds; - krb5_auth_context auth_context; - char Errmsg[256]; + int fd, database_fd, database_size; + krb5_error_code retval; + krb5_context context; + krb5_creds *my_creds; + krb5_auth_context auth_context; + char Errmsg[256]; - retval = krb5_init_context(&context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } - PRS(argc, argv); - get_tickets(context); + retval = krb5_init_context(&context); + if (retval) { + com_err(argv[0], retval, "while initializing krb5"); + exit(1); + } + PRS(argc, argv); + get_tickets(context); - database_fd = open_database(context, file, &database_size); - retval = open_connection(slave_host, &fd, Errmsg, sizeof(Errmsg)); - if (retval) { - com_err(progname, retval, "%s while opening connection to %s", - Errmsg, slave_host); - exit(1); - } - if (fd < 0) { - fprintf(stderr, "%s: %s while opening connection to %s\n", - progname, Errmsg, slave_host); - exit(1); - } - kerberos_authenticate(context, &auth_context, fd, my_principal, - &my_creds); - xmit_database(context, auth_context, my_creds, fd, database_fd, - database_size); - update_last_prop_file(slave_host, file); - printf("Database propagation to %s: SUCCEEDED\n", slave_host); - krb5_free_cred_contents(context, my_creds); - close_database(context, database_fd); - exit(0); + database_fd = open_database(context, file, &database_size); + retval = open_connection(slave_host, &fd, Errmsg, sizeof(Errmsg)); + if (retval) { + com_err(progname, retval, "%s while opening connection to %s", + Errmsg, slave_host); + exit(1); + } + if (fd < 0) { + fprintf(stderr, "%s: %s while opening connection to %s\n", + progname, Errmsg, slave_host); + exit(1); + } + kerberos_authenticate(context, &auth_context, fd, my_principal, + &my_creds); + xmit_database(context, auth_context, my_creds, fd, database_fd, + database_size); + update_last_prop_file(slave_host, file); + printf("Database propagation to %s: SUCCEEDED\n", slave_host); + krb5_free_cred_contents(context, my_creds); + close_database(context, database_fd); + exit(0); } void PRS(argc, argv) - int argc; - char **argv; + int argc; + char **argv; { - register char *word, ch; + register char *word, ch; - progname = *argv++; - while (--argc && (word = *argv++)) { - if (*word == '-') { - word++; - while (word && (ch = *word++)) { - switch(ch){ - case 'r': - if (*word) - realm = word; - else - realm = *argv++; - if (!realm) - usage(); - word = 0; - break; - case 'f': - if (*word) - file = word; - else - file = *argv++; - if (!file) - usage(); - word = 0; - break; - case 'd': - debug++; - break; - case 'P': - if (*word) - port = htons(atoi(word)); - else - port = htons(atoi(*argv++)); - if (!port) - usage(); - word = 0; - break; - case 's': - if (*word) - srvtab = word; - else - srvtab = *argv++; - if (!srvtab) - usage(); - word = 0; - break; - default: - usage(); - } + progname = *argv++; + while (--argc && (word = *argv++)) { + if (*word == '-') { + word++; + while (word && (ch = *word++)) { + switch(ch){ + case 'r': + if (*word) + realm = word; + else + realm = *argv++; + if (!realm) + usage(); + word = 0; + break; + case 'f': + if (*word) + file = word; + else + file = *argv++; + if (!file) + usage(); + word = 0; + break; + case 'd': + debug++; + break; + case 'P': + if (*word) + port = htons(atoi(word)); + else + port = htons(atoi(*argv++)); + if (!port) + usage(); + word = 0; + break; + case 's': + if (*word) + srvtab = word; + else + srvtab = *argv++; + if (!srvtab) + usage(); + word = 0; + break; + default: + usage(); + } - } - } else { - if (slave_host) - usage(); - else - slave_host = word; - } - } - if (!slave_host) - usage(); + } + } else { + if (slave_host) + usage(); + else + slave_host = word; + } + } + if (!slave_host) + usage(); } void get_tickets(context) krb5_context context; { - char buf[BUFSIZ]; - krb5_error_code retval; - static char tkstring[] = "/tmp/kproptktXXXXXX"; - krb5_keytab keytab = NULL; + char buf[BUFSIZ]; + krb5_error_code retval; + static char tkstring[] = "/tmp/kproptktXXXXXX"; + krb5_keytab keytab = NULL; - /* - * Figure out what tickets we'll be using to send stuff - */ - retval = krb5_sname_to_principal(context, NULL, NULL, - KRB5_NT_SRV_HST, &my_principal); - if (retval) { - com_err(progname, errno, "while setting client principal name"); - exit(1); - } - if (realm) { - retval = krb5_set_principal_realm(context, my_principal, realm); - if (retval) { - com_err(progname, errno, - "while setting client principal realm"); - exit(1); - } - } + /* + * Figure out what tickets we'll be using to send stuff + */ + retval = krb5_sname_to_principal(context, NULL, NULL, + KRB5_NT_SRV_HST, &my_principal); + if (retval) { + com_err(progname, errno, "while setting client principal name"); + exit(1); + } + if (realm) { + retval = krb5_set_principal_realm(context, my_principal, realm); + if (retval) { + com_err(progname, errno, + "while setting client principal realm"); + exit(1); + } + } #if 0 - krb5_princ_type(context, my_principal) = KRB5_NT_PRINCIPAL; + krb5_princ_type(context, my_principal) = KRB5_NT_PRINCIPAL; #endif - /* - * Initialize cache file which we're going to be using - */ - (void) mktemp(tkstring); - snprintf(buf, sizeof(buf), "FILE:%s", tkstring); + /* + * Initialize cache file which we're going to be using + */ + (void) mktemp(tkstring); + snprintf(buf, sizeof(buf), "FILE:%s", tkstring); - retval = krb5_cc_resolve(context, buf, &ccache); - if (retval) { - com_err(progname, retval, "while opening credential cache %s", - buf); - exit(1); - } + retval = krb5_cc_resolve(context, buf, &ccache); + if (retval) { + com_err(progname, retval, "while opening credential cache %s", + buf); + exit(1); + } - retval = krb5_cc_initialize(context, ccache, my_principal); - if (retval) { - com_err (progname, retval, "when initializing cache %s", - buf); - exit(1); - } + retval = krb5_cc_initialize(context, ccache, my_principal); + if (retval) { + com_err (progname, retval, "when initializing cache %s", + buf); + exit(1); + } - /* - * Get the tickets we'll need. - * - * Construct the principal name for the slave host. - */ - memset(&creds, 0, sizeof(creds)); - retval = krb5_sname_to_principal(context, - slave_host, KPROP_SERVICE_NAME, - KRB5_NT_SRV_HST, &creds.server); - if (retval) { - com_err(progname, errno, "while setting server principal name"); - (void) krb5_cc_destroy(context, ccache); - exit(1); - } - if (realm) { - retval = krb5_set_principal_realm(context, creds.server, realm); - if (retval) { - com_err(progname, errno, - "while setting server principal realm"); - exit(1); - } - } + /* + * Get the tickets we'll need. + * + * Construct the principal name for the slave host. + */ + memset(&creds, 0, sizeof(creds)); + retval = krb5_sname_to_principal(context, + slave_host, KPROP_SERVICE_NAME, + KRB5_NT_SRV_HST, &creds.server); + if (retval) { + com_err(progname, errno, "while setting server principal name"); + (void) krb5_cc_destroy(context, ccache); + exit(1); + } + if (realm) { + retval = krb5_set_principal_realm(context, creds.server, realm); + if (retval) { + com_err(progname, errno, + "while setting server principal realm"); + exit(1); + } + } - /* - * Now fill in the client.... - */ - retval = krb5_copy_principal(context, my_principal, &creds.client); - if (retval) { - com_err(progname, retval, "While copying client principal"); - (void) krb5_cc_destroy(context, ccache); - exit(1); - } - if (srvtab) { - retval = krb5_kt_resolve(context, srvtab, &keytab); - if (retval) { - com_err(progname, retval, "while resolving keytab"); - (void) krb5_cc_destroy(context, ccache); - exit(1); - } - } + /* + * Now fill in the client.... + */ + retval = krb5_copy_principal(context, my_principal, &creds.client); + if (retval) { + com_err(progname, retval, "While copying client principal"); + (void) krb5_cc_destroy(context, ccache); + exit(1); + } + if (srvtab) { + retval = krb5_kt_resolve(context, srvtab, &keytab); + if (retval) { + com_err(progname, retval, "while resolving keytab"); + (void) krb5_cc_destroy(context, ccache); + exit(1); + } + } - retval = krb5_get_in_tkt_with_keytab(context, 0, 0, NULL, - NULL, keytab, ccache, &creds, 0); - if (retval) { - com_err(progname, retval, "while getting initial ticket\n"); - (void) krb5_cc_destroy(context, ccache); - exit(1); - } + retval = krb5_get_in_tkt_with_keytab(context, 0, 0, NULL, + NULL, keytab, ccache, &creds, 0); + if (retval) { + com_err(progname, retval, "while getting initial ticket\n"); + (void) krb5_cc_destroy(context, ccache); + exit(1); + } - if (keytab) - (void) krb5_kt_close(context, keytab); + if (keytab) + (void) krb5_kt_close(context, keytab); - /* - * Now destroy the cache right away --- the credentials we - * need will be in my_creds. - */ - retval = krb5_cc_destroy(context, ccache); - if (retval) { - com_err(progname, retval, "while destroying ticket cache"); - exit(1); - } + /* + * Now destroy the cache right away --- the credentials we + * need will be in my_creds. + */ + retval = krb5_cc_destroy(context, ccache); + if (retval) { + com_err(progname, retval, "while destroying ticket cache"); + exit(1); + } } krb5_error_code open_connection(host, fd, Errmsg, ErrmsgSz) - char *host; - int *fd; - char *Errmsg; - unsigned int ErrmsgSz; + char *host; + int *fd; + char *Errmsg; + unsigned int ErrmsgSz; { - int s; - krb5_error_code retval; + int s; + krb5_error_code retval; - struct hostent *hp; - register struct servent *sp; - struct sockaddr_in my_sin; - GETSOCKNAME_ARG3_TYPE socket_length; + struct hostent *hp; + register struct servent *sp; + struct sockaddr_in my_sin; + GETSOCKNAME_ARG3_TYPE socket_length; - hp = gethostbyname(host); - if (hp == NULL) { - (void) snprintf(Errmsg, ErrmsgSz, "%s: unknown host", host); - *fd = -1; - return(0); - } - my_sin.sin_family = hp->h_addrtype; - memcpy(&my_sin.sin_addr, hp->h_addr, sizeof(my_sin.sin_addr)); - if(!port) { - sp = getservbyname(KPROP_SERVICE, "tcp"); - if (sp == 0) { - my_sin.sin_port = htons(KPROP_PORT); - } else { - my_sin.sin_port = sp->s_port; - } - } else - my_sin.sin_port = port; - s = socket(AF_INET, SOCK_STREAM, 0); + hp = gethostbyname(host); + if (hp == NULL) { + (void) snprintf(Errmsg, ErrmsgSz, "%s: unknown host", host); + *fd = -1; + return(0); + } + my_sin.sin_family = hp->h_addrtype; + memcpy(&my_sin.sin_addr, hp->h_addr, sizeof(my_sin.sin_addr)); + if(!port) { + sp = getservbyname(KPROP_SERVICE, "tcp"); + if (sp == 0) { + my_sin.sin_port = htons(KPROP_PORT); + } else { + my_sin.sin_port = sp->s_port; + } + } else + my_sin.sin_port = port; + s = socket(AF_INET, SOCK_STREAM, 0); - if (s < 0) { - (void) snprintf(Errmsg, ErrmsgSz, "in call to socket"); - return(errno); - } - if (connect(s, (struct sockaddr *)&my_sin, sizeof my_sin) < 0) { - retval = errno; - close(s); - (void) snprintf(Errmsg, ErrmsgSz, "in call to connect"); - return(retval); - } - *fd = s; + if (s < 0) { + (void) snprintf(Errmsg, ErrmsgSz, "in call to socket"); + return(errno); + } + if (connect(s, (struct sockaddr *)&my_sin, sizeof my_sin) < 0) { + retval = errno; + close(s); + (void) snprintf(Errmsg, ErrmsgSz, "in call to connect"); + return(retval); + } + *fd = s; - /* - * Set receiver_addr and sender_addr. - */ - receiver_addr.addrtype = ADDRTYPE_INET; - receiver_addr.length = sizeof(my_sin.sin_addr); - receiver_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr)); - memcpy(receiver_addr.contents, &my_sin.sin_addr, - sizeof(my_sin.sin_addr)); + /* + * Set receiver_addr and sender_addr. + */ + receiver_addr.addrtype = ADDRTYPE_INET; + receiver_addr.length = sizeof(my_sin.sin_addr); + receiver_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr)); + memcpy(receiver_addr.contents, &my_sin.sin_addr, + sizeof(my_sin.sin_addr)); - socket_length = sizeof(my_sin); - if (getsockname(s, (struct sockaddr *)&my_sin, &socket_length) < 0) { - retval = errno; - close(s); - (void) snprintf(Errmsg, ErrmsgSz, "in call to getsockname"); - return(retval); - } - sender_addr.addrtype = ADDRTYPE_INET; - sender_addr.length = sizeof(my_sin.sin_addr); - sender_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr)); - memcpy(sender_addr.contents, &my_sin.sin_addr, - sizeof(my_sin.sin_addr)); + socket_length = sizeof(my_sin); + if (getsockname(s, (struct sockaddr *)&my_sin, &socket_length) < 0) { + retval = errno; + close(s); + (void) snprintf(Errmsg, ErrmsgSz, "in call to getsockname"); + return(retval); + } + sender_addr.addrtype = ADDRTYPE_INET; + sender_addr.length = sizeof(my_sin.sin_addr); + sender_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr)); + memcpy(sender_addr.contents, &my_sin.sin_addr, + sizeof(my_sin.sin_addr)); - return(0); + return(0); } void kerberos_authenticate(context, auth_context, fd, me, new_creds) krb5_context context; krb5_auth_context *auth_context; - int fd; + int fd; krb5_principal me; krb5_creds ** new_creds; { - krb5_error_code retval; - krb5_error *error = NULL; - krb5_ap_rep_enc_part *rep_result; + krb5_error_code retval; + krb5_error *error = NULL; + krb5_ap_rep_enc_part *rep_result; retval = krb5_auth_con_init(context, auth_context); if (retval) - exit(1); + exit(1); krb5_auth_con_setflags(context, *auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE); + KRB5_AUTH_CONTEXT_DO_SEQUENCE); retval = krb5_auth_con_setaddrs(context, *auth_context, &sender_addr, - &receiver_addr); + &receiver_addr); if (retval) { - com_err(progname, retval, "in krb5_auth_con_setaddrs"); - exit(1); + com_err(progname, retval, "in krb5_auth_con_setaddrs"); + exit(1); } retval = krb5_sendauth(context, auth_context, (void *)&fd, - kprop_version, me, creds.server, - AP_OPTS_MUTUAL_REQUIRED, NULL, &creds, NULL, - &error, &rep_result, new_creds); + kprop_version, me, creds.server, + AP_OPTS_MUTUAL_REQUIRED, NULL, &creds, NULL, + &error, &rep_result, new_creds); if (retval) { com_err(progname, retval, "while authenticating to server"); - if (error) { - if (error->error == KRB_ERR_GENERIC) { - if (error->text.data) - fprintf(stderr, - "Generic remote error: %s\n", - error->text.data); - } else if (error->error) { - com_err(progname, - (krb5_error_code) error->error + ERROR_TABLE_BASE_krb5, - "signalled from server"); - if (error->text.data) - fprintf(stderr, - "Error text from server: %s\n", - error->text.data); - } - krb5_free_error(context, error); - } - exit(1); + if (error) { + if (error->error == KRB_ERR_GENERIC) { + if (error->text.data) + fprintf(stderr, + "Generic remote error: %s\n", + error->text.data); + } else if (error->error) { + com_err(progname, + (krb5_error_code) error->error + ERROR_TABLE_BASE_krb5, + "signalled from server"); + if (error->text.data) + fprintf(stderr, + "Error text from server: %s\n", + error->text.data); + } + krb5_free_error(context, error); + } + exit(1); } krb5_free_ap_rep_enc_part(context, rep_result); } @@ -458,58 +449,58 @@ open_database(context, data_fn, size) krb5_context context; char *data_fn; - int *size; + int *size; { - int fd; - int err; - struct stat stbuf, stbuf_ok; - char *data_ok_fn; - static char ok[] = ".dump_ok"; + int fd; + int err; + struct stat stbuf, stbuf_ok; + char *data_ok_fn; + static char ok[] = ".dump_ok"; - dbpathname = strdup(data_fn); - if (!dbpathname) { - com_err(progname, ENOMEM, "allocating database file name '%s'", - data_fn); - exit(1); - } - if ((fd = open(dbpathname, O_RDONLY)) < 0) { - com_err(progname, errno, "while trying to open %s", - dbpathname); - exit(1); - } + dbpathname = strdup(data_fn); + if (!dbpathname) { + com_err(progname, ENOMEM, "allocating database file name '%s'", + data_fn); + exit(1); + } + if ((fd = open(dbpathname, O_RDONLY)) < 0) { + com_err(progname, errno, "while trying to open %s", + dbpathname); + exit(1); + } - err = krb5_lock_file(context, fd, - KRB5_LOCKMODE_SHARED|KRB5_LOCKMODE_DONTBLOCK); - if (err == EAGAIN || err == EWOULDBLOCK || errno == EACCES) { - com_err(progname, 0, "database locked"); - exit(1); - } else if (err) { - com_err(progname, err, "while trying to lock '%s'", dbpathname); - exit(1); - } - if (fstat(fd, &stbuf)) { - com_err(progname, errno, "while trying to stat %s", - data_fn); - exit(1); - } - if (asprintf(&data_ok_fn, "%s%s", data_fn, ok) < 0) { - com_err(progname, ENOMEM, "while trying to malloc data_ok_fn"); - exit(1); - } - if (stat(data_ok_fn, &stbuf_ok)) { - com_err(progname, errno, "while trying to stat %s", - data_ok_fn); - free(data_ok_fn); - exit(1); - } - if (stbuf.st_mtime > stbuf_ok.st_mtime) { - com_err(progname, 0, "'%s' more recent than '%s'.", - data_fn, data_ok_fn); - exit(1); - } - free(data_ok_fn); - *size = stbuf.st_size; - return(fd); + err = krb5_lock_file(context, fd, + KRB5_LOCKMODE_SHARED|KRB5_LOCKMODE_DONTBLOCK); + if (err == EAGAIN || err == EWOULDBLOCK || errno == EACCES) { + com_err(progname, 0, "database locked"); + exit(1); + } else if (err) { + com_err(progname, err, "while trying to lock '%s'", dbpathname); + exit(1); + } + if (fstat(fd, &stbuf)) { + com_err(progname, errno, "while trying to stat %s", + data_fn); + exit(1); + } + if (asprintf(&data_ok_fn, "%s%s", data_fn, ok) < 0) { + com_err(progname, ENOMEM, "while trying to malloc data_ok_fn"); + exit(1); + } + if (stat(data_ok_fn, &stbuf_ok)) { + com_err(progname, errno, "while trying to stat %s", + data_ok_fn); + free(data_ok_fn); + exit(1); + } + if (stbuf.st_mtime > stbuf_ok.st_mtime) { + com_err(progname, 0, "'%s' more recent than '%s'.", + data_fn, data_ok_fn); + exit(1); + } + free(data_ok_fn); + *size = stbuf.st_size; + return(fd); } void @@ -520,7 +511,7 @@ int err; err = krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK); if (err) - com_err(progname, err, "while unlocking database '%s'", dbpathname); + com_err(progname, err, "while unlocking database '%s'", dbpathname); free(dbpathname); (void)close(fd); return; @@ -537,211 +528,211 @@ */ void xmit_database(context, auth_context, my_creds, fd, database_fd, - in_database_size) + in_database_size) krb5_context context; krb5_auth_context auth_context; krb5_creds *my_creds; - int fd; - int database_fd; - int in_database_size; + int fd; + int database_fd; + int in_database_size; { - krb5_int32 sent_size, n; - krb5_data inbuf, outbuf; - char buf[KPROP_BUFSIZ]; - krb5_error_code retval; - krb5_error *error; - /* These must be 4 bytes */ - krb5_ui_4 database_size = in_database_size; - krb5_ui_4 send_size; + krb5_int32 sent_size, n; + krb5_data inbuf, outbuf; + char buf[KPROP_BUFSIZ]; + krb5_error_code retval; + krb5_error *error; + /* These must be 4 bytes */ + krb5_ui_4 database_size = in_database_size; + krb5_ui_4 send_size; - /* - * Send over the size - */ - send_size = htonl(database_size); - inbuf.data = (char *) &send_size; - inbuf.length = sizeof(send_size); /* must be 4, really */ - /* KPROP_CKSUMTYPE */ - retval = krb5_mk_safe(context, auth_context, &inbuf, - &outbuf, NULL); - if (retval) { - com_err(progname, retval, "while encoding database size"); - send_error(context, my_creds, fd, "while encoding database size", retval); - exit(1); - } + /* + * Send over the size + */ + send_size = htonl(database_size); + inbuf.data = (char *) &send_size; + inbuf.length = sizeof(send_size); /* must be 4, really */ + /* KPROP_CKSUMTYPE */ + retval = krb5_mk_safe(context, auth_context, &inbuf, + &outbuf, NULL); + if (retval) { + com_err(progname, retval, "while encoding database size"); + send_error(context, my_creds, fd, "while encoding database size", retval); + exit(1); + } - retval = krb5_write_message(context, (void *) &fd, &outbuf); - if (retval) { - krb5_free_data_contents(context, &outbuf); - com_err(progname, retval, "while sending database size"); - exit(1); - } - krb5_free_data_contents(context, &outbuf); - /* - * Initialize the initial vector. - */ - retval = krb5_auth_con_initivector(context, auth_context); - if (retval) { - send_error(context, my_creds, fd, - "failed while initializing i_vector", retval); - com_err(progname, retval, "while allocating i_vector"); - exit(1); - } + retval = krb5_write_message(context, (void *) &fd, &outbuf); + if (retval) { + krb5_free_data_contents(context, &outbuf); + com_err(progname, retval, "while sending database size"); + exit(1); + } + krb5_free_data_contents(context, &outbuf); + /* + * Initialize the initial vector. + */ + retval = krb5_auth_con_initivector(context, auth_context); + if (retval) { + send_error(context, my_creds, fd, + "failed while initializing i_vector", retval); + com_err(progname, retval, "while allocating i_vector"); + exit(1); + } - /* - * Send over the file, block by block.... - */ - inbuf.data = buf; - sent_size = 0; - while ((n = read(database_fd, buf, sizeof(buf)))) { - inbuf.length = n; - retval = krb5_mk_priv(context, auth_context, &inbuf, - &outbuf, NULL); - if (retval) { - snprintf(buf, sizeof(buf), - "while encoding database block starting at %d", - sent_size); - com_err(progname, retval, buf); - send_error(context, my_creds, fd, buf, retval); - exit(1); - } + /* + * Send over the file, block by block.... + */ + inbuf.data = buf; + sent_size = 0; + while ((n = read(database_fd, buf, sizeof(buf)))) { + inbuf.length = n; + retval = krb5_mk_priv(context, auth_context, &inbuf, + &outbuf, NULL); + if (retval) { + snprintf(buf, sizeof(buf), + "while encoding database block starting at %d", + sent_size); + com_err(progname, retval, buf); + send_error(context, my_creds, fd, buf, retval); + exit(1); + } - retval = krb5_write_message(context, (void *)&fd,&outbuf); - if (retval) { - krb5_free_data_contents(context, &outbuf); - com_err(progname, retval, - "while sending database block starting at %d", - sent_size); - exit(1); - } - krb5_free_data_contents(context, &outbuf); - sent_size += n; - if (debug) - printf("%d bytes sent.\n", sent_size); - } - if (sent_size != database_size) { - com_err(progname, 0, "Premature EOF found for database file!"); - send_error(context, my_creds, fd,"Premature EOF found for database file!", - KRB5KRB_ERR_GENERIC); - exit(1); - } + retval = krb5_write_message(context, (void *)&fd,&outbuf); + if (retval) { + krb5_free_data_contents(context, &outbuf); + com_err(progname, retval, + "while sending database block starting at %d", + sent_size); + exit(1); + } + krb5_free_data_contents(context, &outbuf); + sent_size += n; + if (debug) + printf("%d bytes sent.\n", sent_size); + } + if (sent_size != database_size) { + com_err(progname, 0, "Premature EOF found for database file!"); + send_error(context, my_creds, fd,"Premature EOF found for database file!", + KRB5KRB_ERR_GENERIC); + exit(1); + } - /* - * OK, we've sent the database; now let's wait for a success - * indication from the remote end. - */ - retval = krb5_read_message(context, (void *) &fd, &inbuf); - if (retval) { - com_err(progname, retval, - "while reading response from server"); - exit(1); - } - /* - * If we got an error response back from the server, display - * the error message - */ - if (krb5_is_krb_error(&inbuf)) { - retval = krb5_rd_error(context, &inbuf, &error); - if (retval) { - com_err(progname, retval, - "while decoding error response from server"); - exit(1); - } - if (error->error == KRB_ERR_GENERIC) { - if (error->text.data) - fprintf(stderr, - "Generic remote error: %s\n", - error->text.data); - } else if (error->error) { - com_err(progname, - (krb5_error_code) error->error + - ERROR_TABLE_BASE_krb5, - "signalled from server"); - if (error->text.data) - fprintf(stderr, - "Error text from server: %s\n", - error->text.data); - } - krb5_free_error(context, error); - exit(1); - } + /* + * OK, we've sent the database; now let's wait for a success + * indication from the remote end. + */ + retval = krb5_read_message(context, (void *) &fd, &inbuf); + if (retval) { + com_err(progname, retval, + "while reading response from server"); + exit(1); + } + /* + * If we got an error response back from the server, display + * the error message + */ + if (krb5_is_krb_error(&inbuf)) { + retval = krb5_rd_error(context, &inbuf, &error); + if (retval) { + com_err(progname, retval, + "while decoding error response from server"); + exit(1); + } + if (error->error == KRB_ERR_GENERIC) { + if (error->text.data) + fprintf(stderr, + "Generic remote error: %s\n", + error->text.data); + } else if (error->error) { + com_err(progname, + (krb5_error_code) error->error + + ERROR_TABLE_BASE_krb5, + "signalled from server"); + if (error->text.data) + fprintf(stderr, + "Error text from server: %s\n", + error->text.data); + } + krb5_free_error(context, error); + exit(1); + } - retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL); - if (retval) { - com_err(progname, retval, - "while decoding final size packet from server"); - exit(1); - } + retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL); + if (retval) { + com_err(progname, retval, + "while decoding final size packet from server"); + exit(1); + } - memcpy(&send_size, outbuf.data, sizeof(send_size)); - send_size = ntohl(send_size); - if (send_size != database_size) { - com_err(progname, 0, - "Kpropd sent database size %d, expecting %d", - send_size, database_size); - exit(1); - } - free(outbuf.data); - /* inbuf.data points to local storage */ + memcpy(&send_size, outbuf.data, sizeof(send_size)); + send_size = ntohl(send_size); + if (send_size != database_size) { + com_err(progname, 0, + "Kpropd sent database size %d, expecting %d", + send_size, database_size); + exit(1); + } + free(outbuf.data); + /* inbuf.data points to local storage */ } void send_error(context, my_creds, fd, err_text, err_code) krb5_context context; krb5_creds *my_creds; - int fd; - char *err_text; - krb5_error_code err_code; + int fd; + char *err_text; + krb5_error_code err_code; { - krb5_error error; - const char *text; - krb5_data outbuf; + krb5_error error; + const char *text; + krb5_data outbuf; - memset(&error, 0, sizeof(error)); - krb5_us_timeofday(context, &error.ctime, &error.cusec); - error.server = my_creds->server; - error.client = my_principal; - error.error = err_code - ERROR_TABLE_BASE_krb5; - if (error.error > 127) - error.error = KRB_ERR_GENERIC; - if (err_text) - text = err_text; - else - text = error_message(err_code); - error.text.length = strlen(text) + 1; - error.text.data = strdup(text); - if (error.text.data) { - if (!krb5_mk_error(context, &error, &outbuf)) { - (void) krb5_write_message(context, (void *)&fd,&outbuf); - krb5_free_data_contents(context, &outbuf); - } - free(error.text.data); - } + memset(&error, 0, sizeof(error)); + krb5_us_timeofday(context, &error.ctime, &error.cusec); + error.server = my_creds->server; + error.client = my_principal; + error.error = err_code - ERROR_TABLE_BASE_krb5; + if (error.error > 127) + error.error = KRB_ERR_GENERIC; + if (err_text) + text = err_text; + else + text = error_message(err_code); + error.text.length = strlen(text) + 1; + error.text.data = strdup(text); + if (error.text.data) { + if (!krb5_mk_error(context, &error, &outbuf)) { + (void) krb5_write_message(context, (void *)&fd,&outbuf); + krb5_free_data_contents(context, &outbuf); + } + free(error.text.data); + } } void update_last_prop_file(hostname, file_name) - char *hostname; - char *file_name; + char *hostname; + char *file_name; { - /* handle slave locking/failure stuff */ - char *file_last_prop; - int fd; - static char last_prop[]=".last_prop"; + /* handle slave locking/failure stuff */ + char *file_last_prop; + int fd; + static char last_prop[]=".last_prop"; - if (asprintf(&file_last_prop, "%s.%s%s", file_name, hostname, - last_prop) < 0) { - com_err(progname, ENOMEM, - "while allocating filename for update_last_prop_file"); - return; - } - if ((fd = THREEPARAMOPEN(file_last_prop, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { - com_err(progname, errno, - "while creating 'last_prop' file, '%s'", - file_last_prop); - free(file_last_prop); - return; - } - write(fd, "", 1); - free(file_last_prop); - close(fd); - return; + if (asprintf(&file_last_prop, "%s.%s%s", file_name, hostname, + last_prop) < 0) { + com_err(progname, ENOMEM, + "while allocating filename for update_last_prop_file"); + return; + } + if ((fd = THREEPARAMOPEN(file_last_prop, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { + com_err(progname, errno, + "while creating 'last_prop' file, '%s'", + file_last_prop); + free(file_last_prop); + return; + } + write(fd, "", 1); + free(file_last_prop); + close(fd); + return; } Modified: trunk/src/slave/kpropd.c =================================================================== --- trunk/src/slave/kpropd.c 2009-11-06 20:17:00 UTC (rev 23139) +++ trunk/src/slave/kpropd.c 2009-11-06 23:29:12 UTC (rev 23140) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (C) 1998 by the FundsXpress, INC. * @@ -115,98 +116,79 @@ * lib/kadm5/clnt/client_internal.h! */ typedef struct _kadm5_iprop_handle_t { - krb5_ui_4 magic_number; - krb5_ui_4 struct_version; - krb5_ui_4 api_version; - char *cache_name; - int destroy_cache; - CLIENT *clnt; - krb5_context context; - kadm5_config_params params; - struct _kadm5_iprop_handle_t *lhandle; + krb5_ui_4 magic_number; + krb5_ui_4 struct_version; + krb5_ui_4 api_version; + char *cache_name; + int destroy_cache; + CLIENT *clnt; + krb5_context context; + kadm5_config_params params; + struct _kadm5_iprop_handle_t *lhandle; } *kadm5_iprop_handle_t; static char *kprop_version = KPROP_PROT_VERSION; -char *progname; +char *progname; int debug = 0; -char *srvtab = 0; -int standalone = 0; +char *srvtab = 0; +int standalone = 0; -krb5_principal server; /* This is our server principal name */ -krb5_principal client; /* This is who we're talking to */ +krb5_principal server; /* This is our server principal name */ +krb5_principal client; /* This is who we're talking to */ krb5_context kpropd_context; krb5_auth_context auth_context; -char *realm = NULL; /* Our realm */ -char *file = KPROPD_DEFAULT_FILE; -char *temp_file_name; -char *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL; -char *kerb_database = NULL; -char *acl_file_name = KPROPD_ACL_FILE; +char *realm = NULL; /* Our realm */ +char *file = KPROPD_DEFAULT_FILE; +char *temp_file_name; +char *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL; +char *kerb_database = NULL; +char *acl_file_name = KPROPD_ACL_FILE; -krb5_address sender_addr; -krb5_address receiver_addr; -short port = 0; +krb5_address sender_addr; +krb5_address receiver_addr; +short port = 0; char **db_args = NULL; int db_args_size = 0; -void PRS - (char**); -int do_standalone - (iprop_role iproprole); -void doit - (int); +void PRS(char**); +int do_standalone(iprop_role iproprole); +void doit(int); krb5_error_code do_iprop(kdb_log_context *log_ctx); -void kerberos_authenticate - (krb5_context, - int, - krb5_principal *, - krb5_enctype *, - struct sockaddr_in); -krb5_boolean authorized_principal - (krb5_context, - krb5_principal, - krb5_enctype); -void recv_database - (krb5_context, - int, - int, - krb5_data *); -void load_database - (krb5_context, - char *, - char *); -void send_error - (krb5_context, - int, - krb5_error_code, - char *); -void recv_error - (krb5_context, - krb5_data *); +void kerberos_authenticate( + krb5_context, + int, + krb5_principal *, + krb5_enctype *, + struct sockaddr_in); +krb5_boolean authorized_principal(krb5_context, krb5_principal, krb5_enctype); +void recv_database(krb5_context, int, int, krb5_data *); +void load_database(krb5_context, char *, char *); +void send_error(krb5_context, int, krb5_error_code, char *); +void recv_error(krb5_context, krb5_data *); unsigned int backoff_from_master(int *); static kadm5_ret_t kadm5_get_kiprop_host_srv_name(krb5_context context, - const char *realm_name, - char **host_service_name); + const char *realm_name, + char **host_service_name); static void usage() { - fprintf(stderr, - "\nUsage: %s [-r realm] [-s srvtab] [-dS] [-f slave_file]\n", - progname); - fprintf(stderr, "\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"); - fprintf(stderr, "\t[-x db_args]* [-P port] [-a acl_file]\n"); - exit(1); + fprintf(stderr, + "\nUsage: %s [-r realm] [-s srvtab] [-dS] [-f slave_file]\n", + progname); + fprintf(stderr, "\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"); + fprintf(stderr, "\t[-x db_args]* [-P port] [-a acl_file]\n"); + exit(1); } int main(argc, argv) - int argc; - char **argv; + int argc; + char **argv; { krb5_error_code retval; int ret = 0; @@ -218,32 +200,32 @@ { #ifdef POSIX_SIGNALS - struct sigaction s_action; - memset(&s_action, 0, sizeof(s_action)); - sigemptyset(&s_action.sa_mask); - s_action.sa_handler = SIG_IGN; - sigaction(SIGPIPE, &s_action, NULL); + struct sigaction s_action; + memset(&s_action, 0, sizeof(s_action)); + sigemptyset(&s_action.sa_mask); + s_action.sa_handler = SIG_IGN; + sigaction(SIGPIPE, &s_action, NULL); #else - signal(SIGPIPE, SIG_IGN); + signal(SIGPIPE, SIG_IGN); #endif } if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) { - /* - * We wanna do iprop ! - */ - retval = do_iprop(log_ctx); - if (retval) { - com_err(progname, retval, - _("do_iprop failed.\n")); - exit(1); - } + /* + * We wanna do iprop ! + */ + retval = do_iprop(log_ctx); + if (retval) { + com_err(progname, retval, + _("do_iprop failed.\n")); + exit(1); + } } else { - if (standalone) - ret = do_standalone(IPROP_NULL); - else - doit(0); + if (standalone) + ret = do_standalone(IPROP_NULL); + else + doit(0); } exit(ret); @@ -253,338 +235,338 @@ { close (gfd); if (debug) - fprintf(stderr, _("resync_alarm: closing fd: %d\n"), gfd); + fprintf(stderr, _("resync_alarm: closing fd: %d\n"), gfd); gfd = -1; } int do_standalone(iprop_role iproprole) { - struct sockaddr_in my_sin, frominet; - struct servent *sp; - int finet, s; - GETPEERNAME_ARG3_TYPE fromlen; - int ret; - /* - * Timer for accept/read calls, in case of network type errors. - */ - int backoff_timer = INITIAL_TIMER; + struct sockaddr_in my_sin, frominet; + struct servent *sp; + int finet, s; + GETPEERNAME_ARG3_TYPE fromlen; + int ret; + /* + * Timer for accept/read calls, in case of network type errors. + */ + int backoff_timer = INITIAL_TIMER; retry: - finet = socket(AF_INET, SOCK_STREAM, 0); - if (finet < 0) { - com_err(progname, errno, "while obtaining socket"); - exit(1); - } - memset(&my_sin,0, sizeof(my_sin)); - if(!port) { - sp = getservbyname(KPROP_SERVICE, "tcp"); - if (sp == NULL) { - com_err(progname, 0, "%s/tcp: unknown service", KPROP_SERVICE); - my_sin.sin_port = htons(KPROP_PORT); - } - else my_sin.sin_port = sp->s_port; - } else { - my_sin.sin_port = port; - } - my_sin.sin_family = AF_INET; + finet = socket(AF_INET, SOCK_STREAM, 0); + if (finet < 0) { + com_err(progname, errno, "while obtaining socket"); + exit(1); + } + memset(&my_sin,0, sizeof(my_sin)); + if(!port) { + sp = getservbyname(KPROP_SERVICE, "tcp"); + if (sp == NULL) { + com_err(progname, 0, "%s/tcp: unknown service", KPROP_SERVICE); + my_sin.sin_port = htons(KPROP_PORT); + } + else my_sin.sin_port = sp->s_port; + } else { + my_sin.sin_port = port; + } + my_sin.sin_family = AF_INET; - /* - * We need to close the socket immediately if iprop is enabled, - * since back-to-back full resyncs are possible, so we do not - * linger around for too long - */ - if (iproprole == IPROP_SLAVE) { - int on = 1; - struct linger linger; + /* + * We need to close the socket immediately if iprop is enabled, + * since back-to-back full resyncs are possible, so we do not + * linger around for too long + */ + if (iproprole == IPROP_SLAVE) { + int on = 1; + struct linger linger; - if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR, - (char *)&on, sizeof(on)) < 0) - com_err(progname, errno, - _("while setting socket option (SO_REUSEADDR)")); - linger.l_onoff = 1; - linger.l_linger = 2; - if (setsockopt(finet, SOL_SOCKET, SO_LINGER, - (void *)&linger, sizeof(linger)) < 0) - com_err(progname, errno, - _("while setting socket option (SO_LINGER)")); - /* - * We also want to set a timer so that the slave is not waiting - * until infinity for an update from the master. - */ - gfd = finet; - signal(SIGALRM, resync_alarm); - if (debug) { - fprintf(stderr, "do_standalone: setting resync alarm to %d\n", - backoff_timer); - } - if (alarm(backoff_timer) != 0) { - if (debug) { - fprintf(stderr, - _("%s: alarm already set\n"), progname); - } - } - backoff_timer *= 2; - } - if ((ret = bind(finet, (struct sockaddr *) &my_sin, sizeof(my_sin))) < 0) { - if (debug) { - int on = 1; - fprintf(stderr, - "%s: attempting to rebind socket with SO_REUSEADDR\n", - progname); - if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR, - (char *)&on, sizeof(on)) < 0) - com_err(progname, errno, "in setsockopt(SO_REUSEADDR)"); - ret = bind(finet, (struct sockaddr *) &my_sin, sizeof(my_sin)); - } - if (ret < 0) { - perror("bind"); - com_err(progname, errno, "while binding listener socket"); - exit(1); - } - } - if (!debug && iproprole != IPROP_SLAVE) - daemon(1, 0); + if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR, + (char *)&on, sizeof(on)) < 0) + com_err(progname, errno, + _("while setting socket option (SO_REUSEADDR)")); + linger.l_onoff = 1; + linger.l_linger = 2; + if (setsockopt(finet, SOL_SOCKET, SO_LINGER, + (void *)&linger, sizeof(linger)) < 0) + com_err(progname, errno, + _("while setting socket option (SO_LINGER)")); + /* + * We also want to set a timer so that the slave is not waiting + * until infinity for an update from the master. + */ + gfd = finet; + signal(SIGALRM, resync_alarm); + if (debug) { + fprintf(stderr, "do_standalone: setting resync alarm to %d\n", + backoff_timer); + } + if (alarm(backoff_timer) != 0) { + if (debug) { + fprintf(stderr, + _("%s: alarm already set\n"), progname); + } + } + backoff_timer *= 2; + } + if ((ret = bind(finet, (struct sockaddr *) &my_sin, sizeof(my_sin))) < 0) { + if (debug) { + int on = 1; + fprintf(stderr, + "%s: attempting to rebind socket with SO_REUSEADDR\n", + progname); + if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR, + (char *)&on, sizeof(on)) < 0) + com_err(progname, errno, "in setsockopt(SO_REUSEADDR)"); + ret = bind(finet, (struct sockaddr *) &my_sin, sizeof(my_sin)); + } + if (ret < 0) { + perror("bind"); + com_err(progname, errno, "while binding listener socket"); + exit(1); + } + } + if (!debug && iproprole != IPROP_SLAVE) + daemon(1, 0); #ifdef PID_FILE - if ((pidfile = fopen(PID_FILE, "w")) != NULL) { - fprintf(pidfile, "%d\n", getpid()); - fclose(pidfile); - } else - com_err(progname, errno, - "while opening pid file %s for writing", PID_FILE); + if ((pidfile = fopen(PID_FILE, "w")) != NULL) { + fprintf(pidfile, "%d\n", getpid()); + fclose(pidfile); + } else + com_err(progname, errno, + "while opening pid file %s for writing", PID_FILE); #endif - if (listen(finet, 5) < 0) { - com_err(progname, errno, "in listen call"); - exit(1); - } - while (1) { - int child_pid; - int status; + if (listen(finet, 5) < 0) { + com_err(progname, errno, "in listen call"); + exit(1); + } + while (1) { + int child_pid; + int status; - memset(&frominet, 0, sizeof(frominet)); - fromlen = sizeof(frominet); - if (debug) - fprintf(stderr, "waiting for a kprop connection\n"); - s = accept(finet, (struct sockaddr *) &frominet, &fromlen); + memset(&frominet, 0, sizeof(frominet)); + fromlen = sizeof(frominet); + if (debug) + fprintf(stderr, "waiting for a kprop connection\n"); + s = accept(finet, (struct sockaddr *) &frominet, &fromlen); - if (s < 0) { - int e = errno; - if (e != EINTR) { - com_err(progname, e, - _("while accepting connection")); - if (e != EBADF) - backoff_timer = INITIAL_TIMER; - } - /* - * If we got EBADF, an alarm signal handler closed - * the file descriptor on us. - */ - if (e != EBADF) - close(finet); - /* - * An alarm could have been set and the fd closed, we - * should retry in case of transient network error for - * up to a couple of minutes. - */ - if (backoff_timer > 120) - return EINTR; - goto retry; - } - alarm(0); - gfd = -1; - if (debug && iproprole != IPROP_SLAVE) - child_pid = 0; - else - child_pid = fork(); - switch (child_pid) { - case -1: - com_err(progname, errno, "while forking"); - exit(1); - case 0: - (void) close(finet); + if (s < 0) { + int e = errno; + if (e != EINTR) { + com_err(progname, e, + _("while accepting connection")); + if (e != EBADF) + backoff_timer = INITIAL_TIMER; + } + /* + * If we got EBADF, an alarm signal handler closed + * the file descriptor on us. + */ + if (e != EBADF) + close(finet); + /* + * An alarm could have been set and the fd closed, we + * should retry in case of transient network error for + * up to a couple of minutes. + */ + if (backoff_timer > 120) + return EINTR; + goto retry; + } + alarm(0); + gfd = -1; + if (debug && iproprole != IPROP_SLAVE) + child_pid = 0; + else + child_pid = fork(); + switch (child_pid) { + case -1: + com_err(progname, errno, "while forking"); + exit(1); + case 0: + (void) close(finet); - doit(s); - close(s); - _exit(0); - default: - /* - * Errors should not be considered fatal in the - * iprop case as we could have transient type - * errors, such as network outage, etc. Sleeping - * 3s for 2s linger interval. - */ - if (wait(&status) < 0) { - com_err(progname, errno, - _("while waiting to receive database")); - if (iproprole != IPROP_SLAVE) - exit(1); - sleep(3); - } + doit(s); + close(s); + _exit(0); + default: + /* + * Errors should not be considered fatal in the + * iprop case as we could have transient type + * errors, such as network outage, etc. Sleeping + * 3s for 2s linger interval. + */ + if (wait(&status) < 0) { + com_err(progname, errno, + _("while waiting to receive database")); + if (iproprole != IPROP_SLAVE) + exit(1); + sleep(3); + } - close(s); - if (iproprole == IPROP_SLAVE) - close(finet); + close(s); + if (iproprole == IPROP_SLAVE) + close(finet); - if ((ret = WEXITSTATUS(status)) != 0) - return (ret); - } - if (iproprole == IPROP_SLAVE) - break; - } - return 0; + if ((ret = WEXITSTATUS(status)) != 0) + return (ret); + } + if (iproprole == IPROP_SLAVE) + break; + } + return 0; } void doit(fd) - int fd; + int fd; { - struct sockaddr_in from; - int on = 1; - GETPEERNAME_ARG3_TYPE fromlen; - struct hostent *hp; - krb5_error_code retval; - krb5_data confmsg; - int lock_fd; - mode_t omask; - krb5_enctype etype; - int database_fd; + struct sockaddr_in from; + int on = 1; + GETPEERNAME_ARG3_TYPE fromlen; + struct hostent *hp; + krb5_error_code retval; + krb5_data confmsg; + int lock_fd; + mode_t omask; + krb5_enctype etype; + int database_fd; - if (kpropd_context->kdblog_context && - kpropd_context->kdblog_context->iproprole == IPROP_SLAVE) { - /* - * We also want to set a timer so that the slave is not waiting - * until infinity for an update from the master. - */ - if (debug) - fprintf(stderr, "doit: setting resync alarm to 5s\n"); - signal(SIGALRM, resync_alarm); - gfd = fd; - if (alarm(INITIAL_TIMER) != 0) { - if (debug) { - fprintf(stderr, - _("%s: alarm already set\n"), progname); - } - } - } - fromlen = sizeof (from); - if (getpeername(fd, (struct sockaddr *) &from, &fromlen) < 0) { + if (kpropd_context->kdblog_context && + kpropd_context->kdblog_context->iproprole == IPROP_SLAVE) { + /* + * We also want to set a timer so that the slave is not waiting + * until infinity for an update from the master. + */ + if (debug) + fprintf(stderr, "doit: setting resync alarm to 5s\n"); + signal(SIGALRM, resync_alarm); + gfd = fd; + if (alarm(INITIAL_TIMER) != 0) { + if (debug) { + fprintf(stderr, + _("%s: alarm already set\n"), progname); + } + } + } + fromlen = sizeof (from); + if (getpeername(fd, (struct sockaddr *) &from, &fromlen) < 0) { #ifdef ENOTSOCK - if (errno == ENOTSOCK && fd == 0 && !standalone) { - fprintf(stderr, - "%s: Standard input does not appear to be a network socket.\n" - "\t(Not run from inetd, and missing the -S option?)\n", - progname); - exit(1); - } + if (errno == ENOTSOCK && fd == 0 && !standalone) { + fprintf(stderr, + "%s: Standard input does not appear to be a network socket.\n" + "\t(Not run from inetd, and missing the -S option?)\n", + progname); + exit(1); + } #endif - fprintf(stderr, "%s: ", progname); - perror("getpeername"); - exit(1); - } - if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (caddr_t) &on, - sizeof (on)) < 0) { - com_err(progname, errno, - "while attempting setsockopt (SO_KEEPALIVE)"); - } + fprintf(stderr, "%s: ", progname); + perror("getpeername"); + exit(1); + } + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (caddr_t) &on, + sizeof (on)) < 0) { + com_err(progname, errno, + "while attempting setsockopt (SO_KEEPALIVE)"); + } - if (!(hp = gethostbyaddr((char *) &(from.sin_addr.s_addr), fromlen, - AF_INET))) { - syslog(LOG_INFO, "Connection from %s", - inet_ntoa(from.sin_addr)); - if (debug) - printf("Connection from %s\n", - inet_ntoa(from.sin_addr)); - } else { - syslog(LOG_INFO, "Connection from %s", hp->h_name); - if (debug) - printf("Connection from %s\n", hp->h_name); - } + if (!(hp = gethostbyaddr((char *) &(from.sin_addr.s_addr), fromlen, + AF_INET))) { + syslog(LOG_INFO, "Connection from %s", + inet_ntoa(from.sin_addr)); + if (debug) + printf("Connection from %s\n", + inet_ntoa(from.sin_addr)); + } else { + syslog(LOG_INFO, "Connection from %s", hp->h_name); + if (debug) + printf("Connection from %s\n", hp->h_name); + } - /* - * Now do the authentication - */ - kerberos_authenticate(kpropd_context, fd, &client, &etype, from); + /* + * Now do the authentication + */ + kerberos_authenticate(kpropd_context, fd, &client, &etype, from); - /* - * Turn off alarm upon successful authentication from master. - */ - alarm(0); - gfd = -1; + /* + * Turn off alarm upon successful authentication from master. + */ + alarm(0); + gfd = -1; - if (!authorized_principal(kpropd_context, client, etype)) { - char *name; + if (!authorized_principal(kpropd_context, client, etype)) { + char *name; - retval = krb5_unparse_name(kpropd_context, client, &name); - if (retval) { - com_err(progname, retval, - "While unparsing client name"); - exit(1); - } - if (debug) - fprintf(stderr, - "Rejected connection from unauthorized principal %s\n", - name); - syslog(LOG_WARNING, - "Rejected connection from unauthorized principal %s", - name); - free(name); - exit(1); - } - omask = umask(077); - lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600); - (void) umask(omask); - retval = krb5_lock_file(kpropd_context, lock_fd, - KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK); - if (retval) { - com_err(progname, retval, "while trying to lock '%s'", - temp_file_name); - exit(1); - } - if ((database_fd = open(temp_file_name, - O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { - com_err(progname, errno, - "while opening database file, '%s'", - temp_file_name); - exit(1); - } - recv_database(kpropd_context, fd, database_fd, &confmsg); - if (rename(temp_file_name, file)) { - com_err(progname, errno, "While renaming %s to %s", - temp_file_name, file); - exit(1); - } - retval = krb5_lock_file(kpropd_context, lock_fd, KRB5_LOCKMODE_SHARED); - if (retval) { - com_err(progname, retval, "while downgrading lock on '%s'", - temp_file_name); - exit(1); - } - load_database(kpropd_context, kdb5_util, file); - retval = krb5_lock_file(kpropd_context, lock_fd, KRB5_LOCKMODE_UNLOCK); - if (retval) { - com_err(progname, retval, "while unlocking '%s'", temp_file_name); - exit(1); - } - (void)close(lock_fd); + retval = krb5_unparse_name(kpropd_context, client, &name); + if (retval) { + com_err(progname, retval, + "While unparsing client name"); + exit(1); + } + if (debug) + fprintf(stderr, + "Rejected connection from unauthorized principal %s\n", + name); + syslog(LOG_WARNING, + "Rejected connection from unauthorized principal %s", + name); + free(name); + exit(1); + } + omask = umask(077); + lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600); + (void) umask(omask); + retval = krb5_lock_file(kpropd_context, lock_fd, + KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK); + if (retval) { + com_err(progname, retval, "while trying to lock '%s'", + temp_file_name); + exit(1); + } + if ((database_fd = open(temp_file_name, + O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { + com_err(progname, errno, + "while opening database file, '%s'", + temp_file_name); + exit(1); + } + recv_database(kpropd_context, fd, database_fd, &confmsg); + if (rename(temp_file_name, file)) { + com_err(progname, errno, "While renaming %s to %s", + temp_file_name, file); + exit(1); + } + retval = krb5_lock_file(kpropd_context, lock_fd, KRB5_LOCKMODE_SHARED); + if (retval) { + com_err(progname, retval, "while downgrading lock on '%s'", + temp_file_name); + exit(1); + } + load_database(kpropd_context, kdb5_util, file); + retval = krb5_lock_file(kpropd_context, lock_fd, KRB5_LOCKMODE_UNLOCK); + if (retval) { + com_err(progname, retval, "while unlocking '%s'", temp_file_name); + exit(1); + } + (void)close(lock_fd); - /* - * Send the acknowledgement message generated in - * recv_database, then close the socket. - */ - retval = krb5_write_message(kpropd_context, (void *) &fd, &confmsg); - if (retval) { - krb5_free_data_contents(kpropd_context, &confmsg); - com_err(progname, retval, - "while sending # of received bytes"); - exit(1); - } - krb5_free_data_contents(kpropd_context, &confmsg); - if (close(fd) < 0) { - com_err(progname, errno, - "while trying to close database file"); - exit(1); - } + /* + * Send the acknowledgement message generated in + * recv_database, then close the socket. + */ + retval = krb5_write_message(kpropd_context, (void *) &fd, &confmsg); + if (retval) { + krb5_free_data_contents(kpropd_context, &confmsg); + com_err(progname, retval, + "while sending # of received bytes"); + exit(1); + } + krb5_free_data_contents(kpropd_context, &confmsg); + if (close(fd) < 0) { + com_err(progname, errno, + "while trying to close database file"); + exit(1); + } - exit(0); + exit(0); } /* Default timeout can be changed using clnt_control() */ @@ -593,28 +575,28 @@ static kdb_fullresync_result_t * full_resync(CLIENT *clnt) { - static kdb_fullresync_result_t clnt_res; - uint32_t vers = IPROPX_VERSION_1; /* max version we support */ - enum clnt_stat status; + static kdb_fullresync_result_t clnt_res; + uint32_t vers = IPROPX_VERSION_1; /* max version we support */ + enum clnt_stat status; - memset(&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); - status = clnt_call (clnt, IPROP_FULL_RESYNC_EXT, - (xdrproc_t) xdr_u_int32, - (caddr_t) &vers, - (xdrproc_t) xdr_kdb_fullresync_result_t, - (caddr_t) &clnt_res, - full_resync_timeout); - if (status == RPC_PROCUNAVAIL) { - status = clnt_call (clnt, IPROP_FULL_RESYNC, - (xdrproc_t) xdr_void, - (caddr_t *)&vers, - (xdrproc_t) xdr_kdb_fullresync_result_t, - (caddr_t) &clnt_res, - full_resync_timeout); - } + status = clnt_call (clnt, IPROP_FULL_RESYNC_EXT, + (xdrproc_t) xdr_u_int32, + (caddr_t) &vers, + (xdrproc_t) xdr_kdb_fullresync_result_t, + (caddr_t) &clnt_res, + full_resync_timeout); + if (status == RPC_PROCUNAVAIL) { + status = clnt_call (clnt, IPROP_FULL_RESYNC, + (xdrproc_t) xdr_void, + (caddr_t *)&vers, + (xdrproc_t) xdr_kdb_fullresync_result_t, + (caddr_t) &clnt_res, + full_resync_timeout); + } - return (status == RPC_SUCCESS) ? &clnt_res : NULL; + return (status == RPC_SUCCESS) ? &clnt_res : NULL; } /* @@ -623,378 +605,378 @@ kadm5_config_params params; krb5_error_code do_iprop(kdb_log_context *log_ctx) { - kadm5_ret_t retval; - krb5_ccache cc; - krb5_principal iprop_svc_principal; - void *server_handle = NULL; - char *iprop_svc_princstr = NULL; - char *master_svc_princstr = NULL; - unsigned int pollin, backoff_time; - int backoff_cnt = 0; - int reinit_cnt = 0; - int ret; - int frdone = 0; + kadm5_ret_t retval; + krb5_ccache cc; + krb5_principal iprop_svc_principal; + void *server_handle = NULL; + char *iprop_svc_princstr = NULL; + char *master_svc_princstr = NULL; + unsigned int pollin, backoff_time; + int backoff_cnt = 0; + int reinit_cnt = 0; + int ret; + int frdone = 0; - kdb_incr_result_t *incr_ret; - static kdb_last_t mylast; + kdb_incr_result_t *incr_ret; + static kdb_last_t mylast; - kdb_fullresync_result_t *full_ret; + kdb_fullresync_result_t *full_ret; - kadm5_iprop_handle_t handle; - kdb_hlog_t *ulog; + kadm5_iprop_handle_t handle; + kdb_hlog_t *ulog; - if (!debug) - daemon(0, 0); + if (!debug) + daemon(0, 0); - ulog = log_ctx->ulog; + ulog = log_ctx->ulog; - pollin = params.iprop_poll_time; - if (pollin < 10) - pollin = 10; + pollin = params.iprop_poll_time; + if (pollin < 10) + pollin = 10; - /* - * Grab the realm info and check if iprop is enabled. - */ - if (def_realm == NULL) { - retval = krb5_get_default_realm(kpropd_context, &def_realm); - if (retval) { - com_err(progname, retval, - _("Unable to get default realm")); - exit(1); - } - } + /* + * Grab the realm info and check if iprop is enabled. + */ + if (def_realm == NULL) { + retval = krb5_get_default_realm(kpropd_context, &def_realm); + if (retval) { + com_err(progname, retval, + _("Unable to get default realm")); + exit(1); + } + } - params.mask |= KADM5_CONFIG_REALM; - params.realm = def_realm; + params.mask |= KADM5_CONFIG_REALM; + params.realm = def_realm; - if (master_svc_princstr == NULL) { - if ((retval = kadm5_get_kiprop_host_srv_name(kpropd_context, - def_realm, - &master_svc_princstr))) { - com_err(progname, retval, - _("%s: unable to get kiprop host based " - "service name for realm %s\n"), - progname, def_realm); - exit(1); - } - } + if (master_svc_princstr == NULL) { + if ((retval = kadm5_get_kiprop_host_srv_name(kpropd_context, + def_realm, + &master_svc_princstr))) { + com_err(progname, retval, + _("%s: unable to get kiprop host based " + "service name for realm %s\n"), + progname, def_realm); + exit(1); + } + } - /* - * Set cc to the default credentials cache - */ - if ((retval = krb5_cc_default(kpropd_context, &cc))) { - com_err(progname, retval, - _("while opening default " - "credentials cache")); - exit(1); - } + /* + * Set cc to the default credentials cache + */ + if ((retval = krb5_cc_default(kpropd_context, &cc))) { + com_err(progname, retval, + _("while opening default " + "credentials cache")); + exit(1); + } - retval = krb5_sname_to_principal(kpropd_context, NULL, KIPROP_SVC_NAME, - KRB5_NT_SRV_HST, &iprop_svc_principal); - if (retval) { - com_err(progname, retval, - _("while trying to construct host service principal")); - exit(1); - } + retval = krb5_sname_to_principal(kpropd_context, NULL, KIPROP_SVC_NAME, + KRB5_NT_SRV_HST, &iprop_svc_principal); + if (retval) { + com_err(progname, retval, + _("while trying to construct host service principal")); + exit(1); + } - /* XXX referrals? */ - if (krb5_is_referral_realm(krb5_princ_realm(kpropd_context, - iprop_svc_principal))) { - krb5_data *r = krb5_princ_realm(kpropd_context, - iprop_svc_principal); - assert(def_realm != NULL); - r->length = strlen(def_realm); - r->data = strdup(def_realm); - if (r->data == NULL) { - com_err(progname, retval, - _("while determining local service principal name")); - exit(1); - } - /* XXX Memory leak: Old r->data value. */ - } - if ((retval = krb5_unparse_name(kpropd_context, iprop_svc_principal, - &iprop_svc_princstr))) { - com_err(progname, retval, - _("while canonicalizing principal name")); - krb5_free_principal(kpropd_context, iprop_svc_principal); - exit(1); - } - krb5_free_principal(kpropd_context, iprop_svc_principal); + /* XXX referrals? */ + if (krb5_is_referral_realm(krb5_princ_realm(kpropd_context, + iprop_svc_principal))) { + krb5_data *r = krb5_princ_realm(kpropd_context, + iprop_svc_principal); + assert(def_realm != NULL); + r->length = strlen(def_realm); + r->data = strdup(def_realm); + if (r->data == NULL) { + com_err(progname, retval, + _("while determining local service principal name")); + exit(1); + } + /* XXX Memory leak: Old r->data value. */ + } + if ((retval = krb5_unparse_name(kpropd_context, iprop_svc_principal, + &iprop_svc_princstr))) { + com_err(progname, retval, + _("while canonicalizing principal name")); + krb5_free_principal(kpropd_context, iprop_svc_principal); + exit(1); + } + krb5_free_principal(kpropd_context, iprop_svc_principal); reinit: - /* - * Authentication, initialize rpcsec_gss handle etc. - */ - retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr, - srvtab, - master_svc_princstr, - ¶ms, - KADM5_STRUCT_VERSION, - KADM5_API_VERSION_3, - db_args, - &server_handle); + /* + * Authentication, initialize rpcsec_gss handle etc. + */ + retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr, + srvtab, + master_svc_princstr, + ¶ms, + KADM5_STRUCT_VERSION, + KADM5_API_VERSION_3, + db_args, + &server_handle); - if (retval) { - if (retval == KADM5_RPC_ERROR) { - reinit_cnt++; - if (server_handle) - kadm5_destroy((void *) server_handle); - server_handle = (void *)NULL; - handle = (kadm5_iprop_handle_t)NULL; + if (retval) { + if (retval == KADM5_RPC_ERROR) { + reinit_cnt++; + if (server_handle) + kadm5_destroy((void *) server_handle); + server_handle = (void *)NULL; + handle = (kadm5_iprop_handle_t)NULL; - com_err(progname, retval, _( - "while attempting to connect" - " to master KDC ... retrying")); - backoff_time = backoff_from_master(&reinit_cnt); - (void) sleep(backoff_time); - goto reinit; - } else { - if (retval == KADM5_BAD_CLIENT_PARAMS || - retval == KADM5_BAD_SERVER_PARAMS) { - com_err(progname, retval, - _("while initializing %s interface"), - progname); + com_err(progname, retval, _( + "while attempting to connect" + " to master KDC ... retrying")); + backoff_time = backoff_from_master(&reinit_cnt); + (void) sleep(backoff_time); + goto reinit; + } else { + if (retval == KADM5_BAD_CLIENT_PARAMS || + retval == KADM5_BAD_SERVER_PARAMS) { + com_err(progname, retval, + _("while initializing %s interface"), + progname); - usage(); - } - reinit_cnt++; - com_err(progname, retval, - _("while initializing %s interface, retrying"), - progname); - backoff_time = backoff_from_master(&reinit_cnt); - sleep(backoff_time); - goto reinit; - } - } + usage(); + } + reinit_cnt++; + com_err(progname, retval, + _("while initializing %s interface, retrying"), + progname); + backoff_time = backoff_from_master(&reinit_cnt); + sleep(backoff_time); + goto reinit; + } + } - /* - * Reset re-initialization count to zero now. - */ - reinit_cnt = backoff_time = 0; + /* + * Reset re-initialization count to zero now. + */ + reinit_cnt = backoff_time = 0; - /* - * Reset the handle to the correct type for the RPC call - */ - handle = server_handle; + /* + * Reset the handle to the correct type for the RPC call + */ + handle = server_handle; - for (;;) { - incr_ret = NULL; - full_ret = NULL; + for (;;) { + incr_ret = NULL; + full_ret = NULL; - /* - * Get the most recent ulog entry sno + ts, which - * we package in the request to the master KDC - */ - mylast.last_sno = ulog->kdb_last_sno; - mylast.last_time = ulog->kdb_last_time; + /* + * Get the most recent ulog entry sno + ts, which + * we package in the request to the master KDC + */ + mylast.last_sno = ulog->kdb_last_sno; + mylast.last_time = ulog->kdb_last_time; - /* - * Loop continuously on an iprop_get_updates_1(), - * so that we can keep probing the master for updates - * or (if needed) do a full resync of the krb5 db. - */ + /* + * Loop continuously on an iprop_get_updates_1(), + * so that we can keep probing the master for updates + * or (if needed) do a full resync of the krb5 db. + */ - incr_ret = iprop_get_updates_1(&mylast, handle->clnt); - if (incr_ret == (kdb_incr_result_t *)NULL) { - clnt_perror(handle->clnt, - "iprop_get_updates call failed"); - if (server_handle) - kadm5_destroy((void *)server_handle); - server_handle = (void *)NULL; - handle = (kadm5_iprop_handle_t)NULL; - goto reinit; - } + incr_ret = iprop_get_updates_1(&mylast, handle->clnt); + if (incr_ret == (kdb_incr_result_t *)NULL) { + clnt_perror(handle->clnt, + "iprop_get_updates call failed"); + if (server_handle) + kadm5_destroy((void *)server_handle); + server_handle = (void *)NULL; + handle = (kadm5_iprop_handle_t)NULL; + goto reinit; + } - switch (incr_ret->ret) { + switch (incr_ret->ret) { - case UPDATE_FULL_RESYNC_NEEDED: - /* - * We dont do a full resync again, if the last - * X'fer was a resync and if the master sno is - * still "0", i.e. no updates so far. - */ - if ((frdone == 1) && (incr_ret->lastentry.last_sno - == 0)) { - break; - } else { - full_ret = full_resync(handle->clnt); - if (full_ret == (kdb_fullresync_result_t *) - NULL) { - clnt_perror(handle->clnt, - "iprop_full_resync call failed"); - if (server_handle) - kadm5_destroy((void *) - server_handle); - server_handle = (void *)NULL; - handle = (kadm5_iprop_handle_t)NULL; - goto reinit; - } - } + case UPDATE_FULL_RESYNC_NEEDED: + /* + * We dont do a full resync again, if the last + * X'fer was a resync and if the master sno is + * still "0", i.e. no updates so far. + */ + if ((frdone == 1) && (incr_ret->lastentry.last_sno + == 0)) { + break; + } else { + full_ret = full_resync(handle->clnt); + if (full_ret == (kdb_fullresync_result_t *) + NULL) { + clnt_perror(handle->clnt, + "iprop_full_resync call failed"); + if (server_handle) + kadm5_destroy((void *) + server_handle); + server_handle = (void *)NULL; + handle = (kadm5_iprop_handle_t)NULL; + goto reinit; + } + } - switch (full_ret->ret) { - case UPDATE_OK: - backoff_cnt = 0; - /* - * We now listen on the kprop port for - * the full dump - */ - ret = do_standalone(log_ctx->iproprole); - if (debug) { - if (ret) - fprintf(stderr, - _("Full resync " - "was unsuccessful\n")); - else - fprintf(stderr, - _("Full resync " - "was successful\n")); - } - if (ret) { - syslog(LOG_WARNING, - _("kpropd: Full resync, invalid return.")); - frdone = 0; - backoff_cnt++; - } else - frdone = 1; - break; + switch (full_ret->ret) { + case UPDATE_OK: + backoff_cnt = 0; + /* + * We now listen on the kprop port for + * the full dump + */ + ret = do_standalone(log_ctx->iproprole); + if (debug) { + if (ret) + fprintf(stderr, + _("Full resync " + "was unsuccessful\n")); + else + fprintf(stderr, + _("Full resync " + "was successful\n")); + } + if (ret) { + syslog(LOG_WARNING, + _("kpropd: Full resync, invalid return.")); + frdone = 0; + backoff_cnt++; + } else + frdone = 1; + break; - case UPDATE_BUSY: - /* - * Exponential backoff - */ - backoff_cnt++; - break; + case UPDATE_BUSY: + /* + * Exponential backoff + */ + backoff_cnt++; + break; - case UPDATE_FULL_RESYNC_NEEDED: - case UPDATE_NIL: - default: - backoff_cnt = 0; - frdone = 0; - syslog(LOG_ERR, _("kpropd: Full resync," - " invalid return from master KDC.")); - break; + case UPDATE_FULL_RESYNC_NEEDED: + case UPDATE_NIL: + default: + backoff_cnt = 0; + frdone = 0; + syslog(LOG_ERR, _("kpropd: Full resync," + " invalid return from master KDC.")); + break; - case UPDATE_PERM_DENIED: - syslog(LOG_ERR, _("kpropd: Full resync," - " permission denied.")); - goto error; + case UPDATE_PERM_DENIED: + syslog(LOG_ERR, _("kpropd: Full resync," + " permission denied.")); + goto error; - case UPDATE_ERROR: - syslog(LOG_ERR, _("kpropd: Full resync," - " error returned from master KDC.")); - goto error; - } - break; + case UPDATE_ERROR: + syslog(LOG_ERR, _("kpropd: Full resync," + " error returned from master KDC.")); + goto error; + } + break; - case UPDATE_OK: - backoff_cnt = 0; - frdone = 0; + case UPDATE_OK: + backoff_cnt = 0; + frdone = 0; - /* - * ulog_replay() will convert the ulog updates to db - * entries using the kdb conv api and will commit - * the entries to the slave kdc database - */ - retval = ulog_replay(kpropd_context, incr_ret, - db_args); + /* + * ulog_replay() will convert the ulog updates to db + * entries using the kdb conv api and will commit + * the entries to the slave kdc database + */ + retval = ulog_replay(kpropd_context, incr_ret, + db_args); - if (retval) { - const char *msg = - krb5_get_error_message(kpropd_context, retval); - syslog(LOG_ERR, - _("kpropd: ulog_replay failed (%s), updates not registered."), msg); - krb5_free_error_message(kpropd_context, msg); - break; - } + if (retval) { + const char *msg = + krb5_get_error_message(kpropd_context, retval); + syslog(LOG_ERR, + _("kpropd: ulog_replay failed (%s), updates not registered."), msg); + krb5_free_error_message(kpropd_context, msg); + break; + } - if (debug) - fprintf(stderr, _("Update transfer " - "from master was OK\n")); - break; + if (debug) + fprintf(stderr, _("Update transfer " + "from master was OK\n")); + break; - case UPDATE_PERM_DENIED: - syslog(LOG_ERR, _("kpropd: get_updates," - " permission denied.")); - goto error; + case UPDATE_PERM_DENIED: + syslog(LOG_ERR, _("kpropd: get_updates," + " permission denied.")); + goto error; - case UPDATE_ERROR: - syslog(LOG_ERR, _("kpropd: get_updates, error " - "returned from master KDC.")); - goto error; + case UPDATE_ERROR: + syslog(LOG_ERR, _("kpropd: get_updates, error " + "returned from master KDC.")); + goto error; - case UPDATE_BUSY: - /* - * Exponential backoff - */ - backoff_cnt++; - break; + case UPDATE_BUSY: + /* + * Exponential backoff + */ + backoff_cnt++; + break; - case UPDATE_NIL: - /* - * Master-slave are in sync - */ - if (debug) - fprintf(stderr, _("Master, slave KDC's " - "are in-sync, no updates\n")); - backoff_cnt = 0; - frdone = 0; - break; + case UPDATE_NIL: + /* + * Master-slave are in sync + */ + if (debug) + fprintf(stderr, _("Master, slave KDC's " + "are in-sync, no updates\n")); + backoff_cnt = 0; + frdone = 0; + break; - default: - backoff_cnt = 0; - syslog(LOG_ERR, _("kpropd: get_updates," - " invalid return from master KDC.")); - break; - } + default: + backoff_cnt = 0; + syslog(LOG_ERR, _("kpropd: get_updates," + " invalid return from master KDC.")); + break; + } - if (runonce == 1) - goto done; + if (runonce == 1) + goto done; - /* - * Sleep for the specified poll interval (Default is 2 mts), - * or do a binary exponential backoff if we get an - * UPDATE_BUSY signal - */ - if (backoff_cnt > 0) { - backoff_time = backoff_from_master(&backoff_cnt); - if (debug) - fprintf(stderr, _("Busy signal received " - "from master, backoff for %d secs\n"), - backoff_time); - (void) sleep(backoff_time); - } - else - (void) sleep(pollin); + /* + * Sleep for the specified poll interval (Default is 2 mts), + * or do a binary exponential backoff if we get an + * UPDATE_BUSY signal + */ + if (backoff_cnt > 0) { + backoff_time = backoff_from_master(&backoff_cnt); + if (debug) + fprintf(stderr, _("Busy signal received " + "from master, backoff for %d secs\n"), + backoff_time); + (void) sleep(backoff_time); + } + else + (void) sleep(pollin); - } + } error: - if (debug) - fprintf(stderr, _("ERROR returned by master, bailing\n")); - syslog(LOG_ERR, _("kpropd: ERROR returned by master KDC," - " bailing.\n")); + if (debug) + fprintf(stderr, _("ERROR returned by master, bailing\n")); + syslog(LOG_ERR, _("kpropd: ERROR returned by master KDC," + " bailing.\n")); done: - if(iprop_svc_princstr) - free(iprop_svc_princstr); - if (master_svc_princstr) - free(master_svc_princstr); - if ((retval = krb5_cc_close(kpropd_context, cc))) { - com_err(progname, retval, - _("while closing default ccache")); - exit(1); - } - if (def_realm) - free(def_realm); - if (server_handle) - kadm5_destroy((void *)server_handle); - if (kpropd_context) - krb5_free_context(kpropd_context); + if(iprop_svc_princstr) + free(iprop_svc_princstr); + if (master_svc_princstr) + free(master_svc_princstr); + if ((retval = krb5_cc_close(kpropd_context, cc))) { + com_err(progname, retval, + _("while closing default ccache")); + exit(1); + } + if (def_realm) + free(def_realm); + if (server_handle) + kadm5_destroy((void *)server_handle); + if (kpropd_context) + krb5_free_context(kpropd_context); - if (runonce == 1) - return (0); - else - exit(1); + if (runonce == 1) + return (0); + else + exit(1); } @@ -1002,22 +984,22 @@ * Do exponential backoff, since master KDC is BUSY or down */ unsigned int backoff_from_master(int *cnt) { - unsigned int btime; + unsigned int btime; - btime = (unsigned int)(2<<(*cnt)); - if (btime > MAX_BACKOFF) { - btime = MAX_BACKOFF; - *cnt--; - } + btime = (unsigned int)(2<<(*cnt)); + if (btime > MAX_BACKOFF) { + btime = MAX_BACKOFF; + *cnt--; + } - return (btime); + return (btime); } static void kpropd_com_err_proc(const char *whoami, - long code, - const char *fmt, - va_list args) + long code, + const char *fmt, + va_list args) #if !defined(__cplusplus) && (__GNUC__ > 2) __attribute__((__format__(__printf__, 3, 0))) #endif @@ -1025,204 +1007,204 @@ static void kpropd_com_err_proc(const char *whoami, - long code, - const char *fmt, - va_list args) + long code, + const char *fmt, + va_list args) { - char error_buf[8096]; + char error_buf[8096]; - error_buf[0] = '\0'; - if (fmt) - vsnprintf(error_buf, sizeof(error_buf), fmt, args); - syslog(LOG_ERR, "%s%s%s%s%s", whoami ? whoami : "", whoami ? ": " : "", - code ? error_message(code) : "", code ? " " : "", error_buf); + error_buf[0] = '\0'; + if (fmt) + vsnprintf(error_buf, sizeof(error_buf), fmt, args); + syslog(LOG_ERR, "%s%s%s%s%s", whoami ? whoami : "", whoami ? ": " : "", + code ? error_message(code) : "", code ? " " : "", error_buf); } void PRS(argv) - char **argv; + char **argv; { - register char *word, ch; - krb5_error_code retval; - static const char tmp[] = ".temp"; - kdb_log_context *log_ctx; + register char *word, ch; + krb5_error_code retval; + static const char tmp[] = ".temp"; + kdb_log_context *log_ctx; - (void) memset(¶ms, 0, sizeof (params)); + (void) memset(¶ms, 0, sizeof (params)); - retval = kadm5_init_krb5_context(&kpropd_context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } + retval = kadm5_init_krb5_context(&kpropd_context); + if (retval) { + com_err(argv[0], retval, "while initializing krb5"); + exit(1); + } - progname = *argv++; - while ((word = *argv++)) { - if (*word == '-') { - word++; - while (word && (ch = *word++)) { - switch(ch){ - case 'f': - if (*word) - file = word; - else - file = *argv++; - if (!file) - usage(); - word = 0; - break; - case 'F': - if (*word) - kerb_database = word; - else - kerb_database = *argv++; - if (!kerb_database) - usage(); - word = 0; - break; - case 'p': - if (*word) - kdb5_util = word; - else - kdb5_util = *argv++; - if (!kdb5_util) - usage(); - word = 0; - break; - case 'P': - if (*word) - port = htons(atoi(word)); - else - port = htons(atoi(*argv++)); - if (!port) - usage(); - word = 0; - break; - case 'r': - if (*word) - realm = word; - else - realm = *argv++; - if (!realm) - usage(); - word = 0; - break; - case 's': - if (*word) - srvtab = word; - else - srvtab = *argv++; - if (!srvtab) - usage(); - word = 0; - break; - case 'd': - debug++; - break; - case 'S': - standalone++; - break; - case 'a': - if (*word) - acl_file_name = word; - else - acl_file_name = *argv++; - if (!acl_file_name) - usage(); - word = 0; - break; + progname = *argv++; + while ((word = *argv++)) { + if (*word == '-') { + word++; + while (word && (ch = *word++)) { + switch(ch){ + case 'f': + if (*word) + file = word; + else + file = *argv++; + if (!file) + usage(); + word = 0; + break; + case 'F': + if (*word) + kerb_database = word; + else + kerb_database = *argv++; + if (!kerb_database) + usage(); + word = 0; + break; + case 'p': + if (*word) + kdb5_util = word; + else + kdb5_util = *argv++; + if (!kdb5_util) + usage(); + word = 0; + break; + case 'P': + if (*word) + port = htons(atoi(word)); + else + port = htons(atoi(*argv++)); + if (!port) + usage(); + word = 0; + break; + case 'r': + if (*word) + realm = word; + else + realm = *argv++; + if (!realm) + usage(); + word = 0; + break; + case 's': + if (*word) + srvtab = word; + else + srvtab = *argv++; + if (!srvtab) + usage(); + word = 0; + break; + case 'd': + debug++; + break; + case 'S': + standalone++; + break; + case 'a': + if (*word) + acl_file_name = word; + else + acl_file_name = *argv++; + if (!acl_file_name) + usage(); + word = 0; + break; - case 't': - /* - * Undocumented option - for testing only. - * - * Option to run the kpropd server exactly - * once (this is true only if iprop is enabled). - */ - runonce = 1; - break; + case 't': + /* + * Undocumented option - for testing only. + * + * Option to run the kpropd server exactly + * once (this is true only if iprop is enabled). + */ + runonce = 1; + break; - case 'x': - { - char **new_db_args; - new_db_args = realloc(db_args, - (db_args_size+2)*sizeof(*db_args)); - if (new_db_args == NULL) { - com_err(argv[0], errno, "copying db args"); - exit(1); - } - db_args = new_db_args; - if (*word) - db_args[db_args_size] = word; - else - db_args[db_args_size] = *argv++; - word = 0; - if (db_args[db_args_size] == NULL) - usage(); - db_args[db_args_size+1] = NULL; - db_args_size++; - } + case 'x': + { + char **new_db_args; + new_db_args = realloc(db_args, + (db_args_size+2)*sizeof(*db_args)); + if (new_db_args == NULL) { + com_err(argv[0], errno, "copying db args"); + exit(1); + } + db_args = new_db_args; + if (*word) + db_args[db_args_size] = word; + else + db_args[db_args_size] = *argv++; + word = 0; + if (db_args[db_args_size] == NULL) + usage(); + db_args[db_args_size+1] = NULL; + db_args_size++; + } - default: - usage(); - } + default: + usage(); + } - } - } else - /* We don't take any arguments, only options */ - usage(); - } - /* - * If not in debug mode, switch com_err reporting to syslog - */ - if (! debug) { - openlog("kpropd", LOG_PID | LOG_ODELAY, SYSLOG_CLASS); - set_com_err_hook(kpropd_com_err_proc); - } - /* - * Get my hostname, so we can construct my service name - */ - retval = krb5_sname_to_principal(kpropd_context, - NULL, KPROP_SERVICE_NAME, - KRB5_NT_SRV_HST, &server); - if (retval) { - com_err(progname, retval, - "While trying to construct my service name"); - exit(1); - } - if (realm) { - retval = krb5_set_principal_realm(kpropd_context, server, realm); - if (retval) { - com_err(progname, errno, - "while constructing my service realm"); - exit(1); - } - } - /* - * Construct the name of the temporary file. - */ - if (asprintf(&temp_file_name, "%s%s", file, tmp) < 0) { - com_err(progname, ENOMEM, - "while allocating filename for temp file"); - exit(1); - } + } + } else + /* We don't take any arguments, only options */ + usage(); + } + /* + * If not in debug mode, switch com_err reporting to syslog + */ + if (! debug) { + openlog("kpropd", LOG_PID | LOG_ODELAY, SYSLOG_CLASS); + set_com_err_hook(kpropd_com_err_proc); + } + /* + * Get my hostname, so we can construct my service name + */ + retval = krb5_sname_to_principal(kpropd_context, + NULL, KPROP_SERVICE_NAME, + KRB5_NT_SRV_HST, &server); + if (retval) { + com_err(progname, retval, + "While trying to construct my service name"); + exit(1); + } + if (realm) { + retval = krb5_set_principal_realm(kpropd_context, server, realm); + if (retval) { + com_err(progname, errno, + "while constructing my service realm"); + exit(1); + } + } + /* + * Construct the name of the temporary file. + */ + if (asprintf(&temp_file_name, "%s%s", file, tmp) < 0) { + com_err(progname, ENOMEM, + "while allocating filename for temp file"); + exit(1); + } - retval = kadm5_get_config_params(kpropd_context, 1, ¶ms, ¶ms); - if (retval) { - com_err(progname, retval, _("while initializing")); - exit(1); - } - if (params.iprop_enabled == TRUE) { - ulog_set_role(kpropd_context, IPROP_SLAVE); + retval = kadm5_get_config_params(kpropd_context, 1, ¶ms, ¶ms); + if (retval) { + com_err(progname, retval, _("while initializing")); + exit(1); + } + if (params.iprop_enabled == TRUE) { + ulog_set_role(kpropd_context, IPROP_SLAVE); - if (ulog_map(kpropd_context, params.iprop_logfile, - params.iprop_ulogsize, FKPROPD, db_args)) { - com_err(progname, errno, - _("Unable to map log!\n")); - exit(1); - } - } - log_ctx = kpropd_context->kdblog_context; - if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) - ulog_set_role(kpropd_context, IPROP_SLAVE); + if (ulog_map(kpropd_context, params.iprop_logfile, + params.iprop_ulogsize, FKPROPD, db_args)) { + com_err(progname, errno, + _("Unable to map log!\n")); + exit(1); + } + } + log_ctx = kpropd_context->kdblog_context; + if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) + ulog_set_role(kpropd_context, IPROP_SLAVE); } /* @@ -1230,17 +1212,17 @@ */ void kerberos_authenticate(context, fd, clientp, etype, my_sin) - krb5_context context; - int fd; - krb5_principal * clientp; - krb5_enctype * etype; - struct sockaddr_in my_sin; + krb5_context context; + int fd; + krb5_principal * clientp; + krb5_enctype * etype; + struct sockaddr_in my_sin; { - krb5_error_code retval; - krb5_ticket * ticket; - struct sockaddr_in r_sin; + krb5_error_code retval; + krb5_ticket * ticket; + struct sockaddr_in r_sin; GETSOCKNAME_ARG3_TYPE sin_length; - krb5_keytab keytab = NULL; + krb5_keytab keytab = NULL; /* * Set recv_addr and send_addr @@ -1253,8 +1235,8 @@ sin_length = sizeof(r_sin); if (getsockname(fd, (struct sockaddr *) &r_sin, &sin_length)) { - com_err(progname, errno, "while getting local socket address"); - exit(1); + com_err(progname, errno, "while getting local socket address"); + exit(1); } receiver_addr.addrtype = ADDRTYPE_INET; @@ -1264,82 +1246,82 @@ sizeof(r_sin.sin_addr)); if (debug) { - char *name; + char *name; - retval = krb5_unparse_name(context, server, &name); - if (retval) { - com_err(progname, retval, "While unparsing client name"); - exit(1); - } - printf("krb5_recvauth(%d, %s, %s, ...)\n", fd, kprop_version, name); - free(name); + retval = krb5_unparse_name(context, server, &name); + if (retval) { + com_err(progname, retval, "While unparsing client name"); + exit(1); + } + printf("krb5_recvauth(%d, %s, %s, ...)\n", fd, kprop_version, name); + free(name); } retval = krb5_auth_con_init(context, &auth_context); if (retval) { - syslog(LOG_ERR, "Error in krb5_auth_con_ini: %s", - error_message(retval)); - exit(1); + syslog(LOG_ERR, "Error in krb5_auth_con_ini: %s", + error_message(retval)); + exit(1); } retval = krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE); + KRB5_AUTH_CONTEXT_DO_SEQUENCE); if (retval) { - syslog(LOG_ERR, "Error in krb5_auth_con_setflags: %s", - error_message(retval)); - exit(1); + syslog(LOG_ERR, "Error in krb5_auth_con_setflags: %s", + error_message(retval)); + exit(1); } retval = krb5_auth_con_setaddrs(context, auth_context, &receiver_addr, - &sender_addr); + &sender_addr); if (retval) { - syslog(LOG_ERR, "Error in krb5_auth_con_setaddrs: %s", - error_message(retval)); - exit(1); + syslog(LOG_ERR, "Error in krb5_auth_con_setaddrs: %s", + error_message(retval)); + exit(1); } if (srvtab) { retval = krb5_kt_resolve(context, srvtab, &keytab); - if (retval) { - syslog(LOG_ERR, "Error in krb5_kt_resolve: %s", error_message(retval)); - exit(1); - } + if (retval) { + syslog(LOG_ERR, "Error in krb5_kt_resolve: %s", error_message(retval)); + exit(1); + } } retval = krb5_recvauth(context, &auth_context, (void *) &fd, - kprop_version, server, 0, keytab, &ticket); + kprop_version, server, 0, keytab, &ticket); if (retval) { - syslog(LOG_ERR, "Error in krb5_recvauth: %s", error_message(retval)); - exit(1); + syslog(LOG_ERR, "Error in krb5_recvauth: %s", error_message(retval)); + exit(1); } retval = krb5_copy_principal(context, ticket->enc_part2->client, clientp); if (retval) { - syslog(LOG_ERR, "Error in krb5_copy_prinicpal: %s", - error_message(retval)); - exit(1); + syslog(LOG_ERR, "Error in krb5_copy_prinicpal: %s", + error_message(retval)); + exit(1); } *etype = ticket->enc_part.enctype; if (debug) { - char * name; - char etypebuf[100]; + char * name; + char etypebuf[100]; - retval = krb5_unparse_name(context, *clientp, &name); - if (retval) { - com_err(progname, retval, "While unparsing client name"); - exit(1); - } + retval = krb5_unparse_name(context, *clientp, &name); + if (retval) { + com_err(progname, retval, "While unparsing client name"); + exit(1); + } - retval = krb5_enctype_to_string(*etype, etypebuf, sizeof(etypebuf)); - if (retval) { - com_err(progname, retval, "While unparsing ticket etype"); - exit(1); - } + retval = krb5_enctype_to_string(*etype, etypebuf, sizeof(etypebuf)); + if (retval) { + com_err(progname, retval, "While unparsing ticket etype"); + exit(1); + } - printf("authenticated client: %s (etype == %s)\n", name, etypebuf); - free(name); + printf("authenticated client: %s (etype == %s)\n", name, etypebuf); + free(name); } krb5_free_ticket(context, ticket); @@ -1351,52 +1333,52 @@ krb5_principal p; krb5_enctype auth_etype; { - char *name, *ptr; - char buf[1024]; - krb5_error_code retval; - FILE *acl_file; - int end; - krb5_enctype acl_etype; + char *name, *ptr; + char buf[1024]; + krb5_error_code retval; + FILE *acl_file; + int end; + krb5_enctype acl_etype; retval = krb5_unparse_name(context, p, &name); if (retval) - return FALSE; + return FALSE; acl_file = fopen(acl_file_name, "r"); if (!acl_file) - return FALSE; + return FALSE; while (!feof(acl_file)) { - if (!fgets(buf, sizeof(buf), acl_file)) - break; - end = strlen(buf) - 1; - if (buf[end] == '\n') - buf[end] = '\0'; - if (!strncmp(name, buf, strlen(name))) { - ptr = buf+strlen(name); + if (!fgets(buf, sizeof(buf), acl_file)) + break; + end = strlen(buf) - 1; + if (buf[end] == '\n') + buf[end] = '\0'; + if (!strncmp(name, buf, strlen(name))) { + ptr = buf+strlen(name); - /* if the next character is not whitespace or nul, then - the match is only partial. continue on to new lines. */ - if (*ptr && !isspace((int) *ptr)) - continue; + /* if the next character is not whitespace or nul, then + the match is only partial. continue on to new lines. */ + if (*ptr && !isspace((int) *ptr)) + continue; - /* otherwise, skip trailing whitespace */ - for (; *ptr && isspace((int) *ptr); ptr++) ; + /* otherwise, skip trailing whitespace */ + for (; *ptr && isspace((int) *ptr); ptr++) ; - /* now, look for an etype string. if there isn't one, - return true. if there is an invalid string, continue. - If there is a valid string, return true only if it - matches the etype passed in, otherwise continue */ + /* now, look for an etype string. if there isn't one, + return true. if there is an invalid string, continue. + If there is a valid string, return true only if it + matches the etype passed in, otherwise continue */ - if ((*ptr) && - ((retval = krb5_string_to_enctype(ptr, &acl_etype)) || - (acl_etype != auth_etype))) - continue; + if ((*ptr) && + ((retval = krb5_string_to_enctype(ptr, &acl_etype)) || + (acl_etype != auth_etype))) + continue; - free(name); - fclose(acl_file); - return TRUE; - } + free(name); + fclose(acl_file); + return TRUE; + } } free(name); fclose(acl_file); @@ -1406,195 +1388,195 @@ void recv_database(context, fd, database_fd, confmsg) krb5_context context; - int fd; - int database_fd; + int fd; + int database_fd; krb5_data *confmsg; { - krb5_ui_4 database_size; /* This must be 4 bytes */ - int received_size, n; - char buf[1024]; - krb5_data inbuf, outbuf; - krb5_error_code retval; + krb5_ui_4 database_size; /* This must be 4 bytes */ + int received_size, n; + char buf[1024]; + krb5_data inbuf, outbuf; + krb5_error_code retval; - /* - * Receive and decode size from client - */ - retval = krb5_read_message(context, (void *) &fd, &inbuf); - if (retval) { - send_error(context, fd, retval, "while reading database size"); - com_err(progname, retval, - "while reading size of database from client"); - exit(1); - } - if (krb5_is_krb_error(&inbuf)) - recv_error(context, &inbuf); - retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL); - if (retval) { - send_error(context, fd, retval, - "while decoding database size"); - krb5_free_data_contents(context, &inbuf); - com_err(progname, retval, - "while decoding database size from client"); - exit(1); - } - memcpy(&database_size, outbuf.data, sizeof(database_size)); - krb5_free_data_contents(context, &inbuf); - krb5_free_data_contents(context, &outbuf); - database_size = ntohl(database_size); + /* + * Receive and decode size from client + */ + retval = krb5_read_message(context, (void *) &fd, &inbuf); + if (retval) { + send_error(context, fd, retval, "while reading database size"); + com_err(progname, retval, + "while reading size of database from client"); + exit(1); + } + if (krb5_is_krb_error(&inbuf)) + recv_error(context, &inbuf); + retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL); + if (retval) { + send_error(context, fd, retval, + "while decoding database size"); + krb5_free_data_contents(context, &inbuf); + com_err(progname, retval, + "while decoding database size from client"); + exit(1); + } + memcpy(&database_size, outbuf.data, sizeof(database_size)); + krb5_free_data_contents(context, &inbuf); + krb5_free_data_contents(context, &outbuf); + database_size = ntohl(database_size); - /* - * Initialize the initial vector. - */ - retval = krb5_auth_con_initivector(context, auth_context); - if (retval) { - send_error(context, fd, retval, - "failed while initializing i_vector"); - com_err(progname, retval, "while initializing i_vector"); - exit(1); - } + /* + * Initialize the initial vector. + */ + retval = krb5_auth_con_initivector(context, auth_context); + if (retval) { + send_error(context, fd, retval, + "failed while initializing i_vector"); + com_err(progname, retval, "while initializing i_vector"); + exit(1); + } - /* - * Now start receiving the database from the net - */ - received_size = 0; - while (received_size < database_size) { - retval = krb5_read_message(context, (void *) &fd, &inbuf); - if (retval) { - snprintf(buf, sizeof(buf), - "while reading database block starting at offset %d", - received_size); - com_err(progname, retval, buf); - send_error(context, fd, retval, buf); - exit(1); - } - if (krb5_is_krb_error(&inbuf)) - recv_error(context, &inbuf); - retval = krb5_rd_priv(context, auth_context, &inbuf, - &outbuf, NULL); - if (retval) { - snprintf(buf, sizeof(buf), - "while decoding database block starting at offset %d", - received_size); - com_err(progname, retval, buf); - send_error(context, fd, retval, buf); - krb5_free_data_contents(context, &inbuf); - exit(1); - } - n = write(database_fd, outbuf.data, outbuf.length); - krb5_free_data_contents(context, &inbuf); - krb5_free_data_contents(context, &outbuf); - if (n < 0) { - snprintf(buf, sizeof(buf), - "while writing database block starting at offset %d", - received_size); - send_error(context, fd, errno, buf); - } else if (n != outbuf.length) { - snprintf(buf, sizeof(buf), - "incomplete write while writing database block starting at \noffset %d (%d written, %d expected)", - received_size, n, outbuf.length); - send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); - } - received_size += outbuf.length; - } - /* - * OK, we've seen the entire file. Did we get too many bytes? - */ - if (received_size > database_size) { - snprintf(buf, sizeof(buf), - "Received %d bytes, expected %d bytes for database file", - received_size, database_size); - send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); - } - /* - * Create message acknowledging number of bytes received, but - * don't send it until kdb5_util returns successfully. - */ - database_size = htonl(database_size); - inbuf.data = (char *) &database_size; - inbuf.length = sizeof(database_size); - retval = krb5_mk_safe(context,auth_context,&inbuf,confmsg,NULL); - if (retval) { - com_err(progname, retval, - "while encoding # of receieved bytes"); - send_error(context, fd, retval, - "while encoding # of received bytes"); - exit(1); - } + /* + * Now start receiving the database from the net + */ + received_size = 0; + while (received_size < database_size) { + retval = krb5_read_message(context, (void *) &fd, &inbuf); + if (retval) { + snprintf(buf, sizeof(buf), + "while reading database block starting at offset %d", + received_size); + com_err(progname, retval, buf); + send_error(context, fd, retval, buf); + exit(1); + } + if (krb5_is_krb_error(&inbuf)) + recv_error(context, &inbuf); + retval = krb5_rd_priv(context, auth_context, &inbuf, + &outbuf, NULL); + if (retval) { + snprintf(buf, sizeof(buf), + "while decoding database block starting at offset %d", + received_size); + com_err(progname, retval, buf); + send_error(context, fd, retval, buf); + krb5_free_data_contents(context, &inbuf); + exit(1); + } + n = write(database_fd, outbuf.data, outbuf.length); + krb5_free_data_contents(context, &inbuf); + krb5_free_data_contents(context, &outbuf); + if (n < 0) { + snprintf(buf, sizeof(buf), + "while writing database block starting at offset %d", + received_size); + send_error(context, fd, errno, buf); + } else if (n != outbuf.length) { + snprintf(buf, sizeof(buf), + "incomplete write while writing database block starting at \noffset %d (%d written, %d expected)", + received_size, n, outbuf.length); + send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); + } + received_size += outbuf.length; + } + /* + * OK, we've seen the entire file. Did we get too many bytes? + */ + if (received_size > database_size) { + snprintf(buf, sizeof(buf), + "Received %d bytes, expected %d bytes for database file", + received_size, database_size); + send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); + } + /* + * Create message acknowledging number of bytes received, but + * don't send it until kdb5_util returns successfully. + */ + database_size = htonl(database_size); + inbuf.data = (char *) &database_size; + inbuf.length = sizeof(database_size); + retval = krb5_mk_safe(context,auth_context,&inbuf,confmsg,NULL); + if (retval) { + com_err(progname, retval, + "while encoding # of receieved bytes"); + send_error(context, fd, retval, + "while encoding # of received bytes"); + exit(1); + } } void send_error(context, fd, err_code, err_text) krb5_context context; - int fd; - krb5_error_code err_code; - char *err_text; + int fd; + krb5_error_code err_code; + char *err_text; { - krb5_error error; - const char *text; - krb5_data outbuf; - char buf[1024]; + krb5_error error; + const char *text; + krb5_data outbuf; + char buf[1024]; - memset(&error, 0, sizeof(error)); - krb5_us_timeofday(context, &error.stime, &error.susec); - error.server = server; - error.client = client; + memset(&error, 0, sizeof(error)); + krb5_us_timeofday(context, &error.stime, &error.susec); + error.server = server; + error.client = client; - if (err_text) - text = err_text; - else - text = error_message(err_code); + if (err_text) + text = err_text; + else + text = error_message(err_code); - error.error = err_code - ERROR_TABLE_BASE_krb5; - if (error.error > 127) { - error.error = KRB_ERR_GENERIC; - if (err_text) { - snprintf(buf, sizeof(buf), "%s %s", - error_message(err_code), err_text); - text = buf; - } - } - error.text.length = strlen(text) + 1; - error.text.data = strdup(text); - if (error.text.data) { - if (!krb5_mk_error(context, &error, &outbuf)) { - (void) krb5_write_message(context, (void *)&fd,&outbuf); - krb5_free_data_contents(context, &outbuf); - } - free(error.text.data); - } + error.error = err_code - ERROR_TABLE_BASE_krb5; + if (error.error > 127) { + error.error = KRB_ERR_GENERIC; + if (err_text) { + snprintf(buf, sizeof(buf), "%s %s", + error_message(err_code), err_text); + text = buf; + } + } + error.text.length = strlen(text) + 1; + error.text.data = strdup(text); + if (error.text.data) { + if (!krb5_mk_error(context, &error, &outbuf)) { + (void) krb5_write_message(context, (void *)&fd,&outbuf); + krb5_free_data_contents(context, &outbuf); + } + free(error.text.data); + } } void recv_error(context, inbuf) krb5_context context; - krb5_data *inbuf; + krb5_data *inbuf; { - krb5_error *error; - krb5_error_code retval; + krb5_error *error; + krb5_error_code retval; - retval = krb5_rd_error(context, inbuf, &error); - if (retval) { - com_err(progname, retval, - "while decoding error packet from client"); - exit(1); - } - if (error->error == KRB_ERR_GENERIC) { - if (error->text.data) - fprintf(stderr, - "Generic remote error: %s\n", - error->text.data); - } else if (error->error) { - com_err(progname, - (krb5_error_code) error->error + ERROR_TABLE_BASE_krb5, - "signaled from server"); - if (error->text.data) - fprintf(stderr, - "Error text from client: %s\n", - error->text.data); - } - krb5_free_error(context, error); - exit(1); + retval = krb5_rd_error(context, inbuf, &error); + if (retval) { + com_err(progname, retval, + "while decoding error packet from client"); + exit(1); + } + if (error->error == KRB_ERR_GENERIC) { + if (error->text.data) + fprintf(stderr, + "Generic remote error: %s\n", + error->text.data); + } else if (error->error) { + com_err(progname, + (krb5_error_code) error->error + ERROR_TABLE_BASE_krb5, + "signaled from server"); + if (error->text.data) + fprintf(stderr, + "Error text from client: %s\n", + error->text.data); + } + krb5_free_error(context, error); + exit(1); } void @@ -1603,89 +1585,89 @@ char *kdb_util; char *database_file_name; { - static char *edit_av[10]; - int error_ret, save_stderr = -1; - int child_pid; - int count; + static char *edit_av[10]; + int error_ret, save_stderr = -1; + int child_pid; + int count; - /* has been included, so BSD will be defined on - BSD systems */ + /* has been included, so BSD will be defined on + BSD systems */ #if BSD > 0 && BSD <= 43 #ifndef WEXITSTATUS -#define WEXITSTATUS(w) (w).w_retcode +#define WEXITSTATUS(w) (w).w_retcode #endif - union wait waitb; + union wait waitb; #else - int waitb; + int waitb; #endif - krb5_error_code retval; - kdb_log_context *log_ctx; + krb5_error_code retval; + kdb_log_context *log_ctx; - if (debug) - printf("calling kdb5_util to load database\n"); + if (debug) + printf("calling kdb5_util to load database\n"); - log_ctx = context->kdblog_context; + log_ctx = context->kdblog_context; - edit_av[0] = kdb_util; - count = 1; - if (realm) { - edit_av[count++] = "-r"; - edit_av[count++] = realm; - } - edit_av[count++] = "load"; - if (kerb_database) { - edit_av[count++] = "-d"; - edit_av[count++] = kerb_database; - } - if (log_ctx && log_ctx->iproprole == IPROP_SLAVE) { - edit_av[count++] = "-i"; - } - edit_av[count++] = database_file_name; - edit_av[count++] = NULL; + edit_av[0] = kdb_util; + count = 1; + if (realm) { + edit_av[count++] = "-r"; + edit_av[count++] = realm; + } + edit_av[count++] = "load"; + if (kerb_database) { + edit_av[count++] = "-d"; + edit_av[count++] = kerb_database; + } + if (log_ctx && log_ctx->iproprole == IPROP_SLAVE) { + edit_av[count++] = "-i"; + } + edit_av[count++] = database_file_name; + edit_av[count++] = NULL; - switch(child_pid = fork()) { - case -1: - com_err(progname, errno, "while trying to fork %s", - kdb_util); - exit(1); - case 0: - if (!debug) { - save_stderr = dup(2); - close(0); - close(1); - close(2); - open("/dev/null", O_RDWR); - dup(0); - dup(0); - } + switch(child_pid = fork()) { + case -1: + com_err(progname, errno, "while trying to fork %s", + kdb_util); + exit(1); + case 0: + if (!debug) { + save_stderr = dup(2); + close(0); + close(1); + close(2); + open("/dev/null", O_RDWR); + dup(0); + dup(0); + } - if (execv(kdb_util, edit_av) < 0) - retval = errno; - else - retval = 0; - if (!debug) - dup2(save_stderr, 2); - com_err(progname, retval, "while trying to exec %s", - kdb_util); - _exit(1); - /*NOTREACHED*/ - default: - if (debug) - printf("Child PID is %d\n", child_pid); - if (wait(&waitb) < 0) { - com_err(progname, errno, "while waiting for %s", - kdb_util); - exit(1); - } - } + if (execv(kdb_util, edit_av) < 0) + retval = errno; + else + retval = 0; + if (!debug) + dup2(save_stderr, 2); + com_err(progname, retval, "while trying to exec %s", + kdb_util); + _exit(1); + /*NOTREACHED*/ + default: + if (debug) + printf("Child PID is %d\n", child_pid); + if (wait(&waitb) < 0) { + com_err(progname, errno, "while waiting for %s", + kdb_util); + exit(1); + } + } - error_ret = WEXITSTATUS(waitb); - if (error_ret) { - com_err(progname, 0, "%s returned a bad exit status (%d)", - kdb_util, error_ret); - exit(1); - } - return; + error_ret = WEXITSTATUS(waitb); + if (error_ret) { + com_err(progname, 0, "%s returned a bad exit status (%d)", + kdb_util, error_ret); + exit(1); + } + return; } /* @@ -1695,19 +1677,19 @@ */ static kadm5_ret_t kadm5_get_kiprop_host_srv_name(krb5_context context, - const char *realm_name, - char **host_service_name) + const char *realm_name, + char **host_service_name) { - char *name; - char *host; + char *name; + char *host; - host = params.admin_server; /* XXX */ + host = params.admin_server; /* XXX */ - if (asprintf(&name, "%s/%s", KADM5_KIPROP_HOST_SERVICE, host) < 0) { - free(host); - return (ENOMEM); - } - *host_service_name = name; + if (asprintf(&name, "%s/%s", KADM5_KIPROP_HOST_SERVICE, host) < 0) { + free(host); + return (ENOMEM); + } + *host_service_name = name; - return (KADM5_OK); + return (KADM5_OK); } From raeburn at MIT.EDU Fri Nov 6 19:14:33 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 6 Nov 2009 19:14:33 -0500 Subject: svn rev #23141: trunk/src/tests/threads/ Message-ID: <200911070014.nA70EXup017528@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23141 Commit By: raeburn Log Message: Delay start of test until the start of a new second on the system clock. Print per-thread stats only once. Changed Files: U trunk/src/tests/threads/t_rcache.c Modified: trunk/src/tests/threads/t_rcache.c =================================================================== --- trunk/src/tests/threads/t_rcache.c 2009-11-06 23:29:12 UTC (rev 23140) +++ trunk/src/tests/threads/t_rcache.c 2009-11-07 00:14:33 UTC (rev 23141) @@ -52,7 +52,17 @@ int init_once = 0; int n_threads = 2; int interval = 20 /* 5 * 60 */; +int *ip; +static void wait_for_tick () +{ + time_t now, next; + now = time(0); + do { + next = time(0); + } while (now == next); +} + static void try_one (struct tinfo *t) { krb5_donot_replay r; @@ -113,7 +123,7 @@ /* printf("%c", chr); */ fflush(stdout); } - printf("thread %p total %u\n", &t, t.total); +/* printf("thread %u total %u\n", (unsigned) ((int *)x-ip), t.total);*/ *(int*)x = t.total; return 0; } @@ -161,7 +171,7 @@ int main (int argc, char *argv[]) { krb5_error_code err; - int i, *ip; + int i; process_options (argc, argv); err = krb5_init_context(&ctx); @@ -203,7 +213,6 @@ return 1; } } - end_time = time(0) + interval; ip = malloc(sizeof(int) * n_threads); if (ip == 0 && n_threads > 0) { @@ -213,6 +222,9 @@ for (i = 0; i < n_threads; i++) ip[i] = i; + wait_for_tick (); + end_time = time(0) + interval; + for (i = 0; i < n_threads; i++) { pthread_t new_thread; int perr; @@ -226,7 +238,8 @@ while (time(0) < end_time + 1) sleep(1); for (i = 0; i < n_threads; i++) - printf("thread %d total %5d\n", i, ip[i]); + printf("thread %d total %5d, about %.1f per second\n", i, ip[i], + ((double) ip[i])/interval); free(ip); if (init_once) From raeburn at MIT.EDU Fri Nov 6 19:14:37 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 6 Nov 2009 19:14:37 -0500 Subject: svn rev #23142: trunk/src/tests/threads/ Message-ID: <200911070014.nA70EbJk017571@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23142 Commit By: raeburn Log Message: Don't flush stdout so much. Calculate and display some more averages. Changed Files: U trunk/src/tests/threads/t_rcache.c Modified: trunk/src/tests/threads/t_rcache.c =================================================================== --- trunk/src/tests/threads/t_rcache.c 2009-11-07 00:14:33 UTC (rev 23141) +++ trunk/src/tests/threads/t_rcache.c 2009-11-07 00:14:37 UTC (rev 23142) @@ -120,8 +120,10 @@ t.now = time(0); try_one(&t); t.total++; -/* printf("%c", chr); */ +#if 0 + printf("%c", chr); fflush(stdout); +#endif } /* printf("thread %u total %u\n", (unsigned) ((int *)x-ip), t.total);*/ *(int*)x = t.total; @@ -172,6 +174,7 @@ { krb5_error_code err; int i; + unsigned long sum; process_options (argc, argv); err = krb5_init_context(&ctx); @@ -237,9 +240,15 @@ } while (time(0) < end_time + 1) sleep(1); - for (i = 0; i < n_threads; i++) + sum = 0; + for (i = 0; i < n_threads; i++) { + sum += ip[i]; printf("thread %d total %5d, about %.1f per second\n", i, ip[i], ((double) ip[i])/interval); + } + printf("total %lu in %d seconds, avg ~%.1f/sec, ~%.1f/sec/thread\n", + sum, interval, + ((double)sum)/interval, ((double)sum)/interval/n_threads); free(ip); if (init_once) From raeburn at MIT.EDU Mon Nov 9 01:13:34 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Nov 2009 01:13:34 -0500 Subject: svn rev #23144: trunk/src/ Message-ID: <200911090613.nA96DYD8006928@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23144 Commit By: raeburn Log Message: ticket: 6579 target_version: 1.7.1 tags: pullup subject: quoting bug causes solaris pre-10 thread handling bugs Quoting problems in pattern matching on the OS name cause Solaris versions up through 9 to not be properly recognized in the thread-system configuration setup. This causes our libraries to make the erroneous assumption that valid thread support routines are available on all Solaris systems, rather than just assuming it for Solaris 10 and later. The result is assertion failures like this one reported by Meraj Mohammed and others: Assertion failed: k5int_i->did_run != 0, file krb5_libinit.c, line 63 Thanks to Tom Shaw for noticing the cause of the problem. The bug may be present in the 1.6.x series as well. Changed Files: U trunk/src/aclocal.m4 Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-11-08 16:13:26 UTC (rev 23143) +++ trunk/src/aclocal.m4 2009-11-09 06:13:34 UTC (rev 23144) @@ -205,7 +205,9 @@ # don't exclude CFLAGS when linking. *sigh* PTHREAD_CFLAGS="-D_REENTRANT -D_THREAD_SAFE -D_POSIX_C_SOURCE=199506L" ;; +changequote(<<,>>) solaris2.[1-9]) +changequote([,]) # On Solaris 10 with gcc 3.4.3, the autoconf archive macro doesn't # get the right result. XXX What about Solaris 9 and earlier? if test "$GCC" = yes ; then From raeburn at MIT.EDU Mon Nov 9 11:56:01 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Nov 2009 11:56:01 -0500 Subject: svn rev #23145: trunk/src/ Message-ID: <200911091656.nA9Gu16o024766@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23145 Commit By: raeburn Log Message: ticket: 6579 Revise patch to avoid using changequote. Changed Files: U trunk/src/aclocal.m4 Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-11-09 06:13:34 UTC (rev 23144) +++ trunk/src/aclocal.m4 2009-11-09 16:56:01 UTC (rev 23145) @@ -205,9 +205,7 @@ # don't exclude CFLAGS when linking. *sigh* PTHREAD_CFLAGS="-D_REENTRANT -D_THREAD_SAFE -D_POSIX_C_SOURCE=199506L" ;; -changequote(<<,>>) - solaris2.[1-9]) -changequote([,]) + solaris2.[[1-9]]) # On Solaris 10 with gcc 3.4.3, the autoconf archive macro doesn't # get the right result. XXX What about Solaris 9 and earlier? if test "$GCC" = yes ; then From ghudson at MIT.EDU Tue Nov 10 11:57:28 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 10 Nov 2009 11:57:28 -0500 Subject: svn rev #23146: trunk/src/lib/crypto/krb/ Message-ID: <200911101657.nAAGvS8I030331@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23146 Commit By: ghudson Log Message: Remove src/lib/crypto/krb/enc_provider, which was accidentally resurrected (again) in r22875 when merging the authdata branch to the trunk. Changed Files: D trunk/src/lib/crypto/krb/enc_provider/ From ghudson at MIT.EDU Tue Nov 10 13:40:10 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 10 Nov 2009 13:40:10 -0500 Subject: svn rev #23147: trunk/src/lib/ Message-ID: <200911101840.nAAIeAU5005922@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23147 Commit By: ghudson Log Message: Remove the unnecessary src/lib/glue4.c. Changed Files: D trunk/src/lib/glue4.c From ghudson at MIT.EDU Tue Nov 10 14:59:39 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 10 Nov 2009 14:59:39 -0500 Subject: svn rev #23148: trunk/src/lib/krb5/keytab/ Message-ID: <200911101959.nAAJxdpp012296@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23148 Commit By: ghudson Log Message: In lib/krb5/keytab, ensure that function definition headers have function names at the beginning of lines, and avoid putting open parentheses at the beginning of lines in function prototypes. Changed Files: U trunk/src/lib/krb5/keytab/kt_file.c U trunk/src/lib/krb5/keytab/kt_memory.c U trunk/src/lib/krb5/keytab/kt_srvtab.c U trunk/src/lib/krb5/keytab/t_keytab.c Modified: trunk/src/lib/krb5/keytab/kt_file.c =================================================================== --- trunk/src/lib/krb5/keytab/kt_file.c 2009-11-10 18:40:10 UTC (rev 23147) +++ trunk/src/lib/krb5/keytab/kt_file.c 2009-11-10 19:59:39 UTC (rev 23148) @@ -94,104 +94,67 @@ extern const struct _krb5_kt_ops krb5_ktf_ops; extern const struct _krb5_kt_ops krb5_ktf_writable_ops; -static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve -(krb5_context, - const char *, - krb5_keytab *); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_resolve(krb5_context, const char *, krb5_keytab *); -static krb5_error_code KRB5_CALLCONV krb5_ktfile_wresolve -(krb5_context, - const char *, - krb5_keytab *); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_wresolve(krb5_context, const char *, krb5_keytab *); -static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name -(krb5_context, - krb5_keytab, - char *, - unsigned int); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_get_name(krb5_context, krb5_keytab, char *, unsigned int); -static krb5_error_code KRB5_CALLCONV krb5_ktfile_close -(krb5_context, - krb5_keytab); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_close(krb5_context, krb5_keytab); -static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_entry -(krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_get_entry(krb5_context, krb5_keytab, krb5_const_principal, + krb5_kvno, krb5_enctype, krb5_keytab_entry *); -static krb5_error_code KRB5_CALLCONV krb5_ktfile_start_seq_get -(krb5_context, - krb5_keytab, - krb5_kt_cursor *); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_start_seq_get(krb5_context, krb5_keytab, krb5_kt_cursor *); -static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_next -(krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_get_next(krb5_context, krb5_keytab, krb5_keytab_entry *, + krb5_kt_cursor *); -static krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get -(krb5_context, - krb5_keytab, - krb5_kt_cursor *); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_end_get(krb5_context, krb5_keytab, krb5_kt_cursor *); /* routines to be included on extended version (write routines) */ -static krb5_error_code KRB5_CALLCONV krb5_ktfile_add -(krb5_context, - krb5_keytab, - krb5_keytab_entry *); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_add(krb5_context, krb5_keytab, krb5_keytab_entry *); -static krb5_error_code KRB5_CALLCONV krb5_ktfile_remove -(krb5_context, - krb5_keytab, - krb5_keytab_entry *); +static krb5_error_code KRB5_CALLCONV +krb5_ktfile_remove(krb5_context, krb5_keytab, krb5_keytab_entry *); -static krb5_error_code krb5_ktfileint_openr -(krb5_context, - krb5_keytab); +static krb5_error_code +krb5_ktfileint_openr(krb5_context, krb5_keytab); -static krb5_error_code krb5_ktfileint_openw -(krb5_context, - krb5_keytab); +static krb5_error_code +krb5_ktfileint_openw(krb5_context, krb5_keytab); -static krb5_error_code krb5_ktfileint_close -(krb5_context, - krb5_keytab); +static krb5_error_code +krb5_ktfileint_close(krb5_context, krb5_keytab); -static krb5_error_code krb5_ktfileint_read_entry -(krb5_context, - krb5_keytab, - krb5_keytab_entry *); +static krb5_error_code +krb5_ktfileint_read_entry(krb5_context, krb5_keytab, krb5_keytab_entry *); -static krb5_error_code krb5_ktfileint_write_entry -(krb5_context, - krb5_keytab, - krb5_keytab_entry *); +static krb5_error_code +krb5_ktfileint_write_entry(krb5_context, krb5_keytab, krb5_keytab_entry *); -static krb5_error_code krb5_ktfileint_delete_entry -(krb5_context, - krb5_keytab, - krb5_int32); +static krb5_error_code +krb5_ktfileint_delete_entry(krb5_context, krb5_keytab, krb5_int32); -static krb5_error_code krb5_ktfileint_internal_read_entry -(krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_int32 *); +static krb5_error_code +krb5_ktfileint_internal_read_entry(krb5_context, krb5_keytab, + krb5_keytab_entry *, krb5_int32 *); -static krb5_error_code krb5_ktfileint_size_entry -(krb5_context, - krb5_keytab_entry *, - krb5_int32 *); +static krb5_error_code +krb5_ktfileint_size_entry(krb5_context, krb5_keytab_entry *, krb5_int32 *); -static krb5_error_code krb5_ktfileint_find_slot -(krb5_context, - krb5_keytab, - krb5_int32 *, - krb5_int32 *); +static krb5_error_code +krb5_ktfileint_find_slot(krb5_context, krb5_keytab, krb5_int32 *, + krb5_int32 *); /* @@ -563,13 +526,17 @@ * krb5_ktf_keytab_externalize(); * krb5_ktf_keytab_internalize(); */ -static krb5_error_code krb5_ktf_keytab_size -(krb5_context, krb5_pointer, size_t *); -static krb5_error_code krb5_ktf_keytab_externalize -(krb5_context, krb5_pointer, krb5_octet **, size_t *); -static krb5_error_code krb5_ktf_keytab_internalize -(krb5_context,krb5_pointer *, krb5_octet **, size_t *); +static krb5_error_code +krb5_ktf_keytab_size(krb5_context, krb5_pointer, size_t *); +static krb5_error_code +krb5_ktf_keytab_externalize(krb5_context, krb5_pointer, krb5_octet **, + size_t *); + +static krb5_error_code +krb5_ktf_keytab_internalize(krb5_context,krb5_pointer *, krb5_octet **, + size_t *); + /* * Serialization entry for this type. */ Modified: trunk/src/lib/krb5/keytab/kt_memory.c =================================================================== --- trunk/src/lib/krb5/keytab/kt_memory.c 2009-11-10 18:40:10 UTC (rev 23147) +++ trunk/src/lib/krb5/keytab/kt_memory.c 2009-11-10 19:59:39 UTC (rev 23148) @@ -104,61 +104,45 @@ extern const struct _krb5_kt_ops krb5_mkt_ops; -krb5_error_code KRB5_CALLCONV krb5_mkt_resolve -(krb5_context, - const char *, - krb5_keytab *); +krb5_error_code KRB5_CALLCONV +krb5_mkt_resolve(krb5_context, const char *, krb5_keytab *); -krb5_error_code KRB5_CALLCONV krb5_mkt_get_name -(krb5_context, - krb5_keytab, - char *, - unsigned int); +krb5_error_code KRB5_CALLCONV +krb5_mkt_get_name(krb5_context, krb5_keytab, char *, unsigned int); -krb5_error_code KRB5_CALLCONV krb5_mkt_close -(krb5_context, - krb5_keytab); +krb5_error_code KRB5_CALLCONV +krb5_mkt_close(krb5_context, krb5_keytab); -krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry -(krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); +krb5_error_code KRB5_CALLCONV +krb5_mkt_get_entry(krb5_context, krb5_keytab, krb5_const_principal, krb5_kvno, + krb5_enctype, krb5_keytab_entry *); -krb5_error_code KRB5_CALLCONV krb5_mkt_start_seq_get -(krb5_context, - krb5_keytab, - krb5_kt_cursor *); +krb5_error_code KRB5_CALLCONV +krb5_mkt_start_seq_get(krb5_context, krb5_keytab, krb5_kt_cursor *); -krb5_error_code KRB5_CALLCONV krb5_mkt_get_next -(krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); +krb5_error_code KRB5_CALLCONV +krb5_mkt_get_next(krb5_context, krb5_keytab, krb5_keytab_entry *, + krb5_kt_cursor *); -krb5_error_code KRB5_CALLCONV krb5_mkt_end_get -(krb5_context, - krb5_keytab, - krb5_kt_cursor *); +krb5_error_code KRB5_CALLCONV +krb5_mkt_end_get(krb5_context, krb5_keytab, krb5_kt_cursor *); /* routines to be included on extended version (write routines) */ -krb5_error_code KRB5_CALLCONV krb5_mkt_add -(krb5_context, - krb5_keytab, - krb5_keytab_entry *); +krb5_error_code KRB5_CALLCONV +krb5_mkt_add(krb5_context, krb5_keytab, krb5_keytab_entry *); -krb5_error_code KRB5_CALLCONV krb5_mkt_remove -(krb5_context, - krb5_keytab, - krb5_keytab_entry *); +krb5_error_code KRB5_CALLCONV +krb5_mkt_remove(krb5_context, krb5_keytab, krb5_keytab_entry *); -int krb5int_mkt_initialize(void) { +int +krb5int_mkt_initialize(void) +{ return k5_mutex_finish_init(&krb5int_mkt_mutex); } -void krb5int_mkt_finalize(void) { +void +krb5int_mkt_finalize(void) +{ krb5_mkt_list_node *node, *next_node; krb5_mkt_cursor cursor, next_cursor; Modified: trunk/src/lib/krb5/keytab/kt_srvtab.c =================================================================== --- trunk/src/lib/krb5/keytab/kt_srvtab.c 2009-11-10 18:40:10 UTC (rev 23147) +++ trunk/src/lib/krb5/keytab/kt_srvtab.c 2009-11-10 19:59:39 UTC (rev 23148) @@ -56,57 +56,37 @@ extern const struct _krb5_kt_ops krb5_kts_ops; -static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_resolve -(krb5_context, - const char *, - krb5_keytab *); +static krb5_error_code KRB5_CALLCONV +krb5_ktsrvtab_resolve(krb5_context, const char *, krb5_keytab *); -static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_name -(krb5_context, - krb5_keytab, - char *, - unsigned int); +static krb5_error_code KRB5_CALLCONV +krb5_ktsrvtab_get_name(krb5_context, krb5_keytab, char *, unsigned int); -static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_close -(krb5_context, - krb5_keytab); +static krb5_error_code KRB5_CALLCONV +krb5_ktsrvtab_close(krb5_context, krb5_keytab); -static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_entry -(krb5_context, - krb5_keytab, - krb5_const_principal, - krb5_kvno, - krb5_enctype, - krb5_keytab_entry *); +static krb5_error_code KRB5_CALLCONV +krb5_ktsrvtab_get_entry(krb5_context, krb5_keytab, krb5_const_principal, + krb5_kvno, krb5_enctype, krb5_keytab_entry *); -static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_start_seq_get -(krb5_context, - krb5_keytab, - krb5_kt_cursor *); +static krb5_error_code KRB5_CALLCONV +krb5_ktsrvtab_start_seq_get(krb5_context, krb5_keytab, krb5_kt_cursor *); -static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_next -(krb5_context, - krb5_keytab, - krb5_keytab_entry *, - krb5_kt_cursor *); +static krb5_error_code KRB5_CALLCONV +krb5_ktsrvtab_get_next(krb5_context, krb5_keytab, krb5_keytab_entry *, + krb5_kt_cursor *); -static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_end_get -(krb5_context, - krb5_keytab, - krb5_kt_cursor *); +static krb5_error_code KRB5_CALLCONV +krb5_ktsrvtab_end_get(krb5_context, krb5_keytab, krb5_kt_cursor *); -static krb5_error_code krb5_ktsrvint_open -(krb5_context, - krb5_keytab); +static krb5_error_code +krb5_ktsrvint_open(krb5_context, krb5_keytab); -static krb5_error_code krb5_ktsrvint_close -(krb5_context, - krb5_keytab); +static krb5_error_code +krb5_ktsrvint_close(krb5_context, krb5_keytab); -static krb5_error_code krb5_ktsrvint_read_entry -(krb5_context, - krb5_keytab, - krb5_keytab_entry *); +static krb5_error_code +krb5_ktsrvint_read_entry(krb5_context, krb5_keytab, krb5_keytab_entry *); /* * This is an implementation specific resolver. It returns a keytab id Modified: trunk/src/lib/krb5/keytab/t_keytab.c =================================================================== --- trunk/src/lib/krb5/keytab/t_keytab.c 2009-11-10 18:40:10 UTC (rev 23147) +++ trunk/src/lib/krb5/keytab/t_keytab.c 2009-11-10 19:59:39 UTC (rev 23148) @@ -60,7 +60,8 @@ exit(1); \ } else if(debug) printf("%s went ok\n", msg); -static void test_misc(krb5_context context) +static void +test_misc(krb5_context context) { /* Tests for certain error returns */ krb5_error_code kret; @@ -92,7 +93,8 @@ } } -static void kt_test(krb5_context context, const char *name) +static void +kt_test(krb5_context context, const char *name) { krb5_error_code kret; krb5_keytab kt; @@ -401,8 +403,8 @@ } -static void do_test(krb5_context context, const char *prefix, - krb5_boolean delete) +static void +do_test(krb5_context context, const char *prefix, krb5_boolean delete) { char *name, *filename; @@ -425,7 +427,7 @@ } int -main (void) +main(void) { krb5_context context; krb5_error_code kret; From lhoward at MIT.EDU Wed Nov 11 07:04:27 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Wed, 11 Nov 2009 07:04:27 -0500 Subject: svn rev #23149: trunk/src/tests/dejagnu/krb-standalone/ Message-ID: <200911111204.nABC4R8F026855@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23149 Commit By: lhoward Log Message: For iprop test, reduce expected attribute change count to reflect the three non-replicated attributes: last_success, last_failed and fail_auth_count. Changed Files: U trunk/src/tests/dejagnu/krb-standalone/iprop.exp Modified: trunk/src/tests/dejagnu/krb-standalone/iprop.exp =================================================================== --- trunk/src/tests/dejagnu/krb-standalone/iprop.exp 2009-11-10 19:59:39 UTC (rev 23148) +++ trunk/src/tests/dejagnu/krb-standalone/iprop.exp 2009-11-11 12:04:27 UTC (rev 23149) @@ -109,23 +109,23 @@ expect -re "Last serial \# : 8" expect -re "Update Entry" expect -re "Update serial \# : 1" - expect -re "Attributes changed : 15" + expect -re "Attributes changed : 12" expect -re "Update Entry" expect -re "Update serial \# : 2" expect -re "Attributes changed : 6" expect -re "Update Entry" expect -re "Update serial \# : 3" - expect -re "Attributes changed : 15" + expect -re "Attributes changed : 12" expect -re "Update Entry" expect -re "Update serial \# : 4" } else { expect -re "Last serial \# : 7" expect -re "Update Entry" expect -re "Update serial \# : 1" - expect -re "Attributes changed : 15" + expect -re "Attributes changed : 12" expect -re "Update Entry" expect -re "Update serial \# : 2" - expect -re "Attributes changed : 15" + expect -re "Attributes changed : 12" expect -re "Update Entry" expect -re "Update serial \# : 3" } @@ -137,7 +137,7 @@ break } } - expect -re "Attributes changed : 15" + expect -re "Attributes changed : 12" expect eof pass "kproplog output" } foo From tsitkova at MIT.EDU Thu Nov 12 14:12:51 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Thu, 12 Nov 2009 14:12:51 -0500 Subject: svn rev #23151: trunk/src/kdc/ Message-ID: <200911121912.nACJCpQq003483@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23151 Commit By: tsitkova Log Message: Post-great-reindent check. Part I. Changed Files: U trunk/src/kdc/dispatch.c U trunk/src/kdc/do_as_req.c U trunk/src/kdc/do_tgs_req.c U trunk/src/kdc/fast_util.c U trunk/src/kdc/kdc_authdata.c U trunk/src/kdc/kdc_preauth.c Modified: trunk/src/kdc/dispatch.c =================================================================== --- trunk/src/kdc/dispatch.c 2009-11-11 17:54:50 UTC (rev 23150) +++ trunk/src/kdc/dispatch.c 2009-11-12 19:12:51 UTC (rev 23151) @@ -2,7 +2,7 @@ /* * kdc/dispatch.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990, 2009 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America may * require a specific license from the United States Government. Modified: trunk/src/kdc/do_as_req.c =================================================================== --- trunk/src/kdc/do_as_req.c 2009-11-11 17:54:50 UTC (rev 23150) +++ trunk/src/kdc/do_as_req.c 2009-11-12 19:12:51 UTC (rev 23151) @@ -83,9 +83,10 @@ #endif #endif /* APPLE_PKINIT */ -static krb5_error_code prepare_error_as (struct kdc_request_state *, krb5_kdc_req *, int, krb5_data *, - krb5_principal, krb5_data **, - const char *); +static krb5_error_code +prepare_error_as(struct kdc_request_state *, krb5_kdc_req *, + int, krb5_data *, krb5_principal, krb5_data **, + const char *); /*ARGSUSED*/ krb5_error_code @@ -148,7 +149,8 @@ status = "Finding req_body"; goto errout; } - errcode = kdc_find_fast(&request, &encoded_req_body, NULL /*TGS key*/, NULL, state); + errcode = kdc_find_fast(&request, &encoded_req_body, + NULL /*TGS key*/, NULL, state); if (errcode) { status = "error decoding FAST"; goto errout; @@ -309,9 +311,11 @@ setflag(enc_tkt_reply.flags, TKT_FLG_INITIAL); - /* It should be noted that local policy may affect the */ - /* processing of any of these flags. For example, some */ - /* realms may refuse to issue renewable tickets */ + /* + * It should be noted that local policy may affect the + * processing of any of these flags. For example, some + * realms may refuse to issue renewable tickets + */ if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE)) setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); @@ -374,8 +378,10 @@ } else enc_tkt_reply.times.renew_till = 0; /* XXX */ - /* starttime is optional, and treated as authtime if not present. - so we can nuke it if it matches */ + /* + * starttime is optional, and treated as authtime if not present. + * so we can nuke it if it matches + */ if (enc_tkt_reply.times.starttime == enc_tkt_reply.times.authtime) enc_tkt_reply.times.starttime = 0; @@ -423,9 +429,9 @@ * Find the server key */ if ((errcode = krb5_dbe_find_enctype(kdc_context, &server, - -1, /* ignore keytype */ - -1, /* Ignore salttype */ - 0, /* Get highest kvno */ + -1, /* ignore keytype */ + -1, /* Ignore salttype */ + 0, /* Get highest kvno */ &server_key))) { status = "FINDING_SERVER_KEY"; goto errout; @@ -450,10 +456,13 @@ } } - /* convert server.key into a real key (it may be encrypted - in the database) */ + /* + * Convert server.key into a real key + * (it may be encrypted in the database) + * + * server_keyblock is later used to generate auth data signatures + */ if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr, - /* server_keyblock is later used to generate auth data signatures */ server_key, &server_keyblock, NULL))) { status = "DECRYPT_SERVER_KEY"; @@ -524,7 +533,8 @@ reply_encpart.server = ticket_reply.server; /* copy the time fields EXCEPT for authtime; it's location - is used for ktime */ + * is used for ktime + */ reply_encpart.times = enc_tkt_reply.times; reply_encpart.times.authtime = authtime = kdc_time; @@ -532,7 +542,8 @@ reply_encpart.enc_padata = NULL; /* Fetch the padata info to be returned (do this before - authdata to handle possible replacement of reply key */ + * authdata to handle possible replacement of reply key + */ errcode = return_padata(kdc_context, &client, req_pkt, request, &reply, client_key, &client_keyblock, &pa_context); if (errcode) { @@ -572,13 +583,15 @@ goto errout; } - errcode = krb5_encrypt_tkt_part(kdc_context, &server_keyblock, &ticket_reply); + errcode = krb5_encrypt_tkt_part(kdc_context, &server_keyblock, + &ticket_reply); if (errcode) { status = "ENCRYPTING_TICKET"; goto errout; } ticket_reply.enc_part.kvno = server_key->key_data_kvno; - errcode = kdc_fast_response_handle_padata(state, request, &reply, client_keyblock.enctype); + errcode = kdc_fast_response_handle_padata(state, request, &reply, + client_keyblock.enctype); if (errcode) { status = "fast response handling"; goto errout; @@ -588,7 +601,8 @@ reply.enc_part.enctype = client_keyblock.enctype; - errcode = kdc_fast_handle_reply_key(state, &client_keyblock, &as_encrypting_key); + errcode = kdc_fast_handle_reply_key(state, &client_keyblock, + &as_encrypting_key); if (errcode) { status = "generating reply key"; goto errout; @@ -642,9 +656,9 @@ response, status); status = 0; } + if (emsg) krb5_free_error_message(kdc_context, emsg); - if (enc_tkt_reply.authorization_data != NULL) krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data); if (server_keyblock.contents != NULL) @@ -675,11 +689,13 @@ request->kdc_state = NULL; krb5_free_kdc_req(kdc_context, request); assert(did_log != 0); + return errcode; } static krb5_error_code -prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, int error, krb5_data *e_data, +prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, + int error, krb5_data *e_data, krb5_principal canon_client, krb5_data **response, const char *status) { @@ -726,7 +742,8 @@ pa = calloc(size+1, sizeof(*pa)); if (pa == NULL) retval = ENOMEM; - else for (size = 0; td[size]; size++) { + else + for (size = 0; td[size]; size++) { krb5_pa_data *pad = malloc(sizeof(krb5_pa_data )); if (pad == NULL) { retval = ENOMEM; @@ -744,11 +761,13 @@ request, pa, &errpkt); if (retval == 0) retval = krb5_mk_error(kdc_context, &errpkt, scratch); + free(errpkt.text.data); if (retval) free(scratch); else *response = scratch; krb5_free_pa_data(kdc_context, pa); + return retval; } Modified: trunk/src/kdc/do_tgs_req.c =================================================================== --- trunk/src/kdc/do_tgs_req.c 2009-11-11 17:54:50 UTC (rev 23150) +++ trunk/src/kdc/do_tgs_req.c 2009-11-12 19:12:51 UTC (rev 23151) @@ -116,7 +116,7 @@ register int i; int firstpass = 1; const char *status = 0; - krb5_enc_tkt_part *header_enc_tkt = NULL; /* ticket granting or evidence ticket */ + krb5_enc_tkt_part *header_enc_tkt = NULL; /* TG or evidence ticket */ krb5_db_entry client, krbtgt; int c_nprincs = 0, k_nprincs = 0; krb5_pa_s4u_x509_user *s4u_x509_user = NULL; /* protocol transition request */ @@ -179,13 +179,13 @@ } scratch.length = pa_tgs_req->length; scratch.data = (char *) pa_tgs_req->contents; - errcode = kdc_find_fast(&request, &scratch, subkey, header_ticket->enc_part2->session, state); + errcode = kdc_find_fast(&request, &scratch, subkey, + header_ticket->enc_part2->session, state); if (errcode !=0) { status = "kdc_find_fast"; goto cleanup; } - /* * Pointer to the encrypted part of the header ticket, which may be * replaced to point to the encrypted part of the evidence ticket @@ -240,10 +240,12 @@ */ if (firstpass ) { - if ( krb5_is_tgs_principal(request->server) == TRUE) { /* Principal is a name of krb ticket service */ + if ( krb5_is_tgs_principal(request->server) == TRUE) { + /* Principal is a name of krb ticket service */ if (krb5_princ_size(kdc_context, request->server) == 2) { - server_1 = krb5_princ_component(kdc_context, request->server, 1); + server_1 = krb5_princ_component(kdc_context, + request->server, 1); tgs_1 = krb5_princ_component(kdc_context, tgs_server, 1); if (!tgs_1 || !data_eq(*server_1, *tgs_1)) { @@ -262,7 +264,8 @@ retval = prep_reprocess_req(request, &krbtgt_princ); if (!retval) { krb5_free_principal(kdc_context, request->server); - retval = krb5_copy_principal(kdc_context, krbtgt_princ, &(request->server)); + retval = krb5_copy_principal(kdc_context, krbtgt_princ, + &(request->server)); if (!retval) { db_ref_done = TRUE; if (sname != NULL) @@ -329,11 +332,11 @@ useenctype = 0; if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)) { - krb5_keyblock * st_sealing_key; - krb5_kvno st_srv_kvno; - krb5_enctype etype; + krb5_keyblock st_sealing_key; + krb5_kvno st_srv_kvno; + krb5_enctype etype; krb5_db_entry st_client; - int st_nprincs = 0; + int st_nprincs = 0; /* * Get the key for the second ticket, and decrypt it. @@ -375,12 +378,12 @@ if (isflagset(request->kdc_options, KDC_OPT_CNAME_IN_ADDL_TKT)) { /* Do constrained delegation protocol and authorization checks */ errcode = kdc_process_s4u2proxy_req(kdc_context, - request, - request->second_ticket[st_idx]->enc_part2, - &st_client, - header_ticket->enc_part2->client, - request->server, - &status); + request, + request->second_ticket[st_idx]->enc_part2, + &st_client, + header_ticket->enc_part2->client, + request->server, + &status); if (errcode) goto cleanup; @@ -449,9 +452,11 @@ reply_encpart.caddrs = 0;/* optional...don't put it in */ reply_encpart.enc_padata = NULL; - /* It should be noted that local policy may affect the */ - /* processing of any of these flags. For example, some */ - /* realms may refuse to issue renewable tickets */ + /* + * It should be noted that local policy may affect the + * processing of any of these flags. For example, some + * realms may refuse to issue renewable tickets + */ if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE)) { setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); @@ -479,7 +484,8 @@ * S4U2Self in order for forwardable tickets to be returned. */ else if (!is_referral && - !isflagset(server.attributes, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE)) + !isflagset(server.attributes, + KRB5_KDB_OK_TO_AUTH_AS_DELEGATE)) clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); } } @@ -597,9 +603,11 @@ enc_tkt_reply.times.starttime = 0; if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) { - errcode = krb5_unparse_name(kdc_context, s4u_x509_user->user_id.user, &s4u_name); + errcode = krb5_unparse_name(kdc_context, s4u_x509_user->user_id.user, + &s4u_name); } else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) { - errcode = krb5_unparse_name(kdc_context, header_enc_tkt->client, &s4u_name); + errcode = krb5_unparse_name(kdc_context, header_enc_tkt->client, + &s4u_name); } else { errcode = 0; } @@ -618,7 +626,7 @@ if ((errcode = krb5_dbe_find_enctype(kdc_context, &server, -1, /* ignore keytype */ -1, /* Ignore salttype */ - 0,/* Get highest kvno */ + 0, /* Get highest kvno */ &server_key))) { status = "FINDING_SERVER_KEY"; goto cleanup; @@ -630,7 +638,7 @@ /* try refreshing master key list */ /* XXX it would nice if we had the mkvno here for optimization */ if (krb5_db_fetch_mkey_list(kdc_context, master_princ, - &master_keyblock, 0, &tmp_mkey_list) == 0) { + &master_keyblock, 0, &tmp_mkey_list) == 0) { krb5_dbe_free_key_list(kdc_context, master_keylist); master_keylist = tmp_mkey_list; if ((errcode = krb5_dbe_find_mkey(kdc_context, master_keylist, @@ -644,8 +652,10 @@ } } - /* convert server.key into a real key (it may be encrypted - * in the database) */ + /* + * Convert server.key into a real key + * (it may be encrypted in the database) + */ if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr, server_key, &encrypting_key, @@ -753,7 +763,6 @@ * implicitly part of the transited list and should not be explicitly * listed). */ - /* realm compare is like strcmp, but knows how to deal with these args */ if (realm_compare(header_ticket->server, tgs_server) || realm_compare(header_ticket->server, enc_tkt_reply.client)) { @@ -799,9 +808,9 @@ char *tdots; errcode = kdc_check_transited_list (kdc_context, - &enc_tkt_reply.transited.tr_contents, - krb5_princ_realm (kdc_context, header_enc_tkt->client), - krb5_princ_realm (kdc_context, request->server)); + &enc_tkt_reply.transited.tr_contents, + krb5_princ_realm (kdc_context, header_enc_tkt->client), + krb5_princ_realm (kdc_context, request->server)); tlen = enc_tkt_reply.transited.tr_contents.length; tdots = tlen > 125 ? "..." : ""; tlen = tlen > 125 ? 125 : tlen; @@ -925,16 +934,16 @@ /* use the session key in the ticket, unless there's a subsession key in the AP_REQ */ - reply.enc_part.enctype = subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype; errcode = kdc_fast_response_handle_padata(state, request, &reply, - subkey?subkey->enctype:header_ticket->enc_part2->session->enctype); + subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype); if (errcode !=0 ) { status = "Preparing FAST padata"; goto cleanup; } - errcode =kdc_fast_handle_reply_key(state, subkey?subkey:header_ticket->enc_part2->session, &reply_key); + errcode =kdc_fast_handle_reply_key(state, + subkey?subkey:header_ticket->enc_part2->session, &reply_key); if (errcode) { status = "generating reply key"; goto cleanup; @@ -1101,9 +1110,9 @@ * the principal. */ if ((retval = krb5_walk_realm_tree(kdc_context, - krb5_princ_realm(kdc_context, request->server), - krb5_princ_component(kdc_context, request->server, 1), - &plist, KRB5_REALM_BRANCH_CHAR))) + krb5_princ_realm(kdc_context, request->server), + krb5_princ_component(kdc_context, request->server, 1), + &plist, KRB5_REALM_BRANCH_CHAR))) return; /* move to the end */ @@ -1195,16 +1204,20 @@ if ((krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_HST || (krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN && kdc_active_realm->realm_host_based_services != NULL && - (krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, comp1_str) == TRUE || - krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE))) && + (krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, + comp1_str) == TRUE || + krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, + KRB5_CONF_ASTERISK) == TRUE))) && (kdc_active_realm->realm_no_host_referral == NULL || - (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, KRB5_CONF_ASTERISK) == FALSE && - krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, comp1_str) == FALSE))) { + (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, + KRB5_CONF_ASTERISK) == FALSE && + krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, + comp1_str) == FALSE))) { if (memchr(comp2->data, '.', comp2->length) == NULL) goto cleanup; temp_buf = calloc(1, comp2->length+1); - if (!temp_buf){ + if (!temp_buf) { retval = ENOMEM; goto cleanup; } @@ -1239,5 +1252,6 @@ } cleanup: free(comp1_str); + return retval; } Modified: trunk/src/kdc/fast_util.c =================================================================== --- trunk/src/kdc/fast_util.c 2009-11-11 17:54:50 UTC (rev 23150) +++ trunk/src/kdc/fast_util.c 2009-11-12 19:12:51 UTC (rev 23151) @@ -23,9 +23,6 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * - * */ #include @@ -55,11 +52,12 @@ krb5_clear_error_message(kdc_context); retval = krb5_auth_con_init(kdc_context, &authcontext); if (retval == 0) - retval = krb5_auth_con_setflags(kdc_context, authcontext, 0); /*disable replay cache*/ + retval = krb5_auth_con_setflags(kdc_context, + authcontext, 0); /*disable replay cache*/ retval = krb5_rd_req(kdc_context, &authcontext, &armor->armor_value, NULL /*server*/, kdc_active_realm->realm_keytab, NULL, &ticket); - if (retval !=0) { + if (retval != 0) { const char * errmsg = krb5_get_error_message(kdc_context, retval); krb5_set_error_message(kdc_context, retval, "%s while handling ap-request armor", errmsg); @@ -70,19 +68,19 @@ tgs_server, ticket->server)) { krb5_set_error_message(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH, - "ap-request armor for something other than the local TGS"); + "ap-request armor for something other than the local TGS"); retval = KRB5KDC_ERR_SERVER_NOMATCH; } } - if (retval ==0) { + if (retval == 0) { retval = krb5_auth_con_getrecvsubkey(kdc_context, authcontext, &subkey); - if (retval !=0 || subkey == NULL) { + if (retval != 0 || subkey == NULL) { krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY, "ap-request armor without subkey"); retval = KRB5KDC_ERR_POLICY; } } - if (retval==0) + if (retval == 0) retval = krb5_c_fx_cf2_simple(kdc_context, subkey, "subkeyarmor", ticket->enc_part2->session, "ticketarmor", @@ -96,9 +94,10 @@ return retval; } -static krb5_error_code encrypt_fast_reply -(struct kdc_request_state *state, const krb5_fast_response *response, - krb5_data **fx_fast_reply) +static krb5_error_code +encrypt_fast_reply(struct kdc_request_state *state, + const krb5_fast_response *response, + krb5_data **fx_fast_reply) { krb5_error_code retval = 0; krb5_enc_data encrypted_reply; @@ -121,11 +120,12 @@ } -krb5_error_code kdc_find_fast -(krb5_kdc_req **requestptr, krb5_data *checksummed_data, - krb5_keyblock *tgs_subkey, - krb5_keyblock *tgs_session, - struct kdc_request_state *state) +krb5_error_code +kdc_find_fast(krb5_kdc_req **requestptr, + krb5_data *checksummed_data, + krb5_keyblock *tgs_subkey, + krb5_keyblock *tgs_session, + struct kdc_request_state *state) { krb5_error_code retval = 0; krb5_pa_data *fast_padata, *cookie_padata; @@ -165,7 +165,7 @@ &state->armor_key); else { krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED, - "No armor key but FAST armored request present"); + "No armor key but FAST armored request present"); retval = KRB5KDC_ERR_PREAUTH_FAILED; } } @@ -188,7 +188,8 @@ if (retval == 0) retval = krb5_c_verify_checksum(kdc_context, state->armor_key, KRB5_KEYUSAGE_FAST_REQ_CHKSUM, - checksummed_data, &fast_armored_req->req_checksum, + checksummed_data, + &fast_armored_req->req_checksum, &cksum_valid); if (retval == 0 && !cksum_valid) { retval = KRB5KRB_AP_ERR_MODIFIED; @@ -197,13 +198,16 @@ } if (retval == 0) { krb5_error_code ret; - /* We need to confirm that a keyed checksum is used for the + /* + * We need to confirm that a keyed checksum is used for the * fast_req checksum. In April 2009, the best way to do this is * to try verifying the checksum with a keyblock with an zero - * length; if it succeeds, then an unkeyed checksum is used.*/ + * length; if it succeeds, then an unkeyed checksum is used. + */ ret = krb5_c_verify_checksum(kdc_context, &empty_keyblock, KRB5_KEYUSAGE_FAST_REQ_CHKSUM, - checksummed_data, &fast_armored_req->req_checksum, + checksummed_data, + &fast_armored_req->req_checksum, &cksum_valid); if (ret == 0) { retval = KRB5KDC_ERR_POLICY; @@ -212,11 +216,12 @@ } } if (retval == 0) { - if ((fast_req->fast_options & UNSUPPORTED_CRITICAL_FAST_OPTIONS) !=0) + if ((fast_req->fast_options & UNSUPPORTED_CRITICAL_FAST_OPTIONS) != 0) retval = KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION; } if (retval == 0) - cookie_padata = find_pa_data(fast_req->req_body->padata, KRB5_PADATA_FX_COOKIE); + cookie_padata = find_pa_data(fast_req->req_body->padata, + KRB5_PADATA_FX_COOKIE); if (retval == 0) { state->fast_options = fast_req->fast_options; if (request->kdc_state == state) @@ -224,7 +229,6 @@ krb5_free_kdc_req( kdc_context, request); *requestptr = fast_req->req_body; fast_req->req_body = NULL; - } } else cookie_padata = find_pa_data(request->padata, KRB5_PADATA_FX_COOKIE); @@ -240,7 +244,8 @@ retval = ENOMEM; free(new_padata); } else { - memcpy(new_padata->contents, cookie_padata->contents, new_padata->length); + memcpy(new_padata->contents, cookie_padata->contents, + new_padata->length); state->cookie = new_padata; } } @@ -253,7 +258,8 @@ } -krb5_error_code kdc_make_rstate(struct kdc_request_state **out) +krb5_error_code +kdc_make_rstate(struct kdc_request_state **out) { struct kdc_request_state *state = malloc( sizeof(struct kdc_request_state)); if (state == NULL) @@ -263,8 +269,8 @@ return 0; } -void kdc_free_rstate -(struct kdc_request_state *s) +void +kdc_free_rstate (struct kdc_request_state *s) { if (s == NULL) return; @@ -279,10 +285,10 @@ free(s); } -krb5_error_code kdc_fast_response_handle_padata -(struct kdc_request_state *state, - krb5_kdc_req *request, - krb5_kdc_rep *rep, krb5_enctype enctype) +krb5_error_code +kdc_fast_response_handle_padata(struct kdc_request_state *state, + krb5_kdc_req *request, + krb5_kdc_rep *rep, krb5_enctype enctype) { krb5_error_code retval = 0; krb5_fast_finished finish; @@ -323,10 +329,13 @@ if (retval == 0) retval = encode_krb5_ticket(rep->ticket, &encoded_ticket); if (retval == 0) - retval = krb5int_c_mandatory_cksumtype(kdc_context, state->armor_key->enctype, &cksumtype); + retval = krb5int_c_mandatory_cksumtype(kdc_context, + state->armor_key->enctype, + &cksumtype); if (retval == 0) retval = krb5_c_make_checksum(kdc_context, cksumtype, - state->armor_key, KRB5_KEYUSAGE_FAST_FINISHED, + state->armor_key, + KRB5_KEYUSAGE_FAST_FINISHED, encoded_ticket, &finish.ticket_checksum); if (retval == 0) retval = encrypt_fast_reply(state, &fast_response, &encrypted_reply); @@ -363,10 +372,11 @@ * throw away the e_data in the error (if any); in the non-FAST case * we will not use the in_padata. */ -krb5_error_code kdc_fast_handle_error -(krb5_context context, struct kdc_request_state *state, - krb5_kdc_req *request, - krb5_pa_data **in_padata, krb5_error *err) +krb5_error_code +kdc_fast_handle_error(krb5_context context, + struct kdc_request_state *state, + krb5_kdc_req *request, + krb5_pa_data **in_padata, krb5_error *err) { krb5_error_code retval = 0; krb5_fast_response resp; @@ -441,9 +451,10 @@ return retval; } -krb5_error_code kdc_fast_handle_reply_key(struct kdc_request_state *state, - krb5_keyblock *existing_key, - krb5_keyblock **out_key) +krb5_error_code +kdc_fast_handle_reply_key(struct kdc_request_state *state, + krb5_keyblock *existing_key, + krb5_keyblock **out_key) { krb5_error_code retval = 0; if (state->armor_key) @@ -451,13 +462,15 @@ state->strengthen_key, "strengthenkey", existing_key, "replykey", out_key); - else retval = krb5_copy_keyblock(kdc_context, existing_key, out_key); + else + retval = krb5_copy_keyblock(kdc_context, existing_key, out_key); return retval; } -krb5_error_code kdc_preauth_get_cookie(struct kdc_request_state *state, - krb5_pa_data **cookie) +krb5_error_code +kdc_preauth_get_cookie(struct kdc_request_state *state, + krb5_pa_data **cookie) { char *contents; krb5_pa_data *pa = NULL; Modified: trunk/src/kdc/kdc_authdata.c =================================================================== --- trunk/src/kdc/kdc_authdata.c 2009-11-11 17:54:50 UTC (rev 23150) +++ trunk/src/kdc/kdc_authdata.c 2009-11-12 19:12:51 UTC (rev 23151) @@ -39,66 +39,68 @@ #include "../include/krb5/authdata_plugin.h" #if TARGET_OS_MAC -static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/authdata", NULL }; /* should be a list */ +static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, + LIBDIR "/krb5/plugins/authdata", + NULL }; /* should be a list */ #else static const char *objdirs[] = { LIBDIR "/krb5/plugins/authdata", NULL }; #endif /* MIT Kerberos 1.6 (V0) authdata plugin callback */ typedef krb5_error_code (*authdata_proc_0) -(krb5_context, krb5_db_entry *client, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_enc_tkt_part * enc_tkt_reply); + (krb5_context, krb5_db_entry *client, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_enc_tkt_part * enc_tkt_reply); /* MIT Kerberos 1.8 (V2) authdata plugin callback */ typedef krb5_error_code (*authdata_proc_2) -(krb5_context, unsigned int flags, - krb5_db_entry *client, krb5_db_entry *server, - krb5_db_entry *krbtgt, - krb5_keyblock *client_key, - krb5_keyblock *server_key, - krb5_keyblock *krbtgt_key, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_const_principal for_user_princ, - krb5_enc_tkt_part *enc_tkt_request, - krb5_enc_tkt_part *enc_tkt_reply); + (krb5_context, unsigned int flags, + krb5_db_entry *client, krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); typedef krb5_error_code (*init_proc) -(krb5_context, void **); + (krb5_context, void **); typedef void (*fini_proc) -(krb5_context, void *); + (krb5_context, void *); /* Internal authdata system for copying TGS-REQ authdata to ticket */ static krb5_error_code handle_request_authdata -(krb5_context context, - unsigned int flags, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_db_entry *krbtgt, - krb5_keyblock *client_key, - krb5_keyblock *server_key, - krb5_keyblock *krbtgt_key, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_const_principal for_user_princ, - krb5_enc_tkt_part *enc_tkt_request, - krb5_enc_tkt_part *enc_tkt_reply); + (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); /* Internal authdata system for handling KDC-issued authdata */ static krb5_error_code handle_tgt_authdata -(krb5_context context, - unsigned int flags, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_db_entry *krbtgt, - krb5_keyblock *client_key, - krb5_keyblock *server_key, - krb5_keyblock *krbtgt_key, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_const_principal for_user_princ, - krb5_enc_tkt_part *enc_tkt_request, - krb5_enc_tkt_part *enc_tkt_reply); + (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); typedef struct _krb5_authdata_systems { const char *name; @@ -118,8 +120,10 @@ } krb5_authdata_systems; static krb5_authdata_systems static_authdata_systems[] = { - { "tgs_req", AUTHDATA_SYSTEM_V2, AUTHDATA_FLAG_CRITICAL, NULL, NULL, NULL, { handle_request_authdata } }, - { "tgt", AUTHDATA_SYSTEM_V2, AUTHDATA_FLAG_CRITICAL, NULL, NULL, NULL, { handle_tgt_authdata } }, + { "tgs_req", AUTHDATA_SYSTEM_V2, AUTHDATA_FLAG_CRITICAL, + NULL, NULL, NULL, { handle_request_authdata } }, + { "tgt", AUTHDATA_SYSTEM_V2, AUTHDATA_FLAG_CRITICAL, + NULL, NULL, NULL, { handle_tgt_authdata } }, }; static krb5_authdata_systems *authdata_systems; @@ -153,10 +157,12 @@ if (krb5int_get_plugin_dir_data(&authdata_plugins, "authdata_server_2", - &authdata_plugins_ftables_v2, &context->err) != 0 || + &authdata_plugins_ftables_v2, + &context->err) != 0 || krb5int_get_plugin_dir_data(&authdata_plugins, "authdata_server_0", - &authdata_plugins_ftables_v0, &context->err) != 0) { + &authdata_plugins_ftables_v0, + &context->err) != 0) { code = KRB5_PLUGIN_NO_HANDLE; goto cleanup; } @@ -188,7 +194,8 @@ / sizeof(static_authdata_systems[0]); /* Build the complete list of supported authdata options, and - * leave room for a terminator entry. */ + * leave room for a terminator entry. + */ authdata_systems = calloc(module_count + 1, sizeof(krb5_authdata_systems)); if (authdata_systems == NULL) { code = ENOMEM; @@ -349,7 +356,7 @@ authdata = (krb5_authdata **)calloc(i + 1, sizeof(krb5_authdata *)); } else { authdata = (krb5_authdata **)realloc(authdata, - ((nadata + i + 1) * sizeof(krb5_authdata *))); + ((nadata + i + 1) * sizeof(krb5_authdata *))); } if (authdata == NULL) return ENOMEM; @@ -436,7 +443,8 @@ } /* scratch now has the authorization data, so we decode it, and make - * it available to subsequent authdata plugins */ + * it available to subsequent authdata plugins + */ code = decode_krb5_authdata(&scratch, &request->unenc_authdata); if (code != 0) { free(scratch.data); Modified: trunk/src/kdc/kdc_preauth.c =================================================================== --- trunk/src/kdc/kdc_preauth.c 2009-11-11 17:54:50 UTC (rev 23150) +++ trunk/src/kdc/kdc_preauth.c 2009-11-12 19:12:51 UTC (rev 23151) @@ -2,7 +2,7 @@ /* * kdc/kdc_preauth.c * - * Copyright 1995, 2003, 2007 by the Massachusetts Institute of Technology. + * Copyright 1995, 2003, 2007, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -96,7 +96,9 @@ #include "../include/krb5/preauth_plugin.h" #if TARGET_OS_MAC -static const char *objdirs[] = { KRB5_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/preauth", NULL }; /* should be a list */ +static const char *objdirs[] = { KRB5_PLUGIN_BUNDLE_DIR, + LIBDIR "/krb5/plugins/preauth", + NULL }; /* should be a list */ #else static const char *objdirs[] = { LIBDIR "/krb5/plugins/preauth", NULL }; #endif @@ -123,35 +125,38 @@ preauth_server_free_reqcontext_proc free_pa_reqctx; } krb5_preauth_systems; -static krb5_error_code verify_enc_timestamp -(krb5_context, krb5_db_entry *client, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data, - preauth_get_entry_data_proc get_entry_data, - void *pa_system_context, - void **pa_request_context, - krb5_data **e_data, - krb5_authdata ***authz_data); +static krb5_error_code +verify_enc_timestamp (krb5_context, krb5_db_entry *client, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data, + preauth_get_entry_data_proc get_entry_data, + void *pa_system_context, + void **pa_request_context, + krb5_data **e_data, + krb5_authdata ***authz_data); -static krb5_error_code get_enc_ts -(krb5_context, krb5_kdc_req *request, - krb5_db_entry *client, krb5_db_entry *server, - preauth_get_entry_data_proc get_entry_data, - void *pa_system_context, - krb5_pa_data *data); -static krb5_error_code get_etype_info -(krb5_context, krb5_kdc_req *request, - krb5_db_entry *client, krb5_db_entry *server, - preauth_get_entry_data_proc get_entry_data, - void *pa_system_context, - krb5_pa_data *data); static krb5_error_code +get_enc_ts(krb5_context, krb5_kdc_req *request, + krb5_db_entry *client, krb5_db_entry *server, + preauth_get_entry_data_proc get_entry_data, + void *pa_system_context, + krb5_pa_data *data); + +static krb5_error_code +get_etype_info(krb5_context, krb5_kdc_req *request, + krb5_db_entry *client, krb5_db_entry *server, + preauth_get_entry_data_proc get_entry_data, + void *pa_system_context, + krb5_pa_data *data); + +static krb5_error_code get_etype_info2(krb5_context context, krb5_kdc_req *request, krb5_db_entry *client, krb5_db_entry *server, preauth_get_entry_data_proc get_entry_data, void *pa_system_context, krb5_pa_data *pa_data); + static krb5_error_code etype_info_as_rep_helper(krb5_context context, krb5_pa_data * padata, krb5_db_entry *client, @@ -185,47 +190,47 @@ void *pa_system_context, void **pa_request_context); -static krb5_error_code return_pw_salt -(krb5_context, krb5_pa_data * padata, - krb5_db_entry *client, - krb5_data *req_pkt, - krb5_kdc_req *request, krb5_kdc_rep *reply, - krb5_key_data *client_key, - krb5_keyblock *encrypting_key, - krb5_pa_data **send_pa, - preauth_get_entry_data_proc get_entry_data, - void *pa_system_context, - void **pa_request_context); +static krb5_error_code +return_pw_salt(krb5_context, krb5_pa_data * padata, + krb5_db_entry *client, + krb5_data *req_pkt, + krb5_kdc_req *request, krb5_kdc_rep *reply, + krb5_key_data *client_key, + krb5_keyblock *encrypting_key, + krb5_pa_data **send_pa, + preauth_get_entry_data_proc get_entry_data, + void *pa_system_context, + void **pa_request_context); /* SAM preauth support */ -static krb5_error_code verify_sam_response -(krb5_context, krb5_db_entry *client, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data, - preauth_get_entry_data_proc get_entry_data, - void *pa_module_context, - void **pa_request_context, - krb5_data **e_data, - krb5_authdata ***authz_data); +static krb5_error_code +verify_sam_response(krb5_context, krb5_db_entry *client, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data, + preauth_get_entry_data_proc get_entry_data, + void *pa_module_context, + void **pa_request_context, + krb5_data **e_data, + krb5_authdata ***authz_data); -static krb5_error_code get_sam_edata -(krb5_context, krb5_kdc_req *request, - krb5_db_entry *client, krb5_db_entry *server, - preauth_get_entry_data_proc get_entry_data, - void *pa_module_context, - krb5_pa_data *data); -static krb5_error_code return_sam_data -(krb5_context, krb5_pa_data * padata, - krb5_db_entry *client, - krb5_data *req_pkt, - krb5_kdc_req *request, krb5_kdc_rep *reply, - krb5_key_data *client_key, - krb5_keyblock *encrypting_key, - krb5_pa_data **send_pa, - preauth_get_entry_data_proc get_entry_data, - void *pa_module_context, - void **pa_request_context); +static krb5_error_code +get_sam_edata(krb5_context, krb5_kdc_req *request, + krb5_db_entry *client, krb5_db_entry *server, + preauth_get_entry_data_proc get_entry_data, + void *pa_module_context, + krb5_pa_data *data); +static krb5_error_code +return_sam_data(krb5_context, krb5_pa_data * padata, + krb5_db_entry *client, + krb5_data *req_pkt, + krb5_kdc_req *request, krb5_kdc_rep *reply, + krb5_key_data *client_key, + krb5_keyblock *encrypting_key, + krb5_pa_data **send_pa, + preauth_get_entry_data_proc get_entry_data, + void *pa_module_context, + void **pa_request_context); #if APPLE_PKINIT /* PKINIT preauth support */ @@ -464,7 +469,8 @@ plugin_context = NULL; server_init_proc = static_preauth_systems[i].init; if ((server_init_proc != NULL) && - ((*server_init_proc)(context, &plugin_context, (const char **)kdc_realm_names) != 0)) { + ((*server_init_proc)(context, &plugin_context, + (const char **)kdc_realm_names) != 0)) { memset(&preauth_systems[k], 0, sizeof(preauth_systems[k])); continue; } @@ -493,17 +499,19 @@ server_init_proc = ftable->init_proc; if (server_init_proc != NULL) { krb5_error_code initerr; - initerr = (*server_init_proc)(context, &plugin_context, (const char **)kdc_realm_names); + initerr = (*server_init_proc)(context, &plugin_context, + (const char **)kdc_realm_names); if (initerr) { const char *emsg; emsg = krb5_get_error_message(context, initerr); if (emsg) { krb5_klog_syslog(LOG_ERR, - "preauth %s failed to initialize: %s", - ftable->name, emsg); + "preauth %s failed to initialize: %s", + ftable->name, emsg); krb5_free_error_message(context, emsg); } - memset(&preauth_systems[k], 0, sizeof(preauth_systems[k])); + memset(&preauth_systems[k], 0, + sizeof(preauth_systems[k])); break; /* skip all modules in this plugin */ } @@ -512,7 +520,8 @@ preauth_systems[k].name = ftable->name; preauth_systems[k].type = ftable->pa_type_list[j]; if (ftable->flags_proc != NULL) - preauth_systems[k].flags = ftable->flags_proc(context, preauth_systems[k].type); + preauth_systems[k].flags = ftable->flags_proc(context, + preauth_systems[k].type); else preauth_systems[k].flags = 0; preauth_systems[k].plugin_context = plugin_context; @@ -548,7 +557,7 @@ for (i = 0; i < n_preauth_systems; i++) { if (preauth_systems[i].fini != NULL) { (*preauth_systems[i].fini)(context, - preauth_systems[i].plugin_context); + preauth_systems[i].plugin_context); } memset(&preauth_systems[i], 0, sizeof(preauth_systems[i])); } @@ -640,7 +649,8 @@ } /* Retrieve a specified tl_data item from the given entry, and return its - * contents in a new krb5_data, which must be freed by the caller. */ + * contents in a new krb5_data, which must be freed by the caller. + */ static krb5_error_code get_entry_tl_data(krb5_context context, krb5_db_entry *entry, krb5_int16 tl_data_type, krb5_data **result) @@ -886,7 +896,8 @@ if (request->padata != NULL) { /* Now reorder the subset of modules which replace the key, * bubbling those which handle pa_data types provided by the - * client ahead of the others. */ + * client ahead of the others. + */ for (i = 0; preauth_systems[pa_order[i]].flags & PA_REPLACES_KEY; i++) { continue; } @@ -940,12 +951,13 @@ #endif #ifdef DEBUG - krb5_klog_syslog (LOG_DEBUG, - "client needs %spreauth, %shw preauth; request has %spreauth, %shw preauth", - isflagset (client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) ? "" : "no ", - isflagset (client->attributes, KRB5_KDB_REQUIRES_HW_AUTH) ? "" : "no ", - isflagset (enc_tkt_reply->flags, TKT_FLG_PRE_AUTH) ? "" : "no ", - isflagset (enc_tkt_reply->flags, TKT_FLG_HW_AUTH) ? "" : "no "); + krb5_klog_syslog ( + LOG_DEBUG, + "client needs %spreauth, %shw preauth; request has %spreauth, %shw preauth", + isflagset (client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) ? "" : "no ", + isflagset (client->attributes, KRB5_KDB_REQUIRES_HW_AUTH) ? "" : "no ", + isflagset (enc_tkt_reply->flags, TKT_FLG_PRE_AUTH) ? "" : "no ", + isflagset (enc_tkt_reply->flags, TKT_FLG_HW_AUTH) ? "" : "no "); #endif if (isflagset(client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) && @@ -959,8 +971,9 @@ return 0; } -void get_preauth_hint_list(krb5_kdc_req *request, krb5_db_entry *client, - krb5_db_entry *server, krb5_data *e_data) +void +get_preauth_hint_list(krb5_kdc_req *request, krb5_db_entry *client, + krb5_db_entry *server, krb5_data *e_data) { int hw_only; krb5_preauth_systems *ap; @@ -1007,7 +1020,10 @@ "%spreauth required but hint list is empty", hw_only ? "hw" : ""); } -/* If we fail to get the cookie it is probably still reasonable to continue with the response*/ + /* + * If we fail to get the cookie it is probably + * still reasonable to continue with the response + */ kdc_preauth_get_cookie(request->kdc_state, pa); retval = encode_krb5_padata_sequence(pa_data, &edat); if (retval) @@ -1266,7 +1282,8 @@ void ** pa_context; krb5_boolean key_modified; krb5_keyblock original_key; - if ((!*padata_context)&& (make_padata_context(context, padata_context) != 0)) { + if ((!*padata_context) && + (make_padata_context(context, padata_context) != 0)) { return KRB5KRB_ERR_GENERIC; } @@ -1322,7 +1339,8 @@ } } } - if ((retval = ap->return_padata(context, pa, client, req_pkt, request, reply, + if ((retval = ap->return_padata(context, pa, client, req_pkt, + request, reply, client_key, encrypting_key, send_pa, get_entry_data, ap->plugin_context, pa_context))) { @@ -1346,11 +1364,12 @@ free(pa_order); if (send_pa_list) krb5_free_pa_data(context, send_pa_list); + return (retval); } static krb5_boolean -request_contains_enctype (krb5_context context, const krb5_kdc_req *request, +request_contains_enctype(krb5_context context, const krb5_kdc_req *request, krb5_enctype enctype) { int i; @@ -1360,12 +1379,12 @@ return 0; } -static krb5_error_code get_enc_ts -(krb5_context context, krb5_kdc_req *request, - krb5_db_entry *client, krb5_db_entry *server, - preauth_get_entry_data_proc get_entry_data_proc, - void *pa_system_context, - krb5_pa_data *data) +static krb5_error_code +get_enc_ts(krb5_context context, krb5_kdc_req *request, + krb5_db_entry *client, krb5_db_entry *server, + preauth_get_entry_data_proc get_entry_data_proc, + void *pa_system_context, + krb5_pa_data *data) { struct kdc_request_state *state = request->kdc_state; if (state->armor_key) @@ -1480,6 +1499,7 @@ */ if (retval == KRB5_KDB_NO_MATCHING_KEY && decrypt_err != 0) retval = decrypt_err; + return retval; } @@ -2025,19 +2045,20 @@ memset(&sc, 0, sizeof(sc)); memset(&psr, 0, sizeof(psr)); - /* Given the client name we can figure out what type of preauth - they need. The spec is currently for querying the database for - names that match the types of preauth used. Later we should - make this mapping show up in kdc.conf. In the meantime, we - hardcode the following: - /SNK4 -- Digital Pathways SNK/4 preauth. - /GRAIL -- experimental preauth - The first one found is used. See sam_inst_map above. + /* + * Given the client name we can figure out what type of preauth + * they need. The spec is currently for querying the database for + * names that match the types of preauth used. Later we should + * make this mapping show up in kdc.conf. In the meantime, we + * hardcode the following: + * /SNK4 -- Digital Pathways SNK/4 preauth. + * /GRAIL -- experimental preauth + * The first one found is used. See sam_inst_map above. + * + * For SNK4 in particular, the key in the database is the key for + * the device; kadmin needs a special interface for it. + */ - For SNK4 in particular, the key in the database is the key for - the device; kadmin needs a special interface for it. - */ - { int npr = 1; krb5_boolean more; @@ -2090,8 +2111,8 @@ &tmp_mkey_list) == 0) { krb5_dbe_free_key_list(context, master_keylist); master_keylist = tmp_mkey_list; - if ((retval = krb5_dbe_find_mkey(context, master_keylist, &assoc, - &mkey_ptr))) { + if ((retval = krb5_dbe_find_mkey(context, master_keylist, + &assoc, &mkey_ptr))) { return (retval); } } else { @@ -2103,7 +2124,7 @@ retval = krb5_dbe_find_enctype(kdc_context, &assoc, ENCTYPE_DES_CBC_RAW, KRB5_KDB_SALTTYPE_NORMAL, - 0, /* Get highest kvno */ + 0, /* Get highest kvno */ &assoc_key); if (retval) { char *sname; @@ -2626,12 +2647,12 @@ &client_ctime, &client_cusec, &nonce, &pa_cksum, &cert_sig_status, - NULL, NULL, /* num_cms_types, cms_types */ + NULL, NULL,/* num_cms_types, cms_types */ &client_cert, /* signer_cert */ /* remaining fields unused (for now) */ - NULL, NULL, /* num_all_certs, all_certs */ - NULL, NULL, /* num_trusted_CAs, trusted_CAs */ - NULL); /* kdc_cert */ + NULL, NULL,/* num_all_certs, all_certs */ + NULL, NULL,/* num_trusted_CAs, trusted_CAs */ + NULL); /* kdc_cert */ if(krtn) { kdcPkinitDebug("pa_pk_as_req_parse returned %d; PKINIT aborting.\n", (int)krtn); @@ -2870,17 +2891,18 @@ * We've already verified; just obtain the fields we need to create a response */ krtn = krb5int_pkinit_as_req_parse(context, - &pa_data, - NULL, NULL, &nonce, /* ctime, cusec, nonce */ - NULL, NULL, /* pa_cksum, cert_status */ - &num_cms_types, &cms_types, - &client_cert, /* signer_cert: we encrypt for this */ - /* remaining fields unused (for now) */ - NULL, NULL, /* num_all_certs, all_certs */ - &num_trusted_CAs, &trusted_CAs, - &kdc_cert); + &pa_data, + NULL, NULL, &nonce, /* ctime, cusec, nonce */ + NULL, NULL, /* pa_cksum, cert_status */ + &num_cms_types, &cms_types, + &client_cert, /* signer_cert: we encrypt for this */ + /* remaining fields unused (for now) */ + NULL, NULL, /* num_all_certs, all_certs */ + &num_trusted_CAs, &trusted_CAs, + &kdc_cert); if(krtn) { - kdcPkinitDebug("pa_pk_as_req_parse returned %d; PKINIT aborting.\n", (int)krtn); + kdcPkinitDebug("pa_pk_as_req_parse returned %d; PKINIT aborting.\n", + (int)krtn); goto cleanup; } if(client_cert.data == NULL) { @@ -2933,14 +2955,16 @@ * ReplyKeyPack with here. This may need rethinking. */ krtn = krb5int_pkinit_as_rep_create(context, - encrypting_key, &as_req_checksum, signing_cert, TRUE, + encrypting_key, &as_req_checksum, + signing_cert, TRUE, &client_cert, num_cms_types, cms_types, num_trusted_CAs, trusted_CAs, (kdc_cert.data ? &kdc_cert : NULL), &pa_data); if(krtn) { - kdcPkinitDebug("pa_pk_as_rep_create returned %d; PKINIT aborting.\n", (int)krtn); + kdcPkinitDebug("pa_pk_as_rep_create returned %d; PKINIT aborting.\n", + (int)krtn); goto cleanup; } @@ -3089,7 +3113,8 @@ krb5_pa_data * padata, krb5_db_entry *client, krb5_db_entry *server, - krb5_kdc_req *request, krb5_kdc_rep *reply, + krb5_kdc_req *request, + krb5_kdc_rep *reply, krb5_key_data *client_key, krb5_keyblock *encrypting_key, krb5_pa_data **send_pa) From tsitkova at MIT.EDU Thu Nov 12 14:31:33 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Thu, 12 Nov 2009 14:31:33 -0500 Subject: svn rev #23152: trunk/src/kdc/ Message-ID: <200911121931.nACJVXL2005107@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23152 Commit By: tsitkova Log Message: Restore the local variable type. Changed Files: U trunk/src/kdc/do_tgs_req.c Modified: trunk/src/kdc/do_tgs_req.c =================================================================== --- trunk/src/kdc/do_tgs_req.c 2009-11-12 19:12:51 UTC (rev 23151) +++ trunk/src/kdc/do_tgs_req.c 2009-11-12 19:31:33 UTC (rev 23152) @@ -332,7 +332,7 @@ useenctype = 0; if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)) { - krb5_keyblock st_sealing_key; + krb5_keyblock * st_sealing_key; krb5_kvno st_srv_kvno; krb5_enctype etype; krb5_db_entry st_client; From tsitkova at MIT.EDU Thu Nov 12 15:17:34 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Thu, 12 Nov 2009 15:17:34 -0500 Subject: svn rev #23153: trunk/src/kdc/ Message-ID: <200911122017.nACKHYTp009207@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23153 Commit By: tsitkova Log Message: Post-great-reindent check. Part II. Changed Files: U trunk/src/kdc/kdc_util.h U trunk/src/kdc/main.c Modified: trunk/src/kdc/kdc_util.h =================================================================== --- trunk/src/kdc/kdc_util.h 2009-11-12 19:31:33 UTC (rev 23152) +++ trunk/src/kdc/kdc_util.h 2009-11-12 20:17:34 UTC (rev 23153) @@ -43,52 +43,58 @@ krb5_boolean realm_compare (krb5_const_principal, krb5_const_principal); krb5_boolean is_local_principal(krb5_const_principal princ1); krb5_boolean krb5_is_tgs_principal (krb5_const_principal); -krb5_error_code add_to_transited (krb5_data *, +krb5_error_code +add_to_transited (krb5_data *, krb5_data *, krb5_principal, krb5_principal, krb5_principal); -krb5_error_code compress_transited (krb5_data *, +krb5_error_code +compress_transited (krb5_data *, krb5_principal, krb5_data *); -krb5_error_code concat_authorization_data (krb5_authdata **, - krb5_authdata **, - krb5_authdata ***); -krb5_error_code fetch_last_req_info (krb5_db_entry *, - krb5_last_req_entry ***); +krb5_error_code +concat_authorization_data (krb5_authdata **, + krb5_authdata **, + krb5_authdata ***); +krb5_error_code +fetch_last_req_info (krb5_db_entry *, krb5_last_req_entry ***); -krb5_error_code kdc_convert_key (krb5_keyblock *, - krb5_keyblock *, - int); -krb5_error_code kdc_process_tgs_req -(krb5_kdc_req *, - const krb5_fulladdr *, - krb5_data *, - krb5_ticket **, - krb5_db_entry *krbtgt, - int *nprincs, - krb5_keyblock **, krb5_keyblock **, - krb5_pa_data **pa_tgs_req); +krb5_error_code +kdc_convert_key (krb5_keyblock *, krb5_keyblock *, int); +krb5_error_codex +kdc_process_tgs_req (krb5_kdc_req *, + const krb5_fulladdr *, + krb5_data *, + krb5_ticket **, + krb5_db_entry *krbtgt, + int *nprincs, + krb5_keyblock **, krb5_keyblock **, + krb5_pa_data **pa_tgs_req); -krb5_error_code kdc_get_server_key (krb5_ticket *, unsigned int, - krb5_boolean match_enctype, - krb5_db_entry *, int *, - krb5_keyblock **, krb5_kvno *); +krb5_error_code +kdc_get_server_key (krb5_ticket *, unsigned int, + krb5_boolean match_enctype, + krb5_db_entry *, int *, + krb5_keyblock **, krb5_kvno *); -int validate_as_request (krb5_kdc_req *, krb5_db_entry, - krb5_db_entry, krb5_timestamp, - const char **, krb5_data *); +int +validate_as_request (krb5_kdc_req *, krb5_db_entry, + krb5_db_entry, krb5_timestamp, + const char **, krb5_data *); -int validate_forwardable(krb5_kdc_req *, krb5_db_entry, - krb5_db_entry, krb5_timestamp, - const char **); +int +validate_forwardable(krb5_kdc_req *, krb5_db_entry, + krb5_db_entry, krb5_timestamp, + const char **); -int validate_tgs_request (krb5_kdc_req *, krb5_db_entry, - krb5_ticket *, krb5_timestamp, - const char **, krb5_data *); +int +validate_tgs_request (krb5_kdc_req *, krb5_db_entry, + krb5_ticket *, krb5_timestamp, + const char **, krb5_data *); -int fetch_asn1_field (unsigned char *, unsigned int, unsigned int, - krb5_data *); +int +fetch_asn1_field (unsigned char *, unsigned int, unsigned int, krb5_data *); int dbentry_has_key_for_enctype (krb5_context context, @@ -119,24 +125,29 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep); /* do_as_req.c */ -krb5_error_code process_as_req (krb5_kdc_req *, krb5_data *, +krb5_error_code +process_as_req (krb5_kdc_req *, krb5_data *, const krb5_fulladdr *, krb5_data ** ); /* do_tgs_req.c */ -krb5_error_code process_tgs_req (krb5_data *, +krb5_error_code +process_tgs_req (krb5_data *, const krb5_fulladdr *, krb5_data ** ); /* dispatch.c */ -krb5_error_code dispatch (krb5_data *, +krb5_error_code +dispatch (krb5_data *, const krb5_fulladdr *, krb5_data **); /* main.c */ krb5_error_code kdc_initialize_rcache (krb5_context, char *); -krb5_error_code setup_server_realm (krb5_principal); -void kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...); +krb5_error_code +setup_server_realm (krb5_principal); +void +kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...); /* network.c */ krb5_error_code listen_and_process (void); @@ -144,53 +155,65 @@ krb5_error_code closedown_network (void); /* policy.c */ -int against_local_policy_as (krb5_kdc_req *, krb5_db_entry, +int +against_local_policy_as (krb5_kdc_req *, krb5_db_entry, krb5_db_entry, krb5_timestamp, const char **, krb5_data *); -int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry, +int +against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry, krb5_ticket *, const char **, krb5_data *); /* kdc_preauth.c */ -krb5_boolean enctype_requires_etype_info_2(krb5_enctype enctype); +krb5_boolean +enctype_requires_etype_info_2(krb5_enctype enctype); -const char * missing_required_preauth -(krb5_db_entry *client, krb5_db_entry *server, - krb5_enc_tkt_part *enc_tkt_reply); -void get_preauth_hint_list (krb5_kdc_req * request, +const char * +missing_required_preauth (krb5_db_entry *client, + krb5_db_entry *server, + krb5_enc_tkt_part *enc_tkt_reply); +void +get_preauth_hint_list (krb5_kdc_req * request, krb5_db_entry *client, krb5_db_entry *server, krb5_data *e_data); -krb5_error_code load_preauth_plugins(krb5_context context); -krb5_error_code unload_preauth_plugins(krb5_context context); +krb5_error_code +load_preauth_plugins(krb5_context context); +krb5_error_code +unload_preauth_plugins(krb5_context context); -krb5_error_code check_padata -(krb5_context context, krb5_db_entry *client, krb5_data *req_pkt, - krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply, - void **padata_context, krb5_data *e_data); +krb5_error_code +check_padata (krb5_context context, + krb5_db_entry *client, krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_enc_tkt_part *enc_tkt_reply, + void **padata_context, krb5_data *e_data); -krb5_error_code return_padata -(krb5_context context, krb5_db_entry *client, - krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply, - krb5_key_data *client_key, krb5_keyblock *encrypting_key, - void **padata_context); +krb5_error_code +return_padata (krb5_context context, krb5_db_entry *client, + krb5_data *req_pkt, krb5_kdc_req *request, + krb5_kdc_rep *reply, + krb5_key_data *client_key, krb5_keyblock *encrypting_key, + void **padata_context); -krb5_error_code free_padata_context -(krb5_context context, void **padata_context); +krb5_error_code +free_padata_context (krb5_context context, void **padata_context); -krb5_pa_data *find_pa_data -(krb5_pa_data **padata, krb5_preauthtype pa_type); +krb5_pa_data * +find_pa_data (krb5_pa_data **padata, krb5_preauthtype pa_type); -krb5_error_code add_pa_data_element -(krb5_context context, - krb5_pa_data *padata, - krb5_pa_data ***out_padata, - krb5_boolean copy); +krb5_error_code +add_pa_data_element (krb5_context context, + krb5_pa_data *padata, + krb5_pa_data ***out_padata, + krb5_boolean copy); /* kdc_authdata.c */ -krb5_error_code load_authdata_plugins(krb5_context context); -krb5_error_code unload_authdata_plugins(krb5_context context); +krb5_error_code +load_authdata_plugins(krb5_context context); +krb5_error_code +unload_authdata_plugins(krb5_context context); krb5_error_code handle_authdata (krb5_context context, @@ -226,75 +249,75 @@ krb5_boolean include_pac_p(krb5_context context, krb5_kdc_req *request); -krb5_error_code return_svr_referral_data -(krb5_context context, - krb5_db_entry *server, - krb5_enc_kdc_rep_part *reply_encpart); +krb5_error_code +return_svr_referral_data (krb5_context context, + krb5_db_entry *server, + krb5_enc_kdc_rep_part *reply_encpart); -krb5_error_code sign_db_authdata -(krb5_context context, - unsigned int flags, - krb5_const_principal client_princ, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_db_entry *krbtgt, - krb5_keyblock *client_key, - krb5_keyblock *server_key, - krb5_keyblock *krbtgt_key, - krb5_timestamp authtime, - krb5_authdata **tgs_authdata, - krb5_keyblock *session_key, - krb5_authdata ***ret_authdata); +krb5_error_code +sign_db_authdata (krb5_context context, + unsigned int flags, + krb5_const_principal client_princ, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_timestamp authtime, + krb5_authdata **tgs_authdata, + krb5_keyblock *session_key, + krb5_authdata ***ret_authdata); -krb5_error_code kdc_process_s4u2self_req -(krb5_context context, - krb5_kdc_req *request, - krb5_const_principal client_princ, - const krb5_db_entry *server, - krb5_keyblock *tgs_subkey, - krb5_keyblock *tgs_session, - krb5_timestamp kdc_time, - krb5_pa_s4u_x509_user **s4u2self_req, - krb5_db_entry *princ, - int *nprincs, - const char **status); +krb5_error_code +kdc_process_s4u2self_req (krb5_context context, + krb5_kdc_req *request, + krb5_const_principal client_princ, + const krb5_db_entry *server, + krb5_keyblock *tgs_subkey, + krb5_keyblock *tgs_session, + krb5_timestamp kdc_time, + krb5_pa_s4u_x509_user **s4u2self_req, + krb5_db_entry *princ, + int *nprincs, + const char **status); -krb5_error_code kdc_make_s4u2self_rep -(krb5_context context, - krb5_keyblock *tgs_subkey, - krb5_keyblock *tgs_session, - krb5_pa_s4u_x509_user *req_s4u_user, - krb5_kdc_rep *reply, - krb5_enc_kdc_rep_part *reply_encpart); +krb5_error_code +kdc_make_s4u2self_rep (krb5_context context, + krb5_keyblock *tgs_subkey, + krb5_keyblock *tgs_session, + krb5_pa_s4u_x509_user *req_s4u_user, + krb5_kdc_rep *reply, + krb5_enc_kdc_rep_part *reply_encpart); -krb5_error_code kdc_process_s4u2proxy_req -(krb5_context context, - krb5_kdc_req *request, - const krb5_enc_tkt_part *t2enc, - const krb5_db_entry *server, - krb5_const_principal server_princ, - krb5_const_principal proxy_princ, - const char **status); +krb5_error_code +kdc_process_s4u2proxy_req (krb5_context context, + krb5_kdc_req *request, + const krb5_enc_tkt_part *t2enc, + const krb5_db_entry *server, + krb5_const_principal server_princ, + krb5_const_principal proxy_princ, + const char **status); -krb5_error_code kdc_check_transited_list -(krb5_context context, - const krb5_data *trans, - const krb5_data *realm1, - const krb5_data *realm2); +krb5_error_code +kdc_check_transited_list (krb5_context context, + const krb5_data *trans, + const krb5_data *realm1, + const krb5_data *realm2); -krb5_error_code audit_as_request -(krb5_kdc_req *request, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_timestamp authtime, - krb5_error_code errcode); +krb5_error_code +audit_as_request (krb5_kdc_req *request, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode); -krb5_error_code audit_tgs_request -(krb5_kdc_req *request, - krb5_const_principal client, - krb5_db_entry *server, - krb5_timestamp authtime, - krb5_error_code errcode); +krb5_error_code +audit_tgs_request (krb5_kdc_req *request, + krb5_const_principal client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode); krb5_error_code validate_transit_path(krb5_context context, @@ -324,7 +347,8 @@ krb5_timestamp authtime, unsigned int c_flags, const char *s4u_name, const char *status, krb5_error_code errcode, const char *emsg); -void log_tgs_alt_tgt(krb5_principal p); +void +log_tgs_alt_tgt(krb5_principal p); /*Request state*/ @@ -337,8 +361,7 @@ }; krb5_error_code kdc_make_rstate(struct kdc_request_state **out); -void kdc_free_rstate -(struct kdc_request_state *s); +void kdc_free_rstate (struct kdc_request_state *s); /* FAST*/ enum krb5_fast_kdc_flags { @@ -346,20 +369,21 @@ KRB5_FAST_REPLY_KEY_REPLACED = 0x02, }; -krb5_error_code kdc_find_fast -(krb5_kdc_req **requestptr, krb5_data *checksummed_data, - krb5_keyblock *tgs_subkey, krb5_keyblock *tgs_session, - struct kdc_request_state *state); +krb5_error_code +kdc_find_fast (krb5_kdc_req **requestptr, krb5_data *checksummed_data, + krb5_keyblock *tgs_subkey, krb5_keyblock *tgs_session, + struct kdc_request_state *state); -krb5_error_code kdc_fast_response_handle_padata -(struct kdc_request_state *state, - krb5_kdc_req *request, - krb5_kdc_rep *rep, - krb5_enctype enctype); -krb5_error_code kdc_fast_handle_error -(krb5_context context, struct kdc_request_state *state, - krb5_kdc_req *request, - krb5_pa_data **in_padata, krb5_error *err); +krb5_error_code +kdc_fast_response_handle_padata (struct kdc_request_state *state, + krb5_kdc_req *request, + krb5_kdc_rep *rep, + krb5_enctype enctype); +krb5_error_code +kdc_fast_handle_error (krb5_context context, + struct kdc_request_state *state, + krb5_kdc_req *request, + krb5_pa_data **in_padata, krb5_error *err); krb5_error_code kdc_fast_handle_reply_key(struct kdc_request_state *state, krb5_keyblock *existing_key, Modified: trunk/src/kdc/main.c =================================================================== --- trunk/src/kdc/main.c 2009-11-12 19:31:33 UTC (rev 23152) +++ trunk/src/kdc/main.c 2009-11-12 20:17:34 UTC (rev 23153) @@ -207,47 +207,56 @@ retval = ENOMEM; } else { if (rparams && rparams->realm_no_host_referral) { - if (krb5_match_config_pattern(rparams->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) { + if (krb5_match_config_pattern(rparams->realm_no_host_referral, + KRB5_CONF_ASTERISK) == TRUE) { rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_no_host_referral) retval = ENOMEM; - } else if (no_refrls && (asprintf(&(rdp->realm_no_host_referral), "%s%s%s%s%s", - " ", no_refrls," ",rparams->realm_no_host_referral, " ") < 0)) + } else if (no_refrls && (asprintf(&(rdp->realm_no_host_referral), + "%s%s%s%s%s", " ", no_refrls," ", + rparams->realm_no_host_referral, " ") < 0)) retval = ENOMEM; else if (asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", rparams->realm_no_host_referral, " ") < 0) retval = ENOMEM; } else if( no_refrls != NULL) { - if ( asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", no_refrls, " ") < 0) + if ( asprintf(&(rdp->realm_no_host_referral), + "%s%s%s", " ", no_refrls, " ") < 0) retval = ENOMEM; } else rdp->realm_no_host_referral = NULL; } - if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) { + if (rdp->realm_no_host_referral && + krb5_match_config_pattern(rdp->realm_no_host_referral, + KRB5_CONF_ASTERISK) == TRUE) { rdp->realm_host_based_services = NULL; return 0; } - if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) { + if (host_based_srvcs && + (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) { rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; } else { if (rparams && rparams->realm_host_based_services) { - if (krb5_match_config_pattern(rparams->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE) { + if (krb5_match_config_pattern(rparams->realm_host_based_services, + KRB5_CONF_ASTERISK) == TRUE) { rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; } else if (host_based_srvcs) { if (asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s", - " ", host_based_srvcs," ",rparams->realm_host_based_services, " ") < 0) + " ", host_based_srvcs," ", + rparams->realm_host_based_services, " ") < 0) retval = ENOMEM; } else if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", rparams->realm_host_based_services, " ") < 0) retval = ENOMEM; } else if (host_based_srvcs) { - if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", host_based_srvcs, " ") < 0) + if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", + host_based_srvcs, " ") < 0) retval = ENOMEM; } else rdp->realm_host_based_services = NULL; @@ -255,6 +264,7 @@ return retval; } + /* * Initialize a realm control structure from the alternate profile or from * the specified defaults. @@ -548,7 +558,7 @@ void usage(char *name) { - fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n\t\t[-R replaycachename] [-m] [-k masterenctype] [-M masterkeyname]\n\t\t[-p port] [-n]\n" + fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n\t\t[-R replaycachename] [-m] [-k masterenctype] [-M masterkeyname]\n\t\t[-p port] [/]\n" "\nwhere,\n\t[-x db_args]* - Any number of database specific arguments. Look at\n" "\t\t\teach database module documentation for supported\n\t\t\targuments\n", name); @@ -593,7 +603,8 @@ hierarchy[1] = KRB5_CONF_NO_HOST_REFERRAL; if (krb5_aprof_get_string_all(aprof, hierarchy, &no_refrls)) no_refrls = 0; - if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { + if (!no_refrls || + krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { hierarchy[1] = KRB5_CONF_HOST_BASED_SERVICES; if (krb5_aprof_get_string_all(aprof, hierarchy, &host_based_srvcs)) host_based_srvcs = 0; @@ -649,7 +660,8 @@ menctype, default_udp_ports, default_tcp_ports, manual, db_args, no_refrls, host_based_srvcs))) { - fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n", + fprintf(stderr, + "%s: cannot initialize realm %s - see log file for details\n", argv[0], optarg); exit(1); } @@ -666,7 +678,9 @@ } break; case 'd': /* pathname for db */ - /* now db_name is not a seperate argument. It has to be passed as part of the db_args */ + /* now db_name is not a seperate argument. + * It has to be passed as part of the db_args + */ if( db_name == NULL ) { if (asprintf(&db_name, "dbname=%s", optarg) < 0) { fprintf(stderr, From tsitkova at MIT.EDU Thu Nov 12 15:22:54 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Thu, 12 Nov 2009 15:22:54 -0500 Subject: svn rev #23154: trunk/src/kdc/ Message-ID: <200911122022.nACKMsAM009687@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23154 Commit By: tsitkova Log Message: Typo fix Changed Files: U trunk/src/kdc/kdc_util.h Modified: trunk/src/kdc/kdc_util.h =================================================================== --- trunk/src/kdc/kdc_util.h 2009-11-12 20:17:34 UTC (rev 23153) +++ trunk/src/kdc/kdc_util.h 2009-11-12 20:22:53 UTC (rev 23154) @@ -62,7 +62,7 @@ krb5_error_code kdc_convert_key (krb5_keyblock *, krb5_keyblock *, int); -krb5_error_codex +krb5_error_code kdc_process_tgs_req (krb5_kdc_req *, const krb5_fulladdr *, krb5_data *, From ghudson at MIT.EDU Thu Nov 12 19:28:30 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 12 Nov 2009 19:28:30 -0500 Subject: svn rev #23157: trunk/src/lib/krb5/rcache/ Message-ID: <200911130028.nAD0SUSi030627@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23157 Commit By: ghudson Log Message: In lib/krb5/rcache, ensure that function definition headers put the function name at the beginning of the line. Changed Files: U trunk/src/lib/krb5/rcache/rc_base.c U trunk/src/lib/krb5/rcache/t_replay.c Modified: trunk/src/lib/krb5/rcache/rc_base.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_base.c 2009-11-12 23:45:25 UTC (rev 23156) +++ trunk/src/lib/krb5/rcache/rc_base.c 2009-11-13 00:28:30 UTC (rev 23157) @@ -24,11 +24,14 @@ static struct krb5_rc_typelist *typehead = &krb5_rc_typelist_dfl; static k5_mutex_t rc_typelist_lock = K5_MUTEX_PARTIAL_INITIALIZER; -int krb5int_rc_finish_init(void) +int +krb5int_rc_finish_init(void) { return k5_mutex_finish_init(&rc_typelist_lock); } -void krb5int_rc_terminate(void) + +void +krb5int_rc_terminate(void) { struct krb5_rc_typelist *t, *t_next; k5_mutex_destroy(&rc_typelist_lock); @@ -38,8 +41,8 @@ } } -krb5_error_code krb5_rc_register_type(krb5_context context, - const krb5_rc_ops *ops) +krb5_error_code +krb5_rc_register_type(krb5_context context, const krb5_rc_ops *ops) { struct krb5_rc_typelist *t; krb5_error_code err; @@ -64,8 +67,8 @@ return 0; } -krb5_error_code krb5_rc_resolve_type(krb5_context context, krb5_rcache *idptr, - char *type) +krb5_error_code +krb5_rc_resolve_type(krb5_context context, krb5_rcache *idptr, char *type) { struct krb5_rc_typelist *t; krb5_error_code err; @@ -104,7 +107,8 @@ return id->ops->type; } -char * krb5_rc_default_type(krb5_context context) +char * +krb5_rc_default_type(krb5_context context) { char *s; if ((s = getenv("KRB5RCACHETYPE"))) @@ -113,7 +117,8 @@ return "dfl"; } -char * krb5_rc_default_name(krb5_context context) +char * +krb5_rc_default_name(krb5_context context) { char *s; if ((s = getenv("KRB5RCACHENAME"))) @@ -144,8 +149,9 @@ } -krb5_error_code krb5_rc_resolve_full(krb5_context context, krb5_rcache *idptr, - char *string_name) +krb5_error_code +krb5_rc_resolve_full(krb5_context context, krb5_rcache *idptr, + char *string_name) { char *type; char *residual; Modified: trunk/src/lib/krb5/rcache/t_replay.c =================================================================== --- trunk/src/lib/krb5/rcache/t_replay.c 2009-11-12 23:45:25 UTC (rev 23156) +++ trunk/src/lib/krb5/rcache/t_replay.c 2009-11-13 00:28:30 UTC (rev 23157) @@ -35,7 +35,8 @@ #include "k5-int.h" -static void usage(const char *progname) +static void +usage(const char *progname) { fprintf(stderr, "%s: Usage:\n", progname); fprintf(stderr, " %s dump \n", progname); @@ -45,7 +46,8 @@ exit(1); } -static char *read_counted_string(FILE *fp) +static char * +read_counted_string(FILE *fp) { unsigned int len; char *str; @@ -63,7 +65,8 @@ return str; } -static void dump_rcache(const char *filename) +static void +dump_rcache(const char *filename) { FILE *fp; krb5_deltat lifespan; @@ -105,9 +108,10 @@ } } -static void store(krb5_context ctx, char *rcspec, char *client, char *server, - char *msg, krb5_timestamp timestamp, krb5_int32 usec, - krb5_timestamp now_timestamp, krb5_int32 now_usec) +static void +store(krb5_context ctx, char *rcspec, char *client, char *server, char *msg, + krb5_timestamp timestamp, krb5_int32 usec, krb5_timestamp now_timestamp, + krb5_int32 now_usec) { krb5_rcache rc = NULL; krb5_error_code retval = 0; @@ -146,8 +150,9 @@ free(hash); } -static void expunge(krb5_context ctx, char *rcspec, - krb5_timestamp now_timestamp, krb5_int32 now_usec) +static void +expunge(krb5_context ctx, char *rcspec, krb5_timestamp now_timestamp, + krb5_int32 now_usec) { krb5_rcache rc = NULL; krb5_error_code retval = 0; @@ -168,7 +173,8 @@ krb5_rc_close(ctx, rc); } -int main(int argc, char **argv) +int +main(int argc, char **argv) { krb5_context ctx; krb5_error_code retval; From ghudson at MIT.EDU Fri Nov 13 23:46:30 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Fri, 13 Nov 2009 23:46:30 -0500 Subject: svn rev #23160: trunk/src/ include/ include/krb5/ kdc/ lib/krb5/ lib/krb5/asn.1/ ... Message-ID: <200911140446.nAE4kUG8011099@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23160 Commit By: ghudson Log Message: ticket: 6580 subject: Constrained delegation without PAC support Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a Heimdal-compatible mechanism for allowing constrained delegation without back-end support for PACs. Back-end support exists in LDAP only (via a new krbAllowedToDelegateTo attribute), not DB2. Changed Files: U trunk/src/include/k5-int.h U trunk/src/include/krb5/krb5.hin U trunk/src/kdc/do_tgs_req.c U trunk/src/kdc/kdc_authdata.c U trunk/src/lib/krb5/asn.1/asn1_k_decode.c U trunk/src/lib/krb5/asn.1/asn1_k_decode.h U trunk/src/lib/krb5/asn.1/asn1_k_encode.c U trunk/src/lib/krb5/asn.1/krb5_decode.c U trunk/src/lib/krb5/krb/copy_auth.c U trunk/src/lib/krb5/krb/kfree.c U trunk/src/lib/krb5/libkrb5.exports U trunk/src/plugins/authdata/greet_server/greet_auth.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif U trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c U trunk/src/tests/asn.1/krb5_decode_leak.c U trunk/src/tests/asn.1/krb5_decode_test.c U trunk/src/tests/asn.1/krb5_encode_test.c U trunk/src/tests/asn.1/ktest.c U trunk/src/tests/asn.1/ktest.h U trunk/src/tests/asn.1/ktest_equal.c U trunk/src/tests/asn.1/ktest_equal.h U trunk/src/tests/asn.1/reference_encode.out U trunk/src/tests/asn.1/trval_reference.out Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/include/k5-int.h 2009-11-14 04:46:30 UTC (rev 23160) @@ -1075,6 +1075,21 @@ krb5_authdata **elements; } krb5_ad_kdcissued; +typedef struct _krb5_ad_signedpath_data { + krb5_principal client; + krb5_timestamp authtime; + krb5_principal *delegated; + krb5_pa_data **method_data; + krb5_authdata **authorization_data; +} krb5_ad_signedpath_data; + +typedef struct _krb5_ad_signedpath { + krb5_enctype enctype; + krb5_checksum checksum; + krb5_principal *delegated; + krb5_pa_data **method_data; +} krb5_ad_signedpath; + typedef krb5_error_code (*krb5_preauth_obtain_proc) (krb5_context, krb5_pa_data *, @@ -1386,6 +1401,8 @@ (krb5_context, krb5_fast_response *); void KRB5_CALLCONV krb5_free_ad_kdcissued (krb5_context, krb5_ad_kdcissued *); +void KRB5_CALLCONV krb5_free_ad_signedpath +(krb5_context, krb5_ad_signedpath *); /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ #include "com_err.h" @@ -1810,6 +1827,10 @@ krb5_error_code encode_krb5_ad_kdcissued (const krb5_ad_kdcissued *, krb5_data **); +krb5_error_code encode_krb5_ad_signedpath +(const krb5_ad_signedpath *, krb5_data **); +krb5_error_code encode_krb5_ad_signedpath_data +(const krb5_ad_signedpath_data *, krb5_data **); /************************************************************************* * End of prototypes for krb5_encode.c @@ -1989,6 +2010,9 @@ krb5_error_code decode_krb5_ad_kdcissued (const krb5_data *, krb5_ad_kdcissued **); +krb5_error_code decode_krb5_ad_signedpath +(const krb5_data *, krb5_ad_signedpath **); + struct _krb5_key_data; /* kdb.h */ struct ldap_seqof_key_data { @@ -3008,6 +3032,12 @@ krb5_ticket *evidence_tkt, krb5_creds **out_creds); +krb5_error_code KRB5_CALLCONV +krb5int_get_authdata_containee_types(krb5_context context, + const krb5_authdata *container, + unsigned int *nad_types, + krb5_authdatatype **ad_types); + krb5_error_code krb5int_parse_enctype_list(krb5_context context, char *profstr, krb5_enctype *default_list, krb5_enctype **result); Modified: trunk/src/include/krb5/krb5.hin =================================================================== --- trunk/src/include/krb5/krb5.hin 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/include/krb5/krb5.hin 2009-11-14 04:46:30 UTC (rev 23160) @@ -647,6 +647,8 @@ #define KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST 26 /* XXX note conflict with above */ #define KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY 27 /* XXX note conflict with above */ +#define KRB5_KEYUSAGE_AD_SIGNEDPATH -21 + /* define in draft-ietf-krb-wg-preauth-framework*/ #define KRB5_KEYUSAGE_FAST_REQ_CHKSUM 50 #define KRB5_KEYUSAGE_FAST_ENC 51 @@ -1092,6 +1094,7 @@ #define KRB5_AUTHDATA_SESAME 65 #define KRB5_AUTHDATA_WIN2K_PAC 128 #define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */ +#define KRB5_AUTHDATA_SIGNTICKET 142 #define KRB5_AUTHDATA_FX_ARMOR 71 /* password change constants */ Modified: trunk/src/kdc/do_tgs_req.c =================================================================== --- trunk/src/kdc/do_tgs_req.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/kdc/do_tgs_req.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -103,7 +103,7 @@ krb5_keyblock encrypting_key; int nprincs = 0; krb5_boolean more; - krb5_timestamp kdc_time, authtime=0; + krb5_timestamp kdc_time, authtime = 0; krb5_keyblock session_key; krb5_timestamp rtime; krb5_keyblock *reply_key = NULL; @@ -116,7 +116,8 @@ register int i; int firstpass = 1; const char *status = 0; - krb5_enc_tkt_part *header_enc_tkt = NULL; /* TG or evidence ticket */ + krb5_enc_tkt_part *header_enc_tkt = NULL; /* TGT */ + krb5_enc_tkt_part *subject_tkt = NULL; /* TGT or evidence ticket */ krb5_db_entry client, krbtgt; int c_nprincs = 0, k_nprincs = 0; krb5_pa_s4u_x509_user *s4u_x509_user = NULL; /* protocol transition request */ @@ -135,6 +136,7 @@ reply.padata = 0; /* For cleanup handler */ reply_encpart.enc_padata = 0; + e_data.data = NULL; session_key.contents = NULL; @@ -391,9 +393,6 @@ assert(krb5_is_tgs_principal(header_ticket->server)); - /* From now on, use evidence ticket as header ticket */ - header_enc_tkt = request->second_ticket[st_idx]->enc_part2; - assert(c_nprincs == 0); /* assured by kdc_process_s4u2self_req() */ client = st_client; @@ -425,8 +424,19 @@ goto cleanup; } - authtime = header_enc_tkt->times.authtime; + /* + * subject_tkt will refer to the evidence ticket (for constrained + * delegation) or the TGT. The distinction from header_enc_tkt is + * necessary because the TGS signature only protects some fields: + * the others could be forged by a malicious server. + */ + if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) + subject_tkt = request->second_ticket[st_idx]->enc_part2; + else + subject_tkt = header_enc_tkt; + authtime = subject_tkt->times.authtime; + if (is_referral) ticket_reply.server = server.princ; else @@ -443,7 +453,7 @@ * authtime's value. */ if (!(header_enc_tkt->times.starttime)) - header_enc_tkt->times.starttime = header_enc_tkt->times.authtime; + header_enc_tkt->times.starttime = authtime; /* don't use new addresses unless forwarded, see below */ @@ -584,9 +594,9 @@ } /* - * Set authtime to be the same as header_ticket's + * Set authtime to be the same as header or evidence ticket's */ - enc_tkt_reply.times.authtime = header_enc_tkt->times.authtime; + enc_tkt_reply.times.authtime = authtime; /* * Propagate the preauthentication flags through to the returned ticket. @@ -606,7 +616,7 @@ errcode = krb5_unparse_name(kdc_context, s4u_x509_user->user_id.user, &s4u_name); } else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) { - errcode = krb5_unparse_name(kdc_context, header_enc_tkt->client, + errcode = krb5_unparse_name(kdc_context, subject_tkt->client, &s4u_name); } else { errcode = 0; @@ -676,15 +686,13 @@ if (isflagset(server.attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED) == 0) { /* * If we are not doing protocol transition/constrained delegation - * and there was no authorization data included, try to lookup - * the client principal as it may be mapped to a local account. + * try to lookup the client principal so plugins can add additional + * authorization information. * * Always validate authorization data for constrained delegation * because we must validate the KDC signatures. */ - if (!isflagset(c_flags, KRB5_KDB_FLAGS_S4U) && - header_enc_tkt->authorization_data == NULL) { - + if (!isflagset(c_flags, KRB5_KDB_FLAGS_S4U)) { /* Generate authorization data so we can include it in ticket */ setflag(c_flags, KRB5_KDB_FLAG_INCLUDE_PAC); /* Map principals from foreign (possibly non-AD) realms */ @@ -694,7 +702,7 @@ c_nprincs = 1; errcode = krb5_db_get_principal_ext(kdc_context, - header_enc_tkt->client, + subject_tkt->client, c_flags, &client, &c_nprincs, @@ -720,7 +728,7 @@ !isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM)) enc_tkt_reply.client = s4u_x509_user->user_id.user; else - enc_tkt_reply.client = header_enc_tkt->client; + enc_tkt_reply.client = subject_tkt->client; enc_tkt_reply.session = &session_key; enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS; @@ -739,7 +747,7 @@ request, s4u_x509_user ? s4u_x509_user->user_id.user : NULL, - header_enc_tkt, + subject_tkt, &enc_tkt_reply); if (errcode) { krb5_klog_syslog(LOG_INFO, "TGS_REQ : handle_authdata (%d)", errcode); @@ -913,10 +921,8 @@ reply_encpart.session = &session_key; reply_encpart.nonce = request->nonce; - /* copy the time fields EXCEPT for authtime; its location - is used for ktime */ + /* copy the time fields */ reply_encpart.times = enc_tkt_reply.times; - reply_encpart.times.authtime = header_enc_tkt->times.authtime; /* starttime is optional, and treated as authtime if not present. so we can nuke it if it matches */ Modified: trunk/src/kdc/kdc_authdata.c =================================================================== --- trunk/src/kdc/kdc_authdata.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/kdc/kdc_authdata.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -3,7 +3,7 @@ * kdc/kdc_authdata.c * * Copyright (C) 2007 Apple Inc. All Rights Reserved. - * Copyright (C) 2008 by the Massachusetts Institute of Technology. + * Copyright (C) 2008, 2009 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -36,7 +36,7 @@ #include #include -#include "../include/krb5/authdata_plugin.h" +#include #if TARGET_OS_MAC static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, @@ -70,7 +70,6 @@ typedef void (*fini_proc) (krb5_context, void *); -/* Internal authdata system for copying TGS-REQ authdata to ticket */ static krb5_error_code handle_request_authdata (krb5_context context, unsigned int flags, @@ -86,7 +85,6 @@ krb5_enc_tkt_part *enc_tkt_request, krb5_enc_tkt_part *enc_tkt_reply); -/* Internal authdata system for handling KDC-issued authdata */ static krb5_error_code handle_tgt_authdata (krb5_context context, unsigned int flags, @@ -102,6 +100,27 @@ krb5_enc_tkt_part *enc_tkt_request, krb5_enc_tkt_part *enc_tkt_reply); +static krb5_error_code +handle_kdb_authdata(krb5_context context, unsigned int flags, + krb5_db_entry *client, krb5_db_entry *server, + krb5_db_entry *krbtgt, krb5_keyblock *client_key, + krb5_keyblock *server_key, krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); + +static krb5_error_code +handle_signedpath_authdata(krb5_context context, unsigned int flags, + krb5_db_entry *client, krb5_db_entry *server, + krb5_db_entry *krbtgt, krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); + typedef struct _krb5_authdata_systems { const char *name; #define AUTHDATA_SYSTEM_UNKNOWN -1 @@ -109,6 +128,7 @@ #define AUTHDATA_SYSTEM_V2 2 int type; #define AUTHDATA_FLAG_CRITICAL 0x1 +#define AUTHDATA_FLAG_PRE_PLUGIN 0x2 int flags; void *plugin_context; init_proc init; @@ -120,10 +140,46 @@ } krb5_authdata_systems; static krb5_authdata_systems static_authdata_systems[] = { - { "tgs_req", AUTHDATA_SYSTEM_V2, AUTHDATA_FLAG_CRITICAL, - NULL, NULL, NULL, { handle_request_authdata } }, - { "tgt", AUTHDATA_SYSTEM_V2, AUTHDATA_FLAG_CRITICAL, - NULL, NULL, NULL, { handle_tgt_authdata } }, + { + /* Propagate client-submitted authdata */ + "tgs_req", + AUTHDATA_SYSTEM_V2, + AUTHDATA_FLAG_CRITICAL | AUTHDATA_FLAG_PRE_PLUGIN, + NULL, + NULL, + NULL, + { handle_request_authdata } + }, + { + /* Propagate TGT authdata */ + "tgt", + AUTHDATA_SYSTEM_V2, + AUTHDATA_FLAG_CRITICAL, + NULL, + NULL, + NULL, + { handle_tgt_authdata } + }, + { + /* Verify and issue KDB issued authdata */ + "kdb", + AUTHDATA_SYSTEM_V2, + AUTHDATA_FLAG_CRITICAL, + NULL, + NULL, + NULL, + { handle_kdb_authdata } + }, + { + /* Verify and issue signed delegation path */ + "signedpath", + AUTHDATA_SYSTEM_V2, + AUTHDATA_FLAG_CRITICAL, + NULL, + NULL, + NULL, + { handle_signedpath_authdata } + } }; static krb5_authdata_systems *authdata_systems; @@ -204,6 +260,19 @@ k = 0; + /* + * Special case to ensure that handle_request_authdata is + * first in the list, to make unenc_authdata available to + * plugins. + */ + for (i = 0; i < (sizeof(static_authdata_systems) / + sizeof(static_authdata_systems[0])); i++) { + if ((static_authdata_systems[i].flags & AUTHDATA_FLAG_PRE_PLUGIN) == 0) + continue; + assert(static_authdata_systems[i].init == NULL); + authdata_systems[k++] = static_authdata_systems[i]; + } + /* Add dynamically loaded V2 plugins */ if (authdata_plugins_ftables_v2 != NULL) { struct krb5plugin_authdata_server_ftable_v2 *ftable; @@ -280,20 +349,13 @@ } } - /* Add the locally-supplied mechanisms to the dynamic list first. */ for (i = 0; i < sizeof(static_authdata_systems) / sizeof(static_authdata_systems[0]); i++) { - authdata_systems[k] = static_authdata_systems[i]; - /* Try to initialize the authdata system. If it fails, we'll remove it - * from the list of systems we'll be using. */ - server_init_proc = static_authdata_systems[i].init; - if ((server_init_proc != NULL) && - ((*server_init_proc)(context, &authdata_systems[k].plugin_context) != 0)) { - memset(&authdata_systems[k], 0, sizeof(authdata_systems[k])); + if (static_authdata_systems[i].flags & AUTHDATA_FLAG_PRE_PLUGIN) continue; - } - k++; + assert(static_authdata_systems[i].init == NULL); + authdata_systems[k++] = static_authdata_systems[i]; } n_authdata_systems = k; @@ -331,12 +393,106 @@ return 0; } -/* Merge authdata. If copy == 0, in_authdata is invalid on return */ +/* + * Returns TRUE if authdata should be filtered when copying from + * untrusted authdata. + */ +static krb5_boolean +is_kdc_issued_authdatum (krb5_context context, + krb5_authdata *authdata, + krb5_authdatatype desired_type) +{ + krb5_boolean ret = FALSE; + krb5_authdatatype ad_type; + unsigned int i, count = 0; + krb5_authdatatype *ad_types = NULL; + + if (authdata->ad_type == KRB5_AUTHDATA_IF_RELEVANT) { + if (krb5int_get_authdata_containee_types(context, + authdata, + &count, + &ad_types) != 0) + goto cleanup; + } else { + ad_type = authdata->ad_type; + count = 1; + ad_types = &ad_type; + } + + for (i = 0; i < count; i++) { + switch (ad_types[i]) { + case KRB5_AUTHDATA_SIGNTICKET: + case KRB5_AUTHDATA_KDC_ISSUED: + case KRB5_AUTHDATA_WIN2K_PAC: + ret = desired_type ? (desired_type == ad_types[i]) : TRUE; + break; + default: + ret = FALSE; + break; + } + if (ret) + break; + } + +cleanup: + if (authdata->ad_type == KRB5_AUTHDATA_IF_RELEVANT && + ad_types != NULL) + free(ad_types); + + return ret; +} + +static krb5_boolean +has_kdc_issued_authdata (krb5_context context, + krb5_authdata **authdata, + krb5_authdatatype desired_type) +{ + int i; + krb5_boolean ret = FALSE; + + if (authdata != NULL) { + for (i = 0; authdata[i] != NULL; i++) { + if (is_kdc_issued_authdatum(context, authdata[i], desired_type)) { + ret = TRUE; + break; + } + } + } + + return ret; +} + +static krb5_boolean +has_mandatory_for_kdc_authdata (krb5_context context, + krb5_authdata **authdata) +{ + int i; + krb5_boolean ret = FALSE; + + if (authdata != NULL) { + for (i = 0; authdata[i] != NULL; i++) { + if (authdata[0]->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC) { + ret = TRUE; + break; + } + } + } + + return ret; +} + +/* + * Merge authdata. + * + * If copy is FALSE, in_authdata is invalid on successful return. + * If ignore_kdc_issued is TRUE, KDC-issued authdata is not copied. + */ static krb5_error_code merge_authdata (krb5_context context, krb5_authdata **in_authdata, krb5_authdata ***out_authdata, - krb5_boolean copy) + krb5_boolean copy, + krb5_boolean ignore_kdc_issued) { size_t i, nadata = 0; krb5_authdata **authdata = *out_authdata; @@ -356,7 +512,7 @@ authdata = (krb5_authdata **)calloc(i + 1, sizeof(krb5_authdata *)); } else { authdata = (krb5_authdata **)realloc(authdata, - ((nadata + i + 1) * sizeof(krb5_authdata *))); + ((nadata + i + 1) * sizeof(krb5_authdata *))); } if (authdata == NULL) return ENOMEM; @@ -372,13 +528,24 @@ in_authdata = tmp; } - for (i = 0; in_authdata[i] != NULL; i++) - authdata[nadata + i] = in_authdata[i]; + for (i = 0; in_authdata[i] != NULL; i++) { + if (ignore_kdc_issued && + is_kdc_issued_authdatum(context, in_authdata[i], 0)) { + free(in_authdata[i]->contents); + free(in_authdata[i]); + } else + authdata[nadata + i] = in_authdata[i]; + } authdata[nadata + i] = NULL; free(in_authdata); + if (authdata[0] == NULL) { + free(authdata); + authdata = NULL; + } + *out_authdata = authdata; return 0; @@ -453,13 +620,19 @@ free(scratch.data); - code = merge_authdata(context, request->unenc_authdata, - &enc_tkt_reply->authorization_data, TRUE /* copy */); + if (has_mandatory_for_kdc_authdata(context, request->unenc_authdata)) + return KRB5KDC_ERR_POLICY; + code = merge_authdata(context, + request->unenc_authdata, + &enc_tkt_reply->authorization_data, + TRUE, /* copy */ + TRUE); /* ignore_kdc_issued */ + return code; } -/* Handle backend-managed authorization data */ +/* Handle copying TGT authorization data into reply */ static krb5_error_code handle_tgt_authdata (krb5_context context, unsigned int flags, @@ -475,6 +648,36 @@ krb5_enc_tkt_part *enc_tkt_request, krb5_enc_tkt_part *enc_tkt_reply) { + if (request->msg_type != KRB5_TGS_REQ) + return 0; + + if (has_mandatory_for_kdc_authdata(context, + enc_tkt_request->authorization_data)) + return KRB5KDC_ERR_POLICY; + + return merge_authdata(context, + enc_tkt_request->authorization_data, + &enc_tkt_reply->authorization_data, + TRUE, /* copy */ + TRUE); /* ignore_kdc_issued */ +} + +/* Handle backend-managed authorization data */ +static krb5_error_code +handle_kdb_authdata (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply) +{ krb5_error_code code; krb5_authdata **db_authdata = NULL; krb5_boolean tgs_req = (request->msg_type == KRB5_TGS_REQ); @@ -489,12 +692,6 @@ * or protocol transition/constrained delegation was used, or, in * the AS-REQ case, if the pre-auth data indicated the PAC should * be present. - * - * We permit sign_authorization_data() to return a krb5_db_entry - * representing the principal associated with the authorization - * data, in case that principal is not local to our realm and we - * need to perform additional checks (such as disabling delegation - * for cross-realm protocol transition below). */ if (tgs_req) { assert(enc_tkt_request != NULL); @@ -522,16 +719,6 @@ else actual_client = enc_tkt_reply->client; - /* - * If the backend does not implement the sign authdata method, then - * just copy the TGT authorization data into the reply, except for - * the constrained delegation case (which requires special handling - * because it will promote untrusted auth data to KDC issued auth - * data; this requires backend-specific code) - * - * Presently this interface does not support using request auth data - * to influence (eg. possibly restrict) the reply auth data. - */ code = sign_db_authdata(context, flags, actual_client, @@ -545,26 +732,16 @@ tgs_req ? enc_tkt_request->authorization_data : NULL, enc_tkt_reply->session, &db_authdata); - if (code == KRB5_KDB_DBTYPE_NOSUP) { - assert(db_authdata == NULL); - - if (isflagset(flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) - return KRB5KDC_ERR_POLICY; - - if (tgs_req) - return merge_authdata(context, enc_tkt_request->authorization_data, - &enc_tkt_reply->authorization_data, TRUE); - else - return 0; - } - - if (db_authdata != NULL) { - code = merge_authdata(context, db_authdata, + if (code == 0) { + code = merge_authdata(context, + db_authdata, &enc_tkt_reply->authorization_data, - FALSE); + FALSE, /* !copy */ + FALSE); /* !ignore_kdc_issued */ if (code != 0) krb5_free_authdata(context, db_authdata); - } + } else if (code == KRB5_KDB_DBTYPE_NOSUP) + code = 0; return code; } @@ -627,3 +804,392 @@ return code; } + +static krb5_error_code +make_ad_signedpath_data(krb5_context context, + krb5_const_principal client, + krb5_timestamp authtime, + krb5_principal *deleg_path, + krb5_pa_data **method_data, + krb5_authdata **authdata, + krb5_data **data) +{ + krb5_ad_signedpath_data sp_data; + krb5_authdata **sign_authdata = NULL; + int i, j; + krb5_error_code code; + + memset(&sp_data, 0, sizeof(sp_data)); + + if (authdata != NULL) { + for (i = 0; authdata[i] != NULL; i++) + ; + } else + i = 0; + + if (i != 0) { + sign_authdata = k5alloc((i + 1) * sizeof(krb5_authdata *), &code); + if (code != 0) + return code; + + for (i = 0, j = 0; authdata[i] != NULL; i++) { + if (is_kdc_issued_authdatum(context, authdata[i], + KRB5_AUTHDATA_SIGNTICKET)) + continue; + + sign_authdata[j++] = authdata[i]; + } + + sign_authdata[j] = NULL; + } + + sp_data.client = (krb5_principal)client; + sp_data.authtime = authtime; + sp_data.delegated = deleg_path; + sp_data.method_data = method_data; + sp_data.authorization_data = sign_authdata; + + code = encode_krb5_ad_signedpath_data(&sp_data, data); + + if (sign_authdata != NULL) + free(sign_authdata); + + return code; +} + +static krb5_error_code +verify_ad_signedpath_checksum(krb5_context context, + const krb5_db_entry *krbtgt, + krb5_keyblock *krbtgt_key, + krb5_enc_tkt_part *enc_tkt_part, + krb5_principal *deleg_path, + krb5_pa_data **method_data, + krb5_checksum *cksum, + krb5_boolean *valid) +{ + krb5_error_code code; + krb5_data *data; + + *valid = FALSE; + + if (!krb5_c_is_keyed_cksum(cksum->checksum_type)) + return KRB5KRB_AP_ERR_INAPP_CKSUM; + + code = make_ad_signedpath_data(context, + enc_tkt_part->client, + enc_tkt_part->times.authtime, + deleg_path, + method_data, + enc_tkt_part->authorization_data, + &data); + if (code != 0) + return code; + + code = krb5_c_verify_checksum(context, + krbtgt_key, + KRB5_KEYUSAGE_AD_SIGNEDPATH, + data, + cksum, + valid); + + krb5_free_data(context, data); + + if (code == 0 && *valid == FALSE) + code = KRB5KRB_AP_ERR_MODIFIED; + + return code; +} + + +static krb5_error_code +verify_ad_signedpath(krb5_context context, + krb5_db_entry *krbtgt, + krb5_keyblock *krbtgt_key, + krb5_enc_tkt_part *enc_tkt_part, + krb5_principal **pdelegated, + krb5_boolean *path_is_signed) +{ + krb5_error_code code; + krb5_ad_signedpath *sp = NULL; + krb5_authdata **sp_authdata = NULL; + krb5_data enc_sp; + + *pdelegated = NULL; + *path_is_signed = FALSE; + + code = krb5int_find_authdata(context, + enc_tkt_part->authorization_data, + NULL, + KRB5_AUTHDATA_SIGNTICKET, + &sp_authdata); + if (code != 0) + goto cleanup; + + if (sp_authdata == NULL || + sp_authdata[0]->ad_type != KRB5_AUTHDATA_SIGNTICKET || + sp_authdata[1] != NULL) + goto cleanup; + + enc_sp.data = (char *)sp_authdata[0]->contents; + enc_sp.length = sp_authdata[0]->length; + + code = decode_krb5_ad_signedpath(&enc_sp, &sp); + if (code != 0) + goto cleanup; + + code = verify_ad_signedpath_checksum(context, + krbtgt, + krbtgt_key, + enc_tkt_part, + sp->delegated, + sp->method_data, + &sp->checksum, + path_is_signed); + if (code != 0) + goto cleanup; + + *pdelegated = sp->delegated; + sp->delegated = NULL; + +cleanup: + krb5_free_ad_signedpath(context, sp); + krb5_free_authdata(context, sp_authdata); + + return code; +} + +static krb5_error_code +make_ad_signedpath_checksum(krb5_context context, + krb5_const_principal for_user_princ, + const krb5_db_entry *krbtgt, + krb5_keyblock *krbtgt_key, + krb5_enc_tkt_part *enc_tkt_part, + krb5_principal *deleg_path, + krb5_pa_data **method_data, + krb5_checksum *cksum) +{ + krb5_error_code code; + krb5_data *data; + krb5_cksumtype cksumtype; + krb5_const_principal client; + + if (for_user_princ != NULL) + client = for_user_princ; + else + client = enc_tkt_part->client; + + code = make_ad_signedpath_data(context, + client, + enc_tkt_part->times.authtime, + deleg_path, + method_data, + enc_tkt_part->authorization_data, + &data); + if (code != 0) + return code; + + code = krb5int_c_mandatory_cksumtype(context, + krbtgt_key->enctype, + &cksumtype); + if (code != 0) { + krb5_free_data(context, data); + return code; + } + + if (!krb5_c_is_keyed_cksum(cksumtype)) { + krb5_free_data(context, data); + return KRB5KRB_AP_ERR_INAPP_CKSUM; + } + + code = krb5_c_make_checksum(context, cksumtype, krbtgt_key, + KRB5_KEYUSAGE_AD_SIGNEDPATH, data, + cksum); + + krb5_free_data(context, data); + + return code; +} + +static krb5_error_code +make_ad_signedpath(krb5_context context, + krb5_const_principal for_user_princ, + krb5_principal server, + const krb5_db_entry *krbtgt, + krb5_keyblock *krbtgt_key, + krb5_principal *deleg_path, + krb5_enc_tkt_part *enc_tkt_reply) +{ + krb5_error_code code; + krb5_ad_signedpath sp; + int i; + krb5_data *data = NULL; + krb5_authdata ad_datum, *ad_data[2]; + krb5_authdata **if_relevant = NULL; + + memset(&sp, 0, sizeof(sp)); + + sp.enctype = krbtgt_key->enctype; + + if (deleg_path != NULL) { + for (i = 0; deleg_path[i] != NULL; i++) + ; + } else + i = 0; + + sp.delegated = k5alloc((i + (server ? 1 : 0) + 1) * + sizeof(krb5_principal), &code); + if (code != 0) + goto cleanup; + + /* Combine existing and new transited services, if any */ + if (deleg_path != NULL) + memcpy(sp.delegated, deleg_path, i * sizeof(krb5_principal)); + if (server != NULL) + sp.delegated[i++] = server; + sp.delegated[i] = NULL; + sp.method_data = NULL; + + code = make_ad_signedpath_checksum(context, + for_user_princ, + krbtgt, + krbtgt_key, + enc_tkt_reply, + sp.delegated, + sp.method_data, + &sp.checksum); + if (code != 0) { + if (code == KRB5KRB_AP_ERR_INAPP_CKSUM) { + /* + * In the hopefully unlikely case the TGS key enctype + * has an unkeyed mandatory checksum type, do not fail + * so we do not prevent the KDC from servicing requests. + */ + code = 0; + } + goto cleanup; + } + + code = encode_krb5_ad_signedpath(&sp, &data); + if (code != 0) + goto cleanup; + + ad_datum.ad_type = KRB5_AUTHDATA_SIGNTICKET; + ad_datum.contents = (krb5_octet *)data->data; + ad_datum.length = data->length; + + ad_data[0] = &ad_datum; + ad_data[1] = NULL; + + code = krb5_encode_authdata_container(context, + KRB5_AUTHDATA_IF_RELEVANT, + ad_data, + &if_relevant); + if (code != 0) + goto cleanup; + + code = merge_authdata(context, + if_relevant, + &enc_tkt_reply->authorization_data, + FALSE, /* !copy */ + FALSE); /* !ignore_kdc_issued */ + if (code != 0) + goto cleanup; + + if_relevant = NULL; /* merge_authdata() freed */ + +cleanup: + if (sp.delegated != NULL) + free(sp.delegated); + krb5_free_authdata(context, if_relevant); + krb5_free_data(context, data); + krb5_free_checksum_contents(context, &sp.checksum); + krb5_free_pa_data(context, sp.method_data); + + return code; +} + +static void +free_deleg_path(krb5_context context, krb5_principal *deleg_path) +{ + if (deleg_path != NULL) { + int i; + + for (i = 0; deleg_path[i] != NULL; i++) + krb5_free_principal(context, deleg_path[i]); + free(deleg_path); + } +} + +/* + * Returns TRUE if the Windows 2000 PAC is the only element in the + * supplied authorization data. + */ +static krb5_boolean +only_pac_p(krb5_context context, krb5_authdata **authdata) +{ + return has_kdc_issued_authdata(context, + authdata, KRB5_AUTHDATA_WIN2K_PAC) && + (authdata[1] == NULL); +} + +static krb5_error_code +handle_signedpath_authdata (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply) +{ + krb5_error_code code = 0; + krb5_principal *deleg_path = NULL; + krb5_boolean signed_path = FALSE; + krb5_boolean s4u2proxy; + + s4u2proxy = isflagset(flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION); + + /* + * The Windows PAC fulfils the same role as the signed path + * if it is the only authorization data element. + */ + if (request->msg_type == KRB5_TGS_REQ && + !only_pac_p(context, enc_tkt_request->authorization_data)) { + code = verify_ad_signedpath(context, + krbtgt, + krbtgt_key, + enc_tkt_request, + &deleg_path, + &signed_path); + if (code != 0) + goto cleanup; + + if (s4u2proxy && signed_path == FALSE) { + code = KRB5KDC_ERR_BADOPTION; + goto cleanup; + } + } + + if (!isflagset(flags, KRB5_KDB_FLAG_CROSS_REALM) && + !only_pac_p(context, enc_tkt_reply->authorization_data)) { + code = make_ad_signedpath(context, + for_user_princ, + s4u2proxy ? client->princ : NULL, + krbtgt, + krbtgt_key, + deleg_path, + enc_tkt_reply); + if (code != 0) + goto cleanup; + } + +cleanup: + free_deleg_path(context, deleg_path); + + return code; +} Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -1007,6 +1007,45 @@ return retval; } +static asn1_error_code asn1_peek_authdata_elt(asn1buf *buf, krb5_authdatatype *val) +{ + setup(); + *val = 0; + { begin_structure(); + get_field(*val, 0, asn1_decode_authdatatype); + end_structure(); + } + return 0; +error_out: + return retval; +} + +asn1_error_code asn1_peek_authorization_data +(asn1buf *buf, unsigned int *num, krb5_authdatatype **val) +{ + int size = 0; + krb5_authdatatype *array = NULL, *new_array; + + asn1_error_code retval; + { sequence_of(buf); + while (asn1buf_remains(&seqbuf,seqofindef) > 0) { + size++; + new_array = realloc(array,size*sizeof(krb5_authdatatype)); + if (new_array == NULL) clean_return(ENOMEM); + array = new_array; + retval = asn1_peek_authdata_elt(&seqbuf,&array[size-1]); + if (retval) clean_return(retval); + } + end_sequence_of(buf); + } + *num = size; + *val = array; + return 0; +error_out: + free(array); + return retval; +} + asn1_error_code asn1_decode_authdata_elt_ptr(asn1buf *buf, krb5_authdata **valptr) { @@ -1812,6 +1851,51 @@ return retval; } +static asn1_error_code asn1_decode_princ_plus_realm +(asn1buf *buf, krb5_principal *valptr) +{ + setup(); + alloc_principal((*valptr)); + { begin_structure(); + get_field((*valptr), 0, asn1_decode_principal_name); + get_field((*valptr), 1, asn1_decode_realm); + end_structure(); + } + return 0; +error_out: + krb5_free_principal(NULL, *valptr); + *valptr = NULL; + return retval; +} + +static asn1_error_code asn1_decode_sequence_of_princ_plus_realm +(asn1buf *buf, krb5_principal **val) +{ + decode_array_body(krb5_principal_data,asn1_decode_princ_plus_realm,krb5_free_principal); +} + +asn1_error_code asn1_decode_ad_signedpath +(asn1buf *buf, krb5_ad_signedpath *val) +{ + setup(); + val->enctype = ENCTYPE_NULL; + val->checksum.contents = NULL; + val->delegated = NULL; + { + begin_structure(); + get_field(val->enctype, 0, asn1_decode_enctype); + get_field(val->checksum, 1, asn1_decode_checksum); + opt_field(val->delegated, 2, asn1_decode_sequence_of_princ_plus_realm, + NULL); + opt_field(val->method_data, 3, asn1_decode_sequence_of_pa_data, NULL); + end_structure(); + } + return 0; +error_out: + krb5_free_checksum_contents(NULL, &val->checksum); + return retval; +} + #ifndef DISABLE_PKINIT /* PKINIT */ Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2009-11-14 04:46:30 UTC (rev 23160) @@ -134,6 +134,9 @@ asn1_error_code asn1_decode_authdata_elt(asn1buf *buf, krb5_authdata *val); asn1_error_code asn1_decode_authdata_elt_ptr(asn1buf *buf, krb5_authdata **valptr); +asn1_error_code asn1_peek_authorization_data(asn1buf *buf, + unsigned int *num, + krb5_authdatatype **val); asn1_error_code asn1_decode_krb_cred_info(asn1buf *buf, krb5_cred_info *val); asn1_error_code asn1_decode_krb_cred_info_ptr(asn1buf *buf, krb5_cred_info **valptr); @@ -265,4 +268,7 @@ asn1_error_code asn1_decode_ad_kdcissued_ptr(asn1buf *buf, krb5_ad_kdcissued **val); +asn1_error_code asn1_decode_ad_signedpath(asn1buf *buf, + krb5_ad_signedpath *val); + #endif Modified: trunk/src/lib/krb5/asn.1/asn1_k_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -97,7 +97,6 @@ FIELDOF_NORM(krb5_principal_data, gstring_data, realm, -1)); DEFPTRTYPE(realm_of_principal, realm_of_principal_data); - static const struct field_info princname_fields[] = { FIELDOF_NORM(krb5_principal_data, int32, type, 0), FIELDOF_SEQOF_INT32(krb5_principal_data, gstring_data_ptr, data, length, 1), @@ -1331,8 +1330,60 @@ DEFSEQTYPE(ad_kdc_issued, krb5_ad_kdcissued, ad_kdcissued_fields, ad_kdcissued_optional); +static const struct field_info princ_plus_realm_fields[] = { + FIELDOF_ENCODEAS(krb5_principal_data, principal_data, 0), + FIELDOF_ENCODEAS(krb5_principal_data, realm_of_principal_data, 1), +}; +DEFSEQTYPE(princ_plus_realm_data, krb5_principal_data, princ_plus_realm_fields, 0); +DEFPTRTYPE(princ_plus_realm, princ_plus_realm_data); +DEFNULLTERMSEQOFTYPE(seq_of_princ_plus_realm, princ_plus_realm); +DEFPTRTYPE(ptr_seq_of_princ_plus_realm, seq_of_princ_plus_realm); + +static const struct field_info ad_signedpath_data_fields[] = { + FIELDOF_NORM(krb5_ad_signedpath_data, princ_plus_realm, client, 0), + FIELDOF_NORM(krb5_ad_signedpath_data, kerberos_time, authtime, 1), + FIELDOF_OPT(krb5_ad_signedpath_data, ptr_seq_of_princ_plus_realm, delegated, 2, 2), + FIELDOF_OPT(krb5_ad_signedpath_data, ptr_seqof_pa_data, method_data, 3, 3), + FIELDOF_OPT(krb5_ad_signedpath_data, auth_data_ptr, authorization_data, 4, 4), +}; + +static unsigned int ad_signedpath_data_optional(const void *p) +{ + unsigned int optional = 0; + const krb5_ad_signedpath_data *val = p; + if (val->delegated && val->delegated[0]) + optional |= (1u << 2); + if (val->method_data && val->method_data[0]) + optional |= (1u << 3); + if (val->authorization_data && val->authorization_data[0]) + optional |= (1u << 4); + return optional; +} + +DEFSEQTYPE(ad_signedpath_data, krb5_ad_signedpath_data, ad_signedpath_data_fields, ad_signedpath_data_optional); + +static const struct field_info ad_signedpath_fields[] = { + FIELDOF_NORM(krb5_ad_signedpath, int32, enctype, 0), + FIELDOF_NORM(krb5_ad_signedpath, checksum, checksum, 1), + FIELDOF_OPT(krb5_ad_signedpath, ptr_seq_of_princ_plus_realm, delegated, 2, 2), + FIELDOF_OPT(krb5_ad_signedpath, ptr_seqof_pa_data, method_data, 3, 3), +}; + +static unsigned int ad_signedpath_optional(const void *p) +{ + unsigned int optional = 0; + const krb5_ad_signedpath *val = p; + if (val->delegated && val->delegated[0]) + optional |= (1u << 2); + if (val->method_data && val->method_data[0]) + optional |= (1u << 3); + return optional; +} + +DEFSEQTYPE(ad_signedpath, krb5_ad_signedpath, ad_signedpath_fields, ad_signedpath_optional); + /* Exported complete encoders -- these produce a krb5_data with the encoding in the correct byte order. */ @@ -1407,6 +1458,8 @@ MAKE_FULL_ENCODER(encode_krb5_fast_response, fast_response); MAKE_FULL_ENCODER(encode_krb5_ad_kdcissued, ad_kdc_issued); +MAKE_FULL_ENCODER(encode_krb5_ad_signedpath_data, ad_signedpath_data); +MAKE_FULL_ENCODER(encode_krb5_ad_signedpath, ad_signedpath); Modified: trunk/src/lib/krb5/asn.1/krb5_decode.c =================================================================== --- trunk/src/lib/krb5/asn.1/krb5_decode.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/lib/krb5/asn.1/krb5_decode.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -1192,6 +1192,42 @@ cleanup(free); } +krb5_error_code decode_krb5_ad_signedpath +(const krb5_data *code, krb5_ad_signedpath **repptr) +{ + setup_buf_only(krb5_ad_signedpath *); + alloc_field(rep); + + retval = asn1_decode_ad_signedpath(&buf, rep); + if (retval) clean_return(retval); + + cleanup(free); +} + +krb5_error_code +krb5int_get_authdata_containee_types(krb5_context context, + const krb5_authdata *authdata, + unsigned int *num, + krb5_authdatatype **repptr) +{ + krb5_data data, *code = &data; + + data.data = (char *)authdata->contents; + data.length = authdata->length; + + *num = 0; + + { + setup_buf_only(krb5_authdatatype *); + + retval = asn1_peek_authorization_data(&buf, num, &rep); + if (retval) clean_return(retval); + + cleanup_none(); + } + assert(0); /* NOTREACHED */ +} + #ifndef DISABLE_PKINIT krb5_error_code decode_krb5_pa_pk_as_req(const krb5_data *code, krb5_pa_pk_as_req **repptr) Modified: trunk/src/lib/krb5/krb/copy_auth.c =================================================================== --- trunk/src/lib/krb5/krb/copy_auth.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/lib/krb5/krb/copy_auth.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -223,34 +223,47 @@ static krb5_error_code find_authdata_1(krb5_context context, krb5_authdata *const *in_authdat, - krb5_authdatatype ad_type, struct find_authdata_context *fctx) + krb5_authdatatype ad_type, struct find_authdata_context *fctx, + int from_ap_req) { int i = 0; - krb5_error_code retval=0; + krb5_error_code retval = 0; for (i = 0; in_authdat[i]; i++) { krb5_authdata *ad = in_authdat[i]; - if (ad->ad_type == ad_type && retval ==0) - retval = grow_find_authdata(context, fctx, ad); - else switch (ad->ad_type) { - krb5_authdata **decoded_container; - case KRB5_AUTHDATA_IF_RELEVANT: - if (retval == 0) - retval = krb5_decode_authdata_container( context, ad->ad_type, ad, &decoded_container); - if (retval == 0) { - retval = find_authdata_1(context, - decoded_container, ad_type, fctx); - krb5_free_authdata(context, decoded_container); - } - break; - default: - break; + krb5_authdata **decoded_container; + + switch (ad->ad_type) { + case KRB5_AUTHDATA_IF_RELEVANT: + if (retval == 0) + retval = krb5_decode_authdata_container(context, + ad->ad_type, + ad, + &decoded_container); + if (retval == 0) { + retval = find_authdata_1(context, + decoded_container, + ad_type, + fctx, + from_ap_req); + krb5_free_authdata(context, decoded_container); } + break; + case KRB5_AUTHDATA_SIGNTICKET: + case KRB5_AUTHDATA_KDC_ISSUED: + case KRB5_AUTHDATA_WIN2K_PAC: + if (from_ap_req) + continue; + default: + if (ad->ad_type == ad_type && retval == 0) + retval = grow_find_authdata(context, fctx, ad); + break; + } } + return retval; } - krb5_error_code krb5int_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata, @@ -266,9 +279,9 @@ if (fctx.out == NULL) return ENOMEM; if (ticket_authdata) - retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx); + retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx, 0); if ((retval==0) && ap_req_authdata) - retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx); + retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx, 1); if ((retval== 0) && fctx.length) *results = fctx.out; else krb5_free_authdata(context, fctx.out); @@ -300,6 +313,9 @@ if (code != 0) return code; + if (!krb5_c_is_keyed_cksum(cksumtype)) + return KRB5KRB_AP_ERR_INAPP_CKSUM; + code = encode_krb5_authdata(ad_kdci.elements, &data); if (code != 0) return code; @@ -361,6 +377,11 @@ if (code != 0) return code; + if (!krb5_c_is_keyed_cksum(ad_kdci->ad_checksum.checksum_type)) { + krb5_free_ad_kdcissued(context, ad_kdci); + return KRB5KRB_AP_ERR_INAPP_CKSUM; + } + code = encode_krb5_authdata(ad_kdci->elements, &data2); if (code != 0) { krb5_free_ad_kdcissued(context, ad_kdci); Modified: trunk/src/lib/krb5/krb/kfree.c =================================================================== --- trunk/src/lib/krb5/krb/kfree.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/lib/krb5/krb/kfree.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -909,3 +909,20 @@ krb5_free_authdata(context, val->elements); free(val); } + +void KRB5_CALLCONV +krb5_free_ad_signedpath(krb5_context context, krb5_ad_signedpath *val) +{ + int i; + + if (val == NULL) + return; + + krb5_free_checksum_contents(context, &val->checksum); + if (val->delegated != NULL) { + for (i = 0; val->delegated[i] != NULL; i++) + krb5_free_principal(context, val->delegated[i]); + free(val->delegated); + } + krb5_free_pa_data(context, val->method_data); +} Modified: trunk/src/lib/krb5/libkrb5.exports =================================================================== --- trunk/src/lib/krb5/libkrb5.exports 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/lib/krb5/libkrb5.exports 2009-11-14 04:46:30 UTC (rev 23160) @@ -1,5 +1,6 @@ _krb5_conf_boolean decode_krb5_ad_kdcissued +decode_krb5_ad_signedpath decode_krb5_alt_method decode_krb5_ap_rep decode_krb5_ap_rep_enc_part @@ -42,6 +43,8 @@ decode_krb5_ticket decode_krb5_typed_data encode_krb5_ad_kdcissued +encode_krb5_ad_signedpath_data +encode_krb5_ad_signedpath encode_krb5_alt_method encode_krb5_ap_rep encode_krb5_ap_rep_enc_part @@ -220,6 +223,7 @@ krb5_fcc_ops krb5_find_serializer krb5_free_ad_kdcissued +krb5_free_ad_signedpath krb5_free_address krb5_free_addresses krb5_free_alt_method @@ -554,6 +558,7 @@ krb5int_foreach_localaddr krb5int_free_addrlist krb5int_free_data_list +krb5int_get_authdata_containee_types krb5int_get_domain_realm_mapping krb5int_init_context_kdc krb5int_initialize_library Modified: trunk/src/plugins/authdata/greet_server/greet_auth.c =================================================================== --- trunk/src/plugins/authdata/greet_server/greet_auth.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/plugins/authdata/greet_server/greet_auth.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -69,7 +69,7 @@ NULL, KRB5_AUTHDATA_KDC_ISSUED, &tgt_authdata); - if (code != 0) + if (code != 0 || tgt_authdata == NULL) return 0; code = krb5_verify_authdata_kdc_issued(context, @@ -113,6 +113,7 @@ krb5_error_code code; krb5_authdata ad_datum, *ad_data[2], **kdc_issued = NULL; krb5_authdata **if_relevant = NULL; + krb5_authdata **tkt_authdata; ad_datum.ad_type = -42; ad_datum.contents = (krb5_octet *)greeting->data; @@ -138,13 +139,20 @@ return code; } - /* this isn't very friendly to other plugins... */ - krb5_free_authdata(context, enc_tkt_reply->authorization_data); - enc_tkt_reply->authorization_data = if_relevant; + code = krb5_merge_authdata(context, + if_relevant, + enc_tkt_reply->authorization_data, + &tkt_authdata); + if (code == 0) { + krb5_free_authdata(context, enc_tkt_reply->authorization_data); + enc_tkt_reply->authorization_data = tkt_authdata; + } else { + krb5_free_authdata(context, if_relevant); + } krb5_free_authdata(context, kdc_issued); - return 0; + return code; } static krb5_error_code @@ -165,17 +173,12 @@ krb5_error_code code; krb5_data *greeting = NULL; - if (request->msg_type == KRB5_TGS_REQ) { - code = greet_kdc_verify(context, enc_tkt_request, &greeting); - if (code != 0) - return code; - } + if (request->msg_type != KRB5_TGS_REQ) + return 0; - if (greeting == NULL) { - code = greet_hello(context, &greeting); - if (code != 0) - return code; - } + code = greet_hello(context, &greeting); + if (code != 0) + return code; code = greet_kdc_sign(context, enc_tkt_reply, tgs->princ, greeting); Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -75,6 +75,40 @@ return code; } +static krb5_error_code +krb5_ldap_check_allowed_to_delegate(krb5_context context, + unsigned int method, + const krb5_data *request, + krb5_data *response) +{ + const kdb_check_allowed_to_delegate_req *req; + krb5_error_code code; + krb5_tl_data *tlp; + + req = (const kdb_check_allowed_to_delegate_req *)request->data; + + code = KRB5KDC_ERR_POLICY; + + for (tlp = req->server->tl_data; tlp != NULL; tlp = tlp->tl_data_next) { + krb5_principal acl; + + if (tlp->tl_data_type != KRB5_TL_CONSTRAINED_DELEGATION_ACL) + continue; + + if (krb5_parse_name(context, (char *)tlp->tl_data_contents, &acl) != 0) + continue; + + if (krb5_principal_compare(context, req->proxy, acl)) { + code = 0; + krb5_free_principal(context, acl); + break; + } + krb5_free_principal(context, acl); + } + + return code; +} + krb5_error_code krb5_ldap_invoke(krb5_context context, unsigned int method, @@ -90,6 +124,9 @@ case KRB5_KDB_METHOD_AUDIT_AS: code = krb5_ldap_audit_as(context, method, req, rep); break; + case KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE: + code = krb5_ldap_check_allowed_to_delegate(context, method, req, rep); + break; default: break; } Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif 2009-11-14 04:46:30 UTC (rev 23160) @@ -662,6 +662,15 @@ EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) +##### A list of services to which a service principal can delegate. +dn: cn=schema +changetype: modify +add: attributetypes +attributetype: ( 1.3.6.1.4.1.5322.21.2.4 + NAME 'krbAllowedToDelegateTo' + EQUALITY caseExactIA5Match + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) ######################################################################## ######################################################################## @@ -745,7 +754,7 @@ objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' AUXILIARY - MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData ) ) + MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbAllowedToDelegateTo ) ) ###### This class is used to create additional principals and stand alone principals. Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema 2009-11-14 04:46:30 UTC (rev 23160) @@ -533,6 +533,13 @@ EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12) +##### A list of services to which a service principal can delegate. +attributetype ( 1.3.6.1.4.1.5322.21.2.4 + NAME 'krbAllowedToDelegateTo' + EQUALITY caseExactIA5Match + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + ######################################################################## ######################################################################## # Object Class Definitions # @@ -602,7 +609,7 @@ NAME 'krbPrincipalAux' SUP top AUXILIARY - MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData ) ) + MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbAllowedToDelegateTo ) ) ###### This class is used to create additional principals and stand alone principals. Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -2085,6 +2085,43 @@ } } + /* ALLOWED TO DELEGATE TO */ + { + char **a2d2 = NULL; + int i; + krb5_tl_data **tlp; + + st = krb5_ldap_get_strings(ld, ent, "krbAllowedToDelegateTo", + &a2d2, &attr_present); + if (st != 0) + goto cleanup; + + if (attr_present == TRUE) { + for (tlp = &entry->tl_data; *tlp; tlp = &(*tlp)->tl_data_next) + ; + for (i = 0; a2d2[i] != NULL; i++) { + krb5_tl_data *tl = k5alloc(sizeof(*tl), &st); + if (st != 0) { + ldap_value_free(a2d2); + goto cleanup; + } + tl->tl_data_type = KRB5_TL_CONSTRAINED_DELEGATION_ACL; + tl->tl_data_length = strlen(a2d2[i]); + tl->tl_data_contents = (krb5_octet *)strdup(a2d2[i]); + if (tl->tl_data_contents == NULL) { + st = ENOMEM; + ldap_value_free(a2d2); + free(tl); + goto cleanup; + } + tl->tl_data_next = NULL; + *tlp = tl; + tlp = &tl->tl_data_next; + } + ldap_value_free(a2d2); + } + } + /* KRBOBJECTREFERENCES */ { int i=0; Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -61,6 +61,7 @@ "krbLastPwdChange", "krbExtraData", "krbObjectReferences", + "krbAllowedToDelegateTo", NULL }; /* Must match KDB_*_ATTR macros in ldap_principal.h. */ Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -1082,7 +1082,8 @@ || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA - || ptr->tl_data_type == KDB_TL_USER_INFO) + || ptr->tl_data_type == KDB_TL_USER_INFO + || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL) continue; count++; } @@ -1102,7 +1103,8 @@ || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA - || ptr->tl_data_type == KDB_TL_USER_INFO) + || ptr->tl_data_type == KDB_TL_USER_INFO + || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL) continue; if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0) break; Modified: trunk/src/tests/asn.1/krb5_decode_leak.c =================================================================== --- trunk/src/tests/asn.1/krb5_decode_leak.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/tests/asn.1/krb5_decode_leak.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -680,6 +680,30 @@ krb5_free_ad_kdcissued); ktest_empty_ad_kdcissued(&kdci); } +#if 0 + /****************************************************************/ + /* encode_krb5_ad_signedpath_data */ + { + krb5_ad_signedpath_data spd, *tmp; + setup(spd, "ad_signedpath_data", + ktest_make_sample_ad_signedpath_data); + leak_test(spd, encode_krb5_ad_signedpath_data, + decode_krb5_ad_signedpath_data, + NULL); + ktest_empty_ad_signedpath_data(&spd); + } +#endif + /****************************************************************/ + /* encode_krb5_ad_signedpath */ + { + krb5_ad_signedpath sp, *tmp; + setup(sp, "ad_signedpath", + ktest_make_sample_ad_signedpath); + leak_test(sp, encode_krb5_ad_signedpath, + decode_krb5_ad_signedpath, + krb5_free_ad_signedpath); + ktest_empty_ad_signedpath(&sp); + } krb5_free_context(test_context); return 0; } Modified: trunk/src/tests/asn.1/krb5_decode_test.c =================================================================== --- trunk/src/tests/asn.1/krb5_decode_test.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/tests/asn.1/krb5_decode_test.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -907,6 +907,14 @@ ktest_empty_ad_kdcissued(&ref); } + /****************************************************************/ + /* decode_ad_signedpath */ + { + setup(krb5_ad_signedpath,"krb5_ad_signedpath",ktest_make_sample_ad_signedpath); + decode_run("ad_signedpath","","30 3E A0 03 02 01 01 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61",decode_krb5_ad_signedpath,ktest_equal_ad_signedpath,krb5_free_ad_signedpath); + ktest_empty_ad_signedpath(&ref); + } + #ifdef ENABLE_LDAP /* ldap sequence_of_keys */ { Modified: trunk/src/tests/asn.1/krb5_encode_test.c =================================================================== --- trunk/src/tests/asn.1/krb5_encode_test.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/tests/asn.1/krb5_encode_test.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -717,6 +717,28 @@ encode_krb5_ad_kdcissued); ktest_empty_ad_kdcissued(&kdci); } + /****************************************************************/ + /* encode_krb5_ad_signedpath_data */ + { + krb5_ad_signedpath_data spd; + setup(spd,krb5_ad_signedpath_data,"ad_signedpath_data", + ktest_make_sample_ad_signedpath_data); + encode_run(spd,krb5_ad_signedpath_data, + "ad_signedpath_data","", + encode_krb5_ad_signedpath_data); + ktest_empty_ad_signedpath_data(&spd); + } + /****************************************************************/ + /* encode_krb5_ad_signedpath */ + { + krb5_ad_signedpath sp; + setup(sp,krb5_ad_signedpath,"ad_signedpath", + ktest_make_sample_ad_signedpath); + encode_run(sp,krb5_ad_signedpath, + "ad_signedpath","", + encode_krb5_ad_signedpath); + ktest_empty_ad_signedpath(&sp); + } #ifdef ENABLE_LDAP { ldap_seqof_key_data skd; Modified: trunk/src/tests/asn.1/ktest.c =================================================================== --- trunk/src/tests/asn.1/ktest.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/tests/asn.1/ktest.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -855,6 +855,42 @@ return retval; } +krb5_error_code ktest_make_sample_ad_signedpath_data(p) + krb5_ad_signedpath_data *p; +{ + krb5_error_code retval; + retval = ktest_make_sample_principal(&p->client); + if (retval) return retval; + p->authtime = SAMPLE_TIME; + p->delegated = k5alloc((2 * sizeof(krb5_principal)), &retval); + if (retval) return retval; + retval = ktest_make_sample_principal(&p->delegated[0]); + if (retval) return retval; + p->delegated[1] = NULL; + retval = ktest_make_sample_principal(&p->client); + if (retval) return retval; + retval = ktest_make_sample_authorization_data(&p->authorization_data); + if (retval) return retval; + retval = ktest_make_sample_pa_data_array(&p->method_data); + if (retval) return retval; + return retval; +} + +krb5_error_code ktest_make_sample_ad_signedpath(p) + krb5_ad_signedpath*p; +{ + krb5_error_code retval; + p->enctype = 1; + retval = ktest_make_sample_checksum(&p->checksum); + if (retval) return retval; + p->delegated = k5alloc((2 * sizeof(krb5_principal)), &retval); + if (retval) return retval; + p->delegated[1] = NULL; + retval = ktest_make_sample_pa_data_array(&p->method_data); + if (retval) return retval; + return retval; +} + #ifdef ENABLE_LDAP static krb5_error_code ktest_make_sample_key_data(krb5_key_data *p, int i) { @@ -1466,6 +1502,37 @@ ktest_destroy_authorization_data(&p->elements); } +void ktest_empty_ad_signedpath_data(p) + krb5_ad_signedpath_data *p; +{ + int i; + ktest_destroy_principal(&p->client); + if (p->delegated != NULL) { + for (i = 0; p->delegated[i] != NULL; i++) { + krb5_principal princ = p->delegated[i]; + ktest_destroy_principal(&princ); + } + free(p->delegated); + } + ktest_destroy_pa_data_array(&p->method_data); + ktest_destroy_authorization_data(&p->authorization_data); +} + +void ktest_empty_ad_signedpath(p) + krb5_ad_signedpath *p; +{ + int i; + if (p->checksum.contents) free(p->checksum.contents); + if (p->delegated != NULL) { + for (i = 0; p->delegated[i] != NULL; i++) { + krb5_principal princ = p->delegated[i]; + ktest_destroy_principal(&princ); + } + free(p->delegated); + } + ktest_destroy_pa_data_array(&p->method_data); +} + #ifdef ENABLE_LDAP void ktest_empty_ldap_seqof_key_data(ctx, p) krb5_context ctx; Modified: trunk/src/tests/asn.1/ktest.h =================================================================== --- trunk/src/tests/asn.1/ktest.h 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/tests/asn.1/ktest.h 2009-11-14 04:46:30 UTC (rev 23160) @@ -107,6 +107,8 @@ krb5_error_code ktest_make_sample_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p); krb5_error_code ktest_make_sample_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p); krb5_error_code ktest_make_sample_ad_kdcissued(krb5_ad_kdcissued *p); +krb5_error_code ktest_make_sample_ad_signedpath_data(krb5_ad_signedpath_data *p); +krb5_error_code ktest_make_sample_ad_signedpath(krb5_ad_signedpath *p); #ifdef ENABLE_LDAP krb5_error_code ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data * p); @@ -217,6 +219,8 @@ void ktest_empty_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p); void ktest_empty_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p); void ktest_empty_ad_kdcissued(krb5_ad_kdcissued *p); +void ktest_empty_ad_signedpath_data(krb5_ad_signedpath_data *p); +void ktest_empty_ad_signedpath(krb5_ad_signedpath *p); #ifdef ENABLE_LDAP void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p); Modified: trunk/src/tests/asn.1/ktest_equal.c =================================================================== --- trunk/src/tests/asn.1/ktest_equal.c 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/tests/asn.1/ktest_equal.c 2009-11-14 04:46:30 UTC (rev 23160) @@ -570,6 +570,35 @@ return p; } +int ktest_equal_ad_signedpath_data(ref, var) + krb5_ad_signedpath_data *ref; + krb5_ad_signedpath_data *var; +{ + int p = TRUE; + if (ref == var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&ptr_equal(client,ktest_equal_principal_data); + p=p&&scalar_equal(authtime); + p=p&&ptr_equal(delegated,ktest_equal_sequence_of_principal); + p=p&&ptr_equal(method_data,ktest_equal_sequence_of_pa_data); + p=p&&ptr_equal(authorization_data,ktest_equal_authorization_data); + return p; +} + +int ktest_equal_ad_signedpath(ref, var) + krb5_ad_signedpath* ref; + krb5_ad_signedpath* var; +{ + int p = TRUE; + if (ref == var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(enctype); + p=p&&struct_equal(checksum,ktest_equal_checksum); + p=p&&ptr_equal(delegated,ktest_equal_sequence_of_principal); + p=p&&ptr_equal(method_data,ktest_equal_sequence_of_pa_data); + return p; +} + #ifdef ENABLE_LDAP static int equal_key_data(ref, var) krb5_key_data *ref; @@ -721,6 +750,13 @@ array_compare(ktest_equal_cred_info); } +int ktest_equal_sequence_of_principal(ref, var) + krb5_principal * ref; + krb5_principal * var; +{ + array_compare(ktest_equal_principal_data); +} + int ktest_equal_array_of_passwd_phrase_element(ref, var) passwd_phrase_element ** ref; passwd_phrase_element ** var; Modified: trunk/src/tests/asn.1/ktest_equal.h =================================================================== --- trunk/src/tests/asn.1/ktest_equal.h 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/tests/asn.1/ktest_equal.h 2009-11-14 04:46:30 UTC (rev 23160) @@ -69,6 +69,8 @@ (krb5_pa_data **ref, krb5_pa_data **var); int ktest_equal_sequence_of_cred_info (krb5_cred_info **ref, krb5_cred_info **var); +int ktest_equal_sequence_of_principal + (krb5_principal *ref, krb5_principal *var); len_array(ktest_equal_array_of_enctype,krb5_enctype); len_array(ktest_equal_array_of_data,krb5_data); @@ -98,6 +100,12 @@ int ktest_equal_ad_kdcissued (krb5_ad_kdcissued *ref, krb5_ad_kdcissued *var); +int ktest_equal_ad_signedpath_data + (krb5_ad_signedpath_data *ref, + krb5_ad_signedpath_data *var); +int ktest_equal_ad_signedpath + (krb5_ad_signedpath *ref, + krb5_ad_signedpath *var); int ktest_equal_ldap_sequence_of_keys(ldap_seqof_key_data *ref, ldap_seqof_key_data *var); Modified: trunk/src/tests/asn.1/reference_encode.out =================================================================== --- trunk/src/tests/asn.1/reference_encode.out 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/tests/asn.1/reference_encode.out 2009-11-14 04:46:30 UTC (rev 23160) @@ -58,3 +58,5 @@ encode_krb5_enc_sam_response_enc_2: 30 1F A0 03 02 01 58 A1 18 04 16 65 6E 63 5F 73 61 6D 5F 72 65 73 70 6F 6E 73 65 5F 65 6E 63 5F 32 encode_krb5_pa_s4u_x509_user: 30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 encode_krb5_ad_kdcissued: 30 65 A0 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 +encode_krb5_ad_signedpath_data: 30 81 C7 A0 30 30 2E A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 32 30 30 30 2E A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 +encode_krb5_ad_signedpath: 30 3E A0 03 02 01 01 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 Modified: trunk/src/tests/asn.1/trval_reference.out =================================================================== --- trunk/src/tests/asn.1/trval_reference.out 2009-11-14 01:08:10 UTC (rev 23159) +++ trunk/src/tests/asn.1/trval_reference.out 2009-11-14 04:46:30 UTC (rev 23160) @@ -1283,3 +1283,52 @@ . . . [0] [Integer] 1 . . . [1] [Octet String] "foobar" +encode_krb5_ad_signedpath_data: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Sequence/Sequence Of] +. . . . [General string] "hftsai" +. . . . [General string] "extra" +. . [1] [General string] "ATHENA.MIT.EDU" +. [1] [Generalized Time] "19940610060317Z" +. [2] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [0] [Sequence/Sequence Of] +. . . . [0] [Integer] 1 +. . . . [1] [Sequence/Sequence Of] +. . . . . [General string] "hftsai" +. . . . . [General string] "extra" +. . . [1] [General string] "ATHENA.MIT.EDU" +. [3] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [1] [Integer] 13 +. . . [2] [Octet String] "pa-data" +. . [Sequence/Sequence Of] +. . . [1] [Integer] 13 +. . . [2] [Octet String] "pa-data" +. [4] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Octet String] "foobar" +. . [Sequence/Sequence Of] +. . . [0] [Integer] 1 +. . . [1] [Octet String] "foobar" + +encode_krb5_ad_signedpath: + +[Sequence/Sequence Of] +. [0] [Integer] 1 +. [1] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Octet String] "1234" +. [3] [Sequence/Sequence Of] +. . [Sequence/Sequence Of] +. . . [1] [Integer] 13 +. . . [2] [Octet String] "pa-data" +. . [Sequence/Sequence Of] +. . . [1] [Integer] 13 +. . . [2] [Octet String] "pa-data" + From ghudson at MIT.EDU Sat Nov 14 10:24:56 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sat, 14 Nov 2009 10:24:56 -0500 Subject: svn rev #23163: trunk/src/include/ Message-ID: <200911141524.nAEFOuF2030959@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23163 Commit By: ghudson Log Message: Remove include/krb54proto.h as it is no longer used. Changed Files: D trunk/src/include/krb54proto.h From ghudson at MIT.EDU Sat Nov 14 13:56:43 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sat, 14 Nov 2009 13:56:43 -0500 Subject: svn rev #23180: trunk/src/ include/ include/kim/ include/krb5/ Message-ID: <200911141856.nAEIuhFB015612@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23180 Commit By: ghudson Log Message: Reindent include directory, reformatting prototypes as necessary. Exclude include/gssrpc due to its Sun origin and k5-platform.h due to macros too hairy for emacs c-mode to handle. Changed Files: U trunk/src/Makefile.in U trunk/src/include/CredentialsCache.h U trunk/src/include/CredentialsCache2.h U trunk/src/include/adm.h U trunk/src/include/adm_proto.h U trunk/src/include/cm.h U trunk/src/include/copyright.h U trunk/src/include/fake-addrinfo.h U trunk/src/include/foreachaddr.h U trunk/src/include/gssapi.h U trunk/src/include/iprop.h U trunk/src/include/iprop_hdr.h U trunk/src/include/k5-buf.h U trunk/src/include/k5-err.h U trunk/src/include/k5-gmt_mktime.h U trunk/src/include/k5-int-pkinit.h U trunk/src/include/k5-int.h U trunk/src/include/k5-ipc_stream.h U trunk/src/include/k5-platform.h U trunk/src/include/k5-plugin.h U trunk/src/include/k5-thread.h U trunk/src/include/k5-unicode.h U trunk/src/include/k5-utf8.h U trunk/src/include/k5-util.h U trunk/src/include/kdb.h U trunk/src/include/kdb_ext.h U trunk/src/include/kdb_kt.h U trunk/src/include/kdb_log.h U trunk/src/include/kim/kim.h U trunk/src/include/kim/kim_ccache.h U trunk/src/include/kim/kim_credential.h U trunk/src/include/kim/kim_identity.h U trunk/src/include/kim/kim_library.h U trunk/src/include/kim/kim_options.h U trunk/src/include/kim/kim_preferences.h U trunk/src/include/kim/kim_selection_hints.h U trunk/src/include/kim/kim_string.h U trunk/src/include/kim/kim_types.h U trunk/src/include/kim/kim_ui_plugin.h U trunk/src/include/krb5/authdata_plugin.h U trunk/src/include/krb5/krb5.hin U trunk/src/include/krb5/locate_plugin.h U trunk/src/include/krb5/preauth_plugin.h U trunk/src/include/krb5.h U trunk/src/include/osconf.hin U trunk/src/include/pkinit_apple_utils.h U trunk/src/include/pkinit_asn1.h U trunk/src/include/pkinit_cert_store.h U trunk/src/include/pkinit_client.h U trunk/src/include/pkinit_cms.h U trunk/src/include/port-sockets.h U trunk/src/include/socket-utils.h U trunk/src/include/spnego-asn1.h U trunk/src/include/win-mac.h Diff larger than 5000 lines; suppressing. From tlyu at MIT.EDU Sat Nov 14 14:24:39 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Sat, 14 Nov 2009 14:24:39 -0500 Subject: svn rev #23182: trunk/src/include/ Message-ID: <200911141924.nAEJOdVr017874@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23182 Commit By: tlyu Log Message: Fix typos in previous. Changed Files: U trunk/src/include/k5-int.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-14 19:12:04 UTC (rev 23181) +++ trunk/src/include/k5-int.h 2009-11-14 19:24:39 UTC (rev 23182) @@ -2277,7 +2277,7 @@ krb5_data **code); krb5_error_code - (*encode_krb5_reply_key_pack)(const krb5_reply_key_ + (*encode_krb5_reply_key_pack)(const krb5_reply_key_pack *, krb5_data **code); krb5_error_code @@ -2696,7 +2696,7 @@ krb5_keyblock *, krb5_kdc_req *, void *), - void *gcvt_data, krb5_response * + void *gcvt_data, krb5_response *, krb5_keyblock **subkey); /* The subkey field is an output parameter; if a * tgs-rep is received then the subkey will be filled From ghudson at MIT.EDU Sat Nov 14 19:19:36 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sat, 14 Nov 2009 19:19:36 -0500 Subject: svn rev #23185: trunk/src/ include/ Message-ID: <200911150019.nAF0Ja3u009158@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23185 Commit By: ghudson Log Message: Add an exception for include/iprop.h and revert its reformatting, since it was generated with rpcgen. Changed Files: U trunk/src/Makefile.in U trunk/src/include/iprop.h Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-11-14 20:34:14 UTC (rev 23184) +++ trunk/src/Makefile.in 2009-11-15 00:19:36 UTC (rev 23185) @@ -685,6 +685,7 @@ slave/kpropd_rpc.c OTHEREXCLUDES = \ + include/iprop.h \ include/k5-platform.h \ include/gssrpc \ lib/krb5/asn.1/asn1_decode.h \ Modified: trunk/src/include/iprop.h =================================================================== --- trunk/src/include/iprop.h 2009-11-14 20:34:14 UTC (rev 23184) +++ trunk/src/include/iprop.h 2009-11-15 00:19:36 UTC (rev 23185) @@ -1,4 +1,3 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Please do not edit this file. * It was generated using rpcgen. @@ -16,180 +15,180 @@ typedef struct { - u_int utf8str_t_len; - char *utf8str_t_val; + u_int utf8str_t_len; + char *utf8str_t_val; } utf8str_t; typedef uint32_t kdb_sno_t; struct kdbe_time_t { - uint32_t seconds; - uint32_t useconds; + uint32_t seconds; + uint32_t useconds; }; typedef struct kdbe_time_t kdbe_time_t; struct kdbe_key_t { - int32_t k_ver; - int32_t k_kvno; - struct { - u_int k_enctype_len; - int32_t *k_enctype_val; - } k_enctype; - struct { - u_int k_contents_len; - utf8str_t *k_contents_val; - } k_contents; + int32_t k_ver; + int32_t k_kvno; + struct { + u_int k_enctype_len; + int32_t *k_enctype_val; + } k_enctype; + struct { + u_int k_contents_len; + utf8str_t *k_contents_val; + } k_contents; }; typedef struct kdbe_key_t kdbe_key_t; struct kdbe_data_t { - int32_t k_magic; - utf8str_t k_data; + int32_t k_magic; + utf8str_t k_data; }; typedef struct kdbe_data_t kdbe_data_t; struct kdbe_princ_t { - utf8str_t k_realm; - struct { - u_int k_components_len; - kdbe_data_t *k_components_val; - } k_components; - int32_t k_nametype; + utf8str_t k_realm; + struct { + u_int k_components_len; + kdbe_data_t *k_components_val; + } k_components; + int32_t k_nametype; }; typedef struct kdbe_princ_t kdbe_princ_t; struct kdbe_tl_t { - int16_t tl_type; - struct { - u_int tl_data_len; - char *tl_data_val; - } tl_data; + int16_t tl_type; + struct { + u_int tl_data_len; + char *tl_data_val; + } tl_data; }; typedef struct kdbe_tl_t kdbe_tl_t; typedef struct { - u_int kdbe_pw_hist_t_len; - kdbe_key_t *kdbe_pw_hist_t_val; + u_int kdbe_pw_hist_t_len; + kdbe_key_t *kdbe_pw_hist_t_val; } kdbe_pw_hist_t; enum kdbe_attr_type_t { - AT_ATTRFLAGS = 0, - AT_MAX_LIFE = 1, - AT_MAX_RENEW_LIFE = 2, - AT_EXP = 3, - AT_PW_EXP = 4, - AT_LAST_SUCCESS = 5, - AT_LAST_FAILED = 6, - AT_FAIL_AUTH_COUNT = 7, - AT_PRINC = 8, - AT_KEYDATA = 9, - AT_TL_DATA = 10, - AT_LEN = 11, - AT_MOD_PRINC = 12, - AT_MOD_TIME = 13, - AT_MOD_WHERE = 14, - AT_PW_LAST_CHANGE = 15, - AT_PW_POLICY = 16, - AT_PW_POLICY_SWITCH = 17, - AT_PW_HIST_KVNO = 18, - AT_PW_HIST = 19, + AT_ATTRFLAGS = 0, + AT_MAX_LIFE = 1, + AT_MAX_RENEW_LIFE = 2, + AT_EXP = 3, + AT_PW_EXP = 4, + AT_LAST_SUCCESS = 5, + AT_LAST_FAILED = 6, + AT_FAIL_AUTH_COUNT = 7, + AT_PRINC = 8, + AT_KEYDATA = 9, + AT_TL_DATA = 10, + AT_LEN = 11, + AT_MOD_PRINC = 12, + AT_MOD_TIME = 13, + AT_MOD_WHERE = 14, + AT_PW_LAST_CHANGE = 15, + AT_PW_POLICY = 16, + AT_PW_POLICY_SWITCH = 17, + AT_PW_HIST_KVNO = 18, + AT_PW_HIST = 19, }; typedef enum kdbe_attr_type_t kdbe_attr_type_t; struct kdbe_val_t { - kdbe_attr_type_t av_type; - union { - uint32_t av_attrflags; - uint32_t av_max_life; - uint32_t av_max_renew_life; - uint32_t av_exp; - uint32_t av_pw_exp; - uint32_t av_last_success; - uint32_t av_last_failed; - uint32_t av_fail_auth_count; - kdbe_princ_t av_princ; - struct { - u_int av_keydata_len; - kdbe_key_t *av_keydata_val; - } av_keydata; - struct { - u_int av_tldata_len; - kdbe_tl_t *av_tldata_val; - } av_tldata; - int16_t av_len; - uint32_t av_pw_last_change; - kdbe_princ_t av_mod_princ; - uint32_t av_mod_time; - utf8str_t av_mod_where; - utf8str_t av_pw_policy; - bool_t av_pw_policy_switch; - uint32_t av_pw_hist_kvno; - struct { - u_int av_pw_hist_len; - kdbe_pw_hist_t *av_pw_hist_val; - } av_pw_hist; - struct { - u_int av_extension_len; - char *av_extension_val; - } av_extension; - } kdbe_val_t_u; + kdbe_attr_type_t av_type; + union { + uint32_t av_attrflags; + uint32_t av_max_life; + uint32_t av_max_renew_life; + uint32_t av_exp; + uint32_t av_pw_exp; + uint32_t av_last_success; + uint32_t av_last_failed; + uint32_t av_fail_auth_count; + kdbe_princ_t av_princ; + struct { + u_int av_keydata_len; + kdbe_key_t *av_keydata_val; + } av_keydata; + struct { + u_int av_tldata_len; + kdbe_tl_t *av_tldata_val; + } av_tldata; + int16_t av_len; + uint32_t av_pw_last_change; + kdbe_princ_t av_mod_princ; + uint32_t av_mod_time; + utf8str_t av_mod_where; + utf8str_t av_pw_policy; + bool_t av_pw_policy_switch; + uint32_t av_pw_hist_kvno; + struct { + u_int av_pw_hist_len; + kdbe_pw_hist_t *av_pw_hist_val; + } av_pw_hist; + struct { + u_int av_extension_len; + char *av_extension_val; + } av_extension; + } kdbe_val_t_u; }; typedef struct kdbe_val_t kdbe_val_t; typedef struct { - u_int kdbe_t_len; - kdbe_val_t *kdbe_t_val; + u_int kdbe_t_len; + kdbe_val_t *kdbe_t_val; } kdbe_t; struct kdb_incr_update_t { - utf8str_t kdb_princ_name; - kdb_sno_t kdb_entry_sno; - kdbe_time_t kdb_time; - kdbe_t kdb_update; - bool_t kdb_deleted; - bool_t kdb_commit; - struct { - u_int kdb_kdcs_seen_by_len; - utf8str_t *kdb_kdcs_seen_by_val; - } kdb_kdcs_seen_by; - struct { - u_int kdb_futures_len; - char *kdb_futures_val; - } kdb_futures; + utf8str_t kdb_princ_name; + kdb_sno_t kdb_entry_sno; + kdbe_time_t kdb_time; + kdbe_t kdb_update; + bool_t kdb_deleted; + bool_t kdb_commit; + struct { + u_int kdb_kdcs_seen_by_len; + utf8str_t *kdb_kdcs_seen_by_val; + } kdb_kdcs_seen_by; + struct { + u_int kdb_futures_len; + char *kdb_futures_val; + } kdb_futures; }; typedef struct kdb_incr_update_t kdb_incr_update_t; typedef struct { - u_int kdb_ulog_t_len; - kdb_incr_update_t *kdb_ulog_t_val; + u_int kdb_ulog_t_len; + kdb_incr_update_t *kdb_ulog_t_val; } kdb_ulog_t; enum update_status_t { - UPDATE_OK = 0, - UPDATE_ERROR = 1, - UPDATE_FULL_RESYNC_NEEDED = 2, - UPDATE_BUSY = 3, - UPDATE_NIL = 4, - UPDATE_PERM_DENIED = 5, + UPDATE_OK = 0, + UPDATE_ERROR = 1, + UPDATE_FULL_RESYNC_NEEDED = 2, + UPDATE_BUSY = 3, + UPDATE_NIL = 4, + UPDATE_PERM_DENIED = 5, }; typedef enum update_status_t update_status_t; struct kdb_last_t { - kdb_sno_t last_sno; - kdbe_time_t last_time; + kdb_sno_t last_sno; + kdbe_time_t last_time; }; typedef struct kdb_last_t kdb_last_t; struct kdb_incr_result_t { - kdb_last_t lastentry; - kdb_ulog_t updates; - update_status_t ret; + kdb_last_t lastentry; + kdb_ulog_t updates; + update_status_t ret; }; typedef struct kdb_incr_result_t kdb_incr_result_t; struct kdb_fullresync_result_t { - kdb_last_t lastentry; - update_status_t ret; + kdb_last_t lastentry; + update_status_t ret; }; typedef struct kdb_fullresync_result_t kdb_fullresync_result_t; @@ -207,8 +206,8 @@ extern kdb_fullresync_result_t * iprop_full_resync_1(void *, CLIENT *); extern kdb_fullresync_result_t * iprop_full_resync_1_svc(void *, struct svc_req *); #define IPROP_FULL_RESYNC_EXT 3 -extern kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *); -extern kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *); +extern kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *); +extern kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *); extern int krb5_iprop_prog_1_freeresult (SVCXPRT *, xdrproc_t, caddr_t); #else /* K&R C */ From epeisach at MIT.EDU Sat Nov 14 19:51:21 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Sat, 14 Nov 2009 19:51:21 -0500 Subject: svn rev #23186: trunk/src/ include/ lib/krb5/os/ Message-ID: <200911150051.nAF0pLGP011647@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23186 Commit By: epeisach Log Message: Moved krb5int_sendto prototype to os-proto.h. This function is not exported from libkrb5 - so the rest of the world does not need to see it. Changed Files: U trunk/src/include/k5-int.h U trunk/src/lib/krb5/os/os-proto.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-15 00:19:36 UTC (rev 23185) +++ trunk/src/include/k5-int.h 2009-11-15 00:51:21 UTC (rev 23186) @@ -578,17 +578,6 @@ krb5_error_code krb5_sendto_kdc(krb5_context, const krb5_data *, const krb5_data *, krb5_data *, int *, int); -krb5_error_code -krb5int_sendto(krb5_context context, const krb5_data *message, - const struct addrlist *addrs, - struct sendto_callback_info* callback_info, - krb5_data *reply, struct sockaddr *localaddr, - socklen_t *localaddrlen, - struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, - int *addr_used, - int (*msg_handler)(krb5_context, const krb5_data *, void *), - void *msg_handler_data); - krb5_error_code krb5_get_krbhst(krb5_context, const krb5_data *, char *** ); krb5_error_code krb5_free_krbhst(krb5_context, char * const * ); krb5_error_code krb5_create_secure_file(krb5_context, const char * pathname); Modified: trunk/src/lib/krb5/os/os-proto.h =================================================================== --- trunk/src/lib/krb5/os/os-proto.h 2009-11-15 00:19:36 UTC (rev 23185) +++ trunk/src/lib/krb5/os/os-proto.h 2009-11-15 00:51:21 UTC (rev 23186) @@ -63,6 +63,17 @@ int _krb5_use_dns_kdc (krb5_context); int _krb5_conf_boolean (const char *); +krb5_error_code +krb5int_sendto(krb5_context context, const krb5_data *message, + const struct addrlist *addrs, + struct sendto_callback_info* callback_info, + krb5_data *reply, struct sockaddr *localaddr, + socklen_t *localaddrlen, + struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, + int *addr_used, + int (*msg_handler)(krb5_context, const krb5_data *, void *), + void *msg_handler_data); + /* The io vector is *not* const here, unlike writev()! */ int krb5int_net_writev (krb5_context, int, sg_buf *, int); From epeisach at MIT.EDU Sat Nov 14 20:38:41 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Sat, 14 Nov 2009 20:38:41 -0500 Subject: svn rev #23188: trunk/src/ include/ lib/krb5/os/ Message-ID: <200911150138.nAF1cfd6015429@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23188 Commit By: epeisach Log Message: Move krb5int_get_fq_local_hostname to os-proto.h. Not exported. Changed Files: U trunk/src/include/k5-int.h U trunk/src/lib/krb5/os/os-proto.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-15 01:17:21 UTC (rev 23187) +++ trunk/src/include/k5-int.h 2009-11-15 01:38:41 UTC (rev 23188) @@ -583,8 +583,6 @@ krb5_error_code krb5_create_secure_file(krb5_context, const char * pathname); krb5_error_code krb5_sync_disk_file(krb5_context, FILE *fp); -krb5_error_code krb5int_get_fq_local_hostname(char *, size_t); - krb5_error_code krb5int_init_context_kdc(krb5_context *); krb5_error_code krb5_os_init_context(krb5_context, krb5_boolean); Modified: trunk/src/lib/krb5/os/os-proto.h =================================================================== --- trunk/src/lib/krb5/os/os-proto.h 2009-11-15 01:17:21 UTC (rev 23187) +++ trunk/src/lib/krb5/os/os-proto.h 2009-11-15 01:38:41 UTC (rev 23188) @@ -74,6 +74,8 @@ int (*msg_handler)(krb5_context, const krb5_data *, void *), void *msg_handler_data); +krb5_error_code krb5int_get_fq_local_hostname(char *, size_t); + /* The io vector is *not* const here, unlike writev()! */ int krb5int_net_writev (krb5_context, int, sg_buf *, int); From epeisach at MIT.EDU Sun Nov 15 20:49:21 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Sun, 15 Nov 2009 20:49:21 -0500 Subject: svn rev #23232: trunk/src/ include/ lib/krb5/krb/ Message-ID: <200911160149.nAG1nLFc020552@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23232 Commit By: epeisach Log Message: Move prototypes for krb5int_send_tgs and krb5int_decode_tgs_rep to int-proto.h. These functions are not exported by the library. Changed Files: U trunk/src/include/k5-int.h U trunk/src/lib/krb5/krb/decode_kdc.c U trunk/src/lib/krb5/krb/int-proto.h U trunk/src/lib/krb5/krb/send_tgs.c Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-16 00:54:26 UTC (rev 23231) +++ trunk/src/include/k5-int.h 2009-11-16 01:49:21 UTC (rev 23232) @@ -2672,27 +2672,6 @@ krb5_error_code KRB5_CALLCONV krb5_get_default_config_files(char ***filenames); void KRB5_CALLCONV krb5_free_config_files(char **filenames); -krb5_error_code krb5int_send_tgs(krb5_context, krb5_flags, - const krb5_ticket_times *, - const krb5_enctype *, - krb5_const_principal, krb5_address *const *, - krb5_authdata *const *, - krb5_pa_data *const *, const krb5_data *, - krb5_creds *, - krb5_error_code (*gcvt_fct)(krb5_context, - krb5_keyblock *, - krb5_kdc_req *, - void *), - void *gcvt_data, krb5_response *, - krb5_keyblock **subkey); -/* The subkey field is an output parameter; if a - * tgs-rep is received then the subkey will be filled - * in with the subkey needed to decrypt the TGS - * response. Otherwise it will be set to null. - */ -krb5_error_code krb5int_decode_tgs_rep(krb5_context, krb5_data *, - const krb5_keyblock *, krb5_keyusage, - krb5_kdc_rep ** ); krb5_error_code krb5int_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata, Modified: trunk/src/lib/krb5/krb/decode_kdc.c =================================================================== --- trunk/src/lib/krb5/krb/decode_kdc.c 2009-11-16 00:54:26 UTC (rev 23231) +++ trunk/src/lib/krb5/krb/decode_kdc.c 2009-11-16 01:49:21 UTC (rev 23232) @@ -29,6 +29,7 @@ */ #include "k5-int.h" +#include "int-proto.h" /* Takes a KDC_REP message and decrypts encrypted part using etype and Modified: trunk/src/lib/krb5/krb/int-proto.h =================================================================== --- trunk/src/lib/krb5/krb/int-proto.h 2009-11-16 00:54:26 UTC (rev 23231) +++ trunk/src/lib/krb5/krb/int-proto.h 2009-11-16 01:49:21 UTC (rev 23232) @@ -32,15 +32,13 @@ #ifndef KRB5_INT_FUNC_PROTO__ #define KRB5_INT_FUNC_PROTO__ -krb5_error_code krb5_tgtname -(krb5_context context, - const krb5_data *, - const krb5_data *, - krb5_principal *); +krb5_error_code +krb5_tgtname(krb5_context context, const krb5_data *, const krb5_data *, + krb5_principal *); -krb5_error_code krb5_libdefault_boolean -(krb5_context, const krb5_data *, const char *, - int *); +krb5_error_code +krb5_libdefault_boolean(krb5_context, const krb5_data *, const char *, + int *); krb5_error_code krb5_ser_authdata_init (krb5_context); krb5_error_code krb5_ser_address_init (krb5_context); @@ -87,4 +85,26 @@ krb5_creds **out_cred, krb5_keyblock **out_subkey); +krb5_error_code krb5int_send_tgs(krb5_context, krb5_flags, + const krb5_ticket_times *, + const krb5_enctype *, + krb5_const_principal, krb5_address *const *, + krb5_authdata *const *, + krb5_pa_data *const *, const krb5_data *, + krb5_creds *, + krb5_error_code (*gcvt_fct)(krb5_context, + krb5_keyblock *, + krb5_kdc_req *, + void *), + void *gcvt_data, krb5_response *, + krb5_keyblock **subkey); +/* The subkey field is an output parameter; if a + * tgs-rep is received then the subkey will be filled + * in with the subkey needed to decrypt the TGS + * response. Otherwise it will be set to null. + */ +krb5_error_code krb5int_decode_tgs_rep(krb5_context, krb5_data *, + const krb5_keyblock *, krb5_keyusage, + krb5_kdc_rep ** ); + #endif /* KRB5_INT_FUNC_PROTO__ */ Modified: trunk/src/lib/krb5/krb/send_tgs.c =================================================================== --- trunk/src/lib/krb5/krb/send_tgs.c 2009-11-16 00:54:26 UTC (rev 23231) +++ trunk/src/lib/krb5/krb/send_tgs.c 2009-11-16 01:49:21 UTC (rev 23232) @@ -29,6 +29,7 @@ */ #include "k5-int.h" +#include "int-proto.h" /* Constructs a TGS request From tlyu at MIT.EDU Mon Nov 16 11:48:38 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 16 Nov 2009 11:48:38 -0500 Subject: svn rev #23236: trunk/src/ lib/krb5/asn.1/ Message-ID: <200911161648.nAGGmcEU029389@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23236 Commit By: tlyu Log Message: Fix coding style in lib/krb5/asn.1, remove from exclusions, and reindent. Changed Files: U trunk/src/Makefile.in U trunk/src/lib/krb5/asn.1/asn1_decode.h U trunk/src/lib/krb5/asn.1/asn1_encode.h U trunk/src/lib/krb5/asn.1/asn1_k_decode.c U trunk/src/lib/krb5/asn.1/asn1_k_encode.c U trunk/src/lib/krb5/asn.1/asn1_make.h U trunk/src/lib/krb5/asn.1/asn1buf.c U trunk/src/lib/krb5/asn.1/asn1buf.h U trunk/src/lib/krb5/asn.1/krb5_decode.c Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-11-16 09:30:30 UTC (rev 23235) +++ trunk/src/Makefile.in 2009-11-16 16:48:37 UTC (rev 23236) @@ -688,12 +688,6 @@ include/iprop.h \ include/k5-platform.h \ include/gssrpc \ - lib/krb5/asn.1/asn1_decode.h \ - lib/krb5/asn.1/asn1_encode.h \ - lib/krb5/asn.1/asn1_k_encode.c \ - lib/krb5/asn.1/asn1_make.h \ - lib/krb5/asn.1/asn1buf.h \ - lib/krb5/asn.1/krb5_decode.c \ lib/krb5/krb/deltat.c \ lib/krb5/unicode Modified: trunk/src/lib/krb5/asn.1/asn1_decode.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_decode.h 2009-11-16 09:30:30 UTC (rev 23235) +++ trunk/src/lib/krb5/asn.1/asn1_decode.h 2009-11-16 16:48:37 UTC (rev 23236) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_decode.h * @@ -33,33 +33,34 @@ #include "asn1buf.h" /* - Overview + * Overview + * + * These procedures take an asn1buf whose current position points + * to the beginning of an ASN.1 primitive (). + * The primitive is removed from the buffer and decoded. + * + * Operations + * + * asn1_decode_integer + * asn1_decode_unsigned_integer + * asn1_decode_octetstring + * asn1_decode_charstring + * asn1_decode_generalstring + * asn1_decode_null + * asn1_decode_printablestring + * asn1_decode_ia5string + * asn1_decode_generaltime + */ - These procedures take an asn1buf whose current position points - to the beginning of an ASN.1 primitive (). - The primitive is removed from the buffer and decoded. - - Operations - - asn1_decode_integer - asn1_decode_unsigned_integer - asn1_decode_octetstring - asn1_decode_charstring - asn1_decode_generalstring - asn1_decode_null - asn1_decode_printablestring - asn1_decode_ia5string - asn1_decode_generaltime -*/ - /* asn1_error_code asn1_decode_type(asn1buf *buf, ctype *val); */ -/* requires *buf is allocated - modifies *buf, *len - effects Decodes the octet string in *buf into *val. - Returns ENOMEM if memory is exhausted. - Returns asn1 errors. */ +/* + * requires *buf is allocated + * modifies *buf, *len + * effects Decodes the octet string in *buf into *val. + * Returns ENOMEM if memory is exhausted. + * Returns asn1 errors. + */ - asn1_error_code asn1_decode_boolean(asn1buf *buf, unsigned int *val); asn1_error_code asn1_decode_integer(asn1buf *buf, long *val); asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, unsigned long *val); @@ -74,12 +75,14 @@ char **val); asn1_error_code asn1_decode_charstring(asn1buf *buf, unsigned int *retlen, char **val); -/* Note: A charstring is a special hack to account for the fact that - krb5 structures store some OCTET STRING values in krb5_octet - arrays and others in krb5_data structures - (which use char arrays). - From the ASN.1 point of view, the two string types are the same, - only the receptacles differ. */ +/* + * Note: A charstring is a special hack to account for the fact that + * krb5 structures store some OCTET STRING values in krb5_octet + * arrays and others in krb5_data structures + * (which use char arrays). + * From the ASN.1 point of view, the two string types are the same, + * only the receptacles differ. + */ asn1_error_code asn1_decode_printablestring(asn1buf *buf, int *retlen, char **val); asn1_error_code asn1_decode_ia5string(asn1buf *buf, int *retlen, char **val); Modified: trunk/src/lib/krb5/asn.1/asn1_encode.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_encode.h 2009-11-16 09:30:30 UTC (rev 23235) +++ trunk/src/lib/krb5/asn.1/asn1_encode.h 2009-11-16 16:48:37 UTC (rev 23236) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_encode.h * @@ -34,200 +34,231 @@ #include /* - Overview + * Overview + * + * Each of these procedures inserts the encoding of an ASN.1 + * primitive in a coding buffer. + * + * Operations + * + * asn1_encode_boolean + * asn1_encode_integer + * asn1_encode_unsigned_integer + * asn1_encode_octetstring + * asn1_encode_generaltime + * asn1_encode_generalstring + * asn1_encode_bitstring + * asn1_encode_oid + */ - Each of these procedures inserts the encoding of an ASN.1 - primitive in a coding buffer. - - Operations - - asn1_encode_boolean - asn1_encode_integer - asn1_encode_unsigned_integer - asn1_encode_octetstring - asn1_encode_generaltime - asn1_encode_generalstring - asn1_encode_bitstring - asn1_encode_oid -*/ - asn1_error_code asn1_encode_boolean(asn1buf *buf, asn1_intmax val, unsigned int *retlen); asn1_error_code asn1_encode_integer(asn1buf *buf, asn1_intmax val, unsigned int *retlen); -/* requires *buf is allocated - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +/* + * requires *buf is allocated + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ asn1_error_code asn1_encode_enumerated(asn1buf *buf, long val, unsigned int *retlen); asn1_error_code asn1_encode_unsigned_integer(asn1buf *buf, asn1_uintmax val, unsigned int *retlen); -/* requires *buf is allocated - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +/* + * requires *buf is allocated + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ asn1_error_code asn1_encode_octetstring(asn1buf *buf, unsigned int len, const void *val, unsigned int *retlen); -/* requires *buf is allocated - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +/* + * requires *buf is allocated + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ #define asn1_encode_charstring asn1_encode_octetstring asn1_error_code asn1_encode_oid(asn1buf *buf, unsigned int len, const asn1_octet *val, unsigned int *retlen); -/* requires *buf is allocated - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +/* + * requires *buf is allocated + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ asn1_error_code asn1_encode_null(asn1buf *buf, int *retlen); -/* requires *buf is allocated - modifies *buf, *retlen - effects Inserts the encoding of NULL into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +/* + * requires *buf is allocated + * modifies *buf, *retlen + * effects Inserts the encoding of NULL into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ -asn1_error_code asn1_encode_printablestring (asn1buf *buf, unsigned int len, - const char *val, int *retlen); -/* requires *buf is allocated - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +asn1_error_code asn1_encode_printablestring(asn1buf *buf, unsigned int len, + const char *val, int *retlen); +/* + * requires *buf is allocated + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ -asn1_error_code asn1_encode_ia5string - (asn1buf *buf, - unsigned int len, const char *val, - int *retlen); -/* requires *buf is allocated - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +asn1_error_code asn1_encode_ia5string(asn1buf *buf, unsigned int len, + const char *val, int *retlen); +/* + * requires *buf is allocated + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ -asn1_error_code asn1_encode_generaltime - (asn1buf *buf, time_t val, unsigned int *retlen); -/* requires *buf is allocated - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. - Note: The encoding of GeneralizedTime is YYYYMMDDhhmmZ */ +asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, + unsigned int *retlen); +/* + * requires *buf is allocated + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + * Note: The encoding of GeneralizedTime is YYYYMMDDhhmmZ + */ -asn1_error_code asn1_encode_generalstring - (asn1buf *buf, - unsigned int len, const void *val, - unsigned int *retlen); -/* requires *buf is allocated, val has a length of len characters - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +asn1_error_code asn1_encode_generalstring(asn1buf *buf, + unsigned int len, const void *val, + unsigned int *retlen); +/* + * requires *buf is allocated, val has a length of len characters + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ asn1_error_code asn1_encode_bitstring(asn1buf *buf, unsigned int len, const void *val, unsigned int *retlen); -/* requires *buf is allocated, val has a length of len characters - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +/* + * requires *buf is allocated, val has a length of len characters + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ asn1_error_code asn1_encode_opaque(asn1buf *buf, unsigned int len, const void *val, unsigned int *retlen); -/* requires *buf is allocated, val has a length of len characters - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ +/* + * requires *buf is allocated, val has a length of len characters + * modifies *buf, *retlen + * effects Inserts the encoding of val into *buf and returns + * the length of the encoding in *retlen. + * Returns ENOMEM to signal an unsuccesful attempt + * to expand the buffer. + */ -/* Type descriptor info. +/* + * Type descriptor info. + * + * In this context, a "type" is a combination of a C data type + * and an ASN.1 encoding scheme for it. So we would have to define + * different "types" for: + * + * * unsigned char* encoded as octet string + * * char* encoded as octet string + * * char* encoded as generalstring + * * krb5_data encoded as octet string + * * krb5_data encoded as generalstring + * * int32_t encoded as integer + * * unsigned char encoded as integer + * + * Perhaps someday some kind of flags could be defined so that minor + * variations on the C types could be handled via common routines. + * + * The handling of strings is pretty messy. Currently, we have a + * separate kind of encoder function that takes an extra length + * parameter. Perhaps we should just give up on that, always deal + * with just a single location, and handle strings by via encoder + * functions for krb5_data, keyblock, etc. + * + * We wind up with a lot of load-time relocations being done, which is + * a bit annoying. Be careful about "fixing" that at the cost of too + * much run-time performance. It might work to have a master "module" + * descriptor with pointers to various arrays (type descriptors, + * strings, field descriptors, functions) most of which don't need + * relocation themselves, and replace most of the pointers with table + * indices. + * + * It's a work in progress. + */ - In this context, a "type" is a combination of a C data type - and an ASN.1 encoding scheme for it. So we would have to define - different "types" for: - - * unsigned char* encoded as octet string - * char* encoded as octet string - * char* encoded as generalstring - * krb5_data encoded as octet string - * krb5_data encoded as generalstring - * int32_t encoded as integer - * unsigned char encoded as integer - - Perhaps someday some kind of flags could be defined so that minor - variations on the C types could be handled via common routines. - - The handling of strings is pretty messy. Currently, we have a - separate kind of encoder function that takes an extra length - parameter. Perhaps we should just give up on that, always deal - with just a single location, and handle strings by via encoder - functions for krb5_data, keyblock, etc. - - We wind up with a lot of load-time relocations being done, which is - a bit annoying. Be careful about "fixing" that at the cost of too - much run-time performance. It might work to have a master "module" - descriptor with pointers to various arrays (type descriptors, - strings, field descriptors, functions) most of which don't need - relocation themselves, and replace most of the pointers with table - indices. - - It's a work in progress. */ - enum atype_type { - /* For bounds checking only. By starting with values above 1, we - guarantee that zero-initialized storage will be recognized as - invalid. */ + /* + * For bounds checking only. By starting with values above 1, we + * guarantee that zero-initialized storage will be recognized as + * invalid. + */ atype_min = 1, /* Encoder function to be called with address of . */ atype_fn, - /* Encoder function to be called with address of and a - length (unsigned int). */ + /* + * Encoder function to be called with address of and a + * length (unsigned int). + */ atype_fn_len, - /* Pointer to actual thing to be encoded. - - Most of the fields are related only to the C type -- size, how - to fetch a pointer in a type-safe fashion -- but since the base - type descriptor encapsulates the encoding as well, different - encodings for the same C type may require different pointer-to - types as well. - - Must not refer to atype_fn_len. */ + /* + * Pointer to actual thing to be encoded. + * + * Most of the fields are related only to the C type -- size, how + * to fetch a pointer in a type-safe fashion -- but since the base + * type descriptor encapsulates the encoding as well, different + * encodings for the same C type may require different pointer-to + * types as well. + * + * Must not refer to atype_fn_len. + */ atype_ptr, /* Sequence, with pointer to sequence descriptor header. */ atype_sequence, - /* Sequence-of, with pointer to base type descriptor, represented - as a null-terminated array of pointers (and thus the "base" - type descriptor is actually an atype_ptr node). */ + /* + * Sequence-of, with pointer to base type descriptor, represented + * as a null-terminated array of pointers (and thus the "base" + * type descriptor is actually an atype_ptr node). + */ atype_nullterm_sequence_of, atype_nonempty_nullterm_sequence_of, - /* Encode this object using a single field descriptor. This may - mean the atype/field breakdown needs revision.... - - Main expected uses: Encode realm component of principal as a - GENERALSTRING. Pluck data and length fields out of a structure - and encode a counted SEQUENCE OF. */ + /* + * Encode this object using a single field descriptor. This may + * mean the atype/field breakdown needs revision.... + * + * Main expected uses: Encode realm component of principal as a + * GENERALSTRING. Pluck data and length fields out of a structure + * and encode a counted SEQUENCE OF. + */ atype_field, /* Tagged version of another type. */ atype_tagged_thing, @@ -238,12 +269,14 @@ atype_max }; -/* Initialized structures could be a lot smaller if we could use C99 - designated initializers, and a union for all the type-specific - stuff. Maybe use the hack we use for krb5int_access, where we use - a run-time initialize if the compiler doesn't support designated - initializers? That's a lot of work here, though, with so many - little structures. Maybe if/when these get auto-generated. */ +/* + * Initialized structures could be a lot smaller if we could use C99 + * designated initializers, and a union for all the type-specific + * stuff. Maybe use the hack we use for krb5int_access, where we use + * a run-time initialize if the compiler doesn't support designated + * initializers? That's a lot of work here, though, with so many + * little structures. Maybe if/when these get auto-generated. + */ struct atype_info { enum atype_type type; /* used for sequence-of processing */ @@ -268,33 +301,37 @@ asn1_uintmax (*loaduint)(const void *); }; -/* The various DEF*TYPE macros must: +/* + * The various DEF*TYPE macros must: + * + * + Define a type named aux_typedefname_##DESCNAME, for use in any + * types derived from the type being defined. + * + * + Define an atype_info struct named krb5int_asn1type_##DESCNAME. + * + * + Define any extra stuff needed in the type descriptor, like + * pointer-load functions. + * + * + Accept a following semicolon syntactically, to keep Emacs parsing + * (and indentation calculating) code happy. + * + * Nothing else should directly define the atype_info structures. + */ - + Define a type named aux_typedefname_##DESCNAME, for use in any - types derived from the type being defined. - - + Define an atype_info struct named krb5int_asn1type_##DESCNAME. - - + Define any extra stuff needed in the type descriptor, like - pointer-load functions. - - + Accept a following semicolon syntactically, to keep Emacs parsing - (and indentation calculating) code happy. - - Nothing else should directly define the atype_info structures. */ - -/* Define a type for which we must use an explicit encoder function. - The DEFFNTYPE variant uses a function taking a void*, the - DEFFNXTYPE form wants a function taking a pointer to the actual C - type to be encoded; you should use the latter unless you've already - got the void* function supplied elsewhere. - - Of course, we need a single, consistent type for the descriptor - structure field, so we use the function pointer type that uses - void*, and create a wrapper function in DEFFNXTYPE. However, in - all our cases so far, the supplied function is static and not used - otherwise, so the compiler can merge it with the wrapper function - if the optimizer is good enough. */ +/* + * Define a type for which we must use an explicit encoder function. + * The DEFFNTYPE variant uses a function taking a void*, the + * DEFFNXTYPE form wants a function taking a pointer to the actual C + * type to be encoded; you should use the latter unless you've already + * got the void* function supplied elsewhere. + * + * Of course, we need a single, consistent type for the descriptor + * structure field, so we use the function pointer type that uses + * void*, and create a wrapper function in DEFFNXTYPE. However, in + * all our cases so far, the supplied function is static and not used + * otherwise, so the compiler can merge it with the wrapper function + * if the optimizer is good enough. + */ #define DEFFNTYPE(DESCNAME, CTYPENAME, ENCFN) \ typedef CTYPENAME aux_typedefname_##DESCNAME; \ const struct atype_info krb5int_asn1type_##DESCNAME = { \ @@ -313,18 +350,20 @@ const struct atype_info krb5int_asn1type_##DESCNAME = { \ atype_fn, sizeof(CTYPENAME), aux_encfn_##DESCNAME, \ } -/* XXX The handling of data+length fields really needs reworking. - A type descriptor probably isn't the right way. - - Also, the C type is likely to be one of char*, unsigned char*, - or (maybe) void*. An enumerator or reference to an external - function would be more compact. - - The supplied encoder function takes as an argument the data pointer - loaded from the indicated location, not the address of the field. - This isn't consistent with DEFFN[X]TYPE above, but all of the uses - of DEFFNLENTYPE are for string encodings, and that's how our - string-encoding primitives work. So be it. */ +/* + * XXX The handling of data+length fields really needs reworking. + * A type descriptor probably isn't the right way. + * + * Also, the C type is likely to be one of char*, unsigned char*, + * or (maybe) void*. An enumerator or reference to an external + * function would be more compact. + * + * The supplied encoder function takes as an argument the data pointer + * loaded from the indicated location, not the address of the field. + * This isn't consistent with DEFFN[X]TYPE above, but all of the uses + * of DEFFNLENTYPE are for string encodings, and that's how our + * string-encoding primitives work. So be it. + */ #ifdef POINTERS_ARE_ALL_THE_SAME #define DEFFNLENTYPE(DESCNAME, CTYPENAME, ENCFN) \ typedef CTYPENAME aux_typedefname_##DESCNAME; \ @@ -344,8 +383,10 @@ loadptr_for_##DESCNAME \ } #endif -/* A sequence, defined by the indicated series of fields, and an - optional function indicating which fields are present. */ +/* + * A sequence, defined by the indicated series of fields, and an + * optional function indicating which fields are present. + */ #define DEFSEQTYPE(DESCNAME, CTYPENAME, FIELDS, OPT) \ typedef CTYPENAME aux_typedefname_##DESCNAME; \ static const struct seq_info aux_seqinfo_##DESCNAME = { \ @@ -403,16 +444,18 @@ &krb5int_asn1type_##BASEDESCNAME, 0 \ } #endif -/* This encodes a pointer-to-pointer-to-thing where the passed-in - value points to a null-terminated list of pointers to objects to be - encoded, and encodes a (possibly empty) SEQUENCE OF these objects. - - BASEDESCNAME is a descriptor name for the pointer-to-thing - type. - - When dealing with a structure containing a - pointer-to-pointer-to-thing field, make a DEFPTRTYPE of this type, - and use that type for the structure field. */ +/* + * This encodes a pointer-to-pointer-to-thing where the passed-in + * value points to a null-terminated list of pointers to objects to be + * encoded, and encodes a (possibly empty) SEQUENCE OF these objects. + * + * BASEDESCNAME is a descriptor name for the pointer-to-thing + * type. + * + * When dealing with a structure containing a + * pointer-to-pointer-to-thing field, make a DEFPTRTYPE of this type, + * and use that type for the structure field. + */ #define DEFNULLTERMSEQOFTYPE(DESCNAME,BASEDESCNAME) \ typedef aux_typedefname_##BASEDESCNAME aux_typedefname_##DESCNAME; \ const struct atype_info krb5int_asn1type_##DESCNAME = { \ @@ -430,8 +473,10 @@ 0 /* loadptr */, \ &krb5int_asn1type_##BASEDESCNAME, 0 \ } -/* Encode a thing (probably sub-fields within the structure) as a - single object. */ +/* + * Encode a thing (probably sub-fields within the structure) as a + * single object. + */ #define DEFFIELDTYPE(DESCNAME, CTYPENAME, FIELDINFO) \ typedef CTYPENAME aux_typedefname_##DESCNAME; \ static const struct field_info aux_fieldinfo_##DESCNAME = FIELDINFO; \ @@ -447,29 +492,33 @@ 0, 0, 0, &krb5int_asn1type_##BASEDESC, 0, 0, TAG, APPLICATION \ } -/* Declare an externally-defined type. This is a hack we should do - away with once we move to generating code from a script. For now, - this macro is unfortunately not compatible with the defining macros - above, since you can't do the typedefs twice and we need the - declarations to produce typedefs. (We could eliminate the typedefs - from the DEF* macros, but then every DEF* macro use, even the ones - for internal type nodes we only use to build other types, would - need an accompanying declaration which explicitly lists the - type.) */ +/* + * Declare an externally-defined type. This is a hack we should do + * away with once we move to generating code from a script. For now, + * this macro is unfortunately not compatible with the defining macros + * above, since you can't do the typedefs twice and we need the + * declarations to produce typedefs. (We could eliminate the typedefs + * from the DEF* macros, but then every DEF* macro use, even the ones + * for internal type nodes we only use to build other types, would + * need an accompanying declaration which explicitly lists the + * type.) + */ #define IMPORT_TYPE(DESCNAME, CTYPENAME) \ typedef CTYPENAME aux_typedefname_##DESCNAME; \ extern const struct atype_info krb5int_asn1type_##DESCNAME -/* Create a partial-encoding function by the indicated name, for the - indicated type. Should only be needed until we've converted all of - the encoders, then everything should use descriptor tables. */ +/* + * Create a partial-encoding function by the indicated name, for the + * indicated type. Should only be needed until we've converted all of + * the encoders, then everything should use descriptor tables. + */ extern asn1_error_code krb5int_asn1_encode_a_thing(asn1buf *buf, const void *val, const struct atype_info *a, unsigned int *retlen); #define MAKE_ENCFN(FNAME,DESC) \ - static asn1_error_code FNAME (asn1buf *buf, \ - const aux_typedefname_##DESC *val, \ - unsigned int *retlen) \ + static asn1_error_code FNAME(asn1buf *buf, \ + const aux_typedefname_##DESC *val, \ + unsigned int *retlen) \ { \ return krb5int_asn1_encode_a_thing(buf, val, \ &krb5int_asn1type_##DESC, \ @@ -477,32 +526,40 @@ } \ extern int dummy /* gobble semicolon */ -/* Sequence field descriptor. +/* + * Sequence field descriptor. + * + * Currently we assume everything is a single object with a type + * descriptor, and then we bolt on some ugliness on the side for + * handling strings with length fields. + * + * Anything with "interesting" encoding handling, like a sequence-of + * or a pointer to the actual value to encode, is handled via opaque + * types with their own encoder functions. Most of that should + * eventually change. + */ - Currently we assume everything is a single object with a type - descriptor, and then we bolt on some ugliness on the side for - handling strings with length fields. - - Anything with "interesting" encoding handling, like a sequence-of - or a pointer to the actual value to encode, is handled via opaque - types with their own encoder functions. Most of that should - eventually change. */ - enum field_type { /* Unused except for range checking. */ field_min = 1, /* Field ATYPE describes processing of field at DATAOFF. */ field_normal, - /* Encode an "immediate" integer value stored in DATAOFF, with no - reference to the data structure. */ + /* + * Encode an "immediate" integer value stored in DATAOFF, with no + * reference to the data structure. + */ field_immediate, - /* Encode some kind of string field encoded with pointer and - length. (A GENERALSTRING represented as a null-terminated C - string would be handled as field_normal.) */ + /* + * Encode some kind of string field encoded with pointer and + * length. (A GENERALSTRING represented as a null-terminated C + * string would be handled as field_normal.) + */ field_string, - /* LENOFF indicates a value describing the length of the array at - DATAOFF, encoded as a sequence-of with the element type - described by ATYPE. */ + /* + * LENOFF indicates a value describing the length of the array at + * DATAOFF, encoded as a sequence-of with the element type + * described by ATYPE. + */ field_sequenceof_len, /* Unused except for range checking. */ field_max @@ -512,118 +569,136 @@ /* Type of the field. */ unsigned int /* enum field_type */ ftype : 3; - /* Use of DATAOFF and LENOFF are described by the value in FTYPE. - Generally DATAOFF will be the offset from the supplied pointer - at which we find the object to be encoded. */ + /* + * Use of DATAOFF and LENOFF are described by the value in FTYPE. + * Generally DATAOFF will be the offset from the supplied pointer + * at which we find the object to be encoded. + */ unsigned int dataoff : 9, lenoff : 9; - /* If TAG is non-negative, a context tag with that value is added - to the encoding of the thing. (XXX This would encode more - compactly as an unsigned bitfield value tagnum+1, with 0=no - tag.) The tag is omitted for optional fields that are not - present. - - It's a bit illogical to combine the tag and other field info, - since really a sequence field could have zero or several - context tags, and of course a tag could be used elsewhere. But - the normal mode in the Kerberos ASN.1 description is to use one - context tag on each sequence field, so for now let's address - that case primarily and work around the other cases (thus tag<0 - means skip tagging). */ + /* + * If TAG is non-negative, a context tag with that value is added + * to the encoding of the thing. (XXX This would encode more + * compactly as an unsigned bitfield value tagnum+1, with 0=no + * tag.) The tag is omitted for optional fields that are not + * present. + * + * It's a bit illogical to combine the tag and other field info, + * since really a sequence field could have zero or several + * context tags, and of course a tag could be used elsewhere. But + * the normal mode in the Kerberos ASN.1 description is to use one + * context tag on each sequence field, so for now let's address + * that case primarily and work around the other cases (thus tag<0 + * means skip tagging). + */ signed int tag : 5; - /* If OPT is non-negative and the sequence header structure has a - function pointer describing which fields are present, OPT is - the bit position indicating whether the currently-described - element is present. (XXX Similar encoding issue.) - - Note: Most of the time, I'm using the same number here as for - the context tag. This is just because it's easier for me to - keep track while working on the code by hand. The *only* - meaningful correlation is of this value and the bits set by the - "optional" function when examining the data structure. */ + /* + * If OPT is non-negative and the sequence header structure has a + * function pointer describing which fields are present, OPT is + * the bit position indicating whether the currently-described + * element is present. (XXX Similar encoding issue.) + * + * Note: Most of the time, I'm using the same number here as for + * the context tag. This is just because it's easier for me to + * keep track while working on the code by hand. The *only* + * meaningful correlation is of this value and the bits set by the + * "optional" function when examining the data structure. + */ signed int opt : 5; - /* For some values of FTYPE, this describes the type of the - object(s) to be encoded. */ + /* + * For some values of FTYPE, this describes the type of the + * object(s) to be encoded. + */ const struct atype_info *atype; - /* We use different types for "length" fields in different places. - So we need a good way to retrieve the various kinds of lengths - in a compatible way. This may be a string length, or the - length of an array of objects to encode in a SEQUENCE OF. - - In case the field is signed and negative, or larger than - size_t, return SIZE_MAX as an error indication. We'll assume - for now that we'll never have 4G-1 (or 2**64-1, or on tiny - systems, 65535) sized values. On most if not all systems we - care about, SIZE_MAX is equivalent to "all of addressable - memory" minus one byte. That wouldn't leave enough extra room - for the structure we're encoding, so it's pretty safe to assume - SIZE_MAX won't legitimately come up on those systems. - - If this code gets ported to a segmented architecture or other - system where it might be possible... figure it out then. */ + /* + * We use different types for "length" fields in different places. + * So we need a good way to retrieve the various kinds of lengths + * in a compatible way. This may be a string length, or the + * length of an array of objects to encode in a SEQUENCE OF. + * + * In case the field is signed and negative, or larger than + * size_t, return SIZE_MAX as an error indication. We'll assume + * for now that we'll never have 4G-1 (or 2**64-1, or on tiny + * systems, 65535) sized values. On most if not all systems we + * care about, SIZE_MAX is equivalent to "all of addressable + * memory" minus one byte. That wouldn't leave enough extra room + * for the structure we're encoding, so it's pretty safe to assume + * SIZE_MAX won't legitimately come up on those systems. + * + * If this code gets ported to a segmented architecture or other + * system where it might be possible... figure it out then. + */ const struct atype_info *lentype; }; -/* Normal or optional sequence fields at a particular offset, encoded - as indicated by the listed DESCRiptor. */ +/* + * Normal or optional sequence fields at a particular offset, encoded + * as indicated by the listed DESCRiptor. + */ #define FIELDOF_OPT(TYPE,DESCR,FIELDNAME,TAG,OPT) \ { \ field_normal, OFFOF(TYPE, FIELDNAME, aux_typedefname_##DESCR), \ - 0, TAG, OPT, &krb5int_asn1type_##DESCR \ - } + 0, TAG, OPT, &krb5int_asn1type_##DESCR \ + } #define FIELDOF_NORM(TYPE,DESCR,FIELDNAME,TAG) \ FIELDOF_OPT(TYPE,DESCR,FIELDNAME,TAG,-1) -/* If encoding a subset of the fields of the current structure (for - example, a flat structure describing data that gets encoded as a - sequence containing one or more sequences), use ENCODEAS, no struct - field name(s), and the indicated type descriptor must support the - current struct type. */ -#define FIELDOF_ENCODEAS(TYPE,DESCR,TAG) \ +/* + * If encoding a subset of the fields of the current structure (for + * example, a flat structure describing data that gets encoded as a + * sequence containing one or more sequences), use ENCODEAS, no struct + * field name(s), and the indicated type descriptor must support the + * current struct type. + */ +#define FIELDOF_ENCODEAS(TYPE,DESCR,TAG) \ FIELDOF_ENCODEAS_OPT(TYPE,DESCR,TAG,-1) #define FIELDOF_ENCODEAS_OPT(TYPE,DESCR,TAG,OPT) \ { \ field_normal, \ - 0 * sizeof(0 ? (TYPE *)0 : (aux_typedefname_##DESCR *) 0), \ - 0, TAG, OPT, &krb5int_asn1type_##DESCR \ - } + 0 * sizeof(0 ? (TYPE *)0 : (aux_typedefname_##DESCR *) 0), \ + 0, TAG, OPT, &krb5int_asn1type_##DESCR \ + } -/* Reinterpret some subset of the structure itself as something - else. */ -#define FIELD_SELF(DESCR, TAG) \ +/* + * Reinterpret some subset of the structure itself as something + * else. + */ +#define FIELD_SELF(DESCR, TAG) \ { field_normal, 0, 0, TAG, -1, &krb5int_asn1type_##DESCR } #define FIELDOF_OPTSTRINGL(STYPE,DESC,PTRFIELD,LENDESC,LENFIELD,TAG,OPT) \ - { \ - field_string, \ - OFFOF(STYPE, PTRFIELD, aux_typedefname_##DESC), \ - OFFOF(STYPE, LENFIELD, aux_typedefname_##LENDESC), \ - TAG, OPT, &krb5int_asn1type_##DESC, &krb5int_asn1type_##LENDESC \ - } + { \ + field_string, \ + OFFOF(STYPE, PTRFIELD, aux_typedefname_##DESC), \ + OFFOF(STYPE, LENFIELD, aux_typedefname_##LENDESC), \ + TAG, OPT, &krb5int_asn1type_##DESC, &krb5int_asn1type_##LENDESC \ + } #define FIELDOF_OPTSTRING(STYPE,DESC,PTRFIELD,LENFIELD,TAG,OPT) \ FIELDOF_OPTSTRINGL(STYPE,DESC,PTRFIELD,uint,LENFIELD,TAG,OPT) #define FIELDOF_STRINGL(STYPE,DESC,PTRFIELD,LENDESC,LENFIELD,TAG) \ FIELDOF_OPTSTRINGL(STYPE,DESC,PTRFIELD,LENDESC,LENFIELD,TAG,-1) -#define FIELDOF_STRING(STYPE,DESC,PTRFIELD,LENFIELD,TAG) \ +#define FIELDOF_STRING(STYPE,DESC,PTRFIELD,LENFIELD,TAG) \ FIELDOF_OPTSTRING(STYPE,DESC,PTRFIELD,LENFIELD,TAG,-1) -#define FIELD_INT_IMM(VALUE,TAG) \ +#define FIELD_INT_IMM(VALUE,TAG) \ { field_immediate, VALUE, 0, TAG, -1, 0, } #define FIELDOF_SEQOF_LEN(STYPE,DESC,PTRFIELD,LENFIELD,LENTYPE,TAG) \ { \ field_sequenceof_len, \ - OFFOF(STYPE, PTRFIELD, aux_typedefname_##DESC), \ - OFFOF(STYPE, LENFIELD, aux_typedefname_##LENTYPE), \ - TAG, -1, &krb5int_asn1type_##DESC, &krb5int_asn1type_##LENTYPE \ - } + OFFOF(STYPE, PTRFIELD, aux_typedefname_##DESC), \ + OFFOF(STYPE, LENFIELD, aux_typedefname_##LENTYPE), \ + TAG, -1, &krb5int_asn1type_##DESC, &krb5int_asn1type_##LENTYPE \ + } #define FIELDOF_SEQOF_INT32(STYPE,DESC,PTRFIELD,LENFIELD,TAG) \ FIELDOF_SEQOF_LEN(STYPE,DESC,PTRFIELD,LENFIELD,int32,TAG) struct seq_info { - /* If present, returns a bitmask indicating which fields are - present. See the "opt" field in struct field_info. */ + /* + * If present, returns a bitmask indicating which fields are + * present. See the "opt" field in struct field_info. + */ unsigned int (*optional)(const void *); /* Indicates an array of sequence field descriptors. */ const struct field_info *fields; @@ -645,9 +720,11 @@ extern int dummy /* gobble semicolon */ #include -/* Ugly hack! - Like "offsetof", but with type checking. */ -#define WARN_IF_TYPE_MISMATCH(LVALUE, TYPE) \ +/* + * Ugly hack! + * Like "offsetof", but with type checking. + */ +#define WARN_IF_TYPE_MISMATCH(LVALUE, TYPE) \ (sizeof(0 ? (TYPE *) 0 : &(LVALUE))) #define OFFOF(TYPE,FIELD,FTYPE) \ (offsetof(TYPE, FIELD) \ Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2009-11-16 09:30:30 UTC (rev 23235) +++ trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2009-11-16 16:48:37 UTC (rev 23236) @@ -1007,7 +1007,8 @@ return retval; } -static asn1_error_code asn1_peek_authdata_elt(asn1buf *buf, krb5_authdatatype *val) +static asn1_error_code +asn1_peek_authdata_elt(asn1buf *buf, krb5_authdatatype *val) { setup(); *val = 0; @@ -1020,8 +1021,9 @@ return retval; } -asn1_error_code asn1_peek_authorization_data -(asn1buf *buf, unsigned int *num, krb5_authdatatype **val) +asn1_error_code +asn1_peek_authorization_data(asn1buf *buf, unsigned int *num, + krb5_authdatatype **val) { int size = 0; krb5_authdatatype *array = NULL, *new_array; @@ -1868,14 +1870,14 @@ return retval; } -static asn1_error_code asn1_decode_sequence_of_princ_plus_realm -(asn1buf *buf, krb5_principal **val) +static asn1_error_code +asn1_decode_sequence_of_princ_plus_realm(asn1buf *buf, krb5_principal **val) { decode_array_body(krb5_principal_data,asn1_decode_princ_plus_realm,krb5_free_principal); } -asn1_error_code asn1_decode_ad_signedpath -(asn1buf *buf, krb5_ad_signedpath *val) +asn1_error_code +asn1_decode_ad_signedpath(asn1buf *buf, krb5_ad_signedpath *val) { setup(); val->enctype = ENCTYPE_NULL; @@ -1926,7 +1928,8 @@ return retval; } -asn1_error_code asn1_decode_external_principal_identifier_ptr( +asn1_error_code +asn1_decode_external_principal_identifier_ptr( asn1buf *buf, krb5_external_principal_identifier **valptr) { Modified: trunk/src/lib/krb5/asn.1/asn1_k_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2009-11-16 09:30:30 UTC (rev 23235) +++ trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2009-11-16 16:48:37 UTC (rev 23236) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_k_encode.c * @@ -30,43 +30,47 @@ #include "asn1_encode.h" #include -/* helper macros +/* + * helper macros + * + * These are mostly only needed for PKINIT, but there are three + * basic-krb5 encoders not converted yet. + */ - These are mostly only needed for PKINIT, but there are three - basic-krb5 encoders not converted yet. */ +/* + * setup() -- create and initialize bookkeeping variables + * retval: stores error codes returned from subroutines + * length: length of the most-recently produced encoding + * sum: cumulative length of the entire encoding + */ +#define asn1_setup() \ + asn1_error_code retval; \ + unsigned int sum=0 -/* setup() -- create and initialize bookkeeping variables - retval: stores error codes returned from subroutines - length: length of the most-recently produced encoding - sum: cumulative length of the entire encoding */ -#define asn1_setup()\ - asn1_error_code retval;\ - unsigned int sum=0 - /* form a sequence (by adding a sequence header to the current encoding) */ -#define asn1_makeseq()\ -{ unsigned int length;\ - retval = asn1_make_sequence(buf,sum,&length);\ - if (retval) {\ - return retval; }\ - sum += length; } +#define asn1_makeseq() \ + { unsigned int length; \ + retval = asn1_make_sequence(buf,sum,&length); \ + if (retval) { \ + return retval; } \ + sum += length; } /* produce the final output and clean up the workspace */ -#define asn1_cleanup()\ - *retlen = sum;\ - return 0 +#define asn1_cleanup() \ + *retlen = sum; \ + return 0 /* asn1_addfield -- add a field, or component, to the encoding */ -#define asn1_addfield(value,tag,encoder)\ -{ unsigned int length; \ - retval = encoder(buf,value,&length); \ - if (retval) {\ - return retval; }\ - sum += length;\ - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if (retval) {\ - return retval; }\ - sum += length; } +#define asn1_addfield(value,tag,encoder) \ + { unsigned int length; \ + retval = encoder(buf,value,&length); \ + if (retval) { \ + return retval; } \ + sum += length; \ + retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length); \ + if (retval) { \ + return retval; } \ + sum += length; } DEFINTTYPE(int32, krb5_int32); DEFPTRTYPE(int32_ptr, int32); @@ -101,8 +105,10 @@ FIELDOF_NORM(krb5_principal_data, int32, type, 0), FIELDOF_SEQOF_INT32(krb5_principal_data, gstring_data_ptr, data, length, 1), }; -/* krb5_principal is a typedef for krb5_principal_data*, so this is - effectively "encode_principal_data_at" with an address arg. */ +/* + * krb5_principal is a typedef for krb5_principal_data*, so this is + * effectively "encode_principal_data_at" with an address arg. + */ DEFSEQTYPE(principal_data, krb5_principal_data, princname_fields, 0); DEFPTRTYPE(principal, principal_data); @@ -146,9 +152,11 @@ DEFSEQTYPE(encrypted_data, krb5_enc_data, encrypted_data_fields, optional_encrypted_data); -/* The encode_bitstring function wants an array of bytes (since PKINIT - may provide something that isn't 32 bits), but krb5_flags is stored - as a 32-bit integer in host order. */ +/* + * The encode_bitstring function wants an array of bytes (since PKINIT + * may provide something that isn't 32 bits), but krb5_flags is stored + * as a 32-bit integer in host order. + */ static asn1_error_code asn1_encode_krb5_flags_at(asn1buf *buf, const krb5_flags *val, unsigned int *retlen) @@ -271,10 +279,12 @@ DEFSEQTYPE(enc_kdc_rep_part, krb5_enc_kdc_rep_part, enc_kdc_rep_part_fields, optional_enc_kdc_rep_part); -/* Yuck! Eventually push this *up* above the encoder API and make the - rest of the library put the realm name in one consistent place. At - the same time, might as well add the msg-type field and encode both - AS-REQ and TGS-REQ through the same descriptor. */ +/* + * Yuck! Eventually push this *up* above the encoder API and make the + * rest of the library put the realm name in one consistent place. At + * the same time, might as well add the msg-type field and encode both + * AS-REQ and TGS-REQ through the same descriptor. + */ struct kdc_req_hack { krb5_kdc_req v; krb5_data *server_realm; @@ -1304,7 +1314,7 @@ DEFSEQTYPE( fast_response, krb5_fast_response, fast_response_fields, fast_response_optional); static const struct field_info fast_rep_fields[] = { - FIELDOF_ENCODEAS(krb5_enc_data, encrypted_data, 0), + FIELDOF_ENCODEAS(krb5_enc_data, encrypted_data, 0), }; DEFSEQTYPE(fast_rep, krb5_enc_data, fast_rep_fields, 0); @@ -1468,102 +1478,120 @@ * PKINIT */ -/* This code hasn't been converted to use the above framework yet, - because we currently have no test cases to validate the new - version. It *also* appears that some of the encodings may disagree - with the specifications, but that's a separate problem. */ +/* + * This code hasn't been converted to use the above framework yet, + * because we currently have no test cases to validate the new + * version. It *also* appears that some of the encodings may disagree + * with the specifications, but that's a separate problem. + */ /**** asn1 macros ****/ #if 0 - How to write an asn1 encoder function using these macros: +How to write an asn1 encoder function using these macros: - asn1_error_code asn1_encode_krb5_substructure(asn1buf *buf, - const krb5_type *val, - int *retlen) - { - asn1_setup(); +asn1_error_code asn1_encode_krb5_substructure(asn1buf *buf, + const krb5_type *val, + int *retlen) +{ + asn1_setup(); - asn1_addfield(val->last_field, n, asn1_type); - asn1_addfield(rep->next_to_last_field, n-1, asn1_type); - ... + asn1_addfield(val->last_field, n, asn1_type); + asn1_addfield(rep->next_to_last_field, n-1, asn1_type); + ... - /* for OPTIONAL fields */ - if (rep->field_i == should_not_be_omitted) - asn1_addfield(rep->field_i, i, asn1_type); + /* for OPTIONAL fields */ + if (rep->field_i == should_not_be_omitted) + asn1_addfield(rep->field_i, i, asn1_type); - /* for string fields (these encoders take an additional argument, - the length of the string) */ - addlenfield(rep->field_length, rep->field, i-1, asn1_type); + /* + * for string fields (these encoders take an additional argument, + * the length of the string) + */ + addlenfield(rep->field_length, rep->field, i-1, asn1_type); - /* if you really have to do things yourself... */ - retval = asn1_encode_asn1_type(buf,rep->field,&length); - if (retval) return retval; - sum += length; - retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, tag_number, length, - &length); - if (retval) return retval; - sum += length; + /* if you really have to do things yourself... */ + retval = asn1_encode_asn1_type(buf,rep->field,&length); + if (retval) return retval; + sum += length; + retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, tag_number, length, + &length); + if (retval) return retval; + sum += length; - ... - asn1_addfield(rep->second_field, 1, asn1_type); - asn1_addfield(rep->first_field, 0, asn1_type); - asn1_makeseq(); + ... + asn1_addfield(rep->second_field, 1, asn1_type); + asn1_addfield(rep->first_field, 0, asn1_type); + asn1_makeseq(); - asn1_cleanup(); - } + asn1_cleanup(); +} #endif /* asn1_addlenfield -- add a field whose length must be separately specified */ -#define asn1_addlenfield(len,value,tag,encoder)\ -{ unsigned int length; \ - retval = encoder(buf,len,value,&length); \ - if (retval) {\ - return retval; }\ - sum += length;\ - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if (retval) {\ - return retval; }\ - sum += length; } +#define asn1_addlenfield(len, value, tag, encoder) \ + { \ + unsigned int length; \ + retval = encoder(buf, len, value, &length); \ + if (retval) { \ + return retval; } \ + sum += length; \ + retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, \ + tag, length, &length); \ + if (retval) { \ + return retval; } \ + sum += length; \ + } -/* asn1_addfield_implicit -- add an implicitly tagged field, or component, to the encoding */ -#define asn1_addfield_implicit(value,tag,encoder)\ -{ unsigned int length;\ - retval = encoder(buf,value,&length);\ - if (retval) {\ - return retval; }\ - sum += length;\ - retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,length,&length); \ - if (retval) {\ - return retval; }\ - sum += length; } +/* + * asn1_addfield_implicit -- add an implicitly tagged field, or component, + * to the encoding + */ +#define asn1_addfield_implicit(value,tag,encoder) \ + { unsigned int length; \ + retval = encoder(buf,value,&length); \ + if (retval) { \ + return retval; } \ + sum += length; \ + retval = asn1_make_tag(buf, CONTEXT_SPECIFIC,PRIMITIVE, \ + tag, length, &length); \ + if (retval) { \ + return retval; } \ + sum += length; } -/* asn1_insert_implicit_octetstring -- add an octet string with implicit tagging */ -#define asn1_insert_implicit_octetstring(len,value,tag)\ -{ unsigned int length;\ - retval = asn1buf_insert_octetstring(buf,len,value);\ - if (retval) {\ - return retval; }\ - sum += len;\ - retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,len,&length); \ - if (retval) {\ - return retval; }\ - sum += length; } +/* + * asn1_insert_implicit_octetstring -- add an octet string with implicit + * tagging + */ +#define asn1_insert_implicit_octetstring(len,value,tag) \ + { unsigned int length; \ + retval = asn1buf_insert_octetstring(buf,len,value); \ + if (retval) { \ + return retval; } \ + sum += len; \ + retval = asn1_make_tag(buf, CONTEXT_SPECIFIC, PRIMITIVE, \ + tag, len, &length); \ + if (retval) { \ + return retval; } \ + sum += length; } /* asn1_insert_implicit_bitstring -- add a bitstring with implicit tagging */ /* needs "length" declared in enclosing context */ -#define asn1_insert_implicit_bitstring(len,value,tag)\ -{ retval = asn1buf_insert_octetstring(buf,len,value); \ - if (retval) {\ - return retval; }\ - sum += len;\ - retval = asn1buf_insert_octet(buf, 0);\ - if (retval) {\ - return retval; }\ - sum++;\ - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,tag,len+1,&length); \ - if (retval) {\ - return retval; }\ - sum += length; } +#define asn1_insert_implicit_bitstring(len, value, tag) \ + { \ + retval = asn1buf_insert_octetstring(buf, len, value); \ + if (retval) { \ + return retval; } \ + sum += len; \ + retval = asn1buf_insert_octet(buf, 0); \ + if (retval) { \ + return retval; } \ + sum++; \ + retval = asn1_make_tag(buf, UNIVERSAL, PRIMITIVE, \ + tag, len + 1, &length); \ + if (retval) { \ + return retval; } \ + sum += length; \ + } #ifndef DISABLE_PKINIT Modified: trunk/src/lib/krb5/asn.1/asn1_make.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_make.h 2009-11-16 09:30:30 UTC (rev 23235) +++ trunk/src/lib/krb5/asn.1/asn1_make.h 2009-11-16 16:48:37 UTC (rev 23236) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_make.h * @@ -33,70 +33,80 @@ #include "asn1buf.h" /* - Overview + * Overview + * + * Each of these procedures constructs a subpart of an ASN.1 + * primitive in a coding buffer. + * + * Operations + * + * asn1_make_etag + * asn1_make_sequence + * asn1_make_set + * asn1_make_tag + * asn1_make_string + */ - Each of these procedures constructs a subpart of an ASN.1 - primitive in a coding buffer. - - Operations - - asn1_make_etag - asn1_make_sequence - asn1_make_set - asn1_make_tag - asn1_make_string -*/ - asn1_error_code asn1_make_etag(asn1buf *buf, asn1_class asn1class, asn1_tagnum tagnum, unsigned int in_len, unsigned int *retlen); -/* requires *buf is allocated, in_len is the length of an ASN.1 encoding - which has just been inserted in *buf - modifies *buf, *retlen - effects Inserts an explicit tag with class = asn1class, id# = tag - length = in_len into *buf. - Returns the length of this encoding in *retlen. - Returns ENOMEM if memory runs out. */ +/* + * requires *buf is allocated, in_len is the length of an ASN.1 encoding + * which has just been inserted in *buf + * modifies *buf, *retlen + * effects Inserts an explicit tag with class = asn1class, id# = tag + * length = in_len into *buf. + * Returns the length of this encoding in *retlen. + * Returns ENOMEM if memory runs out. + */ asn1_error_code asn1_make_tag(asn1buf *buf, asn1_class asn1class, asn1_construction construction, asn1_tagnum tagnum, unsigned int in_len, unsigned int *retlen); -/* requires *buf is allocated, in_len is the length of an ASN.1 encoding - which has just been inserted in *buf - modifies *buf, *retlen - effects Inserts the encoding of a tag with class = asn1class, - primitive/constructed staus = construction, - id# = tag and length = in_len into *buf. - Returns the length of this encoding in *retlen. - Returns ENOMEM if memory runs out. - Returns ASN1_OVERFLOW if tagnum exceeds the limits of - the implementation. */ +/* + * requires *buf is allocated, in_len is the length of an ASN.1 encoding + * which has just been inserted in *buf + * modifies *buf, *retlen + * effects Inserts the encoding of a tag with class = asn1class, + * primitive/constructed staus = construction, + * id# = tag and length = in_len into *buf. + * Returns the length of this encoding in *retlen. + * Returns ENOMEM if memory runs out. + * Returns ASN1_OVERFLOW if tagnum exceeds the limits of + * the implementation. + */ asn1_error_code asn1_make_sequence(asn1buf *buf, const unsigned int seq_len, unsigned int *len); -/* requires *buf is allocated, seq_len is the length of a series of - sequence components which have just been inserted in *buf - modifies *buf, *retlen - effects Inserts the sequence header for a sequence of length seq_len - in *buf. Returns the length of this encoding in *retlen. - Returns ENOMEM if memory runs out. */ +/* + * requires *buf is allocated, seq_len is the length of a series of + * sequence components which have just been inserted in *buf + * modifies *buf, *retlen + * effects Inserts the sequence header for a sequence of length seq_len + * in *buf. Returns the length of this encoding in *retlen. + * Returns ENOMEM if memory runs out. + */ asn1_error_code asn1_make_set(asn1buf *buf, const unsigned int set_len, unsigned int *retlen); -/* requires *buf is allocated, seq_len is the length of a series of - sequence components which have just been inserted in *buf - modifies *buf, *retlen - effects Inserts the set header for a set of length set_len in *buf. - Returns the length of this encoding in *retlen. - Returns ENOMEM if memory runs out. */ +/* + * requires *buf is allocated, seq_len is the length of a series of + * sequence components which have just been inserted in *buf + * modifies *buf, *retlen + * effects Inserts the set header for a set of length set_len in *buf. + * Returns the length of this encoding in *retlen. + * Returns ENOMEM if memory runs out. + */ asn1_error_code asn1_make_string(asn1buf *buf, const unsigned int len, const char *string, int *retlen); -/* requires *buf is allocated, len is the length of *string - effects Inserts the encoding of *string (a series of octets) in *buf. - Returns the length of this encoding in *retlen. - Returns ENOMEM if memory runs out. */ +/* + * requires *buf is allocated, len is the length of *string + * effects Inserts the encoding of *string (a series of octets) in *buf. + * Returns the length of this encoding in *retlen. + * Returns ENOMEM if memory runs out. + */ /****************************************************************/ @@ -105,19 +115,23 @@ /* "helper" procedure for asn1_make_tag */ asn1_error_code asn1_make_length(asn1buf *buf, const unsigned int in_len, unsigned int *retlen); -/* requires *buf is allocated, in_len is the length of an ASN.1 encoding - which has just been inserted in *buf - modifies *buf, *retlen - effects inserts length octet(s) for in_len into *buf */ +/* + * requires *buf is allocated, in_len is the length of an ASN.1 encoding + * which has just been inserted in *buf + * modifies *buf, *retlen + * effects inserts length octet(s) for in_len into *buf + */ /* "helper" procedure for asn1_make_tag */ asn1_error_code asn1_make_id(asn1buf *buf, asn1_class asn1class, asn1_construction construction, asn1_tagnum tagnum, unsigned int *retlen); -/* requires *buf is allocated, asn1class and tagnum are appropriate for - the ASN.1 encoding which has just been inserted in *buf - modifies *buf, *retlen - effects Inserts id octet(s) of class asn1class and tag number tagnum - into *buf */ +/* + * requires *buf is allocated, asn1class and tagnum are appropriate for + * the ASN.1 encoding which has just been inserted in *buf + * modifies *buf, *retlen + * effects Inserts id octet(s) of class asn1class and tag number tagnum + * into *buf + */ #endif Modified: trunk/src/lib/krb5/asn.1/asn1buf.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1buf.c 2009-11-16 09:30:30 UTC (rev 23235) +++ trunk/src/lib/krb5/asn.1/asn1buf.c 2009-11-16 16:48:37 UTC (rev 23236) @@ -78,7 +78,8 @@ #define asn1_is_eoc(class, num, indef) \ ((class) == UNIVERSAL && !(num) && !(indef)) -asn1_error_code asn1buf_create(asn1buf **buf) +asn1_error_code +asn1buf_create(asn1buf **buf) { *buf = (asn1buf*)malloc(sizeof(asn1buf)); if (*buf == NULL) return ENOMEM; @@ -88,7 +89,8 @@ return 0; } -asn1_error_code asn1buf_wrap_data(asn1buf *buf, const krb5_data *code) +asn1_error_code +asn1buf_wrap_data(asn1buf *buf, const krb5_data *code) { if (code == NULL || code->data == NULL) return ASN1_MISSING_FIELD; buf->next = buf->base = code->data; @@ -96,7 +98,8 @@ return 0; } -asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) +asn1_error_code +asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigned int length, const int indef) { if (buf->next > buf->bound + 1) return ASN1_OVERRUN; subbuf->base = subbuf->next = buf->next; @@ -108,9 +111,10 @@ return 0; } -asn1_error_code asn1buf_sync(asn1buf *buf, asn1buf *subbuf, - asn1_class asn1class, asn1_tagnum lasttag, - unsigned int length, int indef, int seqindef) +asn1_error_code +asn1buf_sync(asn1buf *buf, asn1buf *subbuf, + asn1_class asn1class, asn1_tagnum lasttag, + unsigned int length, int indef, int seqindef) { asn1_error_code retval; @@ -128,7 +132,8 @@ return 0; } -asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, const int indef) +asn1_error_code +asn1buf_skiptail(asn1buf *buf, const unsigned int length, const int indef) { asn1_error_code retval; taginfo t; @@ -160,7 +165,8 @@ return 0; } -void asn1buf_destroy(asn1buf **buf) +void +asn1buf_destroy(asn1buf **buf) { if (*buf != NULL) { free((*buf)->base); @@ -172,7 +178,8 @@ #ifdef asn1buf_insert_octet #undef asn1buf_insert_octet #endif -asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o) +asn1_error_code +asn1buf_insert_octet(asn1buf *buf, const int o) { asn1_error_code retval; @@ -207,7 +214,8 @@ return 0; } -asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, asn1_octet **s) +asn1_error_code +asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, asn1_octet **s) { unsigned int i; @@ -226,7 +234,8 @@ return 0; } -asn1_error_code asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s) +asn1_error_code +asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s) { unsigned int i; @@ -244,7 +253,8 @@ return 0; } -int asn1buf_remains(asn1buf *buf, int indef) +int +asn1buf_remains(asn1buf *buf, int indef) { int remain; if (buf == NULL || buf->base == NULL) return 0; @@ -258,7 +268,8 @@ else return remain; } -asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code) +asn1_error_code +asn12krb5_buf(const asn1buf *buf, krb5_data **code) { unsigned int i; krb5_data *d; @@ -290,7 +301,8 @@ * version. */ -asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s) +asn1_error_code +asn1buf_unparse(const asn1buf *buf, char **s) { free(*s); if (buf == NULL) { @@ -312,7 +324,8 @@ return 0; } -asn1_error_code asn1buf_hex_unparse(const asn1buf *buf, char **s) +asn1_error_code +asn1buf_hex_unparse(const asn1buf *buf, char **s) { #define hexchar(d) ((d)<=9 ? ('0'+(d)) : \ ((d)<=15 ? ('A'+(d)-10) : \ @@ -345,21 +358,24 @@ /****************************************************************/ /* Private Procedures */ -static int asn1buf_size(const asn1buf *buf) +static int +asn1buf_size(const asn1buf *buf) { if (buf == NULL || buf->base == NULL) return 0; return buf->bound - buf->base + 1; } #undef asn1buf_free -unsigned int asn1buf_free(const asn1buf *buf) +unsigned int +asn1buf_free(const asn1buf *buf) { if (buf == NULL || buf->base == NULL) return 0; else return buf->bound - buf->next + 1; } #undef asn1buf_ensure_space -asn1_error_code asn1buf_ensure_space(asn1buf *buf, const unsigned int amount) +asn1_error_code +asn1buf_ensure_space(asn1buf *buf, const unsigned int amount) { unsigned int avail = asn1buf_free(buf); if (avail >= amount) @@ -367,7 +383,8 @@ return asn1buf_expand(buf, amount-avail); } -asn1_error_code asn1buf_expand(asn1buf *buf, unsigned int inc) +asn1_error_code +asn1buf_expand(asn1buf *buf, unsigned int inc) { #define STANDARD_INCREMENT 200 int next_offset = buf->next - buf->base; @@ -387,7 +404,8 @@ } #undef asn1buf_len -int asn1buf_len(const asn1buf *buf) +int +asn1buf_len(const asn1buf *buf) { return buf->next - buf->base; } Modified: trunk/src/lib/krb5/asn.1/asn1buf.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1buf.h 2009-11-16 09:30:30 UTC (rev 23235) +++ trunk/src/lib/krb5/asn.1/asn1buf.h 2009-11-16 16:48:37 UTC (rev 23236) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* Coding Buffer Specifications */ #ifndef __ASN1BUF_H__ #define __ASN1BUF_H__ @@ -7,137 +7,146 @@ #include "krbasn1.h" typedef struct code_buffer_rep { - char *base, *bound, *next; + char *base, *bound, *next; } asn1buf; /**************** Private Procedures ****************/ #if (__GNUC__ >= 2) && !defined(CONFIG_SMALL) -unsigned int asn1buf_free - (const asn1buf *buf); -/* requires *buf is allocated - effects Returns the number of unused, allocated octets in *buf. */ -#define asn1buf_free(buf) \ - (((buf) == NULL || (buf)->base == NULL) \ - ? 0U \ - : (unsigned int)((buf)->bound - (buf)->next + 1)) +unsigned int asn1buf_free(const asn1buf *buf); +/* + * requires *buf is allocated + * effects Returns the number of unused, allocated octets in *buf. + */ +#define asn1buf_free(buf) \ + (((buf) == NULL || (buf)->base == NULL) \ + ? 0U \ + : (unsigned int)((buf)->bound - (buf)->next + 1)) -asn1_error_code asn1buf_ensure_space - (asn1buf *buf, const unsigned int amount); -/* requires *buf is allocated - modifies *buf - effects If buf has less than amount octets of free space, then it is - expanded to have at least amount octets of free space. - Returns ENOMEM memory is exhausted. */ -#define asn1buf_ensure_space(buf,amount) \ - ((asn1buf_free(buf) < (amount)) \ - ? (asn1buf_expand((buf), (amount)-asn1buf_free(buf))) \ - : 0) +asn1_error_code asn1buf_ensure_space(asn1buf *buf, const unsigned int amount); +/* + * requires *buf is allocated + * modifies *buf + * effects If buf has less than amount octets of free space, then it is + * expanded to have at least amount octets of free space. + * Returns ENOMEM memory is exhausted. + */ +#define asn1buf_ensure_space(buf,amount) \ + ((asn1buf_free(buf) < (amount)) \ + ? (asn1buf_expand((buf), (amount)-asn1buf_free(buf))) \ + : 0) -asn1_error_code asn1buf_expand - (asn1buf *buf, unsigned int inc); -/* requires *buf is allocated - modifies *buf - effects Expands *buf by allocating space for inc more octets. - Returns ENOMEM if memory is exhausted. */ +asn1_error_code asn1buf_expand(asn1buf *buf, unsigned int inc); +/* + * requires *buf is allocated + * modifies *buf + * effects Expands *buf by allocating space for inc more octets. + * Returns ENOMEM if memory is exhausted. + */ #endif -int asn1buf_len - (const asn1buf *buf); -/* requires *buf is allocated - effects Returns the length of the encoding in *buf. */ +int asn1buf_len(const asn1buf *buf); +/* + * requires *buf is allocated + * effects Returns the length of the encoding in *buf. + */ #define asn1buf_len(buf) ((buf)->next - (buf)->base) /****** End of private procedures *****/ /* - Overview + * Overview + * + * The coding buffer is an array of char (to match a krb5_data structure) + * with 3 reference pointers: + * 1) base - The bottom of the octet array. Used for memory management + * operations on the array (e.g. alloc, realloc, free). + * 2) next - Points to the next available octet position in the array. + * During encoding, this is the next free position, and it + * advances as octets are added to the array. + * During decoding, this is the next unread position, and it + * advances as octets are read from the array. + * 3) bound - Points to the top of the array. Used for bounds-checking. + * + * All pointers to encoding buffers should be initalized to NULL. + * + * Operations + * + * asn1buf_create + * asn1buf_wrap_data + * asn1buf_destroy + * asn1buf_insert_octet + * asn1buf_insert_charstring + * asn1buf_remove_octet + * asn1buf_remove_charstring + * asn1buf_unparse + * asn1buf_hex_unparse + * asn12krb5_buf + * asn1buf_remains + * + * (asn1buf_size) + * (asn1buf_free) + * (asn1buf_ensure_space) + * (asn1buf_expand) + * (asn1buf_len) + */ - The coding buffer is an array of char (to match a krb5_data structure) - with 3 reference pointers: - 1) base - The bottom of the octet array. Used for memory management - operations on the array (e.g. alloc, realloc, free). - 2) next - Points to the next available octet position in the array. - During encoding, this is the next free position, and it - advances as octets are added to the array. - During decoding, this is the next unread position, and it - advances as octets are read from the array. - 3) bound - Points to the top of the array. Used for bounds-checking. +asn1_error_code asn1buf_create(asn1buf **buf); +/* + * effects Creates a new encoding buffer pointed to by *buf. + * Returns ENOMEM if the buffer can't be created. + */ - All pointers to encoding buffers should be initalized to NULL. +asn1_error_code asn1buf_wrap_data(asn1buf *buf, const krb5_data *code); +/* + * requires *buf has already been allocated + * effects Turns *buf into a "wrapper" for *code. i.e. *buf is set up + * such that its bottom is the beginning of *code, and its top + * is the top of *code. + * Returns ASN1_MISSING_FIELD if code is empty. + */ - Operations +asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, + const unsigned int length, + const int indef); +/* + * requires *subbuf and *buf are allocated + * effects *subbuf becomes a sub-buffer of *buf. *subbuf begins + * at *buf's current position and is length octets long. + * (Unless this would exceed the bounds of *buf -- in + * that case, ASN1_OVERRUN is returned) *subbuf's current + * position starts at the beginning of *subbuf. + */ - asn1buf_create - asn1buf_wrap_data - asn1buf_destroy - asn1buf_insert_octet - asn1buf_insert_charstring - asn1buf_remove_octet - asn1buf_remove_charstring - asn1buf_unparse - asn1buf_hex_unparse - asn12krb5_buf - asn1buf_remains +asn1_error_code asn1buf_sync(asn1buf *buf, asn1buf *subbuf, asn1_class Class, + asn1_tagnum lasttag, + unsigned int length, int indef, + int seqindef); +/* + * requires *subbuf is a sub-buffer of *buf, as created by asn1buf_imbed. + * lasttag is the last tagnumber read. + * effects Synchronizes *buf's current position to match that of *subbuf. + */ - (asn1buf_size) - (asn1buf_free) - (asn1buf_ensure_space) - (asn1buf_expand) - (asn1buf_len) -*/ +asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, + const int indef); +/* + * requires *buf is a subbuffer used in a decoding of a + * constructed indefinite sequence. + * effects skips trailing fields. + */ -asn1_error_code asn1buf_create - (asn1buf **buf); -/* effects Creates a new encoding buffer pointed to by *buf. - Returns ENOMEM if the buffer can't be created. */ - -asn1_error_code asn1buf_wrap_data - (asn1buf *buf, const krb5_data *code); -/* requires *buf has already been allocated - effects Turns *buf into a "wrapper" for *code. i.e. *buf is set up - such that its bottom is the beginning of *code, and its top - is the top of *code. - Returns ASN1_MISSING_FIELD if code is empty. */ - -asn1_error_code asn1buf_imbed - (asn1buf *subbuf, const asn1buf *buf, - const unsigned int length, - const int indef); -/* requires *subbuf and *buf are allocated - effects *subbuf becomes a sub-buffer of *buf. *subbuf begins - at *buf's current position and is length octets long. - (Unless this would exceed the bounds of *buf -- in - that case, ASN1_OVERRUN is returned) *subbuf's current - position starts at the beginning of *subbuf. */ - -asn1_error_code asn1buf_sync - (asn1buf *buf, asn1buf *subbuf, asn1_class Class, - asn1_tagnum lasttag, - unsigned int length, int indef, - int seqindef); -/* requires *subbuf is a sub-buffer of *buf, as created by asn1buf_imbed. - lasttag is the last tagnumber read. - effects Synchronizes *buf's current position to match that of *subbuf. */ - -asn1_error_code asn1buf_skiptail - (asn1buf *buf, const unsigned int length, - const int indef); -/* requires *buf is a subbuffer used in a decoding of a - constructed indefinite sequence. - effects skips trailing fields. */ - -void asn1buf_destroy - (asn1buf **buf); +void asn1buf_destroy(asn1buf **buf); /* effects Deallocates **buf, sets *buf to NULL. */ -asn1_error_code asn1buf_insert_octet - (asn1buf *buf, const int o); -/* requires *buf is allocated - effects Inserts o into the buffer *buf, expanding the buffer if - necessary. Returns ENOMEM memory is exhausted. */ +asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o); +/* + * requires *buf is allocated + * effects Inserts o into the buffer *buf, expanding the buffer if + * necessary. Returns ENOMEM memory is exhausted. + */ #if ((__GNUC__ >= 2) && !defined(ASN1BUF_OMIT_INLINE_FUNCS)) && !defined(CONFIG_SMALL) extern __inline__ asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o) { @@ -151,68 +160,83 @@ } #endif -asn1_error_code asn1buf_insert_bytestring - (asn1buf *buf, const unsigned int len, const void *s); -/* requires *buf is allocated - modifies *buf - effects Inserts the contents of s (an array of length len) - into the buffer *buf, expanding the buffer if necessary. - Returns ENOMEM if memory is exhausted. */ +asn1_error_code +asn1buf_insert_bytestring( + asn1buf *buf, + const unsigned int len, + const void *s); +/* + * requires *buf is allocated + * modifies *buf + * effects Inserts the contents of s (an array of length len) + * into the buffer *buf, expanding the buffer if necessary. + * Returns ENOMEM if memory is exhausted. + */ #define asn1buf_insert_octetstring asn1buf_insert_bytestring #define asn1buf_insert_charstring asn1buf_insert_bytestring -asn1_error_code asn1buf_remove_octet - (asn1buf *buf, asn1_octet *o); -/* requires *buf is allocated - effects Returns *buf's current octet in *o and advances to - the next octet. - Returns ASN1_OVERRUN if *buf has already been exhausted. */ -#define asn1buf_remove_octet(buf,o) \ - (((buf)->next > (buf)->bound) \ - ? ASN1_OVERRUN \ - : ((*(o) = (asn1_octet)(*(((buf)->next)++))),0)) +asn1_error_code asn1buf_remove_octet(asn1buf *buf, asn1_octet *o); +/* + * requires *buf is allocated + * effects Returns *buf's current octet in *o and advances to + * the next octet. + * Returns ASN1_OVERRUN if *buf has already been exhausted. + */ +#define asn1buf_remove_octet(buf,o) \ + (((buf)->next > (buf)->bound) \ + ? ASN1_OVERRUN \ + : ((*(o) = (asn1_octet)(*(((buf)->next)++))),0)) -asn1_error_code asn1buf_remove_octetstring - (asn1buf *buf, const unsigned int len, asn1_octet **s); -/* requires *buf is allocated - effects Removes the next len octets of *buf and returns them in **s. - Returns ASN1_OVERRUN if there are fewer than len unread octets - left in *buf. - Returns ENOMEM if *s could not be allocated. */ +asn1_error_code +asn1buf_remove_octetstring( + asn1buf *buf, + const unsigned int len, + asn1_octet **s); +/* + * requires *buf is allocated + * effects Removes the next len octets of *buf and returns them in **s. + * Returns ASN1_OVERRUN if there are fewer than len unread octets + * left in *buf. + * Returns ENOMEM if *s could not be allocated. + */ -asn1_error_code asn1buf_remove_charstring - (asn1buf *buf, const unsigned int len, - char **s); -/* requires *buf is allocated - effects Removes the next len octets of *buf and returns them in **s. - Returns ASN1_OVERRUN if there are fewer than len unread octets - left in *buf. - Returns ENOMEM if *s could not be allocated. */ +asn1_error_code +asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s); +/* + * requires *buf is allocated + * effects Removes the next len octets of *buf and returns them in **s. + * Returns ASN1_OVERRUN if there are fewer than len unread octets + * left in *buf. + * Returns ENOMEM if *s could not be allocated. + */ -asn1_error_code asn1buf_unparse - (const asn1buf *buf, char **s); -/* modifies *s - effects Returns a human-readable representation of *buf in *s, - where each octet in *buf is represented by a character in *s. */ +asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s); +/* + * modifies *s + * effects Returns a human-readable representation of *buf in *s, + * where each octet in *buf is represented by a character in *s. + */ -asn1_error_code asn1buf_hex_unparse - (const asn1buf *buf, char **s); -/* modifies *s - effects Returns a human-readable representation of *buf in *s, - where each octet in *buf is represented by a 2-digit - hexadecimal number in *s. */ +asn1_error_code asn1buf_hex_unparse(const asn1buf *buf, char **s); +/* + * modifies *s + * effects Returns a human-readable representation of *buf in *s, + * where each octet in *buf is represented by a 2-digit + * hexadecimal number in *s. + */ -asn1_error_code asn12krb5_buf - (const asn1buf *buf, krb5_data **code); -/* modifies *code - effects Instantiates **code with the krb5_data representation of **buf. */ +asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code); +/* + * modifies *code + * effects Instantiates **code with the krb5_data representation of **buf. + */ +int asn1buf_remains(asn1buf *buf, int indef); +/* + * requires *buf is a buffer containing an asn.1 structure or array + * modifies *buf + * effects Returns the number of unprocessed octets remaining in *buf. + */ -int asn1buf_remains - (asn1buf *buf, int indef); -/* requires *buf is a buffer containing an asn.1 structure or array - modifies *buf - effects Returns the number of unprocessed octets remaining in *buf. */ - #endif Modified: trunk/src/lib/krb5/asn.1/krb5_decode.c =================================================================== --- trunk/src/lib/krb5/asn.1/krb5_decode.c 2009-11-16 09:30:30 UTC (rev 23235) +++ trunk/src/lib/krb5/asn.1/krb5_decode.c 2009-11-16 16:48:37 UTC (rev 23236) @@ -1,4 +1,4 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/krb5_decode.c * @@ -33,77 +33,79 @@ /* setup *********************************************************/ /* set up variables */ -/* the setup* macros can return, but are always used at function start - and thus need no malloc cleanup */ -#define setup_buf_only(type)\ -asn1_error_code retval;\ -asn1buf buf;\ -type rep = NULL;\ -\ -*repptr = NULL;\ -retval = asn1buf_wrap_data(&buf,code);\ -if (retval) return retval +/* + * the setup* macros can return, but are always used at function start + * and thus need no malloc cleanup + */ +#define setup_buf_only(type) \ + asn1_error_code retval; \ + asn1buf buf; \ + type rep = NULL; \ + \ + *repptr = NULL; \ + retval = asn1buf_wrap_data(&buf,code); \ + if (retval) return retval -#define setup_no_tagnum(type)\ -asn1_class asn1class;\ -asn1_construction construction;\ -setup_buf_only(type) +#define setup_no_tagnum(type) \ + asn1_class asn1class; \ + asn1_construction construction; \ + setup_buf_only(type) -#define setup_no_length(type)\ -asn1_tagnum tagnum;\ -setup_no_tagnum(type) +#define setup_no_length(type) \ + asn1_tagnum tagnum; \ + setup_no_tagnum(type) -#define setup(type)\ -unsigned int length;\ -setup_no_length(type) +#define setup(type) \ + unsigned int length; \ + setup_no_length(type) /* helper macros for cleanup */ #define clean_return(val) { retval = val; goto error_out; } /* alloc_field is the first thing to allocate storage that may need cleanup */ -#define alloc_field(var)\ -var = calloc(1,sizeof(*var));\ -if ((var) == NULL) clean_return(ENOMEM) +#define alloc_field(var) \ + var = calloc(1,sizeof(*var)); \ + if ((var) == NULL) clean_return(ENOMEM) /* * Allocate a principal and initialize enough fields for * krb5_free_principal to have defined behavior. */ #define alloc_principal(var) \ - alloc_field(var); \ - var->realm.data = NULL; \ - var->data = NULL + alloc_field(var); \ + var->realm.data = NULL; \ + var->data = NULL /* process encoding header ***************************************/ /* decode tag and check that it == [APPLICATION tagnum] */ #define check_apptag(tagexpect) \ -{ \ - taginfo t1; \ - retval = asn1_get_tag_2(&buf, &t1); \ - if (retval) clean_return (retval); \ - if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - if (t1.tagnum != (tagexpect)) clean_return(KRB5_BADMSGTYPE); \ - asn1class = t1.asn1class; \ - construction = t1.construction; \ - tagnum = t1.tagnum; \ -} + { \ + taginfo t1; \ + retval = asn1_get_tag_2(&buf, &t1); \ + if (retval) clean_return (retval); \ + if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED) \ + clean_return(ASN1_BAD_ID); \ + if (t1.tagnum != (tagexpect)) clean_return(KRB5_BADMSGTYPE); \ + asn1class = t1.asn1class; \ + construction = t1.construction; \ + tagnum = t1.tagnum; \ + } /* process a structure *******************************************/ /* decode an explicit tag and place the number in tagnum */ -#define next_tag_from_buf(buf) \ -{ taginfo t2; \ - retval = asn1_get_tag_2(&(buf), &t2); \ - if (retval) clean_return(retval); \ - asn1class = t2.asn1class; \ - construction = t2.construction; \ - tagnum = t2.tagnum; \ - indef = t2.indef; \ - taglen = t2.length; \ -} +#define next_tag_from_buf(buf) \ + { taginfo t2; \ + retval = asn1_get_tag_2(&(buf), &t2); \ + if (retval) clean_return(retval); \ + asn1class = t2.asn1class; \ + construction = t2.construction; \ + tagnum = t2.tagnum; \ + indef = t2.indef; \ + taglen = t2.length; \ + } #define next_tag() next_tag_from_buf(subbuf) @@ -121,35 +123,36 @@ return 0; } -#define get_eoc() \ -{ \ - retval = asn1_get_eoc_tag(&subbuf); \ - if (retval) clean_return(retval); \ -} +#define get_eoc() \ + { \ + retval = asn1_get_eoc_tag(&subbuf); \ + if (retval) clean_return(retval); \ + } /* decode sequence header and initialize tagnum with the first field */ -#define begin_structure()\ -unsigned int taglen;\ -asn1buf subbuf;\ -int seqindef;\ -int indef;\ -retval = asn1_get_sequence(&buf,&length,&seqindef);\ -if (retval) clean_return(retval);\ -retval = asn1buf_imbed(&subbuf,&buf,length,seqindef);\ -if (retval) clean_return(retval);\ -next_tag() +#define begin_structure() \ + unsigned int taglen; \ + asn1buf subbuf; \ + int seqindef; \ + int indef; \ + retval = asn1_get_sequence(&buf,&length,&seqindef); \ + if (retval) clean_return(retval); \ + retval = asn1buf_imbed(&subbuf,&buf,length,seqindef); \ + if (retval) clean_return(retval); \ + next_tag() -#define end_structure()\ -retval = asn1buf_sync(&buf,&subbuf,asn1class,tagnum,length,indef,seqindef);\ -if (retval) clean_return(retval) +#define end_structure() \ + retval = asn1buf_sync(&buf,&subbuf,asn1class, \ + tagnum,length,indef,seqindef); \ + if (retval) clean_return(retval) /* process fields *******************************************/ /* normal fields ************************/ -#define get_field_body(var,decoder)\ -retval = decoder(&subbuf,&(var));\ -if (retval) clean_return(retval);\ -if (indef) { get_eoc(); }\ -next_tag() +#define get_field_body(var,decoder) \ + retval = decoder(&subbuf,&(var)); \ + if (retval) clean_return(retval); \ + if (indef) { get_eoc(); } \ + next_tag() /* * error_if_bad_tag @@ -157,74 +160,76 @@ * Checks that the next tag is the expected one; returns with an error * if not. */ -#define error_if_bad_tag(tagexpect) \ - if (tagnum != (tagexpect)) { clean_return ((tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD); } +#define error_if_bad_tag(tagexpect) \ + if (tagnum != (tagexpect)) { clean_return ((tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD); } -/* decode a field (<[UNIVERSAL id]> ) - check that the id number == tagexpect then - decode into var - get the next tag */ -#define get_field(var,tagexpect,decoder)\ -error_if_bad_tag(tagexpect);\ -if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\ - clean_return(ASN1_BAD_ID);\ -get_field_body(var,decoder) +/* + * decode a field (<[UNIVERSAL id]> ) + * check that the id number == tagexpect then + * decode into var + * get the next tag + */ +#define get_field(var,tagexpect,decoder) \ + error_if_bad_tag(tagexpect); \ + if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + clean_return(ASN1_BAD_ID); \ + get_field_body(var,decoder) /* decode (or skip, if not present) an optional field */ #define opt_field(var,tagexpect,decoder) \ - if (asn1buf_remains(&subbuf, seqindef)) { \ - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - if (tagnum == (tagexpect)) { \ - get_field_body(var,decoder); \ - } \ - } + if (asn1buf_remains(&subbuf, seqindef)) { \ + if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + clean_return(ASN1_BAD_ID); \ + if (tagnum == (tagexpect)) { \ + get_field_body(var,decoder); \ + } \ + } /* field w/ accompanying length *********/ -#define get_lenfield_body(len,var,decoder)\ -retval = decoder(&subbuf,&(len),&(var));\ -if (retval) clean_return(retval);\ -if (indef) { get_eoc(); }\ -next_tag() +#define get_lenfield_body(len,var,decoder) \ + retval = decoder(&subbuf,&(len),&(var)); \ + if (retval) clean_return(retval); \ + if (indef) { get_eoc(); } \ + next_tag() /* decode a field w/ its length (for string types) */ -#define get_lenfield(len,var,tagexpect,decoder)\ -error_if_bad_tag(tagexpect);\ -if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\ - clean_return(ASN1_BAD_ID);\ -get_lenfield_body(len,var,decoder) +#define get_lenfield(len,var,tagexpect,decoder) \ + error_if_bad_tag(tagexpect); \ + if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + clean_return(ASN1_BAD_ID); \ + get_lenfield_body(len,var,decoder) /* decode an optional field w/ length */ #define opt_lenfield(len,var,tagexpect,decoder) \ - if (asn1buf_remains(&subbuf, seqindef)) { \ - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - if (tagnum == (tagexpect)) { \ - get_lenfield_body(len,var,decoder); \ - } \ - } + if (asn1buf_remains(&subbuf, seqindef)) { \ + if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + clean_return(ASN1_BAD_ID); \ + if (tagnum == (tagexpect)) { \ + get_lenfield_body(len,var,decoder); \ + } \ + } /* clean up ******************************************************/ /* finish up */ /* to make things less painful, assume the cleanup is passed rep */ -#define cleanup(cleanup_routine)\ - *repptr = rep; \ - return 0; \ -error_out: \ - if (rep) \ - cleanup_routine(rep); \ - return retval; +#define cleanup(cleanup_routine) \ + *repptr = rep; \ + return 0; \ +error_out: \ +if (rep) \ + cleanup_routine(rep); \ +return retval; -#define cleanup_none()\ - *repptr = rep; \ - return 0; \ -error_out: \ - return retval; +#define cleanup_none() \ + *repptr = rep; \ + return 0; \ +error_out: \ +return retval; -#define cleanup_manual()\ - *repptr = rep; \ - return 0; +#define cleanup_manual() \ + *repptr = rep; \ + return 0; #define free_field(rep,f) free((rep)->f) #define clear_field(rep,f) (rep)->f = 0 @@ -264,8 +269,7 @@ } #endif -krb5_error_code -KRB5_CALLCONV +krb5_error_code KRB5_CALLCONV krb5_decode_ticket(const krb5_data *code, krb5_ticket **repptr) { return decode_krb5_ticket(code, repptr); @@ -1099,23 +1103,23 @@ krb5_error_code decode_krb5_pa_fx_fast_request (const krb5_data *code, krb5_fast_armored_req **repptr) { - setup(krb5_fast_armored_req *); - alloc_field(rep); - clear_field(rep, armor); - { - int indef; - unsigned int taglen; - next_tag_from_buf(buf); - if (tagnum != 0) - clean_return(ASN1_BAD_ID); - } - {begin_structure(); - opt_field(rep->armor, 0, asn1_decode_fast_armor_ptr); - get_field(rep->req_checksum, 1, asn1_decode_checksum); - get_field(rep->enc_part, 2, asn1_decode_encrypted_data); - end_structure();} - rep->magic = KV5M_FAST_ARMORED_REQ; - cleanup(free); + setup(krb5_fast_armored_req *); + alloc_field(rep); + clear_field(rep, armor); + { + int indef; + unsigned int taglen; + next_tag_from_buf(buf); + if (tagnum != 0) + clean_return(ASN1_BAD_ID); + } + {begin_structure(); + opt_field(rep->armor, 0, asn1_decode_fast_armor_ptr); + get_field(rep->req_checksum, 1, asn1_decode_checksum); + get_field(rep->enc_part, 2, asn1_decode_encrypted_data); + end_structure();} + rep->magic = KV5M_FAST_ARMORED_REQ; + cleanup(free); } krb5_error_code decode_krb5_fast_req @@ -1126,13 +1130,13 @@ alloc_field(rep->req_body); clear_field(rep, req_body->padata); {begin_structure(); - get_field(rep->fast_options, 0, asn1_decode_krb5_flags); - opt_field(rep->req_body->padata, 1, asn1_decode_sequence_of_pa_data); - get_field(*(rep->req_body), 2, asn1_decode_kdc_req_body); - end_structure(); } + get_field(rep->fast_options, 0, asn1_decode_krb5_flags); + opt_field(rep->req_body->padata, 1, asn1_decode_sequence_of_pa_data); + get_field(*(rep->req_body), 2, asn1_decode_kdc_req_body); + end_structure(); } rep->magic = KV5M_FAST_REQ; cleanup_manual(); - error_out: +error_out: if (rep) { if (rep->req_body) krb5_free_kdc_req(0, rep->req_body); @@ -1151,10 +1155,10 @@ clear_field(rep, padata); clear_field(rep,strengthen_key); {begin_structure(); - get_field(rep->padata, 0, asn1_decode_sequence_of_pa_data); - opt_field(rep->strengthen_key, 1, asn1_decode_encryption_key_ptr); - opt_field(rep->finished, 2, asn1_decode_fast_finished_ptr); - get_field(rep->nonce, 3, asn1_decode_int32); + get_field(rep->padata, 0, asn1_decode_sequence_of_pa_data); + opt_field(rep->strengthen_key, 1, asn1_decode_encryption_key_ptr); + opt_field(rep->finished, 2, asn1_decode_fast_finished_ptr); + get_field(rep->nonce, 3, asn1_decode_int32); end_structure(); } rep->magic = KV5M_FAST_RESPONSE; cleanup(free); @@ -1173,15 +1177,15 @@ clean_return(ASN1_BAD_ID); } {begin_structure(); - get_field(*rep, 0, asn1_decode_encrypted_data); - end_structure(); + get_field(*rep, 0, asn1_decode_encrypted_data); + end_structure(); } cleanup(free); } -krb5_error_code decode_krb5_ad_kdcissued -(const krb5_data *code, krb5_ad_kdcissued **repptr) +krb5_error_code +decode_krb5_ad_kdcissued(const krb5_data *code, krb5_ad_kdcissued **repptr) { setup_buf_only(krb5_ad_kdcissued *); alloc_field(rep); @@ -1192,8 +1196,8 @@ cleanup(free); } -krb5_error_code decode_krb5_ad_signedpath -(const krb5_data *code, krb5_ad_signedpath **repptr) +krb5_error_code +decode_krb5_ad_signedpath(const krb5_data *code, krb5_ad_signedpath **repptr) { setup_buf_only(krb5_ad_signedpath *); alloc_field(rep); @@ -1218,12 +1222,12 @@ *num = 0; { - setup_buf_only(krb5_authdatatype *); + setup_buf_only(krb5_authdatatype *); - retval = asn1_peek_authorization_data(&buf, num, &rep); - if (retval) clean_return(retval); + retval = asn1_peek_authorization_data(&buf, num, &rep); + if (retval) clean_return(retval); - cleanup_none(); + cleanup_none(); } assert(0); /* NOTREACHED */ } From tsitkova at MIT.EDU Mon Nov 16 12:30:09 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Mon, 16 Nov 2009 12:30:09 -0500 Subject: svn rev #23237: trunk/src/lib/crypto/krb/keyhash_provider/ Message-ID: <200911161730.nAGHU9af000525@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23237 Commit By: tsitkova Log Message: Remove unreferred krb5int_keyhash_aescbc_xxx. Cleaner krb5int_keyhash_md5_hmac init. Changed Files: U trunk/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h U trunk/src/lib/crypto/krb/keyhash_provider/md5_hmac.c Modified: trunk/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h =================================================================== --- trunk/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h 2009-11-16 16:48:37 UTC (rev 23236) +++ trunk/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h 2009-11-16 17:30:09 UTC (rev 23237) @@ -31,5 +31,4 @@ extern const struct krb5_keyhash_provider krb5int_keyhash_md5des; extern const struct krb5_keyhash_provider krb5int_keyhash_hmac_md5; extern const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac; -extern const struct krb5_keyhash_provider krb5int_keyhash_aescbc_128; -extern const struct krb5_keyhash_provider krb5int_keyhash_aescbc_256; + Modified: trunk/src/lib/crypto/krb/keyhash_provider/md5_hmac.c =================================================================== --- trunk/src/lib/crypto/krb/keyhash_provider/md5_hmac.c 2009-11-16 16:48:37 UTC (rev 23236) +++ trunk/src/lib/crypto/krb/keyhash_provider/md5_hmac.c 2009-11-16 17:30:09 UTC (rev 23237) @@ -61,4 +61,5 @@ 16, k5_md5_hmac_hash, NULL /*checksum again*/ + NULL, NULL }; From tsitkova at MIT.EDU Mon Nov 16 13:09:26 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Mon, 16 Nov 2009 13:09:26 -0500 Subject: svn rev #23238: trunk/src/lib/crypto/krb/keyhash_provider/ Message-ID: <200911161809.nAGI9Q15004602@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23238 Commit By: tsitkova Log Message: Typo fix Changed Files: U trunk/src/lib/crypto/krb/keyhash_provider/md5_hmac.c Modified: trunk/src/lib/crypto/krb/keyhash_provider/md5_hmac.c =================================================================== --- trunk/src/lib/crypto/krb/keyhash_provider/md5_hmac.c 2009-11-16 17:30:09 UTC (rev 23237) +++ trunk/src/lib/crypto/krb/keyhash_provider/md5_hmac.c 2009-11-16 18:09:26 UTC (rev 23238) @@ -60,6 +60,6 @@ const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac = { 16, k5_md5_hmac_hash, - NULL /*checksum again*/ + NULL, /*checksum again*/ NULL, NULL }; From tlyu at MIT.EDU Mon Nov 16 17:32:40 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 16 Nov 2009 17:32:40 -0500 Subject: svn rev #23246: trunk/src/ include/ kdc/ lib/crypto/krb/keyhash_provider/ Message-ID: <200911162232.nAGMWedK030873@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23246 Commit By: tlyu Log Message: Clean up some open-parenthesis problems, and reindent. Changed Files: U trunk/src/include/pkinit_apple_utils.h U trunk/src/kdc/do_tgs_req.c U trunk/src/kdc/fast_util.c U trunk/src/kdc/kdc_authdata.c U trunk/src/kdc/kdc_preauth.c U trunk/src/kdc/kdc_util.h U trunk/src/kdc/main.c U trunk/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h Modified: trunk/src/include/pkinit_apple_utils.h =================================================================== --- trunk/src/include/pkinit_apple_utils.h 2009-11-16 20:52:11 UTC (rev 23245) +++ trunk/src/include/pkinit_apple_utils.h 2009-11-16 22:32:40 UTC (rev 23246) @@ -114,11 +114,11 @@ */ #define PKI_CSSM_TO_KRB_DATA(cd, kd) \ (kd)->data = (char *)(cd)->Data; \ - (kd)->length = (cd)->Length; + (kd)->length = (cd)->Length; #define PKI_KRB_TO_CSSM_DATA(kd, cd) \ (cd)->Data = (uint8 *)(kd)->data; \ - (cd)->Length = (kd)->length; + (cd)->Length = (kd)->length; /* * Compare to CSSM_DATAs. Return TRUE if they're the same else FALSE. Modified: trunk/src/kdc/do_tgs_req.c =================================================================== --- trunk/src/kdc/do_tgs_req.c 2009-11-16 20:52:11 UTC (rev 23245) +++ trunk/src/kdc/do_tgs_req.c 2009-11-16 22:32:40 UTC (rev 23246) @@ -380,12 +380,12 @@ if (isflagset(request->kdc_options, KDC_OPT_CNAME_IN_ADDL_TKT)) { /* Do constrained delegation protocol and authorization checks */ errcode = kdc_process_s4u2proxy_req(kdc_context, - request, - request->second_ticket[st_idx]->enc_part2, - &st_client, - header_ticket->enc_part2->client, - request->server, - &status); + request, + request->second_ticket[st_idx]->enc_part2, + &st_client, + header_ticket->enc_part2->client, + request->server, + &status); if (errcode) goto cleanup; @@ -648,7 +648,7 @@ /* try refreshing master key list */ /* XXX it would nice if we had the mkvno here for optimization */ if (krb5_db_fetch_mkey_list(kdc_context, master_princ, - &master_keyblock, 0, &tmp_mkey_list) == 0) { + &master_keyblock, 0, &tmp_mkey_list) == 0) { krb5_dbe_free_key_list(kdc_context, master_keylist); master_keylist = tmp_mkey_list; if ((errcode = krb5_dbe_find_mkey(kdc_context, master_keylist, @@ -816,9 +816,9 @@ char *tdots; errcode = kdc_check_transited_list (kdc_context, - &enc_tkt_reply.transited.tr_contents, - krb5_princ_realm (kdc_context, header_enc_tkt->client), - krb5_princ_realm (kdc_context, request->server)); + &enc_tkt_reply.transited.tr_contents, + krb5_princ_realm (kdc_context, header_enc_tkt->client), + krb5_princ_realm (kdc_context, request->server)); tlen = enc_tkt_reply.transited.tr_contents.length; tdots = tlen > 125 ? "..." : ""; tlen = tlen > 125 ? 125 : tlen; @@ -943,13 +943,13 @@ reply.enc_part.enctype = subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype; errcode = kdc_fast_response_handle_padata(state, request, &reply, - subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype); + subkey ? subkey->enctype : header_ticket->enc_part2->session->enctype); if (errcode !=0 ) { status = "Preparing FAST padata"; goto cleanup; } errcode =kdc_fast_handle_reply_key(state, - subkey?subkey:header_ticket->enc_part2->session, &reply_key); + subkey?subkey:header_ticket->enc_part2->session, &reply_key); if (errcode) { status = "generating reply key"; goto cleanup; @@ -1116,9 +1116,9 @@ * the principal. */ if ((retval = krb5_walk_realm_tree(kdc_context, - krb5_princ_realm(kdc_context, request->server), - krb5_princ_component(kdc_context, request->server, 1), - &plist, KRB5_REALM_BRANCH_CHAR))) + krb5_princ_realm(kdc_context, request->server), + krb5_princ_component(kdc_context, request->server, 1), + &plist, KRB5_REALM_BRANCH_CHAR))) return; /* move to the end */ Modified: trunk/src/kdc/fast_util.c =================================================================== --- trunk/src/kdc/fast_util.c 2009-11-16 20:52:11 UTC (rev 23245) +++ trunk/src/kdc/fast_util.c 2009-11-16 22:32:40 UTC (rev 23246) @@ -68,7 +68,7 @@ tgs_server, ticket->server)) { krb5_set_error_message(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH, - "ap-request armor for something other than the local TGS"); + "ap-request armor for something other than the local TGS"); retval = KRB5KDC_ERR_SERVER_NOMATCH; } } @@ -165,7 +165,7 @@ &state->armor_key); else { krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED, - "No armor key but FAST armored request present"); + "No armor key but FAST armored request present"); retval = KRB5KDC_ERR_PREAUTH_FAILED; } } Modified: trunk/src/kdc/kdc_authdata.c =================================================================== --- trunk/src/kdc/kdc_authdata.c 2009-11-16 20:52:11 UTC (rev 23245) +++ trunk/src/kdc/kdc_authdata.c 2009-11-16 22:32:40 UTC (rev 23246) @@ -47,58 +47,57 @@ #endif /* MIT Kerberos 1.6 (V0) authdata plugin callback */ -typedef krb5_error_code (*authdata_proc_0) - (krb5_context, krb5_db_entry *client, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_enc_tkt_part * enc_tkt_reply); +typedef krb5_error_code (*authdata_proc_0)( + krb5_context, + krb5_db_entry *client, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_enc_tkt_part * enc_tkt_reply); /* MIT Kerberos 1.8 (V2) authdata plugin callback */ -typedef krb5_error_code (*authdata_proc_2) - (krb5_context, unsigned int flags, - krb5_db_entry *client, krb5_db_entry *server, - krb5_db_entry *krbtgt, - krb5_keyblock *client_key, - krb5_keyblock *server_key, - krb5_keyblock *krbtgt_key, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_const_principal for_user_princ, - krb5_enc_tkt_part *enc_tkt_request, - krb5_enc_tkt_part *enc_tkt_reply); -typedef krb5_error_code (*init_proc) - (krb5_context, void **); -typedef void (*fini_proc) - (krb5_context, void *); +typedef krb5_error_code (*authdata_proc_2)( + krb5_context, unsigned int flags, + krb5_db_entry *client, krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); +typedef krb5_error_code (*init_proc)(krb5_context, void **); +typedef void (*fini_proc)(krb5_context, void *); -static krb5_error_code handle_request_authdata - (krb5_context context, - unsigned int flags, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_db_entry *krbtgt, - krb5_keyblock *client_key, - krb5_keyblock *server_key, - krb5_keyblock *krbtgt_key, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_const_principal for_user_princ, - krb5_enc_tkt_part *enc_tkt_request, - krb5_enc_tkt_part *enc_tkt_reply); +static krb5_error_code handle_request_authdata( + krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); -static krb5_error_code handle_tgt_authdata - (krb5_context context, - unsigned int flags, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_db_entry *krbtgt, - krb5_keyblock *client_key, - krb5_keyblock *server_key, - krb5_keyblock *krbtgt_key, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_const_principal for_user_princ, - krb5_enc_tkt_part *enc_tkt_request, - krb5_enc_tkt_part *enc_tkt_reply); +static krb5_error_code handle_tgt_authdata( + krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_keyblock *krbtgt_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); static krb5_error_code handle_kdb_authdata(krb5_context context, unsigned int flags, Modified: trunk/src/kdc/kdc_preauth.c =================================================================== --- trunk/src/kdc/kdc_preauth.c 2009-11-16 20:52:11 UTC (rev 23245) +++ trunk/src/kdc/kdc_preauth.c 2009-11-16 22:32:40 UTC (rev 23246) @@ -500,14 +500,14 @@ if (server_init_proc != NULL) { krb5_error_code initerr; initerr = (*server_init_proc)(context, &plugin_context, - (const char **)kdc_realm_names); + (const char **)kdc_realm_names); if (initerr) { const char *emsg; emsg = krb5_get_error_message(context, initerr); if (emsg) { krb5_klog_syslog(LOG_ERR, - "preauth %s failed to initialize: %s", - ftable->name, emsg); + "preauth %s failed to initialize: %s", + ftable->name, emsg); krb5_free_error_message(context, emsg); } memset(&preauth_systems[k], 0, @@ -521,7 +521,7 @@ preauth_systems[k].type = ftable->pa_type_list[j]; if (ftable->flags_proc != NULL) preauth_systems[k].flags = ftable->flags_proc(context, - preauth_systems[k].type); + preauth_systems[k].type); else preauth_systems[k].flags = 0; preauth_systems[k].plugin_context = plugin_context; @@ -557,7 +557,7 @@ for (i = 0; i < n_preauth_systems; i++) { if (preauth_systems[i].fini != NULL) { (*preauth_systems[i].fini)(context, - preauth_systems[i].plugin_context); + preauth_systems[i].plugin_context); } memset(&preauth_systems[i], 0, sizeof(preauth_systems[i])); } @@ -952,12 +952,12 @@ #ifdef DEBUG krb5_klog_syslog ( - LOG_DEBUG, - "client needs %spreauth, %shw preauth; request has %spreauth, %shw preauth", - isflagset (client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) ? "" : "no ", - isflagset (client->attributes, KRB5_KDB_REQUIRES_HW_AUTH) ? "" : "no ", - isflagset (enc_tkt_reply->flags, TKT_FLG_PRE_AUTH) ? "" : "no ", - isflagset (enc_tkt_reply->flags, TKT_FLG_HW_AUTH) ? "" : "no "); + LOG_DEBUG, + "client needs %spreauth, %shw preauth; request has %spreauth, %shw preauth", + isflagset (client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) ? "" : "no ", + isflagset (client->attributes, KRB5_KDB_REQUIRES_HW_AUTH) ? "" : "no ", + isflagset (enc_tkt_reply->flags, TKT_FLG_PRE_AUTH) ? "" : "no ", + isflagset (enc_tkt_reply->flags, TKT_FLG_HW_AUTH) ? "" : "no "); #endif if (isflagset(client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) && @@ -1370,7 +1370,7 @@ static krb5_boolean request_contains_enctype(krb5_context context, const krb5_kdc_req *request, - krb5_enctype enctype) + krb5_enctype enctype) { int i; for (i =0; i < request->nktypes; i++) @@ -2891,15 +2891,15 @@ * We've already verified; just obtain the fields we need to create a response */ krtn = krb5int_pkinit_as_req_parse(context, - &pa_data, - NULL, NULL, &nonce, /* ctime, cusec, nonce */ - NULL, NULL, /* pa_cksum, cert_status */ - &num_cms_types, &cms_types, - &client_cert, /* signer_cert: we encrypt for this */ - /* remaining fields unused (for now) */ - NULL, NULL, /* num_all_certs, all_certs */ - &num_trusted_CAs, &trusted_CAs, - &kdc_cert); + &pa_data, + NULL, NULL, &nonce, /* ctime, cusec, nonce */ + NULL, NULL, /* pa_cksum, cert_status */ + &num_cms_types, &cms_types, + &client_cert, /* signer_cert: we encrypt for this */ + /* remaining fields unused (for now) */ + NULL, NULL, /* num_all_certs, all_certs */ + &num_trusted_CAs, &trusted_CAs, + &kdc_cert); if(krtn) { kdcPkinitDebug("pa_pk_as_req_parse returned %d; PKINIT aborting.\n", (int)krtn); @@ -2964,7 +2964,7 @@ &pa_data); if(krtn) { kdcPkinitDebug("pa_pk_as_rep_create returned %d; PKINIT aborting.\n", - (int)krtn); + (int)krtn); goto cleanup; } Modified: trunk/src/kdc/kdc_util.h =================================================================== --- trunk/src/kdc/kdc_util.h 2009-11-16 20:52:11 UTC (rev 23245) +++ trunk/src/kdc/kdc_util.h 2009-11-16 22:32:40 UTC (rev 23246) @@ -45,14 +45,14 @@ krb5_boolean krb5_is_tgs_principal (krb5_const_principal); krb5_error_code add_to_transited (krb5_data *, - krb5_data *, - krb5_principal, - krb5_principal, - krb5_principal); + krb5_data *, + krb5_principal, + krb5_principal, + krb5_principal); krb5_error_code compress_transited (krb5_data *, - krb5_principal, - krb5_data *); + krb5_principal, + krb5_data *); krb5_error_code concat_authorization_data (krb5_authdata **, krb5_authdata **, @@ -127,19 +127,19 @@ /* do_as_req.c */ krb5_error_code process_as_req (krb5_kdc_req *, krb5_data *, - const krb5_fulladdr *, - krb5_data ** ); + const krb5_fulladdr *, + krb5_data ** ); /* do_tgs_req.c */ krb5_error_code process_tgs_req (krb5_data *, - const krb5_fulladdr *, - krb5_data ** ); + const krb5_fulladdr *, + krb5_data ** ); /* dispatch.c */ krb5_error_code dispatch (krb5_data *, - const krb5_fulladdr *, - krb5_data **); + const krb5_fulladdr *, + krb5_data **); /* main.c */ krb5_error_code kdc_initialize_rcache (krb5_context, char *); @@ -157,13 +157,13 @@ /* policy.c */ int against_local_policy_as (krb5_kdc_req *, krb5_db_entry, - krb5_db_entry, krb5_timestamp, - const char **, krb5_data *); + krb5_db_entry, krb5_timestamp, + const char **, krb5_data *); int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry, - krb5_ticket *, const char **, - krb5_data *); + krb5_ticket *, const char **, + krb5_data *); /* kdc_preauth.c */ krb5_boolean @@ -171,13 +171,13 @@ const char * missing_required_preauth (krb5_db_entry *client, - krb5_db_entry *server, - krb5_enc_tkt_part *enc_tkt_reply); + krb5_db_entry *server, + krb5_enc_tkt_part *enc_tkt_reply); void get_preauth_hint_list (krb5_kdc_req * request, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_data *e_data); + krb5_db_entry *client, + krb5_db_entry *server, + krb5_data *e_data); krb5_error_code load_preauth_plugins(krb5_context context); krb5_error_code Modified: trunk/src/kdc/main.c =================================================================== --- trunk/src/kdc/main.c 2009-11-16 20:52:11 UTC (rev 23245) +++ trunk/src/kdc/main.c 2009-11-16 22:32:40 UTC (rev 23246) @@ -213,15 +213,15 @@ if (!rdp->realm_no_host_referral) retval = ENOMEM; } else if (no_refrls && (asprintf(&(rdp->realm_no_host_referral), - "%s%s%s%s%s", " ", no_refrls," ", - rparams->realm_no_host_referral, " ") < 0)) + "%s%s%s%s%s", " ", no_refrls," ", + rparams->realm_no_host_referral, " ") < 0)) retval = ENOMEM; else if (asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", rparams->realm_no_host_referral, " ") < 0) retval = ENOMEM; } else if( no_refrls != NULL) { if ( asprintf(&(rdp->realm_no_host_referral), - "%s%s%s", " ", no_refrls, " ") < 0) + "%s%s%s", " ", no_refrls, " ") < 0) retval = ENOMEM; } else rdp->realm_no_host_referral = NULL; @@ -235,7 +235,7 @@ } if (host_based_srvcs && - (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) { + (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) { rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; @@ -661,7 +661,7 @@ default_tcp_ports, manual, db_args, no_refrls, host_based_srvcs))) { fprintf(stderr, - "%s: cannot initialize realm %s - see log file for details\n", + "%s: cannot initialize realm %s - see log file for details\n", argv[0], optarg); exit(1); } Modified: trunk/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h =================================================================== --- trunk/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h 2009-11-16 20:52:11 UTC (rev 23245) +++ trunk/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h 2009-11-16 22:32:40 UTC (rev 23246) @@ -31,4 +31,3 @@ extern const struct krb5_keyhash_provider krb5int_keyhash_md5des; extern const struct krb5_keyhash_provider krb5int_keyhash_hmac_md5; extern const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac; - From tlyu at MIT.EDU Mon Nov 16 20:21:31 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 16 Nov 2009 20:21:31 -0500 Subject: svn rev #23252: trunk/src/include/ Message-ID: <200911170121.nAH1LVwn011905@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23252 Commit By: tlyu Log Message: Rework using "do { } while (0)" in macro bodies to avoid divergent emacs-22 vs emacs-23 indentation. Changed Files: U trunk/src/include/pkinit_apple_utils.h Modified: trunk/src/include/pkinit_apple_utils.h =================================================================== --- trunk/src/include/pkinit_apple_utils.h 2009-11-17 00:11:26 UTC (rev 23251) +++ trunk/src/include/pkinit_apple_utils.h 2009-11-17 01:21:31 UTC (rev 23252) @@ -113,12 +113,16 @@ * Non-mallocing conversion between CSSM_DATA and krb5_data */ #define PKI_CSSM_TO_KRB_DATA(cd, kd) \ - (kd)->data = (char *)(cd)->Data; \ - (kd)->length = (cd)->Length; + do { \ + (kd)->data = (char *)(cd)->Data; \ + (kd)->length = (cd)->Length; \ + } while (0) #define PKI_KRB_TO_CSSM_DATA(kd, cd) \ - (cd)->Data = (uint8 *)(kd)->data; \ - (cd)->Length = (kd)->length; + do { \ + (cd)->Data = (uint8 *)(kd)->data; \ + (cd)->Length = (kd)->length; \ + } while (0) /* * Compare to CSSM_DATAs. Return TRUE if they're the same else FALSE. From tsitkova at MIT.EDU Wed Nov 18 10:55:02 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Wed, 18 Nov 2009 10:55:02 -0500 Subject: svn rev #23286: trunk/src/lib/kadm5/srv/ Message-ID: <200911181555.nAIFt2KX022277@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23286 Commit By: tsitkova Log Message: minor reindent Changed Files: U trunk/src/lib/kadm5/srv/server_acl.h Modified: trunk/src/lib/kadm5/srv/server_acl.h =================================================================== --- trunk/src/lib/kadm5/srv/server_acl.h 2009-11-18 13:06:50 UTC (rev 23285) +++ trunk/src/lib/kadm5/srv/server_acl.h 2009-11-18 15:55:02 UTC (rev 23286) @@ -83,28 +83,20 @@ char *policy; } restriction_t; -krb5_error_code kadm5int_acl_init -(krb5_context, - int, - char *); -void kadm5int_acl_finish -(krb5_context, - int); -krb5_boolean kadm5int_acl_check -(krb5_context, - gss_name_t, - krb5_int32, - krb5_principal, - restriction_t **); -krb5_boolean kadm5int_acl_check_krb -(krb5_context, - krb5_const_principal, - krb5_int32, - krb5_const_principal, - restriction_t **); -krb5_error_code kadm5int_acl_impose_restrictions -(krb5_context, - kadm5_principal_ent_rec *, - long *, - restriction_t *); +krb5_error_code kadm5int_acl_init(krb5_context, int, char *); +void kadm5int_acl_finish(krb5_context, int); +krb5_boolean kadm5int_acl_check(krb5_context, + gss_name_t, + krb5_int32, + krb5_principal, + restriction_t **); +krb5_boolean kadm5int_acl_check_krb(krb5_context, + krb5_const_principal, + krb5_int32, + krb5_const_principal, + restriction_t **); +krb5_error_code kadm5int_acl_impose_restrictions(krb5_context, + kadm5_principal_ent_rec *, + long *, + restriction_t *); #endif /* SERVER_ACL_H__ */ From tsitkova at MIT.EDU Wed Nov 18 11:38:25 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Wed, 18 Nov 2009 11:38:25 -0500 Subject: svn rev #23287: trunk/src/lib/krb5/os/ Message-ID: <200911181638.nAIGcPeA026268@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23287 Commit By: tsitkova Log Message: Minor reindent fix Changed Files: U trunk/src/lib/krb5/os/os-proto.h Modified: trunk/src/lib/krb5/os/os-proto.h =================================================================== --- trunk/src/lib/krb5/os/os-proto.h 2009-11-18 15:55:02 UTC (rev 23286) +++ trunk/src/lib/krb5/os/os-proto.h 2009-11-18 16:38:24 UTC (rev 23287) @@ -32,22 +32,19 @@ #define KRB5_LIBOS_INT_PROTO__ struct addrlist; -krb5_error_code krb5_locate_kdc -(krb5_context, const krb5_data *, struct addrlist *, int, int, int); +krb5_error_code krb5_locate_kdc(krb5_context, const krb5_data *, + struct addrlist *, int, int, int); #ifdef HAVE_NETINET_IN_H -krb5_error_code krb5_unpack_full_ipaddr -(krb5_context, - const krb5_address *, - krb5_int32 *, - krb5_int16 *); +krb5_error_code krb5_unpack_full_ipaddr(krb5_context, + const krb5_address *, + krb5_int32 *, + krb5_int16 *); -krb5_error_code krb5_make_full_ipaddr -(krb5_context, - krb5_int32, - int, /* unsigned short promotes to signed - int */ - krb5_address **); +krb5_error_code krb5_make_full_ipaddr(krb5_context, + krb5_int32, + int, /* unsigned short promotes to signed int */ + krb5_address **); #endif /* HAVE_NETINET_IN_H */ @@ -63,16 +60,15 @@ int _krb5_use_dns_kdc (krb5_context); int _krb5_conf_boolean (const char *); -krb5_error_code -krb5int_sendto(krb5_context context, const krb5_data *message, - const struct addrlist *addrs, - struct sendto_callback_info* callback_info, - krb5_data *reply, struct sockaddr *localaddr, - socklen_t *localaddrlen, - struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, - int *addr_used, - int (*msg_handler)(krb5_context, const krb5_data *, void *), - void *msg_handler_data); +krb5_error_code krb5int_sendto(krb5_context context, const krb5_data *message, + const struct addrlist *addrs, + struct sendto_callback_info* callback_info, + krb5_data *reply, struct sockaddr *localaddr, + socklen_t *localaddrlen, + struct sockaddr *remoteaddr, socklen_t *remoteaddrlen, + int *addr_used, + int (*msg_handler)(krb5_context, const krb5_data *, void *), + void *msg_handler_data); krb5_error_code krb5int_get_fq_local_hostname(char *, size_t); From ghudson at MIT.EDU Thu Nov 19 11:27:47 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 19 Nov 2009 11:27:47 -0500 Subject: svn rev #23292: trunk/src/include/ krb5/ Message-ID: <200911191627.nAJGRliK016447@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23292 Commit By: ghudson Log Message: Put krb5_auth_con_set_req_cksumtype back in the public API, since it is needed by the BSD applications which will be unbundled in 1.8. Changed Files: U trunk/src/include/k5-int.h U trunk/src/include/krb5/krb5.hin Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-19 16:07:43 UTC (rev 23291) +++ trunk/src/include/k5-int.h 2009-11-19 16:27:47 UTC (rev 23292) @@ -2695,10 +2695,6 @@ const krb5_data *, krb5_principal **, int); -krb5_error_code KRB5_CALLCONV -krb5_auth_con_set_req_cksumtype(krb5_context, krb5_auth_context, - krb5_cksumtype); - krb5_error_code krb5_auth_con_set_safe_cksumtype(krb5_context, krb5_auth_context, krb5_cksumtype); Modified: trunk/src/include/krb5/krb5.hin =================================================================== --- trunk/src/include/krb5/krb5.hin 2009-11-19 16:07:43 UTC (rev 23291) +++ trunk/src/include/krb5/krb5.hin 2009-11-19 16:27:47 UTC (rev 23292) @@ -2054,6 +2054,10 @@ krb5_auth_con_getauthenticator(krb5_context, krb5_auth_context, krb5_authenticator **); +krb5_error_code KRB5_CALLCONV +krb5_auth_con_set_req_cksumtype(krb5_context, krb5_auth_context, + krb5_cksumtype); + #define KRB5_REALM_BRANCH_CHAR '.' /* From lhoward at MIT.EDU Thu Nov 19 16:59:23 2009 From: lhoward at MIT.EDU (lhoward@MIT.EDU) Date: Thu, 19 Nov 2009 16:59:23 -0500 Subject: svn rev #23293: trunk/src/lib/krb5/krb/ Message-ID: <200911192159.nAJLxNrc014224@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23293 Commit By: lhoward Log Message: krb5_free_ad_signedpath must free outer structure Changed Files: U trunk/src/lib/krb5/krb/kfree.c Modified: trunk/src/lib/krb5/krb/kfree.c =================================================================== --- trunk/src/lib/krb5/krb/kfree.c 2009-11-19 16:27:47 UTC (rev 23292) +++ trunk/src/lib/krb5/krb/kfree.c 2009-11-19 21:59:23 UTC (rev 23293) @@ -925,4 +925,5 @@ free(val->delegated); } krb5_free_pa_data(context, val->method_data); + free(val); } From epeisach at MIT.EDU Thu Nov 19 22:42:40 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Thu, 19 Nov 2009 22:42:40 -0500 Subject: svn rev #23294: trunk/src/lib/kadm5/unit-test/ Message-ID: <200911200342.nAK3geoX009486@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23294 Commit By: epeisach Log Message: The size of kadm5_server_handle_rec differs between the client and server code. Valgrind picked up on access past end of allocated structure. Include proper internal header in client/server test. Changed Files: U trunk/src/lib/kadm5/unit-test/Makefile.in U trunk/src/lib/kadm5/unit-test/handle-test.c Modified: trunk/src/lib/kadm5/unit-test/Makefile.in =================================================================== --- trunk/src/lib/kadm5/unit-test/Makefile.in 2009-11-19 21:59:23 UTC (rev 23293) +++ trunk/src/lib/kadm5/unit-test/Makefile.in 2009-11-20 03:42:40 UTC (rev 23294) @@ -23,10 +23,13 @@ $(CC_LINK) -o destroy-test destroy-test.o \ $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) -client-handle-test: handle-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o client-handle-test handle-test.o \ +client-handle-test: client-handle-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o client-handle-test client-handle-test.o \ $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) +client-handle-test.o: handle-test.c + $(CC) $(ALL_CFLAGS) -DCLIENT_TEST -o client-handle-test.o -c $(srcdir)/handle-test.c + client-iter-test: iter-test.o $(KADMLCNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o client-iter-test iter-test.o \ $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) @@ -128,7 +131,7 @@ clean:: $(RM) init-test client_init.o init-test.o $(RM) destroy-test destroy-test.o - $(RM) client-handle-test handle-test.o + $(RM) client-handle-test handle-test.o client-handle-test.o $(RM) client-iter-test iter-test.o $(RM) randkey-test randkey-test.o $(RM) server-handle-test handle-test.o Modified: trunk/src/lib/kadm5/unit-test/handle-test.c =================================================================== --- trunk/src/lib/kadm5/unit-test/handle-test.c 2009-11-19 21:59:23 UTC (rev 23293) +++ trunk/src/lib/kadm5/unit-test/handle-test.c 2009-11-20 03:42:40 UTC (rev 23294) @@ -7,9 +7,13 @@ #include #include #include +#ifdef CLIENT_TEST #include +#else +#include +#include +#endif - int main(int argc, char *argv[]) { kadm5_ret_t ret; From epeisach at MIT.EDU Fri Nov 20 15:55:34 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Fri, 20 Nov 2009 15:55:34 -0500 Subject: svn rev #23295: trunk/src/lib/kadm5/unit-test/ Message-ID: <200911202055.nAKKtYAx027173@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23295 Commit By: epeisach Log Message: Correct argument to kadm5_get_principal is a pointer to a struct - not a pointer to a pointer.... Does not really matter as the field is not used - this test program expects a failer. Clean up memory leaks by freeing principal and releasing context. Changed Files: U trunk/src/lib/kadm5/unit-test/handle-test.c Modified: trunk/src/lib/kadm5/unit-test/handle-test.c =================================================================== --- trunk/src/lib/kadm5/unit-test/handle-test.c 2009-11-20 03:42:40 UTC (rev 23294) +++ trunk/src/lib/kadm5/unit-test/handle-test.c 2009-11-20 20:55:34 UTC (rev 23295) @@ -21,7 +21,8 @@ kadm5_server_handle_t handle; kadm5_server_handle_rec orig_handle; kadm5_policy_ent_rec pol; - kadm5_principal_ent_t princ; + kadm5_principal_ent_t princ; + kadm5_principal_ent_rec kprinc; krb5_keyblock *key; krb5_principal tprinc; krb5_context context; @@ -40,7 +41,7 @@ orig_handle = *handle; handle->magic_number = KADM5_STRUCT_VERSION; krb5_parse_name(context, "testuser", &tprinc); - ret = kadm5_get_principal(server_handle, tprinc, &princ, + ret = kadm5_get_principal(server_handle, tprinc, &kprinc, KADM5_PRINCIPAL_NORMAL_MASK); if(ret != KADM5_BAD_SERVER_HANDLE) { fprintf(stderr, "%s -- returned -- %s\n", "get-principal", @@ -55,6 +56,7 @@ exit(1); } + princ = &kprinc; ret = kadm5_create_principal(server_handle, princ, KADM5_PRINCIPAL, "pass"); if(ret != KADM5_BAD_SERVER_HANDLE) { fprintf(stderr, "%s -- returned -- %s\n", "create-principal", @@ -132,5 +134,7 @@ exit(1); } + krb5_free_principal(context, tprinc); + krb5_free_context(context); exit(0); } From epeisach at MIT.EDU Fri Nov 20 23:50:55 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Fri, 20 Nov 2009 23:50:55 -0500 Subject: svn rev #23296: trunk/src/lib/kadm5/clnt/ Message-ID: <200911210450.nAL4otac003545@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23296 Commit By: epeisach Log Message: ticket: 6582 subject: Memory leak in _kadm5_init_any introduced with ipropd Fix minor memory leak introduced by the ipropd integration. Changed Files: U trunk/src/lib/kadm5/clnt/client_init.c Modified: trunk/src/lib/kadm5/clnt/client_init.c =================================================================== --- trunk/src/lib/kadm5/clnt/client_init.c 2009-11-20 20:55:34 UTC (rev 23295) +++ trunk/src/lib/kadm5/clnt/client_init.c 2009-11-21 04:50:55 UTC (rev 23296) @@ -308,6 +308,8 @@ else iprop_enable = 0; + free(iprop_svc); + memset(&addr, 0, sizeof(addr)); addr.sin_family = hp->h_addrtype; (void) memcpy(&addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr)); From ghudson at MIT.EDU Sat Nov 21 18:08:03 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sat, 21 Nov 2009 18:08:03 -0500 Subject: svn rev #23298: trunk/src/kdc/ Message-ID: <200911212308.nALN83Tq027391@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23298 Commit By: ghudson Log Message: For the moment, test for nullity of pointers returned by k5alloc instead of result codes, to make Coverity happy. Changed Files: U trunk/src/kdc/kdc_authdata.c Modified: trunk/src/kdc/kdc_authdata.c =================================================================== --- trunk/src/kdc/kdc_authdata.c 2009-11-21 10:42:15 UTC (rev 23297) +++ trunk/src/kdc/kdc_authdata.c 2009-11-21 23:08:03 UTC (rev 23298) @@ -828,7 +828,7 @@ if (i != 0) { sign_authdata = k5alloc((i + 1) * sizeof(krb5_authdata *), &code); - if (code != 0) + if (sign_authdata == NULL) return code; for (i = 0, j = 0; authdata[i] != NULL; i++) { From epeisach at MIT.EDU Sat Nov 21 23:26:48 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Sat, 21 Nov 2009 23:26:48 -0500 Subject: svn rev #23299: trunk/src/lib/kadm5/unit-test/ Message-ID: <200911220426.nAM4QmmX020393@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23299 Commit By: epeisach Log Message: Clean up some memory leaks by releasing context. Changed Files: U trunk/src/lib/kadm5/unit-test/destroy-test.c U trunk/src/lib/kadm5/unit-test/init-test.c Modified: trunk/src/lib/kadm5/unit-test/destroy-test.c =================================================================== --- trunk/src/lib/kadm5/unit-test/destroy-test.c 2009-11-21 23:08:03 UTC (rev 23298) +++ trunk/src/lib/kadm5/unit-test/destroy-test.c 2009-11-22 04:26:48 UTC (rev 23299) @@ -43,5 +43,6 @@ } free(cp); } + krb5_free_context(context); exit(0); } Modified: trunk/src/lib/kadm5/unit-test/init-test.c =================================================================== --- trunk/src/lib/kadm5/unit-test/init-test.c 2009-11-21 23:08:03 UTC (rev 23298) +++ trunk/src/lib/kadm5/unit-test/init-test.c 2009-11-22 04:26:48 UTC (rev 23299) @@ -23,14 +23,17 @@ ret = kadm5_init(context, "admin", "admin", NULL, ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, &server_handle); - if (ret == KADM5_RPC_ERROR) + if (ret == KADM5_RPC_ERROR) { + krb5_free_context(context); exit(0); + } else if (ret != 0) { com_err("init-test", ret, "while initializing without auth"); exit(1); } else { fprintf(stderr, "Unexpected success while initializing without auth!\n"); (void) kadm5_destroy(server_handle); + krb5_free_context(context); exit(1); } } From epeisach at MIT.EDU Sat Nov 21 23:54:47 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Sat, 21 Nov 2009 23:54:47 -0500 Subject: svn rev #23300: trunk/src/lib/kadm5/clnt/ Message-ID: <200911220454.nAM4sllw022766@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23300 Commit By: epeisach Log Message: In _kadm5_init_any on error - if we created a cache entry, destroy it (parallel to kadm5_destroy code). Also - free config_params. Changed Files: U trunk/src/lib/kadm5/clnt/client_init.c Modified: trunk/src/lib/kadm5/clnt/client_init.c =================================================================== --- trunk/src/lib/kadm5/clnt/client_init.c 2009-11-22 04:26:48 UTC (rev 23299) +++ trunk/src/lib/kadm5/clnt/client_init.c 2009-11-22 04:54:47 UTC (rev 23300) @@ -174,6 +174,7 @@ int iprop_enable = 0; char full_svcname[BUFSIZ]; char *realm; + krb5_ccache ccache; kadm5_server_handle_t handle; kadm5_config_params params_local; @@ -390,6 +391,11 @@ * error" before the block of code at the top of the function * that allocates and initializes "handle". */ + if (handle->destroy_cache && handle->cache_name) { + if (krb5_cc_resolve(handle->context, + handle->cache_name, &ccache) == 0) + (void) krb5_cc_destroy (handle->context, ccache); + } if (handle->cache_name) free(handle->cache_name); if(handle->clnt && handle->clnt->cl_auth) @@ -397,6 +403,8 @@ if(handle->clnt) clnt_destroy(handle->clnt); + kadm5_free_config_params(handle->context, &handle->params); + cleanup: if (code) free(handle); From ghudson at MIT.EDU Sun Nov 22 09:58:54 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 22 Nov 2009 09:58:54 -0500 Subject: svn rev #23305: trunk/src/ appl/ tests/dejagnu/ tests/dejagnu/krb-standalone/ Message-ID: <200911221458.nAMEwsjS023516@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23305 Commit By: ghudson Log Message: ticket: 6583 subject: Unbundle applications into separate repository status: open Remove libpty, gssftp, telnet, and the bsd applications from the source tree, build system, and tests. Docs still need to be updated to remove mentions of the applications. The build system should be simplified now that we're down to one configure script and don't need some of the functionality currently in aclocal.m4. Changed Files: U trunk/src/appl/Makefile.in D trunk/src/appl/bsd/ D trunk/src/appl/gssftp/ D trunk/src/appl/libpty/ D trunk/src/appl/telnet/ U trunk/src/configure.in D trunk/src/tests/dejagnu/krb-root/ D trunk/src/tests/dejagnu/krb-standalone/gssftp.exp D trunk/src/tests/dejagnu/krb-standalone/rcp.exp D trunk/src/tests/dejagnu/krb-standalone/rsh.exp Modified: trunk/src/appl/Makefile.in =================================================================== --- trunk/src/appl/Makefile.in 2009-11-22 14:46:32 UTC (rev 23304) +++ trunk/src/appl/Makefile.in 2009-11-22 14:58:54 UTC (rev 23305) @@ -3,6 +3,6 @@ mydir=appl BUILDTOP=$(REL).. -SUBDIRS= sample simple user_user gss-sample \ - libpty bsd gssftp telnet +SUBDIRS= sample simple user_user gss-sample + Modified: trunk/src/configure.in =================================================================== --- trunk/src/configure.in 2009-11-22 14:46:32 UTC (rev 23304) +++ trunk/src/configure.in 2009-11-22 14:58:54 UTC (rev 23305) @@ -1051,8 +1051,6 @@ AC_DEFINE(BROKEN_STREAMS_SOCKETS,1,[Define if socket can't be bound to 0.0.0.0]) fi -AC_CONFIG_SUBDIRS(appl/libpty appl/bsd appl/gssftp appl/telnet) - AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config]) V5_AC_OUTPUT_MAKEFILE(. From ghudson at MIT.EDU Sun Nov 22 12:00:45 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 22 Nov 2009 12:00:45 -0500 Subject: svn rev #23306: trunk/src/ Message-ID: <200911221700.nAMH0ju0000549@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23306 Commit By: ghudson Log Message: ticket: 6583 status: open Remove functions from aclocal.m4 which are no longer needed now that the applications are unbundled. Changed Files: U trunk/src/aclocal.m4 Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-11-22 14:58:54 UTC (rev 23305) +++ trunk/src/aclocal.m4 2009-11-22 17:00:45 UTC (rev 23306) @@ -456,50 +456,6 @@ fi ])dnl dnl -dnl Generic File existence tests -dnl -dnl K5_AC_CHECK_FILE(FILE, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]) -dnl -AC_DEFUN(K5_AC_CHECK_FILE, -[AC_REQUIRE([AC_PROG_CC])dnl -dnl Do the transliteration at runtime so arg 1 can be a shell variable. -ac_safe=`echo "$1" | sed 'y%./+-%__p_%'` -AC_MSG_CHECKING([for $1]) -AC_CACHE_VAL(ac_cv_file_$ac_safe, -[if test "$cross_compiling" = yes; then - errprint(__file__:__line__: warning: Cannot check for file existence when cross compiling -)dnl - AC_MSG_ERROR(Cannot check for file existence when cross compiling) -else - if test -r $1; then - eval "ac_cv_file_$ac_safe=yes" - else - eval "ac_cv_file_$ac_safe=no" - fi -fi])dnl -if eval "test \"`echo '$ac_cv_file_'$ac_safe`\" = yes"; then - AC_MSG_RESULT(yes) - ifelse([$2], , :, [$2]) -else - AC_MSG_RESULT(no) -ifelse([$3], , , [$3 -np])dnl -fi -]) -dnl -dnl K5_AC_CHECK_FILES(FILE... [, ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]) -dnl -AC_DEFUN(K5_AC_CHECK_FILES, -[AC_REQUIRE([AC_PROG_CC])dnl -for ac_file in $1 -do -K5_AC_CHECK_FILE($ac_file, -[changequote(, )dnl - ac_tr_file=HAVE`echo $ac_file | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` -changequote([, ])dnl - AC_DEFINE_UNQUOTED($ac_tr_file) $2], $3)dnl -done -]) AC_DEFUN(KRB5_AC_CHECK_FOR_CFLAGS,[ AC_BEFORE([$0],[AC_PROG_CC]) AC_BEFORE([$0],[AC_PROG_CXX]) @@ -739,31 +695,6 @@ ,,[#include #include ])]) dnl -dnl -dnl CHECK_UTMP: check utmp structure and functions -dnl -AC_DEFUN(CHECK_UTMP,[ -AC_CHECK_MEMBERS([struct utmp.ut_pid, struct utmp.ut_type, struct utmp.ut_host, struct utmp.ut_exit],,, -[#include -#include ]) - -# Define the names actually used in the krb5 code currently: -if test $ac_cv_member_struct_utmp_ut_pid = no; then - AC_DEFINE(NO_UT_PID,1,[Define if ut_pid field not found]) -fi -if test $ac_cv_member_struct_utmp_ut_type = no; then - AC_DEFINE(NO_UT_TYPE,1,[Define if ut_type field not found]) -fi -if test $ac_cv_member_struct_utmp_ut_host = no; then - AC_DEFINE(NO_UT_HOST,1,[Define if ut_host field not found]) -fi -if test $ac_cv_member_struct_utmp_ut_exit = no; then - AC_DEFINE(NO_UT_EXIT,1,[Define if ut_exit field not found]) -fi - -AC_CHECK_FUNCS(setutent setutxent updwtmp updwtmpx) -])dnl -dnl dnl WITH_NETLIB dnl dnl @@ -1725,18 +1656,6 @@ dnl dnl m4_include(config/ac-archive/acx_pthread.m4) -# -# KRB5_AC_LIBUTIL -# -# Check for libutil, for NetBSD, et al.; needed for openpty() and -# logwtmp() on some platforms. -# -AC_DEFUN([KRB5_AC_LIBUTIL], - [AC_CHECK_LIB(util, main, - [AC_DEFINE(HAVE_LIBUTIL,1,[Define if util library is available with openpty, logwtmp, etc]) - UTIL_LIB=-lutil])dnl -AC_SUBST(UTIL_LIB) -]) dnl dnl dnl From ghudson at MIT.EDU Sun Nov 22 13:13:30 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 22 Nov 2009 13:13:30 -0500 Subject: svn rev #23308: trunk/src/ appl/ appl/gss-sample/ appl/sample/ appl/sample/sclient/ ... Message-ID: <200911221813.nAMIDUfL006662@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23308 Commit By: ghudson Log Message: ticket: 6583 status: open Consolidate Makefile variables now that we have only a single global configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) Changed Files: U trunk/src/Makefile.in U trunk/src/appl/Makefile.in U trunk/src/appl/gss-sample/Makefile.in U trunk/src/appl/gss-sample/deps U trunk/src/appl/sample/Makefile.in U trunk/src/appl/sample/sclient/Makefile.in U trunk/src/appl/sample/sserver/Makefile.in U trunk/src/appl/simple/Makefile.in U trunk/src/appl/simple/client/Makefile.in U trunk/src/appl/simple/server/Makefile.in U trunk/src/appl/user_user/Makefile.in U trunk/src/ccapi/Makefile.in U trunk/src/ccapi/common/Makefile.in U trunk/src/ccapi/common/unix/Makefile.in U trunk/src/ccapi/lib/Makefile.in U trunk/src/ccapi/lib/deps U trunk/src/ccapi/lib/unix/Makefile.in U trunk/src/ccapi/server/Makefile.in U trunk/src/ccapi/server/deps U trunk/src/ccapi/server/unix/Makefile.in U trunk/src/ccapi/test/Makefile.in U trunk/src/clients/Makefile.in U trunk/src/clients/kcpytkt/Makefile.in U trunk/src/clients/kdeltkt/Makefile.in U trunk/src/clients/kdestroy/Makefile.in U trunk/src/clients/kdestroy/deps U trunk/src/clients/kinit/Makefile.in U trunk/src/clients/kinit/deps U trunk/src/clients/klist/Makefile.in U trunk/src/clients/klist/deps U trunk/src/clients/kpasswd/Makefile.in U trunk/src/clients/kpasswd/deps U trunk/src/clients/ksu/Makefile.in U trunk/src/clients/ksu/deps U trunk/src/clients/kvno/Makefile.in U trunk/src/clients/kvno/deps U trunk/src/config/lib.in U trunk/src/config/libnover.in U trunk/src/config/libobj.in U trunk/src/config/post.in U trunk/src/config/pre.in U trunk/src/config/shlib.conf U trunk/src/config/win-pre.in U trunk/src/config-files/Makefile.in U trunk/src/gen-manpages/Makefile.in U trunk/src/include/Makefile.in U trunk/src/kadmin/Makefile.in U trunk/src/kadmin/cli/Makefile.in U trunk/src/kadmin/cli/deps U trunk/src/kadmin/dbutil/Makefile.in U trunk/src/kadmin/dbutil/deps U trunk/src/kadmin/kdbkeys/Makefile.in U trunk/src/kadmin/ktutil/Makefile.in U trunk/src/kadmin/ktutil/deps U trunk/src/kadmin/server/Makefile.in U trunk/src/kadmin/server/deps U trunk/src/kadmin/testing/Makefile.in U trunk/src/kadmin/testing/scripts/Makefile.in U trunk/src/kadmin/testing/util/Makefile.in U trunk/src/kadmin/testing/util/deps U trunk/src/kdc/Makefile.in U trunk/src/kdc/deps U trunk/src/lib/Makefile.in U trunk/src/lib/apputils/Makefile.in U trunk/src/lib/apputils/deps U trunk/src/lib/crypto/Makefile.in U trunk/src/lib/crypto/builtin/Makefile.in U trunk/src/lib/crypto/builtin/aes/Makefile.in U trunk/src/lib/crypto/builtin/aes/deps U trunk/src/lib/crypto/builtin/arcfour/Makefile.in U trunk/src/lib/crypto/builtin/arcfour/deps U trunk/src/lib/crypto/builtin/deps U trunk/src/lib/crypto/builtin/des/Makefile.in U trunk/src/lib/crypto/builtin/des/deps U trunk/src/lib/crypto/builtin/enc_provider/Makefile.in U trunk/src/lib/crypto/builtin/enc_provider/deps U trunk/src/lib/crypto/builtin/hash_provider/Makefile.in U trunk/src/lib/crypto/builtin/hash_provider/deps U trunk/src/lib/crypto/builtin/md4/Makefile.in U trunk/src/lib/crypto/builtin/md4/deps U trunk/src/lib/crypto/builtin/md5/Makefile.in U trunk/src/lib/crypto/builtin/md5/deps U trunk/src/lib/crypto/builtin/sha1/Makefile.in U trunk/src/lib/crypto/builtin/sha1/deps U trunk/src/lib/crypto/crypto_tests/Makefile.in U trunk/src/lib/crypto/krb/Makefile.in U trunk/src/lib/crypto/krb/crc32/Makefile.in U trunk/src/lib/crypto/krb/crc32/deps U trunk/src/lib/crypto/krb/deps U trunk/src/lib/crypto/krb/dk/Makefile.in U trunk/src/lib/crypto/krb/dk/deps U trunk/src/lib/crypto/krb/keyhash_provider/Makefile.in U trunk/src/lib/crypto/krb/keyhash_provider/deps U trunk/src/lib/crypto/krb/old/Makefile.in U trunk/src/lib/crypto/krb/old/deps U trunk/src/lib/crypto/krb/prf/Makefile.in U trunk/src/lib/crypto/krb/prf/deps U trunk/src/lib/crypto/krb/rand2key/Makefile.in U trunk/src/lib/crypto/krb/rand2key/deps U trunk/src/lib/crypto/krb/raw/Makefile.in U trunk/src/lib/crypto/krb/raw/deps U trunk/src/lib/crypto/krb/yarrow/Makefile.in U trunk/src/lib/crypto/krb/yarrow/deps U trunk/src/lib/crypto/openssl/Makefile.in U trunk/src/lib/crypto/openssl/aes/Makefile.in U trunk/src/lib/crypto/openssl/aes/deps U trunk/src/lib/crypto/openssl/arcfour/Makefile.in U trunk/src/lib/crypto/openssl/arcfour/deps U trunk/src/lib/crypto/openssl/deps U trunk/src/lib/crypto/openssl/des/Makefile.in U trunk/src/lib/crypto/openssl/des/deps U trunk/src/lib/crypto/openssl/enc_provider/Makefile.in U trunk/src/lib/crypto/openssl/enc_provider/deps U trunk/src/lib/crypto/openssl/hash_provider/Makefile.in U trunk/src/lib/crypto/openssl/hash_provider/deps U trunk/src/lib/crypto/openssl/md4/Makefile.in U trunk/src/lib/crypto/openssl/md4/deps U trunk/src/lib/crypto/openssl/md5/Makefile.in U trunk/src/lib/crypto/openssl/md5/deps U trunk/src/lib/crypto/openssl/sha1/Makefile.in U trunk/src/lib/crypto/openssl/sha1/deps U trunk/src/lib/gssapi/Makefile.in U trunk/src/lib/gssapi/generic/Makefile.in U trunk/src/lib/gssapi/generic/deps U trunk/src/lib/gssapi/krb5/Makefile.in U trunk/src/lib/gssapi/krb5/deps U trunk/src/lib/gssapi/mechglue/Makefile.in U trunk/src/lib/gssapi/mechglue/deps U trunk/src/lib/gssapi/spnego/Makefile.in U trunk/src/lib/gssapi/spnego/deps U trunk/src/lib/kadm5/Makefile.in U trunk/src/lib/kadm5/clnt/Makefile.in U trunk/src/lib/kadm5/clnt/deps U trunk/src/lib/kadm5/deps U trunk/src/lib/kadm5/srv/Makefile.in U trunk/src/lib/kadm5/srv/deps U trunk/src/lib/kadm5/unit-test/Makefile.in U trunk/src/lib/kadm5/unit-test/deps U trunk/src/lib/kdb/Makefile.in U trunk/src/lib/kdb/deps U trunk/src/lib/krb5/Makefile.in U trunk/src/lib/krb5/asn.1/Makefile.in U trunk/src/lib/krb5/asn.1/deps U trunk/src/lib/krb5/ccache/Makefile.in U trunk/src/lib/krb5/ccache/ccapi/Makefile.in U trunk/src/lib/krb5/ccache/ccapi/deps U trunk/src/lib/krb5/ccache/deps U trunk/src/lib/krb5/deps U trunk/src/lib/krb5/error_tables/Makefile.in U trunk/src/lib/krb5/keytab/Makefile.in U trunk/src/lib/krb5/keytab/deps U trunk/src/lib/krb5/krb/Makefile.in U trunk/src/lib/krb5/krb/deps U trunk/src/lib/krb5/os/Makefile.in U trunk/src/lib/krb5/os/deps U trunk/src/lib/krb5/posix/Makefile.in U trunk/src/lib/krb5/rcache/Makefile.in U trunk/src/lib/krb5/rcache/deps U trunk/src/lib/krb5/unicode/Makefile.in U trunk/src/lib/krb5/unicode/deps U trunk/src/lib/rpc/Makefile.in U trunk/src/lib/rpc/deps U trunk/src/lib/rpc/unit-test/Makefile.in U trunk/src/lib/rpc/unit-test/deps U trunk/src/plugins/authdata/greet/Makefile.in U trunk/src/plugins/authdata/greet/deps U trunk/src/plugins/authdata/greet_client/Makefile.in U trunk/src/plugins/authdata/greet_client/deps U trunk/src/plugins/authdata/greet_server/Makefile.in U trunk/src/plugins/authdata/greet_server/deps U trunk/src/plugins/kdb/db2/Makefile.in U trunk/src/plugins/kdb/db2/deps U trunk/src/plugins/kdb/db2/libdb2/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/btree/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/btree/deps U trunk/src/plugins/kdb/db2/libdb2/db/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/hash/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/mpool/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/recno/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/test/Makefile.in U trunk/src/plugins/kdb/hdb/Makefile.in U trunk/src/plugins/kdb/hdb/deps U trunk/src/plugins/kdb/ldap/Makefile.in U trunk/src/plugins/kdb/ldap/deps U trunk/src/plugins/kdb/ldap/ldap_util/Makefile.in U trunk/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in U trunk/src/plugins/kdb/ldap/libkdb_ldap/deps U trunk/src/plugins/locate/python/Makefile.in U trunk/src/plugins/locate/python/deps U trunk/src/plugins/preauth/cksum_body/Makefile.in U trunk/src/plugins/preauth/cksum_body/deps U trunk/src/plugins/preauth/encrypted_challenge/Makefile.in U trunk/src/plugins/preauth/encrypted_challenge/deps U trunk/src/plugins/preauth/pkinit/Makefile.in U trunk/src/plugins/preauth/pkinit/deps U trunk/src/plugins/preauth/wpse/Makefile.in U trunk/src/plugins/preauth/wpse/deps U trunk/src/slave/Makefile.in U trunk/src/slave/deps U trunk/src/tests/Makefile.in U trunk/src/tests/asn.1/Makefile.in U trunk/src/tests/asn.1/deps U trunk/src/tests/create/Makefile.in U trunk/src/tests/create/deps U trunk/src/tests/dejagnu/Makefile.in U trunk/src/tests/gss-threads/Makefile.in U trunk/src/tests/gss-threads/deps U trunk/src/tests/gssapi/Makefile.in U trunk/src/tests/gssapi/deps U trunk/src/tests/hammer/Makefile.in U trunk/src/tests/hammer/deps U trunk/src/tests/misc/Makefile.in U trunk/src/tests/misc/deps U trunk/src/tests/mkeystash_compat/Makefile.in U trunk/src/tests/resolve/Makefile.in U trunk/src/tests/resolve/deps U trunk/src/tests/shlib/Makefile.in U trunk/src/tests/shlib/deps U trunk/src/tests/threads/Makefile.in U trunk/src/tests/threads/deps U trunk/src/tests/verify/Makefile.in U trunk/src/tests/verify/deps U trunk/src/util/Makefile.in U trunk/src/util/collected-client-lib/Makefile.in U trunk/src/util/depfix.pl U trunk/src/util/et/Makefile.in U trunk/src/util/et/deps U trunk/src/util/profile/Makefile.in U trunk/src/util/profile/deps U trunk/src/util/send-pr/Makefile.in U trunk/src/util/ss/Makefile.in U trunk/src/util/ss/deps U trunk/src/util/support/Makefile.in U trunk/src/util/support/deps U trunk/src/windows/kfwlogon/Makefile.in U trunk/src/windows/ms2mit/Makefile.in Diff larger than 5000 lines; suppressing. From ghudson at MIT.EDU Sun Nov 22 13:20:36 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 22 Nov 2009 13:20:36 -0500 Subject: svn rev #23309: trunk/doc/ Message-ID: <200911221820.nAMIKaqX007182@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23309 Commit By: ghudson Log Message: ticket: 6583 status: open Update the build system documentation: * The test suite no longer requires root. * appl no longer contains what it used to contain. * Mention --disable-rpath as an alternative for make check. Changed Files: U trunk/doc/build.texinfo Modified: trunk/doc/build.texinfo =================================================================== --- trunk/doc/build.texinfo 2009-11-22 18:13:29 UTC (rev 23308) +++ trunk/doc/build.texinfo 2009-11-22 18:20:36 UTC (rev 23309) @@ -73,16 +73,11 @@ @node The appl Directory, The clients Directory, Organization of the Source Directory, Organization of the Source Directory @subsection The appl Directory -The Kerberos release provides certain UNIX utilities, modified to use -Kerberos authentication. In the @i{appl/bsd} directory are the -Berkeley utilities @i{login}, @i{rlogin}, @i{rsh}, and @i{rcp}, as well as -the associated daemons @i{kshd} and @i{klogind}. The @i{login} program -obtains ticket-granting tickets for users upon login; the other utilities -provide authenticated Unix network services. +The @i{appl} directory contains sample Kerberos application client and +server programs. In previous releases, it contained Kerberized versions +of remote access daemons, but those have now been moved to a separate +project. -The @i{appl} directory also contains Kerberized telnet and ftp programs, -as well as sample Kerberos application client and server programs. - @node The clients Directory, The gen-manpages Directory, The appl Directory, Organization of the Source Directory @subsection The clients Directory @@ -397,12 +392,13 @@ @xref{Options to Configure}.) @item -You have to run @samp{make install} before running @samp{make check}, or -the test suite will often pick up the installed version of Kerberos -rather than the newly built one. You can install into a prefix that -isn't in the system library search path, though. This theoretically -could be fixed with the appropriate environment variable magic in the -test suite, but hasn't been yet. +On some operating systems, you have to run @samp{make install} before +running @samp{make check}, or the test suite will pick up installed +versions of Kerberos libraries rather than the newly built ones. You +can install into a prefix that isn't in the system library search path, +though. Alternatively, you can configure with @code{--disable-rpath}, +which renders the build tree less suitable for installation, but allows +testing without interference from previously installed libraries. @item In order to test the RPC layer, the local system has to be running the @@ -425,26 +421,6 @@ DejaGnu may be found wherever GNU software is archived. -Most of the tests are setup to run as a non-privileged user. For some -of the krb-root tests to work properly, either (a) the user running the -tests must not have a .k5login file in the home directory or (b) the -.k5login file must contain an entry for @code{@@KRBTEST.COM}. -There are two series of tests (@samp{rlogind} and @samp{telnetd}) which -require the ability to @samp{rlogin} as root to the local -machine. Admittedly, this does require the use of a @file{.rhosts} file -or some authenticated means. @footnote{If you are fortunate enough to -have a previous version of Kerberos V5 or V4 installed, and the Kerberos -rlogin is first in your path, you can setup @file{.k5login} or - at file{.klogin} respectively to allow you access.} - -If you cannot obtain root access to your machine, all the other tests -will still run. Note however, with DejaGnu 1.2, the "untested testcases" -will cause the testsuite to exit with a non-zero exit status which - at samp{make} will consider a failure of the testing process. Do not worry -about this, as these tests are the last run when @samp{make check} is -executed from the top level of the build tree. This problem does not -exist with DejaGnu 1.3. - @node The KADM5 Tests, , The DejaGnu Tests, Testing the Build @subsection The KADM5 Tests From ghudson at MIT.EDU Sun Nov 22 13:44:46 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 22 Nov 2009 13:44:46 -0500 Subject: svn rev #23310: trunk/doc/ Message-ID: <200911221844.nAMIikgO009081@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23310 Commit By: ghudson Log Message: ticket: 6583 Remove discussion of the unbundled applications from the install guide. Changed Files: U trunk/doc/install.texinfo Modified: trunk/doc/install.texinfo =================================================================== --- trunk/doc/install.texinfo 2009-11-22 18:20:36 UTC (rev 23309) +++ trunk/doc/install.texinfo 2009-11-22 18:44:46 UTC (rev 23310) @@ -740,23 +740,15 @@ @end smallexample @need 1000 -Then, add the following lines to @code{/etc/inetd.conf} file on each KDC -(the line beginnng with @result{} is a continuation of the previous -line): +Then, add the following line to @code{/etc/inetd.conf} file on each KDC: @smallexample @group krb5_prop stream tcp nowait root @value{ROOTDIR}/sbin/kpropd kpropd -eklogin stream tcp nowait root @value{ROOTDIR}/sbin/klogind - at result{} klogind -k -c -e @end group @end smallexample @noindent -The first line sets up the @code{kpropd} database propagation daemon. -The second line sets up the @code{eklogin} daemon, allowing -Kerberos-authenticated, encrypted rlogin to the KDC. - You also need to add the following lines to @code{/etc/services} on each KDC: @@ -767,7 +759,6 @@ krb5_prop 754/tcp # Kerberos slave propagation kerberos-adm 749/tcp # Kerberos 5 admin/changepw (tcp) kerberos-adm 749/udp # Kerberos 5 admin/changepw (udp) -eklogin 2105/tcp # Kerberos encrypted rlogin @end group @end smallexample @@ -908,46 +899,6 @@ root access through a security hole in any of those areas could gain access to the Kerberos database. - at need 4700 - at value{COMPANY} recommends that your KDCs use the following - at code{/etc/inetd.conf} file. (Note: each line beginning with @result{} -is a continuation of the previous line.): - - at smallexample - at group -# -# Configuration file for inetd(1M). See inetd.conf(4). -# -# To re-configure the running inetd process, edit this file, then -# send the inetd process a SIGHUP. -# -# Syntax for socket-based Internet services: -# - at result{} -# -# Syntax for TLI-based Internet services: -# -# tli -# -# Ftp and telnet are standard Internet services. -# -# This machine is a secure Kerberos Key Distribution Center (KDC). -# Services are limited. -# -# -# Time service is used for clock synchronization. -# -time stream tcp nowait root internal -time dgram udp wait root internal -# -# Limited Kerberos services -# -krb5_prop stream tcp nowait root @value{ROOTDIR}/sbin/kpropd kpropd -eklogin stream tcp nowait root @value{ROOTDIR}/sbin/klogind - at result{} klogind -5 -c -e - at end group - at end smallexample - @node Switching Master and Slave KDCs, Incremental Database Propagation, Limit Access to the KDCs, Installing KDCs @subsection Switching Master and Slave KDCs @@ -1140,32 +1091,19 @@ @node Client Programs, Client Machine Configuration Files, Installing and Configuring UNIX Client Machines, Installing and Configuring UNIX Client Machines @subsection Client Programs -The Kerberized client programs are @code{login.krb5}, @code{rlogin}, - at code{telnet}, @code{ftp}, @code{rcp}, @code{rsh}, @code{kinit}, - at code{klist}, @code{kdestroy}, @code{kpasswd}, @code{ksu}, and - at code{krb524init}. All of these programs are in the directory - at code{@value{ROOTDIR}/bin}, except for @code{login.krb5} which is in - at code{@value{ROOTDIR}/sbin}. +The Kerberized client programs are @code{kinit}, @code{klist}, + at code{kdestroy}, @code{kpasswd}, and @code{ksu}. All of these programs +are in the directory @code{@value{ROOTDIR}/bin}. -You will probably want to have your users put @code{@value{ROOTDIR}/bin} -ahead of @code{/bin} and @code{/usr/bin} in their paths, so they will by -default get the @value{PRODUCT} versions of @code{rlogin}, - at code{telnet}, @code{ftp}, @code{rcp}, and @code{rsh}. - @value{COMPANY} recommends that you use @code{login.krb5} in place of @code{/bin/login} to give your users a single-sign-on system. You will need to make sure your users know to use their Kerberos passwords when they log in. You will also need to educate your users to use the ticket management -programs @code{kinit}, - at c @code{krb524init}, - at code{klist}, @code{kdestroy}, and to use the Kerberos programs - at c @code{pfrom}, - at code{ksu}, and @code{kpasswd} in place of their non-Kerberos -counterparts - at c @code{from} - at code{su}, @code{passwd}, and @code{rdist}. +programs @code{kinit}, @code{klist}, @code{kdestroy}, and to use the +Kerberos programs @code{ksu} and @code{kpasswd} in place of their +non-Kerberos counterparts @code{su} and @code{passwd}. @node Client Machine Configuration Files, , Client Programs, Installing and Configuring UNIX Client Machines @subsection Client Machine Configuration Files @@ -1183,13 +1121,9 @@ @group kerberos @value{DefaultPort}/udp kdc # Kerberos V5 KDC kerberos @value{DefaultPort}/tcp kdc # Kerberos V5 KDC -klogin @value{DefaultKloginPort}/tcp # Kerberos authenticated rlogin -kshell @value{DefaultKshellPort}/tcp cmd # and remote shell kerberos-adm @value{DefaultKadmindPort}/tcp # Kerberos 5 admin/changepw kerberos-adm @value{DefaultKadmindPort}/udp # Kerberos 5 admin/changepw krb5_prop @value{DefaultKrbPropPort}/tcp # Kerberos slave propagation - at c kpop 1109/tcp # Pop with Kerberos -eklogin @value{DefaultEkloginPort}/tcp # Kerberos auth. & encrypted rlogin krb524 @value{DefaultKrb524Port}/tcp # Kerberos 5 to 4 ticket translator @end group @end smallexample @@ -1299,77 +1233,11 @@ @value{PRODUCT}'s single sign-on capability. @menu -* Server Programs:: -* Server Configuration Files:: * The Keytab File:: * Some Advice about Secure Hosts:: @end menu - at node Server Programs, Server Configuration Files, UNIX Application Servers, UNIX Application Servers - at subsection Server Programs - -Just as @value{PRODUCT} provided its own Kerberos-enhanced versions of -client UNIX network programs, @value{PRODUCT} also provides -Kerberos-enhanced versions of server UNIX network daemons. These are - at code{ftpd}, @code{klogind}, @code{kshd}, and @code{telnetd}. - at c @code{popper}, -These programs are installed in the directory - at code{@value{ROOTDIR}/sbin}. You may want to add this directory to -root's path. - - at node Server Configuration Files, The Keytab File, Server Programs, UNIX Application Servers - at subsection Server Configuration Files - -For a @emph{secure} server, make the following changes to - at code{/etc/inetd.conf}: - -Find and comment out any lines for the services @code{ftp}, - at code{telnet}, @code{shell}, @code{login}, and @code{exec}. - - at need 1800 -Add the following lines. (Note: each line beginning with @result{} is -a continuation of the previous line.) - - at smallexample - at group -klogin stream tcp nowait root @value{ROOTDIR}/sbin/klogind - at result{} klogind -k -c -eklogin stream tcp nowait root @value{ROOTDIR}/sbin/klogind - at result{} klogind -k -c -e -kshell stream tcp nowait root @value{ROOTDIR}/sbin/kshd - at result{} kshd -k -c -A -ftp stream tcp nowait root @value{ROOTDIR}/sbin/ftpd - at result{} ftpd -a -telnet stream tcp nowait root @value{ROOTDIR}/sbin/telnetd - at result{} telnetd -a valid - at end group - at end smallexample - -For an @emph{insecure} server, make the following changes instead to - at code{/etc/inetd.conf}: - - at need 1800 -Find and comment out any lines for the services @code{ftp} and - at code{telnet}. - -Add the following lines. (Note: each line beginning with @result{} is -a continuation of the previous line.) - at smallexample - at group -klogin stream tcp nowait root @value{ROOTDIR}/sbin/klogind - at result{} klogind -k -c -eklogin stream tcp nowait root @value{ROOTDIR}/sbin/klogind - at result{} klogind -k -c -e -kshell stream tcp nowait root @value{ROOTDIR}/sbin/kshd - at result{} kshd -k -c -A -ftp stream tcp nowait root @value{ROOTDIR}/sbin/ftpd - at result{} ftpd -telnet stream tcp nowait root @value{ROOTDIR}/sbin/telnetd - at result{} telnetd -a none - at end group - at end smallexample - - at node The Keytab File, Some Advice about Secure Hosts, Server Configuration Files, UNIX Application Servers + at node The Keytab File, Some Advice about Secure Hosts, UNIX Application Servers, UNIX Application Servers @subsection The Keytab File All Kerberos server machines need a @dfn{keytab} file, called @@ -1419,9 +1287,7 @@ If you generate the keytab file on another host, you need to get a copy of the keytab file onto the destination host (@code{trillium}, in the -above example) without sending it unencrypted over the network. If you -have installed the @value{PRODUCT} client programs, you can use -encrypted @code{rcp}. +above example) without sending it unencrypted over the network. @node Some Advice about Secure Hosts, , The Keytab File, UNIX Application Servers @subsection Some Advice about Secure Hosts @@ -1433,21 +1299,12 @@ possible attack, but it is worth noting some of the larger holes and how to close them. -As stated earlier in this section, @value{COMPANY} recommends that on a -secure host, you disable the standard @code{ftp}, @code{login}, - at code{telnet}, @code{shell}, and @code{exec} services in - at code{/etc/inetd.conf}. We also recommend that secure hosts have an empty - at code{/etc/hosts.equiv} file and that there not be a @code{.rhosts} file -in @code{root}'s home directory. You can grant Kerberos-authenticated -root access to specific Kerberos principals by placing those principals -in the file @code{.k5login} in root's home directory. - We recommend that backups of secure machines exclude the keytab file (@code{/etc/krb5.keytab}). If this is not possible, the backups should at least be done locally, rather than over a network, and the backup tapes should be physically secured. -Finally, the keytab file and any programs run by root, including the +The keytab file and any programs run by root, including the @value{PRODUCT} binaries, should be kept on local disk. The keytab file should be readable only by root. From ghudson at MIT.EDU Sun Nov 22 14:11:53 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Sun, 22 Nov 2009 14:11:53 -0500 Subject: svn rev #23311: trunk/src/include/ Message-ID: <200911221911.nAMJBrDK011294@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23311 Commit By: ghudson Log Message: Make zap() work with non-gcc C++ compilers. Eliminate the intermediate name krb5int_zap_data. Changed Files: U trunk/src/include/k5-int.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-22 18:44:46 UTC (rev 23310) +++ trunk/src/include/k5-int.h 2009-11-22 19:11:53 UTC (rev 23311) @@ -752,19 +752,18 @@ krb5_error_code krb5int_pbkdf2_hmac_sha1(const krb5_data *, unsigned long, const krb5_data *, const krb5_data *); -/* Make this a function eventually? */ +/* Attempt to zero memory in a way that compilers won't optimize out. */ #ifdef _WIN32 -# define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len) +# define zap(ptr, len) SecureZeroMemory(ptr, len) #elif defined(__GNUC__) -static inline void krb5int_zap_data(void *ptr, size_t len) +static inline void zap(void *ptr, size_t len) { memset(ptr, 0, len); asm volatile ("" : : "g" (ptr), "g" (len)); } #else -# define krb5int_zap_data(ptr, len) memset((volatile void *)ptr, 0, len) +# define zap(ptr, len) memset((void *)(volatile void *)ptr, 0, len) #endif /* WIN32 */ -#define zap(p,l) krb5int_zap_data(p,l) /* Convenience function: zap and free ptr if it is non-NULL. */ static inline void From ghudson at MIT.EDU Mon Nov 23 14:24:42 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 23 Nov 2009 14:24:42 -0500 Subject: svn rev #23313: trunk/src/lib/kadm5/ Message-ID: <200911231924.nANJOgYU004200@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23313 Commit By: ghudson Log Message: Check return value of gethostname in krb5_klog_init. Changed Files: U trunk/src/lib/kadm5/logger.c Modified: trunk/src/lib/kadm5/logger.c =================================================================== --- trunk/src/lib/kadm5/logger.c 2009-11-22 21:45:06 UTC (rev 23312) +++ trunk/src/lib/kadm5/logger.c 2009-11-23 19:24:42 UTC (rev 23313) @@ -668,8 +668,11 @@ log_control.log_whoami = strdup(whoami); log_control.log_hostname = (char *) malloc(MAXHOSTNAMELEN + 1); if (log_control.log_hostname) { - gethostname(log_control.log_hostname, MAXHOSTNAMELEN); - log_control.log_hostname[MAXHOSTNAMELEN] = '\0'; + if (gethostname(log_control.log_hostname, MAXHOSTNAMELEN) == -1) { + free(log_control.log_hostname); + log_control.log_hostname = NULL; + } else + log_control.log_hostname[MAXHOSTNAMELEN] = '\0'; } #ifdef HAVE_OPENLOG if (do_openlog) { From ghudson at MIT.EDU Mon Nov 23 15:52:16 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 23 Nov 2009 15:52:16 -0500 Subject: svn rev #23314: trunk/src/ config/ util/ Message-ID: <200911232052.nANKqGLJ012275@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23314 Commit By: ghudson Log Message: Simplify depfix.pl by assuming that all files outside of the source and build directory (after substitutions) are external headers which should not be tracked. Changed Files: U trunk/src/config/post.in U trunk/src/util/depfix.pl Modified: trunk/src/config/post.in =================================================================== --- trunk/src/config/post.in 2009-11-23 19:24:42 UTC (rev 23313) +++ trunk/src/config/post.in 2009-11-23 20:52:16 UTC (rev 23314) @@ -88,10 +88,8 @@ # references in rules for non-library objects in a directory where # library objects happen to be built. It's mostly harmless. .depend: .d $(top_srcdir)/util/depfix.pl - x=`$(CC) -print-libgcc-file-name` ; \ perl $(top_srcdir)/util/depfix.pl '$(top_srcdir)' '$(mydir)' \ - '$(srcdir)' '$(BUILDTOP)' "$$x" '$(STLIBOBJS)' \ - < .d > .depend + '$(srcdir)' '$(BUILDTOP)' '$(STLIBOBJS)' < .d > .depend # Temporarily keep the rule for removing the dependency line eater # until we're sure we've gotten everything converted and excised the Modified: trunk/src/util/depfix.pl =================================================================== --- trunk/src/util/depfix.pl 2009-11-23 19:24:42 UTC (rev 23313) +++ trunk/src/util/depfix.pl 2009-11-23 20:52:16 UTC (rev 23314) @@ -27,7 +27,7 @@ if 0; $0 =~ s/^.*?(\w+)[\.\w+]*$/$1/; -# Input: srctop thisdir srcdir buildtop libgccfilename stlibobjs +# Input: srctop thisdir srcdir buildtop stlibobjs # Notes: myrelativedir is something like "lib/krb5/asn.1" or ".". # stlibobjs will usually be empty, or include spaces. @@ -38,10 +38,9 @@ # thisdir = util/et # srcdir = ../../../util/et # BUILDTOP = ../.. -# libgcc file name = /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/libgcc.a # STLIBOBJS = error_message.o et_name.o com_err.o -my($top_srcdir,$thisdir,$srcdir,$BUILDTOP,$libgccpath,$STLIBOBJS) = @ARGV; +my($top_srcdir,$thisdir,$srcdir,$BUILDTOP,$STLIBOBJS) = @ARGV; if (0) { print STDERR "top_srcdir = $top_srcdir\n"; @@ -49,15 +48,8 @@ print STDERR "STLIBOBJS = $STLIBOBJS\n"; } -$libgccincdir = $libgccpath; -$libgccincdir =~ s,libgcc\.[^ ]*$,include,; -$libgccincdir = quotemeta($libgccincdir); #$srcdirpat = quotemeta($srcdir); -# Tweak here if you need to ignore additional directories. -#my(@ignoredirs) = ( $libgccincdir, "/var/raeburn/openldap/Install/include" ); -my(@ignoredirs) = ( $libgccincdir ); - my($extrasuffixes) = ($STLIBOBJS ne ""); sub my_qm { @@ -100,12 +92,6 @@ } else { s,^([a-zA-Z0-9_\-]*)\.o:,\$(OUTPRE)$1.\$(OBJEXT):,; } - # Drop GCC include files, they're basically system headers. - my ($x); - foreach $x (@ignoredirs) { - s,$x/[^ ]* ,,g; - s,$x/[^ ]*$,,g; - } # Recognize $(top_srcdir) and variants. my($srct) = $top_srcdir . "/"; $_ = strrep(" $srct", " \$(top_srcdir)/", $_); @@ -140,14 +126,8 @@ s/$/ /; # Remove excess spaces. s/ */ /g; - # Delete Tcl-specific headers. - s;/[^ ]*/tcl\.h ;;g; - s;/[^ ]*/tclDecls\.h ;;g; - s;/[^ ]*/tclPlatDecls\.h ;;g; - # Delete system-specific or compiler-specific files. - s;/os/usr/include/[^ ]* ;;g; - s;/usr/include/[^ ]* ;;g; - s;/usr/lib/[^ ]* ;;g; + # Delete headers external to the source and build tree. + s; /[^ ]*;;g; # Remove foo/../ sequences. while (m/\/[a-z][a-z0-9_.\-]*\/\.\.\//) { s//\//g; From raeburn at MIT.EDU Mon Nov 23 19:03:19 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 23 Nov 2009 19:03:19 -0500 Subject: svn rev #23319: trunk/src/include/ Message-ID: <200911240003.nAO03J0o028884@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23319 Commit By: raeburn Log Message: Expand comments around 'zap' code. Changed Files: U trunk/src/include/k5-int.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-23 23:10:47 UTC (rev 23318) +++ trunk/src/include/k5-int.h 2009-11-24 00:03:19 UTC (rev 23319) @@ -752,13 +752,41 @@ krb5_error_code krb5int_pbkdf2_hmac_sha1(const krb5_data *, unsigned long, const krb5_data *, const krb5_data *); -/* Attempt to zero memory in a way that compilers won't optimize out. */ +/* + * Attempt to zero memory in a way that compilers won't optimize out. + * + * This mechanism should work even for heap storage about to be freed, + * or automatic storage right before we return from a function. + * + * Then, even if we leak uninitialized memory someplace, or UNIX + * "core" files get created with world-read access, some of the most + * sensitive data in the process memory will already be safely wiped. + * + * We're not going so far -- yet -- as to try to protect key data that + * may have been written into swap space.... + */ #ifdef _WIN32 # define zap(ptr, len) SecureZeroMemory(ptr, len) #elif defined(__GNUC__) static inline void zap(void *ptr, size_t len) { memset(ptr, 0, len); + /* + * Some versions of gcc have gotten clever enough to eliminate a + * memset call right before the block in question is released. + * This (empty) asm requires it to assume that we're doing + * something interesting with the stored (zero) value, so the + * memset can't be eliminated. + * + * An optimizer that looks at assembly or object code may not be + * fooled, and may still cause the memset to go away. Address + * that problem if and when we encounter it. + * + * This also may not be enough if free() does something + * interesting like purge memory locations from a write-back cache + * that hasn't written back the zero bytes yet. A memory barrier + * instruction would help in that case. + */ asm volatile ("" : : "g" (ptr), "g" (len)); } #else From hartmans at MIT.EDU Mon Nov 23 20:05:30 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Mon, 23 Nov 2009 20:05:30 -0500 Subject: svn rev #23325: trunk/src/kdc/ Message-ID: <200911240105.nAO15UPO001635@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23325 Commit By: hartmans Log Message: ticket: 6585 subject: KDC MUST NOT accept ap-request armor in FAST TGS target_version: 1.7.1 tags: pullup Per the latest preauth framework spec, the working group has decided to forbid ap-request armor in the TGS request because of security problems with that armor type. This commit was tested against an implementation of FAST TGS client to confirm that if explicit armor is sent, the request is rejected. Changed Files: U trunk/src/kdc/fast_util.c Modified: trunk/src/kdc/fast_util.c =================================================================== --- trunk/src/kdc/fast_util.c 2009-11-24 00:53:36 UTC (rev 23324) +++ trunk/src/kdc/fast_util.c 2009-11-24 01:05:30 UTC (rev 23325) @@ -148,6 +148,11 @@ if (retval == 0 &&fast_armored_req->armor) { switch (fast_armored_req->armor->armor_type) { case KRB5_FAST_ARMOR_AP_REQUEST: + if (tgs_subkey) { + krb5_set_error_message( kdc_context, KRB5KDC_ERR_PREAUTH_FAILED, + "Ap-request armor not permitted with TGS"); + return KRB5KDC_ERR_PREAUTH_FAILED; + } retval = armor_ap_request(state, fast_armored_req->armor); break; default: From ghudson at MIT.EDU Mon Nov 23 20:25:10 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 23 Nov 2009 20:25:10 -0500 Subject: svn rev #23339: trunk/src/ include/ util/support/ Message-ID: <200911240125.nAO1PAPC003777@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23339 Commit By: ghudson Log Message: Punt the volatile cast in the non-gcc, non-Windows version of zap. Use a function call into libkrb5support instead, since that's hard to inline. Changed Files: U trunk/src/include/k5-int.h U trunk/src/include/k5-platform.h U trunk/src/util/support/Makefile.in U trunk/src/util/support/deps U trunk/src/util/support/libkrb5support-fixed.exports A trunk/src/util/support/zap.c Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-11-24 01:14:07 UTC (rev 23338) +++ trunk/src/include/k5-int.h 2009-11-24 01:25:10 UTC (rev 23339) @@ -790,8 +790,9 @@ asm volatile ("" : : "g" (ptr), "g" (len)); } #else -# define zap(ptr, len) memset((void *)(volatile void *)ptr, 0, len) -#endif /* WIN32 */ +/* Use a function from libkrb5support to defeat inlining. */ +# define zap(ptr, len) krb5int_zap(ptr, len) +#endif /* Convenience function: zap and free ptr if it is non-NULL. */ static inline void Modified: trunk/src/include/k5-platform.h =================================================================== --- trunk/src/include/k5-platform.h 2009-11-24 01:14:07 UTC (rev 23338) +++ trunk/src/include/k5-platform.h 2009-11-24 01:25:10 UTC (rev 23339) @@ -976,6 +976,8 @@ #define mkstemp krb5int_mkstemp #endif +extern void krb5int_zap(void *ptr, size_t len); + /* Fudge for future adoption of gettext or the like. */ #ifndef _ #define _(X) (X) Modified: trunk/src/util/support/Makefile.in =================================================================== --- trunk/src/util/support/Makefile.in 2009-11-24 01:14:07 UTC (rev 23338) +++ trunk/src/util/support/Makefile.in 2009-11-24 01:25:10 UTC (rev 23339) @@ -62,6 +62,7 @@ fake-addrinfo.o \ utf8.o \ utf8_conv.o \ + zap.o \ $(IPC_ST_OBJ) \ $(STRLCPY_ST_OBJ) \ $(PRINTF_ST_OBJ) \ @@ -77,6 +78,7 @@ $(OUTPRE)fake-addrinfo.$(OBJEXT) \ $(OUTPRE)utf8.$(OBJEXT) \ $(OUTPRE)utf8_conv.$(OBJEXT) \ + $(OUTPRE)zap.$(OBJEXT) \ $(IPC_OBJ) \ $(STRLCPY_OBJ) \ $(PRINTF_OBJ) \ @@ -101,7 +103,8 @@ $(srcdir)/printf.c \ $(srcdir)/mkstemp.c \ $(srcdir)/t_k5buf.c \ - $(srcdir)/t_unal.c + $(srcdir)/t_unal.c \ + $(srcdir)/zap.c SHLIB_EXPDEPS = # Add -lm if dumping thread stats, for sqrt. Modified: trunk/src/util/support/deps =================================================================== --- trunk/src/util/support/deps 2009-11-24 01:14:07 UTC (rev 23338) +++ trunk/src/util/support/deps 2009-11-24 01:25:10 UTC (rev 23339) @@ -47,3 +47,6 @@ t_unal.so t_unal.po $(OUTPRE)t_unal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \ t_unal.c +zap.so zap.po $(OUTPRE)zap.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \ + zap.c Modified: trunk/src/util/support/libkrb5support-fixed.exports =================================================================== --- trunk/src/util/support/libkrb5support-fixed.exports 2009-11-24 01:14:07 UTC (rev 23338) +++ trunk/src/util/support/libkrb5support-fixed.exports 2009-11-24 01:25:10 UTC (rev 23339) @@ -48,3 +48,4 @@ krb5int_utf8_lentab krb5int_utf8_mintab krb5int_utf8_next +krb5int_zap Added: trunk/src/util/support/zap.c =================================================================== --- trunk/src/util/support/zap.c (rev 0) +++ trunk/src/util/support/zap.c 2009-11-24 01:25:10 UTC (rev 23339) @@ -0,0 +1,38 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ + +/* + * zap.c + * + * Copyright 2008 Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * krb5int_zap() is used by zap() (a static inline function defined in + * k5-int.h) on non-Windows, non-gcc compilers, in order to prevent the + * compiler from inlining and optimizing out the memset() call. + */ + +#include + +void krb5int_zap(void *ptr, size_t len) +{ + memset(ptr, 0, len); +} From ghudson at MIT.EDU Mon Nov 23 22:11:22 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 23 Nov 2009 22:11:22 -0500 Subject: svn rev #23340: trunk/src/util/support/ Message-ID: <200911240311.nAO3BMn1012302@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23340 Commit By: ghudson Log Message: Fix boilerplate in zap.c. Changed Files: U trunk/src/util/support/zap.c Modified: trunk/src/util/support/zap.c =================================================================== --- trunk/src/util/support/zap.c 2009-11-24 01:25:10 UTC (rev 23339) +++ trunk/src/util/support/zap.c 2009-11-24 03:11:22 UTC (rev 23340) @@ -1,9 +1,9 @@ -/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * zap.c * - * Copyright 2008 Massachusetts Institute of Technology. + * Copyright 2009 Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may From ghudson at MIT.EDU Tue Nov 24 10:43:16 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 24 Nov 2009 10:43:16 -0500 Subject: svn rev #23341: trunk/doc/ Message-ID: <200911241543.nAOFhGpU007058@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23341 Commit By: ghudson Log Message: Remove appl man pages from the list of pages to convert in the doc build system. Changed Files: U trunk/doc/Makefile Modified: trunk/doc/Makefile =================================================================== --- trunk/doc/Makefile 2009-11-24 03:11:22 UTC (rev 23340) +++ trunk/doc/Makefile 2009-11-24 15:43:16 UTC (rev 23341) @@ -21,7 +21,7 @@ krb5conf.texinfo kdcconf.texinfo send-pr.texinfo INSTALL_DEPS=install.texinfo $(INSTALL_INCLUDES) -MANPAGES=$(SRCDIR)/appl/gssftp/ftp/ftp.M $(SRCDIR)/clients/kdestroy/kdestroy.M $(SRCDIR)/clients/kinit/kinit.M $(SRCDIR)/clients/klist/klist.M $(SRCDIR)/clients/ksu/ksu.M $(SRCDIR)/appl/bsd/rcp.M $(SRCDIR)/appl/bsd/rlogin.M $(SRCDIR)/appl/bsd/rsh.M $(SRCDIR)/appl/telnet/telnet/telnet.1 $(SRCDIR)/clients/kpasswd/kpasswd.M +MANPAGES=$(SRCDIR)/clients/kdestroy/kdestroy.M $(SRCDIR)/clients/kinit/kinit.M $(SRCDIR)/clients/klist/klist.M $(SRCDIR)/clients/ksu/ksu.M $(SRCDIR)/clients/kpasswd/kpasswd.M USER_GUIDE_INCLUDES=definitions.texinfo copyright.texinfo glossary.texinfo USER_GUIDE_DEPS=user-guide.texinfo $(USER_GUIDE_INCLUDES) @@ -103,15 +103,10 @@ user-guide-html:: user-guide.html user-guide.html: $(USER_GUIDE_DEPS) - $(MANTXT) $(SRCDIR)/appl/gssftp/ftp/ftp.M | $(MANHTML) > ftp.html $(MANTXT) $(SRCDIR)/clients/kdestroy/kdestroy.M | $(MANHTML) > kdestroy.html $(MANTXT) $(SRCDIR)/clients/kinit/kinit.M | $(MANHTML) > kinit.html $(MANTXT) $(SRCDIR)/clients/klist/klist.M | $(MANHTML) > klist.html $(MANTXT) $(SRCDIR)/clients/ksu/ksu.M | $(MANHTML) > ksu.html - $(MANTXT) $(SRCDIR)/appl/bsd/rcp.M | $(MANHTML) > rcp.html - $(MANTXT) $(SRCDIR)/appl/bsd/rlogin.M | $(MANHTML) > rlogin.html - $(MANTXT) $(SRCDIR)/appl/bsd/rsh.M | $(MANHTML) > rsh.html - $(MANTXT) $(SRCDIR)/appl/telnet/telnet/telnet.1 | $(MANHTML) > telnet.html $(MANTXT) $(SRCDIR)/clients/kpasswd/kpasswd.M | $(MANHTML) > kpasswd.html $(HTML) user-guide.texinfo From ghudson at MIT.EDU Tue Nov 24 12:46:45 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 24 Nov 2009 12:46:45 -0500 Subject: svn rev #23342: trunk/src/ appl/gss-sample/ appl/sample/ appl/sample/sclient/ ... Message-ID: <200911241746.nAOHkjkN017587@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23342 Commit By: ghudson Log Message: Mark and reindent what's left of the appl directory. Changed Files: U trunk/src/Makefile.in U trunk/src/appl/gss-sample/gss-client.c U trunk/src/appl/gss-sample/gss-misc.c U trunk/src/appl/gss-sample/gss-misc.h U trunk/src/appl/gss-sample/gss-server.c U trunk/src/appl/sample/sample.h U trunk/src/appl/sample/sclient/sclient.c U trunk/src/appl/sample/sserver/sserver.c U trunk/src/appl/simple/client/sim_client.c U trunk/src/appl/simple/server/sim_server.c U trunk/src/appl/simple/simple.h U trunk/src/appl/user_user/client.c U trunk/src/appl/user_user/server.c Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/Makefile.in 2009-11-24 17:46:45 UTC (rev 23342) @@ -659,6 +659,7 @@ PYTHON = python INDENTDIRS = \ + appl \ clients \ include \ kadmin \ Modified: trunk/src/appl/gss-sample/gss-client.c =================================================================== --- trunk/src/appl/gss-sample/gss-client.c 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/gss-sample/gss-client.c 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by OpenVision Technologies, Inc. * @@ -88,8 +89,8 @@ * * Arguments: * - * host (r) the target host name - * port (r) the target port, in host byte order + * host (r) the target host name + * port (r) the target port, in host byte order * * Returns: the established socket file desciptor, or -1 on failure * @@ -100,17 +101,15 @@ * displayed and -1 is returned. */ static int -connect_to_server(host, port) - char *host; - u_short port; +connect_to_server(char *host, u_short port) { struct sockaddr_in saddr; struct hostent *hp; int s; if ((hp = gethostbyname(host)) == NULL) { - fprintf(stderr, "Unknown host: %s\n", host); - return -1; + fprintf(stderr, "Unknown host: %s\n", host); + return -1; } saddr.sin_family = hp->h_addrtype; @@ -118,13 +117,13 @@ saddr.sin_port = htons(port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("creating socket"); - return -1; + perror("creating socket"); + return -1; } if (connect(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) { - perror("connecting to server"); - (void) close(s); - return -1; + perror("connecting to server"); + (void) close(s); + return -1; } return s; } @@ -137,14 +136,14 @@ * * Arguments: * - * s (r) an established TCP connection to the service - * service_name(r) the ASCII service name of the service - * gss_flags (r) GSS-API delegation flag (if any) - * auth_flag (r) whether to actually do authentication + * s (r) an established TCP connection to the service + * service_name(r) the ASCII service name of the service + * gss_flags (r) GSS-API delegation flag (if any) + * auth_flag (r) whether to actually do authentication * v1_format (r) whether the v1 sample protocol should be used - * oid (r) OID of the mechanism to use - * context (w) the established GSS-API context - * ret_flags (w) the returned flags from init_sec_context + * oid (r) OID of the mechanism to use + * context (w) the established GSS-API context + * ret_flags (w) the returned flags from init_sec_context * * Returns: 0 on success, -1 on failure * @@ -161,113 +160,110 @@ * and -1 is returned. */ static int -client_establish_context(s, service_name, gss_flags, auth_flag, - v1_format, oid, gss_context, ret_flags) - int s; - char *service_name; - gss_OID oid; - OM_uint32 gss_flags; - int auth_flag; - int v1_format; - gss_ctx_id_t *gss_context; - OM_uint32 *ret_flags; +client_establish_context(int s, char *service_name, OM_uint32 gss_flags, + int auth_flag, int v1_format, gss_OID oid, + gss_ctx_id_t *gss_context, OM_uint32 *ret_flags) { if (auth_flag) { - gss_buffer_desc send_tok, recv_tok, *token_ptr; - gss_name_t target_name; - OM_uint32 maj_stat, min_stat, init_sec_min_stat; - int token_flags; + gss_buffer_desc send_tok, recv_tok, *token_ptr; + gss_name_t target_name; + OM_uint32 maj_stat, min_stat, init_sec_min_stat; + int token_flags; - /* - * Import the name into target_name. Use send_tok to save - * local variable space. - */ - send_tok.value = service_name; - send_tok.length = strlen(service_name); - maj_stat = gss_import_name(&min_stat, &send_tok, - (gss_OID) gss_nt_service_name, - &target_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("parsing name", maj_stat, min_stat); - return -1; - } + /* + * Import the name into target_name. Use send_tok to save + * local variable space. + */ + send_tok.value = service_name; + send_tok.length = strlen(service_name); + maj_stat = gss_import_name(&min_stat, &send_tok, + (gss_OID) gss_nt_service_name, + &target_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("parsing name", maj_stat, min_stat); + return -1; + } - if (!v1_format) { - if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) < - 0) { - (void) gss_release_name(&min_stat, &target_name); - return -1; - } - } + if (!v1_format) { + if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) < + 0) { + (void) gss_release_name(&min_stat, &target_name); + return -1; + } + } - /* - * Perform the context-establishement loop. - * - * On each pass through the loop, token_ptr points to the token - * to send to the server (or GSS_C_NO_BUFFER on the first pass). - * Every generated token is stored in send_tok which is then - * transmitted to the server; every received token is stored in - * recv_tok, which token_ptr is then set to, to be processed by - * the next call to gss_init_sec_context. - * - * GSS-API guarantees that send_tok's length will be non-zero - * if and only if the server is expecting another token from us, - * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if - * and only if the server has another token to send us. - */ + /* + * Perform the context-establishement loop. + * + * On each pass through the loop, token_ptr points to the token + * to send to the server (or GSS_C_NO_BUFFER on the first pass). + * Every generated token is stored in send_tok which is then + * transmitted to the server; every received token is stored in + * recv_tok, which token_ptr is then set to, to be processed by + * the next call to gss_init_sec_context. + * + * GSS-API guarantees that send_tok's length will be non-zero + * if and only if the server is expecting another token from us, + * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if + * and only if the server has another token to send us. + */ - token_ptr = GSS_C_NO_BUFFER; - *gss_context = GSS_C_NO_CONTEXT; + token_ptr = GSS_C_NO_BUFFER; + *gss_context = GSS_C_NO_CONTEXT; - do { - maj_stat = gss_init_sec_context(&init_sec_min_stat, GSS_C_NO_CREDENTIAL, gss_context, target_name, oid, gss_flags, 0, NULL, /* no channel bindings */ - token_ptr, NULL, /* ignore mech type */ - &send_tok, ret_flags, NULL); /* ignore time_rec */ + do { + maj_stat = gss_init_sec_context(&init_sec_min_stat, + GSS_C_NO_CREDENTIAL, gss_context, + target_name, oid, gss_flags, 0, + NULL, /* channel bindings */ + token_ptr, NULL, /* mech type */ + &send_tok, ret_flags, + NULL); /* time_rec */ - if (token_ptr != GSS_C_NO_BUFFER) - free(recv_tok.value); + if (token_ptr != GSS_C_NO_BUFFER) + free(recv_tok.value); - if (send_tok.length != 0) { - if (verbose) - printf("Sending init_sec_context token (size=%d)...", - (int) send_tok.length); - if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) < - 0) { - (void) gss_release_buffer(&min_stat, &send_tok); - (void) gss_release_name(&min_stat, &target_name); - return -1; - } - } - (void) gss_release_buffer(&min_stat, &send_tok); + if (send_tok.length != 0) { + if (verbose) + printf("Sending init_sec_context token (size=%d)...", + (int) send_tok.length); + if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) < + 0) { + (void) gss_release_buffer(&min_stat, &send_tok); + (void) gss_release_name(&min_stat, &target_name); + return -1; + } + } + (void) gss_release_buffer(&min_stat, &send_tok); - if (maj_stat != GSS_S_COMPLETE - && maj_stat != GSS_S_CONTINUE_NEEDED) { - display_status("initializing context", maj_stat, - init_sec_min_stat); - (void) gss_release_name(&min_stat, &target_name); - if (*gss_context != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&min_stat, gss_context, - GSS_C_NO_BUFFER); - return -1; - } + if (maj_stat != GSS_S_COMPLETE + && maj_stat != GSS_S_CONTINUE_NEEDED) { + display_status("initializing context", maj_stat, + init_sec_min_stat); + (void) gss_release_name(&min_stat, &target_name); + if (*gss_context != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, gss_context, + GSS_C_NO_BUFFER); + return -1; + } - if (maj_stat == GSS_S_CONTINUE_NEEDED) { - if (verbose) - printf("continue needed..."); - if (recv_token(s, &token_flags, &recv_tok) < 0) { - (void) gss_release_name(&min_stat, &target_name); - return -1; - } - token_ptr = &recv_tok; - } - if (verbose) - printf("\n"); - } while (maj_stat == GSS_S_CONTINUE_NEEDED); + if (maj_stat == GSS_S_CONTINUE_NEEDED) { + if (verbose) + printf("continue needed..."); + if (recv_token(s, &token_flags, &recv_tok) < 0) { + (void) gss_release_name(&min_stat, &target_name); + return -1; + } + token_ptr = &recv_tok; + } + if (verbose) + printf("\n"); + } while (maj_stat == GSS_S_CONTINUE_NEEDED); - (void) gss_release_name(&min_stat, &target_name); + (void) gss_release_name(&min_stat, &target_name); } else { - if (send_token(s, TOKEN_NOOP, empty_token) < 0) - return -1; + if (send_token(s, TOKEN_NOOP, empty_token) < 0) + return -1; } return 0; @@ -282,25 +278,25 @@ struct stat stat_buf; if ((fd = open(file_name, O_RDONLY, 0)) < 0) { - perror("open"); - fprintf(stderr, "Couldn't open file %s\n", file_name); - exit(1); + perror("open"); + fprintf(stderr, "Couldn't open file %s\n", file_name); + exit(1); } if (fstat(fd, &stat_buf) < 0) { - perror("fstat"); - exit(1); + perror("fstat"); + exit(1); } in_buf->length = stat_buf.st_size; if (in_buf->length == 0) { - in_buf->value = NULL; - return; + in_buf->value = NULL; + return; } if ((in_buf->value = malloc(in_buf->length)) == 0) { - fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n", - (int) in_buf->length); - exit(1); + fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n", + (int) in_buf->length); + exit(1); } /* this code used to check for incomplete reads, but you can't get @@ -308,12 +304,12 @@ count = read(fd, in_buf->value, in_buf->length); if (count < 0) { - perror("read"); - exit(1); + perror("read"); + exit(1); } if (count < in_buf->length) - fprintf(stderr, "Warning, only read in %d bytes, expected %d\n", - count, (int) in_buf->length); + fprintf(stderr, "Warning, only read in %d bytes, expected %d\n", + count, (int) in_buf->length); } /* @@ -323,17 +319,17 @@ * * Arguments: * - * host (r) the host providing the service - * port (r) the port to connect to on host - * service_name (r) the GSS-API service name to authenticate to - * gss_flags (r) GSS-API delegation flag (if any) - * auth_flag (r) whether to do authentication - * wrap_flag (r) whether to do message wrapping at all - * encrypt_flag (r) whether to do encryption while wrapping - * mic_flag (r) whether to request a MIC from the server - * msg (r) the message to have "signed" - * use_file (r) whether to treat msg as an input file name - * mcount (r) the number of times to send the message + * host (r) the host providing the service + * port (r) the port to connect to on host + * service_name (r) the GSS-API service name to authenticate to + * gss_flags (r) GSS-API delegation flag (if any) + * auth_flag (r) whether to do authentication + * wrap_flag (r) whether to do message wrapping at all + * encrypt_flag (r) whether to do encryption while wrapping + * mic_flag (r) whether to request a MIC from the server + * msg (r) the message to have "signed" + * use_file (r) whether to treat msg as an input file name + * mcount (r) the number of times to send the message * * Returns: 0 on success, -1 on failure * @@ -347,8 +343,8 @@ * otherwise 0 is returned. */ static int call_server(host, port, oid, service_name, gss_flags, auth_flag, - wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, - mcount) + wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, + mcount) char *host; u_short port; gss_OID oid; @@ -380,184 +376,184 @@ /* Open connection */ if ((s = connect_to_server(host, port)) < 0) - return -1; + return -1; /* Establish context */ if (client_establish_context(s, service_name, gss_flags, auth_flag, - v1_format, oid, &context, &ret_flags) < 0) { - (void) close(s); - return -1; + v1_format, oid, &context, &ret_flags) < 0) { + (void) close(s); + return -1; } if (auth_flag && verbose) { - /* display the flags */ - display_ctx_flags(ret_flags); + /* display the flags */ + display_ctx_flags(ret_flags); - /* Get context information */ - maj_stat = gss_inquire_context(&min_stat, context, - &src_name, &targ_name, &lifetime, - &mechanism, &context_flags, - &is_local, &is_open); - if (maj_stat != GSS_S_COMPLETE) { - display_status("inquiring context", maj_stat, min_stat); - return -1; - } + /* Get context information */ + maj_stat = gss_inquire_context(&min_stat, context, + &src_name, &targ_name, &lifetime, + &mechanism, &context_flags, + &is_local, &is_open); + if (maj_stat != GSS_S_COMPLETE) { + display_status("inquiring context", maj_stat, min_stat); + return -1; + } - maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying source name", maj_stat, min_stat); - return -1; - } - maj_stat = gss_display_name(&min_stat, targ_name, &tname, - (gss_OID *) NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying target name", maj_stat, min_stat); - return -1; - } - printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n", - (int) sname.length, (char *) sname.value, - (int) tname.length, (char *) tname.value, lifetime, - context_flags, - (is_local) ? "locally initiated" : "remotely initiated", - (is_open) ? "open" : "closed"); + maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying source name", maj_stat, min_stat); + return -1; + } + maj_stat = gss_display_name(&min_stat, targ_name, &tname, + (gss_OID *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying target name", maj_stat, min_stat); + return -1; + } + printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n", + (int) sname.length, (char *) sname.value, + (int) tname.length, (char *) tname.value, lifetime, + context_flags, + (is_local) ? "locally initiated" : "remotely initiated", + (is_open) ? "open" : "closed"); - (void) gss_release_name(&min_stat, &src_name); - (void) gss_release_name(&min_stat, &targ_name); - (void) gss_release_buffer(&min_stat, &sname); - (void) gss_release_buffer(&min_stat, &tname); + (void) gss_release_name(&min_stat, &src_name); + (void) gss_release_name(&min_stat, &targ_name); + (void) gss_release_buffer(&min_stat, &sname); + (void) gss_release_buffer(&min_stat, &tname); - maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - printf("Name type of source name is %.*s.\n", - (int) oid_name.length, (char *) oid_name.value); - (void) gss_release_buffer(&min_stat, &oid_name); + maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + printf("Name type of source name is %.*s.\n", + (int) oid_name.length, (char *) oid_name.value); + (void) gss_release_buffer(&min_stat, &oid_name); - /* Now get the names supported by the mechanism */ - maj_stat = gss_inquire_names_for_mech(&min_stat, - mechanism, &mech_names); - if (maj_stat != GSS_S_COMPLETE) { - display_status("inquiring mech names", maj_stat, min_stat); - return -1; - } + /* Now get the names supported by the mechanism */ + maj_stat = gss_inquire_names_for_mech(&min_stat, + mechanism, &mech_names); + if (maj_stat != GSS_S_COMPLETE) { + display_status("inquiring mech names", maj_stat, min_stat); + return -1; + } - maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - printf("Mechanism %.*s supports %d names\n", - (int) oid_name.length, (char *) oid_name.value, - (int) mech_names->count); - (void) gss_release_buffer(&min_stat, &oid_name); + maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + printf("Mechanism %.*s supports %d names\n", + (int) oid_name.length, (char *) oid_name.value, + (int) mech_names->count); + (void) gss_release_buffer(&min_stat, &oid_name); - for (i = 0; i < mech_names->count; i++) { - maj_stat = gss_oid_to_str(&min_stat, - &mech_names->elements[i], &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - printf(" %d: %.*s\n", (int) i, - (int) oid_name.length, (char *) oid_name.value); + for (i = 0; i < mech_names->count; i++) { + maj_stat = gss_oid_to_str(&min_stat, + &mech_names->elements[i], &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + printf(" %d: %.*s\n", (int) i, + (int) oid_name.length, (char *) oid_name.value); - (void) gss_release_buffer(&min_stat, &oid_name); - } - (void) gss_release_oid_set(&min_stat, &mech_names); + (void) gss_release_buffer(&min_stat, &oid_name); + } + (void) gss_release_oid_set(&min_stat, &mech_names); } if (use_file) { - read_file(msg, &in_buf); + read_file(msg, &in_buf); } else { - /* Seal the message */ - in_buf.value = msg; - in_buf.length = strlen(msg); + /* Seal the message */ + in_buf.value = msg; + in_buf.length = strlen(msg); } for (i = 0; i < mcount; i++) { - if (wrap_flag) { - maj_stat = - gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT, - &in_buf, &state, &out_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("wrapping message", maj_stat, min_stat); - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } else if (encrypt_flag && !state) { - fprintf(stderr, "Warning! Message not encrypted.\n"); - } - } else { - out_buf = in_buf; - } + if (wrap_flag) { + maj_stat = + gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT, + &in_buf, &state, &out_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("wrapping message", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } else if (encrypt_flag && !state) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + } else { + out_buf = in_buf; + } - /* Send to server */ - if (send_token(s, (v1_format ? 0 - : (TOKEN_DATA | - (wrap_flag ? TOKEN_WRAPPED : 0) | - (encrypt_flag ? TOKEN_ENCRYPTED : 0) | - (mic_flag ? TOKEN_SEND_MIC : 0))), - &out_buf) < 0) { - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } - if (out_buf.value != in_buf.value) - (void) gss_release_buffer(&min_stat, &out_buf); + /* Send to server */ + if (send_token(s, (v1_format ? 0 + : (TOKEN_DATA | + (wrap_flag ? TOKEN_WRAPPED : 0) | + (encrypt_flag ? TOKEN_ENCRYPTED : 0) | + (mic_flag ? TOKEN_SEND_MIC : 0))), + &out_buf) < 0) { + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } + if (out_buf.value != in_buf.value) + (void) gss_release_buffer(&min_stat, &out_buf); - /* Read signature block into out_buf */ - if (recv_token(s, &token_flags, &out_buf) < 0) { - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } + /* Read signature block into out_buf */ + if (recv_token(s, &token_flags, &out_buf) < 0) { + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } - if (mic_flag) { - /* Verify signature block */ - maj_stat = gss_verify_mic(&min_stat, context, &in_buf, - &out_buf, &qop_state); - if (maj_stat != GSS_S_COMPLETE) { - display_status("verifying signature", maj_stat, min_stat); - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } + if (mic_flag) { + /* Verify signature block */ + maj_stat = gss_verify_mic(&min_stat, context, &in_buf, + &out_buf, &qop_state); + if (maj_stat != GSS_S_COMPLETE) { + display_status("verifying signature", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } - if (verbose) - printf("Signature verified.\n"); - } else { - if (verbose) - printf("Response received.\n"); - } + if (verbose) + printf("Signature verified.\n"); + } else { + if (verbose) + printf("Response received.\n"); + } - free(out_buf.value); + free(out_buf.value); } if (use_file) - free(in_buf.value); + free(in_buf.value); /* Send NOOP */ if (!v1_format) - (void) send_token(s, TOKEN_NOOP, empty_token); + (void) send_token(s, TOKEN_NOOP, empty_token); if (auth_flag) { - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - (void) close(s); - (void) gss_delete_sec_context(&min_stat, &context, - GSS_C_NO_BUFFER); - return -1; - } + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + (void) close(s); + (void) gss_delete_sec_context(&min_stat, &context, + GSS_C_NO_BUFFER); + return -1; + } - (void) gss_release_buffer(&min_stat, &out_buf); + (void) gss_release_buffer(&min_stat, &out_buf); } (void) close(s); @@ -573,29 +569,29 @@ size_t i, mechlen = strlen(mechanism); if (isdigit((int) mechanism[0])) { - mechstr = malloc(mechlen + 5); - if (!mechstr) { - fprintf(stderr, "Couldn't allocate mechanism scratch!\n"); - return; - } - mechstr[0] = '{'; - mechstr[1] = ' '; - for (i = 0; i < mechlen; i++) - mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i]; - mechstr[mechlen + 2] = ' '; - mechstr[mechlen + 3] = ' '; - mechstr[mechlen + 4] = '\0'; - tok.value = mechstr; + mechstr = malloc(mechlen + 5); + if (!mechstr) { + fprintf(stderr, "Couldn't allocate mechanism scratch!\n"); + return; + } + mechstr[0] = '{'; + mechstr[1] = ' '; + for (i = 0; i < mechlen; i++) + mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i]; + mechstr[mechlen + 2] = ' '; + mechstr[mechlen + 3] = ' '; + mechstr[mechlen + 4] = '\0'; + tok.value = mechstr; } else - tok.value = mechanism; + tok.value = mechanism; tok.length = strlen(tok.value); maj_stat = gss_str_to_oid(&min_stat, &tok, oid); if (maj_stat != GSS_S_COMPLETE) { - display_status("str_to_oid", maj_stat, min_stat); - return; + display_status("str_to_oid", maj_stat, min_stat); + return; } if (mechstr) - free(mechstr); + free(mechstr); } static int max_threads = 1; @@ -623,23 +619,23 @@ WaitAndIncrementThreadCounter(void) { for (;;) { - if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { - if (thread_count < max_threads) { - thread_count++; - ReleaseMutex(hMutex); - return TRUE; - } else { - ReleaseMutex(hMutex); + if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { + if (thread_count < max_threads) { + thread_count++; + ReleaseMutex(hMutex); + return TRUE; + } else { + ReleaseMutex(hMutex); - if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) { - continue; - } else { - return FALSE; - } - } - } else { - return FALSE; - } + if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) { + continue; + } else { + return FALSE; + } + } + } else { + return FALSE; + } } } @@ -647,13 +643,13 @@ DecrementAndSignalThreadCounter(void) { if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { - if (thread_count == max_threads) - ResetEvent(hEvent); - thread_count--; - ReleaseMutex(hMutex); - return TRUE; + if (thread_count == max_threads) + ResetEvent(hEvent); + thread_count--; + ReleaseMutex(hMutex); + return TRUE; } else { - return FALSE; + return FALSE; } } #endif @@ -672,13 +668,13 @@ worker_bee(void *unused) { if (call_server(server_host, port, oid, service_name, - gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag, - v1_format, msg, use_file, mcount) < 0) - exit(1); + gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag, + v1_format, msg, use_file, mcount) < 0) + exit(1); #ifdef _WIN32 if (max_threads > 1) - DecrementAndSignalThreadCounter(); + DecrementAndSignalThreadCounter(); #endif } @@ -697,78 +693,78 @@ argc--; argv++; while (argc) { - if (strcmp(*argv, "-port") == 0) { - argc--; - argv++; - if (!argc) - usage(); - port = atoi(*argv); - } else if (strcmp(*argv, "-mech") == 0) { - argc--; - argv++; - if (!argc) - usage(); - mechanism = *argv; - } + if (strcmp(*argv, "-port") == 0) { + argc--; + argv++; + if (!argc) + usage(); + port = atoi(*argv); + } else if (strcmp(*argv, "-mech") == 0) { + argc--; + argv++; + if (!argc) + usage(); + mechanism = *argv; + } #ifdef _WIN32 - else if (strcmp(*argv, "-threads") == 0) { - argc--; - argv++; - if (!argc) - usage(); - max_threads = atoi(*argv); - } + else if (strcmp(*argv, "-threads") == 0) { + argc--; + argv++; + if (!argc) + usage(); + max_threads = atoi(*argv); + } #endif - else if (strcmp(*argv, "-d") == 0) { - gss_flags |= GSS_C_DELEG_FLAG; - } else if (strcmp(*argv, "-seq") == 0) { - gss_flags |= GSS_C_SEQUENCE_FLAG; - } else if (strcmp(*argv, "-noreplay") == 0) { - gss_flags &= ~GSS_C_REPLAY_FLAG; - } else if (strcmp(*argv, "-nomutual") == 0) { - gss_flags &= ~GSS_C_MUTUAL_FLAG; - } else if (strcmp(*argv, "-f") == 0) { - use_file = 1; - } else if (strcmp(*argv, "-q") == 0) { - verbose = 0; - } else if (strcmp(*argv, "-ccount") == 0) { - argc--; - argv++; - if (!argc) - usage(); - ccount = atoi(*argv); - if (ccount <= 0) - usage(); - } else if (strcmp(*argv, "-mcount") == 0) { - argc--; - argv++; - if (!argc) - usage(); - mcount = atoi(*argv); - if (mcount < 0) - usage(); - } else if (strcmp(*argv, "-na") == 0) { - auth_flag = wrap_flag = encrypt_flag = mic_flag = 0; - } else if (strcmp(*argv, "-nw") == 0) { - wrap_flag = 0; - } else if (strcmp(*argv, "-nx") == 0) { - encrypt_flag = 0; - } else if (strcmp(*argv, "-nm") == 0) { - mic_flag = 0; - } else if (strcmp(*argv, "-v1") == 0) { - v1_format = 1; - } else - break; - argc--; - argv++; + else if (strcmp(*argv, "-d") == 0) { + gss_flags |= GSS_C_DELEG_FLAG; + } else if (strcmp(*argv, "-seq") == 0) { + gss_flags |= GSS_C_SEQUENCE_FLAG; + } else if (strcmp(*argv, "-noreplay") == 0) { + gss_flags &= ~GSS_C_REPLAY_FLAG; + } else if (strcmp(*argv, "-nomutual") == 0) { + gss_flags &= ~GSS_C_MUTUAL_FLAG; + } else if (strcmp(*argv, "-f") == 0) { + use_file = 1; + } else if (strcmp(*argv, "-q") == 0) { + verbose = 0; + } else if (strcmp(*argv, "-ccount") == 0) { + argc--; + argv++; + if (!argc) + usage(); + ccount = atoi(*argv); + if (ccount <= 0) + usage(); + } else if (strcmp(*argv, "-mcount") == 0) { + argc--; + argv++; + if (!argc) + usage(); + mcount = atoi(*argv); + if (mcount < 0) + usage(); + } else if (strcmp(*argv, "-na") == 0) { + auth_flag = wrap_flag = encrypt_flag = mic_flag = 0; + } else if (strcmp(*argv, "-nw") == 0) { + wrap_flag = 0; + } else if (strcmp(*argv, "-nx") == 0) { + encrypt_flag = 0; + } else if (strcmp(*argv, "-nm") == 0) { + mic_flag = 0; + } else if (strcmp(*argv, "-v1") == 0) { + v1_format = 1; + } else + break; + argc--; + argv++; } if (argc != 3) - usage(); + usage(); #ifdef _WIN32 if (max_threads < 1) { - fprintf(stderr, "warning: there must be at least one thread\n"); - max_threads = 1; + fprintf(stderr, "warning: there must be at least one thread\n"); + max_threads = 1; } #endif @@ -777,32 +773,32 @@ msg = *argv++; if (mechanism) - parse_oid(mechanism, &oid); + parse_oid(mechanism, &oid); if (max_threads == 1) { - for (i = 0; i < ccount; i++) { - worker_bee(0); - } + for (i = 0; i < ccount; i++) { + worker_bee(0); + } } else { #ifdef _WIN32 - for (i = 0; i < ccount; i++) { - if (WaitAndIncrementThreadCounter()) { - uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0); - if (handle == (uintptr_t) - 1) { - exit(1); - } - } else { - exit(1); - } - } + for (i = 0; i < ccount; i++) { + if (WaitAndIncrementThreadCounter()) { + uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0); + if (handle == (uintptr_t) - 1) { + exit(1); + } + } else { + exit(1); + } + } #else - /* boom */ - assert(max_threads == 1); + /* boom */ + assert(max_threads == 1); #endif } if (oid != GSS_C_NULL_OID) - (void) gss_release_oid(&min_stat, &oid); + (void) gss_release_oid(&min_stat, &oid); #ifdef _WIN32 CleanupHandles(); Modified: trunk/src/appl/gss-sample/gss-misc.c =================================================================== --- trunk/src/appl/gss-sample/gss-misc.c 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/gss-sample/gss-misc.c 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by OpenVision Technologies, Inc. * @@ -95,14 +96,14 @@ char *ptr; for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { - ret = send(fildes, ptr, nbyte, 0); - if (ret < 0) { - if (errno == EINTR) - continue; - return (ret); - } else if (ret == 0) { - return (ptr - buf); - } + ret = send(fildes, ptr, nbyte, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + return (ret); + } else if (ret == 0) { + return (ptr - buf); + } } return (ptr - buf); @@ -122,17 +123,17 @@ tv.tv_usec = 0; for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { - if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0 - || !FD_ISSET(fildes, &rfds)) - return (ptr - buf); - ret = recv(fildes, ptr, nbyte, 0); - if (ret < 0) { - if (errno == EINTR) - continue; - return (ret); - } else if (ret == 0) { - return (ptr - buf); - } + if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0 + || !FD_ISSET(fildes, &rfds)) + return (ptr - buf); + ret = recv(fildes, ptr, nbyte, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + return (ret); + } else if (ret == 0) { + return (ptr - buf); + } } return (ptr - buf); @@ -145,9 +146,9 @@ * * Arguments: * - * s (r) an open file descriptor - * flags (r) the flags to write - * tok (r) the token to write + * s (r) an open file descriptor + * flags (r) the flags to write + * tok (r) the token to write * * Returns: 0 on success, -1 on failure * @@ -170,14 +171,14 @@ unsigned char lenbuf[4]; if (char_flags) { - ret = write_all(s, (char *) &char_flags, 1); - if (ret != 1) { - perror("sending token flags"); - return -1; - } + ret = write_all(s, (char *) &char_flags, 1); + if (ret != 1) { + perror("sending token flags"); + return -1; + } } if (tok->length > 0xffffffffUL) - abort(); + abort(); lenbuf[0] = (tok->length >> 24) & 0xff; lenbuf[1] = (tok->length >> 16) & 0xff; lenbuf[2] = (tok->length >> 8) & 0xff; @@ -185,25 +186,25 @@ ret = write_all(s, lenbuf, 4); if (ret < 0) { - perror("sending token length"); - return -1; + perror("sending token length"); + return -1; } else if (ret != 4) { - if (display_file) - fprintf(display_file, - "sending token length: %d of %d bytes written\n", ret, 4); - return -1; + if (display_file) + fprintf(display_file, + "sending token length: %d of %d bytes written\n", ret, 4); + return -1; } ret = write_all(s, tok->value, tok->length); if (ret < 0) { - perror("sending token data"); - return -1; + perror("sending token data"); + return -1; } else if (ret != tok->length) { - if (display_file) - fprintf(display_file, - "sending token data: %d of %d bytes written\n", - ret, (int) tok->length); - return -1; + if (display_file) + fprintf(display_file, + "sending token data: %d of %d bytes written\n", + ret, (int) tok->length); + return -1; } return 0; @@ -216,9 +217,9 @@ * * Arguments: * - * s (r) an open file descriptor - * flags (w) the read flags - * tok (w) the read token + * s (r) an open file descriptor + * flags (w) the read flags + * tok (w) the read token * * Returns: 0 on success, -1 on failure * @@ -244,62 +245,62 @@ ret = read_all(s, (char *) &char_flags, 1); if (ret < 0) { - perror("reading token flags"); - return -1; + perror("reading token flags"); + return -1; } else if (!ret) { - if (display_file) - fputs("reading token flags: 0 bytes read\n", display_file); - return -1; + if (display_file) + fputs("reading token flags: 0 bytes read\n", display_file); + return -1; } else { - *flags = (int) char_flags; + *flags = (int) char_flags; } if (char_flags == 0) { - lenbuf[0] = 0; - ret = read_all(s, &lenbuf[1], 3); - if (ret < 0) { - perror("reading token length"); - return -1; - } else if (ret != 3) { - if (display_file) - fprintf(display_file, - "reading token length: %d of %d bytes read\n", ret, 3); - return -1; - } + lenbuf[0] = 0; + ret = read_all(s, &lenbuf[1], 3); + if (ret < 0) { + perror("reading token length"); + return -1; + } else if (ret != 3) { + if (display_file) + fprintf(display_file, + "reading token length: %d of %d bytes read\n", ret, 3); + return -1; + } } else { - ret = read_all(s, lenbuf, 4); - if (ret < 0) { - perror("reading token length"); - return -1; - } else if (ret != 4) { - if (display_file) - fprintf(display_file, - "reading token length: %d of %d bytes read\n", ret, 4); - return -1; - } + ret = read_all(s, lenbuf, 4); + if (ret < 0) { + perror("reading token length"); + return -1; + } else if (ret != 4) { + if (display_file) + fprintf(display_file, + "reading token length: %d of %d bytes read\n", ret, 4); + return -1; + } } tok->length = ((lenbuf[0] << 24) - | (lenbuf[1] << 16) - | (lenbuf[2] << 8) - | lenbuf[3]); + | (lenbuf[1] << 16) + | (lenbuf[2] << 8) + | lenbuf[3]); tok->value = (char *) malloc(tok->length ? tok->length : 1); if (tok->length && tok->value == NULL) { - if (display_file) - fprintf(display_file, "Out of memory allocating token data\n"); - return -1; + if (display_file) + fprintf(display_file, "Out of memory allocating token data\n"); + return -1; } ret = read_all(s, (char *) tok->value, tok->length); if (ret < 0) { - perror("reading token data"); - free(tok->value); - return -1; + perror("reading token data"); + free(tok->value); + return -1; } else if (ret != tok->length) { - fprintf(stderr, "sending token data: %d of %d bytes written\n", - ret, (int) tok->length); - free(tok->value); - return -1; + fprintf(stderr, "sending token data: %d of %d bytes written\n", + ret, (int) tok->length); + free(tok->value); + return -1; } return 0; @@ -317,15 +318,15 @@ msg_ctx = 0; while (1) { - maj_stat = gss_display_status(&min_stat, code, - type, GSS_C_NULL_OID, &msg_ctx, &msg); - if (display_file) - fprintf(display_file, "GSS-API error %s: %s\n", m, - (char *) msg.value); - (void) gss_release_buffer(&min_stat, &msg); + maj_stat = gss_display_status(&min_stat, code, + type, GSS_C_NULL_OID, &msg_ctx, &msg); + if (display_file) + fprintf(display_file, "GSS-API error %s: %s\n", m, + (char *) msg.value); + (void) gss_release_buffer(&min_stat, &msg); - if (!msg_ctx) - break; + if (!msg_ctx) + break; } } @@ -336,9 +337,9 @@ * * Arguments: * - * msg a string to be displayed with the message - * maj_stat the GSS-API major status code - * min_stat the GSS-API minor status code + * msg a string to be displayed with the message + * maj_stat the GSS-API major status code + * min_stat the GSS-API minor status code * * Effects: * @@ -360,11 +361,11 @@ * Function: display_ctx_flags * * Purpose: displays the flags returned by context initation in - * a human-readable form + * a human-readable form * * Arguments: * - * int ret_flags + * int ret_flags * * Effects: * @@ -377,17 +378,17 @@ OM_uint32 flags; { if (flags & GSS_C_DELEG_FLAG) - fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n"); + fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n"); if (flags & GSS_C_MUTUAL_FLAG) - fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n"); + fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n"); if (flags & GSS_C_REPLAY_FLAG) - fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n"); + fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n"); if (flags & GSS_C_SEQUENCE_FLAG) - fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n"); + fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n"); if (flags & GSS_C_CONF_FLAG) - fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n"); + fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n"); if (flags & GSS_C_INTEG_FLAG) - fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n"); + fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n"); } void @@ -398,12 +399,12 @@ unsigned char *p = tok->value; if (!display_file) - return; + return; for (i = 0; i < tok->length; i++, p++) { - fprintf(display_file, "%02x ", *p); - if ((i % 16) == 15) { - fprintf(display_file, "\n"); - } + fprintf(display_file, "%02x ", *p); + if ((i % 16) == 15) { + fprintf(display_file, "\n"); + } } fprintf(display_file, "\n"); fflush(display_file); @@ -420,8 +421,8 @@ _tzset(); _ftime(&tb); if (tv) { - tv->tv_sec = tb.time; - tv->tv_usec = tb.millitm * 1000; + tv->tv_sec = tb.time; + tv->tv_usec = tb.millitm * 1000; } return 0; } Modified: trunk/src/appl/gss-sample/gss-misc.h =================================================================== --- trunk/src/appl/gss-sample/gss-misc.h 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/gss-sample/gss-misc.h 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by OpenVision Technologies, Inc. * @@ -32,28 +33,23 @@ extern FILE *display_file; -int send_token - (int s, int flags, gss_buffer_t tok); -int recv_token - (int s, int *flags, gss_buffer_t tok); -void display_status - (char *msg, OM_uint32 maj_stat, OM_uint32 min_stat); -void display_ctx_flags - (OM_uint32 flags); -void print_token - (gss_buffer_t tok); +int send_token(int s, int flags, gss_buffer_t tok); +int recv_token(int s, int *flags, gss_buffer_t tok); +void display_status(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat); +void display_ctx_flags(OM_uint32 flags); +void print_token(gss_buffer_t tok); /* Token types */ -#define TOKEN_NOOP (1<<0) -#define TOKEN_CONTEXT (1<<1) -#define TOKEN_DATA (1<<2) -#define TOKEN_MIC (1<<3) +#define TOKEN_NOOP (1<<0) +#define TOKEN_CONTEXT (1<<1) +#define TOKEN_DATA (1<<2) +#define TOKEN_MIC (1<<3) /* Token flags */ -#define TOKEN_CONTEXT_NEXT (1<<4) -#define TOKEN_WRAPPED (1<<5) -#define TOKEN_ENCRYPTED (1<<6) -#define TOKEN_SEND_MIC (1<<7) +#define TOKEN_CONTEXT_NEXT (1<<4) +#define TOKEN_WRAPPED (1<<5) +#define TOKEN_ENCRYPTED (1<<6) +#define TOKEN_SEND_MIC (1<<7) extern gss_buffer_t empty_token; Modified: trunk/src/appl/gss-sample/gss-server.c =================================================================== --- trunk/src/appl/gss-sample/gss-server.c 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/gss-sample/gss-server.c 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1994 by OpenVision Technologies, Inc. * @@ -74,7 +75,7 @@ #endif fprintf(stderr, "\n"); fprintf(stderr, - " [-inetd] [-export] [-logfile file] service_name\n"); + " [-inetd] [-export] [-logfile file] service_name\n"); exit(1); } @@ -89,8 +90,8 @@ * * Arguments: * - * service_name (r) the ASCII service name - * server_creds (w) the GSS-API service credentials + * service_name (r) the ASCII service name + * server_creds (w) the GSS-API service credentials * * Returns: 0 on success, -1 on failure * @@ -102,9 +103,7 @@ * 0 is returned. */ static int -server_acquire_creds(service_name, server_creds) - char *service_name; - gss_cred_id_t *server_creds; +server_acquire_creds(char *service_name, gss_cred_id_t *server_creds) { gss_buffer_desc name_buf; gss_name_t server_name; @@ -113,18 +112,18 @@ name_buf.value = service_name; name_buf.length = strlen(name_buf.value) + 1; maj_stat = gss_import_name(&min_stat, &name_buf, - (gss_OID) gss_nt_service_name, &server_name); + (gss_OID) gss_nt_service_name, &server_name); if (maj_stat != GSS_S_COMPLETE) { - display_status("importing name", maj_stat, min_stat); - return -1; + display_status("importing name", maj_stat, min_stat); + return -1; } maj_stat = gss_acquire_cred(&min_stat, server_name, 0, - GSS_C_NULL_OID_SET, GSS_C_ACCEPT, - server_creds, NULL, NULL); + GSS_C_NULL_OID_SET, GSS_C_ACCEPT, + server_creds, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) { - display_status("acquiring credentials", maj_stat, min_stat); - return -1; + display_status("acquiring credentials", maj_stat, min_stat); + return -1; } (void) gss_release_name(&min_stat, &server_name); @@ -141,10 +140,10 @@ * * Arguments: * - * s (r) an established TCP connection to the client - * service_creds (r) server credentials, from gss_acquire_cred - * context (w) the established GSS-API context - * client_name (w) the client's ASCII name + * s (r) an established TCP connection to the client + * service_creds (r) server credentials, from gss_acquire_cred + * context (w) the established GSS-API context + * client_name (w) the client's ASCII name * * Returns: 0 on success, -1 on failure * @@ -156,12 +155,9 @@ * message is displayed and -1 is returned. */ static int -server_establish_context(s, server_creds, context, client_name, ret_flags) - int s; - gss_cred_id_t server_creds; - gss_ctx_id_t *context; - gss_buffer_t client_name; - OM_uint32 *ret_flags; +server_establish_context(int s, gss_cred_id_t server_creds, + gss_ctx_id_t *context, gss_buffer_t client_name, + OM_uint32 *ret_flags) { gss_buffer_desc send_tok, recv_tok; gss_name_t client; @@ -171,104 +167,109 @@ int token_flags; if (recv_token(s, &token_flags, &recv_tok) < 0) - return -1; + return -1; if (recv_tok.value) { - free(recv_tok.value); - recv_tok.value = NULL; + free(recv_tok.value); + recv_tok.value = NULL; } if (!(token_flags & TOKEN_NOOP)) { - if (logfile) - fprintf(logfile, "Expected NOOP token, got %d token instead\n", - token_flags); - return -1; + if (logfile) + fprintf(logfile, "Expected NOOP token, got %d token instead\n", + token_flags); + return -1; } *context = GSS_C_NO_CONTEXT; if (token_flags & TOKEN_CONTEXT_NEXT) { - do { - if (recv_token(s, &token_flags, &recv_tok) < 0) - return -1; + do { + if (recv_token(s, &token_flags, &recv_tok) < 0) + return -1; - if (verbose && logfile) { - fprintf(logfile, "Received token (size=%d): \n", - (int) recv_tok.length); - print_token(&recv_tok); - } + if (verbose && logfile) { + fprintf(logfile, "Received token (size=%d): \n", + (int) recv_tok.length); + print_token(&recv_tok); + } - maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, server_creds, &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &client, &doid, &send_tok, ret_flags, NULL, /* ignore time_rec */ - NULL); /* ignore del_cred_handle */ + maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, + server_creds, &recv_tok, + GSS_C_NO_CHANNEL_BINDINGS, + &client, &doid, &send_tok, + ret_flags, + NULL, /* time_rec */ + NULL); /* del_cred_handle */ - if (recv_tok.value) { - free(recv_tok.value); - recv_tok.value = NULL; - } + if (recv_tok.value) { + free(recv_tok.value); + recv_tok.value = NULL; + } - if (send_tok.length != 0) { - if (verbose && logfile) { - fprintf(logfile, - "Sending accept_sec_context token (size=%d):\n", - (int) send_tok.length); - print_token(&send_tok); - } - if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) { - if (logfile) - fprintf(logfile, "failure sending token\n"); - return -1; - } + if (send_tok.length != 0) { + if (verbose && logfile) { + fprintf(logfile, + "Sending accept_sec_context token (size=%d):\n", + (int) send_tok.length); + print_token(&send_tok); + } + if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) { + if (logfile) + fprintf(logfile, "failure sending token\n"); + return -1; + } - (void) gss_release_buffer(&min_stat, &send_tok); - } - if (maj_stat != GSS_S_COMPLETE - && maj_stat != GSS_S_CONTINUE_NEEDED) { - display_status("accepting context", maj_stat, - acc_sec_min_stat); - if (*context != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&min_stat, context, - GSS_C_NO_BUFFER); - return -1; - } + (void) gss_release_buffer(&min_stat, &send_tok); + } + if (maj_stat != GSS_S_COMPLETE + && maj_stat != GSS_S_CONTINUE_NEEDED) { + display_status("accepting context", maj_stat, + acc_sec_min_stat); + if (*context != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, context, + GSS_C_NO_BUFFER); + return -1; + } - if (verbose && logfile) { - if (maj_stat == GSS_S_CONTINUE_NEEDED) - fprintf(logfile, "continue needed...\n"); - else - fprintf(logfile, "\n"); - fflush(logfile); - } - } while (maj_stat == GSS_S_CONTINUE_NEEDED); + if (verbose && logfile) { + if (maj_stat == GSS_S_CONTINUE_NEEDED) + fprintf(logfile, "continue needed...\n"); + else + fprintf(logfile, "\n"); + fflush(logfile); + } + } while (maj_stat == GSS_S_CONTINUE_NEEDED); - /* display the flags */ - display_ctx_flags(*ret_flags); + /* display the flags */ + display_ctx_flags(*ret_flags); - if (verbose && logfile) { - maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name); - if (maj_stat != GSS_S_COMPLETE) { - display_status("converting oid->string", maj_stat, min_stat); - return -1; - } - fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n", - (int) oid_name.length, (char *) oid_name.value); - (void) gss_release_buffer(&min_stat, &oid_name); - } + if (verbose && logfile) { + maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name); + if (maj_stat != GSS_S_COMPLETE) { + display_status("converting oid->string", maj_stat, min_stat); + return -1; + } + fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n", + (int) oid_name.length, (char *) oid_name.value); + (void) gss_release_buffer(&min_stat, &oid_name); + } - maj_stat = gss_display_name(&min_stat, client, client_name, &doid); - if (maj_stat != GSS_S_COMPLETE) { - display_status("displaying name", maj_stat, min_stat); - return -1; - } - maj_stat = gss_release_name(&min_stat, &client); - if (maj_stat != GSS_S_COMPLETE) { - display_status("releasing name", maj_stat, min_stat); - return -1; - } + maj_stat = gss_display_name(&min_stat, client, client_name, &doid); + if (maj_stat != GSS_S_COMPLETE) { + display_status("displaying name", maj_stat, min_stat); + return -1; + } + maj_stat = gss_release_name(&min_stat, &client); + if (maj_stat != GSS_S_COMPLETE) { + display_status("releasing name", maj_stat, min_stat); + return -1; + } } else { - client_name->length = *ret_flags = 0; + client_name->length = *ret_flags = 0; - if (logfile) - fprintf(logfile, "Accepted unauthenticated connection.\n"); + if (logfile) + fprintf(logfile, "Accepted unauthenticated connection.\n"); } return 0; @@ -281,7 +282,7 @@ * * Arguments: * - * port (r) the port number on which to listen + * port (r) the port number on which to listen * * Returns: the listening socket file descriptor, or -1 on failure * @@ -291,8 +292,7 @@ * On error, an error message is displayed and -1 is returned. */ static int -create_socket(port) - u_short port; +create_socket(u_short port) { struct sockaddr_in saddr; int s; @@ -303,40 +303,38 @@ saddr.sin_addr.s_addr = INADDR_ANY; if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("creating socket"); - return -1; + perror("creating socket"); + return -1; } /* Let the socket be reused right away */ (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on)); if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) { - perror("binding socket"); - (void) close(s); - return -1; + perror("binding socket"); + (void) close(s); + return -1; } if (listen(s, 5) < 0) { - perror("listening on socket"); - (void) close(s); - return -1; + perror("listening on socket"); + (void) close(s); + return -1; } return s; } static float -timeval_subtract(tv1, tv2) - struct timeval *tv1, *tv2; +timeval_subtract(struct timeval *tv1, struct timeval *tv2) { return ((tv1->tv_sec - tv2->tv_sec) + - ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000); + ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000); } /* * Yes, yes, this isn't the best place for doing this test. * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH. - * -TYT + * -TYT */ static int -test_import_export_context(context) - gss_ctx_id_t *context; +test_import_export_context(gss_ctx_id_t *context) { OM_uint32 min_stat, maj_stat; gss_buffer_desc context_token, copied_token; @@ -348,32 +346,32 @@ gettimeofday(&tm1, (struct timezone *) 0); maj_stat = gss_export_sec_context(&min_stat, context, &context_token); if (maj_stat != GSS_S_COMPLETE) { - display_status("exporting context", maj_stat, min_stat); - return 1; + display_status("exporting context", maj_stat, min_stat); + return 1; } gettimeofday(&tm2, (struct timezone *) 0); if (verbose && logfile) - fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n", - (int) context_token.length, timeval_subtract(&tm2, &tm1)); + fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n", + (int) context_token.length, timeval_subtract(&tm2, &tm1)); copied_token.length = context_token.length; copied_token.value = malloc(context_token.length); if (copied_token.value == 0) { - if (logfile) - fprintf(logfile, - "Couldn't allocate memory to copy context token.\n"); - return 1; + if (logfile) + fprintf(logfile, + "Couldn't allocate memory to copy context token.\n"); + return 1; } memcpy(copied_token.value, context_token.value, copied_token.length); maj_stat = gss_import_sec_context(&min_stat, &copied_token, context); if (maj_stat != GSS_S_COMPLETE) { - display_status("importing context", maj_stat, min_stat); - return 1; + display_status("importing context", maj_stat, min_stat); + return 1; } free(copied_token.value); gettimeofday(&tm1, (struct timezone *) 0); if (verbose && logfile) - fprintf(logfile, "Importing context: %7.4f seconds\n", - timeval_subtract(&tm1, &tm2)); + fprintf(logfile, "Importing context: %7.4f seconds\n", + timeval_subtract(&tm1, &tm2)); (void) gss_release_buffer(&min_stat, &context_token); return 0; } @@ -385,11 +383,11 @@ * * Arguments: * - * s (r) a TCP socket on which a connection has been - * accept()ed - * service_name (r) the ASCII name of the GSS-API service to - * establish a context as - * export (r) whether to test context exporting + * s (r) a TCP socket on which a connection has been + * accept()ed + * service_name (r) the ASCII name of the GSS-API service to + * establish a context as + * export (r) whether to test context exporting * * Returns: -1 on error * @@ -405,10 +403,7 @@ * If any error occurs, -1 is returned. */ static int -sign_server(s, server_creds, export) - int s; - gss_cred_id_t server_creds; - int export; +sign_server(int s, gss_cred_id_t server_creds, int export) { gss_buffer_desc client_name, xmit_buf, msg_buf; gss_ctx_id_t context; @@ -419,134 +414,134 @@ /* Establish a context with the client */ if (server_establish_context(s, server_creds, &context, - &client_name, &ret_flags) < 0) - return (-1); + &client_name, &ret_flags) < 0) + return (-1); if (context == GSS_C_NO_CONTEXT) { - printf("Accepted unauthenticated connection.\n"); + printf("Accepted unauthenticated connection.\n"); } else { - printf("Accepted connection: \"%.*s\"\n", - (int) client_name.length, (char *) client_name.value); - (void) gss_release_buffer(&min_stat, &client_name); + printf("Accepted connection: \"%.*s\"\n", + (int) client_name.length, (char *) client_name.value); + (void) gss_release_buffer(&min_stat, &client_name); - if (export) { - for (i = 0; i < 3; i++) - if (test_import_export_context(&context)) - return -1; - } + if (export) { + for (i = 0; i < 3; i++) + if (test_import_export_context(&context)) + return -1; + } } do { - /* Receive the message token */ - if (recv_token(s, &token_flags, &xmit_buf) < 0) - return (-1); + /* Receive the message token */ + if (recv_token(s, &token_flags, &xmit_buf) < 0) + return (-1); - if (token_flags & TOKEN_NOOP) { - if (logfile) - fprintf(logfile, "NOOP token\n"); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - break; - } + if (token_flags & TOKEN_NOOP) { + if (logfile) + fprintf(logfile, "NOOP token\n"); + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + break; + } - if (verbose && logfile) { - fprintf(logfile, "Message token (flags=%d):\n", token_flags); - print_token(&xmit_buf); - } + if (verbose && logfile) { + fprintf(logfile, "Message token (flags=%d):\n", token_flags); + print_token(&xmit_buf); + } - if ((context == GSS_C_NO_CONTEXT) && - (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC))) - { - if (logfile) - fprintf(logfile, - "Unauthenticated client requested authenticated services!\n"); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - return (-1); - } + if ((context == GSS_C_NO_CONTEXT) && + (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC))) + { + if (logfile) + fprintf(logfile, + "Unauthenticated client requested authenticated services!\n"); + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + return (-1); + } - if (token_flags & TOKEN_WRAPPED) { - maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, - &conf_state, (gss_qop_t *) NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("unsealing message", maj_stat, min_stat); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - return (-1); - } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) { - fprintf(stderr, "Warning! Message not encrypted.\n"); - } + if (token_flags & TOKEN_WRAPPED) { + maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, + &conf_state, (gss_qop_t *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("unsealing message", maj_stat, min_stat); + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + return (-1); + } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - } else { - msg_buf = xmit_buf; - } + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + } else { + msg_buf = xmit_buf; + } - if (logfile) { - fprintf(logfile, "Received message: "); - cp = msg_buf.value; - if ((isprint((int) cp[0]) || isspace((int) cp[0])) && - (isprint((int) cp[1]) || isspace((int) cp[1]))) { - fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length, - (char *) msg_buf.value); - } else { - fprintf(logfile, "\n"); - print_token(&msg_buf); - } - } + if (logfile) { + fprintf(logfile, "Received message: "); + cp = msg_buf.value; + if ((isprint((int) cp[0]) || isspace((int) cp[0])) && + (isprint((int) cp[1]) || isspace((int) cp[1]))) { + fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length, + (char *) msg_buf.value); + } else { + fprintf(logfile, "\n"); + print_token(&msg_buf); + } + } - if (token_flags & TOKEN_SEND_MIC) { - /* Produce a signature block for the message */ - maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("signing message", maj_stat, min_stat); - return (-1); - } + if (token_flags & TOKEN_SEND_MIC) { + /* Produce a signature block for the message */ + maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, + &msg_buf, &xmit_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("signing message", maj_stat, min_stat); + return (-1); + } - if (msg_buf.value) { - free(msg_buf.value); - msg_buf.value = 0; - } + if (msg_buf.value) { + free(msg_buf.value); + msg_buf.value = 0; + } - /* Send the signature block to the client */ - if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) - return (-1); + /* Send the signature block to the client */ + if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) + return (-1); - if (xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - } else { - if (msg_buf.value) { - free(msg_buf.value); - msg_buf.value = 0; - } - if (send_token(s, TOKEN_NOOP, empty_token) < 0) - return (-1); - } + if (xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + } else { + if (msg_buf.value) { + free(msg_buf.value); + msg_buf.value = 0; + } + if (send_token(s, TOKEN_NOOP, empty_token) < 0) + return (-1); + } } while (1 /* loop will break if NOOP received */ ); if (context != GSS_C_NO_CONTEXT) { - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - return (-1); - } + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + return (-1); + } } if (logfile) - fflush(logfile); + fflush(logfile); return (0); } @@ -576,23 +571,23 @@ WaitAndIncrementThreadCounter(void) { for (;;) { - if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { - if (thread_count < max_threads) { - thread_count++; - ReleaseMutex(hMutex); - return TRUE; - } else { - ReleaseMutex(hMutex); + if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { + if (thread_count < max_threads) { + thread_count++; + ReleaseMutex(hMutex); + return TRUE; + } else { + ReleaseMutex(hMutex); - if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) { - continue; - } else { - return FALSE; - } - } - } else { - return FALSE; - } + if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) { + continue; + } else { + return FALSE; + } + } + } else { + return FALSE; + } } } @@ -600,13 +595,13 @@ DecrementAndSignalThreadCounter(void) { if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) { - if (thread_count == max_threads) - ResetEvent(hEvent); - thread_count--; - ReleaseMutex(hMutex); - return TRUE; + if (thread_count == max_threads) + ResetEvent(hEvent); + thread_count--; + ReleaseMutex(hMutex); + return TRUE; } else { - return FALSE; + return FALSE; } } #endif @@ -632,14 +627,12 @@ #ifdef _WIN32 if (max_threads > 1) - DecrementAndSignalThreadCounter(); + DecrementAndSignalThreadCounter(); #endif } int -main(argc, argv) - int argc; - char **argv; +main(int argc, char **argv) { char *service_name; gss_cred_id_t server_creds; @@ -654,69 +647,69 @@ argc--; argv++; while (argc) { - if (strcmp(*argv, "-port") == 0) { - argc--; - argv++; - if (!argc) - usage(); - port = atoi(*argv); - } + if (strcmp(*argv, "-port") == 0) { + argc--; + argv++; + if (!argc) + usage(); + port = atoi(*argv); + } #ifdef _WIN32 - else if (strcmp(*argv, "-threads") == 0) { - argc--; - argv++; - if (!argc) - usage(); - max_threads = atoi(*argv); - } + else if (strcmp(*argv, "-threads") == 0) { + argc--; + argv++; + if (!argc) + usage(); + max_threads = atoi(*argv); + } #endif - else if (strcmp(*argv, "-verbose") == 0) { - verbose = 1; - } else if (strcmp(*argv, "-once") == 0) { - once = 1; - } else if (strcmp(*argv, "-inetd") == 0) { - do_inetd = 1; - } else if (strcmp(*argv, "-export") == 0) { - export = 1; - } else if (strcmp(*argv, "-logfile") == 0) { - argc--; - argv++; - if (!argc) - usage(); - /* Gross hack, but it makes it unnecessary to add an - * extra argument to disable logging, and makes the code - * more efficient because it doesn't actually write data - * to /dev/null. */ - if (!strcmp(*argv, "/dev/null")) { - logfile = display_file = NULL; - } else { - logfile = fopen(*argv, "a"); - display_file = logfile; - if (!logfile) { - perror(*argv); - exit(1); - } - } - } else - break; - argc--; - argv++; + else if (strcmp(*argv, "-verbose") == 0) { + verbose = 1; + } else if (strcmp(*argv, "-once") == 0) { + once = 1; + } else if (strcmp(*argv, "-inetd") == 0) { + do_inetd = 1; + } else if (strcmp(*argv, "-export") == 0) { + export = 1; + } else if (strcmp(*argv, "-logfile") == 0) { + argc--; + argv++; + if (!argc) + usage(); + /* Gross hack, but it makes it unnecessary to add an + * extra argument to disable logging, and makes the code + * more efficient because it doesn't actually write data + * to /dev/null. */ + if (!strcmp(*argv, "/dev/null")) { + logfile = display_file = NULL; + } else { + logfile = fopen(*argv, "a"); + display_file = logfile; + if (!logfile) { + perror(*argv); + exit(1); + } + } + } else + break; + argc--; + argv++; } if (argc != 1) - usage(); + usage(); if ((*argv)[0] == '-') - usage(); + usage(); #ifdef _WIN32 if (max_threads < 1) { - fprintf(stderr, "warning: there must be at least one thread\n"); - max_threads = 1; + fprintf(stderr, "warning: there must be at least one thread\n"); + max_threads = 1; } if (max_threads > 1 && do_inetd) - fprintf(stderr, - "warning: one thread may be used in conjunction with inetd\n"); + fprintf(stderr, + "warning: one thread may be used in conjunction with inetd\n"); InitHandles(); #endif @@ -724,63 +717,63 @@ service_name = *argv; if (server_acquire_creds(service_name, &server_creds) < 0) - return -1; + return -1; if (do_inetd) { - close(1); - close(2); + close(1); + close(2); - sign_server(0, server_creds, export); - close(0); + sign_server(0, server_creds, export); + close(0); } else { - int stmp; + int stmp; - if ((stmp = create_socket(port)) >= 0) { - if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0) - perror("listening on socket"); + if ((stmp = create_socket(port)) >= 0) { + if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0) + perror("listening on socket"); - do { - struct _work_plan *work = malloc(sizeof(struct _work_plan)); + do { + struct _work_plan *work = malloc(sizeof(struct _work_plan)); - if (work == NULL) { - fprintf(stderr, "fatal error: out of memory"); - break; - } + if (work == NULL) { + fprintf(stderr, "fatal error: out of memory"); + break; + } - /* Accept a TCP connection */ - if ((work->s = accept(stmp, NULL, 0)) < 0) { - perror("accepting connection"); - continue; - } + /* Accept a TCP connection */ + if ((work->s = accept(stmp, NULL, 0)) < 0) { + perror("accepting connection"); + continue; + } - work->server_creds = server_creds; - work->export = export; + work->server_creds = server_creds; + work->export = export; - if (max_threads == 1) { - worker_bee((void *) work); - } + if (max_threads == 1) { + worker_bee((void *) work); + } #ifdef _WIN32 - else { - if (WaitAndIncrementThreadCounter()) { - uintptr_t handle = - _beginthread(worker_bee, 0, (void *) work); - if (handle == (uintptr_t) - 1) { - closesocket(work->s); - free(work); - } - } else { - fprintf(stderr, - "fatal error incrementing thread counter"); - closesocket(work->s); - free(work); - break; - } - } + else { + if (WaitAndIncrementThreadCounter()) { + uintptr_t handle = + _beginthread(worker_bee, 0, (void *) work); + if (handle == (uintptr_t) - 1) { + closesocket(work->s); + free(work); + } + } else { + fprintf(stderr, + "fatal error incrementing thread counter"); + closesocket(work->s); + free(work); + break; + } + } #endif - } while (!once); + } while (!once); - closesocket(stmp); - } + closesocket(stmp); + } } (void) gss_release_cred(&min_stat, &server_creds); Modified: trunk/src/appl/sample/sample.h =================================================================== --- trunk/src/appl/sample/sample.h 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/sample/sample.h 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/sample/sample.h * Modified: trunk/src/appl/sample/sclient/sclient.c =================================================================== --- trunk/src/appl/sample/sclient/sclient.c 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/sample/sclient/sclient.c 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/sample/sclient/sclient.c * @@ -58,31 +59,28 @@ #endif static int -net_read(fd, buf, len) - int fd; - char *buf; - int len; +net_read(int fd, char *buf, int len) { int cc, len2 = 0; do { - cc = SOCKET_READ((SOCKET)fd, buf, len); - if (cc < 0) { - if (SOCKET_ERRNO == SOCKET_EINTR) - continue; + cc = SOCKET_READ((SOCKET)fd, buf, len); + if (cc < 0) { + if (SOCKET_ERRNO == SOCKET_EINTR) + continue; - /* XXX this interface sucks! */ - errno = SOCKET_ERRNO; + /* XXX this interface sucks! */ + errno = SOCKET_ERRNO; - return(cc); /* errno is already set */ - } - else if (cc == 0) { - return(len2); - } else { - buf += cc; - len2 += cc; - len -= cc; - } + return(cc); /* errno is already set */ + } + else if (cc == 0) { + return(len2); + } else { + buf += cc; + len2 += cc; + len -= cc; + } } while (len > 0); return(len2); } @@ -107,84 +105,84 @@ char *service = SAMPLE_SERVICE; if (argc != 2 && argc != 3 && argc != 4) { - fprintf(stderr, "usage: %s [port] [service]\n",argv[0]); - exit(1); + fprintf(stderr, "usage: %s [port] [service]\n",argv[0]); + exit(1); } retval = krb5_init_context(&context); if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); + com_err(argv[0], retval, "while initializing krb5"); + exit(1); } (void) signal(SIGPIPE, SIG_IGN); if (argc > 2) - portstr = argv[2]; + portstr = argv[2]; else - portstr = SAMPLE_PORT; + portstr = SAMPLE_PORT; memset(&aihints, 0, sizeof(aihints)); aihints.ai_socktype = SOCK_STREAM; aierr = getaddrinfo(argv[1], portstr, &aihints, &ap); if (aierr) { - fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: %s\n", - argv[0], argv[1], portstr, gai_strerror(aierr)); - exit(1); + fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: %s\n", + argv[0], argv[1], portstr, gai_strerror(aierr)); + exit(1); } if (ap == 0) { - /* Should never happen. */ - fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: no addresses returned?\n", - argv[0], argv[1], portstr); - exit(1); + /* Should never happen. */ + fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: no addresses returned?\n", + argv[0], argv[1], portstr); + exit(1); } if (argc > 3) { - service = argv[3]; + service = argv[3]; } retval = krb5_sname_to_principal(context, argv[1], service, - KRB5_NT_SRV_HST, &server); + KRB5_NT_SRV_HST, &server); if (retval) { - com_err(argv[0], retval, "while creating server name for host %s service %s", - argv[1], service); - exit(1); + com_err(argv[0], retval, "while creating server name for host %s service %s", + argv[1], service); + exit(1); } /* set up the address of the foreign socket for connect() */ apstart = ap; /* For freeing later */ for (sock = -1; ap && sock == -1; ap = ap->ai_next) { - char abuf[NI_MAXHOST], pbuf[NI_MAXSERV]; - char mbuf[NI_MAXHOST + NI_MAXSERV + 64]; - if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf), - pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) { - memset(abuf, 0, sizeof(abuf)); - memset(pbuf, 0, sizeof(pbuf)); - strncpy(abuf, "[error, cannot print address?]", - sizeof(abuf)-1); - strncpy(pbuf, "[?]", sizeof(pbuf)-1); - } - memset(mbuf, 0, sizeof(mbuf)); - strncpy(mbuf, "error contacting ", sizeof(mbuf)-1); - strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1); - strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1); - strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1); - sock = socket(ap->ai_family, SOCK_STREAM, 0); - if (sock < 0) { - fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno)); - continue; - } - if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) { - fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno)); - close(sock); - sock = -1; - continue; - } - /* connected, yay! */ + char abuf[NI_MAXHOST], pbuf[NI_MAXSERV]; + char mbuf[NI_MAXHOST + NI_MAXSERV + 64]; + if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf), + pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) { + memset(abuf, 0, sizeof(abuf)); + memset(pbuf, 0, sizeof(pbuf)); + strncpy(abuf, "[error, cannot print address?]", + sizeof(abuf)-1); + strncpy(pbuf, "[?]", sizeof(pbuf)-1); + } + memset(mbuf, 0, sizeof(mbuf)); + strncpy(mbuf, "error contacting ", sizeof(mbuf)-1); + strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1); + strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1); + strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1); + sock = socket(ap->ai_family, SOCK_STREAM, 0); + if (sock < 0) { + fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno)); + continue; + } + if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) { + fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno)); + close(sock); + sock = -1; + continue; + } + /* connected, yay! */ } if (sock == -1) - /* Already printed error message above. */ - exit(1); + /* Already printed error message above. */ + exit(1); printf("connected\n"); cksum_data.data = argv[1]; @@ -192,67 +190,67 @@ retval = krb5_cc_default(context, &ccdef); if (retval) { - com_err(argv[0], retval, "while getting default ccache"); - exit(1); + com_err(argv[0], retval, "while getting default ccache"); + exit(1); } retval = krb5_cc_get_principal(context, ccdef, &client); if (retval) { - com_err(argv[0], retval, "while getting client principal name"); - exit(1); + com_err(argv[0], retval, "while getting client principal name"); + exit(1); } retval = krb5_sendauth(context, &auth_context, (krb5_pointer) &sock, - SAMPLE_VERSION, client, server, - AP_OPTS_MUTUAL_REQUIRED, - &cksum_data, - 0, /* no creds, use ccache instead */ - ccdef, &err_ret, &rep_ret, NULL); + SAMPLE_VERSION, client, server, + AP_OPTS_MUTUAL_REQUIRED, + &cksum_data, + 0, /* no creds, use ccache instead */ + ccdef, &err_ret, &rep_ret, NULL); - krb5_free_principal(context, server); /* finished using it */ + krb5_free_principal(context, server); /* finished using it */ krb5_free_principal(context, client); krb5_cc_close(context, ccdef); if (auth_context) krb5_auth_con_free(context, auth_context); if (retval && retval != KRB5_SENDAUTH_REJECTED) { - com_err(argv[0], retval, "while using sendauth"); - exit(1); + com_err(argv[0], retval, "while using sendauth"); + exit(1); } if (retval == KRB5_SENDAUTH_REJECTED) { - /* got an error */ - printf("sendauth rejected, error reply is:\n\t\"%*s\"\n", - err_ret->text.length, err_ret->text.data); + /* got an error */ + printf("sendauth rejected, error reply is:\n\t\"%*s\"\n", + err_ret->text.length, err_ret->text.data); } else if (rep_ret) { - /* got a reply */ - krb5_free_ap_rep_enc_part(context, rep_ret); + /* got a reply */ + krb5_free_ap_rep_enc_part(context, rep_ret); - printf("sendauth succeeded, reply is:\n"); - if ((retval = net_read(sock, (char *)&xmitlen, - sizeof(xmitlen))) <= 0) { - if (retval == 0) - errno = ECONNABORTED; - com_err(argv[0], errno, "while reading data from server"); - exit(1); - } - recv_data.length = ntohs(xmitlen); - if (!(recv_data.data = (char *)malloc((size_t) recv_data.length + 1))) { - com_err(argv[0], ENOMEM, - "while allocating buffer to read from server"); - exit(1); - } - if ((retval = net_read(sock, (char *)recv_data.data, - recv_data.length)) <= 0) { - if (retval == 0) - errno = ECONNABORTED; - com_err(argv[0], errno, "while reading data from server"); - exit(1); - } - recv_data.data[recv_data.length] = '\0'; - printf("reply len %d, contents:\n%s\n", - recv_data.length,recv_data.data); - free(recv_data.data); + printf("sendauth succeeded, reply is:\n"); + if ((retval = net_read(sock, (char *)&xmitlen, + sizeof(xmitlen))) <= 0) { + if (retval == 0) + errno = ECONNABORTED; + com_err(argv[0], errno, "while reading data from server"); + exit(1); + } + recv_data.length = ntohs(xmitlen); + if (!(recv_data.data = (char *)malloc((size_t) recv_data.length + 1))) { + com_err(argv[0], ENOMEM, + "while allocating buffer to read from server"); + exit(1); + } + if ((retval = net_read(sock, (char *)recv_data.data, + recv_data.length)) <= 0) { + if (retval == 0) + errno = ECONNABORTED; + com_err(argv[0], errno, "while reading data from server"); + exit(1); + } + recv_data.data[recv_data.length] = '\0'; + printf("reply len %d, contents:\n%s\n", + recv_data.length,recv_data.data); + free(recv_data.data); } else { - com_err(argv[0], 0, "no error or reply from sendauth!"); - exit(1); + com_err(argv[0], 0, "no error or reply from sendauth!"); + exit(1); } freeaddrinfo(apstart); krb5_free_context(context); Modified: trunk/src/appl/sample/sserver/sserver.c =================================================================== --- trunk/src/appl/sample/sserver/sserver.c 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/sample/sserver/sserver.c 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/sample/sserver/sserver.c * @@ -64,24 +65,21 @@ #define DEBUG static void -usage(name) - char *name; +usage(char *name) { - fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", - name); + fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", + name); } int -main(argc, argv) - int argc; - char *argv[]; +main(int argc, char *argv[]) { krb5_context context; krb5_auth_context auth_context = NULL; krb5_ticket * ticket; struct sockaddr_in peername; GETPEERNAME_ARG3_TYPE namelen = sizeof(peername); - int sock = -1; /* incoming connection fd */ + int sock = -1; /* incoming connection fd */ krb5_data recv_data; short xmitlen; krb5_error_code retval; @@ -89,11 +87,11 @@ char repbuf[BUFSIZ]; char *cname; char *service = SAMPLE_SERVICE; - short port = 0; /* If user specifies port */ + short port = 0; /* If user specifies port */ extern int opterr, optind; extern char * optarg; int ch; - krb5_keytab keytab = NULL; /* Allow specification on command line */ + krb5_keytab keytab = NULL; /* Allow specification on command line */ char *progname; int on = 1; @@ -101,8 +99,8 @@ retval = krb5_init_context(&context); if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); + com_err(argv[0], retval, "while initializing krb5"); + exit(1); } /* open a log connection */ @@ -113,27 +111,28 @@ * */ opterr = 0; - while ((ch = getopt(argc, argv, "p:S:s:")) != -1) - switch (ch) { - case 'p': - port = atoi(optarg); - break; - case 's': - service = optarg; - break; - case 'S': - if ((retval = krb5_kt_resolve(context, optarg, &keytab))) { - com_err(progname, retval, - "while resolving keytab file %s", optarg); - exit(2); - } - break; + while ((ch = getopt(argc, argv, "p:S:s:")) != -1) { + switch (ch) { + case 'p': + port = atoi(optarg); + break; + case 's': + service = optarg; + break; + case 'S': + if ((retval = krb5_kt_resolve(context, optarg, &keytab))) { + com_err(progname, retval, + "while resolving keytab file %s", optarg); + exit(2); + } + break; - case '?': - default: - usage(progname); - exit(1); - break; + case '?': + default: + usage(progname); + exit(1); + break; + } } argc -= optind; @@ -141,15 +140,15 @@ /* Backwards compatibility, allow port to be specified at end */ if (argc > 1) { - port = atoi(argv[1]); + port = atoi(argv[1]); } retval = krb5_sname_to_principal(context, NULL, service, - KRB5_NT_SRV_HST, &server); + KRB5_NT_SRV_HST, &server); if (retval) { - syslog(LOG_ERR, "while generating service name (%s): %s", - service, error_message(retval)); - exit(1); + syslog(LOG_ERR, "while generating service name (%s): %s", + service, error_message(retval)); + exit(1); } /* @@ -158,86 +157,86 @@ */ if (port) { - int acc; - struct sockaddr_in sockin; + int acc; + struct sockaddr_in sockin; - if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { - syslog(LOG_ERR, "socket: %m"); - exit(3); - } - /* Let the socket be reused right away */ - (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on, - sizeof(on)); + if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { + syslog(LOG_ERR, "socket: %m"); + exit(3); + } + /* Let the socket be reused right away */ + (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on, + sizeof(on)); - sockin.sin_family = AF_INET; - sockin.sin_addr.s_addr = 0; - sockin.sin_port = htons(port); - if (bind(sock, (struct sockaddr *) &sockin, sizeof(sockin))) { - syslog(LOG_ERR, "bind: %m"); - exit(3); - } - if (listen(sock, 1) == -1) { - syslog(LOG_ERR, "listen: %m"); - exit(3); - } - if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){ - syslog(LOG_ERR, "accept: %m"); - exit(3); - } - dup2(acc, 0); - close(sock); - sock = 0; + sockin.sin_family = AF_INET; + sockin.sin_addr.s_addr = 0; + sockin.sin_port = htons(port); + if (bind(sock, (struct sockaddr *) &sockin, sizeof(sockin))) { + syslog(LOG_ERR, "bind: %m"); + exit(3); + } + if (listen(sock, 1) == -1) { + syslog(LOG_ERR, "listen: %m"); + exit(3); + } + if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){ + syslog(LOG_ERR, "accept: %m"); + exit(3); + } + dup2(acc, 0); + close(sock); + sock = 0; } else { - /* - * To verify authenticity, we need to know the address of the - * client. - */ - if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) { - syslog(LOG_ERR, "getpeername: %m"); - exit(1); - } - sock = 0; + /* + * To verify authenticity, we need to know the address of the + * client. + */ + if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) { + syslog(LOG_ERR, "getpeername: %m"); + exit(1); + } + sock = 0; } retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&sock, - SAMPLE_VERSION, server, - 0, /* no flags */ - keytab, /* default keytab is NULL */ - &ticket); + SAMPLE_VERSION, server, + 0, /* no flags */ + keytab, /* default keytab is NULL */ + &ticket); if (retval) { - syslog(LOG_ERR, "recvauth failed--%s", error_message(retval)); - exit(1); + syslog(LOG_ERR, "recvauth failed--%s", error_message(retval)); + exit(1); } /* Get client name */ repbuf[sizeof(repbuf) - 1] = '\0'; retval = krb5_unparse_name(context, ticket->enc_part2->client, &cname); if (retval){ - syslog(LOG_ERR, "unparse failed: %s", error_message(retval)); - strncpy(repbuf, "You are \n", sizeof(repbuf) - 1); + syslog(LOG_ERR, "unparse failed: %s", error_message(retval)); + strncpy(repbuf, "You are \n", sizeof(repbuf) - 1); } else { - strncpy(repbuf, "You are ", sizeof(repbuf) - 1); - strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf)); - strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf)); - free(cname); + strncpy(repbuf, "You are ", sizeof(repbuf) - 1); + strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf)); + strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf)); + free(cname); } xmitlen = htons(strlen(repbuf)); recv_data.length = strlen(repbuf); recv_data.data = repbuf; if ((retval = krb5_net_write(context, 0, (char *)&xmitlen, - sizeof(xmitlen))) < 0) { - syslog(LOG_ERR, "%m: while writing len to client"); - exit(1); + sizeof(xmitlen))) < 0) { + syslog(LOG_ERR, "%m: while writing len to client"); + exit(1); } if ((retval = krb5_net_write(context, 0, (char *)recv_data.data, - recv_data.length)) < 0) { - syslog(LOG_ERR, "%m: while writing data to client"); - exit(1); + recv_data.length)) < 0) { + syslog(LOG_ERR, "%m: while writing data to client"); + exit(1); } krb5_free_ticket(context, ticket); if(keytab) - krb5_kt_close(context, keytab); + krb5_kt_close(context, keytab); krb5_free_principal(context, server); krb5_auth_con_free(context, auth_context); krb5_free_context(context); Modified: trunk/src/appl/simple/client/sim_client.c =================================================================== --- trunk/src/appl/simple/client/sim_client.c 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/simple/client/sim_client.c 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/simple/client/sim_client.c * @@ -52,25 +53,22 @@ #define MAXHOSTNAMELEN 64 #endif -#define MSG "hi there!" /* message text */ +#define MSG "hi there!" /* message text */ void usage (char *); void -usage(name) - char *name; +usage(char *name) { - fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name); + fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name); } int -main(argc, argv) - int argc; - char *argv[]; +main(int argc, char *argv[]) { int sock, i; unsigned int len; - int flags = 0; /* flags for sendto() */ + int flags = 0; /* flags for sendto() */ struct servent *serv; struct hostent *host; char *cp; @@ -78,11 +76,11 @@ #ifdef BROKEN_STREAMS_SOCKETS char my_hostname[MAXHOSTNAMELEN]; #endif - struct sockaddr_in s_sock; /* server address */ - struct sockaddr_in c_sock; /* client address */ + struct sockaddr_in s_sock; /* server address */ + struct sockaddr_in c_sock; /* client address */ extern int opterr, optind; extern char * optarg; - int ch; + int ch; short port = 0; char *message = MSG; @@ -95,15 +93,15 @@ krb5_ccache ccdef; krb5_address addr, *portlocal_addr; krb5_rcache rcache; - krb5_data rcache_name; + krb5_data rcache_name; - krb5_context context; - krb5_auth_context auth_context = NULL; + krb5_context context; + krb5_auth_context auth_context = NULL; retval = krb5_init_context(&context); if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); + com_err(argv[0], retval, "while initializing krb5"); + exit(1); } progname = argv[0]; @@ -114,43 +112,43 @@ */ opterr = 0; while ((ch = getopt(argc, argv, "p:m:h:s:")) != -1) - switch (ch) { - case 'p': - port = atoi(optarg); - break; - case 'm': - message = optarg; - break; - case 'h': - hostname = optarg; - break; - case 's': - service = optarg; - break; - case '?': - default: - usage(progname); - exit(1); - break; - } + switch (ch) { + case 'p': + port = atoi(optarg); + break; + case 'm': + message = optarg; + break; + case 'h': + hostname = optarg; + break; + case 's': + service = optarg; + break; + case '?': + default: + usage(progname); + exit(1); + break; + } argc -= optind; argv += optind; if (argc > 0) { - if (hostname) - usage(progname); - hostname = argv[0]; + if (hostname) + usage(progname); + hostname = argv[0]; } if (hostname == 0) { - fprintf(stderr, "You must specify a hostname to contact.\n\n"); - usage(progname); - exit(1); + fprintf(stderr, "You must specify a hostname to contact.\n\n"); + usage(progname); + exit(1); } /* Look up server host */ if ((host = gethostbyname(hostname)) == (struct hostent *) 0) { - fprintf(stderr, "%s: unknown host\n", hostname); - exit(1); + fprintf(stderr, "%s: unknown host\n", hostname); + exit(1); } strncpy(full_hname, host->h_name, sizeof(full_hname)-1); full_hname[sizeof(full_hname)-1] = '\0'; @@ -170,33 +168,33 @@ s_sock.sin_family = AF_INET; if (port == 0) { - /* Look up service */ - if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) { - fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT); - exit(1); - } - s_sock.sin_port = serv->s_port; + /* Look up service */ + if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) { + fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT); + exit(1); + } + s_sock.sin_port = serv->s_port; } else { - s_sock.sin_port = htons(port); + s_sock.sin_port = htons(port); } /* Open a socket */ if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - com_err(progname, errno, "opening datagram socket"); - exit(1); + com_err(progname, errno, "opening datagram socket"); + exit(1); } memset(&c_sock, 0, sizeof(c_sock)); c_sock.sin_family = AF_INET; #ifdef BROKEN_STREAMS_SOCKETS if (gethostname(my_hostname, sizeof(my_hostname)) < 0) { - perror("gethostname"); - exit(1); + perror("gethostname"); + exit(1); } if ((host = gethostbyname(my_hostname)) == (struct hostent *)0) { - fprintf(stderr, "%s: unknown host\n", hostname); - exit(1); + fprintf(stderr, "%s: unknown host\n", hostname); + exit(1); } memcpy(&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr)); #endif @@ -204,8 +202,8 @@ /* Bind it to set the address; kernel will fill in port # */ if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) { - com_err(progname, errno, "while binding datagram socket"); - exit(1); + com_err(progname, errno, "while binding datagram socket"); + exit(1); } /* PREPARE KRB_AP_REQ MESSAGE */ @@ -215,14 +213,14 @@ /* Get credentials for server */ if ((retval = krb5_cc_default(context, &ccdef))) { - com_err(progname, retval, "while getting default ccache"); - exit(1); + com_err(progname, retval, "while getting default ccache"); + exit(1); } if ((retval = krb5_mk_req(context, &auth_context, 0, service, full_hname, - &inbuf, ccdef, &packet))) { - com_err(progname, retval, "while preparing AP_REQ"); - exit(1); + &inbuf, ccdef, &packet))) { + com_err(progname, retval, "while preparing AP_REQ"); + exit(1); } printf("Got credentials for %s.\n", service); @@ -230,13 +228,13 @@ properly bound for getsockname() below. */ if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) { - com_err(progname, errno, "while connecting to server"); - exit(1); + com_err(progname, errno, "while connecting to server"); + exit(1); } /* Send authentication info to server */ if ((i = send(sock, (char *)packet.data, (unsigned) packet.length, - flags)) < 0) - com_err(progname, errno, "while sending KRB_AP_REQ message"); + flags)) < 0) + com_err(progname, errno, "while sending KRB_AP_REQ message"); printf("Sent authentication data: %d bytes\n", i); krb5_free_data_contents(context, &packet); @@ -246,48 +244,48 @@ memset(&c_sock, 0, sizeof(c_sock)); len = sizeof(c_sock); if (getsockname(sock, (struct sockaddr *)&c_sock, &len) < 0) { - com_err(progname, errno, "while getting socket name"); - exit(1); + com_err(progname, errno, "while getting socket name"); + exit(1); } addr.addrtype = ADDRTYPE_IPPORT; addr.length = sizeof(c_sock.sin_port); addr.contents = (krb5_octet *)&c_sock.sin_port; if ((retval = krb5_auth_con_setports(context, auth_context, - &addr, NULL))) { - com_err(progname, retval, "while setting local port\n"); - exit(1); + &addr, NULL))) { + com_err(progname, retval, "while setting local port\n"); + exit(1); } addr.addrtype = ADDRTYPE_INET; addr.length = sizeof(c_sock.sin_addr); addr.contents = (krb5_octet *)&c_sock.sin_addr; if ((retval = krb5_auth_con_setaddrs(context, auth_context, - &addr, NULL))) { - com_err(progname, retval, "while setting local addr\n"); - exit(1); + &addr, NULL))) { + com_err(progname, retval, "while setting local addr\n"); + exit(1); } /* THIS IS UGLY */ if ((retval = krb5_gen_portaddr(context, &addr, - (krb5_pointer) &c_sock.sin_port, - &portlocal_addr))) { - com_err(progname, retval, "while generating port address"); - exit(1); + (krb5_pointer) &c_sock.sin_port, + &portlocal_addr))) { + com_err(progname, retval, "while generating port address"); + exit(1); } if ((retval = krb5_gen_replay_name(context,portlocal_addr, - "_sim_clt",&cp))) { - com_err(progname, retval, "while generating replay cache name"); - exit(1); + "_sim_clt",&cp))) { + com_err(progname, retval, "while generating replay cache name"); + exit(1); } rcache_name.length = strlen(cp); rcache_name.data = cp; if ((retval = krb5_get_server_rcache(context, &rcache_name, &rcache))) { - com_err(progname, retval, "while getting server rcache"); - exit(1); + com_err(progname, retval, "while getting server rcache"); + exit(1); } /* set auth_context rcache */ @@ -298,14 +296,14 @@ inbuf.length = strlen(message); if ((retval = krb5_mk_safe(context, auth_context, &inbuf, &packet, NULL))){ - com_err(progname, retval, "while making KRB_SAFE message"); - exit(1); + com_err(progname, retval, "while making KRB_SAFE message"); + exit(1); } /* Send it */ if ((i = send(sock, (char *)packet.data, (unsigned) packet.length, - flags)) < 0) - com_err(progname, errno, "while sending SAFE message"); + flags)) < 0) + com_err(progname, errno, "while sending SAFE message"); printf("Sent checksummed message: %d bytes\n", i); krb5_free_data_contents(context, &packet); @@ -313,22 +311,22 @@ /* Make the encrypted message */ if ((retval = krb5_mk_priv(context, auth_context, &inbuf, - &packet, NULL))) { - com_err(progname, retval, "while making KRB_PRIV message"); - exit(1); + &packet, NULL))) { + com_err(progname, retval, "while making KRB_PRIV message"); + exit(1); } /* Send it */ if ((i = send(sock, (char *)packet.data, (unsigned) packet.length, - flags)) < 0) - com_err(progname, errno, "while sending PRIV message"); + flags)) < 0) + com_err(progname, errno, "while sending PRIV message"); printf("Sent encrypted message: %d bytes\n", i); krb5_free_data_contents(context, &packet); retval = krb5_rc_destroy(context, rcache); if (retval) { - com_err(progname, retval, "while deleting replay cache"); - exit(1); + com_err(progname, retval, "while deleting replay cache"); + exit(1); } krb5_auth_con_setrcache(context, auth_context, NULL); krb5_auth_con_free(context, auth_context); Modified: trunk/src/appl/simple/server/sim_server.c =================================================================== --- trunk/src/appl/simple/server/sim_server.c 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/simple/server/sim_server.c 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/simple/server/sim_server.c * @@ -53,33 +54,30 @@ #define PROGNAME argv[0] static void -usage(name) - char *name; +usage(char *name) { - fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name); + fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name); } int -main(argc, argv) -int argc; -char *argv[]; +main(int argc, char *argv[]) { int sock, i; unsigned int len; - int flags = 0; /* for recvfrom() */ + int flags = 0; /* for recvfrom() */ int on = 1; struct servent *serv; struct hostent *host; - struct sockaddr_in s_sock; /* server's address */ - struct sockaddr_in c_sock; /* client's address */ + struct sockaddr_in s_sock; /* server's address */ + struct sockaddr_in c_sock; /* client's address */ char full_hname[MAXHOSTNAMELEN]; char *cp; extern int opterr, optind; extern char * optarg; - int ch; + int ch; - short port = 0; /* If user specifies port */ - krb5_keytab keytab = NULL; /* Allow specification on command line */ + short port = 0; /* If user specifies port */ + krb5_keytab keytab = NULL; /* Allow specification on command line */ char *service = SIMPLE_SERVICE; krb5_error_code retval; @@ -93,8 +91,8 @@ retval = krb5_init_context(&context); if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); + com_err(argv[0], retval, "while initializing krb5"); + exit(1); } /* @@ -102,33 +100,34 @@ * */ opterr = 0; - while ((ch = getopt(argc, argv, "p:s:S:")) != -1) - switch (ch) { - case 'p': - port = atoi(optarg); - break; - case 's': - service = optarg; - break; - case 'S': - if ((retval = krb5_kt_resolve(context, optarg, &keytab))) { - com_err(PROGNAME, retval, - "while resolving keytab file %s", optarg); - exit(2); - } - break; + while ((ch = getopt(argc, argv, "p:s:S:")) != -1) { + switch (ch) { + case 'p': + port = atoi(optarg); + break; + case 's': + service = optarg; + break; + case 'S': + if ((retval = krb5_kt_resolve(context, optarg, &keytab))) { + com_err(PROGNAME, retval, + "while resolving keytab file %s", optarg); + exit(2); + } + break; - case '?': - default: - usage(PROGNAME); - exit(1); - break; + case '?': + default: + usage(PROGNAME); + exit(1); + break; + } } if ((retval = krb5_sname_to_principal(context, NULL, service, - KRB5_NT_SRV_HST, &sprinc))) { - com_err(PROGNAME, retval, "while generating service name %s", service); - exit(1); + KRB5_NT_SRV_HST, &sprinc))) { + com_err(PROGNAME, retval, "while generating service name %s", service); + exit(1); } /* Set up server address */ @@ -136,41 +135,41 @@ s_sock.sin_family = AF_INET; if (port == 0) { - /* Look up service */ - if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) { - fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT); - exit(1); - } - s_sock.sin_port = serv->s_port; + /* Look up service */ + if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) { + fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT); + exit(1); + } + s_sock.sin_port = serv->s_port; } else { - s_sock.sin_port = htons(port); + s_sock.sin_port = htons(port); } if (gethostname(full_hname, sizeof(full_hname)) < 0) { - perror("gethostname"); - exit(1); + perror("gethostname"); + exit(1); } if ((host = gethostbyname(full_hname)) == (struct hostent *)0) { - fprintf(stderr, "%s: host unknown\n", full_hname); - exit(1); + fprintf(stderr, "%s: host unknown\n", full_hname); + exit(1); } memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); /* Open socket */ if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - perror("opening datagram socket"); - exit(1); + perror("opening datagram socket"); + exit(1); } - /* Let the socket be reused right away */ - (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on, - sizeof(on)); + /* Let the socket be reused right away */ + (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on, + sizeof(on)); /* Bind the socket */ if (bind(sock, (struct sockaddr *)&s_sock, sizeof(s_sock))) { - perror("binding datagram socket"); - exit(1); + perror("binding datagram socket"); + exit(1); } #ifdef DEBUG @@ -182,9 +181,9 @@ /* use "recvfrom" so we know client's address */ len = sizeof(struct sockaddr_in); if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags, - (struct sockaddr *)&c_sock, &len)) < 0) { - perror("receiving datagram"); - exit(1); + (struct sockaddr *)&c_sock, &len)) < 0) { + perror("receiving datagram"); + exit(1); } printf("Received %d bytes\n", i); @@ -193,14 +192,14 @@ /* Check authentication info */ if ((retval = krb5_rd_req(context, &auth_context, &packet, - sprinc, keytab, NULL, &ticket))) { - com_err(PROGNAME, retval, "while reading request"); - exit(1); + sprinc, keytab, NULL, &ticket))) { + com_err(PROGNAME, retval, "while reading request"); + exit(1); } if ((retval = krb5_unparse_name(context, ticket->enc_part2->client, - &cp))) { - com_err(PROGNAME, retval, "while unparsing client name"); - exit(1); + &cp))) { + com_err(PROGNAME, retval, "while unparsing client name"); + exit(1); } printf("Got authentication info from %s\n", cp); free(cp); @@ -210,8 +209,8 @@ addr.length = sizeof(c_sock.sin_addr); addr.contents = (krb5_octet *)&c_sock.sin_addr; if ((retval = krb5_auth_con_setaddrs(context, auth_context, - NULL, &addr))) { - com_err(PROGNAME, retval, "while setting foreign addr"); + NULL, &addr))) { + com_err(PROGNAME, retval, "while setting foreign addr"); exit(1); } @@ -219,8 +218,8 @@ addr.length = sizeof(c_sock.sin_port); addr.contents = (krb5_octet *)&c_sock.sin_port; if ((retval = krb5_auth_con_setports(context, auth_context, - NULL, &addr))) { - com_err(PROGNAME, retval, "while setting foreign port"); + NULL, &addr))) { + com_err(PROGNAME, retval, "while setting foreign port"); exit(1); } @@ -229,9 +228,9 @@ /* use "recvfrom" so we know client's address */ len = sizeof(struct sockaddr_in); if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags, - (struct sockaddr *)&c_sock, &len)) < 0) { - perror("receiving datagram"); - exit(1); + (struct sockaddr *)&c_sock, &len)) < 0) { + perror("receiving datagram"); + exit(1); } #ifdef DEBUG printf("&c_sock.sin_addr is %s\n", inet_ntoa(c_sock.sin_addr)); @@ -242,9 +241,9 @@ packet.data = (krb5_pointer) pktbuf; if ((retval = krb5_rd_safe(context, auth_context, &packet, - &message, NULL))) { - com_err(PROGNAME, retval, "while verifying SAFE message"); - exit(1); + &message, NULL))) { + com_err(PROGNAME, retval, "while verifying SAFE message"); + exit(1); } printf("Safe message is: '%.*s'\n", (int) message.length, message.data); @@ -255,9 +254,9 @@ /* use "recvfrom" so we know client's address */ len = sizeof(struct sockaddr_in); if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags, - (struct sockaddr *)&c_sock, &len)) < 0) { - perror("receiving datagram"); - exit(1); + (struct sockaddr *)&c_sock, &len)) < 0) { + perror("receiving datagram"); + exit(1); } printf("Received %d bytes\n", i); @@ -265,12 +264,12 @@ packet.data = (krb5_pointer) pktbuf; if ((retval = krb5_rd_priv(context, auth_context, &packet, - &message, NULL))) { - com_err(PROGNAME, retval, "while verifying PRIV message"); - exit(1); + &message, NULL))) { + com_err(PROGNAME, retval, "while verifying PRIV message"); + exit(1); } printf("Decrypted message is: '%.*s'\n", (int) message.length, - message.data); + message.data); krb5_auth_con_free(context, auth_context); krb5_free_context(context); Modified: trunk/src/appl/simple/simple.h =================================================================== --- trunk/src/appl/simple/simple.h 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/simple/simple.h 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/simple/simple.h * @@ -28,5 +29,5 @@ * server & client applications. */ -#define SIMPLE_SERVICE "sample" -#define SIMPLE_PORT "sample" +#define SIMPLE_SERVICE "sample" +#define SIMPLE_PORT "sample" Modified: trunk/src/appl/user_user/client.c =================================================================== --- trunk/src/appl/user_user/client.c 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/user_user/client.c 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/user_user/client.c * @@ -39,239 +40,243 @@ #include "k5-int.h" #include "com_err.h" -int main (argc, argv) -int argc; -char *argv[]; +int main (int argc, char *argv[]) { - int s; - register int retval, i; - char *hname; /* full name of server */ - char **srealms; /* realm(s) of server */ - char *princ; /* principal in credentials cache */ - struct servent *serv; - struct hostent *host; - struct sockaddr_in serv_net_addr, cli_net_addr; - krb5_ccache cc; - krb5_creds creds, *new_creds; - krb5_data reply, msg, princ_data; - krb5_auth_context auth_context = NULL; - krb5_ticket * ticket = NULL; - krb5_context context; - unsigned short port; + int s; + register int retval, i; + char *hname; /* full name of server */ + char **srealms; /* realm(s) of server */ + char *princ; /* principal in credentials cache */ + struct servent *serv; + struct hostent *host; + struct sockaddr_in serv_net_addr, cli_net_addr; + krb5_ccache cc; + krb5_creds creds, *new_creds; + krb5_data reply, msg, princ_data; + krb5_auth_context auth_context = NULL; + krb5_ticket * ticket = NULL; + krb5_context context; + unsigned short port; - if (argc < 2 || argc > 4) { - fputs ("usage: uu-client [message [port]]\n", stderr); - return 1; - } + if (argc < 2 || argc > 4) { + fputs ("usage: uu-client [message [port]]\n", stderr); + return 1; + } - retval = krb5_init_context(&context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } + retval = krb5_init_context(&context); + if (retval) { + com_err(argv[0], retval, "while initializing krb5"); + exit(1); + } - if (argc == 4) { - port = htons(atoi(argv[3])); - } - else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL) - { - fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr); - return 2; - } else { - port = serv->s_port; - } + if (argc == 4) { + port = htons(atoi(argv[3])); + } + else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL) + { + fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr); + return 2; + } else { + port = serv->s_port; + } - if ((host = gethostbyname (argv[1])) == NULL) { - fprintf (stderr, "uu-client: can't get address of host \"%s\".\n", - argv[1]); - return 3; - } + if ((host = gethostbyname (argv[1])) == NULL) { + fprintf (stderr, "uu-client: can't get address of host \"%s\".\n", + argv[1]); + return 3; + } - if (host->h_addrtype != AF_INET) { - fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n", - host->h_addrtype, argv[1]); - return 3; - } + if (host->h_addrtype != AF_INET) { + fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n", + host->h_addrtype, argv[1]); + return 3; + } - hname = strdup (host->h_name); + hname = strdup (host->h_name); #ifndef USE_STDOUT - if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - com_err ("uu-client", errno, "creating socket"); - return 4; - } else { - cli_net_addr.sin_family = AF_INET; - cli_net_addr.sin_port = 0; - cli_net_addr.sin_addr.s_addr = 0; - if (bind (s, (struct sockaddr *)&cli_net_addr, - sizeof (cli_net_addr)) < 0) { - com_err ("uu-client", errno, "binding socket"); - return 4; - } - } + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + com_err ("uu-client", errno, "creating socket"); + return 4; + } else { + cli_net_addr.sin_family = AF_INET; + cli_net_addr.sin_port = 0; + cli_net_addr.sin_addr.s_addr = 0; + if (bind (s, (struct sockaddr *)&cli_net_addr, + sizeof (cli_net_addr)) < 0) { + com_err ("uu-client", errno, "binding socket"); + return 4; + } + } - serv_net_addr.sin_family = AF_INET; - serv_net_addr.sin_port = port; + serv_net_addr.sin_family = AF_INET; + serv_net_addr.sin_port = port; - i = 0; - while (1) { - if (host->h_addr_list[i] == 0) { - fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname); - return 5; - } + i = 0; + while (1) { + if (host->h_addr_list[i] == 0) { + fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname); + return 5; + } - memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++], - sizeof(serv_net_addr.sin_addr)); + memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++], + sizeof(serv_net_addr.sin_addr)); - if (connect(s, (struct sockaddr *)&serv_net_addr, - sizeof (serv_net_addr)) == 0) - break; - com_err ("uu-client", errno, "connecting to \"%s\" (%s).", - hname, inet_ntoa(serv_net_addr.sin_addr)); - } + if (connect(s, (struct sockaddr *)&serv_net_addr, + sizeof (serv_net_addr)) == 0) + break; + com_err ("uu-client", errno, "connecting to \"%s\" (%s).", + hname, inet_ntoa(serv_net_addr.sin_addr)); + } #else - s = 1; + s = 1; #endif - retval = krb5_cc_default(context, &cc); - if (retval) { - com_err("uu-client", retval, "getting credentials cache"); - return 6; - } + retval = krb5_cc_default(context, &cc); + if (retval) { + com_err("uu-client", retval, "getting credentials cache"); + return 6; + } - memset (&creds, 0, sizeof(creds)); + memset (&creds, 0, sizeof(creds)); - retval = krb5_cc_get_principal(context, cc, &creds.client); - if (retval) { - com_err("uu-client", retval, "getting principal name"); - return 6; - } + retval = krb5_cc_get_principal(context, cc, &creds.client); + if (retval) { + com_err("uu-client", retval, "getting principal name"); + return 6; + } - retval = krb5_unparse_name(context, creds.client, &princ); - if (retval) { - com_err("uu-client", retval, "printing principal name"); - return 7; - } - else - fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ); + retval = krb5_unparse_name(context, creds.client, &princ); + if (retval) { + com_err("uu-client", retval, "printing principal name"); + return 7; + } + else + fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ); - retval = krb5_get_host_realm(context, hname, &srealms); - if (retval) { - com_err("uu-client", retval, "getting realms for \"%s\"", hname); - return 7; - } + retval = krb5_get_host_realm(context, hname, &srealms); + if (retval) { + com_err("uu-client", retval, "getting realms for \"%s\"", hname); + return 7; + } - retval = - krb5_build_principal_ext(context, &creds.server, - krb5_princ_realm(context, creds.client)->length, - krb5_princ_realm(context, creds.client)->data, - 6, "krbtgt", - krb5_princ_realm(context, creds.client)->length, - krb5_princ_realm(context, creds.client)->data, - 0); - if (retval) { - com_err("uu-client", retval, "setting up tgt server name"); - return 7; - } + retval = + krb5_build_principal_ext(context, &creds.server, + krb5_princ_realm(context, + creds.client)->length, + krb5_princ_realm(context, + creds.client)->data, + 6, "krbtgt", + krb5_princ_realm(context, + creds.client)->length, + krb5_princ_realm(context, + creds.client)->data, + 0); + if (retval) { + com_err("uu-client", retval, "setting up tgt server name"); + return 7; + } - /* Get TGT from credentials cache */ - retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc, - &creds, &new_creds); - if (retval) { - com_err("uu-client", retval, "getting TGT"); - return 6; - } + /* Get TGT from credentials cache */ + retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc, + &creds, &new_creds); + if (retval) { + com_err("uu-client", retval, "getting TGT"); + return 6; + } - i = strlen(princ) + 1; + i = strlen(princ) + 1; - fprintf(stderr, "uu-client: sending %d bytes\n",new_creds->ticket.length + i); - princ_data.data = princ; - princ_data.length = i; /* include null terminator for - server's convenience */ - retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data); - if (retval) { - com_err("uu-client", retval, "sending principal name to server"); - return 8; - } + fprintf(stderr, "uu-client: sending %d bytes\n", + new_creds->ticket.length + i); + princ_data.data = princ; + princ_data.length = i; /* include null terminator for + server's convenience */ + retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data); + if (retval) { + com_err("uu-client", retval, "sending principal name to server"); + return 8; + } - free(princ); + free(princ); - retval = krb5_write_message(context, (krb5_pointer) &s, &new_creds->ticket); - if (retval) { - com_err("uu-client", retval, "sending ticket to server"); - return 8; - } + retval = krb5_write_message(context, (krb5_pointer) &s, + &new_creds->ticket); + if (retval) { + com_err("uu-client", retval, "sending ticket to server"); + return 8; + } - retval = krb5_read_message(context, (krb5_pointer) &s, &reply); - if (retval) { - com_err("uu-client", retval, "reading reply from server"); - return 9; - } + retval = krb5_read_message(context, (krb5_pointer) &s, &reply); + if (retval) { + com_err("uu-client", retval, "reading reply from server"); + return 9; + } - retval = krb5_auth_con_init(context, &auth_context); - if (retval) { - com_err("uu-client", retval, "initializing the auth_context"); - return 9; - } + retval = krb5_auth_con_init(context, &auth_context); + if (retval) { + com_err("uu-client", retval, "initializing the auth_context"); + return 9; + } - retval = - krb5_auth_con_genaddrs(context, auth_context, s, - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR | - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR); - if (retval) { - com_err("uu-client", retval, "generating addrs for auth_context"); - return 9; + retval = + krb5_auth_con_genaddrs(context, auth_context, s, + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR | + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR); + if (retval) { + com_err("uu-client", retval, "generating addrs for auth_context"); + return 9; } - retval = krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE); - if (retval) { - com_err("uu-client", retval, "initializing the auth_context flags"); - return 9; - } + retval = krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE); + if (retval) { + com_err("uu-client", retval, "initializing the auth_context flags"); + return 9; + } - retval = krb5_auth_con_setuseruserkey(context, auth_context, - &new_creds->keyblock); - if (retval) { - com_err("uu-client", retval, "setting useruserkey for authcontext"); - return 9; - } + retval = krb5_auth_con_setuseruserkey(context, auth_context, + &new_creds->keyblock); + if (retval) { + com_err("uu-client", retval, "setting useruserkey for authcontext"); + return 9; + } #if 1 - /* read the ap_req to get the session key */ - retval = krb5_rd_req(context, &auth_context, &reply, - NULL, NULL, NULL, &ticket); - free(reply.data); + /* read the ap_req to get the session key */ + retval = krb5_rd_req(context, &auth_context, &reply, + NULL, NULL, NULL, &ticket); + free(reply.data); #else - retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???", - 0, /* server */, 0, NULL, &ticket); + retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???", + 0, /* server */, 0, NULL, &ticket); #endif - if (retval) { - com_err("uu-client", retval, "reading AP_REQ from server"); - return 9; - } + if (retval) { + com_err("uu-client", retval, "reading AP_REQ from server"); + return 9; + } - retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ); - if (retval) - com_err("uu-client", retval, "while unparsing client name"); - else { - printf("server is named \"%s\"\n", princ); - free(princ); - } + retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ); + if (retval) + com_err("uu-client", retval, "while unparsing client name"); + else { + printf("server is named \"%s\"\n", princ); + free(princ); + } - retval = krb5_read_message(context, (krb5_pointer) &s, &reply); - if (retval) { - com_err("uu-client", retval, "reading reply from server"); - return 9; - } + retval = krb5_read_message(context, (krb5_pointer) &s, &reply); + if (retval) { + com_err("uu-client", retval, "reading reply from server"); + return 9; + } - retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL); - if (retval) { - com_err("uu-client", retval, "decoding reply from server"); - return 10; - } + retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL); + if (retval) { + com_err("uu-client", retval, "decoding reply from server"); + return 10; + } - printf ("uu-client: server says \"%s\".\n", msg.data); - return 0; + printf ("uu-client: server says \"%s\".\n", msg.data); + return 0; } Modified: trunk/src/appl/user_user/server.c =================================================================== --- trunk/src/appl/user_user/server.c 2009-11-24 15:43:16 UTC (rev 23341) +++ trunk/src/appl/user_user/server.c 2009-11-24 17:46:45 UTC (rev 23342) @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * appl/user_user/server.c * @@ -45,187 +46,188 @@ /* fd 0 is a tcp socket used to talk to the client */ int main(argc, argv) -int argc; -char *argv[]; + int argc; + char *argv[]; { - krb5_data pname_data, tkt_data; - int sock = 0; - socklen_t l; - int retval; - struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */ - krb5_creds creds, *new_creds; - krb5_ccache cc; - krb5_data msgtext, msg; - krb5_context context; + krb5_data pname_data, tkt_data; + int sock = 0; + socklen_t l; + int retval; + struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */ + krb5_creds creds, *new_creds; + krb5_ccache cc; + krb5_data msgtext, msg; + krb5_context context; krb5_auth_context auth_context = NULL; #ifndef DEBUG - freopen("/tmp/uu-server.log", "w", stderr); + freopen("/tmp/uu-server.log", "w", stderr); #endif - retval = krb5_init_context(&context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } + retval = krb5_init_context(&context); + if (retval) { + com_err(argv[0], retval, "while initializing krb5"); + exit(1); + } #ifdef DEBUG - { - int one = 1; - int acc; - struct servent *sp; - socklen_t namelen = sizeof(f_inaddr); + { + int one = 1; + int acc; + struct servent *sp; + socklen_t namelen = sizeof(f_inaddr); - if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { - com_err("uu-server", errno, "creating socket"); - exit(3); - } + if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { + com_err("uu-server", errno, "creating socket"); + exit(3); + } - l_inaddr.sin_family = AF_INET; - l_inaddr.sin_addr.s_addr = 0; - if (!(sp = getservbyname("uu-sample", "tcp"))) { - com_err("uu-server", 0, "can't find uu-sample/tcp service"); - exit(3); - } - (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one)); - l_inaddr.sin_port = sp->s_port; - if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) { - com_err("uu-server", errno, "binding socket"); - exit(3); - } - if (listen(sock, 1) == -1) { - com_err("uu-server", errno, "listening"); - exit(3); - } - if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) { - com_err("uu-server", errno, "accepting"); - exit(3); - } - dup2(acc, 0); - close(sock); - sock = 0; - } + l_inaddr.sin_family = AF_INET; + l_inaddr.sin_addr.s_addr = 0; + if (!(sp = getservbyname("uu-sample", "tcp"))) { + com_err("uu-server", 0, "can't find uu-sample/tcp service"); + exit(3); + } + (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one)); + l_inaddr.sin_port = sp->s_port; + if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) { + com_err("uu-server", errno, "binding socket"); + exit(3); + } + if (listen(sock, 1) == -1) { + com_err("uu-server", errno, "listening"); + exit(3); + } + if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) { + com_err("uu-server", errno, "accepting"); + exit(3); + } + dup2(acc, 0); + close(sock); + sock = 0; + } #endif - retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data); - if (retval) { - com_err ("uu-server", retval, "reading pname"); - return 2; - } + retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data); + if (retval) { + com_err ("uu-server", retval, "reading pname"); + return 2; + } - retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data); - if (retval) { - com_err ("uu-server", retval, "reading ticket data"); - return 2; - } + retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data); + if (retval) { + com_err ("uu-server", retval, "reading ticket data"); + return 2; + } - retval = krb5_cc_default(context, &cc); - if (retval) { - com_err("uu-server", retval, "getting credentials cache"); - return 4; - } + retval = krb5_cc_default(context, &cc); + if (retval) { + com_err("uu-server", retval, "getting credentials cache"); + return 4; + } - memset (&creds, 0, sizeof(creds)); - retval = krb5_cc_get_principal(context, cc, &creds.client); - if (retval) { - com_err("uu-client", retval, "getting principal name"); - return 6; - } + memset (&creds, 0, sizeof(creds)); + retval = krb5_cc_get_principal(context, cc, &creds.client); + if (retval) { + com_err("uu-client", retval, "getting principal name"); + return 6; + } - /* client sends it already null-terminated. */ - printf ("uu-server: client principal is \"%s\".\n", pname_data.data); + /* client sends it already null-terminated. */ + printf ("uu-server: client principal is \"%s\".\n", pname_data.data); - retval = krb5_parse_name(context, pname_data.data, &creds.server); - if (retval) { - com_err("uu-server", retval, "parsing client name"); - return 3; - } + retval = krb5_parse_name(context, pname_data.data, &creds.server); + if (retval) { + com_err("uu-server", retval, "parsing client name"); + return 3; + } - creds.second_ticket = tkt_data; - printf ("uu-server: client ticket is %d bytes.\n", - creds.second_ticket.length); + creds.second_ticket = tkt_data; + printf ("uu-server: client ticket is %d bytes.\n", + creds.second_ticket.length); - retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc, - &creds, &new_creds); - if (retval) { - com_err("uu-server", retval, "getting user-user ticket"); - return 5; - } + retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc, + &creds, &new_creds); + if (retval) { + com_err("uu-server", retval, "getting user-user ticket"); + return 5; + } #ifndef DEBUG - l = sizeof(f_inaddr); - if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1) + l = sizeof(f_inaddr); + if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1) { - com_err("uu-server", errno, "getting client address"); - return 6; + com_err("uu-server", errno, "getting client address"); + return 6; } #endif - l = sizeof(l_inaddr); - if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1) + l = sizeof(l_inaddr); + if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1) { - com_err("uu-server", errno, "getting local address"); - return 6; + com_err("uu-server", errno, "getting local address"); + return 6; } - /* send a ticket/authenticator to the other side, so it can get the key - we're using for the krb_safe below. */ + /* send a ticket/authenticator to the other side, so it can get the key + we're using for the krb_safe below. */ - retval = krb5_auth_con_init(context, &auth_context); - if (retval) { - com_err("uu-server", retval, "making auth_context"); - return 8; - } + retval = krb5_auth_con_init(context, &auth_context); + if (retval) { + com_err("uu-server", retval, "making auth_context"); + return 8; + } - retval = krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE); - if (retval) { - com_err("uu-server", retval, "initializing the auth_context flags"); - return 8; - } + retval = krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE); + if (retval) { + com_err("uu-server", retval, "initializing the auth_context flags"); + return 8; + } - retval = - krb5_auth_con_genaddrs(context, auth_context, sock, - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR | - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR); - if (retval) { - com_err("uu-server", retval, "generating addrs for auth_context"); - return 9; - } + retval = + krb5_auth_con_genaddrs(context, auth_context, sock, + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR | + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR); + if (retval) { + com_err("uu-server", retval, "generating addrs for auth_context"); + return 9; + } #if 1 - retval = krb5_mk_req_extended(context, &auth_context, - AP_OPTS_USE_SESSION_KEY, - NULL, new_creds, &msg); - if (retval) { - com_err("uu-server", retval, "making AP_REQ"); - return 8; - } - retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); + retval = krb5_mk_req_extended(context, &auth_context, + AP_OPTS_USE_SESSION_KEY, + NULL, new_creds, &msg); + if (retval) { + com_err("uu-server", retval, "making AP_REQ"); + return 8; + } + retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); #else - retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock,"???", 0, - 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY, - NULL, &creds, cc, NULL, NULL, NULL); + retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock, "???", + 0, 0, + AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY, + NULL, &creds, cc, NULL, NULL, NULL); #endif - if (retval) - goto cl_short_wrt; + if (retval) + goto cl_short_wrt; - free(msg.data); + free(msg.data); - msgtext.length = 32; - msgtext.data = "Hello, other end of connection."; + msgtext.length = 32; + msgtext.data = "Hello, other end of connection."; - retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL); - if (retval) { - com_err("uu-server", retval, "encoding message to client"); - return 6; - } + retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL); + if (retval) { + com_err("uu-server", retval, "encoding message to client"); + return 6; + } - retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); - if (retval) { - cl_short_wrt: - com_err("uu-server", retval, "writing message to client"); - return 7; - } + retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); + if (retval) { + cl_short_wrt: + com_err("uu-server", retval, "writing message to client"); + return 7; + } - return 0; + return 0; } From tsitkova at MIT.EDU Tue Nov 24 16:08:00 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Tue, 24 Nov 2009 16:08:00 -0500 Subject: svn rev #23352: trunk/src/lib/krb5/krb/ Message-ID: <200911242108.nAOL80q5003195@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23352 Commit By: tsitkova Log Message: Remove krb5_ prefix from the name of the static func get_as_key_keytab. Reindent. Changed Files: U trunk/src/lib/krb5/krb/gic_keytab.c Modified: trunk/src/lib/krb5/krb/gic_keytab.c =================================================================== --- trunk/src/lib/krb5/krb/gic_keytab.c 2009-11-24 19:03:04 UTC (rev 23351) +++ trunk/src/lib/krb5/krb/gic_keytab.c 2009-11-24 21:08:00 UTC (rev 23352) @@ -29,16 +29,15 @@ #include "k5-int.h" static krb5_error_code -krb5_get_as_key_keytab( - krb5_context context, - krb5_principal client, - krb5_enctype etype, - krb5_prompter_fct prompter, - void *prompter_data, - krb5_data *salt, - krb5_data *params, - krb5_keyblock *as_key, - void *gak_data) +get_as_key_keytab(krb5_context context, + krb5_principal client, + krb5_enctype etype, + krb5_prompter_fct prompter, + void *prompter_data, + krb5_data *salt, + krb5_data *params, + krb5_keyblock *as_key, + void *gak_data) { krb5_keytab keytab = (krb5_keytab) gak_data; krb5_error_code ret; @@ -109,7 +108,7 @@ ret = krb5_get_init_creds(context, creds, client, NULL, NULL, start_time, in_tkt_service, opte, - krb5_get_as_key_keytab, (void *) keytab, + get_as_key_keytab, (void *) keytab, &use_master,NULL); /* check for success */ @@ -130,7 +129,7 @@ ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL, start_time, in_tkt_service, opte, - krb5_get_as_key_keytab, (void *) keytab, + get_as_key_keytab, (void *) keytab, &use_master, NULL); if (ret2 == 0) { @@ -196,7 +195,7 @@ creds, creds->client, krb5_prompter_posix, NULL, 0, server, opte, - krb5_get_as_key_keytab, (void *)keytab, + get_as_key_keytab, (void *)keytab, &use_master, ret_as_reply); krb5_free_unparsed_name( context, server); krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); From ghudson at MIT.EDU Tue Nov 24 18:52:26 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 24 Nov 2009 18:52:26 -0500 Subject: svn rev #23353: trunk/src/ plugins/authdata/greet/ plugins/authdata/greet_client/ ... Message-ID: <200911242352.nAONqQ7K017045@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23353 Commit By: ghudson Log Message: Mark and reindent plugins, except for pkinit, which needs a little cleanup first. Changed Files: U trunk/src/Makefile.in U trunk/src/plugins/authdata/greet/greet_auth.c U trunk/src/plugins/authdata/greet_client/greet.c U trunk/src/plugins/authdata/greet_server/greet_auth.c U trunk/src/plugins/kdb/db2/adb_openclose.c U trunk/src/plugins/kdb/db2/adb_policy.c U trunk/src/plugins/kdb/db2/db2_exp.c U trunk/src/plugins/kdb/db2/kdb_db2.c U trunk/src/plugins/kdb/db2/kdb_db2.h U trunk/src/plugins/kdb/db2/kdb_ext.c U trunk/src/plugins/kdb/db2/kdb_xdr.c U trunk/src/plugins/kdb/db2/kdb_xdr.h U trunk/src/plugins/kdb/db2/lockout.c U trunk/src/plugins/kdb/db2/policy_db.h U trunk/src/plugins/kdb/hdb/kdb_hdb.c U trunk/src/plugins/kdb/hdb/kdb_hdb.h U trunk/src/plugins/kdb/hdb/kdb_marshal.c U trunk/src/plugins/kdb/hdb/kdb_windc.c U trunk/src/plugins/kdb/ldap/ldap_exp.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h U trunk/src/plugins/kdb/ldap/libkdb_ldap/lockout.c U trunk/src/plugins/locate/python/py-locate.c U trunk/src/plugins/preauth/cksum_body/cksum_body_main.c U trunk/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c U trunk/src/plugins/preauth/fast_factor.h U trunk/src/plugins/preauth/wpse/wpse_main.c Diff larger than 5000 lines; suppressing. From ghudson at MIT.EDU Tue Nov 24 19:23:57 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 24 Nov 2009 19:23:57 -0500 Subject: svn rev #23354: trunk/src/ plugins/preauth/pkinit/ Message-ID: <200911250023.nAP0NvrP020316@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=23354 Commit By: ghudson Log Message: Mark and reindent the pkinit plugin code, except for the header files which are kind of difficult. Changed Files: U trunk/src/Makefile.in U trunk/src/plugins/preauth/pkinit/pkinit_accessor.c U trunk/src/plugins/preauth/pkinit/pkinit_clnt.c U trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c U trunk/src/plugins/preauth/pkinit/pkinit_identity.c U trunk/src/plugins/preauth/pkinit/pkinit_lib.c U trunk/src/plugins/preauth/pkinit/pkinit_matching.c U trunk/src/plugins/preauth/pkinit/pkinit_profile.c U trunk/src/plugins/preauth/pkinit/pkinit_srv.c Diff larger than 5000 lines; suppressing.